opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-26 23:01:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,281 Commits 577 Branches 173 Tags 837 MiB
a79bc7d074
Commit Graph

274 Commits

Author SHA1 Message Date
yungle246
a79bc7d074 feat(api): mask secret tokens in api-key list responses (reveal-once) 
Previously the console api-key list returned every key's full plaintext
token, so anyone with console access could retrieve the secret of an
already-created key (via the copy button or the raw API response). This
is contrary to the reveal-once norm.

- List endpoints (app keys, workspace dataset keys, per-dataset keys) now
  return a masked token (prefix + last 4); the full secret is only ever
  returned by the create endpoint, at creation time.
- Frontend secret-key modal displays the masked token as-is and drops the
  copy affordance for existing keys (copying a masked value is pointless).

Applies to both app and dataset keys since they share the modal and the
ApiKeyItem response model.
 2026-06-25 14:21:38 +09:00
YungLe
272f11770e
Merge branch 'main' into feat/dataset-api-key-scope 2026-06-23 18:21:21 +09:00
林玮 (Jade Lin)
04d226384f
fix(agent): agent composer publish validation (#37803) 2026-06-23 08:48:40 +00:00
FFXN
a554891bbd
fix: snippet history detail includes input fields (#37797) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-23 08:08:12 +00:00
盐粒 Yanli
f4fdbeba76
feat(agent-v2): sync nightly updates to main (2026-06-22) (#37651) 
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-23 08:05:16 +00:00
zyssyz123
a3309cd857
fix: support agent duplicate role and skill file preview (#37788) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-23 06:35:26 +00:00
zyssyz123
26639e0923
feat: add agent debug conversation refresh API (#37784) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-23 04:34:13 +00:00
zyssyz123
b67a04aa22
fix: isolate agent debug conversations by account (#37766) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-23 02:04:23 +00:00
zyssyz123
7d2f25df8e
feat(agent): add roster service api access (#37759) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-22 12:37:27 +00:00
zyssyz123
4065f63dce
fix(agent): add stable debug conversation (#37744) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-22 09:21:09 +00:00
wangxiaolei
c83dcce1f7
chore: remove duplicate code (#37724) 2026-06-22 06:57:56 +00:00
zyssyz123
c1ab6226a2
fix(agent): support restoring roster versions (#37734) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-22 06:31:50 +00:00
zyssyz123
34c1bf1062
feat(agent): add skill inspect API (#37726) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-22 05:22:10 +00:00
Rohit Gahlawat
9b4dd9d4e8
refactor: accept db.session explicitly in APIBasedExtensionService (#37693) 2026-06-21 00:53:36 +00:00
Rohit Gahlawat
dcff1870d5
refactor: accept db.session explicitly in SavedMessageService (#37682) 2026-06-20 12:35:06 +00:00
Asuka Minato
a7b53b33ee
chore: move one db.session (#37656) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-19 19:52:59 +00:00
yungle246
1edffca717 Merge remote-tracking branch 'upstream/main' into feat/dataset-api-key-scope 
# Conflicts:
#	web/app/components/datasets/extra-info/api-access/__tests__/card.spec.tsx
#	web/app/components/datasets/extra-info/api-access/card.tsx
#	web/app/components/develop/secret-key/secret-key-modal.tsx
 2026-06-20 03:16:09 +09:00
Asuka Minato
fae607e2fe
chore: add Type to test (#37191) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-19 16:44:20 +00:00
Asuka Minato
bd15b8e6ce
chore: add more type in test (#37609) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-18 23:07:12 +00:00
Asuka Minato
e4500d2b9d
chore: Caplog type (#37603) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-18 18:53:13 +00:00
Wu Tianwei
33edf97f81
feat: RBAC (#37107) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: Charles Yao <chongbinyao33@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: yunlu.wen <yunlu.wen@dify.ai>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: Jingyi <jingyi.qi@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: chariri <w@chariri.moe>
Co-authored-by: Evan <2869018789@qq.com>
Co-authored-by: zyssyz123 <916125788@qq.com>
 2026-06-18 16:35:29 +00:00
zyssyz123
0df30dd269
fix(agent): resolve roster file downloads versions and log filters (#37626) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-18 12:06:27 +00:00
zyssyz123
933df2f490
fix(agent): decouple roster from app quota (#37625) 2026-06-18 08:48:18 +00:00
非法操作
26b0137c83
chore: improve invite member flow (#37479) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jingyi <jingyi.qi@dify.ai>
 2026-06-18 06:30:01 +00:00
盐粒 Yanli
3f2d22ec0f
feat(agent-v2): sync nightly updates to main (#37599) 
Co-authored-by: Jingyi-Dify <jingyi.qi@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: Bond Zhu <783504079@qq.com>
Co-authored-by: Yansong Zhang <916125788@qq.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-18 05:03:34 +00:00
Asuka Minato
4304044905
chore: example of make db.session pass from parameter. (#37561) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-18 02:16:09 +00:00
zyssyz123
43192036fa
fix: require Agent App role (#37601) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-18 01:23:45 +00:00
zyssyz123
59f8f2e7b3
fix(agent): align roster observability logs contract (#37578) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 14:34:14 +00:00
zyssyz123
912c0fa8d1
fix(agent): add agent app duplicate endpoint (#37571) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 08:09:47 +00:00
YungLe
d2d4e54b11 Merge remote-tracking branch 'upstream/main' into feat/dataset-api-key-scope 2026-06-17 16:45:13 +09:00
zyssyz123
758bea1a91
fix(api): hide agent apps from installed apps (#37570) 2026-06-17 06:47:39 +00:00
yyh
f203ab7f1d
fix(agent-v2): include workflow references in agent list (#37567) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 05:56:53 +00:00
zyssyz123
e970cbde0f
feat: add agent roster observability APIs (#37566) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 05:22:52 +00:00
Prajeeth Channa
3f81ec1212
test: replace logger patch with caplog in version and rag pipeline tests (#37554) 2026-06-17 01:50:50 +00:00
zyssyz123
bacc48d16e
fix(agent): align config detail and output contracts (#37535) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 01:17:20 +00:00
zyssyz123
dcc0b95e11
fix: issue (#37508) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-16 08:53:53 +00:00
zyssyz123
b4e3a9095b
fix(agent): support agent-id chat and inline draft bindings (#37483) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-16 06:04:30 +00:00
zyssyz123
2b7f5ab982
fix: project agent node outputs into draft graph (#37467) 2026-06-15 13:27:57 +00:00
zyssyz123
1e8329f02c
feat: Unify Agent v2 console routes (#37465) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-15 11:09:15 +00:00
Jingyi
9b74df21d0
feat(web): refine onboarding UI (#37433) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: Yunlu Wen <yunlu.wen@dify.ai>
Co-authored-by: chariri <w@chariri.moe>
Co-authored-by: Evan <2869018789@qq.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-15 08:47:15 +00:00
zyssyz123
d21bf291bb
fix: align agent app backing roster API (#37442) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-15 05:21:38 +00:00
cn7shi
e0773c4d8f
refactor: TagService to accept db.session explicitly (#37416) 2026-06-15 02:04:28 +00:00
Shahil kadia
c6b3e525d1
refactor: accept db.session explicitly in RecommendedAppService (#37417) 
Co-authored-by: Shahil Kadia <shahil@users.noreply.github.com>
 2026-06-15 01:19:16 +00:00
zyssyz123
8cac86d5c5
feat(agent): Skills & Files effective chain — drive runtime exposure, inspector, lifecycle, infer-tools (#37370) 
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-13 02:30:55 +00:00
盐粒 Yanli
92df792e4a
refactor(agent): replace workspace inspector with sandbox API (#37349) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-12 02:46:31 +00:00
zyssyz123
6cfd96ccd6
feat: agent slash menu backend (#37331) 
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-12 02:06:35 +00:00
yungle246
be6612f454 feat: allow knowledge base API keys to be scoped to a single dataset 
Reintroduce the nullable api_tokens.dataset_id column (dropped in 2e9819ca5b28)
so dataset API keys can opt into per-knowledge-base scoping:

- NULL dataset_id keeps today's workspace-wide behavior, so every existing key
  and the existing /datasets/api-keys create route are unchanged.
- validate_dataset_token rejects a bound key for any other dataset, and for
  endpoints that carry no dataset id (e.g. list-all), with 403.
- CachedApiToken carries dataset_id with a None default so cache entries
  written before deploy keep deserializing.
- The per-dataset console routes in apikey.py (previously dead code that 500ed
  on a missing ApiToken.dataset_id) now create bound keys; their list returns
  bound keys plus workspace keys so the dataset page shows the full access
  picture.
- Frontend: the knowledge base API access popover gains an API keys entry; the
  secret key modal accepts datasetId, shows a scope column, and offers a
  workspace / this-knowledge-base scope choice on create. New strings are
  localized for all 23 locales.
 2026-06-11 11:41:47 +09:00
chariri
2a46a7d91d
refactor(api): migrate remaining console APIs to use injected user/tenant (#37288) 2026-06-11 01:30:31 +00:00
zyssyz123
2c5c8e82c3
feat: agent slash menu backend (#37268) 
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-10 10:40:03 +00:00
非法操作
6658a7c5e7
fix: block frozen deleted accounts during invite activation (#37281) 2026-06-10 10:21:05 +00:00