Merge branch 'main' into feat/mcp-06-18

2026-04-28 11:56:55 +08:00 · 2025-09-16 17:09:46 +08:00 · 2025-09-16 17:09:46 +08:00 · 0c3aa8f5ec
commit 0c3aa8f5ec
parent e2fd3f2983 ecb22226d6
705 changed files with 18417 additions and 4880 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
 version: 2
 updates:
  - package-ecosystem: "npm"
    directory: "/web"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 2
  - package-ecosystem: "uv"
    directory: "/api"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 2
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@ -22,12 +22,58 @@ jobs:
          # Fix lint errors
          uv run ruff check --fix .
          # Format code
-          uv run ruff format .
+          uv run ruff format ..
      - name: ast-grep
        run: |
          uvx --from ast-grep-cli sg --pattern 'db.session.query($WHATEVER).filter($HERE)' --rewrite 'db.session.query($WHATEVER).where($HERE)' -l py --update-all
          uvx --from ast-grep-cli sg --pattern 'session.query($WHATEVER).filter($HERE)' --rewrite 'session.query($WHATEVER).where($HERE)' -l py --update-all
          # Convert Optional[T] to T | None (ignoring quoted types)
          cat > /tmp/optional-rule.yml << 'EOF'
          id: convert-optional-to-union
          language: python
          rule:
            kind: generic_type
            all:
              - has:
                  kind: identifier
                  pattern: Optional
              - has:
                  kind: type_parameter
                  has:
                    kind: type
                    pattern: $T
          fix: $T | None
          EOF
          uvx --from ast-grep-cli sg scan --inline-rules "$(cat /tmp/optional-rule.yml)" --update-all
          # Fix forward references that were incorrectly converted (Python doesn't support "Type" | None syntax)
          find . -name "*.py" -type f -exec sed -i.bak -E 's/"([^"]+)" \| None/Optional["\1"]/g; s/'"'"'([^'"'"']+)'"'"' \| None/Optional['"'"'\1'"'"']/g' {} \;
          find . -name "*.py.bak" -type f -delete
      - name: mdformat
        run: |
          uvx mdformat .
      - name: Install pnpm
        uses: pnpm/action-setup@v4
        with:
          package_json_file: web/package.json
          run_install: false
      - name: Setup NodeJS
        uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: pnpm
          cache-dependency-path: ./web/package.json
      - name: Web dependencies
        working-directory: ./web
        run: pnpm install --frozen-lockfile
      - name: oxlint
        working-directory: ./web
        run: |
          pnpx oxlint --fix
      - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27
--- a/.github/workflows/deploy-enterprise.yml
+++ b/.github/workflows/deploy-enterprise.yml
@ -19,11 +19,23 @@ jobs:
      github.event.workflow_run.head_branch == 'deploy/enterprise'
    steps:
-      - name: Deploy to server
+      - name: trigger deployments
-        uses: appleboy/ssh-action@v0.1.8
+        env:
-        with:
+          DEV_ENV_ADDRS: ${{ vars.DEV_ENV_ADDRS }}
-          host: ${{ secrets.ENTERPRISE_SSH_HOST }}
+          DEPLOY_SECRET: ${{ secrets.DEPLOY_SECRET }}
-          username: ${{ secrets.ENTERPRISE_SSH_USER }}
+        run: |
-          password: ${{ secrets.ENTERPRISE_SSH_PASSWORD }}
+          IFS=',' read -ra ENDPOINTS <<< "${DEV_ENV_ADDRS:-}"
-          script: |
+          BODY='{"project":"dify-api","tag":"deploy-enterprise"}'
-            ${{ vars.ENTERPRISE_SSH_SCRIPT || secrets.ENTERPRISE_SSH_SCRIPT }}
+
          for ENDPOINT in "${ENDPOINTS[@]}"; do
            ENDPOINT="$(echo "$ENDPOINT" | xargs)"
            [ -z "$ENDPOINT" ] && continue
            API_SIGNATURE=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$DEPLOY_SECRET" | awk '{print "sha256="$2}')
            curl -sSf -X POST \
              -H "Content-Type: application/json" \
              -H "X-Hub-Signature-256: $API_SIGNATURE" \
              -d "$BODY" \
              "$ENDPOINT"
          done
--- a/.gitignore
+++ b/.gitignore
@ -227,3 +227,7 @@ web/public/fallback-*.js
 .roo/
 api/.env.backup
 /clickzetta
 # Benchmark
 scripts/stress-test/setup/config/
 scripts/stress-test/reports/
--- a/AGENTS.md
+++ b/AGENTS.md
@ -1 +0,0 @@
 CLAUDE.md
--- a/AGENTS.md
+++ b/AGENTS.md
@ -0,0 +1,87 @@
 # AGENTS.md
 ## Project Overview
 Dify is an open-source platform for developing LLM applications with an intuitive interface combining agentic AI workflows, RAG pipelines, agent capabilities, and model management.
 The codebase consists of:
 - **Backend API** (`/api`): Python Flask application with Domain-Driven Design architecture
 - **Frontend Web** (`/web`): Next.js 15 application with TypeScript and React 19
 - **Docker deployment** (`/docker`): Containerized deployment configurations
 ## Development Commands
 ### Backend (API)
 All Python commands must be prefixed with `uv run --project api`:
 ```bash
 # Start development servers
 ./dev/start-api                   # Start API server
 ./dev/start-worker                # Start Celery worker
 # Run tests
 uv run --project api pytest      # Run all tests
 uv run --project api pytest tests/unit_tests/     # Unit tests only
 uv run --project api pytest tests/integration_tests/  # Integration tests
 # Code quality
 ./dev/reformat                    # Run all formatters and linters
 uv run --project api ruff check --fix ./    # Fix linting issues
 uv run --project api ruff format ./         # Format code
 uv run --directory api basedpyright         # Type checking
 ```
 ### Frontend (Web)
 ```bash
 cd web
 pnpm lint                         # Run ESLint
 pnpm eslint-fix                   # Fix ESLint issues
 pnpm test                         # Run Jest tests
 ```
 ## Testing Guidelines
 ### Backend Testing
 - Use `pytest` for all backend tests
 - Write tests first (TDD approach)
 - Test structure: Arrange-Act-Assert
 ## Code Style Requirements
 ### Python
 - Use type hints for all functions and class attributes
 - No `Any` types unless absolutely necessary
 - Implement special methods (`__repr__`, `__str__`) appropriately
 ### TypeScript/JavaScript
 - Strict TypeScript configuration
 - ESLint with Prettier integration
 - Avoid `any` type
 ## Important Notes
 - **Environment Variables**: Always use UV for Python commands: `uv run --project api <command>`
 - **Comments**: Only write meaningful comments that explain "why", not "what"
 - **File Creation**: Always prefer editing existing files over creating new ones
 - **Documentation**: Don't create documentation files unless explicitly requested
 - **Code Quality**: Always run `./dev/reformat` before committing backend changes
 ## Common Development Tasks
 ### Adding a New API Endpoint
 1. Create controller in `/api/controllers/`
 1. Add service logic in `/api/services/`
 1. Update routes in controller's `__init__.py`
 1. Write tests in `/api/tests/`
 ## Project-Specific Conventions
 - All async tasks use Celery with Redis as broker
 - **Internationalization**: Frontend supports multiple languages with English (`web/i18n/en-US/`) as the source. All user-facing text must use i18n keys, no hardcoded strings. Edit corresponding module files in `en-US/` directory for translations.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -1,89 +0,0 @@
 # CLAUDE.md
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 ## Project Overview
 Dify is an open-source platform for developing LLM applications with an intuitive interface combining agentic AI workflows, RAG pipelines, agent capabilities, and model management.
 The codebase consists of:
 - **Backend API** (`/api`): Python Flask application with Domain-Driven Design architecture
 - **Frontend Web** (`/web`): Next.js 15 application with TypeScript and React 19
 - **Docker deployment** (`/docker`): Containerized deployment configurations
 ## Development Commands
 ### Backend (API)
 All Python commands must be prefixed with `uv run --project api`:
 ```bash
 # Start development servers
 ./dev/start-api                   # Start API server
 ./dev/start-worker                # Start Celery worker
 # Run tests
 uv run --project api pytest      # Run all tests
 uv run --project api pytest tests/unit_tests/     # Unit tests only
 uv run --project api pytest tests/integration_tests/  # Integration tests
 # Code quality
 ./dev/reformat                    # Run all formatters and linters
 uv run --project api ruff check --fix ./    # Fix linting issues
 uv run --project api ruff format ./         # Format code
 uv run --directory api basedpyright         # Type checking
 ```
 ### Frontend (Web)
 ```bash
 cd web
 pnpm lint                         # Run ESLint
 pnpm eslint-fix                   # Fix ESLint issues
 pnpm test                         # Run Jest tests
 ```
 ## Testing Guidelines
 ### Backend Testing
 - Use `pytest` for all backend tests
 - Write tests first (TDD approach)
 - Test structure: Arrange-Act-Assert
 ## Code Style Requirements
 ### Python
 - Use type hints for all functions and class attributes
 - No `Any` types unless absolutely necessary
 - Implement special methods (`__repr__`, `__str__`) appropriately
 ### TypeScript/JavaScript
 - Strict TypeScript configuration
 - ESLint with Prettier integration
 - Avoid `any` type
 ## Important Notes
 - **Environment Variables**: Always use UV for Python commands: `uv run --project api <command>`
 - **Comments**: Only write meaningful comments that explain "why", not "what"
 - **File Creation**: Always prefer editing existing files over creating new ones
 - **Documentation**: Don't create documentation files unless explicitly requested
 - **Code Quality**: Always run `./dev/reformat` before committing backend changes
 ## Common Development Tasks
 ### Adding a New API Endpoint
 1. Create controller in `/api/controllers/`
 1. Add service logic in `/api/services/`
 1. Update routes in controller's `__init__.py`
 1. Write tests in `/api/tests/`
 ## Project-Specific Conventions
 - All async tasks use Celery with Redis as broker
 - **Internationalization**: Frontend supports multiple languages with English (`web/i18n/en-US/`) as the source. All user-facing text must use i18n keys, no hardcoded strings. Edit corresponding module files in `en-US/` directory for translations.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1 @@
 AGENTS.md
--- a/34
+++ b/34
@ -4,10 +4,13 @@ WEB_IMAGE=$(DOCKER_REGISTRY)/dify-web
 API_IMAGE=$(DOCKER_REGISTRY)/dify-api
 VERSION=latest
 # Default target - show help
 .DEFAULT_GOAL := help
 # Backend Development Environment Setup
 .PHONY: dev-setup prepare-docker prepare-web prepare-api
-# Default dev setup target
+# Dev setup target
 dev-setup: prepare-docker prepare-web prepare-api
 	@echo "✅ Backend development environment setup complete!"
@ -46,6 +49,27 @@ dev-clean:
 	@rm -rf api/storage
 	@echo "✅ Cleanup complete"
 # Backend Code Quality Commands
 format:
 	@echo "🎨 Running ruff format..."
 	@uv run --project api --dev ruff format ./api
 	@echo "✅ Code formatting complete"
 check:
 	@echo "🔍 Running ruff check..."
 	@uv run --project api --dev ruff check ./api
 	@echo "✅ Code check complete"
 lint:
 	@echo "🔧 Running ruff format and check with fixes..."
 	@uv run --directory api --dev sh -c 'ruff format ./api && ruff check --fix ./api'
 	@echo "✅ Linting complete"
 type-check:
 	@echo "📝 Running type check with basedpyright..."
 	@uv run --directory api --dev basedpyright
 	@echo "✅ Type check complete"
 # Build Docker images
 build-web:
 	@echo "Building web Docker image: $(WEB_IMAGE):$(VERSION)..."
@ -90,6 +114,12 @@ help:
 	@echo "  make prepare-api    - Set up API environment"
 	@echo "  make dev-clean      - Stop Docker middleware containers"
 	@echo ""
 	@echo "Backend Code Quality:"
 	@echo "  make format         - Format code with ruff"
 	@echo "  make check          - Check code with ruff"
 	@echo "  make lint           - Format and fix code with ruff"
 	@echo "  make type-check     - Run type checking with basedpyright"
 	@echo ""
 	@echo "Docker Build Targets:"
 	@echo "  make build-web      - Build web Docker image"
 	@echo "  make build-api      - Build API Docker image"
@ -98,4 +128,4 @@ help:
 	@echo "  make build-push-all - Build and push all Docker images"
 # Phony targets
-.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help
+.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help format check lint type-check
--- a/api/.env.example
+++ b/api/.env.example
@ -530,6 +530,7 @@ ENDPOINT_URL_TEMPLATE=http://localhost:5002/e/{hook_id}
 # Reset password token expiry minutes
 RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
 EMAIL_REGISTER_TOKEN_EXPIRY_MINUTES=5
 CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES=5
 OWNER_TRANSFER_TOKEN_EXPIRY_MINUTES=5
--- a/api/.ruff.toml
+++ b/api/.ruff.toml
@ -5,7 +5,7 @@ line-length = 120
 quote-style = "double"
 [lint]
-preview = false
+preview = true
 select = [
    "B",       # flake8-bugbear rules
    "C4",      # flake8-comprehensions
@ -65,6 +65,7 @@ ignore = [
    "B006",    # mutable-argument-default
    "B007",    # unused-loop-control-variable
    "B026",    # star-arg-unpacking-after-keyword-arg
    "B901",    # allow return in yield
    "B903",    # class-as-data-structure
    "B904",    # raise-without-from-inside-except
    "B905",    # zip-without-explicit-strict
--- a/api/commands.py
+++ b/api/commands.py
@ -1,8 +1,9 @@
 import base64
 import json
 import logging
 import operator
 import secrets
-from typing import Any, Optional
+from typing import Any
 import click
 import sqlalchemy as sa
@ -477,12 +478,12 @@ def convert_to_agent_apps():
            click.echo(f"Converting app: {app.id}")
            try:
-                app.mode = AppMode.AGENT_CHAT.value
+                app.mode = AppMode.AGENT_CHAT
                db.session.commit()
                # update conversation mode to agent
                db.session.query(Conversation).where(Conversation.app_id == app.id).update(
-                    {Conversation.mode: AppMode.AGENT_CHAT.value}
+                    {Conversation.mode: AppMode.AGENT_CHAT}
                )
                db.session.commit()
@ -639,7 +640,7 @@ def old_metadata_migration():
@click.option("--email", prompt=True, help="Tenant account email.")
@click.option("--name", prompt=True, help="Workspace name.")
@click.option("--language", prompt=True, help="Account language, default: en-US.")
-def create_tenant(email: str, language: Optional[str] = None, name: Optional[str] = None):
+def create_tenant(email: str, language: str | None = None, name: str | None = None):
    """
    Create tenant account
    """
@ -953,7 +954,7 @@ def clear_orphaned_file_records(force: bool):
            click.echo(click.style("- Deleting orphaned message_files records", fg="white"))
            query = "DELETE FROM message_files WHERE id IN :ids"
            with db.engine.begin() as conn:
-                conn.execute(sa.text(query), {"ids": tuple([record["id"] for record in orphaned_message_files])})
+                conn.execute(sa.text(query), {"ids": tuple(record["id"] for record in orphaned_message_files)})
            click.echo(
                click.style(f"Removed {len(orphaned_message_files)} orphaned message_files records.", fg="green")
            )
@ -1307,7 +1308,7 @@ def cleanup_orphaned_draft_variables(
    if dry_run:
        logger.info("DRY RUN: Would delete the following:")
-        for app_id, count in sorted(stats["orphaned_by_app"].items(), key=lambda x: x[1], reverse=True)[
+        for app_id, count in sorted(stats["orphaned_by_app"].items(), key=operator.itemgetter(1), reverse=True)[
            :10
        ]:  # Show top 10
            logger.info("  App %s: %s variables", app_id, count)
--- a/api/configs/extra/notion_config.py
+++ b/api/configs/extra/notion_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,28 +7,28 @@ class NotionConfig(BaseSettings):
    Configuration settings for Notion integration
    """
-    NOTION_CLIENT_ID: Optional[str] = Field(
+    NOTION_CLIENT_ID: str | None = Field(
        description="Client ID for Notion API authentication. Required for OAuth 2.0 flow.",
        default=None,
    )
-    NOTION_CLIENT_SECRET: Optional[str] = Field(
+    NOTION_CLIENT_SECRET: str | None = Field(
        description="Client secret for Notion API authentication. Required for OAuth 2.0 flow.",
        default=None,
    )
-    NOTION_INTEGRATION_TYPE: Optional[str] = Field(
+    NOTION_INTEGRATION_TYPE: str | None = Field(
        description="Type of Notion integration."
        " Set to 'internal' for internal integrations, or None for public integrations.",
        default=None,
    )
-    NOTION_INTERNAL_SECRET: Optional[str] = Field(
+    NOTION_INTERNAL_SECRET: str | None = Field(
        description="Secret key for internal Notion integrations. Required when NOTION_INTEGRATION_TYPE is 'internal'.",
        default=None,
    )
-    NOTION_INTEGRATION_TOKEN: Optional[str] = Field(
+    NOTION_INTEGRATION_TOKEN: str | None = Field(
        description="Integration token for Notion API access. Used for direct API calls without OAuth flow.",
        default=None,
    )
--- a/api/configs/extra/sentry_config.py
+++ b/api/configs/extra/sentry_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeFloat
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class SentryConfig(BaseSettings):
    Configuration settings for Sentry error tracking and performance monitoring
    """
-    SENTRY_DSN: Optional[str] = Field(
+    SENTRY_DSN: str | None = Field(
        description="Sentry Data Source Name (DSN)."
        " This is the unique identifier of your Sentry project, used to send events to the correct project.",
        default=None,
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -1,4 +1,4 @@
-from typing import Literal, Optional
+from typing import Literal
 from pydantic import (
    AliasChoices,
@ -31,6 +31,12 @@ class SecurityConfig(BaseSettings):
        description="Duration in minutes for which a password reset token remains valid",
        default=5,
    )
    EMAIL_REGISTER_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
        description="Duration in minutes for which a email register token remains valid",
        default=5,
    )
    CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
        description="Duration in minutes for which a change email token remains valid",
        default=5,
@ -51,7 +57,7 @@ class SecurityConfig(BaseSettings):
        default=False,
    )
-    ADMIN_API_KEY: Optional[str] = Field(
+    ADMIN_API_KEY: str | None = Field(
        description="admin api key for authentication",
        default=None,
    )
@ -91,17 +97,17 @@ class CodeExecutionSandboxConfig(BaseSettings):
        default="dify-sandbox",
    )
-    CODE_EXECUTION_CONNECT_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_CONNECT_TIMEOUT: float | None = Field(
        description="Connection timeout in seconds for code execution requests",
        default=10.0,
    )
-    CODE_EXECUTION_READ_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_READ_TIMEOUT: float | None = Field(
        description="Read timeout in seconds for code execution requests",
        default=60.0,
    )
-    CODE_EXECUTION_WRITE_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_WRITE_TIMEOUT: float | None = Field(
        description="Write timeout in seconds for code execution request",
        default=10.0,
    )
@ -362,17 +368,17 @@ class HttpConfig(BaseSettings):
        default=3,
    )
-    SSRF_PROXY_ALL_URL: Optional[str] = Field(
+    SSRF_PROXY_ALL_URL: str | None = Field(
        description="Proxy URL for HTTP or HTTPS requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )
-    SSRF_PROXY_HTTP_URL: Optional[str] = Field(
+    SSRF_PROXY_HTTP_URL: str | None = Field(
        description="Proxy URL for HTTP requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )
-    SSRF_PROXY_HTTPS_URL: Optional[str] = Field(
+    SSRF_PROXY_HTTPS_URL: str | None = Field(
        description="Proxy URL for HTTPS requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )
@ -414,7 +420,7 @@ class InnerAPIConfig(BaseSettings):
        default=False,
    )
-    INNER_API_KEY: Optional[str] = Field(
+    INNER_API_KEY: str | None = Field(
        description="API key for accessing the internal API",
        default=None,
    )
@ -430,7 +436,7 @@ class LoggingConfig(BaseSettings):
        default="INFO",
    )
-    LOG_FILE: Optional[str] = Field(
+    LOG_FILE: str | None = Field(
        description="File path for log output.",
        default=None,
    )
@ -450,12 +456,12 @@ class LoggingConfig(BaseSettings):
        default="%(asctime)s.%(msecs)03d %(levelname)s [%(threadName)s] [%(filename)s:%(lineno)d] - %(message)s",
    )
-    LOG_DATEFORMAT: Optional[str] = Field(
+    LOG_DATEFORMAT: str | None = Field(
        description="Date format string for log timestamps",
        default=None,
    )
-    LOG_TZ: Optional[str] = Field(
+    LOG_TZ: str | None = Field(
        description="Timezone for log timestamps (e.g., 'America/New_York')",
        default="UTC",
    )
@ -589,22 +595,22 @@ class AuthConfig(BaseSettings):
        default="/console/api/oauth/authorize",
    )
-    GITHUB_CLIENT_ID: Optional[str] = Field(
+    GITHUB_CLIENT_ID: str | None = Field(
        description="GitHub OAuth client ID",
        default=None,
    )
-    GITHUB_CLIENT_SECRET: Optional[str] = Field(
+    GITHUB_CLIENT_SECRET: str | None = Field(
        description="GitHub OAuth client secret",
        default=None,
    )
-    GOOGLE_CLIENT_ID: Optional[str] = Field(
+    GOOGLE_CLIENT_ID: str | None = Field(
        description="Google OAuth client ID",
        default=None,
    )
-    GOOGLE_CLIENT_SECRET: Optional[str] = Field(
+    GOOGLE_CLIENT_SECRET: str | None = Field(
        description="Google OAuth client secret",
        default=None,
    )
@ -639,6 +645,11 @@ class AuthConfig(BaseSettings):
        default=86400,
    )
    EMAIL_REGISTER_LOCKOUT_DURATION: PositiveInt = Field(
        description="Time (in seconds) a user must wait before retrying email register after exceeding the rate limit.",
        default=86400,
    )
 class ModerationConfig(BaseSettings):
    """
@ -667,42 +678,42 @@ class MailConfig(BaseSettings):
    Configuration for email services
    """
-    MAIL_TYPE: Optional[str] = Field(
+    MAIL_TYPE: str | None = Field(
        description="Email service provider type ('smtp' or 'resend' or 'sendGrid), default to None.",
        default=None,
    )
-    MAIL_DEFAULT_SEND_FROM: Optional[str] = Field(
+    MAIL_DEFAULT_SEND_FROM: str | None = Field(
        description="Default email address to use as the sender",
        default=None,
    )
-    RESEND_API_KEY: Optional[str] = Field(
+    RESEND_API_KEY: str | None = Field(
        description="API key for Resend email service",
        default=None,
    )
-    RESEND_API_URL: Optional[str] = Field(
+    RESEND_API_URL: str | None = Field(
        description="API URL for Resend email service",
        default=None,
    )
-    SMTP_SERVER: Optional[str] = Field(
+    SMTP_SERVER: str | None = Field(
        description="SMTP server hostname",
        default=None,
    )
-    SMTP_PORT: Optional[int] = Field(
+    SMTP_PORT: int | None = Field(
        description="SMTP server port number",
        default=465,
    )
-    SMTP_USERNAME: Optional[str] = Field(
+    SMTP_USERNAME: str | None = Field(
        description="Username for SMTP authentication",
        default=None,
    )
-    SMTP_PASSWORD: Optional[str] = Field(
+    SMTP_PASSWORD: str | None = Field(
        description="Password for SMTP authentication",
        default=None,
    )
@ -722,7 +733,7 @@ class MailConfig(BaseSettings):
        default=50,
    )
-    SENDGRID_API_KEY: Optional[str] = Field(
+    SENDGRID_API_KEY: str | None = Field(
        description="API key for SendGrid service",
        default=None,
    )
@ -745,17 +756,17 @@ class RagEtlConfig(BaseSettings):
        default="database",
    )
-    UNSTRUCTURED_API_URL: Optional[str] = Field(
+    UNSTRUCTURED_API_URL: str | None = Field(
        description="API URL for Unstructured.io service",
        default=None,
    )
-    UNSTRUCTURED_API_KEY: Optional[str] = Field(
+    UNSTRUCTURED_API_KEY: str | None = Field(
        description="API key for Unstructured.io service",
        default="",
    )
-    SCARF_NO_ANALYTICS: Optional[str] = Field(
+    SCARF_NO_ANALYTICS: str | None = Field(
        description="This is about whether to disable Scarf analytics in Unstructured library.",
        default="false",
    )
--- a/api/configs/feature/hosted_service/init.py
+++ b/api/configs/feature/hosted_service/init.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt
 from pydantic_settings import BaseSettings
@ -40,17 +38,17 @@ class HostedOpenAiConfig(BaseSettings):
    Configuration for hosted OpenAI service
    """
-    HOSTED_OPENAI_API_KEY: Optional[str] = Field(
+    HOSTED_OPENAI_API_KEY: str | None = Field(
        description="API key for hosted OpenAI service",
        default=None,
    )
-    HOSTED_OPENAI_API_BASE: Optional[str] = Field(
+    HOSTED_OPENAI_API_BASE: str | None = Field(
        description="Base URL for hosted OpenAI API",
        default=None,
    )
-    HOSTED_OPENAI_API_ORGANIZATION: Optional[str] = Field(
+    HOSTED_OPENAI_API_ORGANIZATION: str | None = Field(
        description="Organization ID for hosted OpenAI service",
        default=None,
    )
@ -110,12 +108,12 @@ class HostedAzureOpenAiConfig(BaseSettings):
        default=False,
    )
-    HOSTED_AZURE_OPENAI_API_KEY: Optional[str] = Field(
+    HOSTED_AZURE_OPENAI_API_KEY: str | None = Field(
        description="API key for hosted Azure OpenAI service",
        default=None,
    )
-    HOSTED_AZURE_OPENAI_API_BASE: Optional[str] = Field(
+    HOSTED_AZURE_OPENAI_API_BASE: str | None = Field(
        description="Base URL for hosted Azure OpenAI API",
        default=None,
    )
@ -131,12 +129,12 @@ class HostedAnthropicConfig(BaseSettings):
    Configuration for hosted Anthropic service
    """
-    HOSTED_ANTHROPIC_API_BASE: Optional[str] = Field(
+    HOSTED_ANTHROPIC_API_BASE: str | None = Field(
        description="Base URL for hosted Anthropic API",
        default=None,
    )
-    HOSTED_ANTHROPIC_API_KEY: Optional[str] = Field(
+    HOSTED_ANTHROPIC_API_KEY: str | None = Field(
        description="API key for hosted Anthropic service",
        default=None,
    )
--- a/api/configs/middleware/init.py
+++ b/api/configs/middleware/init.py
@ -1,5 +1,5 @@
 import os
-from typing import Any, Literal, Optional
+from typing import Any, Literal
 from urllib.parse import parse_qsl, quote_plus
 from pydantic import Field, NonNegativeFloat, NonNegativeInt, PositiveFloat, PositiveInt, computed_field
@ -78,18 +78,18 @@ class StorageConfig(BaseSettings):
 class VectorStoreConfig(BaseSettings):
-    VECTOR_STORE: Optional[str] = Field(
+    VECTOR_STORE: str | None = Field(
        description="Type of vector store to use for efficient similarity search."
        " Set to None if not using a vector store.",
        default=None,
    )
-    VECTOR_STORE_WHITELIST_ENABLE: Optional[bool] = Field(
+    VECTOR_STORE_WHITELIST_ENABLE: bool | None = Field(
        description="Enable whitelist for vector store.",
        default=False,
    )
-    VECTOR_INDEX_NAME_PREFIX: Optional[str] = Field(
+    VECTOR_INDEX_NAME_PREFIX: str | None = Field(
        description="Prefix used to create collection name in vector database",
        default="Vector_index",
    )
@ -225,26 +225,26 @@ class CeleryConfig(DatabaseConfig):
        default="redis",
    )
-    CELERY_BROKER_URL: Optional[str] = Field(
+    CELERY_BROKER_URL: str | None = Field(
        description="URL of the message broker for Celery tasks.",
        default=None,
    )
-    CELERY_USE_SENTINEL: Optional[bool] = Field(
+    CELERY_USE_SENTINEL: bool | None = Field(
        description="Whether to use Redis Sentinel for high availability.",
        default=False,
    )
-    CELERY_SENTINEL_MASTER_NAME: Optional[str] = Field(
+    CELERY_SENTINEL_MASTER_NAME: str | None = Field(
        description="Name of the Redis Sentinel master.",
        default=None,
    )
-    CELERY_SENTINEL_PASSWORD: Optional[str] = Field(
+    CELERY_SENTINEL_PASSWORD: str | None = Field(
        description="Password of the Redis Sentinel master.",
        default=None,
    )
-    CELERY_SENTINEL_SOCKET_TIMEOUT: Optional[PositiveFloat] = Field(
+    CELERY_SENTINEL_SOCKET_TIMEOUT: PositiveFloat | None = Field(
        description="Timeout for Redis Sentinel socket operations in seconds.",
        default=0.1,
    )
@ -268,12 +268,12 @@ class InternalTestConfig(BaseSettings):
    Configuration settings for Internal Test
    """
-    AWS_SECRET_ACCESS_KEY: Optional[str] = Field(
+    AWS_SECRET_ACCESS_KEY: str | None = Field(
        description="Internal test AWS secret access key",
        default=None,
    )
-    AWS_ACCESS_KEY_ID: Optional[str] = Field(
+    AWS_ACCESS_KEY_ID: str | None = Field(
        description="Internal test AWS access key ID",
        default=None,
    )
@ -284,15 +284,15 @@ class DatasetQueueMonitorConfig(BaseSettings):
    Configuration settings for Dataset Queue Monitor
    """
-    QUEUE_MONITOR_THRESHOLD: Optional[NonNegativeInt] = Field(
+    QUEUE_MONITOR_THRESHOLD: NonNegativeInt | None = Field(
        description="Threshold for dataset queue monitor",
        default=200,
    )
-    QUEUE_MONITOR_ALERT_EMAILS: Optional[str] = Field(
+    QUEUE_MONITOR_ALERT_EMAILS: str | None = Field(
        description="Emails for dataset queue monitor alert, separated by commas",
        default=None,
    )
-    QUEUE_MONITOR_INTERVAL: Optional[NonNegativeFloat] = Field(
+    QUEUE_MONITOR_INTERVAL: NonNegativeFloat | None = Field(
        description="Interval for dataset queue monitor in minutes",
        default=30,
    )
--- a/api/configs/middleware/cache/redis_config.py
+++ b/api/configs/middleware/cache/redis_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt, PositiveFloat, PositiveInt
 from pydantic_settings import BaseSettings
@ -19,12 +17,12 @@ class RedisConfig(BaseSettings):
        default=6379,
    )
-    REDIS_USERNAME: Optional[str] = Field(
+    REDIS_USERNAME: str | None = Field(
        description="Username for Redis authentication (if required)",
        default=None,
    )
-    REDIS_PASSWORD: Optional[str] = Field(
+    REDIS_PASSWORD: str | None = Field(
        description="Password for Redis authentication (if required)",
        default=None,
    )
@ -44,47 +42,47 @@ class RedisConfig(BaseSettings):
        default="CERT_NONE",
    )
-    REDIS_SSL_CA_CERTS: Optional[str] = Field(
+    REDIS_SSL_CA_CERTS: str | None = Field(
        description="Path to the CA certificate file for SSL verification",
        default=None,
    )
-    REDIS_SSL_CERTFILE: Optional[str] = Field(
+    REDIS_SSL_CERTFILE: str | None = Field(
        description="Path to the client certificate file for SSL authentication",
        default=None,
    )
-    REDIS_SSL_KEYFILE: Optional[str] = Field(
+    REDIS_SSL_KEYFILE: str | None = Field(
        description="Path to the client private key file for SSL authentication",
        default=None,
    )
-    REDIS_USE_SENTINEL: Optional[bool] = Field(
+    REDIS_USE_SENTINEL: bool | None = Field(
        description="Enable Redis Sentinel mode for high availability",
        default=False,
    )
-    REDIS_SENTINELS: Optional[str] = Field(
+    REDIS_SENTINELS: str | None = Field(
        description="Comma-separated list of Redis Sentinel nodes (host:port)",
        default=None,
    )
-    REDIS_SENTINEL_SERVICE_NAME: Optional[str] = Field(
+    REDIS_SENTINEL_SERVICE_NAME: str | None = Field(
        description="Name of the Redis Sentinel service to monitor",
        default=None,
    )
-    REDIS_SENTINEL_USERNAME: Optional[str] = Field(
+    REDIS_SENTINEL_USERNAME: str | None = Field(
        description="Username for Redis Sentinel authentication (if required)",
        default=None,
    )
-    REDIS_SENTINEL_PASSWORD: Optional[str] = Field(
+    REDIS_SENTINEL_PASSWORD: str | None = Field(
        description="Password for Redis Sentinel authentication (if required)",
        default=None,
    )
-    REDIS_SENTINEL_SOCKET_TIMEOUT: Optional[PositiveFloat] = Field(
+    REDIS_SENTINEL_SOCKET_TIMEOUT: PositiveFloat | None = Field(
        description="Socket timeout in seconds for Redis Sentinel connections",
        default=0.1,
    )
@ -94,12 +92,12 @@ class RedisConfig(BaseSettings):
        default=False,
    )
-    REDIS_CLUSTERS: Optional[str] = Field(
+    REDIS_CLUSTERS: str | None = Field(
        description="Comma-separated list of Redis Clusters nodes (host:port)",
        default=None,
    )
-    REDIS_CLUSTERS_PASSWORD: Optional[str] = Field(
+    REDIS_CLUSTERS_PASSWORD: str | None = Field(
        description="Password for Redis Clusters authentication (if required)",
        default=None,
    )
--- a/api/configs/middleware/storage/aliyun_oss_storage_config.py
+++ b/api/configs/middleware/storage/aliyun_oss_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,37 +7,37 @@ class AliyunOSSStorageConfig(BaseSettings):
    Configuration settings for Aliyun Object Storage Service (OSS)
    """
-    ALIYUN_OSS_BUCKET_NAME: Optional[str] = Field(
+    ALIYUN_OSS_BUCKET_NAME: str | None = Field(
        description="Name of the Aliyun OSS bucket to store and retrieve objects",
        default=None,
    )
-    ALIYUN_OSS_ACCESS_KEY: Optional[str] = Field(
+    ALIYUN_OSS_ACCESS_KEY: str | None = Field(
        description="Access key ID for authenticating with Aliyun OSS",
        default=None,
    )
-    ALIYUN_OSS_SECRET_KEY: Optional[str] = Field(
+    ALIYUN_OSS_SECRET_KEY: str | None = Field(
        description="Secret access key for authenticating with Aliyun OSS",
        default=None,
    )
-    ALIYUN_OSS_ENDPOINT: Optional[str] = Field(
+    ALIYUN_OSS_ENDPOINT: str | None = Field(
        description="URL of the Aliyun OSS endpoint for your chosen region",
        default=None,
    )
-    ALIYUN_OSS_REGION: Optional[str] = Field(
+    ALIYUN_OSS_REGION: str | None = Field(
        description="Aliyun OSS region where your bucket is located (e.g., 'oss-cn-hangzhou')",
        default=None,
    )
-    ALIYUN_OSS_AUTH_VERSION: Optional[str] = Field(
+    ALIYUN_OSS_AUTH_VERSION: str | None = Field(
        description="Version of the authentication protocol to use with Aliyun OSS (e.g., 'v4')",
        default=None,
    )
-    ALIYUN_OSS_PATH: Optional[str] = Field(
+    ALIYUN_OSS_PATH: str | None = Field(
        description="Base path within the bucket to store objects (e.g., 'my-app-data/')",
        default=None,
    )
--- a/api/configs/middleware/storage/amazon_s3_storage_config.py
+++ b/api/configs/middleware/storage/amazon_s3_storage_config.py
@ -1,4 +1,4 @@
-from typing import Literal, Optional
+from typing import Literal
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +9,27 @@ class S3StorageConfig(BaseSettings):
    Configuration settings for S3-compatible object storage
    """
-    S3_ENDPOINT: Optional[str] = Field(
+    S3_ENDPOINT: str | None = Field(
        description="URL of the S3-compatible storage endpoint (e.g., 'https://s3.amazonaws.com')",
        default=None,
    )
-    S3_REGION: Optional[str] = Field(
+    S3_REGION: str | None = Field(
        description="Region where the S3 bucket is located (e.g., 'us-east-1')",
        default=None,
    )
-    S3_BUCKET_NAME: Optional[str] = Field(
+    S3_BUCKET_NAME: str | None = Field(
        description="Name of the S3 bucket to store and retrieve objects",
        default=None,
    )
-    S3_ACCESS_KEY: Optional[str] = Field(
+    S3_ACCESS_KEY: str | None = Field(
        description="Access key ID for authenticating with the S3 service",
        default=None,
    )
-    S3_SECRET_KEY: Optional[str] = Field(
+    S3_SECRET_KEY: str | None = Field(
        description="Secret access key for authenticating with the S3 service",
        default=None,
    )
--- a/api/configs/middleware/storage/azure_blob_storage_config.py
+++ b/api/configs/middleware/storage/azure_blob_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,22 +7,22 @@ class AzureBlobStorageConfig(BaseSettings):
    Configuration settings for Azure Blob Storage
    """
-    AZURE_BLOB_ACCOUNT_NAME: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_NAME: str | None = Field(
        description="Name of the Azure Storage account (e.g., 'mystorageaccount')",
        default=None,
    )
-    AZURE_BLOB_ACCOUNT_KEY: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_KEY: str | None = Field(
        description="Access key for authenticating with the Azure Storage account",
        default=None,
    )
-    AZURE_BLOB_CONTAINER_NAME: Optional[str] = Field(
+    AZURE_BLOB_CONTAINER_NAME: str | None = Field(
        description="Name of the Azure Blob container to store and retrieve objects",
        default=None,
    )
-    AZURE_BLOB_ACCOUNT_URL: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_URL: str | None = Field(
        description="URL of the Azure Blob storage endpoint (e.g., 'https://mystorageaccount.blob.core.windows.net')",
        default=None,
    )
--- a/api/configs/middleware/storage/baidu_obs_storage_config.py
+++ b/api/configs/middleware/storage/baidu_obs_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,22 +7,22 @@ class BaiduOBSStorageConfig(BaseSettings):
    Configuration settings for Baidu Object Storage Service (OBS)
    """
-    BAIDU_OBS_BUCKET_NAME: Optional[str] = Field(
+    BAIDU_OBS_BUCKET_NAME: str | None = Field(
        description="Name of the Baidu OBS bucket to store and retrieve objects (e.g., 'my-obs-bucket')",
        default=None,
    )
-    BAIDU_OBS_ACCESS_KEY: Optional[str] = Field(
+    BAIDU_OBS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Baidu OBS",
        default=None,
    )
-    BAIDU_OBS_SECRET_KEY: Optional[str] = Field(
+    BAIDU_OBS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Baidu OBS",
        default=None,
    )
-    BAIDU_OBS_ENDPOINT: Optional[str] = Field(
+    BAIDU_OBS_ENDPOINT: str | None = Field(
        description="URL of the Baidu OSS endpoint for your chosen region (e.g., 'https://.bj.bcebos.com')",
        default=None,
    )
--- a/api/configs/middleware/storage/clickzetta_volume_storage_config.py
+++ b/api/configs/middleware/storage/clickzetta_volume_storage_config.py
@ -1,7 +1,5 @@
 """ClickZetta Volume Storage Configuration"""
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,17 +7,17 @@ from pydantic_settings import BaseSettings
 class ClickZettaVolumeStorageConfig(BaseSettings):
    """Configuration for ClickZetta Volume storage."""
-    CLICKZETTA_VOLUME_USERNAME: Optional[str] = Field(
+    CLICKZETTA_VOLUME_USERNAME: str | None = Field(
        description="Username for ClickZetta Volume authentication",
        default=None,
    )
-    CLICKZETTA_VOLUME_PASSWORD: Optional[str] = Field(
+    CLICKZETTA_VOLUME_PASSWORD: str | None = Field(
        description="Password for ClickZetta Volume authentication",
        default=None,
    )
-    CLICKZETTA_VOLUME_INSTANCE: Optional[str] = Field(
+    CLICKZETTA_VOLUME_INSTANCE: str | None = Field(
        description="ClickZetta instance identifier",
        default=None,
    )
@ -49,7 +47,7 @@ class ClickZettaVolumeStorageConfig(BaseSettings):
        default="user",
    )
-    CLICKZETTA_VOLUME_NAME: Optional[str] = Field(
+    CLICKZETTA_VOLUME_NAME: str | None = Field(
        description="ClickZetta volume name for external volumes",
        default=None,
    )
--- a/api/configs/middleware/storage/google_cloud_storage_config.py
+++ b/api/configs/middleware/storage/google_cloud_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class GoogleCloudStorageConfig(BaseSettings):
    Configuration settings for Google Cloud Storage
    """
-    GOOGLE_STORAGE_BUCKET_NAME: Optional[str] = Field(
+    GOOGLE_STORAGE_BUCKET_NAME: str | None = Field(
        description="Name of the Google Cloud Storage bucket to store and retrieve objects (e.g., 'my-gcs-bucket')",
        default=None,
    )
-    GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: Optional[str] = Field(
+    GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: str | None = Field(
        description="Base64-encoded JSON key file for Google Cloud service account authentication",
        default=None,
    )
--- a/api/configs/middleware/storage/huawei_obs_storage_config.py
+++ b/api/configs/middleware/storage/huawei_obs_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,22 +7,22 @@ class HuaweiCloudOBSStorageConfig(BaseSettings):
    Configuration settings for Huawei Cloud Object Storage Service (OBS)
    """
-    HUAWEI_OBS_BUCKET_NAME: Optional[str] = Field(
+    HUAWEI_OBS_BUCKET_NAME: str | None = Field(
        description="Name of the Huawei Cloud OBS bucket to store and retrieve objects (e.g., 'my-obs-bucket')",
        default=None,
    )
-    HUAWEI_OBS_ACCESS_KEY: Optional[str] = Field(
+    HUAWEI_OBS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Huawei Cloud OBS",
        default=None,
    )
-    HUAWEI_OBS_SECRET_KEY: Optional[str] = Field(
+    HUAWEI_OBS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Huawei Cloud OBS",
        default=None,
    )
-    HUAWEI_OBS_SERVER: Optional[str] = Field(
+    HUAWEI_OBS_SERVER: str | None = Field(
        description="Endpoint URL for Huawei Cloud OBS (e.g., 'https://obs.cn-north-4.myhuaweicloud.com')",
        default=None,
    )
--- a/api/configs/middleware/storage/oci_storage_config.py
+++ b/api/configs/middleware/storage/oci_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class OCIStorageConfig(BaseSettings):
    Configuration settings for Oracle Cloud Infrastructure (OCI) Object Storage
    """
-    OCI_ENDPOINT: Optional[str] = Field(
+    OCI_ENDPOINT: str | None = Field(
        description="URL of the OCI Object Storage endpoint (e.g., 'https://objectstorage.us-phoenix-1.oraclecloud.com')",
        default=None,
    )
-    OCI_REGION: Optional[str] = Field(
+    OCI_REGION: str | None = Field(
        description="OCI region where the bucket is located (e.g., 'us-phoenix-1')",
        default=None,
    )
-    OCI_BUCKET_NAME: Optional[str] = Field(
+    OCI_BUCKET_NAME: str | None = Field(
        description="Name of the OCI Object Storage bucket to store and retrieve objects (e.g., 'my-oci-bucket')",
        default=None,
    )
-    OCI_ACCESS_KEY: Optional[str] = Field(
+    OCI_ACCESS_KEY: str | None = Field(
        description="Access key (also known as API key) for authenticating with OCI Object Storage",
        default=None,
    )
-    OCI_SECRET_KEY: Optional[str] = Field(
+    OCI_SECRET_KEY: str | None = Field(
        description="Secret key associated with the access key for authenticating with OCI Object Storage",
        default=None,
    )
--- a/api/configs/middleware/storage/supabase_storage_config.py
+++ b/api/configs/middleware/storage/supabase_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,17 +7,17 @@ class SupabaseStorageConfig(BaseSettings):
    Configuration settings for Supabase Object Storage Service
    """
-    SUPABASE_BUCKET_NAME: Optional[str] = Field(
+    SUPABASE_BUCKET_NAME: str | None = Field(
        description="Name of the Supabase bucket to store and retrieve objects (e.g., 'dify-bucket')",
        default=None,
    )
-    SUPABASE_API_KEY: Optional[str] = Field(
+    SUPABASE_API_KEY: str | None = Field(
        description="API KEY for authenticating with Supabase",
        default=None,
    )
-    SUPABASE_URL: Optional[str] = Field(
+    SUPABASE_URL: str | None = Field(
        description="URL of the Supabase",
        default=None,
    )
--- a/api/configs/middleware/storage/tencent_cos_storage_config.py
+++ b/api/configs/middleware/storage/tencent_cos_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class TencentCloudCOSStorageConfig(BaseSettings):
    Configuration settings for Tencent Cloud Object Storage (COS)
    """
-    TENCENT_COS_BUCKET_NAME: Optional[str] = Field(
+    TENCENT_COS_BUCKET_NAME: str | None = Field(
        description="Name of the Tencent Cloud COS bucket to store and retrieve objects",
        default=None,
    )
-    TENCENT_COS_REGION: Optional[str] = Field(
+    TENCENT_COS_REGION: str | None = Field(
        description="Tencent Cloud region where the COS bucket is located (e.g., 'ap-guangzhou')",
        default=None,
    )
-    TENCENT_COS_SECRET_ID: Optional[str] = Field(
+    TENCENT_COS_SECRET_ID: str | None = Field(
        description="SecretId for authenticating with Tencent Cloud COS (part of API credentials)",
        default=None,
    )
-    TENCENT_COS_SECRET_KEY: Optional[str] = Field(
+    TENCENT_COS_SECRET_KEY: str | None = Field(
        description="SecretKey for authenticating with Tencent Cloud COS (part of API credentials)",
        default=None,
    )
-    TENCENT_COS_SCHEME: Optional[str] = Field(
+    TENCENT_COS_SCHEME: str | None = Field(
        description="Protocol scheme for COS requests: 'https' (recommended) or 'http'",
        default=None,
    )
--- a/api/configs/middleware/storage/volcengine_tos_storage_config.py
+++ b/api/configs/middleware/storage/volcengine_tos_storage_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class VolcengineTOSStorageConfig(BaseSettings):
    Configuration settings for Volcengine Tinder Object Storage (TOS)
    """
-    VOLCENGINE_TOS_BUCKET_NAME: Optional[str] = Field(
+    VOLCENGINE_TOS_BUCKET_NAME: str | None = Field(
        description="Name of the Volcengine TOS bucket to store and retrieve objects (e.g., 'my-tos-bucket')",
        default=None,
    )
-    VOLCENGINE_TOS_ACCESS_KEY: Optional[str] = Field(
+    VOLCENGINE_TOS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Volcengine TOS",
        default=None,
    )
-    VOLCENGINE_TOS_SECRET_KEY: Optional[str] = Field(
+    VOLCENGINE_TOS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Volcengine TOS",
        default=None,
    )
-    VOLCENGINE_TOS_ENDPOINT: Optional[str] = Field(
+    VOLCENGINE_TOS_ENDPOINT: str | None = Field(
        description="URL of the Volcengine TOS endpoint (e.g., 'https://tos-cn-beijing.volces.com')",
        default=None,
    )
-    VOLCENGINE_TOS_REGION: Optional[str] = Field(
+    VOLCENGINE_TOS_REGION: str | None = Field(
        description="Volcengine region where the TOS bucket is located (e.g., 'cn-beijing')",
        default=None,
    )
--- a/api/configs/middleware/vdb/analyticdb_config.py
+++ b/api/configs/middleware/vdb/analyticdb_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -11,37 +9,37 @@ class AnalyticdbConfig(BaseSettings):
    https://www.alibabacloud.com/help/en/analyticdb-for-postgresql/getting-started/create-an-instance-instances-with-vector-engine-optimization-enabled
    """
-    ANALYTICDB_KEY_ID: Optional[str] = Field(
+    ANALYTICDB_KEY_ID: str | None = Field(
        default=None, description="The Access Key ID provided by Alibaba Cloud for API authentication."
    )
-    ANALYTICDB_KEY_SECRET: Optional[str] = Field(
+    ANALYTICDB_KEY_SECRET: str | None = Field(
        default=None, description="The Secret Access Key corresponding to the Access Key ID for secure API access."
    )
-    ANALYTICDB_REGION_ID: Optional[str] = Field(
+    ANALYTICDB_REGION_ID: str | None = Field(
        default=None,
        description="The region where the AnalyticDB instance is deployed (e.g., 'cn-hangzhou', 'ap-southeast-1').",
    )
-    ANALYTICDB_INSTANCE_ID: Optional[str] = Field(
+    ANALYTICDB_INSTANCE_ID: str | None = Field(
        default=None,
        description="The unique identifier of the AnalyticDB instance you want to connect to.",
    )
-    ANALYTICDB_ACCOUNT: Optional[str] = Field(
+    ANALYTICDB_ACCOUNT: str | None = Field(
        default=None,
        description="The account name used to log in to the AnalyticDB instance"
        " (usually the initial account created with the instance).",
    )
-    ANALYTICDB_PASSWORD: Optional[str] = Field(
+    ANALYTICDB_PASSWORD: str | None = Field(
        default=None, description="The password associated with the AnalyticDB account for database authentication."
    )
-    ANALYTICDB_NAMESPACE: Optional[str] = Field(
+    ANALYTICDB_NAMESPACE: str | None = Field(
        default=None, description="The namespace within AnalyticDB for schema isolation (if using namespace feature)."
    )
-    ANALYTICDB_NAMESPACE_PASSWORD: Optional[str] = Field(
+    ANALYTICDB_NAMESPACE_PASSWORD: str | None = Field(
        default=None,
        description="The password for accessing the specified namespace within the AnalyticDB instance"
        " (if namespace feature is enabled).",
    )
-    ANALYTICDB_HOST: Optional[str] = Field(
+    ANALYTICDB_HOST: str | None = Field(
        default=None, description="The host of the AnalyticDB instance you want to connect to."
    )
    ANALYTICDB_PORT: PositiveInt = Field(
--- a/api/configs/middleware/vdb/baidu_vector_config.py
+++ b/api/configs/middleware/vdb/baidu_vector_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class BaiduVectorDBConfig(BaseSettings):
    Configuration settings for Baidu Vector Database
    """
-    BAIDU_VECTOR_DB_ENDPOINT: Optional[str] = Field(
+    BAIDU_VECTOR_DB_ENDPOINT: str | None = Field(
        description="URL of the Baidu Vector Database service (e.g., 'http://vdb.bj.baidubce.com')",
        default=None,
    )
@ -19,17 +17,17 @@ class BaiduVectorDBConfig(BaseSettings):
        default=30000,
    )
-    BAIDU_VECTOR_DB_ACCOUNT: Optional[str] = Field(
+    BAIDU_VECTOR_DB_ACCOUNT: str | None = Field(
        description="Account for authenticating with the Baidu Vector Database",
        default=None,
    )
-    BAIDU_VECTOR_DB_API_KEY: Optional[str] = Field(
+    BAIDU_VECTOR_DB_API_KEY: str | None = Field(
        description="API key for authenticating with the Baidu Vector Database service",
        default=None,
    )
-    BAIDU_VECTOR_DB_DATABASE: Optional[str] = Field(
+    BAIDU_VECTOR_DB_DATABASE: str | None = Field(
        description="Name of the specific Baidu Vector Database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/chroma_config.py
+++ b/api/configs/middleware/vdb/chroma_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class ChromaConfig(BaseSettings):
    Configuration settings for Chroma vector database
    """
-    CHROMA_HOST: Optional[str] = Field(
+    CHROMA_HOST: str | None = Field(
        description="Hostname or IP address of the Chroma server (e.g., 'localhost' or '192.168.1.100')",
        default=None,
    )
@ -19,22 +17,22 @@ class ChromaConfig(BaseSettings):
        default=8000,
    )
-    CHROMA_TENANT: Optional[str] = Field(
+    CHROMA_TENANT: str | None = Field(
        description="Tenant identifier for multi-tenancy support in Chroma",
        default=None,
    )
-    CHROMA_DATABASE: Optional[str] = Field(
+    CHROMA_DATABASE: str | None = Field(
        description="Name of the Chroma database to connect to",
        default=None,
    )
-    CHROMA_AUTH_PROVIDER: Optional[str] = Field(
+    CHROMA_AUTH_PROVIDER: str | None = Field(
        description="Authentication provider for Chroma (e.g., 'basic', 'token', or a custom provider)",
        default=None,
    )
-    CHROMA_AUTH_CREDENTIALS: Optional[str] = Field(
+    CHROMA_AUTH_CREDENTIALS: str | None = Field(
        description="Authentication credentials for Chroma (format depends on the auth provider)",
        default=None,
    )
--- a/api/configs/middleware/vdb/clickzetta_config.py
+++ b/api/configs/middleware/vdb/clickzetta_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,62 +7,62 @@ class ClickzettaConfig(BaseSettings):
    Clickzetta Lakehouse vector database configuration
    """
-    CLICKZETTA_USERNAME: Optional[str] = Field(
+    CLICKZETTA_USERNAME: str | None = Field(
        description="Username for authenticating with Clickzetta Lakehouse",
        default=None,
    )
-    CLICKZETTA_PASSWORD: Optional[str] = Field(
+    CLICKZETTA_PASSWORD: str | None = Field(
        description="Password for authenticating with Clickzetta Lakehouse",
        default=None,
    )
-    CLICKZETTA_INSTANCE: Optional[str] = Field(
+    CLICKZETTA_INSTANCE: str | None = Field(
        description="Clickzetta Lakehouse instance ID",
        default=None,
    )
-    CLICKZETTA_SERVICE: Optional[str] = Field(
+    CLICKZETTA_SERVICE: str | None = Field(
        description="Clickzetta API service endpoint (e.g., 'api.clickzetta.com')",
        default="api.clickzetta.com",
    )
-    CLICKZETTA_WORKSPACE: Optional[str] = Field(
+    CLICKZETTA_WORKSPACE: str | None = Field(
        description="Clickzetta workspace name",
        default="default",
    )
-    CLICKZETTA_VCLUSTER: Optional[str] = Field(
+    CLICKZETTA_VCLUSTER: str | None = Field(
        description="Clickzetta virtual cluster name",
        default="default_ap",
    )
-    CLICKZETTA_SCHEMA: Optional[str] = Field(
+    CLICKZETTA_SCHEMA: str | None = Field(
        description="Database schema name in Clickzetta",
        default="public",
    )
-    CLICKZETTA_BATCH_SIZE: Optional[int] = Field(
+    CLICKZETTA_BATCH_SIZE: int | None = Field(
        description="Batch size for bulk insert operations",
        default=100,
    )
-    CLICKZETTA_ENABLE_INVERTED_INDEX: Optional[bool] = Field(
+    CLICKZETTA_ENABLE_INVERTED_INDEX: bool | None = Field(
        description="Enable inverted index for full-text search capabilities",
        default=True,
    )
-    CLICKZETTA_ANALYZER_TYPE: Optional[str] = Field(
+    CLICKZETTA_ANALYZER_TYPE: str | None = Field(
        description="Analyzer type for full-text search: keyword, english, chinese, unicode",
        default="chinese",
    )
-    CLICKZETTA_ANALYZER_MODE: Optional[str] = Field(
+    CLICKZETTA_ANALYZER_MODE: str | None = Field(
        description="Analyzer mode for tokenization: max_word (fine-grained) or smart (intelligent)",
        default="smart",
    )
-    CLICKZETTA_VECTOR_DISTANCE_FUNCTION: Optional[str] = Field(
+    CLICKZETTA_VECTOR_DISTANCE_FUNCTION: str | None = Field(
        description="Distance function for vector similarity: l2_distance or cosine_distance",
        default="cosine_distance",
    )
--- a/api/configs/middleware/vdb/couchbase_config.py
+++ b/api/configs/middleware/vdb/couchbase_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class CouchbaseConfig(BaseSettings):
    Couchbase configs
    """
-    COUCHBASE_CONNECTION_STRING: Optional[str] = Field(
+    COUCHBASE_CONNECTION_STRING: str | None = Field(
        description="COUCHBASE connection string",
        default=None,
    )
-    COUCHBASE_USER: Optional[str] = Field(
+    COUCHBASE_USER: str | None = Field(
        description="COUCHBASE user",
        default=None,
    )
-    COUCHBASE_PASSWORD: Optional[str] = Field(
+    COUCHBASE_PASSWORD: str | None = Field(
        description="COUCHBASE password",
        default=None,
    )
-    COUCHBASE_BUCKET_NAME: Optional[str] = Field(
+    COUCHBASE_BUCKET_NAME: str | None = Field(
        description="COUCHBASE bucket name",
        default=None,
    )
-    COUCHBASE_SCOPE_NAME: Optional[str] = Field(
+    COUCHBASE_SCOPE_NAME: str | None = Field(
        description="COUCHBASE scope name",
        default=None,
    )
--- a/api/configs/middleware/vdb/elasticsearch_config.py
+++ b/api/configs/middleware/vdb/elasticsearch_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt, model_validator
 from pydantic_settings import BaseSettings
@ -10,7 +8,7 @@ class ElasticsearchConfig(BaseSettings):
    Can load from environment variables or .env files.
    """
-    ELASTICSEARCH_HOST: Optional[str] = Field(
+    ELASTICSEARCH_HOST: str | None = Field(
        description="Hostname or IP address of the Elasticsearch server (e.g., 'localhost' or '192.168.1.100')",
        default="127.0.0.1",
    )
@ -20,30 +18,28 @@ class ElasticsearchConfig(BaseSettings):
        default=9200,
    )
-    ELASTICSEARCH_USERNAME: Optional[str] = Field(
+    ELASTICSEARCH_USERNAME: str | None = Field(
        description="Username for authenticating with Elasticsearch (default is 'elastic')",
        default="elastic",
    )
-    ELASTICSEARCH_PASSWORD: Optional[str] = Field(
+    ELASTICSEARCH_PASSWORD: str | None = Field(
        description="Password for authenticating with Elasticsearch (default is 'elastic')",
        default="elastic",
    )
    # Elastic Cloud (optional)
-    ELASTICSEARCH_USE_CLOUD: Optional[bool] = Field(
+    ELASTICSEARCH_USE_CLOUD: bool | None = Field(
        description="Set to True to use Elastic Cloud instead of self-hosted Elasticsearch", default=False
    )
-    ELASTICSEARCH_CLOUD_URL: Optional[str] = Field(
+    ELASTICSEARCH_CLOUD_URL: str | None = Field(
        description="Full URL for Elastic Cloud deployment (e.g., 'https://example.es.region.aws.found.io:443')",
        default=None,
    )
-    ELASTICSEARCH_API_KEY: Optional[str] = Field(
+    ELASTICSEARCH_API_KEY: str | None = Field(description="API key for authenticating with Elastic Cloud", default=None)
        description="API key for authenticating with Elastic Cloud", default=None
    )
    # Common options
-    ELASTICSEARCH_CA_CERTS: Optional[str] = Field(
+    ELASTICSEARCH_CA_CERTS: str | None = Field(
        description="Path to CA certificate file for SSL verification", default=None
    )
    ELASTICSEARCH_VERIFY_CERTS: bool = Field(
--- a/api/configs/middleware/vdb/huawei_cloud_config.py
+++ b/api/configs/middleware/vdb/huawei_cloud_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,17 +7,17 @@ class HuaweiCloudConfig(BaseSettings):
    Configuration settings for Huawei cloud search service
    """
-    HUAWEI_CLOUD_HOSTS: Optional[str] = Field(
+    HUAWEI_CLOUD_HOSTS: str | None = Field(
        description="Hostname or IP address of the Huawei cloud search service instance",
        default=None,
    )
-    HUAWEI_CLOUD_USER: Optional[str] = Field(
+    HUAWEI_CLOUD_USER: str | None = Field(
        description="Username for authenticating with Huawei cloud search service",
        default=None,
    )
-    HUAWEI_CLOUD_PASSWORD: Optional[str] = Field(
+    HUAWEI_CLOUD_PASSWORD: str | None = Field(
        description="Password for authenticating with Huawei cloud search service",
        default=None,
    )
--- a/api/configs/middleware/vdb/lindorm_config.py
+++ b/api/configs/middleware/vdb/lindorm_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class LindormConfig(BaseSettings):
    Lindorm configs
    """
-    LINDORM_URL: Optional[str] = Field(
+    LINDORM_URL: str | None = Field(
        description="Lindorm url",
        default=None,
    )
-    LINDORM_USERNAME: Optional[str] = Field(
+    LINDORM_USERNAME: str | None = Field(
        description="Lindorm user",
        default=None,
    )
-    LINDORM_PASSWORD: Optional[str] = Field(
+    LINDORM_PASSWORD: str | None = Field(
        description="Lindorm password",
        default=None,
    )
-    DEFAULT_INDEX_TYPE: Optional[str] = Field(
+    DEFAULT_INDEX_TYPE: str | None = Field(
        description="Lindorm Vector Index Type, hnsw or flat is available in dify",
        default="hnsw",
    )
-    DEFAULT_DISTANCE_TYPE: Optional[str] = Field(
+    DEFAULT_DISTANCE_TYPE: str | None = Field(
        description="Vector Distance Type, support l2, cosinesimil, innerproduct", default="l2"
    )
-    USING_UGC_INDEX: Optional[bool] = Field(
+    USING_UGC_INDEX: bool | None = Field(
        description="Using UGC index will store the same type of Index in a single index but can retrieve separately.",
        default=False,
    )
-    LINDORM_QUERY_TIMEOUT: Optional[float] = Field(description="The lindorm search request timeout (s)", default=2.0)
+    LINDORM_QUERY_TIMEOUT: float | None = Field(description="The lindorm search request timeout (s)", default=2.0)
--- a/api/configs/middleware/vdb/milvus_config.py
+++ b/api/configs/middleware/vdb/milvus_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,22 +7,22 @@ class MilvusConfig(BaseSettings):
    Configuration settings for Milvus vector database
    """
-    MILVUS_URI: Optional[str] = Field(
+    MILVUS_URI: str | None = Field(
        description="URI for connecting to the Milvus server (e.g., 'http://localhost:19530' or 'https://milvus-instance.example.com:19530')",
        default="http://127.0.0.1:19530",
    )
-    MILVUS_TOKEN: Optional[str] = Field(
+    MILVUS_TOKEN: str | None = Field(
        description="Authentication token for Milvus, if token-based authentication is enabled",
        default=None,
    )
-    MILVUS_USER: Optional[str] = Field(
+    MILVUS_USER: str | None = Field(
        description="Username for authenticating with Milvus, if username/password authentication is enabled",
        default=None,
    )
-    MILVUS_PASSWORD: Optional[str] = Field(
+    MILVUS_PASSWORD: str | None = Field(
        description="Password for authenticating with Milvus, if username/password authentication is enabled",
        default=None,
    )
@ -40,7 +38,7 @@ class MilvusConfig(BaseSettings):
        default=True,
    )
-    MILVUS_ANALYZER_PARAMS: Optional[str] = Field(
+    MILVUS_ANALYZER_PARAMS: str | None = Field(
        description='Milvus text analyzer parameters, e.g., {"type": "chinese"} for Chinese segmentation support.',
        default=None,
    )
--- a/api/configs/middleware/vdb/oceanbase_config.py
+++ b/api/configs/middleware/vdb/oceanbase_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class OceanBaseVectorConfig(BaseSettings):
    Configuration settings for OceanBase Vector database
    """
-    OCEANBASE_VECTOR_HOST: Optional[str] = Field(
+    OCEANBASE_VECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the OceanBase Vector server (e.g. 'localhost')",
        default=None,
    )
-    OCEANBASE_VECTOR_PORT: Optional[PositiveInt] = Field(
+    OCEANBASE_VECTOR_PORT: PositiveInt | None = Field(
        description="Port number on which the OceanBase Vector server is listening (default is 2881)",
        default=2881,
    )
-    OCEANBASE_VECTOR_USER: Optional[str] = Field(
+    OCEANBASE_VECTOR_USER: str | None = Field(
        description="Username for authenticating with the OceanBase Vector database",
        default=None,
    )
-    OCEANBASE_VECTOR_PASSWORD: Optional[str] = Field(
+    OCEANBASE_VECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the OceanBase Vector database",
        default=None,
    )
-    OCEANBASE_VECTOR_DATABASE: Optional[str] = Field(
+    OCEANBASE_VECTOR_DATABASE: str | None = Field(
        description="Name of the OceanBase Vector database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/opengauss_config.py
+++ b/api/configs/middleware/vdb/opengauss_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class OpenGaussConfig(BaseSettings):
    Configuration settings for OpenGauss
    """
-    OPENGAUSS_HOST: Optional[str] = Field(
+    OPENGAUSS_HOST: str | None = Field(
        description="Hostname or IP address of the OpenGauss server(e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class OpenGaussConfig(BaseSettings):
        default=6600,
    )
-    OPENGAUSS_USER: Optional[str] = Field(
+    OPENGAUSS_USER: str | None = Field(
        description="Username for authenticating with the OpenGauss database",
        default=None,
    )
-    OPENGAUSS_PASSWORD: Optional[str] = Field(
+    OPENGAUSS_PASSWORD: str | None = Field(
        description="Password for authenticating with the OpenGauss database",
        default=None,
    )
-    OPENGAUSS_DATABASE: Optional[str] = Field(
+    OPENGAUSS_DATABASE: str | None = Field(
        description="Name of the OpenGauss database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/opensearch_config.py
+++ b/api/configs/middleware/vdb/opensearch_config.py
@ -1,5 +1,5 @@
-import enum
+from enum import Enum
-from typing import Literal, Optional
+from typing import Literal
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -10,7 +10,7 @@ class OpenSearchConfig(BaseSettings):
    Configuration settings for OpenSearch
    """
-    class AuthMethod(enum.StrEnum):
+    class AuthMethod(Enum):
        """
        Authentication method for OpenSearch
        """
@ -18,7 +18,7 @@ class OpenSearchConfig(BaseSettings):
        BASIC = "basic"
        AWS_MANAGED_IAM = "aws_managed_iam"
-    OPENSEARCH_HOST: Optional[str] = Field(
+    OPENSEARCH_HOST: str | None = Field(
        description="Hostname or IP address of the OpenSearch server (e.g., 'localhost' or 'opensearch.example.com')",
        default=None,
    )
@ -43,21 +43,21 @@ class OpenSearchConfig(BaseSettings):
        default=AuthMethod.BASIC,
    )
-    OPENSEARCH_USER: Optional[str] = Field(
+    OPENSEARCH_USER: str | None = Field(
        description="Username for authenticating with OpenSearch",
        default=None,
    )
-    OPENSEARCH_PASSWORD: Optional[str] = Field(
+    OPENSEARCH_PASSWORD: str | None = Field(
        description="Password for authenticating with OpenSearch",
        default=None,
    )
-    OPENSEARCH_AWS_REGION: Optional[str] = Field(
+    OPENSEARCH_AWS_REGION: str | None = Field(
        description="AWS region for OpenSearch (e.g. 'us-west-2')",
        default=None,
    )
-    OPENSEARCH_AWS_SERVICE: Optional[Literal["es", "aoss"]] = Field(
+    OPENSEARCH_AWS_SERVICE: Literal["es", "aoss"] | None = Field(
        description="AWS service for OpenSearch (e.g. 'aoss' for OpenSearch Serverless)", default=None
    )
--- a/api/configs/middleware/vdb/oracle_config.py
+++ b/api/configs/middleware/vdb/oracle_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,33 +7,33 @@ class OracleConfig(BaseSettings):
    Configuration settings for Oracle database
    """
-    ORACLE_USER: Optional[str] = Field(
+    ORACLE_USER: str | None = Field(
        description="Username for authenticating with the Oracle database",
        default=None,
    )
-    ORACLE_PASSWORD: Optional[str] = Field(
+    ORACLE_PASSWORD: str | None = Field(
        description="Password for authenticating with the Oracle database",
        default=None,
    )
-    ORACLE_DSN: Optional[str] = Field(
+    ORACLE_DSN: str | None = Field(
        description="Oracle database connection string. For traditional database, use format 'host:port/service_name'. "
        "For autonomous database, use the service name from tnsnames.ora in the wallet",
        default=None,
    )
-    ORACLE_CONFIG_DIR: Optional[str] = Field(
+    ORACLE_CONFIG_DIR: str | None = Field(
        description="Directory containing the tnsnames.ora configuration file. Only used in thin mode connection",
        default=None,
    )
-    ORACLE_WALLET_LOCATION: Optional[str] = Field(
+    ORACLE_WALLET_LOCATION: str | None = Field(
        description="Oracle wallet directory path containing the wallet files for secure connection",
        default=None,
    )
-    ORACLE_WALLET_PASSWORD: Optional[str] = Field(
+    ORACLE_WALLET_PASSWORD: str | None = Field(
        description="Password to decrypt the Oracle wallet, if it is encrypted",
        default=None,
    )
--- a/api/configs/middleware/vdb/pgvector_config.py
+++ b/api/configs/middleware/vdb/pgvector_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class PGVectorConfig(BaseSettings):
    Configuration settings for PGVector (PostgreSQL with vector extension)
    """
-    PGVECTOR_HOST: Optional[str] = Field(
+    PGVECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the PostgreSQL server with PGVector extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class PGVectorConfig(BaseSettings):
        default=5433,
    )
-    PGVECTOR_USER: Optional[str] = Field(
+    PGVECTOR_USER: str | None = Field(
        description="Username for authenticating with the PostgreSQL database",
        default=None,
    )
-    PGVECTOR_PASSWORD: Optional[str] = Field(
+    PGVECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the PostgreSQL database",
        default=None,
    )
-    PGVECTOR_DATABASE: Optional[str] = Field(
+    PGVECTOR_DATABASE: str | None = Field(
        description="Name of the PostgreSQL database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/pgvectors_config.py
+++ b/api/configs/middleware/vdb/pgvectors_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class PGVectoRSConfig(BaseSettings):
    Configuration settings for PGVecto.RS (Rust-based vector extension for PostgreSQL)
    """
-    PGVECTO_RS_HOST: Optional[str] = Field(
+    PGVECTO_RS_HOST: str | None = Field(
        description="Hostname or IP address of the PostgreSQL server with PGVecto.RS extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class PGVectoRSConfig(BaseSettings):
        default=5431,
    )
-    PGVECTO_RS_USER: Optional[str] = Field(
+    PGVECTO_RS_USER: str | None = Field(
        description="Username for authenticating with the PostgreSQL database using PGVecto.RS",
        default=None,
    )
-    PGVECTO_RS_PASSWORD: Optional[str] = Field(
+    PGVECTO_RS_PASSWORD: str | None = Field(
        description="Password for authenticating with the PostgreSQL database using PGVecto.RS",
        default=None,
    )
-    PGVECTO_RS_DATABASE: Optional[str] = Field(
+    PGVECTO_RS_DATABASE: str | None = Field(
        description="Name of the PostgreSQL database with PGVecto.RS extension to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/qdrant_config.py
+++ b/api/configs/middleware/vdb/qdrant_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class QdrantConfig(BaseSettings):
    Configuration settings for Qdrant vector database
    """
-    QDRANT_URL: Optional[str] = Field(
+    QDRANT_URL: str | None = Field(
        description="URL of the Qdrant server (e.g., 'http://localhost:6333' or 'https://qdrant.example.com')",
        default=None,
    )
-    QDRANT_API_KEY: Optional[str] = Field(
+    QDRANT_API_KEY: str | None = Field(
        description="API key for authenticating with the Qdrant server",
        default=None,
    )
--- a/api/configs/middleware/vdb/relyt_config.py
+++ b/api/configs/middleware/vdb/relyt_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class RelytConfig(BaseSettings):
    Configuration settings for Relyt database
    """
-    RELYT_HOST: Optional[str] = Field(
+    RELYT_HOST: str | None = Field(
        description="Hostname or IP address of the Relyt server (e.g., 'localhost' or 'relyt.example.com')",
        default=None,
    )
@ -19,17 +17,17 @@ class RelytConfig(BaseSettings):
        default=9200,
    )
-    RELYT_USER: Optional[str] = Field(
+    RELYT_USER: str | None = Field(
        description="Username for authenticating with the Relyt database",
        default=None,
    )
-    RELYT_PASSWORD: Optional[str] = Field(
+    RELYT_PASSWORD: str | None = Field(
        description="Password for authenticating with the Relyt database",
        default=None,
    )
-    RELYT_DATABASE: Optional[str] = Field(
+    RELYT_DATABASE: str | None = Field(
        description="Name of the Relyt database to connect to (default is 'default')",
        default="default",
    )
--- a/api/configs/middleware/vdb/tablestore_config.py
+++ b/api/configs/middleware/vdb/tablestore_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,22 +7,22 @@ class TableStoreConfig(BaseSettings):
    Configuration settings for TableStore.
    """
-    TABLESTORE_ENDPOINT: Optional[str] = Field(
+    TABLESTORE_ENDPOINT: str | None = Field(
        description="Endpoint address of the TableStore server (e.g. 'https://instance-name.cn-hangzhou.ots.aliyuncs.com')",
        default=None,
    )
-    TABLESTORE_INSTANCE_NAME: Optional[str] = Field(
+    TABLESTORE_INSTANCE_NAME: str | None = Field(
        description="Instance name to access TableStore server (eg. 'instance-name')",
        default=None,
    )
-    TABLESTORE_ACCESS_KEY_ID: Optional[str] = Field(
+    TABLESTORE_ACCESS_KEY_ID: str | None = Field(
        description="AccessKey id for the instance name",
        default=None,
    )
-    TABLESTORE_ACCESS_KEY_SECRET: Optional[str] = Field(
+    TABLESTORE_ACCESS_KEY_SECRET: str | None = Field(
        description="AccessKey secret for the instance name",
        default=None,
    )
--- a/api/configs/middleware/vdb/tencent_vector_config.py
+++ b/api/configs/middleware/vdb/tencent_vector_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class TencentVectorDBConfig(BaseSettings):
    Configuration settings for Tencent Vector Database
    """
-    TENCENT_VECTOR_DB_URL: Optional[str] = Field(
+    TENCENT_VECTOR_DB_URL: str | None = Field(
        description="URL of the Tencent Vector Database service (e.g., 'https://vectordb.tencentcloudapi.com')",
        default=None,
    )
-    TENCENT_VECTOR_DB_API_KEY: Optional[str] = Field(
+    TENCENT_VECTOR_DB_API_KEY: str | None = Field(
        description="API key for authenticating with the Tencent Vector Database service",
        default=None,
    )
@ -24,12 +22,12 @@ class TencentVectorDBConfig(BaseSettings):
        default=30,
    )
-    TENCENT_VECTOR_DB_USERNAME: Optional[str] = Field(
+    TENCENT_VECTOR_DB_USERNAME: str | None = Field(
        description="Username for authenticating with the Tencent Vector Database (if required)",
        default=None,
    )
-    TENCENT_VECTOR_DB_PASSWORD: Optional[str] = Field(
+    TENCENT_VECTOR_DB_PASSWORD: str | None = Field(
        description="Password for authenticating with the Tencent Vector Database (if required)",
        default=None,
    )
@ -44,7 +42,7 @@ class TencentVectorDBConfig(BaseSettings):
        default=2,
    )
-    TENCENT_VECTOR_DB_DATABASE: Optional[str] = Field(
+    TENCENT_VECTOR_DB_DATABASE: str | None = Field(
        description="Name of the specific Tencent Vector Database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/tidb_on_qdrant_config.py
+++ b/api/configs/middleware/vdb/tidb_on_qdrant_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class TidbOnQdrantConfig(BaseSettings):
    Tidb on Qdrant configs
    """
-    TIDB_ON_QDRANT_URL: Optional[str] = Field(
+    TIDB_ON_QDRANT_URL: str | None = Field(
        description="Tidb on Qdrant url",
        default=None,
    )
-    TIDB_ON_QDRANT_API_KEY: Optional[str] = Field(
+    TIDB_ON_QDRANT_API_KEY: str | None = Field(
        description="Tidb on Qdrant api key",
        default=None,
    )
@ -34,37 +32,37 @@ class TidbOnQdrantConfig(BaseSettings):
        default=6334,
    )
-    TIDB_PUBLIC_KEY: Optional[str] = Field(
+    TIDB_PUBLIC_KEY: str | None = Field(
        description="Tidb account public key",
        default=None,
    )
-    TIDB_PRIVATE_KEY: Optional[str] = Field(
+    TIDB_PRIVATE_KEY: str | None = Field(
        description="Tidb account private key",
        default=None,
    )
-    TIDB_API_URL: Optional[str] = Field(
+    TIDB_API_URL: str | None = Field(
        description="Tidb API url",
        default=None,
    )
-    TIDB_IAM_API_URL: Optional[str] = Field(
+    TIDB_IAM_API_URL: str | None = Field(
        description="Tidb IAM API url",
        default=None,
    )
-    TIDB_REGION: Optional[str] = Field(
+    TIDB_REGION: str | None = Field(
        description="Tidb serverless region",
        default="regions/aws-us-east-1",
    )
-    TIDB_PROJECT_ID: Optional[str] = Field(
+    TIDB_PROJECT_ID: str | None = Field(
        description="Tidb project id",
        default=None,
    )
-    TIDB_SPEND_LIMIT: Optional[int] = Field(
+    TIDB_SPEND_LIMIT: int | None = Field(
        description="Tidb spend limit",
        default=100,
    )
--- a/api/configs/middleware/vdb/tidb_vector_config.py
+++ b/api/configs/middleware/vdb/tidb_vector_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,27 +7,27 @@ class TiDBVectorConfig(BaseSettings):
    Configuration settings for TiDB Vector database
    """
-    TIDB_VECTOR_HOST: Optional[str] = Field(
+    TIDB_VECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the TiDB Vector server (e.g., 'localhost' or 'tidb.example.com')",
        default=None,
    )
-    TIDB_VECTOR_PORT: Optional[PositiveInt] = Field(
+    TIDB_VECTOR_PORT: PositiveInt | None = Field(
        description="Port number on which the TiDB Vector server is listening (default is 4000)",
        default=4000,
    )
-    TIDB_VECTOR_USER: Optional[str] = Field(
+    TIDB_VECTOR_USER: str | None = Field(
        description="Username for authenticating with the TiDB Vector database",
        default=None,
    )
-    TIDB_VECTOR_PASSWORD: Optional[str] = Field(
+    TIDB_VECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the TiDB Vector database",
        default=None,
    )
-    TIDB_VECTOR_DATABASE: Optional[str] = Field(
+    TIDB_VECTOR_DATABASE: str | None = Field(
        description="Name of the TiDB Vector database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/upstash_config.py
+++ b/api/configs/middleware/vdb/upstash_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class UpstashConfig(BaseSettings):
    Configuration settings for Upstash vector database
    """
-    UPSTASH_VECTOR_URL: Optional[str] = Field(
+    UPSTASH_VECTOR_URL: str | None = Field(
        description="URL of the upstash server (e.g., 'https://vector.upstash.io')",
        default=None,
    )
-    UPSTASH_VECTOR_TOKEN: Optional[str] = Field(
+    UPSTASH_VECTOR_TOKEN: str | None = Field(
        description="Token for authenticating with the upstash server",
        default=None,
    )
--- a/api/configs/middleware/vdb/vastbase_vector_config.py
+++ b/api/configs/middleware/vdb/vastbase_vector_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,7 +7,7 @@ class VastbaseVectorConfig(BaseSettings):
    Configuration settings for Vector (Vastbase with vector extension)
    """
-    VASTBASE_HOST: Optional[str] = Field(
+    VASTBASE_HOST: str | None = Field(
        description="Hostname or IP address of the Vastbase server with Vector extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class VastbaseVectorConfig(BaseSettings):
        default=5432,
    )
-    VASTBASE_USER: Optional[str] = Field(
+    VASTBASE_USER: str | None = Field(
        description="Username for authenticating with the Vastbase database",
        default=None,
    )
-    VASTBASE_PASSWORD: Optional[str] = Field(
+    VASTBASE_PASSWORD: str | None = Field(
        description="Password for authenticating with the Vastbase database",
        default=None,
    )
-    VASTBASE_DATABASE: Optional[str] = Field(
+    VASTBASE_DATABASE: str | None = Field(
        description="Name of the Vastbase database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/vikingdb_config.py
+++ b/api/configs/middleware/vdb/vikingdb_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -11,14 +9,14 @@ class VikingDBConfig(BaseSettings):
    https://www.volcengine.com/docs/6291/65568
    """
-    VIKINGDB_ACCESS_KEY: Optional[str] = Field(
+    VIKINGDB_ACCESS_KEY: str | None = Field(
        description="The Access Key provided by Volcengine VikingDB for API authentication."
        "Refer to the following documentation for details on obtaining credentials:"
        "https://www.volcengine.com/docs/6291/65568",
        default=None,
    )
-    VIKINGDB_SECRET_KEY: Optional[str] = Field(
+    VIKINGDB_SECRET_KEY: str | None = Field(
        description="The Secret Key provided by Volcengine VikingDB for API authentication.",
        default=None,
    )
--- a/api/configs/middleware/vdb/weaviate_config.py
+++ b/api/configs/middleware/vdb/weaviate_config.py
@ -1,5 +1,3 @@
 from typing import Optional
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -9,12 +7,12 @@ class WeaviateConfig(BaseSettings):
    Configuration settings for Weaviate vector database
    """
-    WEAVIATE_ENDPOINT: Optional[str] = Field(
+    WEAVIATE_ENDPOINT: str | None = Field(
        description="URL of the Weaviate server (e.g., 'http://localhost:8080' or 'https://weaviate.example.com')",
        default=None,
    )
-    WEAVIATE_API_KEY: Optional[str] = Field(
+    WEAVIATE_API_KEY: str | None = Field(
        description="API key for authenticating with the Weaviate server",
        default=None,
    )
--- a/api/configs/remote_settings_sources/apollo/init.py
+++ b/api/configs/remote_settings_sources/apollo/init.py
@ -1,5 +1,5 @@
 from collections.abc import Mapping
-from typing import Any, Optional
+from typing import Any
 from pydantic import Field
 from pydantic.fields import FieldInfo
@ -15,22 +15,22 @@ class ApolloSettingsSourceInfo(BaseSettings):
    Packaging build information
    """
-    APOLLO_APP_ID: Optional[str] = Field(
+    APOLLO_APP_ID: str | None = Field(
        description="apollo app_id",
        default=None,
    )
-    APOLLO_CLUSTER: Optional[str] = Field(
+    APOLLO_CLUSTER: str | None = Field(
        description="apollo cluster",
        default=None,
    )
-    APOLLO_CONFIG_URL: Optional[str] = Field(
+    APOLLO_CONFIG_URL: str | None = Field(
        description="apollo config url",
        default=None,
    )
-    APOLLO_NAMESPACE: Optional[str] = Field(
+    APOLLO_NAMESPACE: str | None = Field(
        description="apollo namespace",
        default=None,
    )
--- a/api/constants/model_template.py
+++ b/api/constants/model_template.py
@ -7,7 +7,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # workflow default mode
    AppMode.WORKFLOW: {
        "app": {
-            "mode": AppMode.WORKFLOW.value,
+            "mode": AppMode.WORKFLOW,
            "enable_site": True,
            "enable_api": True,
        }
@ -15,7 +15,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # completion default mode
    AppMode.COMPLETION: {
        "app": {
-            "mode": AppMode.COMPLETION.value,
+            "mode": AppMode.COMPLETION,
            "enable_site": True,
            "enable_api": True,
        },
@ -44,7 +44,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # chat default mode
    AppMode.CHAT: {
        "app": {
-            "mode": AppMode.CHAT.value,
+            "mode": AppMode.CHAT,
            "enable_site": True,
            "enable_api": True,
        },
@ -60,7 +60,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # advanced-chat default mode
    AppMode.ADVANCED_CHAT: {
        "app": {
-            "mode": AppMode.ADVANCED_CHAT.value,
+            "mode": AppMode.ADVANCED_CHAT,
            "enable_site": True,
            "enable_api": True,
        },
@ -68,7 +68,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # agent-chat default mode
    AppMode.AGENT_CHAT: {
        "app": {
-            "mode": AppMode.AGENT_CHAT.value,
+            "mode": AppMode.AGENT_CHAT,
            "enable_site": True,
            "enable_api": True,
        },
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@ -54,89 +54,90 @@ api.add_resource(AppImportCheckDependenciesApi, "/apps/imports/<string:app_id>/c
 # Import other controllers
 from . import (
-    admin,  # pyright: ignore[reportUnusedImport]
+    admin,
-    apikey,  # pyright: ignore[reportUnusedImport]
+    apikey,
-    extension,  # pyright: ignore[reportUnusedImport]
+    extension,
-    feature,  # pyright: ignore[reportUnusedImport]
+    feature,
-    init_validate,  # pyright: ignore[reportUnusedImport]
+    init_validate,
-    ping,  # pyright: ignore[reportUnusedImport]
+    ping,
-    setup,  # pyright: ignore[reportUnusedImport]
+    setup,
-    version,  # pyright: ignore[reportUnusedImport]
+    version,
 )
 # Import app controllers
 from .app import (
-    advanced_prompt_template,  # pyright: ignore[reportUnusedImport]
+    advanced_prompt_template,
-    agent,  # pyright: ignore[reportUnusedImport]
+    agent,
-    annotation,  # pyright: ignore[reportUnusedImport]
+    annotation,
-    app,  # pyright: ignore[reportUnusedImport]
+    app,
-    audio,  # pyright: ignore[reportUnusedImport]
+    audio,
-    completion,  # pyright: ignore[reportUnusedImport]
+    completion,
-    conversation,  # pyright: ignore[reportUnusedImport]
+    conversation,
-    conversation_variables,  # pyright: ignore[reportUnusedImport]
+    conversation_variables,
-    generator,  # pyright: ignore[reportUnusedImport]
+    generator,
-    mcp_server,  # pyright: ignore[reportUnusedImport]
+    mcp_server,
-    message,  # pyright: ignore[reportUnusedImport]
+    message,
-    model_config,  # pyright: ignore[reportUnusedImport]
+    model_config,
-    ops_trace,  # pyright: ignore[reportUnusedImport]
+    ops_trace,
-    site,  # pyright: ignore[reportUnusedImport]
+    site,
-    statistic,  # pyright: ignore[reportUnusedImport]
+    statistic,
-    workflow,  # pyright: ignore[reportUnusedImport]
+    workflow,
-    workflow_app_log,  # pyright: ignore[reportUnusedImport]
+    workflow_app_log,
-    workflow_draft_variable,  # pyright: ignore[reportUnusedImport]
+    workflow_draft_variable,
-    workflow_run,  # pyright: ignore[reportUnusedImport]
+    workflow_run,
-    workflow_statistic,  # pyright: ignore[reportUnusedImport]
+    workflow_statistic,
 )
 # Import auth controllers
 from .auth import (
-    activate,  # pyright: ignore[reportUnusedImport]
+    activate,
-    data_source_bearer_auth,  # pyright: ignore[reportUnusedImport]
+    data_source_bearer_auth,
-    data_source_oauth,  # pyright: ignore[reportUnusedImport]
+    data_source_oauth,
-    forgot_password,  # pyright: ignore[reportUnusedImport]
+    email_register,
-    login,  # pyright: ignore[reportUnusedImport]
+    forgot_password,
-    oauth,  # pyright: ignore[reportUnusedImport]
+    login,
-    oauth_server,  # pyright: ignore[reportUnusedImport]
+    oauth,
    oauth_server,
 )
 # Import billing controllers
-from .billing import billing, compliance  # pyright: ignore[reportUnusedImport]
+from .billing import billing, compliance
 # Import datasets controllers
 from .datasets import (
-    data_source,  # pyright: ignore[reportUnusedImport]
+    data_source,
-    datasets,  # pyright: ignore[reportUnusedImport]
+    datasets,
-    datasets_document,  # pyright: ignore[reportUnusedImport]
+    datasets_document,
-    datasets_segments,  # pyright: ignore[reportUnusedImport]
+    datasets_segments,
-    external,  # pyright: ignore[reportUnusedImport]
+    external,
-    hit_testing,  # pyright: ignore[reportUnusedImport]
+    hit_testing,
-    metadata,  # pyright: ignore[reportUnusedImport]
+    metadata,
-    website,  # pyright: ignore[reportUnusedImport]
+    website,
 )
 # Import explore controllers
 from .explore import (
-    installed_app,  # pyright: ignore[reportUnusedImport]
+    installed_app,
-    parameter,  # pyright: ignore[reportUnusedImport]
+    parameter,
-    recommended_app,  # pyright: ignore[reportUnusedImport]
+    recommended_app,
-    saved_message,  # pyright: ignore[reportUnusedImport]
+    saved_message,
 )
 # Import tag controllers
-from .tag import tags  # pyright: ignore[reportUnusedImport]
+from .tag import tags
 # Import workspace controllers
 from .workspace import (
-    account,  # pyright: ignore[reportUnusedImport]
+    account,
-    agent_providers,  # pyright: ignore[reportUnusedImport]
+    agent_providers,
-    endpoint,  # pyright: ignore[reportUnusedImport]
+    endpoint,
-    load_balancing_config,  # pyright: ignore[reportUnusedImport]
+    load_balancing_config,
-    members,  # pyright: ignore[reportUnusedImport]
+    members,
-    model_providers,  # pyright: ignore[reportUnusedImport]
+    model_providers,
-    models,  # pyright: ignore[reportUnusedImport]
+    models,
-    plugin,  # pyright: ignore[reportUnusedImport]
+    plugin,
-    tool_providers,  # pyright: ignore[reportUnusedImport]
+    tool_providers,
-    workspace,  # pyright: ignore[reportUnusedImport]
+    workspace,
 )
 # Explore Audio
@ -211,3 +212,70 @@ api.add_resource(
 )
 api.add_namespace(console_ns)
 __all__ = [
    "account",
    "activate",
    "admin",
    "advanced_prompt_template",
    "agent",
    "agent_providers",
    "annotation",
    "api",
    "apikey",
    "app",
    "audio",
    "billing",
    "bp",
    "completion",
    "compliance",
    "console_ns",
    "conversation",
    "conversation_variables",
    "data_source",
    "data_source_bearer_auth",
    "data_source_oauth",
    "datasets",
    "datasets_document",
    "datasets_segments",
    "email_register",
    "endpoint",
    "extension",
    "external",
    "feature",
    "forgot_password",
    "generator",
    "hit_testing",
    "init_validate",
    "installed_app",
    "load_balancing_config",
    "login",
    "mcp_server",
    "members",
    "message",
    "metadata",
    "model_config",
    "model_providers",
    "models",
    "oauth",
    "oauth_server",
    "ops_trace",
    "parameter",
    "ping",
    "plugin",
    "recommended_app",
    "saved_message",
    "setup",
    "site",
    "statistic",
    "tags",
    "tool_providers",
    "version",
    "website",
    "workflow",
    "workflow_app_log",
    "workflow_draft_variable",
    "workflow_run",
    "workflow_statistic",
    "workspace",
 ]
--- a/api/controllers/console/apikey.py
+++ b/api/controllers/console/apikey.py
@ -1,5 +1,3 @@
 from typing import Optional
 import flask_restx
 from flask_login import current_user
 from flask_restx import Resource, fields, marshal_with
@ -50,7 +48,7 @@ class BaseApiKeyListResource(Resource):
    method_decorators = [account_initialization_required, login_required, setup_required]
    resource_type: str | None = None
-    resource_model: Optional[type] = None
+    resource_model: type | None = None
    resource_id_field: str | None = None
    token_prefix: str | None = None
    max_keys = 10
@ -103,7 +101,7 @@ class BaseApiKeyResource(Resource):
    method_decorators = [account_initialization_required, login_required, setup_required]
    resource_type: str | None = None
-    resource_model: Optional[type] = None
+    resource_model: type | None = None
    resource_id_field: str | None = None
    def delete(self, resource_id, api_key_id):
--- a/api/controllers/console/app/advanced_prompt_template.py
+++ b/api/controllers/console/app/advanced_prompt_template.py
@ -1,12 +1,26 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.login import login_required
 from services.advanced_prompt_template_service import AdvancedPromptTemplateService
@console_ns.route("/app/prompt-templates")
 class AdvancedPromptTemplateList(Resource):
    @api.doc("get_advanced_prompt_templates")
    @api.doc(description="Get advanced prompt templates based on app mode and model configuration")
    @api.expect(
        api.parser()
        .add_argument("app_mode", type=str, required=True, location="args", help="Application mode")
        .add_argument("model_mode", type=str, required=True, location="args", help="Model mode")
        .add_argument("has_context", type=str, default="true", location="args", help="Whether has context")
        .add_argument("model_name", type=str, required=True, location="args", help="Model name")
    )
    @api.response(
        200, "Prompt templates retrieved successfully", fields.List(fields.Raw(description="Prompt template data"))
    )
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -19,6 +33,3 @@ class AdvancedPromptTemplateList(Resource):
        args = parser.parse_args()
        return AdvancedPromptTemplateService.get_prompt(args)
 api.add_resource(AdvancedPromptTemplateList, "/app/prompt-templates")
--- a/api/controllers/console/app/agent.py
+++ b/api/controllers/console/app/agent.py
@ -1,6 +1,6 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.helper import uuid_value
@ -9,7 +9,18 @@ from models.model import AppMode
 from services.agent_service import AgentService
@console_ns.route("/apps/<uuid:app_id>/agent/logs")
 class AgentLogApi(Resource):
    @api.doc("get_agent_logs")
    @api.doc(description="Get agent execution logs for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("message_id", type=str, required=True, location="args", help="Message UUID")
        .add_argument("conversation_id", type=str, required=True, location="args", help="Conversation UUID")
    )
    @api.response(200, "Agent logs retrieved successfully", fields.List(fields.Raw(description="Agent log entries")))
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -23,6 +34,3 @@ class AgentLogApi(Resource):
        args = parser.parse_args()
        return AgentService.get_agent_logs(app_model, args["conversation_id"], args["message_id"])
 api.add_resource(AgentLogApi, "/apps/<uuid:app_id>/agent/logs")
--- a/api/controllers/console/app/annotation.py
+++ b/api/controllers/console/app/annotation.py
@ -2,11 +2,11 @@ from typing import Literal
 from flask import request
 from flask_login import current_user
-from flask_restx import Resource, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden
 from controllers.common.errors import NoFileUploadedError, TooManyFilesError
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.wraps import (
    account_initialization_required,
    cloud_edition_billing_resource_check,
@ -21,7 +21,23 @@ from libs.login import login_required
 from services.annotation_service import AppAnnotationService
@console_ns.route("/apps/<uuid:app_id>/annotation-reply/<string:action>")
 class AnnotationReplyActionApi(Resource):
    @api.doc("annotation_reply_action")
    @api.doc(description="Enable or disable annotation reply for an app")
    @api.doc(params={"app_id": "Application ID", "action": "Action to perform (enable/disable)"})
    @api.expect(
        api.model(
            "AnnotationReplyActionRequest",
            {
                "score_threshold": fields.Float(required=True, description="Score threshold for annotation matching"),
                "embedding_provider_name": fields.String(required=True, description="Embedding provider name"),
                "embedding_model_name": fields.String(required=True, description="Embedding model name"),
            },
        )
    )
    @api.response(200, "Action completed successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -43,7 +59,13 @@ class AnnotationReplyActionApi(Resource):
        return result, 200
@console_ns.route("/apps/<uuid:app_id>/annotation-setting")
 class AppAnnotationSettingDetailApi(Resource):
    @api.doc("get_annotation_setting")
    @api.doc(description="Get annotation settings for an app")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Annotation settings retrieved successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -56,7 +78,23 @@ class AppAnnotationSettingDetailApi(Resource):
        return result, 200
@console_ns.route("/apps/<uuid:app_id>/annotation-settings/<uuid:annotation_setting_id>")
 class AppAnnotationSettingUpdateApi(Resource):
    @api.doc("update_annotation_setting")
    @api.doc(description="Update annotation settings for an app")
    @api.doc(params={"app_id": "Application ID", "annotation_setting_id": "Annotation setting ID"})
    @api.expect(
        api.model(
            "AnnotationSettingUpdateRequest",
            {
                "score_threshold": fields.Float(required=True, description="Score threshold"),
                "embedding_provider_name": fields.String(required=True, description="Embedding provider"),
                "embedding_model_name": fields.String(required=True, description="Embedding model"),
            },
        )
    )
    @api.response(200, "Settings updated successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -75,7 +113,13 @@ class AppAnnotationSettingUpdateApi(Resource):
        return result, 200
@console_ns.route("/apps/<uuid:app_id>/annotation-reply/<string:action>/status/<uuid:job_id>")
 class AnnotationReplyActionStatusApi(Resource):
    @api.doc("get_annotation_reply_action_status")
    @api.doc(description="Get status of annotation reply action job")
    @api.doc(params={"app_id": "Application ID", "job_id": "Job ID", "action": "Action type"})
    @api.response(200, "Job status retrieved successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -99,7 +143,19 @@ class AnnotationReplyActionStatusApi(Resource):
        return {"job_id": job_id, "job_status": job_status, "error_msg": error_msg}, 200
@console_ns.route("/apps/<uuid:app_id>/annotations")
 class AnnotationApi(Resource):
    @api.doc("list_annotations")
    @api.doc(description="Get annotations for an app with pagination")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("page", type=int, location="args", default=1, help="Page number")
        .add_argument("limit", type=int, location="args", default=20, help="Page size")
        .add_argument("keyword", type=str, location="args", default="", help="Search keyword")
    )
    @api.response(200, "Annotations retrieved successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -122,6 +178,21 @@ class AnnotationApi(Resource):
        }
        return response, 200
    @api.doc("create_annotation")
    @api.doc(description="Create a new annotation for an app")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "CreateAnnotationRequest",
            {
                "question": fields.String(required=True, description="Question text"),
                "answer": fields.String(required=True, description="Answer text"),
                "annotation_reply": fields.Raw(description="Annotation reply data"),
            },
        )
    )
    @api.response(201, "Annotation created successfully", annotation_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -168,7 +239,13 @@ class AnnotationApi(Resource):
            return {"result": "success"}, 204
@console_ns.route("/apps/<uuid:app_id>/annotations/export")
 class AnnotationExportApi(Resource):
    @api.doc("export_annotations")
    @api.doc(description="Export all annotations for an app")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Annotations exported successfully", fields.List(fields.Nested(annotation_fields)))
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -182,7 +259,14 @@ class AnnotationExportApi(Resource):
        return response, 200
@console_ns.route("/apps/<uuid:app_id>/annotations/<uuid:annotation_id>")
 class AnnotationUpdateDeleteApi(Resource):
    @api.doc("update_delete_annotation")
    @api.doc(description="Update or delete an annotation")
    @api.doc(params={"app_id": "Application ID", "annotation_id": "Annotation ID"})
    @api.response(200, "Annotation updated successfully", annotation_fields)
    @api.response(204, "Annotation deleted successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -214,7 +298,14 @@ class AnnotationUpdateDeleteApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/apps/<uuid:app_id>/annotations/batch-import")
 class AnnotationBatchImportApi(Resource):
    @api.doc("batch_import_annotations")
    @api.doc(description="Batch import annotations from CSV file")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Batch import started successfully")
    @api.response(403, "Insufficient permissions")
    @api.response(400, "No file uploaded or too many files")
    @setup_required
    @login_required
    @account_initialization_required
@ -239,7 +330,13 @@ class AnnotationBatchImportApi(Resource):
        return AppAnnotationService.batch_import_app_annotations(app_id, file)
@console_ns.route("/apps/<uuid:app_id>/annotations/batch-import-status/<uuid:job_id>")
 class AnnotationBatchImportStatusApi(Resource):
    @api.doc("get_batch_import_status")
    @api.doc(description="Get status of batch import job")
    @api.doc(params={"app_id": "Application ID", "job_id": "Job ID"})
    @api.response(200, "Job status retrieved successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -262,7 +359,20 @@ class AnnotationBatchImportStatusApi(Resource):
        return {"job_id": job_id, "job_status": job_status, "error_msg": error_msg}, 200
@console_ns.route("/apps/<uuid:app_id>/annotations/<uuid:annotation_id>/hit-histories")
 class AnnotationHitHistoryListApi(Resource):
    @api.doc("list_annotation_hit_histories")
    @api.doc(description="Get hit histories for an annotation")
    @api.doc(params={"app_id": "Application ID", "annotation_id": "Annotation ID"})
    @api.expect(
        api.parser()
        .add_argument("page", type=int, location="args", default=1, help="Page number")
        .add_argument("limit", type=int, location="args", default=20, help="Page size")
    )
    @api.response(
        200, "Hit histories retrieved successfully", fields.List(fields.Nested(annotation_hit_history_fields))
    )
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -285,17 +395,3 @@ class AnnotationHitHistoryListApi(Resource):
            "page": page,
        }
        return response
 api.add_resource(AnnotationReplyActionApi, "/apps/<uuid:app_id>/annotation-reply/<string:action>")
 api.add_resource(
    AnnotationReplyActionStatusApi, "/apps/<uuid:app_id>/annotation-reply/<string:action>/status/<uuid:job_id>"
 )
 api.add_resource(AnnotationApi, "/apps/<uuid:app_id>/annotations")
 api.add_resource(AnnotationExportApi, "/apps/<uuid:app_id>/annotations/export")
 api.add_resource(AnnotationUpdateDeleteApi, "/apps/<uuid:app_id>/annotations/<uuid:annotation_id>")
 api.add_resource(AnnotationBatchImportApi, "/apps/<uuid:app_id>/annotations/batch-import")
 api.add_resource(AnnotationBatchImportStatusApi, "/apps/<uuid:app_id>/annotations/batch-import-status/<uuid:job_id>")
 api.add_resource(AnnotationHitHistoryListApi, "/apps/<uuid:app_id>/annotations/<uuid:annotation_id>/hit-histories")
 api.add_resource(AppAnnotationSettingDetailApi, "/apps/<uuid:app_id>/annotation-setting")
 api.add_resource(AppAnnotationSettingUpdateApi, "/apps/<uuid:app_id>/annotation-settings/<uuid:annotation_setting_id>")
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@ -2,12 +2,12 @@ import uuid
 from typing import cast
 from flask_login import current_user
-from flask_restx import Resource, inputs, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, inputs, marshal, marshal_with, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, Forbidden, abort
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
    account_initialization_required,
@ -34,7 +34,27 @@ def _validate_description_length(description):
    return description
@console_ns.route("/apps")
 class AppListApi(Resource):
    @api.doc("list_apps")
    @api.doc(description="Get list of applications with pagination and filtering")
    @api.expect(
        api.parser()
        .add_argument("page", type=int, location="args", help="Page number (1-99999)", default=1)
        .add_argument("limit", type=int, location="args", help="Page size (1-100)", default=20)
        .add_argument(
            "mode",
            type=str,
            location="args",
            choices=["completion", "chat", "advanced-chat", "workflow", "agent-chat", "channel", "all"],
            default="all",
            help="App mode filter",
        )
        .add_argument("name", type=str, location="args", help="Filter by app name")
        .add_argument("tag_ids", type=str, location="args", help="Comma-separated tag IDs")
        .add_argument("is_created_by_me", type=bool, location="args", help="Filter by creator")
    )
    @api.response(200, "Success", app_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -91,6 +111,24 @@ class AppListApi(Resource):
        return marshal(app_pagination, app_pagination_fields), 200
    @api.doc("create_app")
    @api.doc(description="Create a new application")
    @api.expect(
        api.model(
            "CreateAppRequest",
            {
                "name": fields.String(required=True, description="App name"),
                "description": fields.String(description="App description (max 400 chars)"),
                "mode": fields.String(required=True, enum=ALLOW_CREATE_APP_MODES, description="App mode"),
                "icon_type": fields.String(description="Icon type"),
                "icon": fields.String(description="Icon"),
                "icon_background": fields.String(description="Icon background color"),
            },
        )
    )
    @api.response(201, "App created successfully", app_detail_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -124,7 +162,12 @@ class AppListApi(Resource):
        return app, 201
@console_ns.route("/apps/<uuid:app_id>")
 class AppApi(Resource):
    @api.doc("get_app_detail")
    @api.doc(description="Get application details")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Success", app_detail_fields_with_site)
    @setup_required
    @login_required
    @account_initialization_required
@ -143,6 +186,26 @@ class AppApi(Resource):
        return app_model
    @api.doc("update_app")
    @api.doc(description="Update application details")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "UpdateAppRequest",
            {
                "name": fields.String(required=True, description="App name"),
                "description": fields.String(description="App description (max 400 chars)"),
                "icon_type": fields.String(description="Icon type"),
                "icon": fields.String(description="Icon"),
                "icon_background": fields.String(description="Icon background color"),
                "use_icon_as_answer_icon": fields.Boolean(description="Use icon as answer icon"),
                "max_active_requests": fields.Integer(description="Maximum active requests"),
            },
        )
    )
    @api.response(200, "App updated successfully", app_detail_fields_with_site)
    @api.response(403, "Insufficient permissions")
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -181,6 +244,11 @@ class AppApi(Resource):
        return app_model
    @api.doc("delete_app")
    @api.doc(description="Delete application")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(204, "App deleted successfully")
    @api.response(403, "Insufficient permissions")
    @get_app_model
    @setup_required
    @login_required
@ -197,7 +265,25 @@ class AppApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/apps/<uuid:app_id>/copy")
 class AppCopyApi(Resource):
    @api.doc("copy_app")
    @api.doc(description="Create a copy of an existing application")
    @api.doc(params={"app_id": "Application ID to copy"})
    @api.expect(
        api.model(
            "CopyAppRequest",
            {
                "name": fields.String(description="Name for the copied app"),
                "description": fields.String(description="Description for the copied app"),
                "icon_type": fields.String(description="Icon type"),
                "icon": fields.String(description="Icon"),
                "icon_background": fields.String(description="Icon background color"),
            },
        )
    )
    @api.response(201, "App copied successfully", app_detail_fields_with_site)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -239,7 +325,22 @@ class AppCopyApi(Resource):
        return app, 201
@console_ns.route("/apps/<uuid:app_id>/export")
 class AppExportApi(Resource):
    @api.doc("export_app")
    @api.doc(description="Export application configuration as DSL")
    @api.doc(params={"app_id": "Application ID to export"})
    @api.expect(
        api.parser()
        .add_argument("include_secret", type=bool, location="args", default=False, help="Include secrets in export")
        .add_argument("workflow_id", type=str, location="args", help="Specific workflow ID to export")
    )
    @api.response(
        200,
        "App exported successfully",
        api.model("AppExportResponse", {"data": fields.String(description="DSL export data")}),
    )
    @api.response(403, "Insufficient permissions")
    @get_app_model
    @setup_required
    @login_required
@ -263,7 +364,13 @@ class AppExportApi(Resource):
        }
@console_ns.route("/apps/<uuid:app_id>/name")
 class AppNameApi(Resource):
    @api.doc("check_app_name")
    @api.doc(description="Check if app name is available")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(api.parser().add_argument("name", type=str, required=True, location="args", help="Name to check"))
    @api.response(200, "Name availability checked")
    @setup_required
    @login_required
    @account_initialization_required
@ -284,7 +391,23 @@ class AppNameApi(Resource):
        return app_model
@console_ns.route("/apps/<uuid:app_id>/icon")
 class AppIconApi(Resource):
    @api.doc("update_app_icon")
    @api.doc(description="Update application icon")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AppIconRequest",
            {
                "icon": fields.String(required=True, description="Icon data"),
                "icon_type": fields.String(description="Icon type"),
                "icon_background": fields.String(description="Icon background color"),
            },
        )
    )
    @api.response(200, "Icon updated successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -306,7 +429,18 @@ class AppIconApi(Resource):
        return app_model
@console_ns.route("/apps/<uuid:app_id>/site-enable")
 class AppSiteStatus(Resource):
    @api.doc("update_app_site_status")
    @api.doc(description="Enable or disable app site")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AppSiteStatusRequest", {"enable_site": fields.Boolean(required=True, description="Enable or disable site")}
        )
    )
    @api.response(200, "Site status updated successfully", app_detail_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -327,7 +461,18 @@ class AppSiteStatus(Resource):
        return app_model
@console_ns.route("/apps/<uuid:app_id>/api-enable")
 class AppApiStatus(Resource):
    @api.doc("update_app_api_status")
    @api.doc(description="Enable or disable app API")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AppApiStatusRequest", {"enable_api": fields.Boolean(required=True, description="Enable or disable API")}
        )
    )
    @api.response(200, "API status updated successfully", app_detail_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -348,7 +493,12 @@ class AppApiStatus(Resource):
        return app_model
@console_ns.route("/apps/<uuid:app_id>/trace")
 class AppTraceApi(Resource):
    @api.doc("get_app_trace")
    @api.doc(description="Get app tracing configuration")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Trace configuration retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -358,6 +508,20 @@ class AppTraceApi(Resource):
        return app_trace_config
    @api.doc("update_app_trace")
    @api.doc(description="Update app tracing configuration")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AppTraceRequest",
            {
                "enabled": fields.Boolean(required=True, description="Enable or disable tracing"),
                "tracing_provider": fields.String(required=True, description="Tracing provider"),
            },
        )
    )
    @api.response(200, "Trace configuration updated successfully")
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -377,14 +541,3 @@ class AppTraceApi(Resource):
        )
        return {"result": "success"}
 api.add_resource(AppListApi, "/apps")
 api.add_resource(AppApi, "/apps/<uuid:app_id>")
 api.add_resource(AppCopyApi, "/apps/<uuid:app_id>/copy")
 api.add_resource(AppExportApi, "/apps/<uuid:app_id>/export")
 api.add_resource(AppNameApi, "/apps/<uuid:app_id>/name")
 api.add_resource(AppIconApi, "/apps/<uuid:app_id>/icon")
 api.add_resource(AppSiteStatus, "/apps/<uuid:app_id>/site-enable")
 api.add_resource(AppApiStatus, "/apps/<uuid:app_id>/api-enable")
 api.add_resource(AppTraceApi, "/apps/<uuid:app_id>/trace")
--- a/api/controllers/console/app/audio.py
+++ b/api/controllers/console/app/audio.py
@ -1,11 +1,11 @@
 import logging
 from flask import request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
 from werkzeug.exceptions import InternalServerError
 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    AppUnavailableError,
    AudioTooLargeError,
@ -34,7 +34,18 @@ from services.errors.audio import (
 logger = logging.getLogger(__name__)
@console_ns.route("/apps/<uuid:app_id>/audio-to-text")
 class ChatMessageAudioApi(Resource):
    @api.doc("chat_message_audio_transcript")
    @api.doc(description="Transcript audio to text for chat messages")
    @api.doc(params={"app_id": "App ID"})
    @api.response(
        200,
        "Audio transcription successful",
        api.model("AudioTranscriptResponse", {"text": fields.String(description="Transcribed text from audio")}),
    )
    @api.response(400, "Bad request - No audio uploaded or unsupported type")
    @api.response(413, "Audio file too large")
    @setup_required
    @login_required
    @account_initialization_required
@ -76,7 +87,24 @@ class ChatMessageAudioApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/text-to-audio")
 class ChatMessageTextApi(Resource):
    @api.doc("chat_message_text_to_speech")
    @api.doc(description="Convert text to speech for chat messages")
    @api.doc(params={"app_id": "App ID"})
    @api.expect(
        api.model(
            "TextToSpeechRequest",
            {
                "message_id": fields.String(description="Message ID"),
                "text": fields.String(required=True, description="Text to convert to speech"),
                "voice": fields.String(description="Voice to use for TTS"),
                "streaming": fields.Boolean(description="Whether to stream the audio"),
            },
        )
    )
    @api.response(200, "Text to speech conversion successful")
    @api.response(400, "Bad request - Invalid parameters")
    @get_app_model
    @setup_required
    @login_required
@ -124,7 +152,14 @@ class ChatMessageTextApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/text-to-audio/voices")
 class TextModesApi(Resource):
    @api.doc("get_text_to_speech_voices")
    @api.doc(description="Get available TTS voices for a specific language")
    @api.doc(params={"app_id": "App ID"})
    @api.expect(api.parser().add_argument("language", type=str, required=True, location="args", help="Language code"))
    @api.response(200, "TTS voices retrieved successfully", fields.List(fields.Raw(description="Available voices")))
    @api.response(400, "Invalid language parameter")
    @get_app_model
    @setup_required
    @login_required
@ -164,8 +199,3 @@ class TextModesApi(Resource):
        except Exception as e:
            logger.exception("Failed to handle get request to TextModesApi")
            raise InternalServerError()
 api.add_resource(ChatMessageAudioApi, "/apps/<uuid:app_id>/audio-to-text")
 api.add_resource(ChatMessageTextApi, "/apps/<uuid:app_id>/text-to-audio")
 api.add_resource(TextModesApi, "/apps/<uuid:app_id>/text-to-audio/voices")
--- a/api/controllers/console/app/completion.py
+++ b/api/controllers/console/app/completion.py
@ -1,11 +1,11 @@
 import logging
 from flask import request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from werkzeug.exceptions import InternalServerError, NotFound
+from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    AppUnavailableError,
    CompletionRequestError,
@ -38,7 +38,27 @@ logger = logging.getLogger(__name__)
 # define completion message api for user
@console_ns.route("/apps/<uuid:app_id>/completion-messages")
 class CompletionMessageApi(Resource):
    @api.doc("create_completion_message")
    @api.doc(description="Generate completion message for debugging")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "CompletionMessageRequest",
            {
                "inputs": fields.Raw(required=True, description="Input variables"),
                "query": fields.String(description="Query text", default=""),
                "files": fields.List(fields.Raw(), description="Uploaded files"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
                "response_mode": fields.String(enum=["blocking", "streaming"], description="Response mode"),
                "retriever_from": fields.String(default="dev", description="Retriever source"),
            },
        )
    )
    @api.response(200, "Completion generated successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -86,7 +106,12 @@ class CompletionMessageApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/completion-messages/<string:task_id>/stop")
 class CompletionMessageStopApi(Resource):
    @api.doc("stop_completion_message")
    @api.doc(description="Stop a running completion message generation")
    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID to stop"})
    @api.response(200, "Task stopped successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -99,12 +124,40 @@ class CompletionMessageStopApi(Resource):
        return {"result": "success"}, 200
@console_ns.route("/apps/<uuid:app_id>/chat-messages")
 class ChatMessageApi(Resource):
    @api.doc("create_chat_message")
    @api.doc(description="Generate chat message for debugging")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "ChatMessageRequest",
            {
                "inputs": fields.Raw(required=True, description="Input variables"),
                "query": fields.String(required=True, description="User query"),
                "files": fields.List(fields.Raw(), description="Uploaded files"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
                "conversation_id": fields.String(description="Conversation ID"),
                "parent_message_id": fields.String(description="Parent message ID"),
                "response_mode": fields.String(enum=["blocking", "streaming"], description="Response mode"),
                "retriever_from": fields.String(default="dev", description="Retriever source"),
            },
        )
    )
    @api.response(200, "Chat message generated successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(404, "App or conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT])
    def post(self, app_model):
        if not isinstance(current_user, Account):
            raise Forbidden()
        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, required=True, location="json")
        parser.add_argument("query", type=str, required=True, location="json")
@ -155,7 +208,12 @@ class ChatMessageApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
 class ChatMessageStopApi(Resource):
    @api.doc("stop_chat_message")
    @api.doc(description="Stop a running chat message generation")
    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID to stop"})
    @api.response(200, "Task stopped successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -166,9 +224,3 @@ class ChatMessageStopApi(Resource):
        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, current_user.id)
        return {"result": "success"}, 200
 api.add_resource(CompletionMessageApi, "/apps/<uuid:app_id>/completion-messages")
 api.add_resource(CompletionMessageStopApi, "/apps/<uuid:app_id>/completion-messages/<string:task_id>/stop")
 api.add_resource(ChatMessageApi, "/apps/<uuid:app_id>/chat-messages")
 api.add_resource(ChatMessageStopApi, "/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@ -8,7 +8,7 @@ from sqlalchemy import func, or_
 from sqlalchemy.orm import joinedload
 from werkzeug.exceptions import Forbidden, NotFound
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -28,7 +28,29 @@ from services.conversation_service import ConversationService
 from services.errors.conversation import ConversationNotExistsError
@console_ns.route("/apps/<uuid:app_id>/completion-conversations")
 class CompletionConversationApi(Resource):
    @api.doc("list_completion_conversations")
    @api.doc(description="Get completion conversations with pagination and filtering")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("keyword", type=str, location="args", help="Search keyword")
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
        .add_argument(
            "annotation_status",
            type=str,
            location="args",
            choices=["annotated", "not_annotated", "all"],
            default="all",
            help="Annotation status filter",
        )
        .add_argument("page", type=int, location="args", default=1, help="Page number")
        .add_argument("limit", type=int, location="args", default=20, help="Page size (1-100)")
    )
    @api.response(200, "Success", conversation_pagination_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -101,7 +123,14 @@ class CompletionConversationApi(Resource):
        return conversations
@console_ns.route("/apps/<uuid:app_id>/completion-conversations/<uuid:conversation_id>")
 class CompletionConversationDetailApi(Resource):
    @api.doc("get_completion_conversation")
    @api.doc(description="Get completion conversation details with messages")
    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
    @api.response(200, "Success", conversation_message_detail_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -114,6 +143,12 @@ class CompletionConversationDetailApi(Resource):
        return _get_conversation(app_model, conversation_id)
    @api.doc("delete_completion_conversation")
    @api.doc(description="Delete a completion conversation")
    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
    @api.response(204, "Conversation deleted successfully")
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -133,7 +168,38 @@ class CompletionConversationDetailApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/apps/<uuid:app_id>/chat-conversations")
 class ChatConversationApi(Resource):
    @api.doc("list_chat_conversations")
    @api.doc(description="Get chat conversations with pagination, filtering and summary")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("keyword", type=str, location="args", help="Search keyword")
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
        .add_argument(
            "annotation_status",
            type=str,
            location="args",
            choices=["annotated", "not_annotated", "all"],
            default="all",
            help="Annotation status filter",
        )
        .add_argument("message_count_gte", type=int, location="args", help="Minimum message count")
        .add_argument("page", type=int, location="args", default=1, help="Page number")
        .add_argument("limit", type=int, location="args", default=20, help="Page size (1-100)")
        .add_argument(
            "sort_by",
            type=str,
            location="args",
            choices=["created_at", "-created_at", "updated_at", "-updated_at"],
            default="-updated_at",
            help="Sort field and direction",
        )
    )
    @api.response(200, "Success", conversation_with_summary_pagination_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -241,7 +307,7 @@ class ChatConversationApi(Resource):
                .having(func.count(Message.id) >= args["message_count_gte"])
            )
-        if app_model.mode == AppMode.ADVANCED_CHAT.value:
+        if app_model.mode == AppMode.ADVANCED_CHAT:
            query = query.where(Conversation.invoke_from != InvokeFrom.DEBUGGER.value)
        match args["sort_by"]:
@ -261,7 +327,14 @@ class ChatConversationApi(Resource):
        return conversations
@console_ns.route("/apps/<uuid:app_id>/chat-conversations/<uuid:conversation_id>")
 class ChatConversationDetailApi(Resource):
    @api.doc("get_chat_conversation")
    @api.doc(description="Get chat conversation details")
    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
    @api.response(200, "Success", conversation_detail_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -274,6 +347,12 @@ class ChatConversationDetailApi(Resource):
        return _get_conversation(app_model, conversation_id)
    @api.doc("delete_chat_conversation")
    @api.doc(description="Delete a chat conversation")
    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
    @api.response(204, "Conversation deleted successfully")
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
@ -293,12 +372,6 @@ class ChatConversationDetailApi(Resource):
        return {"result": "success"}, 204
 api.add_resource(CompletionConversationApi, "/apps/<uuid:app_id>/completion-conversations")
 api.add_resource(CompletionConversationDetailApi, "/apps/<uuid:app_id>/completion-conversations/<uuid:conversation_id>")
 api.add_resource(ChatConversationApi, "/apps/<uuid:app_id>/chat-conversations")
 api.add_resource(ChatConversationDetailApi, "/apps/<uuid:app_id>/chat-conversations/<uuid:conversation_id>")
 def _get_conversation(app_model, conversation_id):
    conversation = (
        db.session.query(Conversation)
--- a/api/controllers/console/app/conversation_variables.py
+++ b/api/controllers/console/app/conversation_variables.py
@ -2,7 +2,7 @@ from flask_restx import Resource, marshal_with, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -12,7 +12,17 @@ from models import ConversationVariable
 from models.model import AppMode
@console_ns.route("/apps/<uuid:app_id>/conversation-variables")
 class ConversationVariablesApi(Resource):
    @api.doc("get_conversation_variables")
    @api.doc(description="Get conversation variables for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser().add_argument(
            "conversation_id", type=str, location="args", help="Conversation ID to filter variables"
        )
    )
    @api.response(200, "Conversation variables retrieved successfully", paginated_conversation_variable_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -55,6 +65,3 @@ class ConversationVariablesApi(Resource):
                for row in rows
            ],
        }
 api.add_resource(ConversationVariablesApi, "/apps/<uuid:app_id>/conversation-variables")
--- a/api/controllers/console/app/generator.py
+++ b/api/controllers/console/app/generator.py
@ -1,9 +1,9 @@
 from collections.abc import Sequence
 from flask_login import current_user
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
@ -19,7 +19,23 @@ from core.model_runtime.errors.invoke import InvokeError
 from libs.login import login_required
@console_ns.route("/rule-generate")
 class RuleGenerateApi(Resource):
    @api.doc("generate_rule_config")
    @api.doc(description="Generate rule configuration using LLM")
    @api.expect(
        api.model(
            "RuleGenerateRequest",
            {
                "instruction": fields.String(required=True, description="Rule generation instruction"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
                "no_variable": fields.Boolean(required=True, default=False, description="Whether to exclude variables"),
            },
        )
    )
    @api.response(200, "Rule configuration generated successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -50,7 +66,26 @@ class RuleGenerateApi(Resource):
        return rules
@console_ns.route("/rule-code-generate")
 class RuleCodeGenerateApi(Resource):
    @api.doc("generate_rule_code")
    @api.doc(description="Generate code rules using LLM")
    @api.expect(
        api.model(
            "RuleCodeGenerateRequest",
            {
                "instruction": fields.String(required=True, description="Code generation instruction"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
                "no_variable": fields.Boolean(required=True, default=False, description="Whether to exclude variables"),
                "code_language": fields.String(
                    default="javascript", description="Programming language for code generation"
                ),
            },
        )
    )
    @api.response(200, "Code rules generated successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -82,7 +117,22 @@ class RuleCodeGenerateApi(Resource):
        return code_result
@console_ns.route("/rule-structured-output-generate")
 class RuleStructuredOutputGenerateApi(Resource):
    @api.doc("generate_structured_output")
    @api.doc(description="Generate structured output rules using LLM")
    @api.expect(
        api.model(
            "StructuredOutputGenerateRequest",
            {
                "instruction": fields.String(required=True, description="Structured output generation instruction"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
            },
        )
    )
    @api.response(200, "Structured output generated successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -111,7 +161,27 @@ class RuleStructuredOutputGenerateApi(Resource):
        return structured_output
@console_ns.route("/instruction-generate")
 class InstructionGenerateApi(Resource):
    @api.doc("generate_instruction")
    @api.doc(description="Generate instruction for workflow nodes or general use")
    @api.expect(
        api.model(
            "InstructionGenerateRequest",
            {
                "flow_id": fields.String(required=True, description="Workflow/Flow ID"),
                "node_id": fields.String(description="Node ID for workflow context"),
                "current": fields.String(description="Current instruction text"),
                "language": fields.String(default="javascript", description="Programming language (javascript/python)"),
                "instruction": fields.String(required=True, description="Instruction for generation"),
                "model_config": fields.Raw(required=True, description="Model configuration"),
                "ideal_output": fields.String(description="Expected ideal output"),
            },
        )
    )
    @api.response(200, "Instruction generated successfully")
    @api.response(400, "Invalid request parameters or flow/workflow not found")
    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -203,7 +273,21 @@ class InstructionGenerateApi(Resource):
            raise CompletionRequestError(e.description)
@console_ns.route("/instruction-generate/template")
 class InstructionGenerationTemplateApi(Resource):
    @api.doc("get_instruction_template")
    @api.doc(description="Get instruction generation template")
    @api.expect(
        api.model(
            "InstructionTemplateRequest",
            {
                "instruction": fields.String(required=True, description="Template instruction"),
                "ideal_output": fields.String(description="Expected ideal output"),
            },
        )
    )
    @api.response(200, "Template retrieved successfully")
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -222,10 +306,3 @@ class InstructionGenerationTemplateApi(Resource):
                return {"data": INSTRUCTION_GENERATE_TEMPLATE_CODE}
            case _:
                raise ValueError(f"Invalid type: {args['type']}")
 api.add_resource(RuleGenerateApi, "/rule-generate")
 api.add_resource(RuleCodeGenerateApi, "/rule-code-generate")
 api.add_resource(RuleStructuredOutputGenerateApi, "/rule-structured-output-generate")
 api.add_resource(InstructionGenerateApi, "/instruction-generate")
 api.add_resource(InstructionGenerationTemplateApi, "/instruction-generate/template")
--- a/api/controllers/console/app/mcp_server.py
+++ b/api/controllers/console/app/mcp_server.py
@ -2,10 +2,10 @@ import json
 from enum import StrEnum
 from flask_login import current_user
-from flask_restx import Resource, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal_with, reqparse
 from werkzeug.exceptions import NotFound
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -19,7 +19,12 @@ class AppMCPServerStatus(StrEnum):
    INACTIVE = "inactive"
@console_ns.route("/apps/<uuid:app_id>/server")
 class AppMCPServerController(Resource):
    @api.doc("get_app_mcp_server")
    @api.doc(description="Get MCP server configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "MCP server configuration retrieved successfully", app_server_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -29,6 +34,20 @@ class AppMCPServerController(Resource):
        server = db.session.query(AppMCPServer).where(AppMCPServer.app_id == app_model.id).first()
        return server
    @api.doc("create_app_mcp_server")
    @api.doc(description="Create MCP server configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "MCPServerCreateRequest",
            {
                "description": fields.String(description="Server description"),
                "parameters": fields.Raw(required=True, description="Server parameters configuration"),
            },
        )
    )
    @api.response(201, "MCP server configuration created successfully", app_server_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -59,6 +78,23 @@ class AppMCPServerController(Resource):
        db.session.commit()
        return server
    @api.doc("update_app_mcp_server")
    @api.doc(description="Update MCP server configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "MCPServerUpdateRequest",
            {
                "id": fields.String(required=True, description="Server ID"),
                "description": fields.String(description="Server description"),
                "parameters": fields.Raw(required=True, description="Server parameters configuration"),
                "status": fields.String(description="Server status"),
            },
        )
    )
    @api.response(200, "MCP server configuration updated successfully", app_server_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Server not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -94,7 +130,14 @@ class AppMCPServerController(Resource):
        return server
@console_ns.route("/apps/<uuid:server_id>/server/refresh")
 class AppMCPServerRefreshController(Resource):
    @api.doc("refresh_app_mcp_server")
    @api.doc(description="Refresh MCP server configuration and regenerate server code")
    @api.doc(params={"server_id": "Server ID"})
    @api.response(200, "MCP server refreshed successfully", app_server_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(404, "Server not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -113,7 +156,3 @@ class AppMCPServerRefreshController(Resource):
        server.server_code = AppMCPServer.generate_server_code(16)
        db.session.commit()
        return server
 api.add_resource(AppMCPServerController, "/apps/<uuid:app_id>/server")
 api.add_resource(AppMCPServerRefreshController, "/apps/<uuid:server_id>/server/refresh")
--- a/api/controllers/console/app/message.py
+++ b/api/controllers/console/app/message.py
@ -5,7 +5,7 @@ from flask_restx.inputs import int_range
 from sqlalchemy import exists, select
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
@ -37,6 +37,7 @@ from services.message_service import MessageService
 logger = logging.getLogger(__name__)
@console_ns.route("/apps/<uuid:app_id>/chat-messages")
 class ChatMessageListApi(Resource):
    message_infinite_scroll_pagination_fields = {
        "limit": fields.Integer,
@ -44,6 +45,17 @@ class ChatMessageListApi(Resource):
        "data": fields.List(fields.Nested(message_detail_fields)),
    }
    @api.doc("list_chat_messages")
    @api.doc(description="Get chat messages for a conversation with pagination")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("conversation_id", type=str, required=True, location="args", help="Conversation ID")
        .add_argument("first_id", type=str, location="args", help="First message ID for pagination")
        .add_argument("limit", type=int, location="args", default=20, help="Number of messages to return (1-100)")
    )
    @api.response(200, "Success", message_infinite_scroll_pagination_fields)
    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
@ -117,7 +129,23 @@ class ChatMessageListApi(Resource):
        return InfiniteScrollPagination(data=history_messages, limit=args["limit"], has_more=has_more)
@console_ns.route("/apps/<uuid:app_id>/feedbacks")
 class MessageFeedbackApi(Resource):
    @api.doc("create_message_feedback")
    @api.doc(description="Create or update message feedback (like/dislike)")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "MessageFeedbackRequest",
            {
                "message_id": fields.String(required=True, description="Message ID"),
                "rating": fields.String(enum=["like", "dislike"], description="Feedback rating"),
            },
        )
    )
    @api.response(200, "Feedback updated successfully")
    @api.response(404, "Message not found")
    @api.response(403, "Insufficient permissions")
    @get_app_model
    @setup_required
    @login_required
@ -162,7 +190,24 @@ class MessageFeedbackApi(Resource):
        return {"result": "success"}
@console_ns.route("/apps/<uuid:app_id>/annotations")
 class MessageAnnotationApi(Resource):
    @api.doc("create_message_annotation")
    @api.doc(description="Create message annotation")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "MessageAnnotationRequest",
            {
                "message_id": fields.String(description="Message ID"),
                "question": fields.String(required=True, description="Question text"),
                "answer": fields.String(required=True, description="Answer text"),
                "annotation_reply": fields.Raw(description="Annotation reply"),
            },
        )
    )
    @api.response(200, "Annotation created successfully", annotation_fields)
    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -172,7 +217,7 @@ class MessageAnnotationApi(Resource):
    def post(self, app_model):
        if not isinstance(current_user, Account):
            raise Forbidden()
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -186,7 +231,16 @@ class MessageAnnotationApi(Resource):
        return annotation
@console_ns.route("/apps/<uuid:app_id>/annotations/count")
 class MessageAnnotationCountApi(Resource):
    @api.doc("get_annotation_count")
    @api.doc(description="Get count of message annotations for the app")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(
        200,
        "Annotation count retrieved successfully",
        api.model("AnnotationCountResponse", {"count": fields.Integer(description="Number of annotations")}),
    )
    @get_app_model
    @setup_required
    @login_required
@ -197,7 +251,17 @@ class MessageAnnotationCountApi(Resource):
        return {"count": count}
@console_ns.route("/apps/<uuid:app_id>/chat-messages/<uuid:message_id>/suggested-questions")
 class MessageSuggestedQuestionApi(Resource):
    @api.doc("get_message_suggested_questions")
    @api.doc(description="Get suggested questions for a message")
    @api.doc(params={"app_id": "Application ID", "message_id": "Message ID"})
    @api.response(
        200,
        "Suggested questions retrieved successfully",
        api.model("SuggestedQuestionsResponse", {"data": fields.List(fields.String(description="Suggested question"))}),
    )
    @api.response(404, "Message or conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -230,7 +294,13 @@ class MessageSuggestedQuestionApi(Resource):
        return {"data": questions}
@console_ns.route("/apps/<uuid:app_id>/messages/<uuid:message_id>")
 class MessageApi(Resource):
    @api.doc("get_message")
    @api.doc(description="Get message details by ID")
    @api.doc(params={"app_id": "Application ID", "message_id": "Message ID"})
    @api.response(200, "Message retrieved successfully", message_detail_fields)
    @api.response(404, "Message not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -245,11 +315,3 @@ class MessageApi(Resource):
            raise NotFound("Message Not Exists.")
        return message
 api.add_resource(MessageSuggestedQuestionApi, "/apps/<uuid:app_id>/chat-messages/<uuid:message_id>/suggested-questions")
 api.add_resource(ChatMessageListApi, "/apps/<uuid:app_id>/chat-messages", endpoint="console_chat_messages")
 api.add_resource(MessageFeedbackApi, "/apps/<uuid:app_id>/feedbacks")
 api.add_resource(MessageAnnotationApi, "/apps/<uuid:app_id>/annotations")
 api.add_resource(MessageAnnotationCountApi, "/apps/<uuid:app_id>/annotations/count")
 api.add_resource(MessageApi, "/apps/<uuid:app_id>/messages/<uuid:message_id>", endpoint="console_message")
--- a/api/controllers/console/app/model_config.py
+++ b/api/controllers/console/app/model_config.py
@ -3,9 +3,10 @@ from typing import cast
 from flask import request
 from flask_login import current_user
-from flask_restx import Resource
+from flask_restx import Resource, fields
 from werkzeug.exceptions import Forbidden
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.agent.entities import AgentToolEntity
@ -14,17 +15,51 @@ from core.tools.utils.configuration import ToolParameterConfigurationManager
 from events.app_event import app_model_config_was_updated
 from extensions.ext_database import db
 from libs.login import login_required
 from models.account import Account
 from models.model import AppMode, AppModelConfig
 from services.app_model_config_service import AppModelConfigService
@console_ns.route("/apps/<uuid:app_id>/model-config")
 class ModelConfigResource(Resource):
    @api.doc("update_app_model_config")
    @api.doc(description="Update application model configuration")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "ModelConfigRequest",
            {
                "provider": fields.String(description="Model provider"),
                "model": fields.String(description="Model name"),
                "configs": fields.Raw(description="Model configuration parameters"),
                "opening_statement": fields.String(description="Opening statement"),
                "suggested_questions": fields.List(fields.String(), description="Suggested questions"),
                "more_like_this": fields.Raw(description="More like this configuration"),
                "speech_to_text": fields.Raw(description="Speech to text configuration"),
                "text_to_speech": fields.Raw(description="Text to speech configuration"),
                "retrieval_model": fields.Raw(description="Retrieval model configuration"),
                "tools": fields.List(fields.Raw(), description="Available tools"),
                "dataset_configs": fields.Raw(description="Dataset configurations"),
                "agent_mode": fields.Raw(description="Agent mode configuration"),
            },
        )
    )
    @api.response(200, "Model configuration updated successfully")
    @api.response(400, "Invalid configuration")
    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.AGENT_CHAT, AppMode.CHAT, AppMode.COMPLETION])
    def post(self, app_model):
        """Modify app model config"""
        if not isinstance(current_user, Account):
            raise Forbidden()
        if not current_user.has_edit_permission:
            raise Forbidden()
        assert current_user.current_tenant_id is not None, "The tenant information should be loaded."
        # validate config
        model_configuration = AppModelConfigService.validate_configuration(
            tenant_id=current_user.current_tenant_id,
@ -39,7 +74,7 @@ class ModelConfigResource(Resource):
        )
        new_app_model_config = new_app_model_config.from_model_config_dict(model_configuration)
-        if app_model.mode == AppMode.AGENT_CHAT.value or app_model.is_agent:
+        if app_model.mode == AppMode.AGENT_CHAT or app_model.is_agent:
            # get original app model config
            original_app_model_config = (
                db.session.query(AppModelConfig).where(AppModelConfig.id == app_model.app_model_config_id).first()
@ -142,6 +177,3 @@ class ModelConfigResource(Resource):
        app_model_config_was_updated.send(app_model, app_model_config=new_app_model_config)
        return {"result": "success"}
 api.add_resource(ModelConfigResource, "/apps/<uuid:app_id>/model-config")
--- a/api/controllers/console/app/ops_trace.py
+++ b/api/controllers/console/app/ops_trace.py
@ -1,18 +1,31 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
 from werkzeug.exceptions import BadRequest
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import TracingConfigCheckError, TracingConfigIsExist, TracingConfigNotExist
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.login import login_required
 from services.ops_service import OpsService
@console_ns.route("/apps/<uuid:app_id>/trace-config")
 class TraceAppConfigApi(Resource):
    """
    Manage trace app configurations
    """
    @api.doc("get_trace_app_config")
    @api.doc(description="Get tracing configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser().add_argument(
            "tracing_provider", type=str, required=True, location="args", help="Tracing provider name"
        )
    )
    @api.response(
        200, "Tracing configuration retrieved successfully", fields.Raw(description="Tracing configuration data")
    )
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -29,6 +42,22 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))
    @api.doc("create_trace_app_config")
    @api.doc(description="Create a new tracing configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "TraceConfigCreateRequest",
            {
                "tracing_provider": fields.String(required=True, description="Tracing provider name"),
                "tracing_config": fields.Raw(required=True, description="Tracing configuration data"),
            },
        )
    )
    @api.response(
        201, "Tracing configuration created successfully", fields.Raw(description="Created configuration data")
    )
    @api.response(400, "Invalid request parameters or configuration already exists")
    @setup_required
    @login_required
    @account_initialization_required
@ -51,6 +80,20 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))
    @api.doc("update_trace_app_config")
    @api.doc(description="Update an existing tracing configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "TraceConfigUpdateRequest",
            {
                "tracing_provider": fields.String(required=True, description="Tracing provider name"),
                "tracing_config": fields.Raw(required=True, description="Updated tracing configuration data"),
            },
        )
    )
    @api.response(200, "Tracing configuration updated successfully", fields.Raw(description="Success response"))
    @api.response(400, "Invalid request parameters or configuration not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -71,6 +114,16 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))
    @api.doc("delete_trace_app_config")
    @api.doc(description="Delete an existing tracing configuration for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser().add_argument(
            "tracing_provider", type=str, required=True, location="args", help="Tracing provider name"
        )
    )
    @api.response(204, "Tracing configuration deleted successfully")
    @api.response(400, "Invalid request parameters or configuration not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -87,6 +140,3 @@ class TraceAppConfigApi(Resource):
            return {"result": "success"}, 204
        except Exception as e:
            raise BadRequest(str(e))
 api.add_resource(TraceAppConfigApi, "/apps/<uuid:app_id>/trace-config")
--- a/api/controllers/console/app/site.py
+++ b/api/controllers/console/app/site.py
@ -1,9 +1,9 @@
 from flask_login import current_user
-from flask_restx import Resource, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden, NotFound
 from constants.languages import supported_language
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -36,7 +36,39 @@ def parse_app_site_args():
    return parser.parse_args()
@console_ns.route("/apps/<uuid:app_id>/site")
 class AppSite(Resource):
    @api.doc("update_app_site")
    @api.doc(description="Update application site configuration")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AppSiteRequest",
            {
                "title": fields.String(description="Site title"),
                "icon_type": fields.String(description="Icon type"),
                "icon": fields.String(description="Icon"),
                "icon_background": fields.String(description="Icon background color"),
                "description": fields.String(description="Site description"),
                "default_language": fields.String(description="Default language"),
                "chat_color_theme": fields.String(description="Chat color theme"),
                "chat_color_theme_inverted": fields.Boolean(description="Inverted chat color theme"),
                "customize_domain": fields.String(description="Custom domain"),
                "copyright": fields.String(description="Copyright text"),
                "privacy_policy": fields.String(description="Privacy policy"),
                "custom_disclaimer": fields.String(description="Custom disclaimer"),
                "customize_token_strategy": fields.String(
                    enum=["must", "allow", "not_allow"], description="Token strategy"
                ),
                "prompt_public": fields.Boolean(description="Make prompt public"),
                "show_workflow_steps": fields.Boolean(description="Show workflow steps"),
                "use_icon_as_answer_icon": fields.Boolean(description="Use icon as answer icon"),
            },
        )
    )
    @api.response(200, "Site configuration updated successfully", app_site_fields)
    @api.response(403, "Insufficient permissions")
    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -84,7 +116,14 @@ class AppSite(Resource):
        return site
@console_ns.route("/apps/<uuid:app_id>/site/access-token-reset")
 class AppSiteAccessTokenReset(Resource):
    @api.doc("reset_app_site_access_token")
    @api.doc(description="Reset access token for application site")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Access token reset successfully", app_site_fields)
    @api.response(403, "Insufficient permissions (admin/owner required)")
    @api.response(404, "App or site not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -108,7 +147,3 @@ class AppSiteAccessTokenReset(Resource):
        db.session.commit()
        return site
 api.add_resource(AppSite, "/apps/<uuid:app_id>/site")
 api.add_resource(AppSiteAccessTokenReset, "/apps/<uuid:app_id>/site/access-token-reset")
--- a/api/controllers/console/app/statistic.py
+++ b/api/controllers/console/app/statistic.py
@ -5,9 +5,9 @@ import pytz
 import sqlalchemy as sa
 from flask import jsonify
 from flask_login import current_user
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -17,7 +17,21 @@ from libs.login import login_required
 from models import AppMode, Message
@console_ns.route("/apps/<uuid:app_id>/statistics/daily-messages")
 class DailyMessageStatistic(Resource):
    @api.doc("get_daily_message_statistics")
    @api.doc(description="Get daily message statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Daily message statistics retrieved successfully",
        fields.List(fields.Raw(description="Daily message count data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -74,7 +88,21 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/daily-conversations")
 class DailyConversationStatistic(Resource):
    @api.doc("get_daily_conversation_statistics")
    @api.doc(description="Get daily conversation statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Daily conversation statistics retrieved successfully",
        fields.List(fields.Raw(description="Daily conversation count data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -126,7 +154,21 @@ class DailyConversationStatistic(Resource):
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/daily-end-users")
 class DailyTerminalsStatistic(Resource):
    @api.doc("get_daily_terminals_statistics")
    @api.doc(description="Get daily terminal/end-user statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Daily terminal statistics retrieved successfully",
        fields.List(fields.Raw(description="Daily terminal count data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -183,7 +225,21 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/token-costs")
 class DailyTokenCostStatistic(Resource):
    @api.doc("get_daily_token_cost_statistics")
    @api.doc(description="Get daily token cost statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Daily token cost statistics retrieved successfully",
        fields.List(fields.Raw(description="Daily token cost data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -243,7 +299,21 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/average-session-interactions")
 class AverageSessionInteractionStatistic(Resource):
    @api.doc("get_average_session_interaction_statistics")
    @api.doc(description="Get average session interaction statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Average session interaction statistics retrieved successfully",
        fields.List(fields.Raw(description="Average session interaction data")),
    )
    @setup_required
    @login_required
    @account_initialization_required
@ -319,7 +389,21 @@ ORDER BY
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/user-satisfaction-rate")
 class UserSatisfactionRateStatistic(Resource):
    @api.doc("get_user_satisfaction_rate_statistics")
    @api.doc(description="Get user satisfaction rate statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "User satisfaction rate statistics retrieved successfully",
        fields.List(fields.Raw(description="User satisfaction rate data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -385,7 +469,21 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/average-response-time")
 class AverageResponseTimeStatistic(Resource):
    @api.doc("get_average_response_time_statistics")
    @api.doc(description="Get average response time statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Average response time statistics retrieved successfully",
        fields.List(fields.Raw(description="Average response time data")),
    )
    @setup_required
    @login_required
    @account_initialization_required
@ -442,7 +540,21 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/statistics/tokens-per-second")
 class TokensPerSecondStatistic(Resource):
    @api.doc("get_tokens_per_second_statistics")
    @api.doc(description="Get tokens per second statistics for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.parser()
        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
    )
    @api.response(
        200,
        "Tokens per second statistics retrieved successfully",
        fields.List(fields.Raw(description="Tokens per second data")),
    )
    @get_app_model
    @setup_required
    @login_required
@ -500,13 +612,3 @@ WHERE
                response_data.append({"date": str(i.date), "tps": round(i.tokens_per_second, 4)})
        return jsonify({"data": response_data})
 api.add_resource(DailyMessageStatistic, "/apps/<uuid:app_id>/statistics/daily-messages")
 api.add_resource(DailyConversationStatistic, "/apps/<uuid:app_id>/statistics/daily-conversations")
 api.add_resource(DailyTerminalsStatistic, "/apps/<uuid:app_id>/statistics/daily-end-users")
 api.add_resource(DailyTokenCostStatistic, "/apps/<uuid:app_id>/statistics/token-costs")
 api.add_resource(AverageSessionInteractionStatistic, "/apps/<uuid:app_id>/statistics/average-session-interactions")
 api.add_resource(UserSatisfactionRateStatistic, "/apps/<uuid:app_id>/statistics/user-satisfaction-rate")
 api.add_resource(AverageResponseTimeStatistic, "/apps/<uuid:app_id>/statistics/average-response-time")
 api.add_resource(TokensPerSecondStatistic, "/apps/<uuid:app_id>/statistics/tokens-per-second")
--- a/api/controllers/console/app/workflow.py
+++ b/api/controllers/console/app/workflow.py
@ -4,13 +4,13 @@ from collections.abc import Sequence
 from typing import cast
 from flask import abort, request
-from flask_restx import Resource, inputs, marshal_with, reqparse
+from flask_restx import Resource, fields, inputs, marshal_with, reqparse
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
 import services
 from configs import dify_config
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import ConversationCompletedError, DraftWorkflowNotExist, DraftWorkflowNotSync
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
@ -57,7 +57,13 @@ def _parse_file(workflow: Workflow, files: list[dict] | None = None) -> Sequence
    return file_objs
@console_ns.route("/apps/<uuid:app_id>/workflows/draft")
 class DraftWorkflowApi(Resource):
    @api.doc("get_draft_workflow")
    @api.doc(description="Get draft workflow for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Draft workflow retrieved successfully", workflow_fields)
    @api.response(404, "Draft workflow not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -69,7 +75,7 @@ class DraftWorkflowApi(Resource):
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        # fetch draft workflow by app_model
@ -86,13 +92,30 @@ class DraftWorkflowApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
    @api.doc("sync_draft_workflow")
    @api.doc(description="Sync draft workflow configuration")
    @api.expect(
        api.model(
            "SyncDraftWorkflowRequest",
            {
                "graph": fields.Raw(required=True, description="Workflow graph configuration"),
                "features": fields.Raw(required=True, description="Workflow features configuration"),
                "hash": fields.String(description="Workflow hash for validation"),
                "environment_variables": fields.List(fields.Raw, required=True, description="Environment variables"),
                "conversation_variables": fields.List(fields.Raw, description="Conversation variables"),
            },
        )
    )
    @api.response(200, "Draft workflow synced successfully", workflow_fields)
    @api.response(400, "Invalid workflow configuration")
    @api.response(403, "Permission denied")
    def post(self, app_model: App):
        """
        Sync draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        content_type = request.headers.get("Content-Type", "")
@ -159,7 +182,25 @@ class DraftWorkflowApi(Resource):
        }
@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/run")
 class AdvancedChatDraftWorkflowRunApi(Resource):
    @api.doc("run_advanced_chat_draft_workflow")
    @api.doc(description="Run draft workflow for advanced chat application")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "AdvancedChatWorkflowRunRequest",
            {
                "query": fields.String(required=True, description="User query"),
                "inputs": fields.Raw(description="Input variables"),
                "files": fields.List(fields.Raw, description="File uploads"),
                "conversation_id": fields.String(description="Conversation ID"),
            },
        )
    )
    @api.response(200, "Workflow run started successfully")
    @api.response(400, "Invalid request parameters")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -170,7 +211,7 @@ class AdvancedChatDraftWorkflowRunApi(Resource):
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        if not isinstance(current_user, Account):
@ -208,7 +249,23 @@ class AdvancedChatDraftWorkflowRunApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/iteration/nodes/<string:node_id>/run")
 class AdvancedChatDraftRunIterationNodeApi(Resource):
    @api.doc("run_advanced_chat_draft_iteration_node")
    @api.doc(description="Run draft workflow iteration node for advanced chat")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.expect(
        api.model(
            "IterationNodeRunRequest",
            {
                "task_id": fields.String(required=True, description="Task ID"),
                "inputs": fields.Raw(description="Input variables"),
            },
        )
    )
    @api.response(200, "Iteration node run started successfully")
    @api.response(403, "Permission denied")
    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -220,7 +277,7 @@ class AdvancedChatDraftRunIterationNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -244,7 +301,23 @@ class AdvancedChatDraftRunIterationNodeApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/iteration/nodes/<string:node_id>/run")
 class WorkflowDraftRunIterationNodeApi(Resource):
    @api.doc("run_workflow_draft_iteration_node")
    @api.doc(description="Run draft workflow iteration node")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.expect(
        api.model(
            "WorkflowIterationNodeRunRequest",
            {
                "task_id": fields.String(required=True, description="Task ID"),
                "inputs": fields.Raw(description="Input variables"),
            },
        )
    )
    @api.response(200, "Workflow iteration node run started successfully")
    @api.response(403, "Permission denied")
    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -256,7 +329,7 @@ class WorkflowDraftRunIterationNodeApi(Resource):
        # The role of the current user in the ta table must be admin, owner, or editor
        if not isinstance(current_user, Account):
            raise Forbidden()
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -280,7 +353,23 @@ class WorkflowDraftRunIterationNodeApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/loop/nodes/<string:node_id>/run")
 class AdvancedChatDraftRunLoopNodeApi(Resource):
    @api.doc("run_advanced_chat_draft_loop_node")
    @api.doc(description="Run draft workflow loop node for advanced chat")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.expect(
        api.model(
            "LoopNodeRunRequest",
            {
                "task_id": fields.String(required=True, description="Task ID"),
                "inputs": fields.Raw(description="Input variables"),
            },
        )
    )
    @api.response(200, "Loop node run started successfully")
    @api.response(403, "Permission denied")
    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -293,7 +382,7 @@ class AdvancedChatDraftRunLoopNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -317,7 +406,23 @@ class AdvancedChatDraftRunLoopNodeApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/loop/nodes/<string:node_id>/run")
 class WorkflowDraftRunLoopNodeApi(Resource):
    @api.doc("run_workflow_draft_loop_node")
    @api.doc(description="Run draft workflow loop node")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.expect(
        api.model(
            "WorkflowLoopNodeRunRequest",
            {
                "task_id": fields.String(required=True, description="Task ID"),
                "inputs": fields.Raw(description="Input variables"),
            },
        )
    )
    @api.response(200, "Workflow loop node run started successfully")
    @api.response(403, "Permission denied")
    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -330,7 +435,7 @@ class WorkflowDraftRunLoopNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -354,7 +459,22 @@ class WorkflowDraftRunLoopNodeApi(Resource):
            raise InternalServerError()
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/run")
 class DraftWorkflowRunApi(Resource):
    @api.doc("run_draft_workflow")
    @api.doc(description="Run draft workflow")
    @api.doc(params={"app_id": "Application ID"})
    @api.expect(
        api.model(
            "DraftWorkflowRunRequest",
            {
                "inputs": fields.Raw(required=True, description="Input variables"),
                "files": fields.List(fields.Raw, description="File uploads"),
            },
        )
    )
    @api.response(200, "Draft workflow run started successfully")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -367,7 +487,7 @@ class DraftWorkflowRunApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -393,7 +513,14 @@ class DraftWorkflowRunApi(Resource):
            raise InvokeRateLimitHttpError(ex.description)
@console_ns.route("/apps/<uuid:app_id>/workflows/tasks/<string:task_id>/stop")
 class WorkflowTaskStopApi(Resource):
    @api.doc("stop_workflow_task")
    @api.doc(description="Stop running workflow task")
    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID"})
    @api.response(200, "Task stopped successfully")
    @api.response(404, "Task not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -406,7 +533,7 @@ class WorkflowTaskStopApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, current_user.id)
@ -414,7 +541,22 @@ class WorkflowTaskStopApi(Resource):
        return {"result": "success"}
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/run")
 class DraftWorkflowNodeRunApi(Resource):
    @api.doc("run_draft_workflow_node")
    @api.doc(description="Run draft workflow node")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.expect(
        api.model(
            "DraftWorkflowNodeRunRequest",
            {
                "inputs": fields.Raw(description="Input variables"),
            },
        )
    )
    @api.response(200, "Node run started successfully", workflow_run_node_execution_fields)
    @api.response(403, "Permission denied")
    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -428,7 +570,7 @@ class DraftWorkflowNodeRunApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -462,7 +604,13 @@ class DraftWorkflowNodeRunApi(Resource):
        return workflow_node_execution
@console_ns.route("/apps/<uuid:app_id>/workflows/publish")
 class PublishedWorkflowApi(Resource):
    @api.doc("get_published_workflow")
    @api.doc(description="Get published workflow for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Published workflow retrieved successfully", workflow_fields)
    @api.response(404, "Published workflow not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -476,7 +624,7 @@ class PublishedWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        # fetch published workflow by app_model
@ -497,7 +645,7 @@ class PublishedWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -534,7 +682,12 @@ class PublishedWorkflowApi(Resource):
        }
@console_ns.route("/apps/<uuid:app_id>/workflows/default-block-configs")
 class DefaultBlockConfigsApi(Resource):
    @api.doc("get_default_block_configs")
    @api.doc(description="Get default block configurations for workflow")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Default block configurations retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -547,7 +700,7 @@ class DefaultBlockConfigsApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        # Get default block configs
@ -555,7 +708,13 @@ class DefaultBlockConfigsApi(Resource):
        return workflow_service.get_default_block_configs()
@console_ns.route("/apps/<uuid:app_id>/workflows/default-block-configs/<string:block_type>")
 class DefaultBlockConfigApi(Resource):
    @api.doc("get_default_block_config")
    @api.doc(description="Get default block configuration by type")
    @api.doc(params={"app_id": "Application ID", "block_type": "Block type"})
    @api.response(200, "Default block configuration retrieved successfully")
    @api.response(404, "Block type not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -567,7 +726,7 @@ class DefaultBlockConfigApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -588,7 +747,14 @@ class DefaultBlockConfigApi(Resource):
        return workflow_service.get_default_block_config(node_type=block_type, filters=filters)
@console_ns.route("/apps/<uuid:app_id>/convert-to-workflow")
 class ConvertToWorkflowApi(Resource):
    @api.doc("convert_to_workflow")
    @api.doc(description="Convert application to workflow mode")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Application converted to workflow successfully")
    @api.response(400, "Application cannot be converted")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -602,7 +768,7 @@ class ConvertToWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        if request.data:
@ -625,9 +791,14 @@ class ConvertToWorkflowApi(Resource):
        }
@console_ns.route("/apps/<uuid:app_id>/workflows/config")
 class WorkflowConfigApi(Resource):
    """Resource for workflow configuration."""
    @api.doc("get_workflow_config")
    @api.doc(description="Get workflow configuration")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Workflow configuration retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -638,7 +809,12 @@ class WorkflowConfigApi(Resource):
        }
@console_ns.route("/apps/<uuid:app_id>/workflows/published")
 class PublishedAllWorkflowApi(Resource):
    @api.doc("get_all_published_workflows")
    @api.doc(description="Get all published workflows for an application")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Published workflows retrieved successfully", workflow_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -651,7 +827,7 @@ class PublishedAllWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -689,7 +865,23 @@ class PublishedAllWorkflowApi(Resource):
            }
@console_ns.route("/apps/<uuid:app_id>/workflows/<uuid:workflow_id>")
 class WorkflowByIdApi(Resource):
    @api.doc("update_workflow_by_id")
    @api.doc(description="Update workflow by ID")
    @api.doc(params={"app_id": "Application ID", "workflow_id": "Workflow ID"})
    @api.expect(
        api.model(
            "UpdateWorkflowRequest",
            {
                "environment_variables": fields.List(fields.Raw, description="Environment variables"),
                "conversation_variables": fields.List(fields.Raw, description="Conversation variables"),
            },
        )
    )
    @api.response(200, "Workflow updated successfully", workflow_fields)
    @api.response(404, "Workflow not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -702,7 +894,7 @@ class WorkflowByIdApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        parser = reqparse.RequestParser()
@ -715,7 +907,6 @@ class WorkflowByIdApi(Resource):
            raise ValueError("Marked name cannot exceed 20 characters")
        if args.marked_comment and len(args.marked_comment) > 100:
            raise ValueError("Marked comment cannot exceed 100 characters")
        args = parser.parse_args()
        # Prepare update data
        update_data = {}
@ -758,7 +949,7 @@ class WorkflowByIdApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        workflow_service = WorkflowService()
@ -781,7 +972,14 @@ class WorkflowByIdApi(Resource):
        return None, 204
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/last-run")
 class DraftWorkflowNodeLastRunApi(Resource):
    @api.doc("get_draft_workflow_node_last_run")
    @api.doc(description="Get last run result for draft workflow node")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.response(200, "Node last run retrieved successfully", workflow_run_node_execution_fields)
    @api.response(404, "Node last run not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -800,73 +998,3 @@ class DraftWorkflowNodeLastRunApi(Resource):
        if node_exec is None:
            raise NotFound("last run not found")
        return node_exec
 api.add_resource(
    DraftWorkflowApi,
    "/apps/<uuid:app_id>/workflows/draft",
 )
 api.add_resource(
    WorkflowConfigApi,
    "/apps/<uuid:app_id>/workflows/draft/config",
 )
 api.add_resource(
    AdvancedChatDraftWorkflowRunApi,
    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/run",
 )
 api.add_resource(
    DraftWorkflowRunApi,
    "/apps/<uuid:app_id>/workflows/draft/run",
 )
 api.add_resource(
    WorkflowTaskStopApi,
    "/apps/<uuid:app_id>/workflow-runs/tasks/<string:task_id>/stop",
 )
 api.add_resource(
    DraftWorkflowNodeRunApi,
    "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/run",
 )
 api.add_resource(
    AdvancedChatDraftRunIterationNodeApi,
    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/iteration/nodes/<string:node_id>/run",
 )
 api.add_resource(
    WorkflowDraftRunIterationNodeApi,
    "/apps/<uuid:app_id>/workflows/draft/iteration/nodes/<string:node_id>/run",
 )
 api.add_resource(
    AdvancedChatDraftRunLoopNodeApi,
    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/loop/nodes/<string:node_id>/run",
 )
 api.add_resource(
    WorkflowDraftRunLoopNodeApi,
    "/apps/<uuid:app_id>/workflows/draft/loop/nodes/<string:node_id>/run",
 )
 api.add_resource(
    PublishedWorkflowApi,
    "/apps/<uuid:app_id>/workflows/publish",
 )
 api.add_resource(
    PublishedAllWorkflowApi,
    "/apps/<uuid:app_id>/workflows",
 )
 api.add_resource(
    DefaultBlockConfigsApi,
    "/apps/<uuid:app_id>/workflows/default-workflow-block-configs",
 )
 api.add_resource(
    DefaultBlockConfigApi,
    "/apps/<uuid:app_id>/workflows/default-workflow-block-configs/<string:block_type>",
 )
 api.add_resource(
    ConvertToWorkflowApi,
    "/apps/<uuid:app_id>/convert-to-workflow",
 )
 api.add_resource(
    WorkflowByIdApi,
    "/apps/<uuid:app_id>/workflows/<string:workflow_id>",
 )
 api.add_resource(
    DraftWorkflowNodeLastRunApi,
    "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/last-run",
 )
--- a/api/controllers/console/app/workflow_app_log.py
+++ b/api/controllers/console/app/workflow_app_log.py
@ -3,7 +3,7 @@ from flask_restx import Resource, marshal_with, reqparse
 from flask_restx.inputs import int_range
 from sqlalchemy.orm import Session
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.workflow.entities.workflow_execution import WorkflowExecutionStatus
@ -15,7 +15,24 @@ from models.model import AppMode
 from services.workflow_app_service import WorkflowAppService
@console_ns.route("/apps/<uuid:app_id>/workflow-app-logs")
 class WorkflowAppLogApi(Resource):
    @api.doc("get_workflow_app_logs")
    @api.doc(description="Get workflow application execution logs")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(
        params={
            "keyword": "Search keyword for filtering logs",
            "status": "Filter by execution status (succeeded, failed, stopped, partial-succeeded)",
            "created_at__before": "Filter logs created before this timestamp",
            "created_at__after": "Filter logs created after this timestamp",
            "created_by_end_user_session_id": "Filter by end user session ID",
            "created_by_account": "Filter by account",
            "page": "Page number (1-99999)",
            "limit": "Number of items per page (1-100)",
        }
    )
    @api.response(200, "Workflow app logs retrieved successfully", workflow_app_log_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -78,6 +95,3 @@ class WorkflowAppLogApi(Resource):
            )
            return workflow_app_log_pagination
 api.add_resource(WorkflowAppLogApi, "/apps/<uuid:app_id>/workflow-app-logs")
--- a/api/controllers/console/app/workflow_draft_variable.py
+++ b/api/controllers/console/app/workflow_draft_variable.py
@ -6,7 +6,7 @@ from flask_restx import Resource, fields, inputs, marshal, marshal_with, reqpars
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    DraftWorkflowNotExist,
 )
@ -137,14 +137,20 @@ def _api_prerequisite(f):
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
    def wrapper(*args, **kwargs):
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        return f(*args, **kwargs)
    return wrapper
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables")
 class WorkflowVariableCollectionApi(Resource):
    @api.doc("get_workflow_variables")
    @api.doc(description="Get draft workflow variables")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"page": "Page number (1-100000)", "limit": "Number of items per page (1-100)"})
    @api.response(200, "Workflow variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_WITHOUT_VALUE_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_WITHOUT_VALUE_FIELDS)
    def get(self, app_model: App):
@ -173,6 +179,9 @@ class WorkflowVariableCollectionApi(Resource):
        return workflow_vars
    @api.doc("delete_workflow_variables")
    @api.doc(description="Delete all draft workflow variables")
    @api.response(204, "Workflow variables deleted successfully")
    @_api_prerequisite
    def delete(self, app_model: App):
        draft_var_srv = WorkflowDraftVariableService(
@ -201,7 +210,12 @@ def validate_node_id(node_id: str) -> NoReturn | None:
    return None
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/variables")
 class NodeVariableCollectionApi(Resource):
    @api.doc("get_node_variables")
    @api.doc(description="Get variables for a specific node")
    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
    @api.response(200, "Node variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App, node_id: str):
@ -214,6 +228,9 @@ class NodeVariableCollectionApi(Resource):
        return node_vars
    @api.doc("delete_node_variables")
    @api.doc(description="Delete all variables for a specific node")
    @api.response(204, "Node variables deleted successfully")
    @_api_prerequisite
    def delete(self, app_model: App, node_id: str):
        validate_node_id(node_id)
@ -223,10 +240,16 @@ class NodeVariableCollectionApi(Resource):
        return Response("", 204)
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>")
 class VariableApi(Resource):
    _PATCH_NAME_FIELD = "name"
    _PATCH_VALUE_FIELD = "value"
    @api.doc("get_variable")
    @api.doc(description="Get a specific workflow variable")
    @api.doc(params={"app_id": "Application ID", "variable_id": "Variable ID"})
    @api.response(200, "Variable retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
    @api.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_FIELDS)
    def get(self, app_model: App, variable_id: str):
@ -240,6 +263,19 @@ class VariableApi(Resource):
            raise NotFoundError(description=f"variable not found, id={variable_id}")
        return variable
    @api.doc("update_variable")
    @api.doc(description="Update a workflow variable")
    @api.expect(
        api.model(
            "UpdateVariableRequest",
            {
                "name": fields.String(description="Variable name"),
                "value": fields.Raw(description="Variable value"),
            },
        )
    )
    @api.response(200, "Variable updated successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
    @api.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_FIELDS)
    def patch(self, app_model: App, variable_id: str):
@ -302,6 +338,10 @@ class VariableApi(Resource):
        db.session.commit()
        return variable
    @api.doc("delete_variable")
    @api.doc(description="Delete a workflow variable")
    @api.response(204, "Variable deleted successfully")
    @api.response(404, "Variable not found")
    @_api_prerequisite
    def delete(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
@ -317,7 +357,14 @@ class VariableApi(Resource):
        return Response("", 204)
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>/reset")
 class VariableResetApi(Resource):
    @api.doc("reset_variable")
    @api.doc(description="Reset a workflow variable to its default value")
    @api.doc(params={"app_id": "Application ID", "variable_id": "Variable ID"})
    @api.response(200, "Variable reset successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
    @api.response(204, "Variable reset (no content)")
    @api.response(404, "Variable not found")
    @_api_prerequisite
    def put(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
@ -358,7 +405,13 @@ def _get_variable_list(app_model: App, node_id) -> WorkflowDraftVariableList:
    return draft_vars
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/conversation-variables")
 class ConversationVariableCollectionApi(Resource):
    @api.doc("get_conversation_variables")
    @api.doc(description="Get conversation variables for workflow")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Conversation variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    @api.response(404, "Draft workflow not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App):
@ -374,14 +427,25 @@ class ConversationVariableCollectionApi(Resource):
        return _get_variable_list(app_model, CONVERSATION_VARIABLE_NODE_ID)
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/system-variables")
 class SystemVariableCollectionApi(Resource):
    @api.doc("get_system_variables")
    @api.doc(description="Get system variables for workflow")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "System variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App):
        return _get_variable_list(app_model, SYSTEM_VARIABLE_NODE_ID)
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/environment-variables")
 class EnvironmentVariableCollectionApi(Resource):
    @api.doc("get_environment_variables")
    @api.doc(description="Get environment variables for workflow")
    @api.doc(params={"app_id": "Application ID"})
    @api.response(200, "Environment variables retrieved successfully")
    @api.response(404, "Draft workflow not found")
    @_api_prerequisite
    def get(self, app_model: App):
        """
@ -413,16 +477,3 @@ class EnvironmentVariableCollectionApi(Resource):
            )
        return {"items": env_vars_list}
 api.add_resource(
    WorkflowVariableCollectionApi,
    "/apps/<uuid:app_id>/workflows/draft/variables",
 )
 api.add_resource(NodeVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/variables")
 api.add_resource(VariableApi, "/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>")
 api.add_resource(VariableResetApi, "/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>/reset")
 api.add_resource(ConversationVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/conversation-variables")
 api.add_resource(SystemVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/system-variables")
 api.add_resource(EnvironmentVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/environment-variables")
--- a/api/controllers/console/app/workflow_run.py
+++ b/api/controllers/console/app/workflow_run.py
@ -4,7 +4,7 @@ from flask_login import current_user
 from flask_restx import Resource, marshal_with, reqparse
 from flask_restx.inputs import int_range
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from fields.workflow_run_fields import (
@ -19,7 +19,13 @@ from models import Account, App, AppMode, EndUser
 from services.workflow_run_service import WorkflowRunService
@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflow-runs")
 class AdvancedChatAppWorkflowRunListApi(Resource):
    @api.doc("get_advanced_chat_workflow_runs")
    @api.doc(description="Get advanced chat workflow run list")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"last_id": "Last run ID for pagination", "limit": "Number of items per page (1-100)"})
    @api.response(200, "Workflow runs retrieved successfully", advanced_chat_workflow_run_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -40,7 +46,13 @@ class AdvancedChatAppWorkflowRunListApi(Resource):
        return result
@console_ns.route("/apps/<uuid:app_id>/workflow-runs")
 class WorkflowRunListApi(Resource):
    @api.doc("get_workflow_runs")
    @api.doc(description="Get workflow run list")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"last_id": "Last run ID for pagination", "limit": "Number of items per page (1-100)"})
    @api.response(200, "Workflow runs retrieved successfully", workflow_run_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -61,7 +73,13 @@ class WorkflowRunListApi(Resource):
        return result
@console_ns.route("/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>")
 class WorkflowRunDetailApi(Resource):
    @api.doc("get_workflow_run_detail")
    @api.doc(description="Get workflow run detail")
    @api.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
    @api.response(200, "Workflow run detail retrieved successfully", workflow_run_detail_fields)
    @api.response(404, "Workflow run not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -79,7 +97,13 @@ class WorkflowRunDetailApi(Resource):
        return workflow_run
@console_ns.route("/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>/node-executions")
 class WorkflowRunNodeExecutionListApi(Resource):
    @api.doc("get_workflow_run_node_executions")
    @api.doc(description="Get workflow run node execution list")
    @api.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
    @api.response(200, "Node executions retrieved successfully", workflow_run_node_execution_list_fields)
    @api.response(404, "Workflow run not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -100,9 +124,3 @@ class WorkflowRunNodeExecutionListApi(Resource):
        )
        return {"data": node_executions}
 api.add_resource(AdvancedChatAppWorkflowRunListApi, "/apps/<uuid:app_id>/advanced-chat/workflow-runs")
 api.add_resource(WorkflowRunListApi, "/apps/<uuid:app_id>/workflow-runs")
 api.add_resource(WorkflowRunDetailApi, "/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>")
 api.add_resource(WorkflowRunNodeExecutionListApi, "/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>/node-executions")
--- a/api/controllers/console/app/workflow_statistic.py
+++ b/api/controllers/console/app/workflow_statistic.py
@ -7,7 +7,7 @@ from flask import jsonify
 from flask_login import current_user
 from flask_restx import Resource, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -17,7 +17,13 @@ from models.enums import WorkflowRunTriggeredFrom
 from models.model import AppMode
@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/daily-conversations")
 class WorkflowDailyRunsStatistic(Resource):
    @api.doc("get_workflow_daily_runs_statistic")
    @api.doc(description="Get workflow daily runs statistics")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
    @api.response(200, "Daily runs statistics retrieved successfully")
    @get_app_model
    @setup_required
    @login_required
@ -79,7 +85,13 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/daily-terminals")
 class WorkflowDailyTerminalsStatistic(Resource):
    @api.doc("get_workflow_daily_terminals_statistic")
    @api.doc(description="Get workflow daily terminals statistics")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
    @api.response(200, "Daily terminals statistics retrieved successfully")
    @get_app_model
    @setup_required
    @login_required
@ -141,7 +153,13 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/token-costs")
 class WorkflowDailyTokenCostStatistic(Resource):
    @api.doc("get_workflow_daily_token_cost_statistic")
    @api.doc(description="Get workflow daily token cost statistics")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
    @api.response(200, "Daily token cost statistics retrieved successfully")
    @get_app_model
    @setup_required
    @login_required
@ -208,7 +226,13 @@ WHERE
        return jsonify({"data": response_data})
@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/average-app-interactions")
 class WorkflowAverageAppInteractionStatistic(Resource):
    @api.doc("get_workflow_average_app_interaction_statistic")
    @api.doc(description="Get workflow average app interaction statistics")
    @api.doc(params={"app_id": "Application ID"})
    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
    @api.response(200, "Average app interaction statistics retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -285,11 +309,3 @@ GROUP BY
                )
        return jsonify({"data": response_data})
 api.add_resource(WorkflowDailyRunsStatistic, "/apps/<uuid:app_id>/workflow/statistics/daily-conversations")
 api.add_resource(WorkflowDailyTerminalsStatistic, "/apps/<uuid:app_id>/workflow/statistics/daily-terminals")
 api.add_resource(WorkflowDailyTokenCostStatistic, "/apps/<uuid:app_id>/workflow/statistics/token-costs")
 api.add_resource(
    WorkflowAverageAppInteractionStatistic, "/apps/<uuid:app_id>/workflow/statistics/average-app-interactions"
 )
--- a/api/controllers/console/app/wraps.py
+++ b/api/controllers/console/app/wraps.py
@ -1,6 +1,6 @@
 from collections.abc import Callable
 from functools import wraps
-from typing import Optional, ParamSpec, TypeVar, Union
+from typing import ParamSpec, TypeVar, Union
 from controllers.console.app.error import AppNotFoundError
 from extensions.ext_database import db
@ -12,7 +12,7 @@ P = ParamSpec("P")
 R = TypeVar("R")
-def _load_app_model(app_id: str) -> Optional[App]:
+def _load_app_model(app_id: str) -> App | None:
    assert isinstance(current_user, Account)
    app_model = (
        db.session.query(App)
@ -22,7 +22,7 @@ def _load_app_model(app_id: str) -> Optional[App]:
    return app_model
-def get_app_model(view: Optional[Callable[P, R]] = None, *, mode: Union[AppMode, list[AppMode], None] = None):
+def get_app_model(view: Callable[P, R] | None = None, *, mode: Union[AppMode, list[AppMode], None] = None):
    def decorator(view_func: Callable[P, R]):
        @wraps(view_func)
        def decorated_view(*args: P.args, **kwargs: P.kwargs):
--- a/api/controllers/console/auth/email_register.py
+++ b/api/controllers/console/auth/email_register.py
@ -0,0 +1,155 @@
 from flask import request
 from flask_restx import Resource, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from configs import dify_config
 from constants.languages import languages
 from controllers.console import api
 from controllers.console.auth.error import (
    EmailAlreadyInUseError,
    EmailCodeError,
    EmailRegisterLimitError,
    InvalidEmailError,
    InvalidTokenError,
    PasswordMismatchError,
 )
 from controllers.console.error import AccountInFreezeError, EmailSendIpLimitError
 from controllers.console.wraps import email_password_login_enabled, email_register_enabled, setup_required
 from extensions.ext_database import db
 from libs.helper import email, extract_remote_ip
 from libs.password import valid_password
 from models.account import Account
 from services.account_service import AccountService
 from services.billing_service import BillingService
 from services.errors.account import AccountNotFoundError, AccountRegisterError
 class EmailRegisterSendEmailApi(Resource):
    @setup_required
    @email_password_login_enabled
    @email_register_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
        parser.add_argument("language", type=str, required=False, location="json")
        args = parser.parse_args()
        ip_address = extract_remote_ip(request)
        if AccountService.is_email_send_ip_limit(ip_address):
            raise EmailSendIpLimitError()
        language = "en-US"
        if args["language"] in languages:
            language = args["language"]
        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args["email"]):
            raise AccountInFreezeError()
        with Session(db.engine) as session:
            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
        token = None
        token = AccountService.send_email_register_email(email=args["email"], account=account, language=language)
        return {"result": "success", "data": token}
 class EmailRegisterCheckApi(Resource):
    @setup_required
    @email_password_login_enabled
    @email_register_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=str, required=True, location="json")
        parser.add_argument("code", type=str, required=True, location="json")
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        args = parser.parse_args()
        user_email = args["email"]
        is_email_register_error_rate_limit = AccountService.is_email_register_error_rate_limit(args["email"])
        if is_email_register_error_rate_limit:
            raise EmailRegisterLimitError()
        token_data = AccountService.get_email_register_data(args["token"])
        if token_data is None:
            raise InvalidTokenError()
        if user_email != token_data.get("email"):
            raise InvalidEmailError()
        if args["code"] != token_data.get("code"):
            AccountService.add_email_register_error_rate_limit(args["email"])
            raise EmailCodeError()
        # Verified, revoke the first token
        AccountService.revoke_email_register_token(args["token"])
        # Refresh token data by generating a new token
        _, new_token = AccountService.generate_email_register_token(
            user_email, code=args["code"], additional_data={"phase": "register"}
        )
        AccountService.reset_email_register_error_rate_limit(args["email"])
        return {"is_valid": True, "email": token_data.get("email"), "token": new_token}
 class EmailRegisterResetApi(Resource):
    @setup_required
    @email_password_login_enabled
    @email_register_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        parser.add_argument("new_password", type=valid_password, required=True, nullable=False, location="json")
        parser.add_argument("password_confirm", type=valid_password, required=True, nullable=False, location="json")
        args = parser.parse_args()
        # Validate passwords match
        if args["new_password"] != args["password_confirm"]:
            raise PasswordMismatchError()
        # Validate token and get register data
        register_data = AccountService.get_email_register_data(args["token"])
        if not register_data:
            raise InvalidTokenError()
        # Must use token in reset phase
        if register_data.get("phase", "") != "register":
            raise InvalidTokenError()
        # Revoke token to prevent reuse
        AccountService.revoke_email_register_token(args["token"])
        email = register_data.get("email", "")
        with Session(db.engine) as session:
            account = session.execute(select(Account).filter_by(email=email)).scalar_one_or_none()
            if account:
                raise EmailAlreadyInUseError()
            else:
                account = self._create_new_account(email, args["password_confirm"])
                if not account:
                    raise AccountNotFoundError()
                token_pair = AccountService.login(account=account, ip_address=extract_remote_ip(request))
                AccountService.reset_login_error_rate_limit(email)
        return {"result": "success", "data": token_pair.model_dump()}
    def _create_new_account(self, email, password) -> Account | None:
        # Create new account if allowed
        account = None
        try:
            account = AccountService.create_account_and_tenant(
                email=email,
                name=email,
                password=password,
                interface_language=languages[0],
            )
        except AccountRegisterError:
            raise AccountInFreezeError()
        return account
 api.add_resource(EmailRegisterSendEmailApi, "/email-register/send-email")
 api.add_resource(EmailRegisterCheckApi, "/email-register/validity")
 api.add_resource(EmailRegisterResetApi, "/email-register")
--- a/api/controllers/console/auth/error.py
+++ b/api/controllers/console/auth/error.py
@ -27,21 +27,43 @@ class InvalidTokenError(BaseHTTPException):
 class PasswordResetRateLimitExceededError(BaseHTTPException):
    error_code = "password_reset_rate_limit_exceeded"
-    description = "Too many password reset emails have been sent. Please try again in 1 minute."
+    description = "Too many password reset emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 1):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class EmailRegisterRateLimitExceededError(BaseHTTPException):
    error_code = "email_register_rate_limit_exceeded"
    description = "Too many email register emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 1):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class EmailChangeRateLimitExceededError(BaseHTTPException):
    error_code = "email_change_rate_limit_exceeded"
-    description = "Too many email change emails have been sent. Please try again in 1 minute."
+    description = "Too many email change emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 1):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class OwnerTransferRateLimitExceededError(BaseHTTPException):
    error_code = "owner_transfer_rate_limit_exceeded"
-    description = "Too many owner transfer emails have been sent. Please try again in 1 minute."
+    description = "Too many owner transfer emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 1):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class EmailCodeError(BaseHTTPException):
    error_code = "email_code_error"
@ -69,15 +91,23 @@ class EmailPasswordLoginLimitError(BaseHTTPException):
 class EmailCodeLoginRateLimitExceededError(BaseHTTPException):
    error_code = "email_code_login_rate_limit_exceeded"
-    description = "Too many login emails have been sent. Please try again in 5 minutes."
+    description = "Too many login emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 5):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class EmailCodeAccountDeletionRateLimitExceededError(BaseHTTPException):
    error_code = "email_code_account_deletion_rate_limit_exceeded"
-    description = "Too many account deletion emails have been sent. Please try again in 5 minutes."
+    description = "Too many account deletion emails have been sent. Please try again in {minutes} minutes."
    code = 429
    def __init__(self, minutes: int = 5):
        description = self.description.format(minutes=int(minutes)) if self.description else None
        super().__init__(description=description)
 class EmailPasswordResetLimitError(BaseHTTPException):
    error_code = "email_password_reset_limit"
@ -85,6 +115,12 @@ class EmailPasswordResetLimitError(BaseHTTPException):
    code = 429
 class EmailRegisterLimitError(BaseHTTPException):
    error_code = "email_register_limit"
    description = "Too many failed email register attempts. Please try again in 24 hours."
    code = 429
 class EmailChangeLimitError(BaseHTTPException):
    error_code = "email_change_limit"
    description = "Too many failed email change attempts. Please try again in 24 hours."
--- a/api/controllers/console/auth/forgot_password.py
+++ b/api/controllers/console/auth/forgot_password.py
@ -6,7 +6,6 @@ from flask_restx import Resource, fields, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from constants.languages import languages
 from controllers.console import api, console_ns
 from controllers.console.auth.error import (
    EmailCodeError,
@ -15,7 +14,7 @@ from controllers.console.auth.error import (
    InvalidTokenError,
    PasswordMismatchError,
 )
-from controllers.console.error import AccountInFreezeError, AccountNotFound, EmailSendIpLimitError
+from controllers.console.error import AccountNotFound, EmailSendIpLimitError
 from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from extensions.ext_database import db
@ -23,8 +22,6 @@ from libs.helper import email, extract_remote_ip
 from libs.password import hash_password, valid_password
 from models.account import Account
 from services.account_service import AccountService, TenantService
 from services.errors.account import AccountRegisterError
 from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkspacesLimitExceededError
 from services.feature_service import FeatureService
@ -73,15 +70,13 @@ class ForgotPasswordSendEmailApi(Resource):
        with Session(db.engine) as session:
            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
-        token = None
+
-        if account is None:
+        token = AccountService.send_reset_password_email(
-            if FeatureService.get_system_features().is_allow_register:
+            account=account,
-                token = AccountService.send_reset_password_email(email=args["email"], language=language)
+            email=args["email"],
-                return {"result": "fail", "data": token, "code": "account_not_found"}
+            language=language,
-            else:
+            is_allow_register=FeatureService.get_system_features().is_allow_register,
-                raise AccountNotFound()
+        )
        else:
            token = AccountService.send_reset_password_email(account=account, email=args["email"], language=language)
        return {"result": "success", "data": token}
@ -207,7 +202,7 @@ class ForgotPasswordResetApi(Resource):
            if account:
                self._update_existing_account(account, password_hashed, salt, session)
            else:
-                self._create_new_account(email, args["password_confirm"])
+                raise AccountNotFound()
        return {"result": "success"}
@ -227,18 +222,7 @@ class ForgotPasswordResetApi(Resource):
            account.current_tenant = tenant
            tenant_was_created.send(tenant)
-    def _create_new_account(self, email, password):
+
-        # Create new account if allowed
+api.add_resource(ForgotPasswordSendEmailApi, "/forgot-password")
-        try:
+api.add_resource(ForgotPasswordCheckApi, "/forgot-password/validity")
-            AccountService.create_account_and_tenant(
+api.add_resource(ForgotPasswordResetApi, "/forgot-password/resets")
                email=email,
                name=email,
                password=password,
                interface_language=languages[0],
            )
        except WorkSpaceNotAllowedCreateError:
            pass
        except WorkspacesLimitExceededError:
            pass
        except AccountRegisterError:
            raise AccountInFreezeError()
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@ -26,7 +26,6 @@ from controllers.console.error import (
 from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
 from libs.password import valid_password
 from models.account import Account
 from services.account_service import AccountService, RegisterService, TenantService
 from services.billing_service import BillingService
@ -44,10 +43,9 @@ class LoginApi(Resource):
        """Authenticate user and login."""
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("password", type=valid_password, required=True, location="json")
+        parser.add_argument("password", type=str, required=True, location="json")
        parser.add_argument("remember_me", type=bool, required=False, default=False, location="json")
        parser.add_argument("invite_token", type=str, required=False, default=None, location="json")
        parser.add_argument("language", type=str, required=False, default="en-US", location="json")
        args = parser.parse_args()
        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args["email"]):
@ -61,11 +59,6 @@ class LoginApi(Resource):
        if invitation:
            invitation = RegisterService.get_invitation_if_token_valid(None, args["email"], invitation)
        if args["language"] is not None and args["language"] == "zh-Hans":
            language = "zh-Hans"
        else:
            language = "en-US"
        try:
            if invitation:
                data = invitation.get("data", {})
@ -80,12 +73,6 @@ class LoginApi(Resource):
        except services.errors.account.AccountPasswordError:
            AccountService.add_login_error_rate_limit(args["email"])
            raise AuthenticationFailedError()
        except services.errors.account.AccountNotFoundError:
            if FeatureService.get_system_features().is_allow_register:
                token = AccountService.send_reset_password_email(email=args["email"], language=language)
                return {"result": "fail", "data": token, "code": "account_not_found"}
            else:
                raise AccountNotFound()
        # SELF_HOSTED only have one workspace
        tenants = TenantService.get_join_tenants(account)
        if len(tenants) == 0:
@ -133,13 +120,12 @@ class ResetPasswordSendEmailApi(Resource):
        except AccountRegisterError:
            raise AccountInFreezeError()
-        if account is None:
+        token = AccountService.send_reset_password_email(
-            if FeatureService.get_system_features().is_allow_register:
+            email=args["email"],
-                token = AccountService.send_reset_password_email(email=args["email"], language=language)
+            account=account,
-            else:
+            language=language,
-                raise AccountNotFound()
+            is_allow_register=FeatureService.get_system_features().is_allow_register,
-        else:
+        )
            token = AccountService.send_reset_password_email(account=account, language=language)
        return {"result": "success", "data": token}
--- a/api/controllers/console/auth/oauth.py
+++ b/api/controllers/console/auth/oauth.py
@ -1,5 +1,4 @@
 import logging
 from typing import Optional
 import requests
 from flask import current_app, redirect, request
@ -18,6 +17,7 @@ from libs.oauth import GitHubOAuth, GoogleOAuth, OAuthUserInfo
 from models import Account
 from models.account import AccountStatus
 from services.account_service import AccountService, RegisterService, TenantService
 from services.billing_service import BillingService
 from services.errors.account import AccountNotFoundError, AccountRegisterError
 from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkSpaceNotFoundError
 from services.feature_service import FeatureService
@ -156,8 +156,8 @@ class OAuthCallback(Resource):
        )
-def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) -> Optional[Account]:
+def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) -> Account | None:
-    account: Optional[Account] = Account.get_by_openid(provider, user_info.id)
+    account: Account | None = Account.get_by_openid(provider, user_info.id)
    if not account:
        with Session(db.engine) as session:
@ -183,7 +183,15 @@ def _generate_account(provider: str, user_info: OAuthUserInfo):
    if not account:
        if not FeatureService.get_system_features().is_allow_register:
-            raise AccountNotFoundError()
+            if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(user_info.email):
                raise AccountRegisterError(
                    description=(
                        "This email account has been deleted within the past "
                        "30 days and is temporarily unavailable for new account registration"
                    )
                )
            else:
                raise AccountRegisterError(description=("Invalid email or password"))
        account_name = user_info.name or "Dify"
        account = RegisterService.register(
            email=user_info.email, name=account_name, password=None, open_id=user_info.id, provider=provider
--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@ -1,13 +1,13 @@
 import flask_restx
 from flask import request
 from flask_login import current_user
-from flask_restx import Resource, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal, marshal_with, reqparse
 from sqlalchemy import select
 from werkzeug.exceptions import Forbidden, NotFound
 import services
 from configs import dify_config
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.apikey import api_key_fields, api_key_list
 from controllers.console.app.error import ProviderNotInitializeError
 from controllers.console.datasets.error import DatasetInUseError, DatasetNameDuplicateError, IndexingEstimateError
@ -48,7 +48,21 @@ def _validate_description_length(description):
    return description
@console_ns.route("/datasets")
 class DatasetListApi(Resource):
    @api.doc("get_datasets")
    @api.doc(description="Get list of datasets")
    @api.doc(
        params={
            "page": "Page number (default: 1)",
            "limit": "Number of items per page (default: 20)",
            "ids": "Filter by dataset IDs (list)",
            "keyword": "Search keyword",
            "tag_ids": "Filter by tag IDs (list)",
            "include_all": "Include all datasets (default: false)",
        }
    )
    @api.response(200, "Datasets retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -100,6 +114,24 @@ class DatasetListApi(Resource):
        response = {"data": data, "has_more": len(datasets) == limit, "limit": limit, "total": total, "page": page}
        return response, 200
    @api.doc("create_dataset")
    @api.doc(description="Create a new dataset")
    @api.expect(
        api.model(
            "CreateDatasetRequest",
            {
                "name": fields.String(required=True, description="Dataset name (1-40 characters)"),
                "description": fields.String(description="Dataset description (max 400 characters)"),
                "indexing_technique": fields.String(description="Indexing technique"),
                "permission": fields.String(description="Dataset permission"),
                "provider": fields.String(description="Provider"),
                "external_knowledge_api_id": fields.String(description="External knowledge API ID"),
                "external_knowledge_id": fields.String(description="External knowledge ID"),
            },
        )
    )
    @api.response(201, "Dataset created successfully")
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -172,7 +204,14 @@ class DatasetListApi(Resource):
        return marshal(dataset, dataset_detail_fields), 201
@console_ns.route("/datasets/<uuid:dataset_id>")
 class DatasetApi(Resource):
    @api.doc("get_dataset")
    @api.doc(description="Get dataset details")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Dataset retrieved successfully", dataset_detail_fields)
    @api.response(404, "Dataset not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -215,6 +254,23 @@ class DatasetApi(Resource):
        return data, 200
    @api.doc("update_dataset")
    @api.doc(description="Update dataset details")
    @api.expect(
        api.model(
            "UpdateDatasetRequest",
            {
                "name": fields.String(description="Dataset name"),
                "description": fields.String(description="Dataset description"),
                "permission": fields.String(description="Dataset permission"),
                "indexing_technique": fields.String(description="Indexing technique"),
                "external_retrieval_model": fields.Raw(description="External retrieval model settings"),
            },
        )
    )
    @api.response(200, "Dataset updated successfully", dataset_detail_fields)
    @api.response(404, "Dataset not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -344,7 +400,12 @@ class DatasetApi(Resource):
            raise DatasetInUseError()
@console_ns.route("/datasets/<uuid:dataset_id>/use-check")
 class DatasetUseCheckApi(Resource):
    @api.doc("check_dataset_use")
    @api.doc(description="Check if dataset is in use")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Dataset use status retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -355,7 +416,12 @@ class DatasetUseCheckApi(Resource):
        return {"is_using": dataset_is_using}, 200
@console_ns.route("/datasets/<uuid:dataset_id>/queries")
 class DatasetQueryApi(Resource):
    @api.doc("get_dataset_queries")
    @api.doc(description="Get dataset query history")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Query history retrieved successfully", dataset_query_detail_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -385,7 +451,11 @@ class DatasetQueryApi(Resource):
        return response, 200
@console_ns.route("/datasets/indexing-estimate")
 class DatasetIndexingEstimateApi(Resource):
    @api.doc("estimate_dataset_indexing")
    @api.doc(description="Estimate dataset indexing cost")
    @api.response(200, "Indexing estimate calculated successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -486,7 +556,12 @@ class DatasetIndexingEstimateApi(Resource):
        return response.model_dump(), 200
@console_ns.route("/datasets/<uuid:dataset_id>/related-apps")
 class DatasetRelatedAppListApi(Resource):
    @api.doc("get_dataset_related_apps")
    @api.doc(description="Get applications related to dataset")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Related apps retrieved successfully", related_app_list)
    @setup_required
    @login_required
    @account_initialization_required
@ -513,7 +588,12 @@ class DatasetRelatedAppListApi(Resource):
        return {"data": related_apps, "total": len(related_apps)}, 200
@console_ns.route("/datasets/<uuid:dataset_id>/indexing-status")
 class DatasetIndexingStatusApi(Resource):
    @api.doc("get_dataset_indexing_status")
    @api.doc(description="Get dataset indexing status")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Indexing status retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -560,11 +640,15 @@ class DatasetIndexingStatusApi(Resource):
        return data, 200
@console_ns.route("/datasets/api-keys")
 class DatasetApiKeyApi(Resource):
    max_keys = 10
    token_prefix = "dataset-"
    resource_type = "dataset"
    @api.doc("get_dataset_api_keys")
    @api.doc(description="Get dataset API keys")
    @api.response(200, "API keys retrieved successfully", api_key_list)
    @setup_required
    @login_required
    @account_initialization_required
@ -609,9 +693,14 @@ class DatasetApiKeyApi(Resource):
        return api_token, 200
@console_ns.route("/datasets/api-keys/<uuid:api_key_id>")
 class DatasetApiDeleteApi(Resource):
    resource_type = "dataset"
    @api.doc("delete_dataset_api_key")
    @api.doc(description="Delete dataset API key")
    @api.doc(params={"api_key_id": "API key ID"})
    @api.response(204, "API key deleted successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -641,7 +730,11 @@ class DatasetApiDeleteApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/datasets/api-base-info")
 class DatasetApiBaseUrlApi(Resource):
    @api.doc("get_dataset_api_base_info")
    @api.doc(description="Get dataset API base information")
    @api.response(200, "API base info retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -649,7 +742,11 @@ class DatasetApiBaseUrlApi(Resource):
        return {"api_base_url": (dify_config.SERVICE_API_URL or request.host_url.rstrip("/")) + "/v1"}
@console_ns.route("/datasets/retrieval-setting")
 class DatasetRetrievalSettingApi(Resource):
    @api.doc("get_dataset_retrieval_setting")
    @api.doc(description="Get dataset retrieval settings")
    @api.response(200, "Retrieval settings retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -700,7 +797,12 @@ class DatasetRetrievalSettingApi(Resource):
                raise ValueError(f"Unsupported vector db type {vector_type}.")
@console_ns.route("/datasets/retrieval-setting/<string:vector_type>")
 class DatasetRetrievalSettingMockApi(Resource):
    @api.doc("get_dataset_retrieval_setting_mock")
    @api.doc(description="Get mock dataset retrieval settings by vector type")
    @api.doc(params={"vector_type": "Vector store type"})
    @api.response(200, "Mock retrieval settings retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -749,7 +851,13 @@ class DatasetRetrievalSettingMockApi(Resource):
                raise ValueError(f"Unsupported vector db type {vector_type}.")
@console_ns.route("/datasets/<uuid:dataset_id>/error-docs")
 class DatasetErrorDocs(Resource):
    @api.doc("get_dataset_error_docs")
    @api.doc(description="Get dataset error documents")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Error documents retrieved successfully")
    @api.response(404, "Dataset not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -763,7 +871,14 @@ class DatasetErrorDocs(Resource):
        return {"data": [marshal(item, document_status_fields) for item in results], "total": len(results)}, 200
@console_ns.route("/datasets/<uuid:dataset_id>/permission-part-users")
 class DatasetPermissionUserListApi(Resource):
    @api.doc("get_dataset_permission_users")
    @api.doc(description="Get dataset permission user list")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Permission users retrieved successfully")
    @api.response(404, "Dataset not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -784,7 +899,13 @@ class DatasetPermissionUserListApi(Resource):
        }, 200
@console_ns.route("/datasets/<uuid:dataset_id>/auto-disable-logs")
 class DatasetAutoDisableLogApi(Resource):
    @api.doc("get_dataset_auto_disable_logs")
    @api.doc(description="Get dataset auto disable logs")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.response(200, "Auto disable logs retrieved successfully")
    @api.response(404, "Dataset not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -794,20 +915,3 @@ class DatasetAutoDisableLogApi(Resource):
        if dataset is None:
            raise NotFound("Dataset not found.")
        return DatasetService.get_dataset_auto_disable_logs(dataset_id_str), 200
 api.add_resource(DatasetListApi, "/datasets")
 api.add_resource(DatasetApi, "/datasets/<uuid:dataset_id>")
 api.add_resource(DatasetUseCheckApi, "/datasets/<uuid:dataset_id>/use-check")
 api.add_resource(DatasetQueryApi, "/datasets/<uuid:dataset_id>/queries")
 api.add_resource(DatasetErrorDocs, "/datasets/<uuid:dataset_id>/error-docs")
 api.add_resource(DatasetIndexingEstimateApi, "/datasets/indexing-estimate")
 api.add_resource(DatasetRelatedAppListApi, "/datasets/<uuid:dataset_id>/related-apps")
 api.add_resource(DatasetIndexingStatusApi, "/datasets/<uuid:dataset_id>/indexing-status")
 api.add_resource(DatasetApiKeyApi, "/datasets/api-keys")
 api.add_resource(DatasetApiDeleteApi, "/datasets/api-keys/<uuid:api_key_id>")
 api.add_resource(DatasetApiBaseUrlApi, "/datasets/api-base-info")
 api.add_resource(DatasetRetrievalSettingApi, "/datasets/retrieval-setting")
 api.add_resource(DatasetRetrievalSettingMockApi, "/datasets/retrieval-setting/<string:vector_type>")
 api.add_resource(DatasetPermissionUserListApi, "/datasets/<uuid:dataset_id>/permission-part-users")
 api.add_resource(DatasetAutoDisableLogApi, "/datasets/<uuid:dataset_id>/auto-disable-logs")
--- a/api/controllers/console/datasets/datasets_document.py
+++ b/api/controllers/console/datasets/datasets_document.py
@ -5,12 +5,12 @@ from typing import Literal, cast
 from flask import request
 from flask_login import current_user
-from flask_restx import Resource, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal, marshal_with, reqparse
 from sqlalchemy import asc, desc, select
 from werkzeug.exceptions import Forbidden, NotFound
 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    ProviderModelCurrentlyNotSupportError,
    ProviderNotInitializeError,
@ -98,7 +98,12 @@ class DocumentResource(Resource):
        return documents
@console_ns.route("/datasets/process-rule")
 class GetProcessRuleApi(Resource):
    @api.doc("get_process_rule")
    @api.doc(description="Get dataset document processing rules")
    @api.doc(params={"document_id": "Document ID (optional)"})
    @api.response(200, "Process rules retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -140,7 +145,21 @@ class GetProcessRuleApi(Resource):
        return {"mode": mode, "rules": rules, "limits": limits}
@console_ns.route("/datasets/<uuid:dataset_id>/documents")
 class DatasetDocumentListApi(Resource):
    @api.doc("get_dataset_documents")
    @api.doc(description="Get documents in a dataset")
    @api.doc(
        params={
            "dataset_id": "Dataset ID",
            "page": "Page number (default: 1)",
            "limit": "Number of items per page (default: 20)",
            "keyword": "Search keyword",
            "sort": "Sort order (default: -created_at)",
            "fetch": "Fetch full details (default: false)",
        }
    )
    @api.response(200, "Documents retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -324,7 +343,23 @@ class DatasetDocumentListApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/datasets/init")
 class DatasetInitApi(Resource):
    @api.doc("init_dataset")
    @api.doc(description="Initialize dataset with documents")
    @api.expect(
        api.model(
            "DatasetInitRequest",
            {
                "upload_file_id": fields.String(required=True, description="Upload file ID"),
                "indexing_technique": fields.String(description="Indexing technique"),
                "process_rule": fields.Raw(description="Processing rules"),
                "data_source": fields.Raw(description="Data source configuration"),
            },
        )
    )
    @api.response(201, "Dataset initialized successfully", dataset_and_document_fields)
    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -394,7 +429,14 @@ class DatasetInitApi(Resource):
        return response
@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/indexing-estimate")
 class DocumentIndexingEstimateApi(DocumentResource):
    @api.doc("estimate_document_indexing")
    @api.doc(description="Estimate document indexing cost")
    @api.doc(params={"dataset_id": "Dataset ID", "document_id": "Document ID"})
    @api.response(200, "Indexing estimate calculated successfully")
    @api.response(404, "Document not found")
    @api.response(400, "Document already finished")
    @setup_required
    @login_required
    @account_initialization_required
@ -593,7 +635,13 @@ class DocumentBatchIndexingStatusApi(DocumentResource):
        return data
@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/indexing-status")
 class DocumentIndexingStatusApi(DocumentResource):
    @api.doc("get_document_indexing_status")
    @api.doc(description="Get document indexing status")
    @api.doc(params={"dataset_id": "Dataset ID", "document_id": "Document ID"})
    @api.response(200, "Indexing status retrieved successfully")
    @api.response(404, "Document not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -635,9 +683,21 @@ class DocumentIndexingStatusApi(DocumentResource):
        return marshal(document_dict, document_status_fields)
@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>")
 class DocumentApi(DocumentResource):
    METADATA_CHOICES = {"all", "only", "without"}
    @api.doc("get_document")
    @api.doc(description="Get document details")
    @api.doc(
        params={
            "dataset_id": "Dataset ID",
            "document_id": "Document ID",
            "metadata": "Metadata inclusion (all/only/without)",
        }
    )
    @api.response(200, "Document retrieved successfully")
    @api.response(404, "Document not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -746,7 +806,16 @@ class DocumentApi(DocumentResource):
        return {"result": "success"}, 204
@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/processing/<string:action>")
 class DocumentProcessingApi(DocumentResource):
    @api.doc("update_document_processing")
    @api.doc(description="Update document processing status (pause/resume)")
    @api.doc(
        params={"dataset_id": "Dataset ID", "document_id": "Document ID", "action": "Action to perform (pause/resume)"}
    )
    @api.response(200, "Processing status updated successfully")
    @api.response(404, "Document not found")
    @api.response(400, "Invalid action")
    @setup_required
    @login_required
    @account_initialization_required
@ -781,7 +850,23 @@ class DocumentProcessingApi(DocumentResource):
        return {"result": "success"}, 200
@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/metadata")
 class DocumentMetadataApi(DocumentResource):
    @api.doc("update_document_metadata")
    @api.doc(description="Update document metadata")
    @api.doc(params={"dataset_id": "Dataset ID", "document_id": "Document ID"})
    @api.expect(
        api.model(
            "UpdateDocumentMetadataRequest",
            {
                "doc_type": fields.String(description="Document type"),
                "doc_metadata": fields.Raw(description="Document metadata"),
            },
        )
    )
    @api.response(200, "Document metadata updated successfully")
    @api.response(404, "Document not found")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -1015,26 +1100,3 @@ class WebsiteDocumentSyncApi(DocumentResource):
        DocumentService.sync_website_document(dataset_id, document)
        return {"result": "success"}, 200
 api.add_resource(GetProcessRuleApi, "/datasets/process-rule")
 api.add_resource(DatasetDocumentListApi, "/datasets/<uuid:dataset_id>/documents")
 api.add_resource(DatasetInitApi, "/datasets/init")
 api.add_resource(
    DocumentIndexingEstimateApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/indexing-estimate"
 )
 api.add_resource(DocumentBatchIndexingEstimateApi, "/datasets/<uuid:dataset_id>/batch/<string:batch>/indexing-estimate")
 api.add_resource(DocumentBatchIndexingStatusApi, "/datasets/<uuid:dataset_id>/batch/<string:batch>/indexing-status")
 api.add_resource(DocumentIndexingStatusApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/indexing-status")
 api.add_resource(DocumentApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>")
 api.add_resource(
    DocumentProcessingApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/processing/<string:action>"
 )
 api.add_resource(DocumentMetadataApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/metadata")
 api.add_resource(DocumentStatusApi, "/datasets/<uuid:dataset_id>/documents/status/<string:action>/batch")
 api.add_resource(DocumentPauseApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/processing/pause")
 api.add_resource(DocumentRecoverApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/processing/resume")
 api.add_resource(DocumentRetryApi, "/datasets/<uuid:dataset_id>/retry")
 api.add_resource(DocumentRenameApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/rename")
 api.add_resource(WebsiteDocumentSyncApi, "/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/website-sync")
--- a/api/controllers/console/datasets/external.py
+++ b/api/controllers/console/datasets/external.py
@ -1,10 +1,10 @@
 from flask import request
 from flask_login import current_user
-from flask_restx import Resource, marshal, reqparse
+from flask_restx import Resource, fields, marshal, reqparse
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound
 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.datasets.error import DatasetNameDuplicateError
 from controllers.console.wraps import account_initialization_required, setup_required
 from fields.dataset_fields import dataset_detail_fields
@ -21,7 +21,18 @@ def _validate_name(name):
    return name
@console_ns.route("/datasets/external-knowledge-api")
 class ExternalApiTemplateListApi(Resource):
    @api.doc("get_external_api_templates")
    @api.doc(description="Get external knowledge API templates")
    @api.doc(
        params={
            "page": "Page number (default: 1)",
            "limit": "Number of items per page (default: 20)",
            "keyword": "Search keyword",
        }
    )
    @api.response(200, "External API templates retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -79,7 +90,13 @@ class ExternalApiTemplateListApi(Resource):
        return external_knowledge_api.to_dict(), 201
@console_ns.route("/datasets/external-knowledge-api/<uuid:external_knowledge_api_id>")
 class ExternalApiTemplateApi(Resource):
    @api.doc("get_external_api_template")
    @api.doc(description="Get external knowledge API template details")
    @api.doc(params={"external_knowledge_api_id": "External knowledge API ID"})
    @api.response(200, "External API template retrieved successfully")
    @api.response(404, "Template not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -138,7 +155,12 @@ class ExternalApiTemplateApi(Resource):
        return {"result": "success"}, 204
@console_ns.route("/datasets/external-knowledge-api/<uuid:external_knowledge_api_id>/use-check")
 class ExternalApiUseCheckApi(Resource):
    @api.doc("check_external_api_usage")
    @api.doc(description="Check if external knowledge API is being used")
    @api.doc(params={"external_knowledge_api_id": "External knowledge API ID"})
    @api.response(200, "Usage check completed successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -151,7 +173,24 @@ class ExternalApiUseCheckApi(Resource):
        return {"is_using": external_knowledge_api_is_using, "count": count}, 200
@console_ns.route("/datasets/external")
 class ExternalDatasetCreateApi(Resource):
    @api.doc("create_external_dataset")
    @api.doc(description="Create external knowledge dataset")
    @api.expect(
        api.model(
            "CreateExternalDatasetRequest",
            {
                "external_knowledge_api_id": fields.String(required=True, description="External knowledge API ID"),
                "external_knowledge_id": fields.String(required=True, description="External knowledge ID"),
                "name": fields.String(required=True, description="Dataset name"),
                "description": fields.String(description="Dataset description"),
            },
        )
    )
    @api.response(201, "External dataset created successfully", dataset_detail_fields)
    @api.response(400, "Invalid parameters")
    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -191,7 +230,24 @@ class ExternalDatasetCreateApi(Resource):
        return marshal(dataset, dataset_detail_fields), 201
@console_ns.route("/datasets/<uuid:dataset_id>/external-hit-testing")
 class ExternalKnowledgeHitTestingApi(Resource):
    @api.doc("test_external_knowledge_retrieval")
    @api.doc(description="Test external knowledge retrieval for dataset")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.expect(
        api.model(
            "ExternalHitTestingRequest",
            {
                "query": fields.String(required=True, description="Query text for testing"),
                "retrieval_model": fields.Raw(description="Retrieval model configuration"),
                "external_retrieval_model": fields.Raw(description="External retrieval model configuration"),
            },
        )
    )
    @api.response(200, "External hit testing completed successfully")
    @api.response(404, "Dataset not found")
    @api.response(400, "Invalid parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -228,8 +284,22 @@ class ExternalKnowledgeHitTestingApi(Resource):
            raise InternalServerError(str(e))
@console_ns.route("/test/retrieval")
 class BedrockRetrievalApi(Resource):
    # this api is only for internal testing
    @api.doc("bedrock_retrieval_test")
    @api.doc(description="Bedrock retrieval test (internal use only)")
    @api.expect(
        api.model(
            "BedrockRetrievalTestRequest",
            {
                "retrieval_setting": fields.Raw(required=True, description="Retrieval settings"),
                "query": fields.String(required=True, description="Query text"),
                "knowledge_id": fields.String(required=True, description="Knowledge ID"),
            },
        )
    )
    @api.response(200, "Bedrock retrieval test completed")
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("retrieval_setting", nullable=False, required=True, type=dict, location="json")
@ -247,12 +317,3 @@ class BedrockRetrievalApi(Resource):
            args["retrieval_setting"], args["query"], args["knowledge_id"]
        )
        return result, 200
 api.add_resource(ExternalKnowledgeHitTestingApi, "/datasets/<uuid:dataset_id>/external-hit-testing")
 api.add_resource(ExternalDatasetCreateApi, "/datasets/external")
 api.add_resource(ExternalApiTemplateListApi, "/datasets/external-knowledge-api")
 api.add_resource(ExternalApiTemplateApi, "/datasets/external-knowledge-api/<uuid:external_knowledge_api_id>")
 api.add_resource(ExternalApiUseCheckApi, "/datasets/external-knowledge-api/<uuid:external_knowledge_api_id>/use-check")
 # this api is only for internal test
 api.add_resource(BedrockRetrievalApi, "/test/retrieval")
--- a/api/controllers/console/datasets/hit_testing.py
+++ b/api/controllers/console/datasets/hit_testing.py
@ -1,6 +1,6 @@
-from flask_restx import Resource
+from flask_restx import Resource, fields
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.datasets.hit_testing_base import DatasetsHitTestingBase
 from controllers.console.wraps import (
    account_initialization_required,
@ -10,7 +10,25 @@ from controllers.console.wraps import (
 from libs.login import login_required
@console_ns.route("/datasets/<uuid:dataset_id>/hit-testing")
 class HitTestingApi(Resource, DatasetsHitTestingBase):
    @api.doc("test_dataset_retrieval")
    @api.doc(description="Test dataset knowledge retrieval")
    @api.doc(params={"dataset_id": "Dataset ID"})
    @api.expect(
        api.model(
            "HitTestingRequest",
            {
                "query": fields.String(required=True, description="Query text for testing"),
                "retrieval_model": fields.Raw(description="Retrieval model configuration"),
                "top_k": fields.Integer(description="Number of top results to return"),
                "score_threshold": fields.Float(description="Score threshold for filtering results"),
            },
        )
    )
    @api.response(200, "Hit testing completed successfully")
    @api.response(404, "Dataset not found")
    @api.response(400, "Invalid parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -23,6 +41,3 @@ class HitTestingApi(Resource, DatasetsHitTestingBase):
        self.hit_testing_args_check(args)
        return self.perform_hit_testing(dataset, args)
 api.add_resource(HitTestingApi, "/datasets/<uuid:dataset_id>/hit-testing")
--- a/api/controllers/console/datasets/website.py
+++ b/api/controllers/console/datasets/website.py
@ -1,13 +1,32 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.datasets.error import WebsiteCrawlError
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.login import login_required
 from services.website_service import WebsiteCrawlApiRequest, WebsiteCrawlStatusApiRequest, WebsiteService
@console_ns.route("/website/crawl")
 class WebsiteCrawlApi(Resource):
    @api.doc("crawl_website")
    @api.doc(description="Crawl website content")
    @api.expect(
        api.model(
            "WebsiteCrawlRequest",
            {
                "provider": fields.String(
                    required=True,
                    description="Crawl provider (firecrawl/watercrawl/jinareader)",
                    enum=["firecrawl", "watercrawl", "jinareader"],
                ),
                "url": fields.String(required=True, description="URL to crawl"),
                "options": fields.Raw(required=True, description="Crawl options"),
            },
        )
    )
    @api.response(200, "Website crawl initiated successfully")
    @api.response(400, "Invalid crawl parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -39,7 +58,14 @@ class WebsiteCrawlApi(Resource):
        return result, 200
@console_ns.route("/website/crawl/status/<string:job_id>")
 class WebsiteCrawlStatusApi(Resource):
    @api.doc("get_crawl_status")
    @api.doc(description="Get website crawl status")
    @api.doc(params={"job_id": "Crawl job ID", "provider": "Crawl provider (firecrawl/watercrawl/jinareader)"})
    @api.response(200, "Crawl status retrieved successfully")
    @api.response(404, "Crawl job not found")
    @api.response(400, "Invalid provider")
    @setup_required
    @login_required
    @account_initialization_required
@ -62,7 +88,3 @@ class WebsiteCrawlStatusApi(Resource):
        except Exception as e:
            raise WebsiteCrawlError(str(e))
        return result, 200
 api.add_resource(WebsiteCrawlApi, "/website/crawl")
 api.add_resource(WebsiteCrawlStatusApi, "/website/crawl/status/<string:job_id>")
--- a/api/controllers/console/explore/parameter.py
+++ b/api/controllers/console/explore/parameter.py
@ -20,7 +20,7 @@ class AppParameterApi(InstalledAppResource):
        if app_model is None:
            raise AppUnavailableError()
-        if app_model.mode in {AppMode.ADVANCED_CHAT.value, AppMode.WORKFLOW.value}:
+        if app_model.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}:
            workflow = app_model.workflow
            if workflow is None:
                raise AppUnavailableError()
--- a/api/controllers/console/explore/wraps.py
+++ b/api/controllers/console/explore/wraps.py
@ -1,6 +1,6 @@
 from collections.abc import Callable
 from functools import wraps
-from typing import Concatenate, Optional, ParamSpec, TypeVar
+from typing import Concatenate, ParamSpec, TypeVar
 from flask_login import current_user
 from flask_restx import Resource
@ -20,7 +20,7 @@ R = TypeVar("R")
 T = TypeVar("T")
-def installed_app_required(view: Optional[Callable[Concatenate[InstalledApp, P], R]] = None):
+def installed_app_required(view: Callable[Concatenate[InstalledApp, P], R] | None = None):
    def decorator(view: Callable[Concatenate[InstalledApp, P], R]):
        @wraps(view)
        def decorated(installed_app_id: str, *args: P.args, **kwargs: P.kwargs):
@ -50,7 +50,7 @@ def installed_app_required(view: Optional[Callable[Concatenate[InstalledApp, P],
    return decorator
-def user_allowed_to_access_app(view: Optional[Callable[Concatenate[InstalledApp, P], R]] = None):
+def user_allowed_to_access_app(view: Callable[Concatenate[InstalledApp, P], R] | None = None):
    def decorator(view: Callable[Concatenate[InstalledApp, P], R]):
        @wraps(view)
        def decorated(installed_app: InstalledApp, *args: P.args, **kwargs: P.kwargs):
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@ -242,6 +242,19 @@ def email_password_login_enabled(view: Callable[P, R]):
    return decorated
 def email_register_enabled(view):
    @wraps(view)
    def decorated(*args, **kwargs):
        features = FeatureService.get_system_features()
        if features.is_allow_register:
            return view(*args, **kwargs)
        # otherwise, return 403
        abort(403)
    return decorated
 def enable_change_email(view: Callable[P, R]):
    @wraps(view)
    def decorated(*args: P.args, **kwargs: P.kwargs):
--- a/api/controllers/files/init.py
+++ b/api/controllers/files/init.py
@ -14,6 +14,15 @@ api = ExternalApi(
 files_ns = Namespace("files", description="File operations", path="/")
-from . import image_preview, tool_files, upload  # pyright: ignore[reportUnusedImport]
+from . import image_preview, tool_files, upload
 api.add_namespace(files_ns)
 __all__ = [
    "api",
    "bp",
    "files_ns",
    "image_preview",
    "tool_files",
    "upload",
 ]
--- a/api/controllers/files/upload.py
+++ b/api/controllers/files/upload.py
@ -1,5 +1,4 @@
 from mimetypes import guess_extension
 from typing import Optional
 from flask_restx import Resource, reqparse
 from flask_restx.api import HTTPStatus
@ -73,11 +72,11 @@ class PluginUploadFileApi(Resource):
        nonce: str = args["nonce"]
        sign: str = args["sign"]
        tenant_id: str = args["tenant_id"]
-        user_id: Optional[str] = args.get("user_id")
+        user_id: str | None = args.get("user_id")
        user = get_user(tenant_id, user_id)
-        filename: Optional[str] = file.filename
+        filename: str | None = file.filename
-        mimetype: Optional[str] = file.mimetype
+        mimetype: str | None = file.mimetype
        if not filename or not mimetype:
            raise Forbidden("Invalid request.")
@ -86,7 +85,7 @@ class PluginUploadFileApi(Resource):
            filename=filename,
            mimetype=mimetype,
            tenant_id=tenant_id,
-            user_id=user_id,
+            user_id=user.id,
            timestamp=timestamp,
            nonce=nonce,
            sign=sign,
--- a/api/controllers/inner_api/init.py
+++ b/api/controllers/inner_api/init.py
@ -15,8 +15,17 @@ api = ExternalApi(
 # Create namespace
 inner_api_ns = Namespace("inner_api", description="Internal API operations", path="/")
-from . import mail as _mail  # pyright: ignore[reportUnusedImport]
+from . import mail as _mail
-from .plugin import plugin as _plugin  # pyright: ignore[reportUnusedImport]
+from .plugin import plugin as _plugin
-from .workspace import workspace as _workspace  # pyright: ignore[reportUnusedImport]
+from .workspace import workspace as _workspace
 api.add_namespace(inner_api_ns)
 __all__ = [
    "_mail",
    "_plugin",
    "_workspace",
    "api",
    "bp",
    "inner_api_ns",
 ]
--- a/api/controllers/inner_api/plugin/wraps.py
+++ b/api/controllers/inner_api/plugin/wraps.py
@ -1,6 +1,6 @@
 from collections.abc import Callable
 from functools import wraps
-from typing import Optional, ParamSpec, TypeVar, cast
+from typing import ParamSpec, TypeVar, cast
 from flask import current_app, request
 from flask_login import user_logged_in
@ -8,11 +8,10 @@ from flask_restx import reqparse
 from pydantic import BaseModel
 from sqlalchemy.orm import Session
 from core.file.constants import DEFAULT_SERVICE_API_USER_ID
 from extensions.ext_database import db
 from libs.login import current_user
 from models.account import Tenant
-from models.model import EndUser
+from models.model import DefaultEndUserSessionID, EndUser
 P = ParamSpec("P")
 R = TypeVar("R")
@ -28,7 +27,7 @@ def get_user(tenant_id: str, user_id: str | None) -> EndUser:
    try:
        with Session(db.engine) as session:
            if not user_id:
-                user_id = DEFAULT_SERVICE_API_USER_ID
+                user_id = DefaultEndUserSessionID.DEFAULT_SESSION_ID.value
            user_model = (
                session.query(EndUser)
@ -42,7 +41,7 @@ def get_user(tenant_id: str, user_id: str | None) -> EndUser:
                user_model = EndUser(
                    tenant_id=tenant_id,
                    type="service_api",
-                    is_anonymous=user_id == DEFAULT_SERVICE_API_USER_ID,
+                    is_anonymous=user_id == DefaultEndUserSessionID.DEFAULT_SESSION_ID.value,
                    session_id=user_id,
                )
                session.add(user_model)
@ -55,7 +54,7 @@ def get_user(tenant_id: str, user_id: str | None) -> EndUser:
    return user_model
-def get_user_tenant(view: Optional[Callable[P, R]] = None):
+def get_user_tenant(view: Callable[P, R] | None = None):
    def decorator(view_func: Callable[P, R]):
        @wraps(view_func)
        def decorated_view(*args: P.args, **kwargs: P.kwargs):
@ -73,7 +72,7 @@ def get_user_tenant(view: Optional[Callable[P, R]] = None):
                raise ValueError("tenant_id is required")
            if not user_id:
-                user_id = DEFAULT_SERVICE_API_USER_ID
+                user_id = DefaultEndUserSessionID.DEFAULT_SESSION_ID.value
            try:
                tenant_model = (
@ -107,7 +106,7 @@ def get_user_tenant(view: Optional[Callable[P, R]] = None):
        return decorator(view)
-def plugin_data(view: Optional[Callable[P, R]] = None, *, payload_type: type[BaseModel]):
+def plugin_data(view: Callable[P, R] | None = None, *, payload_type: type[BaseModel]):
    def decorator(view_func: Callable[P, R]):
        def decorated_view(*args: P.args, **kwargs: P.kwargs):
            try:
--- a/api/controllers/mcp/init.py
+++ b/api/controllers/mcp/init.py
@ -14,6 +14,13 @@ api = ExternalApi(
 mcp_ns = Namespace("mcp", description="MCP operations", path="/")
-from . import mcp  # pyright: ignore[reportUnusedImport]
+from . import mcp
 api.add_namespace(mcp_ns)
 __all__ = [
    "api",
    "bp",
    "mcp",
    "mcp_ns",
 ]
--- a/api/controllers/mcp/mcp.py
+++ b/api/controllers/mcp/mcp.py
@ -1,4 +1,4 @@
-from typing import Optional, Union
+from typing import Union
 from flask import Response
 from flask_restx import Resource, reqparse
@ -73,7 +73,7 @@ class MCPAppApi(Resource):
            ValidationError: Invalid request format or parameters
        """
        args = mcp_request_parser.parse_args()
-        request_id: Optional[Union[int, str]] = args.get("id")
+        request_id: Union[int, str] | None = args.get("id")
        mcp_request = self._parse_mcp_request(args)
        with Session(db.engine, expire_on_commit=False) as session:
@ -107,7 +107,7 @@ class MCPAppApi(Resource):
    def _process_mcp_message(
        self,
        mcp_request: mcp_types.ClientRequest | mcp_types.ClientNotification,
-        request_id: Optional[Union[int, str]],
+        request_id: Union[int, str] | None,
        app: App,
        mcp_server: AppMCPServer,
        user_input_form: list[VariableEntity],
@ -130,7 +130,7 @@ class MCPAppApi(Resource):
    def _handle_request(
        self,
        mcp_request: mcp_types.ClientRequest,
-        request_id: Optional[Union[int, str]],
+        request_id: Union[int, str] | None,
        app: App,
        mcp_server: AppMCPServer,
        user_input_form: list[VariableEntity],
@ -150,7 +150,7 @@ class MCPAppApi(Resource):
    def _get_user_input_form(self, app: App) -> list[VariableEntity]:
        """Get and convert user input form"""
        # Get raw user input form based on app mode
-        if app.mode in {AppMode.ADVANCED_CHAT.value, AppMode.WORKFLOW.value}:
+        if app.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}:
            if not app.workflow:
                raise MCPRequestError(mcp_types.INVALID_REQUEST, "App is unavailable")
            raw_user_input_form = app.workflow.user_input_form(to_old_structure=True)
--- a/api/controllers/service_api/init.py
+++ b/api/controllers/service_api/init.py
@ -14,27 +14,46 @@ api = ExternalApi(
 service_api_ns = Namespace("service_api", description="Service operations", path="/")
-from . import index  # pyright: ignore[reportUnusedImport]
+from . import index
 from .app import (
-    annotation,  # pyright: ignore[reportUnusedImport]
+    annotation,
-    app,  # pyright: ignore[reportUnusedImport]
+    app,
-    audio,  # pyright: ignore[reportUnusedImport]
+    audio,
-    completion,  # pyright: ignore[reportUnusedImport]
+    completion,
-    conversation,  # pyright: ignore[reportUnusedImport]
+    conversation,
-    file,  # pyright: ignore[reportUnusedImport]
+    file,
-    file_preview,  # pyright: ignore[reportUnusedImport]
+    file_preview,
-    message,  # pyright: ignore[reportUnusedImport]
+    message,
-    site,  # pyright: ignore[reportUnusedImport]
+    site,
-    workflow,  # pyright: ignore[reportUnusedImport]
+    workflow,
 )
 from .dataset import (
-    dataset,  # pyright: ignore[reportUnusedImport]
+    dataset,
-    document,  # pyright: ignore[reportUnusedImport]
+    document,
-    hit_testing,  # pyright: ignore[reportUnusedImport]
+    hit_testing,
-    metadata,  # pyright: ignore[reportUnusedImport]
+    metadata,
-    segment,  # pyright: ignore[reportUnusedImport]
+    segment,
    upload_file,  # pyright: ignore[reportUnusedImport]
 )
-from .workspace import models  # pyright: ignore[reportUnusedImport]
+from .workspace import models
 __all__ = [
    "annotation",
    "app",
    "audio",
    "completion",
    "conversation",
    "dataset",
    "document",
    "file",
    "file_preview",
    "hit_testing",
    "index",
    "message",
    "metadata",
    "models",
    "segment",
    "site",
    "workflow",
 ]
 api.add_namespace(service_api_ns)
--- a/api/controllers/service_api/app/annotation.py
+++ b/api/controllers/service_api/app/annotation.py
@ -165,7 +165,7 @@ class AnnotationUpdateDeleteApi(Resource):
    def put(self, app_model: App, annotation_id):
        """Update an existing annotation."""
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        annotation_id = str(annotation_id)
@ -189,7 +189,7 @@ class AnnotationUpdateDeleteApi(Resource):
        """Delete an annotation."""
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        annotation_id = str(annotation_id)
--- a/Show More
+++ b/Show More