Merge branch 'development' into pr/WimJongeneel/10247

Author: MarkvanMents

.github/workflows/branch-deletion-pr-creation.yml

@@ -0,0 +1,147 @@
+name: Branch Deletion Phase One (PR Creation)
+permissions:
+  contents: write
+  pull-requests: write
+on:
+  schedule:
+    - cron: '00 22 1 * *'  # 10PM on 1st of every month
+  workflow_dispatch:
+    inputs:
+      min_age_days:
+        description: "Minimum age in days since merge"
+        required: true
+        default: 27
+        type: number
+jobs:
+  identify-branches:
+    if: github.repository_owner == 'mendix'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          persist-credentials: true
+          
+      - name: Fetch all branches
+        run: |
+          echo "Fetching all branches from remote..."
+          git fetch origin '+refs/heads/*:refs/remotes/origin/*' --prune
+          echo "Fetched branches:"
+          git branch -r
+
+      - name: Process branches
+        id: branch-data
+        run: |
+          set -e
+          echo "Finding all branches for processing..."
+          ALL_BRANCHES=$(git branch -r | grep -v "origin/HEAD" | sed 's/origin\///')
+          
+          echo "All branches found:"
+          printf "%s\n" "${ALL_BRANCHES[@]}"
+
+          MIN_AGE_DAYS=${{ github.event.inputs.min_age_days || 27 }}
+          
+          # Arrays to hold branches
+          PROTECTED_BRANCHES=()
+          MERGED_BRANCHES_TO_PROCESS=()
+          BRANCHES_TO_DELETE=()
+          BRANCHES_TOO_RECENT=()
+
+          CURRENT_DATE=$(date +%Y%m%d)
+          echo "CURRENT_DATE=$CURRENT_DATE" >> $GITHUB_ENV
+
+          # Check branches
+          for BRANCH in $ALL_BRANCHES; do
+            branch_lower=$(echo "$BRANCH" | tr '[:upper:]' '[:lower:]')
+            # Identify protected branches
+            if [[ $branch_lower =~ (backup|development|main|master|production) ]]; then
+              if git branch -r --merged origin/development | grep -q "origin/$BRANCH"; then
+                PROTECTED_BRANCHES+=("$BRANCH (protected name, merged)")
+              else
+                PROTECTED_BRANCHES+=("$BRANCH (protected name, not merged)")
+              fi
+            else
+              # Process non-protected merged branches
+              if git branch -r --merged origin/development | grep -q "origin/$BRANCH"; then
+                MERGED_BRANCHES_TO_PROCESS+=("$BRANCH")
+              else
+                UNMERGED_BRANCHES+=("$BRANCH (not merged)")
+              fi
+            fi
+          done
+
+          # Process potential deletion
+          for BRANCH in "${MERGED_BRANCHES_TO_PROCESS[@]}"; do
+            MERGE_HASH=$(git log --grep="Merge branch.*$BRANCH" origin/development -n 1 --pretty=format:"%H" ||
+                        git log --grep="Merge pull request.*$BRANCH" origin/development -n 1 --pretty=format:"%H")
+            [ -z "$MERGE_HASH" ] && MERGE_HASH=$(git log -n 1 origin/$BRANCH --pretty=format:"%H")
+
+            MERGE_DATE=$(git show -s --format=%ct $MERGE_HASH)
+            DAYS_AGO=$(( ($(date +%s) - MERGE_DATE) / 86400 ))
+
+            if [[ $DAYS_AGO -ge $MIN_AGE_DAYS ]]; then
+              BRANCHES_TO_DELETE+=("$BRANCH ($DAYS_AGO days)")
+            else
+              BRANCHES_TOO_RECENT+=("$BRANCH ($DAYS_AGO days)")
+            fi
+          done
+
+          # Display non-deleted branches for logging
+          ALL_NON_DELETED_BRANCHES=("${PROTECTED_BRANCHES[@]}" "${BRANCHES_TOO_RECENT[@]}" "${UNMERGED_BRANCHES[@]}")
+          IFS=$'\n' ALL_NON_DELETED_BRANCHES=($(sort <<<"${ALL_NON_DELETED_BRANCHES[*]}"))
+          unset IFS
+
+          if [ ${#BRANCHES_TO_DELETE[@]} -eq 0 ]; then
+            echo "No branches found for deletion."
+            echo "NO_BRANCHES=true" >> $GITHUB_ENV
+            exit 0
+          else
+            echo "NO_BRANCHES=false" >> $GITHUB_ENV
+          fi
+
+          # Create report
+          echo "# Branch Cleanup Report - $(date +%Y-%m-%d)" > branch-report.branchreport
+          echo "## Branches for deletion (merged >=${MIN_AGE_DAYS} days ago):" >> branch-report.branchreport
+          echo '```' >> branch-report.branchreport
+          printf "%s\n" "${BRANCHES_TO_DELETE[@]}" >> branch-report.branchreport
+          echo '```' >> branch-report.branchreport
+          echo "## Branches not eligible for deletion:" >> branch-report.branchreport
+          echo '```' >> branch-report.branchreport
+          printf "%s\n" "${ALL_NON_DELETED_BRANCHES[@]}" >> branch-report.branchreport
+          echo '```' >> branch-report.branchreport
+
+          echo "BRANCHES_TO_DELETE<<EOF" >> $GITHUB_ENV
+          printf "%s\n" "${BRANCHES_TO_DELETE[@]}" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "ALL_NON_DELETED_BRANCHES<<EOF" >> $GITHUB_ENV
+          printf "%s\n" "${ALL_NON_DELETED_BRANCHES[@]}" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
+      - name: Create Deletion PR
+        if: env.NO_BRANCHES != 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "Branch cleanup proposal"
+          title: "[AUTO] Branch Deletion Candidates - ${{ env.CURRENT_DATE }}"
+          body: |
+            ## Branches for deletion (merged to development)
+            ```
+            ${{ env.BRANCHES_TO_DELETE }}
+            ```
+            
+            ## Branches not eligible for deletion
+            ```
+            ${{ env.ALL_NON_DELETED_BRANCHES }}
+            ```
+            ## ⚠️ Warning
+            Merging this PR will:
+            1. Delete the branches listed in the "Branches for deletion" section.
+            2. Remove the temporary branch-report.branchreport file.
+          branch: branch-cleanup-${{ env.CURRENT_DATE }}
+          assignees: MarkvanMents,OlufunkeMoronfolu
+          reviewers: MarkvanMents,OlufunkeMoronfolu
+          labels: Internal WIP
+          add-paths: |
+            branch-report.branchreport

.github/workflows/branch-deletion-pr-processing.yml

@@ -0,0 +1,96 @@
+name: Branch Deletion Phase Two (PR Processing)
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - 'development'
+    paths:
+      - '**.branchreport'
+permissions:
+  contents: write
+jobs:
+  delete-branches-and-cleanup:
+    if: |
+      github.event.pull_request.merged == true &&
+      startsWith(github.event.pull_request.title, '[AUTO] Branch Deletion Candidates')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ref: ${{ github.event.repository.default_branch }}
+      - name: Delete branch report file
+        run: |
+          # Check if file exists and delete it
+          if [ -f "branch-report.branchreport" ]; then
+            # Configure Git with your username
+            git config --global user.name "github-actions[bot]"
+            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" 
+
+            git rm branch-report.branchreport
+            git commit -m "Remove temporary branch report file"
+            git push
+            echo "Removed branch-report.branchreport file"
+          else
+            echo "branch-report.branchreport file not found"
+          fi
+      - name: Extract branches and delete
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
+        run: |
+          echo "PR Body Content:"
+          echo "$PR_BODY"
+          echo "-----------------------------------"
+
+          echo "Extracting branch names for deletion..."
+
+          # Extract lines between the markers using awk
+          DELETION_LIST=$(echo "$PR_BODY" | awk '
+            BEGIN { print_lines = 0; }
+            /Branches for deletion/ { print_lines = 1; next; }
+            /Branches not eligible for deletion/ { print_lines = 0; }
+            print_lines == 1 && !/^```/ && NF > 0 {
+              print $1;
+            }
+          ')
+
+          echo "Branches identified for deletion:"
+          echo "$DELETION_LIST"
+          echo "-----------------------------------"
+
+          if [ -z "$DELETION_LIST" ]; then
+            echo "No branches found for deletion"
+            exit 0
+          fi
+          # Configure Git with your username
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" 
+
+          # Process each branch
+          echo "$DELETION_LIST" | while read -r BRANCH; do
+            # Skip empty lines
+            [ -z "$BRANCH" ] && continue
+
+            echo "Processing branch: '$BRANCH'"
+
+            # Final protection check
+            branch_lower=$(echo "$BRANCH" | tr '[:upper:]' '[:lower:]')
+            if [[ $branch_lower =~ (backup|development|main|master|production) ]]; then
+              echo "Skipping protected branch: $BRANCH"
+              continue
+            fi
+            echo "Attempting to delete branch: $BRANCH"
+            # Check if branch exists before trying to delete
+            if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
+              echo "Branch exists, proceeding with deletion"
+              git push origin --delete "$BRANCH" || {
+                echo "Failed to delete branch: $BRANCH"
+                echo "Error code: $?"
+              }
+            else
+              echo "Branch $BRANCH does not exist or is not accessible"
+            fi
+          done

content/en/docs/deployment/mendix-cloud-deploy/behavior-of-app.md

@@ -58,3 +58,11 @@ Apps running in Mendix Cloud are subject to certain limitations. These behaviors
 Therefore, do not assume that an established WebSocket connection will remain open indefinitely. To ensure connection stability and prevent unexpected disconnections:
     * Enable periodic keepalive checks (for example, every 25–30 seconds). This ensures the connection remains active and prevents Network Address Translators (NATs) and firewalls from dropping long-idle tunnels.
     * Implement robust reconnection logic to gracefully handle connectivity loss and automatically reestablish dropped connections.
+
+## Move to Kubernetes
+
+* Only [supported Mendix versions](https://docs.mendix.com/releasenotes/studio-pro/lts-mts/) are able to move to Kubernetes.
+* The platform configures `CF_INSTANCE_INDEX=0` for 1 of the instances to define a leader instance and to make [Community Commons](/appstore/modules/community-commons-function-library/) function `GetCFInstanceIndex` partially backwards compatible. The leader instance will return `0` while all follower instances will return `-1`. We advise stopping the use of the `GetCFInstanceIndex` function as it is specific to Cloud Foundry.
+* If your model is using the [SAML module](https://marketplace.mendix.com/link/component/1174), these versions are compatible with Kubernetes:
+    * Mendix 9 – Version 3.6.19 and higher.
+    * Mendix 10 – Version 4.1.0 and higher.

content/en/docs/deployment/mendix-cloud-deploy/environments-details.md

@@ -92,7 +92,8 @@ In the **Application Status** section of the **General** tab, you can find the f
 * **Project ID** – the unique identifier of the app
 * **Environment ID** – the unique identifier of the environment
 * **Running Since** – the date the app was started, if it is running
-* **Name** – the type of environment (Acceptance, Production, Test, or the name of a [flexible environment](/developerportal/deploy/mendix-cloud-deploy/#flexible-environments)); for more information, see the [Naming of Environments](#naming) section below
+* **Display Name** – the type of environment (Acceptance, Production, Test, or the name of a [flexible environment](/developerportal/deploy/mendix-cloud-deploy/#flexible-environments)); for more information, see the [Naming of Environments](#naming) section below
+* **Subdomain Suffix** – the application's subdomain name
 * **URL** – the URL of the app
 * **Custom Domains** – any [custom domains](/developerportal/deploy/custom-domains/) of the app; to add a new domain, click **Add Custom Domain**
 * **Studio Pro Target** – a **Yes** or **No** value indicating whether the environment is the designated deployment target from Studio Pro; for more information, see [Studio Pro Deployment Settings](/developerportal/deploy/studio-deployment-settings/)
@@ -103,18 +104,19 @@ In the **Application Status** section of the **General** tab, you can find the f
 
 #### Naming of Environments – Flexible Environments in Mendix Cloud {#naming}
 
-If you are the app's [Technical Contact](/developerportal/general/app-roles/#technical-contact), you can rename the environments.
+If you are the app's [Technical Contact](/developerportal/general/app-roles/#technical-contact), you can rename the environment’s **Subdomain Suffix** or **Display Name** by clicking **Change** next to either of the options.
 
-To rename an environment, follow these steps:
-
-1. Click **Change** next to the name of the environment.
-2. Enter the new name, which must meet the following requirements:
-    * Consists of at least two characters.
-    * Consists of only alphanumeric characters and hyphens (`a-z`, `A-Z`, `0-9`, and `-`).
-    * Does not begin or end with a hyphen.
+* **Display Name requirements**:
+    * Must start and end with an alphanumeric or non-latin character
+    * Must contain two or more alphanumeric or non-latin characters and hyphens (–)
+    * Maximum of 200 characters are allowed
+* **Subdomain Suffix requirements** 
+    * Consists of at least two characters
+    * Consists of only alphanumeric characters and hyphens (`a-z`, `A-Z`, `0-9`, and `-`)
+    * Does not begin or end with a hyphen
 
 {{% alert color="info" %}}
-After you rename an environment, it may take up to 15 minutes before you can access an app via its URL. This is because the URL includes the name of the environment, and the old value needs to be removed from the DNS cache. It may take considerably longer for the change to be visible worldwide.
+After you rename an environment’s subdomain suffix, it may take up to 15 minutes before you can access an app via its URL. This is because the URL includes the subdomain name of the environment, and the old value needs to be removed from the DNS cache. It may take considerably longer for the change to be visible worldwide.
 {{% /alert %}}
 
 ### Deployment Package Details
@@ -139,7 +141,6 @@ It also includes the option to change your plan. For details, refer to [Changing
 * **Database Plan Space** – the storage capacity of the database
 * **Database Plan Memory** – the database's RAM size
 * **File Storage** – available size for storing blobs
-* **Backup Storage** – total size available for database backup files
 * **Multi-AZ Enabled** –  a **Yes** or **No** value indicating whether multiple availability zones are enabled
 
 #### Scaling {#scaling}

content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-standard-operator.md

@@ -7,9 +7,7 @@ weight: 30
 
 ## Introduction
 
-When running the Mendix Operator in Standard mode, you must install it separately for every namespace where a Mendix app is deployed. However, the [Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) are global and installed at the cluster level - shared and visible among all namespaces in a given Kubernetes/OpenShift cluster. This can potentially lead to redundancies and conflicts, as well as issues when upgrading a single Mendix Operator installation.
-
-To avoid these potential issues, you can [run the Mendix Operator in Global mode](/developerportal/deploy/global-operator/). However, the Standard mode is still available for existing customers, and to support use cases that require having a separate Operator instance for every namespace.
+When running the Mendix Operator in Standard mode, you must install it separately for every namespace where a Mendix app is deployed. 
 
 {{% alert color="warning" %}}
 It is essential to ensure that each namespace is exclusively managed by a single Operator. The deployment of two Operators, particularly with distinct versions, to manage the same namespace, may lead to conflicts, resulting in the cancellation and rollback of each operator's modifications.

content/en/docs/marketplace/genai/reference-guide/mcp-modules/mcp-server.md

@@ -25,7 +25,7 @@ The current version has the following limitations:
 * Prompts can only return a single message.
 * The client connection remains active for only 15 minutes, as the Mendix runtime currently does not support async requests.
 * Running an MCP Server is currently only supported on single-instance environments.
-* User authorization can currently only be applied on request but not at the tool/prompt level. As a result, the current user is not available within tool/prompt microflows, and entity access or XPath constraints can not be enabled out of the box. This is due to the capabilities offered by the official MCP Java SDK which does not support reusing a Mendix user session in the executed tools/prompts.
+* The tool fails to return responses with large payloads to the client successfully. This issue is currently under investigation.
 
 Note that the MCP Server module is still in its early version and latest versions may include breaking changes. Since both the open-source protocol and the Java SDK are still evolving and regularly updated, these changes may also affect this module.
 
@@ -56,7 +56,9 @@ The selected microflow must adhere to the following principles:
 * The Input type should be `MCPServer` and/or `System.HttpRequest`, to extract required values, such as HttpHeaders from the request.
 * The return value needs to be a `System.User` object which represents the user who sent the request.
 
-Inside of your microflow, you can implement your custom logic to authenticate the user. For example, you can use username and password (basic auth), Mendix SSO, or external identity providers (IdP) as long as a `User` is returned. Note that the example authentication microflow within the module only implements the most basic authentication.
+Within your microflow, you can implement your custom logic to authenticate the user. For example, you can use username and password (basic auth), Mendix SSO, or external identity providers (IdP) as long as a `User` is returned. Note that the example authentication microflow within the module only implements basic authentication.
+
+The `User` returned in the microflow is used for all subsequent prompt and tool microflows within the same session. This makes the `currentUser` and `currentSession` variables available, allowing you to apply entity access for user-based access control based on the default Mendix entity access settings.
 
 #### Protocol Version
 
@@ -74,7 +76,7 @@ The selected microflow must adhere to the following principles:
 For an example, see the `Example Implementations` folder inside of the module.
 
 {{% alert color="warning" %}}
-Function calling is a highly effective capability and should be used with caution. Tool microflows currently do not run in the context of the authenticated user, and thus cannot apply entity access. 
+Function calling is a highly effective capability and should be used with caution.
 
 Mendix strongly recommends keeping the user in the loop (such as by using confirmation logic which is integrated into many MCP clients), if the tool microflows have a potential impact on the real world on behalf of the end-user. Examples include sending emails, posting content online, or making purchases. In such cases, evaluate the use cases and implement security measures when exposing these tools to external AI systems via MCP.
 {{% /alert %}}