Trial edit

.github/workflows/build.yml

@@ -167,6 +167,7 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}
 
       - name: Trivy image scan
+        id: trivy
         uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
         with:
           image-ref: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}:${{ steps.meta.outputs.version }}
@@ -179,27 +180,40 @@ jobs:
           limit-severities-for-sarif: true
 
       - name: Upload Trivy SARIF
-        if: always()
+        if: ${{ !cancelled() && steps.trivy.outcome != 'skipped' }}
         uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
         with:
           sarif_file: trivy-${{ matrix.component }}.sarif
           category: trivy-${{ matrix.component }}
 
       - name: Generate SBOM
+        id: sbom
+        if: ${{ !cancelled() }}
         uses: anchore/sbom-action@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}:${{ steps.meta.outputs.version }}
           format: cyclonedx-json
           output-file: sbom-${{ matrix.component }}.json
 
       - name: Vulnerability scan on SBOM
+        id: grype
+        if: ${{ !cancelled() && steps.sbom.outcome == 'success' }}
         uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
         with:
           sbom: sbom-${{ matrix.component }}.json
           fail-build: "true"
           severity-cutoff: critical
+          only-fixed: "true"
+
+      - name: Upload Grype SARIF
+        if: ${{ always() && steps.grype.outputs.sarif }}
+        uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        with:
+          sarif_file: ${{ steps.grype.outputs.sarif }}
+          category: grype-${{ matrix.component }}
 
       - name: Get image digest
+        if: ${{ !cancelled() }}
         id: digest
         run: |
           IMAGE="${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}"
@@ -209,6 +223,7 @@ jobs:
           echo "Image digest: ${DIGEST}"
 
       - name: Attest SBOM
+        if: ${{ !cancelled() && steps.digest.outcome == 'success' && steps.sbom.outcome == 'success' }}
         uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
         with:
           subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}
@@ -217,13 +232,15 @@ jobs:
           push-to-registry: true
 
       - name: Attest build provenance
+        if: ${{ !cancelled() && steps.digest.outcome == 'success' }}
         uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
         with:
           subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.component }}
           subject-digest: ${{ steps.digest.outputs.digest }}
           push-to-registry: true
 
       - name: Upload SBOM artifact
+        if: ${{ !cancelled() && steps.sbom.outcome == 'success' }}
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: sbom-${{ matrix.component }}
@@ -233,6 +250,7 @@ jobs:
   # Package Vespa application and attach to the GitHub Release
   package-vespa:
     needs: scan-and-attest
+    if: ${{ !cancelled() && needs.scan-and-attest.result != 'skipped' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/code-quality.yml

@@ -83,9 +83,17 @@ jobs:
         uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
         with:
           version: 2.3.2
-          virtualenvs-create: false
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+      - name: Load cached venv
+        id: cached-mypy-deps
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        with:
+          path: ./backend/.venv
+          key: mypy-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
       - name: Install dependencies
-        run: poetry install
+        if: steps.cached-mypy-deps.outputs.cache-hit != 'true'
+        run: poetry install --no-interaction
       - name: Run mypy
         if: github.event_name == 'push'
         run: poetry run mypy --config-file pyproject.toml airweave/
@@ -116,8 +124,16 @@ jobs:
         uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
         with:
           version: 2.3.2
-          virtualenvs-create: false
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+      - name: Load cached venv
+        id: cached-importlint-deps
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        with:
+          path: ./backend/.venv
+          key: lint-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
       - name: Install lint dependencies
+        if: steps.cached-importlint-deps.outputs.cache-hit != 'true'
         run: poetry install --only lint --no-interaction --no-root
       - name: Run import-linter
         run: poetry run lint-imports

.github/workflows/fern-docs.yml

@@ -71,7 +71,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
-          node-version: "18"
+          node-version: "20"
 
       - name: Install Fern
         run: npm install -g fern-api

backend/airweave/adapters/llm/__init__.py

@@ -12,6 +12,7 @@
 )
 from airweave.adapters.llm.fallback import FallbackChainLLM
 from airweave.adapters.llm.groq import GroqLLM
+from airweave.adapters.llm.mistral import MistralLLM
 from airweave.adapters.llm.override import create_llm_from_override
 from airweave.adapters.llm.registry import (
     MODEL_REGISTRY,
@@ -35,6 +36,7 @@
     "AnthropicLLM",
     "CerebrasLLM",
     "GroqLLM",
+    "MistralLLM",
     "TogetherLLM",
     "FallbackChainLLM",
     # Exceptions