diff --git a/.agents/skills/how-to-write-component/SKILL.md b/.agents/skills/how-to-write-component/SKILL.md index 738ec9de95a..8a480c8fd09 100644 --- a/.agents/skills/how-to-write-component/SKILL.md +++ b/.agents/skills/how-to-write-component/SKILL.md @@ -36,19 +36,30 @@ Use this as the decision guide for React/TypeScript component structure. Existin - Avoid prop drilling. One pass-through layer is acceptable; repeated forwarding means ownership should move down or into feature-scoped Jotai UI state. Keep server/cache state in query and API data flow. - Do not replace prop drilling with one top-level hook that returns a large view model and then thread that object through section props. Move each hook, query, derived value, and handler to the concrete section that consumes it, or use feature-scoped Jotai atoms for simple shared form/UI state when siblings need the same source of truth. - When using feature-scoped Jotai state for a form, drawer, or other secondary surface, scope the store to that surface instance when stale cross-instance state is possible. Initialize stable config at the owning boundary, then let descendants read only the atoms or purpose-named hooks they actually need. +- For Jotai-backed surfaces, put shared query atoms, mutation atoms, derived state, and write actions in the feature state file when they coordinate multiple descendants. The lowest-owner rule still applies to independent visual surfaces that do not participate in shared state. +- For repeated row/menu action surfaces that need reset, hydrate the stable identity at the surface entry and scope only the primitives that truly need per-instance reset, such as open flags, drafts, or selected local options. - Keep callbacks in a parent only for workflow coordination such as form submission, shared selection, batch behavior, or navigation. Otherwise let the child or row own its action. - Prefer uncontrolled DOM state and CSS variables before adding controlled props. ## Feature-Scoped Jotai State - A module's feature-local state lives in one state file for Jotai-backed features: primitive atoms, query atoms, derived atoms, write-only action atoms, mutation atoms, submission orchestration, provider exports, and optional scope configuration. +- Keep state local when one component owns it, even inside Jotai-backed features. Dialog open flags, menu/popover visibility, confirmation visibility, form/input drafts, row-local pending flags, and in-flight refs usually belong in component state. +- Promote UI state to an atom only when siblings need the same source of truth, the value drives a query or mutation atom, a parent workflow coordinates the state, or the state intentionally persists across hidden or unmounted descendants within a scoped surface. +- Reflect atom-backed surface-wide locks or invariants in every affected trigger. If only one row, menu, or dialog should be disabled, keep the pending or lock state local to that row, menu, or dialog. - Atom order in the state file follows the dependency graph: types/constants, editable primitives, query atoms, query-data derived atoms, readiness/business derived atoms, write actions, mutation atoms, submission orchestration, provider exports. - Derived atom names read as business facts. Write atom names read as user or workflow commands. - UI components read and write the exact atom they use with `useAtomValue` or `useSetAtom`. Repeated workflow semantics live in named derived atoms or write atoms. -- Non-query derived atoms return a narrow value with a clear domain name. Query atoms expose the TanStack Query result object so loading, error, fetch, and pagination state stay attached to the query contract. -- Write-only atoms own state transitions that update multiple primitives, reset dependent state, guard stale async work, or advance the workflow. +- Non-query derived atoms return a narrow value with a clear domain name; avoid pass-through aliases or bundling unrelated UI facts. Query atoms expose the TanStack Query result object so loading, error, fetch, and pagination state stay attached to the query contract. +- Write-only atoms own synchronous state transitions that update multiple primitives, reset dependent state, or advance the workflow. Async work with loading, error, caching, retry, or stale-result concerns should be modeled as query or mutation atoms, with write atoms only changing the inputs that drive them. +- Avoid feature hooks that aggregate form values, query results, derived state, and commands for sibling components. Prefer named derived atoms and write atoms so UI components read the exact shared fact or command they need. +- When a form library owns validation, keep submit orchestration in feature state when post-submit result or error state is shared by the surface. Avoid duplicating validation gates or request shaping in UI hooks. - `jotai-tanstack-query` atoms use the same QueryClient as the React Query provider. Query atoms belong in feature state when atoms are the feature's local state surface. -- Jotai scope is an optional instance-isolation tool for secondary surfaces with independent local state. Query atoms keep shared cache behavior through the shared QueryClient. +- Jotai scope is an optional instance-isolation tool for secondary surfaces with independent local state. Query and mutation atoms keep shared cache behavior through the shared QueryClient. +- Do not put `atomWithQuery`, `atomWithInfiniteQuery`, `atomWithMutation`, or broad derived orchestration atoms in a `ScopeProvider` just to reset a surface. Scoped derived atoms implicitly scope their dependencies, which can duplicate query client access and break shared invalidation. Leave query/mutation atoms unscoped; let them read scoped primitive inputs. +- Scope providers should list resettable primitive atoms and explicit hydration tuples. If a derived atom must be scoped, confirm that every dependency it implicitly scopes is meant to be private to that surface. +- Keep independent dialog lifecycles separate. Avoid a single discriminated "current action dialog" atom when edit, delete, and other dialogs have their own open state, loading guard, or reset behavior. +- Route-derived stable identities that do not need instance reset or scoped isolation can be hydrated at the route or layout boundary into a feature route atom. Use scoped atoms only when stale cross-instance state or per-surface reset semantics are needed. ## Components, Props, And Types @@ -71,6 +82,7 @@ Use this as the decision guide for React/TypeScript component structure. Existin - Use generated enum objects and union types directly in props, comparisons, status logic, and i18n keys. Do not add local enum constants or parallel frontend enum/status layers unless they model real product state not represented by the API. Presentation-only tone maps should be keyed by the generated enum. - Normalize or coerce only at a real boundary, such as user-entered forms, search, URL/query params, file names, DOM IDs, or legacy adapters. Preserve user-entered values when whitespace or formatting can be meaningful. - Do not coerce nullable or optional API strings to `''` in query, derived model, or payload-building code. Keep `undefined` or `null` until the final boundary that requires a string. +- Do not use `value || undefined` for mutation payload fields where an empty string means "clear this value". Trim or normalize at the form boundary, then preserve `''` when the API contract treats it as an intentional update. - Local UI models are fine for presentation, form state, select options, or guarded required-field refinements. Name them as UI concepts, not generated DTO mirrors. - Required-value refinements are allowed only after same-branch filtering or early return. Prefer nullable-tolerant props for render-only data. - When a component needs a stricter shape than a generated DTO, refine once at the API/query-to-UI boundary into a purpose-named UI type instead of hiding missing fields with generic fallback or coercion helpers. @@ -90,12 +102,17 @@ Use this as the decision guide for React/TypeScript component structure. Existin - Keep `web/contract/*` as the single source of truth for API shape; follow existing domain/router patterns and the `{ params, query?, body? }` input shape. - Consume queries directly with `useQuery(consoleQuery.xxx.queryOptions(...))` or `useQuery(marketplaceQuery.xxx.queryOptions(...))`. +- In `atomWithQuery` and `atomWithInfiniteQuery`, return generated `queryOptions()` or `infiniteOptions()` directly. Pass `enabled`, `retry`, `placeholderData`, `select`, and pagination options into that call instead of spreading generated options into a hand-built object. +- In `atomWithMutation`, return generated `mutationOptions()` directly when using generated clients. Put request shaping and submit orchestration in write atoms; do not rebuild mutation option objects just to pass through the generated mutation function. +- For custom query functions that do not come from generated clients, wrap the options object with TanStack `queryOptions(...)` so query atoms still return a query options contract. - Avoid pass-through hooks and thin `web/service/use-*` wrappers that only rename `queryOptions()` or `mutationOptions()`. Extract a small `queryOptions` helper only when repeated call-site options justify it. - Keep feature hooks for real orchestration, workflow state, or shared domain behavior. - For TanStack cache data, use generated or query-derived types; do not create local wrappers for `getQueryData` or `getQueriesData`. -- For generated oRPC `queryOptions()` / `infiniteOptions()`, do not pass `skipToken` as `input`; keep a valid placeholder input shape and use `enabled` to gate missing required params because the OpenAPI codec encodes input eagerly. +- For generated oRPC `queryOptions()` / `infiniteOptions()`, keep returning the generated options directly. When required input is missing, use a whole-input branch such as `input: condition ? validInput : skipToken` together with `enabled: Boolean(condition)` so no request runs and no fake payload is built. +- Do not put `skipToken` inside a nested placeholder payload, such as `{ params: { appInstanceId: skipToken } }`. Do not create hand-written "missing queryOptions" objects or coerce required IDs to `''`. - Consume mutations directly with `useMutation(consoleQuery.xxx.mutationOptions(...))` or `useMutation(marketplaceQuery.xxx.mutationOptions(...))`; use oRPC clients as `mutationFn` only for custom flows. - Put shared cache behavior in `createTanstackQueryUtils(...experimental_defaults...)`; components may add UI feedback callbacks, but should not own shared invalidation rules. +- Component or atom mutation callbacks can handle local UI feedback such as toasts, closing dialogs, or navigation. They should not replace shared invalidation or add local cache patches for shared server state. - Do not use deprecated `useInvalid` or `useReset`. - Prefer `mutate(...)`; use `mutateAsync(...)` only when Promise semantics are required, and wrap awaited calls in `try/catch`. @@ -107,8 +124,9 @@ Use this as the decision guide for React/TypeScript component structure. Existin - Keep cohesive forms, menu bodies, and one-off helpers local unless they need their own state, reuse, or semantic boundary. - Separate hidden secondary surfaces from the trigger's main flow. For dialogs, dropdowns, popovers, and similar branches, extract a small local component that owns the trigger, open state, and hidden content when it would obscure the parent flow. - Preserve composability by separating behavior ownership from layout ownership. A dropdown action may own its trigger, open state, and menu content; the caller owns placement such as slots, offsets, and alignment. +- When a dialog, dropdown, or popover component already accepts controlled `open` state, mount the surface unconditionally unless unmounting is required for performance or reset semantics. Use keyed scope or local state reset for reset behavior instead of `{open && }` wrappers. - Avoid unnecessary DOM hierarchy. Do not add wrapper elements unless they provide layout, semantics, accessibility, state ownership, or integration with a library API; prefer fragments or styling an existing element when possible. -- Avoid shallow wrappers, hook-to-props adapter components, layout-only render-prop wrappers, and prop renaming unless the wrapper adds validation, orchestration, error handling, state ownership, or a real semantic boundary. If a component only calls a hook and forwards every returned field to one child, move the hook into that child or make the wrapper own a real surface. +- Avoid shallow wrappers, hook-to-props adapter components, layout-only render-prop wrappers, children-as-pass-through composition, and prop renaming unless the wrapper adds validation, orchestration, error handling, state ownership, or a real semantic boundary. If a component only calls a hook, forwards props, or passes trigger/content through to one child, move the logic into that child or make the wrapper own a real surface. ## You Might Not Need An Effect @@ -117,6 +135,7 @@ Use this as the decision guide for React/TypeScript component structure. Existin - Do not use Effects to handle user actions. Put action-specific logic in the event handler where the cause is known. - Do not use Effects to copy one state value into another state value representing the same concept. Pick one source of truth and derive the rest during render. - Do not reset or adjust state from props with an Effect. Prefer a `key` reset, storing a stable ID and deriving the selected object, or guarded same-component render-time adjustment when truly necessary. +- For forms initialized from query data, prefer keyed remounts or surface-entry hydration of form/field atoms over an Effect that copies query data into form state. - Prefer framework data APIs or TanStack Query for data fetching instead of writing request Effects in components. - If an Effect still seems necessary, first name the external system it synchronizes with. If there is no external system, remove the Effect and restructure the state or event flow. diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 2ff4e8c2123..63ce63cad42 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -8,8 +8,6 @@ on: - "build/**" - "release/e-*" - "hotfix/**" - - "feat/hitl-backend" - - "feat/rbac" tags: - "*" @@ -23,6 +21,7 @@ env: DIFY_WEB_IMAGE_NAME: ${{ vars.DIFY_WEB_IMAGE_NAME || 'langgenius/dify-web' }} DIFY_API_IMAGE_NAME: ${{ vars.DIFY_API_IMAGE_NAME || 'langgenius/dify-api' }} DIFY_AGENT_IMAGE_NAME: ${{ vars.DIFY_AGENT_IMAGE_NAME || 'langgenius/dify-agent-backend' }} + DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME: ${{ vars.DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME || 'langgenius/dify-agent-local-sandbox' }} jobs: build: @@ -76,6 +75,20 @@ jobs: file: "dify-agent/Dockerfile" platform: linux/arm64 runs_on: depot-ubuntu-24.04-4 + - service_name: "build-agent-local-sandbox-amd64" + image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME" + artifact_context: "local-sandbox" + build_context: "{{defaultContext}}:dify-agent" + file: "docker/local-sandbox/Dockerfile" + platform: linux/amd64 + runs_on: depot-ubuntu-24.04-4 + - service_name: "build-agent-local-sandbox-arm64" + image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME" + artifact_context: "local-sandbox" + build_context: "{{defaultContext}}:dify-agent" + file: "docker/local-sandbox/Dockerfile" + platform: linux/arm64 + runs_on: depot-ubuntu-24.04-4 steps: - name: Prepare @@ -141,6 +154,9 @@ jobs: - service_name: "validate-agent-amd64" build_context: "{{defaultContext}}" file: "dify-agent/Dockerfile" + - service_name: "validate-agent-local-sandbox-amd64" + build_context: "{{defaultContext}}:dify-agent" + file: "docker/local-sandbox/Dockerfile" steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 @@ -169,6 +185,9 @@ jobs: - service_name: "merge-agent-images" image_name_env: "DIFY_AGENT_IMAGE_NAME" context: "agent" + - service_name: "merge-agent-local-sandbox-images" + image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME" + context: "local-sandbox" steps: - name: Download digests uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 diff --git a/.github/workflows/deploy-hitl.yml b/.github/workflows/deploy-hitl.yml deleted file mode 100644 index 0da241cf959..00000000000 --- a/.github/workflows/deploy-hitl.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Deploy HITL - -on: - workflow_run: - workflows: ["Build and Push API & Web"] - branches: - - "build/feat/hitl" - types: - - completed - -jobs: - deploy: - runs-on: depot-ubuntu-24.04 - if: | - github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.head_branch == 'build/feat/hitl' - steps: - - name: Deploy to server - uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5 - with: - host: ${{ secrets.HITL_SSH_HOST }} - username: ${{ secrets.SSH_USER }} - key: ${{ secrets.SSH_PRIVATE_KEY }} - script: | - ${{ vars.SSH_SCRIPT || secrets.SSH_SCRIPT }} diff --git a/api/.env.example b/api/.env.example index 8a2af53c6e7..3aa107130f9 100644 --- a/api/.env.example +++ b/api/.env.example @@ -768,7 +768,6 @@ EVENT_BUS_REDIS_CHANNEL_TYPE=pubsub # Whether to use Redis cluster mode while use redis as event bus. # It's highly recommended to enable this for large deployments. EVENT_BUS_REDIS_USE_CLUSTERS=false -EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS=2000 # Whether to Enable human input timeout check task ENABLE_HUMAN_INPUT_TIMEOUT_TASK=true diff --git a/api/clients/agent_backend/request_builder.py b/api/clients/agent_backend/request_builder.py index c245a09e970..6eadd4ce3d8 100644 --- a/api/clients/agent_backend/request_builder.py +++ b/api/clients/agent_backend/request_builder.py @@ -78,6 +78,13 @@ def _filter_snapshot_to_specs( return CompositorSessionSnapshot(schema_version=snapshot.schema_version, layers=filtered_layers) +def _shell_layer_deps(*, include_drive: bool) -> dict[str, str]: + deps = {"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID} + if include_drive: + deps["drive"] = DIFY_DRIVE_LAYER_ID + return deps + + class AgentBackendModelConfig(BaseModel): """API-side model/plugin selection before it is converted to Dify Agent layers.""" @@ -263,6 +270,7 @@ class AgentBackendRunRequestBuilder: RunLayerSpec( name=DIFY_DRIVE_LAYER_ID, type=DIFY_DRIVE_LAYER_TYPE_ID, + deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID}, metadata=run_input.metadata, config=run_input.drive_config, ) @@ -329,14 +337,15 @@ class AgentBackendRunRequestBuilder: ) if run_input.include_shell: - # Sandboxed bash workspace (dify.shell). Depends on execution_context so - # the agent server can mint per-command Agent Stub env (back proxy); + # Sandboxed bash workspace (dify.shell). Depends on execution_context + # so the agent server can mint per-command Agent Stub env, and on + # drive when present so that env points at /mnt/drive/. # shellctl connection itself is server-injected. layers.append( RunLayerSpec( name=DIFY_SHELL_LAYER_ID, type=DIFY_SHELL_LAYER_TYPE_ID, - deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID}, + deps=_shell_layer_deps(include_drive=run_input.drive_config is not None), metadata=run_input.metadata, config=run_input.shell_config or DifyShellLayerConfig(), ) @@ -460,6 +469,7 @@ class AgentBackendRunRequestBuilder: RunLayerSpec( name=DIFY_DRIVE_LAYER_ID, type=DIFY_DRIVE_LAYER_TYPE_ID, + deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID}, metadata=run_input.metadata, config=run_input.drive_config, ) @@ -528,14 +538,15 @@ class AgentBackendRunRequestBuilder: ) if run_input.include_shell: - # Sandboxed bash workspace (dify.shell). Depends on execution_context so - # the agent server can mint per-command Agent Stub env (back proxy); + # Sandboxed bash workspace (dify.shell). Depends on execution_context + # so the agent server can mint per-command Agent Stub env, and on + # drive when present so that env points at /mnt/drive/. # shellctl connection itself is server-injected. layers.append( RunLayerSpec( name=DIFY_SHELL_LAYER_ID, type=DIFY_SHELL_LAYER_TYPE_ID, - deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID}, + deps=_shell_layer_deps(include_drive=run_input.drive_config is not None), metadata=run_input.metadata, config=run_input.shell_config or DifyShellLayerConfig(), ) diff --git a/api/commands/__init__.py b/api/commands/__init__.py index 94321ed1e49..e4207bea74e 100644 --- a/api/commands/__init__.py +++ b/api/commands/__init__.py @@ -25,6 +25,7 @@ from .plugin import ( from .rbac import migrate_member_roles_to_rbac from .retention import ( archive_workflow_runs, + archive_workflow_runs_plan, clean_expired_messages, clean_workflow_runs, cleanup_orphaned_draft_variables, @@ -51,6 +52,7 @@ from .vector import ( __all__ = [ "add_qdrant_index", "archive_workflow_runs", + "archive_workflow_runs_plan", "backfill_plugin_auto_upgrade", "clean_expired_messages", "clean_workflow_runs", diff --git a/api/commands/retention.py b/api/commands/retention.py index 657a2a2e839..1386e367aff 100644 --- a/api/commands/retention.py +++ b/api/commands/retention.py @@ -12,10 +12,160 @@ from services.clear_free_plan_tenant_expired_logs import ClearFreePlanTenantExpi from services.retention.conversation.messages_clean_policy import create_message_clean_policy from services.retention.conversation.messages_clean_service import MessagesCleanService from services.retention.workflow_run.clear_free_plan_expired_workflow_run_logs import WorkflowRunCleanup +from services.retention.workflow_run.tenant_prefix import tenant_prefix_condition from tasks.remove_app_and_related_data_task import delete_draft_variables_batch logger = logging.getLogger(__name__) +_HEX_PREFIXES = tuple("0123456789abcdef") + + +class WorkflowRunArchivePlanRow(TypedDict): + tenant_prefix: str + total_tenants: int + workflow_runs: int + workflow_node_executions: int + paid_tenants: int + unpaid_tenants: int + + +class WorkflowRunArchiveTenantPlan(TypedDict): + archive_tenant_ids: list[str] | None + paid_tenant_ids: list[str] + unpaid_tenant_ids: list[str] + + +def _parse_tenant_prefixes(prefixes: str | None) -> list[str]: + if not prefixes: + return [] + + parsed = [] + for raw_prefix in prefixes.split(","): + prefix = raw_prefix.strip().lower() + if not prefix: + continue + if len(prefix) != 1 or prefix not in _HEX_PREFIXES: + raise click.UsageError("--tenant-prefixes must be a comma-separated list of hex digits, e.g. 0,1,a,f.") + parsed.append(prefix) + return sorted(set(parsed)) + + +def _get_archive_candidate_tenant_ids_by_prefix( + prefix: str, + *, + start_from: datetime.datetime | None, + end_before: datetime.datetime, +) -> list[str]: + from graphon.enums import WorkflowExecutionStatus + from models.workflow import WorkflowRun + from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver + + conditions = [ + WorkflowRun.created_at < end_before, + WorkflowRun.status.in_(WorkflowExecutionStatus.ended_values()), + WorkflowRun.type.in_(WorkflowRunArchiver.ARCHIVED_TYPE), + tenant_prefix_condition(WorkflowRun.tenant_id, prefix), + ] + if start_from is not None: + conditions.append(WorkflowRun.created_at >= start_from) + + tenant_ids = db.session.scalars( + sa.select(WorkflowRun.tenant_id).where(*conditions).distinct().order_by(WorkflowRun.tenant_id) + ).all() + return list(tenant_ids) + + +def _filter_paid_workflow_archive_tenant_ids(tenant_ids: list[str]) -> tuple[list[str], list[str]]: + from configs import dify_config + from enums.cloud_plan import CloudPlan + from services.billing_service import BillingService + + tenant_ids = sorted(set(tenant_ids)) + if not tenant_ids: + return [], [] + if not dify_config.BILLING_ENABLED: + return tenant_ids, [] + + plans = BillingService.get_plan_bulk_with_cache(tenant_ids) + paid_tenant_ids = [ + tenant_id + for tenant_id in tenant_ids + if plans.get(tenant_id) and plans[tenant_id].get("plan") in (CloudPlan.PROFESSIONAL, CloudPlan.TEAM) + ] + unpaid_tenant_ids = sorted(set(tenant_ids) - set(paid_tenant_ids)) + return paid_tenant_ids, unpaid_tenant_ids + + +def _resolve_archive_tenant_ids_from_plan( + *, + tenant_ids: str | None, + tenant_prefixes: list[str], + start_from: datetime.datetime | None, + end_before: datetime.datetime, +) -> WorkflowRunArchiveTenantPlan: + """ + Resolve the archive tenant scope once before scanning workflow_runs. + + Prefix rollout should use the tenant list collected by the same planning path, then archive by + tenant_id IN (...). Scanning workflow_runs with a tenant prefix range in every archive run is too expensive on + the large production table this command is meant to shrink. + """ + if tenant_ids: + requested_tenant_ids = [tid.strip() for tid in tenant_ids.split(",") if tid.strip()] + elif tenant_prefixes: + requested_tenant_ids = [] + for prefix in tenant_prefixes: + requested_tenant_ids.extend( + _get_archive_candidate_tenant_ids_by_prefix( + prefix, + start_from=start_from, + end_before=end_before, + ) + ) + else: + return WorkflowRunArchiveTenantPlan( + archive_tenant_ids=None, + paid_tenant_ids=[], + unpaid_tenant_ids=[], + ) + + paid_tenant_ids, unpaid_tenant_ids = _filter_paid_workflow_archive_tenant_ids(requested_tenant_ids) + return WorkflowRunArchiveTenantPlan( + archive_tenant_ids=paid_tenant_ids, + paid_tenant_ids=paid_tenant_ids, + unpaid_tenant_ids=unpaid_tenant_ids, + ) + + +def _resolve_archive_time_range( + *, + before_days: int, + from_days_ago: int | None, + to_days_ago: int | None, + start_from: datetime.datetime | None, + end_before: datetime.datetime | None, +) -> tuple[int, datetime.datetime | None, datetime.datetime | None]: + if (start_from is None) ^ (end_before is None): + raise click.UsageError("--start-from and --end-before must be provided together.") + + if (from_days_ago is None) ^ (to_days_ago is None): + raise click.UsageError("--from-days-ago and --to-days-ago must be provided together.") + + if from_days_ago is not None and to_days_ago is not None: + if start_from or end_before: + raise click.UsageError("Choose either day offsets or explicit dates, not both.") + if from_days_ago <= to_days_ago: + raise click.UsageError("--from-days-ago must be greater than --to-days-ago.") + now = datetime.datetime.now() + start_from = now - datetime.timedelta(days=from_days_ago) + end_before = now - datetime.timedelta(days=to_days_ago) + before_days = 0 + + if start_from and end_before and start_from >= end_before: + raise click.UsageError("--start-from must be earlier than --end-before.") + + return before_days, start_from, end_before + @click.command("clear-free-plan-tenant-expired-logs", help="Clear free plan tenant expired logs.") @click.option("--days", prompt=True, help="The days to clear free plan tenant expired logs.", default=30) @@ -139,11 +289,143 @@ def clean_workflow_runs( ) +@click.command( + "archive-workflow-runs-plan", + help="Plan workflow run archive rollout by tenant ID first hex digit.", +) +@click.option("--before-days", default=90, show_default=True, help="Plan runs older than N days.") +@click.option( + "--from-days-ago", + default=None, + type=click.IntRange(min=0), + help="Lower bound in days ago (older). Must be paired with --to-days-ago.", +) +@click.option( + "--to-days-ago", + default=None, + type=click.IntRange(min=0), + help="Upper bound in days ago (newer). Must be paired with --from-days-ago.", +) +@click.option( + "--start-from", + type=click.DateTime(formats=["%Y-%m-%d", "%Y-%m-%dT%H:%M:%S"]), + default=None, + help="Plan runs created at or after this timestamp (UTC if no timezone).", +) +@click.option( + "--end-before", + type=click.DateTime(formats=["%Y-%m-%d", "%Y-%m-%dT%H:%M:%S"]), + default=None, + help="Plan runs created before this timestamp (UTC if no timezone).", +) +@click.option( + "--include-archived", + is_flag=True, + help="Compatibility no-op for V2 bundle archive; plan counts source rows in the requested window.", +) +def archive_workflow_runs_plan( + before_days: int, + from_days_ago: int | None, + to_days_ago: int | None, + start_from: datetime.datetime | None, + end_before: datetime.datetime | None, + include_archived: bool, +): + """ + Print the 16 tenant-prefix rollout rows used to choose archive execution order. + + Counts use the same workflow run eligibility as archive-workflow-runs: ended runs, + supported workflow types, and the requested created_at window. V2 bundle archive + does not maintain per-run archive logs, so this plan reports source-table volume. + """ + from graphon.enums import WorkflowExecutionStatus + from models.workflow import WorkflowNodeExecutionModel, WorkflowRun + from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver + + before_days, start_from, end_before = _resolve_archive_time_range( + before_days=before_days, + from_days_ago=from_days_ago, + to_days_ago=to_days_ago, + start_from=start_from, + end_before=end_before, + ) + plan_end_before = end_before or datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=before_days) + if include_archived: + click.echo(click.style("--include-archived is a no-op for V2 bundle archive plans.", fg="yellow")) + + rows: list[WorkflowRunArchivePlanRow] = [] + for prefix in _HEX_PREFIXES: + tenant_ids = _get_archive_candidate_tenant_ids_by_prefix( + prefix, + start_from=start_from, + end_before=plan_end_before, + ) + total_tenants = len(tenant_ids) + paid_tenant_ids, unpaid_tenant_ids = _filter_paid_workflow_archive_tenant_ids(tenant_ids) + + run_conditions = [ + WorkflowRun.created_at < plan_end_before, + WorkflowRun.status.in_(WorkflowExecutionStatus.ended_values()), + WorkflowRun.type.in_(WorkflowRunArchiver.ARCHIVED_TYPE), + tenant_prefix_condition(WorkflowRun.tenant_id, prefix), + ] + if start_from is not None: + run_conditions.append(WorkflowRun.created_at >= start_from) + workflow_runs = ( + db.session.scalar(sa.select(sa.func.count()).select_from(WorkflowRun).where(*run_conditions)) or 0 + ) + candidate_runs = sa.select(WorkflowRun.id).where(*run_conditions).subquery() + workflow_node_executions = ( + db.session.scalar( + sa.select(sa.func.count()) + .select_from(WorkflowNodeExecutionModel) + .join(candidate_runs, WorkflowNodeExecutionModel.workflow_run_id == candidate_runs.c.id) + ) + or 0 + ) + + rows.append( + WorkflowRunArchivePlanRow( + tenant_prefix=prefix, + total_tenants=total_tenants, + workflow_runs=workflow_runs, + workflow_node_executions=workflow_node_executions, + paid_tenants=len(paid_tenant_ids), + unpaid_tenants=len(unpaid_tenant_ids), + ) + ) + + click.echo( + click.style( + f"Workflow archive plan for runs before {plan_end_before.isoformat()}" + f"{f' and at/after {start_from.isoformat()}' if start_from else ''}.", + fg="white", + ) + ) + click.echo("tenant_prefix,total_tenants,workflow_runs,workflow_node_executions,paid_tenants,unpaid_tenants") + for row in rows: + click.echo( + f"{row['tenant_prefix']},{row['total_tenants']},{row['workflow_runs']}," + f"{row['workflow_node_executions']},{row['paid_tenants']},{row['unpaid_tenants']}" + ) + + ordered_rows = sorted( + rows, + key=lambda row: (row["workflow_runs"] + row["workflow_node_executions"], row["tenant_prefix"]), + ) + click.echo("suggested_execution_order=" + ",".join(row["tenant_prefix"] for row in ordered_rows)) + + @click.command( "archive-workflow-runs", help="Archive workflow runs for paid plan tenants to S3-compatible storage.", ) @click.option("--tenant-ids", default=None, help="Optional comma-separated tenant IDs for grayscale rollout.") +@click.option( + "--tenant-prefixes", + default=None, + help="Optional comma-separated tenant ID first hex digits for rollout waves, e.g. 0,1,a,f.", +) @click.option("--before-days", default=90, show_default=True, help="Archive runs older than N days.") @click.option( "--from-days-ago", @@ -169,13 +451,36 @@ def clean_workflow_runs( default=None, help="Archive runs created before this timestamp (UTC if no timezone).", ) -@click.option("--batch-size", default=100, show_default=True, help="Batch size for processing.") -@click.option("--workers", default=1, show_default=True, type=int, help="Concurrent workflow runs to archive.") +@click.option("--batch-size", default=100, show_default=True, help="Maximum workflow runs per archive bundle.") +@click.option( + "--workers", + default=1, + show_default=True, + type=int, + help="Reserved; bundle archive currently runs serially.", +) +@click.option( + "--run-shard-index", + default=None, + type=click.IntRange(min=0), + help="Zero-based workflow run shard index for parallel cron jobs. Must be paired with --run-shard-total.", +) +@click.option( + "--run-shard-total", + default=None, + type=click.IntRange(min=1, max=16), + help="Total workflow run shard count for parallel cron jobs. Must be paired with --run-shard-index.", +) @click.option("--limit", default=None, type=int, help="Maximum number of runs to archive.") @click.option("--dry-run", is_flag=True, help="Preview without archiving.") -@click.option("--delete-after-archive", is_flag=True, help="Delete runs and related data after archiving.") +@click.option( + "--delete-after-archive", + is_flag=True, + help="Not supported by bundle archive; use a separate bundle delete workflow after validation.", +) def archive_workflow_runs( tenant_ids: str | None, + tenant_prefixes: str | None, before_days: int, from_days_ago: int | None, to_days_ago: int | None, @@ -183,6 +488,8 @@ def archive_workflow_runs( end_before: datetime.datetime | None, batch_size: int, workers: int, + run_shard_index: int | None, + run_shard_total: int | None, limit: int | None, dry_run: bool, delete_after_archive: bool, @@ -190,14 +497,19 @@ def archive_workflow_runs( """ Archive workflow runs for paid plan tenants older than the specified days. - This command archives the following tables to storage: + This command writes V2 tenant/month/shard archive bundles. Each bundle contains Parquet snapshots from: + - workflow_runs + - workflow_app_logs - workflow_node_executions - workflow_node_execution_offload - workflow_pauses - workflow_pause_reasons - workflow_trigger_logs - The workflow_runs and workflow_app_logs tables are preserved for UI listing. + Source database rows are always preserved by archive. Deletion must be handled by + a separate bundle-level delete workflow after manifest, checksum, row-count, and + restore-sampling validation. In --dry-run mode, no storage or database writes + happen; the command estimates per-table Parquet bytes and object size instead. """ from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver @@ -209,32 +521,58 @@ def archive_workflow_runs( ) ) - if (start_from is None) ^ (end_before is None): - click.echo(click.style("start-from and end-before must be provided together.", fg="red")) - return - - if (from_days_ago is None) ^ (to_days_ago is None): - click.echo(click.style("from-days-ago and to-days-ago must be provided together.", fg="red")) - return - - if from_days_ago is not None and to_days_ago is not None: - if start_from or end_before: - click.echo(click.style("Choose either day offsets or explicit dates, not both.", fg="red")) - return - if from_days_ago <= to_days_ago: - click.echo(click.style("from-days-ago must be greater than to-days-ago.", fg="red")) - return - now = datetime.datetime.now() - start_from = now - datetime.timedelta(days=from_days_ago) - end_before = now - datetime.timedelta(days=to_days_ago) - before_days = 0 - - if start_from and end_before and start_from >= end_before: - click.echo(click.style("start-from must be earlier than end-before.", fg="red")) + try: + before_days, start_from, end_before = _resolve_archive_time_range( + before_days=before_days, + from_days_ago=from_days_ago, + to_days_ago=to_days_ago, + start_from=start_from, + end_before=end_before, + ) + parsed_tenant_prefixes = _parse_tenant_prefixes(tenant_prefixes) + except click.UsageError as e: + click.echo(click.style(e.message, fg="red")) return + plan_end_before = end_before or datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=before_days) if workers < 1: click.echo(click.style("workers must be at least 1.", fg="red")) return + if (run_shard_index is None) ^ (run_shard_total is None): + click.echo(click.style("run-shard-index and run-shard-total must be provided together.", fg="red")) + return + if run_shard_index is not None and run_shard_total is not None and run_shard_index >= run_shard_total: + click.echo(click.style("run-shard-index must be less than run-shard-total.", fg="red")) + return + if delete_after_archive: + click.echo(click.style("delete-after-archive is not supported by bundle archive.", fg="red")) + return + + try: + tenant_plan = _resolve_archive_tenant_ids_from_plan( + tenant_ids=tenant_ids, + tenant_prefixes=parsed_tenant_prefixes, + start_from=start_from, + end_before=plan_end_before, + ) + except Exception: + logger.exception("Failed to resolve workflow archive tenant plan") + click.echo(click.style("Failed to resolve workflow archive tenant plan.", fg="red")) + return + + planned_tenant_ids = tenant_plan["archive_tenant_ids"] + planned_paid_tenant_ids = tenant_plan["paid_tenant_ids"] if planned_tenant_ids is not None else None + paid_tenants = len(tenant_plan["paid_tenant_ids"]) + unpaid_tenants = len(tenant_plan["unpaid_tenant_ids"]) + if planned_tenant_ids is not None: + click.echo( + click.style( + f"Resolved archive tenant plan: paid_tenants={paid_tenants}, unpaid_tenants={unpaid_tenants}.", + fg="white", + ) + ) + if not planned_tenant_ids: + click.echo(click.style("No paid tenants matched the archive plan; nothing to archive.", fg="yellow")) + return archiver = WorkflowRunArchiver( days=before_days, @@ -242,7 +580,11 @@ def archive_workflow_runs( start_from=start_from, end_before=end_before, workers=workers, - tenant_ids=[tid.strip() for tid in tenant_ids.split(",")] if tenant_ids else None, + tenant_ids=planned_tenant_ids, + tenant_prefixes=parsed_tenant_prefixes, + paid_tenant_ids=planned_paid_tenant_ids, + run_shard_index=run_shard_index, + run_shard_total=run_shard_total, limit=limit, dry_run=dry_run, delete_after_archive=delete_after_archive, @@ -252,7 +594,9 @@ def archive_workflow_runs( click.style( f"Summary: processed={summary.total_runs_processed}, archived={summary.runs_archived}, " f"skipped={summary.runs_skipped}, failed={summary.runs_failed}, " - f"time={summary.total_elapsed_time:.2f}s", + f"bundles_archived={summary.bundles_archived}, bundles_skipped={summary.bundles_skipped}, " + f"bundles_failed={summary.bundles_failed}, " + f"object_size_bytes={summary.total_object_size_bytes}, time={summary.total_elapsed_time:.2f}s", fg="cyan", ) ) @@ -268,6 +612,52 @@ def archive_workflow_runs( ) +def _echo_bundle_archive_operation_summary(summary) -> None: + status = "completed successfully" if summary.bundles_failed == 0 else "completed with failures" + fg = "green" if summary.bundles_failed == 0 else "red" + click.echo( + click.style( + f"{summary.operation} {status}. " + f"bundles_success={summary.bundles_succeeded} bundles_failed={summary.bundles_failed} " + f"runs={summary.runs_processed} rows={summary.rows_processed} " + f"archive_bytes={summary.archive_bytes} duration={summary.elapsed_time:.2f}s " + f"validation_time={summary.validation_time:.2f}s " + f"runs_per_second={summary.runs_per_second:.2f} rows_per_second={summary.rows_per_second:.2f} " + f"bytes_per_second={summary.bytes_per_second:.2f}", + fg=fg, + ) + ) + click.echo(click.style("table,row_count", fg="white")) + for table_name in [ + "workflow_runs", + "workflow_app_logs", + "workflow_node_executions", + "workflow_node_execution_offload", + "workflow_pauses", + "workflow_pause_reasons", + "workflow_trigger_logs", + ]: + click.echo(f"{table_name},{summary.table_counts.get(table_name, 0)}") + for result in summary.results: + if result.success: + click.echo( + click.style( + f" bundle={result.bundle_id} tenant={result.tenant_id} runs={result.run_count} " + f"rows={result.row_count} archive_bytes={result.archive_bytes} " + f"time={result.elapsed_time:.2f}s validation={result.validation_time:.2f}s", + fg="white", + ) + ) + else: + click.echo( + click.style( + f" failed bundle={result.bundle_id} tenant={result.tenant_id} " + f"object_prefix={result.object_prefix} error={result.error}", + fg="red", + ) + ) + + @click.command( "restore-workflow-runs", help="Restore archived workflow runs from S3-compatible storage.", @@ -290,8 +680,8 @@ def archive_workflow_runs( default=None, help="Optional upper bound (exclusive) for created_at; must be paired with --start-from.", ) -@click.option("--workers", default=1, show_default=True, type=int, help="Concurrent workflow runs to restore.") -@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of runs to restore.") +@click.option("--workers", default=1, show_default=True, type=int, help="V1 --run-id compatibility only.") +@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of V2 bundles to restore.") @click.option("--dry-run", is_flag=True, help="Preview without restoring.") def restore_workflow_runs( tenant_ids: str | None, @@ -303,15 +693,18 @@ def restore_workflow_runs( dry_run: bool, ): """ - Restore an archived workflow run from storage to the database. + Restore archived workflow runs from storage to the database. - This restores the following tables: + Batch restore uses V2 bundle metadata and validates archive objects before writing source rows. This restores: + - workflow_runs + - workflow_app_logs - workflow_node_executions - workflow_node_execution_offload - workflow_pauses - workflow_pause_reasons - workflow_trigger_logs """ + from services.retention.workflow_run.bundle_archive_maintenance import WorkflowRunBundleArchiveMaintenance from services.retention.workflow_run.restore_archived_workflow_run import WorkflowRunRestore parsed_tenant_ids = None @@ -335,39 +728,46 @@ def restore_workflow_runs( ) ) - restorer = WorkflowRunRestore(dry_run=dry_run, workers=workers) if run_id: + restorer = WorkflowRunRestore(dry_run=dry_run, workers=workers) results = [restorer.restore_by_run_id(run_id)] - else: - assert start_from is not None - assert end_before is not None - results = restorer.restore_batch( - parsed_tenant_ids, - start_date=start_from, - end_date=end_before, - limit=limit, - ) + end_time = datetime.datetime.now(datetime.UTC) + elapsed = end_time - start_time - end_time = datetime.datetime.now(datetime.UTC) - elapsed = end_time - start_time + successes = sum(1 for result in results if result.success) + failures = len(results) - successes - successes = sum(1 for result in results if result.success) - failures = len(results) - successes - - if failures == 0: - click.echo( - click.style( - f"Restore completed successfully. success={successes} duration={elapsed}", - fg="green", + if failures == 0: + click.echo( + click.style( + f"Restore completed successfully. success={successes} duration={elapsed}", + fg="green", + ) ) - ) - else: - click.echo( - click.style( - f"Restore completed with failures. success={successes} failed={failures} duration={elapsed}", - fg="red", + else: + click.echo( + click.style( + f"Restore completed with failures. success={successes} failed={failures} duration={elapsed}", + fg="red", + ) ) + return + + if workers != 1: + click.echo( + click.style("--workers is ignored for V2 bundle restore; bundles are processed serially.", fg="yellow") ) + assert start_from is not None + assert end_before is not None + bundle_restorer = WorkflowRunBundleArchiveMaintenance(dry_run=dry_run, strict_content_validation=True) + summary = bundle_restorer.restore_batch( + tenant_ids=parsed_tenant_ids, + start_date=start_from, + end_date=end_before, + limit=limit, + ) + _echo_bundle_archive_operation_summary(summary) + return @click.command( @@ -392,8 +792,20 @@ def restore_workflow_runs( default=None, help="Optional upper bound (exclusive) for created_at; must be paired with --start-from.", ) -@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of runs to delete.") +@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of V2 bundles to delete.") @click.option("--dry-run", is_flag=True, help="Preview without deleting.") +@click.option( + "--skip-bad-archives", + is_flag=True, + help="Continue batch deletion when one archive object fails validation.", +) +@click.option( + "--restore-sample-interval", + type=int, + default=0, + show_default=True, + help="Run restore dry-run after every N successful deletes; 0 disables restore sampling.", +) def delete_archived_workflow_runs( tenant_ids: str | None, run_id: str | None, @@ -401,10 +813,16 @@ def delete_archived_workflow_runs( end_before: datetime.datetime | None, limit: int, dry_run: bool, + skip_bad_archives: bool, + restore_sample_interval: int, ): """ Delete archived workflow runs from the database. + + Batch delete uses V2 bundle metadata and validates object existence, manifest schema, object size, checksum, row + counts, and source/archive content checksums before deleting source rows. `--run-id` keeps the V1 per-run path. """ + from services.retention.workflow_run.bundle_archive_maintenance import WorkflowRunBundleArchiveMaintenance from services.retention.workflow_run.delete_archived_workflow_run import ArchivedWorkflowRunDeletion parsed_tenant_ids = None @@ -417,6 +835,8 @@ def delete_archived_workflow_runs( raise click.UsageError("--start-from and --end-before must be provided together.") if run_id is None and (start_from is None or end_before is None): raise click.UsageError("--start-from and --end-before are required for batch delete.") + if restore_sample_interval < 0: + raise click.BadParameter("restore-sample-interval must be >= 0") start_time = datetime.datetime.now(datetime.UTC) target_desc = f"workflow run {run_id}" if run_id else "workflow runs" @@ -427,56 +847,85 @@ def delete_archived_workflow_runs( ) ) - deleter = ArchivedWorkflowRunDeletion(dry_run=dry_run) if run_id: - results = [deleter.delete_by_run_id(run_id)] - else: - assert start_from is not None - assert end_before is not None - results = deleter.delete_batch( - parsed_tenant_ids, - start_date=start_from, - end_date=end_before, - limit=limit, + deleter = ArchivedWorkflowRunDeletion( + dry_run=dry_run, + skip_bad_archives=skip_bad_archives, + restore_sample_interval=restore_sample_interval, ) + results = [deleter.delete_by_run_id(run_id)] + for result in results: + if result.success: + click.echo( + click.style( + f"{'[DRY RUN] Would delete' if dry_run else 'Deleted'} " + f"workflow run {result.run_id} (tenant={result.tenant_id}, " + f"archive_key={result.archive_key}, counts={result.validated_counts})", + fg="green", + ) + ) + if result.restore_sampled: + sample_status = "passed" if result.restore_sample_success else "failed" + click.echo( + click.style( + f" restore dry-run sample {sample_status} for workflow run {result.run_id}", + fg="green" if result.restore_sample_success else "red", + ) + ) + else: + click.echo( + click.style( + f"Failed to delete workflow run {result.run_id}: {result.error}", + fg="red", + ) + ) + click.echo( + click.style( + " runbook: pause this delete window, verify archive storage object and manifest/checksum, " + "retry the same run after fixing storage or DB drift, or rerun with --skip-bad-archives " + "to quarantine this run and continue the batch.", + fg="yellow", + ) + ) - for result in results: - if result.success: + end_time = datetime.datetime.now(datetime.UTC) + elapsed = end_time - start_time + + successes = sum(1 for result in results if result.success) + failures = len(results) - successes + + if failures == 0: click.echo( click.style( - f"{'[DRY RUN] Would delete' if dry_run else 'Deleted'} " - f"workflow run {result.run_id} (tenant={result.tenant_id})", + f"Delete completed successfully. success={successes} duration={elapsed}", fg="green", ) ) else: click.echo( click.style( - f"Failed to delete workflow run {result.run_id}: {result.error}", + f"Delete completed with failures. success={successes} failed={failures} duration={elapsed}", fg="red", ) ) + return - end_time = datetime.datetime.now(datetime.UTC) - elapsed = end_time - start_time - - successes = sum(1 for result in results if result.success) - failures = len(results) - successes - - if failures == 0: - click.echo( - click.style( - f"Delete completed successfully. success={successes} duration={elapsed}", - fg="green", - ) - ) - else: - click.echo( - click.style( - f"Delete completed with failures. success={successes} failed={failures} duration={elapsed}", - fg="red", - ) - ) + if restore_sample_interval: + click.echo(click.style("--restore-sample-interval is ignored for V2 bundle delete.", fg="yellow")) + assert start_from is not None + assert end_before is not None + bundle_deleter = WorkflowRunBundleArchiveMaintenance( + dry_run=dry_run, + strict_content_validation=True, + stop_on_error=not skip_bad_archives, + ) + summary = bundle_deleter.delete_batch( + tenant_ids=parsed_tenant_ids, + start_date=start_from, + end_date=end_before, + limit=limit, + ) + _echo_bundle_archive_operation_summary(summary) def _find_orphaned_draft_variables(batch_size: int = 1000) -> list[str]: diff --git a/api/configs/middleware/cache/redis_pubsub_config.py b/api/configs/middleware/cache/redis_pubsub_config.py index d465f2e93c3..0a166818b36 100644 --- a/api/configs/middleware/cache/redis_pubsub_config.py +++ b/api/configs/middleware/cache/redis_pubsub_config.py @@ -2,7 +2,6 @@ from typing import Literal, Protocol, cast from urllib.parse import quote_plus, urlunparse from pydantic import AliasChoices, Field -from pydantic.types import NonNegativeInt from pydantic_settings import BaseSettings @@ -71,24 +70,6 @@ class RedisPubSubConfig(BaseSettings): default=600, ) - PUBSUB_LISTENER_JOIN_TIMEOUT_MS: NonNegativeInt = Field( - validation_alias=AliasChoices("EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS", "PUBSUB_LISTENER_JOIN_TIMEOUT_MS"), - description=( - "Maximum time (milliseconds) that ``Subscription.close()`` waits for its listener thread to " - "finish before returning. Bounds the tail latency between a terminal event being delivered to " - "an SSE client and the response stream actually closing.\n\n" - "The listener thread blocks on a polling read (XREAD BLOCK for streams, get_message timeout " - "for pubsub/sharded) with a fixed 1s window, so close() naturally has to wait up to ~1s for " - "the thread to notice the subscription was closed. Setting this lower (e.g. 100) lets close() " - "return promptly while the daemon listener thread cleans itself up on the next poll " - "boundary - safe because the listener holds no critical state and exits within one poll " - "window. Setting it higher (e.g. 5000) gives the listener more grace before close() gives up " - "and logs a warning. Default 2000ms preserves the pre-change behaviour.\n\n" - "Also accepts ENV: EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS." - ), - default=2000, - ) - def _build_default_pubsub_url(self) -> str: defaults = _redis_defaults(self) if not defaults.REDIS_HOST or not defaults.REDIS_PORT: diff --git a/api/controllers/common/app_access.py b/api/controllers/common/app_access.py new file mode 100644 index 00000000000..863b69d2339 --- /dev/null +++ b/api/controllers/common/app_access.py @@ -0,0 +1,107 @@ +from __future__ import annotations + +from collections.abc import Sequence +from dataclasses import dataclass +from typing import TYPE_CHECKING + +from services.enterprise import rbac_service as enterprise_rbac_service + +if TYPE_CHECKING: + from services.app_service import AppListBaseParams + from services.enterprise.rbac_service import MyPermissionsResponse + +# Permission keys (dot-notation, from MyPermissionsResponse) that grant +# list/preview access to an app. Keep this the single source of truth for both +# the console and OpenAPI app-list endpoints. +APP_LIST_PERMISSION_KEYS: frozenset[str] = frozenset({"app.preview", "app.acl.preview", "app.full_access"}) + +# Workspace permission key that lets a caller see apps they maintain even when +# those apps are not in their preview whitelist. +_MANAGE_OWN_APPS_PERMISSION_KEY = "app.create_and_management" + + +def has_app_list_permission(permission_keys: Sequence[str]) -> bool: + """Return True if any of ``permission_keys`` grants app list/preview access.""" + return any(permission_key in APP_LIST_PERMISSION_KEYS for permission_key in permission_keys) + + +@dataclass(frozen=True) +class AppAccessFilter: + """Resolved RBAC visibility for app list/read endpoints. + + ``accessible_app_ids`` of ``None`` means the caller can see every app in the + workspace (unrestricted). Otherwise it is the exact set of app ids the + caller may preview; combined with ``can_manage_own_apps`` it also covers + apps the caller maintains. + """ + + accessible_app_ids: set[str] | None + can_manage_own_apps: bool + + @classmethod + def unrestricted(cls) -> AppAccessFilter: + """Filter that imposes no restriction (RBAC disabled / not applicable).""" + return cls(accessible_app_ids=None, can_manage_own_apps=False) + + def is_app_accessible(self, app_id: str, maintainer: str | None, account_id: str) -> bool: + """Whether a single app is visible to the caller under this filter. + + Mirrors the service-layer query gate: an app is visible when the filter + is unrestricted, the app id is whitelisted, or the caller maintains it + and holds ``app.create_and_management``. + """ + if self.accessible_app_ids is None: + return True + if app_id in self.accessible_app_ids: + return True + return self.can_manage_own_apps and maintainer is not None and maintainer == account_id + + def apply_to_params(self, params: AppListBaseParams) -> None: + if self.accessible_app_ids is None: + return + params.accessible_app_ids = sorted(self.accessible_app_ids) + params.include_own_apps = self.can_manage_own_apps + + +def resolve_app_access_filter( + tenant_id: str, + account_id: str, + *, + permissions: MyPermissionsResponse | None = None, +) -> AppAccessFilter: + """Compute the RBAC app-access filter for ``account_id`` in ``tenant_id``. + + Pass ``permissions`` when the caller has already fetched the snapshot (the + console controller reuses it for per-app permission keys) to avoid a second + inner-API round trip; otherwise it is fetched here. + """ + if permissions is None: + permissions = enterprise_rbac_service.RBACService.MyPermissions.get(tenant_id, account_id) + whitelist_scope = enterprise_rbac_service.RBACService.AppAccess.whitelist_resources(tenant_id, account_id) + + can_manage_own_apps = _MANAGE_OWN_APPS_PERMISSION_KEY in permissions.workspace.permission_keys + has_default_preview = has_app_list_permission(permissions.app.default_permission_keys) or has_app_list_permission( + permissions.workspace.permission_keys + ) + + permission_app_ids: set[str] | None = None + if not has_default_preview: + # Collect apps the caller can preview via per-app permission overrides. + permission_app_ids = { + override.resource_id + for override in permissions.app.overrides + if has_app_list_permission(override.permission_keys) + } + + accessible_app_ids: set[str] | None + if getattr(whitelist_scope, "unrestricted", False): + accessible_app_ids = permission_app_ids + else: + accessible_app_ids = set(whitelist_scope.resource_ids) + if permission_app_ids is not None: + accessible_app_ids |= permission_app_ids + elif has_default_preview: + # Default preview overrides the whitelist restriction. + accessible_app_ids = None + + return AppAccessFilter(accessible_app_ids=accessible_app_ids, can_manage_own_apps=can_manage_own_apps) diff --git a/api/controllers/common/wraps.py b/api/controllers/common/wraps.py index 7e39b4f37cd..29b1fc44e5d 100644 --- a/api/controllers/common/wraps.py +++ b/api/controllers/common/wraps.py @@ -1,23 +1,3 @@ -"""Shared decorator utilities for Dify controller layers. - -This module provides decorators that are not tied to any single API group (e.g. -console, inner, service). Currently it exposes the RBAC permission gate, which -can be applied to any blueprint. - -Key exports ------------ -``rbac_permission_required`` – decorator that enforces enterprise RBAC access - control. When ``RBAC_ENABLED`` is ``False`` it is a no-op. - -``RBACPermission``, ``RBACResourceScope`` – re-exported from ``core.rbac`` so - callers only need a single import site. - -Private helpers ---------------- -``_extract_resource_id``, ``_is_resource_owned_by_current_user`` – kept module- - private but accessible via the module namespace for unit-test patching. -""" - from collections.abc import Callable from functools import wraps @@ -32,7 +12,57 @@ from models.dataset import Dataset from models.model import App from services.enterprise.rbac_service import RBACService -__all__ = ["RBACPermission", "RBACResourceScope", "rbac_permission_required"] +__all__ = ["RBACPermission", "RBACResourceScope", "enforce_rbac_access", "rbac_permission_required"] + + +def enforce_rbac_access( + *, + tenant_id: str, + account_id: str, + resource_type: RBACResourceScope, + scene: RBACPermission, + resource_required: bool = True, + path_args: dict[str, object] | None = None, +) -> None: + """Enforce enterprise RBAC for an explicit account/tenant pair. + + This is the flask-login-independent core of the RBAC gate so it can run + inside request-handling layers that resolve the caller themselves (e.g. the + openapi auth pipeline, which has the account on ``AuthData`` before + flask-login is mounted). + + No-op when ``RBAC_ENABLED`` is ``False``. For resource-scoped checks the + resource ID is taken from ``path_args`` merged with ``request.view_args``; + resource ownership short-circuits the check. Raises ``Forbidden`` when + access is denied. For workspace-level checks pass ``resource_required=False`` + so the RBAC request omits ``resource_id``. + + Args: + tenant_id: The tenant the access is evaluated against. + account_id: The account requesting access. + resource_type: The :class:`RBACResourceScope` member (app/dataset/workspace). + scene: The :class:`RBACPermission` permission point, e.g. ``RBACPermission.APP_DELETE``. + resource_required: Whether a concrete resource ID is required. + path_args: Extra path arguments to merge with ``request.view_args``. + """ + if not dify_config.RBAC_ENABLED: + return + + check_resource_type = None if resource_type == RBACResourceScope.WORKSPACE else resource_type + resource_id = None + if resource_required and check_resource_type: + resource_id = _extract_resource_id(resource_type, path_args) + if _is_resource_owned_by_current_user(tenant_id, account_id, resource_type, resource_id): + return + allowed = RBACService.CheckAccess.check( + tenant_id, + account_id, + scene=scene, + resource_type=check_resource_type, + resource_id=resource_id, + ) + if not allowed: + raise Forbidden() def rbac_permission_required[**P, R]( @@ -41,14 +71,12 @@ def rbac_permission_required[**P, R]( *, resource_required: bool = True, ) -> Callable[[Callable[P, R]], Callable[P, R]]: - """Check enterprise RBAC permissions for the current user. + """Check enterprise RBAC permissions for the current flask-login user. When ``RBAC_ENABLED`` is ``False`` the decorator is a no-op and the - request passes through unchanged. When enabled it extracts the resource ID - from ``request.view_args`` for resource-scoped checks, calls the RBAC - service ``check-access`` endpoint, and raises ``Forbidden`` if the access - is denied. For workspace-level checks, set ``resource_required=False`` so - the RBAC request omits ``resource_id``. + request passes through unchanged. When enabled it resolves the current + account/tenant and delegates to :func:`enforce_rbac_access`, raising + ``Forbidden`` if access is denied. Args: resource_type: The :class:`RBACResourceScope` member (app/dataset/workspace). @@ -63,23 +91,14 @@ def rbac_permission_required[**P, R]( return view(*args, **kwargs) current_user, current_tenant_id = current_account_with_tenant() - check_resource_type = None if resource_type == RBACResourceScope.WORKSPACE else resource_type - resource_id = None - if resource_required and check_resource_type: - resource_id = _extract_resource_id(resource_type, kwargs) - if _is_resource_owned_by_current_user(current_tenant_id, current_user.id, resource_type, resource_id): - return view(*args, **kwargs) - allowed = RBACService.CheckAccess.check( - current_tenant_id, - current_user.id, + enforce_rbac_access( + tenant_id=current_tenant_id, + account_id=current_user.id, + resource_type=resource_type, scene=scene, - resource_type=check_resource_type, - resource_id=resource_id, + resource_required=resource_required, + path_args=kwargs, ) - - if not allowed: - raise Forbidden() - return view(*args, **kwargs) return decorated diff --git a/api/controllers/console/agent/composer.py b/api/controllers/console/agent/composer.py index 2cd01e427f7..975586c635c 100644 --- a/api/controllers/console/agent/composer.py +++ b/api/controllers/console/agent/composer.py @@ -104,7 +104,7 @@ class WorkflowAgentComposerValidateApi(Resource): @with_current_tenant_id def post(self, tenant_id: str, app_model: App, node_id: str): payload = ComposerSavePayload.model_validate(console_ns.payload or {}) - ComposerConfigValidator.validate_save_payload(payload) + ComposerConfigValidator.validate_publish_payload(payload) findings = AgentComposerService.collect_validation_findings( tenant_id=tenant_id, payload=payload, @@ -238,7 +238,7 @@ class AgentComposerValidateApi(Resource): def post(self, tenant_id: str, agent_id: UUID): _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id) payload = ComposerSavePayload.model_validate(console_ns.payload or {}) - ComposerConfigValidator.validate_save_payload(payload) + ComposerConfigValidator.validate_publish_payload(payload) findings = AgentComposerService.collect_validation_findings( tenant_id=tenant_id, payload=payload, diff --git a/api/controllers/console/agent/roster.py b/api/controllers/console/agent/roster.py index d4546ac88bf..ac3f7ef4824 100644 --- a/api/controllers/console/agent/roster.py +++ b/api/controllers/console/agent/roster.py @@ -3,16 +3,17 @@ from uuid import UUID from flask import abort, request from flask_restx import Resource from pydantic import AliasChoices, BaseModel, Field, field_validator +from sqlalchemy import func, select from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models from controllers.console import console_ns from controllers.console.agent.app_helpers import resolve_agent_app_model +from controllers.console.apikey import ApiKeyItem, ApiKeyList, BaseApiKeyListResource, BaseApiKeyResource from controllers.console.app.app import ( AppDetailWithSite as GenericAppDetailWithSite, ) from controllers.console.app.app import ( AppListQuery, - CopyAppPayload, _normalize_app_list_query_args, ) from controllers.console.app.app import ( @@ -25,9 +26,13 @@ from controllers.console.app.app import ( UpdateAppPayload as GenericUpdateAppPayload, ) from controllers.console.wraps import ( + RBACPermission, + RBACResourceScope, account_initialization_required, edit_permission_required, enterprise_license_required, + is_admin_or_owner_required, + rbac_permission_required, setup_required, with_current_tenant_id, with_current_user, @@ -36,6 +41,7 @@ from extensions.ext_database import db from fields.agent_fields import ( AgentConfigSnapshotDetailResponse, AgentConfigSnapshotListResponse, + AgentConfigSnapshotRestoreResponse, AgentInviteOptionsResponse, AgentLogListResponse, AgentLogMessageListResponse, @@ -48,7 +54,8 @@ from libs.datetime_utils import parse_time_range from libs.helper import dump_response from libs.login import login_required from models import Account -from models.model import IconType +from models.enums import ApiTokenType +from models.model import ApiToken, App, IconType from services.agent.errors import AgentNotFoundError from services.agent.observability_service import ( AgentLogQueryParams, @@ -102,6 +109,46 @@ class AgentAppUpdatePayload(GenericUpdateAppPayload): return role +class AgentAppCopyPayload(BaseModel): + name: str | None = Field(default=None, description="Name for the copied agent") + description: str | None = Field(default=None, description="Description for the copied agent", max_length=400) + role: str | None = Field(default=None, description="Role for the copied agent", max_length=255) + icon_type: IconType | None = Field(default=None, description="Icon type") + icon: str | None = Field(default=None, description="Icon") + icon_background: str | None = Field(default=None, description="Icon background color") + + @field_validator("role") + @classmethod + def validate_role(cls, value: str | None) -> str | None: + if value is None: + return None + role = value.strip() + if not role: + raise ValueError("Agent role is required when provided.") + return role + + +class AgentApiStatusPayload(BaseModel): + enable_api: bool = Field(..., description="Enable or disable Agent service API") + + +class AgentApiAccessResponse(BaseModel): + enabled: bool + service_api_base_url: str + streaming_only: bool = True + chat_endpoint: str + stop_endpoint: str + conversations_endpoint: str + messages_endpoint: str + files_upload_endpoint: str + parameters_endpoint: str + info_endpoint: str + meta_endpoint: str + api_rpm: int + api_rph: int + api_key_count: int + + class AgentAppPublishedReferenceResponse(BaseModel): app_id: str app_name: str @@ -185,6 +232,7 @@ class AgentStatisticsQuery(BaseModel): class AgentAppPartial(GenericAppPartial): app_id: str | None = None + debug_conversation_id: str | None = None role: str | None = None active_config_is_published: bool = False published_reference_count: int = 0 @@ -193,10 +241,15 @@ class AgentAppPartial(GenericAppPartial): class AgentAppDetailWithSite(GenericAppDetailWithSite): app_id: str | None = None + debug_conversation_id: str | None = None role: str | None = None active_config_is_published: bool = False +class AgentDebugConversationRefreshResponse(BaseModel): + debug_conversation_id: str + + class AgentAppPagination(GenericAppPagination): data: list[AgentAppPartial] = Field( # type: ignore[assignment] # pyrefly: ignore[bad-override-mutable-attribute] validation_alias=AliasChoices("items", "data") @@ -207,7 +260,8 @@ register_schema_models( console_ns, AgentAppCreatePayload, AgentAppUpdatePayload, - CopyAppPayload, + AgentAppCopyPayload, + AgentApiStatusPayload, AgentInviteOptionsQuery, AgentLogsQuery, AgentStatisticsQuery, @@ -218,11 +272,14 @@ register_schema_models( register_response_schema_models( console_ns, AgentAppPagination, + AgentApiAccessResponse, AgentAppPublishedReferenceResponse, AgentAppDetailWithSite, AgentAppPartial, + AgentDebugConversationRefreshResponse, AgentConfigSnapshotDetailResponse, AgentConfigSnapshotListResponse, + AgentConfigSnapshotRestoreResponse, AgentInviteOptionsResponse, AgentLogListResponse, AgentLogMessageListResponse, @@ -237,7 +294,7 @@ def _agent_roster_service() -> AgentRosterService: return AgentRosterService(db.session) -def _serialize_agent_app_detail(app_model) -> dict: +def _serialize_agent_app_detail(app_model, *, current_user: Account) -> dict: """Serialize an Agent App detail using roster-only DTOs. `/agent` responses are roster-shaped rather than raw app-shaped: `id` @@ -260,6 +317,11 @@ def _serialize_agent_app_detail(app_model) -> dict: payload.pop("bound_agent_id", None) payload["app_id"] = str(app_model.id) payload["id"] = agent.id + payload["debug_conversation_id"] = roster_service.get_or_create_agent_app_debug_conversation_id( + tenant_id=app_model.tenant_id, + agent_id=agent.id, + account_id=current_user.id, + ) payload["role"] = agent.role or "" payload["active_config_is_published"] = roster_service.active_config_is_published( tenant_id=app_model.tenant_id, @@ -268,7 +330,7 @@ def _serialize_agent_app_detail(app_model) -> dict: return payload -def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str) -> dict: +def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str, current_user: Account) -> dict: """Serialize Agent App lists with roster-shaped items. Each item starts from the shared App list shape, then drops @@ -291,6 +353,11 @@ def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str) -> dict: tenant_id=tenant_id, agent_ids=[agent.id for agent in agents_by_app_id.values()], ) + debug_conversation_ids_by_agent_id = roster_service.load_or_create_agent_app_debug_conversation_ids_by_agent_id( + tenant_id=tenant_id, + agents=list(agents_by_app_id.values()), + account_id=current_user.id, + ) payload = AgentAppPagination.model_validate(app_pagination, from_attributes=True).model_dump(mode="json") for item in payload["data"]: app_id = item["id"] @@ -299,6 +366,7 @@ def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str) -> dict: if agent: item["app_id"] = app_id item["id"] = agent.id + item["debug_conversation_id"] = debug_conversation_ids_by_agent_id.get(agent.id) item["role"] = agent.role or "" item["active_config_is_published"] = active_config_is_published_by_agent_id.get(agent.id, False) published_references = published_references_by_agent_id.get(agent.id, []) @@ -323,6 +391,38 @@ def _resolve_agent_app_model(*, tenant_id: str, agent_id: UUID): return resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) +def _agent_api_key_count(app_id: str) -> int: + return ( + db.session.scalar( + select(func.count(ApiToken.id)).where( + ApiToken.type == ApiTokenType.APP, + ApiToken.app_id == app_id, + ) + ) + or 0 + ) + + +def _serialize_agent_api_access(app_model: App) -> dict: + base_url = app_model.api_base_url + response = AgentApiAccessResponse( + enabled=bool(app_model.enable_api), + service_api_base_url=base_url, + chat_endpoint=f"{base_url}/chat-messages", + stop_endpoint=f"{base_url}/chat-messages/{{task_id}}/stop", + conversations_endpoint=f"{base_url}/conversations", + messages_endpoint=f"{base_url}/messages", + files_upload_endpoint=f"{base_url}/files/upload", + parameters_endpoint=f"{base_url}/parameters", + info_endpoint=f"{base_url}/info", + meta_endpoint=f"{base_url}/meta", + api_rpm=app_model.api_rpm or 0, + api_rph=app_model.api_rph or 0, + api_key_count=_agent_api_key_count(str(app_model.id)), + ) + return response.model_dump(mode="json") + + def _agent_observability_service() -> AgentObservabilityService: return AgentObservabilityService(db.session) @@ -374,7 +474,11 @@ class AgentAppListApi(Resource): empty = AgentAppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[]) return empty.model_dump(mode="json") - return _serialize_agent_app_pagination(app_pagination, tenant_id=current_tenant_id) + return _serialize_agent_app_pagination( + app_pagination, + tenant_id=current_tenant_id, + current_user=current_user, + ) @console_ns.expect(console_ns.models[AgentAppCreatePayload.__name__]) @console_ns.response(201, "Agent app created successfully", console_ns.models[AgentAppDetailWithSite.__name__]) @@ -399,7 +503,7 @@ class AgentAppListApi(Resource): ) app = AppService().create_app(current_tenant_id, params, current_user) - return _serialize_agent_app_detail(app), 201 + return _serialize_agent_app_detail(app, current_user=current_user), 201 @console_ns.route("/agent/") @@ -409,10 +513,11 @@ class AgentAppApi(Resource): @login_required @account_initialization_required @enterprise_license_required + @with_current_user @with_current_tenant_id - def get(self, tenant_id: str, agent_id: UUID): + def get(self, tenant_id: str, current_user: Account, agent_id: UUID): app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) - return _serialize_agent_app_detail(app_model) + return _serialize_agent_app_detail(app_model, current_user=current_user) @console_ns.expect(console_ns.models[AgentAppUpdatePayload.__name__]) @console_ns.response(200, "Agent app updated successfully", console_ns.models[AgentAppDetailWithSite.__name__]) @@ -422,8 +527,9 @@ class AgentAppApi(Resource): @login_required @account_initialization_required @edit_permission_required + @with_current_user @with_current_tenant_id - def put(self, tenant_id: str, agent_id: UUID): + def put(self, tenant_id: str, current_user: Account, agent_id: UUID): app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) args = AgentAppUpdatePayload.model_validate(console_ns.payload) args_dict: AppService.ArgsDict = { @@ -437,7 +543,7 @@ class AgentAppApi(Resource): "role": args.role, } updated = AppService().update_app(app_model, args_dict) - return _serialize_agent_app_detail(updated) + return _serialize_agent_app_detail(updated, current_user=current_user) @console_ns.response(204, "Agent app deleted successfully") @console_ns.response(403, "Insufficient permissions") @@ -452,9 +558,34 @@ class AgentAppApi(Resource): return "", 204 +@console_ns.route("/agent//debug-conversation/refresh") +class AgentDebugConversationRefreshApi(Resource): + @console_ns.response( + 200, + "Agent debug conversation refreshed", + console_ns.models[AgentDebugConversationRefreshResponse.__name__], + ) + @console_ns.response(403, "Insufficient permissions") + @setup_required + @login_required + @account_initialization_required + @edit_permission_required + @with_current_user + @with_current_tenant_id + def post(self, tenant_id: str, current_user: Account, agent_id: UUID): + debug_conversation_id = _agent_roster_service().refresh_agent_app_debug_conversation_id( + tenant_id=tenant_id, + agent_id=str(agent_id), + account_id=current_user.id, + ) + return AgentDebugConversationRefreshResponse(debug_conversation_id=debug_conversation_id).model_dump( + mode="json" + ) + + @console_ns.route("/agent//copy") class AgentAppCopyApi(Resource): - @console_ns.expect(console_ns.models[CopyAppPayload.__name__]) + @console_ns.expect(console_ns.models[AgentAppCopyPayload.__name__]) @console_ns.response(201, "Agent app copied successfully", console_ns.models[AgentAppDetailWithSite.__name__]) @console_ns.response(403, "Insufficient permissions") @console_ns.response(400, "Invalid request parameters") @@ -465,18 +596,88 @@ class AgentAppCopyApi(Resource): @with_current_user @with_current_tenant_id def post(self, tenant_id: str, current_user: Account, agent_id: UUID): - args = CopyAppPayload.model_validate(console_ns.payload or {}) + args = AgentAppCopyPayload.model_validate(console_ns.payload or {}) copied_app = _agent_roster_service().duplicate_agent_app( tenant_id=tenant_id, agent_id=str(agent_id), account=current_user, name=args.name, description=args.description, + role=args.role, icon_type=args.icon_type, icon=args.icon, icon_background=args.icon_background, ) - return _serialize_agent_app_detail(copied_app), 201 + return _serialize_agent_app_detail(copied_app, current_user=current_user), 201 + + +@console_ns.route("/agent//api-access") +class AgentApiAccessApi(Resource): + @console_ns.response(200, "Agent service API access", console_ns.models[AgentApiAccessResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @with_current_tenant_id + def get(self, tenant_id: str, agent_id: UUID): + app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + return _serialize_agent_api_access(app_model) + + +@console_ns.route("/agent//api-enable") +class AgentApiStatusApi(Resource): + @console_ns.expect(console_ns.models[AgentApiStatusPayload.__name__]) + @console_ns.response(200, "Agent service API status updated", console_ns.models[AgentApiAccessResponse.__name__]) + @console_ns.response(403, "Insufficient permissions") + @setup_required + @login_required + @is_admin_or_owner_required + @account_initialization_required + @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION) + @with_current_tenant_id + def post(self, tenant_id: str, agent_id: UUID): + app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + args = AgentApiStatusPayload.model_validate(console_ns.payload) + app_model = AppService().update_app_api_status(app_model, args.enable_api) + return _serialize_agent_api_access(app_model) + + +@console_ns.route("/agent//api-keys") +class AgentApiKeyListApi(BaseApiKeyListResource): + resource_type = ApiTokenType.APP + resource_model = App + resource_id_field = "app_id" + token_prefix = "app-" + + @console_ns.response(200, "Agent service API keys", console_ns.models[ApiKeyList.__name__]) + @with_current_tenant_id + def get(self, tenant_id: str, agent_id: UUID) -> dict[str, object]: + app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + return dump_response(ApiKeyList, self._get_api_key_list(str(app_model.id), tenant_id)) + + @console_ns.response(201, "Agent service API key created", console_ns.models[ApiKeyItem.__name__]) + @console_ns.response(400, "Maximum keys exceeded") + @with_current_tenant_id + @edit_permission_required + @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION) + def post(self, tenant_id: str, agent_id: UUID) -> tuple[dict[str, object], int]: + app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + return dump_response(ApiKeyItem, self._create_api_key(str(app_model.id), tenant_id)), 201 + + +@console_ns.route("/agent//api-keys/") +class AgentApiKeyApi(BaseApiKeyResource): + resource_type = ApiTokenType.APP + resource_model = App + resource_id_field = "app_id" + + @console_ns.response(204, "Agent service API key deleted") + @with_current_user + @with_current_tenant_id + @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION) + def delete(self, tenant_id: str, current_user: Account, agent_id: UUID, api_key_id: UUID) -> tuple[str, int]: + app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + self._delete_api_key(str(app_model.id), str(api_key_id), tenant_id, current_user) + return "", 204 @console_ns.route("/agent/invite-options") @@ -649,3 +850,24 @@ class AgentRosterVersionDetailApi(Resource): version_id=str(version_id), ), ) + + +@console_ns.route("/agent//versions//restore") +class AgentRosterVersionRestoreApi(Resource): + @console_ns.response(200, "Agent version restored", console_ns.models[AgentConfigSnapshotRestoreResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @edit_permission_required + @with_current_user + @with_current_tenant_id + def post(self, tenant_id: str, current_user: Account, agent_id: UUID, version_id: UUID): + return dump_response( + AgentConfigSnapshotRestoreResponse, + _agent_roster_service().restore_agent_version( + tenant_id=tenant_id, + agent_id=str(agent_id), + version_id=str(version_id), + account_id=current_user.id, + ), + ) diff --git a/api/controllers/console/app/agent.py b/api/controllers/console/app/agent.py index a53a174da42..86a3c473547 100644 --- a/api/controllers/console/app/agent.py +++ b/api/controllers/console/app/agent.py @@ -1,4 +1,3 @@ -import logging from typing import Any from uuid import UUID @@ -30,7 +29,6 @@ from fields.base import ResponseModel from libs.helper import uuid_value from libs.login import login_required from models import Account -from models.agent_config_entities import AgentFileRefConfig, AgentSkillRefConfig from models.model import App, AppMode, UploadFile from services.agent.composer_service import AgentComposerService from services.agent.skill_package_service import SkillManifest, SkillPackageError @@ -49,8 +47,6 @@ from services.agent_drive_service import ( ) from services.agent_service import AgentService -logger = logging.getLogger(__name__) - _WORKFLOW_AGENT_DRIVE_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT] _AGENT_SKILL_UPLOAD_PARAMS = { "file": { @@ -130,8 +126,16 @@ class AgentLogResponse(ResponseModel): files: list[Any] = Field(default_factory=list) +class AgentUploadedSkillResponse(ResponseModel): + name: str + description: str + path: str + skill_md_key: str + archive_key: str | None = None + + class AgentSkillUploadResponse(ResponseModel): - skill: AgentSkillRefConfig + skill: AgentUploadedSkillResponse manifest: SkillManifest @@ -145,13 +149,11 @@ class AgentDriveFileResponse(ResponseModel): class AgentDriveFileCommitResponse(ResponseModel): file: AgentDriveFileResponse - config_version_id: str | None = None class AgentDriveDeleteResponse(ResponseModel): result: str removed_keys: list[str] = Field(default_factory=list) - config_version_id: str | None = None register_schema_models(console_ns, AgentLogQuery, AgentDriveFilePayload, AgentDriveDeleteFileByAgentQuery) @@ -161,6 +163,7 @@ register_response_schema_models( AgentDriveFileCommitResponse, AgentDriveFileResponse, AgentLogResponse, + AgentUploadedSkillResponse, AgentSkillUploadResponse, SkillToolInferenceResult, ) @@ -242,24 +245,6 @@ def _commit_drive_file_for_app(*, current_user: Account, app_model: App, allow_n return {"code": exc.code, "message": exc.message}, exc.status_code row = committed[0] - file_ref = AgentFileRefConfig.model_validate( - { - "id": row["key"], - "name": upload_file.name, - "file_id": upload_file.id, - "drive_key": row["key"], - "type": row.get("mime_type"), - "size": row.get("size"), - } - ) - config_version_id = AgentComposerService.add_drive_file_ref( - tenant_id=app_model.tenant_id, - agent_id=agent_id, - account_id=current_user.id, - file_ref=file_ref, - app_id=app_model.id, - node_id=node_id, - ) return { "file": { "name": upload_file.name, @@ -268,7 +253,6 @@ def _commit_drive_file_for_app(*, current_user: Account, app_model: App, allow_n "size": row.get("size"), "mime_type": row.get("mime_type"), }, - "config_version_id": config_version_id, }, 201 @@ -283,24 +267,17 @@ def _delete_drive_file_for_app(*, current_user: Account, app_model: App, allow_n except AgentDriveError as exc: return {"code": exc.code, "message": exc.message}, exc.status_code - config_version_id = AgentComposerService.remove_drive_refs( - tenant_id=app_model.tenant_id, - agent_id=agent_id, - account_id=current_user.id, - file_key=key, - app_id=app_model.id, - node_id=node_id, - ) - removed_keys: list[str] = [] try: - removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, key=key) + result = AgentDriveService().commit( + tenant_id=app_model.tenant_id, + user_id=current_user.id, + agent_id=agent_id, + items=[DriveCommitItem(key=key, file_ref=None)], + ) except AgentDriveError as exc: return {"code": exc.code, "message": exc.message}, exc.status_code - except Exception: - # Soul-first ordering: the ref is already gone; orphan KV rows are - # harmless and an idempotent DELETE retry cleans them. - logger.exception("agent drive delete failed for key %s (soul already updated)", key) - return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id} + removed_keys = [item["key"] for item in result if item.get("removed")] + return {"result": "success", "removed_keys": removed_keys} def _delete_skill_for_app(*, current_user: Account, app_model: App, slug: str, allow_node_id: bool = True): @@ -312,22 +289,20 @@ def _delete_skill_for_app(*, current_user: Account, app_model: App, slug: str, a if "/" in slug or not slug.strip(): return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400 - config_version_id = AgentComposerService.remove_drive_refs( - tenant_id=app_model.tenant_id, - agent_id=agent_id, - account_id=current_user.id, - skill_slug=slug, - app_id=app_model.id, - node_id=node_id, - ) - removed_keys: list[str] = [] try: - removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=f"{slug}/") + result = AgentDriveService().commit( + tenant_id=app_model.tenant_id, + user_id=current_user.id, + agent_id=agent_id, + items=[ + DriveCommitItem(key=f"{slug}/SKILL.md", file_ref=None), + DriveCommitItem(key=f"{slug}/.DIFY-SKILL-FULL.zip", file_ref=None), + ], + ) except AgentDriveError as exc: return {"code": exc.code, "message": exc.message}, exc.status_code - except Exception: - logger.exception("agent drive delete failed for skill %s (soul already updated)", slug) - return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id} + removed_keys = [item["key"] for item in result if item.get("removed")] + return {"result": "success", "removed_keys": removed_keys} def _infer_skill_tools_for_app(*, app_model: App, slug: str): @@ -455,7 +430,7 @@ class AgentDriveFilesApi(Resource): return _commit_drive_file_for_app(current_user=current_user, app_model=app_model) @console_ns.doc("delete_agent_drive_file") - @console_ns.doc(description="Delete one drive file by key; soul ref first, then the KV row (ENG-625 D5)") + @console_ns.doc(description="Delete one drive file by key via drive commit-null semantics") @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentDriveDeleteFileQuery)}) @console_ns.response(200, "File removed", console_ns.models[AgentDriveDeleteResponse.__name__]) @setup_required @@ -486,9 +461,7 @@ class AgentSkillByAgentApi(Resource): @console_ns.route("/apps//agent/skills/") class AgentSkillApi(Resource): @console_ns.doc("delete_agent_skill") - @console_ns.doc( - description="Delete a standardized skill: soul ref first, then the / drive prefix (ENG-625 D5)" - ) + @console_ns.doc(description="Delete a standardized skill by removing its known drive keys via commit-null") @console_ns.doc( params={ "app_id": "Application ID", diff --git a/api/controllers/console/app/agent_app_feature.py b/api/controllers/console/app/agent_app_feature.py index 5d2b77c97f1..d155dae6ac3 100644 --- a/api/controllers/console/app/agent_app_feature.py +++ b/api/controllers/console/app/agent_app_feature.py @@ -29,6 +29,7 @@ from controllers.console.wraps import ( with_current_user, ) from events.app_event import app_model_config_was_updated +from extensions.ext_database import db from libs.helper import dump_response from libs.login import login_required from models import Account @@ -90,9 +91,7 @@ class AgentAppFeatureConfigResource(Resource): args = AgentAppFeaturesPayload.model_validate(console_ns.payload or {}) new_app_model_config = AgentAppFeatureConfigService.update_features( - app_model=app_model, - account=current_user, - config=args.model_dump(exclude_none=True), + app_model=app_model, account=current_user, config=args.model_dump(exclude_none=True), session=db.session ) app_model_config_was_updated.send(app_model, app_model_config=new_app_model_config) diff --git a/api/controllers/console/app/agent_drive_inspector.py b/api/controllers/console/app/agent_drive_inspector.py index b8d1d487808..bd639955d9c 100644 --- a/api/controllers/console/app/agent_drive_inspector.py +++ b/api/controllers/console/app/agent_drive_inspector.py @@ -10,8 +10,12 @@ backend — drive data lives in the API's own DB/storage, served straight from from __future__ import annotations +import json +from collections.abc import Mapping +from typing import Any from uuid import UUID +from flask import Response from flask_restx import Resource from pydantic import BaseModel, Field @@ -49,6 +53,10 @@ class AgentDriveFileByAgentQuery(BaseModel): key: str = Field(min_length=1, description="Drive key, e.g. tender-analyzer/SKILL.md") +class AgentDriveSkillInspectQuery(BaseModel): + node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)") + + class AgentDriveItemResponse(ResponseModel): key: str size: int | None = None @@ -56,12 +64,63 @@ class AgentDriveItemResponse(ResponseModel): hash: str | None = None file_kind: str created_at: int | None = None + is_skill: bool | None = None + skill_metadata: str | None = None class AgentDriveListResponse(ResponseModel): items: list[AgentDriveItemResponse] = Field(default_factory=list) +class AgentDriveSkillItemResponse(ResponseModel): + path: str + skill_md_key: str + archive_key: str | None = None + name: str + description: str + size: int | None = None + mime_type: str | None = None + hash: str | None = None + created_at: int | None = None + + +class AgentDriveSkillListResponse(ResponseModel): + items: list[AgentDriveSkillItemResponse] = Field(default_factory=list) + + +class AgentDriveSkillFileResponse(ResponseModel): + path: str + name: str + type: str + drive_key: str | None = None + available_in_drive: bool + + +class AgentDriveSkillMarkdownResponse(ResponseModel): + key: str + size: int | None = None + truncated: bool + binary: bool + text: str | None = None + + +class AgentDriveSkillInspectResponse(ResponseModel): + path: str + skill_md_key: str + archive_key: str | None = None + name: str + description: str + size: int | None = None + mime_type: str | None = None + hash: str | None = None + created_at: int | None = None + source: str + files: list[AgentDriveSkillFileResponse] = Field(default_factory=list) + file_tree: list[dict[str, Any]] = Field(default_factory=list) + skill_md: AgentDriveSkillMarkdownResponse + warnings: list[str] = Field(default_factory=list) + + class AgentDrivePreviewResponse(ResponseModel): key: str size: int | None = None @@ -75,7 +134,12 @@ class AgentDriveDownloadResponse(ResponseModel): register_response_schema_models( - console_ns, AgentDriveListResponse, AgentDrivePreviewResponse, AgentDriveDownloadResponse + console_ns, + AgentDriveDownloadResponse, + AgentDriveListResponse, + AgentDrivePreviewResponse, + AgentDriveSkillInspectResponse, + AgentDriveSkillListResponse, ) @@ -96,6 +160,13 @@ def _handle(exc: AgentDriveError) -> tuple[dict[str, object], int]: return {"code": exc.code, "message": exc.message}, exc.status_code +def _json_response(data: Mapping[str, Any]): + return Response( + response=json.dumps(data, ensure_ascii=False, separators=(",", ":")), + content_type="application/json; charset=utf-8", + ) + + _WORKFLOW_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT] @@ -119,6 +190,49 @@ class AgentDriveListByAgentApi(Resource): return {"items": [{k: v for k, v in item.items() if k != "file_id"} for item in items]} +@console_ns.route("/agent//drive/skills") +class AgentDriveSkillListByAgentApi(Resource): + @console_ns.doc("list_agent_drive_skills_by_agent") + @console_ns.doc(description="List drive-backed skills for an Agent App") + @console_ns.doc(params={"agent_id": "Agent ID"}) + @console_ns.response(200, "Drive skills", console_ns.models[AgentDriveSkillListResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @with_current_tenant_id + def get(self, tenant_id: str, agent_id: UUID): + resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + try: + items = AgentDriveService().list_skills(tenant_id=tenant_id, agent_id=str(agent_id)) + except AgentDriveError as exc: + return _handle(exc) + return {"items": items} + + +@console_ns.route("/agent//drive/skills//inspect") +class AgentDriveSkillInspectByAgentApi(Resource): + @console_ns.doc("inspect_agent_drive_skill_by_agent") + @console_ns.doc(description="Inspect one drive-backed skill for slash-menu hover/detail UI") + @console_ns.doc(params={"agent_id": "Agent ID", "skill_path": "Skill path/slug, e.g. tender-analyzer"}) + @console_ns.response(200, "Drive skill inspect view", console_ns.models[AgentDriveSkillInspectResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @with_current_tenant_id + def get(self, tenant_id: str, agent_id: UUID, skill_path: str): + resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id) + try: + return _json_response( + AgentDriveService().inspect_skill( + tenant_id=tenant_id, + agent_id=str(agent_id), + skill_path=skill_path, + ) + ) + except AgentDriveError as exc: + return _handle(exc) + + @console_ns.route("/agent//drive/files/preview") class AgentDrivePreviewByAgentApi(Resource): @console_ns.doc("preview_agent_drive_file_by_agent") @@ -182,6 +296,61 @@ class AgentDriveListApi(Resource): return {"items": [{k: v for k, v in item.items() if k != "file_id"} for item in items]} +@console_ns.route("/apps//agent/drive/skills") +class AgentDriveSkillListApi(Resource): + @console_ns.doc("list_agent_drive_skills") + @console_ns.doc(description="List drive-backed skills for the bound agent") + @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentDriveListQuery)}) + @console_ns.response(200, "Drive skills", console_ns.models[AgentDriveSkillListResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @get_app_model(mode=_WORKFLOW_APP_MODES) + def get(self, app_model: App): + query = query_params_from_request(AgentDriveListQuery) + agent_id = _resolve_agent_id(app_model, query.node_id) + if not agent_id: + return _agent_not_bound() + try: + items = AgentDriveService().list_skills(tenant_id=app_model.tenant_id, agent_id=agent_id) + except AgentDriveError as exc: + return _handle(exc) + return {"items": items} + + +@console_ns.route("/apps//agent/drive/skills//inspect") +class AgentDriveSkillInspectApi(Resource): + @console_ns.doc("inspect_agent_drive_skill") + @console_ns.doc(description="Inspect one drive-backed skill for slash-menu hover/detail UI") + @console_ns.doc( + params={ + "app_id": "Application ID", + "skill_path": "Skill path/slug, e.g. tender-analyzer", + **query_params_from_model(AgentDriveSkillInspectQuery), + } + ) + @console_ns.response(200, "Drive skill inspect view", console_ns.models[AgentDriveSkillInspectResponse.__name__]) + @setup_required + @login_required + @account_initialization_required + @get_app_model(mode=_WORKFLOW_APP_MODES) + def get(self, app_model: App, skill_path: str): + query = query_params_from_request(AgentDriveSkillInspectQuery) + agent_id = _resolve_agent_id(app_model, query.node_id) + if not agent_id: + return _agent_not_bound() + try: + return _json_response( + AgentDriveService().inspect_skill( + tenant_id=app_model.tenant_id, + agent_id=agent_id, + skill_path=skill_path, + ) + ) + except AgentDriveError as exc: + return _handle(exc) + + @console_ns.route("/apps//agent/drive/files/preview") class AgentDrivePreviewApi(Resource): @console_ns.doc("preview_agent_drive_file") @@ -232,4 +401,8 @@ __all__ = [ "AgentDriveListByAgentApi", "AgentDrivePreviewApi", "AgentDrivePreviewByAgentApi", + "AgentDriveSkillInspectApi", + "AgentDriveSkillInspectByAgentApi", + "AgentDriveSkillListApi", + "AgentDriveSkillListByAgentApi", ] diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py index cd8d9ff3785..07d71d4225a 100644 --- a/api/controllers/console/app/app.py +++ b/api/controllers/console/app/app.py @@ -14,6 +14,7 @@ from werkzeug.datastructures import MultiDict from werkzeug.exceptions import BadRequest, NotFound from configs import dify_config +from controllers.common.app_access import resolve_app_access_filter from controllers.common.fields import RedirectUrlResponse, SimpleResultResponse from controllers.common.helpers import FileInfo from controllers.common.schema import ( @@ -78,7 +79,6 @@ _TAG_IDS_BRACKET_PATTERN = re.compile(r"^tag_ids\[(\d+)\]$") _CREATOR_IDS_BRACKET_PATTERN = re.compile(r"^creator_ids\[(\d+)\]$") AppListMode = Literal["completion", "chat", "advanced-chat", "workflow", "agent-chat", "agent", "channel", "all"] DEFAULT_APP_LIST_MODE: AppListMode = "all" -APP_LIST_PERMISSION_KEYS = frozenset({"app.preview", "app.acl.preview", "app.full_access"}) class AppListBaseQuery(BaseModel): @@ -167,10 +167,6 @@ def _normalize_app_list_query_args(query_args: MultiDict[str, str]) -> dict[str, return normalized -def _has_app_list_permission(permission_keys: Sequence[str]) -> bool: - return any(permission_key in APP_LIST_PERMISSION_KEYS for permission_key in permission_keys) - - class CreateAppPayload(BaseModel): name: str = Field(..., min_length=1, description="App name") description: str | None = Field(default=None, description="App description (max 400 chars)", max_length=400) @@ -612,38 +608,12 @@ class AppListApi(Resource): current_user_id, ) if dify_config.RBAC_ENABLED: - whitelist_scope = enterprise_rbac_service.RBACService.AppAccess.whitelist_resources( + access_filter = resolve_app_access_filter( str(current_tenant_id), current_user_id, + permissions=permissions, ) - can_manage_own_apps = "app.create_and_management" in permissions.workspace.permission_keys - has_default_preview = _has_app_list_permission( - permissions.app.default_permission_keys - ) or _has_app_list_permission(permissions.workspace.permission_keys) - permission_app_ids: set[str] | None = None - if not has_default_preview: - permission_app_ids = { - override.resource_id - for override in permissions.app.overrides - if _has_app_list_permission(override.permission_keys) - } - - if getattr(whitelist_scope, "unrestricted", False): - accessible_app_ids = permission_app_ids - else: - accessible_app_ids = set(whitelist_scope.resource_ids) - if permission_app_ids is not None: - accessible_app_ids |= permission_app_ids - elif has_default_preview: - accessible_app_ids = None - - if accessible_app_ids: - params.accessible_app_ids = sorted(accessible_app_ids) - params.include_own_apps = can_manage_own_apps - elif accessible_app_ids is not None and can_manage_own_apps: - params.is_created_by_me = True - elif accessible_app_ids is not None: - params.accessible_app_ids = [] + access_filter.apply_to_params(params) # get app list app_service = AppService() diff --git a/api/controllers/console/app/completion.py b/api/controllers/console/app/completion.py index 62b95ad22e4..545fad34cde 100644 --- a/api/controllers/console/app/completion.py +++ b/api/controllers/console/app/completion.py @@ -40,12 +40,15 @@ from core.errors.error import ( QuotaExceededError, ) from core.helper.trace_id_helper import get_external_trace_id +from extensions.ext_database import db from graphon.model_runtime.errors.invoke import InvokeError from libs import helper from libs.helper import uuid_value from libs.login import login_required from models import Account from models.model import App, AppMode +from services.agent.errors import AgentNotFoundError +from services.agent.roster_service import AgentRosterService from services.app_generate_service import AppGenerateService from services.app_task_service import AppTaskService from services.errors.llm import InvokeRateLimitError @@ -191,10 +194,11 @@ class ChatMessageApi(Resource): @account_initialization_required @edit_permission_required @with_current_user + @with_current_tenant_id @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_TEST_AND_RUN) @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.AGENT]) - def post(self, current_user: Account, app_model: App): - return _create_chat_message(current_user=current_user, app_model=app_model) + def post(self, current_tenant_id: str, current_user: Account, app_model: App): + return _create_chat_message(current_tenant_id=current_tenant_id, current_user=current_user, app_model=app_model) @console_ns.route("/agent//chat-messages") @@ -215,7 +219,12 @@ class AgentChatMessageApi(Resource): @with_current_tenant_id def post(self, current_tenant_id: str, current_user: Account, agent_id: UUID): app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id) - return _create_chat_message(current_user=current_user, app_model=app_model) + return _create_chat_message( + current_tenant_id=current_tenant_id, + current_user=current_user, + app_model=app_model, + agent_id=str(agent_id), + ) @console_ns.route("/apps//chat-messages//stop") @@ -249,11 +258,45 @@ class AgentChatMessageStopApi(Resource): return _stop_chat_message(current_user_id=current_user_id, app_model=app_model, task_id=task_id) -def _create_chat_message(*, current_user: Account, app_model: App): +def _resolve_current_user_agent_debug_conversation_id( + *, current_tenant_id: str, current_user: Account, app_model: App, agent_id: str | None +) -> str: + roster_service = AgentRosterService(db.session) + if agent_id: + return roster_service.get_or_create_agent_app_debug_conversation_id( + tenant_id=current_tenant_id, + agent_id=agent_id, + account_id=current_user.id, + ) + + agent = roster_service.get_app_backing_agent(tenant_id=current_tenant_id, app_id=str(app_model.id)) + if agent is None: + raise AgentNotFoundError() + return roster_service.get_or_create_agent_app_debug_conversation_id( + tenant_id=current_tenant_id, + agent_id=agent.id, + account_id=current_user.id, + ) + + +def _create_chat_message( + *, current_user: Account, app_model: App, current_tenant_id: str | None = None, agent_id: str | None = None +): raw_payload = console_ns.payload or {} args_model = ChatMessagePayload.model_validate(raw_payload) args = args_model.model_dump(exclude_none=True, by_alias=True) + if AppMode.value_of(app_model.mode) == AppMode.AGENT: + debug_conversation_id = _resolve_current_user_agent_debug_conversation_id( + current_tenant_id=current_tenant_id or app_model.tenant_id, + current_user=current_user, + app_model=app_model, + agent_id=agent_id, + ) + if args_model.conversation_id and args_model.conversation_id != debug_conversation_id: + raise NotFound("Conversation Not Exists.") + args["conversation_id"] = debug_conversation_id + streaming = _resolve_debugger_chat_streaming( app_mode=AppMode.value_of(app_model.mode), response_mode=args_model.response_mode, diff --git a/api/controllers/console/app/message.py b/api/controllers/console/app/message.py index 1406fbc634b..726bd94cd7e 100644 --- a/api/controllers/console/app/message.py +++ b/api/controllers/console/app/message.py @@ -53,6 +53,7 @@ from libs.login import login_required from models.account import Account from models.enums import FeedbackFromSource, FeedbackRating from models.model import App, AppMode, Conversation, Message, MessageAnnotation, MessageFeedback +from services.conversation_service import ConversationService from services.errors.conversation import ConversationNotExistsError from services.errors.message import MessageNotExistsError, SuggestedQuestionsAfterAnswerDisabledError from services.message_service import MessageService, attach_message_extra_contents @@ -186,10 +187,11 @@ class ChatMessageListApi(Resource): @account_initialization_required @setup_required @edit_permission_required + @with_current_user @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT) @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT]) - def get(self, app_model: App): - return _list_chat_messages(app_model=app_model) + def get(self, current_user: Account, app_model: App): + return _list_chat_messages(app_model=app_model, current_user=current_user) @console_ns.route("/agent//chat-messages") @@ -205,10 +207,11 @@ class AgentChatMessageListApi(Resource): @setup_required @edit_permission_required @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT) + @with_current_user @with_current_tenant_id - def get(self, current_tenant_id: str, agent_id: UUID): + def get(self, current_tenant_id: str, current_user: Account, agent_id: UUID): app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id) - return _list_chat_messages(app_model=app_model) + return _list_chat_messages(app_model=app_model, current_user=current_user) @console_ns.route("/apps//feedbacks") @@ -338,6 +341,7 @@ class MessageFeedbackExportApi(Resource): try: export_data = FeedbackService.export_feedbacks( + db.session(), app_id=app_model.id, from_source=args.from_source, rating=args.rating, @@ -389,14 +393,24 @@ class AgentMessageApi(Resource): return _get_message_detail(app_model=app_model, message_id=message_id) -def _list_chat_messages(*, app_model: App): +def _list_chat_messages(*, app_model: App, current_user: Account | None = None): args = ChatMessagesQuery.model_validate(request.args.to_dict()) - conversation = db.session.scalar( - select(Conversation) - .where(Conversation.id == args.conversation_id, Conversation.app_id == app_model.id) - .limit(1) - ) + if AppMode.value_of(app_model.mode) == AppMode.AGENT and current_user is not None: + try: + conversation = ConversationService.get_conversation( + app_model=app_model, + conversation_id=args.conversation_id, + user=current_user, + ) + except ConversationNotExistsError: + raise NotFound("Conversation Not Exists.") + else: + conversation = db.session.scalar( + select(Conversation) + .where(Conversation.id == args.conversation_id, Conversation.app_id == app_model.id) + .limit(1) + ) if not conversation: raise NotFound("Conversation Not Exists.") diff --git a/api/controllers/console/auth/activate.py b/api/controllers/console/auth/activate.py index f61bb8f6802..c9142d85ede 100644 --- a/api/controllers/console/auth/activate.py +++ b/api/controllers/console/auth/activate.py @@ -174,7 +174,7 @@ class ActivateApi(Resource): RegisterService.revoke_token(args.workspace_id, normalized_request_email, args.token) if membership_id is None: - TenantService.create_tenant_member(tenant, account, str(role)) + TenantService.create_tenant_member(tenant, account, db.session, role=role) if setup_fields: account.name = setup_fields[0] diff --git a/api/controllers/console/auth/data_source_bearer_auth.py b/api/controllers/console/auth/data_source_bearer_auth.py index a9c97401105..1de206c73db 100644 --- a/api/controllers/console/auth/data_source_bearer_auth.py +++ b/api/controllers/console/auth/data_source_bearer_auth.py @@ -83,7 +83,7 @@ class ApiKeyAuthDataSourceBinding(Resource): @login_required @account_initialization_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_CREATE, resource_required=False) @console_ns.expect(console_ns.models[ApiKeyAuthBindingPayload.__name__]) @with_current_tenant_id def post(self, current_tenant_id: str): diff --git a/api/controllers/console/auth/forgot_password.py b/api/controllers/console/auth/forgot_password.py index c34dd1ac859..d82f63c11db 100644 --- a/api/controllers/console/auth/forgot_password.py +++ b/api/controllers/console/auth/forgot_password.py @@ -202,6 +202,6 @@ class ForgotPasswordResetApi(Resource): and FeatureService.get_system_features().is_allow_create_workspace ): tenant = TenantService.create_tenant(f"{account.name}'s Workspace") - TenantService.create_tenant_member(tenant, account, role="owner") + TenantService.create_tenant_member(tenant, account, db.session, role="owner") account.current_tenant = tenant tenant_was_created.send(tenant) diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py index 6a1b4c6769e..053f313ba53 100644 --- a/api/controllers/console/auth/login.py +++ b/api/controllers/console/auth/login.py @@ -35,6 +35,7 @@ from controllers.console.wraps import ( with_current_user, ) from events.tenant_event import tenant_was_created +from extensions.ext_database import db from libs.helper import EmailStr, extract_remote_ip from libs.helper import timezone as validate_timezone_string from libs.token import ( @@ -299,7 +300,7 @@ class EmailCodeLoginApi(Resource): raise NotAllowedCreateWorkspace() else: new_tenant = TenantService.create_tenant(f"{account.name}'s Workspace") - TenantService.create_tenant_member(new_tenant, account, role="owner") + TenantService.create_tenant_member(new_tenant, account, db.session, role="owner") account.current_tenant = new_tenant tenant_was_created.send(new_tenant) diff --git a/api/controllers/console/auth/oauth.py b/api/controllers/console/auth/oauth.py index 31649812fe8..78d1583fde9 100644 --- a/api/controllers/console/auth/oauth.py +++ b/api/controllers/console/auth/oauth.py @@ -246,7 +246,7 @@ def _generate_account( raise WorkSpaceNotAllowedCreateError() else: new_tenant = TenantService.create_tenant(f"{account.name}'s Workspace") - TenantService.create_tenant_member(new_tenant, account, role="owner") + TenantService.create_tenant_member(new_tenant, account, db.session, role="owner") account.current_tenant = new_tenant tenant_was_created.send(new_tenant) diff --git a/api/controllers/console/datasets/external.py b/api/controllers/console/datasets/external.py index 033c9a69af6..eb7b9aa84f8 100644 --- a/api/controllers/console/datasets/external.py +++ b/api/controllers/console/datasets/external.py @@ -26,6 +26,7 @@ from controllers.console.wraps import ( with_current_tenant_id, with_current_user, ) +from extensions.ext_database import db from fields.base import ResponseModel from fields.dataset_fields import ( dataset_detail_fields, @@ -390,6 +391,7 @@ class ExternalKnowledgeHitTestingApi(Resource): try: response = HitTestingService.external_retrieve( + session=db.session, dataset=dataset, query=payload.query, account=current_user, diff --git a/api/controllers/console/datasets/hit_testing_base.py b/api/controllers/console/datasets/hit_testing_base.py index 4e90e66eb25..c343effa9a1 100644 --- a/api/controllers/console/datasets/hit_testing_base.py +++ b/api/controllers/console/datasets/hit_testing_base.py @@ -18,6 +18,7 @@ from core.errors.error import ( ProviderTokenNotInitError, QuotaExceededError, ) +from extensions.ext_database import db from graphon.model_runtime.errors.invoke import InvokeError from libs.login import resolve_account_fallback from models.account import Account @@ -115,6 +116,7 @@ class DatasetsHitTestingBase: try: current_user, _ = resolve_account_fallback(current_user, current_tenant_id) response = HitTestingService.retrieve( + session=db.session, dataset=dataset, query=cast(str, args.get("query")), account=current_user, diff --git a/api/controllers/console/datasets/rag_pipeline/datasource_auth.py b/api/controllers/console/datasets/rag_pipeline/datasource_auth.py index c5ca1d155de..a575760ee19 100644 --- a/api/controllers/console/datasets/rag_pipeline/datasource_auth.py +++ b/api/controllers/console/datasets/rag_pipeline/datasource_auth.py @@ -222,7 +222,7 @@ class DatasourceAuth(Resource): @login_required @account_initialization_required @edit_permission_required - @rbac_permission_required(RBACResourceScope.DATASET, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.DATASET, RBACPermission.CREDENTIAL_CREATE, resource_required=False) @with_current_tenant_id def post(self, current_tenant_id: str, provider_id: str): payload = DatasourceCredentialPayload.model_validate(console_ns.payload or {}) diff --git a/api/controllers/console/explore/saved_message.py b/api/controllers/console/explore/saved_message.py index 3e8f1ce9083..ce43ff18c93 100644 --- a/api/controllers/console/explore/saved_message.py +++ b/api/controllers/console/explore/saved_message.py @@ -11,6 +11,7 @@ from controllers.console.app.error import AppUnavailableError from controllers.console.explore.error import NotCompletionAppError from controllers.console.explore.wraps import InstalledAppResource from controllers.console.wraps import with_current_user +from extensions.ext_database import db from fields.conversation_fields import ResultResponse from fields.message_fields import SavedMessageInfiniteScrollPagination, SavedMessageItem from models import Account @@ -37,6 +38,7 @@ class SavedMessageListApi(InstalledAppResource): args = SavedMessageListQuery.model_validate(request.args.to_dict()) pagination = SavedMessageService.pagination_by_last_id( + db.session(), app_model, current_user, str(args.last_id) if args.last_id else None, @@ -63,7 +65,7 @@ class SavedMessageListApi(InstalledAppResource): payload = SavedMessageCreatePayload.model_validate(console_ns.payload or {}) try: - SavedMessageService.save(app_model, current_user, str(payload.message_id)) + SavedMessageService.save(db.session(), app_model, current_user, str(payload.message_id)) except MessageNotExistsError: raise NotFound("Message Not Exists.") @@ -86,6 +88,6 @@ class SavedMessageApi(InstalledAppResource): if app_model.mode != "completion": raise NotCompletionAppError() - SavedMessageService.delete(app_model, current_user, message_id_str) + SavedMessageService.delete(db.session(), app_model, current_user, message_id_str) return "", 204 diff --git a/api/controllers/console/extension.py b/api/controllers/console/extension.py index 6d9362ae0b1..ec1e01dc460 100644 --- a/api/controllers/console/extension.py +++ b/api/controllers/console/extension.py @@ -7,6 +7,7 @@ from flask_restx import Resource from pydantic import BaseModel, Field, TypeAdapter, field_validator from constants import HIDDEN_VALUE +from extensions.ext_database import db from fields.base import ResponseModel from libs.helper import to_timestamp from libs.login import login_required @@ -126,7 +127,7 @@ class APIBasedExtensionAPI(Resource): def get(self, current_tenant_id: str): return [ _serialize_api_based_extension(extension) - for extension in APIBasedExtensionService.get_all_by_tenant_id(current_tenant_id) + for extension in APIBasedExtensionService.get_all_by_tenant_id(db.session(), current_tenant_id) ] @console_ns.doc("create_api_based_extension") @@ -147,7 +148,12 @@ class APIBasedExtensionAPI(Resource): api_key=payload.api_key, ) - return _serialize_saved_api_based_extension(APIBasedExtensionService.save(extension_data), payload.api_key), 201 + return ( + _serialize_saved_api_based_extension( + APIBasedExtensionService.save(db.session(), extension_data), payload.api_key + ), + 201, + ) @console_ns.route("/api-based-extension/") @@ -164,7 +170,7 @@ class APIBasedExtensionDetailAPI(Resource): api_based_extension_id = str(id) return _serialize_api_based_extension( - APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id) + APIBasedExtensionService.get_with_tenant_id(db.session(), current_tenant_id, api_based_extension_id) ) @console_ns.doc("update_api_based_extension") @@ -179,7 +185,9 @@ class APIBasedExtensionDetailAPI(Resource): def post(self, current_tenant_id: str, id: UUID): api_based_extension_id = str(id) - extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id) + extension_data_from_db = APIBasedExtensionService.get_with_tenant_id( + db.session(), current_tenant_id, api_based_extension_id + ) payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {}) api_key_for_response = extension_data_from_db.api_key @@ -192,7 +200,7 @@ class APIBasedExtensionDetailAPI(Resource): api_key_for_response = payload.api_key return _serialize_saved_api_based_extension( - APIBasedExtensionService.save(extension_data_from_db), + APIBasedExtensionService.save(db.session(), extension_data_from_db), api_key_for_response, ) @@ -207,8 +215,10 @@ class APIBasedExtensionDetailAPI(Resource): def delete(self, current_tenant_id: str, id: UUID): api_based_extension_id = str(id) - extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id) + extension_data_from_db = APIBasedExtensionService.get_with_tenant_id( + db.session(), current_tenant_id, api_based_extension_id + ) - APIBasedExtensionService.delete(extension_data_from_db) + APIBasedExtensionService.delete(db.session(), extension_data_from_db) return "", 204 diff --git a/api/controllers/console/snippets/snippet_workflow.py b/api/controllers/console/snippets/snippet_workflow.py index 5af885ab91b..0b8dc264a68 100644 --- a/api/controllers/console/snippets/snippet_workflow.py +++ b/api/controllers/console/snippets/snippet_workflow.py @@ -80,6 +80,13 @@ class SnippetDraftConfigResponse(BaseModel): parallel_depth_limit: int +class SnippetWorkflowPaginationResponse(BaseModel): + items: list[SnippetWorkflowResponse] + page: int + limit: int + has_more: bool + + register_schema_models( console_ns, SnippetDraftSyncPayload, @@ -98,6 +105,7 @@ register_response_schema_models( SimpleResultResponse, SnippetDraftConfigResponse, SnippetWorkflowResponse, + SnippetWorkflowPaginationResponse, WorkflowPublishResponse, WorkflowPaginationResponse, WorkflowRestoreResponse, @@ -329,7 +337,7 @@ class SnippetPublishedAllWorkflowApi(Resource): @console_ns.response( 200, "Published workflows retrieved successfully", - console_ns.models[WorkflowPaginationResponse.__name__], + console_ns.models[SnippetWorkflowPaginationResponse.__name__], ) @setup_required @login_required @@ -350,7 +358,7 @@ class SnippetPublishedAllWorkflowApi(Resource): limit=args.limit, ) - return WorkflowPaginationResponse.model_validate( + response = SnippetWorkflowPaginationResponse.model_validate( { "items": workflows, "page": args.page, @@ -359,6 +367,9 @@ class SnippetPublishedAllWorkflowApi(Resource): }, from_attributes=True, ).model_dump(mode="json") + for item in response["items"]: + item["input_fields"] = snippet.input_fields_list + return response @console_ns.route("/snippets//workflows//restore") diff --git a/api/controllers/console/workspace/__init__.py b/api/controllers/console/workspace/__init__.py index 59dd29fdace..13bc98c8047 100644 --- a/api/controllers/console/workspace/__init__.py +++ b/api/controllers/console/workspace/__init__.py @@ -5,6 +5,7 @@ from sqlalchemy import select from sqlalchemy.orm import sessionmaker from werkzeug.exceptions import Forbidden +from configs import dify_config from extensions.ext_database import db from libs.login import current_account_with_tenant from models.account import TenantPluginPermission @@ -17,6 +18,9 @@ def plugin_permission_required( def interceptor[**P, R](view: Callable[P, R]) -> Callable[P, R]: @wraps(view) def decorated(*args: P.args, **kwargs: P.kwargs) -> R: + if dify_config.RBAC_ENABLED: + return view(*args, **kwargs) + current_user, current_tenant_id = current_account_with_tenant() user = current_user tenant_id = current_tenant_id diff --git a/api/controllers/console/workspace/model_providers.py b/api/controllers/console/workspace/model_providers.py index 8fda67f4ef8..3ce7211703e 100644 --- a/api/controllers/console/workspace/model_providers.py +++ b/api/controllers/console/workspace/model_providers.py @@ -169,7 +169,7 @@ class ModelProviderCredentialApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_CREATE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, current_tenant_id: str, provider: str): @@ -244,7 +244,7 @@ class ModelProviderCredentialSwitchApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_USE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, current_tenant_id: str, provider: str): @@ -326,7 +326,7 @@ class PreferredProviderTypeUpdateApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_USE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, tenant_id: str, provider: str): diff --git a/api/controllers/console/workspace/models.py b/api/controllers/console/workspace/models.py index e82c0fbc2db..1da72ef4362 100644 --- a/api/controllers/console/workspace/models.py +++ b/api/controllers/console/workspace/models.py @@ -395,7 +395,7 @@ class ModelProviderModelCredentialApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_CREATE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, tenant_id: str, provider: str): @@ -481,7 +481,7 @@ class ModelProviderModelCredentialSwitchApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_USE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, current_tenant_id: str, provider: str): diff --git a/api/controllers/console/workspace/plugin.py b/api/controllers/console/workspace/plugin.py index d599466002d..e768bb5acde 100644 --- a/api/controllers/console/workspace/plugin.py +++ b/api/controllers/console/workspace/plugin.py @@ -469,6 +469,7 @@ class PluginDebuggingKeyApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_DEBUG, resource_required=False) @plugin_permission_required(debug_required=True) @with_current_tenant_id def get(self, tenant_id: str): @@ -614,6 +615,7 @@ class PluginUploadFromPkgApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -634,6 +636,7 @@ class PluginUploadFromGithubApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -653,6 +656,7 @@ class PluginUploadFromBundleApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -673,6 +677,7 @@ class PluginInstallFromPkgApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -693,6 +698,7 @@ class PluginInstallFromGithubApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -719,6 +725,7 @@ class PluginInstallFromMarketplaceApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -739,6 +746,7 @@ class PluginFetchMarketplacePkgApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def get(self, tenant_id: str): @@ -764,6 +772,7 @@ class PluginFetchManifestApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def get(self, tenant_id: str): @@ -784,6 +793,7 @@ class PluginFetchInstallTasksApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def get(self, tenant_id: str): @@ -801,6 +811,7 @@ class PluginFetchInstallTaskApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def get(self, tenant_id: str, task_id: str): @@ -816,6 +827,7 @@ class PluginDeleteInstallTaskApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str, task_id: str): @@ -831,6 +843,7 @@ class PluginDeleteAllInstallTaskItemsApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -846,6 +859,7 @@ class PluginDeleteInstallTaskItemApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str, task_id: str, identifier: str): @@ -862,6 +876,7 @@ class PluginUpgradeFromMarketplaceApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -884,6 +899,7 @@ class PluginUpgradeFromGithubApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -911,6 +927,7 @@ class PluginUninstallApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_INSTALL, resource_required=False) @plugin_permission_required(install_required=True) @with_current_tenant_id def post(self, tenant_id: str): @@ -1041,10 +1058,11 @@ class PluginChangeAutoUpgradeApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_PREFERENCES, resource_required=False) @with_current_user @with_current_tenant_id def post(self, tenant_id: str, user: Account): - if not user.is_admin_or_owner: + if not dify_config.RBAC_ENABLED and not user.is_admin_or_owner: raise Forbidden() args = ParserAutoUpgradeChange.model_validate(console_ns.payload) @@ -1097,6 +1115,7 @@ class PluginAutoUpgradeExcludePluginApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.PLUGIN_PREFERENCES, resource_required=False) @with_current_tenant_id def post(self, tenant_id: str): # exclude one single plugin diff --git a/api/controllers/console/workspace/rbac.py b/api/controllers/console/workspace/rbac.py index 1b213a4f741..f672833061a 100644 --- a/api/controllers/console/workspace/rbac.py +++ b/api/controllers/console/workspace/rbac.py @@ -211,7 +211,7 @@ def _legacy_workspace_roles( name=role_name, description="", is_builtin=True, - permission_keys=list(_LEGACY_ROLE_PERMISSION_KEYS[role_name]), + permission_keys=list(dict.fromkeys(_LEGACY_ROLE_PERMISSION_KEYS[role_name])), role_tag="owner" if role_name == "owner" else "", ) for role_name in ("owner", "admin", "editor", "normal", "dataset_operator") @@ -244,11 +244,6 @@ def _legacy_workspace_roles( ) -# --------------------------------------------------------------------------- -# Permission catalogs. -# --------------------------------------------------------------------------- - - @console_ns.route("/workspaces/current/rbac/role-permissions/catalog") class RBACWorkspaceCatalogApi(Resource): @login_required @@ -375,30 +370,6 @@ class RBACRoleCopyApi(Resource): return _dump(role), 201 -@console_ns.route("/workspaces/current/rbac/roles//members") -class RBACRoleMembersApi(Resource): - @login_required - @rbac_permission_required( - RBACResourceScope.WORKSPACE, RBACPermission.WORKSPACE_ROLE_MANAGE, resource_required=False - ) - @console_ns.response(200, "Success", console_ns.models[_RBACRoleAccountList.__name__]) - def get(self, role_id): - tenant_id, account_id = _current_ids() - return _dump( - svc.RBACService.Roles.members( - tenant_id, - account_id, - str(role_id), - options=_pagination_options(), - ) - ) - - -# --------------------------------------------------------------------------- -# Access policies (tenant-level permission sets). -# --------------------------------------------------------------------------- - - class _AccessPolicyCreateRequest(BaseModel): name: str resource_type: svc.RBACResourceType @@ -788,11 +759,6 @@ class RBACDatasetMemberBindingsApi(Resource): return {"result": "success"} -# --------------------------------------------------------------------------- -# Workspace-level access (Settings > Access Rules). -# --------------------------------------------------------------------------- - - @console_ns.route("/workspaces/current/rbac/workspace/apps/access-policy") class RBACWorkspaceAppMatrixApi(Resource): @login_required diff --git a/api/controllers/console/workspace/tool_providers.py b/api/controllers/console/workspace/tool_providers.py index 9a92571594c..4125e7d8de8 100644 --- a/api/controllers/console/workspace/tool_providers.py +++ b/api/controllers/console/workspace/tool_providers.py @@ -971,7 +971,7 @@ class ToolBuiltinProviderSetDefaultApi(Resource): @setup_required @login_required @is_admin_or_owner_required - @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_MANAGE, resource_required=False) + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.CREDENTIAL_USE, resource_required=False) @account_initialization_required @with_current_tenant_id def post(self, current_tenant_id: str, provider: str): @@ -1070,6 +1070,7 @@ class ToolProviderMCPApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.MCP_MANAGE, resource_required=False) @with_current_user @with_current_tenant_id def post(self, tenant_id: str, user: Account): @@ -1125,6 +1126,7 @@ class ToolProviderMCPApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.MCP_MANAGE, resource_required=False) @with_current_tenant_id def put(self, current_tenant_id: str): payload = MCPProviderUpdatePayload.model_validate(console_ns.payload or {}) @@ -1178,6 +1180,7 @@ class ToolProviderMCPApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.MCP_MANAGE, resource_required=False) @with_current_tenant_id def delete(self, current_tenant_id: str): payload = MCPProviderDeletePayload.model_validate(console_ns.payload or {}) @@ -1196,6 +1199,7 @@ class ToolMCPAuthApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.MCP_MANAGE, resource_required=False) @with_current_tenant_id def post(self, tenant_id: str): payload = MCPAuthPayload.model_validate(console_ns.payload or {}) @@ -1300,6 +1304,7 @@ class ToolMCPUpdateApi(Resource): @setup_required @login_required @account_initialization_required + @rbac_permission_required(RBACResourceScope.WORKSPACE, RBACPermission.MCP_MANAGE, resource_required=False) @with_current_tenant_id def get(self, tenant_id: str, provider_id: str): with sessionmaker(db.engine).begin() as session: diff --git a/api/controllers/inner_api/knowledge/retrieval.py b/api/controllers/inner_api/knowledge/retrieval.py index ef33fbda518..1c1320fde42 100644 --- a/api/controllers/inner_api/knowledge/retrieval.py +++ b/api/controllers/inner_api/knowledge/retrieval.py @@ -1,9 +1,10 @@ -"""Inner API endpoint for tenant-scoped knowledge retrieval. +"""Plugin inner API endpoint for tenant-scoped knowledge retrieval. This controller is a thin HTTP wrapper around ``services.knowledge_retrieval_inner_service.InnerKnowledgeRetrievalService``. -It intentionally keeps authorization simple: shared inner API key plus -tenant-scoped app/dataset validation in the service layer. +It uses the plugin inner API key because dify-agent calls this endpoint through +the same trusted Dify API bridge as other agent/plugin inner calls; tenant-scoped +app/dataset validation remains in the service layer. """ from flask_restx import Resource @@ -11,7 +12,7 @@ from pydantic import ValidationError from controllers.common.schema import register_response_schema_models, register_schema_models from controllers.inner_api import inner_api_ns -from controllers.inner_api.wraps import inner_api_only +from controllers.inner_api.wraps import plugin_inner_api_only from core.workflow.nodes.knowledge_retrieval import exc as retrieval_exc from libs.exception import BaseHTTPException from services.entities.knowledge_retrieval_inner import InnerKnowledgeRetrieveRequest, InnerKnowledgeRetrieveResponse @@ -48,7 +49,7 @@ register_response_schema_models(inner_api_ns, InnerKnowledgeRetrieveResponse) class InnerKnowledgeRetrieveApi(Resource): """Retrieve knowledge from one or more datasets within the caller tenant.""" - @inner_api_only + @plugin_inner_api_only @inner_api_ns.doc("inner_knowledge_retrieve") @inner_api_ns.doc(description="Retrieve knowledge for trusted internal callers") @inner_api_ns.expect(inner_api_ns.models[InnerKnowledgeRetrieveRequest.__name__]) @@ -60,9 +61,8 @@ class InnerKnowledgeRetrieveApi(Resource): @inner_api_ns.doc( responses={ 400: "Invalid request body", - 401: "Unauthorized - invalid inner API key", 403: "Caller tenant does not own the requested resource", - 404: "App or dataset not found", + 404: "Invalid plugin inner API key, app not found, or dataset not found", 422: "Invalid retrieval configuration", 429: "Knowledge retrieval rate limited", 502: "External knowledge retrieval failed", diff --git a/api/controllers/inner_api/plugin/agent_drive.py b/api/controllers/inner_api/plugin/agent_drive.py index a80caea3c55..0cdb9dab35f 100644 --- a/api/controllers/inner_api/plugin/agent_drive.py +++ b/api/controllers/inner_api/plugin/agent_drive.py @@ -1,10 +1,12 @@ -"""Inner API for the agent drive (agent 网盘) control plane — ENG-591. +"""Inner API for the agent drive (agent 网盘) control plane. -Two endpoints, called by the dify-agent server (not the sandbox) with the inner -API key. The drive ref is the URL segment ``agent-``; the path-like -file key travels in the query/body, never as a URL path segment (so its ``/`` -characters do not collide with routing). Drive-owned semantics: tenant scoped, -no user-level FileAccessScope. +These endpoints are called by the dify-agent server (not the sandbox) with the +inner API key. The drive ref is the URL segment ``agent-``; the +path-like file key travels in the query/body, never as a URL path segment (so +its ``/`` characters do not collide with routing). Drive-owned semantics: +tenant scoped, no user-level FileAccessScope. Commit still canonicalizes the +trusted execution-context user through the same EndUser lookup as plugin file +upload before validating ToolFile ownership. """ from flask import request @@ -13,6 +15,7 @@ from pydantic import BaseModel, ValidationError from controllers.console.wraps import setup_required from controllers.inner_api import inner_api_ns +from controllers.inner_api.plugin.wraps import get_user from controllers.inner_api.wraps import plugin_inner_api_only from services.agent_drive_service import ( AgentDriveError, @@ -56,6 +59,24 @@ class AgentDriveManifestApi(Resource): return {"items": items} +@inner_api_ns.route("/drive//skills") +class AgentDriveSkillsApi(Resource): + @setup_required + @plugin_inner_api_only + @inner_api_ns.doc("agent_drive_skills") + @inner_api_ns.doc(description="List the skill catalog of an agent drive") + def get(self, drive_ref: str): + try: + agent_id = parse_agent_drive_ref(drive_ref) + tenant_id = (request.args.get("tenant_id") or "").strip() + if not tenant_id: + raise AgentDriveError("missing_tenant_id", "tenant_id is required", status_code=400) + items = AgentDriveService().list_skills(tenant_id=tenant_id, agent_id=agent_id) + except AgentDriveError as exc: + return _error_response(exc) + return {"items": items} + + @inner_api_ns.route("/drive//commit") class AgentDriveCommitApi(Resource): @setup_required @@ -69,9 +90,10 @@ class AgentDriveCommitApi(Resource): body = _CommitRequest.model_validate(request.get_json(silent=True) or {}) except ValidationError as exc: raise AgentDriveError("invalid_request", str(exc), status_code=400) from exc + user = get_user(body.tenant_id, body.user_id) items = AgentDriveService().commit( tenant_id=body.tenant_id, - user_id=body.user_id, + user_id=user.id, agent_id=agent_id, items=body.items, ) diff --git a/api/controllers/inner_api/workspace/workspace.py b/api/controllers/inner_api/workspace/workspace.py index ef0a46db63a..dd93616e6b1 100644 --- a/api/controllers/inner_api/workspace/workspace.py +++ b/api/controllers/inner_api/workspace/workspace.py @@ -48,7 +48,7 @@ class EnterpriseWorkspace(Resource): return {"message": "owner account not found."}, 404 tenant = TenantService.create_tenant(args.name, is_from_dashboard=True) - TenantService.create_tenant_member(tenant, account, role="owner") + TenantService.create_tenant_member(tenant, account, db.session, role="owner") tenant_was_created.send(tenant) diff --git a/api/controllers/openapi/__init__.py b/api/controllers/openapi/__init__.py index e8406ea00cb..c11019cf627 100644 --- a/api/controllers/openapi/__init__.py +++ b/api/controllers/openapi/__init__.py @@ -31,7 +31,7 @@ from controllers.openapi._models import ( AppDslExportQuery, AppDslExportResponse, AppDslImportPayload, - AppInfoResponse, + AppInfo, AppListQuery, AppListResponse, AppListRow, @@ -62,7 +62,6 @@ from controllers.openapi._models import ( SessionListQuery, SessionListResponse, SessionRow, - TagItem, TaskStopResponse, UsageInfo, WorkflowRunData, @@ -96,12 +95,11 @@ register_response_schema_models( openapi_ns, ErrorBody, EventStreamResponse, - TagItem, UsageInfo, MessageMetadata, AppListRow, AppListResponse, - AppInfoResponse, + AppInfo, AppDescribeInfo, AppDescribeResponse, AppDslExportResponse, diff --git a/api/controllers/openapi/_errors.py b/api/controllers/openapi/_errors.py index 38c068bd354..5e82c2614de 100644 --- a/api/controllers/openapi/_errors.py +++ b/api/controllers/openapi/_errors.py @@ -63,6 +63,8 @@ class OpenApiErrorCode(StrEnum): FILE_EXTENSION_BLOCKED = "file_extension_blocked" MEMBER_LIMIT_EXCEEDED = "member_limit_exceeded" MEMBER_LICENSE_EXCEEDED = "member_license_exceeded" + HUMAN_INPUT_FORM_NOT_FOUND = "form_not_found" + RECIPIENT_SURFACE_MISMATCH = "recipient_surface_mismatch" class ErrorDetail(BaseModel): @@ -239,3 +241,16 @@ class MemberLicenseExceeded(OpenApiError): # noqa: N818 error_code = OpenApiErrorCode.MEMBER_LICENSE_EXCEEDED description = "Workspace member license capacity reached." hint = "Contact your workspace administrator to expand the license seat count." + + +class HumanInputFormNotFound(OpenApiError): # noqa: N818 + code = 404 + error_code = OpenApiErrorCode.HUMAN_INPUT_FORM_NOT_FOUND + description = "No human-input form matches this token. It may be wrong, expired, or already submitted." + + +class RecipientSurfaceMismatch(OpenApiError): # noqa: N818 + code = 403 + error_code = OpenApiErrorCode.RECIPIENT_SURFACE_MISMATCH + description = "This form's recipient can't be submitted via the OpenAPI surface." + hint = "Action it through its channel (web app or console)." diff --git a/api/controllers/openapi/_models.py b/api/controllers/openapi/_models.py index 7c225c85f65..6e8a9c9d439 100644 --- a/api/controllers/openapi/_models.py +++ b/api/controllers/openapi/_models.py @@ -2,7 +2,8 @@ from __future__ import annotations -from typing import Any, Literal +from enum import StrEnum +from typing import Any, Final, Literal from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator @@ -13,6 +14,30 @@ from models.model import AppMode MAX_PAGE_LIMIT = 200 +class SupportedAppType(StrEnum): + """App types the ``app`` usage face (``get app``) lists and filters. + + A curated subset of :class:`AppMode`: the real, user-facing app categories. + Excludes runtime-only mode tags that are not standalone apps + (``rag-pipeline`` is a knowledge ``Pipeline``; ``channel`` is unused) and the + roster-owned ``agent`` type (surfaced through the roster, not this list). + + Members reference ``AppMode.*.value`` so the subset relationship is + type-checked: dropping a member from ``AppMode`` breaks this at import. + This is the single source for the listable set — params, filters, and the + generated CLI whitelist all derive from it. + """ + + COMPLETION = AppMode.COMPLETION.value + CHAT = AppMode.CHAT.value + ADVANCED_CHAT = AppMode.ADVANCED_CHAT.value + WORKFLOW = AppMode.WORKFLOW.value + AGENT_CHAT = AppMode.AGENT_CHAT.value + + +SUPPORTED_APP_TYPES: Final[tuple[AppMode, ...]] = tuple(AppMode(t.value) for t in SupportedAppType) + + class UsageInfo(BaseModel): prompt_tokens: int = 0 completion_tokens: int = 0 @@ -38,18 +63,12 @@ class PaginationEnvelope[T](BaseModel): return cls(page=page, limit=limit, total=total, has_more=page * limit < total, data=items) -class TagItem(BaseModel): - name: str - - class AppListRow(BaseModel): id: str name: str description: str | None = None mode: AppMode - tags: list[TagItem] = [] updated_at: str | None = None - created_by_name: str | None = None workspace_id: str | None = None workspace_name: str | None = None @@ -70,16 +89,14 @@ class PermittedExternalAppsListResponse(BaseModel): data: list[AppListRow] -class AppInfoResponse(BaseModel): +class AppInfo(BaseModel): id: str name: str description: str | None = None mode: str - author: str | None = None - tags: list[TagItem] = [] -class AppDescribeInfo(AppInfoResponse): +class AppDescribeInfo(AppInfo): updated_at: str | None = None service_api_enabled: bool is_agent: bool = False @@ -287,14 +304,13 @@ class AppDescribeQuery(BaseModel): class AppListQuery(BaseModel): - """mode is a closed enum.""" + """mode is a closed enum of listable app types.""" workspace_id: UUIDStr page: int = Field(1, ge=1) limit: int = Field(20, ge=1, le=MAX_PAGE_LIMIT) - mode: AppMode | None = None + mode: SupportedAppType | None = None name: str | None = Field(None, max_length=200) - tag: str | None = Field(None, max_length=100) class AppRunRequest(BaseModel): @@ -344,7 +360,7 @@ class PermittedExternalAppsListQuery(BaseModel): page: int = Field(1, ge=1) limit: int = Field(20, ge=1, le=MAX_PAGE_LIMIT) - mode: AppMode | None = None + mode: SupportedAppType | None = None name: str | None = Field(None, max_length=200) diff --git a/api/controllers/openapi/app_dsl.py b/api/controllers/openapi/app_dsl.py index 8a8c62f28ca..9b1abd24bac 100644 --- a/api/controllers/openapi/app_dsl.py +++ b/api/controllers/openapi/app_dsl.py @@ -5,11 +5,12 @@ from typing import cast from flask_restx import Resource from sqlalchemy.orm import Session +from controllers.common.wraps import RBACPermission, RBACResourceScope from controllers.openapi import openapi_ns from controllers.openapi._contract import accepts, returns from controllers.openapi._models import AppDslExportQuery, AppDslExportResponse, AppDslImportPayload from controllers.openapi.auth.composition import auth_router -from controllers.openapi.auth.data import AuthData +from controllers.openapi.auth.data import AuthData, RBACRequirement from extensions.ext_database import db from libs.oauth_bearer import Scope, TokenType from models import Account, App @@ -37,6 +38,11 @@ class AppDslImportApi(Resource): scope=Scope.WORKSPACE_WRITE, allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT}), allowed_roles=frozenset({TenantAccountRole.EDITOR, TenantAccountRole.ADMIN, TenantAccountRole.OWNER}), + rbac=RBACRequirement( + resource_type=RBACResourceScope.APP, + scene=RBACPermission.APP_IMPORT_EXPORT_DSL, + resource_required=False, + ), ) @returns(200, Import, "Import completed") @returns(202, Import, "Import pending confirmation") @@ -89,6 +95,11 @@ class AppDslImportConfirmApi(Resource): scope=Scope.WORKSPACE_WRITE, allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT}), allowed_roles=frozenset({TenantAccountRole.EDITOR, TenantAccountRole.ADMIN, TenantAccountRole.OWNER}), + rbac=RBACRequirement( + resource_type=RBACResourceScope.APP, + scene=RBACPermission.APP_IMPORT_EXPORT_DSL, + resource_required=False, + ), ) @returns(200, Import, "Import confirmed") @returns(400, Import, "Import failed") @@ -125,6 +136,7 @@ class AppDslExportApi(Resource): scope=Scope.APPS_READ, allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT}), allowed_roles=frozenset({TenantAccountRole.EDITOR, TenantAccountRole.ADMIN, TenantAccountRole.OWNER}), + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_IMPORT_EXPORT_DSL), ) @accepts(query=AppDslExportQuery) @returns(200, AppDslExportResponse, "Export successful") @@ -155,6 +167,7 @@ class AppDslCheckDependenciesApi(Resource): scope=Scope.APPS_READ, allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT}), allowed_roles=frozenset({TenantAccountRole.EDITOR, TenantAccountRole.ADMIN, TenantAccountRole.OWNER}), + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_IMPORT_EXPORT_DSL), ) @returns(200, CheckDependenciesResult, "Dependencies checked") def get(self, app_id: str, *, auth_data: AuthData): diff --git a/api/controllers/openapi/app_run.py b/api/controllers/openapi/app_run.py index 76ddd166596..7e77e3aa747 100644 --- a/api/controllers/openapi/app_run.py +++ b/api/controllers/openapi/app_run.py @@ -19,12 +19,13 @@ from werkzeug.exceptions import ( import services from controllers.common.fields import EventStreamResponse +from controllers.common.wraps import RBACPermission, RBACResourceScope from controllers.openapi import openapi_ns from controllers.openapi._audit import emit_app_run from controllers.openapi._contract import accepts, returns from controllers.openapi._models import AppRunRequest, TaskStopResponse from controllers.openapi.auth.composition import auth_router -from controllers.openapi.auth.data import AuthData +from controllers.openapi.auth.data import AuthData, RBACRequirement from controllers.service_api.app.error import ( AppUnavailableError, CompletionRequestError, @@ -136,7 +137,10 @@ _DISPATCH: dict[AppMode, Callable[[App, Any, AppRunRequest], Any]] = { @openapi_ns.route("/apps//run") class AppRunApi(Resource): - @auth_router.guard(scope=Scope.APPS_RUN) + @auth_router.guard( + scope=Scope.APPS_RUN, + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_TEST_AND_RUN), + ) @openapi_ns.response(200, "Run result (SSE stream)", openapi_ns.models[EventStreamResponse.__name__]) @accepts(body=AppRunRequest) def post(self, app_id: str, *, auth_data: AuthData, body: AppRunRequest): @@ -167,7 +171,10 @@ class AppRunApi(Resource): @openapi_ns.route("/apps//tasks//stop") class AppRunTaskStopApi(Resource): - @auth_router.guard(scope=Scope.APPS_RUN) + @auth_router.guard( + scope=Scope.APPS_RUN, + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_TEST_AND_RUN), + ) @returns(200, TaskStopResponse, description="Task stopped") def post(self, app_id: str, task_id: str, *, auth_data: AuthData): app_model, caller, caller_kind = auth_data.require_app_context() diff --git a/api/controllers/openapi/apps.py b/api/controllers/openapi/apps.py index c4796313c0b..181af5c0742 100644 --- a/api/controllers/openapi/apps.py +++ b/api/controllers/openapi/apps.py @@ -8,33 +8,41 @@ from typing import Any, cast from flask_restx import Resource from werkzeug.exceptions import Conflict, NotFound, UnprocessableEntity +from configs import dify_config +from controllers.common.app_access import AppAccessFilter, resolve_app_access_filter from controllers.common.fields import Parameters +from controllers.common.wraps import RBACPermission, RBACResourceScope from controllers.openapi import openapi_ns from controllers.openapi._contract import accepts, returns from controllers.openapi._input_schema import EMPTY_INPUT_SCHEMA, build_input_schema, resolve_app_config from controllers.openapi._models import ( + SUPPORTED_APP_TYPES, AppDescribeInfo, AppDescribeQuery, AppDescribeResponse, AppListQuery, AppListResponse, AppListRow, - TagItem, ) from controllers.openapi.auth.composition import auth_router -from controllers.openapi.auth.data import AuthData +from controllers.openapi.auth.data import AuthData, RBACRequirement from controllers.service_api.app.error import AppUnavailableError from core.app.app_config.common.parameters_mapping import get_parameters_from_feature_dict from extensions.ext_database import db from libs.oauth_bearer import Scope, TokenType from models import App +from models.model import AppMode from services.account_service import TenantService from services.app_service import AppListParams, AppService -from services.tag_service import TagService _ALLOWED_DESCRIBE_FIELDS: frozenset[str] = frozenset({"info", "parameters", "input_schema"}) +def _is_listable(app: App) -> bool: + """Whether the openapi app face exposes this app (curated, listable types only).""" + return app.mode in SUPPORTED_APP_TYPES + + _EMPTY_PARAMETERS: dict[str, Any] = { "opening_statement": None, "suggested_questions": [], @@ -84,54 +92,55 @@ def parameters_payload(app: App) -> dict: return Parameters.model_validate(parameters).model_dump(mode="json") +def build_app_describe_response(app: App, fields: set[str] | None) -> AppDescribeResponse: + """Public projection of an app (name / params / input schema) — never internal config.""" + want_info = fields is None or "info" in fields + want_params = fields is None or "parameters" in fields + want_schema = fields is None or "input_schema" in fields + + info = ( + AppDescribeInfo( + id=str(app.id), + name=app.name, + mode=app.mode, + description=app.description, + updated_at=app.updated_at.isoformat() if app.updated_at else None, + service_api_enabled=bool(app.enable_api), + is_agent=app.mode in (AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT), + ) + if want_info + else None + ) + + parameters: dict[str, Any] | None = None + input_schema: dict[str, Any] | None = None + if want_params: + try: + parameters = parameters_payload(app) + except AppUnavailableError: + parameters = dict(_EMPTY_PARAMETERS) + if want_schema: + try: + input_schema = build_input_schema(app) + except AppUnavailableError: + input_schema = dict(EMPTY_INPUT_SCHEMA) + + return AppDescribeResponse(info=info, parameters=parameters, input_schema=input_schema) + + @openapi_ns.route("/apps//describe") class AppDescribeApi(AppReadResource): - @auth_router.guard(scope=Scope.APPS_READ, allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT})) + @auth_router.guard( + scope=Scope.APPS_READ, + allowed_token_types=frozenset({TokenType.OAUTH_ACCOUNT}), + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_VIEW_LAYOUT), + ) @returns(200, AppDescribeResponse, description="App description") @accepts(query=AppDescribeQuery) def get(self, app_id: str, *, auth_data: AuthData, query: AppDescribeQuery): # describe is UUID-only (workspace_id query param dropped in #37212). app = self._load(app_id) - - requested = query.fields - want_info = requested is None or "info" in requested - want_params = requested is None or "parameters" in requested - want_schema = requested is None or "input_schema" in requested - - info = ( - AppDescribeInfo( - id=str(app.id), - name=app.name, - mode=app.mode, - description=app.description, - tags=[TagItem(name=t.name) for t in app.tags], - author=app.author_name, - updated_at=app.updated_at.isoformat() if app.updated_at else None, - service_api_enabled=bool(app.enable_api), - is_agent=app.mode in ("agent-chat", "advanced-chat"), - ) - if want_info - else None - ) - - parameters: dict[str, Any] | None = None - input_schema: dict[str, Any] | None = None - if want_params: - try: - parameters = parameters_payload(app) - except AppUnavailableError: - parameters = dict(_EMPTY_PARAMETERS) - if want_schema: - try: - input_schema = build_input_schema(app) - except AppUnavailableError: - input_schema = dict(EMPTY_INPUT_SCHEMA) - - return AppDescribeResponse( - info=info, - parameters=parameters, - input_schema=input_schema, - ) + return build_app_describe_response(app, query.fields) @openapi_ns.route("/apps") @@ -152,45 +161,57 @@ class AppListApi(Resource): else: parsed_uuid = None + # Compute RBAC-accessible app IDs when RBAC is enabled and the caller is an account. + # ``None`` means unrestricted (caller can see all apps in the workspace); + # an empty set or list means the caller has no accessible apps. + # End-users bypass RBAC here — their access is controlled by scope upstream. + apply_rbac_filter = ( + dify_config.RBAC_ENABLED and auth_data.caller_kind != "end_user" and auth_data.account_id is not None + ) + access_filter = AppAccessFilter.unrestricted() + if apply_rbac_filter: + access_filter = resolve_app_access_filter(workspace_id, str(auth_data.account_id)) + tenant_name: str | None = None if parsed_uuid is not None: app: App | None = AppService.get_visible_app_by_id(db.session, str(parsed_uuid)) if app is None or str(app.tenant_id) != workspace_id: return empty + if not _is_listable(app): + return empty + # Apply RBAC visibility to the UUID fast-path the same way the service + # layer does for paginated queries (id in accessible set OR own app). + if apply_rbac_filter and not access_filter.is_app_accessible( + str(app.id), str(app.maintainer) if app.maintainer else None, str(auth_data.account_id) + ): + return empty tenant_name = TenantService.get_tenant_name(db.session, workspace_id) item = AppListRow( id=str(app.id), name=app.name, description=app.description, mode=app.mode, - tags=[TagItem(name=t.name) for t in app.tags], updated_at=app.updated_at.isoformat() if app.updated_at else None, - created_by_name=getattr(app, "author_name", None), workspace_id=str(workspace_id), workspace_name=tenant_name, ) env = AppListResponse(page=1, limit=1, total=1, has_more=False, data=[item]) return env - tag_ids: list[str] | None = None - if query.tag: - tags = TagService.get_tag_by_tag_name("app", workspace_id, query.tag, db.session) - if not tags: - return empty - tag_ids = [tag.id for tag in tags] - params = AppListParams( page=query.page, limit=query.limit, mode=query.mode.value if query.mode else "all", # type:ignore name=query.name, - tag_ids=tag_ids, status="normal", # Visibility gate pushed into the query — pagination.total stays # consistent across pages because invisible rows never count. openapi_visible=True, ) + if apply_rbac_filter: + access_filter.apply_to_params(params) + pagination = AppService().get_paginate_apps(str(auth_data.account_id), workspace_id, params, db.session) if pagination is None: return empty @@ -205,13 +226,12 @@ class AppListApi(Resource): name=r.name, description=r.description, mode=r.mode, - tags=[TagItem(name=t.name) for t in r.tags], updated_at=r.updated_at.isoformat() if r.updated_at else None, - created_by_name=getattr(r, "author_name", None), workspace_id=str(workspace_id), workspace_name=tenant_name, ) for r in pagination.items + if _is_listable(r) ] env = AppListResponse( diff --git a/api/controllers/openapi/apps_permitted_external.py b/api/controllers/openapi/apps_permitted_external.py index 0e889a2951c..9bc400e5cc7 100644 --- a/api/controllers/openapi/apps_permitted_external.py +++ b/api/controllers/openapi/apps_permitted_external.py @@ -8,14 +8,18 @@ EE blueprint chain so this module is unreachable there. from __future__ import annotations from flask_restx import Resource +from werkzeug.exceptions import NotFound from controllers.openapi import openapi_ns from controllers.openapi._contract import accepts, returns from controllers.openapi._models import ( + AppDescribeQuery, + AppDescribeResponse, AppListRow, PermittedExternalAppsListQuery, PermittedExternalAppsListResponse, ) +from controllers.openapi.apps import build_app_describe_response from controllers.openapi.auth.composition import auth_router from controllers.openapi.auth.data import AuthData, Edition from extensions.ext_database import db @@ -67,9 +71,7 @@ class PermittedExternalAppsListApi(Resource): name=app.name, description=app.description, mode=app.mode, - tags=[], # tenant-scoped; not surfaced cross-tenant updated_at=app.updated_at.isoformat() if app.updated_at else None, - created_by_name=None, # cross-tenant author leak prevention workspace_id=str(app.tenant_id), workspace_name=tenant.name if tenant else None, ) @@ -82,3 +84,20 @@ class PermittedExternalAppsListApi(Resource): data=items, ) return env + + +@openapi_ns.route("/permitted-external-apps//describe") +class PermittedExternalAppDescribeApi(Resource): + @auth_router.guard( + scope=Scope.APPS_READ_PERMITTED_EXTERNAL, + allowed_token_types=frozenset({TokenType.OAUTH_EXTERNAL_SSO}), + edition=frozenset({Edition.EE}), + ) + @returns(200, AppDescribeResponse, description="Permitted external app description") + @accepts(query=AppDescribeQuery) + def get(self, app_id: str, *, auth_data: AuthData, query: AppDescribeQuery): + # App already loaded and ACL-checked by the external_sso pipeline; project it. + app = auth_data.app + if app is None: + raise NotFound("app not found") + return build_app_describe_response(app, query.fields) diff --git a/api/controllers/openapi/auth/composition.py b/api/controllers/openapi/auth/composition.py index 66f925c8cde..67f7001c080 100644 --- a/api/controllers/openapi/auth/composition.py +++ b/api/controllers/openapi/auth/composition.py @@ -3,9 +3,11 @@ from __future__ import annotations from controllers.openapi.auth.conditions import ( EDITION_EE, HAS_ALLOWED_ROLES, + HAS_RBAC, LOADED_APP_IS_PRIVATE, PATH_HAS_APP_ID, WEBAPP_AUTH_ENABLED, + WEBAPP_RUN_SCOPED, WORKSPACE_MEMBERSHIP_REQUIRED, WORKSPACE_SCOPED, ) @@ -25,6 +27,7 @@ from controllers.openapi.auth.verify import ( check_acl, check_app_api_enabled, check_private_app_permission, + check_rbac_permission, check_scope, check_workspace_member, check_workspace_mismatch, @@ -47,8 +50,9 @@ account_pipeline = AuthPipeline( When(WORKSPACE_SCOPED, then=check_workspace_member), When(PATH_HAS_APP_ID, then=check_workspace_mismatch), When(HAS_ALLOWED_ROLES, then=check_workspace_role), - When(PATH_HAS_APP_ID & EDITION_EE & WEBAPP_AUTH_ENABLED, then=check_acl), - When(EDITION_EE & LOADED_APP_IS_PRIVATE, then=check_private_app_permission), + When(HAS_RBAC, then=check_rbac_permission), + When(PATH_HAS_APP_ID & EDITION_EE & WEBAPP_AUTH_ENABLED & WEBAPP_RUN_SCOPED, then=check_acl), + When(EDITION_EE & LOADED_APP_IS_PRIVATE & WEBAPP_RUN_SCOPED, then=check_private_app_permission), ], ) diff --git a/api/controllers/openapi/auth/conditions.py b/api/controllers/openapi/auth/conditions.py index 5ad15e5e41c..73a767b8d8e 100644 --- a/api/controllers/openapi/auth/conditions.py +++ b/api/controllers/openapi/auth/conditions.py @@ -3,7 +3,7 @@ from __future__ import annotations from collections.abc import Callable from controllers.openapi.auth.data import AuthData, Edition, RequestContext, current_edition -from libs.oauth_bearer import TokenType +from libs.oauth_bearer import Scope, TokenType from services.enterprise.enterprise_service import WebAppAccessMode from services.feature_service import FeatureService @@ -50,8 +50,11 @@ EDITION_SAAS = config_cond(lambda: current_edition() == Edition.SAAS) WEBAPP_AUTH_ENABLED = config_cond(lambda: FeatureService.get_system_features().webapp_auth.enabled) +WEBAPP_RUN_SCOPED = request_cond(lambda ctx: ctx.scope == Scope.APPS_RUN) + WORKSPACE_MEMBERSHIP_REQUIRED = request_cond(lambda ctx: ctx.workspace_membership) HAS_ALLOWED_ROLES = request_cond(lambda ctx: ctx.allowed_roles is not None) +HAS_RBAC = request_cond(lambda ctx: ctx.rbac is not None) # Caller must belong to the resolved tenant: either an app-scoped path (tenant # from the app) or an explicit workspace-membership path (tenant from request). diff --git a/api/controllers/openapi/auth/data.py b/api/controllers/openapi/auth/data.py index 76b0d90cb45..9aefef0061c 100644 --- a/api/controllers/openapi/auth/data.py +++ b/api/controllers/openapi/auth/data.py @@ -8,6 +8,7 @@ from pydantic import BaseModel, ConfigDict, Field from werkzeug.exceptions import InternalServerError from configs import dify_config +from core.rbac import RBACPermission, RBACResourceScope from libs.oauth_bearer import Scope, TokenType from models.account import Account, Tenant, TenantAccountRole from models.model import App, EndUser @@ -35,6 +36,14 @@ class ExternalIdentity(BaseModel): issuer: str | None = None +class RBACRequirement(BaseModel): + model_config = ConfigDict(frozen=True) + + resource_type: RBACResourceScope + scene: RBACPermission + resource_required: bool = True + + class RequestContext(BaseModel): model_config = ConfigDict(frozen=True) @@ -43,6 +52,7 @@ class RequestContext(BaseModel): path_params: dict[str, str] workspace_membership: bool = False allowed_roles: frozenset[TenantAccountRole] | None = None + rbac: RBACRequirement | None = None class AuthData(BaseModel): @@ -59,6 +69,7 @@ class AuthData(BaseModel): path_params: dict[str, str] = Field(default_factory=dict) allowed_roles: frozenset[TenantAccountRole] | None = None + rbac: RBACRequirement | None = None app: App | None = None tenant: Tenant | None = None diff --git a/api/controllers/openapi/auth/pipeline.py b/api/controllers/openapi/auth/pipeline.py index 488a971b1e0..3e0aca53d3c 100644 --- a/api/controllers/openapi/auth/pipeline.py +++ b/api/controllers/openapi/auth/pipeline.py @@ -21,6 +21,7 @@ from controllers.openapi.auth.data import ( AuthData, Edition, ExternalIdentity, + RBACRequirement, RequestContext, current_edition, ) @@ -59,6 +60,7 @@ class AuthPipeline: scope: Scope | None, workspace_membership: bool = False, allowed_roles: frozenset[TenantAccountRole] | None = None, + rbac: RBACRequirement | None = None, ) -> Any: req_ctx = RequestContext( token_type=identity.token_type, @@ -66,6 +68,7 @@ class AuthPipeline: path_params=dict(request.view_args or {}), workspace_membership=workspace_membership, allowed_roles=allowed_roles, + rbac=rbac, ) data = AuthData( @@ -77,6 +80,7 @@ class AuthPipeline: tenants=dict(identity.verified_tenants), required_scope=scope, allowed_roles=allowed_roles, + rbac=rbac, path_params=dict(req_ctx.path_params), external_identity=( ExternalIdentity(email=identity.subject_email, issuer=identity.subject_issuer) @@ -129,6 +133,7 @@ class PipelineRouter: edition: frozenset[Edition] | None = None, workspace_membership: bool = False, allowed_roles: frozenset[TenantAccountRole] | None = None, + rbac: RBACRequirement | None = None, ) -> Callable: return self._make_decorator( scope=scope, @@ -136,6 +141,7 @@ class PipelineRouter: edition=edition, workspace_membership=workspace_membership, allowed_roles=allowed_roles, + rbac=rbac, ) def guard_workspace( @@ -145,6 +151,7 @@ class PipelineRouter: allowed_token_types: frozenset[TokenType] | None = None, edition: frozenset[Edition] | None = None, allowed_roles: frozenset[TenantAccountRole] | None = None, + rbac: RBACRequirement | None = None, ) -> Callable: return self._make_decorator( scope=scope, @@ -152,6 +159,7 @@ class PipelineRouter: edition=edition, workspace_membership=True, allowed_roles=allowed_roles, + rbac=rbac, ) def _make_decorator( @@ -162,6 +170,7 @@ class PipelineRouter: edition: frozenset[Edition] | None, workspace_membership: bool, allowed_roles: frozenset[TenantAccountRole] | None, + rbac: RBACRequirement | None, ) -> Callable: def decorator(view: Callable) -> Callable: @wraps(view) @@ -175,6 +184,7 @@ class PipelineRouter: edition=edition, workspace_membership=workspace_membership, allowed_roles=allowed_roles, + rbac=rbac, ) return decorated @@ -192,6 +202,7 @@ class PipelineRouter: edition: frozenset[Edition] | None, workspace_membership: bool = False, allowed_roles: frozenset[TenantAccountRole] | None = None, + rbac: RBACRequirement | None = None, ) -> Any: # 404 not 403 — this edition doesn't expose the feature at all if edition is not None and current_edition() not in edition: @@ -235,6 +246,7 @@ class PipelineRouter: scope=scope, workspace_membership=workspace_membership, allowed_roles=allowed_roles, + rbac=rbac, ) diff --git a/api/controllers/openapi/auth/surface_gate.py b/api/controllers/openapi/auth/surface_gate.py index 49485fb28c9..f3d2d0735bb 100644 --- a/api/controllers/openapi/auth/surface_gate.py +++ b/api/controllers/openapi/auth/surface_gate.py @@ -74,12 +74,13 @@ def accept_subjects(*accepted: SubjectType) -> Callable[[F], F]: def _coerce_subject_type(raw: object) -> SubjectType | None: - if raw is None: - return None - if isinstance(raw, SubjectType): - return raw - if isinstance(raw, str): - return SubjectType(raw) + match raw: + case None: + return None + case SubjectType(): + return raw + case str(): + return SubjectType(raw) return None diff --git a/api/controllers/openapi/auth/verify.py b/api/controllers/openapi/auth/verify.py index 8cd7a30f5e9..1323d142fb1 100644 --- a/api/controllers/openapi/auth/verify.py +++ b/api/controllers/openapi/auth/verify.py @@ -3,6 +3,8 @@ from __future__ import annotations from flask import request from werkzeug.exceptions import Forbidden, NotFound, UnprocessableEntity +from configs import dify_config +from controllers.common.wraps import enforce_rbac_access from controllers.openapi.auth.data import AuthData from extensions.ext_database import db from libs.oauth_bearer import Scope, TokenType @@ -38,6 +40,9 @@ def check_workspace_mismatch(data: AuthData) -> None: def check_workspace_role(data: AuthData) -> None: + if dify_config.RBAC_ENABLED and data.rbac is not None: + # fine-grained permission check is performed by RBAC + return if data.allowed_roles is None: return if data.tenant_role is None: @@ -46,6 +51,27 @@ def check_workspace_role(data: AuthData) -> None: raise Forbidden("insufficient workspace role") +def check_rbac_permission(data: AuthData) -> None: + req = data.rbac + if req is None: + return + if not dify_config.RBAC_ENABLED: + return + # Only account callers are subject to RBAC; end_user access is scope-controlled. + if data.caller_kind != "account": + return + if data.account_id is None or data.tenant is None: + raise Forbidden("rbac context missing") + enforce_rbac_access( + tenant_id=str(data.tenant.id), + account_id=str(data.account_id), + resource_type=req.resource_type, + scene=req.scene, + resource_required=req.resource_required, + path_args=dict(data.path_params), + ) + + def check_app_api_enabled(data: AuthData) -> None: if data.app is None: return diff --git a/api/controllers/openapi/human_input_form.py b/api/controllers/openapi/human_input_form.py index 995315150cc..223f748613b 100644 --- a/api/controllers/openapi/human_input_form.py +++ b/api/controllers/openapi/human_input_form.py @@ -12,16 +12,21 @@ import logging from flask import Response from flask_restx import Resource -from werkzeug.exceptions import BadRequest, NotFound +from werkzeug.exceptions import BadRequest from controllers.common.human_input import HumanInputFormSubmitPayload, stringify_form_default_values from controllers.common.schema import register_schema_models +from controllers.common.wraps import RBACPermission, RBACResourceScope from controllers.openapi import openapi_ns from controllers.openapi._contract import accepts, returns +from controllers.openapi._errors import HumanInputFormNotFound, RecipientSurfaceMismatch from controllers.openapi._models import FormSubmitResponse, HumanInputFormDefinitionResponse from controllers.openapi.auth.composition import auth_router -from controllers.openapi.auth.data import AuthData -from core.workflow.human_input_policy import HumanInputSurface, is_recipient_type_allowed_for_surface +from controllers.openapi.auth.data import AuthData, RBACRequirement +from core.workflow.human_input_policy import ( + HumanInputSurface, + is_recipient_type_allowed_for_surface, +) from extensions.ext_database import db from libs.helper import to_timestamp from libs.oauth_bearer import Scope @@ -47,31 +52,37 @@ def _jsonify_form_definition(form) -> Response: def _ensure_form_belongs_to_app(form, app_model: App) -> None: if form.app_id != app_model.id or form.tenant_id != app_model.tenant_id: - raise NotFound("Form not found") + raise HumanInputFormNotFound() def _ensure_form_is_allowed_for_openapi(form) -> None: if not is_recipient_type_allowed_for_surface(form.recipient_type, HumanInputSurface.OPENAPI): - raise NotFound("Form not found") + raise RecipientSurfaceMismatch() @openapi_ns.route("/apps//form/human_input/") class OpenApiWorkflowHumanInputFormApi(Resource): @openapi_ns.response(200, "Form definition", openapi_ns.models[HumanInputFormDefinitionResponse.__name__]) - @auth_router.guard(scope=Scope.APPS_RUN) + @auth_router.guard( + scope=Scope.APPS_RUN, + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_TEST_AND_RUN), + ) def get(self, app_id: str, form_token: str, *, auth_data: AuthData): - app_model, caller, caller_kind = auth_data.require_app_context() + app_model, _caller, _caller_kind = auth_data.require_app_context() service = HumanInputService(db.engine) form = service.get_form_by_token(form_token) if form is None: - raise NotFound("Form not found") + raise HumanInputFormNotFound() _ensure_form_belongs_to_app(form, app_model) _ensure_form_is_allowed_for_openapi(form) service.ensure_form_active(form) return _jsonify_form_definition(form) - @auth_router.guard(scope=Scope.APPS_RUN) + @auth_router.guard( + scope=Scope.APPS_RUN, + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_TEST_AND_RUN), + ) @returns(200, FormSubmitResponse, description="Form submitted") @accepts(body=HumanInputFormSubmitPayload) def post(self, app_id: str, form_token: str, *, auth_data: AuthData, body: HumanInputFormSubmitPayload): @@ -80,7 +91,7 @@ class OpenApiWorkflowHumanInputFormApi(Resource): service = HumanInputService(db.engine) form = service.get_form_by_token(form_token) if form is None: - raise NotFound("Form not found") + raise HumanInputFormNotFound() _ensure_form_belongs_to_app(form, app_model) _ensure_form_is_allowed_for_openapi(form) @@ -106,6 +117,6 @@ class OpenApiWorkflowHumanInputFormApi(Resource): submission_end_user_id=submission_end_user_id, ) except FormNotFoundError: - raise NotFound("Form not found") + raise HumanInputFormNotFound() return FormSubmitResponse() diff --git a/api/controllers/openapi/workflow_events.py b/api/controllers/openapi/workflow_events.py index 61ebb3012dc..916c93707dd 100644 --- a/api/controllers/openapi/workflow_events.py +++ b/api/controllers/openapi/workflow_events.py @@ -19,9 +19,10 @@ from werkzeug.exceptions import NotFound, UnprocessableEntity from controllers.common.fields import EventStreamResponse from controllers.common.schema import query_params_from_model +from controllers.common.wraps import RBACPermission, RBACResourceScope from controllers.openapi import openapi_ns from controllers.openapi.auth.composition import auth_router -from controllers.openapi.auth.data import AuthData +from controllers.openapi.auth.data import AuthData, RBACRequirement from core.app.apps.advanced_chat.app_generator import AdvancedChatAppGenerator from core.app.apps.base_app_generator import BaseAppGenerator from core.app.apps.common.workflow_response_converter import WorkflowResponseConverter @@ -46,7 +47,10 @@ class WorkflowEventsQuery(BaseModel): class OpenApiWorkflowEventsApi(Resource): @openapi_ns.doc(params=query_params_from_model(WorkflowEventsQuery)) @openapi_ns.response(200, "SSE event stream", openapi_ns.models[EventStreamResponse.__name__]) - @auth_router.guard(scope=Scope.APPS_RUN) + @auth_router.guard( + scope=Scope.APPS_RUN, + rbac=RBACRequirement(resource_type=RBACResourceScope.APP, scene=RBACPermission.APP_TEST_AND_RUN), + ) def get(self, app_id: str, task_id: str, *, auth_data: AuthData): app_model, caller, caller_kind = auth_data.require_app_context() app_mode = AppMode.value_of(app_model.mode) diff --git a/api/controllers/service_api/app/app.py b/api/controllers/service_api/app/app.py index d670c7f5a6f..932ec71c769 100644 --- a/api/controllers/service_api/app/app.py +++ b/api/controllers/service_api/app/app.py @@ -2,6 +2,7 @@ from typing import Any, cast from flask_restx import Resource from pydantic import Field +from sqlalchemy import select from controllers.common.fields import Parameters from controllers.common.schema import register_response_schema_models @@ -9,7 +10,11 @@ from controllers.service_api import service_api_ns from controllers.service_api.app.error import AppUnavailableError from controllers.service_api.wraps import validate_app_token from core.app.app_config.common.parameters_mapping import get_parameters_from_feature_dict +from core.app.apps.agent_app.app_variable_projection import agent_app_variables_to_user_input_form +from extensions.ext_database import db from fields.base import ResponseModel +from models.agent import Agent, AgentConfigSnapshot, AgentScope, AgentSource, AgentStatus +from models.agent_config_entities import AgentSoulConfig from models.model import App, AppMode from services.app_service import AppService @@ -29,6 +34,40 @@ class AppMetaResponse(ResponseModel): register_response_schema_models(service_api_ns, Parameters, AppMetaResponse, AppInfoResponse) +def _get_agent_app_feature_dict_and_user_input_form(app_model: App) -> tuple[dict[str, Any], list[dict[str, Any]]]: + app_model_config = app_model.app_model_config + features_dict = cast(dict[str, Any], app_model_config.to_dict()) if app_model_config is not None else {} + + agent = db.session.scalar( + select(Agent) + .where( + Agent.tenant_id == app_model.tenant_id, + Agent.app_id == app_model.id, + Agent.scope == AgentScope.ROSTER, + Agent.source == AgentSource.AGENT_APP, + Agent.status == AgentStatus.ACTIVE, + ) + .limit(1) + ) + if agent is None or not agent.active_config_snapshot_id: + raise AppUnavailableError() + + snapshot = db.session.scalar( + select(AgentConfigSnapshot) + .where( + AgentConfigSnapshot.tenant_id == app_model.tenant_id, + AgentConfigSnapshot.agent_id == agent.id, + AgentConfigSnapshot.id == agent.active_config_snapshot_id, + ) + .limit(1) + ) + if snapshot is None: + raise AppUnavailableError() + + agent_soul = AgentSoulConfig.model_validate(snapshot.config_snapshot_dict) + return features_dict, agent_app_variables_to_user_input_form(agent_soul.app_variables) + + @service_api_ns.route("/parameters") class AppParameterApi(Resource): """Resource for app variables.""" @@ -61,12 +100,16 @@ class AppParameterApi(Resource): Returns the input form parameters and configuration for the application. """ - if app_model.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}: + features_dict: dict[str, Any] + user_input_form: list[dict[str, Any]] + if app_model.mode == AppMode.AGENT: + features_dict, user_input_form = _get_agent_app_feature_dict_and_user_input_form(app_model) + elif app_model.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}: workflow = app_model.workflow if workflow is None: raise AppUnavailableError() - features_dict: dict[str, Any] = workflow.features_dict + features_dict = workflow.features_dict user_input_form = workflow.user_input_form(to_old_structure=True) else: app_model_config = app_model.app_model_config diff --git a/api/controllers/web/saved_message.py b/api/controllers/web/saved_message.py index e3baa028e50..6e59a85e2b0 100644 --- a/api/controllers/web/saved_message.py +++ b/api/controllers/web/saved_message.py @@ -9,6 +9,7 @@ from controllers.common.schema import query_params_from_model, register_response from controllers.web import web_ns from controllers.web.error import NotCompletionAppError from controllers.web.wraps import WebApiResource +from extensions.ext_database import db from fields.conversation_fields import ResultResponse from fields.message_fields import SavedMessageInfiniteScrollPagination, SavedMessageItem from models.model import App, EndUser @@ -42,7 +43,9 @@ class SavedMessageListApi(WebApiResource): raw_args = request.args.to_dict() query = SavedMessageListQuery.model_validate(raw_args) - pagination = SavedMessageService.pagination_by_last_id(app_model, end_user, query.last_id, query.limit) + pagination = SavedMessageService.pagination_by_last_id( + db.session(), app_model, end_user, query.last_id, query.limit + ) adapter = TypeAdapter(SavedMessageItem) items = [adapter.validate_python(message, from_attributes=True) for message in pagination.data] return SavedMessageInfiniteScrollPagination( @@ -77,7 +80,7 @@ class SavedMessageListApi(WebApiResource): payload = SavedMessageCreatePayload.model_validate(web_ns.payload or {}) try: - SavedMessageService.save(app_model, end_user, payload.message_id) + SavedMessageService.save(db.session(), app_model, end_user, payload.message_id) except MessageNotExistsError: raise NotFound("Message Not Exists.") @@ -105,6 +108,6 @@ class SavedMessageApi(WebApiResource): if app_model.mode != "completion": raise NotCompletionAppError() - SavedMessageService.delete(app_model, end_user, message_id_str) + SavedMessageService.delete(db.session(), app_model, end_user, message_id_str) return "", 204 diff --git a/api/core/app/app_config/easy_ui_based_app/dataset/manager.py b/api/core/app/app_config/easy_ui_based_app/dataset/manager.py index 3d857a4e9c0..be538455afb 100644 --- a/api/core/app/app_config/easy_ui_based_app/dataset/manager.py +++ b/api/core/app/app_config/easy_ui_based_app/dataset/manager.py @@ -213,6 +213,11 @@ class DatasetConfigManager: PlanningStrategy.REACT_ROUTER, }: for tool in config.get("agent_mode", {}).get("tools", []): + if not tool: + # Skip malformed empty tool entries; list(tool.keys())[0] + # would otherwise raise IndexError. The sibling convert() + # already guards this with `if len(tool) == 1`. + continue key = list(tool.keys())[0] if key == "dataset": # old style, use tool name as key diff --git a/api/core/app/apps/advanced_chat/app_runner.py b/api/core/app/apps/advanced_chat/app_runner.py index 256521ab654..67397965384 100644 --- a/api/core/app/apps/advanced_chat/app_runner.py +++ b/api/core/app/apps/advanced_chat/app_runner.py @@ -4,7 +4,7 @@ from collections.abc import Mapping, Sequence from typing import Any, cast from sqlalchemy import select -from sqlalchemy.orm import Session, sessionmaker +from sqlalchemy.orm import Session from core.app.apps.advanced_chat.app_config_manager import AdvancedChatAppConfig from core.app.apps.base_app_queue_manager import AppQueueManager @@ -22,7 +22,7 @@ from core.app.entities.queue_entities import ( from core.app.features.annotation_reply.annotation_reply import AnnotationReplyFeature from core.app.layers.conversation_variable_persist_layer import ConversationVariablePersistenceLayer from core.app.workflow.layers.persistence import PersistenceWorkflowInfo, WorkflowPersistenceLayer -from core.db.session_factory import session_factory +from core.db.session_factory import create_session, session_factory from core.moderation.base import ModerationError from core.moderation.input_moderation import InputModeration from core.repositories.factory import WorkflowExecutionRepository, WorkflowNodeExecutionRepository @@ -107,7 +107,7 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner): workflow_execution_id=self.application_generate_entity.workflow_run_id, ) - with Session(db.engine, expire_on_commit=False) as session: + with create_session() as session: app_record = session.scalar(select(App).where(App.id == app_config.app_id)) if not app_record: @@ -204,6 +204,8 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner): trace_session_id=self.application_generate_entity.extras.get("trace_session_id"), ) + # Release the Flask scoped session before workflow execution so a checked-out DB connection + # is not held for the lifetime of the graph run. db.session.close() # RUN WORKFLOW @@ -368,7 +370,7 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner): :return: List of conversation variables ready for use """ - with sessionmaker(bind=db.engine).begin() as session: + with create_session() as session, session.begin(): existing_variables = self._load_existing_conversation_variables(session) if not existing_variables: diff --git a/api/core/app/apps/agent_app/app_config_manager.py b/api/core/app/apps/agent_app/app_config_manager.py index 6721f8bcb1c..0dc04735cc0 100644 --- a/api/core/app/apps/agent_app/app_config_manager.py +++ b/api/core/app/apps/agent_app/app_config_manager.py @@ -21,6 +21,7 @@ from core.app.app_config.entities import ( EasyUIBasedAppModelConfigFrom, PromptTemplateEntity, ) +from core.app.apps.agent_app.app_variable_projection import agent_app_variables_to_user_input_form from models.agent_config_entities import AgentSoulConfig from models.model import App, AppMode, AppModelConfig, AppModelConfigDict, Conversation @@ -98,8 +99,7 @@ class AgentAppConfigManager(BaseAppConfigManager): # pipeline's bookkeeping (token counting, persistence). base["prompt_type"] = PromptTemplateEntity.PromptType.SIMPLE.value base["pre_prompt"] = agent_soul.prompt.system_prompt or "" - # Agent App takes the user message directly; no completion-style inputs form. - base.setdefault("user_input_form", []) + base["user_input_form"] = agent_app_variables_to_user_input_form(agent_soul.app_variables) return base diff --git a/api/core/app/apps/agent_app/app_variable_projection.py b/api/core/app/apps/agent_app/app_variable_projection.py new file mode 100644 index 00000000000..0feea12f5b8 --- /dev/null +++ b/api/core/app/apps/agent_app/app_variable_projection.py @@ -0,0 +1,37 @@ +from __future__ import annotations + +from collections.abc import Sequence +from typing import Any + +from models.agent_config_entities import AppVariableConfig + + +def agent_app_variables_to_user_input_form(app_variables: Sequence[AppVariableConfig]) -> list[dict[str, Any]]: + """Project Agent Soul app variables into the legacy service-API parameter form.""" + + user_input_form: list[dict[str, Any]] = [] + for variable in app_variables: + form_type = _form_type_for_agent_variable(variable.type) + form_item: dict[str, Any] = { + "label": variable.name, + "variable": variable.name, + "required": variable.required, + } + if variable.default is not None: + form_item["default"] = variable.default + user_input_form.append({form_type: form_item}) + return user_input_form + + +def _form_type_for_agent_variable(variable_type: str) -> str: + normalized = variable_type.strip().lower() + if normalized in {"number", "integer", "float"}: + return "number" + if normalized in {"boolean", "bool"}: + return "checkbox" + if normalized in {"paragraph", "long_text", "multiline"}: + return "paragraph" + return "text-input" + + +__all__ = ["agent_app_variables_to_user_input_form"] diff --git a/api/core/app/apps/agent_app/runtime_request_builder.py b/api/core/app/apps/agent_app/runtime_request_builder.py index 01206b12db6..fc1fcb0b168 100644 --- a/api/core/app/apps/agent_app/runtime_request_builder.py +++ b/api/core/app/apps/agent_app/runtime_request_builder.py @@ -37,6 +37,7 @@ from core.workflow.nodes.agent_v2.plugin_tools_builder import ( from core.workflow.nodes.agent_v2.runtime_request_builder import ( append_runtime_warnings, build_ask_human_layer_config, + build_drive_aware_soul_mention_resolver, build_drive_layer_config, build_knowledge_layer_config, build_shell_layer_config, @@ -123,9 +124,19 @@ class AgentAppRuntimeRequestBuilder: } drive_config = None + soul_prompt_resolver = build_soul_mention_resolver(agent_soul) if dify_config.AGENT_DRIVE_MANIFEST_ENABLED: - drive_config, drive_warnings = build_drive_layer_config(agent_soul, agent_id=context.agent_id) + drive_config, drive_warnings = build_drive_layer_config( + agent_soul, + tenant_id=context.dify_context.tenant_id, + agent_id=context.agent_id, + ) append_runtime_warnings(metadata, drive_warnings) + soul_prompt_resolver = build_drive_aware_soul_mention_resolver( + agent_soul, + tenant_id=context.dify_context.tenant_id, + agent_id=context.agent_id, + ) knowledge_config = build_knowledge_layer_config(agent_soul) request = self._request_builder.build_for_agent_app( @@ -154,9 +165,7 @@ class AgentAppRuntimeRequestBuilder: ), # ENG-616: expand slash-menu mention tokens to canonical names so # no frontend-internal {{#…#}} marker ever reaches the model. - agent_soul_prompt=expand_prompt_mentions( - agent_soul.prompt.system_prompt, build_soul_mention_resolver(agent_soul) - ).strip() + agent_soul_prompt=expand_prompt_mentions(agent_soul.prompt.system_prompt, soul_prompt_resolver).strip() or None, user_prompt=context.user_query, tools=tools_layer, diff --git a/api/core/app/apps/agent_chat/app_runner.py b/api/core/app/apps/agent_chat/app_runner.py index cae0eee0df0..5f9c75129b5 100644 --- a/api/core/app/apps/agent_chat/app_runner.py +++ b/api/core/app/apps/agent_chat/app_runner.py @@ -12,10 +12,10 @@ from core.app.apps.base_app_queue_manager import AppQueueManager, PublishFrom from core.app.apps.base_app_runner import AppRunner from core.app.entities.app_invoke_entities import AgentChatAppGenerateEntity from core.app.entities.queue_entities import QueueAnnotationReplyEvent +from core.db.session_factory import create_session from core.memory.token_buffer_memory import TokenBufferMemory from core.model_manager import ModelInstance from core.moderation.base import ModerationError -from extensions.ext_database import db from graphon.model_runtime.entities.llm_entities import LLMMode from graphon.model_runtime.entities.model_entities import ModelFeature, ModelPropertyKey from graphon.model_runtime.model_providers.base.large_language_model import LargeLanguageModel @@ -47,7 +47,10 @@ class AgentChatAppRunner(AppRunner): app_config = application_generate_entity.app_config app_config = cast(AgentChatAppConfig, app_config) app_stmt = select(App).where(App.id == app_config.app_id) - app_record = db.session.scalar(app_stmt) + with create_session() as session: + app_record = session.scalar(app_stmt) + if app_record: + session.expunge(app_record) if not app_record: raise ValueError("App not found") @@ -185,14 +188,18 @@ class AgentChatAppRunner(AppRunner): if {ModelFeature.MULTI_TOOL_CALL, ModelFeature.TOOL_CALL}.intersection(model_schema.features or []): agent_entity.strategy = AgentEntity.Strategy.FUNCTION_CALLING conversation_stmt = select(Conversation).where(Conversation.id == conversation.id) - conversation_result = db.session.scalar(conversation_stmt) - if conversation_result is None: - raise ValueError("Conversation not found") msg_stmt = select(Message).where(Message.id == message.id) - message_result = db.session.scalar(msg_stmt) + with create_session() as session: + conversation_result = session.scalar(conversation_stmt) + if conversation_result is None: + raise ValueError("Conversation not found") + + message_result = session.scalar(msg_stmt) + if message_result is not None: + session.expunge(message_result) + session.expunge(conversation_result) if message_result is None: raise ValueError("Message not found") - db.session.close() runner_cls: type[FunctionCallAgentRunner] | type[CotChatAgentRunner] | type[CotCompletionAgentRunner] # start agent runner diff --git a/api/core/app/apps/chat/app_runner.py b/api/core/app/apps/chat/app_runner.py index 077c5239f39..9c2eaf60dc7 100644 --- a/api/core/app/apps/chat/app_runner.py +++ b/api/core/app/apps/chat/app_runner.py @@ -11,6 +11,7 @@ from core.app.entities.app_invoke_entities import ( ) from core.app.entities.queue_entities import QueueAnnotationReplyEvent from core.callback_handler.index_tool_callback_handler import DatasetIndexToolCallbackHandler +from core.db.session_factory import create_session from core.memory.token_buffer_memory import TokenBufferMemory from core.model_manager import ModelInstance from core.moderation.base import ModerationError @@ -46,7 +47,10 @@ class ChatAppRunner(AppRunner): app_config = application_generate_entity.app_config app_config = cast(ChatAppConfig, app_config) stmt = select(App).where(App.id == app_config.app_id) - app_record = db.session.scalar(stmt) + with create_session() as session: + app_record = session.scalar(stmt) + if app_record: + session.expunge(app_record) if not app_record: raise ValueError("App not found") @@ -216,6 +220,8 @@ class ChatAppRunner(AppRunner): model=application_generate_entity.model_conf.model, ) + # Release the Flask scoped session before LLM streaming so a checked-out DB connection + # is not held for the lifetime of the provider response. db.session.close() invoke_result = model_instance.invoke_llm( diff --git a/api/core/app/apps/common/workflow_response_converter.py b/api/core/app/apps/common/workflow_response_converter.py index c9486b5821f..67f37e78ab9 100644 --- a/api/core/app/apps/common/workflow_response_converter.py +++ b/api/core/app/apps/common/workflow_response_converter.py @@ -51,8 +51,11 @@ from core.tools.entities.tool_entities import ToolProviderType from core.tools.tool_manager import ToolManager from core.trigger.constants import TRIGGER_PLUGIN_NODE_TYPE from core.trigger.trigger_manager import TriggerManager -from core.workflow.human_input_forms import load_form_tokens_by_form_id +from core.workflow.human_input_forms import ( + load_form_dispositions_by_form_id, +) from core.workflow.human_input_policy import ( + FormDisposition, HumanInputSurface, enrich_human_input_pause_reasons, resolve_human_input_pause_reason_inputs, @@ -340,13 +343,14 @@ class WorkflowResponseConverter: human_input_form_ids = [reason.form_id for reason in resolved_reasons if isinstance(reason, HumanInputRequired)] expiration_times_by_form_id: dict[str, datetime] = {} display_in_ui_by_form_id: dict[str, bool] = {} - form_token_by_form_id: dict[str, str] = {} + dispositions_by_form_id: dict[str, FormDisposition] = {} if human_input_form_ids: stmt = select( HumanInputForm.id, HumanInputForm.expiration_time, HumanInputForm.form_definition, ).where(HumanInputForm.id.in_(human_input_form_ids)) + hitl_surface = _INVOKE_FROM_TO_HITL_SURFACE.get(self._application_generate_entity.invoke_from) with Session(bind=db.engine) as session: for form_id, expiration_time, form_definition in session.execute(stmt): expiration_times_by_form_id[str(form_id)] = expiration_time @@ -355,17 +359,17 @@ class WorkflowResponseConverter: except (TypeError, json.JSONDecodeError): definition_payload = {} display_in_ui_by_form_id[str(form_id)] = bool(definition_payload.get("display_in_ui")) - form_token_by_form_id = load_form_tokens_by_form_id( + dispositions_by_form_id = load_form_dispositions_by_form_id( human_input_form_ids, session=session, - surface=_INVOKE_FROM_TO_HITL_SURFACE.get(self._application_generate_entity.invoke_from), + surface=hitl_surface, ) # Reconnect paths must preserve the same pause-reason contract as live streams; # otherwise clients see schema drift after resume. pause_reasons = enrich_human_input_pause_reasons( pause_reasons, - form_tokens_by_form_id=form_token_by_form_id, + dispositions_by_form_id=dispositions_by_form_id, expiration_times_by_form_id={ form_id: int(expiration_time.timestamp()) for form_id, expiration_time in expiration_times_by_form_id.items() @@ -379,6 +383,7 @@ class WorkflowResponseConverter: expiration_time = expiration_times_by_form_id.get(reason.form_id) if expiration_time is None: raise ValueError(f"HumanInputForm not found for pause reason, form_id={reason.form_id}") + disposition = dispositions_by_form_id.get(reason.form_id) responses.append( HumanInputRequiredResponse( task_id=task_id, @@ -391,7 +396,8 @@ class WorkflowResponseConverter: inputs=reason.inputs, actions=reason.actions, display_in_ui=display_in_ui_by_form_id.get(reason.form_id, False), - form_token=form_token_by_form_id.get(reason.form_id), + form_token=disposition.form_token if disposition else None, + approval_channels=list(disposition.approval_channels) if disposition else [], resolved_default_values=reason.resolved_default_values, expiration_time=int(expiration_time.timestamp()), ), diff --git a/api/core/app/apps/completion/app_runner.py b/api/core/app/apps/completion/app_runner.py index 6bb1ecdcb19..38ef672ae22 100644 --- a/api/core/app/apps/completion/app_runner.py +++ b/api/core/app/apps/completion/app_runner.py @@ -10,6 +10,7 @@ from core.app.entities.app_invoke_entities import ( CompletionAppGenerateEntity, ) from core.callback_handler.index_tool_callback_handler import DatasetIndexToolCallbackHandler +from core.db.session_factory import create_session from core.model_manager import ModelInstance from core.moderation.base import ModerationError from core.rag.retrieval.dataset_retrieval import DatasetRetrieval @@ -39,7 +40,10 @@ class CompletionAppRunner(AppRunner): app_config = application_generate_entity.app_config app_config = cast(CompletionAppConfig, app_config) stmt = select(App).where(App.id == app_config.app_id) - app_record = db.session.scalar(stmt) + with create_session() as session: + app_record = session.scalar(stmt) + if app_record: + session.expunge(app_record) if not app_record: raise ValueError("App not found") @@ -174,6 +178,8 @@ class CompletionAppRunner(AppRunner): model=application_generate_entity.model_conf.model, ) + # Release the Flask scoped session before LLM streaming so a checked-out DB connection + # is not held for the lifetime of the provider response. db.session.close() invoke_result = model_instance.invoke_llm( diff --git a/api/core/app/apps/message_based_app_queue_manager.py b/api/core/app/apps/message_based_app_queue_manager.py index 0b97809bf3a..3c7102971f1 100644 --- a/api/core/app/apps/message_based_app_queue_manager.py +++ b/api/core/app/apps/message_based_app_queue_manager.py @@ -11,6 +11,7 @@ from core.app.entities.queue_entities import ( QueueMessageEndEvent, QueueStopEvent, ) +from models.model import AppMode class MessageBasedAppQueueManager(AppQueueManager): @@ -47,4 +48,6 @@ class MessageBasedAppQueueManager(AppQueueManager): self.stop_listen() if pub_from == PublishFrom.APPLICATION_MANAGER and self._is_stopped(): + if self._app_mode == AppMode.ADVANCED_CHAT.value: + return raise GenerateTaskStoppedError() diff --git a/api/core/app/apps/pipeline/pipeline_runner.py b/api/core/app/apps/pipeline/pipeline_runner.py index 2ee0ae27ebc..3ad0990cbb4 100644 --- a/api/core/app/apps/pipeline/pipeline_runner.py +++ b/api/core/app/apps/pipeline/pipeline_runner.py @@ -3,6 +3,7 @@ import time from typing import cast from sqlalchemy import select +from sqlalchemy.orm import Session from core.app.apps.base_app_queue_manager import AppQueueManager from core.app.apps.pipeline.pipeline_config_manager import PipelineConfig @@ -14,12 +15,12 @@ from core.app.entities.app_invoke_entities import ( build_dify_run_context, ) from core.app.workflow.layers.persistence import PersistenceWorkflowInfo, WorkflowPersistenceLayer +from core.db.session_factory import create_session from core.repositories.factory import WorkflowExecutionRepository, WorkflowNodeExecutionRepository from core.workflow.node_factory import DifyGraphInitContext, DifyNodeFactory, get_default_root_node_id from core.workflow.system_variables import build_bootstrap_variables, build_system_variables from core.workflow.variable_pool_initializer import add_node_inputs_to_pool, add_variables_to_pool from core.workflow.workflow_entry import WorkflowEntry -from extensions.ext_database import db from graphon.enums import WorkflowType from graphon.graph import Graph from graphon.graph_events import GraphEngineEvent, GraphRunFailedEvent @@ -83,22 +84,24 @@ class PipelineRunner(WorkflowBasedAppRunner): user_from = self._resolve_user_from(invoke_from) user_id = None - if invoke_from in {InvokeFrom.WEB_APP, InvokeFrom.SERVICE_API}: - end_user = db.session.get(EndUser, self.application_generate_entity.user_id) - if end_user: - user_id = end_user.session_id - else: - user_id = self.application_generate_entity.user_id + with create_session() as session: + if invoke_from in {InvokeFrom.WEB_APP, InvokeFrom.SERVICE_API}: + end_user = session.get(EndUser, self.application_generate_entity.user_id) + if end_user: + user_id = end_user.session_id + else: + user_id = self.application_generate_entity.user_id - pipeline = db.session.get(Pipeline, app_config.app_id) - if not pipeline: - raise ValueError("Pipeline not found") + pipeline = session.get(Pipeline, app_config.app_id) + if not pipeline: + raise ValueError("Pipeline not found") - workflow = self.get_workflow(pipeline=pipeline, workflow_id=app_config.workflow_id) - if not workflow: - raise ValueError("Workflow not initialized") + workflow = self.get_workflow(session=session, pipeline=pipeline, workflow_id=app_config.workflow_id) + if not workflow: + raise ValueError("Workflow not initialized") - db.session.close() + session.expunge(pipeline) + session.expunge(workflow) # if only single iteration run is requested if self.application_generate_entity.single_iteration_run or self.application_generate_entity.single_loop_run: @@ -208,12 +211,12 @@ class PipelineRunner(WorkflowBasedAppRunner): ) self._handle_event(workflow_entry, event) - def get_workflow(self, pipeline: Pipeline, workflow_id: str) -> Workflow | None: + def get_workflow(self, session: Session, pipeline: Pipeline, workflow_id: str) -> Workflow | None: """ Get workflow """ # fetch workflow by workflow_id - workflow = db.session.scalar( + workflow = session.scalar( select(Workflow) .where(Workflow.tenant_id == pipeline.tenant_id, Workflow.app_id == pipeline.id, Workflow.id == workflow_id) .limit(1) @@ -298,11 +301,11 @@ class PipelineRunner(WorkflowBasedAppRunner): """ if isinstance(event, GraphRunFailedEvent): if document_id and dataset_id: - document = db.session.scalar( - select(Document).where(Document.id == document_id, Document.dataset_id == dataset_id).limit(1) - ) - if document: - document.indexing_status = "error" - document.error = event.error or "Unknown error" - db.session.add(document) - db.session.commit() + with create_session() as session, session.begin(): + document = session.scalar( + select(Document).where(Document.id == document_id, Document.dataset_id == dataset_id).limit(1) + ) + if document: + document.indexing_status = "error" + document.error = event.error or "Unknown error" + session.add(document) diff --git a/api/core/app/apps/workflow/app_queue_manager.py b/api/core/app/apps/workflow/app_queue_manager.py index fcdd1465d4f..7824d33b875 100644 --- a/api/core/app/apps/workflow/app_queue_manager.py +++ b/api/core/app/apps/workflow/app_queue_manager.py @@ -1,7 +1,6 @@ from typing import override from core.app.apps.base_app_queue_manager import AppQueueManager, PublishFrom -from core.app.apps.exc import GenerateTaskStoppedError from core.app.entities.app_invoke_entities import InvokeFrom from core.app.entities.queue_entities import ( AppQueueEvent, @@ -43,6 +42,3 @@ class WorkflowAppQueueManager(AppQueueManager): | QueueWorkflowPartialSuccessEvent, ): self.stop_listen() - - if pub_from == PublishFrom.APPLICATION_MANAGER and self._is_stopped(): - raise GenerateTaskStoppedError() diff --git a/api/core/app/entities/task_entities.py b/api/core/app/entities/task_entities.py index 803fdacf78d..3a8107e0461 100644 --- a/api/core/app/entities/task_entities.py +++ b/api/core/app/entities/task_entities.py @@ -288,6 +288,7 @@ class HumanInputRequiredResponse(StreamResponse): actions: Sequence[UserActionConfig] = Field(default_factory=list) display_in_ui: bool = False form_token: str | None = None + approval_channels: list[str] = Field(default_factory=list) resolved_default_values: Mapping[str, Any] = Field(default_factory=dict) expiration_time: int = Field(..., description="Unix timestamp in seconds") @@ -311,6 +312,7 @@ class HumanInputRequiredPauseReasonPayload(BaseModel): actions: Sequence[UserActionConfig] = Field(default_factory=list) display_in_ui: bool = False form_token: str | None = None + approval_channels: list[str] = Field(default_factory=list) resolved_default_values: Mapping[str, Any] = Field(default_factory=dict) expiration_time: int @@ -325,6 +327,7 @@ class HumanInputRequiredPauseReasonPayload(BaseModel): actions=data.actions, display_in_ui=data.display_in_ui, form_token=data.form_token, + approval_channels=data.approval_channels, resolved_default_values=data.resolved_default_values, expiration_time=data.expiration_time, ) diff --git a/api/core/mcp/client/streamable_client.py b/api/core/mcp/client/streamable_client.py index acba3e666b1..39dc676627e 100644 --- a/api/core/mcp/client/streamable_client.py +++ b/api/core/mcp/client/streamable_client.py @@ -14,6 +14,7 @@ from concurrent.futures import ThreadPoolExecutor from contextlib import contextmanager from dataclasses import dataclass from datetime import timedelta +from http import HTTPStatus from typing import Any, cast import httpx @@ -293,28 +294,27 @@ class StreamableHTTPTransport: json=message.model_dump(by_alias=True, mode="json", exclude_none=True), headers=headers, ) as response: - if response.status_code == 202: - logger.debug("Received 202 Accepted") - return - - if response.status_code == 204: - logger.debug("Received 204 No Content") - return - - if response.status_code == 404: - if isinstance(message.root, JSONRPCRequest): - error_msg = ( - f"MCP server URL returned 404 Not Found: {self.url} " - "— verify the server URL is correct and the server is running" - if is_initialization - else "Session terminated by server" - ) - self._send_session_terminated_error( - ctx.server_to_client_queue, - message.root.id, - message=error_msg, - ) - return + match response.status_code: + case HTTPStatus.ACCEPTED: + logger.debug("Received 202 Accepted") + return + case HTTPStatus.NO_CONTENT: + logger.debug("Received 204 No Content") + return + case HTTPStatus.NOT_FOUND: + if isinstance(message.root, JSONRPCRequest): + error_msg = ( + f"MCP server URL returned 404 Not Found: {self.url} " + "— verify the server URL is correct and the server is running" + if is_initialization + else "Session terminated by server" + ) + self._send_session_terminated_error( + ctx.server_to_client_queue, + message.root.id, + message=error_msg, + ) + return response.raise_for_status() if is_initialization: diff --git a/api/core/plugin/backwards_invocation/app.py b/api/core/plugin/backwards_invocation/app.py index c76cb865c31..d022b002f72 100644 --- a/api/core/plugin/backwards_invocation/app.py +++ b/api/core/plugin/backwards_invocation/app.py @@ -3,7 +3,6 @@ from collections.abc import Generator, Mapping from typing import Any, cast from sqlalchemy import select -from sqlalchemy.orm import Session from core.app.app_config.common.parameters_mapping import get_parameters_from_feature_dict from core.app.apps.advanced_chat.app_generator import AdvancedChatAppGenerator @@ -13,10 +12,19 @@ from core.app.apps.completion.app_generator import CompletionAppGenerator from core.app.apps.workflow.app_generator import WorkflowAppGenerator from core.app.entities.app_invoke_entities import InvokeFrom from core.app.layers.pause_state_persist_layer import PauseStateLayerConfig +from core.db.session_factory import create_session from core.plugin.backwards_invocation.base import BaseBackwardsInvocation from extensions.ext_database import db -from models import Account -from models.model import App, AppMode, EndUser +from models import Account, TenantAccountJoin +from models.model import ( + App, + AppMode, + AppModelConfig, + AppModelConfigDict, + EndUser, + load_annotation_reply_config, +) +from models.workflow import Workflow from services.end_user_service import EndUserService @@ -30,18 +38,18 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): """Retrieve app parameters.""" if app.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}: - workflow = app.workflow + workflow = cls._get_workflow(app) if workflow is None: raise ValueError("unexpected app type") features_dict: dict[str, Any] = workflow.features_dict user_input_form = workflow.user_input_form(to_old_structure=True) else: - app_model_config = app.app_model_config - if app_model_config is None: + app_model_config_dict = cls._get_app_model_config_dict(app) + if app_model_config_dict is None: raise ValueError("unexpected app type") - features_dict = cast(dict[str, Any], app_model_config.to_dict()) + features_dict = cast(dict[str, Any], app_model_config_dict) user_input_form = features_dict.get("user_input_form", []) @@ -68,7 +76,7 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): if not user_id: user = EndUserService.get_or_create_end_user(app) else: - user = cls._get_user(user_id) + user = cls._get_user(user_id, app) conversation_id = conversation_id or "" @@ -79,7 +87,10 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): return cls.invoke_chat_app(app, user, conversation_id, query, stream, inputs, files) case AppMode.WORKFLOW: - return cls.invoke_workflow_app(app, user, stream, inputs, files) + workflow = cls._get_workflow(app) + if not workflow: + raise ValueError("unexpected app type") + return cls.invoke_workflow_app(app, workflow, user, stream, inputs, files) case AppMode.COMPLETION: return cls.invoke_completion_app(app, user, stream, inputs, files) case _: @@ -101,7 +112,7 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): """ match app.mode: case AppMode.ADVANCED_CHAT: - workflow = app.workflow + workflow = cls._get_workflow(app) if not workflow: raise ValueError("unexpected app type") @@ -158,6 +169,7 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): def invoke_workflow_app( cls, app: App, + workflow: Workflow, user: EndUser | Account, stream: bool, inputs: Mapping, @@ -166,10 +178,6 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): """ invoke workflow app """ - workflow = app.workflow - if not workflow: - raise ValueError("unexpected app type") - pause_config = PauseStateLayerConfig( session_factory=db.engine, state_owner_user_id=workflow.created_by, @@ -207,16 +215,26 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): ) @classmethod - def _get_user(cls, user_id: str) -> EndUser | Account: + def _get_user(cls, user_id: str, app: App) -> EndUser | Account: """ get the user by user id """ - with Session(db.engine, expire_on_commit=False) as session: - stmt = select(EndUser).where(EndUser.id == user_id) + with create_session() as session: + stmt = select(EndUser).where( + EndUser.id == user_id, + EndUser.tenant_id == app.tenant_id, + EndUser.app_id == app.id, + ) user = session.scalar(stmt) if not user: - stmt = select(Account).where(Account.id == user_id) + stmt = select(Account).where( + Account.id == user_id, + Account.id == TenantAccountJoin.account_id, + TenantAccountJoin.tenant_id == app.tenant_id, + ) user = session.scalar(stmt) + if user: + session.expunge(user) if not user: raise ValueError("user not found") @@ -229,7 +247,10 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): get app """ try: - app = db.session.scalar(select(App).where(App.id == app_id, App.tenant_id == tenant_id).limit(1)) + with create_session() as session: + app = session.scalar(select(App).where(App.id == app_id, App.tenant_id == tenant_id).limit(1)) + if app: + session.expunge(app) except Exception: raise ValueError("app not found") @@ -237,3 +258,41 @@ class PluginAppBackwardsInvocation(BaseBackwardsInvocation): raise ValueError("app not found") return app + + @classmethod + def _get_workflow(cls, app: App) -> Workflow | None: + """ + get workflow without relying on App.workflow's request-scoped session property + """ + if not app.workflow_id: + return None + + with create_session() as session: + workflow = session.scalar( + select(Workflow) + .where(Workflow.id == app.workflow_id, Workflow.tenant_id == app.tenant_id, Workflow.app_id == app.id) + .limit(1) + ) + if workflow: + session.expunge(workflow) + return workflow + + @classmethod + def _get_app_model_config_dict(cls, app: App) -> AppModelConfigDict | None: + """ + get app model config features without relying on request-scoped session-backed model properties + """ + if not app.app_model_config_id: + return None + + with create_session() as session: + app_model_config = session.scalar( + select(AppModelConfig) + .where(AppModelConfig.id == app.app_model_config_id, AppModelConfig.app_id == app.id) + .limit(1) + ) + if app_model_config is None: + return None + + annotation_reply = load_annotation_reply_config(session, app_model_config.app_id) + return app_model_config.to_dict(annotation_reply=annotation_reply) diff --git a/api/core/rag/extractor/watercrawl/client.py b/api/core/rag/extractor/watercrawl/client.py index 1f4adc0d418..51dd26b1ad0 100644 --- a/api/core/rag/extractor/watercrawl/client.py +++ b/api/core/rag/extractor/watercrawl/client.py @@ -12,6 +12,14 @@ from core.rag.extractor.watercrawl.exceptions import ( WaterCrawlPermissionError, ) +WATERCRAWL_REQUEST_TIMEOUT: httpx.Timeout = httpx.Timeout(30.0, connect=5.0) + +# The crawl-status stream is a long-lived SSE connection that can stay open for +# the whole duration of a crawl, so it keeps an unbounded read while still +# capping the initial connection. Regular requests use WATERCRAWL_REQUEST_TIMEOUT +# so a stalled endpoint can't hang a worker forever. +_STREAM_TIMEOUT = httpx.Timeout(None, connect=10.0) + class SpiderOptions(TypedDict): max_depth: int @@ -48,7 +56,9 @@ class BaseAPIClient: "User-Agent": "WaterCrawl-Plugin", "Accept-Language": "en-US", } - return httpx.Client(headers=headers, timeout=None) + # Regular requests use WATERCRAWL_REQUEST_TIMEOUT; the long-lived + # crawl-status stream overrides it with _STREAM_TIMEOUT in _request. + return httpx.Client(headers=headers, timeout=WATERCRAWL_REQUEST_TIMEOUT) def _request( self, @@ -61,7 +71,7 @@ class BaseAPIClient: stream = kwargs.pop("stream", False) url = urljoin(self.base_url, endpoint) if stream: - request = self.session.build_request(method, url, params=query_params, json=data) + request = self.session.build_request(method, url, params=query_params, json=data, timeout=_STREAM_TIMEOUT) return self.session.send(request, stream=True, **kwargs) return self.session.request(method, url, params=query_params, json=data, **kwargs) diff --git a/api/core/rbac/entities.py b/api/core/rbac/entities.py index 7f08a530f57..d65f11edf7b 100644 --- a/api/core/rbac/entities.py +++ b/api/core/rbac/entities.py @@ -22,23 +22,35 @@ class RBACPermission(StrEnum): APP_VIEW_LAYOUT = "app_view_layout" APP_TEST_AND_RUN = "app_test_and_run" + APP_PREVIEW = "app_preview" APP_CREATE_AND_MANAGEMENT = "app_create_and_management" APP_RELEASE_AND_VERSION = "app_release_and_version" APP_IMPORT_EXPORT_DSL = "app_import_export_dsl" APP_EDIT = "app_edit" APP_MONITOR = "app_monitor" APP_DELETE = "app_delete" + APP_ACCESS_CONFIG = "app_access_config" + DATASET_PREVIEW = "dataset_preview" DATASET_READONLY = "dataset_readonly" DATASET_EDIT = "dataset_edit" DATASET_CREATE_AND_MANAGEMENT = "dataset_create_and_management" DATASET_PIPELINE_TEST = "dataset_pipeline_test" DATASET_DOCUMENT_DOWNLOAD = "dataset_document_download" + DATASET_RETRIEVAL_RECALL = "dataset_retrieval_recall" + DATASET_USE = "dataset_use" + DATASET_DELETE_FILE = "dataset_delete_file" + DATASET_PIPELINE_RELEASE = "dataset_pipeline_release" + DATASET_DELETE = "dataset_delete" + DATASET_ACCESS_CONFIG = "dataset_access_config" DATASET_API_KEY_MANAGE = "dataset_api_key_manage" DATASET_EXTERNAL_CONNECT = "dataset_external_connect" DATASET_IMPORT_EXPORT_DSL = "dataset_import_export_dsl" + WORKSPACE_MEMBER_MANAGE = "workspace_member_manage" WORKSPACE_ROLE_MANAGE = "workspace_role_manage" + API_EXTENSION_MANAGE = "api_extension_manage" + CUSTOMIZATION_MANAGE = "customization_manage" SNIPPETS_CREATE_AND_MODIFY = "snippets_create_and_modify" SNIPPETS_MANAGE = "snippets_management" @@ -49,6 +61,7 @@ class RBACPermission(StrEnum): PLUGIN_DEBUG = "plugin_debug" CREDENTIAL_USE = "credential_use" + CREDENTIAL_CREATE = "credential_create" CREDENTIAL_MANAGE = "credential_manage" TOOL_MANAGE = "tool_manage" diff --git a/api/core/tools/custom_tool/tool.py b/api/core/tools/custom_tool/tool.py index 2e618b7ea51..3edb04d7b94 100644 --- a/api/core/tools/custom_tool/tool.py +++ b/api/core/tools/custom_tool/tool.py @@ -359,15 +359,16 @@ class ApiTool(Tool): if value is None: return None elif property["type"] == "object" or property["type"] == "array": - if isinstance(value, str): - try: - return json.loads(value) - except ValueError: + match value: + case str(): + try: + return json.loads(value) + except ValueError: + return value + case dict(): + return value + case _: return value - elif isinstance(value, dict): - return value - else: - return value else: raise ValueError(f"Invalid type {property['type']} for property {property}") elif "anyOf" in property and isinstance(property["anyOf"], list): diff --git a/api/core/workflow/human_input_forms.py b/api/core/workflow/human_input_forms.py index fe3c161a326..b850cd23914 100644 --- a/api/core/workflow/human_input_forms.py +++ b/api/core/workflow/human_input_forms.py @@ -12,60 +12,61 @@ from collections.abc import Sequence from sqlalchemy import select from sqlalchemy.orm import Session -from core.workflow.human_input_policy import HumanInputSurface, get_preferred_form_token +from core.workflow.human_input_policy import ( + FormDisposition, + HumanInputSurface, + disposition_for_surface, +) from extensions.ext_database import db from models.human_input import HumanInputFormRecipient, RecipientType +def load_form_dispositions_by_form_id( + form_ids: Sequence[str], + *, + session: Session | None = None, + surface: HumanInputSurface | None = None, +) -> dict[str, FormDisposition]: + """Resolve each paused form's resume token and approval channels for `surface`.""" + unique_form_ids = list(dict.fromkeys(form_ids)) + if not unique_form_ids: + return {} + + if session is not None: + return _load_form_dispositions_by_form_id(session, unique_form_ids, surface=surface) + + with Session(bind=db.engine, expire_on_commit=False) as new_session: + return _load_form_dispositions_by_form_id(new_session, unique_form_ids, surface=surface) + + +def _load_form_dispositions_by_form_id( + session: Session, + form_ids: Sequence[str], + *, + surface: HumanInputSurface | None, +) -> dict[str, FormDisposition]: + recipients_by_form_id: dict[str, list[tuple[RecipientType, str]]] = {} + stmt = select(HumanInputFormRecipient).where(HumanInputFormRecipient.form_id.in_(form_ids)) + for recipient in session.scalars(stmt): + recipients_by_form_id.setdefault(recipient.form_id, []).append( + (recipient.recipient_type, recipient.access_token or "") + ) + return { + form_id: disposition_for_surface(recipients, surface=surface) + for form_id, recipients in recipients_by_form_id.items() + } + + def load_form_tokens_by_form_id( form_ids: Sequence[str], *, session: Session | None = None, surface: HumanInputSurface | None = None, ) -> dict[str, str]: - """Load the preferred access token for each human input form.""" - unique_form_ids = list(dict.fromkeys(form_ids)) - if not unique_form_ids: - return {} - - if session is not None: - return _load_form_tokens_by_form_id(session, unique_form_ids, surface=surface) - - with Session(bind=db.engine, expire_on_commit=False) as new_session: - return _load_form_tokens_by_form_id(new_session, unique_form_ids, surface=surface) - - -def _load_form_tokens_by_form_id( - session: Session, - form_ids: Sequence[str], - *, - surface: HumanInputSurface | None = None, -) -> dict[str, str]: - recipients_by_form_id: dict[str, list[tuple[RecipientType, str]]] = {} - stmt = select(HumanInputFormRecipient).where(HumanInputFormRecipient.form_id.in_(form_ids)) - for recipient in session.scalars(stmt): - if not recipient.access_token: - continue - recipients_by_form_id.setdefault(recipient.form_id, []).append( - (recipient.recipient_type, recipient.access_token) - ) - - tokens_by_form_id: dict[str, str] = {} - for form_id, recipients in recipients_by_form_id.items(): - token = _get_surface_form_token(recipients, surface=surface) - if token is not None: - tokens_by_form_id[form_id] = token - return tokens_by_form_id - - -def _get_surface_form_token( - recipients: Sequence[tuple[RecipientType, str]], - *, - surface: HumanInputSurface | None, -) -> str | None: - if surface in {HumanInputSurface.SERVICE_API, HumanInputSurface.OPENAPI}: - for recipient_type, token in recipients: - if recipient_type == RecipientType.STANDALONE_WEB_APP and token: - return token - - return get_preferred_form_token(recipients) + """Resume tokens only, for callers that don't surface approval channels.""" + dispositions = load_form_dispositions_by_form_id(form_ids, session=session, surface=surface) + return { + form_id: disposition.form_token + for form_id, disposition in dispositions.items() + if disposition.form_token is not None + } diff --git a/api/core/workflow/human_input_policy.py b/api/core/workflow/human_input_policy.py index e95d753ae96..d6f7df52354 100644 --- a/api/core/workflow/human_input_policy.py +++ b/api/core/workflow/human_input_policy.py @@ -2,14 +2,14 @@ from __future__ import annotations from collections.abc import Mapping, Sequence from enum import StrEnum -from typing import Any +from typing import Any, NamedTuple from graphon.entities.pause_reason import HumanInputRequired, PauseReason, PauseReasonType from graphon.nodes.human_input.entities import FormInputConfig, SelectInputConfig from graphon.nodes.human_input.enums import ValueSourceType from graphon.runtime.graph_runtime_state_protocol import ReadOnlyVariablePool from graphon.variables import ArrayStringSegment -from models.human_input import RecipientType +from models.human_input import ApprovalChannel, RecipientType class HumanInputSurface(StrEnum): @@ -20,7 +20,7 @@ class HumanInputSurface(StrEnum): # SERVICE_API and OPENAPI are intentionally narrower than CONSOLE: token callers # should only be able to act on end-user web forms, not internal console flows. -_ALLOWED_RECIPIENT_TYPES_BY_SURFACE: dict[HumanInputSurface, frozenset[RecipientType]] = { +ALLOWED_RECIPIENT_TYPES_BY_SURFACE: dict[HumanInputSurface, frozenset[RecipientType]] = { HumanInputSurface.SERVICE_API: frozenset({RecipientType.STANDALONE_WEB_APP}), HumanInputSurface.CONSOLE: frozenset({RecipientType.CONSOLE, RecipientType.BACKSTAGE}), HumanInputSurface.OPENAPI: frozenset({RecipientType.STANDALONE_WEB_APP}), @@ -41,7 +41,7 @@ def is_recipient_type_allowed_for_surface( ) -> bool: if recipient_type is None: return False - return recipient_type in _ALLOWED_RECIPIENT_TYPES_BY_SURFACE[surface] + return recipient_type in ALLOWED_RECIPIENT_TYPES_BY_SURFACE[surface] def get_preferred_form_token( @@ -59,10 +59,39 @@ def get_preferred_form_token( return chosen_token +class FormDisposition(NamedTuple): + """How a paused form resolves for one API surface. + + A form's recipients split into those the surface may act on (yielding a resume + `form_token`) and those it may not (their channels named in `approval_channels` + so the caller is told where approval actually happens instead). + """ + + form_token: str | None + approval_channels: list[ApprovalChannel] + + +def disposition_for_surface( + recipients: Sequence[tuple[RecipientType, str]], + *, + surface: HumanInputSurface | None, +) -> FormDisposition: + if surface is None: + return FormDisposition(form_token=get_preferred_form_token(recipients), approval_channels=[]) + allowed = ALLOWED_RECIPIENT_TYPES_BY_SURFACE[surface] + actionable = [(recipient_type, token) for recipient_type, token in recipients if recipient_type in allowed] + return FormDisposition( + form_token=get_preferred_form_token(actionable), + approval_channels=sorted( + {recipient_type.approval_channel for recipient_type, _ in recipients if recipient_type not in allowed} + ), + ) + + def enrich_human_input_pause_reasons( reasons: Sequence[Mapping[str, Any]], *, - form_tokens_by_form_id: Mapping[str, str], + dispositions_by_form_id: Mapping[str, FormDisposition], expiration_times_by_form_id: Mapping[str, int], ) -> list[dict[str, Any]]: enriched: list[dict[str, Any]] = [] @@ -71,7 +100,9 @@ def enrich_human_input_pause_reasons( if updated.get("TYPE") == PauseReasonType.HUMAN_INPUT_REQUIRED: form_id = updated.get("form_id") if isinstance(form_id, str): - updated["form_token"] = form_tokens_by_form_id.get(form_id) + disposition = dispositions_by_form_id.get(form_id) + updated["form_token"] = disposition.form_token if disposition else None + updated["approval_channels"] = list(disposition.approval_channels) if disposition else [] expiration_time = expiration_times_by_form_id.get(form_id) if expiration_time is not None: updated["expiration_time"] = expiration_time diff --git a/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py b/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py index 65c5d42e916..fa7b28cbb0a 100644 --- a/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py +++ b/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py @@ -16,9 +16,6 @@ SUPPORTED_AGENT_BACKEND_FEATURES = frozenset( "knowledge", "env", "sandbox", - # ENG-623: exposed at runtime as the dify.drive declaration layer - # (an index the agent pulls through the back proxy). - "skills_files", # ENG-635: human involvement is exposed at runtime as the dify.ask_human # deferred tool; a call pauses via the existing HITL form mechanism. "human", @@ -32,11 +29,7 @@ RESERVED_AGENT_BACKEND_FEATURES = frozenset( ) -def build_runtime_feature_manifest( - agent_soul: AgentSoulConfig, - *, - drive_manifest_enabled: bool = False, -) -> dict[str, Any]: +def build_runtime_feature_manifest(agent_soul: AgentSoulConfig) -> dict[str, Any]: """Describe PRD capabilities supported by or still reserved from Agent backend runtime.""" warnings: list[dict[str, str]] = [] soul_dump = agent_soul.model_dump(mode="json", exclude_none=True, exclude_defaults=True) @@ -54,38 +47,10 @@ def build_runtime_feature_manifest( } ) - has_skills_files = bool(agent_soul.skills_files.skills or agent_soul.skills_files.files) - if has_skills_files and not drive_manifest_enabled: - warnings.append( - { - "section": "agent_soul.skills_files", - "code": "drive_manifest_disabled", - "message": ( - "skills_files is configured but AGENT_DRIVE_MANIFEST_ENABLED is off; " - "the drive declaration layer is not injected into this run." - ), - } - ) - for skill in agent_soul.skills_files.skills: - if not skill.skill_md_key: - warnings.append( - { - "section": "agent_soul.skills_files", - "code": "skill_ref_dangling", - "message": ( - f"skill_ref_dangling: skill '{skill.name or skill.id or 'unknown'}' has no drive key; " - "re-standardize it to expose it at runtime." - ), - } - ) - reserved_status = dict.fromkeys(sorted(RESERVED_AGENT_BACKEND_FEATURES), "reserved_not_executed") reserved_status["knowledge"] = ( "supported_by_knowledge_layer" if list_configured_knowledge_dataset_ids(agent_soul) else "not_configured" ) - reserved_status["skills_files"] = ( - "supported_by_drive_manifest" if drive_manifest_enabled else "drive_manifest_disabled" - ) reserved_status["tools.dify_tools"] = "supported_when_config_valid" reserved_status["tools.cli_tools"] = "supported_by_shell_bootstrap" reserved_status["env"] = "supported_by_shell_bootstrap" diff --git a/api/core/workflow/nodes/agent_v2/runtime_request_builder.py b/api/core/workflow/nodes/agent_v2/runtime_request_builder.py index 8aaa4fcc1d3..e3c2dcee839 100644 --- a/api/core/workflow/nodes/agent_v2/runtime_request_builder.py +++ b/api/core/workflow/nodes/agent_v2/runtime_request_builder.py @@ -7,7 +7,6 @@ from typing import Any, Literal, Protocol, assert_never, cast from agenton.compositor import CompositorSessionSnapshot from dify_agent.layers.ask_human import DifyAskHumanLayerConfig from dify_agent.layers.drive import ( - DifyDriveFileConfig, DifyDriveLayerConfig, DifyDriveSkillConfig, ) @@ -55,10 +54,13 @@ from models.agent_config_entities import ( ) from models.provider_ids import ModelProviderID from services.agent.prompt_mentions import ( + MentionKind, build_node_job_mention_resolver, build_soul_mention_resolver, expand_prompt_mentions, + parse_prompt_mentions, ) +from services.agent_drive_service import AgentDriveService, decode_drive_mention_ref from .output_failure_orchestrator import retry_idempotency_key from .plugin_tools_builder import WorkflowAgentPluginToolsBuilder, WorkflowAgentPluginToolsBuildError @@ -153,9 +155,6 @@ class WorkflowAgentRuntimeRequestBuilder: expand_prompt_mentions(node_job.workflow_prompt, build_node_job_mention_resolver(node_job)).strip() or "Run this workflow Agent Node for the current run." ) - soul_prompt = expand_prompt_mentions( - agent_soul.prompt.system_prompt, build_soul_mention_resolver(agent_soul) - ).strip() user_prompt = workflow_context_prompt.strip() or "Use the current workflow context." credentials = self._credentials_provider.fetch(agent_soul.model.model_provider, agent_soul.model.model) try: @@ -182,9 +181,20 @@ class WorkflowAgentRuntimeRequestBuilder: } drive_config: DifyDriveLayerConfig | None = None + soul_prompt_resolver = build_soul_mention_resolver(agent_soul) if dify_config.AGENT_DRIVE_MANIFEST_ENABLED: - drive_config, drive_warnings = build_drive_layer_config(agent_soul, agent_id=context.agent.id) + drive_config, drive_warnings = build_drive_layer_config( + agent_soul, + tenant_id=context.dify_context.tenant_id, + agent_id=context.agent.id, + ) append_runtime_warnings(metadata, drive_warnings) + soul_prompt_resolver = build_drive_aware_soul_mention_resolver( + agent_soul, + tenant_id=context.dify_context.tenant_id, + agent_id=context.agent.id, + ) + soul_prompt = expand_prompt_mentions(agent_soul.prompt.system_prompt, soul_prompt_resolver).strip() knowledge_config = build_knowledge_layer_config(agent_soul) request = self._request_builder.build_for_workflow_node( @@ -292,10 +302,7 @@ class WorkflowAgentRuntimeRequestBuilder: "agent_config_snapshot_id": context.snapshot.id, "binding_id": context.binding.id, "workflow_node_job_mode": node_job.mode.value, - "runtime_support": build_runtime_feature_manifest( - agent_soul, - drive_manifest_enabled=dify_config.AGENT_DRIVE_MANIFEST_ENABLED, - ), + "runtime_support": build_runtime_feature_manifest(agent_soul), } def _build_workflow_context_prompt( @@ -603,76 +610,107 @@ def append_runtime_warnings(metadata: dict[str, Any], warnings: list[dict[str, s existing.extend(warnings) +def build_drive_aware_soul_mention_resolver( + agent_soul: AgentSoulConfig, + *, + tenant_id: str, + agent_id: str, +): + """Resolve skill/file mentions against the agent drive and everything else via Agent Soul.""" + + base_resolver = build_soul_mention_resolver(agent_soul) + drive_service = AgentDriveService() + skill_catalog = drive_service.list_skills(tenant_id=tenant_id, agent_id=agent_id) + skill_names_by_key = {skill["skill_md_key"]: skill["name"] for skill in skill_catalog} + drive_keys = {item["key"] for item in drive_service.manifest(tenant_id=tenant_id, agent_id=agent_id)} + + def _resolve(mention: object) -> str | None: + if not hasattr(mention, "kind") or not hasattr(mention, "ref_id"): + return None + kind = cast(MentionKind, mention.kind) + ref_id = cast(str, mention.ref_id) + label = cast(str | None, getattr(mention, "label", None)) + if kind == MentionKind.SKILL: + decoded_key = decode_drive_mention_ref(ref_id) + return skill_names_by_key.get(decoded_key) or label or decoded_key + if kind == MentionKind.FILE: + decoded_key = decode_drive_mention_ref(ref_id) + if decoded_key in drive_keys: + return decoded_key.rsplit("/", 1)[-1] + return label or decoded_key + return base_resolver(cast(Any, mention)) + + return _resolve + + def build_drive_layer_config( agent_soul: AgentSoulConfig, *, + tenant_id: str, agent_id: str | None, ) -> tuple[DifyDriveLayerConfig | None, list[dict[str, str]]]: - """Catalog the soul's drive-backed Skills & Files into the dify.drive declaration. + """Derive drive runtime catalog + prompt-mentioned eager-pull keys from the drive.""" - Returns ``(config, warnings)`` — ``config is None`` means nothing to inject - (no skills/files configured, or no agent identity to address the drive by). - Refs that predate standardization (no drive key) are skipped with a warning - instead of failing the run, so historic souls keep running. - """ - skill_refs = agent_soul.skills_files.skills - file_refs = agent_soul.skills_files.files - if not skill_refs and not file_refs: - return None, [] - - warnings: list[dict[str, str]] = [] + mentioned_drive_refs = [ + decode_drive_mention_ref(mention.ref_id) + for mention in parse_prompt_mentions(agent_soul.prompt.system_prompt) + if mention.kind in {MentionKind.SKILL, MentionKind.FILE} + ] + ordered_mentions = list(dict.fromkeys(ref for ref in mentioned_drive_refs if ref)) if not agent_id: + if not ordered_mentions: + return None, [] + return None, [ + { + "section": "agent_soul.prompt.system_prompt", + "code": "drive_ref_dangling", + "message": "drive mentions are configured but the run has no bound agent to address a drive by.", + } + ] + + drive_service = AgentDriveService() + skills_catalog = drive_service.list_skills(tenant_id=tenant_id, agent_id=agent_id) + manifest_items = drive_service.manifest(tenant_id=tenant_id, agent_id=agent_id) + manifest_by_key = {item["key"]: item for item in manifest_items} + skill_keys = {skill["skill_md_key"] for skill in skills_catalog} + warnings: list[dict[str, str]] = [] + mentioned_skill_keys: list[str] = [] + mentioned_file_keys: list[str] = [] + for drive_key in ordered_mentions: + if drive_key in skill_keys: + mentioned_skill_keys.append(drive_key) + continue + if drive_key in manifest_by_key: + mentioned_file_keys.append(drive_key) + continue warnings.append( { - "section": "agent_soul.skills_files", - "code": "skill_ref_dangling", - "message": "skills_files is configured but the run has no bound agent to address a drive by.", + "section": "agent_soul.prompt.system_prompt", + "code": "mention_target_missing", + "message": f"drive mention '{drive_key}' has no matching drive entry.", } ) - return None, warnings - skills: list[DifyDriveSkillConfig] = [] - for skill in skill_refs: - if not skill.skill_md_key: - warnings.append( - { - "section": "agent_soul.skills_files", - "code": "skill_ref_dangling", - "message": ( - f"skill_ref_dangling: skill '{skill.name or skill.id or 'unknown'}' has no drive key; " - "re-standardize it to expose it at runtime." - ), - } - ) - continue - skills.append( - DifyDriveSkillConfig( - name=skill.name or skill.skill_md_key.split("/", 1)[0], - description=skill.description or "", - skill_md_key=skill.skill_md_key, - archive_key=skill.full_archive_key, - ) + skills = [ + DifyDriveSkillConfig( + path=skill["path"], + name=skill["name"], + description=skill["description"], + skill_md_key=skill["skill_md_key"], + archive_key=skill["archive_key"], ) + for skill in skills_catalog + ] - files: list[DifyDriveFileConfig] = [] - for file in file_refs: - if not file.drive_key: - # Plain upload references (pre-ENG-625) are not drive-backed; they are - # simply invisible to the manifest rather than a defect worth warning on. - continue - size = file.get("size") - files.append( - DifyDriveFileConfig( - name=file.name or file.drive_key.rsplit("/", 1)[-1], - key=file.drive_key, - size=size if isinstance(size, int) else None, - mime_type=file.type, - ) - ) - - if not skills and not files: - return None, warnings - return DifyDriveLayerConfig(drive_ref=f"agent-{agent_id}", skills=skills, files=files), warnings + return ( + DifyDriveLayerConfig( + drive_ref=f"agent-{agent_id}", + skills=skills, + mentioned_skill_keys=mentioned_skill_keys, + mentioned_file_keys=mentioned_file_keys, + ), + warnings, + ) def _cli_tool_enabled(item: object) -> bool: diff --git a/api/core/workflow/nodes/agent_v2/validators.py b/api/core/workflow/nodes/agent_v2/validators.py index ca3adb5b0d1..2eabac10dd6 100644 --- a/api/core/workflow/nodes/agent_v2/validators.py +++ b/api/core/workflow/nodes/agent_v2/validators.py @@ -35,7 +35,6 @@ class WorkflowAgentNodeValidator: "soul", "prompt", "system_prompt", - "skills_files", "skills", "files", "tools", diff --git a/api/extensions/ext_commands.py b/api/extensions/ext_commands.py index 6cd4b08b900..a85f6569978 100644 --- a/api/extensions/ext_commands.py +++ b/api/extensions/ext_commands.py @@ -5,6 +5,7 @@ def init_app(app: DifyApp): from commands import ( add_qdrant_index, archive_workflow_runs, + archive_workflow_runs_plan, backfill_plugin_auto_upgrade, clean_expired_messages, clean_workflow_runs, @@ -72,6 +73,7 @@ def init_app(app: DifyApp): setup_datasource_oauth_client, transform_datasource_credentials, install_rag_pipeline_plugins, + archive_workflow_runs_plan, archive_workflow_runs, delete_archived_workflow_runs, restore_workflow_runs, diff --git a/api/extensions/ext_redis.py b/api/extensions/ext_redis.py index af0d77411ba..f1c2d574e8c 100644 --- a/api/extensions/ext_redis.py +++ b/api/extensions/ext_redis.py @@ -25,7 +25,7 @@ from extensions.redis_names import ( serialize_redis_name_args, ) from libs.broadcast_channel.channel import BroadcastChannel as BroadcastChannelProtocol -from libs.broadcast_channel.redis.channel import BroadcastChannel as RedisBroadcastChannel +from libs.broadcast_channel.redis.pubsub_channel import BroadcastChannel as RedisBroadcastChannel from libs.broadcast_channel.redis.sharded_channel import ShardedRedisBroadcastChannel from libs.broadcast_channel.redis.streams_channel import StreamsBroadcastChannel @@ -457,16 +457,14 @@ def init_app(app: DifyApp): def get_pubsub_broadcast_channel() -> BroadcastChannelProtocol: assert _pubsub_redis_client is not None, "PubSub redis Client should be initialized here." - join_timeout_ms = dify_config.PUBSUB_LISTENER_JOIN_TIMEOUT_MS if dify_config.PUBSUB_REDIS_CHANNEL_TYPE == "sharded": - return ShardedRedisBroadcastChannel(_pubsub_redis_client, join_timeout_ms=join_timeout_ms) + return ShardedRedisBroadcastChannel(_pubsub_redis_client) if dify_config.PUBSUB_REDIS_CHANNEL_TYPE == "streams": return StreamsBroadcastChannel( _pubsub_redis_client, retention_seconds=dify_config.PUBSUB_STREAMS_RETENTION_SECONDS, - join_timeout_ms=join_timeout_ms, ) - return RedisBroadcastChannel(_pubsub_redis_client, join_timeout_ms=join_timeout_ms) + return RedisBroadcastChannel(_pubsub_redis_client) def redis_fallback[T](default_return: T | None = None): # type: ignore diff --git a/api/fields/agent_fields.py b/api/fields/agent_fields.py index ec64395d6fd..e60a6b01426 100644 --- a/api/fields/agent_fields.py +++ b/api/fields/agent_fields.py @@ -1,5 +1,5 @@ from datetime import datetime -from typing import Annotated, Literal +from typing import Literal from pydantic import Field, field_validator @@ -16,10 +16,8 @@ from models.agent import ( ) from models.agent_config_entities import ( AgentCliToolConfig, - AgentFileRefConfig, AgentHumanContactConfig, AgentKnowledgeDatasetConfig, - AgentSkillRefConfig, AgentSoulConfig, DeclaredOutputConfig, DeclaredOutputType, @@ -291,6 +289,11 @@ class AgentConfigSnapshotListResponse(ResponseModel): data: list[AgentConfigSnapshotSummaryResponse] +class AgentConfigSnapshotRestoreResponse(ResponseModel): + result: Literal["success"] + active_config_snapshot_id: str + + class AgentComposerAgentResponse(ResponseModel): id: str name: str @@ -391,20 +394,6 @@ class AgentComposerDifyToolCandidateResponse(ResponseModel): tools_count: int | None = None -class AgentComposerSkillCandidateResponse(AgentSkillRefConfig): - kind: Literal["skill"] = "skill" - - -class AgentComposerFileCandidateResponse(AgentFileRefConfig): - kind: Literal["file"] = "file" - - -AgentComposerSkillFileCandidateResponse = Annotated[ - AgentComposerSkillCandidateResponse | AgentComposerFileCandidateResponse, - Field(discriminator="kind"), -] - - class AgentComposerNodeJobCandidatesResponse(ResponseModel): previous_node_outputs: list[WorkflowPreviousNodeOutputRef] = Field(default_factory=list) declare_output_types: list[DeclaredOutputType] = Field(default_factory=list) @@ -412,7 +401,6 @@ class AgentComposerNodeJobCandidatesResponse(ResponseModel): class AgentComposerSoulCandidatesResponse(ResponseModel): - skills_files: list[AgentComposerSkillFileCandidateResponse] = Field(default_factory=list) dify_tools: list[AgentComposerDifyToolCandidateResponse] = Field(default_factory=list) cli_tools: list[AgentCliToolConfig] = Field(default_factory=list) knowledge_datasets: list[AgentKnowledgeDatasetConfig] = Field(default_factory=list) diff --git a/api/libs/broadcast_channel/redis/__init__.py b/api/libs/broadcast_channel/redis/__init__.py index f92c94f7360..8ce71e2823e 100644 --- a/api/libs/broadcast_channel/redis/__init__.py +++ b/api/libs/broadcast_channel/redis/__init__.py @@ -1,4 +1,4 @@ -from .channel import BroadcastChannel +from .pubsub_channel import BroadcastChannel from .sharded_channel import ShardedRedisBroadcastChannel __all__ = ["BroadcastChannel", "ShardedRedisBroadcastChannel"] diff --git a/api/libs/broadcast_channel/redis/_subscription.py b/api/libs/broadcast_channel/redis/_subscription.py index 5af42d12538..01a9e668bcc 100644 --- a/api/libs/broadcast_channel/redis/_subscription.py +++ b/api/libs/broadcast_channel/redis/_subscription.py @@ -7,6 +7,7 @@ from typing import Any, Self, override from libs.broadcast_channel.channel import Subscription from libs.broadcast_channel.exc import SubscriptionClosedError +from libs.broadcast_channel.signals import SIG_CLOSE from redis import Redis, RedisCluster from redis.client import PubSub @@ -26,8 +27,6 @@ class RedisSubscriptionBase(Subscription): client: Redis | RedisCluster, pubsub: PubSub, topic: str, - *, - join_timeout_ms: int = 2000, ): # The _pubsub is None only if the subscription is closed. self._client = client @@ -39,11 +38,6 @@ class RedisSubscriptionBase(Subscription): self._listener_thread: threading.Thread | None = None self._start_lock = threading.Lock() self._started = False - # Max time close() will wait for the listener thread to finish before - # returning. Bounds SSE close tail latency. The listener is a daemon - # and exits on its own within one poll window (~1s), so a low value - # here just means close() returns sooner without breaking anything. - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def _start_if_needed(self) -> None: """Start the subscription if not already started.""" @@ -90,6 +84,11 @@ class RedisSubscriptionBase(Subscription): if raw_message is None: continue + # If close() sent a control event to unblock us, exit immediately + # without processing any message — the subscription is shutting down. + if self._closed.is_set(): + break + if raw_message.get("type") != self._get_message_type(): continue @@ -119,6 +118,8 @@ class RedisSubscriptionBase(Subscription): continue self._enqueue_message(payload_bytes) + if payload_bytes == SIG_CLOSE: + break _logger.debug("%s listener thread stopped for channel %s", self._get_subscription_type().title(), self._topic) try: @@ -164,14 +165,20 @@ class RedisSubscriptionBase(Subscription): except queue.Empty: continue + if self._closed.is_set(): + return + yield item @override def __iter__(self) -> Iterator[bytes]: """Return an iterator over messages from the subscription.""" if self._closed.is_set(): - raise SubscriptionClosedError(f"The Redis {self._get_subscription_type()} subscription is closed") - self._start_if_needed() + return iter(()) + try: + self._start_if_needed() + except SubscriptionClosedError: + return iter(()) return iter(self._message_iterator()) @override @@ -208,24 +215,55 @@ class RedisSubscriptionBase(Subscription): @override def close(self) -> None: """Close the subscription and clean up resources.""" - if self._closed.is_set(): - return + with self._start_lock: + if self._closed.is_set(): + return + + self._closed.set() + listener = self._listener_thread + self._listener_thread = None + started = self._started + + if started: + self._unblock_message_iterator() + + # Send a control event on the same Redis channel to unblock the + self._publish_close_event() - self._closed.set() # NOTE: PubSub is not thread-safe. More specifically, the `PubSub.close` method and the # message retrieval method should NOT be called concurrently. # # Due to the restriction above, the PubSub cleanup logic happens inside the consumer thread. - listener = self._listener_thread - if listener is not None: - listener.join(timeout=self._join_timeout_ms / 1000.0) - self._listener_thread = None + if listener is not None and listener.is_alive(): + listener.join(timeout=2) + + def _unblock_message_iterator(self) -> None: + try: + self._queue.put_nowait(SIG_CLOSE) + except queue.Full: + try: + self._queue.get_nowait() + except queue.Empty: + pass + try: + self._queue.put_nowait(SIG_CLOSE) + except queue.Full: + pass # Abstract methods to be implemented by subclasses def _get_subscription_type(self) -> str: """Return the subscription type (e.g., 'regular' or 'sharded').""" raise NotImplementedError + def _publish_close_event(self) -> None: + """Publish a control event on the Redis channel to unblock the listener. + + This is called by close() after setting _closed. The subclass should + publish an empty message on the same topic so that a blocking + get_message() call in the listener thread returns promptly. + """ + raise NotImplementedError + def _subscribe(self) -> None: """Subscribe to the Redis topic using the appropriate command.""" raise NotImplementedError diff --git a/api/libs/broadcast_channel/redis/channel.py b/api/libs/broadcast_channel/redis/pubsub_channel.py similarity index 82% rename from api/libs/broadcast_channel/redis/channel.py rename to api/libs/broadcast_channel/redis/pubsub_channel.py index bf304cc4a0b..a784bb98f13 100644 --- a/api/libs/broadcast_channel/redis/channel.py +++ b/api/libs/broadcast_channel/redis/pubsub_channel.py @@ -1,13 +1,17 @@ from __future__ import annotations +import logging from typing import Any, override from extensions.redis_names import serialize_redis_name from libs.broadcast_channel.channel import Producer, Subscriber, Subscription +from libs.broadcast_channel.signals import SIG_CLOSE from redis import Redis, RedisCluster from ._subscription import RedisSubscriptionBase +logger = logging.getLogger(__name__) + class BroadcastChannel: """ @@ -22,16 +26,11 @@ class BroadcastChannel: def __init__( self, redis_client: Redis | RedisCluster, - *, - join_timeout_ms: int = 2000, ): self._client = redis_client - # See `RedisSubscriptionBase._join_timeout_ms`: how long close() - # waits for the listener thread before returning. - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def topic(self, topic: str) -> Topic: - return Topic(self._client, topic, join_timeout_ms=self._join_timeout_ms) + return Topic(self._client, topic) class Topic: @@ -39,13 +38,10 @@ class Topic: self, redis_client: Redis | RedisCluster, topic: str, - *, - join_timeout_ms: int = 2000, ): self._client = redis_client self._topic = topic self._redis_topic = serialize_redis_name(topic) - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def as_producer(self) -> Producer: return self @@ -61,7 +57,6 @@ class Topic: client=self._client, pubsub=self._client.pubsub(), topic=self._redis_topic, - join_timeout_ms=self._join_timeout_ms, ) @@ -72,6 +67,13 @@ class _RedisSubscription(RedisSubscriptionBase): def _get_subscription_type(self) -> str: return "regular" + @override + def _publish_close_event(self) -> None: + try: + self._client.publish(self._topic, SIG_CLOSE) + except Exception: + logger.exception("failed to publish close event") + @override def _subscribe(self) -> None: assert self._pubsub is not None diff --git a/api/libs/broadcast_channel/redis/sharded_channel.py b/api/libs/broadcast_channel/redis/sharded_channel.py index 68e9f8b23ef..aabae6a5c11 100644 --- a/api/libs/broadcast_channel/redis/sharded_channel.py +++ b/api/libs/broadcast_channel/redis/sharded_channel.py @@ -1,13 +1,17 @@ from __future__ import annotations +import logging from typing import Any, override from extensions.redis_names import serialize_redis_name from libs.broadcast_channel.channel import Producer, Subscriber, Subscription +from libs.broadcast_channel.signals import SIG_CLOSE from redis import Redis, RedisCluster from ._subscription import RedisSubscriptionBase +logger = logging.getLogger(__name__) + class ShardedRedisBroadcastChannel: """ @@ -20,14 +24,11 @@ class ShardedRedisBroadcastChannel: def __init__( self, redis_client: Redis | RedisCluster, - *, - join_timeout_ms: int = 2000, ): self._client = redis_client - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def topic(self, topic: str) -> ShardedTopic: - return ShardedTopic(self._client, topic, join_timeout_ms=self._join_timeout_ms) + return ShardedTopic(self._client, topic) class ShardedTopic: @@ -35,13 +36,10 @@ class ShardedTopic: self, redis_client: Redis | RedisCluster, topic: str, - *, - join_timeout_ms: int = 2000, ): self._client = redis_client self._topic = topic self._redis_topic = serialize_redis_name(topic) - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def as_producer(self) -> Producer: return self @@ -57,7 +55,6 @@ class ShardedTopic: client=self._client, pubsub=self._client.pubsub(), topic=self._redis_topic, - join_timeout_ms=self._join_timeout_ms, ) @@ -68,6 +65,13 @@ class _RedisShardedSubscription(RedisSubscriptionBase): def _get_subscription_type(self) -> str: return "sharded" + @override + def _publish_close_event(self) -> None: + try: + self._client.spublish(self._topic, SIG_CLOSE) # type: ignore[attr-defined,union-attr] + except Exception: + logger.exception("failed to publish close event") + @override def _subscribe(self) -> None: assert self._pubsub is not None diff --git a/api/libs/broadcast_channel/redis/streams_channel.py b/api/libs/broadcast_channel/redis/streams_channel.py index 62e58798ab3..b3385b05388 100644 --- a/api/libs/broadcast_channel/redis/streams_channel.py +++ b/api/libs/broadcast_channel/redis/streams_channel.py @@ -9,6 +9,7 @@ from typing import Self, override from extensions.redis_names import serialize_redis_name from libs.broadcast_channel.channel import Producer, Subscriber, Subscription from libs.broadcast_channel.exc import SubscriptionClosedError +from libs.broadcast_channel.signals import SIG_CLOSE from redis import Redis, RedisCluster logger = logging.getLogger(__name__) @@ -29,20 +30,15 @@ class StreamsBroadcastChannel: redis_client: Redis | RedisCluster, *, retention_seconds: int = 600, - join_timeout_ms: int = 2000, ): self._client = redis_client self._retention_seconds = max(int(retention_seconds or 0), 0) - # Max time close() will wait for the listener thread to finish. - # See `_StreamsSubscription._join_timeout_ms` for the rationale. - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) def topic(self, topic: str) -> StreamsTopic: return StreamsTopic( self._client, topic, retention_seconds=self._retention_seconds, - join_timeout_ms=self._join_timeout_ms, ) @@ -53,13 +49,11 @@ class StreamsTopic: topic: str, *, retention_seconds: int = 600, - join_timeout_ms: int = 2000, ): self._client = redis_client self._topic = topic self._key = serialize_redis_name(f"stream:{topic}") self._retention_seconds = retention_seconds - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) self.max_length = 5000 def as_producer(self) -> Producer: @@ -77,23 +71,15 @@ class StreamsTopic: return self def subscribe(self) -> Subscription: - return _StreamsSubscription(self._client, self._key, join_timeout_ms=self._join_timeout_ms) + return _StreamsSubscription(self._client, self._key) class _StreamsSubscription(Subscription): _SENTINEL = object() - def __init__(self, client: Redis | RedisCluster, key: str, *, join_timeout_ms: int = 2000): + def __init__(self, client: Redis | RedisCluster, key: str): self._client = client self._key = key - # Max time close() will wait for the listener thread to finish before - # returning. Bounds SSE close tail latency: the listener blocks on - # XREAD with BLOCK=1000ms, so close() naturally waits up to ~1s for - # the thread to notice _closed. Setting this lower lets close() - # return promptly while the daemon listener exits on its own within - # one BLOCK window - safe because the listener holds no critical - # state. ``0`` means close() does not wait at all. - self._join_timeout_ms = max(int(join_timeout_ms or 0), 0) self._queue: queue.Queue[object] = queue.Queue() @@ -106,7 +92,6 @@ class _StreamsSubscription(Subscription): # reading and writing the _listener / `_closed` attribute. self._lock = threading.Lock() self._closed: bool = False - # self._closed = threading.Event() self._listener: threading.Thread | None = None def _listen(self) -> None: @@ -144,6 +129,8 @@ class _StreamsSubscription(Subscription): case bytes() | bytearray(): data_bytes = bytes(data) if data_bytes is not None: + if data_bytes == SIG_CLOSE: + break self._queue.put_nowait(data_bytes) last_id = entry_id finally: @@ -203,6 +190,13 @@ class _StreamsSubscription(Subscription): assert isinstance(item, (bytes, bytearray)), "Unexpected item type in stream queue" return bytes(item) + def _publish_close_event(self) -> None: + """Publish an empty message to the stream to unblock the listener's xread.""" + try: + self._client.xadd(self._key, {b"data": SIG_CLOSE}) + except Exception: + logger.exception("failed to publish close event") + @override def close(self) -> None: with self._lock: @@ -212,16 +206,17 @@ class _StreamsSubscription(Subscription): listener = self._listener if listener is not None: self._listener = None - # We close the listener outside of the with block to avoid holding the - # lock for a long time. + + if listener is not None: + self._publish_close_event() + if listener is not None and listener.is_alive(): - listener.join(timeout=self._join_timeout_ms / 1000.0) + listener.join(timeout=2) if listener.is_alive(): logger.debug( - "Streams subscription listener for key %s did not stop within %dms; " + "Streams subscription listener for key %s did not stop after join; " "daemon thread will exit on its own within one poll window.", self._key, - self._join_timeout_ms, ) # Context manager helpers diff --git a/api/libs/broadcast_channel/signals.py b/api/libs/broadcast_channel/signals.py new file mode 100644 index 00000000000..812a0beb9af --- /dev/null +++ b/api/libs/broadcast_channel/signals.py @@ -0,0 +1 @@ +SIG_CLOSE = b"__closed__" diff --git a/api/libs/password.py b/api/libs/password.py index cdf55c57e5b..3313278492a 100644 --- a/api/libs/password.py +++ b/api/libs/password.py @@ -13,7 +13,7 @@ def valid_password(password): if re.match(pattern, password) is not None: return password - raise ValueError("Password must contain letters and numbers, and the length must be greater than 8.") + raise ValueError("Password must contain letters and numbers, and the length must be at least 8 characters.") def hash_password(password_str, salt_byte): diff --git a/api/migrations/versions/2026_06_15_1100-b7c2d9e8a1f4_add_tenant_last_opened_at.py b/api/migrations/versions/2026_06_15_1100-b7c2d9e8a1f4_add_tenant_last_opened_at.py index ce2fd2b79ca..066a2ba8ca8 100644 --- a/api/migrations/versions/2026_06_15_1100-b7c2d9e8a1f4_add_tenant_last_opened_at.py +++ b/api/migrations/versions/2026_06_15_1100-b7c2d9e8a1f4_add_tenant_last_opened_at.py @@ -7,7 +7,7 @@ Create Date: 2026-06-05 11:00:00.000000 """ import sqlalchemy as sa -from alembic import op +from alembic import context, op # revision identifiers, used by Alembic. revision = "b7c2d9e8a1f4" @@ -17,10 +17,23 @@ depends_on = None def upgrade(): + if _has_last_opened_at_column(): + return with op.batch_alter_table("tenant_account_joins", schema=None) as batch_op: batch_op.add_column(sa.Column("last_opened_at", sa.DateTime(), nullable=True)) def downgrade(): + if not _has_last_opened_at_column(): + return with op.batch_alter_table("tenant_account_joins", schema=None) as batch_op: batch_op.drop_column("last_opened_at") + + +def _has_last_opened_at_column() -> bool: + if context.is_offline_mode(): + # Offline SQL generation cannot inspect the target schema. Assume the + # linear migration path so generated SQL stays explicit. + return False + inspector = sa.inspect(op.get_bind()) + return "last_opened_at" in {column["name"] for column in inspector.get_columns("tenant_account_joins")} diff --git a/api/migrations/versions/2026_06_18_2300-b2515f9d4c2a_agent_drive_skill_metadata_refactor.py b/api/migrations/versions/2026_06_18_2300-b2515f9d4c2a_agent_drive_skill_metadata_refactor.py new file mode 100644 index 00000000000..3398c2eb018 --- /dev/null +++ b/api/migrations/versions/2026_06_18_2300-b2515f9d4c2a_agent_drive_skill_metadata_refactor.py @@ -0,0 +1,82 @@ +"""agent drive skill metadata refactor + +Revision ID: b2515f9d4c2a +Revises: 4f7b2c8d9a10 +Create Date: 2026-06-18 23:00:00.000000 + +""" + +from __future__ import annotations + +import json +from typing import Any + +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects import mysql +from sqlalchemy.engine.mock import MockConnection + +# revision identifiers, used by Alembic. +revision = "b2515f9d4c2a" +down_revision = "4f7b2c8d9a10" +branch_labels = None +depends_on = None + + +def upgrade() -> None: + op.add_column( + "agent_drive_files", + sa.Column("is_skill", sa.Boolean(), nullable=False, server_default=sa.text("false")), + ) + op.add_column( + "agent_drive_files", + sa.Column("skill_metadata", sa.Text().with_variant(mysql.LONGTEXT(), "mysql"), nullable=True), + ) + op.create_index( + "agent_drive_files_tenant_agent_is_skill_key_idx", + "agent_drive_files", + ["tenant_id", "agent_id", "is_skill", "key"], + ) + _remove_skills_files_from_snapshots() + + +def downgrade() -> None: + op.drop_index("agent_drive_files_tenant_agent_is_skill_key_idx", table_name="agent_drive_files") + op.drop_column("agent_drive_files", "skill_metadata") + op.drop_column("agent_drive_files", "is_skill") + + +def _remove_skills_files_from_snapshots() -> None: + connection = op.get_bind() + if connection is None or isinstance(connection, MockConnection): + return + snapshots = sa.table( + "agent_config_snapshots", + sa.column("id", sa.String()), + sa.column("config_snapshot", sa.Text()), + ) + rows = connection.execute(sa.select(snapshots.c.id, snapshots.c.config_snapshot)).fetchall() + for row in rows: + cleaned = _strip_skills_files(row.config_snapshot) + if cleaned is None: + continue + connection.execute( + snapshots.update() + .where(snapshots.c.id == row.id) + .values(config_snapshot=json.dumps(cleaned, separators=(",", ":"), sort_keys=True)) + ) + + +def _strip_skills_files(raw_snapshot: Any) -> dict[str, Any] | None: + if raw_snapshot is None: + return None + if isinstance(raw_snapshot, str): + snapshot = json.loads(raw_snapshot) + elif isinstance(raw_snapshot, dict): + snapshot = dict(raw_snapshot) + else: + snapshot = dict(raw_snapshot) + if not isinstance(snapshot, dict) or "skills_files" not in snapshot: + return None + snapshot.pop("skills_files", None) + return snapshot diff --git a/api/migrations/versions/2026_06_22_1000-c8f4a6b2d3e1_add_agent_debug_conversation_id.py b/api/migrations/versions/2026_06_22_1000-c8f4a6b2d3e1_add_agent_debug_conversation_id.py new file mode 100644 index 00000000000..213b8d36978 --- /dev/null +++ b/api/migrations/versions/2026_06_22_1000-c8f4a6b2d3e1_add_agent_debug_conversation_id.py @@ -0,0 +1,66 @@ +"""add agent debug conversations + +Revision ID: c8f4a6b2d3e1 +Revises: b2515f9d4c2a +Create Date: 2026-06-22 10:00:00.000000 + +""" + +import sqlalchemy as sa +from alembic import op + +import models + +# revision identifiers, used by Alembic. +revision = "c8f4a6b2d3e1" +down_revision = "b2515f9d4c2a" +branch_labels = None +depends_on = None + + +def _is_pg(conn) -> bool: + return conn.dialect.name == "postgresql" + + +def _uuid_column(name: str, *, nullable: bool = False, primary_key: bool = False) -> sa.Column: + kwargs = {"nullable": nullable, "primary_key": primary_key} + if primary_key and _is_pg(op.get_bind()): + kwargs["server_default"] = sa.text("uuidv7()") + return sa.Column(name, models.types.StringUUID(), **kwargs) + + +def upgrade(): + op.create_table( + "agent_debug_conversations", + _uuid_column("id", primary_key=True), + sa.Column("tenant_id", models.types.StringUUID(), nullable=False), + sa.Column("agent_id", models.types.StringUUID(), nullable=False), + sa.Column("app_id", models.types.StringUUID(), nullable=False), + sa.Column("account_id", models.types.StringUUID(), nullable=False), + sa.Column("conversation_id", models.types.StringUUID(), nullable=False), + sa.Column("created_at", sa.DateTime(), server_default=sa.func.current_timestamp(), nullable=False), + sa.Column("updated_at", sa.DateTime(), server_default=sa.func.current_timestamp(), nullable=False), + sa.PrimaryKeyConstraint("id", name=op.f("agent_debug_conversation_pkey")), + sa.UniqueConstraint( + "tenant_id", + "agent_id", + "account_id", + name=op.f("agent_debug_conversation_agent_account_unique"), + ), + ) + op.create_index( + "agent_debug_conversation_conversation_idx", + "agent_debug_conversations", + ["conversation_id"], + ) + op.create_index( + "agent_debug_conversation_account_idx", + "agent_debug_conversations", + ["tenant_id", "account_id"], + ) + + +def downgrade(): + op.drop_index("agent_debug_conversation_account_idx", table_name="agent_debug_conversations") + op.drop_index("agent_debug_conversation_conversation_idx", table_name="agent_debug_conversations") + op.drop_table("agent_debug_conversations") diff --git a/api/models/__init__.py b/api/models/__init__.py index 78ca43fa374..9992de982c4 100644 --- a/api/models/__init__.py +++ b/api/models/__init__.py @@ -13,6 +13,7 @@ from .agent import ( AgentConfigRevision, AgentConfigRevisionOperation, AgentConfigSnapshot, + AgentDebugConversation, AgentDriveFile, AgentDriveFileKind, AgentIconType, @@ -156,6 +157,7 @@ __all__ = [ "AgentConfigRevision", "AgentConfigRevisionOperation", "AgentConfigSnapshot", + "AgentDebugConversation", "AgentDriveFile", "AgentDriveFileKind", "AgentIconType", diff --git a/api/models/agent.py b/api/models/agent.py index 1a13ccde77b..46044edd5e7 100644 --- a/api/models/agent.py +++ b/api/models/agent.py @@ -83,6 +83,8 @@ class AgentConfigRevisionOperation(StrEnum): SAVE_NEW_AGENT = "save_new_agent" # Promotes a workflow-only Agent into the reusable Agent Roster. SAVE_TO_ROSTER = "save_to_roster" + # Switches the Agent's current published config back to an existing version. + RESTORE_VERSION = "restore_version" class WorkflowAgentBindingType(StrEnum): @@ -180,6 +182,34 @@ class Agent(DefaultFieldsMixin, Base): archived_at: Mapped[datetime | None] = mapped_column(DateTime, nullable=True) +class AgentDebugConversation(DefaultFieldsMixin, Base): + """Per-account console debug conversation for an Agent App. + + Agent App preview state must be isolated by editor account. The Agent row is + shared by everyone in the workspace, so this table owns the user-specific + conversation pointer used by console debug chat. + """ + + __tablename__ = "agent_debug_conversations" + __table_args__ = ( + sa.PrimaryKeyConstraint("id", name="agent_debug_conversation_pkey"), + UniqueConstraint( + "tenant_id", + "agent_id", + "account_id", + name="agent_debug_conversation_agent_account_unique", + ), + Index("agent_debug_conversation_conversation_idx", "conversation_id"), + Index("agent_debug_conversation_account_idx", "tenant_id", "account_id"), + ) + + tenant_id: Mapped[str] = mapped_column(StringUUID, nullable=False) + agent_id: Mapped[str] = mapped_column(StringUUID, nullable=False) + app_id: Mapped[str] = mapped_column(StringUUID, nullable=False) + account_id: Mapped[str] = mapped_column(StringUUID, nullable=False) + conversation_id: Mapped[str] = mapped_column(StringUUID, nullable=False) + + class AgentConfigSnapshot(DefaultFieldsMixin, Base): """Immutable Agent Soul snapshot. @@ -430,14 +460,17 @@ class AgentDriveFile(DefaultFieldsMixin, Base): synced. ``value_owned_by_drive`` gates physical cleanup: only drive-owned values (created by the agent runtime or Skill standardization, not shared with other business records) have their storage object + record deleted when the KV entry is - overwritten or removed; otherwise only the KV row is dropped. Lifecycle never relies - on ``UploadFile.used/used_by`` (not a reliable refcount). + overwritten or removed; otherwise only the KV row is dropped. Skills are represented + by the canonical ``/SKILL.md`` row with ``is_skill=True`` and a serialized + ``skill_metadata`` string. Lifecycle never relies on ``UploadFile.used/used_by`` + (not a reliable refcount). """ __tablename__ = "agent_drive_files" __table_args__ = ( sa.PrimaryKeyConstraint("id", name="agent_drive_file_pkey"), UniqueConstraint("tenant_id", "agent_id", "key", name="agent_drive_file_scope_key_unique"), + Index("agent_drive_files_tenant_agent_is_skill_key_idx", "tenant_id", "agent_id", "is_skill", "key"), ) tenant_id: Mapped[str] = mapped_column(StringUUID, nullable=False) @@ -453,6 +486,8 @@ class AgentDriveFile(DefaultFieldsMixin, Base): value_owned_by_drive: Mapped[bool] = mapped_column( sa.Boolean, nullable=False, default=False, server_default=sa.text("false") ) + is_skill: Mapped[bool] = mapped_column(sa.Boolean, nullable=False, default=False, server_default=sa.text("false")) + skill_metadata: Mapped[str | None] = mapped_column(LongText, nullable=True) size: Mapped[int | None] = mapped_column(sa.BigInteger, nullable=True) hash: Mapped[str | None] = mapped_column(String(255), nullable=True) mime_type: Mapped[str | None] = mapped_column(String(255), nullable=True) diff --git a/api/models/agent_config_entities.py b/api/models/agent_config_entities.py index 76108f271d4..2503ba66f06 100644 --- a/api/models/agent_config_entities.py +++ b/api/models/agent_config_entities.py @@ -361,11 +361,6 @@ class AgentSoulPromptConfig(BaseModel): system_prompt: str = "" -class AgentSoulSkillsFilesConfig(BaseModel): - files: list[AgentFileRefConfig] = Field(default_factory=list) - skills: list[AgentSkillRefConfig] = Field(default_factory=list) - - class AgentSoulDifyToolCredentialRef(BaseModel): """Reference to a stored Dify Plugin Tool credential. @@ -514,7 +509,6 @@ class AgentSoulConfig(BaseModel): schema_version: int = 1 prompt: AgentSoulPromptConfig = Field(default_factory=AgentSoulPromptConfig) - skills_files: AgentSoulSkillsFilesConfig = Field(default_factory=AgentSoulSkillsFilesConfig) tools: AgentSoulToolsConfig = Field(default_factory=AgentSoulToolsConfig) knowledge: AgentSoulKnowledgeConfig = Field(default_factory=AgentSoulKnowledgeConfig) human: AgentSoulHumanConfig = Field(default_factory=AgentSoulHumanConfig) diff --git a/api/models/human_input.py b/api/models/human_input.py index d11274bc921..b84579a4e09 100644 --- a/api/models/human_input.py +++ b/api/models/human_input.py @@ -134,20 +134,40 @@ class HumanInputDelivery(DefaultFieldsMixin, Base): ) +class ApprovalChannel(StrEnum): + """Where a paused human input form can be approved, surfaced to API callers.""" + + EMAIL = "email" + WEB_APP = "web_app" + CONSOLE = "console" + + class RecipientType(StrEnum): - # EMAIL_MEMBER member means that the - EMAIL_MEMBER = "email_member" - EMAIL_EXTERNAL = "email_external" + # Second value = the approval channel this recipient maps to (surfaced in `approval_channels`). + EMAIL_MEMBER = "email_member", ApprovalChannel.EMAIL + EMAIL_EXTERNAL = "email_external", ApprovalChannel.EMAIL # STANDALONE_WEB_APP is used by the standalone web app. # # It's not used while running workflows / chatflows containing HumanInput # node inside console. - STANDALONE_WEB_APP = "standalone_web_app" + STANDALONE_WEB_APP = "standalone_web_app", ApprovalChannel.WEB_APP # CONSOLE is used while running workflows / chatflows containing HumanInput # node inside console. (E.G. running installed apps or debugging workflows / chatflows) - CONSOLE = "console" + CONSOLE = "console", ApprovalChannel.CONSOLE # BACKSTAGE is used for backstage input inside console. - BACKSTAGE = "backstage" + BACKSTAGE = "backstage", ApprovalChannel.CONSOLE + + _approval_channel: ApprovalChannel + + def __new__(cls, value: str, approval_channel: ApprovalChannel) -> "RecipientType": + member = str.__new__(cls, value) + member._value_ = value + member._approval_channel = approval_channel + return member + + @property + def approval_channel(self) -> ApprovalChannel: + return self._approval_channel @final diff --git a/api/models/model.py b/api/models/model.py index bbd5b19c809..0d0b51f65cc 100644 --- a/api/models/model.py +++ b/api/models/model.py @@ -774,26 +774,7 @@ class AppModelConfig(TypeBase): @property def annotation_reply_dict(self) -> AnnotationReplyConfig: - annotation_setting = db.session.scalar( - select(AppAnnotationSetting).where(AppAnnotationSetting.app_id == self.app_id) - ) - if annotation_setting: - collection_binding_detail = annotation_setting.collection_binding_detail - if not collection_binding_detail: - raise ValueError("Collection binding detail not found") - - return { - "id": annotation_setting.id, - "enabled": True, - "score_threshold": annotation_setting.score_threshold, - "embedding_model": { - "embedding_provider_name": collection_binding_detail.provider_name, - "embedding_model_name": collection_binding_detail.model_name, - }, - } - - else: - return {"enabled": False} + return load_annotation_reply_config(db.session(), self.app_id) @property def more_like_this_dict(self) -> EnabledConfig: @@ -864,7 +845,7 @@ class AppModelConfig(TypeBase): }, ) - def to_dict(self) -> AppModelConfigDict: + def to_dict(self, *, annotation_reply: AnnotationReplyConfig | None = None) -> AppModelConfigDict: return { "opening_statement": self.opening_statement, "suggested_questions": self.suggested_questions_list, @@ -872,7 +853,7 @@ class AppModelConfig(TypeBase): "speech_to_text": self.speech_to_text_dict, "text_to_speech": self.text_to_speech_dict, "retriever_resource": self.retriever_resource_dict, - "annotation_reply": self.annotation_reply_dict, + "annotation_reply": annotation_reply if annotation_reply is not None else self.annotation_reply_dict, "more_like_this": self.more_like_this_dict, "sensitive_word_avoidance": self.sensitive_word_avoidance_dict, "external_data_tools": self.external_data_tools_list, @@ -2038,6 +2019,30 @@ class AppAnnotationSetting(TypeBase): ) +def load_annotation_reply_config(session: Session, app_id: str) -> AnnotationReplyConfig: + annotation_setting = session.scalar(select(AppAnnotationSetting).where(AppAnnotationSetting.app_id == app_id)) + if annotation_setting is None: + return {"enabled": False} + + from .dataset import DatasetCollectionBinding + + collection_binding_detail = session.scalar( + select(DatasetCollectionBinding).where(DatasetCollectionBinding.id == annotation_setting.collection_binding_id) + ) + if collection_binding_detail is None: + raise ValueError("Collection binding detail not found") + + return { + "id": annotation_setting.id, + "enabled": True, + "score_threshold": annotation_setting.score_threshold, + "embedding_model": { + "embedding_provider_name": collection_binding_detail.provider_name, + "embedding_model_name": collection_binding_detail.model_name, + }, + } + + class OperationLog(TypeBase): __tablename__ = "operation_logs" __table_args__ = ( diff --git a/api/openapi/markdown/console-openapi.md b/api/openapi/markdown/console-openapi.md index c2c06db463c..49a053ea1c4 100644 --- a/api/openapi/markdown/console-openapi.md +++ b/api/openapi/markdown/console-openapi.md @@ -391,6 +391,80 @@ Check if activation token is valid | 400 | Invalid request parameters | | | 403 | Insufficient permissions | | +### [GET] /agent/{agent_id}/api-access +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Agent service API access | **application/json**: [AgentApiAccessResponse](#agentapiaccessresponse)
| + +### [POST] /agent/{agent_id}/api-enable +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | + +#### Request Body + +| Required | Schema | +| -------- | ------ | +| Yes | **application/json**: [AgentApiStatusPayload](#agentapistatuspayload)
| + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Agent service API status updated | **application/json**: [AgentApiAccessResponse](#agentapiaccessresponse)
| +| 403 | Insufficient permissions | | + +### [GET] /agent/{agent_id}/api-keys +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Agent service API keys | **application/json**: [ApiKeyList](#apikeylist)
| + +### [POST] /agent/{agent_id}/api-keys +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 201 | Agent service API key created | **application/json**: [ApiKeyItem](#apikeyitem)
| +| 400 | Maximum keys exceeded | | + +### [DELETE] /agent/{agent_id}/api-keys/{api_key_id} +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | +| api_key_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | +| ---- | ----------- | +| 204 | Agent service API key deleted | + ### [GET] /agent/{agent_id}/chat-messages Get Agent App chat messages for a conversation with pagination @@ -518,7 +592,7 @@ Stop a running Agent App chat message generation | Required | Schema | | -------- | ------ | -| Yes | **application/json**: [CopyAppPayload](#copyapppayload)
| +| Yes | **application/json**: [AgentAppCopyPayload](#agentappcopypayload)
| #### Responses @@ -528,6 +602,20 @@ Stop a running Agent App chat message generation | 400 | Invalid request parameters | | | 403 | Insufficient permissions | | +### [POST] /agent/{agent_id}/debug-conversation/refresh +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Agent debug conversation refreshed | **application/json**: [AgentDebugConversationRefreshResponse](#agentdebugconversationrefreshresponse)
| +| 403 | Insufficient permissions | | + ### [GET] /agent/{agent_id}/drive/files List agent drive entries for an Agent App @@ -576,6 +664,37 @@ Truncated text preview of one Agent App drive value | ---- | ----------- | ------ | | 200 | Preview | **application/json**: [AgentDrivePreviewResponse](#agentdrivepreviewresponse)
| +### [GET] /agent/{agent_id}/drive/skills +List drive-backed skills for an Agent App + +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | Agent ID | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Drive skills | **application/json**: [AgentDriveSkillListResponse](#agentdriveskilllistresponse)
| + +### [GET] /agent/{agent_id}/drive/skills/{skill_path}/inspect +Inspect one drive-backed skill for slash-menu hover/detail UI + +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | Agent ID | Yes | string (uuid) | +| skill_path | path | Skill path/slug, e.g. tender-analyzer | Yes | string | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Drive skill inspect view | **application/json**: [AgentDriveSkillInspectResponse](#agentdriveskillinspectresponse)
| + ### [POST] /agent/{agent_id}/features Update an Agent App's presentation features (opener, follow-up, citations, ...) @@ -905,6 +1024,20 @@ Infer CLI tool + ENV suggestions from a standardized Agent App skill | ---- | ----------- | ------ | | 200 | Agent version detail | **application/json**: [AgentConfigSnapshotDetailResponse](#agentconfigsnapshotdetailresponse)
| +### [POST] /agent/{agent_id}/versions/{version_id}/restore +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| agent_id | path | | Yes | string (uuid) | +| version_id | path | | Yes | string (uuid) | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Agent version restored | **application/json**: [AgentConfigSnapshotRestoreResponse](#agentconfigsnapshotrestoreresponse)
| + ### [GET] /all-workspaces #### Parameters @@ -1454,8 +1587,42 @@ Truncated text preview of one drive value (binary-safe; SKILL.md is the main cas | ---- | ----------- | ------ | | 200 | Preview | **application/json**: [AgentDrivePreviewResponse](#agentdrivepreviewresponse)
| +### [GET] /apps/{app_id}/agent/drive/skills +List drive-backed skills for the bound agent + +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| app_id | path | Application ID | Yes | string (uuid) | +| node_id | query | Workflow node ID (workflow composer variant) | No | string | +| prefix | query | Key prefix filter: '/' for one skill, 'files/' for files | No | string | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Drive skills | **application/json**: [AgentDriveSkillListResponse](#agentdriveskilllistresponse)
| + +### [GET] /apps/{app_id}/agent/drive/skills/{skill_path}/inspect +Inspect one drive-backed skill for slash-menu hover/detail UI + +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| app_id | path | Application ID | Yes | string (uuid) | +| skill_path | path | Skill path/slug, e.g. tender-analyzer | Yes | string | +| node_id | query | Workflow node ID (workflow composer variant) | No | string | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Drive skill inspect view | **application/json**: [AgentDriveSkillInspectResponse](#agentdriveskillinspectresponse)
| + ### [DELETE] /apps/{app_id}/agent/files -Delete one drive file by key; soul ref first, then the KV row (ENG-625 D5) +Delete one drive file by key via drive commit-null semantics #### Parameters @@ -1541,7 +1708,7 @@ Upload + standardize a Skill into the agent drive | 400 | Invalid skill package or no bound agent | | ### [DELETE] /apps/{app_id}/agent/skills/{slug} -Delete a standardized skill: soul ref first, then the / drive prefix (ENG-625 D5) +Delete a standardized skill by removing its known drive keys via commit-null #### Parameters @@ -7992,7 +8159,7 @@ Get all published workflows for a snippet | Code | Description | Schema | | ---- | ----------- | ------ | -| 200 | Published workflows retrieved successfully | **application/json**: [WorkflowPaginationResponse](#workflowpaginationresponse)
| +| 200 | Published workflows retrieved successfully | **application/json**: [SnippetWorkflowPaginationResponse](#snippetworkflowpaginationresponse)
| ### [GET] /snippets/{snippet_id}/workflows/default-workflow-block-configs **Get default block configurations for snippet workflow** @@ -11954,6 +12121,31 @@ Default namespace | chat_prompt_config | object | | No | | completion_prompt_config | object | | No | +#### AgentApiAccessResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| api_key_count | integer | | Yes | +| api_rph | integer | | Yes | +| api_rpm | integer | | Yes | +| chat_endpoint | string | | Yes | +| conversations_endpoint | string | | Yes | +| enabled | boolean | | Yes | +| files_upload_endpoint | string | | Yes | +| info_endpoint | string | | Yes | +| messages_endpoint | string | | Yes | +| meta_endpoint | string | | Yes | +| parameters_endpoint | string | | Yes | +| service_api_base_url | string | | Yes | +| stop_endpoint | string | | Yes | +| streaming_only | boolean,
**Default:** true | | No | + +#### AgentApiStatusPayload + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| enable_api | boolean | Enable or disable Agent service API | Yes | + #### AgentAppComposerResponse | Name | Type | Description | Required | @@ -11965,6 +12157,17 @@ Default namespace | validation | [ComposerValidationFindingsResponse](#composervalidationfindingsresponse) | | No | | variant | string | | Yes | +#### AgentAppCopyPayload + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| description | string | Description for the copied agent | No | +| icon | string | Icon | No | +| icon_background | string | Icon background color | No | +| icon_type | [IconType](#icontype) | Icon type | No | +| name | string | Name for the copied agent | No | +| role | string | Role for the copied agent | No | + #### AgentAppCreatePayload | Name | Type | Description | Required | @@ -11987,6 +12190,7 @@ Default namespace | bound_agent_id | string | | No | | created_at | integer | | No | | created_by | string | | No | +| debug_conversation_id | string | | No | | deleted_tools | [ [DeletedTool](#deletedtool) ] | | No | | description | string | | No | | enable_api | boolean | | Yes | @@ -12050,6 +12254,7 @@ default (the config form sends the full desired feature state on save). | create_user_name | string | | No | | created_at | integer | | No | | created_by | string | | No | +| debug_conversation_id | string | | No | | description | string | | No | | has_draft_trigger | boolean | | No | | icon | string | | No | @@ -12212,23 +12417,6 @@ Risk marker for CLI tool bootstrap commands. | provider_id | string | | No | | tools_count | integer | | No | -#### AgentComposerFileCandidateResponse - -| Name | Type | Description | Required | -| ---- | ---- | ----------- | -------- | -| drive_key | string | | No | -| file_id | string | | No | -| id | string | | No | -| kind | string,
**Default:** file | | No | -| name | string | | No | -| reference | string | | No | -| remote_url | string | | No | -| tenant_id | string | | No | -| transfer_method | string | | No | -| type | string | | No | -| upload_file_id | string | | No | -| url | string | | No | - #### AgentComposerImpactBindingResponse | Name | Type | Description | Required | @@ -12253,22 +12441,6 @@ Risk marker for CLI tool bootstrap commands. | human_contacts | [ [AgentHumanContactConfig](#agenthumancontactconfig) ] | | No | | previous_node_outputs | [ [WorkflowPreviousNodeOutputRef](#workflowpreviousnodeoutputref) ] | | No | -#### AgentComposerSkillCandidateResponse - -| Name | Type | Description | Required | -| ---- | ---- | ----------- | -------- | -| description | string | | No | -| file_id | string | | No | -| full_archive_file_id | string | | No | -| full_archive_key | string | | No | -| id | string | | No | -| kind | string,
**Default:** skill | | No | -| manifest_files | [ string ] | | No | -| name | string | | No | -| path | string | | No | -| skill_md_file_id | string | | No | -| skill_md_key | string | | No | - #### AgentComposerSoulCandidatesResponse | Name | Type | Description | Required | @@ -12277,7 +12449,6 @@ Risk marker for CLI tool bootstrap commands. | dify_tools | [ [AgentComposerDifyToolCandidateResponse](#agentcomposerdifytoolcandidateresponse) ] | | No | | human_contacts | [ [AgentHumanContactConfig](#agenthumancontactconfig) ] | | No | | knowledge_datasets | [ [AgentKnowledgeDatasetConfig](#agentknowledgedatasetconfig) ] | | No | -| skills_files | [ ] | | No | #### AgentComposerSoulLockResponse @@ -12340,6 +12511,13 @@ Audit operation recorded for Agent Soul version/revision changes. | ---- | ---- | ----------- | -------- | | data | [ [AgentConfigSnapshotSummaryResponse](#agentconfigsnapshotsummaryresponse) ] | | Yes | +#### AgentConfigSnapshotRestoreResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| active_config_snapshot_id | string | | Yes | +| result | string | | Yes | + #### AgentConfigSnapshotSummaryResponse | Name | Type | Description | Required | @@ -12375,6 +12553,12 @@ Audit operation recorded for Agent Soul version/revision changes. | date | string | | Yes | | message_count | integer | | Yes | +#### AgentDebugConversationRefreshResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| debug_conversation_id | string | | Yes | + #### AgentDriveDeleteFileByAgentQuery | Name | Type | Description | Required | @@ -12385,7 +12569,6 @@ Audit operation recorded for Agent Soul version/revision changes. | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| config_version_id | string | | No | | removed_keys | [ string ] | | No | | result | string | | Yes | @@ -12399,7 +12582,6 @@ Audit operation recorded for Agent Soul version/revision changes. | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| config_version_id | string | | No | | file | [AgentDriveFileResponse](#agentdrivefileresponse) | | Yes | #### AgentDriveFilePayload @@ -12425,9 +12607,11 @@ Audit operation recorded for Agent Soul version/revision changes. | created_at | integer | | No | | file_kind | string | | Yes | | hash | string | | No | +| is_skill | boolean | | No | | key | string | | Yes | | mime_type | string | | No | | size | integer | | No | +| skill_metadata | string | | No | #### AgentDriveListResponse @@ -12445,6 +12629,65 @@ Audit operation recorded for Agent Soul version/revision changes. | text | string | | No | | truncated | boolean | | Yes | +#### AgentDriveSkillFileResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| available_in_drive | boolean | | Yes | +| drive_key | string | | No | +| name | string | | Yes | +| path | string | | Yes | +| type | string | | Yes | + +#### AgentDriveSkillInspectResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| archive_key | string | | No | +| created_at | integer | | No | +| description | string | | Yes | +| file_tree | [ object ] | | No | +| files | [ [AgentDriveSkillFileResponse](#agentdriveskillfileresponse) ] | | No | +| hash | string | | No | +| mime_type | string | | No | +| name | string | | Yes | +| path | string | | Yes | +| size | integer | | No | +| skill_md | [AgentDriveSkillMarkdownResponse](#agentdriveskillmarkdownresponse) | | Yes | +| skill_md_key | string | | Yes | +| source | string | | Yes | +| warnings | [ string ] | | No | + +#### AgentDriveSkillItemResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| archive_key | string | | No | +| created_at | integer | | No | +| description | string | | Yes | +| hash | string | | No | +| mime_type | string | | No | +| name | string | | Yes | +| path | string | | Yes | +| size | integer | | No | +| skill_md_key | string | | Yes | + +#### AgentDriveSkillListResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| items | [ [AgentDriveSkillItemResponse](#agentdriveskillitemresponse) ] | | No | + +#### AgentDriveSkillMarkdownResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| binary | boolean | | Yes | +| key | string | | Yes | +| size | integer | | No | +| text | string | | No | +| truncated | boolean | | Yes | + #### AgentEnvVariableConfig | Name | Type | Description | Required | @@ -12924,27 +13167,12 @@ Visibility and lifecycle scope of an Agent record. | enabled | boolean | | No | | type | string | | No | -#### AgentSkillRefConfig - -| Name | Type | Description | Required | -| ---- | ---- | ----------- | -------- | -| description | string | | No | -| file_id | string | | No | -| full_archive_file_id | string | | No | -| full_archive_key | string | | No | -| id | string | | No | -| manifest_files | [ string ] | | No | -| name | string | | No | -| path | string | | No | -| skill_md_file_id | string | | No | -| skill_md_key | string | | No | - #### AgentSkillUploadResponse | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | | manifest | [SkillManifest](#skillmanifest) | | Yes | -| skill | [AgentSkillRefConfig](#agentskillrefconfig) | | Yes | +| skill | [AgentUploadedSkillResponse](#agentuploadedskillresponse) | | Yes | #### AgentSoulAppFeaturesConfig @@ -12973,7 +13201,6 @@ Visibility and lifecycle scope of an Agent record. | prompt | [AgentSoulPromptConfig](#agentsoulpromptconfig) | | No | | sandbox | [AgentSoulSandboxConfig](#agentsoulsandboxconfig) | | No | | schema_version | integer,
**Default:** 1 | | No | -| skills_files | [AgentSoulSkillsFilesConfig](#agentsoulskillsfilesconfig) | | No | | tools | [AgentSoulToolsConfig](#agentsoultoolsconfig) | | No | #### AgentSoulDifyToolConfig @@ -13090,13 +13317,6 @@ Reference to model credentials resolved only at runtime. | config | [AgentSandboxProviderConfig](#agentsandboxproviderconfig) | | No | | provider | string | | No | -#### AgentSoulSkillsFilesConfig - -| Name | Type | Description | Required | -| ---- | ---- | ----------- | -------- | -| files | [ [AgentFileRefConfig](#agentfilerefconfig) ] | | No | -| skills | [ [AgentSkillRefConfig](#agentskillrefconfig) ] | | No | - #### AgentSoulToolsConfig | Name | Type | Description | Required | @@ -13228,6 +13448,16 @@ Soft lifecycle state for Agent records. | tool_output | object | | Yes | | tool_parameters | object | | Yes | +#### AgentUploadedSkillResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| archive_key | string | | No | +| description | string | | Yes | +| name | string | | Yes | +| path | string | | Yes | +| skill_md_key | string | | Yes | + #### AgentUserSatisfactionRateStatisticResponse | Name | Type | Description | Required | @@ -19188,6 +19418,15 @@ Query parameters for listing snippet published workflows. | limit | integer,
**Default:** 10 | | No | | page | integer,
**Default:** 1 | | No | +#### SnippetWorkflowPaginationResponse + +| Name | Type | Description | Required | +| ---- | ---- | ----------- | -------- | +| has_more | boolean | | Yes | +| items | [ [SnippetWorkflowResponse](#snippetworkflowresponse) ] | | Yes | +| limit | integer | | Yes | +| page | integer | | Yes | + #### SnippetWorkflowResponse | Name | Type | Description | Required | diff --git a/api/openapi/markdown/openapi-openapi.md b/api/openapi/markdown/openapi-openapi.md index ce0150e8e88..4bb6761c22e 100644 --- a/api/openapi/markdown/openapi-openapi.md +++ b/api/openapi/markdown/openapi-openapi.md @@ -80,10 +80,9 @@ User-scoped operations | Name | Located in | Description | Required | Schema | | ---- | ---------- | ----------- | -------- | ------ | | limit | query | | No | integer,
**Default:** 20 | -| mode | query | | No | string,
**Available values:** "advanced-chat", "agent", "agent-chat", "channel", "chat", "completion", "rag-pipeline", "workflow" | +| mode | query | App types the ``app`` usage face (``get app``) lists and filters. A curated subset of :class:`AppMode`: the real, user-facing app categories. Excludes runtime-only mode tags that are not standalone apps (``rag-pipeline`` is a knowledge ``Pipeline``; ``channel`` is unused) and the roster-owned ``agent`` type (surfaced through the roster, not this list). Members reference ``AppMode.*.value`` so the subset relationship is type-checked: dropping a member from ``AppMode`` breaks this at import. This is the single source for the listable set — params, filters, and the generated CLI whitelist all derive from it. | No | string,
**Available values:** "advanced-chat", "agent-chat", "chat", "completion", "workflow" | | name | query | | No | string | | page | query | | No | integer,
**Default:** 1 | -| tag | query | | No | string | | workspace_id | query | | Yes | string | #### Responses @@ -319,7 +318,7 @@ Upload a file to use as an input variable when running the app | Name | Located in | Description | Required | Schema | | ---- | ---------- | ----------- | -------- | ------ | | limit | query | | No | integer,
**Default:** 20 | -| mode | query | | No | string,
**Available values:** "advanced-chat", "agent", "agent-chat", "channel", "chat", "completion", "rag-pipeline", "workflow" | +| mode | query | App types the ``app`` usage face (``get app``) lists and filters. A curated subset of :class:`AppMode`: the real, user-facing app categories. Excludes runtime-only mode tags that are not standalone apps (``rag-pipeline`` is a knowledge ``Pipeline``; ``channel`` is unused) and the roster-owned ``agent`` type (surfaced through the roster, not this list). Members reference ``AppMode.*.value`` so the subset relationship is type-checked: dropping a member from ``AppMode`` breaks this at import. This is the single source for the listable set — params, filters, and the generated CLI whitelist all derive from it. | No | string,
**Available values:** "advanced-chat", "agent-chat", "chat", "completion", "workflow" | | name | query | | No | string | | page | query | | No | integer,
**Default:** 1 | @@ -331,6 +330,22 @@ Upload a file to use as an input variable when running the app | 422 | Validation error | **application/json**: [ErrorBody](#errorbody)
| | default | Error | **application/json**: [ErrorBody](#errorbody)
| +### [GET] /permitted-external-apps/{app_id}/describe +#### Parameters + +| Name | Located in | Description | Required | Schema | +| ---- | ---------- | ----------- | -------- | ------ | +| fields | query | | No | string | +| app_id | path | | Yes | string | + +#### Responses + +| Code | Description | Schema | +| ---- | ----------- | ------ | +| 200 | Permitted external app description | **application/json**: [AppDescribeResponse](#appdescriberesponse)
| +| 422 | Validation error | **application/json**: [ErrorBody](#errorbody)
| +| default | Error | **application/json**: [ErrorBody](#errorbody)
| + ### [GET] /workspaces #### Responses @@ -507,14 +522,12 @@ Upload a file to use as an input variable when running the app | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| author | string | | No | | description | string | | No | | id | string | | Yes | | is_agent | boolean | | No | | mode | string | | Yes | | name | string | | Yes | | service_api_enabled | boolean | | Yes | -| tags | [ [TagItem](#tagitem) ],
**Default:** | | No | | updated_at | string | | No | #### AppDescribeQuery @@ -568,28 +581,25 @@ Request body for POST /workspaces//apps/imports. | yaml_content | string | Inline YAML DSL string (required when mode is yaml-content) | No | | yaml_url | string | Remote URL to fetch YAML from (required when mode is yaml-url) | No | -#### AppInfoResponse +#### AppInfo | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| author | string | | No | | description | string | | No | | id | string | | Yes | | mode | string | | Yes | | name | string | | Yes | -| tags | [ [TagItem](#tagitem) ],
**Default:** | | No | #### AppListQuery -mode is a closed enum. +mode is a closed enum of listable app types. | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | | limit | integer,
**Default:** 20 | | No | -| mode | [AppMode](#appmode) | | No | +| mode | [SupportedAppType](#supportedapptype) | | No | | name | string | | No | | page | integer,
**Default:** 1 | | No | -| tag | string | | No | | workspace_id | string | | Yes | #### AppListResponse @@ -606,12 +616,10 @@ mode is a closed enum. | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| created_by_name | string | | No | | description | string | | No | | id | string | | Yes | | mode | [AppMode](#appmode) | | Yes | | name | string | | Yes | -| tags | [ [TagItem](#tagitem) ],
**Default:** | | No | | updated_at | string | | No | | workspace_id | string | | No | | workspace_name | string | | No | @@ -914,7 +922,7 @@ Strict (extra='forbid'). | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | | limit | integer,
**Default:** 20 | | No | -| mode | [AppMode](#appmode) | | No | +| mode | [SupportedAppType](#supportedapptype) | | No | | name | string | | No | | page | integer,
**Default:** 1 | | No | @@ -982,11 +990,23 @@ Pagination for GET /account/sessions. Strict (extra='forbid'). | last_used_at | string | | No | | prefix | string | | Yes | -#### TagItem +#### SupportedAppType + +App types the ``app`` usage face (``get app``) lists and filters. + +A curated subset of :class:`AppMode`: the real, user-facing app categories. +Excludes runtime-only mode tags that are not standalone apps +(``rag-pipeline`` is a knowledge ``Pipeline``; ``channel`` is unused) and the +roster-owned ``agent`` type (surfaced through the roster, not this list). + +Members reference ``AppMode.*.value`` so the subset relationship is +type-checked: dropping a member from ``AppMode`` breaks this at import. +This is the single source for the listable set — params, filters, and the +generated CLI whitelist all derive from it. | Name | Type | Description | Required | | ---- | ---- | ----------- | -------- | -| name | string | | Yes | +| SupportedAppType | string | App types the ``app`` usage face (``get app``) lists and filters. A curated subset of :class:`AppMode`: the real, user-facing app categories. Excludes runtime-only mode tags that are not standalone apps (``rag-pipeline`` is a knowledge ``Pipeline``; ``channel`` is unused) and the roster-owned ``agent`` type (surfaced through the roster, not this list). Members reference ``AppMode.*.value`` so the subset relationship is type-checked: dropping a member from ``AppMode`` breaks this at import. This is the single source for the listable set — params, filters, and the generated CLI whitelist all derive from it. | | #### TaskStopResponse diff --git a/api/providers/trace/trace-aliyun/tests/unit_tests/aliyun_trace/data_exporter/test_traceclient.py b/api/providers/trace/trace-aliyun/tests/unit_tests/aliyun_trace/data_exporter/test_traceclient.py index 12f91212c1f..797134b3619 100644 --- a/api/providers/trace/trace-aliyun/tests/unit_tests/aliyun_trace/data_exporter/test_traceclient.py +++ b/api/providers/trace/trace-aliyun/tests/unit_tests/aliyun_trace/data_exporter/test_traceclient.py @@ -1,3 +1,4 @@ +import logging import time import uuid from datetime import datetime @@ -142,9 +143,8 @@ class TestTraceClient: mock_notify.assert_called_once() @patch("dify_trace_aliyun.data_exporter.traceclient.OTLPSpanExporter") - @patch("dify_trace_aliyun.data_exporter.traceclient.logger") def test_add_span_queue_full( - self, mock_logger: MagicMock, mock_exporter_class: MagicMock, trace_client_factory: type[TraceClient] + self, mock_exporter_class: MagicMock, trace_client_factory: type[TraceClient], caplog: pytest.LogCaptureFixture ): client = trace_client_factory(service_name="test-service", endpoint="http://test-endpoint", max_queue_size=1) @@ -164,12 +164,15 @@ class TestTraceClient: client.add_span(span_data) assert len(client.queue) == 1 - client.add_span(span_data) - assert len(client.queue) == 1 - mock_logger.warning.assert_called_with("Queue is full, likely spans will be dropped.") + with caplog.at_level(logging.WARNING): + client.add_span(span_data) + assert len(client.queue) == 1 + assert "Queue is full, likely spans will be dropped." in caplog.text @patch("dify_trace_aliyun.data_exporter.traceclient.OTLPSpanExporter") - def test_export_batch_error(self, mock_exporter_class: MagicMock, trace_client_factory: type[TraceClient]): + def test_export_batch_error( + self, mock_exporter_class: MagicMock, trace_client_factory: type[TraceClient], caplog: pytest.LogCaptureFixture + ): mock_exporter = mock_exporter_class.return_value mock_exporter.export.side_effect = Exception("Export failed") @@ -177,9 +180,9 @@ class TestTraceClient: mock_span = MagicMock(spec=ReadableSpan) client.queue.append(mock_span) - with patch("dify_trace_aliyun.data_exporter.traceclient.logger") as mock_logger: + with caplog.at_level(logging.WARNING): client._export_batch() - mock_logger.warning.assert_called() + assert "Error exporting spans" in caplog.text @patch("dify_trace_aliyun.data_exporter.traceclient.OTLPSpanExporter") def test_worker_loop(self, mock_exporter_class: MagicMock, trace_client_factory: type[TraceClient]): diff --git a/api/providers/trace/trace-weave/tests/unit_tests/weave_trace/test_weave_trace.py b/api/providers/trace/trace-weave/tests/unit_tests/weave_trace/test_weave_trace.py index 30646815d83..0e1f33b437d 100644 --- a/api/providers/trace/trace-weave/tests/unit_tests/weave_trace/test_weave_trace.py +++ b/api/providers/trace/trace-weave/tests/unit_tests/weave_trace/test_weave_trace.py @@ -307,13 +307,12 @@ class TestGetProjectUrl: monkeypatch.setattr(trace_instance, "entity", None) monkeypatch.setattr(trace_instance, "project_name", None) # Force an error by making string formatting fail - with patch("dify_trace_weave.weave_trace.logger") as mock_logger: - # Simulate exception via property - original_entity = trace_instance.entity - trace_instance.entity = None - trace_instance.project_name = None - url = trace_instance.get_project_url() - assert "https://wandb.ai/" in url + # Simulate exception via property + original_entity = trace_instance.entity + trace_instance.entity = None + trace_instance.project_name = None + url = trace_instance.get_project_url() + assert "https://wandb.ai/" in url # ── TestTraceDispatcher ───────────────────────────────────────────────────── diff --git a/api/repositories/api_workflow_run_repository.py b/api/repositories/api_workflow_run_repository.py index 2659e550552..bc30e980619 100644 --- a/api/repositories/api_workflow_run_repository.py +++ b/api/repositories/api_workflow_run_repository.py @@ -290,7 +290,10 @@ class APIWorkflowRunRepository(WorkflowExecutionRepository, Protocol): batch_size: int, run_types: Sequence[WorkflowType] | None = None, tenant_ids: Sequence[str] | None = None, + tenant_prefixes: Sequence[str] | None = None, workflow_ids: Sequence[str] | None = None, + run_shard_index: int | None = None, + run_shard_total: int | None = None, ) -> Sequence[WorkflowRun]: """ Fetch ended workflow runs in a time window for archival and clean batching. @@ -298,7 +301,9 @@ class APIWorkflowRunRepository(WorkflowExecutionRepository, Protocol): Optional filters: - run_types - tenant_ids + - tenant_prefixes, using the first hexadecimal digit of tenant_id for rollout waves - workflow_ids + - run_shard_index/run_shard_total, using a deterministic workflow_run_id shard """ ... diff --git a/api/repositories/sqlalchemy_api_workflow_run_repository.py b/api/repositories/sqlalchemy_api_workflow_run_repository.py index b40eb4bdd8a..2394377c9d4 100644 --- a/api/repositories/sqlalchemy_api_workflow_run_repository.py +++ b/api/repositories/sqlalchemy_api_workflow_run_repository.py @@ -56,6 +56,7 @@ from repositories.types import ( DailyTerminalsStats, DailyTokenCostStats, ) +from services.retention.workflow_run.tenant_prefix import tenant_prefix_condition logger = logging.getLogger(__name__) @@ -64,6 +65,40 @@ class _WorkflowRunError(Exception): pass +_HEX_SHARD_VALUES = { + "0": 0, + "1": 1, + "2": 2, + "3": 3, + "4": 4, + "5": 5, + "6": 6, + "7": 7, + "8": 8, + "9": 9, + "a": 10, + "b": 11, + "c": 12, + "d": 13, + "e": 14, + "f": 15, +} + + +def _tenant_prefix_condition(prefixes: Sequence[str]) -> sa.ColumnElement[bool]: + conditions = [tenant_prefix_condition(WorkflowRun.tenant_id, prefix) for prefix in prefixes] + return sa.or_(*conditions) + + +def _workflow_run_id_shard_expr() -> sa.ColumnElement[int]: + normalized_id = func.lower(func.replace(sa.cast(WorkflowRun.id, sa.String()), "-", "")) + last_hex = func.substr(normalized_id, func.length(normalized_id), 1) + return sa.case( + *[(last_hex == hex_digit, shard_value) for hex_digit, shard_value in _HEX_SHARD_VALUES.items()], + else_=0, + ) + + def _build_human_input_required_reason( reason_model: WorkflowPauseReason, form_model: HumanInputForm | None, @@ -378,7 +413,10 @@ class DifyAPISQLAlchemyWorkflowRunRepository(APIWorkflowRunRepository): batch_size: int, run_types: Sequence[WorkflowType] | None = None, tenant_ids: Sequence[str] | None = None, + tenant_prefixes: Sequence[str] | None = None, workflow_ids: Sequence[str] | None = None, + run_shard_index: int | None = None, + run_shard_total: int | None = None, ) -> Sequence[WorkflowRun]: """ Fetch ended workflow runs in a time window for archival and clean batching. @@ -387,7 +425,8 @@ class DifyAPISQLAlchemyWorkflowRunRepository(APIWorkflowRunRepository): - created_at in [start_from, end_before) - type in run_types (when provided) - status is an ended state - - optional tenant_id, workflow_id filters and cursor (last_seen) for pagination + - optional tenant_id, tenant_prefix, workflow_id filters and cursor (last_seen) for pagination + - optional deterministic shard by the last hexadecimal digit of workflow_run_id """ with self._session_maker() as session: stmt = ( @@ -410,9 +449,15 @@ class DifyAPISQLAlchemyWorkflowRunRepository(APIWorkflowRunRepository): if tenant_ids: stmt = stmt.where(WorkflowRun.tenant_id.in_(tenant_ids)) + if tenant_prefixes: + stmt = stmt.where(_tenant_prefix_condition(tenant_prefixes)) + if workflow_ids: stmt = stmt.where(WorkflowRun.workflow_id.in_(workflow_ids)) + if run_shard_index is not None and run_shard_total is not None: + stmt = stmt.where((_workflow_run_id_shard_expr() % run_shard_total) == run_shard_index) + if last_seen: stmt = stmt.where( tuple_(WorkflowRun.created_at, WorkflowRun.id) diff --git a/api/services/account_service.py b/api/services/account_service.py index a608f544747..21b5f1eedba 100644 --- a/api/services/account_service.py +++ b/api/services/account_service.py @@ -1280,7 +1280,7 @@ class TenantService: tenant = TenantService.create_tenant(name=name, is_setup=is_setup) else: tenant = TenantService.create_tenant(name=f"{account.name}'s Workspace", is_setup=is_setup) - TenantService.create_tenant_member(tenant, account, role="owner") + TenantService.create_tenant_member(tenant, account, db.session, role="owner") if dify_config.RBAC_ENABLED: owner_role_id = AccountService._resolve_legacy_role_id(str(tenant.id), account.id, TenantAccountRole.OWNER) RBACService.MemberRoles.replace( @@ -1294,14 +1294,16 @@ class TenantService: tenant_was_created.send(tenant) @staticmethod - def create_tenant_member(tenant: Tenant, account: Account, role: str = "normal") -> TenantAccountJoin: + def create_tenant_member( + tenant: Tenant, account: Account, session: scoped_session, role: str = "normal" + ) -> TenantAccountJoin: """Create tenant member""" if role == TenantAccountRole.OWNER: if TenantService.has_roles(tenant, [TenantAccountRole.OWNER]): logger.error("Tenant %s has already an owner.", tenant.id) raise Exception("Tenant already has an owner.") - ta = db.session.scalar( + ta = session.scalar( select(TenantAccountJoin) .where(TenantAccountJoin.tenant_id == tenant.id, TenantAccountJoin.account_id == account.id) .limit(1) @@ -1310,9 +1312,9 @@ class TenantService: ta.role = TenantAccountRole(role) else: ta = TenantAccountJoin(tenant_id=tenant.id, account_id=account.id, role=TenantAccountRole(role)) - db.session.add(ta) + session.add(ta) - db.session.commit() + session.commit() if dify_config.BILLING_ENABLED: BillingService.clean_billing_info_cache(tenant.id) return ta @@ -1915,7 +1917,7 @@ class RegisterService: ): try: tenant = TenantService.create_tenant(f"{account.name}'s Workspace") - TenantService.create_tenant_member(tenant, account, role="owner") + TenantService.create_tenant_member(tenant, account, db.session, role="owner") account.current_tenant = tenant tenant_was_created.send(tenant) except Exception: @@ -1970,7 +1972,7 @@ class RegisterService: status=AccountStatus.PENDING, is_setup=True, ) - TenantService.create_tenant_member(tenant, account, tenant_join_role) + TenantService.create_tenant_member(tenant, account, db.session, tenant_join_role) TenantService.switch_tenant(account, tenant.id) requires_setup = True else: @@ -1983,7 +1985,7 @@ class RegisterService: requires_setup = account.status == AccountStatus.PENDING if not ta and (account.status == AccountStatus.PENDING or dify_config.RBAC_ENABLED): - TenantService.create_tenant_member(tenant, account, tenant_join_role) + TenantService.create_tenant_member(tenant, account, db.session, tenant_join_role) # Support resend invitation email when the account is pending status if account.status != AccountStatus.PENDING: diff --git a/api/services/agent/composer_candidates.py b/api/services/agent/composer_candidates.py index 0a1419be399..7868f2a2f63 100644 --- a/api/services/agent/composer_candidates.py +++ b/api/services/agent/composer_candidates.py @@ -137,9 +137,6 @@ def soul_candidates( soul = agent_soul or AgentSoulConfig() truncated = False - skills_files = [{"kind": "skill", **skill.model_dump(exclude_none=True)} for skill in soul.skills_files.skills] - skills_files += [{"kind": "file", **file.model_dump(exclude_none=True)} for file in soul.skills_files.files] - cli_tools = [tool.model_dump(exclude_none=True) for tool in soul.tools.cli_tools if tool.enabled] dataset_ids = [dataset.id for dataset in soul.knowledge.datasets if dataset.id] @@ -162,7 +159,6 @@ def soul_candidates( dify_tools = workspace_tools_loader() lists = { - "skills_files": skills_files, "dify_tools": dify_tools, "cli_tools": cli_tools, "knowledge_datasets": knowledge_datasets, diff --git a/api/services/agent/composer_service.py b/api/services/agent/composer_service.py index 16ab3627929..0a17c06300f 100644 --- a/api/services/agent/composer_service.py +++ b/api/services/agent/composer_service.py @@ -21,7 +21,6 @@ from models.agent import ( WorkflowAgentNodeBinding, ) from models.agent_config_entities import ( - AgentFileRefConfig, DeclaredOutputConfig, ) from models.agent_config_entities import ( @@ -34,7 +33,6 @@ from services.agent.errors import ( AgentNameConflictError, AgentNotFoundError, AgentVersionNotFoundError, - InvalidComposerConfigError, ) from services.entities.agent_entities import ( AgentSoulConfig, @@ -48,6 +46,13 @@ from services.entities.agent_entities import ( # WorkflowAgentNodeBinding.workflow_version tag for the draft workflow row. # Mirrors Workflow.version when it is "draft" (see models/workflow.py). _DRAFT_WORKFLOW_VERSION = "draft" +_PUBLISH_SAVE_STRATEGIES = frozenset( + { + ComposerSaveStrategy.SAVE_AS_NEW_VERSION, + ComposerSaveStrategy.SAVE_AS_NEW_AGENT, + ComposerSaveStrategy.SAVE_TO_ROSTER, + } +) logger = logging.getLogger(__name__) @@ -73,6 +78,13 @@ def _backfill_cli_tool_ids(agent_soul: AgentSoulConfig | None) -> None: seen_ids.add(minted) +def _validate_composer_payload_for_strategy(payload: ComposerSavePayload) -> None: + if payload.save_strategy in _PUBLISH_SAVE_STRATEGIES: + ComposerConfigValidator.validate_publish_payload(payload) + return + ComposerConfigValidator.validate_draft_save_payload(payload) + + class AgentComposerService: @classmethod def load_workflow_composer(cls, *, tenant_id: str, app_id: str, node_id: str) -> dict[str, Any]: @@ -102,33 +114,10 @@ class AgentComposerService: raise ValueError("Workflow composer endpoint only accepts workflow variant") _backfill_cli_tool_ids(payload.agent_soul) - ComposerConfigValidator.validate_save_payload(payload) + _validate_composer_payload_for_strategy(payload) workflow = cls._get_draft_workflow(tenant_id=tenant_id, app_id=app_id) binding = cls._get_workflow_binding(tenant_id=tenant_id, workflow_id=workflow.id, node_id=node_id) - # ENG-623 §4.4: drive-backed refs must point at real drive rows before the - # soul is persisted. Only strategies that write the soul onto an *existing* - # agent are checked — new-agent strategies create a fresh (empty) drive, so - # any carried drive key would be flagged on the next save instead. - if ( - payload.agent_soul is not None - and binding is not None - and binding.agent_id - and payload.save_strategy - in ( - ComposerSaveStrategy.NODE_JOB_ONLY, - ComposerSaveStrategy.SAVE_TO_CURRENT_VERSION, - ComposerSaveStrategy.SAVE_AS_NEW_VERSION, - ) - and ( - payload.save_strategy != ComposerSaveStrategy.NODE_JOB_ONLY - or binding.binding_type == WorkflowAgentBindingType.INLINE_AGENT - ) - ): - cls._require_drive_refs_resolved( - tenant_id=tenant_id, agent_id=binding.agent_id, agent_soul=payload.agent_soul - ) - match payload.save_strategy: case ComposerSaveStrategy.NODE_JOB_ONLY: binding = cls._save_node_job_only( @@ -176,7 +165,11 @@ class AgentComposerService: version_id=version_id, ) state = cls._serialize_workflow_state(binding=binding, agent=agent, version=version) - state["validation"] = cls.collect_validation_findings(tenant_id=tenant_id, payload=payload) + state["validation"] = cls.collect_validation_findings( + tenant_id=tenant_id, + payload=payload, + agent_id=binding.agent_id, + ) return state @classmethod @@ -215,7 +208,7 @@ class AgentComposerService: if payload.variant != ComposerVariant.AGENT_APP: raise ValueError("Agent App composer endpoint only accepts agent_app variant") _backfill_cli_tool_ids(payload.agent_soul) - ComposerConfigValidator.validate_save_payload(payload) + _validate_composer_payload_for_strategy(payload) if payload.agent_soul is None: raise ValueError("agent_soul is required") @@ -250,9 +243,6 @@ class AgentComposerService: db.session.rollback() raise AgentNameConflictError() from exc - # ENG-623 §4.4: dangling drive-backed refs are rejected before persisting. - cls._require_drive_refs_resolved(tenant_id=tenant_id, agent_id=agent.id, agent_soul=payload.agent_soul) - if payload.save_strategy == ComposerSaveStrategy.SAVE_AS_NEW_VERSION or not agent.active_config_snapshot_id: version = cls._create_config_version( tenant_id=tenant_id, @@ -281,7 +271,11 @@ class AgentComposerService: db.session.commit() state = cls.load_agent_app_composer(tenant_id=tenant_id, app_id=app_id) - state["validation"] = cls.collect_validation_findings(tenant_id=tenant_id, payload=payload) + state["validation"] = cls.collect_validation_findings( + tenant_id=tenant_id, + payload=payload, + agent_id=agent.id, + ) return state @classmethod @@ -292,11 +286,7 @@ class AgentComposerService: payload: ComposerSavePayload, agent_id: str | None = None, ) -> dict[str, Any]: - """ENG-617 soft findings, with DB-backed dataset existence for placeholders. - - With ``agent_id`` the drive-backed skill/file refs are also checked against - the agent drive (ENG-623 §4.4) and dangling ones surface as warnings. - """ + """ENG-617 soft findings, with DB-backed dataset and drive mention checks.""" from services.agent.prompt_mentions import MentionKind, parse_prompt_mentions mentioned_ids: set[str] = set() @@ -312,136 +302,14 @@ class AgentComposerService: findings = ComposerConfigValidator.collect_soft_findings(payload, existing_dataset_ids=existing_dataset_ids) if agent_id and payload.agent_soul is not None: findings["warnings"].extend( - cls._drive_ref_findings(tenant_id=tenant_id, agent_id=agent_id, agent_soul=payload.agent_soul) + cls._drive_mention_findings( + tenant_id=tenant_id, + agent_id=agent_id, + prompt=payload.agent_soul.prompt.system_prompt, + ) ) return findings - @classmethod - def remove_drive_refs( - cls, - *, - tenant_id: str, - agent_id: str, - account_id: str, - skill_slug: str | None = None, - file_key: str | None = None, - app_id: str | None = None, - node_id: str | None = None, - ) -> str | None: - """Drop the soul refs backed by a drive skill/file before the drive rows go. - - Soul-first ordering (ENG-625 D5): a mid-failure leaves harmless orphan KV - rows that an idempotent DELETE retry cleans, instead of a soul ref that - keeps failing dangling-ref validation. Returns the new config version id, - or ``None`` when the soul held no matching ref (idempotent re-delete). - """ - if (skill_slug is None) == (file_key is None): - raise ValueError("remove_drive_refs requires exactly one of skill_slug or file_key") - agent = db.session.scalar(select(Agent).where(Agent.tenant_id == tenant_id, Agent.id == agent_id).limit(1)) - if agent is None or not agent.active_config_snapshot_id: - return None - current_snapshot = cls._require_version( - tenant_id=tenant_id, agent_id=agent.id, version_id=agent.active_config_snapshot_id - ) - agent_soul = AgentSoulConfig.model_validate(current_snapshot.config_snapshot_dict) - - removed_display: str | None = None - if skill_slug is not None: - kept_skills = [] - for skill in agent_soul.skills_files.skills: - slug = (skill.skill_md_key or "").split("/", 1)[0] or (skill.path or "").strip("/") - if slug == skill_slug: - removed_display = skill.name or skill.id or skill_slug - continue - kept_skills.append(skill) - if removed_display is None: - return None - agent_soul.skills_files.skills = kept_skills - note = f"Removed skill '{removed_display}' from the drive." - else: - kept_files = [] - for file in agent_soul.skills_files.files: - if file.drive_key == file_key: - removed_display = file.name or file.drive_key - continue - kept_files.append(file) - if removed_display is None: - return None - agent_soul.skills_files.files = kept_files - note = f"Removed file '{removed_display}' from the drive." - - version = cls._update_current_version( - current_snapshot=current_snapshot, - account_id=account_id, - agent_soul=agent_soul, - operation=AgentConfigRevisionOperation.SAVE_CURRENT_VERSION, - version_note=note, - ) - agent.active_config_snapshot_id = version.id - agent.updated_by = account_id - cls._sync_draft_binding_snapshot( - tenant_id=tenant_id, - app_id=app_id, - node_id=node_id, - agent_id=agent_id, - snapshot_id=version.id, - account_id=account_id, - ) - db.session.commit() - return version.id - - @classmethod - def add_drive_file_ref( - cls, - *, - tenant_id: str, - agent_id: str, - account_id: str, - file_ref: AgentFileRefConfig, - app_id: str | None = None, - node_id: str | None = None, - ) -> str | None: - """Add or replace one drive-backed file ref in the active Agent Soul. - - ``POST /agent/files`` is an ADD FILE user action, not just a low-level - drive commit. The committed file must be present in ``skills_files.files`` - because runtime ``dify.drive`` is built from the active Agent Soul. - """ - if not file_ref.drive_key: - raise ValueError("file_ref.drive_key is required") - agent = db.session.scalar(select(Agent).where(Agent.tenant_id == tenant_id, Agent.id == agent_id).limit(1)) - if agent is None or not agent.active_config_snapshot_id: - return None - current_snapshot = cls._require_version( - tenant_id=tenant_id, agent_id=agent.id, version_id=agent.active_config_snapshot_id - ) - agent_soul = AgentSoulConfig.model_validate(current_snapshot.config_snapshot_dict) - kept_files = [item for item in agent_soul.skills_files.files if item.drive_key != file_ref.drive_key] - kept_files.append(file_ref) - agent_soul.skills_files.files = kept_files - - display = file_ref.name or file_ref.drive_key - version = cls._update_current_version( - current_snapshot=current_snapshot, - account_id=account_id, - agent_soul=agent_soul, - operation=AgentConfigRevisionOperation.SAVE_CURRENT_VERSION, - version_note=f"Added file '{display}' to the drive.", - ) - agent.active_config_snapshot_id = version.id - agent.active_config_has_model = agent_soul_has_model(agent_soul) - agent.updated_by = account_id - cls._sync_draft_binding_snapshot( - tenant_id=tenant_id, - app_id=app_id, - node_id=node_id, - agent_id=agent_id, - snapshot_id=version.id, - account_id=account_id, - ) - db.session.commit() - return version.id - @classmethod def resolve_bound_agent_id(cls, *, tenant_id: str, app_id: str) -> str | None: """The Agent App's bound roster agent id, if any (validate-endpoint context).""" @@ -468,49 +336,25 @@ class AgentComposerService: return binding.agent_id if binding else None @classmethod - def _sync_draft_binding_snapshot( - cls, - *, - tenant_id: str, - app_id: str | None, - node_id: str | None, - agent_id: str, - snapshot_id: str, - account_id: str, - ) -> None: - """Keep workflow node bindings on the new active snapshot after direct drive edits.""" - if not app_id or not node_id: - return - try: - workflow = cls._get_draft_workflow(tenant_id=tenant_id, app_id=app_id) - except ValueError: - return - binding = cls._get_workflow_binding(tenant_id=tenant_id, workflow_id=workflow.id, node_id=node_id) - if binding is None or binding.agent_id != agent_id: - return - binding.current_snapshot_id = snapshot_id - binding.updated_by = account_id - - @classmethod - def _drive_ref_findings( + def _drive_mention_findings( cls, *, tenant_id: str, agent_id: str, - agent_soul: AgentSoulConfig, + prompt: str, ) -> list[dict[str, str | None]]: - """Drive-backed refs whose keys have no row in the agent drive (ENG-623 §4.4). + """Soft warnings for missing drive-backed prompt mentions.""" + from services.agent.prompt_mentions import MentionKind, parse_prompt_mentions + from services.agent_drive_service import decode_drive_mention_ref - Each finding message starts with its stable code token - (``skill_ref_dangling`` / ``file_ref_dangling``) in the ENG-616/617 style. - """ wanted_keys: dict[str, tuple[str, str]] = {} - for skill in agent_soul.skills_files.skills: - if skill.skill_md_key: - wanted_keys[skill.skill_md_key] = ("skill_ref_dangling", skill.name or skill.id or "unknown") - for file in agent_soul.skills_files.files: - if file.drive_key: - wanted_keys[file.drive_key] = ("file_ref_dangling", file.name or file.id or "unknown") + for mention in parse_prompt_mentions(prompt): + if mention.kind not in {MentionKind.SKILL, MentionKind.FILE}: + continue + decoded_key = decode_drive_mention_ref(mention.ref_id) + if not decoded_key: + continue + wanted_keys[decoded_key] = (mention.kind.value, mention.label or decoded_key) if not wanted_keys: return [] @@ -524,28 +368,20 @@ class AgentComposerService: ) ) findings: list[dict[str, str | None]] = [] - for key, (code, display) in wanted_keys.items(): + for key, (kind, display) in wanted_keys.items(): if key in existing_keys: continue - kind = "skill" if code == "skill_ref_dangling" else "file" findings.append( { - "code": code, + "code": "mention_target_missing", "surface": "agent_soul", "kind": kind, "id": key, - "message": f"{code}: {kind} '{display}' has no drive entry for key '{key}'.", + "message": f"{kind} '{display}' has no drive entry for key '{key}'.", } ) return findings - @classmethod - def _require_drive_refs_resolved(cls, *, tenant_id: str, agent_id: str, agent_soul: AgentSoulConfig) -> None: - """Hard save-time guard: dangling drive-backed refs are rejected (400).""" - findings = cls._drive_ref_findings(tenant_id=tenant_id, agent_id=agent_id, agent_soul=agent_soul) - if findings: - raise InvalidComposerConfigError("; ".join(str(finding["message"]) for finding in findings)) - @classmethod def get_workflow_candidates(cls, *, tenant_id: str, app_id: str, node_id: str, user_id: str) -> dict[str, Any]: """Slash-menu data source for the workflow Agent node composer (ENG-615).""" @@ -830,6 +666,16 @@ class AgentComposerService: ) -> WorkflowAgentNodeBinding: node_job = payload.node_job or WorkflowNodeJobConfig() if binding: + if cls._is_start_from_scratch_request(binding=binding, payload=payload): + return cls._switch_roster_binding_to_inline_agent( + tenant_id=tenant_id, + app_id=app_id, + workflow_id=workflow_id, + node_id=node_id, + account_id=account_id, + binding=binding, + payload=payload, + ) binding.node_job_config = node_job if payload.agent_soul is not None and binding.binding_type == WorkflowAgentBindingType.INLINE_AGENT: current_snapshot = cls._require_version( @@ -880,6 +726,46 @@ class AgentComposerService: db.session.flush() return binding + @classmethod + def _is_start_from_scratch_request(cls, *, binding: WorkflowAgentNodeBinding, payload: ComposerSavePayload) -> bool: + return ( + binding.binding_type == WorkflowAgentBindingType.ROSTER_AGENT + and payload.binding is not None + and payload.binding.binding_type == WorkflowAgentBindingType.INLINE_AGENT.value + ) + + @classmethod + def _switch_roster_binding_to_inline_agent( + cls, + *, + tenant_id: str, + app_id: str, + workflow_id: str, + node_id: str, + account_id: str, + binding: WorkflowAgentNodeBinding, + payload: ComposerSavePayload, + ) -> WorkflowAgentNodeBinding: + if payload.binding and (payload.binding.agent_id or payload.binding.current_snapshot_id): + raise ValueError("Start from Scratch must not provide an existing inline agent binding.") + + agent_soul = payload.agent_soul or AgentSoulConfig() + agent = cls._create_workflow_only_agent( + tenant_id=tenant_id, + app_id=app_id, + workflow_id=workflow_id, + node_id=node_id, + account_id=account_id, + agent_soul=agent_soul, + ) + binding.binding_type = WorkflowAgentBindingType.INLINE_AGENT + binding.agent_id = agent.id + binding.current_snapshot_id = agent.active_config_snapshot_id + binding.node_job_config = payload.node_job or binding.node_job_config + binding.updated_by = account_id + db.session.flush() + return binding + @classmethod def _save_to_current_version( cls, diff --git a/api/services/agent/composer_validator.py b/api/services/agent/composer_validator.py index b9519272c4a..34b80b8a9d0 100644 --- a/api/services/agent/composer_validator.py +++ b/api/services/agent/composer_validator.py @@ -50,7 +50,7 @@ _DANGEROUS_ACK_KEYS = ( class ComposerConfigValidator: @classmethod - def validate_save_payload(cls, payload: ComposerSavePayload) -> None: + def validate_draft_save_payload(cls, payload: ComposerSavePayload) -> None: if ( payload.variant == ComposerVariant.WORKFLOW and payload.soul_lock.locked @@ -59,6 +59,13 @@ class ComposerConfigValidator: ): raise AgentSoulLockedError() + @classmethod + def validate_save_payload(cls, payload: ComposerSavePayload) -> None: + cls.validate_publish_payload(payload) + + @classmethod + def validate_publish_payload(cls, payload: ComposerSavePayload) -> None: + cls.validate_draft_save_payload(payload) if payload.agent_soul is not None: cls.validate_agent_soul(payload.agent_soul) if payload.node_job is not None: @@ -191,6 +198,8 @@ class ComposerConfigValidator: } ) continue + if mention.kind in {MentionKind.SKILL, MentionKind.FILE}: + continue if resolved is None: warnings.append( { diff --git a/api/services/agent/prompt_mentions.py b/api/services/agent/prompt_mentions.py index 921d6838b26..27bed49c53b 100644 --- a/api/services/agent/prompt_mentions.py +++ b/api/services/agent/prompt_mentions.py @@ -4,13 +4,14 @@ Slash-menu insertions are stored inline in the plain-string prompt as tokens: [§:[: