⚠️ Sync upstream/integration (90acf7c) -> release/4 2026-03-16 (deployment changes present)

.github/CODEOWNERS

@@ -1,7 +1,8 @@
-# Frontend only for ngui
+# Frontend
 ngui/             @hystax/ui
+jira_ui/          @hystax/ui
 
-# Backend for other directories
+# Backend
 auth/             @hystax/backend
 bi_exporter/      @hystax/backend
 bumischeduler/    @hystax/backend
@@ -13,7 +14,6 @@ gemini/           @hystax/backend
 herald/           @hystax/backend
 insider/          @hystax/backend
 jira_bus/         @hystax/backend
-jira_ui/          @hystax/backend
 katara/           @hystax/backend
 keeper/           @hystax/backend
 metroculus/       @hystax/backend

.github/workflows/auto-assign-author.yml

@@ -9,16 +9,50 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
+      issues: write  # Required because assignees API works via issues 
+      contents: read # Minimal read access to repository contents
 
     steps:
       - name: Assign PR author
         uses: actions/github-script@v8
         with:
           script: |
-            const reporter = context.actor
-            await github.rest.issues.addAssignees({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.payload.pull_request.number,
-              assignees: [reporter]
-            })
+            // Repository owner (organization or user who owns the repo)
+            const owner = context.repo.owner;
+
+            // Repository name
+            const repo = context.repo.repo;
+
+            // Login of the pull request author
+            const prAuthor = context.payload.pull_request.user.login;
+
+            try {
+              // Check the permission level of the PR author
+              const { data: perm } =
+                await github.rest.repos.getCollaboratorPermissionLevel({
+                  owner,
+                  repo,
+                  username: prAuthor
+                });
+
+              // If the author has write/maintain/admin rights → assign them to the PR
+              if (["write", "maintain", "admin"].includes(perm.permission)) {
+                await github.rest.issues.addAssignees({
+                  owner,
+                  repo,
+                  issue_number: context.payload.pull_request.number,
+                  assignees: [prAuthor]
+                });
+                console.log(`Assigned PR to ${prAuthor}`);
+              } else {
+                // If the author has insufficient rights → skip assignment
+                console.log(
+                  `Skipping assignment for ${prAuthor}: permission=${perm.permission}`
+                );
+              }
+            } catch (error) {
+              // If the author is not a collaborator (e.g., PR from a fork) → skip without failing
+              console.log(
+                `Skipping assignment for ${prAuthor}: not a collaborator`
+              );
+            }

.gitignore

@@ -17,11 +17,15 @@ rest_api/.clickhouse
 **/.pytest_cache/
 **/.ruff_cache/
 # Build files
+**/build
 **/dist
 **/*egg-info/
 **/*.tar.gz
 
 # jira_ui
 jira_ui/*/.env
 jira_ui/*/node_modules
-jira_ui/*/build/
+jira_ui/*/build/
+
+# Vagrant
+optscale-deploy/.vagrant/

README.md

@@ -2,12 +2,15 @@
 ⭐ Drop a star to support OptScale ⭐
 </p>
 
-# FinOps and cloud cost management platform to run any cloud workload with optimal performance and cost
+# Open-Source FinOps & Cloud Cost Optimization Platform
 
 <p align="center">
 <a href="documentation/images/cover-GitHub.png"><img src="documentation/images/FinOps-platform.png" width="40%" align="middle"></a>
 </p>
-OptScale is an open source FinOps platform that optimizes cloud costs and performance for any workload, providing effective cloud cost management for all types of organizations.
+
+<br>OptScale is an open-source  [FinOps and cloud cost optimization platform](https://hystax.com/optscale/finops-overview/) that helps engineering and finance teams control and reduce spend across AWS, Microsoft Azure, GCP, Alibaba Cloud, and Kubernetes clusters.
+It provides deep visibility into infrastructure costs, automated optimization recommendations, and governance tools for R&D and data platforms.
+
 <br>
 <br>
 <p align="center">
@@ -29,21 +32,56 @@ OptScale is an open source FinOps platform that optimizes cloud costs and perfor
 ![Average cloud cost savings](https://img.shields.io/badge/Average_cloud_cost_savings-38%25-yellow)
 
 </div>
+
+<br>
+
+<div>
+<br>  
+  <img src="documentation/images/Max_Kuzkin.png" width="80" align="left" style="border-radius: 50%; margin-right: 15px">
+  <i>
+    “Hystax OptScale has been a game-changer for our FinOps practice. Its powerful capabilities, flexibility, and seamless integration have empowered us to deliver unprecedented transparency, control, and cost optimization for our clients. We truly value our partnership with Hystax and are excited to innovate further together.”
+  </i>
+  <div align="right">
+    <i><b>Max Kuzkin</b>, General Manager, SoftwareOne Platform</i>
+  </div>
+</div>
+
+<br>
+
 <br>
 
-## OptScale FinOps and cloud cost optimization capabilities
+## Overview
+OptScale connects to your cloud accounts and Kubernetes clusters, ingests billing and usage data, and analyzes infrastructure consumption to surface actionable insights that eliminate waste and optimize resource usage.
+It supports multi-cloud environments and integrates with popular data platforms, including Databricks, Amazon S3, and Amazon Redshift.
+
+<br>
+
+## Key Features
+### Cost optimization
+<li>Unused and idle resource detection for VMs, volumes, databases, and other cloud resources</li>
+<li>Rightsizing recommendations for overprovisioned instances and workloads</li>
+<li>R&D resource power management to automatically stop non-production environments outside working hours</li>
+<li>Commitment utilization analysis for Reserved Instances, Savings Plans, and Spot Instances</li>
+
+
+### FinOps and governance
+<li>FinOps dashboards for engineering, finance, and product teams to track and allocate cloud spend</li>
+<li>Budgeting and alerting for cost anomalies, spikes, and budget overruns</li>
+<li>Tagging and ownership visibility to attribute costs to teams, projects, and environments</li>
+<li>Policy-driven governance and automation controls</li>
+
+
+### Data and AI/ML workloads
+<li>Databricks cost analytics with detailed visibility into cluster usage and idle time</li>
+<li>S3 and object storage optimization (lifecycle, unused buckets, storage class recommendations)</li>
+
+
+### Kubernetes and multi‑cloud
+<li>Kubernetes cluster cost allocation per namespace, workload, and label with workload-level visibility</li>
+<li>Multi-cloud support for AWS, Microsoft Azure, Google Cloud, and Alibaba Cloud from a single OptScale instance</li>
 
-<li>Optimal utilization of Reserved Instances, Savings Plans, and Spot Instances</li>
-<li>Unused resource detection</li>
-<li>R&D resource power management and rightsizing</li>
-<li>S3 duplicate object finder</li>
-<li>Resource bottleneck identification</li>
-<li>Optimal instance type and family selection</li>
-<li>Databricks support</li>
-<li>S3 and Redshift instrumentation</li>
-<li>VM Power Schedules</li>
+<br><br>Learn more about [OptScale features for FinOps and multi-cloud cost management](https://hystax.com/optscale/finops-capabilities-and-benefits/).
 
-
 <br>You can check OptScale [live demo](https://my.optscale.com/live-demo) to explore product features on a pre-generated demo organization.
 <br>Learn more about the Hystax OptScale platform and its capabilities at [our website](https://hystax.com).
 
@@ -83,7 +121,7 @@ NVMe SSD is recommended.
 
 **OS Required**: [Ubuntu 24.04](https://releases.ubuntu.com/noble/).
 
-_The current installation process should work also on Ubuntu 22.04_
+_The current installation process should also work on Ubuntu 22.04_
 
 #### Updating old installation
 please follow [this document](documentation/update_to_24.04.md) to upgrade your existing installation on Ubuntu 20.04.

auth/auth_server/alembic/versions/88f7bebcdcb9_add_user_options.py

@@ -0,0 +1,40 @@
+# pylint: disable=C0103
+"""Add user option table
+
+Revision ID: 88f7bebcdcb9
+Revises: 998f27cb8c46
+Create Date: 2026-03-10 16:27:40.340018
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '88f7bebcdcb9'
+down_revision = '998f27cb8c46'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table(
+        'user_option',
+        sa.Column('id', sa.String(36), nullable=False),
+        sa.Column('created_at', sa.Integer(), nullable=False),
+        sa.Column('deleted_at', sa.Integer(), nullable=False),
+        sa.Column('user_id', sa.String(36), nullable=False),
+        sa.Column('name', sa.String(256), nullable=False),
+        sa.Column('value', sa.TEXT(), nullable=False),
+        sa.PrimaryKeyConstraint('id'),
+        sa.ForeignKeyConstraint(['user_id'], ['user.id']),
+        sa.UniqueConstraint('user_id', 'name', 'deleted_at',
+                            name='uc_user_id_name_deleted_at')
+    )
+    op.create_index(op.f('ix_user_option_user_name'),
+                    'user_option', ['user_id', 'name'],
+                    unique=False)
+
+
+def downgrade():
+    op.drop_table('user_option')

auth/auth_server/constants.py

@@ -28,7 +28,10 @@ class Urls:
             r"%s/users/(?P<user_id>[^/]+)/action_resources",
         'bulk_action_resources': r"%s/bulk_action_resources",
         'signin': r"%s/signin",
-        'verification_codes': r"%s/verification_codes"
+        'verification_codes': r"%s/verification_codes",
+        'user_options_collection': r"%s/users/(?P<user_id>[^/]+)/options",
+        'user_options':
+            r"%s/users/(?P<user_id>[^/]+)/options/(?P<option_name>[^/]+)"
     }
 
     def __init__(self):

auth/auth_server/controllers/user_option.py

@@ -0,0 +1,93 @@
+import logging
+
+from auth.auth_server.controllers.base import BaseController
+from auth.auth_server.controllers.base_async import BaseAsyncControllerWrapper
+from auth.auth_server.exceptions import Err
+from auth.auth_server.models.models import UserOption, User
+from auth.auth_server.utils import (strtobool, check_string_attribute,
+                                    check_valid_json)
+from tools.optscale_exceptions.common_exc import (
+    WrongArgumentsException, ForbiddenException, NotFoundException)
+
+LOG = logging.getLogger(__name__)
+
+
+class UserOptionsController(BaseController):
+    def _get_model_type(self):
+        return UserOption
+
+    def check_user_access(self, user_id, token):
+        req_user = self.get_user_by_id(user_id)
+        if not req_user:
+            raise NotFoundException(Err.OA0003, [User.__name__, user_id])
+        if token:
+            token_user = self.get_user(token)
+            if token_user.id != user_id:
+                raise ForbiddenException(Err.OA0012, [])
+        return req_user
+
+    def get_by_name(self, user_id, option_name, **kwargs):
+        token = kwargs.get('token', None)
+        self.check_user_access(user_id, token)
+        user_options = super().list(user_id=user_id, name=option_name)
+        if len(user_options) > 1:
+            raise WrongArgumentsException(Err.OA0029, [])
+        elif len(user_options) == 0:
+            return '{}'
+        else:
+            return user_options[0].value
+
+    def list(self, user_id, **kwargs):
+        token = kwargs.get('token', None)
+        self.check_user_access(user_id, token)
+        with_values = kwargs.get('with_values', False)
+        try:
+            if not isinstance(with_values, bool):
+                with_values = strtobool(with_values)
+        except ValueError:
+            raise WrongArgumentsException(Err.OA0063, ['with_values'])
+        base_list = super().list(user_id=user_id)
+        result = [
+            {
+                'name': obj.name, 'value': obj.value
+            } if with_values else obj.name for obj in base_list
+        ]
+        return result
+
+    def patch(self, user_id, option_name, value_data, **kwargs):
+        token = kwargs.get('token', None)
+        self.check_user_access(user_id, token)
+
+        options = super().list(user_id=user_id, name=option_name)
+        check_valid_json(value_data, 'value')
+        if len(options) > 1:
+            raise WrongArgumentsException(Err.OA0029, [])
+        elif len(options) == 0:
+            check_string_attribute('option_name', option_name,
+                                   max_length=256)
+            res = super().create(user_id=user_id, name=option_name,
+                                 deleted_at=0, value=value_data)
+            return res.value
+        else:
+            option = options[0]
+            res = super().edit(option.id, value=value_data)
+            return res.value
+
+    def delete(self, user_id, option_name, **kwargs):
+        token = kwargs.get('token', None)
+        self.check_user_access(user_id, token)
+
+        options = super().list(user_id=user_id, name=option_name)
+        if len(options) > 1:
+            raise WrongArgumentsException(Err.OA0029, [])
+        elif len(options) == 0:
+            raise NotFoundException(
+                Err.OA0003, [UserOption.__name__, option_name])
+        else:
+            option = options[0]
+            super().delete(option.id)
+
+
+class UserOptionsAsyncController(BaseAsyncControllerWrapper):
+    def _get_controller_class(self):
+        return UserOptionsController

auth/auth_server/exceptions.py

@@ -130,7 +130,7 @@ class Err(enum.Enum):
         "Invalid model type: %s",
     ]
     OA0046 = [
-        "Payload is not a valid json",
+        "%s is not a valid json",
     ]
     OA0047 = [
         "Payload is malformed",

auth/auth_server/handlers/v2/__init__.py

@@ -12,3 +12,4 @@
 import auth.auth_server.handlers.v2.types
 import auth.auth_server.handlers.v2.signin
 import auth.auth_server.handlers.v2.verification_codes
+import auth.auth_server.handlers.v2.user_options

auth/auth_server/handlers/v2/base.py

@@ -1,6 +1,6 @@
 import json
 
-from tools.optscale_exceptions.common_exc import WrongArgumentsException
+from tools.optscale_exceptions.http_exc import OptHTTPError
 
 from auth.auth_server.exceptions import Err
 from auth.auth_server.handlers.v1.base import BaseHandler as BaseHandler_v1
@@ -17,13 +17,13 @@ def get_arg(self, name, type_, default=None, repeated=False):
                     if type_ == bool and isinstance(arg, str):
                         lowered = arg.lower()
                         if lowered not in ['true', 'false']:
-                            raise WrongArgumentsException(Err.OA0063, [name])
+                            raise OptHTTPError(400, Err.OA0063, [name])
                         return lowered == 'true'
                     return type_(arg)
                 else:
                     return arg
         except ValueError:
-            raise WrongArgumentsException(Err.OA0060, [name])
+            raise OptHTTPError(400, Err.OA0060, [name])
 
     def parse_url_params_into_payload(self, payload_map_params):
         data = {}