mirror of
https://github.com/langgenius/dify.git
synced 2026-06-18 15:51:14 +08:00
f533e992d4
Pause-time token emission now draws only from the recipient set each API surface is allowed to act on (emit ⊆ validate), so the CLI/OpenAPI caller is never handed a token the resume endpoint would reject as 404 (WTA-867). A form's recipients are partitioned once, per surface, into a single FormDisposition: the surface-actionable recipient yields `form_token`, while the rest are reported as `approval_channels` (e.g. ["email", "console"]) so the caller is told where approval actually happens. Token and channels are two projections of one decision (disposition_for_surface) loaded by one recipient query (load_form_dispositions_by_form_id); the live pause path and the reconnect snapshot path consume the same FormDisposition so they cannot drift. RecipientType carries its user-facing approval-channel label as an enum tuple value, set in __new__, so a new recipient type cannot be declared without one. Tests: consolidate recipient/disposition/enrich tests into parametrized matrices, add CONSOLE-surface and empty-token coverage, extract a shared fake session for the pause-event tests. |
||
|---|---|---|
| .. | ||
| auth | ||
| __init__.py | ||
| _audit.py | ||
| _contract.py | ||
| _errors.py | ||
| _input_schema.py | ||
| _meta.py | ||
| _models.py | ||
| account.py | ||
| app_dsl.py | ||
| app_run.py | ||
| apps_permitted_external.py | ||
| apps.py | ||
| files.py | ||
| human_input_form.py | ||
| index.py | ||
| oauth_device_sso.py | ||
| oauth_device.py | ||
| workflow_events.py | ||
| workspaces.py | ||