* - Implemented a validation function to check for banned commands and dangerous patterns.
- Added checks for potential shell injection attempts in command and arguments.
- Security validation is conditionally enabled based on environment variable CUSTOM_MCP_SECURITY_CHECK.
* Enhance security by implementing command and argument validation in SupergatewayMCP. Added checks for banned commands, dangerous patterns, and potential shell injection attempts. Security validation is conditionally enabled based on the CUSTOM_MCP_SECURITY_CHECK environment variable.
* add validateMCPServerSecurity
* feat: Implement SSO token caching and retrieval in CachePool
This implementation improves the authentication process by securely caching SSO tokens and managing user sessions.
* Removed commented code
* feat: add deleteSSOTokenCache in ssoSuccess
---------
Co-authored-by: Ong Chung Yau <33013947+chungyau97@users.noreply.github.com>
Co-authored-by: chungyau97 <chungyau97@gmail.com>
* Refactor URL filtering logic in App class
- Introduced a denylist for URLs using the DENYLIST_URLS environment variable.
- Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation.
* revery whitelist url changes
* revert whitelist url changes
Refactor URL filtering logic in App class
- Introduced a denylist for URLs using the DENYLIST_URLS environment variable.
- Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation.
Refactor account and evaluations routes to use POST for billing and run-again endpoints
- Changed the billing route from GET to POST in account.route.ts and account.api.js for consistency with other account actions.
- Updated the run-again route from GET to POST in evaluations/index.ts and evaluations.js to align with the API design for creating actions.
refactor: Update code execution sandbox implementation across components
- Replaced NodeVM usage with a new createCodeExecutionSandbox function for improved sandbox management.
- Enhanced JavaScript code execution with executeJavaScriptCode function, allowing for better handling of libraries and output streaming.
- Updated multiple components to utilize the new sandboxing approach, ensuring consistent execution environment.
- Added validation for UUIDs and URLs in various tools to enhance input safety.
- Refactored input handling in CustomFunction and IfElseFunction to streamline variable management.
Refactor: Update pnpm-lock.yaml and enhance UI components for safe HTML rendering
- Updated pnpm-lock.yaml to improve dependency management and ensure consistency.
- Refactored the JSONViewer component to utilize a new JsonToken for syntax highlighting.
- Introduced SafeHTML component to sanitize and safely render HTML content in ViewMessagesDialog and NodeExecutionDetails.
- Replaced direct HTML rendering with SafeHTML in ChatMessage component for enhanced security.
* refactor: Implement SecureZodSchemaParser for safe Zod schema handling and add FilterParser for Supabase filters
* Replaced direct Zod schema evaluation with SecureZodSchemaParser in StructuredOutputParserAdvanced and CustomTool.
* Introduced FilterParser to safely handle Supabase filter strings, preventing arbitrary code execution.
* Added new filterParser.ts file to encapsulate filter parsing logic.
* Updated Supabase vector store to utilize the new FilterParser for RPC filters.
* Created secureZodParser.ts for secure parsing of Zod schemas.
* remove console log
Enhance file upload capabilities by adding support for additional file types (html, css, js, xml, md, excel, powerpoint) and updating related MIME type mappings. Improve user interface for file type selection in FileUpload component.
feat: Implement caching for MCP toolkit in CachePool
- Added methods to CachePool for managing MCP toolkit cache.
- Integrated caching logic in CustomMCP to store and retrieve toolkit data based on workspaceId and configuration.
- Updated node service to pass cachePool to CustomMCP for enhanced performance.
* Update README.md
Enhanced the readability of file file and fixed minor grammatical errors
* Update README.md
Added proper spacing and fixed few minor erros
* Added region support to chatGoogleVertexAi
* Added region to the vertex ai embeddings loader too
* Updated the available vertex text embedding models to be valid
* Update ChatGoogleVertexAI.ts
* Update GoogleVertexAIEmbedding.ts
---------
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
* style enhancements
* Introduce autocomplete to select usecases
* add grid gap property
* add tooltip to display remaining selected items on hover
* use ordered list to show more items
* common pagination component
* Pagination for Doc Store Dashboard
* Pagination for Executions Dashboard
* Pagination Support for Tables
* lint fixes
* update view message dialog UI
* initial loading was ignoring the pagination counts
* 1) default page size change
2) ensure page limits are passed on load
3) co-pilot review comments (n+1 query)
4)
* 1) default page size change
2) ensure page limits are passed on load
3) co-pilot review comments (n+1 query)
4) refresh lists after insert/delete.
* Enhancement: Improve handling of empty responses in DocumentStore and API key services
- Added check for empty entities in DocumentStoreDTO.fromEntities to return an empty array.
- Updated condition in getAllDocumentStores to handle total count correctly, allowing for zero total.
- Refined logic in getAllApiKeys to check for empty keys and ensure correct API key retrieval.
- Adjusted UI components to safely handle potential undefined apiKeys array.
* Refresh API key list on pagination change
* Enhancement: Update pagination and filter handling across components
- Increased default items per page in AgentExecutions from 10 to 12.
- Improved JSON parsing for chat type and feedback type filters in ViewMessagesDialog.
- Enhanced execution filtering logic in AgentExecutions to ensure proper pagination and state management.
- Refactored filter section in AgentExecutions for better readability and functionality.
- Updated refresh logic in Agentflows to use the correct agentflow version.
* add workspaceId to removeAllChatMessages
* Refactor chat message retrieval logic for improved efficiency and maintainability
- Introduced a new `handleFeedbackQuery` function to streamline feedback-related queries.
- Enhanced pagination handling for session-based queries in `getMessagesWithFeedback`.
- Updated `ViewMessagesDialog` to sort messages in descending order by default.
- Simplified image rendering logic in `DocumentStoreTable` for better readability.
* - Update `validateChatflowAPIKey` and `validateAPIKey` functions to get the correct keys array
- Enhanced error handling in the `sanitizeExecution` function to ensure safe access to nested properties
* Refactor API key validation logic for improved accuracy and error handling
- Consolidated API key validation in `validateAPIKey` to return detailed validation results.
- Updated `validateFlowAPIKey` to streamline flow API key validation.
- Introduced `getApiKeyById` function in the API key service for better key retrieval.
- Removed unused function `getAllChatSessionsFromChatflow` from the chat message API.
---------
Co-authored-by: Henry <hzj94@hotmail.com>
Henry
Ilango
Henry Heng
russelj1
Ong Chung Yau
matekungl-byborg
Philip I. Thomas
Vinod Kiran
Karl Stoney
Karl Stoney
Amr Aly
Krishna Somani
Kang Nahoon
Anoop P
Junhui Huang