* remove allowed origins from public chatbot config response
* update how domains are validated in cors middleware
* fix: delete correct allowed domains keys in public chatbot config endpoint
* fix: cors substring issue
* fix: remove cors origins fallback
* fix: error when cors origins is not defined
* fix: update how cors setting is parsed and used
* fix: update how cors setting is parsed and used
* fix: address pr comments
* fix: use workspaceId if available in cors middleware
* fix: global cors blocks chatflow-level validation for predictions
* fix: add error handling to domain validation
* implement parseWithTypeConversion - parse a value against a Zod schema with automatic type conversion for common type mismatches
* Enhance parseWithTypeConversion to include maxDepth parameter for recursion control, preventing infinite loops during parsing.
Update guidelines for task response language and reasoning
Emphasize the importance of responding in the same language as the task description and clarify guidelines for reasoning and conclusions.
* feat: Require workspace ID for API key operations
- Added validation to ensure `activeWorkspaceId` is present in user requests for all API key operations (get, create, update, import, delete).
- Updated `getWorkspaceSearchOptions` and `getWorkspaceSearchOptionsFromReq` to throw an error if `workspaceId` is not provided.
- Modified service methods to enforce `workspaceId` as a required parameter for database operations related to API keys.
* feat: Enforce workspace ID as a required field across multiple interfaces and services
- Updated various interfaces to make `workspaceId` a mandatory field instead of optional.
- Enhanced assistant and export-import service methods to require `workspaceId` for operations, ensuring proper validation and error handling.
- Modified database entity definitions to reflect the change in `workspaceId` from optional to required.
- Improved error handling in controllers to check for `activeWorkspaceId` before proceeding with requests.
* Require workspace ID in various controllers and services
- Updated controllers for credentials, datasets, document stores, evaluations, evaluators, and variables to enforce the presence of `workspaceId`.
- Enhanced error handling to throw appropriate errors when `workspaceId` is not provided.
- Modified service methods to accept `workspaceId` as a mandatory parameter for operations, ensuring consistent validation across the application.
* Update EvaluatorRunner and index to require workspaceId for evaluator retrieval
- Modified the runAdditionalEvaluators function to accept workspaceId as a parameter.
* lint fixes
* Enhancement/Integrate workspaceId in chatflow and flow-config services
- Updated chatflow and flow-config controllers to require workspaceId for fetching chatflows.
- Modified service methods to accept workspaceId as a parameter, ensuring proper context for chatflow retrieval.
* lint fix
* get rid of redundant isApiKeyValidated
* refactor: update permission checks for chatflows and agentflows routes
- Enhanced permission checks in chatflows routes to include agentflows permissions for create, read, update, and delete operations.
- Updated navigation paths in authentication views to redirect to the home page instead of chatflows after successful login or registration.
* fix(DefaultRedirect.jsx): add redirect unauthenticated users to login
* fix(RequireAuth.jsx): check permissions for routes without display property
* fix(DefaultRedirect.jsx): WorkspaceSwitcher api spam
* fix(routes/chatflows/index.ts): use checkAnyPermission for chatflow/has-changed/:id/:lastUpdatedDateTime
* fix(routes/chatflows/index.ts): use checkAnyPermission for delete request chatflow/:id
* fix(controllers/text-to-speech/index.ts): add workspace ID validation in generateTextToSpeech
* fix(controllers/internal-predictions/index.ts): add chatflow retrieval and validation using workspaceId
* feat(services\credentials\index.ts): add filter by workspaceId for getCredentialById
* chore(routes/chat-messages/index.ts): unused chat-messages route
* feat(services/chatflows/index.ts): add filter by workspaceId for deleteChatflow
* feat(services/marketplaces/index.ts): add filter by workspaceId for deleteCustomTemplate
* feat(tools): add filter by workspaceId for read, update, and delete
---------
Co-authored-by: Vinod Paidimarry <vinodkiran@outlook.in>
Co-authored-by: Yau <33013947+chungyau97@users.noreply.github.com>
Co-authored-by: chungyau97 <chungyau97@gmail.com>
* fix shared credentials not showing on ui
* Enhance credential retrieval by including createdDate, updatedDate, and workspaceId fields; sanitize shared item data by omitting encryptedData.
* feat: require old password when changing password
* update account settings page - require old password for changing passwords
* update profile dropdown - go to /account route for updating account details
* Remove all session based on user id after password change
* fix: run lint-fix
* remove unnecessary error page on account
* fix: prevent logout if user provides wrong current password
* fix: remove unused user profile page
* fix: import
---------
Co-authored-by: Henry <hzj94@hotmail.com>
* Sanitize sensitive fields in request header and body in logger
* fix: log request headers, body, and query only when debug logs are enabled
* fix: add missing env to examples
* fix: crash due to missing env vars
variable resolution to support arrays of config objects
- Added handling for arrays of config objects in the resolveVariables function.
- Implemented a recursive search for config values to process all matching parameters, improving flexibility in variable resolution.
* add telemetry for productId
* updated multiple services (chatflows, buildChatflow, upsertVector) to use the new method for fetching product ID from subscriptions, improving consistency and error handling
* add tools warning
* Enhance file handling tools with security features
- Introduced new input parameters: workspacePath, enforceWorkspaceBoundaries, maxFileSize, and allowedExtensions for better control over file operations.
- Added validation for file paths and sizes to prevent unsafe operations.
- Implemented workspace boundary checks to restrict file access based on user-defined settings.
Added background toggle functionality across multiple components (AgentflowCanvas, MarketplaceCanvas, Canvas) with new icons for enabling/disabling background.
Enhance file upload functionality in createAttachment
- Added support for configurable allowed file types and file upload status in createFileAttachment.
- Implemented validation to ensure uploaded files match allowed types, throwing errors for disallowed types.
* Add tts UI
* Add tts backend
* Add description to eleven labs credentials
* Fix issue with fetching eleven labs voices
* Fix issue with text to speech tab not showing correct saved voice
* Add option to autoplay tts audio after prediction completes
* Fix crash issue when first changing tts provider
* Set up streaming response for text to speech audio
* Update controllers - fix issue with sse client getting removed before tts events are sent
* Use existing sse streamer to stream tts audio before sse client is removed
* Add tts sse to redis publisher
* Fix issues with TTS - openai voices, streaming audio, rate limiting, speed of speech
* Refactor
* Refactor TTS - fix issues with tts loading and stop audio buttons
* Abort TTS SSE when clicking the stop button
* Update SSE handling for TTS
* Fix issue with test voice feature
* Fix issue with tts voices not loading
* Update generate tts endpoint and its usage in internal chat
* Whitelist tts generate endpoint
* Refactor Text-to-Speech Provider Selection and Enhance UI Components
- Updated the text-to-speech controller to select the active provider based on status instead of the first available provider
- Added audio waveform controls and test audio functionality in the TextToSpeech component, allowing users to play and pause test audio
- Integrated Autocomplete for voice selection in the TextToSpeech component
- Implemented TTS action management in ChatMessage to prevent auto-scrolling during TTS actions
* - Implemented stopAllTTS function calls to halt existing TTS audio before playing new audio or starting a new TTS stream
* Updated the condition for enabling TTS providers to exclude the 'none' provider, ensuring only valid providers are considered for text-to-speech functionality.
* Remove unnecessary code
* Add ability to abort audio streaming in TTS and release lock on chat input
* Remove logger
* Fix tts audio not playing when clicking speaker button
* update
* TTS abort controller
* Fix abort not working for TTS autoplay
* Send metadata event when aborting autoplay TTS
* Fix UI issue
* Remove elevenlabs sdk from root package.json
* Remove redundant condition for tts autoplay in chatflow
---------
Co-authored-by: Henry <hzj94@hotmail.com>
feat: enhance OpenAPI Toolkit with input type options and server selection
- Updated OpenAPI Toolkit to support multiple input types: file upload or link.
- Added async options for selecting servers and endpoints from the OpenAPI specification.
- Improved error handling for loading OpenAPI specs and fetching server data.
- Updated version to 2.1.
Co-authored-by: Mehdi Chebbah <MChebbah@aas.com.sa>
Remove cancel subscription functionality from account controller and UI components; update email background and logo URLs across multiple email templates.
* Feature: Update Loop Agentflow to include fallback message and version increment to 1.1
- Added a new input parameter 'fallbackMessage' to the Loop Agentflow for displaying a message when the loop count is exceeded.
- Incremented the version of Loop Agentflow from 1.0 to 1.1.
- Updated the processing logic to handle the fallback message appropriately when the maximum loop count is reached.
* - Introduced a new input parameter 'loopUpdateState' to allow updating the runtime state during workflow execution.
- Added a method to list runtime state keys for dynamic state management.
- Implemented logic to retrieve and utilize the current loop count in variable resolution.
- Updated the Loop Agentflow output to reflect the new state and final output content.
* disable available dependencies by default, only allow when ALLOW_BUILTIN_DEP is set to true
* update contributing.md
* update pnpm lock
* Enhance security by adding secure wrappers for Axios and Node Fetch in utils.ts, and update dependency handling to include default external dependencies.
* Fix formatting in pnpm-lock.yaml
feat: enhance security validation for MCP configurations
- Added environment variable checks for CUSTOM_MCP_SECURITY_CHECK, CUSTOM_MCP_PROTOCOL, and HTTP_DENY_LIST across various Docker and application files.
- Implemented validation functions in MCP core to prevent command injection and ensure safe environment variable usage
* add acceptVariable property to vector store metadata filter
* add accepVariadd acceptVariable property to other json fields
* add camelcase chatflowId to flowConfig
- Added `secureFetch` and `checkDenyList` functions from `httpSecurity` to enhance security in web crawling and link fetching processes.
- Updated relevant functions to utilize these new security measures, ensuring safer data handling.
* fix gsuite tool params
* custom assistant only check for mandatory fields for visible params
* azure chat openai fix for gpt5
* return raw from executeJavaScriptCode
* add json5 for parsing
* azure chatopenai use maxCompletionTokens
* feat: add CometAPI integration with ChatCometAPI node and credential support
* feat: remove timeout and stop sequence parameters from ChatCometAPI node
* Fixed background color of file upload box in Chat configuration
* Refactor FileUpload to use useSelector for customization
* lint fix
---------
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
* feat: Add agentflow name filter to executions page
- Add agentflow name text field to executions filter UI
- Implement backend filtering with case-insensitive partial matching
- Add database index on chat_flow.name for improved query performance
- Support filtering executions by agentflow name across all database types
* chore: Fix linting issues and remove screenshot
- Apply prettier formatting to migration files
- Fix formatting in executions service
- Remove accidentally committed screenshot file
* fix upser api for file loader
* - Introduced loaderName property in IDocumentStoreUpsertData interface.
- Updated upsertDocStore function to utilize loaderName if provided.
- Enhanced DocStoreAPIDialog to allow loaderName customization in API requests.
- Modified DocumentStoreDetail to display file names when available, improving source formatting logic.
* feat: add JSONPathExtractor tool with lodash-based path extraction
- Implement JSONPathExtractor tool for extracting values from JSON using path notation
- Use lodash.get for robust path extraction supporting edge cases (numeric string keys, array indexing)
- Add configurable error handling with returnNullOnError parameter
- Include comprehensive test suite with 34 tests covering all scenarios
- Support JSON strings, objects, and arrays as input
* fix lint
* Update pnpm-lock.yaml
* fix: exclude test files from TypeScript compilation
Prevents test files from being included in the dist folder which was causing
"jest is not defined" errors during server startup.
---------
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
* fix(entities/ChatFlow.ts): make type column non-nullable with default value
* fix(postgres/ModifyChatflowType): set default type and make column non-nullable
* fix(sqlite/ModifyChatflowType): set default type and make column non-nullable
* fix(mysql/ModifyChatflowType): set default type and make column non-nullable
* chore(sqlite/ModifyChatflowType): standardize type column to VARCHAR(20)
* chore(postgres/ModifyChatflowType): standardize type column to VARCHAR(20)
* fix(mariadb/ModifyChatflowType): set default type and make column non-nullable
* chore: rename ChatflowType to EnumChatflowType and update references
* feat(chatflows): add chatflow type validation
* fix(chatflows): empty string bypassing type validation on update
* feature/bugfix: added otpional css selector to puppeteer web scraper, fixed error when puppeteerLoader does not work.
* feature: added button to add empty link in web scraper tools
* feature: added custom executable file path as an input to puppeteer to fix issues when puppeteer can not find/launch the browser.
* feature: added new puppeteer features to playwright aswell.
* fixed review comments
* Fixes the lossy-replace when a new state assignment contains the {{ output }} variable
* Replaces replace with replaceAll
---------
Co-authored-by: Corentin <corentin.hoareau@sogeti.com>
Lê Nam Khánh
Ilango
Henry Heng
shou tokunaga
Håvard Homb
Marko
Shashank Shekhar
Yau
Bharath
Rostyslav Borovyk
Mehdi
Kushal Bhana
vilashjagani
Jakub Drobník
toi500
Marvelous Ikponmwosa
anatolii burtsev
TensorNull
Karl Stoney
Ali Saleh
Rogério Chaves
Henry
Luis Felipe Salazar Ucros
Purshotam Bohra
russelj1
Mewyii
corentin-hoareau