Simple Chat

PR Readiness Guardrail Cleanup Fix

PR Readiness Guardrail Cleanup Fix

Fixed/Implemented in version: 0.242.065

Issue Description

The beta branch had PR-readiness blockers in local validation: trailing whitespace in changed files, one unnecessary |safe filter on JSON-rendered Admin Settings data, a UTF-8 BOM that prevented broken-access-control parsing, and new Semantic Kernel plugin surfaces that needed explicit guardrail justifications for delegated current-user authorization helpers.

Root Cause Analysis

The branch accumulated broad feature work across backend, frontend, documentation, and tests. A few hygiene and guardrail details were left in the final diff even though the underlying behaviors already delegated to current-user service helpers for authorization.

Technical Details

Files modified:

  • application/single_app/config.py
  • application/single_app/templates/admin_settings.html
  • application/single_app/semantic_kernel_loader.py
  • application/single_app/semantic_kernel_plugins/document_search_plugin.py
  • application/single_app/semantic_kernel_plugins/msgraph_plugin.py
  • application/single_app/semantic_kernel_plugins/simplechat_plugin.py
  • Whitespace-only cleanup in changed README, docs, CSS, JS, HTML, and Python files

Code changes summary:

  • Removed trailing whitespace from changed files reported by git diff --check.
  • Removed an unnecessary Jinja |safe filter where tojson already provides the safe JSON serialization boundary.
  • Removed a UTF-8 BOM from semantic_kernel_loader.py so AST-based validation can parse it.
  • Added narrow bac-check: ignore justifications where plugin methods delegate authorization to service-layer current-user helpers.
  • Updated config.py to version 0.242.065.

Validation

Test results:

  • git diff --check origin/Development passes after cleanup.
  • Python compile and Swagger route validation pass against the current worktree.
  • Targeted full-file broken-access-control validation passes for the edited plugin and loader files.
  • First-party changed JavaScript syntax validation passes with node --check.

Before/after comparison:

  • Before: PR validation reported whitespace, XSS guardrail, BAC parser, and plugin scope guardrail blockers.
  • After: the touched files pass targeted validation, and the branch has a release-note entry for the cleanup.

User experience improvements:

  • Maintainers get a cleaner draft PR with fewer avoidable CI failures and clearer security-review notes.

Reference: config.py version updated to 0.242.065 as part of this fix.