Skip to content

Add default retention policy #623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paullizer wants to merge 3 commits into
base: Development
Choose a base branch
from
Open

Add default retention policy #623

paullizer wants to merge 3 commits into from

Conversation

@paullizer
Copy link
Contributor

@paullizer paullizer commented Jan 22, 2026

  • Retention Policy Defaults
    • Admin-configurable organization-wide default retention policies for conversations and documents across all workspace types.
    • Organization Defaults: Set default retention periods (1 day to 10 years, or "Don't delete") separately for personal, group, and public workspaces.
    • User Choice: Users see "Using organization default (X days)" option and can override with custom settings or revert to org default.
    • Conditional Display: Default retention settings only appear in Admin Settings when the corresponding workspace type is enabled.
    • Force Push Feature: Administrators can push organization defaults to all workspaces, overriding any custom retention policies users have set.
    • Settings Auto-Save: Force push automatically saves pending settings changes before executing to ensure current values are pushed.
    • Activity Logging: Force push actions are logged to activity_logs container for audit purposes with admin info, affected scopes, and results summary.
    • API Endpoints: New /api/retention-policy/defaults/<workspace_type> (GET) and /api/admin/retention-policy/force-push (POST) endpoints.
    • Files Modified: functions_settings.py, admin_settings.html, route_frontend_admin_settings.py, route_backend_retention_policy.py, functions_retention_policy.py, functions_activity_logging.py, profile.html, control_center.html, workspace-manager.js.
    • (Ref: Default retention settings, Force Push modal, activity logging, retention policy execution)

@paullizer paullizer requested a review from Bionic711 January 22, 2026 00:16
Bionic711
Bionic711 reviewed Jan 22, 2026
View reviewed changes
application/single_app/route_backend_retention_policy.py
Comment on lines +144 to +157
if days == 1:
return '1 day'
elif days == 21:
return '21 days (3 weeks)'
elif days == 90:
return '90 days (3 months)'
elif days == 180:
return '180 days (6 months)'
elif days == 365:
return '365 days (1 year)'
elif days == 730:
return '730 days (2 years)'
else:
return f'{days} days'
Copy link
Collaborator

@Bionic711 Bionic711 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like we have these set here, but also in the javascript. We should consider condensing it down into a single source, creating an api call, from the UI to get this since we need it in both areas. Managing it in two places it never good.

Bionic711
Bionic711 reviewed Jan 22, 2026
View reviewed changes
application/single_app/route_backend_retention_policy.py

cosmos_user_settings_container.upsert_item(user)
personal_count += 1
except Exception as e:
Copy link
Collaborator

@Bionic711 Bionic711 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should consider logging these with log_event, especially since they are admin events.

Bionic711
Bionic711 reviewed Jan 22, 2026
View reviewed changes
application/single_app/route_backend_retention_policy.py
cosmos_public_workspaces_container.upsert_item(workspace)
public_count += 1
except Exception as e:
debug_print(f"Error updating public workspace {workspace_id}: {e}")
Copy link
Collaborator

@Bionic711 Bionic711 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here with log_event

Bionic711
Bionic711 reviewed Jan 22, 2026
View reviewed changes
application/single_app/route_backend_retention_policy.py
log_event(f"Force push retention defaults failed: {e}", level=logging.ERROR)
return jsonify({
'success': False,
'error': f'Failed to push retention defaults: {str(e)}'
Copy link
Collaborator

@Bionic711 Bionic711 Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL may tag this as a high security vulnerability because it potentially exposes error information to end users. I disagree strictly because it is an admin endpoint, but we should watch for it.

Bionic711
Bionic711 approved these changes Jan 22, 2026
View reviewed changes
Copy link
Collaborator

@Bionic711 Bionic711 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing needed to stop the PR, but a couple notes to do in a future push.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Bionic711 Bionic711 Bionic711 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@paullizer @Bionic711