feat: enhance E2E testing setup with Cloudflare Access support and improved authentication handling

- Added support for Cloudflare Access headers in Playwright configuration and teardown.
- Updated global setup for E2E tests to validate authentication credentials and handle login more robustly.
- Enhanced README with authentication configuration details and supported methods.
- Updated Playwright reporter configuration to include JSON output for test results.

.claude/skills/frontend-testing/CHECKLIST.md

@@ -74,9 +74,9 @@ Use this checklist when generating or reviewing tests for Dify frontend componen
 ### Mocks
 
 - [ ] **DO NOT mock base components** (`@/app/components/base/*`)
-- [ ] `vi.clearAllMocks()` in `beforeEach` (not `afterEach`)
+- [ ] `jest.clearAllMocks()` in `beforeEach` (not `afterEach`)
 - [ ] Shared mock state reset in `beforeEach`
-- [ ] i18n uses global mock (auto-loaded in `web/vitest.setup.ts`); only override locally for custom translations
+- [ ] i18n mock returns keys (not empty strings)
 - [ ] Router mocks match actual Next.js API
 - [ ] Mocks reflect actual component conditional behavior
 - [ ] Only mock: API services, complex context providers, third-party libs
@@ -114,15 +114,15 @@ For the current file being tested:
 
 **Run these checks after EACH test file, not just at the end:**
 
-- [ ] Run `pnpm test path/to/file.spec.tsx` - **MUST PASS before next file**
+- [ ] Run `pnpm test -- path/to/file.spec.tsx` - **MUST PASS before next file**
 - [ ] Fix any failures immediately
 - [ ] Mark file as complete in todo list
 - [ ] Only then proceed to next file
 
 ### After All Files Complete
 
-- [ ] Run full directory test: `pnpm test path/to/directory/`
-- [ ] Check coverage report: `pnpm test:coverage`
+- [ ] Run full directory test: `pnpm test -- path/to/directory/`
+- [ ] Check coverage report: `pnpm test -- --coverage`
 - [ ] Run `pnpm lint:fix` on all test files
 - [ ] Run `pnpm type-check:tsgo`
 
@@ -132,10 +132,10 @@ For the current file being tested:
 
 ```typescript
 // ❌ Mock doesn't match actual behavior
-vi.mock('./Component', () => () => <div>Mocked</div>)
+jest.mock('./Component', () => () => <div>Mocked</div>)
 
 // ✅ Mock matches actual conditional logic
-vi.mock('./Component', () => ({ isOpen }: any) =>
+jest.mock('./Component', () => ({ isOpen }: any) =>
   isOpen ? <div>Content</div> : null
 )
 ```
@@ -145,7 +145,7 @@ vi.mock('./Component', () => ({ isOpen }: any) =>
 ```typescript
 // ❌ Shared state not reset
 let mockState = false
-vi.mock('./useHook', () => () => mockState)
+jest.mock('./useHook', () => () => mockState)
 
 // ✅ Reset in beforeEach
 beforeEach(() => {
@@ -186,16 +186,16 @@ Always test these scenarios:
 
 ```bash
 # Run specific test
-pnpm test path/to/file.spec.tsx
+pnpm test -- path/to/file.spec.tsx
 
 # Run with coverage
-pnpm test:coverage path/to/file.spec.tsx
+pnpm test -- --coverage path/to/file.spec.tsx
 
 # Watch mode
-pnpm test:watch path/to/file.spec.tsx
+pnpm test -- --watch path/to/file.spec.tsx
 
 # Update snapshots (use sparingly)
-pnpm test -u path/to/file.spec.tsx
+pnpm test -- -u path/to/file.spec.tsx
 
 # Analyze component
 pnpm analyze-component path/to/component.tsx

.claude/skills/frontend-testing/SKILL.md

@@ -1,13 +1,13 @@
 ---
-name: frontend-testing
-description: Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and utilities. Triggers on testing, spec files, coverage, Vitest, RTL, unit tests, integration tests, or write/review test requests.
+name: Dify Frontend Testing
+description: Generate Jest + React Testing Library tests for Dify frontend components, hooks, and utilities. Triggers on testing, spec files, coverage, Jest, RTL, unit tests, integration tests, or write/review test requests.
 ---
 
 # Dify Frontend Testing Skill
 
 This skill enables Claude to generate high-quality, comprehensive frontend tests for the Dify project following established conventions and best practices.
 
-> **⚠️ Authoritative Source**: This skill is derived from `web/testing/testing.md`. Use Vitest mock/timer APIs (`vi.*`).
+> **⚠️ Authoritative Source**: This skill is derived from `web/testing/testing.md`. When in doubt, always refer to that document as the canonical specification.
 
 ## When to Apply This Skill
 
@@ -15,7 +15,7 @@ Apply this skill when the user:
 
 - Asks to **write tests** for a component, hook, or utility
 - Asks to **review existing tests** for completeness
-- Mentions **Vitest**, **React Testing Library**, **RTL**, or **spec files**
+- Mentions **Jest**, **React Testing Library**, **RTL**, or **spec files**
 - Requests **test coverage** improvement
 - Uses `pnpm analyze-component` output as context
 - Mentions **testing**, **unit tests**, or **integration tests** for frontend code
@@ -33,9 +33,9 @@ Apply this skill when the user:
 
 | Tool | Version | Purpose |
 |------|---------|---------|
-| Vitest | 4.0.16 | Test runner |
+| Jest | 29.7 | Test runner |
 | React Testing Library | 16.0 | Component testing |
-| jsdom | - | Test environment |
+| happy-dom | - | Test environment |
 | nock | 14.0 | HTTP mocking |
 | TypeScript | 5.x | Type safety |
 
@@ -46,13 +46,13 @@ Apply this skill when the user:
 pnpm test
 
 # Watch mode
-pnpm test:watch
+pnpm test -- --watch
 
 # Run specific file
-pnpm test path/to/file.spec.tsx
+pnpm test -- path/to/file.spec.tsx
 
 # Generate coverage report
-pnpm test:coverage
+pnpm test -- --coverage
 
 # Analyze component complexity
 pnpm analyze-component <path>
@@ -77,9 +77,9 @@ import Component from './index'
 // import { ChildComponent } from './child-component'
 
 // ✅ Mock external dependencies only
-vi.mock('@/service/api')
-vi.mock('next/navigation', () => ({
-  useRouter: () => ({ push: vi.fn() }),
+jest.mock('@/service/api')
+jest.mock('next/navigation', () => ({
+  useRouter: () => ({ push: jest.fn() }),
   usePathname: () => '/test',
 }))
 
@@ -88,7 +88,7 @@ let mockSharedState = false
 
 describe('ComponentName', () => {
   beforeEach(() => {
-    vi.clearAllMocks()  // ✅ Reset mocks BEFORE each test
+    jest.clearAllMocks()  // ✅ Reset mocks BEFORE each test
     mockSharedState = false  // ✅ Reset shared state
   })
 
@@ -117,7 +117,7 @@ describe('ComponentName', () => {
   // User Interactions
   describe('User Interactions', () => {
     it('should handle click events', () => {
-      const handleClick = vi.fn()
+      const handleClick = jest.fn()
       render(<Component onClick={handleClick} />)
       
       fireEvent.click(screen.getByRole('button'))
@@ -155,7 +155,7 @@ describe('ComponentName', () => {
 For each file:
   ┌────────────────────────────────────────┐
   │ 1. Write test                          │
-  │ 2. Run: pnpm test <file>.spec.tsx      │
+  │ 2. Run: pnpm test -- <file>.spec.tsx   │
   │ 3. PASS? → Mark complete, next file    │
   │    FAIL? → Fix first, then continue    │
   └────────────────────────────────────────┘
@@ -178,7 +178,7 @@ Process in this order for multi-file testing:
 - **500+ lines**: Consider splitting before testing
 - **Many dependencies**: Extract logic into hooks first
 
-> 📖 See `references/workflow.md` for complete workflow details and todo list format.
+> 📖 See `guides/workflow.md` for complete workflow details and todo list format.
 
 ## Testing Strategy
 
@@ -289,18 +289,17 @@ For each test file generated, aim for:
 - ✅ **>95%** branch coverage
 - ✅ **>95%** line coverage
 
-> **Note**: For multi-file directories, process one file at a time with full coverage each. See `references/workflow.md`.
+> **Note**: For multi-file directories, process one file at a time with full coverage each. See `guides/workflow.md`.
 
 ## Detailed Guides
 
 For more detailed information, refer to:
 
-- `references/workflow.md` - **Incremental testing workflow** (MUST READ for multi-file testing)
-- `references/mocking.md` - Mock patterns and best practices
-- `references/async-testing.md` - Async operations and API calls
-- `references/domain-components.md` - Workflow, Dataset, Configuration testing
-- `references/common-patterns.md` - Frequently used testing patterns
-- `references/checklist.md` - Test generation checklist and validation steps
+- `guides/workflow.md` - **Incremental testing workflow** (MUST READ for multi-file testing)
+- `guides/mocking.md` - Mock patterns and best practices
+- `guides/async-testing.md` - Async operations and API calls
+- `guides/domain-components.md` - Workflow, Dataset, Configuration testing
+- `guides/common-patterns.md` - Frequently used testing patterns
 
 ## Authoritative References
 
@@ -316,7 +315,6 @@ For more detailed information, refer to:
 
 ### Project Configuration
 
-- `web/vitest.config.ts` - Vitest configuration
-- `web/vitest.setup.ts` - Test environment setup
+- `web/jest.config.ts` - Jest configuration
+- `web/jest.setup.ts` - Test environment setup
 - `web/testing/analyze-component.js` - Component analysis tool
-- Modules are not mocked automatically. Global mocks live in `web/vitest.setup.ts` (for example `react-i18next`, `next/image`); mock other modules like `ky` or `mime` locally in test files.

.claude/skills/frontend-testing/guides/async-testing.md

@@ -49,7 +49,7 @@ import userEvent from '@testing-library/user-event'
 
 it('should submit form', async () => {
   const user = userEvent.setup()
-  const onSubmit = vi.fn()
+  const onSubmit = jest.fn()
   
   render(<Form onSubmit={onSubmit} />)
   
@@ -77,15 +77,15 @@ it('should submit form', async () => {
 ```typescript
 describe('Debounced Search', () => {
   beforeEach(() => {
-    vi.useFakeTimers()
+    jest.useFakeTimers()
   })
 
   afterEach(() => {
-    vi.useRealTimers()
+    jest.useRealTimers()
   })
 
   it('should debounce search input', async () => {
-    const onSearch = vi.fn()
+    const onSearch = jest.fn()
     render(<SearchInput onSearch={onSearch} debounceMs={300} />)
     
     // Type in the input
@@ -95,7 +95,7 @@ describe('Debounced Search', () => {
     expect(onSearch).not.toHaveBeenCalled()
     
     // Advance timers
-    vi.advanceTimersByTime(300)
+    jest.advanceTimersByTime(300)
     
     // Now search is called
     expect(onSearch).toHaveBeenCalledWith('query')
@@ -107,8 +107,8 @@ describe('Debounced Search', () => {
 
 ```typescript
 it('should retry on failure', async () => {
-  vi.useFakeTimers()
-  const fetchData = vi.fn()
+  jest.useFakeTimers()
+  const fetchData = jest.fn()
     .mockRejectedValueOnce(new Error('Network error'))
     .mockResolvedValueOnce({ data: 'success' })
   
@@ -120,7 +120,7 @@ it('should retry on failure', async () => {
   })
   
   // Advance timer for retry
-  vi.advanceTimersByTime(1000)
+  jest.advanceTimersByTime(1000)
   
   // Second call succeeds
   await waitFor(() => {
@@ -128,7 +128,7 @@ it('should retry on failure', async () => {
     expect(screen.getByText('success')).toBeInTheDocument()
   })
   
-  vi.useRealTimers()
+  jest.useRealTimers()
 })
 ```
 
@@ -136,19 +136,19 @@ it('should retry on failure', async () => {
 
 ```typescript
 // Run all pending timers
-vi.runAllTimers()
+jest.runAllTimers()
 
 // Run only pending timers (not new ones created during execution)
-vi.runOnlyPendingTimers()
+jest.runOnlyPendingTimers()
 
 // Advance by specific time
-vi.advanceTimersByTime(1000)
+jest.advanceTimersByTime(1000)
 
 // Get current fake time
-Date.now()
+jest.now()
 
 // Clear all timers
-vi.clearAllTimers()
+jest.clearAllTimers()
 ```
 
 ## API Testing Patterns
@@ -158,7 +158,7 @@ vi.clearAllTimers()
 ```typescript
 describe('DataFetcher', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
   })
 
   it('should show loading state', () => {
@@ -241,7 +241,7 @@ it('should submit form and show success', async () => {
 
 ```typescript
 it('should fetch data on mount', async () => {
-  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
+  const fetchData = jest.fn().mockResolvedValue({ data: 'test' })
   
   render(<ComponentWithEffect fetchData={fetchData} />)
   
@@ -255,7 +255,7 @@ it('should fetch data on mount', async () => {
 
 ```typescript
 it('should refetch when id changes', async () => {
-  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
+  const fetchData = jest.fn().mockResolvedValue({ data: 'test' })
   
   const { rerender } = render(<ComponentWithEffect id="1" fetchData={fetchData} />)
   
@@ -276,8 +276,8 @@ it('should refetch when id changes', async () => {
 
 ```typescript
 it('should cleanup subscription on unmount', () => {
-  const subscribe = vi.fn()
-  const unsubscribe = vi.fn()
+  const subscribe = jest.fn()
+  const unsubscribe = jest.fn()
   subscribe.mockReturnValue(unsubscribe)
   
   const { unmount } = render(<SubscriptionComponent subscribe={subscribe} />)
@@ -332,14 +332,14 @@ expect(description).toBeInTheDocument()
 
 ```typescript
 // Bad - fake timers don't work well with real Promises
-vi.useFakeTimers()
+jest.useFakeTimers()
 await waitFor(() => {
   expect(screen.getByText('Data')).toBeInTheDocument()
 }) // May timeout!
 
 // Good - use runAllTimers or advanceTimersByTime
-vi.useFakeTimers()
+jest.useFakeTimers()
 render(<Component />)
-vi.runAllTimers()
+jest.runAllTimers()
 expect(screen.getByText('Data')).toBeInTheDocument()
 ```

.claude/skills/frontend-testing/guides/common-patterns.md

@@ -126,7 +126,7 @@ describe('Counter', () => {
 describe('ControlledInput', () => {
   it('should call onChange with new value', async () => {
     const user = userEvent.setup()
-    const handleChange = vi.fn()
+    const handleChange = jest.fn()
     
     render(<ControlledInput value="" onChange={handleChange} />)
     
@@ -136,7 +136,7 @@ describe('ControlledInput', () => {
   })
 
   it('should display controlled value', () => {
-    render(<ControlledInput value="controlled" onChange={vi.fn()} />)
+    render(<ControlledInput value="controlled" onChange={jest.fn()} />)
     
     expect(screen.getByRole('textbox')).toHaveValue('controlled')
   })
@@ -195,7 +195,7 @@ describe('ItemList', () => {
 
   it('should handle item selection', async () => {
     const user = userEvent.setup()
-    const onSelect = vi.fn()
+    const onSelect = jest.fn()
     
     render(<ItemList items={items} onSelect={onSelect} />)
     
@@ -217,20 +217,20 @@ describe('ItemList', () => {
 ```typescript
 describe('Modal', () => {
   it('should not render when closed', () => {
-    render(<Modal isOpen={false} onClose={vi.fn()} />)
+    render(<Modal isOpen={false} onClose={jest.fn()} />)
     
     expect(screen.queryByRole('dialog')).not.toBeInTheDocument()
   })
 
   it('should render when open', () => {
-    render(<Modal isOpen={true} onClose={vi.fn()} />)
+    render(<Modal isOpen={true} onClose={jest.fn()} />)
     
     expect(screen.getByRole('dialog')).toBeInTheDocument()
   })
 
   it('should call onClose when clicking overlay', async () => {
     const user = userEvent.setup()
-    const handleClose = vi.fn()
+    const handleClose = jest.fn()
     
     render(<Modal isOpen={true} onClose={handleClose} />)
     
@@ -241,7 +241,7 @@ describe('Modal', () => {
 
   it('should call onClose when pressing Escape', async () => {
     const user = userEvent.setup()
-    const handleClose = vi.fn()
+    const handleClose = jest.fn()
     
     render(<Modal isOpen={true} onClose={handleClose} />)
     
@@ -254,7 +254,7 @@ describe('Modal', () => {
     const user = userEvent.setup()
     
     render(
-      <Modal isOpen={true} onClose={vi.fn()}>
+      <Modal isOpen={true} onClose={jest.fn()}>
         <button>First</button>
         <button>Second</button>
       </Modal>
@@ -279,7 +279,7 @@ describe('Modal', () => {
 describe('LoginForm', () => {
   it('should submit valid form', async () => {
     const user = userEvent.setup()
-    const onSubmit = vi.fn()
+    const onSubmit = jest.fn()
     
     render(<LoginForm onSubmit={onSubmit} />)
     
@@ -296,7 +296,7 @@ describe('LoginForm', () => {
   it('should show validation errors', async () => {
     const user = userEvent.setup()
     
-    render(<LoginForm onSubmit={vi.fn()} />)
+    render(<LoginForm onSubmit={jest.fn()} />)
     
     // Submit empty form
     await user.click(screen.getByRole('button', { name: /sign in/i }))
@@ -308,7 +308,7 @@ describe('LoginForm', () => {
   it('should validate email format', async () => {
     const user = userEvent.setup()
     
-    render(<LoginForm onSubmit={vi.fn()} />)
+    render(<LoginForm onSubmit={jest.fn()} />)
     
     await user.type(screen.getByLabelText(/email/i), 'invalid-email')
     await user.click(screen.getByRole('button', { name: /sign in/i }))
@@ -318,7 +318,7 @@ describe('LoginForm', () => {
 
   it('should disable submit button while submitting', async () => {
     const user = userEvent.setup()
-    const onSubmit = vi.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
+    const onSubmit = jest.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
     
     render(<LoginForm onSubmit={onSubmit} />)
     
@@ -407,7 +407,7 @@ it('test 1', () => {
 
 // Good - cleanup is automatic with RTL, but reset mocks
 beforeEach(() => {
-  vi.clearAllMocks()
+  jest.clearAllMocks()
 })
 ```
 

.claude/skills/frontend-testing/guides/domain-components.md

@@ -23,7 +23,7 @@ import NodeConfigPanel from './node-config-panel'
 import { createMockNode, createMockWorkflowContext } from '@/__mocks__/workflow'
 
 // Mock workflow context
-vi.mock('@/app/components/workflow/hooks', () => ({
+jest.mock('@/app/components/workflow/hooks', () => ({
   useWorkflowStore: () => mockWorkflowStore,
   useNodesInteractions: () => mockNodesInteractions,
 }))
@@ -31,21 +31,21 @@ vi.mock('@/app/components/workflow/hooks', () => ({
 let mockWorkflowStore = {
   nodes: [],
   edges: [],
-  updateNode: vi.fn(),
+  updateNode: jest.fn(),
 }
 
 let mockNodesInteractions = {
-  handleNodeSelect: vi.fn(),
-  handleNodeDelete: vi.fn(),
+  handleNodeSelect: jest.fn(),
+  handleNodeDelete: jest.fn(),
 }
 
 describe('NodeConfigPanel', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
     mockWorkflowStore = {
       nodes: [],
       edges: [],
-      updateNode: vi.fn(),
+      updateNode: jest.fn(),
     }
   })
 
@@ -161,23 +161,23 @@ import { render, screen, fireEvent, waitFor } from '@testing-library/react'
 import userEvent from '@testing-library/user-event'
 import DocumentUploader from './document-uploader'
 
-vi.mock('@/service/datasets', () => ({
-  uploadDocument: vi.fn(),
-  parseDocument: vi.fn(),
+jest.mock('@/service/datasets', () => ({
+  uploadDocument: jest.fn(),
+  parseDocument: jest.fn(),
 }))
 
 import * as datasetService from '@/service/datasets'
-const mockedService = vi.mocked(datasetService)
+const mockedService = datasetService as jest.Mocked<typeof datasetService>
 
 describe('DocumentUploader', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
   })
 
   describe('File Upload', () => {
     it('should accept valid file types', async () => {
       const user = userEvent.setup()
-      const onUpload = vi.fn()
+      const onUpload = jest.fn()
       mockedService.uploadDocument.mockResolvedValue({ id: 'doc-1' })
       
       render(<DocumentUploader onUpload={onUpload} />)
@@ -326,14 +326,14 @@ describe('DocumentList', () => {
   describe('Search & Filtering', () => {
     it('should filter by search query', async () => {
       const user = userEvent.setup()
-      vi.useFakeTimers()
+      jest.useFakeTimers()
       
       render(<DocumentList datasetId="ds-1" />)
       
       await user.type(screen.getByPlaceholderText(/search/i), 'test query')
       
       // Debounce
-      vi.advanceTimersByTime(300)
+      jest.advanceTimersByTime(300)
       
       await waitFor(() => {
         expect(mockedService.getDocuments).toHaveBeenCalledWith(
@@ -342,7 +342,7 @@ describe('DocumentList', () => {
         )
       })
       
-      vi.useRealTimers()
+      jest.useRealTimers()
     })
   })
 })
@@ -367,13 +367,13 @@ import { render, screen, fireEvent, waitFor } from '@testing-library/react'
 import userEvent from '@testing-library/user-event'
 import AppConfigForm from './app-config-form'
 
-vi.mock('@/service/apps', () => ({
-  updateAppConfig: vi.fn(),
-  getAppConfig: vi.fn(),
+jest.mock('@/service/apps', () => ({
+  updateAppConfig: jest.fn(),
+  getAppConfig: jest.fn(),
 }))
 
 import * as appService from '@/service/apps'
-const mockedService = vi.mocked(appService)
+const mockedService = appService as jest.Mocked<typeof appService>
 
 describe('AppConfigForm', () => {
   const defaultConfig = {
@@ -384,7 +384,7 @@ describe('AppConfigForm', () => {
   }
 
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
     mockedService.getAppConfig.mockResolvedValue(defaultConfig)
   })
 

.claude/skills/frontend-testing/guides/mocking.md

@@ -19,8 +19,8 @@
 
 ```typescript
 // ❌ WRONG: Don't mock base components
-vi.mock('@/app/components/base/loading', () => () => <div>Loading</div>)
-vi.mock('@/app/components/base/button', () => ({ children }: any) => <button>{children}</button>)
+jest.mock('@/app/components/base/loading', () => () => <div>Loading</div>)
+jest.mock('@/app/components/base/button', () => ({ children }: any) => <button>{children}</button>)
 
 // ✅ CORRECT: Import and use real base components
 import Loading from '@/app/components/base/loading'
@@ -41,30 +41,17 @@ Only mock these categories:
 
 | Location | Purpose |
 |----------|---------|
-| `web/vitest.setup.ts` | Global mocks shared by all tests (for example `react-i18next`, `next/image`) |
-| `web/__mocks__/` | Reusable mock factories shared across multiple test files |
-| Test file | Test-specific mocks, inline with `vi.mock()` |
-
-Modules are not mocked automatically. Use `vi.mock` in test files, or add global mocks in `web/vitest.setup.ts`.
+| `web/__mocks__/` | Reusable mocks shared across multiple test files |
+| Test file | Test-specific mocks, inline with `jest.mock()` |
 
 ## Essential Mocks
 
-### 1. i18n (Auto-loaded via Global Mock)
-
-A global mock is defined in `web/vitest.setup.ts` and is auto-loaded by Vitest setup.
-**No explicit mock needed** for most tests - it returns translation keys as-is.
-
-For tests requiring custom translations, override the mock:
+### 1. i18n (Always Required)
 
 ```typescript
-vi.mock('react-i18next', () => ({
+jest.mock('react-i18next', () => ({
   useTranslation: () => ({
-    t: (key: string) => {
-      const translations: Record<string, string> = {
-        'my.custom.key': 'Custom translation',
-      }
-      return translations[key] || key
-    },
+    t: (key: string) => key,
   }),
 }))
 ```
@@ -72,15 +59,15 @@ vi.mock('react-i18next', () => ({
 ### 2. Next.js Router
 
 ```typescript
-const mockPush = vi.fn()
-const mockReplace = vi.fn()
+const mockPush = jest.fn()
+const mockReplace = jest.fn()
 
-vi.mock('next/navigation', () => ({
+jest.mock('next/navigation', () => ({
   useRouter: () => ({
     push: mockPush,
     replace: mockReplace,
-    back: vi.fn(),
-    prefetch: vi.fn(),
+    back: jest.fn(),
+    prefetch: jest.fn(),
   }),
   usePathname: () => '/current-path',
   useSearchParams: () => new URLSearchParams('?key=value'),
@@ -88,7 +75,7 @@ vi.mock('next/navigation', () => ({
 
 describe('Component', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
   })
 
   it('should navigate on click', () => {
@@ -105,7 +92,7 @@ describe('Component', () => {
 // ⚠️ Important: Use shared state for components that depend on each other
 let mockPortalOpenState = false
 
-vi.mock('@/app/components/base/portal-to-follow-elem', () => ({
+jest.mock('@/app/components/base/portal-to-follow-elem', () => ({
   PortalToFollowElem: ({ children, open, ...props }: any) => {
     mockPortalOpenState = open || false  // Update shared state
     return <div data-testid="portal" data-open={open}>{children}</div>
@@ -122,7 +109,7 @@ vi.mock('@/app/components/base/portal-to-follow-elem', () => ({
 
 describe('Component', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
     mockPortalOpenState = false  // ✅ Reset shared state
   })
 })
@@ -133,13 +120,13 @@ describe('Component', () => {
 ```typescript
 import * as api from '@/service/api'
 
-vi.mock('@/service/api')
+jest.mock('@/service/api')
 
-const mockedApi = vi.mocked(api)
+const mockedApi = api as jest.Mocked<typeof api>
 
 describe('Component', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
     
     // Setup default mock implementation
     mockedApi.fetchData.mockResolvedValue({ data: [] })
@@ -242,9 +229,32 @@ describe('Component with Context', () => {
 })
 ```
 
-### 7. React Query
+### 7. SWR / React Query
 
 ```typescript
+// SWR
+jest.mock('swr', () => ({
+  __esModule: true,
+  default: jest.fn(),
+}))
+
+import useSWR from 'swr'
+const mockedUseSWR = useSWR as jest.Mock
+
+describe('Component with SWR', () => {
+  it('should show loading state', () => {
+    mockedUseSWR.mockReturnValue({
+      data: undefined,
+      error: undefined,
+      isLoading: true,
+    })
+    
+    render(<Component />)
+    expect(screen.getByText(/loading/i)).toBeInTheDocument()
+  })
+})
+
+// React Query
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
 
 const createTestQueryClient = () => new QueryClient({
@@ -303,7 +313,7 @@ Need to use a component in test?
 │  └─ YES → Mock it (next/navigation, external SDKs)
 │
 └─ Is it i18n?
-   └─ YES → Uses shared mock (auto-loaded). Override only for custom translations
+   └─ YES → Mock to return keys
 ```
 
 ## Factory Function Pattern

.claude/skills/frontend-testing/guides/workflow.md

@@ -35,7 +35,7 @@ When testing a **single component, hook, or utility**:
 2. Run `pnpm analyze-component <path>` (if available)
 3. Check complexity score and features detected
 4. Write the test file
-5. Run test: `pnpm test <file>.spec.tsx`
+5. Run test: `pnpm test -- <file>.spec.tsx`
 6. Fix any failures
 7. Verify coverage meets goals (100% function, >95% branch)
 ```
@@ -80,7 +80,7 @@ Process files in this recommended order:
 ```
 ┌─────────────────────────────────────────────┐
 │  1. Write test file                         │
-│  2. Run: pnpm test <file>.spec.tsx          │
+│  2. Run: pnpm test -- <file>.spec.tsx       │
 │  3. If FAIL → Fix immediately, re-run       │
 │  4. If PASS → Mark complete in todo list    │
 │  5. ONLY THEN proceed to next file          │
@@ -95,10 +95,10 @@ After all individual tests pass:
 
 ```bash
 # Run all tests in the directory together
-pnpm test path/to/directory/
+pnpm test -- path/to/directory/
 
 # Check coverage
-pnpm test:coverage path/to/directory/
+pnpm test -- --coverage path/to/directory/
 ```
 
 ## Component Complexity Guidelines
@@ -201,9 +201,9 @@ Run pnpm test  ← Multiple failures, hard to debug
 ```
 # GOOD: Incremental with verification
 Write component-a.spec.tsx
-Run pnpm test component-a.spec.tsx ✅
+Run pnpm test -- component-a.spec.tsx ✅
 Write component-b.spec.tsx
-Run pnpm test component-b.spec.tsx ✅
+Run pnpm test -- component-b.spec.tsx ✅
 ...continue...
 ```
 

.claude/skills/frontend-testing/templates/component-test.template.tsx

@@ -23,37 +23,30 @@ import userEvent from '@testing-library/user-event'
 // ============================================================================
 // Mocks
 // ============================================================================
-// WHY: Mocks must be hoisted to top of file (Vitest requirement).
+// WHY: Mocks must be hoisted to top of file (Jest requirement).
 // They run BEFORE imports, so keep them before component imports.
 
-// i18n (automatically mocked)
-// WHY: Global mock in web/vitest.setup.ts is auto-loaded by Vitest setup
-// No explicit mock needed - it returns translation keys as-is
-// Override only if custom translations are required:
-// vi.mock('react-i18next', () => ({
-//   useTranslation: () => ({
-//     t: (key: string) => {
-//       const customTranslations: Record<string, string> = {
-//         'my.custom.key': 'Custom Translation',
-//       }
-//       return customTranslations[key] || key
-//     },
-//   }),
-// }))
+// i18n (always required in Dify)
+// WHY: Returns key instead of translation so tests don't depend on i18n files
+jest.mock('react-i18next', () => ({
+  useTranslation: () => ({
+    t: (key: string) => key,
+  }),
+}))
 
 // Router (if component uses useRouter, usePathname, useSearchParams)
 // WHY: Isolates tests from Next.js routing, enables testing navigation behavior
-// const mockPush = vi.fn()
-// vi.mock('next/navigation', () => ({
+// const mockPush = jest.fn()
+// jest.mock('next/navigation', () => ({
 //   useRouter: () => ({ push: mockPush }),
 //   usePathname: () => '/test-path',
 // }))
 
 // API services (if component fetches data)
 // WHY: Prevents real network calls, enables testing all states (loading/success/error)
-// vi.mock('@/service/api')
+// jest.mock('@/service/api')
 // import * as api from '@/service/api'
-// const mockedApi = vi.mocked(api)
+// const mockedApi = api as jest.Mocked<typeof api>
 
 // Shared mock state (for portal/dropdown components)
 // WHY: Portal components like PortalToFollowElem need shared state between
@@ -98,7 +91,7 @@ describe('ComponentName', () => {
   // - Prevents mock call history from leaking between tests
   // - MUST be beforeEach (not afterEach) to reset BEFORE assertions like toHaveBeenCalledTimes
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
     // Reset shared mock state if used (CRITICAL for portal/dropdown tests)
     // mockOpenState = false
   })
@@ -155,7 +148,7 @@ describe('ComponentName', () => {
       // - userEvent simulates real user behavior (focus, hover, then click)
       // - fireEvent is lower-level, doesn't trigger all browser events
       // const user = userEvent.setup()
-      // const handleClick = vi.fn()
+      // const handleClick = jest.fn()
       // render(<ComponentName onClick={handleClick} />)
       //
       // await user.click(screen.getByRole('button'))
@@ -165,7 +158,7 @@ describe('ComponentName', () => {
 
     it('should call onChange when value changes', async () => {
       // const user = userEvent.setup()
-      // const handleChange = vi.fn()
+      // const handleChange = jest.fn()
       // render(<ComponentName onChange={handleChange} />)
       //
       // await user.type(screen.getByRole('textbox'), 'new value')
@@ -198,7 +191,7 @@ describe('ComponentName', () => {
   })
 
   // --------------------------------------------------------------------------
-  // Async Operations (if component fetches data - useQuery, fetch)
+  // Async Operations (if component fetches data - useSWR, useQuery, fetch)
   // --------------------------------------------------------------------------
   // WHY: Async operations have 3 states users experience: loading, success, error
   describe('Async Operations', () => {

.claude/skills/frontend-testing/templates/hook-test.template.ts

@@ -15,9 +15,9 @@ import { renderHook, act, waitFor } from '@testing-library/react'
 // ============================================================================
 
 // API services (if hook fetches data)
-// vi.mock('@/service/api')
+// jest.mock('@/service/api')
 // import * as api from '@/service/api'
-// const mockedApi = vi.mocked(api)
+// const mockedApi = api as jest.Mocked<typeof api>
 
 // ============================================================================
 // Test Helpers
@@ -38,7 +38,7 @@ import { renderHook, act, waitFor } from '@testing-library/react'
 
 describe('useHookName', () => {
   beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
   })
 
   // --------------------------------------------------------------------------
@@ -145,7 +145,7 @@ describe('useHookName', () => {
   // --------------------------------------------------------------------------
   describe('Side Effects', () => {
     it('should call callback when value changes', () => {
-      // const callback = vi.fn()
+      // const callback = jest.fn()
       // const { result } = renderHook(() => useHookName({ onChange: callback }))
       //
       // act(() => {
@@ -156,9 +156,9 @@ describe('useHookName', () => {
     })
 
     it('should cleanup on unmount', () => {
-      // const cleanup = vi.fn()
-      // vi.spyOn(window, 'addEventListener')
-      // vi.spyOn(window, 'removeEventListener')
+      // const cleanup = jest.fn()
+      // jest.spyOn(window, 'addEventListener')
+      // jest.spyOn(window, 'removeEventListener')
       //
       // const { unmount } = renderHook(() => useHookName())
       //

.codex/skills

@@ -1 +0,0 @@
-../.claude/skills

.devcontainer/devcontainer.json

@@ -6,9 +6,6 @@
 		"context": "..",
 		"dockerfile": "Dockerfile"
 	},
-	"mounts": [
-		"source=dify-dev-tmp,target=/tmp,type=volume"
-	],
 	"features": {
 		"ghcr.io/devcontainers/features/node:1": {
 			"nodeGypDependencies": true,
@@ -37,13 +34,19 @@
 	},
 	"postStartCommand": "./.devcontainer/post_start_command.sh",
 	"postCreateCommand": "./.devcontainer/post_create_command.sh"
+
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},
+
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// "forwardPorts": [],
+
 	// Use 'postCreateCommand' to run commands after the container is created.
 	// "postCreateCommand": "python --version",
+
 	// Configure tool-specific properties.
 	// "customizations": {},
+
 	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-}
+	// "remoteUser": "root"
+}

.devcontainer/post_create_command.sh

@@ -1,13 +1,12 @@
 #!/bin/bash
 WORKSPACE_ROOT=$(pwd)
 
-export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 corepack enable
 cd web && pnpm install
 pipx install uv
 
 echo "alias start-api=\"cd $WORKSPACE_ROOT/api && uv run python -m flask run --host 0.0.0.0 --port=5001 --debug\"" >> ~/.bashrc
-echo "alias start-worker=\"cd $WORKSPACE_ROOT/api && uv run python -m celery -A app.celery worker -P threads -c 1 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention\"" >> ~/.bashrc
+echo "alias start-worker=\"cd $WORKSPACE_ROOT/api && uv run python -m celery -A app.celery worker -P threads -c 1 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor\"" >> ~/.bashrc
 echo "alias start-web=\"cd $WORKSPACE_ROOT/web && pnpm dev\"" >> ~/.bashrc
 echo "alias start-web-prod=\"cd $WORKSPACE_ROOT/web && pnpm build && pnpm start\"" >> ~/.bashrc
 echo "alias start-containers=\"cd $WORKSPACE_ROOT/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env up -d\"" >> ~/.bashrc

.github/CODEOWNERS

@@ -6,244 +6,229 @@
 
 * @crazywoola @laipz8200 @Yeuoly
 
-# CODEOWNERS file
-/.github/CODEOWNERS @laipz8200 @crazywoola
-
-# Docs
-/docs/ @crazywoola
-
 # Backend (default owner, more specific rules below will override)
-/api/ @QuantumGhost
+api/ @QuantumGhost
 
 # Backend - MCP
-/api/core/mcp/ @Nov1c444
-/api/core/entities/mcp_provider.py @Nov1c444
-/api/services/tools/mcp_tools_manage_service.py @Nov1c444
-/api/controllers/mcp/ @Nov1c444
-/api/controllers/console/app/mcp_server.py @Nov1c444
-/api/tests/**/*mcp* @Nov1c444
+api/core/mcp/ @Nov1c444
+api/core/entities/mcp_provider.py @Nov1c444
+api/services/tools/mcp_tools_manage_service.py @Nov1c444
+api/controllers/mcp/ @Nov1c444
+api/controllers/console/app/mcp_server.py @Nov1c444
+api/tests/**/*mcp* @Nov1c444
 
 # Backend - Workflow - Engine (Core graph execution engine)
-/api/core/workflow/graph_engine/ @laipz8200 @QuantumGhost
-/api/core/workflow/runtime/ @laipz8200 @QuantumGhost
-/api/core/workflow/graph/ @laipz8200 @QuantumGhost
-/api/core/workflow/graph_events/ @laipz8200 @QuantumGhost
-/api/core/workflow/node_events/ @laipz8200 @QuantumGhost
-/api/core/model_runtime/ @laipz8200 @QuantumGhost
+api/core/workflow/graph_engine/ @laipz8200 @QuantumGhost
+api/core/workflow/runtime/ @laipz8200 @QuantumGhost
+api/core/workflow/graph/ @laipz8200 @QuantumGhost
+api/core/workflow/graph_events/ @laipz8200 @QuantumGhost
+api/core/workflow/node_events/ @laipz8200 @QuantumGhost
+api/core/model_runtime/ @laipz8200 @QuantumGhost
 
 # Backend - Workflow - Nodes (Agent, Iteration, Loop, LLM)
-/api/core/workflow/nodes/agent/ @Nov1c444
-/api/core/workflow/nodes/iteration/ @Nov1c444
-/api/core/workflow/nodes/loop/ @Nov1c444
-/api/core/workflow/nodes/llm/ @Nov1c444
+api/core/workflow/nodes/agent/ @Nov1c444
+api/core/workflow/nodes/iteration/ @Nov1c444
+api/core/workflow/nodes/loop/ @Nov1c444
+api/core/workflow/nodes/llm/ @Nov1c444
 
 # Backend - RAG (Retrieval Augmented Generation)
-/api/core/rag/ @JohnJyong
-/api/services/rag_pipeline/ @JohnJyong
-/api/services/dataset_service.py @JohnJyong
-/api/services/knowledge_service.py @JohnJyong
-/api/services/external_knowledge_service.py @JohnJyong
-/api/services/hit_testing_service.py @JohnJyong
-/api/services/metadata_service.py @JohnJyong
-/api/services/vector_service.py @JohnJyong
-/api/services/entities/knowledge_entities/ @JohnJyong
-/api/services/entities/external_knowledge_entities/ @JohnJyong
-/api/controllers/console/datasets/ @JohnJyong
-/api/controllers/service_api/dataset/ @JohnJyong
-/api/models/dataset.py @JohnJyong
-/api/tasks/rag_pipeline/ @JohnJyong
-/api/tasks/add_document_to_index_task.py @JohnJyong
-/api/tasks/batch_clean_document_task.py @JohnJyong
-/api/tasks/clean_document_task.py @JohnJyong
-/api/tasks/clean_notion_document_task.py @JohnJyong
-/api/tasks/document_indexing_task.py @JohnJyong
-/api/tasks/document_indexing_sync_task.py @JohnJyong
-/api/tasks/document_indexing_update_task.py @JohnJyong
-/api/tasks/duplicate_document_indexing_task.py @JohnJyong
-/api/tasks/recover_document_indexing_task.py @JohnJyong
-/api/tasks/remove_document_from_index_task.py @JohnJyong
-/api/tasks/retry_document_indexing_task.py @JohnJyong
-/api/tasks/sync_website_document_indexing_task.py @JohnJyong
-/api/tasks/batch_create_segment_to_index_task.py @JohnJyong
-/api/tasks/create_segment_to_index_task.py @JohnJyong
-/api/tasks/delete_segment_from_index_task.py @JohnJyong
-/api/tasks/disable_segment_from_index_task.py @JohnJyong
-/api/tasks/disable_segments_from_index_task.py @JohnJyong
-/api/tasks/enable_segment_to_index_task.py @JohnJyong
-/api/tasks/enable_segments_to_index_task.py @JohnJyong
-/api/tasks/clean_dataset_task.py @JohnJyong
-/api/tasks/deal_dataset_index_update_task.py @JohnJyong
-/api/tasks/deal_dataset_vector_index_task.py @JohnJyong
+api/core/rag/ @JohnJyong
+api/services/rag_pipeline/ @JohnJyong
+api/services/dataset_service.py @JohnJyong
+api/services/knowledge_service.py @JohnJyong
+api/services/external_knowledge_service.py @JohnJyong
+api/services/hit_testing_service.py @JohnJyong
+api/services/metadata_service.py @JohnJyong
+api/services/vector_service.py @JohnJyong
+api/services/entities/knowledge_entities/ @JohnJyong
+api/services/entities/external_knowledge_entities/ @JohnJyong
+api/controllers/console/datasets/ @JohnJyong
+api/controllers/service_api/dataset/ @JohnJyong
+api/models/dataset.py @JohnJyong
+api/tasks/rag_pipeline/ @JohnJyong
+api/tasks/add_document_to_index_task.py @JohnJyong
+api/tasks/batch_clean_document_task.py @JohnJyong
+api/tasks/clean_document_task.py @JohnJyong
+api/tasks/clean_notion_document_task.py @JohnJyong
+api/tasks/document_indexing_task.py @JohnJyong
+api/tasks/document_indexing_sync_task.py @JohnJyong
+api/tasks/document_indexing_update_task.py @JohnJyong
+api/tasks/duplicate_document_indexing_task.py @JohnJyong
+api/tasks/recover_document_indexing_task.py @JohnJyong
+api/tasks/remove_document_from_index_task.py @JohnJyong
+api/tasks/retry_document_indexing_task.py @JohnJyong
+api/tasks/sync_website_document_indexing_task.py @JohnJyong
+api/tasks/batch_create_segment_to_index_task.py @JohnJyong
+api/tasks/create_segment_to_index_task.py @JohnJyong
+api/tasks/delete_segment_from_index_task.py @JohnJyong
+api/tasks/disable_segment_from_index_task.py @JohnJyong
+api/tasks/disable_segments_from_index_task.py @JohnJyong
+api/tasks/enable_segment_to_index_task.py @JohnJyong
+api/tasks/enable_segments_to_index_task.py @JohnJyong
+api/tasks/clean_dataset_task.py @JohnJyong
+api/tasks/deal_dataset_index_update_task.py @JohnJyong
+api/tasks/deal_dataset_vector_index_task.py @JohnJyong
 
 # Backend - Plugins
-/api/core/plugin/ @Mairuis @Yeuoly @Stream29
-/api/services/plugin/ @Mairuis @Yeuoly @Stream29
-/api/controllers/console/workspace/plugin.py @Mairuis @Yeuoly @Stream29
-/api/controllers/inner_api/plugin/ @Mairuis @Yeuoly @Stream29
-/api/tasks/process_tenant_plugin_autoupgrade_check_task.py @Mairuis @Yeuoly @Stream29
+api/core/plugin/ @Mairuis @Yeuoly @Stream29
+api/services/plugin/ @Mairuis @Yeuoly @Stream29
+api/controllers/console/workspace/plugin.py @Mairuis @Yeuoly @Stream29
+api/controllers/inner_api/plugin/ @Mairuis @Yeuoly @Stream29
+api/tasks/process_tenant_plugin_autoupgrade_check_task.py @Mairuis @Yeuoly @Stream29
 
 # Backend - Trigger/Schedule/Webhook
-/api/controllers/trigger/ @Mairuis @Yeuoly
-/api/controllers/console/app/workflow_trigger.py @Mairuis @Yeuoly
-/api/controllers/console/workspace/trigger_providers.py @Mairuis @Yeuoly
-/api/core/trigger/ @Mairuis @Yeuoly
-/api/core/app/layers/trigger_post_layer.py @Mairuis @Yeuoly
-/api/services/trigger/ @Mairuis @Yeuoly
-/api/models/trigger.py @Mairuis @Yeuoly
-/api/fields/workflow_trigger_fields.py @Mairuis @Yeuoly
-/api/repositories/workflow_trigger_log_repository.py @Mairuis @Yeuoly
-/api/repositories/sqlalchemy_workflow_trigger_log_repository.py @Mairuis @Yeuoly
-/api/libs/schedule_utils.py @Mairuis @Yeuoly
-/api/services/workflow/scheduler.py @Mairuis @Yeuoly
-/api/schedule/trigger_provider_refresh_task.py @Mairuis @Yeuoly
-/api/schedule/workflow_schedule_task.py @Mairuis @Yeuoly
-/api/tasks/trigger_processing_tasks.py @Mairuis @Yeuoly
-/api/tasks/trigger_subscription_refresh_tasks.py @Mairuis @Yeuoly
-/api/tasks/workflow_schedule_tasks.py @Mairuis @Yeuoly
-/api/tasks/workflow_cfs_scheduler/ @Mairuis @Yeuoly
-/api/events/event_handlers/sync_plugin_trigger_when_app_created.py @Mairuis @Yeuoly
-/api/events/event_handlers/update_app_triggers_when_app_published_workflow_updated.py @Mairuis @Yeuoly
-/api/events/event_handlers/sync_workflow_schedule_when_app_published.py @Mairuis @Yeuoly
-/api/events/event_handlers/sync_webhook_when_app_created.py @Mairuis @Yeuoly
+api/controllers/trigger/ @Mairuis @Yeuoly
+api/controllers/console/app/workflow_trigger.py @Mairuis @Yeuoly
+api/controllers/console/workspace/trigger_providers.py @Mairuis @Yeuoly
+api/core/trigger/ @Mairuis @Yeuoly
+api/core/app/layers/trigger_post_layer.py @Mairuis @Yeuoly
+api/services/trigger/ @Mairuis @Yeuoly
+api/models/trigger.py @Mairuis @Yeuoly
+api/fields/workflow_trigger_fields.py @Mairuis @Yeuoly
+api/repositories/workflow_trigger_log_repository.py @Mairuis @Yeuoly
+api/repositories/sqlalchemy_workflow_trigger_log_repository.py @Mairuis @Yeuoly
+api/libs/schedule_utils.py @Mairuis @Yeuoly
+api/services/workflow/scheduler.py @Mairuis @Yeuoly
+api/schedule/trigger_provider_refresh_task.py @Mairuis @Yeuoly
+api/schedule/workflow_schedule_task.py @Mairuis @Yeuoly
+api/tasks/trigger_processing_tasks.py @Mairuis @Yeuoly
+api/tasks/trigger_subscription_refresh_tasks.py @Mairuis @Yeuoly
+api/tasks/workflow_schedule_tasks.py @Mairuis @Yeuoly
+api/tasks/workflow_cfs_scheduler/ @Mairuis @Yeuoly
+api/events/event_handlers/sync_plugin_trigger_when_app_created.py @Mairuis @Yeuoly
+api/events/event_handlers/update_app_triggers_when_app_published_workflow_updated.py @Mairuis @Yeuoly
+api/events/event_handlers/sync_workflow_schedule_when_app_published.py @Mairuis @Yeuoly
+api/events/event_handlers/sync_webhook_when_app_created.py @Mairuis @Yeuoly
 
 # Backend - Async Workflow
-/api/services/async_workflow_service.py @Mairuis @Yeuoly
-/api/tasks/async_workflow_tasks.py @Mairuis @Yeuoly
+api/services/async_workflow_service.py @Mairuis @Yeuoly
+api/tasks/async_workflow_tasks.py @Mairuis @Yeuoly
 
 # Backend - Billing
-/api/services/billing_service.py @hj24 @zyssyz123
-/api/controllers/console/billing/ @hj24 @zyssyz123
+api/services/billing_service.py @hj24 @zyssyz123
+api/controllers/console/billing/ @hj24 @zyssyz123
 
 # Backend - Enterprise
-/api/configs/enterprise/ @GarfieldDai @GareArc
-/api/services/enterprise/ @GarfieldDai @GareArc
-/api/services/feature_service.py @GarfieldDai @GareArc
-/api/controllers/console/feature.py @GarfieldDai @GareArc
-/api/controllers/web/feature.py @GarfieldDai @GareArc
+api/configs/enterprise/ @GarfieldDai @GareArc
+api/services/enterprise/ @GarfieldDai @GareArc
+api/services/feature_service.py @GarfieldDai @GareArc
+api/controllers/console/feature.py @GarfieldDai @GareArc
+api/controllers/web/feature.py @GarfieldDai @GareArc
 
 # Backend - Database Migrations
-/api/migrations/ @snakevash @laipz8200 @MRZHUH
-
-# Backend - Vector DB Middleware
-/api/configs/middleware/vdb/* @JohnJyong
+api/migrations/ @snakevash @laipz8200
 
 # Frontend
-/web/ @iamjoel
-
-# Frontend - Web Tests
-/.github/workflows/web-tests.yml @iamjoel
+web/ @iamjoel
 
 # Frontend - App - Orchestration
-/web/app/components/workflow/ @iamjoel @zxhlyh
-/web/app/components/workflow-app/ @iamjoel @zxhlyh
-/web/app/components/app/configuration/ @iamjoel @zxhlyh
-/web/app/components/app/app-publisher/ @iamjoel @zxhlyh
+web/app/components/workflow/ @iamjoel @zxhlyh
+web/app/components/workflow-app/ @iamjoel @zxhlyh
+web/app/components/app/configuration/ @iamjoel @zxhlyh
+web/app/components/app/app-publisher/ @iamjoel @zxhlyh
 
 # Frontend - WebApp - Chat
-/web/app/components/base/chat/ @iamjoel @zxhlyh
+web/app/components/base/chat/ @iamjoel @zxhlyh
 
 # Frontend - WebApp - Completion
-/web/app/components/share/text-generation/ @iamjoel @zxhlyh
+web/app/components/share/text-generation/ @iamjoel @zxhlyh
 
 # Frontend - App - List and Creation
-/web/app/components/apps/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-app-dialog/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-app-modal/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-from-dsl-modal/ @JzoNgKVO @iamjoel
+web/app/components/apps/ @JzoNgKVO @iamjoel
+web/app/components/app/create-app-dialog/ @JzoNgKVO @iamjoel
+web/app/components/app/create-app-modal/ @JzoNgKVO @iamjoel
+web/app/components/app/create-from-dsl-modal/ @JzoNgKVO @iamjoel
 
 # Frontend - App - API Documentation
-/web/app/components/develop/ @JzoNgKVO @iamjoel
+web/app/components/develop/ @JzoNgKVO @iamjoel
 
 # Frontend - App - Logs and Annotations
-/web/app/components/app/workflow-log/ @JzoNgKVO @iamjoel
-/web/app/components/app/log/ @JzoNgKVO @iamjoel
-/web/app/components/app/log-annotation/ @JzoNgKVO @iamjoel
-/web/app/components/app/annotation/ @JzoNgKVO @iamjoel
+web/app/components/app/workflow-log/ @JzoNgKVO @iamjoel
+web/app/components/app/log/ @JzoNgKVO @iamjoel
+web/app/components/app/log-annotation/ @JzoNgKVO @iamjoel
+web/app/components/app/annotation/ @JzoNgKVO @iamjoel
 
 # Frontend - App - Monitoring
-/web/app/(commonLayout)/app/(appDetailLayout)/\[appId\]/overview/ @JzoNgKVO @iamjoel
-/web/app/components/app/overview/ @JzoNgKVO @iamjoel
+web/app/(commonLayout)/app/(appDetailLayout)/\[appId\]/overview/ @JzoNgKVO @iamjoel
+web/app/components/app/overview/ @JzoNgKVO @iamjoel
 
 # Frontend - App - Settings
-/web/app/components/app-sidebar/ @JzoNgKVO @iamjoel
+web/app/components/app-sidebar/ @JzoNgKVO @iamjoel
 
 # Frontend - RAG - Hit Testing
-/web/app/components/datasets/hit-testing/ @JzoNgKVO @iamjoel
+web/app/components/datasets/hit-testing/ @JzoNgKVO @iamjoel
 
 # Frontend - RAG - List and Creation
-/web/app/components/datasets/list/ @iamjoel @WTW0313
-/web/app/components/datasets/create/ @iamjoel @WTW0313
-/web/app/components/datasets/create-from-pipeline/ @iamjoel @WTW0313
-/web/app/components/datasets/external-knowledge-base/ @iamjoel @WTW0313
+web/app/components/datasets/list/ @iamjoel @WTW0313
+web/app/components/datasets/create/ @iamjoel @WTW0313
+web/app/components/datasets/create-from-pipeline/ @iamjoel @WTW0313
+web/app/components/datasets/external-knowledge-base/ @iamjoel @WTW0313
 
 # Frontend - RAG - Orchestration (general rule first, specific rules below override)
-/web/app/components/rag-pipeline/ @iamjoel @WTW0313
-/web/app/components/rag-pipeline/components/rag-pipeline-main.tsx @iamjoel @zxhlyh
-/web/app/components/rag-pipeline/store/ @iamjoel @zxhlyh
+web/app/components/rag-pipeline/ @iamjoel @WTW0313
+web/app/components/rag-pipeline/components/rag-pipeline-main.tsx @iamjoel @zxhlyh
+web/app/components/rag-pipeline/store/ @iamjoel @zxhlyh
 
 # Frontend - RAG - Documents List
-/web/app/components/datasets/documents/list.tsx @iamjoel @WTW0313
-/web/app/components/datasets/documents/create-from-pipeline/ @iamjoel @WTW0313
+web/app/components/datasets/documents/list.tsx @iamjoel @WTW0313
+web/app/components/datasets/documents/create-from-pipeline/ @iamjoel @WTW0313
 
 # Frontend - RAG - Segments List
-/web/app/components/datasets/documents/detail/ @iamjoel @WTW0313
+web/app/components/datasets/documents/detail/ @iamjoel @WTW0313
 
 # Frontend - RAG - Settings
-/web/app/components/datasets/settings/ @iamjoel @WTW0313
+web/app/components/datasets/settings/ @iamjoel @WTW0313
 
 # Frontend - Ecosystem - Plugins
-/web/app/components/plugins/ @iamjoel @zhsama
+web/app/components/plugins/ @iamjoel @zhsama
 
 # Frontend - Ecosystem - Tools
-/web/app/components/tools/ @iamjoel @Yessenia-d
+web/app/components/tools/ @iamjoel @Yessenia-d
 
 # Frontend - Ecosystem - MarketPlace
-/web/app/components/plugins/marketplace/ @iamjoel @Yessenia-d
+web/app/components/plugins/marketplace/ @iamjoel @Yessenia-d
 
 # Frontend - Login and Registration
-/web/app/signin/ @douxc @iamjoel
-/web/app/signup/ @douxc @iamjoel
-/web/app/reset-password/ @douxc @iamjoel
-/web/app/install/ @douxc @iamjoel
-/web/app/init/ @douxc @iamjoel
-/web/app/forgot-password/ @douxc @iamjoel
-/web/app/account/ @douxc @iamjoel
+web/app/signin/ @douxc @iamjoel
+web/app/signup/ @douxc @iamjoel
+web/app/reset-password/ @douxc @iamjoel
+web/app/install/ @douxc @iamjoel
+web/app/init/ @douxc @iamjoel
+web/app/forgot-password/ @douxc @iamjoel
+web/app/account/ @douxc @iamjoel
 
 # Frontend - Service Authentication
-/web/service/base.ts @douxc @iamjoel
+web/service/base.ts @douxc @iamjoel
 
 # Frontend - WebApp Authentication and Access Control
-/web/app/(shareLayout)/components/ @douxc @iamjoel
-/web/app/(shareLayout)/webapp-signin/ @douxc @iamjoel
-/web/app/(shareLayout)/webapp-reset-password/ @douxc @iamjoel
-/web/app/components/app/app-access-control/ @douxc @iamjoel
+web/app/(shareLayout)/components/ @douxc @iamjoel
+web/app/(shareLayout)/webapp-signin/ @douxc @iamjoel
+web/app/(shareLayout)/webapp-reset-password/ @douxc @iamjoel
+web/app/components/app/app-access-control/ @douxc @iamjoel
 
 # Frontend - Explore Page
-/web/app/components/explore/ @CodingOnStar @iamjoel
+web/app/components/explore/ @CodingOnStar @iamjoel
 
 # Frontend - Personal Settings
-/web/app/components/header/account-setting/ @CodingOnStar @iamjoel
-/web/app/components/header/account-dropdown/ @CodingOnStar @iamjoel
+web/app/components/header/account-setting/ @CodingOnStar @iamjoel
+web/app/components/header/account-dropdown/ @CodingOnStar @iamjoel
 
 # Frontend - Analytics
-/web/app/components/base/ga/ @CodingOnStar @iamjoel
+web/app/components/base/ga/ @CodingOnStar @iamjoel
 
 # Frontend - Base Components
-/web/app/components/base/ @iamjoel @zxhlyh
+web/app/components/base/ @iamjoel @zxhlyh
 
 # Frontend - Utils and Hooks
-/web/utils/classnames.ts @iamjoel @zxhlyh
-/web/utils/time.ts @iamjoel @zxhlyh
-/web/utils/format.ts @iamjoel @zxhlyh
-/web/utils/clipboard.ts @iamjoel @zxhlyh
-/web/hooks/use-document-title.ts @iamjoel @zxhlyh
+web/utils/classnames.ts @iamjoel @zxhlyh
+web/utils/time.ts @iamjoel @zxhlyh
+web/utils/format.ts @iamjoel @zxhlyh
+web/utils/clipboard.ts @iamjoel @zxhlyh
+web/hooks/use-document-title.ts @iamjoel @zxhlyh
 
 # Frontend - Billing and Education
-/web/app/components/billing/ @iamjoel @zxhlyh
-/web/app/education-apply/ @iamjoel @zxhlyh
+web/app/components/billing/ @iamjoel @zxhlyh
+web/app/education-apply/ @iamjoel @zxhlyh
 
 # Frontend - Workspace
-/web/app/components/header/account-dropdown/workplace-selector/ @iamjoel @zxhlyh
-
-# Docker
-/docker/* @laipz8200
+web/app/components/header/account-dropdown/workplace-selector/ @iamjoel @zxhlyh

.github/workflows/api-tests.yml

@@ -93,12 +93,4 @@ jobs:
           # Create a detailed coverage summary
           echo "### Test Coverage Summary :test_tube:" >> $GITHUB_STEP_SUMMARY
           echo "Total Coverage: ${TOTAL_COVERAGE}%" >> $GITHUB_STEP_SUMMARY
-          {
-            echo ""
-            echo "<details><summary>File-level coverage (click to expand)</summary>"
-            echo ""
-            echo '```'
-            uv run --project api coverage report -m
-            echo '```'
-            echo "</details>"
-          } >> $GITHUB_STEP_SUMMARY
+          uv run --project api coverage report --format=markdown >> $GITHUB_STEP_SUMMARY

.github/workflows/autofix.yml

@@ -13,28 +13,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
-      - name: Check Docker Compose inputs
-        id: docker-compose-changes
-        uses: tj-actions/changed-files@v46
-        with:
-          files: |
-            docker/generate_docker_compose
-            docker/.env.example
-            docker/docker-compose-template.yaml
-            docker/docker-compose.yaml
       - uses: actions/setup-python@v5
         with:
           python-version: "3.11"
 
       - uses: astral-sh/setup-uv@v6
 
-      - name: Generate Docker Compose
-        if: steps.docker-compose-changes.outputs.any_changed == 'true'
-        run: |
-          cd docker
-          ./generate_docker_compose
-
       - run: |
           cd api
           uv sync --dev
@@ -82,6 +66,27 @@ jobs:
       # mdformat breaks YAML front matter in markdown files. Add --exclude for directories containing YAML front matter.
       - name: mdformat
         run: |
-          uvx --python 3.13 mdformat . --exclude ".claude/skills/**/SKILL.md"
+          uvx --python 3.13 mdformat . --exclude ".claude/skills/**"
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          package_json_file: web/package.json
+          run_install: false
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+          cache-dependency-path: ./web/package.json
+
+      - name: Web dependencies
+        working-directory: ./web
+        run: pnpm install --frozen-lockfile
+
+      - name: oxlint
+        working-directory: ./web
+        run: pnpm exec oxlint --config .oxlintrc.json --fix .
 
       - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27

.github/workflows/style.yml

@@ -90,7 +90,7 @@ jobs:
         with:
           node-version: 22
           cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json
 
       - name: Web dependencies
         if: steps.changed-files.outputs.any_changed == 'true'
@@ -108,6 +108,36 @@ jobs:
         working-directory: ./web
         run: pnpm run type-check:tsgo
 
+  docker-compose-template:
+    name: Docker Compose Template
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Check changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v46
+        with:
+          files: |
+            docker/generate_docker_compose
+            docker/.env.example
+            docker/docker-compose-template.yaml
+            docker/docker-compose.yaml
+
+      - name: Generate Docker Compose
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: |
+          cd docker
+          ./generate_docker_compose
+
+      - name: Check for changes
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: git diff --exit-code
+
   superlinter:
     name: SuperLinter
     runs-on: ubuntu-latest

.github/workflows/translate-i18n-base-on-english.yml

@@ -1,4 +1,4 @@
-name: Translate i18n Files Based on English
+name: Check i18n Files and Create PR
 
 on:
   push:
@@ -55,7 +55,7 @@ jobs:
         with:
           node-version: 'lts/*'
           cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json
 
       - name: Install dependencies
         if: env.FILES_CHANGED == 'true'
@@ -67,19 +67,25 @@ jobs:
         working-directory: ./web
         run: pnpm run auto-gen-i18n ${{ env.FILE_ARGS }}
 
+      - name: Generate i18n type definitions
+        if: env.FILES_CHANGED == 'true'
+        working-directory: ./web
+        run: pnpm run gen:i18n-types
+
       - name: Create Pull Request
         if: env.FILES_CHANGED == 'true'
         uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: 'chore(i18n): update translations based on en-US changes'
-          title: 'chore(i18n): translate i18n files based on en-US changes'
+          title: 'chore(i18n): translate i18n files and update type definitions'
           body: |
-            This PR was automatically created to update i18n translation files based on changes in en-US locale.
+            This PR was automatically created to update i18n files and TypeScript type definitions based on changes in en-US locale.
 
             **Triggered by:** ${{ github.sha }}
 
             **Changes included:**
             - Updated translation files for all locales
+            - Regenerated TypeScript type definitions for type safety
           branch: chore/automated-i18n-updates-${{ github.sha }}
           delete-branch: true

.github/workflows/web-tests.yml

@@ -13,7 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        shell: bash
         working-directory: ./web
 
     steps:
@@ -22,7 +21,14 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Check changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v46
+        with:
+          files: web/**
+
       - name: Install pnpm
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: pnpm/action-setup@v4
         with:
           package_json_file: web/package.json
@@ -30,339 +36,23 @@ jobs:
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
+        if: steps.changed-files.outputs.any_changed == 'true'
         with:
           node-version: 22
           cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json
 
       - name: Install dependencies
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
         run: pnpm install --frozen-lockfile
 
+      - name: Check i18n types synchronization
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
+        run: pnpm run check:i18n-types
+
       - name: Run tests
-        run: pnpm test:coverage
-
-      - name: Coverage Summary
-        if: always()
-        id: coverage-summary
-        run: |
-          set -eo pipefail
-
-          COVERAGE_FILE="coverage/coverage-final.json"
-          COVERAGE_SUMMARY_FILE="coverage/coverage-summary.json"
-
-          if [ ! -f "$COVERAGE_FILE" ] && [ ! -f "$COVERAGE_SUMMARY_FILE" ]; then
-            echo "has_coverage=false" >> "$GITHUB_OUTPUT"
-            echo "### 🚨 Test Coverage Report :test_tube:" >> "$GITHUB_STEP_SUMMARY"
-            echo "Coverage data not found. Ensure Vitest runs with coverage enabled." >> "$GITHUB_STEP_SUMMARY"
-            exit 0
-          fi
-
-          echo "has_coverage=true" >> "$GITHUB_OUTPUT"
-
-          node <<'NODE' >> "$GITHUB_STEP_SUMMARY"
-          const fs = require('fs');
-          const path = require('path');
-          let libCoverage = null;
-
-          try {
-            libCoverage = require('istanbul-lib-coverage');
-          } catch (error) {
-            libCoverage = null;
-          }
-
-          const summaryPath = path.join('coverage', 'coverage-summary.json');
-          const finalPath = path.join('coverage', 'coverage-final.json');
-
-          const hasSummary = fs.existsSync(summaryPath);
-          const hasFinal = fs.existsSync(finalPath);
-
-          if (!hasSummary && !hasFinal) {
-            console.log('### Test Coverage Summary :test_tube:');
-            console.log('');
-            console.log('No coverage data found.');
-            process.exit(0);
-          }
-
-          const summary = hasSummary
-            ? JSON.parse(fs.readFileSync(summaryPath, 'utf8'))
-            : null;
-          const coverage = hasFinal
-            ? JSON.parse(fs.readFileSync(finalPath, 'utf8'))
-            : null;
-
-          const getLineCoverageFromStatements = (statementMap, statementHits) => {
-            const lineHits = {};
-
-            if (!statementMap || !statementHits) {
-              return lineHits;
-            }
-
-            Object.entries(statementMap).forEach(([key, statement]) => {
-              const line = statement?.start?.line;
-              if (!line) {
-                return;
-              }
-              const hits = statementHits[key] ?? 0;
-              const previous = lineHits[line];
-              lineHits[line] = previous === undefined ? hits : Math.max(previous, hits);
-            });
-
-            return lineHits;
-          };
-
-          const getFileCoverage = (entry) => (
-            libCoverage ? libCoverage.createFileCoverage(entry) : null
-          );
-
-          const getLineHits = (entry, fileCoverage) => {
-            const lineHits = entry.l ?? {};
-            if (Object.keys(lineHits).length > 0) {
-              return lineHits;
-            }
-            if (fileCoverage) {
-              return fileCoverage.getLineCoverage();
-            }
-            return getLineCoverageFromStatements(entry.statementMap ?? {}, entry.s ?? {});
-          };
-
-          const getUncoveredLines = (entry, fileCoverage, lineHits) => {
-            if (lineHits && Object.keys(lineHits).length > 0) {
-              return Object.entries(lineHits)
-                .filter(([, count]) => count === 0)
-                .map(([line]) => Number(line))
-                .sort((a, b) => a - b);
-            }
-            if (fileCoverage) {
-              return fileCoverage.getUncoveredLines();
-            }
-            return [];
-          };
-
-          const totals = {
-            lines: { covered: 0, total: 0 },
-            statements: { covered: 0, total: 0 },
-            branches: { covered: 0, total: 0 },
-            functions: { covered: 0, total: 0 },
-          };
-          const fileSummaries = [];
-
-          if (summary) {
-            const totalEntry = summary.total ?? {};
-            ['lines', 'statements', 'branches', 'functions'].forEach((key) => {
-              if (totalEntry[key]) {
-                totals[key].covered = totalEntry[key].covered ?? 0;
-                totals[key].total = totalEntry[key].total ?? 0;
-              }
-            });
-
-            Object.entries(summary)
-              .filter(([file]) => file !== 'total')
-              .forEach(([file, data]) => {
-                fileSummaries.push({
-                  file,
-                  pct: data.lines?.pct ?? data.statements?.pct ?? 0,
-                  lines: {
-                    covered: data.lines?.covered ?? 0,
-                    total: data.lines?.total ?? 0,
-                  },
-                });
-              });
-          } else if (coverage) {
-            Object.entries(coverage).forEach(([file, entry]) => {
-              const fileCoverage = getFileCoverage(entry);
-              const lineHits = getLineHits(entry, fileCoverage);
-              const statementHits = entry.s ?? {};
-              const branchHits = entry.b ?? {};
-              const functionHits = entry.f ?? {};
-
-              const lineTotal = Object.keys(lineHits).length;
-              const lineCovered = Object.values(lineHits).filter((n) => n > 0).length;
-
-              const statementTotal = Object.keys(statementHits).length;
-              const statementCovered = Object.values(statementHits).filter((n) => n > 0).length;
-
-              const branchTotal = Object.values(branchHits).reduce((acc, branches) => acc + branches.length, 0);
-              const branchCovered = Object.values(branchHits).reduce(
-                (acc, branches) => acc + branches.filter((n) => n > 0).length,
-                0,
-              );
-
-              const functionTotal = Object.keys(functionHits).length;
-              const functionCovered = Object.values(functionHits).filter((n) => n > 0).length;
-
-              totals.lines.total += lineTotal;
-              totals.lines.covered += lineCovered;
-              totals.statements.total += statementTotal;
-              totals.statements.covered += statementCovered;
-              totals.branches.total += branchTotal;
-              totals.branches.covered += branchCovered;
-              totals.functions.total += functionTotal;
-              totals.functions.covered += functionCovered;
-
-              const pct = (covered, tot) => (tot > 0 ? (covered / tot) * 100 : 0);
-
-              fileSummaries.push({
-                file,
-                pct: pct(lineCovered || statementCovered, lineTotal || statementTotal),
-                lines: {
-                  covered: lineCovered || statementCovered,
-                  total: lineTotal || statementTotal,
-                },
-              });
-            });
-          }
-
-          const pct = (covered, tot) => (tot > 0 ? ((covered / tot) * 100).toFixed(2) : '0.00');
-
-          console.log('### Test Coverage Summary :test_tube:');
-          console.log('');
-          console.log('| Metric | Coverage | Covered / Total |');
-          console.log('|--------|----------|-----------------|');
-          console.log(`| Lines | ${pct(totals.lines.covered, totals.lines.total)}% | ${totals.lines.covered} / ${totals.lines.total} |`);
-          console.log(`| Statements | ${pct(totals.statements.covered, totals.statements.total)}% | ${totals.statements.covered} / ${totals.statements.total} |`);
-          console.log(`| Branches | ${pct(totals.branches.covered, totals.branches.total)}% | ${totals.branches.covered} / ${totals.branches.total} |`);
-          console.log(`| Functions | ${pct(totals.functions.covered, totals.functions.total)}% | ${totals.functions.covered} / ${totals.functions.total} |`);
-
-          console.log('');
-          console.log('<details><summary>File coverage (lowest lines first)</summary>');
-          console.log('');
-          console.log('```');
-          fileSummaries
-            .sort((a, b) => (a.pct - b.pct) || (b.lines.total - a.lines.total))
-            .slice(0, 25)
-            .forEach(({ file, pct, lines }) => {
-              console.log(`${pct.toFixed(2)}%\t${lines.covered}/${lines.total}\t${file}`);
-            });
-          console.log('```');
-          console.log('</details>');
-
-          if (coverage) {
-            const pctValue = (covered, tot) => {
-              if (tot === 0) {
-                return '0';
-              }
-              return ((covered / tot) * 100)
-                .toFixed(2)
-                .replace(/\.?0+$/, '');
-            };
-
-            const formatLineRanges = (lines) => {
-              if (lines.length === 0) {
-                return '';
-              }
-              const ranges = [];
-              let start = lines[0];
-              let end = lines[0];
-
-              for (let i = 1; i < lines.length; i += 1) {
-                const current = lines[i];
-                if (current === end + 1) {
-                  end = current;
-                  continue;
-                }
-                ranges.push(start === end ? `${start}` : `${start}-${end}`);
-                start = current;
-                end = current;
-              }
-              ranges.push(start === end ? `${start}` : `${start}-${end}`);
-              return ranges.join(',');
-            };
-
-            const tableTotals = {
-              statements: { covered: 0, total: 0 },
-              branches: { covered: 0, total: 0 },
-              functions: { covered: 0, total: 0 },
-              lines: { covered: 0, total: 0 },
-            };
-            const tableRows = Object.entries(coverage)
-              .map(([file, entry]) => {
-                const fileCoverage = getFileCoverage(entry);
-                const lineHits = getLineHits(entry, fileCoverage);
-                const statementHits = entry.s ?? {};
-                const branchHits = entry.b ?? {};
-                const functionHits = entry.f ?? {};
-
-                const lineTotal = Object.keys(lineHits).length;
-                const lineCovered = Object.values(lineHits).filter((n) => n > 0).length;
-                const statementTotal = Object.keys(statementHits).length;
-                const statementCovered = Object.values(statementHits).filter((n) => n > 0).length;
-                const branchTotal = Object.values(branchHits).reduce((acc, branches) => acc + branches.length, 0);
-                const branchCovered = Object.values(branchHits).reduce(
-                  (acc, branches) => acc + branches.filter((n) => n > 0).length,
-                  0,
-                );
-                const functionTotal = Object.keys(functionHits).length;
-                const functionCovered = Object.values(functionHits).filter((n) => n > 0).length;
-
-                tableTotals.lines.total += lineTotal;
-                tableTotals.lines.covered += lineCovered;
-                tableTotals.statements.total += statementTotal;
-                tableTotals.statements.covered += statementCovered;
-                tableTotals.branches.total += branchTotal;
-                tableTotals.branches.covered += branchCovered;
-                tableTotals.functions.total += functionTotal;
-                tableTotals.functions.covered += functionCovered;
-
-                const uncoveredLines = getUncoveredLines(entry, fileCoverage, lineHits);
-
-                const filePath = entry.path ?? file;
-                const relativePath = path.isAbsolute(filePath)
-                  ? path.relative(process.cwd(), filePath)
-                  : filePath;
-
-                return {
-                  file: relativePath || file,
-                  statements: pctValue(statementCovered, statementTotal),
-                  branches: pctValue(branchCovered, branchTotal),
-                  functions: pctValue(functionCovered, functionTotal),
-                  lines: pctValue(lineCovered, lineTotal),
-                  uncovered: formatLineRanges(uncoveredLines),
-                };
-              })
-              .sort((a, b) => a.file.localeCompare(b.file));
-
-            const columns = [
-              { key: 'file', header: 'File', align: 'left' },
-              { key: 'statements', header: '% Stmts', align: 'right' },
-              { key: 'branches', header: '% Branch', align: 'right' },
-              { key: 'functions', header: '% Funcs', align: 'right' },
-              { key: 'lines', header: '% Lines', align: 'right' },
-              { key: 'uncovered', header: 'Uncovered Line #s', align: 'left' },
-            ];
-
-            const allFilesRow = {
-              file: 'All files',
-              statements: pctValue(tableTotals.statements.covered, tableTotals.statements.total),
-              branches: pctValue(tableTotals.branches.covered, tableTotals.branches.total),
-              functions: pctValue(tableTotals.functions.covered, tableTotals.functions.total),
-              lines: pctValue(tableTotals.lines.covered, tableTotals.lines.total),
-              uncovered: '',
-            };
-
-            const rowsForOutput = [allFilesRow, ...tableRows];
-            const formatRow = (row) => `| ${columns
-              .map(({ key }) => String(row[key] ?? ''))
-              .join(' | ')} |`;
-            const headerRow = `| ${columns.map(({ header }) => header).join(' | ')} |`;
-            const dividerRow = `| ${columns
-              .map(({ align }) => (align === 'right' ? '---:' : ':---'))
-              .join(' | ')} |`;
-
-            console.log('');
-            console.log('<details><summary>Vitest coverage table</summary>');
-            console.log('');
-            console.log(headerRow);
-            console.log(dividerRow);
-            rowsForOutput.forEach((row) => console.log(formatRow(row)));
-            console.log('</details>');
-          }
-          NODE
-
-      - name: Upload Coverage Artifact
-        if: steps.coverage-summary.outputs.has_coverage == 'true'
-        uses: actions/upload-artifact@v4
-        with:
-          name: web-coverage-report
-          path: web/coverage
-          retention-days: 30
-          if-no-files-found: error
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
+        run: pnpm test

.gitignore

@@ -139,6 +139,7 @@ pyrightconfig.json
 .idea/'
 
 .DS_Store
+web/.vscode/settings.json
 
 # Intellij IDEA Files
 .idea/*
@@ -195,7 +196,6 @@ docker/nginx/ssl/*
 !docker/nginx/ssl/.gitkeep
 docker/middleware.env
 docker/docker-compose.override.yaml
-docker/env-backup/*
 
 sdks/python-client/build
 sdks/python-client/dist
@@ -205,6 +205,7 @@ sdks/python-client/dify_client.egg-info
 !.vscode/launch.json.template
 !.vscode/README.md
 api/.vscode
+web/.vscode
 # vscode Code History Extension
 .history
 
@@ -219,6 +220,15 @@ plugins.jsonl
 # mise
 mise.toml
 
+# Next.js build output
+.next/
+
+# PWA generated files
+web/public/sw.js
+web/public/sw.js.map
+web/public/workbox-*.js
+web/public/workbox-*.js.map
+web/public/fallback-*.js
 
 # AI Assistant
 .roo/

.vscode/launch.json.template

@@ -37,7 +37,7 @@
                 "-c",
                 "1",
                 "-Q",
-                "dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention",
+                "dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor",
                 "--loglevel",
                 "INFO"
             ],

api/.env.example

@@ -116,7 +116,6 @@ ALIYUN_OSS_AUTH_VERSION=v1
 ALIYUN_OSS_REGION=your-region
 # Don't start with '/'. OSS doesn't support leading slash in object names.
 ALIYUN_OSS_PATH=your-path
-ALIYUN_CLOUDBOX_ID=your-cloudbox-id
 
 # Google Storage configuration
 GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
@@ -134,7 +133,6 @@ HUAWEI_OBS_BUCKET_NAME=your-bucket-name
 HUAWEI_OBS_SECRET_KEY=your-secret-key
 HUAWEI_OBS_ACCESS_KEY=your-access-key
 HUAWEI_OBS_SERVER=your-server-url
-HUAWEI_OBS_PATH_STYLE=false
 
 # Baidu OBS Storage Configuration
 BAIDU_OBS_BUCKET_NAME=your-bucket-name
@@ -545,25 +543,6 @@ APP_MAX_EXECUTION_TIME=1200
 APP_DEFAULT_ACTIVE_REQUESTS=0
 APP_MAX_ACTIVE_REQUESTS=0
 
-# Aliyun SLS Logstore Configuration
-# Aliyun Access Key ID
-ALIYUN_SLS_ACCESS_KEY_ID=
-# Aliyun Access Key Secret
-ALIYUN_SLS_ACCESS_KEY_SECRET=
-# Aliyun SLS Endpoint (e.g., cn-hangzhou.log.aliyuncs.com)
-ALIYUN_SLS_ENDPOINT=
-# Aliyun SLS Region (e.g., cn-hangzhou)
-ALIYUN_SLS_REGION=
-# Aliyun SLS Project Name
-ALIYUN_SLS_PROJECT_NAME=
-# Number of days to retain workflow run logs (default: 365 days， 3650 for permanent storage)
-ALIYUN_SLS_LOGSTORE_TTL=365
-# Enable dual-write to both SLS LogStore and SQL database (default: false)
-LOGSTORE_DUAL_WRITE_ENABLED=false
-# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
-# Useful for migration scenarios where historical data exists only in SQL database
-LOGSTORE_DUAL_READ_ENABLED=true
-
 # Celery beat configuration
 CELERY_BEAT_SCHEDULER_TIME=1
 
@@ -647,7 +626,17 @@ QUEUE_MONITOR_ALERT_EMAILS=
 QUEUE_MONITOR_INTERVAL=30
 
 # Swagger UI configuration
-SWAGGER_UI_ENABLED=true
+# SECURITY: Swagger UI is automatically disabled in PRODUCTION environment (DEPLOY_ENV=PRODUCTION)
+# to prevent API information disclosure.
+#
+# Behavior:
+# - DEPLOY_ENV=PRODUCTION + SWAGGER_UI_ENABLED not set -> Swagger DISABLED (secure default)
+# - DEPLOY_ENV=DEVELOPMENT/TESTING + SWAGGER_UI_ENABLED not set -> Swagger ENABLED
+# - SWAGGER_UI_ENABLED=true -> Swagger ENABLED (overrides environment check)
+# - SWAGGER_UI_ENABLED=false -> Swagger DISABLED (explicit disable)
+#
+# For development, you can uncomment below or set DEPLOY_ENV=DEVELOPMENT
+# SWAGGER_UI_ENABLED=false
 SWAGGER_UI_PATH=/swagger-ui.html
 
 # Whether to encrypt dataset IDs when exporting DSL files (default: true)
@@ -691,8 +680,4 @@ ANNOTATION_IMPORT_MIN_RECORDS=1
 ANNOTATION_IMPORT_RATE_LIMIT_PER_MINUTE=5
 ANNOTATION_IMPORT_RATE_LIMIT_PER_HOUR=20
 # Maximum number of concurrent annotation import tasks per tenant
-ANNOTATION_IMPORT_MAX_CONCURRENT=5
-# Sandbox expired records clean configuration
-SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
-SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
-SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
+ANNOTATION_IMPORT_MAX_CONCURRENT=5

api/README.md

@@ -84,7 +84,7 @@
 1. If you need to handle and debug the async tasks (e.g. dataset importing and documents indexing), please start the worker service.
 
 ```bash
-uv run celery -A app.celery worker -P threads -c 2 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention
+uv run celery -A app.celery worker -P threads -c 2 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor
 ```
 
 Additionally, if you want to debug the celery scheduled tasks, you can run the following command in another terminal to start the beat service:

api/app_factory.py

@@ -75,7 +75,6 @@ def initialize_extensions(app: DifyApp):
         ext_import_modules,
         ext_logging,
         ext_login,
-        ext_logstore,
         ext_mail,
         ext_migrate,
         ext_orjson,
@@ -106,7 +105,6 @@ def initialize_extensions(app: DifyApp):
         ext_migrate,
         ext_redis,
         ext_storage,
-        ext_logstore,  # Initialize logstore after storage, before celery
         ext_celery,
         ext_login,
         ext_mail,

api/configs/feature/__init__.py

@@ -218,7 +218,7 @@ class PluginConfig(BaseSettings):
 
     PLUGIN_DAEMON_TIMEOUT: PositiveFloat | None = Field(
         description="Timeout in seconds for requests to the plugin daemon (set to None to disable)",
-        default=600.0,
+        default=300.0,
     )
 
     INNER_API_KEY_FOR_PLUGIN: str = Field(description="Inner api key for plugin", default="inner-api-key")
@@ -1252,9 +1252,19 @@ class WorkflowLogConfig(BaseSettings):
 
 
 class SwaggerUIConfig(BaseSettings):
-    SWAGGER_UI_ENABLED: bool = Field(
-        description="Whether to enable Swagger UI in api module",
-        default=True,
+    """
+    Configuration for Swagger UI documentation.
+
+    Security Note: Swagger UI is automatically disabled in PRODUCTION environment
+    to prevent API information disclosure. Set SWAGGER_UI_ENABLED=true explicitly
+    to enable in production if needed.
+    """
+
+    SWAGGER_UI_ENABLED: bool | None = Field(
+        description="Whether to enable Swagger UI in api module. "
+        "Automatically disabled in PRODUCTION environment for security. "
+        "Set to true explicitly to enable in production.",
+        default=None,
     )
 
     SWAGGER_UI_PATH: str = Field(
@@ -1262,6 +1272,23 @@ class SwaggerUIConfig(BaseSettings):
         default="/swagger-ui.html",
     )
 
+    @property
+    def swagger_ui_enabled(self) -> bool:
+        """
+        Compute whether Swagger UI should be enabled.
+
+        If SWAGGER_UI_ENABLED is explicitly set, use that value.
+        Otherwise, disable in PRODUCTION environment for security.
+        """
+        if self.SWAGGER_UI_ENABLED is not None:
+            return self.SWAGGER_UI_ENABLED
+
+        # Auto-disable in production environment
+        import os
+
+        deploy_env = os.environ.get("DEPLOY_ENV", "PRODUCTION")
+        return deploy_env.upper() != "PRODUCTION"
+
 
 class TenantIsolatedTaskQueueConfig(BaseSettings):
     TENANT_ISOLATED_TASK_CONCURRENCY: int = Field(
@@ -1270,21 +1297,6 @@ class TenantIsolatedTaskQueueConfig(BaseSettings):
     )
 
 
-class SandboxExpiredRecordsCleanConfig(BaseSettings):
-    SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: NonNegativeInt = Field(
-        description="Graceful period in days for sandbox records clean after subscription expiration",
-        default=21,
-    )
-    SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: PositiveInt = Field(
-        description="Maximum number of records to process in each batch",
-        default=1000,
-    )
-    SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: PositiveInt = Field(
-        description="Retention days for sandbox expired workflow_run records and message records",
-        default=30,
-    )
-
-
 class FeatureConfig(
     # place the configs in alphabet order
     AppExecutionConfig,
@@ -1310,7 +1322,6 @@ class FeatureConfig(
     PositionConfig,
     RagEtlConfig,
     RepositoryConfig,
-    SandboxExpiredRecordsCleanConfig,
     SecurityConfig,
     TenantIsolatedTaskQueueConfig,
     ToolConfig,

api/configs/middleware/__init__.py

@@ -107,7 +107,7 @@ class KeywordStoreConfig(BaseSettings):
 
 class DatabaseConfig(BaseSettings):
     # Database type selector
-    DB_TYPE: Literal["postgresql", "mysql", "oceanbase", "seekdb"] = Field(
+    DB_TYPE: Literal["postgresql", "mysql", "oceanbase"] = Field(
         description="Database type to use. OceanBase is MySQL-compatible.",
         default="postgresql",
     )

api/configs/middleware/storage/aliyun_oss_storage_config.py

@@ -41,8 +41,3 @@ class AliyunOSSStorageConfig(BaseSettings):
         description="Base path within the bucket to store objects (e.g., 'my-app-data/')",
         default=None,
     )
-
-    ALIYUN_CLOUDBOX_ID: str | None = Field(
-        description="Cloudbox id for aliyun cloudbox service",
-        default=None,
-    )

api/configs/middleware/storage/huawei_obs_storage_config.py

@@ -26,8 +26,3 @@ class HuaweiCloudOBSStorageConfig(BaseSettings):
         description="Endpoint URL for Huawei Cloud OBS (e.g., 'https://obs.cn-north-4.myhuaweicloud.com')",
         default=None,
     )
-
-    HUAWEI_OBS_PATH_STYLE: bool = Field(
-        description="Flag to indicate whether to use path-style URLs for OBS requests",
-        default=False,
-    )

api/controllers/common/file_response.py

@@ -1,57 +0,0 @@
-import os
-from email.message import Message
-from urllib.parse import quote
-
-from flask import Response
-
-HTML_MIME_TYPES = frozenset({"text/html", "application/xhtml+xml"})
-HTML_EXTENSIONS = frozenset({"html", "htm"})
-
-
-def _normalize_mime_type(mime_type: str | None) -> str:
-    if not mime_type:
-        return ""
-    message = Message()
-    message["Content-Type"] = mime_type
-    return message.get_content_type().strip().lower()
-
-
-def _is_html_extension(extension: str | None) -> bool:
-    if not extension:
-        return False
-    return extension.lstrip(".").lower() in HTML_EXTENSIONS
-
-
-def is_html_content(mime_type: str | None, filename: str | None, extension: str | None = None) -> bool:
-    normalized_mime_type = _normalize_mime_type(mime_type)
-    if normalized_mime_type in HTML_MIME_TYPES:
-        return True
-
-    if _is_html_extension(extension):
-        return True
-
-    if filename:
-        return _is_html_extension(os.path.splitext(filename)[1])
-
-    return False
-
-
-def enforce_download_for_html(
-    response: Response,
-    *,
-    mime_type: str | None,
-    filename: str | None,
-    extension: str | None = None,
-) -> bool:
-    if not is_html_content(mime_type, filename, extension):
-        return False
-
-    if filename:
-        encoded_filename = quote(filename)
-        response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
-    else:
-        response.headers["Content-Disposition"] = "attachment"
-
-    response.headers["Content-Type"] = "application/octet-stream"
-    response.headers["X-Content-Type-Options"] = "nosniff"
-    return True

api/controllers/console/auth/activate.py

@@ -7,9 +7,9 @@ from controllers.console import console_ns
 from controllers.console.error import AlreadyActivateError
 from extensions.ext_database import db
 from libs.datetime_utils import naive_utc_now
-from libs.helper import EmailStr, timezone
+from libs.helper import EmailStr, extract_remote_ip, timezone
 from models import AccountStatus
-from services.account_service import RegisterService
+from services.account_service import AccountService, RegisterService
 
 DEFAULT_REF_TEMPLATE_SWAGGER_2_0 = "#/definitions/{model}"
 
@@ -93,6 +93,7 @@ class ActivateApi(Resource):
             "ActivationResponse",
             {
                 "result": fields.String(description="Operation result"),
+                "data": fields.Raw(description="Login token data"),
             },
         ),
     )
@@ -116,4 +117,6 @@ class ActivateApi(Resource):
         account.initialized_at = naive_utc_now()
         db.session.commit()
 
-        return {"result": "success"}
+        token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
+
+        return {"result": "success", "data": token_pair.model_dump()}

api/controllers/console/auth/login.py

@@ -22,12 +22,7 @@ from controllers.console.error import (
     NotAllowedCreateWorkspace,
     WorkspacesLimitExceeded,
 )
-from controllers.console.wraps import (
-    decrypt_code_field,
-    decrypt_password_field,
-    email_password_login_enabled,
-    setup_required,
-)
+from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from libs.helper import EmailStr, extract_remote_ip
 from libs.login import current_account_with_tenant
@@ -84,7 +79,6 @@ class LoginApi(Resource):
     @setup_required
     @email_password_login_enabled
     @console_ns.expect(console_ns.models[LoginPayload.__name__])
-    @decrypt_password_field
     def post(self):
         """Authenticate user and login."""
         args = LoginPayload.model_validate(console_ns.payload)
@@ -224,7 +218,6 @@ class EmailCodeLoginSendEmailApi(Resource):
 class EmailCodeLoginApi(Resource):
     @setup_required
     @console_ns.expect(console_ns.models[EmailCodeLoginPayload.__name__])
-    @decrypt_code_field
     def post(self):
         args = EmailCodeLoginPayload.model_validate(console_ns.payload)
 

api/controllers/console/datasets/data_source.py

@@ -140,18 +140,6 @@ class DataSourceNotionListApi(Resource):
         credential_id = request.args.get("credential_id", default=None, type=str)
         if not credential_id:
             raise ValueError("Credential id is required.")
-
-        # Get datasource_parameters from query string (optional, for GitHub and other datasources)
-        datasource_parameters_str = request.args.get("datasource_parameters", default=None, type=str)
-        datasource_parameters = {}
-        if datasource_parameters_str:
-            try:
-                datasource_parameters = json.loads(datasource_parameters_str)
-                if not isinstance(datasource_parameters, dict):
-                    raise ValueError("datasource_parameters must be a JSON object.")
-            except json.JSONDecodeError:
-                raise ValueError("Invalid datasource_parameters JSON format.")
-
         datasource_provider_service = DatasourceProviderService()
         credential = datasource_provider_service.get_datasource_credentials(
             tenant_id=current_tenant_id,
@@ -199,7 +187,7 @@ class DataSourceNotionListApi(Resource):
             online_document_result: Generator[OnlineDocumentPagesMessage, None, None] = (
                 datasource_runtime.get_online_document_pages(
                     user_id=current_user.id,
-                    datasource_parameters=datasource_parameters,
+                    datasource_parameters={},
                     provider_type=datasource_runtime.datasource_provider_type(),
                 )
             )
@@ -230,14 +218,14 @@ class DataSourceNotionListApi(Resource):
 
 
 @console_ns.route(
-    "/notion/pages/<uuid:page_id>/<string:page_type>/preview",
+    "/notion/workspaces/<uuid:workspace_id>/pages/<uuid:page_id>/<string:page_type>/preview",
     "/datasets/notion-indexing-estimate",
 )
 class DataSourceNotionApi(Resource):
     @setup_required
     @login_required
     @account_initialization_required
-    def get(self, page_id, page_type):
+    def get(self, workspace_id, page_id, page_type):
         _, current_tenant_id = current_account_with_tenant()
 
         credential_id = request.args.get("credential_id", default=None, type=str)
@@ -251,10 +239,11 @@ class DataSourceNotionApi(Resource):
             plugin_id="langgenius/notion_datasource",
         )
 
+        workspace_id = str(workspace_id)
         page_id = str(page_id)
 
         extractor = NotionExtractor(
-            notion_workspace_id="",
+            notion_workspace_id=workspace_id,
             notion_obj_id=page_id,
             notion_page_type=page_type,
             notion_access_token=credential.get("integration_secret"),

api/controllers/console/datasets/datasets.py

@@ -146,7 +146,7 @@ class DatasetUpdatePayload(BaseModel):
     embedding_model: str | None = None
     embedding_model_provider: str | None = None
     retrieval_model: dict[str, Any] | None = None
-    partial_member_list: list[dict[str, str]] | None = None
+    partial_member_list: list[str] | None = None
     external_retrieval_model: dict[str, Any] | None = None
     external_knowledge_id: str | None = None
     external_knowledge_api_id: str | None = None
@@ -223,7 +223,6 @@ def _get_retrieval_methods_by_vector_type(vector_type: str | None, is_mock: bool
         VectorType.COUCHBASE,
         VectorType.OPENGAUSS,
         VectorType.OCEANBASE,
-        VectorType.SEEKDB,
         VectorType.TABLESTORE,
         VectorType.HUAWEI_CLOUD,
         VectorType.TENCENT,

api/controllers/console/datasets/datasets_document.py

@@ -572,7 +572,7 @@ class DocumentBatchIndexingEstimateApi(DocumentResource):
                     datasource_type=DatasourceType.NOTION,
                     notion_info=NotionInfo.model_validate(
                         {
-                            "credential_id": data_source_info.get("credential_id"),
+                            "credential_id": data_source_info["credential_id"],
                             "notion_workspace_id": data_source_info["notion_workspace_id"],
                             "notion_obj_id": data_source_info["notion_page_id"],
                             "notion_page_type": data_source_info["type"],

api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py

@@ -4,7 +4,7 @@ from typing import Any, Literal, cast
 from uuid import UUID
 
 from flask import abort, request
-from flask_restx import Resource, marshal_with, reqparse  # type: ignore
+from flask_restx import Resource, marshal_with  # type: ignore
 from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
@@ -975,11 +975,6 @@ class RagPipelineRecommendedPluginApi(Resource):
     @login_required
     @account_initialization_required
     def get(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("type", type=str, location="args", required=False, default="all")
-        args = parser.parse_args()
-        type = args["type"]
-
         rag_pipeline_service = RagPipelineService()
-        recommended_plugins = rag_pipeline_service.get_recommended_plugins(type)
+        recommended_plugins = rag_pipeline_service.get_recommended_plugins()
         return recommended_plugins

api/controllers/console/explore/completion.py

@@ -40,7 +40,7 @@ from .. import console_ns
 logger = logging.getLogger(__name__)
 
 
-class CompletionMessageExplorePayload(BaseModel):
+class CompletionMessagePayload(BaseModel):
     inputs: dict[str, Any]
     query: str = ""
     files: list[dict[str, Any]] | None = None
@@ -71,7 +71,7 @@ class ChatMessagePayload(BaseModel):
             raise ValueError("must be a valid UUID") from exc
 
 
-register_schema_models(console_ns, CompletionMessageExplorePayload, ChatMessagePayload)
+register_schema_models(console_ns, CompletionMessagePayload, ChatMessagePayload)
 
 
 # define completion api for user
@@ -80,13 +80,13 @@ register_schema_models(console_ns, CompletionMessageExplorePayload, ChatMessageP
     endpoint="installed_app_completion",
 )
 class CompletionApi(InstalledAppResource):
-    @console_ns.expect(console_ns.models[CompletionMessageExplorePayload.__name__])
+    @console_ns.expect(console_ns.models[CompletionMessagePayload.__name__])
     def post(self, installed_app):
         app_model = installed_app.app
         if app_model.mode != AppMode.COMPLETION:
             raise NotCompletionAppError()
 
-        payload = CompletionMessageExplorePayload.model_validate(console_ns.payload or {})
+        payload = CompletionMessagePayload.model_validate(console_ns.payload or {})
         args = payload.model_dump(exclude_none=True)
 
         streaming = payload.response_mode == "streaming"

api/controllers/console/explore/conversation.py

@@ -1,4 +1,5 @@
 from typing import Any
+from uuid import UUID
 
 from flask import request
 from flask_restx import marshal_with
@@ -12,7 +13,6 @@ from controllers.console.explore.wraps import InstalledAppResource
 from core.app.entities.app_invoke_entities import InvokeFrom
 from extensions.ext_database import db
 from fields.conversation_fields import conversation_infinite_scroll_pagination_fields, simple_conversation_fields
-from libs.helper import UUIDStrOrEmpty
 from libs.login import current_user
 from models import Account
 from models.model import AppMode
@@ -24,7 +24,7 @@ from .. import console_ns
 
 
 class ConversationListQuery(BaseModel):
-    last_id: UUIDStrOrEmpty | None = None
+    last_id: UUID | None = None
     limit: int = Field(default=20, ge=1, le=100)
     pinned: bool | None = None
 

api/controllers/console/explore/installed_app.py

@@ -2,8 +2,7 @@ import logging
 from typing import Any
 
 from flask import request
-from flask_restx import Resource, marshal_with
-from pydantic import BaseModel
+from flask_restx import Resource, inputs, marshal_with, reqparse
 from sqlalchemy import and_, select
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound
 
@@ -19,15 +18,6 @@ from services.account_service import TenantService
 from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService
 
-
-class InstalledAppCreatePayload(BaseModel):
-    app_id: str
-
-
-class InstalledAppUpdatePayload(BaseModel):
-    is_pinned: bool | None = None
-
-
 logger = logging.getLogger(__name__)
 
 
@@ -115,25 +105,26 @@ class InstalledAppsListApi(Resource):
     @account_initialization_required
     @cloud_edition_billing_resource_check("apps")
     def post(self):
-        payload = InstalledAppCreatePayload.model_validate(console_ns.payload or {})
+        parser = reqparse.RequestParser().add_argument("app_id", type=str, required=True, help="Invalid app_id")
+        args = parser.parse_args()
 
-        recommended_app = db.session.query(RecommendedApp).where(RecommendedApp.app_id == payload.app_id).first()
+        recommended_app = db.session.query(RecommendedApp).where(RecommendedApp.app_id == args["app_id"]).first()
         if recommended_app is None:
-            raise NotFound("Recommended app not found")
+            raise NotFound("App not found")
 
         _, current_tenant_id = current_account_with_tenant()
 
-        app = db.session.query(App).where(App.id == payload.app_id).first()
+        app = db.session.query(App).where(App.id == args["app_id"]).first()
 
         if app is None:
-            raise NotFound("App entity not found")
+            raise NotFound("App not found")
 
         if not app.is_public:
             raise Forbidden("You can't install a non-public app")
 
         installed_app = (
             db.session.query(InstalledApp)
-            .where(and_(InstalledApp.app_id == payload.app_id, InstalledApp.tenant_id == current_tenant_id))
+            .where(and_(InstalledApp.app_id == args["app_id"], InstalledApp.tenant_id == current_tenant_id))
             .first()
         )
 
@@ -142,7 +133,7 @@ class InstalledAppsListApi(Resource):
             recommended_app.install_count += 1
 
             new_installed_app = InstalledApp(
-                app_id=payload.app_id,
+                app_id=args["app_id"],
                 tenant_id=current_tenant_id,
                 app_owner_tenant_id=app.tenant_id,
                 is_pinned=False,
@@ -172,11 +163,12 @@ class InstalledAppApi(InstalledAppResource):
         return {"result": "success", "message": "App uninstalled successfully"}, 204
 
     def patch(self, installed_app):
-        payload = InstalledAppUpdatePayload.model_validate(console_ns.payload or {})
+        parser = reqparse.RequestParser().add_argument("is_pinned", type=inputs.boolean)
+        args = parser.parse_args()
 
         commit_args = False
-        if payload.is_pinned is not None:
-            installed_app.is_pinned = payload.is_pinned
+        if "is_pinned" in args:
+            installed_app.is_pinned = args["is_pinned"]
             commit_args = True
 
         if commit_args:

api/controllers/console/extension.py

@@ -1,32 +1,14 @@
-from flask import request
-from flask_restx import Resource, fields, marshal_with
-from pydantic import BaseModel, Field
+from flask_restx import Resource, fields, marshal_with, reqparse
 
 from constants import HIDDEN_VALUE
+from controllers.console import console_ns
+from controllers.console.wraps import account_initialization_required, setup_required
 from fields.api_based_extension_fields import api_based_extension_fields
 from libs.login import current_account_with_tenant, login_required
 from models.api_based_extension import APIBasedExtension
 from services.api_based_extension_service import APIBasedExtensionService
 from services.code_based_extension_service import CodeBasedExtensionService
 
-from ..common.schema import register_schema_models
-from . import console_ns
-from .wraps import account_initialization_required, setup_required
-
-
-class CodeBasedExtensionQuery(BaseModel):
-    module: str
-
-
-class APIBasedExtensionPayload(BaseModel):
-    name: str = Field(description="Extension name")
-    api_endpoint: str = Field(description="API endpoint URL")
-    api_key: str = Field(description="API key for authentication")
-
-
-register_schema_models(console_ns, APIBasedExtensionPayload)
-
-
 api_based_extension_model = console_ns.model("ApiBasedExtensionModel", api_based_extension_fields)
 
 api_based_extension_list_model = fields.List(fields.Nested(api_based_extension_model))
@@ -36,7 +18,11 @@ api_based_extension_list_model = fields.List(fields.Nested(api_based_extension_m
 class CodeBasedExtensionAPI(Resource):
     @console_ns.doc("get_code_based_extension")
     @console_ns.doc(description="Get code-based extension data by module name")
-    @console_ns.doc(params={"module": "Extension module name"})
+    @console_ns.expect(
+        console_ns.parser().add_argument(
+            "module", type=str, required=True, location="args", help="Extension module name"
+        )
+    )
     @console_ns.response(
         200,
         "Success",
@@ -49,9 +35,10 @@ class CodeBasedExtensionAPI(Resource):
     @login_required
     @account_initialization_required
     def get(self):
-        query = CodeBasedExtensionQuery.model_validate(request.args.to_dict(flat=True))  # type: ignore
+        parser = reqparse.RequestParser().add_argument("module", type=str, required=True, location="args")
+        args = parser.parse_args()
 
-        return {"module": query.module, "data": CodeBasedExtensionService.get_code_based_extension(query.module)}
+        return {"module": args["module"], "data": CodeBasedExtensionService.get_code_based_extension(args["module"])}
 
 
 @console_ns.route("/api-based-extension")
@@ -69,21 +56,30 @@ class APIBasedExtensionAPI(Resource):
 
     @console_ns.doc("create_api_based_extension")
     @console_ns.doc(description="Create a new API-based extension")
-    @console_ns.expect(console_ns.models[APIBasedExtensionPayload.__name__])
+    @console_ns.expect(
+        console_ns.model(
+            "CreateAPIBasedExtensionRequest",
+            {
+                "name": fields.String(required=True, description="Extension name"),
+                "api_endpoint": fields.String(required=True, description="API endpoint URL"),
+                "api_key": fields.String(required=True, description="API key for authentication"),
+            },
+        )
+    )
     @console_ns.response(201, "Extension created successfully", api_based_extension_model)
     @setup_required
     @login_required
     @account_initialization_required
     @marshal_with(api_based_extension_model)
     def post(self):
-        payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {})
+        args = console_ns.payload
         _, current_tenant_id = current_account_with_tenant()
 
         extension_data = APIBasedExtension(
             tenant_id=current_tenant_id,
-            name=payload.name,
-            api_endpoint=payload.api_endpoint,
-            api_key=payload.api_key,
+            name=args["name"],
+            api_endpoint=args["api_endpoint"],
+            api_key=args["api_key"],
         )
 
         return APIBasedExtensionService.save(extension_data)
@@ -108,7 +104,16 @@ class APIBasedExtensionDetailAPI(Resource):
     @console_ns.doc("update_api_based_extension")
     @console_ns.doc(description="Update API-based extension")
     @console_ns.doc(params={"id": "Extension ID"})
-    @console_ns.expect(console_ns.models[APIBasedExtensionPayload.__name__])
+    @console_ns.expect(
+        console_ns.model(
+            "UpdateAPIBasedExtensionRequest",
+            {
+                "name": fields.String(required=True, description="Extension name"),
+                "api_endpoint": fields.String(required=True, description="API endpoint URL"),
+                "api_key": fields.String(required=True, description="API key for authentication"),
+            },
+        )
+    )
     @console_ns.response(200, "Extension updated successfully", api_based_extension_model)
     @setup_required
     @login_required
@@ -120,13 +125,13 @@ class APIBasedExtensionDetailAPI(Resource):
 
         extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id)
 
-        payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {})
+        args = console_ns.payload
 
-        extension_data_from_db.name = payload.name
-        extension_data_from_db.api_endpoint = payload.api_endpoint
+        extension_data_from_db.name = args["name"]
+        extension_data_from_db.api_endpoint = args["api_endpoint"]
 
-        if payload.api_key != HIDDEN_VALUE:
-            extension_data_from_db.api_key = payload.api_key
+        if args["api_key"] != HIDDEN_VALUE:
+            extension_data_from_db.api_key = args["api_key"]
 
         return APIBasedExtensionService.save(extension_data_from_db)
 

api/controllers/console/tag/tags.py

@@ -1,40 +1,31 @@
-from typing import Literal
-
 from flask import request
-from flask_restx import Resource, marshal_with
-from pydantic import BaseModel, Field
+from flask_restx import Resource, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden
 
-from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from fields.tag_fields import dataset_tag_fields
 from libs.login import current_account_with_tenant, login_required
+from models.model import Tag
 from services.tag_service import TagService
 
 
-class TagBasePayload(BaseModel):
-    name: str = Field(description="Tag name", min_length=1, max_length=50)
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
+def _validate_name(name):
+    if not name or len(name) < 1 or len(name) > 50:
+        raise ValueError("Name must be between 1 to 50 characters.")
+    return name
 
 
-class TagBindingPayload(BaseModel):
-    tag_ids: list[str] = Field(description="Tag IDs to bind")
-    target_id: str = Field(description="Target ID to bind tags to")
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
-
-
-class TagBindingRemovePayload(BaseModel):
-    tag_id: str = Field(description="Tag ID to remove")
-    target_id: str = Field(description="Target ID to unbind tag from")
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
-
-
-register_schema_models(
-    console_ns,
-    TagBasePayload,
-    TagBindingPayload,
-    TagBindingRemovePayload,
+parser_tags = (
+    reqparse.RequestParser()
+    .add_argument(
+        "name",
+        nullable=False,
+        required=True,
+        help="Name must be between 1 to 50 characters.",
+        type=_validate_name,
+    )
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
 )
 
 
@@ -52,7 +43,7 @@ class TagListApi(Resource):
 
         return tags, 200
 
-    @console_ns.expect(console_ns.models[TagBasePayload.__name__])
+    @console_ns.expect(parser_tags)
     @setup_required
     @login_required
     @account_initialization_required
@@ -62,17 +53,22 @@ class TagListApi(Resource):
         if not (current_user.has_edit_permission or current_user.is_dataset_editor):
             raise Forbidden()
 
-        payload = TagBasePayload.model_validate(console_ns.payload or {})
-        tag = TagService.save_tags(payload.model_dump())
+        args = parser_tags.parse_args()
+        tag = TagService.save_tags(args)
 
         response = {"id": tag.id, "name": tag.name, "type": tag.type, "binding_count": 0}
 
         return response, 200
 
 
+parser_tag_id = reqparse.RequestParser().add_argument(
+    "name", nullable=False, required=True, help="Name must be between 1 to 50 characters.", type=_validate_name
+)
+
+
 @console_ns.route("/tags/<uuid:tag_id>")
 class TagUpdateDeleteApi(Resource):
-    @console_ns.expect(console_ns.models[TagBasePayload.__name__])
+    @console_ns.expect(parser_tag_id)
     @setup_required
     @login_required
     @account_initialization_required
@@ -83,8 +79,8 @@ class TagUpdateDeleteApi(Resource):
         if not (current_user.has_edit_permission or current_user.is_dataset_editor):
             raise Forbidden()
 
-        payload = TagBasePayload.model_validate(console_ns.payload or {})
-        tag = TagService.update_tags(payload.model_dump(), tag_id)
+        args = parser_tag_id.parse_args()
+        tag = TagService.update_tags(args, tag_id)
 
         binding_count = TagService.get_tag_binding_count(tag_id)
 
@@ -104,9 +100,17 @@ class TagUpdateDeleteApi(Resource):
         return 204
 
 
+parser_create = (
+    reqparse.RequestParser()
+    .add_argument("tag_ids", type=list, nullable=False, required=True, location="json", help="Tag IDs is required.")
+    .add_argument("target_id", type=str, nullable=False, required=True, location="json", help="Target ID is required.")
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
+)
+
+
 @console_ns.route("/tag-bindings/create")
 class TagBindingCreateApi(Resource):
-    @console_ns.expect(console_ns.models[TagBindingPayload.__name__])
+    @console_ns.expect(parser_create)
     @setup_required
     @login_required
     @account_initialization_required
@@ -116,15 +120,23 @@ class TagBindingCreateApi(Resource):
         if not (current_user.has_edit_permission or current_user.is_dataset_editor):
             raise Forbidden()
 
-        payload = TagBindingPayload.model_validate(console_ns.payload or {})
-        TagService.save_tag_binding(payload.model_dump())
+        args = parser_create.parse_args()
+        TagService.save_tag_binding(args)
 
         return {"result": "success"}, 200
 
 
+parser_remove = (
+    reqparse.RequestParser()
+    .add_argument("tag_id", type=str, nullable=False, required=True, help="Tag ID is required.")
+    .add_argument("target_id", type=str, nullable=False, required=True, help="Target ID is required.")
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
+)
+
+
 @console_ns.route("/tag-bindings/remove")
 class TagBindingDeleteApi(Resource):
-    @console_ns.expect(console_ns.models[TagBindingRemovePayload.__name__])
+    @console_ns.expect(parser_remove)
     @setup_required
     @login_required
     @account_initialization_required
@@ -134,7 +146,7 @@ class TagBindingDeleteApi(Resource):
         if not (current_user.has_edit_permission or current_user.is_dataset_editor):
             raise Forbidden()
 
-        payload = TagBindingRemovePayload.model_validate(console_ns.payload or {})
-        TagService.delete_tag_binding(payload.model_dump())
+        args = parser_remove.parse_args()
+        TagService.delete_tag_binding(args)
 
         return {"result": "success"}, 200

api/controllers/console/workspace/plugin.py

@@ -1,6 +1,5 @@
 import io
-from collections.abc import Mapping
-from typing import Any, Literal
+from typing import Literal
 
 from flask import request, send_file
 from flask_restx import Resource
@@ -142,15 +141,6 @@ class ParserDynamicOptions(BaseModel):
     provider_type: Literal["tool", "trigger"]
 
 
-class ParserDynamicOptionsWithCredentials(BaseModel):
-    plugin_id: str
-    provider: str
-    action: str
-    parameter: str
-    credential_id: str
-    credentials: Mapping[str, Any]
-
-
 class PluginPermissionSettingsPayload(BaseModel):
     install_permission: TenantPluginPermission.InstallPermission = TenantPluginPermission.InstallPermission.EVERYONE
     debug_permission: TenantPluginPermission.DebugPermission = TenantPluginPermission.DebugPermission.EVERYONE
@@ -193,7 +183,6 @@ reg(ParserGithubUpgrade)
 reg(ParserUninstall)
 reg(ParserPermissionChange)
 reg(ParserDynamicOptions)
-reg(ParserDynamicOptionsWithCredentials)
 reg(ParserPreferencesChange)
 reg(ParserExcludePlugin)
 reg(ParserReadme)
@@ -668,37 +657,6 @@ class PluginFetchDynamicSelectOptionsApi(Resource):
         return jsonable_encoder({"options": options})
 
 
-@console_ns.route("/workspaces/current/plugin/parameters/dynamic-options-with-credentials")
-class PluginFetchDynamicSelectOptionsWithCredentialsApi(Resource):
-    @console_ns.expect(console_ns.models[ParserDynamicOptionsWithCredentials.__name__])
-    @setup_required
-    @login_required
-    @is_admin_or_owner_required
-    @account_initialization_required
-    def post(self):
-        """Fetch dynamic options using credentials directly (for edit mode)."""
-        current_user, tenant_id = current_account_with_tenant()
-        user_id = current_user.id
-
-        args = ParserDynamicOptionsWithCredentials.model_validate(console_ns.payload)
-
-        try:
-            options = PluginParameterService.get_dynamic_select_options_with_credentials(
-                tenant_id=tenant_id,
-                user_id=user_id,
-                plugin_id=args.plugin_id,
-                provider=args.provider,
-                action=args.action,
-                parameter=args.parameter,
-                credential_id=args.credential_id,
-                credentials=args.credentials,
-            )
-        except PluginDaemonClientSideError as e:
-            raise ValueError(e)
-
-        return jsonable_encoder({"options": options})
-
-
 @console_ns.route("/workspaces/current/plugin/preferences/change")
 class PluginChangePreferencesApi(Resource):
     @console_ns.expect(console_ns.models[ParserPreferencesChange.__name__])

api/controllers/console/workspace/tool_providers.py

@@ -18,7 +18,6 @@ from controllers.console.wraps import (
     setup_required,
 )
 from core.entities.mcp_provider import MCPAuthentication, MCPConfiguration
-from core.helper.tool_provider_cache import ToolProviderListCache
 from core.mcp.auth.auth_flow import auth, handle_callback
 from core.mcp.error import MCPAuthError, MCPError, MCPRefreshTokenError
 from core.mcp.mcp_client import MCPClient
@@ -945,7 +944,7 @@ class ToolProviderMCPApi(Resource):
         configuration = MCPConfiguration.model_validate(args["configuration"])
         authentication = MCPAuthentication.model_validate(args["authentication"]) if args["authentication"] else None
 
-        # Create provider in transaction
+        # Create provider
         with Session(db.engine) as session, session.begin():
             service = MCPToolManageService(session=session)
             result = service.create_provider(
@@ -961,11 +960,7 @@ class ToolProviderMCPApi(Resource):
                 configuration=configuration,
                 authentication=authentication,
             )
-
-        # Invalidate cache AFTER transaction commits to avoid holding locks during Redis operations
-        ToolProviderListCache.invalidate_cache(tenant_id)
-
-        return jsonable_encoder(result)
+            return jsonable_encoder(result)
 
     @console_ns.expect(parser_mcp_put)
     @setup_required
@@ -977,23 +972,17 @@ class ToolProviderMCPApi(Resource):
         authentication = MCPAuthentication.model_validate(args["authentication"]) if args["authentication"] else None
         _, current_tenant_id = current_account_with_tenant()
 
-        # Step 1: Get provider data for URL validation (short-lived session, no network I/O)
-        validation_data = None
+        # Step 1: Validate server URL change if needed (includes URL format validation and network operation)
+        validation_result = None
         with Session(db.engine) as session:
             service = MCPToolManageService(session=session)
-            validation_data = service.get_provider_for_url_validation(
-                tenant_id=current_tenant_id, provider_id=args["provider_id"]
+            validation_result = service.validate_server_url_change(
+                tenant_id=current_tenant_id, provider_id=args["provider_id"], new_server_url=args["server_url"]
             )
 
-        # Step 2: Perform URL validation with network I/O OUTSIDE of any database session
-        # This prevents holding database locks during potentially slow network operations
-        validation_result = MCPToolManageService.validate_server_url_standalone(
-            tenant_id=current_tenant_id,
-            new_server_url=args["server_url"],
-            validation_data=validation_data,
-        )
+            # No need to check for errors here, exceptions will be raised directly
 
-        # Step 3: Perform database update in a transaction
+        # Step 2: Perform database update in a transaction
         with Session(db.engine) as session, session.begin():
             service = MCPToolManageService(session=session)
             service.update_provider(
@@ -1010,11 +999,7 @@ class ToolProviderMCPApi(Resource):
                 authentication=authentication,
                 validation_result=validation_result,
             )
-
-        # Invalidate cache AFTER transaction commits to avoid holding locks during Redis operations
-        ToolProviderListCache.invalidate_cache(current_tenant_id)
-
-        return {"result": "success"}
+            return {"result": "success"}
 
     @console_ns.expect(parser_mcp_delete)
     @setup_required
@@ -1027,11 +1012,7 @@ class ToolProviderMCPApi(Resource):
         with Session(db.engine) as session, session.begin():
             service = MCPToolManageService(session=session)
             service.delete_provider(tenant_id=current_tenant_id, provider_id=args["provider_id"])
-
-        # Invalidate cache AFTER transaction commits to avoid holding locks during Redis operations
-        ToolProviderListCache.invalidate_cache(current_tenant_id)
-
-        return {"result": "success"}
+            return {"result": "success"}
 
 
 parser_auth = (
@@ -1081,8 +1062,6 @@ class ToolMCPAuthApi(Resource):
                         credentials=provider_entity.credentials,
                         authed=True,
                     )
-                # Invalidate cache after updating credentials
-                ToolProviderListCache.invalidate_cache(tenant_id)
                 return {"result": "success"}
         except MCPAuthError as e:
             try:
@@ -1096,22 +1075,16 @@ class ToolMCPAuthApi(Resource):
                 with Session(db.engine) as session, session.begin():
                     service = MCPToolManageService(session=session)
                     response = service.execute_auth_actions(auth_result)
-                    # Invalidate cache after auth actions may have updated provider state
-                    ToolProviderListCache.invalidate_cache(tenant_id)
                     return response
             except MCPRefreshTokenError as e:
                 with Session(db.engine) as session, session.begin():
                     service = MCPToolManageService(session=session)
                     service.clear_provider_credentials(provider_id=provider_id, tenant_id=tenant_id)
-                # Invalidate cache after clearing credentials
-                ToolProviderListCache.invalidate_cache(tenant_id)
                 raise ValueError(f"Failed to refresh token, please try to authorize again: {e}") from e
         except (MCPError, ValueError) as e:
             with Session(db.engine) as session, session.begin():
                 service = MCPToolManageService(session=session)
                 service.clear_provider_credentials(provider_id=provider_id, tenant_id=tenant_id)
-            # Invalidate cache after clearing credentials
-            ToolProviderListCache.invalidate_cache(tenant_id)
             raise ValueError(f"Failed to connect to MCP server: {e}") from e
 
 

api/controllers/console/workspace/trigger_providers.py

@@ -1,15 +1,11 @@
 import logging
-from collections.abc import Mapping
-from typing import Any
 
 from flask import make_response, redirect, request
 from flask_restx import Resource, reqparse
-from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, Forbidden
 
 from configs import dify_config
-from constants import HIDDEN_VALUE, UNKNOWN_VALUE
 from controllers.web.error import NotFoundError
 from core.model_runtime.utils.encoders import jsonable_encoder
 from core.plugin.entities.plugin_daemon import CredentialType
@@ -36,32 +32,6 @@ from ..wraps import (
 logger = logging.getLogger(__name__)
 
 
-class TriggerSubscriptionUpdateRequest(BaseModel):
-    """Request payload for updating a trigger subscription"""
-
-    name: str | None = Field(default=None, description="The name for the subscription")
-    credentials: Mapping[str, Any] | None = Field(default=None, description="The credentials for the subscription")
-    parameters: Mapping[str, Any] | None = Field(default=None, description="The parameters for the subscription")
-    properties: Mapping[str, Any] | None = Field(default=None, description="The properties for the subscription")
-
-
-class TriggerSubscriptionVerifyRequest(BaseModel):
-    """Request payload for verifying subscription credentials."""
-
-    credentials: Mapping[str, Any] = Field(description="The credentials to verify")
-
-
-console_ns.schema_model(
-    TriggerSubscriptionUpdateRequest.__name__,
-    TriggerSubscriptionUpdateRequest.model_json_schema(ref_template="#/definitions/{model}"),
-)
-
-console_ns.schema_model(
-    TriggerSubscriptionVerifyRequest.__name__,
-    TriggerSubscriptionVerifyRequest.model_json_schema(ref_template="#/definitions/{model}"),
-)
-
-
 @console_ns.route("/workspaces/current/trigger-provider/<path:provider>/icon")
 class TriggerProviderIconApi(Resource):
     @setup_required
@@ -185,16 +155,16 @@ parser_api = (
 
 
 @console_ns.route(
-    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/verify-and-update/<path:subscription_builder_id>",
+    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/verify/<path:subscription_builder_id>",
 )
-class TriggerSubscriptionBuilderVerifyAndUpdateApi(Resource):
+class TriggerSubscriptionBuilderVerifyApi(Resource):
     @console_ns.expect(parser_api)
     @setup_required
     @login_required
     @edit_permission_required
     @account_initialization_required
     def post(self, provider, subscription_builder_id):
-        """Verify and update a subscription instance for a trigger provider"""
+        """Verify a subscription instance for a trigger provider"""
         user = current_user
         assert user.current_tenant_id is not None
 
@@ -319,83 +289,6 @@ class TriggerSubscriptionBuilderBuildApi(Resource):
             raise ValueError(str(e)) from e
 
 
-@console_ns.route(
-    "/workspaces/current/trigger-provider/<path:subscription_id>/subscriptions/update",
-)
-class TriggerSubscriptionUpdateApi(Resource):
-    @console_ns.expect(console_ns.models[TriggerSubscriptionUpdateRequest.__name__])
-    @setup_required
-    @login_required
-    @edit_permission_required
-    @account_initialization_required
-    def post(self, subscription_id: str):
-        """Update a subscription instance"""
-        user = current_user
-        assert user.current_tenant_id is not None
-
-        args = TriggerSubscriptionUpdateRequest.model_validate(console_ns.payload)
-
-        subscription = TriggerProviderService.get_subscription_by_id(
-            tenant_id=user.current_tenant_id,
-            subscription_id=subscription_id,
-        )
-        if not subscription:
-            raise NotFoundError(f"Subscription {subscription_id} not found")
-
-        provider_id = TriggerProviderID(subscription.provider_id)
-
-        try:
-            # rename only
-            if (
-                args.name is not None
-                and args.credentials is None
-                and args.parameters is None
-                and args.properties is None
-            ):
-                TriggerProviderService.update_trigger_subscription(
-                    tenant_id=user.current_tenant_id,
-                    subscription_id=subscription_id,
-                    name=args.name,
-                )
-                return 200
-
-            # rebuild for create automatically by the provider
-            match subscription.credential_type:
-                case CredentialType.UNAUTHORIZED:
-                    TriggerProviderService.update_trigger_subscription(
-                        tenant_id=user.current_tenant_id,
-                        subscription_id=subscription_id,
-                        name=args.name,
-                        properties=args.properties,
-                    )
-                    return 200
-                case CredentialType.API_KEY | CredentialType.OAUTH2:
-                    if args.credentials:
-                        new_credentials: dict[str, Any] = {
-                            key: value if value != HIDDEN_VALUE else subscription.credentials.get(key, UNKNOWN_VALUE)
-                            for key, value in args.credentials.items()
-                        }
-                    else:
-                        new_credentials = subscription.credentials
-
-                    TriggerProviderService.rebuild_trigger_subscription(
-                        tenant_id=user.current_tenant_id,
-                        name=args.name,
-                        provider_id=provider_id,
-                        subscription_id=subscription_id,
-                        credentials=new_credentials,
-                        parameters=args.parameters or subscription.parameters,
-                    )
-                    return 200
-                case _:
-                    raise BadRequest("Invalid credential type")
-        except ValueError as e:
-            raise BadRequest(str(e))
-        except Exception as e:
-            logger.exception("Error updating subscription", exc_info=e)
-            raise
-
-
 @console_ns.route(
     "/workspaces/current/trigger-provider/<path:subscription_id>/subscriptions/delete",
 )
@@ -683,38 +576,3 @@ class TriggerOAuthClientManageApi(Resource):
         except Exception as e:
             logger.exception("Error removing OAuth client", exc_info=e)
             raise
-
-
-@console_ns.route(
-    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/verify/<path:subscription_id>",
-)
-class TriggerSubscriptionVerifyApi(Resource):
-    @console_ns.expect(console_ns.models[TriggerSubscriptionVerifyRequest.__name__])
-    @setup_required
-    @login_required
-    @edit_permission_required
-    @account_initialization_required
-    def post(self, provider, subscription_id):
-        """Verify credentials for an existing subscription (edit mode only)"""
-        user = current_user
-        assert user.current_tenant_id is not None
-
-        verify_request: TriggerSubscriptionVerifyRequest = TriggerSubscriptionVerifyRequest.model_validate(
-            console_ns.payload
-        )
-
-        try:
-            result = TriggerProviderService.verify_subscription_credentials(
-                tenant_id=user.current_tenant_id,
-                user_id=user.id,
-                provider_id=TriggerProviderID(provider),
-                subscription_id=subscription_id,
-                credentials=verify_request.credentials,
-            )
-            return result
-        except ValueError as e:
-            logger.warning("Credential verification failed", exc_info=e)
-            raise BadRequest(str(e)) from e
-        except Exception as e:
-            logger.exception("Error verifying subscription credentials", exc_info=e)
-            raise BadRequest(str(e)) from e

api/controllers/console/wraps.py

@@ -9,12 +9,10 @@ from typing import ParamSpec, TypeVar
 from flask import abort, request
 
 from configs import dify_config
-from controllers.console.auth.error import AuthenticationFailedError, EmailCodeError
 from controllers.console.workspace.error import AccountNotInitializedError
 from enums.cloud_plan import CloudPlan
 from extensions.ext_database import db
 from extensions.ext_redis import redis_client
-from libs.encryption import FieldEncryption
 from libs.login import current_account_with_tenant
 from models.account import AccountStatus
 from models.dataset import RateLimitLog
@@ -27,14 +25,6 @@ from .error import NotInitValidateError, NotSetupError, UnauthorizedAndForceLogo
 P = ParamSpec("P")
 R = TypeVar("R")
 
-# Field names for decryption
-FIELD_NAME_PASSWORD = "password"
-FIELD_NAME_CODE = "code"
-
-# Error messages for decryption failures
-ERROR_MSG_INVALID_ENCRYPTED_DATA = "Invalid encrypted data"
-ERROR_MSG_INVALID_ENCRYPTED_CODE = "Invalid encrypted code"
-
 
 def account_initialization_required(view: Callable[P, R]):
     @wraps(view)
@@ -429,75 +419,3 @@ def annotation_import_concurrency_limit(view: Callable[P, R]):
         return view(*args, **kwargs)
 
     return decorated
-
-
-def _decrypt_field(field_name: str, error_class: type[Exception], error_message: str) -> None:
-    """
-    Helper to decode a Base64 encoded field in the request payload.
-
-    Args:
-        field_name: Name of the field to decode
-        error_class: Exception class to raise on decoding failure
-        error_message: Error message to include in the exception
-    """
-    if not request or not request.is_json:
-        return
-    # Get the payload dict - it's cached and mutable
-    payload = request.get_json()
-    if not payload or field_name not in payload:
-        return
-    encoded_value = payload[field_name]
-    decoded_value = FieldEncryption.decrypt_field(encoded_value)
-
-    # If decoding failed, raise error immediately
-    if decoded_value is None:
-        raise error_class(error_message)
-
-    # Update payload dict in-place with decoded value
-    # Since payload is a mutable dict and get_json() returns the cached reference,
-    # modifying it will affect all subsequent accesses including console_ns.payload
-    payload[field_name] = decoded_value
-
-
-def decrypt_password_field(view: Callable[P, R]):
-    """
-    Decorator to decrypt password field in request payload.
-
-    Automatically decrypts the 'password' field if encryption is enabled.
-    If decryption fails, raises AuthenticationFailedError.
-
-    Usage:
-        @decrypt_password_field
-        def post(self):
-            args = LoginPayload.model_validate(console_ns.payload)
-            # args.password is now decrypted
-    """
-
-    @wraps(view)
-    def decorated(*args: P.args, **kwargs: P.kwargs):
-        _decrypt_field(FIELD_NAME_PASSWORD, AuthenticationFailedError, ERROR_MSG_INVALID_ENCRYPTED_DATA)
-        return view(*args, **kwargs)
-
-    return decorated
-
-
-def decrypt_code_field(view: Callable[P, R]):
-    """
-    Decorator to decrypt verification code field in request payload.
-
-    Automatically decrypts the 'code' field if encryption is enabled.
-    If decryption fails, raises EmailCodeError.
-
-    Usage:
-        @decrypt_code_field
-        def post(self):
-            args = EmailCodeLoginPayload.model_validate(console_ns.payload)
-            # args.code is now decrypted
-    """
-
-    @wraps(view)
-    def decorated(*args: P.args, **kwargs: P.kwargs):
-        _decrypt_field(FIELD_NAME_CODE, EmailCodeError, ERROR_MSG_INVALID_ENCRYPTED_CODE)
-        return view(*args, **kwargs)
-
-    return decorated

api/controllers/files/image_preview.py

@@ -7,7 +7,6 @@ from werkzeug.exceptions import NotFound
 
 import services
 from controllers.common.errors import UnsupportedFileTypeError
-from controllers.common.file_response import enforce_download_for_html
 from controllers.files import files_ns
 from extensions.ext_database import db
 from services.account_service import TenantService
@@ -139,13 +138,6 @@ class FilePreviewApi(Resource):
             response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
             response.headers["Content-Type"] = "application/octet-stream"
 
-        enforce_download_for_html(
-            response,
-            mime_type=upload_file.mime_type,
-            filename=upload_file.name,
-            extension=upload_file.extension,
-        )
-
         return response
 
 

api/controllers/files/tool_files.py

@@ -6,7 +6,6 @@ from pydantic import BaseModel, Field
 from werkzeug.exceptions import Forbidden, NotFound
 
 from controllers.common.errors import UnsupportedFileTypeError
-from controllers.common.file_response import enforce_download_for_html
 from controllers.files import files_ns
 from core.tools.signature import verify_tool_file_signature
 from core.tools.tool_file_manager import ToolFileManager
@@ -79,11 +78,4 @@ class ToolFileApi(Resource):
             encoded_filename = quote(tool_file.name)
             response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
 
-        enforce_download_for_html(
-            response,
-            mime_type=tool_file.mimetype,
-            filename=tool_file.name,
-            extension=extension,
-        )
-
         return response

api/controllers/service_api/app/conversation.py

@@ -4,7 +4,7 @@ from uuid import UUID
 from flask import request
 from flask_restx import Resource
 from flask_restx._http import HTTPStatus
-from pydantic import BaseModel, Field, field_validator, model_validator
+from pydantic import BaseModel, Field, model_validator
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, NotFound
 
@@ -51,32 +51,6 @@ class ConversationRenamePayload(BaseModel):
 class ConversationVariablesQuery(BaseModel):
     last_id: UUID | None = Field(default=None, description="Last variable ID for pagination")
     limit: int = Field(default=20, ge=1, le=100, description="Number of variables to return")
-    variable_name: str | None = Field(
-        default=None, description="Filter variables by name", min_length=1, max_length=255
-    )
-
-    @field_validator("variable_name", mode="before")
-    @classmethod
-    def validate_variable_name(cls, v: str | None) -> str | None:
-        """
-        Validate variable_name to prevent injection attacks.
-        """
-        if v is None:
-            return v
-
-        # Only allow safe characters: alphanumeric, underscore, hyphen, period
-        if not v.replace("-", "").replace("_", "").replace(".", "").isalnum():
-            raise ValueError(
-                "Variable name can only contain letters, numbers, hyphens (-), underscores (_), and periods (.)"
-            )
-
-        # Prevent SQL injection patterns
-        dangerous_patterns = ["'", '"', ";", "--", "/*", "*/", "xp_", "sp_"]
-        for pattern in dangerous_patterns:
-            if pattern in v.lower():
-                raise ValueError(f"Variable name contains invalid characters: {pattern}")
-
-        return v
 
 
 class ConversationVariableUpdatePayload(BaseModel):
@@ -225,7 +199,7 @@ class ConversationVariablesApi(Resource):
 
         try:
             return ConversationService.get_conversational_variable(
-                app_model, conversation_id, end_user, query_args.limit, last_id, query_args.variable_name
+                app_model, conversation_id, end_user, query_args.limit, last_id
             )
         except services.errors.conversation.ConversationNotExistsError:
             raise NotFound("Conversation Not Exists.")

api/controllers/service_api/app/file_preview.py

@@ -5,7 +5,6 @@ from flask import Response, request
 from flask_restx import Resource
 from pydantic import BaseModel, Field
 
-from controllers.common.file_response import enforce_download_for_html
 from controllers.common.schema import register_schema_model
 from controllers.service_api import service_api_ns
 from controllers.service_api.app.error import (
@@ -184,13 +183,6 @@ class FilePreviewApi(Resource):
             # Override content-type for downloads to force download
             response.headers["Content-Type"] = "application/octet-stream"
 
-        enforce_download_for_html(
-            response,
-            mime_type=upload_file.mime_type,
-            filename=upload_file.name,
-            extension=upload_file.extension,
-        )
-
         # Add caching headers for performance
         response.headers["Cache-Control"] = "public, max-age=3600"  # Cache for 1 hour
 

api/controllers/service_api/dataset/dataset.py

@@ -49,7 +49,7 @@ class DatasetUpdatePayload(BaseModel):
     embedding_model: str | None = None
     embedding_model_provider: str | None = None
     retrieval_model: RetrievalModel | None = None
-    partial_member_list: list[dict[str, str]] | None = None
+    partial_member_list: list[str] | None = None
     external_retrieval_model: dict[str, Any] | None = None
     external_knowledge_id: str | None = None
     external_knowledge_api_id: str | None = None

api/controllers/web/app.py

@@ -1,13 +1,14 @@
 import logging
 
 from flask import request
-from flask_restx import Resource, marshal_with
-from pydantic import BaseModel, ConfigDict, Field
+from flask_restx import Resource, marshal_with, reqparse
 from werkzeug.exceptions import Unauthorized
 
 from constants import HEADER_NAME_APP_CODE
 from controllers.common import fields
-from controllers.common.schema import register_schema_models
+from controllers.web import web_ns
+from controllers.web.error import AppUnavailableError
+from controllers.web.wraps import WebApiResource
 from core.app.app_config.common.parameters_mapping import get_parameters_from_feature_dict
 from libs.passport import PassportService
 from libs.token import extract_webapp_passport
@@ -17,23 +18,9 @@ from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService
 from services.webapp_auth_service import WebAppAuthService
 
-from . import web_ns
-from .error import AppUnavailableError
-from .wraps import WebApiResource
-
 logger = logging.getLogger(__name__)
 
 
-class AppAccessModeQuery(BaseModel):
-    model_config = ConfigDict(populate_by_name=True)
-
-    app_id: str | None = Field(default=None, alias="appId", description="Application ID")
-    app_code: str | None = Field(default=None, alias="appCode", description="Application code")
-
-
-register_schema_models(web_ns, AppAccessModeQuery)
-
-
 @web_ns.route("/parameters")
 class AppParameterApi(WebApiResource):
     """Resource for app variables."""
@@ -109,16 +96,21 @@ class AppAccessMode(Resource):
         }
     )
     def get(self):
-        raw_args = request.args.to_dict()
-        args = AppAccessModeQuery.model_validate(raw_args)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("appId", type=str, required=False, location="args")
+            .add_argument("appCode", type=str, required=False, location="args")
+        )
+        args = parser.parse_args()
 
         features = FeatureService.get_system_features()
         if not features.webapp_auth.enabled:
             return {"accessMode": "public"}
 
-        app_id = args.app_id
-        if args.app_code:
-            app_id = AppService.get_app_id_by_code(args.app_code)
+        app_id = args.get("appId")
+        if args.get("appCode"):
+            app_code = args["appCode"]
+            app_id = AppService.get_app_id_by_code(app_code)
 
         if not app_id:
             raise ValueError("appId or appCode must be provided")

api/controllers/web/audio.py

@@ -1,8 +1,7 @@
 import logging
 
 from flask import request
-from flask_restx import fields, marshal_with
-from pydantic import BaseModel, field_validator
+from flask_restx import fields, marshal_with, reqparse
 from werkzeug.exceptions import InternalServerError
 
 import services
@@ -21,7 +20,6 @@ from controllers.web.error import (
 from controllers.web.wraps import WebApiResource
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from core.model_runtime.errors.invoke import InvokeError
-from libs.helper import uuid_value
 from models.model import App
 from services.audio_service import AudioService
 from services.errors.audio import (
@@ -31,25 +29,6 @@ from services.errors.audio import (
     UnsupportedAudioTypeServiceError,
 )
 
-from ..common.schema import register_schema_models
-
-
-class TextToAudioPayload(BaseModel):
-    message_id: str | None = None
-    voice: str | None = None
-    text: str | None = None
-    streaming: bool | None = None
-
-    @field_validator("message_id")
-    @classmethod
-    def validate_message_id(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-register_schema_models(web_ns, TextToAudioPayload)
-
 logger = logging.getLogger(__name__)
 
 
@@ -109,7 +88,6 @@ class AudioApi(WebApiResource):
 
 @web_ns.route("/text-to-audio")
 class TextApi(WebApiResource):
-    @web_ns.expect(web_ns.models[TextToAudioPayload.__name__])
     @web_ns.doc("Text to Audio")
     @web_ns.doc(description="Convert text to audio using text-to-speech service.")
     @web_ns.doc(
@@ -124,11 +102,18 @@ class TextApi(WebApiResource):
     def post(self, app_model: App, end_user):
         """Convert text to audio"""
         try:
-            payload = TextToAudioPayload.model_validate(web_ns.payload or {})
+            parser = (
+                reqparse.RequestParser()
+                .add_argument("message_id", type=str, required=False, location="json")
+                .add_argument("voice", type=str, location="json")
+                .add_argument("text", type=str, location="json")
+                .add_argument("streaming", type=bool, location="json")
+            )
+            args = parser.parse_args()
 
-            message_id = payload.message_id
-            text = payload.text
-            voice = payload.voice
+            message_id = args.get("message_id", None)
+            text = args.get("text", None)
+            voice = args.get("voice", None)
             response = AudioService.transcript_tts(
                 app_model=app_model, text=text, voice=voice, end_user=end_user.external_user_id, message_id=message_id
             )

api/controllers/web/completion.py

@@ -1,11 +1,9 @@
 import logging
-from typing import Any, Literal
 
-from pydantic import BaseModel, Field, field_validator
+from flask_restx import reqparse
 from werkzeug.exceptions import InternalServerError, NotFound
 
 import services
-from controllers.common.schema import register_schema_models
 from controllers.web import web_ns
 from controllers.web.error import (
     AppUnavailableError,
@@ -36,44 +34,25 @@ from services.errors.llm import InvokeRateLimitError
 logger = logging.getLogger(__name__)
 
 
-class CompletionMessagePayload(BaseModel):
-    inputs: dict[str, Any] = Field(description="Input variables for the completion")
-    query: str = Field(default="", description="Query text for completion")
-    files: list[dict[str, Any]] | None = Field(default=None, description="Files to be processed")
-    response_mode: Literal["blocking", "streaming"] | None = Field(
-        default=None, description="Response mode: blocking or streaming"
-    )
-    retriever_from: str = Field(default="web_app", description="Source of retriever")
-
-
-class ChatMessagePayload(BaseModel):
-    inputs: dict[str, Any] = Field(description="Input variables for the chat")
-    query: str = Field(description="User query/message")
-    files: list[dict[str, Any]] | None = Field(default=None, description="Files to be processed")
-    response_mode: Literal["blocking", "streaming"] | None = Field(
-        default=None, description="Response mode: blocking or streaming"
-    )
-    conversation_id: str | None = Field(default=None, description="Conversation ID")
-    parent_message_id: str | None = Field(default=None, description="Parent message ID")
-    retriever_from: str = Field(default="web_app", description="Source of retriever")
-
-    @field_validator("conversation_id", "parent_message_id")
-    @classmethod
-    def validate_uuid(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-register_schema_models(web_ns, CompletionMessagePayload, ChatMessagePayload)
-
-
 # define completion api for user
 @web_ns.route("/completion-messages")
 class CompletionApi(WebApiResource):
     @web_ns.doc("Create Completion Message")
     @web_ns.doc(description="Create a completion message for text generation applications.")
-    @web_ns.expect(web_ns.models[CompletionMessagePayload.__name__])
+    @web_ns.doc(
+        params={
+            "inputs": {"description": "Input variables for the completion", "type": "object", "required": True},
+            "query": {"description": "Query text for completion", "type": "string", "required": False},
+            "files": {"description": "Files to be processed", "type": "array", "required": False},
+            "response_mode": {
+                "description": "Response mode: blocking or streaming",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": False,
+            },
+            "retriever_from": {"description": "Source of retriever", "type": "string", "required": False},
+        }
+    )
     @web_ns.doc(
         responses={
             200: "Success",
@@ -88,10 +67,18 @@ class CompletionApi(WebApiResource):
         if app_model.mode != AppMode.COMPLETION:
             raise NotCompletionAppError()
 
-        payload = CompletionMessagePayload.model_validate(web_ns.payload or {})
-        args = payload.model_dump(exclude_none=True)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("inputs", type=dict, required=True, location="json")
+            .add_argument("query", type=str, location="json", default="")
+            .add_argument("files", type=list, required=False, location="json")
+            .add_argument("response_mode", type=str, choices=["blocking", "streaming"], location="json")
+            .add_argument("retriever_from", type=str, required=False, default="web_app", location="json")
+        )
 
-        streaming = payload.response_mode == "streaming"
+        args = parser.parse_args()
+
+        streaming = args["response_mode"] == "streaming"
         args["auto_generate_name"] = False
 
         try:
@@ -155,7 +142,22 @@ class CompletionStopApi(WebApiResource):
 class ChatApi(WebApiResource):
     @web_ns.doc("Create Chat Message")
     @web_ns.doc(description="Create a chat message for conversational applications.")
-    @web_ns.expect(web_ns.models[ChatMessagePayload.__name__])
+    @web_ns.doc(
+        params={
+            "inputs": {"description": "Input variables for the chat", "type": "object", "required": True},
+            "query": {"description": "User query/message", "type": "string", "required": True},
+            "files": {"description": "Files to be processed", "type": "array", "required": False},
+            "response_mode": {
+                "description": "Response mode: blocking or streaming",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": False,
+            },
+            "conversation_id": {"description": "Conversation UUID", "type": "string", "required": False},
+            "parent_message_id": {"description": "Parent message UUID", "type": "string", "required": False},
+            "retriever_from": {"description": "Source of retriever", "type": "string", "required": False},
+        }
+    )
     @web_ns.doc(
         responses={
             200: "Success",
@@ -171,10 +173,20 @@ class ChatApi(WebApiResource):
         if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
             raise NotChatAppError()
 
-        payload = ChatMessagePayload.model_validate(web_ns.payload or {})
-        args = payload.model_dump(exclude_none=True)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("inputs", type=dict, required=True, location="json")
+            .add_argument("query", type=str, required=True, location="json")
+            .add_argument("files", type=list, required=False, location="json")
+            .add_argument("response_mode", type=str, choices=["blocking", "streaming"], location="json")
+            .add_argument("conversation_id", type=uuid_value, location="json")
+            .add_argument("parent_message_id", type=uuid_value, required=False, location="json")
+            .add_argument("retriever_from", type=str, required=False, default="web_app", location="json")
+        )
 
-        streaming = payload.response_mode == "streaming"
+        args = parser.parse_args()
+
+        streaming = args["response_mode"] == "streaming"
         args["auto_generate_name"] = False
 
         try:

api/controllers/web/forgot_password.py

@@ -2,12 +2,10 @@ import base64
 import secrets
 
 from flask import request
-from flask_restx import Resource
-from pydantic import BaseModel, Field, field_validator
+from flask_restx import Resource, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 
-from controllers.common.schema import register_schema_models
 from controllers.console.auth.error import (
     AuthenticationFailedError,
     EmailCodeError,
@@ -20,40 +18,14 @@ from controllers.console.error import EmailSendIpLimitError
 from controllers.console.wraps import email_password_login_enabled, only_edition_enterprise, setup_required
 from controllers.web import web_ns
 from extensions.ext_database import db
-from libs.helper import EmailStr, extract_remote_ip
+from libs.helper import email, extract_remote_ip
 from libs.password import hash_password, valid_password
 from models import Account
 from services.account_service import AccountService
 
 
-class ForgotPasswordSendPayload(BaseModel):
-    email: EmailStr
-    language: str | None = None
-
-
-class ForgotPasswordCheckPayload(BaseModel):
-    email: EmailStr
-    code: str
-    token: str = Field(min_length=1)
-
-
-class ForgotPasswordResetPayload(BaseModel):
-    token: str = Field(min_length=1)
-    new_password: str
-    password_confirm: str
-
-    @field_validator("new_password", "password_confirm")
-    @classmethod
-    def validate_password(cls, value: str) -> str:
-        return valid_password(value)
-
-
-register_schema_models(web_ns, ForgotPasswordSendPayload, ForgotPasswordCheckPayload, ForgotPasswordResetPayload)
-
-
 @web_ns.route("/forgot-password")
 class ForgotPasswordSendEmailApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordSendPayload.__name__])
     @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
@@ -68,31 +40,35 @@ class ForgotPasswordSendEmailApi(Resource):
         }
     )
     def post(self):
-        payload = ForgotPasswordSendPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("email", type=email, required=True, location="json")
+            .add_argument("language", type=str, required=False, location="json")
+        )
+        args = parser.parse_args()
 
         ip_address = extract_remote_ip(request)
         if AccountService.is_email_send_ip_limit(ip_address):
             raise EmailSendIpLimitError()
 
-        if payload.language == "zh-Hans":
+        if args["language"] is not None and args["language"] == "zh-Hans":
             language = "zh-Hans"
         else:
             language = "en-US"
 
         with Session(db.engine) as session:
-            account = session.execute(select(Account).filter_by(email=payload.email)).scalar_one_or_none()
+            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
         token = None
         if account is None:
             raise AuthenticationFailedError()
         else:
-            token = AccountService.send_reset_password_email(account=account, email=payload.email, language=language)
+            token = AccountService.send_reset_password_email(account=account, email=args["email"], language=language)
 
         return {"result": "success", "data": token}
 
 
 @web_ns.route("/forgot-password/validity")
 class ForgotPasswordCheckApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordCheckPayload.__name__])
     @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
@@ -102,40 +78,45 @@ class ForgotPasswordCheckApi(Resource):
         responses={200: "Token is valid", 400: "Bad request - invalid token format", 401: "Invalid or expired token"}
     )
     def post(self):
-        payload = ForgotPasswordCheckPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("email", type=str, required=True, location="json")
+            .add_argument("code", type=str, required=True, location="json")
+            .add_argument("token", type=str, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()
 
-        user_email = payload.email
+        user_email = args["email"]
 
-        is_forgot_password_error_rate_limit = AccountService.is_forgot_password_error_rate_limit(payload.email)
+        is_forgot_password_error_rate_limit = AccountService.is_forgot_password_error_rate_limit(args["email"])
         if is_forgot_password_error_rate_limit:
             raise EmailPasswordResetLimitError()
 
-        token_data = AccountService.get_reset_password_data(payload.token)
+        token_data = AccountService.get_reset_password_data(args["token"])
         if token_data is None:
             raise InvalidTokenError()
 
         if user_email != token_data.get("email"):
             raise InvalidEmailError()
 
-        if payload.code != token_data.get("code"):
-            AccountService.add_forgot_password_error_rate_limit(payload.email)
+        if args["code"] != token_data.get("code"):
+            AccountService.add_forgot_password_error_rate_limit(args["email"])
             raise EmailCodeError()
 
         # Verified, revoke the first token
-        AccountService.revoke_reset_password_token(payload.token)
+        AccountService.revoke_reset_password_token(args["token"])
 
         # Refresh token data by generating a new token
         _, new_token = AccountService.generate_reset_password_token(
-            user_email, code=payload.code, additional_data={"phase": "reset"}
+            user_email, code=args["code"], additional_data={"phase": "reset"}
         )
 
-        AccountService.reset_forgot_password_error_rate_limit(payload.email)
+        AccountService.reset_forgot_password_error_rate_limit(args["email"])
         return {"is_valid": True, "email": token_data.get("email"), "token": new_token}
 
 
 @web_ns.route("/forgot-password/resets")
 class ForgotPasswordResetApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordResetPayload.__name__])
     @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
@@ -150,14 +131,20 @@ class ForgotPasswordResetApi(Resource):
         }
     )
     def post(self):
-        payload = ForgotPasswordResetPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("token", type=str, required=True, nullable=False, location="json")
+            .add_argument("new_password", type=valid_password, required=True, nullable=False, location="json")
+            .add_argument("password_confirm", type=valid_password, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()
 
         # Validate passwords match
-        if payload.new_password != payload.password_confirm:
+        if args["new_password"] != args["password_confirm"]:
             raise PasswordMismatchError()
 
         # Validate token and get reset data
-        reset_data = AccountService.get_reset_password_data(payload.token)
+        reset_data = AccountService.get_reset_password_data(args["token"])
         if not reset_data:
             raise InvalidTokenError()
         # Must use token in reset phase
@@ -165,11 +152,11 @@ class ForgotPasswordResetApi(Resource):
             raise InvalidTokenError()
 
         # Revoke token to prevent reuse
-        AccountService.revoke_reset_password_token(payload.token)
+        AccountService.revoke_reset_password_token(args["token"])
 
         # Generate secure salt and hash password
         salt = secrets.token_bytes(16)
-        password_hashed = hash_password(payload.new_password, salt)
+        password_hashed = hash_password(args["new_password"], salt)
 
         email = reset_data.get("email", "")
 
@@ -183,7 +170,7 @@ class ForgotPasswordResetApi(Resource):
 
         return {"result": "success"}
 
-    def _update_existing_account(self, account: Account, password_hashed, salt, session):
+    def _update_existing_account(self, account, password_hashed, salt, session):
         # Update existing account credentials
         account.password = base64.b64encode(password_hashed).decode()
         account.password_salt = base64.b64encode(salt).decode()

api/controllers/web/message.py

@@ -1,12 +1,9 @@
 import logging
-from typing import Literal
 
-from flask import request
-from flask_restx import fields, marshal_with
-from pydantic import BaseModel, Field, field_validator
+from flask_restx import fields, marshal_with, reqparse
+from flask_restx.inputs import int_range
 from werkzeug.exceptions import InternalServerError, NotFound
 
-from controllers.common.schema import register_schema_models
 from controllers.web import web_ns
 from controllers.web.error import (
     AppMoreLikeThisDisabledError,
@@ -41,33 +38,6 @@ from services.message_service import MessageService
 logger = logging.getLogger(__name__)
 
 
-class MessageListQuery(BaseModel):
-    conversation_id: str = Field(description="Conversation UUID")
-    first_id: str | None = Field(default=None, description="First message ID for pagination")
-    limit: int = Field(default=20, ge=1, le=100, description="Number of messages to return (1-100)")
-
-    @field_validator("conversation_id", "first_id")
-    @classmethod
-    def validate_uuid(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-class MessageFeedbackPayload(BaseModel):
-    rating: Literal["like", "dislike"] | None = Field(default=None, description="Feedback rating")
-    content: str | None = Field(default=None, description="Feedback content")
-
-
-class MessageMoreLikeThisQuery(BaseModel):
-    response_mode: Literal["blocking", "streaming"] = Field(
-        description="Response mode",
-    )
-
-
-register_schema_models(web_ns, MessageListQuery, MessageFeedbackPayload, MessageMoreLikeThisQuery)
-
-
 @web_ns.route("/messages")
 class MessageListApi(WebApiResource):
     message_fields = {
@@ -98,11 +68,7 @@ class MessageListApi(WebApiResource):
     @web_ns.doc(
         params={
             "conversation_id": {"description": "Conversation UUID", "type": "string", "required": True},
-            "first_id": {
-                "description": "First message ID for pagination",
-                "type": "string",
-                "required": False,
-            },
+            "first_id": {"description": "First message ID for pagination", "type": "string", "required": False},
             "limit": {
                 "description": "Number of messages to return (1-100)",
                 "type": "integer",
@@ -127,12 +93,17 @@ class MessageListApi(WebApiResource):
         if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
             raise NotChatAppError()
 
-        raw_args = request.args.to_dict()
-        query = MessageListQuery.model_validate(raw_args)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("conversation_id", required=True, type=uuid_value, location="args")
+            .add_argument("first_id", type=uuid_value, location="args")
+            .add_argument("limit", type=int_range(1, 100), required=False, default=20, location="args")
+        )
+        args = parser.parse_args()
 
         try:
             return MessageService.pagination_by_first_id(
-                app_model, end_user, query.conversation_id, query.first_id, query.limit
+                app_model, end_user, args["conversation_id"], args["first_id"], args["limit"]
             )
         except ConversationNotExistsError:
             raise NotFound("Conversation Not Exists.")
@@ -157,7 +128,7 @@ class MessageFeedbackApi(WebApiResource):
                 "enum": ["like", "dislike"],
                 "required": False,
             },
-            "content": {"description": "Feedback content", "type": "string", "required": False},
+            "content": {"description": "Feedback content/comment", "type": "string", "required": False},
         }
     )
     @web_ns.doc(
@@ -174,15 +145,20 @@ class MessageFeedbackApi(WebApiResource):
     def post(self, app_model, end_user, message_id):
         message_id = str(message_id)
 
-        payload = MessageFeedbackPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("rating", type=str, choices=["like", "dislike", None], location="json")
+            .add_argument("content", type=str, location="json", default=None)
+        )
+        args = parser.parse_args()
 
         try:
             MessageService.create_feedback(
                 app_model=app_model,
                 message_id=message_id,
                 user=end_user,
-                rating=payload.rating,
-                content=payload.content,
+                rating=args.get("rating"),
+                content=args.get("content"),
             )
         except MessageNotExistsError:
             raise NotFound("Message Not Exists.")
@@ -194,7 +170,17 @@ class MessageFeedbackApi(WebApiResource):
 class MessageMoreLikeThisApi(WebApiResource):
     @web_ns.doc("Generate More Like This")
     @web_ns.doc(description="Generate a new completion similar to an existing message (completion apps only).")
-    @web_ns.expect(web_ns.models[MessageMoreLikeThisQuery.__name__])
+    @web_ns.doc(
+        params={
+            "message_id": {"description": "Message UUID", "type": "string", "required": True},
+            "response_mode": {
+                "description": "Response mode",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": True,
+            },
+        }
+    )
     @web_ns.doc(
         responses={
             200: "Success",
@@ -211,10 +197,12 @@ class MessageMoreLikeThisApi(WebApiResource):
 
         message_id = str(message_id)
 
-        raw_args = request.args.to_dict()
-        query = MessageMoreLikeThisQuery.model_validate(raw_args)
+        parser = reqparse.RequestParser().add_argument(
+            "response_mode", type=str, required=True, choices=["blocking", "streaming"], location="args"
+        )
+        args = parser.parse_args()
 
-        streaming = query.response_mode == "streaming"
+        streaming = args["response_mode"] == "streaming"
 
         try:
             response = AppGenerateService.generate_more_like_this(

api/controllers/web/remote_files.py

@@ -1,8 +1,7 @@
 import urllib.parse
 
 import httpx
-from flask_restx import marshal_with
-from pydantic import BaseModel, Field, HttpUrl
+from flask_restx import marshal_with, reqparse
 
 import services
 from controllers.common import helpers
@@ -11,23 +10,14 @@ from controllers.common.errors import (
     RemoteFileUploadError,
     UnsupportedFileTypeError,
 )
+from controllers.web import web_ns
+from controllers.web.wraps import WebApiResource
 from core.file import helpers as file_helpers
 from core.helper import ssrf_proxy
 from extensions.ext_database import db
 from fields.file_fields import build_file_with_signed_url_model, build_remote_file_info_model
 from services.file_service import FileService
 
-from ..common.schema import register_schema_models
-from . import web_ns
-from .wraps import WebApiResource
-
-
-class RemoteFileUploadPayload(BaseModel):
-    url: HttpUrl = Field(description="Remote file URL")
-
-
-register_schema_models(web_ns, RemoteFileUploadPayload)
-
 
 @web_ns.route("/remote-files/<path:url>")
 class RemoteFileInfoApi(WebApiResource):
@@ -107,8 +97,10 @@ class RemoteFileUploadApi(WebApiResource):
             FileTooLargeError: File exceeds size limit
             UnsupportedFileTypeError: File type not supported
         """
-        payload = RemoteFileUploadPayload.model_validate(web_ns.payload or {})
-        url = str(payload.url)
+        parser = reqparse.RequestParser().add_argument("url", type=str, required=True, help="URL is required")
+        args = parser.parse_args()
+
+        url = args["url"]
 
         try:
             resp = ssrf_proxy.head(url=url)

api/core/app/app_config/entities.py

@@ -1,4 +1,3 @@
-import json
 from collections.abc import Sequence
 from enum import StrEnum, auto
 from typing import Any, Literal
@@ -121,7 +120,7 @@ class VariableEntity(BaseModel):
     allowed_file_types: Sequence[FileType] | None = Field(default_factory=list)
     allowed_file_extensions: Sequence[str] | None = Field(default_factory=list)
     allowed_file_upload_methods: Sequence[FileTransferMethod] | None = Field(default_factory=list)
-    json_schema: str | None = Field(default=None)
+    json_schema: dict[str, Any] | None = Field(default=None)
 
     @field_validator("description", mode="before")
     @classmethod
@@ -135,17 +134,11 @@ class VariableEntity(BaseModel):
 
     @field_validator("json_schema")
     @classmethod
-    def validate_json_schema(cls, schema: str | None) -> str | None:
+    def validate_json_schema(cls, schema: dict[str, Any] | None) -> dict[str, Any] | None:
         if schema is None:
             return None
-
         try:
-            json_schema = json.loads(schema)
-        except json.JSONDecodeError:
-            raise ValueError(f"invalid json_schema value {schema}")
-
-        try:
-            Draft7Validator.check_schema(json_schema)
+            Draft7Validator.check_schema(schema)
         except SchemaError as e:
             raise ValueError(f"Invalid JSON schema: {e.message}")
         return schema

api/core/app/apps/base_app_generator.py

@@ -1,4 +1,3 @@
-import json
 from collections.abc import Generator, Mapping, Sequence
 from typing import TYPE_CHECKING, Any, Union, final
 
@@ -105,9 +104,8 @@ class BaseAppGenerator:
             variable_entity.type in {VariableEntityType.FILE, VariableEntityType.FILE_LIST}
             and not variable_entity.required
         ):
-            # Treat empty string (frontend default) as unset
-            # For FILE_LIST, allow empty list [] to pass through
-            if isinstance(value, str) and not value:
+            # Treat empty string (frontend default) or empty list as unset
+            if not value and isinstance(value, (str, list)):
                 return None
 
         if variable_entity.type in {
@@ -177,13 +175,6 @@ class BaseAppGenerator:
                         value = True
                     elif value == 0:
                         value = False
-            case VariableEntityType.JSON_OBJECT:
-                if not isinstance(value, str):
-                    raise ValueError(f"{variable_entity.variable} in input form must be a string")
-                try:
-                    json.loads(value)
-                except json.JSONDecodeError:
-                    raise ValueError(f"{variable_entity.variable} in input form must be a valid JSON object")
             case _:
                 raise AssertionError("this statement should be unreachable.")
 

api/core/app/task_pipeline/easy_ui_based_generate_task_pipeline.py

@@ -342,11 +342,9 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
                 self._task_state.llm_result.message.content = current_content
 
                 if isinstance(event, QueueLLMChunkEvent):
-                    event_type = self._message_cycle_manager.get_message_event_type(message_id=self._message_id)
                     yield self._message_cycle_manager.message_to_stream_response(
                         answer=cast(str, delta_text),
                         message_id=self._message_id,
-                        event_type=event_type,
                     )
                 else:
                     yield self._agent_message_to_stream_response(

api/core/app/task_pipeline/message_cycle_manager.py

@@ -5,7 +5,7 @@ from threading import Thread
 from typing import Union
 
 from flask import Flask, current_app
-from sqlalchemy import exists, select
+from sqlalchemy import select
 from sqlalchemy.orm import Session
 
 from configs import dify_config
@@ -54,20 +54,6 @@ class MessageCycleManager:
     ):
         self._application_generate_entity = application_generate_entity
         self._task_state = task_state
-        self._message_has_file: set[str] = set()
-
-    def get_message_event_type(self, message_id: str) -> StreamEvent:
-        if message_id in self._message_has_file:
-            return StreamEvent.MESSAGE_FILE
-
-        with Session(db.engine, expire_on_commit=False) as session:
-            has_file = session.query(exists().where(MessageFile.message_id == message_id)).scalar()
-
-        if has_file:
-            self._message_has_file.add(message_id)
-            return StreamEvent.MESSAGE_FILE
-
-        return StreamEvent.MESSAGE
 
     def generate_conversation_name(self, *, conversation_id: str, query: str) -> Thread | None:
         """
@@ -228,11 +214,7 @@ class MessageCycleManager:
         return None
 
     def message_to_stream_response(
-        self,
-        answer: str,
-        message_id: str,
-        from_variable_selector: list[str] | None = None,
-        event_type: StreamEvent | None = None,
+        self, answer: str, message_id: str, from_variable_selector: list[str] | None = None
     ) -> MessageStreamResponse:
         """
         Message to stream response.
@@ -240,12 +222,16 @@ class MessageCycleManager:
         :param message_id: message id
         :return:
         """
+        with Session(db.engine, expire_on_commit=False) as session:
+            message_file = session.scalar(select(MessageFile).where(MessageFile.id == message_id))
+        event_type = StreamEvent.MESSAGE_FILE if message_file else StreamEvent.MESSAGE
+
         return MessageStreamResponse(
             task_id=self._application_generate_entity.task_id,
             id=message_id,
             answer=answer,
             from_variable_selector=from_variable_selector,
-            event=event_type or StreamEvent.MESSAGE,
+            event=event_type,
         )
 
     def message_replace_to_stream_response(self, answer: str, reason: str = "") -> MessageReplaceStreamResponse:

api/core/helper/ssrf_proxy.py

@@ -72,22 +72,6 @@ def _get_ssrf_client(ssl_verify_enabled: bool) -> httpx.Client:
     )
 
 
-def _get_user_provided_host_header(headers: dict | None) -> str | None:
-    """
-    Extract the user-provided Host header from the headers dict.
-
-    This is needed because when using a forward proxy, httpx may override the Host header.
-    We preserve the user's explicit Host header to support virtual hosting and other use cases.
-    """
-    if not headers:
-        return None
-    # Case-insensitive lookup for Host header
-    for key, value in headers.items():
-        if key.lower() == "host":
-            return value
-    return None
-
-
 def make_request(method, url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
     if "allow_redirects" in kwargs:
         allow_redirects = kwargs.pop("allow_redirects")
@@ -106,24 +90,10 @@ def make_request(method, url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
     verify_option = kwargs.pop("ssl_verify", dify_config.HTTP_REQUEST_NODE_SSL_VERIFY)
     client = _get_ssrf_client(verify_option)
 
-    # Preserve user-provided Host header
-    # When using a forward proxy, httpx may override the Host header based on the URL.
-    # We extract and preserve any explicitly set Host header to support virtual hosting.
-    headers = kwargs.get("headers", {})
-    user_provided_host = _get_user_provided_host_header(headers)
-
     retries = 0
     while retries <= max_retries:
         try:
-            # Build the request manually to preserve the Host header
-            # httpx may override the Host header when using a proxy, so we use
-            # the request API to explicitly set headers before sending
-            headers = {k: v for k, v in headers.items() if k.lower() != "host"}
-            if user_provided_host is not None:
-                headers["host"] = user_provided_host
-            kwargs["headers"] = headers
             response = client.request(method=method, url=url, **kwargs)
-
             # Check for SSRF protection by Squid proxy
             if response.status_code in (401, 403):
                 # Check if this is a Squid SSRF rejection

api/core/indexing_runner.py

@@ -396,7 +396,7 @@ class IndexingRunner:
                 datasource_type=DatasourceType.NOTION,
                 notion_info=NotionInfo.model_validate(
                     {
-                        "credential_id": data_source_info.get("credential_id"),
+                        "credential_id": data_source_info["credential_id"],
                         "notion_workspace_id": data_source_info["notion_workspace_id"],
                         "notion_obj_id": data_source_info["notion_page_id"],
                         "notion_page_type": data_source_info["type"],

api/core/mcp/auth/auth_flow.py

@@ -47,11 +47,7 @@ def build_protected_resource_metadata_discovery_urls(
     """
     Build a list of URLs to try for Protected Resource Metadata discovery.
 
-    Per RFC 9728 Section 5.1, supports fallback when discovery fails at one URL.
-    Priority order:
-    1. URL from WWW-Authenticate header (if provided)
-    2. Well-known URI with path: https://example.com/.well-known/oauth-protected-resource/public/mcp
-    3. Well-known URI at root: https://example.com/.well-known/oauth-protected-resource
+    Per SEP-985, supports fallback when discovery fails at one URL.
     """
     urls = []
 
@@ -62,18 +58,9 @@ def build_protected_resource_metadata_discovery_urls(
     # Fallback: construct from server URL
     parsed = urlparse(server_url)
     base_url = f"{parsed.scheme}://{parsed.netloc}"
-    path = parsed.path.rstrip("/")
-
-    # Priority 2: With path insertion (e.g., /.well-known/oauth-protected-resource/public/mcp)
-    if path:
-        path_url = f"{base_url}/.well-known/oauth-protected-resource{path}"
-        if path_url not in urls:
-            urls.append(path_url)
-
-    # Priority 3: At root (e.g., /.well-known/oauth-protected-resource)
-    root_url = f"{base_url}/.well-known/oauth-protected-resource"
-    if root_url not in urls:
-        urls.append(root_url)
+    fallback_url = urljoin(base_url, "/.well-known/oauth-protected-resource")
+    if fallback_url not in urls:
+        urls.append(fallback_url)
 
     return urls
 
@@ -84,34 +71,30 @@ def build_oauth_authorization_server_metadata_discovery_urls(auth_server_url: st
 
     Supports both OAuth 2.0 (RFC 8414) and OpenID Connect discovery.
 
-    Per RFC 8414 section 3.1 and section 5, try all possible endpoints:
-    - OAuth 2.0 with path insertion: https://example.com/.well-known/oauth-authorization-server/tenant1
-    - OpenID Connect with path insertion: https://example.com/.well-known/openid-configuration/tenant1
-    - OpenID Connect path appending: https://example.com/tenant1/.well-known/openid-configuration
-    - OAuth 2.0 at root: https://example.com/.well-known/oauth-authorization-server
-    - OpenID Connect at root: https://example.com/.well-known/openid-configuration
+    Per RFC 8414 section 3:
+    - If issuer has no path: https://example.com/.well-known/oauth-authorization-server
+    - If issuer has path: https://example.com/.well-known/oauth-authorization-server{path}
+
+    Example:
+    - issuer: https://example.com/oauth
+    - metadata: https://example.com/.well-known/oauth-authorization-server/oauth
     """
     urls = []
     base_url = auth_server_url or server_url
 
     parsed = urlparse(base_url)
     base = f"{parsed.scheme}://{parsed.netloc}"
-    path = parsed.path.rstrip("/")
-    # OAuth 2.0 Authorization Server Metadata at root (MCP-03-26)
-    urls.append(f"{base}/.well-known/oauth-authorization-server")
+    path = parsed.path.rstrip("/")  # Remove trailing slash
 
-    # OpenID Connect Discovery at root
-    urls.append(f"{base}/.well-known/openid-configuration")
+    # Try OpenID Connect discovery first (more common)
+    urls.append(urljoin(base + "/", ".well-known/openid-configuration"))
 
+    # OAuth 2.0 Authorization Server Metadata (RFC 8414)
+    # Include the path component if present in the issuer URL
     if path:
-        # OpenID Connect Discovery with path insertion
-        urls.append(f"{base}/.well-known/openid-configuration{path}")
-
-        # OpenID Connect Discovery path appending
-        urls.append(f"{base}{path}/.well-known/openid-configuration")
-
-        # OAuth 2.0 Authorization Server Metadata with path insertion
-        urls.append(f"{base}/.well-known/oauth-authorization-server{path}")
+        urls.append(urljoin(base, f".well-known/oauth-authorization-server{path}"))
+    else:
+        urls.append(urljoin(base, ".well-known/oauth-authorization-server"))
 
     return urls
 

api/core/mcp/client/sse_client.py

@@ -61,7 +61,6 @@ class SSETransport:
         self.timeout = timeout
         self.sse_read_timeout = sse_read_timeout
         self.endpoint_url: str | None = None
-        self.event_source: EventSource | None = None
 
     def _validate_endpoint_url(self, endpoint_url: str) -> bool:
         """Validate that the endpoint URL matches the connection origin.
@@ -238,9 +237,6 @@ class SSETransport:
         write_queue: WriteQueue = queue.Queue()
         status_queue: StatusQueue = queue.Queue()
 
-        # Store event_source for graceful shutdown
-        self.event_source = event_source
-
         # Start SSE reader thread
         executor.submit(self.sse_reader, event_source, read_queue, status_queue)
 
@@ -300,13 +296,6 @@ def sse_client(
         logger.exception("Error connecting to SSE endpoint")
         raise
     finally:
-        # Close the SSE connection to unblock the reader thread
-        if transport.event_source is not None:
-            try:
-                transport.event_source.response.close()
-            except RuntimeError:
-                pass
-
         # Clean up queues
         if read_queue:
             read_queue.put(None)

api/core/mcp/client/streamable_client.py

@@ -8,7 +8,6 @@ and session management.
 
 import logging
 import queue
-import threading
 from collections.abc import Callable, Generator
 from concurrent.futures import ThreadPoolExecutor
 from contextlib import contextmanager
@@ -104,9 +103,6 @@ class StreamableHTTPTransport:
             CONTENT_TYPE: JSON,
             **self.headers,
         }
-        self.stop_event = threading.Event()
-        self._active_responses: list[httpx.Response] = []
-        self._lock = threading.Lock()
 
     def _update_headers_with_session(self, base_headers: dict[str, str]) -> dict[str, str]:
         """Update headers with session ID if available."""
@@ -115,30 +111,6 @@ class StreamableHTTPTransport:
             headers[MCP_SESSION_ID] = self.session_id
         return headers
 
-    def _register_response(self, response: httpx.Response):
-        """Register a response for cleanup on shutdown."""
-        with self._lock:
-            self._active_responses.append(response)
-
-    def _unregister_response(self, response: httpx.Response):
-        """Unregister a response after it's closed."""
-        with self._lock:
-            try:
-                self._active_responses.remove(response)
-            except ValueError as e:
-                logger.debug("Ignoring error during response unregister: %s", e)
-
-    def close_active_responses(self):
-        """Close all active SSE connections to unblock threads."""
-        with self._lock:
-            responses_to_close = list(self._active_responses)
-            self._active_responses.clear()
-            for response in responses_to_close:
-                try:
-                    response.close()
-                except RuntimeError as e:
-                    logger.debug("Ignoring error during active response close: %s", e)
-
     def _is_initialization_request(self, message: JSONRPCMessage) -> bool:
         """Check if the message is an initialization request."""
         return isinstance(message.root, JSONRPCRequest) and message.root.method == "initialize"
@@ -223,21 +195,11 @@ class StreamableHTTPTransport:
                 event_source.response.raise_for_status()
                 logger.debug("GET SSE connection established")
 
-                # Register response for cleanup
-                self._register_response(event_source.response)
-
-                try:
-                    for sse in event_source.iter_sse():
-                        if self.stop_event.is_set():
-                            logger.debug("GET stream received stop signal")
-                            break
-                        self._handle_sse_event(sse, server_to_client_queue)
-                finally:
-                    self._unregister_response(event_source.response)
+                for sse in event_source.iter_sse():
+                    self._handle_sse_event(sse, server_to_client_queue)
 
         except Exception as exc:
-            if not self.stop_event.is_set():
-                logger.debug("GET stream error (non-fatal): %s", exc)
+            logger.debug("GET stream error (non-fatal): %s", exc)
 
     def _handle_resumption_request(self, ctx: RequestContext):
         """Handle a resumption request using GET with SSE."""
@@ -262,24 +224,15 @@ class StreamableHTTPTransport:
             event_source.response.raise_for_status()
             logger.debug("Resumption GET SSE connection established")
 
-            # Register response for cleanup
-            self._register_response(event_source.response)
-
-            try:
-                for sse in event_source.iter_sse():
-                    if self.stop_event.is_set():
-                        logger.debug("Resumption stream received stop signal")
-                        break
-                    is_complete = self._handle_sse_event(
-                        sse,
-                        ctx.server_to_client_queue,
-                        original_request_id,
-                        ctx.metadata.on_resumption_token_update if ctx.metadata else None,
-                    )
-                    if is_complete:
-                        break
-            finally:
-                self._unregister_response(event_source.response)
+            for sse in event_source.iter_sse():
+                is_complete = self._handle_sse_event(
+                    sse,
+                    ctx.server_to_client_queue,
+                    original_request_id,
+                    ctx.metadata.on_resumption_token_update if ctx.metadata else None,
+                )
+                if is_complete:
+                    break
 
     def _handle_post_request(self, ctx: RequestContext):
         """Handle a POST request with response processing."""
@@ -342,27 +295,17 @@ class StreamableHTTPTransport:
     def _handle_sse_response(self, response: httpx.Response, ctx: RequestContext):
         """Handle SSE response from the server."""
         try:
-            # Register response for cleanup
-            self._register_response(response)
-
             event_source = EventSource(response)
-            try:
-                for sse in event_source.iter_sse():
-                    if self.stop_event.is_set():
-                        logger.debug("SSE response stream received stop signal")
-                        break
-                    is_complete = self._handle_sse_event(
-                        sse,
-                        ctx.server_to_client_queue,
-                        resumption_callback=(ctx.metadata.on_resumption_token_update if ctx.metadata else None),
-                    )
-                    if is_complete:
-                        break
-            finally:
-                self._unregister_response(response)
+            for sse in event_source.iter_sse():
+                is_complete = self._handle_sse_event(
+                    sse,
+                    ctx.server_to_client_queue,
+                    resumption_callback=(ctx.metadata.on_resumption_token_update if ctx.metadata else None),
+                )
+                if is_complete:
+                    break
         except Exception as e:
-            if not self.stop_event.is_set():
-                ctx.server_to_client_queue.put(e)
+            ctx.server_to_client_queue.put(e)
 
     def _handle_unexpected_content_type(
         self,
@@ -402,11 +345,6 @@ class StreamableHTTPTransport:
         """
         while True:
             try:
-                # Check if we should stop
-                if self.stop_event.is_set():
-                    logger.debug("Post writer received stop signal")
-                    break
-
                 # Read message from client queue with timeout to check stop_event periodically
                 session_message = client_to_server_queue.get(timeout=DEFAULT_QUEUE_READ_TIMEOUT)
                 if session_message is None:
@@ -443,8 +381,7 @@ class StreamableHTTPTransport:
             except queue.Empty:
                 continue
             except Exception as exc:
-                if not self.stop_event.is_set():
-                    server_to_client_queue.put(exc)
+                server_to_client_queue.put(exc)
 
     def terminate_session(self, client: httpx.Client):
         """Terminate the session by sending a DELETE request."""
@@ -528,12 +465,6 @@ def streamablehttp_client(
                     transport.get_session_id,
                 )
             finally:
-                # Set stop event to signal all threads to stop
-                transport.stop_event.set()
-
-                # Close all active SSE connections to unblock threads
-                transport.close_active_responses()
-
                 if transport.session_id and terminate_on_close:
                     transport.terminate_session(client)
 

api/core/mcp/mcp_client.py

@@ -59,7 +59,7 @@ class MCPClient:
             try:
                 logger.debug("Not supported method %s found in URL path, trying default 'mcp' method.", method_name)
                 self.connect_server(sse_client, "sse")
-            except (MCPConnectionError, ValueError):
+            except MCPConnectionError:
                 logger.debug("MCP connection failed with 'sse', falling back to 'mcp' method.")
                 self.connect_server(streamablehttp_client, "mcp")
 

api/core/model_runtime/README.md

@@ -18,20 +18,34 @@ This module provides the interface for invoking and authenticating various model
 
 - Model provider display
 
-  Displays a list of all supported providers, including provider names, icons, supported model types list, predefined model list, configuration method, and credentials form rules, etc.
+  ![image-20231210143654461](./docs/en_US/images/index/image-20231210143654461.png)
+
+  Displays a list of all supported providers, including provider names, icons, supported model types list, predefined model list, configuration method, and credentials form rules, etc. For detailed rule design, see: [Schema](./docs/en_US/schema.md).
 
 - Selectable model list display
 
+  ![image-20231210144229650](./docs/en_US/images/index/image-20231210144229650.png)
+
   After configuring provider/model credentials, the dropdown (application orchestration interface/default model) allows viewing of the available LLM list. Greyed out items represent predefined model lists from providers without configured credentials, facilitating user review of supported models.
 
-  In addition, this list also returns configurable parameter information and rules for LLM. These parameters are all defined in the backend, allowing different settings for various parameters supported by different models.
+  In addition, this list also returns configurable parameter information and rules for LLM, as shown below:
+
+  ![image-20231210144814617](./docs/en_US/images/index/image-20231210144814617.png)
+
+  These parameters are all defined in the backend, allowing different settings for various parameters supported by different models, as detailed in: [Schema](./docs/en_US/schema.md#ParameterRule).
 
 - Provider/model credential authentication
 
-  The provider list returns configuration information for the credentials form, which can be authenticated through Runtime's interface.
+  ![image-20231210151548521](./docs/en_US/images/index/image-20231210151548521.png)
+
+  ![image-20231210151628992](./docs/en_US/images/index/image-20231210151628992.png)
+
+  The provider list returns configuration information for the credentials form, which can be authenticated through Runtime's interface. The first image above is a provider credential DEMO, and the second is a model credential DEMO.
 
 ## Structure
 
+![](./docs/en_US/images/index/image-20231210165243632.png)
+
 Model Runtime is divided into three layers:
 
 - The outermost layer is the factory method
@@ -46,6 +60,9 @@ Model Runtime is divided into three layers:
 
   It offers direct invocation of various model types, predefined model configuration information, getting predefined/remote model lists, model credential authentication methods. Different models provide additional special methods, like LLM's pre-computed tokens method, cost information obtaining method, etc., **allowing horizontal expansion** for different models under the same provider (within supported model types).
 
-## Documentation
+## Next Steps
 
-For detailed documentation on how to add new providers or models, please refer to the [Dify documentation](https://docs.dify.ai/).
+- Add new provider configuration: [Link](./docs/en_US/provider_scale_out.md)
+- Add new models for existing providers: [Link](./docs/en_US/provider_scale_out.md#AddModel)
+- View YAML configuration rules: [Link](./docs/en_US/schema.md)
+- Implement interface methods: [Link](./docs/en_US/interfaces.md)

api/core/model_runtime/README_CN.md

@@ -18,20 +18,34 @@
 
 - 模型供应商展示
 
-  展示所有已支持的供应商列表，除了返回供应商名称、图标之外，还提供了支持的模型类型列表，预定义模型列表、配置方式以及配置凭据的表单规则等等。
+  ![image-20231210143654461](./docs/zh_Hans/images/index/image-20231210143654461.png)
+
+​ 展示所有已支持的供应商列表，除了返回供应商名称、图标之外，还提供了支持的模型类型列表，预定义模型列表、配置方式以及配置凭据的表单规则等等，规则设计详见：[Schema](./docs/zh_Hans/schema.md)。
 
 - 可选择的模型列表展示
 
-  配置供应商/模型凭据后，可在此下拉（应用编排界面/默认模型）查看可用的 LLM 列表，其中灰色的为未配置凭据供应商的预定义模型列表，方便用户查看已支持的模型。
+  ![image-20231210144229650](./docs/zh_Hans/images/index/image-20231210144229650.png)
 
-  除此之外，该列表还返回了 LLM 可配置的参数信息和规则。这里的参数均为后端定义，相比之前只有 5 种固定参数，这里可为不同模型设置所支持的各种参数。
+​ 配置供应商/模型凭据后，可在此下拉（应用编排界面/默认模型）查看可用的 LLM 列表，其中灰色的为未配置凭据供应商的预定义模型列表，方便用户查看已支持的模型。
+
+​ 除此之外，该列表还返回了 LLM 可配置的参数信息和规则，如下图：
+
+​ ![image-20231210144814617](./docs/zh_Hans/images/index/image-20231210144814617.png)
+
+​ 这里的参数均为后端定义，相比之前只有 5 种固定参数，这里可为不同模型设置所支持的各种参数，详见：[Schema](./docs/zh_Hans/schema.md#ParameterRule)。
 
 - 供应商/模型凭据鉴权
 
-  供应商列表返回了凭据表单的配置信息，可通过 Runtime 提供的接口对凭据进行鉴权。
+  ![image-20231210151548521](./docs/zh_Hans/images/index/image-20231210151548521.png)
+
+![image-20231210151628992](./docs/zh_Hans/images/index/image-20231210151628992.png)
+
+​ 供应商列表返回了凭据表单的配置信息，可通过 Runtime 提供的接口对凭据进行鉴权，上图 1 为供应商凭据 DEMO，上图 2 为模型凭据 DEMO。
 
 ## 结构
 
+![](./docs/zh_Hans/images/index/image-20231210165243632.png)
+
 Model Runtime 分三层：
 
 - 最外层为工厂方法
@@ -45,7 +59,8 @@ Model Runtime 分三层：
   对于供应商/模型凭据，有两种情况
 
   - 如 OpenAI 这类中心化供应商，需要定义如**api_key**这类的鉴权凭据
-  - 如[**Xinference**](https://github.com/xorbitsai/inference)这类本地部署的供应商，需要定义如**server_url**这类的地址凭据，有时候还需要定义**model_uid**之类的模型类型凭据。当在供应商层定义了这些凭据后，就可以在前端页面上直接展示，无需修改前端逻辑。
+  - 如[**Xinference**](https://github.com/xorbitsai/inference)这类本地部署的供应商，需要定义如**server_url**这类的地址凭据，有时候还需要定义**model_uid**之类的模型类型凭据，就像下面这样，当在供应商层定义了这些凭据后，就可以在前端页面上直接展示，无需修改前端逻辑。
+    ![Alt text](docs/zh_Hans/images/index/image.png)
 
   当配置好凭据后，就可以通过 DifyRuntime 的外部接口直接获取到对应供应商所需要的**Schema**（凭据表单规则），从而在可以在不修改前端逻辑的情况下，提供新的供应商/模型的支持。
 
@@ -59,6 +74,20 @@ Model Runtime 分三层：
 
   - 模型凭据 (**在供应商层定义**)：这是一类不经常变动，一般在配置好后就不会再变动的参数，如 **api_key**、**server_url** 等。在 DifyRuntime 中，他们的参数名一般为**credentials: dict[str, any]**，Provider 层的 credentials 会直接被传递到这一层，不需要再单独定义。
 
-## 文档
+## 下一步
 
-有关如何添加新供应商或模型的详细文档，请参阅 [Dify 文档](https://docs.dify.ai/)。
+### [增加新的供应商配置 👈🏻](./docs/zh_Hans/provider_scale_out.md)
+
+当添加后，这里将会出现一个新的供应商
+
+![Alt text](docs/zh_Hans/images/index/image-1.png)
+
+### [为已存在的供应商新增模型 👈🏻](./docs/zh_Hans/provider_scale_out.md#%E5%A2%9E%E5%8A%A0%E6%A8%A1%E5%9E%8B)
+
+当添加后，对应供应商的模型列表中将会出现一个新的预定义模型供用户选择，如 GPT-3.5 GPT-4 ChatGLM3-6b 等，而对于支持自定义模型的供应商，则不需要新增模型。
+
+![Alt text](docs/zh_Hans/images/index/image-2.png)
+
+### [接口的具体实现 👈🏻](./docs/zh_Hans/interfaces.md)
+
+你可以在这里找到你想要查看的接口的具体实现，以及接口的参数和返回值的具体含义。

api/core/ops/utils.py

@@ -54,7 +54,7 @@ def generate_dotted_order(run_id: str, start_time: Union[str, datetime], parent_
     generate dotted_order for langsmith
     """
     start_time = datetime.fromisoformat(start_time) if isinstance(start_time, str) else start_time
-    timestamp = start_time.strftime("%Y%m%dT%H%M%S%f") + "Z"
+    timestamp = start_time.strftime("%Y%m%dT%H%M%S%f")[:-3] + "Z"
     current_segment = f"{timestamp}{run_id}"
 
     if parent_dotted_order is None:

api/core/plugin/impl/base.py

@@ -39,7 +39,7 @@ from core.trigger.errors import (
 plugin_daemon_inner_api_baseurl = URL(str(dify_config.PLUGIN_DAEMON_URL))
 _plugin_daemon_timeout_config = cast(
     float | httpx.Timeout | None,
-    getattr(dify_config, "PLUGIN_DAEMON_TIMEOUT", 600.0),
+    getattr(dify_config, "PLUGIN_DAEMON_TIMEOUT", 300.0),
 )
 plugin_daemon_request_timeout: httpx.Timeout | None
 if _plugin_daemon_timeout_config is None:

api/core/rag/datasource/keyword/jieba/jieba.py

@@ -90,17 +90,13 @@ class Jieba(BaseKeyword):
         sorted_chunk_indices = self._retrieve_ids_by_query(keyword_table or {}, query, k)
 
         documents = []
-
-        segment_query_stmt = db.session.query(DocumentSegment).where(
-            DocumentSegment.dataset_id == self.dataset.id, DocumentSegment.index_node_id.in_(sorted_chunk_indices)
-        )
-        if document_ids_filter:
-            segment_query_stmt = segment_query_stmt.where(DocumentSegment.document_id.in_(document_ids_filter))
-
-        segments = db.session.execute(segment_query_stmt).scalars().all()
-        segment_map = {segment.index_node_id: segment for segment in segments}
         for chunk_index in sorted_chunk_indices:
-            segment = segment_map.get(chunk_index)
+            segment_query = db.session.query(DocumentSegment).where(
+                DocumentSegment.dataset_id == self.dataset.id, DocumentSegment.index_node_id == chunk_index
+            )
+            if document_ids_filter:
+                segment_query = segment_query.where(DocumentSegment.document_id.in_(document_ids_filter))
+            segment = segment_query.first()
 
             if segment:
                 documents.append(

api/core/rag/datasource/retrieval_service.py

@@ -7,7 +7,6 @@ from sqlalchemy import select
 from sqlalchemy.orm import Session, load_only
 
 from configs import dify_config
-from core.db.session_factory import session_factory
 from core.model_manager import ModelManager
 from core.model_runtime.entities.model_entities import ModelType
 from core.rag.data_post_processor.data_post_processor import DataPostProcessor
@@ -139,47 +138,37 @@ class RetrievalService:
 
     @classmethod
     def _deduplicate_documents(cls, documents: list[Document]) -> list[Document]:
-        """Deduplicate documents in O(n) while preserving first-seen order.
-
-        Rules:
-        - For provider == "dify" and metadata["doc_id"] exists: keep the doc with the highest
-          metadata["score"] among duplicates; if a later duplicate has no score, ignore it.
-        - For non-dify documents (or dify without doc_id): deduplicate by content key
-          (provider, page_content), keeping the first occurrence.
-        """
+        """Deduplicate documents based on doc_id to avoid duplicate chunks in hybrid search."""
         if not documents:
             return documents
 
-        # Map of dedup key -> chosen Document
-        chosen: dict[tuple, Document] = {}
-        # Preserve the order of first appearance of each dedup key
-        order: list[tuple] = []
+        unique_documents = []
+        seen_doc_ids = set()
 
-        for doc in documents:
-            is_dify = doc.provider == "dify"
-            doc_id = (doc.metadata or {}).get("doc_id") if is_dify else None
-
-            if is_dify and doc_id:
-                key = ("dify", doc_id)
-                if key not in chosen:
-                    chosen[key] = doc
-                    order.append(key)
-                else:
-                    # Only replace if the new one has a score and it's strictly higher
-                    if "score" in doc.metadata:
-                        new_score = float(doc.metadata.get("score", 0.0))
-                        old_score = float(chosen[key].metadata.get("score", 0.0)) if chosen[key].metadata else 0.0
-                        if new_score > old_score:
-                            chosen[key] = doc
+        for document in documents:
+            # For dify provider documents, use doc_id for deduplication
+            if document.provider == "dify" and document.metadata is not None and "doc_id" in document.metadata:
+                doc_id = document.metadata["doc_id"]
+                if doc_id not in seen_doc_ids:
+                    seen_doc_ids.add(doc_id)
+                    unique_documents.append(document)
+                # If duplicate, keep the one with higher score
+                elif "score" in document.metadata:
+                    # Find existing document with same doc_id and compare scores
+                    for i, existing_doc in enumerate(unique_documents):
+                        if (
+                            existing_doc.metadata
+                            and existing_doc.metadata.get("doc_id") == doc_id
+                            and existing_doc.metadata.get("score", 0) < document.metadata.get("score", 0)
+                        ):
+                            unique_documents[i] = document
+                            break
             else:
-                # Content-based dedup for non-dify or dify without doc_id
-                content_key = (doc.provider or "dify", doc.page_content)
-                if content_key not in chosen:
-                    chosen[content_key] = doc
-                    order.append(content_key)
-                # If duplicate content appears, we keep the first occurrence (no score comparison)
+                # For non-dify documents, use content-based deduplication
+                if document not in unique_documents:
+                    unique_documents.append(document)
 
-        return [chosen[k] for k in order]
+        return unique_documents
 
     @classmethod
     def _get_dataset(cls, dataset_id: str) -> Dataset | None:
@@ -382,96 +371,58 @@ class RetrievalService:
             include_segment_ids = set()
             segment_child_map = {}
             segment_file_map = {}
+            with Session(bind=db.engine, expire_on_commit=False) as session:
+                # Process documents
+                for document in documents:
+                    segment_id = None
+                    attachment_info = None
+                    child_chunk = None
+                    document_id = document.metadata.get("document_id")
+                    if document_id not in dataset_documents:
+                        continue
 
-            valid_dataset_documents = {}
-            image_doc_ids = []
-            child_index_node_ids = []
-            index_node_ids = []
-            doc_to_document_map = {}
-            for document in documents:
-                document_id = document.metadata.get("document_id")
-                if document_id not in dataset_documents:
-                    continue
+                    dataset_document = dataset_documents[document_id]
+                    if not dataset_document:
+                        continue
 
-                dataset_document = dataset_documents[document_id]
-                if not dataset_document:
-                    continue
-                valid_dataset_documents[document_id] = dataset_document
+                    if dataset_document.doc_form == IndexStructureType.PARENT_CHILD_INDEX:
+                        # Handle parent-child documents
+                        if document.metadata.get("doc_type") == DocType.IMAGE:
+                            attachment_info_dict = cls.get_segment_attachment_info(
+                                dataset_document.dataset_id,
+                                dataset_document.tenant_id,
+                                document.metadata.get("doc_id") or "",
+                                session,
+                            )
+                            if attachment_info_dict:
+                                attachment_info = attachment_info_dict["attachment_info"]
+                                segment_id = attachment_info_dict["segment_id"]
+                        else:
+                            child_index_node_id = document.metadata.get("doc_id")
+                            child_chunk_stmt = select(ChildChunk).where(ChildChunk.index_node_id == child_index_node_id)
+                            child_chunk = session.scalar(child_chunk_stmt)
 
-                if dataset_document.doc_form == IndexStructureType.PARENT_CHILD_INDEX:
-                    doc_id = document.metadata.get("doc_id") or ""
-                    doc_to_document_map[doc_id] = document
-                    if document.metadata.get("doc_type") == DocType.IMAGE:
-                        image_doc_ids.append(doc_id)
-                    else:
-                        child_index_node_ids.append(doc_id)
-                else:
-                    doc_id = document.metadata.get("doc_id") or ""
-                    doc_to_document_map[doc_id] = document
-                    if document.metadata.get("doc_type") == DocType.IMAGE:
-                        image_doc_ids.append(doc_id)
-                    else:
-                        index_node_ids.append(doc_id)
+                            if not child_chunk:
+                                continue
+                            segment_id = child_chunk.segment_id
 
-            image_doc_ids = [i for i in image_doc_ids if i]
-            child_index_node_ids = [i for i in child_index_node_ids if i]
-            index_node_ids = [i for i in index_node_ids if i]
+                        if not segment_id:
+                            continue
 
-            segment_ids = []
-            index_node_segments: list[DocumentSegment] = []
-            segments: list[DocumentSegment] = []
-            attachment_map = {}
-            child_chunk_map = {}
-            doc_segment_map = {}
+                        segment = (
+                            session.query(DocumentSegment)
+                            .where(
+                                DocumentSegment.dataset_id == dataset_document.dataset_id,
+                                DocumentSegment.enabled == True,
+                                DocumentSegment.status == "completed",
+                                DocumentSegment.id == segment_id,
+                            )
+                            .first()
+                        )
 
-            with session_factory.create_session() as session:
-                attachments = cls.get_segment_attachment_infos(image_doc_ids, session)
+                        if not segment:
+                            continue
 
-                for attachment in attachments:
-                    segment_ids.append(attachment["segment_id"])
-                    attachment_map[attachment["segment_id"]] = attachment
-                    doc_segment_map[attachment["segment_id"]] = attachment["attachment_id"]
-
-                child_chunk_stmt = select(ChildChunk).where(ChildChunk.index_node_id.in_(child_index_node_ids))
-                child_index_nodes = session.execute(child_chunk_stmt).scalars().all()
-
-                for i in child_index_nodes:
-                    segment_ids.append(i.segment_id)
-                    child_chunk_map[i.segment_id] = i
-                    doc_segment_map[i.segment_id] = i.index_node_id
-
-                if index_node_ids:
-                    document_segment_stmt = select(DocumentSegment).where(
-                        DocumentSegment.enabled == True,
-                        DocumentSegment.status == "completed",
-                        DocumentSegment.index_node_id.in_(index_node_ids),
-                    )
-                    index_node_segments = session.execute(document_segment_stmt).scalars().all()  # type: ignore
-                    for index_node_segment in index_node_segments:
-                        doc_segment_map[index_node_segment.id] = index_node_segment.index_node_id
-                if segment_ids:
-                    document_segment_stmt = select(DocumentSegment).where(
-                        DocumentSegment.enabled == True,
-                        DocumentSegment.status == "completed",
-                        DocumentSegment.id.in_(segment_ids),
-                    )
-                    segments = session.execute(document_segment_stmt).scalars().all()  # type: ignore
-
-                if index_node_segments:
-                    segments.extend(index_node_segments)
-
-            for segment in segments:
-                doc_id = doc_segment_map.get(segment.id)
-                child_chunk = child_chunk_map.get(segment.id)
-                attachment_info = attachment_map.get(segment.id)
-
-                if doc_id:
-                    document = doc_to_document_map[doc_id]
-                    ds_dataset_document: DatasetDocument | None = valid_dataset_documents.get(
-                        document.metadata.get("document_id")
-                    )
-
-                    if ds_dataset_document and ds_dataset_document.doc_form == IndexStructureType.PARENT_CHILD_INDEX:
                         if segment.id not in include_segment_ids:
                             include_segment_ids.add(segment.id)
                             if child_chunk:
@@ -479,10 +430,10 @@ class RetrievalService:
                                     "id": child_chunk.id,
                                     "content": child_chunk.content,
                                     "position": child_chunk.position,
-                                    "score": document.metadata.get("score", 0.0) if document else 0.0,
+                                    "score": document.metadata.get("score", 0.0),
                                 }
                                 map_detail = {
-                                    "max_score": document.metadata.get("score", 0.0) if document else 0.0,
+                                    "max_score": document.metadata.get("score", 0.0),
                                     "child_chunks": [child_chunk_detail],
                                 }
                                 segment_child_map[segment.id] = map_detail
@@ -501,14 +452,13 @@ class RetrievalService:
                                     "score": document.metadata.get("score", 0.0),
                                 }
                                 if segment.id in segment_child_map:
-                                    segment_child_map[segment.id]["child_chunks"].append(child_chunk_detail)  # type: ignore
+                                    segment_child_map[segment.id]["child_chunks"].append(child_chunk_detail)
                                     segment_child_map[segment.id]["max_score"] = max(
-                                        segment_child_map[segment.id]["max_score"],
-                                        document.metadata.get("score", 0.0) if document else 0.0,
+                                        segment_child_map[segment.id]["max_score"], document.metadata.get("score", 0.0)
                                     )
                                 else:
                                     segment_child_map[segment.id] = {
-                                        "max_score": document.metadata.get("score", 0.0) if document else 0.0,
+                                        "max_score": document.metadata.get("score", 0.0),
                                         "child_chunks": [child_chunk_detail],
                                     }
                             if attachment_info:
@@ -517,11 +467,46 @@ class RetrievalService:
                                 else:
                                     segment_file_map[segment.id] = [attachment_info]
                     else:
+                        # Handle normal documents
+                        segment = None
+                        if document.metadata.get("doc_type") == DocType.IMAGE:
+                            attachment_info_dict = cls.get_segment_attachment_info(
+                                dataset_document.dataset_id,
+                                dataset_document.tenant_id,
+                                document.metadata.get("doc_id") or "",
+                                session,
+                            )
+                            if attachment_info_dict:
+                                attachment_info = attachment_info_dict["attachment_info"]
+                                segment_id = attachment_info_dict["segment_id"]
+                                document_segment_stmt = select(DocumentSegment).where(
+                                    DocumentSegment.dataset_id == dataset_document.dataset_id,
+                                    DocumentSegment.enabled == True,
+                                    DocumentSegment.status == "completed",
+                                    DocumentSegment.id == segment_id,
+                                )
+                                segment = session.scalar(document_segment_stmt)
+                                if segment:
+                                    segment_file_map[segment.id] = [attachment_info]
+                        else:
+                            index_node_id = document.metadata.get("doc_id")
+                            if not index_node_id:
+                                continue
+                            document_segment_stmt = select(DocumentSegment).where(
+                                DocumentSegment.dataset_id == dataset_document.dataset_id,
+                                DocumentSegment.enabled == True,
+                                DocumentSegment.status == "completed",
+                                DocumentSegment.index_node_id == index_node_id,
+                            )
+                            segment = session.scalar(document_segment_stmt)
+
+                        if not segment:
+                            continue
                         if segment.id not in include_segment_ids:
                             include_segment_ids.add(segment.id)
                             record = {
                                 "segment": segment,
-                                "score": document.metadata.get("score", 0.0),  # type: ignore
+                                "score": document.metadata.get("score"),  # type: ignore
                             }
                             if attachment_info:
                                 segment_file_map[segment.id] = [attachment_info]
@@ -537,7 +522,7 @@ class RetrievalService:
             for record in records:
                 if record["segment"].id in segment_child_map:
                     record["child_chunks"] = segment_child_map[record["segment"].id].get("child_chunks")  # type: ignore
-                    record["score"] = segment_child_map[record["segment"].id]["max_score"]  # type: ignore
+                    record["score"] = segment_child_map[record["segment"].id]["max_score"]
                 if record["segment"].id in segment_file_map:
                     record["files"] = segment_file_map[record["segment"].id]  # type: ignore[assignment]
 
@@ -580,8 +565,6 @@ class RetrievalService:
         flask_app: Flask,
         retrieval_method: RetrievalMethod,
         dataset: Dataset,
-        all_documents: list[Document],
-        exceptions: list[str],
         query: str | None = None,
         top_k: int = 4,
         score_threshold: float | None = 0.0,
@@ -590,6 +573,8 @@ class RetrievalService:
         weights: dict | None = None,
         document_ids_filter: list[str] | None = None,
         attachment_id: str | None = None,
+        all_documents: list[Document] = [],
+        exceptions: list[str] = [],
     ):
         if not query and not attachment_id:
             return
@@ -711,37 +696,3 @@ class RetrievalService:
                 }
                 return {"attachment_info": attachment_info, "segment_id": attachment_binding.segment_id}
         return None
-
-    @classmethod
-    def get_segment_attachment_infos(cls, attachment_ids: list[str], session: Session) -> list[dict[str, Any]]:
-        attachment_infos = []
-        upload_files = session.query(UploadFile).where(UploadFile.id.in_(attachment_ids)).all()
-        if upload_files:
-            upload_file_ids = [upload_file.id for upload_file in upload_files]
-            attachment_bindings = (
-                session.query(SegmentAttachmentBinding)
-                .where(SegmentAttachmentBinding.attachment_id.in_(upload_file_ids))
-                .all()
-            )
-            attachment_binding_map = {binding.attachment_id: binding for binding in attachment_bindings}
-
-            if attachment_bindings:
-                for upload_file in upload_files:
-                    attachment_binding = attachment_binding_map.get(upload_file.id)
-                    attachment_info = {
-                        "id": upload_file.id,
-                        "name": upload_file.name,
-                        "extension": "." + upload_file.extension,
-                        "mime_type": upload_file.mime_type,
-                        "source_url": sign_upload_file(upload_file.id, upload_file.extension),
-                        "size": upload_file.size,
-                    }
-                    if attachment_binding:
-                        attachment_infos.append(
-                            {
-                                "attachment_id": attachment_binding.attachment_id,
-                                "attachment_info": attachment_info,
-                                "segment_id": attachment_binding.segment_id,
-                            }
-                        )
-        return attachment_infos

api/core/rag/datasource/vdb/oracle/oraclevector.py

@@ -289,8 +289,7 @@ class OracleVector(BaseVector):
                 words = pseg.cut(query)
                 current_entity = ""
                 for word, pos in words:
-                    # `nr`: Person, `ns`: Location, `nt`: Organization
-                    if pos in {"nr", "Ng", "eng", "nz", "n", "ORG", "v"}:
+                    if pos in {"nr", "Ng", "eng", "nz", "n", "ORG", "v"}:  # nr: 人名，ns: 地名，nt: 机构名
                         current_entity += word
                     else:
                         if current_entity:

api/core/rag/datasource/vdb/pyvastbase/vastbase_vector.py

@@ -213,7 +213,7 @@ class VastbaseVector(BaseVector):
 
             with self._get_cursor() as cur:
                 cur.execute(SQL_CREATE_TABLE.format(table_name=self.table_name, dimension=dimension))
-                # Vastbase supports vector dimensions in the range [1, 16,000]
+                # Vastbase 支持的向量维度取值范围为 [1,16000]
                 if dimension <= 16000:
                     cur.execute(SQL_CREATE_INDEX.format(table_name=self.table_name))
             redis_client.set(collection_exist_cache_key, 1, ex=3600)

api/core/rag/datasource/vdb/vector_factory.py

@@ -163,7 +163,7 @@ class Vector:
                 from core.rag.datasource.vdb.lindorm.lindorm_vector import LindormVectorStoreFactory
 
                 return LindormVectorStoreFactory
-            case VectorType.OCEANBASE | VectorType.SEEKDB:
+            case VectorType.OCEANBASE:
                 from core.rag.datasource.vdb.oceanbase.oceanbase_vector import OceanBaseVectorFactory
 
                 return OceanBaseVectorFactory

api/core/rag/datasource/vdb/vector_type.py

@@ -27,7 +27,6 @@ class VectorType(StrEnum):
     UPSTASH = "upstash"
     TIDB_ON_QDRANT = "tidb_on_qdrant"
     OCEANBASE = "oceanbase"
-    SEEKDB = "seekdb"
     OPENGAUSS = "opengauss"
     TABLESTORE = "tablestore"
     HUAWEI_CLOUD = "huawei_cloud"

api/core/rag/extractor/entity/extract_setting.py

@@ -10,7 +10,7 @@ class NotionInfo(BaseModel):
     """
 
     credential_id: str | None = None
-    notion_workspace_id: str | None = ""
+    notion_workspace_id: str
     notion_obj_id: str
     notion_page_type: str
     document: Document | None = None

api/core/rag/extractor/extract_processor.py

@@ -166,7 +166,7 @@ class ExtractProcessor:
         elif extract_setting.datasource_type == DatasourceType.NOTION:
             assert extract_setting.notion_info is not None, "notion_info is required"
             extractor = NotionExtractor(
-                notion_workspace_id=extract_setting.notion_info.notion_workspace_id or "",
+                notion_workspace_id=extract_setting.notion_info.notion_workspace_id,
                 notion_obj_id=extract_setting.notion_info.notion_obj_id,
                 notion_page_type=extract_setting.notion_info.notion_page_type,
                 document_model=extract_setting.notion_info.document,

api/core/rag/extractor/firecrawl/firecrawl_app.py

@@ -25,7 +25,7 @@ class FirecrawlApp:
         }
         if params:
             json_data.update(params)
-        response = self._post_request(self._build_url("v2/scrape"), json_data, headers)
+        response = self._post_request(f"{self.base_url}/v2/scrape", json_data, headers)
         if response.status_code == 200:
             response_data = response.json()
             data = response_data["data"]
@@ -42,7 +42,7 @@ class FirecrawlApp:
         json_data = {"url": url}
         if params:
             json_data.update(params)
-        response = self._post_request(self._build_url("v2/crawl"), json_data, headers)
+        response = self._post_request(f"{self.base_url}/v2/crawl", json_data, headers)
         if response.status_code == 200:
             # There's also another two fields in the response: "success" (bool) and "url" (str)
             job_id = response.json().get("id")
@@ -58,7 +58,7 @@ class FirecrawlApp:
         if params:
             # Pass through provided params, including optional "sitemap": "only" | "include" | "skip"
             json_data.update(params)
-        response = self._post_request(self._build_url("v2/map"), json_data, headers)
+        response = self._post_request(f"{self.base_url}/v2/map", json_data, headers)
         if response.status_code == 200:
             return cast(dict[str, Any], response.json())
         elif response.status_code in {402, 409, 500, 429, 408}:
@@ -69,7 +69,7 @@ class FirecrawlApp:
 
     def check_crawl_status(self, job_id) -> dict[str, Any]:
         headers = self._prepare_headers()
-        response = self._get_request(self._build_url(f"v2/crawl/{job_id}"), headers)
+        response = self._get_request(f"{self.base_url}/v2/crawl/{job_id}", headers)
         if response.status_code == 200:
             crawl_status_response = response.json()
             if crawl_status_response.get("status") == "completed":
@@ -120,10 +120,6 @@ class FirecrawlApp:
     def _prepare_headers(self) -> dict[str, Any]:
         return {"Content-Type": "application/json", "Authorization": f"Bearer {self.api_key}"}
 
-    def _build_url(self, path: str) -> str:
-        # ensure exactly one slash between base and path, regardless of user-provided base_url
-        return f"{self.base_url.rstrip('/')}/{path.lstrip('/')}"
-
     def _post_request(self, url, data, headers, retries=3, backoff_factor=0.5) -> httpx.Response:
         for attempt in range(retries):
             response = httpx.post(url, headers=headers, json=data)
@@ -143,11 +139,7 @@ class FirecrawlApp:
         return response
 
     def _handle_error(self, response, action):
-        try:
-            payload = response.json()
-            error_message = payload.get("error") or payload.get("message") or response.text or "Unknown error occurred"
-        except json.JSONDecodeError:
-            error_message = response.text or "Unknown error occurred"
+        error_message = response.json().get("error", "Unknown error occurred")
         raise Exception(f"Failed to {action}. Status code: {response.status_code}. Error: {error_message}")  # type: ignore[return]
 
     def search(self, query: str, params: dict[str, Any] | None = None) -> dict[str, Any]:
@@ -168,7 +160,7 @@ class FirecrawlApp:
         }
         if params:
             json_data.update(params)
-        response = self._post_request(self._build_url("v2/search"), json_data, headers)
+        response = self._post_request(f"{self.base_url}/v2/search", json_data, headers)
         if response.status_code == 200:
             response_data = response.json()
             if not response_data.get("success"):

api/core/rag/extractor/helpers.py

@@ -45,6 +45,6 @@ def detect_file_encodings(file_path: str, timeout: int = 5, sample_size: int = 1
         except concurrent.futures.TimeoutError:
             raise TimeoutError(f"Timeout reached while detecting encoding for {file_path}")
 
-    if all(encoding.encoding is None for encoding in encodings):
+    if all(encoding["encoding"] is None for encoding in encodings):
         raise RuntimeError(f"Could not detect encoding for {file_path}")
-    return [enc for enc in encodings if enc.encoding is not None]
+    return [FileEncoding(**enc) for enc in encodings if enc["encoding"] is not None]

api/core/rag/extractor/notion_extractor.py

@@ -48,21 +48,13 @@ class NotionExtractor(BaseExtractor):
         if notion_access_token:
             self._notion_access_token = notion_access_token
         else:
-            try:
-                self._notion_access_token = self._get_access_token(tenant_id, self._credential_id)
-            except Exception as e:
-                logger.warning(
-                    (
-                        "Failed to get Notion access token from datasource credentials: %s, "
-                        "falling back to environment variable NOTION_INTEGRATION_TOKEN"
-                    ),
-                    e,
-                )
+            self._notion_access_token = self._get_access_token(tenant_id, self._credential_id)
+            if not self._notion_access_token:
                 integration_token = dify_config.NOTION_INTEGRATION_TOKEN
                 if integration_token is None:
                     raise ValueError(
                         "Must specify `integration_token` or set environment variable `NOTION_INTEGRATION_TOKEN`."
-                    ) from e
+                    )
 
                 self._notion_access_token = integration_token
 

api/core/rag/extractor/word_extractor.py

@@ -83,7 +83,6 @@ class WordExtractor(BaseExtractor):
     def _extract_images_from_docx(self, doc):
         image_count = 0
         image_map = {}
-        base_url = dify_config.INTERNAL_FILES_URL or dify_config.FILES_URL
 
         for r_id, rel in doc.part.rels.items():
             if "image" in rel.target_ref:
@@ -122,7 +121,8 @@ class WordExtractor(BaseExtractor):
                             used_at=naive_utc_now(),
                         )
                         db.session.add(upload_file)
-                        image_map[r_id] = f"![image]({base_url}/files/{upload_file.id}/file-preview)"
+                        # Use r_id as key for external images since target_part is undefined
+                        image_map[r_id] = f"![image]({dify_config.FILES_URL}/files/{upload_file.id}/file-preview)"
                 else:
                     image_ext = rel.target_ref.split(".")[-1]
                     if image_ext is None:
@@ -150,7 +150,10 @@ class WordExtractor(BaseExtractor):
                         used_at=naive_utc_now(),
                     )
                     db.session.add(upload_file)
-                    image_map[rel.target_part] = f"![image]({base_url}/files/{upload_file.id}/file-preview)"
+                    # Use target_part as key for internal images
+                    image_map[rel.target_part] = (
+                        f"![image]({dify_config.FILES_URL}/files/{upload_file.id}/file-preview)"
+                    )
         db.session.commit()
         return image_map
 

api/core/rag/index_processor/index_processor_base.py

@@ -231,7 +231,7 @@ class BaseIndexProcessor(ABC):
 
             if not filename:
                 parsed_url = urlparse(image_url)
-                # Decode percent-encoded characters in the URL path.
+                # unquote 处理 URL 中的中文
                 path = unquote(parsed_url.path)
                 filename = os.path.basename(path)
 

api/core/rag/retrieval/dataset_retrieval.py

@@ -151,14 +151,20 @@ class DatasetRetrieval:
             if ModelFeature.TOOL_CALL in features or ModelFeature.MULTI_TOOL_CALL in features:
                 planning_strategy = PlanningStrategy.ROUTER
         available_datasets = []
+        for dataset_id in dataset_ids:
+            # get dataset from dataset id
+            dataset_stmt = select(Dataset).where(Dataset.tenant_id == tenant_id, Dataset.id == dataset_id)
+            dataset = db.session.scalar(dataset_stmt)
 
-        dataset_stmt = select(Dataset).where(Dataset.tenant_id == tenant_id, Dataset.id.in_(dataset_ids))
-        datasets: list[Dataset] = db.session.execute(dataset_stmt).scalars().all()  # type: ignore
-        for dataset in datasets:
-            if dataset.available_document_count == 0 and dataset.provider != "external":
+            # pass if dataset is not available
+            if not dataset:
                 continue
-            available_datasets.append(dataset)
 
+            # pass if dataset is not available
+            if dataset and dataset.available_document_count == 0 and dataset.provider != "external":
+                continue
+
+            available_datasets.append(dataset)
         if inputs:
             inputs = {key: str(value) for key, value in inputs.items()}
         else:
@@ -276,35 +282,26 @@ class DatasetRetrieval:
                                 )
                                 context_files.append(attachment_info)
                 if show_retrieve_source:
-                    dataset_ids = [record.segment.dataset_id for record in records]
-                    document_ids = [record.segment.document_id for record in records]
-                    dataset_document_stmt = select(DatasetDocument).where(
-                        DatasetDocument.id.in_(document_ids),
-                        DatasetDocument.enabled == True,
-                        DatasetDocument.archived == False,
-                    )
-                    documents = db.session.execute(dataset_document_stmt).scalars().all()  # type: ignore
-                    dataset_stmt = select(Dataset).where(
-                        Dataset.id.in_(dataset_ids),
-                    )
-                    datasets = db.session.execute(dataset_stmt).scalars().all()  # type: ignore
-                    dataset_map = {i.id: i for i in datasets}
-                    document_map = {i.id: i for i in documents}
                     for record in records:
                         segment = record.segment
-                        dataset_item = dataset_map.get(segment.dataset_id)
-                        document_item = document_map.get(segment.document_id)
-                        if dataset_item and document_item:
+                        dataset = db.session.query(Dataset).filter_by(id=segment.dataset_id).first()
+                        dataset_document_stmt = select(DatasetDocument).where(
+                            DatasetDocument.id == segment.document_id,
+                            DatasetDocument.enabled == True,
+                            DatasetDocument.archived == False,
+                        )
+                        document = db.session.scalar(dataset_document_stmt)
+                        if dataset and document:
                             source = RetrievalSourceMetadata(
-                                dataset_id=dataset_item.id,
-                                dataset_name=dataset_item.name,
-                                document_id=document_item.id,
-                                document_name=document_item.name,
-                                data_source_type=document_item.data_source_type,
+                                dataset_id=dataset.id,
+                                dataset_name=dataset.name,
+                                document_id=document.id,
+                                document_name=document.name,
+                                data_source_type=document.data_source_type,
                                 segment_id=segment.id,
                                 retriever_from=invoke_from.to_source(),
                                 score=record.score or 0.0,
-                                doc_metadata=document_item.doc_metadata,
+                                doc_metadata=document.doc_metadata,
                             )
 
                             if invoke_from.to_source() == "dev":

api/core/rag/splitter/fixed_text_splitter.py

@@ -2,7 +2,6 @@
 
 from __future__ import annotations
 
-import codecs
 import re
 from typing import Any
 
@@ -53,7 +52,7 @@ class FixedRecursiveCharacterTextSplitter(EnhanceRecursiveCharacterTextSplitter)
     def __init__(self, fixed_separator: str = "\n\n", separators: list[str] | None = None, **kwargs: Any):
         """Create a new TextSplitter."""
         super().__init__(**kwargs)
-        self._fixed_separator = codecs.decode(fixed_separator, "unicode_escape")
+        self._fixed_separator = fixed_separator
         self._separators = separators or ["\n\n", "\n", "。", ". ", " ", ""]
 
     def split_text(self, text: str) -> list[str]:
@@ -95,8 +94,7 @@ class FixedRecursiveCharacterTextSplitter(EnhanceRecursiveCharacterTextSplitter)
                 splits = re.split(r" +", text)
             else:
                 splits = text.split(separator)
-                if self._keep_separator:
-                    splits = [s + separator for s in splits[:-1]] + splits[-1:]
+                splits = [item + separator if i < len(splits) else item for i, item in enumerate(splits)]
         else:
             splits = list(text)
         if separator == "\n":
@@ -105,7 +103,7 @@ class FixedRecursiveCharacterTextSplitter(EnhanceRecursiveCharacterTextSplitter)
             splits = [s for s in splits if (s not in {"", "\n"})]
         _good_splits = []
         _good_splits_lengths = []  # cache the lengths of the splits
-        _separator = "" if self._keep_separator else separator
+        _separator = separator if self._keep_separator else ""
         s_lens = self._length_function(splits)
         if separator != "":
             for s, s_len in zip(splits, s_lens):

api/core/tools/entities/tool_entities.py

@@ -153,11 +153,11 @@ class ToolInvokeMessage(BaseModel):
         @classmethod
         def transform_variable_value(cls, values):
             """
-            Only basic types, lists, and None are allowed.
+            Only basic types and lists are allowed.
             """
             value = values.get("variable_value")
-            if value is not None and not isinstance(value, dict | list | str | int | float | bool):
-                raise ValueError("Only basic types, lists, and None are allowed.")
+            if not isinstance(value, dict | list | str | int | float | bool):
+                raise ValueError("Only basic types and lists are allowed.")
 
             # if stream is true, the value must be a string
             if values.get("stream"):

api/core/trigger/utils/encryption.py

@@ -67,16 +67,12 @@ def create_trigger_provider_encrypter_for_subscription(
 
 
 def delete_cache_for_subscription(tenant_id: str, provider_id: str, subscription_id: str):
-    TriggerProviderCredentialsCache(
+    cache = TriggerProviderCredentialsCache(
         tenant_id=tenant_id,
         provider_id=provider_id,
         credential_id=subscription_id,
-    ).delete()
-    TriggerProviderPropertiesCache(
-        tenant_id=tenant_id,
-        provider_id=provider_id,
-        subscription_id=subscription_id,
-    ).delete()
+    )
+    cache.delete()
 
 
 def create_trigger_provider_encrypter_for_properties(

api/core/workflow/enums.py

@@ -247,7 +247,6 @@ class WorkflowNodeExecutionMetadataKey(StrEnum):
     ERROR_STRATEGY = "error_strategy"  # node in continue on error mode return the field
     LOOP_VARIABLE_MAP = "loop_variable_map"  # single loop variable output
     DATASOURCE_INFO = "datasource_info"
-    COMPLETED_REASON = "completed_reason"  # completed reason for loop node
 
 
 class WorkflowNodeExecutionStatus(StrEnum):

api/core/workflow/graph_engine/graph_engine.py

@@ -140,10 +140,6 @@ class GraphEngine:
         pause_handler = PauseCommandHandler()
         self._command_processor.register_handler(PauseCommand, pause_handler)
 
-        # === Extensibility ===
-        # Layers allow plugins to extend engine functionality
-        self._layers: list[GraphEngineLayer] = []
-
         # === Worker Pool Setup ===
         # Capture Flask app context for worker threads
         flask_app: Flask | None = None
@@ -162,7 +158,6 @@ class GraphEngine:
             ready_queue=self._ready_queue,
             event_queue=self._event_queue,
             graph=self._graph,
-            layers=self._layers,
             flask_app=flask_app,
             context_vars=context_vars,
             min_workers=self._min_workers,
@@ -201,6 +196,10 @@ class GraphEngine:
             event_emitter=self._event_manager,
         )
 
+        # === Extensibility ===
+        # Layers allow plugins to extend engine functionality
+        self._layers: list[GraphEngineLayer] = []
+
         # === Validation ===
         # Ensure all nodes share the same GraphRuntimeState instance
         self._validate_graph_state_consistency()

api/core/workflow/graph_engine/layers/__init__.py

@@ -8,11 +8,9 @@ with middleware-like components that can observe events and interact with execut
 from .base import GraphEngineLayer
 from .debug_logging import DebugLoggingLayer
 from .execution_limits import ExecutionLimitsLayer
-from .observability import ObservabilityLayer
 
 __all__ = [
     "DebugLoggingLayer",
     "ExecutionLimitsLayer",
     "GraphEngineLayer",
-    "ObservabilityLayer",
 ]

api/core/workflow/graph_engine/layers/base.py

@@ -9,7 +9,6 @@ from abc import ABC, abstractmethod
 
 from core.workflow.graph_engine.protocols.command_channel import CommandChannel
 from core.workflow.graph_events import GraphEngineEvent
-from core.workflow.nodes.base.node import Node
 from core.workflow.runtime import ReadOnlyGraphRuntimeState
 
 
@@ -84,29 +83,3 @@ class GraphEngineLayer(ABC):
             error: The exception that caused execution to fail, or None if successful
         """
         pass
-
-    def on_node_run_start(self, node: Node) -> None:  # noqa: B027
-        """
-        Called immediately before a node begins execution.
-
-        Layers can override to inject behavior (e.g., start spans) prior to node execution.
-        The node's execution ID is available via `node._node_execution_id` and will be
-        consistent with all events emitted by this node execution.
-
-        Args:
-            node: The node instance about to be executed
-        """
-        pass
-
-    def on_node_run_end(self, node: Node, error: Exception | None) -> None:  # noqa: B027
-        """
-        Called after a node finishes execution.
-
-        The node's execution ID is available via `node._node_execution_id` and matches
-        the `id` field in all events emitted by this node execution.
-
-        Args:
-            node: The node instance that just finished execution
-            error: Exception instance if the node failed, otherwise None
-        """
-        pass

api/core/workflow/graph_engine/layers/node_parsers.py

@@ -1,61 +0,0 @@
-"""
-Node-level OpenTelemetry parser interfaces and defaults.
-"""
-
-import json
-from typing import Protocol
-
-from opentelemetry.trace import Span
-from opentelemetry.trace.status import Status, StatusCode
-
-from core.workflow.nodes.base.node import Node
-from core.workflow.nodes.tool.entities import ToolNodeData
-
-
-class NodeOTelParser(Protocol):
-    """Parser interface for node-specific OpenTelemetry enrichment."""
-
-    def parse(self, *, node: Node, span: "Span", error: Exception | None) -> None: ...
-
-
-class DefaultNodeOTelParser:
-    """Fallback parser used when no node-specific parser is registered."""
-
-    def parse(self, *, node: Node, span: "Span", error: Exception | None) -> None:
-        span.set_attribute("node.id", node.id)
-        if node.execution_id:
-            span.set_attribute("node.execution_id", node.execution_id)
-        if hasattr(node, "node_type") and node.node_type:
-            span.set_attribute("node.type", node.node_type.value)
-
-        if error:
-            span.record_exception(error)
-            span.set_status(Status(StatusCode.ERROR, str(error)))
-        else:
-            span.set_status(Status(StatusCode.OK))
-
-
-class ToolNodeOTelParser:
-    """Parser for tool nodes that captures tool-specific metadata."""
-
-    def __init__(self) -> None:
-        self._delegate = DefaultNodeOTelParser()
-
-    def parse(self, *, node: Node, span: "Span", error: Exception | None) -> None:
-        self._delegate.parse(node=node, span=span, error=error)
-
-        tool_data = getattr(node, "_node_data", None)
-        if not isinstance(tool_data, ToolNodeData):
-            return
-
-        span.set_attribute("tool.provider.id", tool_data.provider_id)
-        span.set_attribute("tool.provider.type", tool_data.provider_type.value)
-        span.set_attribute("tool.provider.name", tool_data.provider_name)
-        span.set_attribute("tool.name", tool_data.tool_name)
-        span.set_attribute("tool.label", tool_data.tool_label)
-        if tool_data.plugin_unique_identifier:
-            span.set_attribute("tool.plugin.id", tool_data.plugin_unique_identifier)
-        if tool_data.credential_id:
-            span.set_attribute("tool.credential.id", tool_data.credential_id)
-        if tool_data.tool_configurations:
-            span.set_attribute("tool.config", json.dumps(tool_data.tool_configurations, ensure_ascii=False))

api/core/workflow/graph_engine/layers/observability.py

@@ -1,169 +0,0 @@
-"""
-Observability layer for GraphEngine.
-
-This layer creates OpenTelemetry spans for node execution, enabling distributed
-tracing of workflow execution. It establishes OTel context during node execution
-so that automatic instrumentation (HTTP requests, DB queries, etc.) automatically
-associates with the node span.
-"""
-
-import logging
-from dataclasses import dataclass
-from typing import cast, final
-
-from opentelemetry import context as context_api
-from opentelemetry.trace import Span, SpanKind, Tracer, get_tracer, set_span_in_context
-from typing_extensions import override
-
-from configs import dify_config
-from core.workflow.enums import NodeType
-from core.workflow.graph_engine.layers.base import GraphEngineLayer
-from core.workflow.graph_engine.layers.node_parsers import (
-    DefaultNodeOTelParser,
-    NodeOTelParser,
-    ToolNodeOTelParser,
-)
-from core.workflow.nodes.base.node import Node
-from extensions.otel.runtime import is_instrument_flag_enabled
-
-logger = logging.getLogger(__name__)
-
-
-@dataclass(slots=True)
-class _NodeSpanContext:
-    span: "Span"
-    token: object
-
-
-@final
-class ObservabilityLayer(GraphEngineLayer):
-    """
-    Layer that creates OpenTelemetry spans for node execution.
-
-    This layer:
-    - Creates a span when a node starts execution
-    - Establishes OTel context so automatic instrumentation associates with the span
-    - Sets complete attributes and status when node execution ends
-    """
-
-    def __init__(self) -> None:
-        super().__init__()
-        self._node_contexts: dict[str, _NodeSpanContext] = {}
-        self._parsers: dict[NodeType, NodeOTelParser] = {}
-        self._default_parser: NodeOTelParser = cast(NodeOTelParser, DefaultNodeOTelParser())
-        self._is_disabled: bool = False
-        self._tracer: Tracer | None = None
-        self._build_parser_registry()
-        self._init_tracer()
-
-    def _init_tracer(self) -> None:
-        """Initialize OpenTelemetry tracer in constructor."""
-        if not (dify_config.ENABLE_OTEL or is_instrument_flag_enabled()):
-            self._is_disabled = True
-            return
-
-        try:
-            self._tracer = get_tracer(__name__)
-        except Exception as e:
-            logger.warning("Failed to get OpenTelemetry tracer: %s", e)
-            self._is_disabled = True
-
-    def _build_parser_registry(self) -> None:
-        """Initialize parser registry for node types."""
-        self._parsers = {
-            NodeType.TOOL: ToolNodeOTelParser(),
-        }
-
-    def _get_parser(self, node: Node) -> NodeOTelParser:
-        node_type = getattr(node, "node_type", None)
-        if isinstance(node_type, NodeType):
-            return self._parsers.get(node_type, self._default_parser)
-        return self._default_parser
-
-    @override
-    def on_graph_start(self) -> None:
-        """Called when graph execution starts."""
-        self._node_contexts.clear()
-
-    @override
-    def on_node_run_start(self, node: Node) -> None:
-        """
-        Called when a node starts execution.
-
-        Creates a span and establishes OTel context for automatic instrumentation.
-        """
-        if self._is_disabled:
-            return
-
-        try:
-            if not self._tracer:
-                return
-
-            execution_id = node.execution_id
-            if not execution_id:
-                return
-
-            parent_context = context_api.get_current()
-            span = self._tracer.start_span(
-                f"{node.title}",
-                kind=SpanKind.INTERNAL,
-                context=parent_context,
-            )
-
-            new_context = set_span_in_context(span)
-            token = context_api.attach(new_context)
-
-            self._node_contexts[execution_id] = _NodeSpanContext(span=span, token=token)
-
-        except Exception as e:
-            logger.warning("Failed to create OpenTelemetry span for node %s: %s", node.id, e)
-
-    @override
-    def on_node_run_end(self, node: Node, error: Exception | None) -> None:
-        """
-        Called when a node finishes execution.
-
-        Sets complete attributes, records exceptions, and ends the span.
-        """
-        if self._is_disabled:
-            return
-
-        try:
-            execution_id = node.execution_id
-            if not execution_id:
-                return
-            node_context = self._node_contexts.get(execution_id)
-            if not node_context:
-                return
-
-            span = node_context.span
-            parser = self._get_parser(node)
-            try:
-                parser.parse(node=node, span=span, error=error)
-                span.end()
-            finally:
-                token = node_context.token
-                if token is not None:
-                    try:
-                        context_api.detach(token)
-                    except Exception:
-                        logger.warning("Failed to detach OpenTelemetry token: %s", token)
-                self._node_contexts.pop(execution_id, None)
-
-        except Exception as e:
-            logger.warning("Failed to end OpenTelemetry span for node %s: %s", node.id, e)
-
-    @override
-    def on_event(self, event) -> None:
-        """Not used in this layer."""
-        pass
-
-    @override
-    def on_graph_end(self, error: Exception | None) -> None:
-        """Called when graph execution ends."""
-        if self._node_contexts:
-            logger.warning(
-                "ObservabilityLayer: %d node spans were not properly ended",
-                len(self._node_contexts),
-            )
-            self._node_contexts.clear()

api/core/workflow/graph_engine/worker.py

@@ -9,7 +9,6 @@ import contextvars
 import queue
 import threading
 import time
-from collections.abc import Sequence
 from datetime import datetime
 from typing import final
 from uuid import uuid4
@@ -18,7 +17,6 @@ from flask import Flask
 from typing_extensions import override
 
 from core.workflow.graph import Graph
-from core.workflow.graph_engine.layers.base import GraphEngineLayer
 from core.workflow.graph_events import GraphNodeEventBase, NodeRunFailedEvent
 from core.workflow.nodes.base.node import Node
 from libs.flask_utils import preserve_flask_contexts
@@ -41,7 +39,6 @@ class Worker(threading.Thread):
         ready_queue: ReadyQueue,
         event_queue: queue.Queue[GraphNodeEventBase],
         graph: Graph,
-        layers: Sequence[GraphEngineLayer],
         worker_id: int = 0,
         flask_app: Flask | None = None,
         context_vars: contextvars.Context | None = None,
@@ -53,7 +50,6 @@ class Worker(threading.Thread):
             ready_queue: Ready queue containing node IDs ready for execution
             event_queue: Queue for pushing execution events
             graph: Graph containing nodes to execute
-            layers: Graph engine layers for node execution hooks
             worker_id: Unique identifier for this worker
             flask_app: Optional Flask application for context preservation
             context_vars: Optional context variables to preserve in worker thread
@@ -67,7 +63,6 @@ class Worker(threading.Thread):
         self._context_vars = context_vars
         self._stop_event = threading.Event()
         self._last_task_time = time.time()
-        self._layers = layers if layers is not None else []
 
     def stop(self) -> None:
         """Signal the worker to stop processing."""
@@ -127,51 +122,20 @@ class Worker(threading.Thread):
         Args:
             node: The node instance to execute
         """
-        node.ensure_execution_id()
-
-        error: Exception | None = None
-
+        # Execute the node with preserved context if Flask app is provided
         if self._flask_app and self._context_vars:
             with preserve_flask_contexts(
                 flask_app=self._flask_app,
                 context_vars=self._context_vars,
             ):
-                self._invoke_node_run_start_hooks(node)
-                try:
-                    node_events = node.run()
-                    for event in node_events:
-                        self._event_queue.put(event)
-                except Exception as exc:
-                    error = exc
-                    raise
-                finally:
-                    self._invoke_node_run_end_hooks(node, error)
-        else:
-            self._invoke_node_run_start_hooks(node)
-            try:
+                # Execute the node
                 node_events = node.run()
                 for event in node_events:
+                    # Forward event to dispatcher immediately for streaming
                     self._event_queue.put(event)
-            except Exception as exc:
-                error = exc
-                raise
-            finally:
-                self._invoke_node_run_end_hooks(node, error)
-
-    def _invoke_node_run_start_hooks(self, node: Node) -> None:
-        """Invoke on_node_run_start hooks for all layers."""
-        for layer in self._layers:
-            try:
-                layer.on_node_run_start(node)
-            except Exception:
-                # Silently ignore layer errors to prevent disrupting node execution
-                continue
-
-    def _invoke_node_run_end_hooks(self, node: Node, error: Exception | None) -> None:
-        """Invoke on_node_run_end hooks for all layers."""
-        for layer in self._layers:
-            try:
-                layer.on_node_run_end(node, error)
-            except Exception:
-                # Silently ignore layer errors to prevent disrupting node execution
-                continue
+        else:
+            # Execute without context preservation
+            node_events = node.run()
+            for event in node_events:
+                # Forward event to dispatcher immediately for streaming
+                self._event_queue.put(event)

api/core/workflow/graph_engine/worker_management/worker_pool.py

@@ -14,7 +14,6 @@ from configs import dify_config
 from core.workflow.graph import Graph
 from core.workflow.graph_events import GraphNodeEventBase
 
-from ..layers.base import GraphEngineLayer
 from ..ready_queue import ReadyQueue
 from ..worker import Worker
 
@@ -40,7 +39,6 @@ class WorkerPool:
         ready_queue: ReadyQueue,
         event_queue: queue.Queue[GraphNodeEventBase],
         graph: Graph,
-        layers: list[GraphEngineLayer],
         flask_app: "Flask | None" = None,
         context_vars: "Context | None" = None,
         min_workers: int | None = None,
@@ -55,7 +53,6 @@ class WorkerPool:
             ready_queue: Ready queue for nodes ready for execution
             event_queue: Queue for worker events
             graph: The workflow graph
-            layers: Graph engine layers for node execution hooks
             flask_app: Optional Flask app for context preservation
             context_vars: Optional context variables
             min_workers: Minimum number of workers
@@ -68,7 +65,6 @@ class WorkerPool:
         self._graph = graph
         self._flask_app = flask_app
         self._context_vars = context_vars
-        self._layers = layers
 
         # Scaling parameters with defaults
         self._min_workers = min_workers or dify_config.GRAPH_ENGINE_MIN_WORKERS
@@ -148,7 +144,6 @@ class WorkerPool:
             ready_queue=self._ready_queue,
             event_queue=self._event_queue,
             graph=self._graph,
-            layers=self._layers,
             worker_id=worker_id,
             flask_app=self._flask_app,
             context_vars=self._context_vars,

api/core/workflow/nodes/base/node.py

@@ -244,15 +244,6 @@ class Node(Generic[NodeDataT]):
     def graph_init_params(self) -> "GraphInitParams":
         return self._graph_init_params
 
-    @property
-    def execution_id(self) -> str:
-        return self._node_execution_id
-
-    def ensure_execution_id(self) -> str:
-        if not self._node_execution_id:
-            self._node_execution_id = str(uuid4())
-        return self._node_execution_id
-
     def _hydrate_node_data(self, data: Mapping[str, Any]) -> NodeDataT:
         return cast(NodeDataT, self._node_data_type.model_validate(data))
 
@@ -265,12 +256,14 @@ class Node(Generic[NodeDataT]):
         raise NotImplementedError
 
     def run(self) -> Generator[GraphNodeEventBase, None, None]:
-        execution_id = self.ensure_execution_id()
+        # Generate a single node execution ID to use for all events
+        if not self._node_execution_id:
+            self._node_execution_id = str(uuid4())
         self._start_at = naive_utc_now()
 
         # Create and push start event with required fields
         start_event = NodeRunStartedEvent(
-            id=execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.title,
@@ -328,7 +321,7 @@ class Node(Generic[NodeDataT]):
                 if isinstance(event, NodeEventBase):  # pyright: ignore[reportUnnecessaryIsInstance]
                     yield self._dispatch(event)
                 elif isinstance(event, GraphNodeEventBase) and not event.in_iteration_id and not event.in_loop_id:  # pyright: ignore[reportUnnecessaryIsInstance]
-                    event.id = self.execution_id
+                    event.id = self._node_execution_id
                     yield event
                 else:
                     yield event
@@ -340,7 +333,7 @@ class Node(Generic[NodeDataT]):
                 error_type="WorkflowNodeError",
             )
             yield NodeRunFailedEvent(
-                id=self.execution_id,
+                id=self._node_execution_id,
                 node_id=self._node_id,
                 node_type=self.node_type,
                 start_at=self._start_at,
@@ -519,7 +512,7 @@ class Node(Generic[NodeDataT]):
         match result.status:
             case WorkflowNodeExecutionStatus.FAILED:
                 return NodeRunFailedEvent(
-                    id=self.execution_id,
+                    id=self._node_execution_id,
                     node_id=self.id,
                     node_type=self.node_type,
                     start_at=self._start_at,
@@ -528,7 +521,7 @@ class Node(Generic[NodeDataT]):
                 )
             case WorkflowNodeExecutionStatus.SUCCEEDED:
                 return NodeRunSucceededEvent(
-                    id=self.execution_id,
+                    id=self._node_execution_id,
                     node_id=self.id,
                     node_type=self.node_type,
                     start_at=self._start_at,
@@ -544,7 +537,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: StreamChunkEvent) -> NodeRunStreamChunkEvent:
         return NodeRunStreamChunkEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             selector=event.selector,
@@ -557,7 +550,7 @@ class Node(Generic[NodeDataT]):
         match event.node_run_result.status:
             case WorkflowNodeExecutionStatus.SUCCEEDED:
                 return NodeRunSucceededEvent(
-                    id=self.execution_id,
+                    id=self._node_execution_id,
                     node_id=self._node_id,
                     node_type=self.node_type,
                     start_at=self._start_at,
@@ -565,7 +558,7 @@ class Node(Generic[NodeDataT]):
                 )
             case WorkflowNodeExecutionStatus.FAILED:
                 return NodeRunFailedEvent(
-                    id=self.execution_id,
+                    id=self._node_execution_id,
                     node_id=self._node_id,
                     node_type=self.node_type,
                     start_at=self._start_at,
@@ -580,7 +573,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: PauseRequestedEvent) -> NodeRunPauseRequestedEvent:
         return NodeRunPauseRequestedEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_run_result=NodeRunResult(status=WorkflowNodeExecutionStatus.PAUSED),
@@ -590,7 +583,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: AgentLogEvent) -> NodeRunAgentLogEvent:
         return NodeRunAgentLogEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             message_id=event.message_id,
@@ -606,7 +599,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: LoopStartedEvent) -> NodeRunLoopStartedEvent:
         return NodeRunLoopStartedEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -619,7 +612,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: LoopNextEvent) -> NodeRunLoopNextEvent:
         return NodeRunLoopNextEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -630,7 +623,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: LoopSucceededEvent) -> NodeRunLoopSucceededEvent:
         return NodeRunLoopSucceededEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -644,7 +637,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: LoopFailedEvent) -> NodeRunLoopFailedEvent:
         return NodeRunLoopFailedEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -659,7 +652,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: IterationStartedEvent) -> NodeRunIterationStartedEvent:
         return NodeRunIterationStartedEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -672,7 +665,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: IterationNextEvent) -> NodeRunIterationNextEvent:
         return NodeRunIterationNextEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -683,7 +676,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: IterationSucceededEvent) -> NodeRunIterationSucceededEvent:
         return NodeRunIterationSucceededEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -697,7 +690,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: IterationFailedEvent) -> NodeRunIterationFailedEvent:
         return NodeRunIterationFailedEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             node_title=self.node_data.title,
@@ -712,7 +705,7 @@ class Node(Generic[NodeDataT]):
     @_dispatch.register
     def _(self, event: RunRetrieverResourceEvent) -> NodeRunRetrieverResourceEvent:
         return NodeRunRetrieverResourceEvent(
-            id=self.execution_id,
+            id=self._node_execution_id,
             node_id=self._node_id,
             node_type=self.node_type,
             retriever_resources=event.retriever_resources,

api/core/workflow/nodes/http_request/executor.py

@@ -86,11 +86,6 @@ class Executor:
             node_data.authorization.config.api_key = variable_pool.convert_template(
                 node_data.authorization.config.api_key
             ).text
-            # Validate that API key is not empty after template conversion
-            if not node_data.authorization.config.api_key or not node_data.authorization.config.api_key.strip():
-                raise AuthorizationConfigError(
-                    "API key is required for authorization but was empty. Please provide a valid API key."
-                )
 
         self.url = node_data.url
         self.method = node_data.method

api/core/workflow/nodes/loop/entities.py

@@ -1,4 +1,3 @@
-from enum import StrEnum
 from typing import Annotated, Any, Literal
 
 from pydantic import AfterValidator, BaseModel, Field, field_validator
@@ -97,8 +96,3 @@ class LoopState(BaseLoopState):
         Get current output.
         """
         return self.current_output
-
-
-class LoopCompletedReason(StrEnum):
-    LOOP_BREAK = "loop_break"
-    LOOP_COMPLETED = "loop_completed"

api/core/workflow/nodes/loop/loop_node.py

@@ -29,7 +29,7 @@ from core.workflow.node_events import (
 )
 from core.workflow.nodes.base import LLMUsageTrackingMixin
 from core.workflow.nodes.base.node import Node
-from core.workflow.nodes.loop.entities import LoopCompletedReason, LoopNodeData, LoopVariableData
+from core.workflow.nodes.loop.entities import LoopNodeData, LoopVariableData
 from core.workflow.utils.condition.processor import ConditionProcessor
 from factories.variable_factory import TypeMismatchError, build_segment_with_type, segment_to_variable
 from libs.datetime_utils import naive_utc_now
@@ -96,7 +96,6 @@ class LoopNode(LLMUsageTrackingMixin, Node[LoopNodeData]):
         loop_duration_map: dict[str, float] = {}
         single_loop_variable_map: dict[str, dict[str, Any]] = {}  # single loop variable output
         loop_usage = LLMUsage.empty_usage()
-        loop_node_ids = self._extract_loop_node_ids_from_config(self.graph_config, self._node_id)
 
         # Start Loop event
         yield LoopStartedEvent(
@@ -119,8 +118,6 @@ class LoopNode(LLMUsageTrackingMixin, Node[LoopNodeData]):
                 loop_count = 0
 
             for i in range(loop_count):
-                # Clear stale variables from previous loop iterations to avoid streaming old values
-                self._clear_loop_subgraph_variables(loop_node_ids)
                 graph_engine = self._create_graph_engine(start_at=start_at, root_node_id=root_node_id)
 
                 loop_start_time = naive_utc_now()
@@ -180,11 +177,7 @@ class LoopNode(LLMUsageTrackingMixin, Node[LoopNodeData]):
                     WorkflowNodeExecutionMetadataKey.TOTAL_TOKENS: loop_usage.total_tokens,
                     WorkflowNodeExecutionMetadataKey.TOTAL_PRICE: loop_usage.total_price,
                     WorkflowNodeExecutionMetadataKey.CURRENCY: loop_usage.currency,
-                    WorkflowNodeExecutionMetadataKey.COMPLETED_REASON: (
-                        LoopCompletedReason.LOOP_BREAK
-                        if reach_break_condition
-                        else LoopCompletedReason.LOOP_COMPLETED.value
-                    ),
+                    "completed_reason": "loop_break" if reach_break_condition else "loop_completed",
                     WorkflowNodeExecutionMetadataKey.LOOP_DURATION_MAP: loop_duration_map,
                     WorkflowNodeExecutionMetadataKey.LOOP_VARIABLE_MAP: single_loop_variable_map,
                 },
@@ -281,17 +274,6 @@ class LoopNode(LLMUsageTrackingMixin, Node[LoopNodeData]):
         if WorkflowNodeExecutionMetadataKey.LOOP_ID not in current_metadata:
             event.node_run_result.metadata = {**current_metadata, **loop_metadata}
 
-    def _clear_loop_subgraph_variables(self, loop_node_ids: set[str]) -> None:
-        """
-        Remove variables produced by loop sub-graph nodes from previous iterations.
-
-        Keeping stale variables causes a freshly created response coordinator in the
-        next iteration to fall back to outdated values when no stream chunks exist.
-        """
-        variable_pool = self.graph_runtime_state.variable_pool
-        for node_id in loop_node_ids:
-            variable_pool.remove([node_id])
-
     @classmethod
     def _extract_variable_selector_to_variable_mapping(
         cls,

api/core/workflow/nodes/parameter_extractor/parameter_extractor_node.py

@@ -281,7 +281,7 @@ class ParameterExtractorNode(Node[ParameterExtractorNodeData]):
 
         # handle invoke result
 
-        text = invoke_result.message.get_text_content()
+        text = invoke_result.message.content or ""
         if not isinstance(text, str):
             raise InvalidTextContentTypeError(f"Invalid text content type: {type(text)}. Expected str.")
 

api/core/workflow/nodes/start/start_node.py

@@ -1,4 +1,3 @@
-import json
 from typing import Any
 
 from jsonschema import Draft7Validator, ValidationError
@@ -43,25 +42,15 @@ class StartNode(Node[StartNodeData]):
             if value is None and variable.required:
                 raise ValueError(f"{key} is required in input form")
 
+            if not isinstance(value, dict):
+                raise ValueError(f"{key} must be a JSON object")
+
             schema = variable.json_schema
             if not schema:
                 continue
 
-            if not value:
-                continue
-
             try:
-                json_schema = json.loads(schema)
-            except json.JSONDecodeError as e:
-                raise ValueError(f"{schema} must be a valid JSON object")
-
-            try:
-                json_value = json.loads(value)
-            except json.JSONDecodeError as e:
-                raise ValueError(f"{value} must be a valid JSON object")
-
-            try:
-                Draft7Validator(json_schema).validate(json_value)
+                Draft7Validator(schema).validate(value)
             except ValidationError as e:
                 raise ValueError(f"JSON object for '{key}' does not match schema: {e.message}")
-            node_inputs[key] = json_value
+            node_inputs[key] = value