feat: valkey support#3
Open
MatthiasHowellYopp wants to merge 213 commits intorelease-1.9.0from
Open
Conversation
…low-ai#11968) (langflow-ai#11975) * feat: add runtime port validation for Kubernetes service discovery * test: add unit tests for runtime port validation in Settings * fix: improve runtime port validation to handle exceptions and edge cases Co-authored-by: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai>
* feat: add documentation link to Guardrails component * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* feat: traces v0 v0 for traces includes: - filters: status, token usage range and datatime - accordian rows per trace Could add: - more filter options. Ecamples: session_id, trace_id and latency range * fix: token range * feat: create sidebar buttons for logs and trace add sidebar buttons for logs and trace remove lods canvas control * fix: fix duplicate trace ID insertion hopefully fix duplicate trace ID insertion on windows * fix: update tests and alembic tables for uts update tests and alembic tables for uts * chore: add session_id * chore: allo grouping by session_id and flow_id * chore: update race input output * chore: change run name to flow_name - flow_id was flow_name - trace_id now flow_name - flow_id * facelift * clean up and add testcases * clean up and add testcases * merge Alembic detected multiple heads * [autofix.ci] apply automated fixes * improve testcases * remodel files * chore: address gabriel simple changes address gabriel simple changes in traces.py and native.py * clean up and testcases * chore: address OTel and PG status comments langflow-ai#11689 (comment) langflow-ai#11689 (comment) * chore: OTel span naming convention model name is now set using name = f"{operation} {model_name}" if model_name else operation * add traces * feat: use uv sources for CPU-only PyTorch (langflow-ai#11884) * feat: use uv sources for CPU-only PyTorch Configure [tool.uv.sources] with pytorch-cpu index to avoid ~6GB CUDA dependencies in Docker images. This replaces hardcoded wheel URLs with a cleaner index-based approach. - Add pytorch-cpu index with explicit = true - Add torch/torchvision to [tool.uv.sources] - Add explicit torch/torchvision deps to trigger source override - Regenerate lockfile without nvidia/cuda/triton packages - Add required-environments for multi-platform support * fix: update regex to only replace name in [project] section The previous regex matched all lines starting with `name = "..."`, which incorrectly renamed the UV index `pytorch-cpu` to `langflow-nightly` during nightly builds. This caused `uv lock` to fail with: "Package torch references an undeclared index: pytorch-cpu" The new regex specifically targets the name field within the [project] section only, avoiding unintended replacements in other sections like [[tool.uv.index]]. * style: fix ruff quote style * fix: remove required-environments to fix Python 3.13 macOS x86_64 CI The required-environments setting was causing hard failures when packages like torch didn't have wheels for specific platform/Python combinations. Without this setting, uv resolves optimistically and handles missing wheels gracefully at runtime instead of failing during resolution. --------- * LE-270: Hydration and Console Log error (langflow-ai#11628) * LE-270: add fix hydration issues * LE-270: fix disable field on max token on language model --------- * test: add wait for selector in mcp server tests (langflow-ai#11883) * Add wait for selector in mcp server tests * [autofix.ci] apply automated fixes * Add more awit for selectors * [autofix.ci] apply automated fixes --------- * fix: reduce visual lag in frontend (langflow-ai#11686) * Reduce lag in frontend by batching react events and reducing minimval visual build time * Cleanup * [autofix.ci] apply automated fixes * add tests and improve code read * [autofix.ci] apply automated fixes * Remove debug log --------- * feat: lazy load imports for language model component (langflow-ai#11737) * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * comp index * docs: azure default temperature (langflow-ai#11829) * change-azure-openai-default-temperature-to-1.0 * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes --------- * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix unit test? * add no-group dev to docker builds * [autofix.ci] apply automated fixes --------- * feat: generate requirements.txt from dependencies (langflow-ai#11810) * Base script to generate requirements Dymanically picks dependency for LanguageM Comp. Requires separate change to remove eager loading. * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * Add CLI command to create reqs * correctly exclude langchain imports * Add versions to reqs * dynamically resolve provider imports for language model comp * Lazy load imports for reqs, some ruff fixes * Add dynamic resolves for embedding model comp * Add install hints * Add missing provider tests; add warnings in reqs script * Add a few warnings and fix install hint * update comments add logging * Package hints, warnings, comments, tests * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Add alias for watsonx * Fix anthropic for basic prompt, azure mapping * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * ruff * [autofix.ci] apply automated fixes * test formatting * ruff * [autofix.ci] apply automated fixes --------- * fix: add handle to file input to be able to receive text (langflow-ai#11825) * changed base file and file components to support muitiple files and files from messages * update component index * update input file component to clear value and show placeholder * updated starter projects * [autofix.ci] apply automated fixes * updated base file, file and video file to share robust file verification method * updated component index * updated templates * fix whitespaces * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * add file upload test for files fed through the handle * [autofix.ci] apply automated fixes * added tests and fixed things pointed out by revies * update component index * fixed test * ruff fixes * Update component_index.json * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * updated component index * updated component index * removed handle from file input * Added functionality to use multiple files on the File Path, and to allow files on the langflow file system. * [autofix.ci] apply automated fixes * fixed lfx test * build component index --------- * docs: Add AGENTS.md development guide (langflow-ai#11922) * add AGENTS.md rule to project * change to agents-example * remove agents.md * add example description * chore: address cris I1 comment address cris I1 comment * chore: address cris I5 address cris I5 * chore: address cris I6 address cris I6 * chore: address cris R7 address cris R7 * fix testcase * chore: address cris R2 address cris R2 * restructure insight page into sidenav * added header and total run node * restructing branch * chore: address gab otel model changes address gab otel model changes will need no migration tables * chore: update alembic migration tables update alembic migration tables after model changes * add empty state for gropu sessions * remove invalid mock * test: update and add backend tests update and add backend tests * chore: address backend code rabbit comments address backend code rabbit comments * chore: address code rabbit frontend comments address code rabbit frontend comments * chore: test_native_tracer minor fix address c1 test_native_tracer minor fix address c1 * chore: address C2 + C3 address C2 + C3 * chore: address H1-H5 address H1-H5 * test: update test_native_tracer update test_native_tracer * fixes * chore: address M2 address m2 * chore: address M1 address M1 * dry changes, factorization * chore: fix 422 spam and clean comments fix 422 spam and clean comments * chore: address M12 address M12 * chore: address M3 address M3 * chore: address M4 address M4 * chore: address M5 address M5 * chore: clean up for M7, M9, M11 clean up for M7, M9, M11 * chore: address L2,L4,L5,L6 + any test address L2,L4,L5 and L6 + any test * chore: alembic + comment clean up alembic + comment clean up * chore: remove depricated test_traces file remove depricated test_traces file. test have all been moved to test_traces_api.py * fix datetime * chore: fix test_trace_api ge=0 is allowed now fix test_trace_api ge=0 is allowed now * chore: remove unused traces cost flow remove unused traces cost flow * fix traces test * fix traces test * fix traces test * fix traces test * fix traces test * chore: address gabriels otel coment address gabriels otel coment latest --------- Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: olayinkaadelakun <olayinka.adelakun@ibm.com> Co-authored-by: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com> Co-authored-by: cristhianzl <cristhian.lousa@gmail.com> Co-authored-by: Hamza Rashid <74062092+HzaRashid@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Lucas Oliveira <62335616+lucaseduoli@users.noreply.github.com> Co-authored-by: Edwin Jose <edwin.jose@datastax.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com>
langflow-ai#11982) fix(test): Fix superuser timeout test errors by replacing heavy client fixture (langflow-ai#11972) * fix super user timeout test error * fix fixture db test * remove canary test * [autofix.ci] apply automated fixes * flaky test --------- Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…ics module (langflow-ai#11974) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…ngflow-ai#12002) * fix: add ondelete=CASCADE to TraceBase.flow_id to match migration The migration file creates the trace table's flow_id foreign key with ondelete="CASCADE", but the model was missing this parameter. This mismatch caused the migration validator to block startup. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: add defensive migration to ensure trace.flow_id has CASCADE Adds a migration that ensures the trace.flow_id foreign key has ondelete=CASCADE. While the original migration already creates it with CASCADE, this provides a safety net for any databases that may have gotten into an inconsistent state. * fix: dynamically find FK constraint name in migration The original migration did not name the FK constraint, so it gets an auto-generated name that varies by database. This fix queries the database to find the actual constraint name before dropping it. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
…mprove button functionality (langflow-ai#12000) * fix: Update ButtonSendWrapper to handle building state and improve button functionality * fix(frontend): rename stop button title to avoid Playwright selector conflict The "Stop building" title caused getByRole('button', { name: 'Stop' }) to match two elements, breaking Playwright tests in shards 19, 20, 22, 25. Renamed to "Cancel" to avoid the collision with the no-input stop button.
…w-ai#11987) pydantic fail because output is list, instead of a dict Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
* Update guardrails.py Changing the heuristic threshold icons. The field was using the default icons. I added icons related to the security theme. * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Viktor Avelino <64113566+viktoravelino@users.noreply.github.com>
…langflow-ai#12028) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
fix reset button Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
* fix: Handle message inputs when ingesting knowledge * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_ingestion.py * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…on (langflow-ai#11985) * fix(ui): add error handling for invalid JSON uploads via upload button * feat(frontend): added new test for file upload * feat(frontend): added new test for file upload
* fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase
* fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase * design fix * fix testcases * fix header * fix testcase --------- Co-authored-by: Adam Aghili <Adam.Aghili@ibm.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com>
* fix: update layout and variant for file previews in chat messages * fix: update background color to 'bg-muted' in chat header and input wrapper components * refactor(CanvasControls): remove unused inspection panel logic and clean up code * fix: remove 'bg-muted' class from chat header and add 'bg-primary-foreground' to chat sidebar * fix: add Escape key functionality to close sidebar
langflow-ai#12040) fix: playground does not scroll down to the latest user message upon sending (Regression) (langflow-ai#12006) * fixes scroll is on input message * feat: re-engage Safari sticky scroll mode when user sends message Add custom event 'langflow-scroll-to-bottom' to force SafariScrollFix back into sticky mode when user sends a new message. This ensures the chat scrolls to bottom even if user had scrolled up, fixing behavior where Safari's scroll fix would remain disengaged after manual scrolling. Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com>
langflow-ai#12039) fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Entries (langflow-ai#12009) * removed book and added file. makes more sense * feat: add accent-blue color to design system and update knowledge base file icon - Add accent-blue color variables to light and dark themes in CSS - Register accent-blue in Tailwind config with DEFAULT and foreground variants - Update knowledge base file icon fallback color from hardcoded text-blue-500 to text-accent-blue-foreground Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com>
…2038) * fixes to the mcp modal for style * style: convert double quotes to single quotes in baseModal component * style: convert double quotes to single quotes in addMcpServerModal component Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com>
* fix: change loop description (langflow-ai#12018) * docs: simplify Loop component description in starter project and component index * [autofix.ci] apply automated fixes * style: format Loop component description to comply with line length limits * fixed component index * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…langflow-ai#12036) * feat: add mutual exclusivity between ChatInput and Webhook components * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes --------- Co-authored-by: Janardan S Kavia <janardanskavia@Janardans-MacBook-Pro.local> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Only process dict template fields In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema. * Check and handle MCP server URL changes When skipping creation of an existing MCP server for a user's starter projects, first compute the expected project URL and compare it to URLs found in the existing config args. If the URL matches, keep skipping and log that the server is correctly configured; if the URL differs (e.g., port changed on restart), log the difference and allow the flow to update the server configuration. Adds URL extraction and improved debug messages to support automatic updates when server endpoints change. --------- Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com>
…ngflow-ai#12044) Langflow breaks when we click on the last level of the chain. Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com>
langflow-ai#12051) fix: standardize "README" title and update API key configuration notes in 3 main flow templates (langflow-ai#12005) * updated for README * chore: update secrets baseline with new line numbers * fixed test Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com>
…8.0 (langflow-ai#12052) * fix: improve knowledge base UI consistency and pagination handling - Change quote style from double to single quotes throughout knowledge base components - Update "Hide Sources" button label to "Hide Configuration" for clarity - Restructure SourceChunksPage layout to use xl:container for consistent spacing - Add controlled page input state with validation on blur and Enter key - Synchronize page input field with pagination controls to prevent state drift - Reset page input to "1" when changing page * refactor: extract page input commit logic into reusable function Extract page input validation and commit logic from handlePageInputBlur and handlePageInputKeyDown into a shared commitPageInput function to eliminate code duplication.
…angflow-ai#12043) * fix(ui): ensure session deletion properly clears backend and cache * fix: resolved PR comments and add new regression test * fix: resolved PR comments and add new regression test * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* add file system component * add file system validations and tests * [autofix.ci] apply automated fixes * ruff style and fix * ruff fix * address gh suggestions * aditional tests to cover gaps * fix QA issues * message ordering regression fix * Update component_index.json * Update component_index.json * chore: auto-bake note keys and regenerate backend locales/en.json [skip ci] --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare <ericrhare@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ed (langflow-ai#12971) * fix(model-input): hide wrench when saved model's provider is configured When a user deactivates all models from a configured provider, the backend still injects the saved selection into options as a sticky-default with not_enabled_locally:true, causing the trigger to surface the Configure wrench. The wrench is intended for imported flows that reference providers the user hasn't set up — not for models the user has actively deactivated. This change scopes the sticky-default affordance to providers that are not configured locally: - groupedOptions filters out sticky options whose provider is configured. - selectedModel falls through to the first available option instead of preserving the saved selection with the wrench flag in that case. - The auto-default useEffect resets the persisted value when the saved model is missing AND its provider is configured, so the flow no longer references a model the user can't run. Also tightens the value-prop type from `any` to `ModelOption[] | undefined` on the component's BaseInputProps generic so the file passes the staged biome no-any check (pre-existing violation that blocked the surgical edit). * fix: Don't refresh list if no changes made
* fix: refresh MCP connection state * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Update mcp_component.py * Update mcp_component.py * Update Nvidia Remix.json * Update component_index.json * Update component_index.json * Update component_index.json * fix: tool list doesnt refresh after error * Update use-patch-mcp-server.test.ts * Update component_index.json --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* add-troubleshooting-items-from-scarf * sort-desktop-errors-by-os * include-err-strings * casing * remove-placeholders * python-version * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * peer-review * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * docs-update-some-error-messages-that-have-changed * docs-check-desktop-errors-against-error-constants-file --------- Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com>
flush border top Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
langflow-ai#12973) * fix(frontend): render node dropdowns above build/notification overlays ReactFlow nodes apply `transform` which creates a local stacking context. The model selector and generic node dropdown previously rendered without a Portal, so their `z-50` popover content was trapped inside that context and got covered by the build status / error notification panel (also `z-50`, sibling of the canvas). Switch both `dropdownComponent` and `modelInputComponent` to always use the portalled `PopoverContent` and bump the popover layer to `z-[60]`. Mounting the popover into `document.body` escapes the node's stacking context, and the higher z-index keeps it above the build panel regardless of portal mount order. * fix(frontend): flip node dropdowns above build/notification overlays Prior commit moved the dropdown popovers to a Portal so they could escape the node's stacking context, which fixed the overlap with the build status / error notification panel but also pulled the popovers out of the React Flow viewport's CSS scale transform — the dropdowns no longer scaled with canvas zoom and looked oversized when zoomed out and too small when zoomed in. Switch to a non-portal-based fix: keep the popovers inline in the node (so they continue to scale with canvas zoom like the rest of the node) and let Radix flip them above the trigger when the build panel is on screen. - Subscribe to `useFlowStore` for `isBuilding` and `buildInfo` and derive a `showingBuildPanel` flag in `dropdownComponent` and `modelInputComponent`. - Restore the original `PopoverContentWithoutPortal` selector in both files (children / editNode / inspectionPanel keep portaled content). - Always pass `avoidCollisions` and a dynamic `collisionPadding.bottom` equal to `BUILD_PANEL_COLLISION_PADDING_PX` (160) when the panel is visible, otherwise `0`. Radix then auto-flips the popover above the trigger whenever the bottom region is reserved. - Move `BUILD_PANEL_COLLISION_PADDING_PX` into `constants/constants.ts` with a comment so the magic number is defined once and documented.
* docs-deprecate-voice-to-voice-endpoint * docs-explain-voice-mode-vs-speech-to-text
…987) (langflow-ai#12918) * fix: encode non-ASCII filenames in Content-Disposition headers HTTP headers only support ASCII/latin-1. Placing Chinese or other non-ASCII characters directly in filename="..." caused a latin-1 serialization error (500) on download. Fix all four download routes to use an ASCII-safe fallback in filename= and the URL-encoded form in filename*=UTF-8'': - api/v1/files: /download/{flow_id}/{file_name} - api/v1/flows_helpers: /flows/download/ (ZIP) - api/v2/files: /files/{file_id} and /files/batch/ Also fix the frontend filename extraction regex in both use-get-download-flows.ts and use-get-download-files.ts to parse RFC 5987 (filename*=UTF-8''<encoded>) with decodeURIComponent, falling back to plain filename= for older responses. Closes langflow-ai#8105 * test: add non-ASCII filename encoding tests for file download routes Cover the RFC 5987 Content-Disposition encoding fix across all affected download endpoints: - api/v1/files: parametrized test with Chinese, Japanese, accented Latin, and ASCII filenames verifying filename*=UTF-8'' encoding - api/v2/files: same parametrized test for single-file download plus a batch download test verifying the ZIP Content-Disposition header - flows download: test with Chinese flow names verifying the ZIP response uses a decodable RFC 5987 filename Reproduces the regression from issue langflow-ai#8105 where downloading files with non-ASCII names returned HTTP 500. * fix: use safe="" in quote() for RFC 5987 filename encoding and tighten test assertion Ensures forward slashes and other special characters are percent-encoded in Content-Disposition filename* values. Also fixes weak in-operator assertion in v2 test to check the correct direction. * fix: centralize RFC 5987 Content-Disposition encoding and patch header injection Extract build_content_disposition() helper in api/utils/core.py that: - Escapes double-quotes in the ASCII fallback (prevents parameter smuggling via filenames like evil"; x=injected) - Uses quote(safe="") to percent-encode forward slashes - Returns the dual-param format (filename= + filename*=) for broad client compatibility Replace the duplicated 3-line encoding blocks in v1/files.py, v2/files.py, flows_helpers.py, and projects_files.py with a single call to the helper. projects_files.py was missing from the original fix: it used quote() without safe="" and emitted only filename*= with no ASCII fallback. * test: strengthen Content-Disposition header assertions - v2/test_files.py: expected_rfc5987 now includes the file extension so a regression that strips the extension from the RFC 5987 value is detected - test_database.py: strengthen the dual-flow download assertion to verify both filename= and filename*= params are present, not just the prefix - test_database.py: rename test_download_flows_non_ascii_content_disposition to test_download_flows_content_disposition_dual_param and update the docstring to accurately reflect that the ZIP filename is always ASCII (timestamp-based); the test now verifies the dual-param format * fix: sanitize control chars and escape backslash in build_content_disposition Strip ASCII control characters (CR/LF/NUL and others in 0x00-0x1f/0x7f range) from filename before encoding to prevent header injection. Also escape backslash before double-quote in the ASCII fallback per RFC 6266 §4.1 quoted-pair grammar. * test: add adversarial tests for build_content_disposition and strengthen v2 assertion Add direct unit tests for the helper covering: quote escaping, backslash escaping, CRLF/NUL/control char stripping, empty filename, and very long names. Replace weak substring assertions in the v2 single-file download test with exact equality against the stored filename returned by the upload response. * refactor: extract Content-Disposition parser to shared frontend util Extract the duplicated 14-line RFC 5987 parsing block from use-get-download-files and use-get-download-flows into a single parseContentDispositionFilename util. Wraps decodeURIComponent in try/catch to gracefully fall back to the legacy filename= param on malformed percent-sequences. Adds Jest tests covering all branches: RFC 5987 priority, legacy fallback, CJK decode, null header, and malformed input. * test: replace Portuguese test filename with English equivalent Rename the accented Latin test case from the Portuguese arquivo_com_acentuação.txt to naïve_résumé.txt so all test data uses English while still exercising the same ï/é encoding path.
…er (LE-1014) (langflow-ai#12952) * feat(lfx): add extension manifest schema, validate CLI, and error formatter (LE-1014) Foundation for the Bundle Separation iteration. Defines what a valid extension.json looks like (Pydantic models + Draft 2020-12 JSON Schema), ships the offline `lfx extension validate` command, and ships the single `format_extension_error` function that every other extension-system module will use to render structured errors. What's in lfx.extension: - `ExtensionManifest` / `BundleRef` / `LangflowCompat` Pydantic models with `extra="forbid"` so unknown fields fail loudly. Deferred fields (`services`, `routes`, `hooks`, `starter_projects`, `userConfig`) are reserved as None-only so non-null values produce a dedicated `field-deferred-in-this-milestone` error instead of a generic schema wall. `bundles` accepts a list but rejects length > 1 with `multi-bundle-deferred-in-this-milestone` (validator-enforced; the loader re-checks at install time in LE-1015). - `schema.build_schema()` + `build_schema_json()` produce the publishable artifact at schemas.langflow.org/extension/v1.json. - `ExtensionError` typed envelope and `format_extension_error` -- one branch per discriminant. Codes are registered in `ERROR_CODES`; an `ExtensionError` constructed with an unknown code raises at construction time, preventing producers from shipping without a matching renderer. - `validate_extension` runs four passes: manifest discovery + schema, path-safety (no `..`, no absolute paths, no symlink escape), AST inspection of every `.py` (syntax, Component subclass present, build() declared, top-level `import *`, top-level I/O primitives), and an opt-in `--execute-imports` that runs each module in a subprocess with a temporary HOME / TMPDIR / LANGFLOW_CONFIG_DIR and LANGFLOW_*/LFX_* env vars stripped. - `lfx extension validate` and `lfx extension schema` typer subcommands. Acceptance-criteria coverage in tests/unit/extension/: - Round-trips every v0 manifest field; deferred fields rejected; multi-bundle rejected with the dedicated discriminant. - JSON Schema validates the v0 example and rejects 12 malformed manifests with distinct error paths (>= 10 required by the ticket). - Median default-validate runtime < 100ms on the basic template. - Crafted side-effect bundle: default validate does NOT execute it (canary file is never written); `--execute-imports` DOES execute it and the canary appears, while LANGFLOW_* env vars are NOT inherited by the subprocess. - Snapshot tests for every code in ERROR_CODES; a guard test verifies ERROR_CODES and the snapshot table are in lockstep so future additions cannot ship without a format branch and a snapshot. Wiring: `lfx extension` is a sub-app under the Authoring help panel so future tickets (LE-1016 init/dev, LE-1018 reload) can attach without colliding with the existing `lfx validate` (which validates flow JSON, not extensions). * fix(lfx): fall back to tomli on Python 3.10 in extension manifest loader tomllib is stdlib only on 3.11+, but lfx supports 3.10-3.13. Use the existing tomli runtime dependency as the 3.10 fallback (same API, so the import alias keeps the rest of the module unchanged). Fixes ModuleNotFoundError seen in CI on the 3.10 job. * Update src/lfx/tests/unit/extension/test_schema.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update src/lfx/src/lfx/extension/schema.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update src/lfx/src/lfx/cli/_extension_commands.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix: LangflowCompat -> LfxCompat * fix: Remove references to ticket * fix: encode maxItems constraint in schema * fix: deferred fields and schema version * Fix ruff errors --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…langflow-ai#12935) * initial commit for structural response * add schema preprocessing tests * fix agent duplication message * add playwright tests * [autofix.ci] apply automated fixes * chore: auto-bake note keys and regenerate backend locales/en.json [skip ci] * ruff fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
… selector (langflow-ai#12985) * add model provider config on model selection * [autofix.ci] apply automated fixes * fix fe tests playwright --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* add memories * add memories * accessibility and bug fixes * fix types * fix types * [autofix.ci] apply automated fixes * add new testcases * [autofix.ci] apply automated fixes * remove auto capture * [autofix.ci] apply automated fixes * coderabbit fixes and remove KB from FE * fix testcases * [autofix.ci] apply automated fixes * fix testcases * fix mcp testcase --------- Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
fix: raise CanvasBanner above bottom-center menubar to prevent overlap Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
…e to resolve CVEs (langflow-ai#12990) * fix: update Docker base images to latest Python 3.12 to resolve CVEs - Update all Dockerfiles from python:3.12.13-slim-trixie to python:3.12-slim-trixie - This ensures automatic security patches for Debian base image CVEs - Affects nightly builds (base, main, main-all) and release builds (backend, ep) - Using unpinned patch version (3.12 vs 3.12.13) follows security best practices * fix: update builder stage to Debian Trixie for consistency - Update all Dockerfiles from bookworm-slim to trixie-slim in builder stage - Ensures consistency between builder and runtime Debian versions - Eliminates CVEs in both build and runtime environments - Uses ghcr.io/astral-sh/uv:python3.12-trixie-slim for all builders
…i#12989) * fix: URLComponent ignores proxy in async mode (langflow-ai#12285) The URLComponent fails to connect for users behind corporate proxies because its asynchronous mode does not recognize standard system proxy environment variables. The component defaults to use_async=True, which initializes the RecursiveUrlLoader; the underlying async loader does not natively respect system proxy environment variables, so the component attempts a direct connection and fails in restricted network environments. Detect standard proxy environment variables (http_proxy, HTTP_PROXY, https_proxy, HTTPS_PROXY) in URLComponent._create_loader. If a proxy is detected and use_async is enabled, override use_async to False so the loader uses its synchronous implementation, which natively respects system proxies. Empty and whitespace-only values are correctly evaluated as no-proxy and do not trigger the fallback. Closes langflow-ai#10297 * fix(URLComponent): broaden proxy detection and harden tests Address review findings on the proxy fix: - Add ALL_PROXY and all_proxy to the detected env vars. ALL_PROXY is commonly set in corporate and container environments (curl, git, many Unix tools honour it), and is sometimes the only proxy var configured. - Replace the unused proxy_url string with a single boolean any() over the env var keys, since only the presence of a proxy is consulted. - Reorganize the proxy tests under TestURLComponentProxyHandling with a shared default-attributes helper, parametrize over all six env var spellings, and add coverage for multiple-simultaneous-proxies and the use_async=False path (which should not log a warning). * [autofix.ci] apply automated fixes * fix: remove no_proxy="*" macOS startup hack so corporate proxies work Two startup paths set `os.environ["no_proxy"] = "*"` on macOS, which disables proxy use for every HTTP client in the process and every child gunicorn worker (httpx, requests, urllib3 — and therefore the OpenAI, Anthropic, Groq, etc. SDKs that wrap them). For users behind corporate proxies on macOS this made every external LLM call unroutable, even with HTTPS_PROXY properly set. The override traces to commit history with no concrete justification — the only artifact is a Stack Overflow link about a uWSGI segfault, but Langflow uses gunicorn, not uWSGI. Bench-verified that gunicorn boots cleanly and serves requests on macOS without it (1 worker via LangflowApplication, OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES retained, HTTPS_PROXY survives intact in parent and child). Verification: - gunicorn worker spawns and serves /health (200 OK), exits cleanly - httpx, urllib, requests all resolve HTTPS_PROXY after the macOS init (previously: all three returned empty proxy maps because of no_proxy=*) - OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES still set — the actual fork-safety fix is preserved Closes the macOS half of langflow-ai#10297. Companion fix for the async URLComponent half is in langflow-ai#12285 / branch pr-12285-rebased. * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Orjson update --------- Co-authored-by: Diogo Veiga <diogo.veiga@tecnico.ulisboa.pt> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* add memories * add memories * accessibility and bug fixes * fix types * fix types * [autofix.ci] apply automated fixes * add new testcases * [autofix.ci] apply automated fixes * remove auto capture * [autofix.ci] apply automated fixes * coderabbit fixes and remove KB from FE * added enpoint support * coderabbit fix * [autofix.ci] apply automated fixes * added session and memory messages endpoint * code rabbit fixes * [autofix.ci] apply automated fixes * merge session id fix * [autofix.ci] apply automated fixes * fix testcases * [autofix.ci] apply automated fixes * fix testcases * fix traces sidebar * memory query rewrite and testcase improvement * [autofix.ci] apply automated fixes * Improve seperation of concern for memory hook * [autofix.ci] apply automated fixes * handleToggleActive Signature Breaking Change * improve testcase * [autofix.ci] apply automated fixes * fix testcases * fix mcp testcase * disable embedded option trigger causing user to to be able to switch provider when option is zero * Peer review updates * [autofix.ci] apply automated fixes * added refresh logic and fixed prior issues from CR * [autofix.ci] apply automated fixes --------- Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local>
…i#12778) * perf: Enhance Gunicorn preload functionality for Langflow - Introduced a new preload module to optimize memory usage by running fork-safe initialization in the Gunicorn master process. - Updated the lifespan management in `main.py` to check if the master has preloaded resources, allowing workers to inherit state and skip redundant setup. - Adjusted the server loading process to accommodate the new preload logic, ensuring efficient resource management across worker processes. * feat(cache): Implement teardown method for RedisCache to prevent socket leaks - Added a `teardown` method to the `RedisCache` class to close the Redis connection, addressing potential socket leaks during process forking. - Introduced unit tests to verify the functionality of the `teardown` method, ensuring it handles client closure and errors gracefully. - Tests cover scenarios including normal closure, error handling during closure, and teardown with URL-based connections. * feat(cache): Implement teardown method in RedisCache to prevent socket leaks - Added a `teardown` method to the `RedisCache` class, ensuring proper closure of the Redis client connection before forking to avoid socket leaks. - Created comprehensive unit tests to validate the functionality of the `teardown` method, covering various scenarios including normal operation and error handling. - Updated existing tests to reflect the new teardown functionality and ensure RedisCache is recognized as an instance of `ExternalAsyncBaseCacheService`. * refactor(preload): Simplify DB engine disposal logic in master preload - Removed exception handling around the DB engine disposal to streamline the process, ensuring that the engine is disposed of without unnecessary error logging. This change enhances code clarity and maintains the intended functionality of resource management during the preload phase. * refactor(preload): Streamline cache service teardown logic - Simplified the cache service socket closure process in the master preload function to prevent sharing across forks. This change enhances code clarity by removing unnecessary exception handling while maintaining the intended functionality of resource management during the preload phase. * feat(preload): Introduce per-step completion flags for improved state management - Added completion flags in the preload state to track the status of various initialization steps, including profile picture copying, starter project creation, agentic global variable initialization, MCP server configuration, and flow loading. - Updated the lifespan management in `main.py` to utilize these flags, allowing the system to skip redundant setup tasks if they have already been completed during the preload phase. - This enhancement improves resource management and ensures that the application behaves correctly in a multi-worker environment. * refactor(lifespan): Replace temp dir management with get_owned_temp_dirs function - Updated the lifespan management in `main.py` to utilize the new `get_owned_temp_dirs` function, which encapsulates the logic for determining temp directory ownership based on the process type (master or worker). - Removed the `is_master` check from the lifespan function, simplifying the code and enhancing clarity regarding temp directory cleanup responsibilities. - Added the `get_owned_temp_dirs` function in `preload.py` to centralize temp directory ownership logic, ensuring that workers do not attempt to clean up directories owned by the master process. * refactor(lifespan): Enhance initialization flow with conditional gates - Introduced conditional gates in the `get_lifespan` function to manage the initialization of profile pictures, super users, bundles, component types, and starter projects based on their completion status. - Improved logging to provide clearer insights into which steps are being skipped or executed, enhancing the overall clarity of the initialization process. - Updated the preload logic in `preload.py` to ensure that agentic global variables and MCP server configuration are only initialized when necessary, maintaining efficient resource management in a multi-worker environment. * fix: resolve double-call of initialize_auto_login_default_superuser and add preload tests - Fix double-call issue: setup_superuser() now handles AUTO_LOGIN completely with file lock - Add comprehensive unit tests for preload.py covering failure-fallback contract - Simplify code by doing superuser initialization in initialize_services() (called early in both preload and worker startup) - File lock protects multi-worker race conditions when preload is disabled - Tests verify critical step failures propagate, best-effort steps continue on failure Made-with: Cursor * fix(preload): resolve missing import and agentic initialization conflicts Fixed critical bugs introduced in c0e81a5 that caused preload failures: 1. Missing import: Added DEFAULT_SUPERUSER_PASSWORD to module-level imports - Was only imported inside AUTO_LOGIN block but used when AUTO_LOGIN=false - Caused NameError that crashed preload with "session scope error" 2. Removed agentic variable initialization from setup_superuser() - Prevents double-initialization conflict with preload's dedicated step - initialize_agentic_global_variables() in preload handles all users 3. Made teardown_superuser() more robust - Now skips deletion instead of raising errors on FK constraints - Prevents startup failures when default superuser has associated flows Resolves: "An error occurred during the session scope" preload error Resolves: Ghost thread warnings from incomplete initialization Made-with: Cursor * refactor(preload): Enhance state management and initialization logic - Updated the `_PreloadState` class to include `bundles_loaded` and `types_cached` flags for better tracking of initialization steps. - Modified the `get_lifespan` function to utilize the new state flags, improving the conditional logic for loading bundles and caching component types. - Implemented a `reset` method in `_PreloadState` to ensure consistent state restoration after preload failures, enhancing reliability in multi-worker environments. - Simplified the teardown process in `ExternalAsyncBaseCacheService` by making `teardown` an abstract method, allowing direct calls without fallback checks. This refactor improves clarity and efficiency in the preload and lifespan management processes. * refactor(lifespan): Improve component types caching and starter project creation logic - Enhanced the `get_lifespan` function to utilize a local handle for component types when the cache is inherited, ensuring consistency in multi-worker environments. - Added logging for scenarios where the component types cache is empty, allowing for cache rebuilding instead of skipping starter project creation. - Streamlined the starter project creation process with improved error handling and logging, ensuring clarity on failures and skipped operations. This refactor enhances the reliability and clarity of the initialization process in the application. * fix(tests): Update teardown_superuser test to preserve default superuser if never logged - Renamed the test function to clarify its purpose. - Modified the test logic to ensure that the default superuser is not removed during teardown if it has never been logged in, preventing foreign key errors. - Added assertions to verify that the superuser remains intact and its properties are correctly set after teardown. This change enhances the reliability of the superuser management in the test suite. * feat: Implement orphaned MCP server config migration and add unit tests - Introduced `migrate_orphaned_mcp_servers_config` function to recover MCP server config files that become orphaned after a database reset while preserving the config directory. - Added logic to handle scenarios with multiple orphaned files, ensuring safe migration and logging for manual recovery. - Created comprehensive unit tests to validate the migration functionality, covering cases for single orphan recovery, multiple orphans, and scenarios with no orphans. - Enhanced the setup of the superuser to include the migration process, improving the robustness of user configuration management. This update enhances the application's ability to recover user configurations in containerized environments. * fix(teardown): Improve superuser removal logic and error handling - Updated the `teardown_superuser` function to remove the default superuser when AUTO_LOGIN is disabled and the user has never logged in, enhancing user management. - Improved error handling to raise a `RuntimeError` if the removal fails, ensuring that issues are logged and not silently ignored. - Adjusted the `DatabaseService` teardown process to reflect the updated superuser removal logic and ensure proper resource disposal. This change enhances the reliability of the superuser management during application shutdown. * fix(setup_superuser): Enhance error handling for AUTO_LOGIN timeout scenario - Updated the `setup_superuser` function to provide clearer logging and error messages when the AUTO_LOGIN lock times out and no default superuser exists. - Introduced a check to verify the existence of the default superuser in the database, raising a `RuntimeError` with a descriptive message if it is not found. - Added unit tests to validate the behavior of the setup process under timeout conditions, ensuring that the application fails gracefully when required superuser credentials are missing. This change improves the robustness of the superuser initialization process and enhances error visibility during startup. * fix(preload): Update error handling to log exceptions with traceback for best-effort steps - Modified the error handling in the `_run_master_preload` function to log exceptions with traceback instead of warnings for best-effort steps, ensuring better visibility into failures. - Updated unit tests to reflect the change in logging behavior, verifying that exceptions are correctly logged during preload operations. This change enhances the clarity of error reporting during the preload process, aiding in debugging and monitoring. * fix(preload): Ensure cleanup of temporary directories during reset - Updated the `reset` method in the `_PreloadState` class to call `cleanup()` on each `TemporaryDirectory` before clearing the `temp_dirs` list, preventing on-disk directory leaks during failed preloads. - Added a unit test to verify that `cleanup()` is called for all temporary directories during the reset process, ensuring proper resource management. This change enhances the reliability of the preload process by ensuring that temporary resources are properly cleaned up. * refactor(preload): Introduce PreloadStep enumeration and streamline step completion logic - Added a `PreloadStep` enumeration to define ordered preload phases, enhancing clarity and maintainability of the preload process. - Replaced direct state attribute checks with the `is_step_complete` function to improve readability and encapsulate step completion logic. - Updated the `_run_master_preload` function to utilize `mark_step_complete` for recording successful completion of preload steps, enforcing prerequisite ordering. - Enhanced unit tests to validate the new step completion logic and ensure proper functionality of the preload process. This refactor improves the structure and reliability of the preload mechanism, making it easier to manage and understand the initialization flow. * refactor(superuser): Remove redundant checks for superuser credentials in setup functions - Eliminated unnecessary validation for `DEFAULT_SUPERUSER` and `DEFAULT_SUPERUSER_PASSWORD` in both `initialize_auto_login_default_superuser` and `setup_superuser` functions, simplifying the initialization logic. - This change streamlines the superuser setup process, assuming that the necessary credentials are managed externally, thus enhancing code clarity and maintainability. * refactor(preload): Streamline error handling and step completion in preload process - Introduced a `_best_effort` function to encapsulate error handling for preload steps, improving code readability and maintainability. - Updated the `_run_master_preload` function to utilize the new error handling mechanism for various steps, ensuring consistent logging and state management. - Enhanced the documentation in the preload module to clarify the handling of fork-unsafe resources and the overall preload process. This refactor enhances the robustness and clarity of the preload mechanism, making it easier to manage and understand the initialization flow. * refactor(preload): Enhance error handling and resource cleanup in preload process - Wrapped post-initialization work in a try/finally block to ensure the DB engine and cache service are always disposed of, preventing resource leaks in forked workers. - Updated logging to provide clearer visibility into the preload steps, including error handling for best-effort operations. - Improved the structure of the `_run_master_preload` function by consolidating related operations and ensuring consistent cleanup. This refactor enhances the robustness and clarity of the preload mechanism, ensuring safe resource management during initialization. * [autofix.ci] apply automated fixes * test(setup_superuser): remove default superuser before lock-timeout no-superuser case The `initialized_services` fixture starts with `AUTO_LOGIN=false`, which runs `setup_superuser` through the credentials-fallback path and creates the default superuser. The "raises_when_no_superuser" test then mocked the lock to time out, but the existence check found that pre-created user and returned `AUTO_LOGIN_LOCK_TIMEOUT_SUPERUSER_PRESENT` instead of raising `RuntimeError`. Delete the default superuser before mocking the lock so the no-superuser branch is actually exercised. --------- Co-authored-by: Jordan Frazier <jordan.frazier@datastax.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare <ericrhare@gmail.com>
langflow-ai#12996) fix(mcp): make run_tool wait_for timeout configurable, raise floor to 180s The hardcoded `timeout=30.0` on `asyncio.wait_for(session.call_tool(...))` in both `MCPSseClient.run_tool` and `MCPStreamableHttpClient.run_tool` was truncating in-flight tool calls whose servers needed longer than 30s to respond — most visibly large MCP composers whose tool responses include sizeable catalogs. Failure mode: LLM → AgentExecutor → run_tool (1 call from the LLM) ├── attempt 1: get_session (probe ..._1 fails → swap ..._2) │ → call_tool → 30s wait_for fires, TimeoutError raised │ (server is still working — response ignored on arrival) └── attempt 2: get_session (probe ..._2 fails → swap ..._3) → call_tool → 30s wait_for fires again → util.py dedup ("Repeated TimeoutError, not retrying") → ValueError("Maximum retries exceeded ...") ← AgentExecutor surfaces error → flow fails The retry loop's TimeoutError dedup correctly stops looping once it sees the same error twice, but every call against a slow server hit the same ceiling and never had a chance to succeed. The session swaps between attempts also produced excess HTTP churn against the server. Both `run_tool` methods now resolve the timeout from `get_settings_service().settings.mcp_server_timeout` (already used for connection setup at lines 1617 / 1887, env: `LANGFLOW_MCP_SERVER_TIMEOUT`) with a `max(setting, 180.0)` floor so default deployments don't end up *shorter* than the previous hardcoded 30s — the Pydantic default for `mcp_server_timeout` is 20. Touched: src/lfx/src/lfx/base/mcp/util.py - L1677, L1689 (stdio run_tool) - L1960, L1972 (streamable HTTP run_tool) Unchanged on purpose: - L1217, L1381 session-creation `timeout=30.0` (separate concern). - L1060 `_validate_session_connectivity` 3.0s probe (separate concern; addressed in follow-up if probe thrash persists). Tuning: - LANGFLOW_MCP_SERVER_TIMEOUT now governs both connection setup and tool-call wait_for. The 180s floor clamps low values; raise the env var above 180 to take effect. Repro / verification: - Trace run that previously failed at 67.08s with "Maximum retries exceeded with repeated TimeoutError errors" against `mcp-guardium_get_service_info` (47KB response payload) now completes on attempt 1. Co-authored-by: MANSURA HABIBA <MANSURAH@ie.ibm.com>
…of 0 items" (langflow-ai#12965) * fix(frontend): paginator empty state shows "0 items" instead of "1-0 of 0 items" When totalRowsCount is 0 the paginator rendered "1-0 of 0 items" and "of 0 pages", with the next button enabled because pageIndex (1) was not equal to maxIndex (0). Hide the range when empty, floor maxIndex to 1, and disable both navigation buttons when there is nowhere to go. * Update legacy paginator tests to assert new empty-state copy
* docs-1.10-release-notes-and-link-out-to-previous-versions * docs-remove-outdated-windows-upgrade-note
…nfig (langflow-ai#12978) Frontend was forcing event_delivery=polling in the build query, overriding LANGFLOW_EVENT_DELIVERY=streaming on the server. Token-by-token streaming in the Playground never worked because the frontend always took the polling code path (customPollBuildEvents) instead of SSE (performStreamingRequest). Aligns three default fallbacks with the server doc default (STREAMING): - buildUtils.buildFlowVertices: query-param default - utilityStore.eventDelivery: initial store value (race window before /config) - use-get-config: fallback when /config omits event_delivery buildFlowVerticesWithFallback already retries with POLLING on STREAMING_NOT_SUPPORTED / ENDPOINT_NOT_AVAILABLE, so streaming-first is safe. Fixes langflow-ai#12291
…-ai#13014) - Add pull: true to all docker build steps in nightly workflow - Forces Docker to pull latest python:3.12-slim-trixie instead of using cached layers - Ensures Debian Trixie base images are used instead of cached Bookworm layers - Resolves issue where Docker layer caching prevented CVE fixes from taking effect
…low-ai#12991) * Fixing migration 1.9.2 -> 1.10.0 -> 1.9.2 idempotent. * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…3018) * chore(starter-projects): new Vector Store RAG template Update the RAG starter flow to align with the new knowledge base paradigm: removes the inline knowledge base creation sub-flow and points users to the dedicated Knowledge Ingestion UI for loading content into their vector store. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(starter-projects): tweak Vector Store RAG README description Drop the outdated reference to two sub-flows in the in-template README and refresh the saved metadata. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: autofix of starter project json --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Eric Hare <ericrhare@gmail.com>
* docs-add-opensearch-provider-and-adjust-kb-docs * docs-combine-kb-config-sections-and-update-partial * add-release-note * Apply suggestions from code review Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * docs-clarify-embedding-model-step --------- Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Created Valkey component for vector storage and chat message storage