* feat: Require workspace ID for API key operations
- Added validation to ensure `activeWorkspaceId` is present in user requests for all API key operations (get, create, update, import, delete).
- Updated `getWorkspaceSearchOptions` and `getWorkspaceSearchOptionsFromReq` to throw an error if `workspaceId` is not provided.
- Modified service methods to enforce `workspaceId` as a required parameter for database operations related to API keys.
* feat: Enforce workspace ID as a required field across multiple interfaces and services
- Updated various interfaces to make `workspaceId` a mandatory field instead of optional.
- Enhanced assistant and export-import service methods to require `workspaceId` for operations, ensuring proper validation and error handling.
- Modified database entity definitions to reflect the change in `workspaceId` from optional to required.
- Improved error handling in controllers to check for `activeWorkspaceId` before proceeding with requests.
* Require workspace ID in various controllers and services
- Updated controllers for credentials, datasets, document stores, evaluations, evaluators, and variables to enforce the presence of `workspaceId`.
- Enhanced error handling to throw appropriate errors when `workspaceId` is not provided.
- Modified service methods to accept `workspaceId` as a mandatory parameter for operations, ensuring consistent validation across the application.
* Update EvaluatorRunner and index to require workspaceId for evaluator retrieval
- Modified the runAdditionalEvaluators function to accept workspaceId as a parameter.
* lint fixes
* Enhancement/Integrate workspaceId in chatflow and flow-config services
- Updated chatflow and flow-config controllers to require workspaceId for fetching chatflows.
- Modified service methods to accept workspaceId as a parameter, ensuring proper context for chatflow retrieval.
* lint fix
* get rid of redundant isApiKeyValidated
* refactor: update permission checks for chatflows and agentflows routes
- Enhanced permission checks in chatflows routes to include agentflows permissions for create, read, update, and delete operations.
- Updated navigation paths in authentication views to redirect to the home page instead of chatflows after successful login or registration.
* fix(DefaultRedirect.jsx): add redirect unauthenticated users to login
* fix(RequireAuth.jsx): check permissions for routes without display property
* fix(DefaultRedirect.jsx): WorkspaceSwitcher api spam
* fix(routes/chatflows/index.ts): use checkAnyPermission for chatflow/has-changed/:id/:lastUpdatedDateTime
* fix(routes/chatflows/index.ts): use checkAnyPermission for delete request chatflow/:id
* fix(controllers/text-to-speech/index.ts): add workspace ID validation in generateTextToSpeech
* fix(controllers/internal-predictions/index.ts): add chatflow retrieval and validation using workspaceId
* feat(services\credentials\index.ts): add filter by workspaceId for getCredentialById
* chore(routes/chat-messages/index.ts): unused chat-messages route
* feat(services/chatflows/index.ts): add filter by workspaceId for deleteChatflow
* feat(services/marketplaces/index.ts): add filter by workspaceId for deleteCustomTemplate
* feat(tools): add filter by workspaceId for read, update, and delete
---------
Co-authored-by: Vinod Paidimarry <vinodkiran@outlook.in>
Co-authored-by: Yau <33013947+chungyau97@users.noreply.github.com>
Co-authored-by: chungyau97 <chungyau97@gmail.com>
* fix shared credentials not showing on ui
* Enhance credential retrieval by including createdDate, updatedDate, and workspaceId fields; sanitize shared item data by omitting encryptedData.
* feat: require old password when changing password
* update account settings page - require old password for changing passwords
* update profile dropdown - go to /account route for updating account details
* Remove all session based on user id after password change
* fix: run lint-fix
* remove unnecessary error page on account
* fix: prevent logout if user provides wrong current password
* fix: remove unused user profile page
* fix: import
---------
Co-authored-by: Henry <hzj94@hotmail.com>
* Sanitize sensitive fields in request header and body in logger
* fix: log request headers, body, and query only when debug logs are enabled
* fix: add missing env to examples
* fix: crash due to missing env vars
variable resolution to support arrays of config objects
- Added handling for arrays of config objects in the resolveVariables function.
- Implemented a recursive search for config values to process all matching parameters, improving flexibility in variable resolution.
* add telemetry for productId
* updated multiple services (chatflows, buildChatflow, upsertVector) to use the new method for fetching product ID from subscriptions, improving consistency and error handling
* add tools warning
* Enhance file handling tools with security features
- Introduced new input parameters: workspacePath, enforceWorkspaceBoundaries, maxFileSize, and allowedExtensions for better control over file operations.
- Added validation for file paths and sizes to prevent unsafe operations.
- Implemented workspace boundary checks to restrict file access based on user-defined settings.
Added background toggle functionality across multiple components (AgentflowCanvas, MarketplaceCanvas, Canvas) with new icons for enabling/disabling background.
Enhance file upload functionality in createAttachment
- Added support for configurable allowed file types and file upload status in createFileAttachment.
- Implemented validation to ensure uploaded files match allowed types, throwing errors for disallowed types.
* Add tts UI
* Add tts backend
* Add description to eleven labs credentials
* Fix issue with fetching eleven labs voices
* Fix issue with text to speech tab not showing correct saved voice
* Add option to autoplay tts audio after prediction completes
* Fix crash issue when first changing tts provider
* Set up streaming response for text to speech audio
* Update controllers - fix issue with sse client getting removed before tts events are sent
* Use existing sse streamer to stream tts audio before sse client is removed
* Add tts sse to redis publisher
* Fix issues with TTS - openai voices, streaming audio, rate limiting, speed of speech
* Refactor
* Refactor TTS - fix issues with tts loading and stop audio buttons
* Abort TTS SSE when clicking the stop button
* Update SSE handling for TTS
* Fix issue with test voice feature
* Fix issue with tts voices not loading
* Update generate tts endpoint and its usage in internal chat
* Whitelist tts generate endpoint
* Refactor Text-to-Speech Provider Selection and Enhance UI Components
- Updated the text-to-speech controller to select the active provider based on status instead of the first available provider
- Added audio waveform controls and test audio functionality in the TextToSpeech component, allowing users to play and pause test audio
- Integrated Autocomplete for voice selection in the TextToSpeech component
- Implemented TTS action management in ChatMessage to prevent auto-scrolling during TTS actions
* - Implemented stopAllTTS function calls to halt existing TTS audio before playing new audio or starting a new TTS stream
* Updated the condition for enabling TTS providers to exclude the 'none' provider, ensuring only valid providers are considered for text-to-speech functionality.
* Remove unnecessary code
* Add ability to abort audio streaming in TTS and release lock on chat input
* Remove logger
* Fix tts audio not playing when clicking speaker button
* update
* TTS abort controller
* Fix abort not working for TTS autoplay
* Send metadata event when aborting autoplay TTS
* Fix UI issue
* Remove elevenlabs sdk from root package.json
* Remove redundant condition for tts autoplay in chatflow
---------
Co-authored-by: Henry <hzj94@hotmail.com>
feat: enhance OpenAPI Toolkit with input type options and server selection
- Updated OpenAPI Toolkit to support multiple input types: file upload or link.
- Added async options for selecting servers and endpoints from the OpenAPI specification.
- Improved error handling for loading OpenAPI specs and fetching server data.
- Updated version to 2.1.
Co-authored-by: Mehdi Chebbah <MChebbah@aas.com.sa>
Remove cancel subscription functionality from account controller and UI components; update email background and logo URLs across multiple email templates.
* Feature: Update Loop Agentflow to include fallback message and version increment to 1.1
- Added a new input parameter 'fallbackMessage' to the Loop Agentflow for displaying a message when the loop count is exceeded.
- Incremented the version of Loop Agentflow from 1.0 to 1.1.
- Updated the processing logic to handle the fallback message appropriately when the maximum loop count is reached.
* - Introduced a new input parameter 'loopUpdateState' to allow updating the runtime state during workflow execution.
- Added a method to list runtime state keys for dynamic state management.
- Implemented logic to retrieve and utilize the current loop count in variable resolution.
- Updated the Loop Agentflow output to reflect the new state and final output content.
* disable available dependencies by default, only allow when ALLOW_BUILTIN_DEP is set to true
* update contributing.md
* update pnpm lock
* Enhance security by adding secure wrappers for Axios and Node Fetch in utils.ts, and update dependency handling to include default external dependencies.
* Fix formatting in pnpm-lock.yaml
feat: enhance security validation for MCP configurations
- Added environment variable checks for CUSTOM_MCP_SECURITY_CHECK, CUSTOM_MCP_PROTOCOL, and HTTP_DENY_LIST across various Docker and application files.
- Implemented validation functions in MCP core to prevent command injection and ensure safe environment variable usage
Henry
Henry Heng
Håvard Homb
Ilango
Daniel Adeboye
Marko
Shashank Shekhar
Yau
OrbisAI Sec
Bharath
Rostyslav Borovyk
Mehdi
Kushal Bhana
vilashjagani
Jakub Drobník
toi500