Merged
Conversation
- Re-export automation modules in the catalog package for easier access. - Update CatalogPackage enum to include Automation. - Add support for extra dock items and overlay rendering in FlowBoard and FlowWrapper components. - Implement context menu support for dock items. - Improve node handling in parseBoard function to prevent duplicate entries. - Introduce Gource visualization scripts for development insights, including fetching GitHub avatars and generating videos in multiple resolutions. - Add captions for release events in Gource visualizations.
…lidating conditionals and enhancing default implementations
- Updated screenshot storage path to use the new structure under `apps/{app_id}/upload/rpa/{board_id}/screenshots/{artifact_id}.png`.
- Adjusted coordinate scaling for HiDPI displays to ensure accurate cropping.
- Replaced `println!` with `tracing::debug!` for better logging consistency.
Enhance recording state logging
- Changed logging of keystroke buffer flushing from `println!` to `tracing::debug!`.
Improve tray icon handling during recording
- Added a boolean field to `TrayRuntimeState` to track recording state.
- Implemented functions to set and restore the tray icon based on recording status.
- Introduced a new stop icon for the tray when recording is active.
Fix timeout handling in automation nodes
- Ensured that timeout values are non-negative by using `max(0)` in various automation nodes to prevent potential issues with negative durations.
Refactor mouse movement logic
- Simplified mouse movement code by removing unnecessary complexity and ensuring natural movement is handled correctly.
- Added template matching capabilities for mouse click nodes to improve accuracy.
Update error handling in RPA nodes
- Enhanced documentation for `TryCatchNode` and `RetryLoopNode` to clarify limitations regarding error handling.
General code cleanup and improvements
- Various minor refactors and improvements across multiple files for better readability and maintainability.
…tionality - Introduced `pat-management.tsx` for managing personal access tokens (PATs). - Added UI components for creating, displaying, and deleting PATs. - Implemented dialogs for token creation and token reveal with appropriate user feedback. - Updated `index.ts` to export the new `pat-management` component. - Added npm scripts for publishing Node.js and Python libraries in `package.json`.
… and file management capabilities - Added chat completion methods with detailed usage parsing and structured response handling in `chat.py`. - Improved client initialization with detailed argument descriptions in `client.py`. - Expanded database operations with enhanced credential management and schema retrieval in `database.py`. - Introduced embedding functionalities with usage tracking in `embeddings.py`. - Implemented event triggering capabilities in `events.py`. - Added execution monitoring features in `execution.py`. - Enhanced file management operations including upload, download, and deletion in `files.py`. - Integrated workflow invocation capabilities in `workflows.py`. - Updated LangChain integration with detailed documentation in `langchain.py`. - Added type hints and docstrings for better clarity and usability across the SDK. - Bumped version to 0.1.2 in `pyproject.toml`.
…age when reconnecting to an active stream
…s-workflow-recording-generated-flow
- Introduced interaction types (single choice, multiple choice, form) and their respective schemas. - Implemented interaction request processing in the chat component. - Enhanced chat UI to display interactions alongside messages. - Created a new Interaction component for rendering interaction requests. - Added countdown functionality for pending interactions. - Updated event processor to handle interaction events. - Refactored chat component to utilize new interaction logic. - Added necessary types and interfaces for interactions in the schema.
- Added bounding box input pin to CreateFingerprintNode for better element identification. - Introduced screen matching module to handle screen capture and template matching, bypassing issues with rustautogui on macOS. - Updated ClickTemplateNode and FindTemplateNode to utilize new screen matching methods for improved accuracy. - Refactored WaitTemplateNode and WaitTemplateDisappearNode to leverage direct screen capture and template matching. - Adjusted template handling in FindAllTemplatesNode to support FlowPath struct. - Improved gradient generation in use-theme-gradient hook for better visual consistency.
…use-rpa-nodes-workflow-recording-generated-flow Feature/462 computer use browser use rpa nodes workflow recording generated flow
…andling in chat components
- Introduced a comprehensive styling guide covering theme variables, component styles, spacing, sizing, borders, shadows, responsive design, typography, flexbox utilities, common component patterns, animation classes, z-index, overflow, position, and custom CSS injection. - Emphasized the use of theme variables over hardcoded colors for better dark/light mode support. - Provided examples and best practices for implementing styles in A2UI components.
Feature/520 short human in the loop
… updates + mqtt websocket tcp and udp nodes
…ndling in HttpClient and FlowLikeChatModel
….com/TM9657/flow-like into epic/478-python-typescript-libraries
- Updated `toml` dependency from version 0.8 to 0.9.8 and added `toml_edit` version 0.23.9 for enhanced TOML manipulation. - Modified `developer_open_in_editor` function to return a specific error message for unsupported editors. - Improved file handling in `download_github_dir` by ensuring safe file names are used. - Refactored `patch_manifest` to utilize `toml_edit` for better TOML document manipulation. - Enhanced error reporting in `developer_load_into_catalog` when finding WASM files. - Updated `delete_role` function to clone `app_id` and `role_id` for better ownership handling. - Refactored Python async support in `futures.py` and `streams.py` to streamline function calls and improve readability.
Epic/478 python typescript libraries
…fy request handling
…ng workflows - Deleted the benchmark.yml workflow as it was no longer needed. - Renamed clippy.yml to lint & format and added a separate job for formatting checks. - Updated codeql.yml to simplify the analysis process and removed unnecessary comments. - Introduced new workflows for FOSSA scanning and testing, ensuring better license compliance checks. - Removed outdated OpenCV build workflow and release workflow to streamline CI/CD processes. - Updated tests.yml to focus on pull requests only and adjusted permissions. - Added DOMPurify for sanitization in UI components to enhance security. - Updated dependencies in package.json and bun.lock for improved functionality. - Refactored error handling in model evaluator to be more specific and robust.
Fix/cleanup
…ple languages - Created a new translation file for process automation in various languages (de, es, fr, it, ja, ko, nl, pt, sv, zh). - Implemented translation functions for process automation in the respective language files. - Added new Astro pages for the process automation use case in each language, utilizing the newly created translation functions. - Updated existing localization files to include new strings for the compare page capabilities.
…ng, and making columns optional
- Added new modules for app content and board retrieval in admin routes. - Updated comment retrieval to include username and user ID fallback in both app and registry routes. - Enhanced publication request retrieval to include logs and author information, improving the response structure. - Introduced a new endpoint for fetching publication reviews in the registry, allowing maintainers to access review history. - Improved the handling of user information in package reviews, including reviewer details. - Added sanitization functions for tool descriptions and identifiers to ensure valid schema generation. - Normalized JSON schema strings to prevent validation issues with OpenAI's strict mode.
- Update `WasmPackageRef` to store the checksum directly instead of a URL. - Simplify checksum verification in `load_single_package` by removing unnecessary HTTP requests. - Enhance AOT cache management by removing checksum verification and adding methods to inject externally compiled `.cwasm` artifacts. - Modify `RegistryClient` to download and store precompiled `.cwasm` files alongside `.wasm` files, injecting them into the AOT cache if available. - Implement Pulley engine fallback for iOS to handle cases where native JIT compilation is not possible. - Update HTTP request handling in the component linker to return base64-encoded response bodies. - Adjust `WasmConfig` to allow enabling/disabling the JIT compiler, ensuring compatibility with platforms that cannot JIT. - Ensure all components and instances are tied to the correct engine instance to maintain integrity across different compilation targets.
…sary dependencies
- Introduced `flow-like-catalog-build-helper` crate to facilitate node registration. - Updated `Cargo.toml` files across multiple packages to include the new build helper as a build dependency. - Implemented `build.rs` files in relevant packages to call the `generate` function from the build helper. - Refactored node registration logic to remove reliance on `inventory` and utilize the new build helper for collecting nodes. - Enhanced `SecretStore` with a `warmup` method to pre-fetch secrets for improved performance. - Updated AWS provider to support bulk fetching of secrets with `prefetch` method. - Adjusted various modules to ensure compatibility with the new build system and removed deprecated inventory usage.
- Added `parseChronoDateString` to handle ISO 8601 date strings. - Improved `parseDateValue` to support various date formats including strings and system dates. - Introduced `formatRelativeDateValue` and `formatAbsoluteDateValue` for better date representation. - Updated `formatRelativeTime` to utilize the new date parsing logic. feat(execution-engine): integrate Sentry for error tracking - Added Sentry error capturing in the execution error handling block to improve monitoring and debugging. fix(flow-board-utils): update pin serialization - Changed pin serialization to include optional schema and options fields. - Simplified pin filtering logic in `stripCallFunctionRef`. feat(idb-cleanup): implement periodic IndexedDB cleanup - Created `runIDBCleanup` function to prune old data from various IndexedDB stores. - Added options for customizing cleanup age for different data types. feat(persister): add write throttling to IDB persister - Implemented throttling for writes to IndexedDB to prevent rapid cache mutations from overwhelming the database. fix(realtime): improve signaling server handling - Enhanced signaling server connection checks to ensure proper session status updates. - Added initial connection status check after session creation. feat(schema): extend package management with new statuses and reviewer interface - Introduced `PendingReview` and `Disabled` statuses in `PackageStatus`. - Added `PackageReviewer` interface to manage reviewer details. feat(analytics): expand analytics state with dashboard capabilities - Added `IAnalyticsDashboard` interface to encapsulate overview and stats. - Updated analytics state methods to support dashboard retrieval. feat(app-state): add comment management features - Introduced interfaces for app comments including `AppCommentItem`, `AppCommentsResponse`, and methods for managing comments in `IAppState`. feat(db-state): enhance database state with user-scoped operations - Added `userScoped` parameter to various database operations for better data management. feat(empty-states): implement user-scoped methods in empty states - Updated empty state implementations to include user-scoped methods for consistency. fix(storage): add user-scoped storage methods - Implemented user-scoped methods for storage state to enhance data handling. chore(dependencies): update dependencies in project templates - Updated dependency versions in Python and Rust templates for compatibility and improvements.
- Changed the feedback route from "/{board_id}/feedback" to "/{event_id}/feedback" for clarity.
- Updated the `FeedbackBody` struct to include an alias for `feedback_id` and added default handling for `comment`.
- Enhanced the `upsert_event_feedback` function to validate `feedback_id` and streamline feedback updates and inserts.
- Added tests for deserializing both legacy and current feedback payloads.
- Updated icons in Athena-related nodes to reflect AWS branding.
- Enhanced Delta Lake support by defining structured schemas for Delta tables and history entries.
- Improved SQL query node output to return structured results instead of generic JSON.
- Refined time aggregation nodes to return structured results and updated icons.
- Removed redundant tracking of repeated tool calls in agent execution logic to simplify the code.
- Improved error handling in internal node execution to provide clearer error messages.
- Introduced `formatAppCategory` function to normalize and format app categories in a user-friendly way. - Updated `StoreHero` and `AppCard` components to utilize the new category formatting function. - Added a new `StreamingTextEditor` component for enhanced text editing capabilities. - Improved layout handling in `lance-viewer` for better dialog content management. - Introduced `flow-auto-layout` utility for managing node layouts in flow diagrams. - Updated exports in various index files to include new components and utilities.
…ogProvider and SurfaceManager to handle chart data updates; enhance loading skeleton and page interface components
…ve embed detection logic and app category formatting
…ization only occurs with valid keys
- Added `#[default]` attribute to enum variants in `styles.rs`, removing the need for manual Default implementations. - Updated various enums including `PageSize`, `Orientation`, `TextAlignment`, `ParagraphStyle`, `ShapeType`, `PageNumberPosition`, and `Rotation`. - Improved code readability by using `if let` syntax for conditional checks in multiple files, including `chart_data_agent.rs`, `instantiate_widget.rs`, and others. - Enhanced error handling and logging in `aws.rs` and `sync_node_schema.rs`. - Cleaned up unnecessary code and improved performance in `execution.rs`, `context.rs`, and `node.rs`. - General code style improvements across multiple files for consistency and clarity.
…ing-node-registry Epic/525 implement fully functioning node registry
…adata - Replaced old section imports with new V3 components in Korean, Dutch, Portuguese, Swedish, and Chinese pages. - Updated SEO constants to prioritize V3 metadata and fallback to English and V2 where necessary. - Adjusted layout styles for better responsiveness across all language pages. - Enhanced hero section with new design elements and animations. - Updated wrangler configuration for compatibility and asset management.
|
|
||
| while (i < lines.length) { | ||
| const line = lines[i]; | ||
| const match = line.match(/^:::(\w+)(?:\s+(.+))?$/); |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
|
🚧 Skipped: PR exceeds review size limit. Please split into smaller PRs and re-run. |
There was a problem hiding this comment.
Code Review
This pull request introduces a major expansion of the platform, adding AWS backend services for WASM compilation and execution, as well as comprehensive administrative and developer tools for managing bits, packages, and user profiles. Feedback identifies a high-severity security vulnerability in the ECS compiler related to SSRF and potential memory exhaustion when fetching remote payloads. Further recommendations include centralizing duplicated provider constants, completing the JSON Pointer resolution logic in the developer debug tool to handle escaped characters, and fixing hardcoded network permissions in the package publication interface that currently limit user capabilities.
Comment on lines
+168
to
+182
| CompilationJobRef::Remote { remote_url } => { | ||
| tracing::info!(url = %remote_url, "Fetching remote compilation job"); | ||
| let response = | ||
| tokio::time::timeout(Duration::from_secs(30), reqwest::get(&remote_url)) | ||
| .await | ||
| .map_err(|_| "Remote job fetch timed out".to_string())? | ||
| .map_err(|e| format!("Failed to fetch remote job: {e}"))?; | ||
| if !response.status().is_success() { | ||
| return Err(format!("HTTP {} from job URL", response.status())); | ||
| } | ||
| let body = response | ||
| .text() | ||
| .await | ||
| .map_err(|e| format!("Failed to read response: {e}"))?; | ||
| return parse_inline_jobs(&body); |
There was a problem hiding this comment.
The resolve_compilation_jobs function fetches a remote job payload from an arbitrary URL provided in the COMPILATION_JOB environment variable. This presents two significant risks:
- SSRF (Server-Side Request Forgery): An attacker who can influence the
remote_url(e.g., via the API that produces the SQS message) could cause the ECS task to make requests to internal AWS metadata services (like169.254.169.254) or other internal network resources. - Resource Exhaustion (OOM): The code reads the entire response body into memory using
response.text().awaitwithout any size limits. A malicious URL pointing to a multi-gigabyte file would cause the task to crash with an Out-Of-Memory (OOM) error.
Recommendation:
- Validate that the
remote_urlbelongs to a trusted domain (e.g., your project's S3 bucket). - Implement a maximum size limit when reading the response body.
Comment on lines
+27
to
+36
| const PROVIDER_OPTIONS = [ | ||
| "Local", | ||
| "Premium", | ||
| "Hosted", | ||
| "hosted:openrouter", | ||
| "hosted:openai", | ||
| "hosted:anthropic", | ||
| "hosted:azure", | ||
| "hosted:vertex", | ||
| ] as const; |
There was a problem hiding this comment.
The PROVIDER_OPTIONS constant (and specifically the list of hosted provider strings) is duplicated across multiple files, including apps/desktop/app/admin/bits/add/page.tsx and apps/desktop/app/admin/bits/edit/page.tsx. This duplication makes the code harder to maintain and increases the risk of inconsistencies when new providers are added.
Consider moving these shared constants to a centralized location, such as a constants.ts file or within the @tm9657/flow-like-ui package if they are used by other components.
Comment on lines
+106
to
+120
| function resolveRef( | ||
| ref: string, | ||
| rootSchema: JsonSchema, | ||
| ): JsonSchema | undefined { | ||
| const parts = ref.replace(/^#\//, "").split("/"); | ||
| let current: unknown = rootSchema; | ||
| for (const part of parts) { | ||
| if (current && typeof current === "object" && part in current) { | ||
| current = (current as Record<string, unknown>)[part]; | ||
| } else { | ||
| return undefined; | ||
| } | ||
| } | ||
| return current as JsonSchema | undefined; | ||
| } |
There was a problem hiding this comment.
The resolveRef function implementation for JSON Pointer resolution is incomplete. It does not handle escaped characters as defined in RFC 6901. Specifically, it should unescape ~1 to / and ~0 to ~ within each segment of the path. Without this, resolution will fail for schemas that use these characters in property names (which is common in complex JSON schemas).
Suggested change
| function resolveRef( | |
| ref: string, | |
| rootSchema: JsonSchema, | |
| ): JsonSchema | undefined { | |
| const parts = ref.replace(/^#\//, "").split("/"); | |
| let current: unknown = rootSchema; | |
| for (const part of parts) { | |
| if (current && typeof current === "object" && part in current) { | |
| current = (current as Record<string, unknown>)[part]; | |
| } else { | |
| return undefined; | |
| } | |
| } | |
| return current as JsonSchema | undefined; | |
| } | |
| function resolveRef( | |
| ref: string, | |
| rootSchema: JsonSchema, | |
| ): JsonSchema | undefined { | |
| const parts = ref.replace(/^#\//, "").split("/"); | |
| let current: unknown = rootSchema; | |
| for (const part of parts) { | |
| const unescapedPart = part.replace(/~1/g, "/").replace(/~0/g, "~"); | |
| if (current && typeof current === "object" && unescapedPart in current) { | |
| current = (current as Record<string, unknown>)[unescapedPart]; | |
| } else { | |
| return undefined; | |
| } | |
| } | |
| return current as JsonSchema | undefined; | |
| } |
Comment on lines
+215
to
+217
| tcpEnabled: false, | ||
| udpEnabled: false, | ||
| dnsEnabled: false, |
There was a problem hiding this comment.
The network permissions tcpEnabled, udpEnabled, and dnsEnabled are hardcoded to false during the publication process. This is a regression or omission compared to the new app/developer/publish/page.tsx implementation, which correctly utilizes form data for these fields. This prevents users from publishing packages that require these specific network capabilities through this interface.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request makes significant improvements to the project's GitHub Actions workflows, coding standards, and documentation for Rust node creation. The main themes are: modernizing and securing CI workflows, enhancing documentation for developers, and clarifying best practices for node development.
CI/CD Workflow Improvements
fossa.ymlworkflow with two new workflows:fossa-scan.ymlfor license scans on push andfossa-test.ymlfor license checks on pull requests, both using the maintained FOSSA GitHub Action and improved artifact handling. [1] [2] [3]audit.ymlworkflow to focus on Rustcargo-audit, adds caching for dependencies, and uses pinned action versions for better security and reproducibility.clippy.ymlworkflow with a new "Lint & Format" workflow that separates linting (clippy) and formatting (fmt) checks, and uses stricter linting rules.benchmark.ymlandcodeql.ymlworkflows, streamlining CI by eliminating unused or redundant jobs. [1] [2]alpha-release.ymlworkflow to use pinned action versions, adds steps to decode and inject secrets for Google/Firebase services, and includes new environment variables for analytics. [1] [2] [3] [4]Documentation and Standards Updates
stashorreset) without user confirmation.Summary of Most Important Changes
CI/CD Workflow Modernization
fossa-scan.ymlandfossa-test.ymlfor license scanning and compliance, and removes unused workflows for benchmarking and CodeQL analysis. [1] [2] [3] [4] [5]audit.ymlandclippy.ymlworkflows for Rust code by adding caching, stricter linting, and separating formatting checks, all with pinned action versions for security. [1] [2]alpha-release.ymlto use pinned actions, securely decode secrets for platform-specific builds, and add analytics environment variables. [1] [2] [3] [4]Developer Documentation and Standards
These changes collectively improve CI reliability, developer experience, and code safety across the project.