feat: enhance security validation for MCP configurations
- Added environment variable checks for CUSTOM_MCP_SECURITY_CHECK, CUSTOM_MCP_PROTOCOL, and HTTP_DENY_LIST across various Docker and application files.
- Implemented validation functions in MCP core to prevent command injection and ensure safe environment variable usage
* add acceptVariable property to vector store metadata filter
* add accepVariadd acceptVariable property to other json fields
* add camelcase chatflowId to flowConfig
- Added `secureFetch` and `checkDenyList` functions from `httpSecurity` to enhance security in web crawling and link fetching processes.
- Updated relevant functions to utilize these new security measures, ensuring safer data handling.
* feat: add CometAPI integration with ChatCometAPI node and credential support
* feat: remove timeout and stop sequence parameters from ChatCometAPI node
* feat: Add agentflow name filter to executions page
- Add agentflow name text field to executions filter UI
- Implement backend filtering with case-insensitive partial matching
- Add database index on chat_flow.name for improved query performance
- Support filtering executions by agentflow name across all database types
* chore: Fix linting issues and remove screenshot
- Apply prettier formatting to migration files
- Fix formatting in executions service
- Remove accidentally committed screenshot file
* fix upser api for file loader
* - Introduced loaderName property in IDocumentStoreUpsertData interface.
- Updated upsertDocStore function to utilize loaderName if provided.
- Enhanced DocStoreAPIDialog to allow loaderName customization in API requests.
- Modified DocumentStoreDetail to display file names when available, improving source formatting logic.
* fix(entities/ChatFlow.ts): make type column non-nullable with default value
* fix(postgres/ModifyChatflowType): set default type and make column non-nullable
* fix(sqlite/ModifyChatflowType): set default type and make column non-nullable
* fix(mysql/ModifyChatflowType): set default type and make column non-nullable
* chore(sqlite/ModifyChatflowType): standardize type column to VARCHAR(20)
* chore(postgres/ModifyChatflowType): standardize type column to VARCHAR(20)
* fix(mariadb/ModifyChatflowType): set default type and make column non-nullable
* chore: rename ChatflowType to EnumChatflowType and update references
* feat(chatflows): add chatflow type validation
* fix(chatflows): empty string bypassing type validation on update
* feature/bugfix: added otpional css selector to puppeteer web scraper, fixed error when puppeteerLoader does not work.
* feature: added button to add empty link in web scraper tools
* feature: added custom executable file path as an input to puppeteer to fix issues when puppeteer can not find/launch the browser.
* feature: added new puppeteer features to playwright aswell.
* fixed review comments
* - Added support for built-in OpenAI tools including web search, code interpreter, and image generation.
- Enhanced file handling by extracting artifacts and file annotations from response metadata.
- Implemented download functionality for file annotations in the UI.
- Updated chat history management to include additional kwargs for artifacts, file annotations, and used tools.
- Improved UI components to display used tools and file annotations effectively.
* remove redundant currentContainerId
* update comment
- Added a method to list runtime state keys for dynamic state management.
- Implemented logic to retrieve and utilize the current loop count in variable resolution.
- Updated the Loop Agentflow output to reflect the new state and final output content.
- Added a new input parameter 'fallbackMessage' to the Loop Agentflow for displaying a message when the loop count is exceeded.
- Incremented the version of Loop Agentflow from 1.0 to 1.1.
- Updated the processing logic to handle the fallback message appropriately when the maximum loop count is reached.
* feat: Implement SSO token caching and retrieval in CachePool
This implementation improves the authentication process by securely caching SSO tokens and managing user sessions.
* Removed commented code
* feat: add deleteSSOTokenCache in ssoSuccess
---------
Co-authored-by: Ong Chung Yau <33013947+chungyau97@users.noreply.github.com>
Co-authored-by: chungyau97 <chungyau97@gmail.com>
* Refactor URL filtering logic in App class
- Introduced a denylist for URLs using the DENYLIST_URLS environment variable.
- Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation.
* revery whitelist url changes
* revert whitelist url changes
Refactor URL filtering logic in App class
- Introduced a denylist for URLs using the DENYLIST_URLS environment variable.
- Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation.
Refactor account and evaluations routes to use POST for billing and run-again endpoints
- Changed the billing route from GET to POST in account.route.ts and account.api.js for consistency with other account actions.
- Updated the run-again route from GET to POST in evaluations/index.ts and evaluations.js to align with the API design for creating actions.
Refactor: Update pnpm-lock.yaml and enhance UI components for safe HTML rendering
- Updated pnpm-lock.yaml to improve dependency management and ensure consistency.
- Refactored the JSONViewer component to utilize a new JsonToken for syntax highlighting.
- Introduced SafeHTML component to sanitize and safely render HTML content in ViewMessagesDialog and NodeExecutionDetails.
- Replaced direct HTML rendering with SafeHTML in ChatMessage component for enhanced security.
Henry
Yau
Ilango
Henry Heng
TensorNull
anatolii burtsev
Luis Felipe Salazar Ucros
Mewyii
russelj1
matekungl-byborg
Vinod Kiran
Karl Stoney