* feat: Optimize ConversationalRetrievalToolAgent performance and add rephrase model support
- fix duplicate rephrasing bug
- Add optional separate rephrase model
- Enable query normalization on first messages
- Fix returnDirect tool behavior
- Add backward-compatible rephrase prompt support
* fix lint errors
* Fix duplicate streaming and inconsistent chat history format
* fix: change DocumentStoreFileChunk columns to LONGTEXT
- Fixes 'Unterminated string in JSON' error with large documents
- Changes pageContent and metadata columns from TEXT (64KB) to LONGTEXT (4GB)
- Adds database migrations for MySQL and MariaDB
- Resolves issue #2352
* docs: add data loss warning to migration rollback
- Add warning comment in down() migration methods
- Clarifies potential data loss when reverting LONGTEXT to TEXT
- Helps future developers understand rollback risks
* lint fix
* lint fix
* Update DocumentStoreFileChunk.ts
---------
Co-authored-by: KushagraaWadhwa <kushagraa@users.noreply.github.com>
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
Co-authored-by: Henry <hzj94@hotmail.com>
- Upgrade @huggingface/inference from v2.6.1 to v4.13.2
- Update ChatHuggingFace to use InferenceClient with chatCompletion API
- Update HuggingFaceInference (LLM) to use v4 HfInference with Inference Providers
- Update HuggingFaceInferenceEmbedding to use v4 HfInference
- Add endpoint handling logic to ignore custom endpoints for provider-based models
- Add improved error handling and validation for API keys
- Update UI descriptions to guide users on proper configuration
Fixes#5161
Co-authored-by: Henry <hzj94@hotmail.com>
* fix: add missing OpenTelemetry dependencies to components package
- Fixes ModuleLoadError when installing via NPX
- Adds @opentelemetry/* dependencies that were imported but not declared
- Resolves issue #4108
* fix: correct OpenTelemetry package versions
- Change @opentelemetry/api from ^1.3.0 to 1.9.0 (compatible with SDK 1.27.0)
- Change @opentelemetry/instrumentation from 0.54.2 to 0.54.0 (correct version)
- Ensures version consistency and compatibility across all OpenTelemetry packages
* Update package.json
* update opentelemetry api version
* update pnpm lock file
---------
Co-authored-by: KushagraaWadhwa <kushagraa@users.noreply.github.com>
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
Co-authored-by: Henry <hzj94@hotmail.com>
* fix: agentflow list refresh after deletion (Issue #5360)
Root Cause:
When deleting an Agentflow from the list view, updateFlowsApi.request() was called without pagination parameters. This caused the backend to return a plain array instead of the expected { data: [], total: 0 } format, leading to a TypeError when accessing .data.length.
Solution:
- Created refreshAgentflows callback that includes current pagination state
- Passed callback through FlowListTable to FlowListMenu
- Updated handleDelete to use callback instead of direct API call
- Maintains backward compatibility for components without callback
Fixes#5360
* reverting
* add pagination support to FlowListMenu and FlowListTable
---------
Co-authored-by: Henry <hzj94@hotmail.com>
* Updated the executeJavaScriptCode function to automatically detect and install required libraries from import/require statements in the provided code.
* Update utils.ts
* lint-fix
* feat(security): enhance file path validation and implement non-root Docker user
- Validate resolved full file paths including workspace boundaries in SecureFileStore
- Resolve paths before validation in readFile and writeFile operations
- Run Docker container as non-root flowise user (uid/gid 1001)
- Apply proper file ownership and permissions for application files
Prevents path traversal attacks and follows container security best practices
* Add sensitive system directory validation and Flowise internal file protection
* Update Dockerfile to use default node user
* update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin)
* added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders
---------
Co-authored-by: taraka-vishnumolakala <taraka.vishnumolakala@workday.com>
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
Co-authored-by: Henry <hzj94@hotmail.com>
* add separate by JSON object
* add file check for Unstructured
* Enhance JSON DocumentLoader: Update label and description for 'Separate by JSON Object' option, and add type check for JSON objects in array processing.
Integrate AzureChatOpenAI into the Supervisor node to handle user requests alongside ChatOpenAI. This enhancement allows for improved multi-agent conversation management.
* refactor: Split Docker image CI workflow into registry-specific workflows
* refactor: Split Docker image CI workflow into registry-specific workflows
Henry
Simon Song
Henry Heng
Nikitas Papadopoulos
Debottam Mandal
Wanyi
Neha Prasad
Siddharth Chauhan
Kushagra Wadhwa
Daniel Moon
mskitroot
Taraka Vishnumolakala
Lê Nam Khánh
Yi-Cheng Wang