feat: enhance E2E testing setup with Cloudflare Access support and improved authentication handling

- Added support for Cloudflare Access headers in Playwright configuration and teardown. - Updated global setup for E2E tests to validate authentication credentials and handle login more robustly. - Enhanced README with authentication configuration details and supported methods. - Updated Playwright reporter configuration to include JSON output for test results.
Merge remote-tracking branch 'origin/main' into feat/e2e-testing
2026-04-11 07:29:24 +08:00 · 2025-12-16 14:15:09 +08:00 · 2025-12-16 10:04:19 +08:00 · 2025-12-11 15:47:59 +08:00 · 2025-12-10 14:44:51 +08:00 · 2025-12-09 18:14:57 +08:00
5365 changed files with 238008 additions and 379504 deletions
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -1,9 +0,0 @@
-{
-  "enabledPlugins": {
-    "feature-dev@claude-plugins-official": true,
-    "context7@claude-plugins-official": true,
-    "typescript-lsp@claude-plugins-official": true,
-    "pyright-lsp@claude-plugins-official": true,
-    "ralph-wiggum@claude-plugins-official": true
-  }
-}
--- a/.claude/settings.json.example
+++ b/.claude/settings.json.example
@@ -0,0 +1,19 @@
+{
+    "permissions": {
+      "allow": [],
+      "deny": []
+    },
+    "env": {
+      "__comment": "Environment variables for MCP servers. Override in .claude/settings.local.json with actual values.",
+      "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+    },
+    "enabledMcpjsonServers": [
+      "context7",
+      "sequential-thinking",
+      "github",
+      "fetch",
+      "playwright",
+      "ide"
+    ],
+    "enableAllProjectMcpServers": true
+  }
--- a/.claude/skills/component-refactoring/SKILL.md
+++ b/.claude/skills/component-refactoring/SKILL.md
@@ -1,483 +0,0 @@
---
-name: component-refactoring
-description: Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component --json` shows complexity > 50 or lineCount > 300, when the user asks for code splitting, hook extraction, or complexity reduction, or when `pnpm analyze-component` warns to refactor before testing; avoid for simple/well-structured components, third-party wrappers, or when the user explicitly wants testing without refactoring.
---
-
-# Dify Component Refactoring Skill
-
-Refactor high-complexity React components in the Dify frontend codebase with the patterns and workflow below.
-
-> **Complexity Threshold**: Components with complexity > 50 (measured by `pnpm analyze-component`) should be refactored before testing.
-
-## Quick Reference
-
-### Commands (run from `web/`)
-
-Use paths relative to `web/` (e.g., `app/components/...`).
-Use `refactor-component` for refactoring prompts and `analyze-component` for testing prompts and metrics.
-
-```bash
-cd web
-
-# Generate refactoring prompt
-pnpm refactor-component <path>
-
-# Output refactoring analysis as JSON
-pnpm refactor-component <path> --json
-
-# Generate testing prompt (after refactoring)
-pnpm analyze-component <path>
-
-# Output testing analysis as JSON
-pnpm analyze-component <path> --json
-```
-
-### Complexity Analysis
-
-```bash
-# Analyze component complexity
-pnpm analyze-component <path> --json
-
-# Key metrics to check:
-# - complexity: normalized score 0-100 (target < 50)
-# - maxComplexity: highest single function complexity
-# - lineCount: total lines (target < 300)
-```
-
-### Complexity Score Interpretation
-
-| Score | Level | Action |
-|-------|-------|--------|
-| 0-25 | 🟢 Simple | Ready for testing |
-| 26-50 | 🟡 Medium | Consider minor refactoring |
-| 51-75 | 🟠 Complex | **Refactor before testing** |
-| 76-100 | 🔴 Very Complex | **Must refactor** |
-
-## Core Refactoring Patterns
-
-### Pattern 1: Extract Custom Hooks
-
-**When**: Component has complex state management, multiple `useState`/`useEffect`, or business logic mixed with UI.
-
-**Dify Convention**: Place hooks in a `hooks/` subdirectory or alongside the component as `use-<feature>.ts`.
-
-```typescript
-// ❌ Before: Complex state logic in component
-const Configuration: FC = () => {
-  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
-  const [datasetConfigs, setDatasetConfigs] = useState<DatasetConfigs>(...)
-  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
-  // 50+ lines of state management logic...
-  
-  return <div>...</div>
-}
-
-// ✅ After: Extract to custom hook
-// hooks/use-model-config.ts
-export const useModelConfig = (appId: string) => {
-  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
-  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
-  // Related state management logic here
-  
-  return { modelConfig, setModelConfig, completionParams, setCompletionParams }
-}
-
-// Component becomes cleaner
-const Configuration: FC = () => {
-  const { modelConfig, setModelConfig } = useModelConfig(appId)
-  return <div>...</div>
-}
-```
-
-**Dify Examples**:
- `web/app/components/app/configuration/hooks/use-advanced-prompt-config.ts`
- `web/app/components/app/configuration/debug/hooks.tsx`
- `web/app/components/workflow/hooks/use-workflow.ts`
-
-### Pattern 2: Extract Sub-Components
-
-**When**: Single component has multiple UI sections, conditional rendering blocks, or repeated patterns.
-
-**Dify Convention**: Place sub-components in subdirectories or as separate files in the same directory.
-
-```typescript
-// ❌ Before: Monolithic JSX with multiple sections
-const AppInfo = () => {
-  return (
-    <div>
-      {/* 100 lines of header UI */}
-      {/* 100 lines of operations UI */}
-      {/* 100 lines of modals */}
-    </div>
-  )
-}
-
-// ✅ After: Split into focused components
-// app-info/
-//   ├── index.tsx           (orchestration only)
-//   ├── app-header.tsx      (header UI)
-//   ├── app-operations.tsx  (operations UI)
-//   └── app-modals.tsx      (modal management)
-
-const AppInfo = () => {
-  const { showModal, setShowModal } = useAppInfoModals()
-  
-  return (
-    <div>
-      <AppHeader appDetail={appDetail} />
-      <AppOperations onAction={handleAction} />
-      <AppModals show={showModal} onClose={() => setShowModal(null)} />
-    </div>
-  )
-}
-```
-
-**Dify Examples**:
- `web/app/components/app/configuration/` directory structure
- `web/app/components/workflow/nodes/` per-node organization
-
-### Pattern 3: Simplify Conditional Logic
-
-**When**: Deep nesting (> 3 levels), complex ternaries, or multiple `if/else` chains.
-
-```typescript
-// ❌ Before: Deeply nested conditionals
-const Template = useMemo(() => {
-  if (appDetail?.mode === AppModeEnum.CHAT) {
-    switch (locale) {
-      case LanguagesSupported[1]:
-        return <TemplateChatZh />
-      case LanguagesSupported[7]:
-        return <TemplateChatJa />
-      default:
-        return <TemplateChatEn />
-    }
-  }
-  if (appDetail?.mode === AppModeEnum.ADVANCED_CHAT) {
-    // Another 15 lines...
-  }
-  // More conditions...
-}, [appDetail, locale])
-
-// ✅ After: Use lookup tables + early returns
-const TEMPLATE_MAP = {
-  [AppModeEnum.CHAT]: {
-    [LanguagesSupported[1]]: TemplateChatZh,
-    [LanguagesSupported[7]]: TemplateChatJa,
-    default: TemplateChatEn,
-  },
-  [AppModeEnum.ADVANCED_CHAT]: {
-    [LanguagesSupported[1]]: TemplateAdvancedChatZh,
-    // ...
-  },
-}
-
-const Template = useMemo(() => {
-  const modeTemplates = TEMPLATE_MAP[appDetail?.mode]
-  if (!modeTemplates) return null
-  
-  const TemplateComponent = modeTemplates[locale] || modeTemplates.default
-  return <TemplateComponent appDetail={appDetail} />
-}, [appDetail, locale])
-```
-
-### Pattern 4: Extract API/Data Logic
-
-**When**: Component directly handles API calls, data transformation, or complex async operations.
-
-**Dify Convention**: Use `@tanstack/react-query` hooks from `web/service/use-*.ts` or create custom data hooks.
-
-```typescript
-// ❌ Before: API logic in component
-const MCPServiceCard = () => {
-  const [basicAppConfig, setBasicAppConfig] = useState({})
-  
-  useEffect(() => {
-    if (isBasicApp && appId) {
-      (async () => {
-        const res = await fetchAppDetail({ url: '/apps', id: appId })
-        setBasicAppConfig(res?.model_config || {})
-      })()
-    }
-  }, [appId, isBasicApp])
-  
-  // More API-related logic...
-}
-
-// ✅ After: Extract to data hook using React Query
-// use-app-config.ts
-import { useQuery } from '@tanstack/react-query'
-import { get } from '@/service/base'
-
-const NAME_SPACE = 'appConfig'
-
-export const useAppConfig = (appId: string, isBasicApp: boolean) => {
-  return useQuery({
-    enabled: isBasicApp && !!appId,
-    queryKey: [NAME_SPACE, 'detail', appId],
-    queryFn: () => get<AppDetailResponse>(`/apps/${appId}`),
-    select: data => data?.model_config || {},
-  })
-}
-
-// Component becomes cleaner
-const MCPServiceCard = () => {
-  const { data: config, isLoading } = useAppConfig(appId, isBasicApp)
-  // UI only
-}
-```
-
-**React Query Best Practices in Dify**:
- Define `NAME_SPACE` for query key organization
- Use `enabled` option for conditional fetching
- Use `select` for data transformation
- Export invalidation hooks: `useInvalidXxx`
-
-**Dify Examples**:
- `web/service/use-workflow.ts`
- `web/service/use-common.ts`
- `web/service/knowledge/use-dataset.ts`
- `web/service/knowledge/use-document.ts`
-
-### Pattern 5: Extract Modal/Dialog Management
-
-**When**: Component manages multiple modals with complex open/close states.
-
-**Dify Convention**: Modals should be extracted with their state management.
-
-```typescript
-// ❌ Before: Multiple modal states in component
-const AppInfo = () => {
-  const [showEditModal, setShowEditModal] = useState(false)
-  const [showDuplicateModal, setShowDuplicateModal] = useState(false)
-  const [showConfirmDelete, setShowConfirmDelete] = useState(false)
-  const [showSwitchModal, setShowSwitchModal] = useState(false)
-  const [showImportDSLModal, setShowImportDSLModal] = useState(false)
-  // 5+ more modal states...
-}
-
-// ✅ After: Extract to modal management hook
-type ModalType = 'edit' | 'duplicate' | 'delete' | 'switch' | 'import' | null
-
-const useAppInfoModals = () => {
-  const [activeModal, setActiveModal] = useState<ModalType>(null)
-  
-  const openModal = useCallback((type: ModalType) => setActiveModal(type), [])
-  const closeModal = useCallback(() => setActiveModal(null), [])
-  
-  return {
-    activeModal,
-    openModal,
-    closeModal,
-    isOpen: (type: ModalType) => activeModal === type,
-  }
-}
-```
-
-### Pattern 6: Extract Form Logic
-
-**When**: Complex form validation, submission handling, or field transformation.
-
-**Dify Convention**: Use `@tanstack/react-form` patterns from `web/app/components/base/form/`.
-
-```typescript
-// ✅ Use existing form infrastructure
-import { useAppForm } from '@/app/components/base/form'
-
-const ConfigForm = () => {
-  const form = useAppForm({
-    defaultValues: { name: '', description: '' },
-    onSubmit: handleSubmit,
-  })
-  
-  return <form.Provider>...</form.Provider>
-}
-```
-
-## Dify-Specific Refactoring Guidelines
-
-### 1. Context Provider Extraction
-
-**When**: Component provides complex context values with multiple states.
-
-```typescript
-// ❌ Before: Large context value object
-const value = {
-  appId, isAPIKeySet, isTrailFinished, mode, modelModeType,
-  promptMode, isAdvancedMode, isAgent, isOpenAI, isFunctionCall,
-  // 50+ more properties...
-}
-return <ConfigContext.Provider value={value}>...</ConfigContext.Provider>
-
-// ✅ After: Split into domain-specific contexts
-<ModelConfigProvider value={modelConfigValue}>
-  <DatasetConfigProvider value={datasetConfigValue}>
-    <UIConfigProvider value={uiConfigValue}>
-      {children}
-    </UIConfigProvider>
-  </DatasetConfigProvider>
-</ModelConfigProvider>
-```
-
-**Dify Reference**: `web/context/` directory structure
-
-### 2. Workflow Node Components
-
-**When**: Refactoring workflow node components (`web/app/components/workflow/nodes/`).
-
-**Conventions**:
- Keep node logic in `use-interactions.ts`
- Extract panel UI to separate files
- Use `_base` components for common patterns
-
-```
-nodes/<node-type>/
-  ├── index.tsx              # Node registration
-  ├── node.tsx               # Node visual component
-  ├── panel.tsx              # Configuration panel
-  ├── use-interactions.ts    # Node-specific hooks
-  └── types.ts               # Type definitions
-```
-
-### 3. Configuration Components
-
-**When**: Refactoring app configuration components.
-
-**Conventions**:
- Separate config sections into subdirectories
- Use existing patterns from `web/app/components/app/configuration/`
- Keep feature toggles in dedicated components
-
-### 4. Tool/Plugin Components
-
-**When**: Refactoring tool-related components (`web/app/components/tools/`).
-
-**Conventions**:
- Follow existing modal patterns
- Use service hooks from `web/service/use-tools.ts`
- Keep provider-specific logic isolated
-
-## Refactoring Workflow
-
-### Step 1: Generate Refactoring Prompt
-
-```bash
-pnpm refactor-component <path>
-```
-
-This command will:
- Analyze component complexity and features
- Identify specific refactoring actions needed
- Generate a prompt for AI assistant (auto-copied to clipboard on macOS)
- Provide detailed requirements based on detected patterns
-
-### Step 2: Analyze Details
-
-```bash
-pnpm analyze-component <path> --json
-```
-
-Identify:
- Total complexity score
- Max function complexity
- Line count
- Features detected (state, effects, API, etc.)
-
-### Step 3: Plan
-
-Create a refactoring plan based on detected features:
-
-| Detected Feature | Refactoring Action |
-|------------------|-------------------|
-| `hasState: true` + `hasEffects: true` | Extract custom hook |
-| `hasAPI: true` | Extract data/service hook |
-| `hasEvents: true` (many) | Extract event handlers |
-| `lineCount > 300` | Split into sub-components |
-| `maxComplexity > 50` | Simplify conditional logic |
-
-### Step 4: Execute Incrementally
-
-1. **Extract one piece at a time**
-2. **Run lint, type-check, and tests after each extraction**
-3. **Verify functionality before next step**
-
-```
-For each extraction:
-  ┌────────────────────────────────────────┐
-  │ 1. Extract code                        │
-  │ 2. Run: pnpm lint:fix                  │
-  │ 3. Run: pnpm type-check:tsgo           │
-  │ 4. Run: pnpm test                      │
-  │ 5. Test functionality manually         │
-  │ 6. PASS? → Next extraction             │
-  │    FAIL? → Fix before continuing       │
-  └────────────────────────────────────────┘
-```
-
-### Step 5: Verify
-
-After refactoring:
-
-```bash
-# Re-run refactor command to verify improvements
-pnpm refactor-component <path>
-
-# If complexity < 25 and lines < 200, you'll see:
-# ✅ COMPONENT IS WELL-STRUCTURED
-
-# For detailed metrics:
-pnpm analyze-component <path> --json
-
-# Target metrics:
-# - complexity < 50
-# - lineCount < 300
-# - maxComplexity < 30
-```
-
-## Common Mistakes to Avoid
-
-### ❌ Over-Engineering
-
-```typescript
-// ❌ Too many tiny hooks
-const useButtonText = () => useState('Click')
-const useButtonDisabled = () => useState(false)
-const useButtonLoading = () => useState(false)
-
-// ✅ Cohesive hook with related state
-const useButtonState = () => {
-  const [text, setText] = useState('Click')
-  const [disabled, setDisabled] = useState(false)
-  const [loading, setLoading] = useState(false)
-  return { text, setText, disabled, setDisabled, loading, setLoading }
-}
-```
-
-### ❌ Breaking Existing Patterns
-
- Follow existing directory structures
- Maintain naming conventions
- Preserve export patterns for compatibility
-
-### ❌ Premature Abstraction
-
- Only extract when there's clear complexity benefit
- Don't create abstractions for single-use code
- Keep refactored code in the same domain area
-
-## References
-
-### Dify Codebase Examples
-
- **Hook extraction**: `web/app/components/app/configuration/hooks/`
- **Component splitting**: `web/app/components/app/configuration/`
- **Service hooks**: `web/service/use-*.ts`
- **Workflow patterns**: `web/app/components/workflow/hooks/`
- **Form patterns**: `web/app/components/base/form/`
-
-### Related Skills
-
- `frontend-testing` - For testing refactored components
- `web/testing/testing.md` - Testing specification
--- a/.claude/skills/component-refactoring/references/complexity-patterns.md
+++ b/.claude/skills/component-refactoring/references/complexity-patterns.md
@@ -1,493 +0,0 @@
-# Complexity Reduction Patterns
-
-This document provides patterns for reducing cognitive complexity in Dify React components.
-
-## Understanding Complexity
-
-### SonarJS Cognitive Complexity
-
-The `pnpm analyze-component` tool uses SonarJS cognitive complexity metrics:
-
- **Total Complexity**: Sum of all functions' complexity in the file
- **Max Complexity**: Highest single function complexity
-
-### What Increases Complexity
-
-| Pattern | Complexity Impact |
-|---------|-------------------|
-| `if/else` | +1 per branch |
-| Nested conditions | +1 per nesting level |
-| `switch/case` | +1 per case |
-| `for/while/do` | +1 per loop |
-| `&&`/`||` chains | +1 per operator |
-| Nested callbacks | +1 per nesting level |
-| `try/catch` | +1 per catch |
-| Ternary expressions | +1 per nesting |
-
-## Pattern 1: Replace Conditionals with Lookup Tables
-
-**Before** (complexity: ~15):
-
-```typescript
-const Template = useMemo(() => {
-  if (appDetail?.mode === AppModeEnum.CHAT) {
-    switch (locale) {
-      case LanguagesSupported[1]:
-        return <TemplateChatZh appDetail={appDetail} />
-      case LanguagesSupported[7]:
-        return <TemplateChatJa appDetail={appDetail} />
-      default:
-        return <TemplateChatEn appDetail={appDetail} />
-    }
-  }
-  if (appDetail?.mode === AppModeEnum.ADVANCED_CHAT) {
-    switch (locale) {
-      case LanguagesSupported[1]:
-        return <TemplateAdvancedChatZh appDetail={appDetail} />
-      case LanguagesSupported[7]:
-        return <TemplateAdvancedChatJa appDetail={appDetail} />
-      default:
-        return <TemplateAdvancedChatEn appDetail={appDetail} />
-    }
-  }
-  if (appDetail?.mode === AppModeEnum.WORKFLOW) {
-    // Similar pattern...
-  }
-  return null
-}, [appDetail, locale])
-```
-
-**After** (complexity: ~3):
-
-```typescript
-// Define lookup table outside component
-const TEMPLATE_MAP: Record<AppModeEnum, Record<string, FC<TemplateProps>>> = {
-  [AppModeEnum.CHAT]: {
-    [LanguagesSupported[1]]: TemplateChatZh,
-    [LanguagesSupported[7]]: TemplateChatJa,
-    default: TemplateChatEn,
-  },
-  [AppModeEnum.ADVANCED_CHAT]: {
-    [LanguagesSupported[1]]: TemplateAdvancedChatZh,
-    [LanguagesSupported[7]]: TemplateAdvancedChatJa,
-    default: TemplateAdvancedChatEn,
-  },
-  [AppModeEnum.WORKFLOW]: {
-    [LanguagesSupported[1]]: TemplateWorkflowZh,
-    [LanguagesSupported[7]]: TemplateWorkflowJa,
-    default: TemplateWorkflowEn,
-  },
-  // ...
-}
-
-// Clean component logic
-const Template = useMemo(() => {
-  if (!appDetail?.mode) return null
-  
-  const templates = TEMPLATE_MAP[appDetail.mode]
-  if (!templates) return null
-  
-  const TemplateComponent = templates[locale] ?? templates.default
-  return <TemplateComponent appDetail={appDetail} />
-}, [appDetail, locale])
-```
-
-## Pattern 2: Use Early Returns
-
-**Before** (complexity: ~10):
-
-```typescript
-const handleSubmit = () => {
-  if (isValid) {
-    if (hasChanges) {
-      if (isConnected) {
-        submitData()
-      } else {
-        showConnectionError()
-      }
-    } else {
-      showNoChangesMessage()
-    }
-  } else {
-    showValidationError()
-  }
-}
-```
-
-**After** (complexity: ~4):
-
-```typescript
-const handleSubmit = () => {
-  if (!isValid) {
-    showValidationError()
-    return
-  }
-  
-  if (!hasChanges) {
-    showNoChangesMessage()
-    return
-  }
-  
-  if (!isConnected) {
-    showConnectionError()
-    return
-  }
-  
-  submitData()
-}
-```
-
-## Pattern 3: Extract Complex Conditions
-
-**Before** (complexity: high):
-
-```typescript
-const canPublish = (() => {
-  if (mode !== AppModeEnum.COMPLETION) {
-    if (!isAdvancedMode)
-      return true
-
-    if (modelModeType === ModelModeType.completion) {
-      if (!hasSetBlockStatus.history || !hasSetBlockStatus.query)
-        return false
-      return true
-    }
-    return true
-  }
-  return !promptEmpty
-})()
-```
-
-**After** (complexity: lower):
-
-```typescript
-// Extract to named functions
-const canPublishInCompletionMode = () => !promptEmpty
-
-const canPublishInChatMode = () => {
-  if (!isAdvancedMode) return true
-  if (modelModeType !== ModelModeType.completion) return true
-  return hasSetBlockStatus.history && hasSetBlockStatus.query
-}
-
-// Clean main logic
-const canPublish = mode === AppModeEnum.COMPLETION
-  ? canPublishInCompletionMode()
-  : canPublishInChatMode()
-```
-
-## Pattern 4: Replace Chained Ternaries
-
-**Before** (complexity: ~5):
-
-```typescript
-const statusText = serverActivated
-  ? t('status.running')
-  : serverPublished
-    ? t('status.inactive')
-    : appUnpublished
-      ? t('status.unpublished')
-      : t('status.notConfigured')
-```
-
-**After** (complexity: ~2):
-
-```typescript
-const getStatusText = () => {
-  if (serverActivated) return t('status.running')
-  if (serverPublished) return t('status.inactive')
-  if (appUnpublished) return t('status.unpublished')
-  return t('status.notConfigured')
-}
-
-const statusText = getStatusText()
-```
-
-Or use lookup:
-
-```typescript
-const STATUS_TEXT_MAP = {
-  running: 'status.running',
-  inactive: 'status.inactive',
-  unpublished: 'status.unpublished',
-  notConfigured: 'status.notConfigured',
-} as const
-
-const getStatusKey = (): keyof typeof STATUS_TEXT_MAP => {
-  if (serverActivated) return 'running'
-  if (serverPublished) return 'inactive'
-  if (appUnpublished) return 'unpublished'
-  return 'notConfigured'
-}
-
-const statusText = t(STATUS_TEXT_MAP[getStatusKey()])
-```
-
-## Pattern 5: Flatten Nested Loops
-
-**Before** (complexity: high):
-
-```typescript
-const processData = (items: Item[]) => {
-  const results: ProcessedItem[] = []
-  
-  for (const item of items) {
-    if (item.isValid) {
-      for (const child of item.children) {
-        if (child.isActive) {
-          for (const prop of child.properties) {
-            if (prop.value !== null) {
-              results.push({
-                itemId: item.id,
-                childId: child.id,
-                propValue: prop.value,
-              })
-            }
-          }
-        }
-      }
-    }
-  }
-  
-  return results
-}
-```
-
-**After** (complexity: lower):
-
-```typescript
-// Use functional approach
-const processData = (items: Item[]) => {
-  return items
-    .filter(item => item.isValid)
-    .flatMap(item =>
-      item.children
-        .filter(child => child.isActive)
-        .flatMap(child =>
-          child.properties
-            .filter(prop => prop.value !== null)
-            .map(prop => ({
-              itemId: item.id,
-              childId: child.id,
-              propValue: prop.value,
-            }))
-        )
-    )
-}
-```
-
-## Pattern 6: Extract Event Handler Logic
-
-**Before** (complexity: high in component):
-
-```typescript
-const Component = () => {
-  const handleSelect = (data: DataSet[]) => {
-    if (isEqual(data.map(item => item.id), dataSets.map(item => item.id))) {
-      hideSelectDataSet()
-      return
-    }
-
-    formattingChangedDispatcher()
-    let newDatasets = data
-    if (data.find(item => !item.name)) {
-      const newSelected = produce(data, (draft) => {
-        data.forEach((item, index) => {
-          if (!item.name) {
-            const newItem = dataSets.find(i => i.id === item.id)
-            if (newItem)
-              draft[index] = newItem
-          }
-        })
-      })
-      setDataSets(newSelected)
-      newDatasets = newSelected
-    }
-    else {
-      setDataSets(data)
-    }
-    hideSelectDataSet()
-    
-    // 40 more lines of logic...
-  }
-  
-  return <div>...</div>
-}
-```
-
-**After** (complexity: lower):
-
-```typescript
-// Extract to hook or utility
-const useDatasetSelection = (dataSets: DataSet[], setDataSets: SetState<DataSet[]>) => {
-  const normalizeSelection = (data: DataSet[]) => {
-    const hasUnloadedItem = data.some(item => !item.name)
-    if (!hasUnloadedItem) return data
-    
-    return produce(data, (draft) => {
-      data.forEach((item, index) => {
-        if (!item.name) {
-          const existing = dataSets.find(i => i.id === item.id)
-          if (existing) draft[index] = existing
-        }
-      })
-    })
-  }
-  
-  const hasSelectionChanged = (newData: DataSet[]) => {
-    return !isEqual(
-      newData.map(item => item.id),
-      dataSets.map(item => item.id)
-    )
-  }
-  
-  return { normalizeSelection, hasSelectionChanged }
-}
-
-// Component becomes cleaner
-const Component = () => {
-  const { normalizeSelection, hasSelectionChanged } = useDatasetSelection(dataSets, setDataSets)
-  
-  const handleSelect = (data: DataSet[]) => {
-    if (!hasSelectionChanged(data)) {
-      hideSelectDataSet()
-      return
-    }
-    
-    formattingChangedDispatcher()
-    const normalized = normalizeSelection(data)
-    setDataSets(normalized)
-    hideSelectDataSet()
-  }
-  
-  return <div>...</div>
-}
-```
-
-## Pattern 7: Reduce Boolean Logic Complexity
-
-**Before** (complexity: ~8):
-
-```typescript
-const toggleDisabled = hasInsufficientPermissions
-  || appUnpublished
-  || missingStartNode
-  || triggerModeDisabled
-  || (isAdvancedApp && !currentWorkflow?.graph)
-  || (isBasicApp && !basicAppConfig.updated_at)
-```
-
-**After** (complexity: ~3):
-
-```typescript
-// Extract meaningful boolean functions
-const isAppReady = () => {
-  if (isAdvancedApp) return !!currentWorkflow?.graph
-  return !!basicAppConfig.updated_at
-}
-
-const hasRequiredPermissions = () => {
-  return isCurrentWorkspaceEditor && !hasInsufficientPermissions
-}
-
-const canToggle = () => {
-  if (!hasRequiredPermissions()) return false
-  if (!isAppReady()) return false
-  if (missingStartNode) return false
-  if (triggerModeDisabled) return false
-  return true
-}
-
-const toggleDisabled = !canToggle()
-```
-
-## Pattern 8: Simplify useMemo/useCallback Dependencies
-
-**Before** (complexity: multiple recalculations):
-
-```typescript
-const payload = useMemo(() => {
-  let parameters: Parameter[] = []
-  let outputParameters: OutputParameter[] = []
-
-  if (!published) {
-    parameters = (inputs || []).map((item) => ({
-      name: item.variable,
-      description: '',
-      form: 'llm',
-      required: item.required,
-      type: item.type,
-    }))
-    outputParameters = (outputs || []).map((item) => ({
-      name: item.variable,
-      description: '',
-      type: item.value_type,
-    }))
-  }
-  else if (detail && detail.tool) {
-    parameters = (inputs || []).map((item) => ({
-      // Complex transformation...
-    }))
-    outputParameters = (outputs || []).map((item) => ({
-      // Complex transformation...
-    }))
-  }
-  
-  return {
-    icon: detail?.icon || icon,
-    label: detail?.label || name,
-    // ...more fields
-  }
-}, [detail, published, workflowAppId, icon, name, description, inputs, outputs])
-```
-
-**After** (complexity: separated concerns):
-
-```typescript
-// Separate transformations
-const useParameterTransform = (inputs: InputVar[], detail?: ToolDetail, published?: boolean) => {
-  return useMemo(() => {
-    if (!published) {
-      return inputs.map(item => ({
-        name: item.variable,
-        description: '',
-        form: 'llm',
-        required: item.required,
-        type: item.type,
-      }))
-    }
-    
-    if (!detail?.tool) return []
-    
-    return inputs.map(item => ({
-      name: item.variable,
-      required: item.required,
-      type: item.type === 'paragraph' ? 'string' : item.type,
-      description: detail.tool.parameters.find(p => p.name === item.variable)?.llm_description || '',
-      form: detail.tool.parameters.find(p => p.name === item.variable)?.form || 'llm',
-    }))
-  }, [inputs, detail, published])
-}
-
-// Component uses hook
-const parameters = useParameterTransform(inputs, detail, published)
-const outputParameters = useOutputTransform(outputs, detail, published)
-
-const payload = useMemo(() => ({
-  icon: detail?.icon || icon,
-  label: detail?.label || name,
-  parameters,
-  outputParameters,
-  // ...
-}), [detail, icon, name, parameters, outputParameters])
-```
-
-## Target Metrics After Refactoring
-
-| Metric | Target |
-|--------|--------|
-| Total Complexity | < 50 |
-| Max Function Complexity | < 30 |
-| Function Length | < 30 lines |
-| Nesting Depth | ≤ 3 levels |
-| Conditional Chains | ≤ 3 conditions |
--- a/.claude/skills/component-refactoring/references/component-splitting.md
+++ b/.claude/skills/component-refactoring/references/component-splitting.md
@@ -1,477 +0,0 @@
-# Component Splitting Patterns
-
-This document provides detailed guidance on splitting large components into smaller, focused components in Dify.
-
-## When to Split Components
-
-Split a component when you identify:
-
-1. **Multiple UI sections** - Distinct visual areas with minimal coupling that can be composed independently
-1. **Conditional rendering blocks** - Large `{condition && <JSX />}` blocks
-1. **Repeated patterns** - Similar UI structures used multiple times
-1. **300+ lines** - Component exceeds manageable size
-1. **Modal clusters** - Multiple modals rendered in one component
-
-## Splitting Strategies
-
-### Strategy 1: Section-Based Splitting
-
-Identify visual sections and extract each as a component.
-
-```typescript
-// ❌ Before: Monolithic component (500+ lines)
-const ConfigurationPage = () => {
-  return (
-    <div>
-      {/* Header Section - 50 lines */}
-      <div className="header">
-        <h1>{t('configuration.title')}</h1>
-        <div className="actions">
-          {isAdvancedMode && <Badge>Advanced</Badge>}
-          <ModelParameterModal ... />
-          <AppPublisher ... />
-        </div>
-      </div>
-      
-      {/* Config Section - 200 lines */}
-      <div className="config">
-        <Config />
-      </div>
-      
-      {/* Debug Section - 150 lines */}
-      <div className="debug">
-        <Debug ... />
-      </div>
-      
-      {/* Modals Section - 100 lines */}
-      {showSelectDataSet && <SelectDataSet ... />}
-      {showHistoryModal && <EditHistoryModal ... />}
-      {showUseGPT4Confirm && <Confirm ... />}
-    </div>
-  )
-}
-
-// ✅ After: Split into focused components
-// configuration/
-//   ├── index.tsx              (orchestration)
-//   ├── configuration-header.tsx
-//   ├── configuration-content.tsx
-//   ├── configuration-debug.tsx
-//   └── configuration-modals.tsx
-
-// configuration-header.tsx
-interface ConfigurationHeaderProps {
-  isAdvancedMode: boolean
-  onPublish: () => void
-}
-
-const ConfigurationHeader: FC<ConfigurationHeaderProps> = ({
-  isAdvancedMode,
-  onPublish,
-}) => {
-  const { t } = useTranslation()
-  
-  return (
-    <div className="header">
-      <h1>{t('configuration.title')}</h1>
-      <div className="actions">
-        {isAdvancedMode && <Badge>Advanced</Badge>}
-        <ModelParameterModal ... />
-        <AppPublisher onPublish={onPublish} />
-      </div>
-    </div>
-  )
-}
-
-// index.tsx (orchestration only)
-const ConfigurationPage = () => {
-  const { modelConfig, setModelConfig } = useModelConfig()
-  const { activeModal, openModal, closeModal } = useModalState()
-  
-  return (
-    <div>
-      <ConfigurationHeader
-        isAdvancedMode={isAdvancedMode}
-        onPublish={handlePublish}
-      />
-      <ConfigurationContent
-        modelConfig={modelConfig}
-        onConfigChange={setModelConfig}
-      />
-      {!isMobile && (
-        <ConfigurationDebug
-          inputs={inputs}
-          onSetting={handleSetting}
-        />
-      )}
-      <ConfigurationModals
-        activeModal={activeModal}
-        onClose={closeModal}
-      />
-    </div>
-  )
-}
-```
-
-### Strategy 2: Conditional Block Extraction
-
-Extract large conditional rendering blocks.
-
-```typescript
-// ❌ Before: Large conditional blocks
-const AppInfo = () => {
-  return (
-    <div>
-      {expand ? (
-        <div className="expanded">
-          {/* 100 lines of expanded view */}
-        </div>
-      ) : (
-        <div className="collapsed">
-          {/* 50 lines of collapsed view */}
-        </div>
-      )}
-    </div>
-  )
-}
-
-// ✅ After: Separate view components
-const AppInfoExpanded: FC<AppInfoViewProps> = ({ appDetail, onAction }) => {
-  return (
-    <div className="expanded">
-      {/* Clean, focused expanded view */}
-    </div>
-  )
-}
-
-const AppInfoCollapsed: FC<AppInfoViewProps> = ({ appDetail, onAction }) => {
-  return (
-    <div className="collapsed">
-      {/* Clean, focused collapsed view */}
-    </div>
-  )
-}
-
-const AppInfo = () => {
-  return (
-    <div>
-      {expand
-        ? <AppInfoExpanded appDetail={appDetail} onAction={handleAction} />
-        : <AppInfoCollapsed appDetail={appDetail} onAction={handleAction} />
-      }
-    </div>
-  )
-}
-```
-
-### Strategy 3: Modal Extraction
-
-Extract modals with their trigger logic.
-
-```typescript
-// ❌ Before: Multiple modals in one component
-const AppInfo = () => {
-  const [showEdit, setShowEdit] = useState(false)
-  const [showDuplicate, setShowDuplicate] = useState(false)
-  const [showDelete, setShowDelete] = useState(false)
-  const [showSwitch, setShowSwitch] = useState(false)
-  
-  const onEdit = async (data) => { /* 20 lines */ }
-  const onDuplicate = async (data) => { /* 20 lines */ }
-  const onDelete = async () => { /* 15 lines */ }
-  
-  return (
-    <div>
-      {/* Main content */}
-      
-      {showEdit && <EditModal onConfirm={onEdit} onClose={() => setShowEdit(false)} />}
-      {showDuplicate && <DuplicateModal onConfirm={onDuplicate} onClose={() => setShowDuplicate(false)} />}
-      {showDelete && <DeleteConfirm onConfirm={onDelete} onClose={() => setShowDelete(false)} />}
-      {showSwitch && <SwitchModal ... />}
-    </div>
-  )
-}
-
-// ✅ After: Modal manager component
-// app-info-modals.tsx
-type ModalType = 'edit' | 'duplicate' | 'delete' | 'switch' | null
-
-interface AppInfoModalsProps {
-  appDetail: AppDetail
-  activeModal: ModalType
-  onClose: () => void
-  onSuccess: () => void
-}
-
-const AppInfoModals: FC<AppInfoModalsProps> = ({
-  appDetail,
-  activeModal,
-  onClose,
-  onSuccess,
-}) => {
-  const handleEdit = async (data) => { /* logic */ }
-  const handleDuplicate = async (data) => { /* logic */ }
-  const handleDelete = async () => { /* logic */ }
-
-  return (
-    <>
-      {activeModal === 'edit' && (
-        <EditModal
-          appDetail={appDetail}
-          onConfirm={handleEdit}
-          onClose={onClose}
-        />
-      )}
-      {activeModal === 'duplicate' && (
-        <DuplicateModal
-          appDetail={appDetail}
-          onConfirm={handleDuplicate}
-          onClose={onClose}
-        />
-      )}
-      {activeModal === 'delete' && (
-        <DeleteConfirm
-          onConfirm={handleDelete}
-          onClose={onClose}
-        />
-      )}
-      {activeModal === 'switch' && (
-        <SwitchModal
-          appDetail={appDetail}
-          onClose={onClose}
-        />
-      )}
-    </>
-  )
-}
-
-// Parent component
-const AppInfo = () => {
-  const { activeModal, openModal, closeModal } = useModalState()
-  
-  return (
-    <div>
-      {/* Main content with openModal triggers */}
-      <Button onClick={() => openModal('edit')}>Edit</Button>
-      
-      <AppInfoModals
-        appDetail={appDetail}
-        activeModal={activeModal}
-        onClose={closeModal}
-        onSuccess={handleSuccess}
-      />
-    </div>
-  )
-}
-```
-
-### Strategy 4: List Item Extraction
-
-Extract repeated item rendering.
-
-```typescript
-// ❌ Before: Inline item rendering
-const OperationsList = () => {
-  return (
-    <div>
-      {operations.map(op => (
-        <div key={op.id} className="operation-item">
-          <span className="icon">{op.icon}</span>
-          <span className="title">{op.title}</span>
-          <span className="description">{op.description}</span>
-          <button onClick={() => op.onClick()}>
-            {op.actionLabel}
-          </button>
-          {op.badge && <Badge>{op.badge}</Badge>}
-          {/* More complex rendering... */}
-        </div>
-      ))}
-    </div>
-  )
-}
-
-// ✅ After: Extracted item component
-interface OperationItemProps {
-  operation: Operation
-  onAction: (id: string) => void
-}
-
-const OperationItem: FC<OperationItemProps> = ({ operation, onAction }) => {
-  return (
-    <div className="operation-item">
-      <span className="icon">{operation.icon}</span>
-      <span className="title">{operation.title}</span>
-      <span className="description">{operation.description}</span>
-      <button onClick={() => onAction(operation.id)}>
-        {operation.actionLabel}
-      </button>
-      {operation.badge && <Badge>{operation.badge}</Badge>}
-    </div>
-  )
-}
-
-const OperationsList = () => {
-  const handleAction = useCallback((id: string) => {
-    const op = operations.find(o => o.id === id)
-    op?.onClick()
-  }, [operations])
-
-  return (
-    <div>
-      {operations.map(op => (
-        <OperationItem
-          key={op.id}
-          operation={op}
-          onAction={handleAction}
-        />
-      ))}
-    </div>
-  )
-}
-```
-
-## Directory Structure Patterns
-
-### Pattern A: Flat Structure (Simple Components)
-
-For components with 2-3 sub-components:
-
-```
-component-name/
-  ├── index.tsx           # Main component
-  ├── sub-component-a.tsx
-  ├── sub-component-b.tsx
-  └── types.ts            # Shared types
-```
-
-### Pattern B: Nested Structure (Complex Components)
-
-For components with many sub-components:
-
-```
-component-name/
-  ├── index.tsx           # Main orchestration
-  ├── types.ts            # Shared types
-  ├── hooks/
-  │   ├── use-feature-a.ts
-  │   └── use-feature-b.ts
-  ├── components/
-  │   ├── header/
-  │   │   └── index.tsx
-  │   ├── content/
-  │   │   └── index.tsx
-  │   └── modals/
-  │       └── index.tsx
-  └── utils/
-      └── helpers.ts
-```
-
-### Pattern C: Feature-Based Structure (Dify Standard)
-
-Following Dify's existing patterns:
-
-```
-configuration/
-  ├── index.tsx           # Main page component
-  ├── base/               # Base/shared components
-  │   ├── feature-panel/
-  │   ├── group-name/
-  │   └── operation-btn/
-  ├── config/             # Config section
-  │   ├── index.tsx
-  │   ├── agent/
-  │   └── automatic/
-  ├── dataset-config/     # Dataset section
-  │   ├── index.tsx
-  │   ├── card-item/
-  │   └── params-config/
-  ├── debug/              # Debug section
-  │   ├── index.tsx
-  │   └── hooks.tsx
-  └── hooks/              # Shared hooks
-      └── use-advanced-prompt-config.ts
-```
-
-## Props Design
-
-### Minimal Props Principle
-
-Pass only what's needed:
-
-```typescript
-// ❌ Bad: Passing entire objects when only some fields needed
-<ConfigHeader appDetail={appDetail} modelConfig={modelConfig} />
-
-// ✅ Good: Destructure to minimum required
-<ConfigHeader
-  appName={appDetail.name}
-  isAdvancedMode={modelConfig.isAdvanced}
-  onPublish={handlePublish}
-/>
-```
-
-### Callback Props Pattern
-
-Use callbacks for child-to-parent communication:
-
-```typescript
-// Parent
-const Parent = () => {
-  const [value, setValue] = useState('')
-  
-  return (
-    <Child
-      value={value}
-      onChange={setValue}
-      onSubmit={handleSubmit}
-    />
-  )
-}
-
-// Child
-interface ChildProps {
-  value: string
-  onChange: (value: string) => void
-  onSubmit: () => void
-}
-
-const Child: FC<ChildProps> = ({ value, onChange, onSubmit }) => {
-  return (
-    <div>
-      <input value={value} onChange={e => onChange(e.target.value)} />
-      <button onClick={onSubmit}>Submit</button>
-    </div>
-  )
-}
-```
-
-### Render Props for Flexibility
-
-When sub-components need parent context:
-
-```typescript
-interface ListProps<T> {
-  items: T[]
-  renderItem: (item: T, index: number) => React.ReactNode
-  renderEmpty?: () => React.ReactNode
-}
-
-function List<T>({ items, renderItem, renderEmpty }: ListProps<T>) {
-  if (items.length === 0 && renderEmpty) {
-    return <>{renderEmpty()}</>
-  }
-  
-  return (
-    <div>
-      {items.map((item, index) => renderItem(item, index))}
-    </div>
-  )
-}
-
-// Usage
-<List
-  items={operations}
-  renderItem={(op, i) => <OperationItem key={i} operation={op} />}
-  renderEmpty={() => <EmptyState message="No operations" />}
-/>
-```
--- a/.claude/skills/component-refactoring/references/hook-extraction.md
+++ b/.claude/skills/component-refactoring/references/hook-extraction.md
@@ -1,317 +0,0 @@
-# Hook Extraction Patterns
-
-This document provides detailed guidance on extracting custom hooks from complex components in Dify.
-
-## When to Extract Hooks
-
-Extract a custom hook when you identify:
-
-1. **Coupled state groups** - Multiple `useState` hooks that are always used together
-1. **Complex effects** - `useEffect` with multiple dependencies or cleanup logic
-1. **Business logic** - Data transformations, validations, or calculations
-1. **Reusable patterns** - Logic that appears in multiple components
-
-## Extraction Process
-
-### Step 1: Identify State Groups
-
-Look for state variables that are logically related:
-
-```typescript
-// ❌ These belong together - extract to hook
-const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
-const [completionParams, setCompletionParams] = useState<FormValue>({})
-const [modelModeType, setModelModeType] = useState<ModelModeType>(...)
-
-// These are model-related state that should be in useModelConfig()
-```
-
-### Step 2: Identify Related Effects
-
-Find effects that modify the grouped state:
-
-```typescript
-// ❌ These effects belong with the state above
-useEffect(() => {
-  if (hasFetchedDetail && !modelModeType) {
-    const mode = currModel?.model_properties.mode
-    if (mode) {
-      const newModelConfig = produce(modelConfig, (draft) => {
-        draft.mode = mode
-      })
-      setModelConfig(newModelConfig)
-    }
-  }
-}, [textGenerationModelList, hasFetchedDetail, modelModeType, currModel])
-```
-
-### Step 3: Create the Hook
-
-```typescript
-// hooks/use-model-config.ts
-import type { FormValue } from '@/app/components/header/account-setting/model-provider-page/declarations'
-import type { ModelConfig } from '@/models/debug'
-import { produce } from 'immer'
-import { useEffect, useState } from 'react'
-import { ModelModeType } from '@/types/app'
-
-interface UseModelConfigParams {
-  initialConfig?: Partial<ModelConfig>
-  currModel?: { model_properties?: { mode?: ModelModeType } }
-  hasFetchedDetail: boolean
-}
-
-interface UseModelConfigReturn {
-  modelConfig: ModelConfig
-  setModelConfig: (config: ModelConfig) => void
-  completionParams: FormValue
-  setCompletionParams: (params: FormValue) => void
-  modelModeType: ModelModeType
-}
-
-export const useModelConfig = ({
-  initialConfig,
-  currModel,
-  hasFetchedDetail,
-}: UseModelConfigParams): UseModelConfigReturn => {
-  const [modelConfig, setModelConfig] = useState<ModelConfig>({
-    provider: 'langgenius/openai/openai',
-    model_id: 'gpt-3.5-turbo',
-    mode: ModelModeType.unset,
-    // ... default values
-    ...initialConfig,
-  })
-  
-  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
-  const modelModeType = modelConfig.mode
-
-  // Fill old app data missing model mode
-  useEffect(() => {
-    if (hasFetchedDetail && !modelModeType) {
-      const mode = currModel?.model_properties?.mode
-      if (mode) {
-        setModelConfig(produce(modelConfig, (draft) => {
-          draft.mode = mode
-        }))
-      }
-    }
-  }, [hasFetchedDetail, modelModeType, currModel])
-
-  return {
-    modelConfig,
-    setModelConfig,
-    completionParams,
-    setCompletionParams,
-    modelModeType,
-  }
-}
-```
-
-### Step 4: Update Component
-
-```typescript
-// Before: 50+ lines of state management
-const Configuration: FC = () => {
-  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
-  // ... lots of related state and effects
-}
-
-// After: Clean component
-const Configuration: FC = () => {
-  const {
-    modelConfig,
-    setModelConfig,
-    completionParams,
-    setCompletionParams,
-    modelModeType,
-  } = useModelConfig({
-    currModel,
-    hasFetchedDetail,
-  })
-  
-  // Component now focuses on UI
-}
-```
-
-## Naming Conventions
-
-### Hook Names
-
- Use `use` prefix: `useModelConfig`, `useDatasetConfig`
- Be specific: `useAdvancedPromptConfig` not `usePrompt`
- Include domain: `useWorkflowVariables`, `useMCPServer`
-
-### File Names
-
- Kebab-case: `use-model-config.ts`
- Place in `hooks/` subdirectory when multiple hooks exist
- Place alongside component for single-use hooks
-
-### Return Type Names
-
- Suffix with `Return`: `UseModelConfigReturn`
- Suffix params with `Params`: `UseModelConfigParams`
-
-## Common Hook Patterns in Dify
-
-### 1. Data Fetching Hook (React Query)
-
-```typescript
-// Pattern: Use @tanstack/react-query for data fetching
-import { useQuery, useQueryClient } from '@tanstack/react-query'
-import { get } from '@/service/base'
-import { useInvalid } from '@/service/use-base'
-
-const NAME_SPACE = 'appConfig'
-
-// Query keys for cache management
-export const appConfigQueryKeys = {
-  detail: (appId: string) => [NAME_SPACE, 'detail', appId] as const,
-}
-
-// Main data hook
-export const useAppConfig = (appId: string) => {
-  return useQuery({
-    enabled: !!appId,
-    queryKey: appConfigQueryKeys.detail(appId),
-    queryFn: () => get<AppDetailResponse>(`/apps/${appId}`),
-    select: data => data?.model_config || null,
-  })
-}
-
-// Invalidation hook for refreshing data
-export const useInvalidAppConfig = () => {
-  return useInvalid([NAME_SPACE])
-}
-
-// Usage in component
-const Component = () => {
-  const { data: config, isLoading, error, refetch } = useAppConfig(appId)
-  const invalidAppConfig = useInvalidAppConfig()
-  
-  const handleRefresh = () => {
-    invalidAppConfig() // Invalidates cache and triggers refetch
-  }
-  
-  return <div>...</div>
-}
-```
-
-### 2. Form State Hook
-
-```typescript
-// Pattern: Form state + validation + submission
-export const useConfigForm = (initialValues: ConfigFormValues) => {
-  const [values, setValues] = useState(initialValues)
-  const [errors, setErrors] = useState<Record<string, string>>({})
-  const [isSubmitting, setIsSubmitting] = useState(false)
-
-  const validate = useCallback(() => {
-    const newErrors: Record<string, string> = {}
-    if (!values.name) newErrors.name = 'Name is required'
-    setErrors(newErrors)
-    return Object.keys(newErrors).length === 0
-  }, [values])
-
-  const handleChange = useCallback((field: string, value: any) => {
-    setValues(prev => ({ ...prev, [field]: value }))
-  }, [])
-
-  const handleSubmit = useCallback(async (onSubmit: (values: ConfigFormValues) => Promise<void>) => {
-    if (!validate()) return
-    setIsSubmitting(true)
-    try {
-      await onSubmit(values)
-    } finally {
-      setIsSubmitting(false)
-    }
-  }, [values, validate])
-
-  return { values, errors, isSubmitting, handleChange, handleSubmit }
-}
-```
-
-### 3. Modal State Hook
-
-```typescript
-// Pattern: Multiple modal management
-type ModalType = 'edit' | 'delete' | 'duplicate' | null
-
-export const useModalState = () => {
-  const [activeModal, setActiveModal] = useState<ModalType>(null)
-  const [modalData, setModalData] = useState<any>(null)
-
-  const openModal = useCallback((type: ModalType, data?: any) => {
-    setActiveModal(type)
-    setModalData(data)
-  }, [])
-
-  const closeModal = useCallback(() => {
-    setActiveModal(null)
-    setModalData(null)
-  }, [])
-
-  return {
-    activeModal,
-    modalData,
-    openModal,
-    closeModal,
-    isOpen: useCallback((type: ModalType) => activeModal === type, [activeModal]),
-  }
-}
-```
-
-### 4. Toggle/Boolean Hook
-
-```typescript
-// Pattern: Boolean state with convenience methods
-export const useToggle = (initialValue = false) => {
-  const [value, setValue] = useState(initialValue)
-
-  const toggle = useCallback(() => setValue(v => !v), [])
-  const setTrue = useCallback(() => setValue(true), [])
-  const setFalse = useCallback(() => setValue(false), [])
-
-  return [value, { toggle, setTrue, setFalse, set: setValue }] as const
-}
-
-// Usage
-const [isExpanded, { toggle, setTrue: expand, setFalse: collapse }] = useToggle()
-```
-
-## Testing Extracted Hooks
-
-After extraction, test hooks in isolation:
-
-```typescript
-// use-model-config.spec.ts
-import { renderHook, act } from '@testing-library/react'
-import { useModelConfig } from './use-model-config'
-
-describe('useModelConfig', () => {
-  it('should initialize with default values', () => {
-    const { result } = renderHook(() => useModelConfig({
-      hasFetchedDetail: false,
-    }))
-
-    expect(result.current.modelConfig.provider).toBe('langgenius/openai/openai')
-    expect(result.current.modelModeType).toBe(ModelModeType.unset)
-  })
-
-  it('should update model config', () => {
-    const { result } = renderHook(() => useModelConfig({
-      hasFetchedDetail: true,
-    }))
-
-    act(() => {
-      result.current.setModelConfig({
-        ...result.current.modelConfig,
-        model_id: 'gpt-4',
-      })
-    })
-
-    expect(result.current.modelConfig.model_id).toBe('gpt-4')
-  })
-})
-```
--- a/.claude/skills/frontend-code-review/SKILL.md
+++ b/.claude/skills/frontend-code-review/SKILL.md
@@ -1,73 +0,0 @@
---
-name: frontend-code-review
-description: "Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support both pending-change reviews and focused file reviews while applying the checklist rules."
---
-
-# Frontend Code Review
-
-## Intent
-Use this skill whenever the user asks to review frontend code (especially `.tsx`, `.ts`, or `.js` files). Support two review modes:
-
-1. **Pending-change review** – inspect staged/working-tree files slated for commit and flag checklist violations before submission.
-2. **File-targeted review** – review the specific file(s) the user names and report the relevant checklist findings.
-
-Stick to the checklist below for every applicable file and mode.
-
-## Checklist
-See [references/code-quality.md](references/code-quality.md), [references/performance.md](references/performance.md), [references/business-logic.md](references/business-logic.md) for the living checklist split by category—treat it as the canonical set of rules to follow.
-
-Flag each rule violation with urgency metadata so future reviewers can prioritize fixes.
-
-## Review Process
-1. Open the relevant component/module. Gather lines that relate to class names, React Flow hooks, prop memoization, and styling.
-2. For each rule in the review point, note where the code deviates and capture a representative snippet.
-3. Compose the review section per the template below. Group violations first by **Urgent** flag, then by category order (Code Quality, Performance, Business Logic).
-
-## Required output
-When invoked, the response must exactly follow one of the two templates:
-
-### Template A (any findings)
-```
-# Code review
-Found <N> urgent issues need to be fixed:
-
-## 1 <brief description of bug>
-FilePath: <path> line <line>
-<relevant code snippet or pointer>
-
-
-### Suggested fix
-<brief description of suggested fix>
-
---
-... (repeat for each urgent issue) ...
-
-Found <M> suggestions for improvement:
-
-## 1 <brief description of suggestion>
-FilePath: <path> line <line>
-<relevant code snippet or pointer>
-
-
-### Suggested fix
-<brief description of suggested fix>
-
---
-
-... (repeat for each suggestion) ...
-```
-
-If there are no urgent issues, omit that section. If there are no suggestions, omit that section.
-
-If the issue number is more than 10, summarize as "10+ urgent issues" or "10+ suggestions" and just output the first 10 issues.
-
-Don't compress the blank lines between sections; keep them as-is for readability.
-
-If you use Template A (i.e., there are issues to fix) and at least one issue requires code changes, append a brief follow-up question after the structured output asking whether the user wants you to apply the suggested fix(es). For example: "Would you like me to use the Suggested fix section to address these issues?"
-
-### Template B (no issues)
-```
-## Code review
-No issues found.
-```
-
--- a/.claude/skills/frontend-code-review/references/business-logic.md
+++ b/.claude/skills/frontend-code-review/references/business-logic.md
@@ -1,15 +0,0 @@
-# Rule Catalog — Business Logic
-
-## Can't use workflowStore in Node components
-
-IsUrgent: True
-
-### Description
-
-File path pattern of node components: `web/app/components/workflow/nodes/[nodeName]/node.tsx`
-
-Node components are also used when creating a RAG Pipe from a template, but in that context there is no workflowStore Provider, which results in a blank screen. [This Issue](https://github.com/langgenius/dify/issues/29168) was caused by exactly this reason.
-
-### Suggested Fix
-
-Use `import { useNodes } from 'reactflow'` instead of `import useNodes from '@/app/components/workflow/store/workflow/use-nodes'`.
--- a/.claude/skills/frontend-code-review/references/code-quality.md
+++ b/.claude/skills/frontend-code-review/references/code-quality.md
@@ -1,44 +0,0 @@
-# Rule Catalog — Code Quality
-
-## Conditional class names use utility function
-
-IsUrgent: True
-Category: Code Quality
-
-### Description
-
-Ensure conditional CSS is handled via the shared `classNames` instead of custom ternaries, string concatenation, or template strings. Centralizing class logic keeps components consistent and easier to maintain.
-
-### Suggested Fix
-
-```ts
-import { cn } from '@/utils/classnames'
-const classNames = cn(isActive ? 'text-primary-600' : 'text-gray-500')
-```
-
-## Tailwind-first styling
-
-IsUrgent: True
-Category: Code Quality
-
-### Description
-
-Favor Tailwind CSS utility classes instead of adding new `.module.css` files unless a Tailwind combination cannot achieve the required styling. Keeping styles in Tailwind improves consistency and reduces maintenance overhead.
-
-Update this file when adding, editing, or removing Code Quality rules so the catalog remains accurate.
-
-## Classname ordering for easy overrides
-
-### Description
-
-When writing components, always place the incoming `className` prop after the component’s own class values so that downstream consumers can override or extend the styling. This keeps your component’s defaults but still lets external callers change or remove specific styles.
-
-Example:
-
-```tsx
-import { cn } from '@/utils/classnames'
-
-const Button = ({ className }) => {
-  return <div className={cn('bg-primary-600', className)}></div>
-}
-```
--- a/.claude/skills/frontend-code-review/references/performance.md
+++ b/.claude/skills/frontend-code-review/references/performance.md
@@ -1,45 +0,0 @@
-# Rule Catalog — Performance
-
-## React Flow data usage
-
-IsUrgent: True
-Category: Performance
-
-### Description
-
-When rendering React Flow, prefer `useNodes`/`useEdges` for UI consumption and rely on `useStoreApi` inside callbacks that mutate or read node/edge state. Avoid manually pulling Flow data outside of these hooks.
-
-## Complex prop memoization
-
-IsUrgent: True
-Category: Performance
-
-### Description
-
-Wrap complex prop values (objects, arrays, maps) in `useMemo` prior to passing them into child components to guarantee stable references and prevent unnecessary renders.
-
-Update this file when adding, editing, or removing Performance rules so the catalog remains accurate.
-
-Wrong:
-
-```tsx
-<HeavyComp
-    config={{
-        provider: ...,
-        detail: ...
-    }}
-/>
-```
-
-Right:
-
-```tsx
-const config = useMemo(() => ({
-    provider: ...,
-    detail: ...
-}), [provider, detail]);
-
-<HeavyComp
-    config={config}
-/>
-```
--- a/.claude/skills/frontend-testing/references/checklist.md
+++ b/.claude/skills/frontend-testing/references/checklist.md
@@ -74,9 +74,9 @@ Use this checklist when generating or reviewing tests for Dify frontend componen
 ### Mocks

 - [ ] **DO NOT mock base components** (`@/app/components/base/*`)
- [ ] `vi.clearAllMocks()` in `beforeEach` (not `afterEach`)
+- [ ] `jest.clearAllMocks()` in `beforeEach` (not `afterEach`)
 - [ ] Shared mock state reset in `beforeEach`
- [ ] i18n uses global mock (auto-loaded in `web/vitest.setup.ts`); only override locally for custom translations
+- [ ] i18n mock returns keys (not empty strings)
 - [ ] Router mocks match actual Next.js API
 - [ ] Mocks reflect actual component conditional behavior
 - [ ] Only mock: API services, complex context providers, third-party libs
@@ -114,15 +114,15 @@ For the current file being tested:

 **Run these checks after EACH test file, not just at the end:**

- [ ] Run `pnpm test path/to/file.spec.tsx` - **MUST PASS before next file**
+- [ ] Run `pnpm test -- path/to/file.spec.tsx` - **MUST PASS before next file**
 - [ ] Fix any failures immediately
 - [ ] Mark file as complete in todo list
 - [ ] Only then proceed to next file

 ### After All Files Complete

- [ ] Run full directory test: `pnpm test path/to/directory/`
- [ ] Check coverage report: `pnpm test:coverage`
+- [ ] Run full directory test: `pnpm test -- path/to/directory/`
+- [ ] Check coverage report: `pnpm test -- --coverage`
 - [ ] Run `pnpm lint:fix` on all test files
 - [ ] Run `pnpm type-check:tsgo`

@@ -132,10 +132,10 @@ For the current file being tested:

 ```typescript
 // ❌ Mock doesn't match actual behavior
-vi.mock('./Component', () => () => <div>Mocked</div>)
+jest.mock('./Component', () => () => <div>Mocked</div>)

 // ✅ Mock matches actual conditional logic
-vi.mock('./Component', () => ({ isOpen }: any) =>
+jest.mock('./Component', () => ({ isOpen }: any) =>
  isOpen ? <div>Content</div> : null
 )
 ```
@@ -145,7 +145,7 @@ vi.mock('./Component', () => ({ isOpen }: any) =>
 ```typescript
 // ❌ Shared state not reset
 let mockState = false
-vi.mock('./useHook', () => () => mockState)
+jest.mock('./useHook', () => () => mockState)

 // ✅ Reset in beforeEach
 beforeEach(() => {
@@ -186,16 +186,16 @@ Always test these scenarios:

 ```bash
 # Run specific test
-pnpm test path/to/file.spec.tsx
+pnpm test -- path/to/file.spec.tsx

 # Run with coverage
-pnpm test:coverage path/to/file.spec.tsx
+pnpm test -- --coverage path/to/file.spec.tsx

 # Watch mode
-pnpm test:watch path/to/file.spec.tsx
+pnpm test -- --watch path/to/file.spec.tsx

 # Update snapshots (use sparingly)
-pnpm test -u path/to/file.spec.tsx
+pnpm test -- -u path/to/file.spec.tsx

 # Analyze component
 pnpm analyze-component path/to/component.tsx
--- a/.claude/skills/frontend-testing/SKILL.md
+++ b/.claude/skills/frontend-testing/SKILL.md
@@ -1,13 +1,13 @@
 ---
-name: frontend-testing
-description: Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and utilities. Triggers on testing, spec files, coverage, Vitest, RTL, unit tests, integration tests, or write/review test requests.
+name: Dify Frontend Testing
+description: Generate Jest + React Testing Library tests for Dify frontend components, hooks, and utilities. Triggers on testing, spec files, coverage, Jest, RTL, unit tests, integration tests, or write/review test requests.
 ---

 # Dify Frontend Testing Skill

 This skill enables Claude to generate high-quality, comprehensive frontend tests for the Dify project following established conventions and best practices.

-> **⚠️ Authoritative Source**: This skill is derived from `web/testing/testing.md`. Use Vitest mock/timer APIs (`vi.*`).
+> **⚠️ Authoritative Source**: This skill is derived from `web/testing/testing.md`. When in doubt, always refer to that document as the canonical specification.

 ## When to Apply This Skill

@@ -15,7 +15,7 @@ Apply this skill when the user:

 - Asks to **write tests** for a component, hook, or utility
 - Asks to **review existing tests** for completeness
- Mentions **Vitest**, **React Testing Library**, **RTL**, or **spec files**
+- Mentions **Jest**, **React Testing Library**, **RTL**, or **spec files**
 - Requests **test coverage** improvement
 - Uses `pnpm analyze-component` output as context
 - Mentions **testing**, **unit tests**, or **integration tests** for frontend code
@@ -33,9 +33,9 @@ Apply this skill when the user:

 | Tool | Version | Purpose |
 |------|---------|---------|
-| Vitest | 4.0.16 | Test runner |
+| Jest | 29.7 | Test runner |
 | React Testing Library | 16.0 | Component testing |
-| jsdom | - | Test environment |
+| happy-dom | - | Test environment |
 | nock | 14.0 | HTTP mocking |
 | TypeScript | 5.x | Type safety |

@@ -46,13 +46,13 @@ Apply this skill when the user:
 pnpm test

 # Watch mode
-pnpm test:watch
+pnpm test -- --watch

 # Run specific file
-pnpm test path/to/file.spec.tsx
+pnpm test -- path/to/file.spec.tsx

 # Generate coverage report
-pnpm test:coverage
+pnpm test -- --coverage

 # Analyze component complexity
 pnpm analyze-component <path>
@@ -77,9 +77,9 @@ import Component from './index'
 // import { ChildComponent } from './child-component'

 // ✅ Mock external dependencies only
-vi.mock('@/service/api')
-vi.mock('next/navigation', () => ({
-  useRouter: () => ({ push: vi.fn() }),
+jest.mock('@/service/api')
+jest.mock('next/navigation', () => ({
+  useRouter: () => ({ push: jest.fn() }),
  usePathname: () => '/test',
 }))

@@ -88,7 +88,7 @@ let mockSharedState = false

 describe('ComponentName', () => {
  beforeEach(() => {
-    vi.clearAllMocks()  // ✅ Reset mocks BEFORE each test
+    jest.clearAllMocks()  // ✅ Reset mocks BEFORE each test
    mockSharedState = false  // ✅ Reset shared state
  })

@@ -117,7 +117,7 @@ describe('ComponentName', () => {
  // User Interactions
  describe('User Interactions', () => {
    it('should handle click events', () => {
-      const handleClick = vi.fn()
+      const handleClick = jest.fn()
      render(<Component onClick={handleClick} />)
      
      fireEvent.click(screen.getByRole('button'))
@@ -155,7 +155,7 @@ describe('ComponentName', () => {
 For each file:
  ┌────────────────────────────────────────┐
  │ 1. Write test                          │
-  │ 2. Run: pnpm test <file>.spec.tsx      │
+  │ 2. Run: pnpm test -- <file>.spec.tsx   │
  │ 3. PASS? → Mark complete, next file    │
  │    FAIL? → Fix first, then continue    │
  └────────────────────────────────────────┘
@@ -178,7 +178,7 @@ Process in this order for multi-file testing:
 - **500+ lines**: Consider splitting before testing
 - **Many dependencies**: Extract logic into hooks first

-> 📖 See `references/workflow.md` for complete workflow details and todo list format.
+> 📖 See `guides/workflow.md` for complete workflow details and todo list format.

 ## Testing Strategy

@@ -289,18 +289,17 @@ For each test file generated, aim for:
 - ✅ **>95%** branch coverage
 - ✅ **>95%** line coverage

-> **Note**: For multi-file directories, process one file at a time with full coverage each. See `references/workflow.md`.
+> **Note**: For multi-file directories, process one file at a time with full coverage each. See `guides/workflow.md`.

 ## Detailed Guides

 For more detailed information, refer to:

- `references/workflow.md` - **Incremental testing workflow** (MUST READ for multi-file testing)
- `references/mocking.md` - Mock patterns and best practices
- `references/async-testing.md` - Async operations and API calls
- `references/domain-components.md` - Workflow, Dataset, Configuration testing
- `references/common-patterns.md` - Frequently used testing patterns
- `references/checklist.md` - Test generation checklist and validation steps
+- `guides/workflow.md` - **Incremental testing workflow** (MUST READ for multi-file testing)
+- `guides/mocking.md` - Mock patterns and best practices
+- `guides/async-testing.md` - Async operations and API calls
+- `guides/domain-components.md` - Workflow, Dataset, Configuration testing
+- `guides/common-patterns.md` - Frequently used testing patterns

 ## Authoritative References

@@ -316,7 +315,6 @@ For more detailed information, refer to:

 ### Project Configuration

- `web/vitest.config.ts` - Vitest configuration
- `web/vitest.setup.ts` - Test environment setup
- `web/scripts/analyze-component.js` - Component analysis tool
- Modules are not mocked automatically. Global mocks live in `web/vitest.setup.ts` (for example `react-i18next`, `next/image`); mock other modules like `ky` or `mime` locally in test files.
+- `web/jest.config.ts` - Jest configuration
+- `web/jest.setup.ts` - Test environment setup
+- `web/testing/analyze-component.js` - Component analysis tool
--- a/.claude/skills/frontend-testing/references/async-testing.md
+++ b/.claude/skills/frontend-testing/references/async-testing.md
@@ -49,7 +49,7 @@ import userEvent from '@testing-library/user-event'

 it('should submit form', async () => {
  const user = userEvent.setup()
-  const onSubmit = vi.fn()
+  const onSubmit = jest.fn()
  
  render(<Form onSubmit={onSubmit} />)
  
@@ -77,15 +77,15 @@ it('should submit form', async () => {
 ```typescript
 describe('Debounced Search', () => {
  beforeEach(() => {
-    vi.useFakeTimers()
+    jest.useFakeTimers()
  })

  afterEach(() => {
-    vi.useRealTimers()
+    jest.useRealTimers()
  })

  it('should debounce search input', async () => {
-    const onSearch = vi.fn()
+    const onSearch = jest.fn()
    render(<SearchInput onSearch={onSearch} debounceMs={300} />)
    
    // Type in the input
@@ -95,7 +95,7 @@ describe('Debounced Search', () => {
    expect(onSearch).not.toHaveBeenCalled()
    
    // Advance timers
-    vi.advanceTimersByTime(300)
+    jest.advanceTimersByTime(300)
    
    // Now search is called
    expect(onSearch).toHaveBeenCalledWith('query')
@@ -107,8 +107,8 @@ describe('Debounced Search', () => {

 ```typescript
 it('should retry on failure', async () => {
-  vi.useFakeTimers()
-  const fetchData = vi.fn()
+  jest.useFakeTimers()
+  const fetchData = jest.fn()
    .mockRejectedValueOnce(new Error('Network error'))
    .mockResolvedValueOnce({ data: 'success' })
  
@@ -120,7 +120,7 @@ it('should retry on failure', async () => {
  })
  
  // Advance timer for retry
-  vi.advanceTimersByTime(1000)
+  jest.advanceTimersByTime(1000)
  
  // Second call succeeds
  await waitFor(() => {
@@ -128,7 +128,7 @@ it('should retry on failure', async () => {
    expect(screen.getByText('success')).toBeInTheDocument()
  })
  
-  vi.useRealTimers()
+  jest.useRealTimers()
 })
 ```

@@ -136,19 +136,19 @@ it('should retry on failure', async () => {

 ```typescript
 // Run all pending timers
-vi.runAllTimers()
+jest.runAllTimers()

 // Run only pending timers (not new ones created during execution)
-vi.runOnlyPendingTimers()
+jest.runOnlyPendingTimers()

 // Advance by specific time
-vi.advanceTimersByTime(1000)
+jest.advanceTimersByTime(1000)

 // Get current fake time
-Date.now()
+jest.now()

 // Clear all timers
-vi.clearAllTimers()
+jest.clearAllTimers()
 ```

 ## API Testing Patterns
@@ -158,7 +158,7 @@ vi.clearAllTimers()
 ```typescript
 describe('DataFetcher', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
  })

  it('should show loading state', () => {
@@ -241,7 +241,7 @@ it('should submit form and show success', async () => {

 ```typescript
 it('should fetch data on mount', async () => {
-  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
+  const fetchData = jest.fn().mockResolvedValue({ data: 'test' })
  
  render(<ComponentWithEffect fetchData={fetchData} />)
  
@@ -255,7 +255,7 @@ it('should fetch data on mount', async () => {

 ```typescript
 it('should refetch when id changes', async () => {
-  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
+  const fetchData = jest.fn().mockResolvedValue({ data: 'test' })
  
  const { rerender } = render(<ComponentWithEffect id="1" fetchData={fetchData} />)
  
@@ -276,8 +276,8 @@ it('should refetch when id changes', async () => {

 ```typescript
 it('should cleanup subscription on unmount', () => {
-  const subscribe = vi.fn()
-  const unsubscribe = vi.fn()
+  const subscribe = jest.fn()
+  const unsubscribe = jest.fn()
  subscribe.mockReturnValue(unsubscribe)
  
  const { unmount } = render(<SubscriptionComponent subscribe={subscribe} />)
@@ -332,14 +332,14 @@ expect(description).toBeInTheDocument()

 ```typescript
 // Bad - fake timers don't work well with real Promises
-vi.useFakeTimers()
+jest.useFakeTimers()
 await waitFor(() => {
  expect(screen.getByText('Data')).toBeInTheDocument()
 }) // May timeout!

 // Good - use runAllTimers or advanceTimersByTime
-vi.useFakeTimers()
+jest.useFakeTimers()
 render(<Component />)
-vi.runAllTimers()
+jest.runAllTimers()
 expect(screen.getByText('Data')).toBeInTheDocument()
 ```
--- a/.claude/skills/frontend-testing/references/common-patterns.md
+++ b/.claude/skills/frontend-testing/references/common-patterns.md
@@ -126,7 +126,7 @@ describe('Counter', () => {
 describe('ControlledInput', () => {
  it('should call onChange with new value', async () => {
    const user = userEvent.setup()
-    const handleChange = vi.fn()
+    const handleChange = jest.fn()
    
    render(<ControlledInput value="" onChange={handleChange} />)
    
@@ -136,7 +136,7 @@ describe('ControlledInput', () => {
  })

  it('should display controlled value', () => {
-    render(<ControlledInput value="controlled" onChange={vi.fn()} />)
+    render(<ControlledInput value="controlled" onChange={jest.fn()} />)
    
    expect(screen.getByRole('textbox')).toHaveValue('controlled')
  })
@@ -195,7 +195,7 @@ describe('ItemList', () => {

  it('should handle item selection', async () => {
    const user = userEvent.setup()
-    const onSelect = vi.fn()
+    const onSelect = jest.fn()
    
    render(<ItemList items={items} onSelect={onSelect} />)
    
@@ -217,20 +217,20 @@ describe('ItemList', () => {
 ```typescript
 describe('Modal', () => {
  it('should not render when closed', () => {
-    render(<Modal isOpen={false} onClose={vi.fn()} />)
+    render(<Modal isOpen={false} onClose={jest.fn()} />)
    
    expect(screen.queryByRole('dialog')).not.toBeInTheDocument()
  })

  it('should render when open', () => {
-    render(<Modal isOpen={true} onClose={vi.fn()} />)
+    render(<Modal isOpen={true} onClose={jest.fn()} />)
    
    expect(screen.getByRole('dialog')).toBeInTheDocument()
  })

  it('should call onClose when clicking overlay', async () => {
    const user = userEvent.setup()
-    const handleClose = vi.fn()
+    const handleClose = jest.fn()
    
    render(<Modal isOpen={true} onClose={handleClose} />)
    
@@ -241,7 +241,7 @@ describe('Modal', () => {

  it('should call onClose when pressing Escape', async () => {
    const user = userEvent.setup()
-    const handleClose = vi.fn()
+    const handleClose = jest.fn()
    
    render(<Modal isOpen={true} onClose={handleClose} />)
    
@@ -254,7 +254,7 @@ describe('Modal', () => {
    const user = userEvent.setup()
    
    render(
-      <Modal isOpen={true} onClose={vi.fn()}>
+      <Modal isOpen={true} onClose={jest.fn()}>
        <button>First</button>
        <button>Second</button>
      </Modal>
@@ -279,7 +279,7 @@ describe('Modal', () => {
 describe('LoginForm', () => {
  it('should submit valid form', async () => {
    const user = userEvent.setup()
-    const onSubmit = vi.fn()
+    const onSubmit = jest.fn()
    
    render(<LoginForm onSubmit={onSubmit} />)
    
@@ -296,7 +296,7 @@ describe('LoginForm', () => {
  it('should show validation errors', async () => {
    const user = userEvent.setup()
    
-    render(<LoginForm onSubmit={vi.fn()} />)
+    render(<LoginForm onSubmit={jest.fn()} />)
    
    // Submit empty form
    await user.click(screen.getByRole('button', { name: /sign in/i }))
@@ -308,7 +308,7 @@ describe('LoginForm', () => {
  it('should validate email format', async () => {
    const user = userEvent.setup()
    
-    render(<LoginForm onSubmit={vi.fn()} />)
+    render(<LoginForm onSubmit={jest.fn()} />)
    
    await user.type(screen.getByLabelText(/email/i), 'invalid-email')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
@@ -318,7 +318,7 @@ describe('LoginForm', () => {

  it('should disable submit button while submitting', async () => {
    const user = userEvent.setup()
-    const onSubmit = vi.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
+    const onSubmit = jest.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
    
    render(<LoginForm onSubmit={onSubmit} />)
    
@@ -407,7 +407,7 @@ it('test 1', () => {

 // Good - cleanup is automatic with RTL, but reset mocks
 beforeEach(() => {
-  vi.clearAllMocks()
+  jest.clearAllMocks()
 })
 ```

--- a/.claude/skills/frontend-testing/references/domain-components.md
+++ b/.claude/skills/frontend-testing/references/domain-components.md
@@ -23,7 +23,7 @@ import NodeConfigPanel from './node-config-panel'
 import { createMockNode, createMockWorkflowContext } from '@/__mocks__/workflow'

 // Mock workflow context
-vi.mock('@/app/components/workflow/hooks', () => ({
+jest.mock('@/app/components/workflow/hooks', () => ({
  useWorkflowStore: () => mockWorkflowStore,
  useNodesInteractions: () => mockNodesInteractions,
 }))
@@ -31,21 +31,21 @@ vi.mock('@/app/components/workflow/hooks', () => ({
 let mockWorkflowStore = {
  nodes: [],
  edges: [],
-  updateNode: vi.fn(),
+  updateNode: jest.fn(),
 }

 let mockNodesInteractions = {
-  handleNodeSelect: vi.fn(),
-  handleNodeDelete: vi.fn(),
+  handleNodeSelect: jest.fn(),
+  handleNodeDelete: jest.fn(),
 }

 describe('NodeConfigPanel', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
    mockWorkflowStore = {
      nodes: [],
      edges: [],
-      updateNode: vi.fn(),
+      updateNode: jest.fn(),
    }
  })

@@ -161,23 +161,23 @@ import { render, screen, fireEvent, waitFor } from '@testing-library/react'
 import userEvent from '@testing-library/user-event'
 import DocumentUploader from './document-uploader'

-vi.mock('@/service/datasets', () => ({
-  uploadDocument: vi.fn(),
-  parseDocument: vi.fn(),
+jest.mock('@/service/datasets', () => ({
+  uploadDocument: jest.fn(),
+  parseDocument: jest.fn(),
 }))

 import * as datasetService from '@/service/datasets'
-const mockedService = vi.mocked(datasetService)
+const mockedService = datasetService as jest.Mocked<typeof datasetService>

 describe('DocumentUploader', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
  })

  describe('File Upload', () => {
    it('should accept valid file types', async () => {
      const user = userEvent.setup()
-      const onUpload = vi.fn()
+      const onUpload = jest.fn()
      mockedService.uploadDocument.mockResolvedValue({ id: 'doc-1' })
      
      render(<DocumentUploader onUpload={onUpload} />)
@@ -326,14 +326,14 @@ describe('DocumentList', () => {
  describe('Search & Filtering', () => {
    it('should filter by search query', async () => {
      const user = userEvent.setup()
-      vi.useFakeTimers()
+      jest.useFakeTimers()
      
      render(<DocumentList datasetId="ds-1" />)
      
      await user.type(screen.getByPlaceholderText(/search/i), 'test query')
      
      // Debounce
-      vi.advanceTimersByTime(300)
+      jest.advanceTimersByTime(300)
      
      await waitFor(() => {
        expect(mockedService.getDocuments).toHaveBeenCalledWith(
@@ -342,7 +342,7 @@ describe('DocumentList', () => {
        )
      })
      
-      vi.useRealTimers()
+      jest.useRealTimers()
    })
  })
 })
@@ -367,13 +367,13 @@ import { render, screen, fireEvent, waitFor } from '@testing-library/react'
 import userEvent from '@testing-library/user-event'
 import AppConfigForm from './app-config-form'

-vi.mock('@/service/apps', () => ({
-  updateAppConfig: vi.fn(),
-  getAppConfig: vi.fn(),
+jest.mock('@/service/apps', () => ({
+  updateAppConfig: jest.fn(),
+  getAppConfig: jest.fn(),
 }))

 import * as appService from '@/service/apps'
-const mockedService = vi.mocked(appService)
+const mockedService = appService as jest.Mocked<typeof appService>

 describe('AppConfigForm', () => {
  const defaultConfig = {
@@ -384,7 +384,7 @@ describe('AppConfigForm', () => {
  }

  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
    mockedService.getAppConfig.mockResolvedValue(defaultConfig)
  })

--- a/.claude/skills/frontend-testing/references/mocking.md
+++ b/.claude/skills/frontend-testing/references/mocking.md
@@ -19,8 +19,8 @@

 ```typescript
 // ❌ WRONG: Don't mock base components
-vi.mock('@/app/components/base/loading', () => () => <div>Loading</div>)
-vi.mock('@/app/components/base/button', () => ({ children }: any) => <button>{children}</button>)
+jest.mock('@/app/components/base/loading', () => () => <div>Loading</div>)
+jest.mock('@/app/components/base/button', () => ({ children }: any) => <button>{children}</button>)

 // ✅ CORRECT: Import and use real base components
 import Loading from '@/app/components/base/loading'
@@ -41,52 +41,33 @@ Only mock these categories:

 | Location | Purpose |
 |----------|---------|
-| `web/vitest.setup.ts` | Global mocks shared by all tests (for example `react-i18next`, `next/image`) |
-| `web/__mocks__/` | Reusable mock factories shared across multiple test files |
-| Test file | Test-specific mocks, inline with `vi.mock()` |
-
-Modules are not mocked automatically. Use `vi.mock` in test files, or add global mocks in `web/vitest.setup.ts`.
+| `web/__mocks__/` | Reusable mocks shared across multiple test files |
+| Test file | Test-specific mocks, inline with `jest.mock()` |

 ## Essential Mocks

-### 1. i18n (Auto-loaded via Global Mock)
-
-A global mock is defined in `web/vitest.setup.ts` and is auto-loaded by Vitest setup.
-
-The global mock provides:
-
- `useTranslation` - returns translation keys with namespace prefix
- `Trans` component - renders i18nKey and components
- `useMixedTranslation` (from `@/app/components/plugins/marketplace/hooks`)
- `useGetLanguage` (from `@/context/i18n`) - returns `'en-US'`
-
-**Default behavior**: Most tests should use the global mock (no local override needed).
-
-**For custom translations**: Use the helper function from `@/test/i18n-mock`:
+### 1. i18n (Always Required)

 ```typescript
-import { createReactI18nextMock } from '@/test/i18n-mock'
-
-vi.mock('react-i18next', () => createReactI18nextMock({
-  'my.custom.key': 'Custom translation',
-  'button.save': 'Save',
+jest.mock('react-i18next', () => ({
+  useTranslation: () => ({
+    t: (key: string) => key,
+  }),
 }))
 ```

-**Avoid**: Manually defining `useTranslation` mocks that just return the key - the global mock already does this.
-
 ### 2. Next.js Router

 ```typescript
-const mockPush = vi.fn()
-const mockReplace = vi.fn()
+const mockPush = jest.fn()
+const mockReplace = jest.fn()

-vi.mock('next/navigation', () => ({
+jest.mock('next/navigation', () => ({
  useRouter: () => ({
    push: mockPush,
    replace: mockReplace,
-    back: vi.fn(),
-    prefetch: vi.fn(),
+    back: jest.fn(),
+    prefetch: jest.fn(),
  }),
  usePathname: () => '/current-path',
  useSearchParams: () => new URLSearchParams('?key=value'),
@@ -94,7 +75,7 @@ vi.mock('next/navigation', () => ({

 describe('Component', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
  })

  it('should navigate on click', () => {
@@ -111,7 +92,7 @@ describe('Component', () => {
 // ⚠️ Important: Use shared state for components that depend on each other
 let mockPortalOpenState = false

-vi.mock('@/app/components/base/portal-to-follow-elem', () => ({
+jest.mock('@/app/components/base/portal-to-follow-elem', () => ({
  PortalToFollowElem: ({ children, open, ...props }: any) => {
    mockPortalOpenState = open || false  // Update shared state
    return <div data-testid="portal" data-open={open}>{children}</div>
@@ -128,7 +109,7 @@ vi.mock('@/app/components/base/portal-to-follow-elem', () => ({

 describe('Component', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
    mockPortalOpenState = false  // ✅ Reset shared state
  })
 })
@@ -139,13 +120,13 @@ describe('Component', () => {
 ```typescript
 import * as api from '@/service/api'

-vi.mock('@/service/api')
+jest.mock('@/service/api')

-const mockedApi = vi.mocked(api)
+const mockedApi = api as jest.Mocked<typeof api>

 describe('Component', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
    
    // Setup default mock implementation
    mockedApi.fetchData.mockResolvedValue({ data: [] })
@@ -248,9 +229,32 @@ describe('Component with Context', () => {
 })
 ```

-### 7. React Query
+### 7. SWR / React Query

 ```typescript
+// SWR
+jest.mock('swr', () => ({
+  __esModule: true,
+  default: jest.fn(),
+}))
+
+import useSWR from 'swr'
+const mockedUseSWR = useSWR as jest.Mock
+
+describe('Component with SWR', () => {
+  it('should show loading state', () => {
+    mockedUseSWR.mockReturnValue({
+      data: undefined,
+      error: undefined,
+      isLoading: true,
+    })
+    
+    render(<Component />)
+    expect(screen.getByText(/loading/i)).toBeInTheDocument()
+  })
+})
+
+// React Query
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'

 const createTestQueryClient = () => new QueryClient({
@@ -309,7 +313,7 @@ Need to use a component in test?
 │  └─ YES → Mock it (next/navigation, external SDKs)
 │
 └─ Is it i18n?
-   └─ YES → Uses shared mock (auto-loaded). Override only for custom translations
+   └─ YES → Mock to return keys
 ```

 ## Factory Function Pattern
--- a/.claude/skills/frontend-testing/references/workflow.md
+++ b/.claude/skills/frontend-testing/references/workflow.md
@@ -35,7 +35,7 @@ When testing a **single component, hook, or utility**:
 2. Run `pnpm analyze-component <path>` (if available)
 3. Check complexity score and features detected
 4. Write the test file
-5. Run test: `pnpm test <file>.spec.tsx`
+5. Run test: `pnpm test -- <file>.spec.tsx`
 6. Fix any failures
 7. Verify coverage meets goals (100% function, >95% branch)
 ```
@@ -80,7 +80,7 @@ Process files in this recommended order:
 ```
 ┌─────────────────────────────────────────────┐
 │  1. Write test file                         │
-│  2. Run: pnpm test <file>.spec.tsx          │
+│  2. Run: pnpm test -- <file>.spec.tsx       │
 │  3. If FAIL → Fix immediately, re-run       │
 │  4. If PASS → Mark complete in todo list    │
 │  5. ONLY THEN proceed to next file          │
@@ -95,10 +95,10 @@ After all individual tests pass:

 ```bash
 # Run all tests in the directory together
-pnpm test path/to/directory/
+pnpm test -- path/to/directory/

 # Check coverage
-pnpm test:coverage path/to/directory/
+pnpm test -- --coverage path/to/directory/
 ```

 ## Component Complexity Guidelines
@@ -201,9 +201,9 @@ Run pnpm test  ← Multiple failures, hard to debug
 ```
 # GOOD: Incremental with verification
 Write component-a.spec.tsx
-Run pnpm test component-a.spec.tsx ✅
+Run pnpm test -- component-a.spec.tsx ✅
 Write component-b.spec.tsx
-Run pnpm test component-b.spec.tsx ✅
+Run pnpm test -- component-b.spec.tsx ✅
 ...continue...
 ```

--- a/.claude/skills/frontend-testing/templates/component-test.template.tsx
+++ b/.claude/skills/frontend-testing/templates/component-test.template.tsx
@@ -23,34 +23,30 @@ import userEvent from '@testing-library/user-event'
 // ============================================================================
 // Mocks
 // ============================================================================
-// WHY: Mocks must be hoisted to top of file (Vitest requirement).
+// WHY: Mocks must be hoisted to top of file (Jest requirement).
 // They run BEFORE imports, so keep them before component imports.

-// i18n (automatically mocked)
-// WHY: Global mock in web/vitest.setup.ts is auto-loaded by Vitest setup
-// The global mock provides: useTranslation, Trans, useMixedTranslation, useGetLanguage
-// No explicit mock needed for most tests
-//
-// Override only if custom translations are required:
-// import { createReactI18nextMock } from '@/test/i18n-mock'
-// vi.mock('react-i18next', () => createReactI18nextMock({
-//   'my.custom.key': 'Custom Translation',
-//   'button.save': 'Save',
-// }))
+// i18n (always required in Dify)
+// WHY: Returns key instead of translation so tests don't depend on i18n files
+jest.mock('react-i18next', () => ({
+  useTranslation: () => ({
+    t: (key: string) => key,
+  }),
+}))

 // Router (if component uses useRouter, usePathname, useSearchParams)
 // WHY: Isolates tests from Next.js routing, enables testing navigation behavior
-// const mockPush = vi.fn()
-// vi.mock('next/navigation', () => ({
+// const mockPush = jest.fn()
+// jest.mock('next/navigation', () => ({
 //   useRouter: () => ({ push: mockPush }),
 //   usePathname: () => '/test-path',
 // }))

 // API services (if component fetches data)
 // WHY: Prevents real network calls, enables testing all states (loading/success/error)
-// vi.mock('@/service/api')
+// jest.mock('@/service/api')
 // import * as api from '@/service/api'
-// const mockedApi = vi.mocked(api)
+// const mockedApi = api as jest.Mocked<typeof api>

 // Shared mock state (for portal/dropdown components)
 // WHY: Portal components like PortalToFollowElem need shared state between
@@ -95,7 +91,7 @@ describe('ComponentName', () => {
  // - Prevents mock call history from leaking between tests
  // - MUST be beforeEach (not afterEach) to reset BEFORE assertions like toHaveBeenCalledTimes
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
    // Reset shared mock state if used (CRITICAL for portal/dropdown tests)
    // mockOpenState = false
  })
@@ -152,7 +148,7 @@ describe('ComponentName', () => {
      // - userEvent simulates real user behavior (focus, hover, then click)
      // - fireEvent is lower-level, doesn't trigger all browser events
      // const user = userEvent.setup()
-      // const handleClick = vi.fn()
+      // const handleClick = jest.fn()
      // render(<ComponentName onClick={handleClick} />)
      //
      // await user.click(screen.getByRole('button'))
@@ -162,7 +158,7 @@ describe('ComponentName', () => {

    it('should call onChange when value changes', async () => {
      // const user = userEvent.setup()
-      // const handleChange = vi.fn()
+      // const handleChange = jest.fn()
      // render(<ComponentName onChange={handleChange} />)
      //
      // await user.type(screen.getByRole('textbox'), 'new value')
@@ -195,7 +191,7 @@ describe('ComponentName', () => {
  })

  // --------------------------------------------------------------------------
-  // Async Operations (if component fetches data - useQuery, fetch)
+  // Async Operations (if component fetches data - useSWR, useQuery, fetch)
  // --------------------------------------------------------------------------
  // WHY: Async operations have 3 states users experience: loading, success, error
  describe('Async Operations', () => {
--- a/.claude/skills/frontend-testing/templates/hook-test.template.ts
+++ b/.claude/skills/frontend-testing/templates/hook-test.template.ts
@@ -15,9 +15,9 @@ import { renderHook, act, waitFor } from '@testing-library/react'
 // ============================================================================

 // API services (if hook fetches data)
-// vi.mock('@/service/api')
+// jest.mock('@/service/api')
 // import * as api from '@/service/api'
-// const mockedApi = vi.mocked(api)
+// const mockedApi = api as jest.Mocked<typeof api>

 // ============================================================================
 // Test Helpers
@@ -38,7 +38,7 @@ import { renderHook, act, waitFor } from '@testing-library/react'

 describe('useHookName', () => {
  beforeEach(() => {
-    vi.clearAllMocks()
+    jest.clearAllMocks()
  })

  // --------------------------------------------------------------------------
@@ -145,7 +145,7 @@ describe('useHookName', () => {
  // --------------------------------------------------------------------------
  describe('Side Effects', () => {
    it('should call callback when value changes', () => {
-      // const callback = vi.fn()
+      // const callback = jest.fn()
      // const { result } = renderHook(() => useHookName({ onChange: callback }))
      //
      // act(() => {
@@ -156,9 +156,9 @@ describe('useHookName', () => {
    })

    it('should cleanup on unmount', () => {
-      // const cleanup = vi.fn()
-      // vi.spyOn(window, 'addEventListener')
-      // vi.spyOn(window, 'removeEventListener')
+      // const cleanup = jest.fn()
+      // jest.spyOn(window, 'addEventListener')
+      // jest.spyOn(window, 'removeEventListener')
      //
      // const { unmount } = renderHook(() => useHookName())
      //
--- a/.claude/skills/frontend-testing/templates/utility-test.template.ts
+++ b/.claude/skills/frontend-testing/templates/utility-test.template.ts
--- a/.codex/skills
+++ b/.codex/skills
@@ -1 +0,0 @@
-../.claude/skills
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,9 +6,6 @@
 		"context": "..",
 		"dockerfile": "Dockerfile"
 	},
-	"mounts": [
-		"source=dify-dev-tmp,target=/tmp,type=volume"
-	],
 	"features": {
 		"ghcr.io/devcontainers/features/node:1": {
 			"nodeGypDependencies": true,
@@ -37,13 +34,19 @@
 	},
 	"postStartCommand": "./.devcontainer/post_start_command.sh",
 	"postCreateCommand": "./.devcontainer/post_create_command.sh"
+
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},
+
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// "forwardPorts": [],
+
 	// Use 'postCreateCommand' to run commands after the container is created.
 	// "postCreateCommand": "python --version",
+
 	// Configure tool-specific properties.
 	// "customizations": {},
+
 	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-}
+	// "remoteUser": "root"
+}
--- a/.devcontainer/post_create_command.sh
+++ b/.devcontainer/post_create_command.sh
@@ -1,13 +1,12 @@
 #!/bin/bash
 WORKSPACE_ROOT=$(pwd)

-export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 corepack enable
 cd web && pnpm install
 pipx install uv

 echo "alias start-api=\"cd $WORKSPACE_ROOT/api && uv run python -m flask run --host 0.0.0.0 --port=5001 --debug\"" >> ~/.bashrc
-echo "alias start-worker=\"cd $WORKSPACE_ROOT/api && uv run python -m celery -A app.celery worker -P threads -c 1 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention\"" >> ~/.bashrc
+echo "alias start-worker=\"cd $WORKSPACE_ROOT/api && uv run python -m celery -A app.celery worker -P threads -c 1 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor\"" >> ~/.bashrc
 echo "alias start-web=\"cd $WORKSPACE_ROOT/web && pnpm dev\"" >> ~/.bashrc
 echo "alias start-web-prod=\"cd $WORKSPACE_ROOT/web && pnpm build && pnpm start\"" >> ~/.bashrc
 echo "alias start-containers=\"cd $WORKSPACE_ROOT/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env up -d\"" >> ~/.bashrc
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,244 +6,229 @@

 * @crazywoola @laipz8200 @Yeuoly

-# CODEOWNERS file
-/.github/CODEOWNERS @laipz8200 @crazywoola
-
-# Docs
-/docs/ @crazywoola
-
 # Backend (default owner, more specific rules below will override)
-/api/ @QuantumGhost
+api/ @QuantumGhost

 # Backend - MCP
-/api/core/mcp/ @Nov1c444
-/api/core/entities/mcp_provider.py @Nov1c444
-/api/services/tools/mcp_tools_manage_service.py @Nov1c444
-/api/controllers/mcp/ @Nov1c444
-/api/controllers/console/app/mcp_server.py @Nov1c444
-/api/tests/**/*mcp* @Nov1c444
+api/core/mcp/ @Nov1c444
+api/core/entities/mcp_provider.py @Nov1c444
+api/services/tools/mcp_tools_manage_service.py @Nov1c444
+api/controllers/mcp/ @Nov1c444
+api/controllers/console/app/mcp_server.py @Nov1c444
+api/tests/**/*mcp* @Nov1c444

 # Backend - Workflow - Engine (Core graph execution engine)
-/api/core/workflow/graph_engine/ @laipz8200 @QuantumGhost
-/api/core/workflow/runtime/ @laipz8200 @QuantumGhost
-/api/core/workflow/graph/ @laipz8200 @QuantumGhost
-/api/core/workflow/graph_events/ @laipz8200 @QuantumGhost
-/api/core/workflow/node_events/ @laipz8200 @QuantumGhost
-/api/core/model_runtime/ @laipz8200 @QuantumGhost
+api/core/workflow/graph_engine/ @laipz8200 @QuantumGhost
+api/core/workflow/runtime/ @laipz8200 @QuantumGhost
+api/core/workflow/graph/ @laipz8200 @QuantumGhost
+api/core/workflow/graph_events/ @laipz8200 @QuantumGhost
+api/core/workflow/node_events/ @laipz8200 @QuantumGhost
+api/core/model_runtime/ @laipz8200 @QuantumGhost

 # Backend - Workflow - Nodes (Agent, Iteration, Loop, LLM)
-/api/core/workflow/nodes/agent/ @Nov1c444
-/api/core/workflow/nodes/iteration/ @Nov1c444
-/api/core/workflow/nodes/loop/ @Nov1c444
-/api/core/workflow/nodes/llm/ @Nov1c444
+api/core/workflow/nodes/agent/ @Nov1c444
+api/core/workflow/nodes/iteration/ @Nov1c444
+api/core/workflow/nodes/loop/ @Nov1c444
+api/core/workflow/nodes/llm/ @Nov1c444

 # Backend - RAG (Retrieval Augmented Generation)
-/api/core/rag/ @JohnJyong
-/api/services/rag_pipeline/ @JohnJyong
-/api/services/dataset_service.py @JohnJyong
-/api/services/knowledge_service.py @JohnJyong
-/api/services/external_knowledge_service.py @JohnJyong
-/api/services/hit_testing_service.py @JohnJyong
-/api/services/metadata_service.py @JohnJyong
-/api/services/vector_service.py @JohnJyong
-/api/services/entities/knowledge_entities/ @JohnJyong
-/api/services/entities/external_knowledge_entities/ @JohnJyong
-/api/controllers/console/datasets/ @JohnJyong
-/api/controllers/service_api/dataset/ @JohnJyong
-/api/models/dataset.py @JohnJyong
-/api/tasks/rag_pipeline/ @JohnJyong
-/api/tasks/add_document_to_index_task.py @JohnJyong
-/api/tasks/batch_clean_document_task.py @JohnJyong
-/api/tasks/clean_document_task.py @JohnJyong
-/api/tasks/clean_notion_document_task.py @JohnJyong
-/api/tasks/document_indexing_task.py @JohnJyong
-/api/tasks/document_indexing_sync_task.py @JohnJyong
-/api/tasks/document_indexing_update_task.py @JohnJyong
-/api/tasks/duplicate_document_indexing_task.py @JohnJyong
-/api/tasks/recover_document_indexing_task.py @JohnJyong
-/api/tasks/remove_document_from_index_task.py @JohnJyong
-/api/tasks/retry_document_indexing_task.py @JohnJyong
-/api/tasks/sync_website_document_indexing_task.py @JohnJyong
-/api/tasks/batch_create_segment_to_index_task.py @JohnJyong
-/api/tasks/create_segment_to_index_task.py @JohnJyong
-/api/tasks/delete_segment_from_index_task.py @JohnJyong
-/api/tasks/disable_segment_from_index_task.py @JohnJyong
-/api/tasks/disable_segments_from_index_task.py @JohnJyong
-/api/tasks/enable_segment_to_index_task.py @JohnJyong
-/api/tasks/enable_segments_to_index_task.py @JohnJyong
-/api/tasks/clean_dataset_task.py @JohnJyong
-/api/tasks/deal_dataset_index_update_task.py @JohnJyong
-/api/tasks/deal_dataset_vector_index_task.py @JohnJyong
+api/core/rag/ @JohnJyong
+api/services/rag_pipeline/ @JohnJyong
+api/services/dataset_service.py @JohnJyong
+api/services/knowledge_service.py @JohnJyong
+api/services/external_knowledge_service.py @JohnJyong
+api/services/hit_testing_service.py @JohnJyong
+api/services/metadata_service.py @JohnJyong
+api/services/vector_service.py @JohnJyong
+api/services/entities/knowledge_entities/ @JohnJyong
+api/services/entities/external_knowledge_entities/ @JohnJyong
+api/controllers/console/datasets/ @JohnJyong
+api/controllers/service_api/dataset/ @JohnJyong
+api/models/dataset.py @JohnJyong
+api/tasks/rag_pipeline/ @JohnJyong
+api/tasks/add_document_to_index_task.py @JohnJyong
+api/tasks/batch_clean_document_task.py @JohnJyong
+api/tasks/clean_document_task.py @JohnJyong
+api/tasks/clean_notion_document_task.py @JohnJyong
+api/tasks/document_indexing_task.py @JohnJyong
+api/tasks/document_indexing_sync_task.py @JohnJyong
+api/tasks/document_indexing_update_task.py @JohnJyong
+api/tasks/duplicate_document_indexing_task.py @JohnJyong
+api/tasks/recover_document_indexing_task.py @JohnJyong
+api/tasks/remove_document_from_index_task.py @JohnJyong
+api/tasks/retry_document_indexing_task.py @JohnJyong
+api/tasks/sync_website_document_indexing_task.py @JohnJyong
+api/tasks/batch_create_segment_to_index_task.py @JohnJyong
+api/tasks/create_segment_to_index_task.py @JohnJyong
+api/tasks/delete_segment_from_index_task.py @JohnJyong
+api/tasks/disable_segment_from_index_task.py @JohnJyong
+api/tasks/disable_segments_from_index_task.py @JohnJyong
+api/tasks/enable_segment_to_index_task.py @JohnJyong
+api/tasks/enable_segments_to_index_task.py @JohnJyong
+api/tasks/clean_dataset_task.py @JohnJyong
+api/tasks/deal_dataset_index_update_task.py @JohnJyong
+api/tasks/deal_dataset_vector_index_task.py @JohnJyong

 # Backend - Plugins
-/api/core/plugin/ @Mairuis @Yeuoly @Stream29
-/api/services/plugin/ @Mairuis @Yeuoly @Stream29
-/api/controllers/console/workspace/plugin.py @Mairuis @Yeuoly @Stream29
-/api/controllers/inner_api/plugin/ @Mairuis @Yeuoly @Stream29
-/api/tasks/process_tenant_plugin_autoupgrade_check_task.py @Mairuis @Yeuoly @Stream29
+api/core/plugin/ @Mairuis @Yeuoly @Stream29
+api/services/plugin/ @Mairuis @Yeuoly @Stream29
+api/controllers/console/workspace/plugin.py @Mairuis @Yeuoly @Stream29
+api/controllers/inner_api/plugin/ @Mairuis @Yeuoly @Stream29
+api/tasks/process_tenant_plugin_autoupgrade_check_task.py @Mairuis @Yeuoly @Stream29

 # Backend - Trigger/Schedule/Webhook
-/api/controllers/trigger/ @Mairuis @Yeuoly
-/api/controllers/console/app/workflow_trigger.py @Mairuis @Yeuoly
-/api/controllers/console/workspace/trigger_providers.py @Mairuis @Yeuoly
-/api/core/trigger/ @Mairuis @Yeuoly
-/api/core/app/layers/trigger_post_layer.py @Mairuis @Yeuoly
-/api/services/trigger/ @Mairuis @Yeuoly
-/api/models/trigger.py @Mairuis @Yeuoly
-/api/fields/workflow_trigger_fields.py @Mairuis @Yeuoly
-/api/repositories/workflow_trigger_log_repository.py @Mairuis @Yeuoly
-/api/repositories/sqlalchemy_workflow_trigger_log_repository.py @Mairuis @Yeuoly
-/api/libs/schedule_utils.py @Mairuis @Yeuoly
-/api/services/workflow/scheduler.py @Mairuis @Yeuoly
-/api/schedule/trigger_provider_refresh_task.py @Mairuis @Yeuoly
-/api/schedule/workflow_schedule_task.py @Mairuis @Yeuoly
-/api/tasks/trigger_processing_tasks.py @Mairuis @Yeuoly
-/api/tasks/trigger_subscription_refresh_tasks.py @Mairuis @Yeuoly
-/api/tasks/workflow_schedule_tasks.py @Mairuis @Yeuoly
-/api/tasks/workflow_cfs_scheduler/ @Mairuis @Yeuoly
-/api/events/event_handlers/sync_plugin_trigger_when_app_created.py @Mairuis @Yeuoly
-/api/events/event_handlers/update_app_triggers_when_app_published_workflow_updated.py @Mairuis @Yeuoly
-/api/events/event_handlers/sync_workflow_schedule_when_app_published.py @Mairuis @Yeuoly
-/api/events/event_handlers/sync_webhook_when_app_created.py @Mairuis @Yeuoly
+api/controllers/trigger/ @Mairuis @Yeuoly
+api/controllers/console/app/workflow_trigger.py @Mairuis @Yeuoly
+api/controllers/console/workspace/trigger_providers.py @Mairuis @Yeuoly
+api/core/trigger/ @Mairuis @Yeuoly
+api/core/app/layers/trigger_post_layer.py @Mairuis @Yeuoly
+api/services/trigger/ @Mairuis @Yeuoly
+api/models/trigger.py @Mairuis @Yeuoly
+api/fields/workflow_trigger_fields.py @Mairuis @Yeuoly
+api/repositories/workflow_trigger_log_repository.py @Mairuis @Yeuoly
+api/repositories/sqlalchemy_workflow_trigger_log_repository.py @Mairuis @Yeuoly
+api/libs/schedule_utils.py @Mairuis @Yeuoly
+api/services/workflow/scheduler.py @Mairuis @Yeuoly
+api/schedule/trigger_provider_refresh_task.py @Mairuis @Yeuoly
+api/schedule/workflow_schedule_task.py @Mairuis @Yeuoly
+api/tasks/trigger_processing_tasks.py @Mairuis @Yeuoly
+api/tasks/trigger_subscription_refresh_tasks.py @Mairuis @Yeuoly
+api/tasks/workflow_schedule_tasks.py @Mairuis @Yeuoly
+api/tasks/workflow_cfs_scheduler/ @Mairuis @Yeuoly
+api/events/event_handlers/sync_plugin_trigger_when_app_created.py @Mairuis @Yeuoly
+api/events/event_handlers/update_app_triggers_when_app_published_workflow_updated.py @Mairuis @Yeuoly
+api/events/event_handlers/sync_workflow_schedule_when_app_published.py @Mairuis @Yeuoly
+api/events/event_handlers/sync_webhook_when_app_created.py @Mairuis @Yeuoly

 # Backend - Async Workflow
-/api/services/async_workflow_service.py @Mairuis @Yeuoly
-/api/tasks/async_workflow_tasks.py @Mairuis @Yeuoly
+api/services/async_workflow_service.py @Mairuis @Yeuoly
+api/tasks/async_workflow_tasks.py @Mairuis @Yeuoly

 # Backend - Billing
-/api/services/billing_service.py @hj24 @zyssyz123
-/api/controllers/console/billing/ @hj24 @zyssyz123
+api/services/billing_service.py @hj24 @zyssyz123
+api/controllers/console/billing/ @hj24 @zyssyz123

 # Backend - Enterprise
-/api/configs/enterprise/ @GarfieldDai @GareArc
-/api/services/enterprise/ @GarfieldDai @GareArc
-/api/services/feature_service.py @GarfieldDai @GareArc
-/api/controllers/console/feature.py @GarfieldDai @GareArc
-/api/controllers/web/feature.py @GarfieldDai @GareArc
+api/configs/enterprise/ @GarfieldDai @GareArc
+api/services/enterprise/ @GarfieldDai @GareArc
+api/services/feature_service.py @GarfieldDai @GareArc
+api/controllers/console/feature.py @GarfieldDai @GareArc
+api/controllers/web/feature.py @GarfieldDai @GareArc

 # Backend - Database Migrations
-/api/migrations/ @snakevash @laipz8200 @MRZHUH
-
-# Backend - Vector DB Middleware
-/api/configs/middleware/vdb/* @JohnJyong
+api/migrations/ @snakevash @laipz8200

 # Frontend
-/web/ @iamjoel
-
-# Frontend - Web Tests
-/.github/workflows/web-tests.yml @iamjoel
+web/ @iamjoel

 # Frontend - App - Orchestration
-/web/app/components/workflow/ @iamjoel @zxhlyh
-/web/app/components/workflow-app/ @iamjoel @zxhlyh
-/web/app/components/app/configuration/ @iamjoel @zxhlyh
-/web/app/components/app/app-publisher/ @iamjoel @zxhlyh
+web/app/components/workflow/ @iamjoel @zxhlyh
+web/app/components/workflow-app/ @iamjoel @zxhlyh
+web/app/components/app/configuration/ @iamjoel @zxhlyh
+web/app/components/app/app-publisher/ @iamjoel @zxhlyh

 # Frontend - WebApp - Chat
-/web/app/components/base/chat/ @iamjoel @zxhlyh
+web/app/components/base/chat/ @iamjoel @zxhlyh

 # Frontend - WebApp - Completion
-/web/app/components/share/text-generation/ @iamjoel @zxhlyh
+web/app/components/share/text-generation/ @iamjoel @zxhlyh

 # Frontend - App - List and Creation
-/web/app/components/apps/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-app-dialog/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-app-modal/ @JzoNgKVO @iamjoel
-/web/app/components/app/create-from-dsl-modal/ @JzoNgKVO @iamjoel
+web/app/components/apps/ @JzoNgKVO @iamjoel
+web/app/components/app/create-app-dialog/ @JzoNgKVO @iamjoel
+web/app/components/app/create-app-modal/ @JzoNgKVO @iamjoel
+web/app/components/app/create-from-dsl-modal/ @JzoNgKVO @iamjoel

 # Frontend - App - API Documentation
-/web/app/components/develop/ @JzoNgKVO @iamjoel
+web/app/components/develop/ @JzoNgKVO @iamjoel

 # Frontend - App - Logs and Annotations
-/web/app/components/app/workflow-log/ @JzoNgKVO @iamjoel
-/web/app/components/app/log/ @JzoNgKVO @iamjoel
-/web/app/components/app/log-annotation/ @JzoNgKVO @iamjoel
-/web/app/components/app/annotation/ @JzoNgKVO @iamjoel
+web/app/components/app/workflow-log/ @JzoNgKVO @iamjoel
+web/app/components/app/log/ @JzoNgKVO @iamjoel
+web/app/components/app/log-annotation/ @JzoNgKVO @iamjoel
+web/app/components/app/annotation/ @JzoNgKVO @iamjoel

 # Frontend - App - Monitoring
-/web/app/(commonLayout)/app/(appDetailLayout)/\[appId\]/overview/ @JzoNgKVO @iamjoel
-/web/app/components/app/overview/ @JzoNgKVO @iamjoel
+web/app/(commonLayout)/app/(appDetailLayout)/\[appId\]/overview/ @JzoNgKVO @iamjoel
+web/app/components/app/overview/ @JzoNgKVO @iamjoel

 # Frontend - App - Settings
-/web/app/components/app-sidebar/ @JzoNgKVO @iamjoel
+web/app/components/app-sidebar/ @JzoNgKVO @iamjoel

 # Frontend - RAG - Hit Testing
-/web/app/components/datasets/hit-testing/ @JzoNgKVO @iamjoel
+web/app/components/datasets/hit-testing/ @JzoNgKVO @iamjoel

 # Frontend - RAG - List and Creation
-/web/app/components/datasets/list/ @iamjoel @WTW0313
-/web/app/components/datasets/create/ @iamjoel @WTW0313
-/web/app/components/datasets/create-from-pipeline/ @iamjoel @WTW0313
-/web/app/components/datasets/external-knowledge-base/ @iamjoel @WTW0313
+web/app/components/datasets/list/ @iamjoel @WTW0313
+web/app/components/datasets/create/ @iamjoel @WTW0313
+web/app/components/datasets/create-from-pipeline/ @iamjoel @WTW0313
+web/app/components/datasets/external-knowledge-base/ @iamjoel @WTW0313

 # Frontend - RAG - Orchestration (general rule first, specific rules below override)
-/web/app/components/rag-pipeline/ @iamjoel @WTW0313
-/web/app/components/rag-pipeline/components/rag-pipeline-main.tsx @iamjoel @zxhlyh
-/web/app/components/rag-pipeline/store/ @iamjoel @zxhlyh
+web/app/components/rag-pipeline/ @iamjoel @WTW0313
+web/app/components/rag-pipeline/components/rag-pipeline-main.tsx @iamjoel @zxhlyh
+web/app/components/rag-pipeline/store/ @iamjoel @zxhlyh

 # Frontend - RAG - Documents List
-/web/app/components/datasets/documents/list.tsx @iamjoel @WTW0313
-/web/app/components/datasets/documents/create-from-pipeline/ @iamjoel @WTW0313
+web/app/components/datasets/documents/list.tsx @iamjoel @WTW0313
+web/app/components/datasets/documents/create-from-pipeline/ @iamjoel @WTW0313

 # Frontend - RAG - Segments List
-/web/app/components/datasets/documents/detail/ @iamjoel @WTW0313
+web/app/components/datasets/documents/detail/ @iamjoel @WTW0313

 # Frontend - RAG - Settings
-/web/app/components/datasets/settings/ @iamjoel @WTW0313
+web/app/components/datasets/settings/ @iamjoel @WTW0313

 # Frontend - Ecosystem - Plugins
-/web/app/components/plugins/ @iamjoel @zhsama
+web/app/components/plugins/ @iamjoel @zhsama

 # Frontend - Ecosystem - Tools
-/web/app/components/tools/ @iamjoel @Yessenia-d
+web/app/components/tools/ @iamjoel @Yessenia-d

 # Frontend - Ecosystem - MarketPlace
-/web/app/components/plugins/marketplace/ @iamjoel @Yessenia-d
+web/app/components/plugins/marketplace/ @iamjoel @Yessenia-d

 # Frontend - Login and Registration
-/web/app/signin/ @douxc @iamjoel
-/web/app/signup/ @douxc @iamjoel
-/web/app/reset-password/ @douxc @iamjoel
-/web/app/install/ @douxc @iamjoel
-/web/app/init/ @douxc @iamjoel
-/web/app/forgot-password/ @douxc @iamjoel
-/web/app/account/ @douxc @iamjoel
+web/app/signin/ @douxc @iamjoel
+web/app/signup/ @douxc @iamjoel
+web/app/reset-password/ @douxc @iamjoel
+web/app/install/ @douxc @iamjoel
+web/app/init/ @douxc @iamjoel
+web/app/forgot-password/ @douxc @iamjoel
+web/app/account/ @douxc @iamjoel

 # Frontend - Service Authentication
-/web/service/base.ts @douxc @iamjoel
+web/service/base.ts @douxc @iamjoel

 # Frontend - WebApp Authentication and Access Control
-/web/app/(shareLayout)/components/ @douxc @iamjoel
-/web/app/(shareLayout)/webapp-signin/ @douxc @iamjoel
-/web/app/(shareLayout)/webapp-reset-password/ @douxc @iamjoel
-/web/app/components/app/app-access-control/ @douxc @iamjoel
+web/app/(shareLayout)/components/ @douxc @iamjoel
+web/app/(shareLayout)/webapp-signin/ @douxc @iamjoel
+web/app/(shareLayout)/webapp-reset-password/ @douxc @iamjoel
+web/app/components/app/app-access-control/ @douxc @iamjoel

 # Frontend - Explore Page
-/web/app/components/explore/ @CodingOnStar @iamjoel
+web/app/components/explore/ @CodingOnStar @iamjoel

 # Frontend - Personal Settings
-/web/app/components/header/account-setting/ @CodingOnStar @iamjoel
-/web/app/components/header/account-dropdown/ @CodingOnStar @iamjoel
+web/app/components/header/account-setting/ @CodingOnStar @iamjoel
+web/app/components/header/account-dropdown/ @CodingOnStar @iamjoel

 # Frontend - Analytics
-/web/app/components/base/ga/ @CodingOnStar @iamjoel
+web/app/components/base/ga/ @CodingOnStar @iamjoel

 # Frontend - Base Components
-/web/app/components/base/ @iamjoel @zxhlyh
+web/app/components/base/ @iamjoel @zxhlyh

 # Frontend - Utils and Hooks
-/web/utils/classnames.ts @iamjoel @zxhlyh
-/web/utils/time.ts @iamjoel @zxhlyh
-/web/utils/format.ts @iamjoel @zxhlyh
-/web/utils/clipboard.ts @iamjoel @zxhlyh
-/web/hooks/use-document-title.ts @iamjoel @zxhlyh
+web/utils/classnames.ts @iamjoel @zxhlyh
+web/utils/time.ts @iamjoel @zxhlyh
+web/utils/format.ts @iamjoel @zxhlyh
+web/utils/clipboard.ts @iamjoel @zxhlyh
+web/hooks/use-document-title.ts @iamjoel @zxhlyh

 # Frontend - Billing and Education
-/web/app/components/billing/ @iamjoel @zxhlyh
-/web/app/education-apply/ @iamjoel @zxhlyh
+web/app/components/billing/ @iamjoel @zxhlyh
+web/app/education-apply/ @iamjoel @zxhlyh

 # Frontend - Workspace
-/web/app/components/header/account-dropdown/workplace-selector/ @iamjoel @zxhlyh
-
-# Docker
-/docker/* @laipz8200
+web/app/components/header/account-dropdown/workplace-selector/ @iamjoel @zxhlyh
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@@ -22,12 +22,12 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
@@ -57,7 +57,7 @@ jobs:
        run: sh .github/workflows/expose_service_ports.sh

      - name: Set up Sandbox
-        uses: hoverkraft-tech/compose-action@v2
+        uses: hoverkraft-tech/compose-action@v2.0.2
        with:
          compose-file: |
            docker/docker-compose.middleware.yaml
@@ -93,12 +93,4 @@ jobs:
          # Create a detailed coverage summary
          echo "### Test Coverage Summary :test_tube:" >> $GITHUB_STEP_SUMMARY
          echo "Total Coverage: ${TOTAL_COVERAGE}%" >> $GITHUB_STEP_SUMMARY
-          {
-            echo ""
-            echo "<details><summary>File-level coverage (click to expand)</summary>"
-            echo ""
-            echo '```'
-            uv run --project api coverage report -m
-            echo '```'
-            echo "</details>"
-          } >> $GITHUB_STEP_SUMMARY
+          uv run --project api coverage report --format=markdown >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@@ -12,28 +12,12 @@ jobs:
    if: github.repository == 'langgenius/dify'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
-
-      - name: Check Docker Compose inputs
-        id: docker-compose-changes
-        uses: tj-actions/changed-files@v46
-        with:
-          files: |
-            docker/generate_docker_compose
-            docker/.env.example
-            docker/docker-compose-template.yaml
-            docker/docker-compose.yaml
+      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"

-      - uses: astral-sh/setup-uv@v7
-
-      - name: Generate Docker Compose
-        if: steps.docker-compose-changes.outputs.any_changed == 'true'
-        run: |
-          cd docker
-          ./generate_docker_compose
+      - uses: astral-sh/setup-uv@v6

      - run: |
          cd api
@@ -82,6 +66,27 @@ jobs:
      # mdformat breaks YAML front matter in markdown files. Add --exclude for directories containing YAML front matter.
      - name: mdformat
        run: |
-          uvx --python 3.13 mdformat . --exclude ".claude/skills/**/SKILL.md"
+          uvx --python 3.13 mdformat . --exclude ".claude/skills/**"
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          package_json_file: web/package.json
+          run_install: false
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+          cache-dependency-path: ./web/package.json
+
+      - name: Web dependencies
+        working-directory: ./web
+        run: pnpm install --frozen-lockfile
+
+      - name: oxlint
+        working-directory: ./web
+        run: pnpm exec oxlint --config .oxlintrc.json --fix .

      - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -90,7 +90,7 @@ jobs:
          touch "/tmp/digests/${sanitized_digest}"

      - name: Upload digest
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
        with:
          name: digests-${{ matrix.context }}-${{ env.PLATFORM_PAIR }}
          path: /tmp/digests/*
--- a/.github/workflows/db-migration-test.yml
+++ b/.github/workflows/db-migration-test.yml
@@ -13,13 +13,13 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
          python-version: "3.12"
@@ -63,13 +63,13 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
          python-version: "3.12"
--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@@ -27,7 +27,7 @@ jobs:
      vdb-changed: ${{ steps.changes.outputs.vdb }}
      migration-changed: ${{ steps.changes.outputs.migration }}
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - uses: dorny/paths-filter@v3
        id: changes
        with:
@@ -38,7 +38,6 @@ jobs:
              - '.github/workflows/api-tests.yml'
            web:
              - 'web/**'
-              - '.github/workflows/web-tests.yml'
            vdb:
              - 'api/core/rag/datasource/**'
              - 'docker/**'
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -19,13 +19,13 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Check changed files
        id: changed-files
-        uses: tj-actions/changed-files@v47
+        uses: tj-actions/changed-files@v46
        with:
          files: |
            api/**
@@ -33,7 +33,7 @@ jobs:

      - name: Setup UV and Python
        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: false
          python-version: "3.12"
@@ -68,17 +68,15 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Check changed files
        id: changed-files
-        uses: tj-actions/changed-files@v47
+        uses: tj-actions/changed-files@v46
        with:
-          files: |
-            web/**
-            .github/workflows/style.yml
+          files: web/**

      - name: Install pnpm
        uses: pnpm/action-setup@v4
@@ -87,12 +85,12 @@ jobs:
          run_install: false

      - name: Setup NodeJS
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
        if: steps.changed-files.outputs.any_changed == 'true'
        with:
          node-version: 22
          cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json

      - name: Web dependencies
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -110,15 +108,35 @@ jobs:
        working-directory: ./web
        run: pnpm run type-check:tsgo

-      - name: Web dead code check
-        if: steps.changed-files.outputs.any_changed == 'true'
-        working-directory: ./web
-        run: pnpm run knip
+  docker-compose-template:
+    name: Docker Compose Template
+    runs-on: ubuntu-latest

-      - name: Web build check
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Check changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v46
+        with:
+          files: |
+            docker/generate_docker_compose
+            docker/.env.example
+            docker/docker-compose-template.yaml
+            docker/docker-compose.yaml
+
+      - name: Generate Docker Compose
        if: steps.changed-files.outputs.any_changed == 'true'
-        working-directory: ./web
-        run: pnpm run build
+        run: |
+          cd docker
+          ./generate_docker_compose
+
+      - name: Check for changes
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: git diff --exit-code

  superlinter:
    name: SuperLinter
@@ -126,14 +144,14 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Check changed files
        id: changed-files
-        uses: tj-actions/changed-files@v47
+        uses: tj-actions/changed-files@v46
        with:
          files: |
            **.sh
--- a/.github/workflows/tool-test-sdks.yaml
+++ b/.github/workflows/tool-test-sdks.yaml
@@ -25,12 +25,12 @@ jobs:
        working-directory: sdks/nodejs-client

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: ''
--- a/.github/workflows/translate-i18n-base-on-english.yml
+++ b/.github/workflows/translate-i18n-base-on-english.yml
@@ -1,11 +1,10 @@
-name: Translate i18n Files Based on English
+name: Check i18n Files and Create PR

 on:
  push:
    branches: [main]
    paths:
-      - 'web/i18n/en-US/*.json'
-  workflow_dispatch:
+      - 'web/i18n/en-US/*.ts'

 permissions:
  contents: write
@@ -19,7 +18,6 @@ jobs:
      run:
        working-directory: web
    steps:
-      # Keep use old checkout action version for https://github.com/peter-evans/create-pull-request/issues/4272
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
@@ -28,28 +26,21 @@ jobs:
      - name: Check for file changes in i18n/en-US
        id: check_files
        run: |
-          # Skip check for manual trigger, translate all files
-          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+          git fetch origin "${{ github.event.before }}" || true
+          git fetch origin "${{ github.sha }}" || true
+          changed_files=$(git diff --name-only "${{ github.event.before }}" "${{ github.sha }}" -- 'i18n/en-US/*.ts')
+          echo "Changed files: $changed_files"
+          if [ -n "$changed_files" ]; then
            echo "FILES_CHANGED=true" >> $GITHUB_ENV
-            echo "FILE_ARGS=" >> $GITHUB_ENV
-            echo "Manual trigger: translating all files"
+            file_args=""
+            for file in $changed_files; do
+              filename=$(basename "$file" .ts)
+              file_args="$file_args --file $filename"
+            done
+            echo "FILE_ARGS=$file_args" >> $GITHUB_ENV
+            echo "File arguments: $file_args"
          else
-            git fetch origin "${{ github.event.before }}" || true
-            git fetch origin "${{ github.sha }}" || true
-            changed_files=$(git diff --name-only "${{ github.event.before }}" "${{ github.sha }}" -- 'i18n/en-US/*.json')
-            echo "Changed files: $changed_files"
-            if [ -n "$changed_files" ]; then
-              echo "FILES_CHANGED=true" >> $GITHUB_ENV
-              file_args=""
-              for file in $changed_files; do
-                filename=$(basename "$file" .json)
-                file_args="$file_args --file $filename"
-              done
-              echo "FILE_ARGS=$file_args" >> $GITHUB_ENV
-              echo "File arguments: $file_args"
-            else
-              echo "FILES_CHANGED=false" >> $GITHUB_ENV
-            fi
+            echo "FILES_CHANGED=false" >> $GITHUB_ENV
          fi

      - name: Install pnpm
@@ -60,11 +51,11 @@ jobs:

      - name: Set up Node.js
        if: env.FILES_CHANGED == 'true'
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json

      - name: Install dependencies
        if: env.FILES_CHANGED == 'true'
@@ -74,7 +65,12 @@ jobs:
      - name: Generate i18n translations
        if: env.FILES_CHANGED == 'true'
        working-directory: ./web
-        run: pnpm run i18n:gen ${{ env.FILE_ARGS }}
+        run: pnpm run auto-gen-i18n ${{ env.FILE_ARGS }}
+
+      - name: Generate i18n type definitions
+        if: env.FILES_CHANGED == 'true'
+        working-directory: ./web
+        run: pnpm run gen:i18n-types

      - name: Create Pull Request
        if: env.FILES_CHANGED == 'true'
@@ -82,13 +78,14 @@ jobs:
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore(i18n): update translations based on en-US changes'
-          title: 'chore(i18n): translate i18n files based on en-US changes'
+          title: 'chore(i18n): translate i18n files and update type definitions'
          body: |
-            This PR was automatically created to update i18n translation files based on changes in en-US locale.
+            This PR was automatically created to update i18n files and TypeScript type definitions based on changes in en-US locale.

            **Triggered by:** ${{ github.sha }}

            **Changes included:**
            - Updated translation files for all locales
+            - Regenerated TypeScript type definitions for type safety
          branch: chore/automated-i18n-updates-${{ github.sha }}
          delete-branch: true
--- a/.github/workflows/vdb-tests.yml
+++ b/.github/workflows/vdb-tests.yml
@@ -19,19 +19,19 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Free Disk Space
-        uses: endersonmenezes/free-disk-space@v3
+        uses: endersonmenezes/free-disk-space@v2
        with:
          remove_dotnet: true
          remove_haskell: true
          remove_tool_cache: true

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
--- a/.github/workflows/web-tests.yml
+++ b/.github/workflows/web-tests.yml
@@ -13,356 +13,46 @@ jobs:
    runs-on: ubuntu-latest
    defaults:
      run:
-        shell: bash
        working-directory: ./web

    steps:
      - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

+      - name: Check changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v46
+        with:
+          files: web/**
+
      - name: Install pnpm
+        if: steps.changed-files.outputs.any_changed == 'true'
        uses: pnpm/action-setup@v4
        with:
          package_json_file: web/package.json
          run_install: false

      - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
+        if: steps.changed-files.outputs.any_changed == 'true'
        with:
          node-version: 22
          cache: pnpm
-          cache-dependency-path: ./web/pnpm-lock.yaml
+          cache-dependency-path: ./web/package.json

      - name: Install dependencies
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
        run: pnpm install --frozen-lockfile

+      - name: Check i18n types synchronization
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
+        run: pnpm run check:i18n-types
+
      - name: Run tests
-        run: pnpm test:coverage
-
-      - name: Coverage Summary
-        if: always()
-        id: coverage-summary
-        run: |
-          set -eo pipefail
-
-          COVERAGE_FILE="coverage/coverage-final.json"
-          COVERAGE_SUMMARY_FILE="coverage/coverage-summary.json"
-
-          if [ ! -f "$COVERAGE_FILE" ] && [ ! -f "$COVERAGE_SUMMARY_FILE" ]; then
-            echo "has_coverage=false" >> "$GITHUB_OUTPUT"
-            echo "### 🚨 Test Coverage Report :test_tube:" >> "$GITHUB_STEP_SUMMARY"
-            echo "Coverage data not found. Ensure Vitest runs with coverage enabled." >> "$GITHUB_STEP_SUMMARY"
-            exit 0
-          fi
-
-          echo "has_coverage=true" >> "$GITHUB_OUTPUT"
-
-          node <<'NODE' >> "$GITHUB_STEP_SUMMARY"
-          const fs = require('fs');
-          const path = require('path');
-          let libCoverage = null;
-
-          try {
-            libCoverage = require('istanbul-lib-coverage');
-          } catch (error) {
-            libCoverage = null;
-          }
-
-          const summaryPath = path.join('coverage', 'coverage-summary.json');
-          const finalPath = path.join('coverage', 'coverage-final.json');
-
-          const hasSummary = fs.existsSync(summaryPath);
-          const hasFinal = fs.existsSync(finalPath);
-
-          if (!hasSummary && !hasFinal) {
-            console.log('### Test Coverage Summary :test_tube:');
-            console.log('');
-            console.log('No coverage data found.');
-            process.exit(0);
-          }
-
-          const summary = hasSummary
-            ? JSON.parse(fs.readFileSync(summaryPath, 'utf8'))
-            : null;
-          const coverage = hasFinal
-            ? JSON.parse(fs.readFileSync(finalPath, 'utf8'))
-            : null;
-
-          const getLineCoverageFromStatements = (statementMap, statementHits) => {
-            const lineHits = {};
-
-            if (!statementMap || !statementHits) {
-              return lineHits;
-            }
-
-            Object.entries(statementMap).forEach(([key, statement]) => {
-              const line = statement?.start?.line;
-              if (!line) {
-                return;
-              }
-              const hits = statementHits[key] ?? 0;
-              const previous = lineHits[line];
-              lineHits[line] = previous === undefined ? hits : Math.max(previous, hits);
-            });
-
-            return lineHits;
-          };
-
-          const getFileCoverage = (entry) => (
-            libCoverage ? libCoverage.createFileCoverage(entry) : null
-          );
-
-          const getLineHits = (entry, fileCoverage) => {
-            const lineHits = entry.l ?? {};
-            if (Object.keys(lineHits).length > 0) {
-              return lineHits;
-            }
-            if (fileCoverage) {
-              return fileCoverage.getLineCoverage();
-            }
-            return getLineCoverageFromStatements(entry.statementMap ?? {}, entry.s ?? {});
-          };
-
-          const getUncoveredLines = (entry, fileCoverage, lineHits) => {
-            if (lineHits && Object.keys(lineHits).length > 0) {
-              return Object.entries(lineHits)
-                .filter(([, count]) => count === 0)
-                .map(([line]) => Number(line))
-                .sort((a, b) => a - b);
-            }
-            if (fileCoverage) {
-              return fileCoverage.getUncoveredLines();
-            }
-            return [];
-          };
-
-          const totals = {
-            lines: { covered: 0, total: 0 },
-            statements: { covered: 0, total: 0 },
-            branches: { covered: 0, total: 0 },
-            functions: { covered: 0, total: 0 },
-          };
-          const fileSummaries = [];
-
-          if (summary) {
-            const totalEntry = summary.total ?? {};
-            ['lines', 'statements', 'branches', 'functions'].forEach((key) => {
-              if (totalEntry[key]) {
-                totals[key].covered = totalEntry[key].covered ?? 0;
-                totals[key].total = totalEntry[key].total ?? 0;
-              }
-            });
-
-            Object.entries(summary)
-              .filter(([file]) => file !== 'total')
-              .forEach(([file, data]) => {
-                fileSummaries.push({
-                  file,
-                  pct: data.lines?.pct ?? data.statements?.pct ?? 0,
-                  lines: {
-                    covered: data.lines?.covered ?? 0,
-                    total: data.lines?.total ?? 0,
-                  },
-                });
-              });
-          } else if (coverage) {
-            Object.entries(coverage).forEach(([file, entry]) => {
-              const fileCoverage = getFileCoverage(entry);
-              const lineHits = getLineHits(entry, fileCoverage);
-              const statementHits = entry.s ?? {};
-              const branchHits = entry.b ?? {};
-              const functionHits = entry.f ?? {};
-
-              const lineTotal = Object.keys(lineHits).length;
-              const lineCovered = Object.values(lineHits).filter((n) => n > 0).length;
-
-              const statementTotal = Object.keys(statementHits).length;
-              const statementCovered = Object.values(statementHits).filter((n) => n > 0).length;
-
-              const branchTotal = Object.values(branchHits).reduce((acc, branches) => acc + branches.length, 0);
-              const branchCovered = Object.values(branchHits).reduce(
-                (acc, branches) => acc + branches.filter((n) => n > 0).length,
-                0,
-              );
-
-              const functionTotal = Object.keys(functionHits).length;
-              const functionCovered = Object.values(functionHits).filter((n) => n > 0).length;
-
-              totals.lines.total += lineTotal;
-              totals.lines.covered += lineCovered;
-              totals.statements.total += statementTotal;
-              totals.statements.covered += statementCovered;
-              totals.branches.total += branchTotal;
-              totals.branches.covered += branchCovered;
-              totals.functions.total += functionTotal;
-              totals.functions.covered += functionCovered;
-
-              const pct = (covered, tot) => (tot > 0 ? (covered / tot) * 100 : 0);
-
-              fileSummaries.push({
-                file,
-                pct: pct(lineCovered || statementCovered, lineTotal || statementTotal),
-                lines: {
-                  covered: lineCovered || statementCovered,
-                  total: lineTotal || statementTotal,
-                },
-              });
-            });
-          }
-
-          const pct = (covered, tot) => (tot > 0 ? ((covered / tot) * 100).toFixed(2) : '0.00');
-
-          console.log('### Test Coverage Summary :test_tube:');
-          console.log('');
-          console.log('| Metric | Coverage | Covered / Total |');
-          console.log('|--------|----------|-----------------|');
-          console.log(`| Lines | ${pct(totals.lines.covered, totals.lines.total)}% | ${totals.lines.covered} / ${totals.lines.total} |`);
-          console.log(`| Statements | ${pct(totals.statements.covered, totals.statements.total)}% | ${totals.statements.covered} / ${totals.statements.total} |`);
-          console.log(`| Branches | ${pct(totals.branches.covered, totals.branches.total)}% | ${totals.branches.covered} / ${totals.branches.total} |`);
-          console.log(`| Functions | ${pct(totals.functions.covered, totals.functions.total)}% | ${totals.functions.covered} / ${totals.functions.total} |`);
-
-          console.log('');
-          console.log('<details><summary>File coverage (lowest lines first)</summary>');
-          console.log('');
-          console.log('```');
-          fileSummaries
-            .sort((a, b) => (a.pct - b.pct) || (b.lines.total - a.lines.total))
-            .slice(0, 25)
-            .forEach(({ file, pct, lines }) => {
-              console.log(`${pct.toFixed(2)}%\t${lines.covered}/${lines.total}\t${file}`);
-            });
-          console.log('```');
-          console.log('</details>');
-
-          if (coverage) {
-            const pctValue = (covered, tot) => {
-              if (tot === 0) {
-                return '0';
-              }
-              return ((covered / tot) * 100)
-                .toFixed(2)
-                .replace(/\.?0+$/, '');
-            };
-
-            const formatLineRanges = (lines) => {
-              if (lines.length === 0) {
-                return '';
-              }
-              const ranges = [];
-              let start = lines[0];
-              let end = lines[0];
-
-              for (let i = 1; i < lines.length; i += 1) {
-                const current = lines[i];
-                if (current === end + 1) {
-                  end = current;
-                  continue;
-                }
-                ranges.push(start === end ? `${start}` : `${start}-${end}`);
-                start = current;
-                end = current;
-              }
-              ranges.push(start === end ? `${start}` : `${start}-${end}`);
-              return ranges.join(',');
-            };
-
-            const tableTotals = {
-              statements: { covered: 0, total: 0 },
-              branches: { covered: 0, total: 0 },
-              functions: { covered: 0, total: 0 },
-              lines: { covered: 0, total: 0 },
-            };
-            const tableRows = Object.entries(coverage)
-              .map(([file, entry]) => {
-                const fileCoverage = getFileCoverage(entry);
-                const lineHits = getLineHits(entry, fileCoverage);
-                const statementHits = entry.s ?? {};
-                const branchHits = entry.b ?? {};
-                const functionHits = entry.f ?? {};
-
-                const lineTotal = Object.keys(lineHits).length;
-                const lineCovered = Object.values(lineHits).filter((n) => n > 0).length;
-                const statementTotal = Object.keys(statementHits).length;
-                const statementCovered = Object.values(statementHits).filter((n) => n > 0).length;
-                const branchTotal = Object.values(branchHits).reduce((acc, branches) => acc + branches.length, 0);
-                const branchCovered = Object.values(branchHits).reduce(
-                  (acc, branches) => acc + branches.filter((n) => n > 0).length,
-                  0,
-                );
-                const functionTotal = Object.keys(functionHits).length;
-                const functionCovered = Object.values(functionHits).filter((n) => n > 0).length;
-
-                tableTotals.lines.total += lineTotal;
-                tableTotals.lines.covered += lineCovered;
-                tableTotals.statements.total += statementTotal;
-                tableTotals.statements.covered += statementCovered;
-                tableTotals.branches.total += branchTotal;
-                tableTotals.branches.covered += branchCovered;
-                tableTotals.functions.total += functionTotal;
-                tableTotals.functions.covered += functionCovered;
-
-                const uncoveredLines = getUncoveredLines(entry, fileCoverage, lineHits);
-
-                const filePath = entry.path ?? file;
-                const relativePath = path.isAbsolute(filePath)
-                  ? path.relative(process.cwd(), filePath)
-                  : filePath;
-
-                return {
-                  file: relativePath || file,
-                  statements: pctValue(statementCovered, statementTotal),
-                  branches: pctValue(branchCovered, branchTotal),
-                  functions: pctValue(functionCovered, functionTotal),
-                  lines: pctValue(lineCovered, lineTotal),
-                  uncovered: formatLineRanges(uncoveredLines),
-                };
-              })
-              .sort((a, b) => a.file.localeCompare(b.file));
-
-            const columns = [
-              { key: 'file', header: 'File', align: 'left' },
-              { key: 'statements', header: '% Stmts', align: 'right' },
-              { key: 'branches', header: '% Branch', align: 'right' },
-              { key: 'functions', header: '% Funcs', align: 'right' },
-              { key: 'lines', header: '% Lines', align: 'right' },
-              { key: 'uncovered', header: 'Uncovered Line #s', align: 'left' },
-            ];
-
-            const allFilesRow = {
-              file: 'All files',
-              statements: pctValue(tableTotals.statements.covered, tableTotals.statements.total),
-              branches: pctValue(tableTotals.branches.covered, tableTotals.branches.total),
-              functions: pctValue(tableTotals.functions.covered, tableTotals.functions.total),
-              lines: pctValue(tableTotals.lines.covered, tableTotals.lines.total),
-              uncovered: '',
-            };
-
-            const rowsForOutput = [allFilesRow, ...tableRows];
-            const formatRow = (row) => `| ${columns
-              .map(({ key }) => String(row[key] ?? ''))
-              .join(' | ')} |`;
-            const headerRow = `| ${columns.map(({ header }) => header).join(' | ')} |`;
-            const dividerRow = `| ${columns
-              .map(({ align }) => (align === 'right' ? '---:' : ':---'))
-              .join(' | ')} |`;
-
-            console.log('');
-            console.log('<details><summary>Vitest coverage table</summary>');
-            console.log('');
-            console.log(headerRow);
-            console.log(dividerRow);
-            rowsForOutput.forEach((row) => console.log(formatRow(row)));
-            console.log('</details>');
-          }
-          NODE
-
-      - name: Upload Coverage Artifact
-        if: steps.coverage-summary.outputs.has_coverage == 'true'
-        uses: actions/upload-artifact@v6
-        with:
-          name: web-coverage-report
-          path: web/coverage
-          retention-days: 30
-          if-no-files-found: error
+        if: steps.changed-files.outputs.any_changed == 'true'
+        working-directory: ./web
+        run: pnpm test
--- a/.gitignore
+++ b/.gitignore
@@ -139,6 +139,7 @@ pyrightconfig.json
 .idea/'

 .DS_Store
+web/.vscode/settings.json

 # Intellij IDEA Files
 .idea/*
@@ -195,7 +196,6 @@ docker/nginx/ssl/*
 !docker/nginx/ssl/.gitkeep
 docker/middleware.env
 docker/docker-compose.override.yaml
-docker/env-backup/*

 sdks/python-client/build
 sdks/python-client/dist
@@ -205,6 +205,7 @@ sdks/python-client/dify_client.egg-info
 !.vscode/launch.json.template
 !.vscode/README.md
 api/.vscode
+web/.vscode
 # vscode Code History Extension
 .history

@@ -219,6 +220,15 @@ plugins.jsonl
 # mise
 mise.toml

+# Next.js build output
+.next/
+
+# PWA generated files
+web/public/sw.js
+web/public/sw.js.map
+web/public/workbox-*.js
+web/public/workbox-*.js.map
+web/public/fallback-*.js

 # AI Assistant
 .roo/
@@ -235,4 +245,3 @@ scripts/stress-test/reports/

 # settings
 *.local.json
-*.local.md
--- a/.mcp.json
+++ b/.mcp.json
@@ -0,0 +1,34 @@
+{
+    "mcpServers": {
+      "context7": {
+        "type": "http",
+        "url": "https://mcp.context7.com/mcp"
+      },
+      "sequential-thinking": {
+        "type": "stdio",
+        "command": "npx",
+        "args": ["-y", "@modelcontextprotocol/server-sequential-thinking"],
+        "env": {}
+      },
+      "github": {
+        "type": "stdio",
+        "command": "npx",
+        "args": ["-y", "@modelcontextprotocol/server-github"],
+        "env": {
+          "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PERSONAL_ACCESS_TOKEN}"
+        }
+      },
+      "fetch": {
+        "type": "stdio",
+        "command": "uvx",
+        "args": ["mcp-server-fetch"],
+        "env": {}
+      },
+      "playwright": {
+        "type": "stdio",
+        "command": "npx",
+        "args": ["-y", "@playwright/mcp@latest"],
+        "env": {}
+      }
+    }
+  }
--- a/.vscode/launch.json.template
+++ b/.vscode/launch.json.template
@@ -37,7 +37,7 @@
                "-c",
                "1",
                "-Q",
-                "dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention",
+                "dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor",
                "--loglevel",
                "INFO"
            ],
--- a/api/.env.example
+++ b/api/.env.example
@@ -101,15 +101,6 @@ S3_ACCESS_KEY=your-access-key
 S3_SECRET_KEY=your-secret-key
 S3_REGION=your-region

-# Workflow run and Conversation archive storage (S3-compatible)
-ARCHIVE_STORAGE_ENABLED=false
-ARCHIVE_STORAGE_ENDPOINT=
-ARCHIVE_STORAGE_ARCHIVE_BUCKET=
-ARCHIVE_STORAGE_EXPORT_BUCKET=
-ARCHIVE_STORAGE_ACCESS_KEY=
-ARCHIVE_STORAGE_SECRET_KEY=
-ARCHIVE_STORAGE_REGION=auto
-
 # Azure Blob Storage configuration
 AZURE_BLOB_ACCOUNT_NAME=your-account-name
 AZURE_BLOB_ACCOUNT_KEY=your-account-key
@@ -125,7 +116,6 @@ ALIYUN_OSS_AUTH_VERSION=v1
 ALIYUN_OSS_REGION=your-region
 # Don't start with '/'. OSS doesn't support leading slash in object names.
 ALIYUN_OSS_PATH=your-path
-ALIYUN_CLOUDBOX_ID=your-cloudbox-id

 # Google Storage configuration
 GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
@@ -137,14 +127,12 @@ TENCENT_COS_SECRET_KEY=your-secret-key
 TENCENT_COS_SECRET_ID=your-secret-id
 TENCENT_COS_REGION=your-region
 TENCENT_COS_SCHEME=your-scheme
-TENCENT_COS_CUSTOM_DOMAIN=your-custom-domain

 # Huawei OBS Storage Configuration
 HUAWEI_OBS_BUCKET_NAME=your-bucket-name
 HUAWEI_OBS_SECRET_KEY=your-secret-key
 HUAWEI_OBS_ACCESS_KEY=your-access-key
 HUAWEI_OBS_SERVER=your-server-url
-HUAWEI_OBS_PATH_STYLE=false

 # Baidu OBS Storage Configuration
 BAIDU_OBS_BUCKET_NAME=your-bucket-name
@@ -502,8 +490,6 @@ LOG_FILE_BACKUP_COUNT=5
 LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
 # Log Timezone
 LOG_TZ=UTC
-# Log output format: text or json
-LOG_OUTPUT_FORMAT=text
 # Log format
 LOG_FORMAT=%(asctime)s,%(msecs)d %(levelname)-2s [%(filename)s:%(lineno)d] %(req_id)s %(message)s

@@ -557,25 +543,6 @@ APP_MAX_EXECUTION_TIME=1200
 APP_DEFAULT_ACTIVE_REQUESTS=0
 APP_MAX_ACTIVE_REQUESTS=0

-# Aliyun SLS Logstore Configuration
-# Aliyun Access Key ID
-ALIYUN_SLS_ACCESS_KEY_ID=
-# Aliyun Access Key Secret
-ALIYUN_SLS_ACCESS_KEY_SECRET=
-# Aliyun SLS Endpoint (e.g., cn-hangzhou.log.aliyuncs.com)
-ALIYUN_SLS_ENDPOINT=
-# Aliyun SLS Region (e.g., cn-hangzhou)
-ALIYUN_SLS_REGION=
-# Aliyun SLS Project Name
-ALIYUN_SLS_PROJECT_NAME=
-# Number of days to retain workflow run logs (default: 365 days， 3650 for permanent storage)
-ALIYUN_SLS_LOGSTORE_TTL=365
-# Enable dual-write to both SLS LogStore and SQL database (default: false)
-LOGSTORE_DUAL_WRITE_ENABLED=false
-# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
-# Useful for migration scenarios where historical data exists only in SQL database
-LOGSTORE_DUAL_READ_ENABLED=true
-
 # Celery beat configuration
 CELERY_BEAT_SCHEDULER_TIME=1

@@ -659,7 +626,17 @@ QUEUE_MONITOR_ALERT_EMAILS=
 QUEUE_MONITOR_INTERVAL=30

 # Swagger UI configuration
-SWAGGER_UI_ENABLED=true
+# SECURITY: Swagger UI is automatically disabled in PRODUCTION environment (DEPLOY_ENV=PRODUCTION)
+# to prevent API information disclosure.
+#
+# Behavior:
+# - DEPLOY_ENV=PRODUCTION + SWAGGER_UI_ENABLED not set -> Swagger DISABLED (secure default)
+# - DEPLOY_ENV=DEVELOPMENT/TESTING + SWAGGER_UI_ENABLED not set -> Swagger ENABLED
+# - SWAGGER_UI_ENABLED=true -> Swagger ENABLED (overrides environment check)
+# - SWAGGER_UI_ENABLED=false -> Swagger DISABLED (explicit disable)
+#
+# For development, you can uncomment below or set DEPLOY_ENV=DEVELOPMENT
+# SWAGGER_UI_ENABLED=false
 SWAGGER_UI_PATH=/swagger-ui.html

 # Whether to encrypt dataset IDs when exporting DSL files (default: true)
@@ -703,8 +680,4 @@ ANNOTATION_IMPORT_MIN_RECORDS=1
 ANNOTATION_IMPORT_RATE_LIMIT_PER_MINUTE=5
 ANNOTATION_IMPORT_RATE_LIMIT_PER_HOUR=20
 # Maximum number of concurrent annotation import tasks per tenant
-ANNOTATION_IMPORT_MAX_CONCURRENT=5
-# Sandbox expired records clean configuration
-SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
-SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
-SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
+ANNOTATION_IMPORT_MAX_CONCURRENT=5
--- a/api/.ruff.toml
+++ b/api/.ruff.toml
@@ -1,8 +1,4 @@
-exclude = [
-    "migrations/*",
-    ".git",
-    ".git/**",
-]
+exclude = ["migrations/*"]
 line-length = 120

 [format]
--- a/api/README.md
+++ b/api/README.md
@@ -84,7 +84,7 @@
 1. If you need to handle and debug the async tasks (e.g. dataset importing and documents indexing), please start the worker service.

 ```bash
-uv run celery -A app.celery worker -P threads -c 2 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor,retention
+uv run celery -A app.celery worker -P threads -c 2 --loglevel INFO -Q dataset,priority_dataset,priority_pipeline,pipeline,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation,workflow,schedule_poller,schedule_executor,triggered_workflow_dispatcher,trigger_refresh_executor
 ```

 Additionally, if you want to debug the celery scheduled tasks, you can run the following command in another terminal to start the beat service:
--- a/api/app_factory.py
+++ b/api/app_factory.py
@@ -2,11 +2,9 @@ import logging
 import time

 from opentelemetry.trace import get_current_span
-from opentelemetry.trace.span import INVALID_SPAN_ID, INVALID_TRACE_ID

 from configs import dify_config
 from contexts.wrapper import RecyclableContextVar
-from core.logging.context import init_request_context
 from dify_app import DifyApp

 logger = logging.getLogger(__name__)
@@ -27,35 +25,28 @@ def create_flask_app_with_configs() -> DifyApp:
    # add before request hook
    @dify_app.before_request
    def before_request():
-        # Initialize logging context for this request
-        init_request_context()
+        # add an unique identifier to each request
        RecyclableContextVar.increment_thread_recycles()

-    # add after request hook for injecting trace headers from OpenTelemetry span context
-    # Only adds headers when OTEL is enabled and has valid context
+    # add after request hook for injecting X-Trace-Id header from OpenTelemetry span context
    @dify_app.after_request
-    def add_trace_headers(response):
+    def add_trace_id_header(response):
        try:
            span = get_current_span()
            ctx = span.get_span_context() if span else None
-
-            if not ctx or not ctx.is_valid:
-                return response
-
-            # Inject trace headers from OTEL context
-            if ctx.trace_id != INVALID_TRACE_ID and "X-Trace-Id" not in response.headers:
-                response.headers["X-Trace-Id"] = format(ctx.trace_id, "032x")
-            if ctx.span_id != INVALID_SPAN_ID and "X-Span-Id" not in response.headers:
-                response.headers["X-Span-Id"] = format(ctx.span_id, "016x")
-
+            if ctx and ctx.is_valid:
+                trace_id_hex = format(ctx.trace_id, "032x")
+                # Avoid duplicates if some middleware added it
+                if "X-Trace-Id" not in response.headers:
+                    response.headers["X-Trace-Id"] = trace_id_hex
        except Exception:
            # Never break the response due to tracing header injection
-            logger.warning("Failed to add trace headers to response", exc_info=True)
+            logger.warning("Failed to add trace ID to response header", exc_info=True)
        return response

    # Capture the decorator's return value to avoid pyright reportUnusedFunction
    _ = before_request
-    _ = add_trace_headers
+    _ = add_trace_id_header

    return dify_app

@@ -84,7 +75,6 @@ def initialize_extensions(app: DifyApp):
        ext_import_modules,
        ext_logging,
        ext_login,
-        ext_logstore,
        ext_mail,
        ext_migrate,
        ext_orjson,
@@ -115,7 +105,6 @@ def initialize_extensions(app: DifyApp):
        ext_migrate,
        ext_redis,
        ext_storage,
-        ext_logstore,  # Initialize logstore after storage, before celery
        ext_celery,
        ext_login,
        ext_mail,
--- a/api/configs/extra/init.py
+++ b/api/configs/extra/init.py
@@ -1,11 +1,9 @@
-from configs.extra.archive_config import ArchiveStorageConfig
 from configs.extra.notion_config import NotionConfig
 from configs.extra.sentry_config import SentryConfig


 class ExtraServiceConfig(
    # place the configs in alphabet order
-    ArchiveStorageConfig,
    NotionConfig,
    SentryConfig,
 ):
--- a/api/configs/extra/archive_config.py
+++ b/api/configs/extra/archive_config.py
@@ -1,43 +0,0 @@
-from pydantic import Field
-from pydantic_settings import BaseSettings
-
-
-class ArchiveStorageConfig(BaseSettings):
-    """
-    Configuration settings for workflow run logs archiving storage.
-    """
-
-    ARCHIVE_STORAGE_ENABLED: bool = Field(
-        description="Enable workflow run logs archiving to S3-compatible storage",
-        default=False,
-    )
-
-    ARCHIVE_STORAGE_ENDPOINT: str | None = Field(
-        description="URL of the S3-compatible storage endpoint (e.g., 'https://storage.example.com')",
-        default=None,
-    )
-
-    ARCHIVE_STORAGE_ARCHIVE_BUCKET: str | None = Field(
-        description="Name of the bucket to store archived workflow logs",
-        default=None,
-    )
-
-    ARCHIVE_STORAGE_EXPORT_BUCKET: str | None = Field(
-        description="Name of the bucket to store exported workflow runs",
-        default=None,
-    )
-
-    ARCHIVE_STORAGE_ACCESS_KEY: str | None = Field(
-        description="Access key ID for authenticating with storage",
-        default=None,
-    )
-
-    ARCHIVE_STORAGE_SECRET_KEY: str | None = Field(
-        description="Secret access key for authenticating with storage",
-        default=None,
-    )
-
-    ARCHIVE_STORAGE_REGION: str = Field(
-        description="Region for storage (use 'auto' if the provider supports it)",
-        default="auto",
-    )
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@@ -218,7 +218,7 @@ class PluginConfig(BaseSettings):

    PLUGIN_DAEMON_TIMEOUT: PositiveFloat | None = Field(
        description="Timeout in seconds for requests to the plugin daemon (set to None to disable)",
-        default=600.0,
+        default=300.0,
    )

    INNER_API_KEY_FOR_PLUGIN: str = Field(description="Inner api key for plugin", default="inner-api-key")
@@ -587,11 +587,6 @@ class LoggingConfig(BaseSettings):
        default="INFO",
    )

-    LOG_OUTPUT_FORMAT: Literal["text", "json"] = Field(
-        description="Log output format: 'text' for human-readable, 'json' for structured JSON logs.",
-        default="text",
-    )
-
    LOG_FILE: str | None = Field(
        description="File path for log output.",
        default=None,
@@ -1257,9 +1252,19 @@ class WorkflowLogConfig(BaseSettings):


 class SwaggerUIConfig(BaseSettings):
-    SWAGGER_UI_ENABLED: bool = Field(
-        description="Whether to enable Swagger UI in api module",
-        default=True,
+    """
+    Configuration for Swagger UI documentation.
+
+    Security Note: Swagger UI is automatically disabled in PRODUCTION environment
+    to prevent API information disclosure. Set SWAGGER_UI_ENABLED=true explicitly
+    to enable in production if needed.
+    """
+
+    SWAGGER_UI_ENABLED: bool | None = Field(
+        description="Whether to enable Swagger UI in api module. "
+        "Automatically disabled in PRODUCTION environment for security. "
+        "Set to true explicitly to enable in production.",
+        default=None,
    )

    SWAGGER_UI_PATH: str = Field(
@@ -1267,6 +1272,23 @@ class SwaggerUIConfig(BaseSettings):
        default="/swagger-ui.html",
    )

+    @property
+    def swagger_ui_enabled(self) -> bool:
+        """
+        Compute whether Swagger UI should be enabled.
+
+        If SWAGGER_UI_ENABLED is explicitly set, use that value.
+        Otherwise, disable in PRODUCTION environment for security.
+        """
+        if self.SWAGGER_UI_ENABLED is not None:
+            return self.SWAGGER_UI_ENABLED
+
+        # Auto-disable in production environment
+        import os
+
+        deploy_env = os.environ.get("DEPLOY_ENV", "PRODUCTION")
+        return deploy_env.upper() != "PRODUCTION"
+

 class TenantIsolatedTaskQueueConfig(BaseSettings):
    TENANT_ISOLATED_TASK_CONCURRENCY: int = Field(
@@ -1275,21 +1297,6 @@ class TenantIsolatedTaskQueueConfig(BaseSettings):
    )


-class SandboxExpiredRecordsCleanConfig(BaseSettings):
-    SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: NonNegativeInt = Field(
-        description="Graceful period in days for sandbox records clean after subscription expiration",
-        default=21,
-    )
-    SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: PositiveInt = Field(
-        description="Maximum number of records to process in each batch",
-        default=1000,
-    )
-    SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: PositiveInt = Field(
-        description="Retention days for sandbox expired workflow_run records and message records",
-        default=30,
-    )
-
-
 class FeatureConfig(
    # place the configs in alphabet order
    AppExecutionConfig,
@@ -1315,7 +1322,6 @@ class FeatureConfig(
    PositionConfig,
    RagEtlConfig,
    RepositoryConfig,
-    SandboxExpiredRecordsCleanConfig,
    SecurityConfig,
    TenantIsolatedTaskQueueConfig,
    ToolConfig,
--- a/api/configs/middleware/init.py
+++ b/api/configs/middleware/init.py
@@ -107,7 +107,7 @@ class KeywordStoreConfig(BaseSettings):

 class DatabaseConfig(BaseSettings):
    # Database type selector
-    DB_TYPE: Literal["postgresql", "mysql", "oceanbase", "seekdb"] = Field(
+    DB_TYPE: Literal["postgresql", "mysql", "oceanbase"] = Field(
        description="Database type to use. OceanBase is MySQL-compatible.",
        default="postgresql",
    )
--- a/api/configs/middleware/storage/aliyun_oss_storage_config.py
+++ b/api/configs/middleware/storage/aliyun_oss_storage_config.py
@@ -41,8 +41,3 @@ class AliyunOSSStorageConfig(BaseSettings):
        description="Base path within the bucket to store objects (e.g., 'my-app-data/')",
        default=None,
    )
-
-    ALIYUN_CLOUDBOX_ID: str | None = Field(
-        description="Cloudbox id for aliyun cloudbox service",
-        default=None,
-    )
--- a/api/configs/middleware/storage/huawei_obs_storage_config.py
+++ b/api/configs/middleware/storage/huawei_obs_storage_config.py
@@ -26,8 +26,3 @@ class HuaweiCloudOBSStorageConfig(BaseSettings):
        description="Endpoint URL for Huawei Cloud OBS (e.g., 'https://obs.cn-north-4.myhuaweicloud.com')",
        default=None,
    )
-
-    HUAWEI_OBS_PATH_STYLE: bool = Field(
-        description="Flag to indicate whether to use path-style URLs for OBS requests",
-        default=False,
-    )
--- a/api/configs/middleware/storage/tencent_cos_storage_config.py
+++ b/api/configs/middleware/storage/tencent_cos_storage_config.py
@@ -31,8 +31,3 @@ class TencentCloudCOSStorageConfig(BaseSettings):
        description="Protocol scheme for COS requests: 'https' (recommended) or 'http'",
        default=None,
    )
-
-    TENCENT_COS_CUSTOM_DOMAIN: str | None = Field(
-        description="Tencent Cloud COS custom domain setting",
-        default=None,
-    )
--- a/api/controllers/common/fields.py
+++ b/api/controllers/common/fields.py
@@ -1,59 +1,62 @@
-from __future__ import annotations
+from flask_restx import Api, Namespace, fields

-from typing import Any, TypeAlias
+from libs.helper import AppIconUrlField

-from pydantic import BaseModel, ConfigDict, computed_field
-
-from core.file import helpers as file_helpers
-from models.model import IconType
-
-JSONValue: TypeAlias = str | int | float | bool | None | dict[str, Any] | list[Any]
-JSONObject: TypeAlias = dict[str, Any]
+parameters__system_parameters = {
+    "image_file_size_limit": fields.Integer,
+    "video_file_size_limit": fields.Integer,
+    "audio_file_size_limit": fields.Integer,
+    "file_size_limit": fields.Integer,
+    "workflow_file_upload_limit": fields.Integer,
+}


-class SystemParameters(BaseModel):
-    image_file_size_limit: int
-    video_file_size_limit: int
-    audio_file_size_limit: int
-    file_size_limit: int
-    workflow_file_upload_limit: int
+def build_system_parameters_model(api_or_ns: Api | Namespace):
+    """Build the system parameters model for the API or Namespace."""
+    return api_or_ns.model("SystemParameters", parameters__system_parameters)


-class Parameters(BaseModel):
-    opening_statement: str | None = None
-    suggested_questions: list[str]
-    suggested_questions_after_answer: JSONObject
-    speech_to_text: JSONObject
-    text_to_speech: JSONObject
-    retriever_resource: JSONObject
-    annotation_reply: JSONObject
-    more_like_this: JSONObject
-    user_input_form: list[JSONObject]
-    sensitive_word_avoidance: JSONObject
-    file_upload: JSONObject
-    system_parameters: SystemParameters
+parameters_fields = {
+    "opening_statement": fields.String,
+    "suggested_questions": fields.Raw,
+    "suggested_questions_after_answer": fields.Raw,
+    "speech_to_text": fields.Raw,
+    "text_to_speech": fields.Raw,
+    "retriever_resource": fields.Raw,
+    "annotation_reply": fields.Raw,
+    "more_like_this": fields.Raw,
+    "user_input_form": fields.Raw,
+    "sensitive_word_avoidance": fields.Raw,
+    "file_upload": fields.Raw,
+    "system_parameters": fields.Nested(parameters__system_parameters),
+}


-class Site(BaseModel):
-    model_config = ConfigDict(from_attributes=True)
+def build_parameters_model(api_or_ns: Api | Namespace):
+    """Build the parameters model for the API or Namespace."""
+    copied_fields = parameters_fields.copy()
+    copied_fields["system_parameters"] = fields.Nested(build_system_parameters_model(api_or_ns))
+    return api_or_ns.model("Parameters", copied_fields)

-    title: str
-    chat_color_theme: str | None = None
-    chat_color_theme_inverted: bool
-    icon_type: str | None = None
-    icon: str | None = None
-    icon_background: str | None = None
-    description: str | None = None
-    copyright: str | None = None
-    privacy_policy: str | None = None
-    custom_disclaimer: str | None = None
-    default_language: str
-    show_workflow_steps: bool
-    use_icon_as_answer_icon: bool

-    @computed_field(return_type=str | None)  # type: ignore
-    @property
-    def icon_url(self) -> str | None:
-        if self.icon and self.icon_type == IconType.IMAGE:
-            return file_helpers.get_signed_file_url(self.icon)
-        return None
+site_fields = {
+    "title": fields.String,
+    "chat_color_theme": fields.String,
+    "chat_color_theme_inverted": fields.Boolean,
+    "icon_type": fields.String,
+    "icon": fields.String,
+    "icon_background": fields.String,
+    "icon_url": AppIconUrlField,
+    "description": fields.String,
+    "copyright": fields.String,
+    "privacy_policy": fields.String,
+    "custom_disclaimer": fields.String,
+    "default_language": fields.String,
+    "show_workflow_steps": fields.Boolean,
+    "use_icon_as_answer_icon": fields.Boolean,
+}
+
+
+def build_site_model(api_or_ns: Api | Namespace):
+    """Build the site model for the API or Namespace."""
+    return api_or_ns.model("Site", site_fields)
--- a/api/controllers/common/file_response.py
+++ b/api/controllers/common/file_response.py
@@ -1,57 +0,0 @@
-import os
-from email.message import Message
-from urllib.parse import quote
-
-from flask import Response
-
-HTML_MIME_TYPES = frozenset({"text/html", "application/xhtml+xml"})
-HTML_EXTENSIONS = frozenset({"html", "htm"})
-
-
-def _normalize_mime_type(mime_type: str | None) -> str:
-    if not mime_type:
-        return ""
-    message = Message()
-    message["Content-Type"] = mime_type
-    return message.get_content_type().strip().lower()
-
-
-def _is_html_extension(extension: str | None) -> bool:
-    if not extension:
-        return False
-    return extension.lstrip(".").lower() in HTML_EXTENSIONS
-
-
-def is_html_content(mime_type: str | None, filename: str | None, extension: str | None = None) -> bool:
-    normalized_mime_type = _normalize_mime_type(mime_type)
-    if normalized_mime_type in HTML_MIME_TYPES:
-        return True
-
-    if _is_html_extension(extension):
-        return True
-
-    if filename:
-        return _is_html_extension(os.path.splitext(filename)[1])
-
-    return False
-
-
-def enforce_download_for_html(
-    response: Response,
-    *,
-    mime_type: str | None,
-    filename: str | None,
-    extension: str | None = None,
-) -> bool:
-    if not is_html_content(mime_type, filename, extension):
-        return False
-
-    if filename:
-        encoded_filename = quote(filename)
-        response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
-    else:
-        response.headers["Content-Disposition"] = "attachment"
-
-    response.headers["Content-Type"] = "application/octet-stream"
-    response.headers["X-Content-Type-Options"] = "nosniff"
-    return True
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@@ -1,4 +1,3 @@
-import re
 import uuid
 from typing import Literal

@@ -74,48 +73,6 @@ class AppListQuery(BaseModel):
            raise ValueError("Invalid UUID format in tag_ids.") from exc


-# XSS prevention: patterns that could lead to XSS attacks
-# Includes: script tags, iframe tags, javascript: protocol, SVG with onload, etc.
-_XSS_PATTERNS = [
-    r"<script[^>]*>.*?</script>",  # Script tags
-    r"<iframe\b[^>]*?(?:/>|>.*?</iframe>)",  # Iframe tags (including self-closing)
-    r"javascript:",  # JavaScript protocol
-    r"<svg[^>]*?\s+onload\s*=[^>]*>",  # SVG with onload handler (attribute-aware, flexible whitespace)
-    r"<.*?on\s*\w+\s*=",  # Event handlers like onclick, onerror, etc.
-    r"<object\b[^>]*(?:\s*/>|>.*?</object\s*>)",  # Object tags (opening tag)
-    r"<embed[^>]*>",  # Embed tags (self-closing)
-    r"<link[^>]*>",  # Link tags with javascript
-]
-
-
-def _validate_xss_safe(value: str | None, field_name: str = "Field") -> str | None:
-    """
-    Validate that a string value doesn't contain potential XSS payloads.
-
-    Args:
-        value: The string value to validate
-        field_name: Name of the field for error messages
-
-    Returns:
-        The original value if safe
-
-    Raises:
-        ValueError: If the value contains XSS patterns
-    """
-    if value is None:
-        return None
-
-    value_lower = value.lower()
-    for pattern in _XSS_PATTERNS:
-        if re.search(pattern, value_lower, re.DOTALL | re.IGNORECASE):
-            raise ValueError(
-                f"{field_name} contains invalid characters or patterns. "
-                "HTML tags, JavaScript, and other potentially dangerous content are not allowed."
-            )
-
-    return value
-
-
 class CreateAppPayload(BaseModel):
    name: str = Field(..., min_length=1, description="App name")
    description: str | None = Field(default=None, description="App description (max 400 chars)", max_length=400)
@@ -124,11 +81,6 @@ class CreateAppPayload(BaseModel):
    icon: str | None = Field(default=None, description="Icon")
    icon_background: str | None = Field(default=None, description="Icon background color")

-    @field_validator("name", "description", mode="before")
-    @classmethod
-    def validate_xss_safe(cls, value: str | None, info) -> str | None:
-        return _validate_xss_safe(value, info.field_name)
-

 class UpdateAppPayload(BaseModel):
    name: str = Field(..., min_length=1, description="App name")
@@ -139,11 +91,6 @@ class UpdateAppPayload(BaseModel):
    use_icon_as_answer_icon: bool | None = Field(default=None, description="Use icon as answer icon")
    max_active_requests: int | None = Field(default=None, description="Maximum active requests")

-    @field_validator("name", "description", mode="before")
-    @classmethod
-    def validate_xss_safe(cls, value: str | None, info) -> str | None:
-        return _validate_xss_safe(value, info.field_name)
-

 class CopyAppPayload(BaseModel):
    name: str | None = Field(default=None, description="Name for the copied app")
@@ -152,11 +99,6 @@ class CopyAppPayload(BaseModel):
    icon: str | None = Field(default=None, description="Icon")
    icon_background: str | None = Field(default=None, description="Icon background color")

-    @field_validator("name", "description", mode="before")
-    @classmethod
-    def validate_xss_safe(cls, value: str | None, info) -> str | None:
-        return _validate_xss_safe(value, info.field_name)
-

 class AppExportQuery(BaseModel):
    include_secret: bool = Field(default=False, description="Include secrets in export")
--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@@ -13,6 +13,7 @@ from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from core.app.entities.app_invoke_entities import InvokeFrom
 from extensions.ext_database import db
+from fields.conversation_fields import MessageTextField
 from fields.raws import FilesContainedField
 from libs.datetime_utils import naive_utc_now, parse_time_range
 from libs.helper import TimestampField
@@ -176,12 +177,6 @@ annotation_hit_history_model = console_ns.model(
    },
 )

-
-class MessageTextField(fields.Raw):
-    def format(self, value):
-        return value[0]["text"] if value else ""
-
-
 # Simple message detail model
 simple_message_detail_model = console_ns.model(
    "SimpleMessageDetail",
--- a/api/controllers/console/auth/activate.py
+++ b/api/controllers/console/auth/activate.py
@@ -7,9 +7,9 @@ from controllers.console import console_ns
 from controllers.console.error import AlreadyActivateError
 from extensions.ext_database import db
 from libs.datetime_utils import naive_utc_now
-from libs.helper import EmailStr, timezone
+from libs.helper import EmailStr, extract_remote_ip, timezone
 from models import AccountStatus
-from services.account_service import RegisterService
+from services.account_service import AccountService, RegisterService

 DEFAULT_REF_TEMPLATE_SWAGGER_2_0 = "#/definitions/{model}"

@@ -93,6 +93,7 @@ class ActivateApi(Resource):
            "ActivationResponse",
            {
                "result": fields.String(description="Operation result"),
+                "data": fields.Raw(description="Login token data"),
            },
        ),
    )
@@ -116,4 +117,6 @@ class ActivateApi(Resource):
        account.initialized_at = naive_utc_now()
        db.session.commit()

-        return {"result": "success"}
+        token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
+
+        return {"result": "success", "data": token_pair.model_dump()}
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -22,12 +22,7 @@ from controllers.console.error import (
    NotAllowedCreateWorkspace,
    WorkspacesLimitExceeded,
 )
-from controllers.console.wraps import (
-    decrypt_code_field,
-    decrypt_password_field,
-    email_password_login_enabled,
-    setup_required,
-)
+from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from libs.helper import EmailStr, extract_remote_ip
 from libs.login import current_account_with_tenant
@@ -84,7 +79,6 @@ class LoginApi(Resource):
    @setup_required
    @email_password_login_enabled
    @console_ns.expect(console_ns.models[LoginPayload.__name__])
-    @decrypt_password_field
    def post(self):
        """Authenticate user and login."""
        args = LoginPayload.model_validate(console_ns.payload)
@@ -224,7 +218,6 @@ class EmailCodeLoginSendEmailApi(Resource):
 class EmailCodeLoginApi(Resource):
    @setup_required
    @console_ns.expect(console_ns.models[EmailCodeLoginPayload.__name__])
-    @decrypt_code_field
    def post(self):
        args = EmailCodeLoginPayload.model_validate(console_ns.payload)

--- a/api/controllers/console/auth/oauth.py
+++ b/api/controllers/console/auth/oauth.py
@@ -124,7 +124,7 @@ class OAuthCallback(Resource):
            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin/invite-settings?invite_token={invite_token}")

        try:
-            account, oauth_new_user = _generate_account(provider, user_info)
+            account = _generate_account(provider, user_info)
        except AccountNotFoundError:
            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin?message=Account not found.")
        except (WorkSpaceNotFoundError, WorkSpaceNotAllowedCreateError):
@@ -159,10 +159,7 @@ class OAuthCallback(Resource):
            ip_address=extract_remote_ip(request),
        )

-        base_url = dify_config.CONSOLE_WEB_URL
-        query_char = "&" if "?" in base_url else "?"
-        target_url = f"{base_url}{query_char}oauth_new_user={str(oauth_new_user).lower()}"
-        response = redirect(target_url)
+        response = redirect(f"{dify_config.CONSOLE_WEB_URL}")

        set_access_token_to_cookie(request, response, token_pair.access_token)
        set_refresh_token_to_cookie(request, response, token_pair.refresh_token)
@@ -180,10 +177,9 @@ def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) ->
    return account


-def _generate_account(provider: str, user_info: OAuthUserInfo) -> tuple[Account, bool]:
+def _generate_account(provider: str, user_info: OAuthUserInfo):
    # Get account by openid or email.
    account = _get_account_by_openid_or_email(provider, user_info)
-    oauth_new_user = False

    if account:
        tenants = TenantService.get_join_tenants(account)
@@ -197,7 +193,6 @@ def _generate_account(provider: str, user_info: OAuthUserInfo) -> tuple[Account,
                tenant_was_created.send(new_tenant)

    if not account:
-        oauth_new_user = True
        if not FeatureService.get_system_features().is_allow_register:
            if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(user_info.email):
                raise AccountRegisterError(
@@ -225,4 +220,4 @@ def _generate_account(provider: str, user_info: OAuthUserInfo) -> tuple[Account,
    # Link account
    AccountService.link_account_integrate(provider, user_info.id, account)

-    return account, oauth_new_user
+    return account
--- a/api/controllers/console/billing/billing.py
+++ b/api/controllers/console/billing/billing.py
@@ -1,9 +1,8 @@
 import base64
-from typing import Literal

 from flask import request
 from flask_restx import Resource, fields
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, field_validator
 from werkzeug.exceptions import BadRequest

 from controllers.console import console_ns
@@ -16,8 +15,22 @@ DEFAULT_REF_TEMPLATE_SWAGGER_2_0 = "#/definitions/{model}"


 class SubscriptionQuery(BaseModel):
-    plan: Literal[CloudPlan.PROFESSIONAL, CloudPlan.TEAM] = Field(..., description="Subscription plan")
-    interval: Literal["month", "year"] = Field(..., description="Billing interval")
+    plan: str = Field(..., description="Subscription plan")
+    interval: str = Field(..., description="Billing interval")
+
+    @field_validator("plan")
+    @classmethod
+    def validate_plan(cls, value: str) -> str:
+        if value not in [CloudPlan.PROFESSIONAL, CloudPlan.TEAM]:
+            raise ValueError("Invalid plan")
+        return value
+
+    @field_validator("interval")
+    @classmethod
+    def validate_interval(cls, value: str) -> str:
+        if value not in {"month", "year"}:
+            raise ValueError("Invalid interval")
+        return value


 class PartnerTenantsPayload(BaseModel):
--- a/api/controllers/console/datasets/data_source.py
+++ b/api/controllers/console/datasets/data_source.py
@@ -140,18 +140,6 @@ class DataSourceNotionListApi(Resource):
        credential_id = request.args.get("credential_id", default=None, type=str)
        if not credential_id:
            raise ValueError("Credential id is required.")
-
-        # Get datasource_parameters from query string (optional, for GitHub and other datasources)
-        datasource_parameters_str = request.args.get("datasource_parameters", default=None, type=str)
-        datasource_parameters = {}
-        if datasource_parameters_str:
-            try:
-                datasource_parameters = json.loads(datasource_parameters_str)
-                if not isinstance(datasource_parameters, dict):
-                    raise ValueError("datasource_parameters must be a JSON object.")
-            except json.JSONDecodeError:
-                raise ValueError("Invalid datasource_parameters JSON format.")
-
        datasource_provider_service = DatasourceProviderService()
        credential = datasource_provider_service.get_datasource_credentials(
            tenant_id=current_tenant_id,
@@ -199,7 +187,7 @@ class DataSourceNotionListApi(Resource):
            online_document_result: Generator[OnlineDocumentPagesMessage, None, None] = (
                datasource_runtime.get_online_document_pages(
                    user_id=current_user.id,
-                    datasource_parameters=datasource_parameters,
+                    datasource_parameters={},
                    provider_type=datasource_runtime.datasource_provider_type(),
                )
            )
@@ -230,14 +218,14 @@ class DataSourceNotionListApi(Resource):


@console_ns.route(
-    "/notion/pages/<uuid:page_id>/<string:page_type>/preview",
+    "/notion/workspaces/<uuid:workspace_id>/pages/<uuid:page_id>/<string:page_type>/preview",
    "/datasets/notion-indexing-estimate",
 )
 class DataSourceNotionApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, page_id, page_type):
+    def get(self, workspace_id, page_id, page_type):
        _, current_tenant_id = current_account_with_tenant()

        credential_id = request.args.get("credential_id", default=None, type=str)
@@ -251,10 +239,11 @@ class DataSourceNotionApi(Resource):
            plugin_id="langgenius/notion_datasource",
        )

+        workspace_id = str(workspace_id)
        page_id = str(page_id)

        extractor = NotionExtractor(
-            notion_workspace_id="",
+            notion_workspace_id=workspace_id,
            notion_obj_id=page_id,
            notion_page_type=page_type,
            notion_access_token=credential.get("integration_secret"),
--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@@ -146,7 +146,7 @@ class DatasetUpdatePayload(BaseModel):
    embedding_model: str | None = None
    embedding_model_provider: str | None = None
    retrieval_model: dict[str, Any] | None = None
-    partial_member_list: list[dict[str, str]] | None = None
+    partial_member_list: list[str] | None = None
    external_retrieval_model: dict[str, Any] | None = None
    external_knowledge_id: str | None = None
    external_knowledge_api_id: str | None = None
@@ -223,7 +223,6 @@ def _get_retrieval_methods_by_vector_type(vector_type: str | None, is_mock: bool
        VectorType.COUCHBASE,
        VectorType.OPENGAUSS,
        VectorType.OCEANBASE,
-        VectorType.SEEKDB,
        VectorType.TABLESTORE,
        VectorType.HUAWEI_CLOUD,
        VectorType.TENCENT,
--- a/api/controllers/console/datasets/datasets_document.py
+++ b/api/controllers/console/datasets/datasets_document.py
@@ -572,7 +572,7 @@ class DocumentBatchIndexingEstimateApi(DocumentResource):
                    datasource_type=DatasourceType.NOTION,
                    notion_info=NotionInfo.model_validate(
                        {
-                            "credential_id": data_source_info.get("credential_id"),
+                            "credential_id": data_source_info["credential_id"],
                            "notion_workspace_id": data_source_info["notion_workspace_id"],
                            "notion_obj_id": data_source_info["notion_page_id"],
                            "notion_page_type": data_source_info["type"],
--- a/api/controllers/console/datasets/datasets_segments.py
+++ b/api/controllers/console/datasets/datasets_segments.py
@@ -3,12 +3,10 @@ import uuid
 from flask import request
 from flask_restx import Resource, marshal
 from pydantic import BaseModel, Field
-from sqlalchemy import String, cast, func, or_, select
-from sqlalchemy.dialects.postgresql import JSONB
+from sqlalchemy import select
 from werkzeug.exceptions import Forbidden, NotFound

 import services
-from configs import dify_config
 from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.app.error import ProviderNotInitializeError
@@ -145,29 +143,7 @@ class DatasetDocumentSegmentListApi(Resource):
            query = query.where(DocumentSegment.hit_count >= hit_count_gte)

        if keyword:
-            # Search in both content and keywords fields
-            # Use database-specific methods for JSON array search
-            if dify_config.SQLALCHEMY_DATABASE_URI_SCHEME == "postgresql":
-                # PostgreSQL: Use jsonb_array_elements_text to properly handle Unicode/Chinese text
-                keywords_condition = func.array_to_string(
-                    func.array(
-                        select(func.jsonb_array_elements_text(cast(DocumentSegment.keywords, JSONB)))
-                        .correlate(DocumentSegment)
-                        .scalar_subquery()
-                    ),
-                    ",",
-                ).ilike(f"%{keyword}%")
-            else:
-                # MySQL: Cast JSON to string for pattern matching
-                # MySQL stores Chinese text directly in JSON without Unicode escaping
-                keywords_condition = cast(DocumentSegment.keywords, String).ilike(f"%{keyword}%")
-
-            query = query.where(
-                or_(
-                    DocumentSegment.content.ilike(f"%{keyword}%"),
-                    keywords_condition,
-                )
-            )
+            query = query.where(DocumentSegment.content.ilike(f"%{keyword}%"))

        if args.enabled.lower() != "all":
            if args.enabled.lower() == "true":
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
@@ -4,7 +4,7 @@ from typing import Any, Literal, cast
 from uuid import UUID

 from flask import abort, request
-from flask_restx import Resource, marshal_with, reqparse  # type: ignore
+from flask_restx import Resource, marshal_with  # type: ignore
 from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
@@ -975,11 +975,6 @@ class RagPipelineRecommendedPluginApi(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("type", type=str, location="args", required=False, default="all")
-        args = parser.parse_args()
-        type = args["type"]
-
        rag_pipeline_service = RagPipelineService()
-        recommended_plugins = rag_pipeline_service.get_recommended_plugins(type)
+        recommended_plugins = rag_pipeline_service.get_recommended_plugins()
        return recommended_plugins
--- a/api/controllers/console/explore/completion.py
+++ b/api/controllers/console/explore/completion.py
@@ -40,7 +40,7 @@ from .. import console_ns
 logger = logging.getLogger(__name__)


-class CompletionMessageExplorePayload(BaseModel):
+class CompletionMessagePayload(BaseModel):
    inputs: dict[str, Any]
    query: str = ""
    files: list[dict[str, Any]] | None = None
@@ -71,7 +71,7 @@ class ChatMessagePayload(BaseModel):
            raise ValueError("must be a valid UUID") from exc


-register_schema_models(console_ns, CompletionMessageExplorePayload, ChatMessagePayload)
+register_schema_models(console_ns, CompletionMessagePayload, ChatMessagePayload)


 # define completion api for user
@@ -80,13 +80,13 @@ register_schema_models(console_ns, CompletionMessageExplorePayload, ChatMessageP
    endpoint="installed_app_completion",
 )
 class CompletionApi(InstalledAppResource):
-    @console_ns.expect(console_ns.models[CompletionMessageExplorePayload.__name__])
+    @console_ns.expect(console_ns.models[CompletionMessagePayload.__name__])
    def post(self, installed_app):
        app_model = installed_app.app
        if app_model.mode != AppMode.COMPLETION:
            raise NotCompletionAppError()

-        payload = CompletionMessageExplorePayload.model_validate(console_ns.payload or {})
+        payload = CompletionMessagePayload.model_validate(console_ns.payload or {})
        args = payload.model_dump(exclude_none=True)

        streaming = payload.response_mode == "streaming"
--- a/api/controllers/console/explore/conversation.py
+++ b/api/controllers/console/explore/conversation.py
@@ -1,7 +1,9 @@
 from typing import Any
+from uuid import UUID

 from flask import request
-from pydantic import BaseModel, Field, TypeAdapter, model_validator
+from flask_restx import marshal_with
+from pydantic import BaseModel, Field, model_validator
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import NotFound

@@ -10,12 +12,7 @@ from controllers.console.explore.error import NotChatAppError
 from controllers.console.explore.wraps import InstalledAppResource
 from core.app.entities.app_invoke_entities import InvokeFrom
 from extensions.ext_database import db
-from fields.conversation_fields import (
-    ConversationInfiniteScrollPagination,
-    ResultResponse,
-    SimpleConversation,
-)
-from libs.helper import UUIDStrOrEmpty
+from fields.conversation_fields import conversation_infinite_scroll_pagination_fields, simple_conversation_fields
 from libs.login import current_user
 from models import Account
 from models.model import AppMode
@@ -27,7 +24,7 @@ from .. import console_ns


 class ConversationListQuery(BaseModel):
-    last_id: UUIDStrOrEmpty | None = None
+    last_id: UUID | None = None
    limit: int = Field(default=20, ge=1, le=100)
    pinned: bool | None = None

@@ -52,6 +49,7 @@ register_schema_models(console_ns, ConversationListQuery, ConversationRenamePayl
    endpoint="installed_app_conversations",
 )
 class ConversationListApi(InstalledAppResource):
+    @marshal_with(conversation_infinite_scroll_pagination_fields)
    @console_ns.expect(console_ns.models[ConversationListQuery.__name__])
    def get(self, installed_app):
        app_model = installed_app.app
@@ -75,7 +73,7 @@ class ConversationListApi(InstalledAppResource):
            if not isinstance(current_user, Account):
                raise ValueError("current_user must be an Account instance")
            with Session(db.engine) as session:
-                pagination = WebConversationService.pagination_by_last_id(
+                return WebConversationService.pagination_by_last_id(
                    session=session,
                    app_model=app_model,
                    user=current_user,
@@ -84,13 +82,6 @@ class ConversationListApi(InstalledAppResource):
                    invoke_from=InvokeFrom.EXPLORE,
                    pinned=args.pinned,
                )
-                adapter = TypeAdapter(SimpleConversation)
-                conversations = [adapter.validate_python(item, from_attributes=True) for item in pagination.data]
-                return ConversationInfiniteScrollPagination(
-                    limit=pagination.limit,
-                    has_more=pagination.has_more,
-                    data=conversations,
-                ).model_dump(mode="json")
        except LastConversationNotExistsError:
            raise NotFound("Last Conversation Not Exists.")

@@ -114,7 +105,7 @@ class ConversationApi(InstalledAppResource):
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json"), 204
+        return {"result": "success"}, 204


@console_ns.route(
@@ -122,6 +113,7 @@ class ConversationApi(InstalledAppResource):
    endpoint="installed_app_conversation_rename",
 )
 class ConversationRenameApi(InstalledAppResource):
+    @marshal_with(simple_conversation_fields)
    @console_ns.expect(console_ns.models[ConversationRenamePayload.__name__])
    def post(self, installed_app, c_id):
        app_model = installed_app.app
@@ -136,14 +128,9 @@ class ConversationRenameApi(InstalledAppResource):
        try:
            if not isinstance(current_user, Account):
                raise ValueError("current_user must be an Account instance")
-            conversation = ConversationService.rename(
+            return ConversationService.rename(
                app_model, conversation_id, current_user, payload.name, payload.auto_generate
            )
-            return (
-                TypeAdapter(SimpleConversation)
-                .validate_python(conversation, from_attributes=True)
-                .model_dump(mode="json")
-            )
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

@@ -168,7 +155,7 @@ class ConversationPinApi(InstalledAppResource):
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@console_ns.route(
@@ -187,4 +174,4 @@ class ConversationUnPinApi(InstalledAppResource):
            raise ValueError("current_user must be an Account instance")
        WebConversationService.unpin(app_model, conversation_id, current_user)

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}
--- a/api/controllers/console/explore/installed_app.py
+++ b/api/controllers/console/explore/installed_app.py
@@ -2,8 +2,7 @@ import logging
 from typing import Any

 from flask import request
-from flask_restx import Resource, marshal_with
-from pydantic import BaseModel
+from flask_restx import Resource, inputs, marshal_with, reqparse
 from sqlalchemy import and_, select
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound

@@ -19,15 +18,6 @@ from services.account_service import TenantService
 from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService

-
-class InstalledAppCreatePayload(BaseModel):
-    app_id: str
-
-
-class InstalledAppUpdatePayload(BaseModel):
-    is_pinned: bool | None = None
-
-
 logger = logging.getLogger(__name__)


@@ -115,25 +105,26 @@ class InstalledAppsListApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("apps")
    def post(self):
-        payload = InstalledAppCreatePayload.model_validate(console_ns.payload or {})
+        parser = reqparse.RequestParser().add_argument("app_id", type=str, required=True, help="Invalid app_id")
+        args = parser.parse_args()

-        recommended_app = db.session.query(RecommendedApp).where(RecommendedApp.app_id == payload.app_id).first()
+        recommended_app = db.session.query(RecommendedApp).where(RecommendedApp.app_id == args["app_id"]).first()
        if recommended_app is None:
-            raise NotFound("Recommended app not found")
+            raise NotFound("App not found")

        _, current_tenant_id = current_account_with_tenant()

-        app = db.session.query(App).where(App.id == payload.app_id).first()
+        app = db.session.query(App).where(App.id == args["app_id"]).first()

        if app is None:
-            raise NotFound("App entity not found")
+            raise NotFound("App not found")

        if not app.is_public:
            raise Forbidden("You can't install a non-public app")

        installed_app = (
            db.session.query(InstalledApp)
-            .where(and_(InstalledApp.app_id == payload.app_id, InstalledApp.tenant_id == current_tenant_id))
+            .where(and_(InstalledApp.app_id == args["app_id"], InstalledApp.tenant_id == current_tenant_id))
            .first()
        )

@@ -142,7 +133,7 @@ class InstalledAppsListApi(Resource):
            recommended_app.install_count += 1

            new_installed_app = InstalledApp(
-                app_id=payload.app_id,
+                app_id=args["app_id"],
                tenant_id=current_tenant_id,
                app_owner_tenant_id=app.tenant_id,
                is_pinned=False,
@@ -172,11 +163,12 @@ class InstalledAppApi(InstalledAppResource):
        return {"result": "success", "message": "App uninstalled successfully"}, 204

    def patch(self, installed_app):
-        payload = InstalledAppUpdatePayload.model_validate(console_ns.payload or {})
+        parser = reqparse.RequestParser().add_argument("is_pinned", type=inputs.boolean)
+        args = parser.parse_args()

        commit_args = False
-        if payload.is_pinned is not None:
-            installed_app.is_pinned = payload.is_pinned
+        if "is_pinned" in args:
+            installed_app.is_pinned = args["is_pinned"]
            commit_args = True

        if commit_args:
--- a/api/controllers/console/explore/message.py
+++ b/api/controllers/console/explore/message.py
@@ -1,8 +1,10 @@
 import logging
 from typing import Literal
+from uuid import UUID

 from flask import request
-from pydantic import BaseModel, Field, TypeAdapter
+from flask_restx import marshal_with
+from pydantic import BaseModel, Field
 from werkzeug.exceptions import InternalServerError, NotFound

 from controllers.common.schema import register_schema_models
@@ -22,10 +24,8 @@ from controllers.console.explore.wraps import InstalledAppResource
 from core.app.entities.app_invoke_entities import InvokeFrom
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from core.model_runtime.errors.invoke import InvokeError
-from fields.conversation_fields import ResultResponse
-from fields.message_fields import MessageInfiniteScrollPagination, MessageListItem, SuggestedQuestionsResponse
+from fields.message_fields import message_infinite_scroll_pagination_fields
 from libs import helper
-from libs.helper import UUIDStrOrEmpty
 from libs.login import current_account_with_tenant
 from models.model import AppMode
 from services.app_generate_service import AppGenerateService
@@ -44,8 +44,8 @@ logger = logging.getLogger(__name__)


 class MessageListQuery(BaseModel):
-    conversation_id: UUIDStrOrEmpty
-    first_id: UUIDStrOrEmpty | None = None
+    conversation_id: UUID
+    first_id: UUID | None = None
    limit: int = Field(default=20, ge=1, le=100)


@@ -66,6 +66,7 @@ register_schema_models(console_ns, MessageListQuery, MessageFeedbackPayload, Mor
    endpoint="installed_app_messages",
 )
 class MessageListApi(InstalledAppResource):
+    @marshal_with(message_infinite_scroll_pagination_fields)
    @console_ns.expect(console_ns.models[MessageListQuery.__name__])
    def get(self, installed_app):
        current_user, _ = current_account_with_tenant()
@@ -77,20 +78,13 @@ class MessageListApi(InstalledAppResource):
        args = MessageListQuery.model_validate(request.args.to_dict())

        try:
-            pagination = MessageService.pagination_by_first_id(
+            return MessageService.pagination_by_first_id(
                app_model,
                current_user,
                str(args.conversation_id),
                str(args.first_id) if args.first_id else None,
                args.limit,
            )
-            adapter = TypeAdapter(MessageListItem)
-            items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data]
-            return MessageInfiniteScrollPagination(
-                limit=pagination.limit,
-                has_more=pagination.has_more,
-                data=items,
-            ).model_dump(mode="json")
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
        except FirstMessageNotExistsError:
@@ -122,7 +116,7 @@ class MessageFeedbackApi(InstalledAppResource):
        except MessageNotExistsError:
            raise NotFound("Message Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@console_ns.route(
@@ -207,4 +201,4 @@ class MessageSuggestedQuestionApi(InstalledAppResource):
            logger.exception("internal server error.")
            raise InternalServerError()

-        return SuggestedQuestionsResponse(data=questions).model_dump(mode="json")
+        return {"data": questions}
--- a/api/controllers/console/explore/parameter.py
+++ b/api/controllers/console/explore/parameter.py
@@ -1,3 +1,5 @@
+from flask_restx import marshal_with
+
 from controllers.common import fields
 from controllers.console import console_ns
 from controllers.console.app.error import AppUnavailableError
@@ -11,6 +13,7 @@ from services.app_service import AppService
 class AppParameterApi(InstalledAppResource):
    """Resource for app variables."""

+    @marshal_with(fields.parameters_fields)
    def get(self, installed_app: InstalledApp):
        """Retrieve app parameters."""
        app_model = installed_app.app
@@ -34,8 +37,7 @@ class AppParameterApi(InstalledAppResource):

            user_input_form = features_dict.get("user_input_form", [])

-        parameters = get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)
-        return fields.Parameters.model_validate(parameters).model_dump(mode="json")
+        return get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)


@console_ns.route("/installed-apps/<uuid:installed_app_id>/meta", endpoint="installed_app_meta")
--- a/api/controllers/console/explore/saved_message.py
+++ b/api/controllers/console/explore/saved_message.py
@@ -1,33 +1,55 @@
+from uuid import UUID
+
 from flask import request
-from pydantic import BaseModel, Field, TypeAdapter
+from flask_restx import fields, marshal_with
+from pydantic import BaseModel, Field
 from werkzeug.exceptions import NotFound

 from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.explore.error import NotCompletionAppError
 from controllers.console.explore.wraps import InstalledAppResource
-from fields.conversation_fields import ResultResponse
-from fields.message_fields import SavedMessageInfiniteScrollPagination, SavedMessageItem
-from libs.helper import UUIDStrOrEmpty
+from fields.conversation_fields import message_file_fields
+from libs.helper import TimestampField
 from libs.login import current_account_with_tenant
 from services.errors.message import MessageNotExistsError
 from services.saved_message_service import SavedMessageService


 class SavedMessageListQuery(BaseModel):
-    last_id: UUIDStrOrEmpty | None = None
+    last_id: UUID | None = None
    limit: int = Field(default=20, ge=1, le=100)


 class SavedMessageCreatePayload(BaseModel):
-    message_id: UUIDStrOrEmpty
+    message_id: UUID


 register_schema_models(console_ns, SavedMessageListQuery, SavedMessageCreatePayload)


+feedback_fields = {"rating": fields.String}
+
+message_fields = {
+    "id": fields.String,
+    "inputs": fields.Raw,
+    "query": fields.String,
+    "answer": fields.String,
+    "message_files": fields.List(fields.Nested(message_file_fields)),
+    "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
+    "created_at": TimestampField,
+}
+
+
@console_ns.route("/installed-apps/<uuid:installed_app_id>/saved-messages", endpoint="installed_app_saved_messages")
 class SavedMessageListApi(InstalledAppResource):
+    saved_message_infinite_scroll_pagination_fields = {
+        "limit": fields.Integer,
+        "has_more": fields.Boolean,
+        "data": fields.List(fields.Nested(message_fields)),
+    }
+
+    @marshal_with(saved_message_infinite_scroll_pagination_fields)
    @console_ns.expect(console_ns.models[SavedMessageListQuery.__name__])
    def get(self, installed_app):
        current_user, _ = current_account_with_tenant()
@@ -37,19 +59,12 @@ class SavedMessageListApi(InstalledAppResource):

        args = SavedMessageListQuery.model_validate(request.args.to_dict())

-        pagination = SavedMessageService.pagination_by_last_id(
+        return SavedMessageService.pagination_by_last_id(
            app_model,
            current_user,
            str(args.last_id) if args.last_id else None,
            args.limit,
        )
-        adapter = TypeAdapter(SavedMessageItem)
-        items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data]
-        return SavedMessageInfiniteScrollPagination(
-            limit=pagination.limit,
-            has_more=pagination.has_more,
-            data=items,
-        ).model_dump(mode="json")

    @console_ns.expect(console_ns.models[SavedMessageCreatePayload.__name__])
    def post(self, installed_app):
@@ -65,7 +80,7 @@ class SavedMessageListApi(InstalledAppResource):
        except MessageNotExistsError:
            raise NotFound("Message Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@console_ns.route(
@@ -83,4 +98,4 @@ class SavedMessageApi(InstalledAppResource):

        SavedMessageService.delete(app_model, current_user, message_id)

-        return ResultResponse(result="success").model_dump(mode="json"), 204
+        return {"result": "success"}, 204
--- a/api/controllers/console/extension.py
+++ b/api/controllers/console/extension.py
@@ -1,32 +1,14 @@
-from flask import request
-from flask_restx import Resource, fields, marshal_with
-from pydantic import BaseModel, Field
+from flask_restx import Resource, fields, marshal_with, reqparse

 from constants import HIDDEN_VALUE
+from controllers.console import console_ns
+from controllers.console.wraps import account_initialization_required, setup_required
 from fields.api_based_extension_fields import api_based_extension_fields
 from libs.login import current_account_with_tenant, login_required
 from models.api_based_extension import APIBasedExtension
 from services.api_based_extension_service import APIBasedExtensionService
 from services.code_based_extension_service import CodeBasedExtensionService

-from ..common.schema import register_schema_models
-from . import console_ns
-from .wraps import account_initialization_required, setup_required
-
-
-class CodeBasedExtensionQuery(BaseModel):
-    module: str
-
-
-class APIBasedExtensionPayload(BaseModel):
-    name: str = Field(description="Extension name")
-    api_endpoint: str = Field(description="API endpoint URL")
-    api_key: str = Field(description="API key for authentication")
-
-
-register_schema_models(console_ns, APIBasedExtensionPayload)
-
-
 api_based_extension_model = console_ns.model("ApiBasedExtensionModel", api_based_extension_fields)

 api_based_extension_list_model = fields.List(fields.Nested(api_based_extension_model))
@@ -36,7 +18,11 @@ api_based_extension_list_model = fields.List(fields.Nested(api_based_extension_m
 class CodeBasedExtensionAPI(Resource):
    @console_ns.doc("get_code_based_extension")
    @console_ns.doc(description="Get code-based extension data by module name")
-    @console_ns.doc(params={"module": "Extension module name"})
+    @console_ns.expect(
+        console_ns.parser().add_argument(
+            "module", type=str, required=True, location="args", help="Extension module name"
+        )
+    )
    @console_ns.response(
        200,
        "Success",
@@ -49,9 +35,10 @@ class CodeBasedExtensionAPI(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        query = CodeBasedExtensionQuery.model_validate(request.args.to_dict(flat=True))  # type: ignore
+        parser = reqparse.RequestParser().add_argument("module", type=str, required=True, location="args")
+        args = parser.parse_args()

-        return {"module": query.module, "data": CodeBasedExtensionService.get_code_based_extension(query.module)}
+        return {"module": args["module"], "data": CodeBasedExtensionService.get_code_based_extension(args["module"])}


@console_ns.route("/api-based-extension")
@@ -69,21 +56,30 @@ class APIBasedExtensionAPI(Resource):

    @console_ns.doc("create_api_based_extension")
    @console_ns.doc(description="Create a new API-based extension")
-    @console_ns.expect(console_ns.models[APIBasedExtensionPayload.__name__])
+    @console_ns.expect(
+        console_ns.model(
+            "CreateAPIBasedExtensionRequest",
+            {
+                "name": fields.String(required=True, description="Extension name"),
+                "api_endpoint": fields.String(required=True, description="API endpoint URL"),
+                "api_key": fields.String(required=True, description="API key for authentication"),
+            },
+        )
+    )
    @console_ns.response(201, "Extension created successfully", api_based_extension_model)
    @setup_required
    @login_required
    @account_initialization_required
    @marshal_with(api_based_extension_model)
    def post(self):
-        payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {})
+        args = console_ns.payload
        _, current_tenant_id = current_account_with_tenant()

        extension_data = APIBasedExtension(
            tenant_id=current_tenant_id,
-            name=payload.name,
-            api_endpoint=payload.api_endpoint,
-            api_key=payload.api_key,
+            name=args["name"],
+            api_endpoint=args["api_endpoint"],
+            api_key=args["api_key"],
        )

        return APIBasedExtensionService.save(extension_data)
@@ -108,7 +104,16 @@ class APIBasedExtensionDetailAPI(Resource):
    @console_ns.doc("update_api_based_extension")
    @console_ns.doc(description="Update API-based extension")
    @console_ns.doc(params={"id": "Extension ID"})
-    @console_ns.expect(console_ns.models[APIBasedExtensionPayload.__name__])
+    @console_ns.expect(
+        console_ns.model(
+            "UpdateAPIBasedExtensionRequest",
+            {
+                "name": fields.String(required=True, description="Extension name"),
+                "api_endpoint": fields.String(required=True, description="API endpoint URL"),
+                "api_key": fields.String(required=True, description="API key for authentication"),
+            },
+        )
+    )
    @console_ns.response(200, "Extension updated successfully", api_based_extension_model)
    @setup_required
    @login_required
@@ -120,13 +125,13 @@ class APIBasedExtensionDetailAPI(Resource):

        extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id)

-        payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {})
+        args = console_ns.payload

-        extension_data_from_db.name = payload.name
-        extension_data_from_db.api_endpoint = payload.api_endpoint
+        extension_data_from_db.name = args["name"]
+        extension_data_from_db.api_endpoint = args["api_endpoint"]

-        if payload.api_key != HIDDEN_VALUE:
-            extension_data_from_db.api_key = payload.api_key
+        if args["api_key"] != HIDDEN_VALUE:
+            extension_data_from_db.api_key = args["api_key"]

        return APIBasedExtensionService.save(extension_data_from_db)

--- a/api/controllers/console/tag/tags.py
+++ b/api/controllers/console/tag/tags.py
@@ -1,40 +1,31 @@
-from typing import Literal
-
 from flask import request
-from flask_restx import Resource, marshal_with
-from pydantic import BaseModel, Field
+from flask_restx import Resource, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden

-from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from fields.tag_fields import dataset_tag_fields
 from libs.login import current_account_with_tenant, login_required
+from models.model import Tag
 from services.tag_service import TagService


-class TagBasePayload(BaseModel):
-    name: str = Field(description="Tag name", min_length=1, max_length=50)
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
+def _validate_name(name):
+    if not name or len(name) < 1 or len(name) > 50:
+        raise ValueError("Name must be between 1 to 50 characters.")
+    return name


-class TagBindingPayload(BaseModel):
-    tag_ids: list[str] = Field(description="Tag IDs to bind")
-    target_id: str = Field(description="Target ID to bind tags to")
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
-
-
-class TagBindingRemovePayload(BaseModel):
-    tag_id: str = Field(description="Tag ID to remove")
-    target_id: str = Field(description="Target ID to unbind tag from")
-    type: Literal["knowledge", "app"] | None = Field(default=None, description="Tag type")
-
-
-register_schema_models(
-    console_ns,
-    TagBasePayload,
-    TagBindingPayload,
-    TagBindingRemovePayload,
+parser_tags = (
+    reqparse.RequestParser()
+    .add_argument(
+        "name",
+        nullable=False,
+        required=True,
+        help="Name must be between 1 to 50 characters.",
+        type=_validate_name,
+    )
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
 )


@@ -52,7 +43,7 @@ class TagListApi(Resource):

        return tags, 200

-    @console_ns.expect(console_ns.models[TagBasePayload.__name__])
+    @console_ns.expect(parser_tags)
    @setup_required
    @login_required
    @account_initialization_required
@@ -62,17 +53,22 @@ class TagListApi(Resource):
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

-        payload = TagBasePayload.model_validate(console_ns.payload or {})
-        tag = TagService.save_tags(payload.model_dump())
+        args = parser_tags.parse_args()
+        tag = TagService.save_tags(args)

        response = {"id": tag.id, "name": tag.name, "type": tag.type, "binding_count": 0}

        return response, 200


+parser_tag_id = reqparse.RequestParser().add_argument(
+    "name", nullable=False, required=True, help="Name must be between 1 to 50 characters.", type=_validate_name
+)
+
+
@console_ns.route("/tags/<uuid:tag_id>")
 class TagUpdateDeleteApi(Resource):
-    @console_ns.expect(console_ns.models[TagBasePayload.__name__])
+    @console_ns.expect(parser_tag_id)
    @setup_required
    @login_required
    @account_initialization_required
@@ -83,8 +79,8 @@ class TagUpdateDeleteApi(Resource):
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

-        payload = TagBasePayload.model_validate(console_ns.payload or {})
-        tag = TagService.update_tags(payload.model_dump(), tag_id)
+        args = parser_tag_id.parse_args()
+        tag = TagService.update_tags(args, tag_id)

        binding_count = TagService.get_tag_binding_count(tag_id)

@@ -104,9 +100,17 @@ class TagUpdateDeleteApi(Resource):
        return 204


+parser_create = (
+    reqparse.RequestParser()
+    .add_argument("tag_ids", type=list, nullable=False, required=True, location="json", help="Tag IDs is required.")
+    .add_argument("target_id", type=str, nullable=False, required=True, location="json", help="Target ID is required.")
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
+)
+
+
@console_ns.route("/tag-bindings/create")
 class TagBindingCreateApi(Resource):
-    @console_ns.expect(console_ns.models[TagBindingPayload.__name__])
+    @console_ns.expect(parser_create)
    @setup_required
    @login_required
    @account_initialization_required
@@ -116,15 +120,23 @@ class TagBindingCreateApi(Resource):
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

-        payload = TagBindingPayload.model_validate(console_ns.payload or {})
-        TagService.save_tag_binding(payload.model_dump())
+        args = parser_create.parse_args()
+        TagService.save_tag_binding(args)

        return {"result": "success"}, 200


+parser_remove = (
+    reqparse.RequestParser()
+    .add_argument("tag_id", type=str, nullable=False, required=True, help="Tag ID is required.")
+    .add_argument("target_id", type=str, nullable=False, required=True, help="Target ID is required.")
+    .add_argument("type", type=str, location="json", choices=Tag.TAG_TYPE_LIST, nullable=True, help="Invalid tag type.")
+)
+
+
@console_ns.route("/tag-bindings/remove")
 class TagBindingDeleteApi(Resource):
-    @console_ns.expect(console_ns.models[TagBindingRemovePayload.__name__])
+    @console_ns.expect(parser_remove)
    @setup_required
    @login_required
    @account_initialization_required
@@ -134,7 +146,7 @@ class TagBindingDeleteApi(Resource):
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

-        payload = TagBindingRemovePayload.model_validate(console_ns.payload or {})
-        TagService.delete_tag_binding(payload.model_dump())
+        args = parser_remove.parse_args()
+        TagService.delete_tag_binding(args)

        return {"result": "success"}, 200
--- a/api/controllers/console/workspace/load_balancing_config.py
+++ b/api/controllers/console/workspace/load_balancing_config.py
@@ -1,8 +1,6 @@
-from flask_restx import Resource
-from pydantic import BaseModel
+from flask_restx import Resource, reqparse
 from werkzeug.exceptions import Forbidden

-from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.model_runtime.entities.model_entities import ModelType
@@ -12,20 +10,10 @@ from models import TenantAccountRole
 from services.model_load_balancing_service import ModelLoadBalancingService


-class LoadBalancingCredentialPayload(BaseModel):
-    model: str
-    model_type: ModelType
-    credentials: dict[str, object]
-
-
-register_schema_models(console_ns, LoadBalancingCredentialPayload)
-
-
@console_ns.route(
    "/workspaces/current/model-providers/<path:provider>/models/load-balancing-configs/credentials-validate"
 )
 class LoadBalancingCredentialsValidateApi(Resource):
-    @console_ns.expect(console_ns.models[LoadBalancingCredentialPayload.__name__])
    @setup_required
    @login_required
    @account_initialization_required
@@ -36,7 +24,20 @@ class LoadBalancingCredentialsValidateApi(Resource):

        tenant_id = current_tenant_id

-        payload = LoadBalancingCredentialPayload.model_validate(console_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("model", type=str, required=True, nullable=False, location="json")
+            .add_argument(
+                "model_type",
+                type=str,
+                required=True,
+                nullable=False,
+                choices=[mt.value for mt in ModelType],
+                location="json",
+            )
+            .add_argument("credentials", type=dict, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()

        # validate model load balancing credentials
        model_load_balancing_service = ModelLoadBalancingService()
@@ -48,9 +49,9 @@ class LoadBalancingCredentialsValidateApi(Resource):
            model_load_balancing_service.validate_load_balancing_credentials(
                tenant_id=tenant_id,
                provider=provider,
-                model=payload.model,
-                model_type=payload.model_type,
-                credentials=payload.credentials,
+                model=args["model"],
+                model_type=args["model_type"],
+                credentials=args["credentials"],
            )
        except CredentialsValidateFailedError as ex:
            result = False
@@ -68,7 +69,6 @@ class LoadBalancingCredentialsValidateApi(Resource):
    "/workspaces/current/model-providers/<path:provider>/models/load-balancing-configs/<string:config_id>/credentials-validate"
 )
 class LoadBalancingConfigCredentialsValidateApi(Resource):
-    @console_ns.expect(console_ns.models[LoadBalancingCredentialPayload.__name__])
    @setup_required
    @login_required
    @account_initialization_required
@@ -79,7 +79,20 @@ class LoadBalancingConfigCredentialsValidateApi(Resource):

        tenant_id = current_tenant_id

-        payload = LoadBalancingCredentialPayload.model_validate(console_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("model", type=str, required=True, nullable=False, location="json")
+            .add_argument(
+                "model_type",
+                type=str,
+                required=True,
+                nullable=False,
+                choices=[mt.value for mt in ModelType],
+                location="json",
+            )
+            .add_argument("credentials", type=dict, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()

        # validate model load balancing config credentials
        model_load_balancing_service = ModelLoadBalancingService()
@@ -91,9 +104,9 @@ class LoadBalancingConfigCredentialsValidateApi(Resource):
            model_load_balancing_service.validate_load_balancing_credentials(
                tenant_id=tenant_id,
                provider=provider,
-                model=payload.model,
-                model_type=payload.model_type,
-                credentials=payload.credentials,
+                model=args["model"],
+                model_type=args["model_type"],
+                credentials=args["credentials"],
                config_id=config_id,
            )
        except CredentialsValidateFailedError as ex:
--- a/api/controllers/console/workspace/plugin.py
+++ b/api/controllers/console/workspace/plugin.py
@@ -1,6 +1,5 @@
 import io
-from collections.abc import Mapping
-from typing import Any, Literal
+from typing import Literal

 from flask import request, send_file
 from flask_restx import Resource
@@ -142,15 +141,6 @@ class ParserDynamicOptions(BaseModel):
    provider_type: Literal["tool", "trigger"]


-class ParserDynamicOptionsWithCredentials(BaseModel):
-    plugin_id: str
-    provider: str
-    action: str
-    parameter: str
-    credential_id: str
-    credentials: Mapping[str, Any]
-
-
 class PluginPermissionSettingsPayload(BaseModel):
    install_permission: TenantPluginPermission.InstallPermission = TenantPluginPermission.InstallPermission.EVERYONE
    debug_permission: TenantPluginPermission.DebugPermission = TenantPluginPermission.DebugPermission.EVERYONE
@@ -193,7 +183,6 @@ reg(ParserGithubUpgrade)
 reg(ParserUninstall)
 reg(ParserPermissionChange)
 reg(ParserDynamicOptions)
-reg(ParserDynamicOptionsWithCredentials)
 reg(ParserPreferencesChange)
 reg(ParserExcludePlugin)
 reg(ParserReadme)
@@ -668,37 +657,6 @@ class PluginFetchDynamicSelectOptionsApi(Resource):
        return jsonable_encoder({"options": options})


-@console_ns.route("/workspaces/current/plugin/parameters/dynamic-options-with-credentials")
-class PluginFetchDynamicSelectOptionsWithCredentialsApi(Resource):
-    @console_ns.expect(console_ns.models[ParserDynamicOptionsWithCredentials.__name__])
-    @setup_required
-    @login_required
-    @is_admin_or_owner_required
-    @account_initialization_required
-    def post(self):
-        """Fetch dynamic options using credentials directly (for edit mode)."""
-        current_user, tenant_id = current_account_with_tenant()
-        user_id = current_user.id
-
-        args = ParserDynamicOptionsWithCredentials.model_validate(console_ns.payload)
-
-        try:
-            options = PluginParameterService.get_dynamic_select_options_with_credentials(
-                tenant_id=tenant_id,
-                user_id=user_id,
-                plugin_id=args.plugin_id,
-                provider=args.provider,
-                action=args.action,
-                parameter=args.parameter,
-                credential_id=args.credential_id,
-                credentials=args.credentials,
-            )
-        except PluginDaemonClientSideError as e:
-            raise ValueError(e)
-
-        return jsonable_encoder({"options": options})
-
-
@console_ns.route("/workspaces/current/plugin/preferences/change")
 class PluginChangePreferencesApi(Resource):
    @console_ns.expect(console_ns.models[ParserPreferencesChange.__name__])
--- a/api/controllers/console/workspace/tool_providers.py
+++ b/api/controllers/console/workspace/tool_providers.py
@@ -1,5 +1,4 @@
 import io
-import logging
 from urllib.parse import urlparse

 from flask import make_response, redirect, request, send_file
@@ -18,7 +17,6 @@ from controllers.console.wraps import (
    is_admin_or_owner_required,
    setup_required,
 )
-from core.db.session_factory import session_factory
 from core.entities.mcp_provider import MCPAuthentication, MCPConfiguration
 from core.mcp.auth.auth_flow import auth, handle_callback
 from core.mcp.error import MCPAuthError, MCPError, MCPRefreshTokenError
@@ -41,8 +39,6 @@ from services.tools.tools_manage_service import ToolCommonService
 from services.tools.tools_transform_service import ToolTransformService
 from services.tools.workflow_tools_manage_service import WorkflowToolManageService

-logger = logging.getLogger(__name__)
-

 def is_valid_url(url: str) -> bool:
    if not url:
@@ -948,8 +944,8 @@ class ToolProviderMCPApi(Resource):
        configuration = MCPConfiguration.model_validate(args["configuration"])
        authentication = MCPAuthentication.model_validate(args["authentication"]) if args["authentication"] else None

-        # 1) Create provider in a short transaction (no network I/O inside)
-        with session_factory.create_session() as session, session.begin():
+        # Create provider
+        with Session(db.engine) as session, session.begin():
            service = MCPToolManageService(session=session)
            result = service.create_provider(
                tenant_id=tenant_id,
@@ -964,29 +960,7 @@ class ToolProviderMCPApi(Resource):
                configuration=configuration,
                authentication=authentication,
            )
-
-        # 2) Try to fetch tools immediately after creation so they appear without a second save.
-        #    Perform network I/O outside any DB session to avoid holding locks.
-        try:
-            reconnect = MCPToolManageService.reconnect_with_url(
-                server_url=args["server_url"],
-                headers=args.get("headers") or {},
-                timeout=configuration.timeout,
-                sse_read_timeout=configuration.sse_read_timeout,
-            )
-            # Update just-created provider with authed/tools in a new short transaction
-            with session_factory.create_session() as session, session.begin():
-                service = MCPToolManageService(session=session)
-                db_provider = service.get_provider(provider_id=result.id, tenant_id=tenant_id)
-                db_provider.authed = reconnect.authed
-                db_provider.tools = reconnect.tools
-
-                result = ToolTransformService.mcp_provider_to_user_provider(db_provider, for_list=True)
-        except Exception:
-            # Best-effort: if initial fetch fails (e.g., auth required), return created provider as-is
-            logger.warning("Failed to fetch MCP tools after creation", exc_info=True)
-
-        return jsonable_encoder(result)
+            return jsonable_encoder(result)

    @console_ns.expect(parser_mcp_put)
    @setup_required
@@ -998,23 +972,17 @@ class ToolProviderMCPApi(Resource):
        authentication = MCPAuthentication.model_validate(args["authentication"]) if args["authentication"] else None
        _, current_tenant_id = current_account_with_tenant()

-        # Step 1: Get provider data for URL validation (short-lived session, no network I/O)
-        validation_data = None
+        # Step 1: Validate server URL change if needed (includes URL format validation and network operation)
+        validation_result = None
        with Session(db.engine) as session:
            service = MCPToolManageService(session=session)
-            validation_data = service.get_provider_for_url_validation(
-                tenant_id=current_tenant_id, provider_id=args["provider_id"]
+            validation_result = service.validate_server_url_change(
+                tenant_id=current_tenant_id, provider_id=args["provider_id"], new_server_url=args["server_url"]
            )

-        # Step 2: Perform URL validation with network I/O OUTSIDE of any database session
-        # This prevents holding database locks during potentially slow network operations
-        validation_result = MCPToolManageService.validate_server_url_standalone(
-            tenant_id=current_tenant_id,
-            new_server_url=args["server_url"],
-            validation_data=validation_data,
-        )
+            # No need to check for errors here, exceptions will be raised directly

-        # Step 3: Perform database update in a transaction
+        # Step 2: Perform database update in a transaction
        with Session(db.engine) as session, session.begin():
            service = MCPToolManageService(session=session)
            service.update_provider(
@@ -1031,8 +999,7 @@ class ToolProviderMCPApi(Resource):
                authentication=authentication,
                validation_result=validation_result,
            )
-
-        return {"result": "success"}
+            return {"result": "success"}

    @console_ns.expect(parser_mcp_delete)
    @setup_required
@@ -1045,8 +1012,7 @@ class ToolProviderMCPApi(Resource):
        with Session(db.engine) as session, session.begin():
            service = MCPToolManageService(session=session)
            service.delete_provider(tenant_id=current_tenant_id, provider_id=args["provider_id"])
-
-        return {"result": "success"}
+            return {"result": "success"}


 parser_auth = (
--- a/api/controllers/console/workspace/trigger_providers.py
+++ b/api/controllers/console/workspace/trigger_providers.py
@@ -1,15 +1,11 @@
 import logging
-from collections.abc import Mapping
-from typing import Any

 from flask import make_response, redirect, request
 from flask_restx import Resource, reqparse
-from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, Forbidden

 from configs import dify_config
-from constants import HIDDEN_VALUE, UNKNOWN_VALUE
 from controllers.web.error import NotFoundError
 from core.model_runtime.utils.encoders import jsonable_encoder
 from core.plugin.entities.plugin_daemon import CredentialType
@@ -36,32 +32,6 @@ from ..wraps import (
 logger = logging.getLogger(__name__)


-class TriggerSubscriptionUpdateRequest(BaseModel):
-    """Request payload for updating a trigger subscription"""
-
-    name: str | None = Field(default=None, description="The name for the subscription")
-    credentials: Mapping[str, Any] | None = Field(default=None, description="The credentials for the subscription")
-    parameters: Mapping[str, Any] | None = Field(default=None, description="The parameters for the subscription")
-    properties: Mapping[str, Any] | None = Field(default=None, description="The properties for the subscription")
-
-
-class TriggerSubscriptionVerifyRequest(BaseModel):
-    """Request payload for verifying subscription credentials."""
-
-    credentials: Mapping[str, Any] = Field(description="The credentials to verify")
-
-
-console_ns.schema_model(
-    TriggerSubscriptionUpdateRequest.__name__,
-    TriggerSubscriptionUpdateRequest.model_json_schema(ref_template="#/definitions/{model}"),
-)
-
-console_ns.schema_model(
-    TriggerSubscriptionVerifyRequest.__name__,
-    TriggerSubscriptionVerifyRequest.model_json_schema(ref_template="#/definitions/{model}"),
-)
-
-
@console_ns.route("/workspaces/current/trigger-provider/<path:provider>/icon")
 class TriggerProviderIconApi(Resource):
    @setup_required
@@ -185,16 +155,16 @@ parser_api = (


@console_ns.route(
-    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/verify-and-update/<path:subscription_builder_id>",
+    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/verify/<path:subscription_builder_id>",
 )
-class TriggerSubscriptionBuilderVerifyAndUpdateApi(Resource):
+class TriggerSubscriptionBuilderVerifyApi(Resource):
    @console_ns.expect(parser_api)
    @setup_required
    @login_required
    @edit_permission_required
    @account_initialization_required
    def post(self, provider, subscription_builder_id):
-        """Verify and update a subscription instance for a trigger provider"""
+        """Verify a subscription instance for a trigger provider"""
        user = current_user
        assert user.current_tenant_id is not None

@@ -319,83 +289,6 @@ class TriggerSubscriptionBuilderBuildApi(Resource):
            raise ValueError(str(e)) from e


-@console_ns.route(
-    "/workspaces/current/trigger-provider/<path:subscription_id>/subscriptions/update",
-)
-class TriggerSubscriptionUpdateApi(Resource):
-    @console_ns.expect(console_ns.models[TriggerSubscriptionUpdateRequest.__name__])
-    @setup_required
-    @login_required
-    @edit_permission_required
-    @account_initialization_required
-    def post(self, subscription_id: str):
-        """Update a subscription instance"""
-        user = current_user
-        assert user.current_tenant_id is not None
-
-        args = TriggerSubscriptionUpdateRequest.model_validate(console_ns.payload)
-
-        subscription = TriggerProviderService.get_subscription_by_id(
-            tenant_id=user.current_tenant_id,
-            subscription_id=subscription_id,
-        )
-        if not subscription:
-            raise NotFoundError(f"Subscription {subscription_id} not found")
-
-        provider_id = TriggerProviderID(subscription.provider_id)
-
-        try:
-            # rename only
-            if (
-                args.name is not None
-                and args.credentials is None
-                and args.parameters is None
-                and args.properties is None
-            ):
-                TriggerProviderService.update_trigger_subscription(
-                    tenant_id=user.current_tenant_id,
-                    subscription_id=subscription_id,
-                    name=args.name,
-                )
-                return 200
-
-            # rebuild for create automatically by the provider
-            match subscription.credential_type:
-                case CredentialType.UNAUTHORIZED:
-                    TriggerProviderService.update_trigger_subscription(
-                        tenant_id=user.current_tenant_id,
-                        subscription_id=subscription_id,
-                        name=args.name,
-                        properties=args.properties,
-                    )
-                    return 200
-                case CredentialType.API_KEY | CredentialType.OAUTH2:
-                    if args.credentials:
-                        new_credentials: dict[str, Any] = {
-                            key: value if value != HIDDEN_VALUE else subscription.credentials.get(key, UNKNOWN_VALUE)
-                            for key, value in args.credentials.items()
-                        }
-                    else:
-                        new_credentials = subscription.credentials
-
-                    TriggerProviderService.rebuild_trigger_subscription(
-                        tenant_id=user.current_tenant_id,
-                        name=args.name,
-                        provider_id=provider_id,
-                        subscription_id=subscription_id,
-                        credentials=new_credentials,
-                        parameters=args.parameters or subscription.parameters,
-                    )
-                    return 200
-                case _:
-                    raise BadRequest("Invalid credential type")
-        except ValueError as e:
-            raise BadRequest(str(e))
-        except Exception as e:
-            logger.exception("Error updating subscription", exc_info=e)
-            raise
-
-
@console_ns.route(
    "/workspaces/current/trigger-provider/<path:subscription_id>/subscriptions/delete",
 )
@@ -683,38 +576,3 @@ class TriggerOAuthClientManageApi(Resource):
        except Exception as e:
            logger.exception("Error removing OAuth client", exc_info=e)
            raise
-
-
-@console_ns.route(
-    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/verify/<path:subscription_id>",
-)
-class TriggerSubscriptionVerifyApi(Resource):
-    @console_ns.expect(console_ns.models[TriggerSubscriptionVerifyRequest.__name__])
-    @setup_required
-    @login_required
-    @edit_permission_required
-    @account_initialization_required
-    def post(self, provider, subscription_id):
-        """Verify credentials for an existing subscription (edit mode only)"""
-        user = current_user
-        assert user.current_tenant_id is not None
-
-        verify_request: TriggerSubscriptionVerifyRequest = TriggerSubscriptionVerifyRequest.model_validate(
-            console_ns.payload
-        )
-
-        try:
-            result = TriggerProviderService.verify_subscription_credentials(
-                tenant_id=user.current_tenant_id,
-                user_id=user.id,
-                provider_id=TriggerProviderID(provider),
-                subscription_id=subscription_id,
-                credentials=verify_request.credentials,
-            )
-            return result
-        except ValueError as e:
-            logger.warning("Credential verification failed", exc_info=e)
-            raise BadRequest(str(e)) from e
-        except Exception as e:
-            logger.exception("Error verifying subscription credentials", exc_info=e)
-            raise BadRequest(str(e)) from e
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -9,12 +9,10 @@ from typing import ParamSpec, TypeVar
 from flask import abort, request

 from configs import dify_config
-from controllers.console.auth.error import AuthenticationFailedError, EmailCodeError
 from controllers.console.workspace.error import AccountNotInitializedError
 from enums.cloud_plan import CloudPlan
 from extensions.ext_database import db
 from extensions.ext_redis import redis_client
-from libs.encryption import FieldEncryption
 from libs.login import current_account_with_tenant
 from models.account import AccountStatus
 from models.dataset import RateLimitLog
@@ -27,14 +25,6 @@ from .error import NotInitValidateError, NotSetupError, UnauthorizedAndForceLogo
 P = ParamSpec("P")
 R = TypeVar("R")

-# Field names for decryption
-FIELD_NAME_PASSWORD = "password"
-FIELD_NAME_CODE = "code"
-
-# Error messages for decryption failures
-ERROR_MSG_INVALID_ENCRYPTED_DATA = "Invalid encrypted data"
-ERROR_MSG_INVALID_ENCRYPTED_CODE = "Invalid encrypted code"
-

 def account_initialization_required(view: Callable[P, R]):
    @wraps(view)
@@ -429,75 +419,3 @@ def annotation_import_concurrency_limit(view: Callable[P, R]):
        return view(*args, **kwargs)

    return decorated
-
-
-def _decrypt_field(field_name: str, error_class: type[Exception], error_message: str) -> None:
-    """
-    Helper to decode a Base64 encoded field in the request payload.
-
-    Args:
-        field_name: Name of the field to decode
-        error_class: Exception class to raise on decoding failure
-        error_message: Error message to include in the exception
-    """
-    if not request or not request.is_json:
-        return
-    # Get the payload dict - it's cached and mutable
-    payload = request.get_json()
-    if not payload or field_name not in payload:
-        return
-    encoded_value = payload[field_name]
-    decoded_value = FieldEncryption.decrypt_field(encoded_value)
-
-    # If decoding failed, raise error immediately
-    if decoded_value is None:
-        raise error_class(error_message)
-
-    # Update payload dict in-place with decoded value
-    # Since payload is a mutable dict and get_json() returns the cached reference,
-    # modifying it will affect all subsequent accesses including console_ns.payload
-    payload[field_name] = decoded_value
-
-
-def decrypt_password_field(view: Callable[P, R]):
-    """
-    Decorator to decrypt password field in request payload.
-
-    Automatically decrypts the 'password' field if encryption is enabled.
-    If decryption fails, raises AuthenticationFailedError.
-
-    Usage:
-        @decrypt_password_field
-        def post(self):
-            args = LoginPayload.model_validate(console_ns.payload)
-            # args.password is now decrypted
-    """
-
-    @wraps(view)
-    def decorated(*args: P.args, **kwargs: P.kwargs):
-        _decrypt_field(FIELD_NAME_PASSWORD, AuthenticationFailedError, ERROR_MSG_INVALID_ENCRYPTED_DATA)
-        return view(*args, **kwargs)
-
-    return decorated
-
-
-def decrypt_code_field(view: Callable[P, R]):
-    """
-    Decorator to decrypt verification code field in request payload.
-
-    Automatically decrypts the 'code' field if encryption is enabled.
-    If decryption fails, raises EmailCodeError.
-
-    Usage:
-        @decrypt_code_field
-        def post(self):
-            args = EmailCodeLoginPayload.model_validate(console_ns.payload)
-            # args.code is now decrypted
-    """
-
-    @wraps(view)
-    def decorated(*args: P.args, **kwargs: P.kwargs):
-        _decrypt_field(FIELD_NAME_CODE, EmailCodeError, ERROR_MSG_INVALID_ENCRYPTED_CODE)
-        return view(*args, **kwargs)
-
-    return decorated
--- a/api/controllers/files/image_preview.py
+++ b/api/controllers/files/image_preview.py
@@ -7,7 +7,6 @@ from werkzeug.exceptions import NotFound

 import services
 from controllers.common.errors import UnsupportedFileTypeError
-from controllers.common.file_response import enforce_download_for_html
 from controllers.files import files_ns
 from extensions.ext_database import db
 from services.account_service import TenantService
@@ -139,13 +138,6 @@ class FilePreviewApi(Resource):
            response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
            response.headers["Content-Type"] = "application/octet-stream"

-        enforce_download_for_html(
-            response,
-            mime_type=upload_file.mime_type,
-            filename=upload_file.name,
-            extension=upload_file.extension,
-        )
-
        return response


--- a/api/controllers/files/tool_files.py
+++ b/api/controllers/files/tool_files.py
@@ -6,7 +6,6 @@ from pydantic import BaseModel, Field
 from werkzeug.exceptions import Forbidden, NotFound

 from controllers.common.errors import UnsupportedFileTypeError
-from controllers.common.file_response import enforce_download_for_html
 from controllers.files import files_ns
 from core.tools.signature import verify_tool_file_signature
 from core.tools.tool_file_manager import ToolFileManager
@@ -79,11 +78,4 @@ class ToolFileApi(Resource):
            encoded_filename = quote(tool_file.name)
            response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"

-        enforce_download_for_html(
-            response,
-            mime_type=tool_file.mimetype,
-            filename=tool_file.name,
-            extension=extension,
-        )
-
        return response
--- a/api/controllers/service_api/app/annotation.py
+++ b/api/controllers/service_api/app/annotation.py
@@ -1,7 +1,7 @@
 from typing import Literal

 from flask import request
-from flask_restx import Namespace, Resource, fields
+from flask_restx import Api, Namespace, Resource, fields
 from flask_restx.api import HTTPStatus
 from pydantic import BaseModel, Field

@@ -92,7 +92,7 @@ annotation_list_fields = {
 }


-def build_annotation_list_model(api_or_ns: Namespace):
+def build_annotation_list_model(api_or_ns: Api | Namespace):
    """Build the annotation list model for the API or Namespace."""
    copied_annotation_list_fields = annotation_list_fields.copy()
    copied_annotation_list_fields["data"] = fields.List(fields.Nested(build_annotation_model(api_or_ns)))
--- a/api/controllers/service_api/app/app.py
+++ b/api/controllers/service_api/app/app.py
@@ -1,6 +1,6 @@
 from flask_restx import Resource

-from controllers.common.fields import Parameters
+from controllers.common.fields import build_parameters_model
 from controllers.service_api import service_api_ns
 from controllers.service_api.app.error import AppUnavailableError
 from controllers.service_api.wraps import validate_app_token
@@ -23,6 +23,7 @@ class AppParameterApi(Resource):
        }
    )
    @validate_app_token
+    @service_api_ns.marshal_with(build_parameters_model(service_api_ns))
    def get(self, app_model: App):
        """Retrieve app parameters.

@@ -44,8 +45,7 @@ class AppParameterApi(Resource):

            user_input_form = features_dict.get("user_input_form", [])

-        parameters = get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)
-        return Parameters.model_validate(parameters).model_dump(mode="json")
+        return get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)


@service_api_ns.route("/meta")
--- a/api/controllers/service_api/app/conversation.py
+++ b/api/controllers/service_api/app/conversation.py
@@ -3,7 +3,8 @@ from uuid import UUID

 from flask import request
 from flask_restx import Resource
-from pydantic import BaseModel, Field, TypeAdapter, field_validator, model_validator
+from flask_restx._http import HTTPStatus
+from pydantic import BaseModel, Field, model_validator
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, NotFound

@@ -15,9 +16,9 @@ from controllers.service_api.wraps import FetchUserArg, WhereisUserArg, validate
 from core.app.entities.app_invoke_entities import InvokeFrom
 from extensions.ext_database import db
 from fields.conversation_fields import (
-    ConversationDelete,
-    ConversationInfiniteScrollPagination,
-    SimpleConversation,
+    build_conversation_delete_model,
+    build_conversation_infinite_scroll_pagination_model,
+    build_simple_conversation_model,
 )
 from fields.conversation_variable_fields import (
    build_conversation_variable_infinite_scroll_pagination_model,
@@ -50,32 +51,6 @@ class ConversationRenamePayload(BaseModel):
 class ConversationVariablesQuery(BaseModel):
    last_id: UUID | None = Field(default=None, description="Last variable ID for pagination")
    limit: int = Field(default=20, ge=1, le=100, description="Number of variables to return")
-    variable_name: str | None = Field(
-        default=None, description="Filter variables by name", min_length=1, max_length=255
-    )
-
-    @field_validator("variable_name", mode="before")
-    @classmethod
-    def validate_variable_name(cls, v: str | None) -> str | None:
-        """
-        Validate variable_name to prevent injection attacks.
-        """
-        if v is None:
-            return v
-
-        # Only allow safe characters: alphanumeric, underscore, hyphen, period
-        if not v.replace("-", "").replace("_", "").replace(".", "").isalnum():
-            raise ValueError(
-                "Variable name can only contain letters, numbers, hyphens (-), underscores (_), and periods (.)"
-            )
-
-        # Prevent SQL injection patterns
-        dangerous_patterns = ["'", '"', ";", "--", "/*", "*/", "xp_", "sp_"]
-        for pattern in dangerous_patterns:
-            if pattern in v.lower():
-                raise ValueError(f"Variable name contains invalid characters: {pattern}")
-
-        return v


 class ConversationVariableUpdatePayload(BaseModel):
@@ -104,6 +79,7 @@ class ConversationApi(Resource):
        }
    )
    @validate_app_token(fetch_user_arg=FetchUserArg(fetch_from=WhereisUserArg.QUERY))
+    @service_api_ns.marshal_with(build_conversation_infinite_scroll_pagination_model(service_api_ns))
    def get(self, app_model: App, end_user: EndUser):
        """List all conversations for the current user.

@@ -118,7 +94,7 @@ class ConversationApi(Resource):

        try:
            with Session(db.engine) as session:
-                pagination = ConversationService.pagination_by_last_id(
+                return ConversationService.pagination_by_last_id(
                    session=session,
                    app_model=app_model,
                    user=end_user,
@@ -127,13 +103,6 @@ class ConversationApi(Resource):
                    invoke_from=InvokeFrom.SERVICE_API,
                    sort_by=query_args.sort_by,
                )
-                adapter = TypeAdapter(SimpleConversation)
-                conversations = [adapter.validate_python(item, from_attributes=True) for item in pagination.data]
-                return ConversationInfiniteScrollPagination(
-                    limit=pagination.limit,
-                    has_more=pagination.has_more,
-                    data=conversations,
-                ).model_dump(mode="json")
        except services.errors.conversation.LastConversationNotExistsError:
            raise NotFound("Last Conversation Not Exists.")

@@ -151,6 +120,7 @@ class ConversationDetailApi(Resource):
        }
    )
    @validate_app_token(fetch_user_arg=FetchUserArg(fetch_from=WhereisUserArg.JSON))
+    @service_api_ns.marshal_with(build_conversation_delete_model(service_api_ns), code=HTTPStatus.NO_CONTENT)
    def delete(self, app_model: App, end_user: EndUser, c_id):
        """Delete a specific conversation."""
        app_mode = AppMode.value_of(app_model.mode)
@@ -163,7 +133,7 @@ class ConversationDetailApi(Resource):
            ConversationService.delete(app_model, conversation_id, end_user)
        except services.errors.conversation.ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
-        return ConversationDelete(result="success").model_dump(mode="json"), 204
+        return {"result": "success"}, 204


@service_api_ns.route("/conversations/<uuid:c_id>/name")
@@ -180,6 +150,7 @@ class ConversationRenameApi(Resource):
        }
    )
    @validate_app_token(fetch_user_arg=FetchUserArg(fetch_from=WhereisUserArg.JSON))
+    @service_api_ns.marshal_with(build_simple_conversation_model(service_api_ns))
    def post(self, app_model: App, end_user: EndUser, c_id):
        """Rename a conversation or auto-generate a name."""
        app_mode = AppMode.value_of(app_model.mode)
@@ -191,14 +162,7 @@ class ConversationRenameApi(Resource):
        payload = ConversationRenamePayload.model_validate(service_api_ns.payload or {})

        try:
-            conversation = ConversationService.rename(
-                app_model, conversation_id, end_user, payload.name, payload.auto_generate
-            )
-            return (
-                TypeAdapter(SimpleConversation)
-                .validate_python(conversation, from_attributes=True)
-                .model_dump(mode="json")
-            )
+            return ConversationService.rename(app_model, conversation_id, end_user, payload.name, payload.auto_generate)
        except services.errors.conversation.ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

@@ -235,7 +199,7 @@ class ConversationVariablesApi(Resource):

        try:
            return ConversationService.get_conversational_variable(
-                app_model, conversation_id, end_user, query_args.limit, last_id, query_args.variable_name
+                app_model, conversation_id, end_user, query_args.limit, last_id
            )
        except services.errors.conversation.ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
--- a/api/controllers/service_api/app/file_preview.py
+++ b/api/controllers/service_api/app/file_preview.py
@@ -5,7 +5,6 @@ from flask import Response, request
 from flask_restx import Resource
 from pydantic import BaseModel, Field

-from controllers.common.file_response import enforce_download_for_html
 from controllers.common.schema import register_schema_model
 from controllers.service_api import service_api_ns
 from controllers.service_api.app.error import (
@@ -184,13 +183,6 @@ class FilePreviewApi(Resource):
            # Override content-type for downloads to force download
            response.headers["Content-Type"] = "application/octet-stream"

-        enforce_download_for_html(
-            response,
-            mime_type=upload_file.mime_type,
-            filename=upload_file.name,
-            extension=upload_file.extension,
-        )
-
        # Add caching headers for performance
        response.headers["Cache-Control"] = "public, max-age=3600"  # Cache for 1 hour

--- a/api/controllers/service_api/app/message.py
+++ b/api/controllers/service_api/app/message.py
@@ -1,10 +1,11 @@
+import json
 import logging
 from typing import Literal
 from uuid import UUID

 from flask import request
-from flask_restx import Resource
-from pydantic import BaseModel, Field, TypeAdapter
+from flask_restx import Namespace, Resource, fields
+from pydantic import BaseModel, Field
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound

 import services
@@ -13,8 +14,10 @@ from controllers.service_api import service_api_ns
 from controllers.service_api.app.error import NotChatAppError
 from controllers.service_api.wraps import FetchUserArg, WhereisUserArg, validate_app_token
 from core.app.entities.app_invoke_entities import InvokeFrom
-from fields.conversation_fields import ResultResponse
-from fields.message_fields import MessageInfiniteScrollPagination, MessageListItem
+from fields.conversation_fields import build_message_file_model
+from fields.message_fields import build_agent_thought_model, build_feedback_model
+from fields.raws import FilesContainedField
+from libs.helper import TimestampField
 from models.model import App, AppMode, EndUser
 from services.errors.message import (
    FirstMessageNotExistsError,
@@ -45,6 +48,49 @@ class FeedbackListQuery(BaseModel):
 register_schema_models(service_api_ns, MessageListQuery, MessageFeedbackPayload, FeedbackListQuery)


+def build_message_model(api_or_ns: Namespace):
+    """Build the message model for the API or Namespace."""
+    # First build the nested models
+    feedback_model = build_feedback_model(api_or_ns)
+    agent_thought_model = build_agent_thought_model(api_or_ns)
+    message_file_model = build_message_file_model(api_or_ns)
+
+    # Then build the message fields with nested models
+    message_fields = {
+        "id": fields.String,
+        "conversation_id": fields.String,
+        "parent_message_id": fields.String,
+        "inputs": FilesContainedField,
+        "query": fields.String,
+        "answer": fields.String(attribute="re_sign_file_url_answer"),
+        "message_files": fields.List(fields.Nested(message_file_model)),
+        "feedback": fields.Nested(feedback_model, attribute="user_feedback", allow_null=True),
+        "retriever_resources": fields.Raw(
+            attribute=lambda obj: json.loads(obj.message_metadata).get("retriever_resources", [])
+            if obj.message_metadata
+            else []
+        ),
+        "created_at": TimestampField,
+        "agent_thoughts": fields.List(fields.Nested(agent_thought_model)),
+        "status": fields.String,
+        "error": fields.String,
+    }
+    return api_or_ns.model("Message", message_fields)
+
+
+def build_message_infinite_scroll_pagination_model(api_or_ns: Namespace):
+    """Build the message infinite scroll pagination model for the API or Namespace."""
+    # Build the nested message model first
+    message_model = build_message_model(api_or_ns)
+
+    message_infinite_scroll_pagination_fields = {
+        "limit": fields.Integer,
+        "has_more": fields.Boolean,
+        "data": fields.List(fields.Nested(message_model)),
+    }
+    return api_or_ns.model("MessageInfiniteScrollPagination", message_infinite_scroll_pagination_fields)
+
+
@service_api_ns.route("/messages")
 class MessageListApi(Resource):
    @service_api_ns.expect(service_api_ns.models[MessageListQuery.__name__])
@@ -58,6 +104,7 @@ class MessageListApi(Resource):
        }
    )
    @validate_app_token(fetch_user_arg=FetchUserArg(fetch_from=WhereisUserArg.QUERY))
+    @service_api_ns.marshal_with(build_message_infinite_scroll_pagination_model(service_api_ns))
    def get(self, app_model: App, end_user: EndUser):
        """List messages in a conversation.

@@ -72,16 +119,9 @@ class MessageListApi(Resource):
        first_id = str(query_args.first_id) if query_args.first_id else None

        try:
-            pagination = MessageService.pagination_by_first_id(
+            return MessageService.pagination_by_first_id(
                app_model, end_user, conversation_id, first_id, query_args.limit
            )
-            adapter = TypeAdapter(MessageListItem)
-            items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data]
-            return MessageInfiniteScrollPagination(
-                limit=pagination.limit,
-                has_more=pagination.has_more,
-                data=items,
-            ).model_dump(mode="json")
        except services.errors.conversation.ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
        except FirstMessageNotExistsError:
@@ -122,7 +162,7 @@ class MessageFeedbackApi(Resource):
        except MessageNotExistsError:
            raise NotFound("Message Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@service_api_ns.route("/app/feedbacks")
--- a/api/controllers/service_api/app/site.py
+++ b/api/controllers/service_api/app/site.py
@@ -1,7 +1,7 @@
 from flask_restx import Resource
 from werkzeug.exceptions import Forbidden

-from controllers.common.fields import Site as SiteResponse
+from controllers.common.fields import build_site_model
 from controllers.service_api import service_api_ns
 from controllers.service_api.wraps import validate_app_token
 from extensions.ext_database import db
@@ -23,6 +23,7 @@ class AppSiteApi(Resource):
        }
    )
    @validate_app_token
+    @service_api_ns.marshal_with(build_site_model(service_api_ns))
    def get(self, app_model: App):
        """Retrieve app site info.

@@ -37,4 +38,4 @@ class AppSiteApi(Resource):
        if app_model.tenant.status == TenantStatus.ARCHIVE:
            raise Forbidden()

-        return SiteResponse.model_validate(site).model_dump(mode="json")
+        return site
--- a/api/controllers/service_api/app/workflow.py
+++ b/api/controllers/service_api/app/workflow.py
@@ -3,7 +3,7 @@ from typing import Any, Literal

 from dateutil.parser import isoparse
 from flask import request
-from flask_restx import Namespace, Resource, fields
+from flask_restx import Api, Namespace, Resource, fields
 from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session, sessionmaker
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
@@ -78,7 +78,7 @@ workflow_run_fields = {
 }


-def build_workflow_run_model(api_or_ns: Namespace):
+def build_workflow_run_model(api_or_ns: Api | Namespace):
    """Build the workflow run model for the API or Namespace."""
    return api_or_ns.model("WorkflowRun", workflow_run_fields)

--- a/api/controllers/service_api/dataset/dataset.py
+++ b/api/controllers/service_api/dataset/dataset.py
@@ -13,6 +13,7 @@ from controllers.service_api.dataset.error import DatasetInUseError, DatasetName
 from controllers.service_api.wraps import (
    DatasetApiResource,
    cloud_edition_billing_rate_limit_check,
+    validate_dataset_token,
 )
 from core.model_runtime.entities.model_entities import ModelType
 from core.provider_manager import ProviderManager
@@ -48,7 +49,7 @@ class DatasetUpdatePayload(BaseModel):
    embedding_model: str | None = None
    embedding_model_provider: str | None = None
    retrieval_model: RetrievalModel | None = None
-    partial_member_list: list[dict[str, str]] | None = None
+    partial_member_list: list[str] | None = None
    external_retrieval_model: dict[str, Any] | None = None
    external_knowledge_id: str | None = None
    external_knowledge_api_id: str | None = None
@@ -459,8 +460,9 @@ class DatasetTagsApi(DatasetApiResource):
            401: "Unauthorized - invalid API token",
        }
    )
+    @validate_dataset_token
    @service_api_ns.marshal_with(build_dataset_tag_fields(service_api_ns))
-    def get(self, _):
+    def get(self, _, dataset_id):
        """Get all knowledge type tags."""
        assert isinstance(current_user, Account)
        cid = current_user.current_tenant_id
@@ -480,7 +482,8 @@ class DatasetTagsApi(DatasetApiResource):
        }
    )
    @service_api_ns.marshal_with(build_dataset_tag_fields(service_api_ns))
-    def post(self, _):
+    @validate_dataset_token
+    def post(self, _, dataset_id):
        """Add a knowledge type tag."""
        assert isinstance(current_user, Account)
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
@@ -503,7 +506,8 @@ class DatasetTagsApi(DatasetApiResource):
        }
    )
    @service_api_ns.marshal_with(build_dataset_tag_fields(service_api_ns))
-    def patch(self, _):
+    @validate_dataset_token
+    def patch(self, _, dataset_id):
        assert isinstance(current_user, Account)
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()
@@ -529,8 +533,9 @@ class DatasetTagsApi(DatasetApiResource):
            403: "Forbidden - insufficient permissions",
        }
    )
+    @validate_dataset_token
    @edit_permission_required
-    def delete(self, _):
+    def delete(self, _, dataset_id):
        """Delete a knowledge type tag."""
        payload = TagDeletePayload.model_validate(service_api_ns.payload or {})
        TagService.delete_tag(payload.tag_id)
@@ -550,7 +555,8 @@ class DatasetTagBindingApi(DatasetApiResource):
            403: "Forbidden - insufficient permissions",
        }
    )
-    def post(self, _):
+    @validate_dataset_token
+    def post(self, _, dataset_id):
        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
        assert isinstance(current_user, Account)
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
@@ -574,7 +580,8 @@ class DatasetTagUnbindingApi(DatasetApiResource):
            403: "Forbidden - insufficient permissions",
        }
    )
-    def post(self, _):
+    @validate_dataset_token
+    def post(self, _, dataset_id):
        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
        assert isinstance(current_user, Account)
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
@@ -597,6 +604,7 @@ class DatasetTagsBindingStatusApi(DatasetApiResource):
            401: "Unauthorized - invalid API token",
        }
    )
+    @validate_dataset_token
    def get(self, _, *args, **kwargs):
        """Get all knowledge type tags."""
        dataset_id = kwargs.get("dataset_id")
--- a/api/controllers/web/app.py
+++ b/api/controllers/web/app.py
@@ -1,13 +1,14 @@
 import logging

 from flask import request
-from flask_restx import Resource
-from pydantic import BaseModel, ConfigDict, Field
+from flask_restx import Resource, marshal_with, reqparse
 from werkzeug.exceptions import Unauthorized

 from constants import HEADER_NAME_APP_CODE
 from controllers.common import fields
-from controllers.common.schema import register_schema_models
+from controllers.web import web_ns
+from controllers.web.error import AppUnavailableError
+from controllers.web.wraps import WebApiResource
 from core.app.app_config.common.parameters_mapping import get_parameters_from_feature_dict
 from libs.passport import PassportService
 from libs.token import extract_webapp_passport
@@ -17,23 +18,9 @@ from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService
 from services.webapp_auth_service import WebAppAuthService

-from . import web_ns
-from .error import AppUnavailableError
-from .wraps import WebApiResource
-
 logger = logging.getLogger(__name__)


-class AppAccessModeQuery(BaseModel):
-    model_config = ConfigDict(populate_by_name=True)
-
-    app_id: str | None = Field(default=None, alias="appId", description="Application ID")
-    app_code: str | None = Field(default=None, alias="appCode", description="Application code")
-
-
-register_schema_models(web_ns, AppAccessModeQuery)
-
-
@web_ns.route("/parameters")
 class AppParameterApi(WebApiResource):
    """Resource for app variables."""
@@ -50,6 +37,7 @@ class AppParameterApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(fields.parameters_fields)
    def get(self, app_model: App, end_user):
        """Retrieve app parameters."""
        if app_model.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}:
@@ -68,8 +56,7 @@ class AppParameterApi(WebApiResource):

            user_input_form = features_dict.get("user_input_form", [])

-        parameters = get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)
-        return fields.Parameters.model_validate(parameters).model_dump(mode="json")
+        return get_parameters_from_feature_dict(features_dict=features_dict, user_input_form=user_input_form)


@web_ns.route("/meta")
@@ -109,16 +96,21 @@ class AppAccessMode(Resource):
        }
    )
    def get(self):
-        raw_args = request.args.to_dict()
-        args = AppAccessModeQuery.model_validate(raw_args)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("appId", type=str, required=False, location="args")
+            .add_argument("appCode", type=str, required=False, location="args")
+        )
+        args = parser.parse_args()

        features = FeatureService.get_system_features()
        if not features.webapp_auth.enabled:
            return {"accessMode": "public"}

-        app_id = args.app_id
-        if args.app_code:
-            app_id = AppService.get_app_id_by_code(args.app_code)
+        app_id = args.get("appId")
+        if args.get("appCode"):
+            app_code = args["appCode"]
+            app_id = AppService.get_app_id_by_code(app_code)

        if not app_id:
            raise ValueError("appId or appCode must be provided")
--- a/api/controllers/web/audio.py
+++ b/api/controllers/web/audio.py
@@ -1,8 +1,7 @@
 import logging

 from flask import request
-from flask_restx import fields, marshal_with
-from pydantic import BaseModel, field_validator
+from flask_restx import fields, marshal_with, reqparse
 from werkzeug.exceptions import InternalServerError

 import services
@@ -21,7 +20,6 @@ from controllers.web.error import (
 from controllers.web.wraps import WebApiResource
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from core.model_runtime.errors.invoke import InvokeError
-from libs.helper import uuid_value
 from models.model import App
 from services.audio_service import AudioService
 from services.errors.audio import (
@@ -31,25 +29,6 @@ from services.errors.audio import (
    UnsupportedAudioTypeServiceError,
 )

-from ..common.schema import register_schema_models
-
-
-class TextToAudioPayload(BaseModel):
-    message_id: str | None = None
-    voice: str | None = None
-    text: str | None = None
-    streaming: bool | None = None
-
-    @field_validator("message_id")
-    @classmethod
-    def validate_message_id(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-register_schema_models(web_ns, TextToAudioPayload)
-
 logger = logging.getLogger(__name__)


@@ -109,7 +88,6 @@ class AudioApi(WebApiResource):

@web_ns.route("/text-to-audio")
 class TextApi(WebApiResource):
-    @web_ns.expect(web_ns.models[TextToAudioPayload.__name__])
    @web_ns.doc("Text to Audio")
    @web_ns.doc(description="Convert text to audio using text-to-speech service.")
    @web_ns.doc(
@@ -124,11 +102,18 @@ class TextApi(WebApiResource):
    def post(self, app_model: App, end_user):
        """Convert text to audio"""
        try:
-            payload = TextToAudioPayload.model_validate(web_ns.payload or {})
+            parser = (
+                reqparse.RequestParser()
+                .add_argument("message_id", type=str, required=False, location="json")
+                .add_argument("voice", type=str, location="json")
+                .add_argument("text", type=str, location="json")
+                .add_argument("streaming", type=bool, location="json")
+            )
+            args = parser.parse_args()

-            message_id = payload.message_id
-            text = payload.text
-            voice = payload.voice
+            message_id = args.get("message_id", None)
+            text = args.get("text", None)
+            voice = args.get("voice", None)
            response = AudioService.transcript_tts(
                app_model=app_model, text=text, voice=voice, end_user=end_user.external_user_id, message_id=message_id
            )
--- a/api/controllers/web/completion.py
+++ b/api/controllers/web/completion.py
@@ -1,11 +1,9 @@
 import logging
-from typing import Any, Literal

-from pydantic import BaseModel, Field, field_validator
+from flask_restx import reqparse
 from werkzeug.exceptions import InternalServerError, NotFound

 import services
-from controllers.common.schema import register_schema_models
 from controllers.web import web_ns
 from controllers.web.error import (
    AppUnavailableError,
@@ -36,44 +34,25 @@ from services.errors.llm import InvokeRateLimitError
 logger = logging.getLogger(__name__)


-class CompletionMessagePayload(BaseModel):
-    inputs: dict[str, Any] = Field(description="Input variables for the completion")
-    query: str = Field(default="", description="Query text for completion")
-    files: list[dict[str, Any]] | None = Field(default=None, description="Files to be processed")
-    response_mode: Literal["blocking", "streaming"] | None = Field(
-        default=None, description="Response mode: blocking or streaming"
-    )
-    retriever_from: str = Field(default="web_app", description="Source of retriever")
-
-
-class ChatMessagePayload(BaseModel):
-    inputs: dict[str, Any] = Field(description="Input variables for the chat")
-    query: str = Field(description="User query/message")
-    files: list[dict[str, Any]] | None = Field(default=None, description="Files to be processed")
-    response_mode: Literal["blocking", "streaming"] | None = Field(
-        default=None, description="Response mode: blocking or streaming"
-    )
-    conversation_id: str | None = Field(default=None, description="Conversation ID")
-    parent_message_id: str | None = Field(default=None, description="Parent message ID")
-    retriever_from: str = Field(default="web_app", description="Source of retriever")
-
-    @field_validator("conversation_id", "parent_message_id")
-    @classmethod
-    def validate_uuid(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-register_schema_models(web_ns, CompletionMessagePayload, ChatMessagePayload)
-
-
 # define completion api for user
@web_ns.route("/completion-messages")
 class CompletionApi(WebApiResource):
    @web_ns.doc("Create Completion Message")
    @web_ns.doc(description="Create a completion message for text generation applications.")
-    @web_ns.expect(web_ns.models[CompletionMessagePayload.__name__])
+    @web_ns.doc(
+        params={
+            "inputs": {"description": "Input variables for the completion", "type": "object", "required": True},
+            "query": {"description": "Query text for completion", "type": "string", "required": False},
+            "files": {"description": "Files to be processed", "type": "array", "required": False},
+            "response_mode": {
+                "description": "Response mode: blocking or streaming",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": False,
+            },
+            "retriever_from": {"description": "Source of retriever", "type": "string", "required": False},
+        }
+    )
    @web_ns.doc(
        responses={
            200: "Success",
@@ -88,10 +67,18 @@ class CompletionApi(WebApiResource):
        if app_model.mode != AppMode.COMPLETION:
            raise NotCompletionAppError()

-        payload = CompletionMessagePayload.model_validate(web_ns.payload or {})
-        args = payload.model_dump(exclude_none=True)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("inputs", type=dict, required=True, location="json")
+            .add_argument("query", type=str, location="json", default="")
+            .add_argument("files", type=list, required=False, location="json")
+            .add_argument("response_mode", type=str, choices=["blocking", "streaming"], location="json")
+            .add_argument("retriever_from", type=str, required=False, default="web_app", location="json")
+        )

-        streaming = payload.response_mode == "streaming"
+        args = parser.parse_args()
+
+        streaming = args["response_mode"] == "streaming"
        args["auto_generate_name"] = False

        try:
@@ -155,7 +142,22 @@ class CompletionStopApi(WebApiResource):
 class ChatApi(WebApiResource):
    @web_ns.doc("Create Chat Message")
    @web_ns.doc(description="Create a chat message for conversational applications.")
-    @web_ns.expect(web_ns.models[ChatMessagePayload.__name__])
+    @web_ns.doc(
+        params={
+            "inputs": {"description": "Input variables for the chat", "type": "object", "required": True},
+            "query": {"description": "User query/message", "type": "string", "required": True},
+            "files": {"description": "Files to be processed", "type": "array", "required": False},
+            "response_mode": {
+                "description": "Response mode: blocking or streaming",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": False,
+            },
+            "conversation_id": {"description": "Conversation UUID", "type": "string", "required": False},
+            "parent_message_id": {"description": "Parent message UUID", "type": "string", "required": False},
+            "retriever_from": {"description": "Source of retriever", "type": "string", "required": False},
+        }
+    )
    @web_ns.doc(
        responses={
            200: "Success",
@@ -171,10 +173,20 @@ class ChatApi(WebApiResource):
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()

-        payload = ChatMessagePayload.model_validate(web_ns.payload or {})
-        args = payload.model_dump(exclude_none=True)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("inputs", type=dict, required=True, location="json")
+            .add_argument("query", type=str, required=True, location="json")
+            .add_argument("files", type=list, required=False, location="json")
+            .add_argument("response_mode", type=str, choices=["blocking", "streaming"], location="json")
+            .add_argument("conversation_id", type=uuid_value, location="json")
+            .add_argument("parent_message_id", type=uuid_value, required=False, location="json")
+            .add_argument("retriever_from", type=str, required=False, default="web_app", location="json")
+        )

-        streaming = payload.response_mode == "streaming"
+        args = parser.parse_args()
+
+        streaming = args["response_mode"] == "streaming"
        args["auto_generate_name"] = False

        try:
--- a/api/controllers/web/conversation.py
+++ b/api/controllers/web/conversation.py
@@ -1,6 +1,5 @@
-from flask_restx import reqparse
+from flask_restx import fields, marshal_with, reqparse
 from flask_restx.inputs import int_range
-from pydantic import TypeAdapter
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import NotFound

@@ -9,11 +8,7 @@ from controllers.web.error import NotChatAppError
 from controllers.web.wraps import WebApiResource
 from core.app.entities.app_invoke_entities import InvokeFrom
 from extensions.ext_database import db
-from fields.conversation_fields import (
-    ConversationInfiniteScrollPagination,
-    ResultResponse,
-    SimpleConversation,
-)
+from fields.conversation_fields import conversation_infinite_scroll_pagination_fields, simple_conversation_fields
 from libs.helper import uuid_value
 from models.model import AppMode
 from services.conversation_service import ConversationService
@@ -59,6 +54,7 @@ class ConversationListApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(conversation_infinite_scroll_pagination_fields)
    def get(self, app_model, end_user):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -86,7 +82,7 @@ class ConversationListApi(WebApiResource):

        try:
            with Session(db.engine) as session:
-                pagination = WebConversationService.pagination_by_last_id(
+                return WebConversationService.pagination_by_last_id(
                    session=session,
                    app_model=app_model,
                    user=end_user,
@@ -96,19 +92,16 @@ class ConversationListApi(WebApiResource):
                    pinned=pinned,
                    sort_by=args["sort_by"],
                )
-                adapter = TypeAdapter(SimpleConversation)
-                conversations = [adapter.validate_python(item, from_attributes=True) for item in pagination.data]
-                return ConversationInfiniteScrollPagination(
-                    limit=pagination.limit,
-                    has_more=pagination.has_more,
-                    data=conversations,
-                ).model_dump(mode="json")
        except LastConversationNotExistsError:
            raise NotFound("Last Conversation Not Exists.")


@web_ns.route("/conversations/<uuid:c_id>")
 class ConversationApi(WebApiResource):
+    delete_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Delete Conversation")
    @web_ns.doc(description="Delete a specific conversation.")
    @web_ns.doc(params={"c_id": {"description": "Conversation UUID", "type": "string", "required": True}})
@@ -122,6 +115,7 @@ class ConversationApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(delete_response_fields)
    def delete(self, app_model, end_user, c_id):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -132,7 +126,7 @@ class ConversationApi(WebApiResource):
            ConversationService.delete(app_model, conversation_id, end_user)
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
-        return ResultResponse(result="success").model_dump(mode="json"), 204
+        return {"result": "success"}, 204


@web_ns.route("/conversations/<uuid:c_id>/name")
@@ -161,6 +155,7 @@ class ConversationRenameApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(simple_conversation_fields)
    def post(self, app_model, end_user, c_id):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -176,20 +171,17 @@ class ConversationRenameApi(WebApiResource):
        args = parser.parse_args()

        try:
-            conversation = ConversationService.rename(
-                app_model, conversation_id, end_user, args["name"], args["auto_generate"]
-            )
-            return (
-                TypeAdapter(SimpleConversation)
-                .validate_python(conversation, from_attributes=True)
-                .model_dump(mode="json")
-            )
+            return ConversationService.rename(app_model, conversation_id, end_user, args["name"], args["auto_generate"])
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")


@web_ns.route("/conversations/<uuid:c_id>/pin")
 class ConversationPinApi(WebApiResource):
+    pin_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Pin Conversation")
    @web_ns.doc(description="Pin a specific conversation to keep it at the top of the list.")
    @web_ns.doc(params={"c_id": {"description": "Conversation UUID", "type": "string", "required": True}})
@@ -203,6 +195,7 @@ class ConversationPinApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(pin_response_fields)
    def patch(self, app_model, end_user, c_id):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -215,11 +208,15 @@ class ConversationPinApi(WebApiResource):
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@web_ns.route("/conversations/<uuid:c_id>/unpin")
 class ConversationUnPinApi(WebApiResource):
+    unpin_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Unpin Conversation")
    @web_ns.doc(description="Unpin a specific conversation to remove it from the top of the list.")
    @web_ns.doc(params={"c_id": {"description": "Conversation UUID", "type": "string", "required": True}})
@@ -233,6 +230,7 @@ class ConversationUnPinApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(unpin_response_fields)
    def patch(self, app_model, end_user, c_id):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -241,4 +239,4 @@ class ConversationUnPinApi(WebApiResource):
        conversation_id = str(c_id)
        WebConversationService.unpin(app_model, conversation_id, end_user)

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}
--- a/api/controllers/web/forgot_password.py
+++ b/api/controllers/web/forgot_password.py
@@ -2,12 +2,10 @@ import base64
 import secrets

 from flask import request
-from flask_restx import Resource
-from pydantic import BaseModel, Field, field_validator
+from flask_restx import Resource, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session

-from controllers.common.schema import register_schema_models
 from controllers.console.auth.error import (
    AuthenticationFailedError,
    EmailCodeError,
@@ -20,40 +18,14 @@ from controllers.console.error import EmailSendIpLimitError
 from controllers.console.wraps import email_password_login_enabled, only_edition_enterprise, setup_required
 from controllers.web import web_ns
 from extensions.ext_database import db
-from libs.helper import EmailStr, extract_remote_ip
+from libs.helper import email, extract_remote_ip
 from libs.password import hash_password, valid_password
 from models import Account
 from services.account_service import AccountService


-class ForgotPasswordSendPayload(BaseModel):
-    email: EmailStr
-    language: str | None = None
-
-
-class ForgotPasswordCheckPayload(BaseModel):
-    email: EmailStr
-    code: str
-    token: str = Field(min_length=1)
-
-
-class ForgotPasswordResetPayload(BaseModel):
-    token: str = Field(min_length=1)
-    new_password: str
-    password_confirm: str
-
-    @field_validator("new_password", "password_confirm")
-    @classmethod
-    def validate_password(cls, value: str) -> str:
-        return valid_password(value)
-
-
-register_schema_models(web_ns, ForgotPasswordSendPayload, ForgotPasswordCheckPayload, ForgotPasswordResetPayload)
-
-
@web_ns.route("/forgot-password")
 class ForgotPasswordSendEmailApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordSendPayload.__name__])
    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
@@ -68,31 +40,35 @@ class ForgotPasswordSendEmailApi(Resource):
        }
    )
    def post(self):
-        payload = ForgotPasswordSendPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("email", type=email, required=True, location="json")
+            .add_argument("language", type=str, required=False, location="json")
+        )
+        args = parser.parse_args()

        ip_address = extract_remote_ip(request)
        if AccountService.is_email_send_ip_limit(ip_address):
            raise EmailSendIpLimitError()

-        if payload.language == "zh-Hans":
+        if args["language"] is not None and args["language"] == "zh-Hans":
            language = "zh-Hans"
        else:
            language = "en-US"

        with Session(db.engine) as session:
-            account = session.execute(select(Account).filter_by(email=payload.email)).scalar_one_or_none()
+            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
        token = None
        if account is None:
            raise AuthenticationFailedError()
        else:
-            token = AccountService.send_reset_password_email(account=account, email=payload.email, language=language)
+            token = AccountService.send_reset_password_email(account=account, email=args["email"], language=language)

        return {"result": "success", "data": token}


@web_ns.route("/forgot-password/validity")
 class ForgotPasswordCheckApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordCheckPayload.__name__])
    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
@@ -102,40 +78,45 @@ class ForgotPasswordCheckApi(Resource):
        responses={200: "Token is valid", 400: "Bad request - invalid token format", 401: "Invalid or expired token"}
    )
    def post(self):
-        payload = ForgotPasswordCheckPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("email", type=str, required=True, location="json")
+            .add_argument("code", type=str, required=True, location="json")
+            .add_argument("token", type=str, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()

-        user_email = payload.email
+        user_email = args["email"]

-        is_forgot_password_error_rate_limit = AccountService.is_forgot_password_error_rate_limit(payload.email)
+        is_forgot_password_error_rate_limit = AccountService.is_forgot_password_error_rate_limit(args["email"])
        if is_forgot_password_error_rate_limit:
            raise EmailPasswordResetLimitError()

-        token_data = AccountService.get_reset_password_data(payload.token)
+        token_data = AccountService.get_reset_password_data(args["token"])
        if token_data is None:
            raise InvalidTokenError()

        if user_email != token_data.get("email"):
            raise InvalidEmailError()

-        if payload.code != token_data.get("code"):
-            AccountService.add_forgot_password_error_rate_limit(payload.email)
+        if args["code"] != token_data.get("code"):
+            AccountService.add_forgot_password_error_rate_limit(args["email"])
            raise EmailCodeError()

        # Verified, revoke the first token
-        AccountService.revoke_reset_password_token(payload.token)
+        AccountService.revoke_reset_password_token(args["token"])

        # Refresh token data by generating a new token
        _, new_token = AccountService.generate_reset_password_token(
-            user_email, code=payload.code, additional_data={"phase": "reset"}
+            user_email, code=args["code"], additional_data={"phase": "reset"}
        )

-        AccountService.reset_forgot_password_error_rate_limit(payload.email)
+        AccountService.reset_forgot_password_error_rate_limit(args["email"])
        return {"is_valid": True, "email": token_data.get("email"), "token": new_token}


@web_ns.route("/forgot-password/resets")
 class ForgotPasswordResetApi(Resource):
-    @web_ns.expect(web_ns.models[ForgotPasswordResetPayload.__name__])
    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
@@ -150,14 +131,20 @@ class ForgotPasswordResetApi(Resource):
        }
    )
    def post(self):
-        payload = ForgotPasswordResetPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("token", type=str, required=True, nullable=False, location="json")
+            .add_argument("new_password", type=valid_password, required=True, nullable=False, location="json")
+            .add_argument("password_confirm", type=valid_password, required=True, nullable=False, location="json")
+        )
+        args = parser.parse_args()

        # Validate passwords match
-        if payload.new_password != payload.password_confirm:
+        if args["new_password"] != args["password_confirm"]:
            raise PasswordMismatchError()

        # Validate token and get reset data
-        reset_data = AccountService.get_reset_password_data(payload.token)
+        reset_data = AccountService.get_reset_password_data(args["token"])
        if not reset_data:
            raise InvalidTokenError()
        # Must use token in reset phase
@@ -165,11 +152,11 @@ class ForgotPasswordResetApi(Resource):
            raise InvalidTokenError()

        # Revoke token to prevent reuse
-        AccountService.revoke_reset_password_token(payload.token)
+        AccountService.revoke_reset_password_token(args["token"])

        # Generate secure salt and hash password
        salt = secrets.token_bytes(16)
-        password_hashed = hash_password(payload.new_password, salt)
+        password_hashed = hash_password(args["new_password"], salt)

        email = reset_data.get("email", "")

@@ -183,7 +170,7 @@ class ForgotPasswordResetApi(Resource):

        return {"result": "success"}

-    def _update_existing_account(self, account: Account, password_hashed, salt, session):
+    def _update_existing_account(self, account, password_hashed, salt, session):
        # Update existing account credentials
        account.password = base64.b64encode(password_hashed).decode()
        account.password_salt = base64.b64encode(salt).decode()
--- a/api/controllers/web/message.py
+++ b/api/controllers/web/message.py
@@ -1,11 +1,9 @@
 import logging
-from typing import Literal

-from flask import request
-from pydantic import BaseModel, Field, TypeAdapter, field_validator
+from flask_restx import fields, marshal_with, reqparse
+from flask_restx.inputs import int_range
 from werkzeug.exceptions import InternalServerError, NotFound

-from controllers.common.schema import register_schema_models
 from controllers.web import web_ns
 from controllers.web.error import (
    AppMoreLikeThisDisabledError,
@@ -21,10 +19,11 @@ from controllers.web.wraps import WebApiResource
 from core.app.entities.app_invoke_entities import InvokeFrom
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from core.model_runtime.errors.invoke import InvokeError
-from fields.conversation_fields import ResultResponse
-from fields.message_fields import SuggestedQuestionsResponse, WebMessageInfiniteScrollPagination, WebMessageListItem
+from fields.conversation_fields import message_file_fields
+from fields.message_fields import agent_thought_fields, feedback_fields, retriever_resource_fields
+from fields.raws import FilesContainedField
 from libs import helper
-from libs.helper import uuid_value
+from libs.helper import TimestampField, uuid_value
 from models.model import AppMode
 from services.app_generate_service import AppGenerateService
 from services.errors.app import MoreLikeThisDisabledError
@@ -39,45 +38,37 @@ from services.message_service import MessageService
 logger = logging.getLogger(__name__)


-class MessageListQuery(BaseModel):
-    conversation_id: str = Field(description="Conversation UUID")
-    first_id: str | None = Field(default=None, description="First message ID for pagination")
-    limit: int = Field(default=20, ge=1, le=100, description="Number of messages to return (1-100)")
-
-    @field_validator("conversation_id", "first_id")
-    @classmethod
-    def validate_uuid(cls, value: str | None) -> str | None:
-        if value is None:
-            return value
-        return uuid_value(value)
-
-
-class MessageFeedbackPayload(BaseModel):
-    rating: Literal["like", "dislike"] | None = Field(default=None, description="Feedback rating")
-    content: str | None = Field(default=None, description="Feedback content")
-
-
-class MessageMoreLikeThisQuery(BaseModel):
-    response_mode: Literal["blocking", "streaming"] = Field(
-        description="Response mode",
-    )
-
-
-register_schema_models(web_ns, MessageListQuery, MessageFeedbackPayload, MessageMoreLikeThisQuery)
-
-
@web_ns.route("/messages")
 class MessageListApi(WebApiResource):
+    message_fields = {
+        "id": fields.String,
+        "conversation_id": fields.String,
+        "parent_message_id": fields.String,
+        "inputs": FilesContainedField,
+        "query": fields.String,
+        "answer": fields.String(attribute="re_sign_file_url_answer"),
+        "message_files": fields.List(fields.Nested(message_file_fields)),
+        "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
+        "retriever_resources": fields.List(fields.Nested(retriever_resource_fields)),
+        "created_at": TimestampField,
+        "agent_thoughts": fields.List(fields.Nested(agent_thought_fields)),
+        "metadata": fields.Raw(attribute="message_metadata_dict"),
+        "status": fields.String,
+        "error": fields.String,
+    }
+
+    message_infinite_scroll_pagination_fields = {
+        "limit": fields.Integer,
+        "has_more": fields.Boolean,
+        "data": fields.List(fields.Nested(message_fields)),
+    }
+
    @web_ns.doc("Get Message List")
    @web_ns.doc(description="Retrieve paginated list of messages from a conversation in a chat application.")
    @web_ns.doc(
        params={
            "conversation_id": {"description": "Conversation UUID", "type": "string", "required": True},
-            "first_id": {
-                "description": "First message ID for pagination",
-                "type": "string",
-                "required": False,
-            },
+            "first_id": {"description": "First message ID for pagination", "type": "string", "required": False},
            "limit": {
                "description": "Number of messages to return (1-100)",
                "type": "integer",
@@ -96,25 +87,24 @@ class MessageListApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(message_infinite_scroll_pagination_fields)
    def get(self, app_model, end_user):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()

-        raw_args = request.args.to_dict()
-        query = MessageListQuery.model_validate(raw_args)
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("conversation_id", required=True, type=uuid_value, location="args")
+            .add_argument("first_id", type=uuid_value, location="args")
+            .add_argument("limit", type=int_range(1, 100), required=False, default=20, location="args")
+        )
+        args = parser.parse_args()

        try:
-            pagination = MessageService.pagination_by_first_id(
-                app_model, end_user, query.conversation_id, query.first_id, query.limit
+            return MessageService.pagination_by_first_id(
+                app_model, end_user, args["conversation_id"], args["first_id"], args["limit"]
            )
-            adapter = TypeAdapter(WebMessageListItem)
-            items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data]
-            return WebMessageInfiniteScrollPagination(
-                limit=pagination.limit,
-                has_more=pagination.has_more,
-                data=items,
-            ).model_dump(mode="json")
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
        except FirstMessageNotExistsError:
@@ -123,6 +113,10 @@ class MessageListApi(WebApiResource):

@web_ns.route("/messages/<uuid:message_id>/feedbacks")
 class MessageFeedbackApi(WebApiResource):
+    feedback_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Create Message Feedback")
    @web_ns.doc(description="Submit feedback (like/dislike) for a specific message.")
    @web_ns.doc(params={"message_id": {"description": "Message UUID", "type": "string", "required": True}})
@@ -134,7 +128,7 @@ class MessageFeedbackApi(WebApiResource):
                "enum": ["like", "dislike"],
                "required": False,
            },
-            "content": {"description": "Feedback content", "type": "string", "required": False},
+            "content": {"description": "Feedback content/comment", "type": "string", "required": False},
        }
    )
    @web_ns.doc(
@@ -147,30 +141,46 @@ class MessageFeedbackApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(feedback_response_fields)
    def post(self, app_model, end_user, message_id):
        message_id = str(message_id)

-        payload = MessageFeedbackPayload.model_validate(web_ns.payload or {})
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("rating", type=str, choices=["like", "dislike", None], location="json")
+            .add_argument("content", type=str, location="json", default=None)
+        )
+        args = parser.parse_args()

        try:
            MessageService.create_feedback(
                app_model=app_model,
                message_id=message_id,
                user=end_user,
-                rating=payload.rating,
-                content=payload.content,
+                rating=args.get("rating"),
+                content=args.get("content"),
            )
        except MessageNotExistsError:
            raise NotFound("Message Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@web_ns.route("/messages/<uuid:message_id>/more-like-this")
 class MessageMoreLikeThisApi(WebApiResource):
    @web_ns.doc("Generate More Like This")
    @web_ns.doc(description="Generate a new completion similar to an existing message (completion apps only).")
-    @web_ns.expect(web_ns.models[MessageMoreLikeThisQuery.__name__])
+    @web_ns.doc(
+        params={
+            "message_id": {"description": "Message UUID", "type": "string", "required": True},
+            "response_mode": {
+                "description": "Response mode",
+                "type": "string",
+                "enum": ["blocking", "streaming"],
+                "required": True,
+            },
+        }
+    )
    @web_ns.doc(
        responses={
            200: "Success",
@@ -187,10 +197,12 @@ class MessageMoreLikeThisApi(WebApiResource):

        message_id = str(message_id)

-        raw_args = request.args.to_dict()
-        query = MessageMoreLikeThisQuery.model_validate(raw_args)
+        parser = reqparse.RequestParser().add_argument(
+            "response_mode", type=str, required=True, choices=["blocking", "streaming"], location="args"
+        )
+        args = parser.parse_args()

-        streaming = query.response_mode == "streaming"
+        streaming = args["response_mode"] == "streaming"

        try:
            response = AppGenerateService.generate_more_like_this(
@@ -223,6 +235,10 @@ class MessageMoreLikeThisApi(WebApiResource):

@web_ns.route("/messages/<uuid:message_id>/suggested-questions")
 class MessageSuggestedQuestionApi(WebApiResource):
+    suggested_questions_response_fields = {
+        "data": fields.List(fields.String),
+    }
+
    @web_ns.doc("Get Suggested Questions")
    @web_ns.doc(description="Get suggested follow-up questions after a message (chat apps only).")
    @web_ns.doc(params={"message_id": {"description": "Message UUID", "type": "string", "required": True}})
@@ -236,6 +252,7 @@ class MessageSuggestedQuestionApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(suggested_questions_response_fields)
    def get(self, app_model, end_user, message_id):
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@@ -248,6 +265,7 @@ class MessageSuggestedQuestionApi(WebApiResource):
                app_model=app_model, user=end_user, message_id=message_id, invoke_from=InvokeFrom.WEB_APP
            )
            # questions is a list of strings, not a list of Message objects
+            # so we can directly return it
        except MessageNotExistsError:
            raise NotFound("Message not found")
        except ConversationNotExistsError:
@@ -266,4 +284,4 @@ class MessageSuggestedQuestionApi(WebApiResource):
            logger.exception("internal server error.")
            raise InternalServerError()

-        return SuggestedQuestionsResponse(data=questions).model_dump(mode="json")
+        return {"data": questions}
--- a/api/controllers/web/remote_files.py
+++ b/api/controllers/web/remote_files.py
@@ -1,8 +1,7 @@
 import urllib.parse

 import httpx
-from flask_restx import marshal_with
-from pydantic import BaseModel, Field, HttpUrl
+from flask_restx import marshal_with, reqparse

 import services
 from controllers.common import helpers
@@ -11,23 +10,14 @@ from controllers.common.errors import (
    RemoteFileUploadError,
    UnsupportedFileTypeError,
 )
+from controllers.web import web_ns
+from controllers.web.wraps import WebApiResource
 from core.file import helpers as file_helpers
 from core.helper import ssrf_proxy
 from extensions.ext_database import db
 from fields.file_fields import build_file_with_signed_url_model, build_remote_file_info_model
 from services.file_service import FileService

-from ..common.schema import register_schema_models
-from . import web_ns
-from .wraps import WebApiResource
-
-
-class RemoteFileUploadPayload(BaseModel):
-    url: HttpUrl = Field(description="Remote file URL")
-
-
-register_schema_models(web_ns, RemoteFileUploadPayload)
-

@web_ns.route("/remote-files/<path:url>")
 class RemoteFileInfoApi(WebApiResource):
@@ -107,8 +97,10 @@ class RemoteFileUploadApi(WebApiResource):
            FileTooLargeError: File exceeds size limit
            UnsupportedFileTypeError: File type not supported
        """
-        payload = RemoteFileUploadPayload.model_validate(web_ns.payload or {})
-        url = str(payload.url)
+        parser = reqparse.RequestParser().add_argument("url", type=str, required=True, help="URL is required")
+        args = parser.parse_args()
+
+        url = args["url"]

        try:
            resp = ssrf_proxy.head(url=url)
--- a/api/controllers/web/saved_message.py
+++ b/api/controllers/web/saved_message.py
@@ -1,20 +1,40 @@
-from flask_restx import reqparse
+from flask_restx import fields, marshal_with, reqparse
 from flask_restx.inputs import int_range
-from pydantic import TypeAdapter
 from werkzeug.exceptions import NotFound

 from controllers.web import web_ns
 from controllers.web.error import NotCompletionAppError
 from controllers.web.wraps import WebApiResource
-from fields.conversation_fields import ResultResponse
-from fields.message_fields import SavedMessageInfiniteScrollPagination, SavedMessageItem
-from libs.helper import uuid_value
+from fields.conversation_fields import message_file_fields
+from libs.helper import TimestampField, uuid_value
 from services.errors.message import MessageNotExistsError
 from services.saved_message_service import SavedMessageService

+feedback_fields = {"rating": fields.String}
+
+message_fields = {
+    "id": fields.String,
+    "inputs": fields.Raw,
+    "query": fields.String,
+    "answer": fields.String,
+    "message_files": fields.List(fields.Nested(message_file_fields)),
+    "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
+    "created_at": TimestampField,
+}
+

@web_ns.route("/saved-messages")
 class SavedMessageListApi(WebApiResource):
+    saved_message_infinite_scroll_pagination_fields = {
+        "limit": fields.Integer,
+        "has_more": fields.Boolean,
+        "data": fields.List(fields.Nested(message_fields)),
+    }
+
+    post_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Get Saved Messages")
    @web_ns.doc(description="Retrieve paginated list of saved messages for a completion application.")
    @web_ns.doc(
@@ -38,6 +58,7 @@ class SavedMessageListApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(saved_message_infinite_scroll_pagination_fields)
    def get(self, app_model, end_user):
        if app_model.mode != "completion":
            raise NotCompletionAppError()
@@ -49,14 +70,7 @@ class SavedMessageListApi(WebApiResource):
        )
        args = parser.parse_args()

-        pagination = SavedMessageService.pagination_by_last_id(app_model, end_user, args["last_id"], args["limit"])
-        adapter = TypeAdapter(SavedMessageItem)
-        items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data]
-        return SavedMessageInfiniteScrollPagination(
-            limit=pagination.limit,
-            has_more=pagination.has_more,
-            data=items,
-        ).model_dump(mode="json")
+        return SavedMessageService.pagination_by_last_id(app_model, end_user, args["last_id"], args["limit"])

    @web_ns.doc("Save Message")
    @web_ns.doc(description="Save a specific message for later reference.")
@@ -75,6 +89,7 @@ class SavedMessageListApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(post_response_fields)
    def post(self, app_model, end_user):
        if app_model.mode != "completion":
            raise NotCompletionAppError()
@@ -87,11 +102,15 @@ class SavedMessageListApi(WebApiResource):
        except MessageNotExistsError:
            raise NotFound("Message Not Exists.")

-        return ResultResponse(result="success").model_dump(mode="json")
+        return {"result": "success"}


@web_ns.route("/saved-messages/<uuid:message_id>")
 class SavedMessageApi(WebApiResource):
+    delete_response_fields = {
+        "result": fields.String,
+    }
+
    @web_ns.doc("Delete Saved Message")
    @web_ns.doc(description="Remove a message from saved messages.")
    @web_ns.doc(params={"message_id": {"description": "Message UUID to delete", "type": "string", "required": True}})
@@ -105,6 +124,7 @@ class SavedMessageApi(WebApiResource):
            500: "Internal Server Error",
        }
    )
+    @marshal_with(delete_response_fields)
    def delete(self, app_model, end_user, message_id):
        message_id = str(message_id)

@@ -113,4 +133,4 @@ class SavedMessageApi(WebApiResource):

        SavedMessageService.delete(app_model, end_user, message_id)

-        return ResultResponse(result="success").model_dump(mode="json"), 204
+        return {"result": "success"}, 204
--- a/api/core/agent/cot_agent_runner.py
+++ b/api/core/agent/cot_agent_runner.py
@@ -22,7 +22,6 @@ from core.prompt.agent_history_prompt_transform import AgentHistoryPromptTransfo
 from core.tools.__base.tool import Tool
 from core.tools.entities.tool_entities import ToolInvokeMeta
 from core.tools.tool_engine import ToolEngine
-from core.workflow.nodes.agent.exc import AgentMaxIterationError
 from models.model import Message

 logger = logging.getLogger(__name__)
@@ -166,11 +165,6 @@ class CotAgentRunner(BaseAgentRunner, ABC):
            scratchpad.thought = scratchpad.thought.strip() or "I am thinking about how to help you"
            self._agent_scratchpad.append(scratchpad)

-            # Check if max iteration is reached and model still wants to call tools
-            if iteration_step == max_iteration_steps and scratchpad.action:
-                if scratchpad.action.action_name.lower() != "final answer":
-                    raise AgentMaxIterationError(app_config.agent.max_iteration)
-
            # get llm usage
            if "usage" in usage_dict:
                if usage_dict["usage"] is not None:
--- a/api/core/agent/fc_agent_runner.py
+++ b/api/core/agent/fc_agent_runner.py
@@ -25,7 +25,6 @@ from core.model_runtime.entities.message_entities import ImagePromptMessageConte
 from core.prompt.agent_history_prompt_transform import AgentHistoryPromptTransform
 from core.tools.entities.tool_entities import ToolInvokeMeta
 from core.tools.tool_engine import ToolEngine
-from core.workflow.nodes.agent.exc import AgentMaxIterationError
 from models.model import Message

 logger = logging.getLogger(__name__)
@@ -223,10 +222,6 @@ class FunctionCallAgentRunner(BaseAgentRunner):

            final_answer += response + "\n"

-            # Check if max iteration is reached and model still wants to call tools
-            if iteration_step == max_iteration_steps and tool_calls:
-                raise AgentMaxIterationError(app_config.agent.max_iteration)
-
            # call tools
            tool_responses = []
            for tool_call_id, tool_call_name, tool_call_args in tool_calls:
--- a/api/core/app/app_config/entities.py
+++ b/api/core/app/app_config/entities.py
@@ -1,4 +1,3 @@
-import json
 from collections.abc import Sequence
 from enum import StrEnum, auto
 from typing import Any, Literal
@@ -121,7 +120,7 @@ class VariableEntity(BaseModel):
    allowed_file_types: Sequence[FileType] | None = Field(default_factory=list)
    allowed_file_extensions: Sequence[str] | None = Field(default_factory=list)
    allowed_file_upload_methods: Sequence[FileTransferMethod] | None = Field(default_factory=list)
-    json_schema: str | None = Field(default=None)
+    json_schema: dict[str, Any] | None = Field(default=None)

    @field_validator("description", mode="before")
    @classmethod
@@ -135,17 +134,11 @@ class VariableEntity(BaseModel):

    @field_validator("json_schema")
    @classmethod
-    def validate_json_schema(cls, schema: str | None) -> str | None:
+    def validate_json_schema(cls, schema: dict[str, Any] | None) -> dict[str, Any] | None:
        if schema is None:
            return None
-
        try:
-            json_schema = json.loads(schema)
-        except json.JSONDecodeError:
-            raise ValueError(f"invalid json_schema value {schema}")
-
-        try:
-            Draft7Validator.check_schema(json_schema)
+            Draft7Validator.check_schema(schema)
        except SchemaError as e:
            raise ValueError(f"Invalid JSON schema: {e.message}")
        return schema
--- a/api/core/app/apps/base_app_generator.py
+++ b/api/core/app/apps/base_app_generator.py
@@ -1,4 +1,3 @@
-import json
 from collections.abc import Generator, Mapping, Sequence
 from typing import TYPE_CHECKING, Any, Union, final

@@ -105,9 +104,8 @@ class BaseAppGenerator:
            variable_entity.type in {VariableEntityType.FILE, VariableEntityType.FILE_LIST}
            and not variable_entity.required
        ):
-            # Treat empty string (frontend default) as unset
-            # For FILE_LIST, allow empty list [] to pass through
-            if isinstance(value, str) and not value:
+            # Treat empty string (frontend default) or empty list as unset
+            if not value and isinstance(value, (str, list)):
                return None

        if variable_entity.type in {
@@ -177,13 +175,6 @@ class BaseAppGenerator:
                        value = True
                    elif value == 0:
                        value = False
-            case VariableEntityType.JSON_OBJECT:
-                if not isinstance(value, str):
-                    raise ValueError(f"{variable_entity.variable} in input form must be a string")
-                try:
-                    json.loads(value)
-                except json.JSONDecodeError:
-                    raise ValueError(f"{variable_entity.variable} in input form must be a valid JSON object")
            case _:
                raise AssertionError("this statement should be unreachable.")

--- a/api/core/app/apps/base_app_queue_manager.py
+++ b/api/core/app/apps/base_app_queue_manager.py
@@ -90,7 +90,6 @@ class AppQueueManager:
        """
        self._clear_task_belong_cache()
        self._q.put(None)
-        self._graph_runtime_state = None  # Release reference to allow GC to reclaim memory

    def _clear_task_belong_cache(self) -> None:
        """
--- a/api/core/app/task_pipeline/easy_ui_based_generate_task_pipeline.py
+++ b/api/core/app/task_pipeline/easy_ui_based_generate_task_pipeline.py
@@ -342,11 +342,9 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
                self._task_state.llm_result.message.content = current_content

                if isinstance(event, QueueLLMChunkEvent):
-                    event_type = self._message_cycle_manager.get_message_event_type(message_id=self._message_id)
                    yield self._message_cycle_manager.message_to_stream_response(
                        answer=cast(str, delta_text),
                        message_id=self._message_id,
-                        event_type=event_type,
                    )
                else:
                    yield self._agent_message_to_stream_response(
--- a/api/core/app/task_pipeline/message_cycle_manager.py
+++ b/api/core/app/task_pipeline/message_cycle_manager.py
@@ -5,7 +5,7 @@ from threading import Thread
 from typing import Union

 from flask import Flask, current_app
-from sqlalchemy import exists, select
+from sqlalchemy import select
 from sqlalchemy.orm import Session

 from configs import dify_config
@@ -54,20 +54,6 @@ class MessageCycleManager:
    ):
        self._application_generate_entity = application_generate_entity
        self._task_state = task_state
-        self._message_has_file: set[str] = set()
-
-    def get_message_event_type(self, message_id: str) -> StreamEvent:
-        if message_id in self._message_has_file:
-            return StreamEvent.MESSAGE_FILE
-
-        with Session(db.engine, expire_on_commit=False) as session:
-            has_file = session.query(exists().where(MessageFile.message_id == message_id)).scalar()
-
-        if has_file:
-            self._message_has_file.add(message_id)
-            return StreamEvent.MESSAGE_FILE
-
-        return StreamEvent.MESSAGE

    def generate_conversation_name(self, *, conversation_id: str, query: str) -> Thread | None:
        """
@@ -228,11 +214,7 @@ class MessageCycleManager:
        return None

    def message_to_stream_response(
-        self,
-        answer: str,
-        message_id: str,
-        from_variable_selector: list[str] | None = None,
-        event_type: StreamEvent | None = None,
+        self, answer: str, message_id: str, from_variable_selector: list[str] | None = None
    ) -> MessageStreamResponse:
        """
        Message to stream response.
@@ -240,12 +222,16 @@ class MessageCycleManager:
        :param message_id: message id
        :return:
        """
+        with Session(db.engine, expire_on_commit=False) as session:
+            message_file = session.scalar(select(MessageFile).where(MessageFile.id == message_id))
+        event_type = StreamEvent.MESSAGE_FILE if message_file else StreamEvent.MESSAGE
+
        return MessageStreamResponse(
            task_id=self._application_generate_entity.task_id,
            id=message_id,
            answer=answer,
            from_variable_selector=from_variable_selector,
-            event=event_type or StreamEvent.MESSAGE,
+            event=event_type,
        )

    def message_replace_to_stream_response(self, answer: str, reason: str = "") -> MessageReplaceStreamResponse:
--- a/api/core/entities/model_entities.py
+++ b/api/core/entities/model_entities.py
@@ -30,6 +30,7 @@ class SimpleModelProviderEntity(BaseModel):
    label: I18nObject
    icon_small: I18nObject | None = None
    icon_small_dark: I18nObject | None = None
+    icon_large: I18nObject | None = None
    supported_model_types: list[ModelType]

    def __init__(self, provider_entity: ProviderEntity):
@@ -43,6 +44,7 @@ class SimpleModelProviderEntity(BaseModel):
            label=provider_entity.label,
            icon_small=provider_entity.icon_small,
            icon_small_dark=provider_entity.icon_small_dark,
+            icon_large=provider_entity.icon_large,
            supported_model_types=provider_entity.supported_model_types,
        )

@@ -92,6 +94,7 @@ class DefaultModelProviderEntity(BaseModel):
    provider: str
    label: I18nObject
    icon_small: I18nObject | None = None
+    icon_large: I18nObject | None = None
    supported_model_types: Sequence[ModelType] = []


--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
CodingOnStar	47724ec764	feat: enhance E2E testing setup with Cloudflare Access support and improved authentication handling - Added support for Cloudflare Access headers in Playwright configuration and teardown. - Updated global setup for E2E tests to validate authentication credentials and handle login more robustly. - Enhanced README with authentication configuration details and supported methods. - Updated Playwright reporter configuration to include JSON output for test results.	2025-12-16 14:15:09 +08:00
CodingOnStar	3863894072	Merge remote-tracking branch 'origin/main' into feat/e2e-testing	2025-12-16 10:04:19 +08:00
CodingOnStar	cf20e9fd38	Merge remote-tracking branch 'origin/main' into feat/e2e-testing	2025-12-11 15:47:59 +08:00
CodingOnStar	a8a0f2c900	Merge remote-tracking branch 'origin/main' into feat/e2e-testing	2025-12-10 14:44:51 +08:00
CodingOnStar	7b968c6c2e	feat: add Playwright E2E testing framework and initial test setup - Introduced Playwright for end-to-end testing, including configuration in . - Created global setup and teardown scripts for authentication and cleanup. - Added page object models for key application pages (Apps, SignIn, Workflow). - Implemented utility functions for API interactions and common test helpers. - Updated to exclude Playwright test results and auth files. - Added initial E2E tests for the Apps page. - Updated with new test scripts for E2E testing.	2025-12-09 18:14:57 +08:00