Fix: cuga integration #10989

Adam-Aghili · 2025-12-12T15:56:22Z

Summary by CodeRabbit

New Features
- Added MCP Streamable HTTP transport alongside existing SSE for improved messaging protocol support.
- Extended model provider support including IBM watsonx.ai and Ollama integrations.
Security & Authentication
- Enforced authentication across multiple API endpoints for improved access control.
- Enhanced file handling with path traversal protections for profile pictures and downloads.
Bug Fixes
- Improved session management in chat components with fallback logic.
- Fixed API key access control to return consistent error responses.
Chores
- Updated dependencies including FastAPI and language model libraries.
- Refined starter project components with updated documentation references.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

* Revert "Revert "docs: update component documentation links to individual pages"" This reverts commit 0bc27d6. * [autofix.ci] apply automated fixes * llm-selector-renamed * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Apply suggestions from code review * [autofix.ci] apply automated fixes * Apply suggestions from code review * [autofix.ci] apply automated fixes * rebuild-component-index * update-component-index * [autofix.ci] apply automated fixes * build-index * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

…10586) * fix: resolved merge conflict * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: create a new message to avoid mutating shared instances * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: resolved merge conflict * [autofix.ci] apply automated fixes * fix: resolved merge conflict * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: added a check for using exisiting message object * fix: remove unwanted import * fix: resolve merge conflict * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: add None checks to prevent errors * fix: resolve merge conflict * [autofix.ci] apply automated fixes * fix: backend unit test * fix: resolve merge conflict * [autofix.ci] apply automated fixes * fix: ruff styling errors * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* feat: optimize dropdown filtering and output resolution misc: remove commented out code feat: add refresh button and sort flows by updated_at date from most to least recent ruff (flow.py imports) improve fn contracts in runflow and improve flow id retrieval logic based on graph exec context add dynamic outputs and optimize db lookups add flow cache and db query for getting a single flow by id or name cache run outputs and add refresh context to build config misc misc use ids for flow retrieval misc fix missing flow_id bug add unit and integration tests add input field flag to persist hidden fields at runtime move unit tests and change input and output display names chore: update component index fix: fix tool mode when flow has multiple inputs by dynamically creating resolvers chore: update component index ruff (run_flow and tests) add resolvers to outputs map for non tool mode runtime fix tests (current flow excluded in db fetch) mypy (helpers/flow.py) chore: update component index remove unused code and clean up comments fix: persist user messages in chat-based flows via session injection chore: update component index empty string fallback for sessionid in chat.py chore: update component index chore: update component index cache invalidation with timestamps misc add cache invalidation chore: update component index chore: update comp idx ruff (run_flow.py) change session_id input type to MessageTextInput chore: update component index chore: update component index chore: update component index chore: update component index sync starter projects with main chore: update component index chore: update component index chore: update component index remove dead code + impl coderabbit suggestions chore: update component index chore: update component index clear options metadata before updating chore: update component index sync starter projects with main sync starter projects with main default param val (list flows) * chore: update component index * add integration tests * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) --------- Co-authored-by: Cristhian Zanforlin <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

upgrade altk:

…ls (#10806) * use existing event loop instead of recreating when calling mcp tools * component index * [autofix.ci] apply automated fixes * starter projects * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* removed unnecessary buttons on the flows page * added the asChild prop and hid button so they are not accessible by tabbing * added tab index to ensure that buttons as not selectable using the tab * made sure that accessibility is possible one bulk selection is enabled * made sure that accessibility is possible one bulk selection is enabled * Fix: added testcases and refactor * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* remove console warnings * [autofix.ci] apply automated fixes --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: mask value to hide null field being returned * [autofix.ci] apply automated fixes * fix: added testcase and updated functionality --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Carlos Coelho <[email protected]> Co-authored-by: Olayinka Adelakun <[email protected]>

#10827) Fix: Allow refresh list button to stay stagnant while zoom (Safari) (#10777) * remove sticky as it was causing the refresh list to float on safari * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

This reverts commit 423419e.

* fix: Ollama model list fails to load in Agent and Ollama components * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: made sure the tab is visible * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Fix: added typing * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: added testcases * fix: added handleOnValue change function and created a helper file --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: Carlos Coelho <[email protected]>

Co-authored-by: Sami Marreed <[email protected]>

Remove DataFrameToToolsetComponent and related tests Deleted the DataFrameToToolsetComponent implementation, its import/registration in the processing module, and all associated unit tests. This cleans up unused code and test files related to converting DataFrame rows into toolset actions.

fix: Proper parsing of GCP credentials JSON (#10828) * fix: Proper parsing of GCP credentials JSON * Update save_file.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_save_file_component.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Fix GCP issues * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Update test_save_file_component.py * Update save_file.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Update save_file.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update save_file.py * Fix ruff errors * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Suppress SIGSEGV errors on startup (#10849) * fix: Suppress SIGSEGV errors * Update test_cli.py * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * Update News Aggregator.json Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Don't fail if doc column is missing * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Surface warning message to the UI * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Update test_docling_utils.py * [autofix.ci] apply automated fixes * Update test_docling_utils.py --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

) * fix: Support Batch Run with watsonX (#10848) * fix: Support Batch Run with watsonX * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update batch_run.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Image upload for Gemini/Anthropic (#10867) * Fix image upload for Gemini/Anthropic and ChatOutput session_id preservation * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix ruff erros * [autofix.ci] apply automated fixes * resolve conflicts * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * build component index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) --------- Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Himavarsha <[email protected]>

fix: Clean up the default startup logging (#10842) * fix: Clean up the default startup logging * [autofix.ci] apply automated fixes * Update manager.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Update test_security_cors.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Himavarsha <[email protected]>

fix lfx serve asyncio event loop bug

#10896) * fixed counts * fix: Update LangflowCounts component to format star and Discord counts --------- Co-authored-by: Deon Sanchez <[email protected]>

…10905) port lfx serve test fix from main

* fix _noopresult not iterable and session.add never awaited error and warning, respectively * just make the add stub sync

* fix _noopresult not iterable and session.add never awaited error and warning, respectively * just make the add stub sync * the real final solution v3 * real solution v4 * revert * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* add mcp cleanup function * refactor(mcp_cleanup.py): simplify error handling using contextlib.suppress to improve code readability test(mcp_cleanup.py): update tests to use context manager for patching to enhance clarity and maintainability --------- Co-authored-by: Adam Aghili <[email protected]>

…all necessary files are tracked fix(Makefile): add --no-sources flag to uv build command for langflow_base to optimize build process

… in nightly build workflow to streamline the process

…flag for Langflow Base CLI to ensure proper build configuration fix(Makefile): remove --no-sources from build_langflow_base to align with updated build command in release workflow

…upport fix(deps.py): move certain imports outside TYPE_CHECKING for FastAPI compatibility and update type hinting for get_cache_service function

…0922) fix: correctly raise file not found errors in File GET endpoints (#10908) * Clean up the file GET endpoints * Add test * [autofix.ci] apply automated fixes * ruff/mypy * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Fix issues with async * use uvlock from main * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare <[email protected]> Co-authored-by: Himavarsha <[email protected]>

* Fix image pathing to operate with s3 storage * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * add test * [autofix.ci] apply automated fixes * ruff * Add abstract method annotation * [autofix.ci] apply automated fixes * fix: use parse_file_path in get_files for S3 storage compatibility --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: himavarshagoutham <[email protected]>

* port #10727 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

… FastAPI requirements fix(deps.py): update return type of get_cache_service function to use Union for better type hinting

…10948)

* fix: Add empty input check in ALTKAgent for Anthropic Shamelessly copies agent.py's empty input check to prevent Anthropic API errors. * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) --------- Co-authored-by: Jason Tsay <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

…e component (#10953)

…10768)

* feat(monitor.py): add user flow filtering to message sessions and messages endpoints to enhance data access control refactor(monitor.py): remove dependencies from route decorators and pass current_user as a parameter for better clarity and maintainability * test: update message-related test fixtures to associate messages with user-specific flows This change ensures that messages created in tests are linked to a flow specific to the active user, allowing for better filtering and organization of messages in the database. It enhances the test environment by simulating real-world usage scenarios more accurately. * chore(monitor.py): reorder import statements to follow consistent structure and improve readability

…iterable' (#10914) * fix _noopresult not iterable and session.add never awaited error and warning, respectively * just make the add stub sync * the real final solution v3 * real solution v4 * revert * fix noopresult not iterable error and add was not awaited warning * do await check in aupdate_messages * [autofix.ci] apply automated fixes --------- Co-authored-by: Himavarsha <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix: Support tool mode in components without inputs (#10959) * fix: Support tool mode in components without inputs * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Properly set a default Ollama base url (#10940) * fix: Properly set a default Ollama base url * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Add authentication to various endpoints (#10977) * fix: Add authentication to various endpoints * [autofix.ci] apply automated fixes * Couple more endpoints * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update log_router.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update mcp.py * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Fix ruff errors * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_endpoints.py * Fix tests * Update Nvidia Remix.json * Update test_registration.py * [autofix.ci] apply automated fixes * Update test_files.py Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * Address review comments Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Review updates Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* feat: upgrade cuga version * chore: add component index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: cuga component * chore: update index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix: upgrade cuga * fix: new component index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * chore: add component index * [autofix.ci] apply automated fixes * chore: update package * chore: update index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * fix: cuga relatetive temp * fix: update cuga * chore: add component index * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix: remove space * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

coderabbitai · 2025-12-12T15:56:45Z

Caution

Review failed

The pull request is closed.

Walkthrough

Large multi-faceted update introducing MCP Streamable HTTP transport, authentication enforcement across API endpoints, session/message handling refinements in chat components, startup project template updates with component behavior changes and provider expansion, and miscellaneous dependency/configuration adjustments.

Changes

Cohort / File(s)	Summary
Configuration & Workflows `.env.example`, `.github/workflows/cross-platform-test.yml`, `.github/workflows/nightly_build.yml`, `.github/workflows/release.yml`, `.github/workflows/release_nightly.yml`	Added LANGFLOW_API_KEY_SOURCE and LANGFLOW_API_KEY environment variables; added `--prerelease=allow` flag to uv pip install commands; removed uv lock invocation from lfx directory in nightly build; switched release pre-release check to use inputs.release_tag instead of repository-derived version; added `--no-sources` flag to nightly base build command.
Dependency & Secrets `pyproject.toml`, `.secrets.baseline`	Updated cuga constraint to ~=0.2.5; updated agent-lifecycle-toolkit to ~=0.4.4; expanded secrets baseline with new Hex High Entropy String entries across starter projects and adjusted line number reference in auth utils.
API Authentication & Authorization `src/backend/base/langflow/api/log_router.py`, `src/backend/base/langflow/api/v1/chat.py`, `src/backend/base/langflow/api/v1/endpoints.py`, `src/backend/base/langflow/api/v1/users.py`, `src/backend/base/langflow/api/v1/validate.py`, `src/backend/base/langflow/api/v2/registration.py`, `src/backend/base/langflow/api/v1/monitor.py`	Added `Depends(get_current_active_user)` to log streaming/retrieval endpoints, build operation endpoints, config endpoint, user creation, validation endpoints, and monitor endpoints; implemented user-aware filtering for message sessions and messages.
File Handling & Security `src/backend/base/langflow/api/v1/files.py`, `src/backend/base/langflow/api/v2/files.py`, `src/backend/base/langflow/api/utils/core.py`	Enhanced profile picture path traversal protections; consolidated download/image endpoints to use Flow dependency; refactored download_file/download_image signatures; improved error handling with 404 for unauthorized access; added KeyError guard in remove_api_keys; fixed v2 file download with pre-flight existence check and streaming wrapper.
MCP Transport & Infrastructure `src/backend/base/langflow/api/v1/mcp.py`, `src/backend/base/langflow/api/utils/mcp/__init__.py`, `src/backend/base/langflow/api/utils/mcp/config_utils.py`	Introduced Streamable HTTP transport with ResponseNoOp wrapper and StreamableHTTP manager class; added lifecycle management (start/stop functions); exposed streamable URL builders (get_project_streamable_http_url, get_composer_streamable_http_url); refactored SSE URL generation to use base component helpers; updated MCP starter project auto-configuration to use streamable HTTP URLs.
MCP Projects & Session Management `src/backend/base/langflow/api/v1/mcp_projects.py`, `src/backend/base/langflow/api/v1/projects.py`, `src/backend/base/langflow/api/v1/mcp_utils.py`	Added per-project StreamableHTTPSessionManager and ProjectTaskGroup for lifecycle coordination; refactored project tools response to use internal _build_project_tools_response; updated get_project_composer_url to return ComposerUrlResponse with streamable/legacy URLs; replaced SSE URL matching with generalized server URL checking; added user-scoped resource listing with download endpoint path updates.
Schemas & Types `src/backend/base/langflow/api/v1/schemas.py`	Added ComposerUrlResponse model with project_id, uses_composer, streamable_http_url, legacy_sse_url, and error_message fields; extended MCPInstallRequest with optional transport field.
Flow Helpers `src/backend/base/langflow/helpers/flow.py`	Added list_flows_by_flow_folder, list_flows_by_folder_id, and get_flow_by_id_or_name functions with sortable parameters; introduced SORT_DISPATCHER mapping for asc/desc ordering.
Core Backend `src/backend/base/langflow/__main__.py`	Removed debug log statement in set_var_for_macos_issue.
Starter Projects `src/backend/base/langflow/initial_setup/starter_projects/\*.json` (13 files)	Comprehensive updates across all starter templates: updated code hashes and dependencies (fastapi 0.120.0 → 0.123.0, langchain_cohere 0.3.3 → 0.3.5); enhanced ChatInput/ChatOutput with improved session_id handling and source building; expanded LanguageModelComponent with fetch_ibm_models and IBM watsonx.ai/Ollama support; refactored FileComponent with Docling-based processing (subprocess, OCR, markdown output); extended Agent components with provider-specific UI metadata and new fields (override_skip, track_in_telemetry, external_options); updated documentation URLs.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API Endpoint
    participant Auth Middleware
    participant Streamable HTTP Manager
    participant MCP Server
    
    Client->>API Endpoint: /build/{flow_id}/vertices
    API Endpoint->>Auth Middleware: Depends(get_current_active_user)
    alt User Authenticated
        Auth Middleware-->>API Endpoint: CurrentUser
        API Endpoint->>Streamable HTTP Manager: ensure_session_manager_running()
        Streamable HTTP Manager->>MCP Server: POST /streamable (request)
        MCP Server-->>Streamable HTTP Manager: Response (protocol)
        Streamable HTTP Manager-->>API Endpoint: StreamableHTTPSessionManager active
        API Endpoint-->>Client: 200 Vertices
    else User Not Authenticated
        Auth Middleware-->>API Endpoint: HTTPException 401
        API Endpoint-->>Client: 401 Unauthorized
    end

sequenceDiagram
    participant Flow User
    participant Chat Endpoint
    participant ChatInput Component
    participant ChatOutput Component
    participant Message Store
    
    Flow User->>Chat Endpoint: POST message
    Chat Endpoint->>ChatInput Component: process input
    ChatInput Component->>ChatInput Component: derive session_id (local/graph context)
    ChatInput Component->>Message Store: create Message(session_id=derived_id)
    Message Store-->>ChatInput Component: Message stored
    ChatInput Component-->>Chat Endpoint: ChatInput.message_response
    Chat Endpoint->>ChatOutput Component: receive ChatInput output
    ChatOutput Component->>ChatOutput Component: preserve/derive session_id from context
    ChatOutput Component->>Message Store: create/update Message(session_id=derived_id)
    Message Store-->>ChatOutput Component: Message persisted
    ChatOutput Component-->>Chat Endpoint: ChatOutput.message_response
    Chat Endpoint-->>Flow User: Message response

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

MCP transport architecture: New Streamable HTTP transport class, lifecycle managers, and session coordination across mcp.py, mcp_projects.py, config_utils.py require careful review of initialization, error handling, and interaction with existing SSE paths.
Authentication wiring across endpoints: Multiple API files (chat.py, files.py, monitor.py, endpoints.py, users.py, validate.py) adding dependency-based auth; verify consistency and that authorization checks are not bypassed elsewhere.
File security refactoring in v1/files.py: Path traversal protections, Flow dependency injection replacing direct flow_id parameters, profile picture folder validation—requires verification of all access paths.
Starter project JSON updates: 13 files with complex interdependent changes to ChatInput/ChatOutput session handling, FileComponent Docling integration, and Agent provider ecosystem; substantial logic density in embedded code blocks.
Session ID derivation logic: New fallback chains (self.session_id or graph.session_id or default) in multiple chat components and across files; verify consistency and no session ID losses in edge cases.

Possibly related PRs

fix: Add authentication to various endpoints #10977: Adds authentication/dependency wiring to the same API endpoints (chat.py, files.py, endpoints.py, monitor.py, users.py, registration.py).
feat: adds streamable http instead of sse on mcp client #10157: Both PRs migrate MCP transport from SSE to Streamable HTTP, replacing MCPSseClient with new Streamable HTTP handlers and updating routes/session management.
fix: For every component that uses an LLM input, replace with the new LLM selector #9966: Both modify starter project JSONs (e.g., Instagram Copywriter) to add external_options/provider metadata and adjust agent_llm configurations.

Suggested labels

lgtm, backend, api-changes, security, mcp, chat-components

Suggested reviewers

jordanrfrazier
lucaseduoli

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch sami-cuga-fix

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 24dbc60 and b17adfa.

⛔ Files ignored due to path filters (2)

src/frontend/package-lock.json is excluded by !**/package-lock.json
uv.lock is excluded by !**/*.lock

📒 Files selected for processing (41)

.env.example (1 hunks)
.github/workflows/cross-platform-test.yml (5 hunks)
.github/workflows/nightly_build.yml (0 hunks)
.github/workflows/release.yml (1 hunks)
.github/workflows/release_nightly.yml (1 hunks)
.secrets.baseline (3 hunks)
pyproject.toml (1 hunks)
src/backend/base/langflow/__main__.py (0 hunks)
src/backend/base/langflow/api/log_router.py (3 hunks)
src/backend/base/langflow/api/utils/core.py (1 hunks)
src/backend/base/langflow/api/utils/mcp/__init__.py (1 hunks)
src/backend/base/langflow/api/utils/mcp/config_utils.py (6 hunks)
src/backend/base/langflow/api/v1/chat.py (4 hunks)
src/backend/base/langflow/api/v1/endpoints.py (2 hunks)
src/backend/base/langflow/api/v1/files.py (7 hunks)
src/backend/base/langflow/api/v1/mcp.py (4 hunks)
src/backend/base/langflow/api/v1/mcp_projects.py (28 hunks)
src/backend/base/langflow/api/v1/mcp_utils.py (6 hunks)
src/backend/base/langflow/api/v1/monitor.py (6 hunks)
src/backend/base/langflow/api/v1/projects.py (4 hunks)
src/backend/base/langflow/api/v1/schemas.py (1 hunks)
src/backend/base/langflow/api/v1/users.py (1 hunks)
src/backend/base/langflow/api/v1/validate.py (2 hunks)
src/backend/base/langflow/api/v2/files.py (3 hunks)
src/backend/base/langflow/api/v2/registration.py (2 hunks)
src/backend/base/langflow/helpers/flow.py (3 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Basic Prompt Chaining.json (5 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Basic Prompting.json (5 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Blog Writer.json (9 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json (7 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json (9 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json (10 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json (8 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json (25 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Invoice Summarizer.json (23 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Knowledge Ingestion.json (5 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Knowledge Retrieval.json (6 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json (13 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json (7 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Price Deal Finder.json (23 hunks)
src/backend/base/langflow/initial_setup/starter_projects/Research Agent.json (23 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

mendonk and others added 30 commits November 25, 2025 10:34

fix: Add dynamic tool mode descriptions for agent integration (#10744)

5040efc

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix: Add profile picture management and API endpoints (#10763)

c46d31c

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

deps: upgrade altk (#10804)

2d735a7

upgrade altk:

fix: Improve file processing robustness and error feedback (#10781)

956baf6

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix: resolve merge conflict (#10831)

4529e92

fix: fixed warning on console (#10745) (#10830)

f7a82f3

* remove console warnings * [autofix.ci] apply automated fixes --------- Co-authored-by: Olayinka Adelakun <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

feat: Add superuser support for running any user flow (#10808)

423419e

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Revert "feat: Add superuser support for running any user flow (#10808)"

a562670

This reverts commit 423419e.

chore: update cuga version (#10737) (#10738)

2a3d424

Co-authored-by: Sami Marreed <[email protected]>

fix: anthropic constants (#10862)

9be8720

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix: Add feature flag check to simplified_run_flow_session (#10863)

5b09d60

add x-api-key auth option

7f5940e

fix(auth): Disallow refresh token access to API endpoints

d04142b

Fix: lfx serve aysncio event loop error (#10888)

efcae53

fix lfx serve asyncio event loop bug

viktoravelino and others added 27 commits December 4, 2025 18:39

fix: Update LangflowCounts component to format star and Discord counts (

1174a6a

#10896) * fixed counts * fix: Update LangflowCounts component to format star and Discord counts --------- Co-authored-by: Deon Sanchez <[email protected]>

Fix: update lfx serve tests to mock the .serve() to prevent hanging (#…

99e73b6

…10905) port lfx serve test fix from main

Fix: lfx run agent _noopresult not iterable error (#10893)

3beffea

* fix _noopresult not iterable and session.add never awaited error and warning, respectively * just make the add stub sync

fix(workflows): include src/lfx/uv.lock in git add command to ensure …

a62b851

…all necessary files are tracked fix(Makefile): add --no-sources flag to uv build command for langflow_base to optimize build process

chore(nightly_build.yml): remove unnecessary directory change for lfx…

8245904

… in nightly build workflow to streamline the process

chore(release_nightly): update build command to include --no-sources …

44a9f70

…flag for Langflow Base CLI to ensure proper build configuration fix(Makefile): remove --no-sources from build_langflow_base to align with updated build command in release workflow

chore(chat.py): remove unused future annotations import to clean up code

5b7e332

fix(chat.py): add future annotations import for better type hinting s…

3c1d0d2

…upport fix(deps.py): move certain imports outside TYPE_CHECKING for FastAPI compatibility and update type hinting for get_cache_service function

chore: print version

6566275

chore: use release_tag as version

22c9237

fix: --prerelease=allow

5cffeae

Feat: migrate MCP transport from SSE to streamable http (#10934)

5550861

* port #10727 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

refactor(deps.py): reorganize imports for clarity and compliance with…

5e54758

… FastAPI requirements fix(deps.py): update return type of get_cache_service function to use Union for better type hinting

fix: update sidebar icon styles to maintain backward compatibility (#…

af529b3

…10948)

fix: add condition to not make folder download fail when flow has Not…

f184989

…e component (#10953)

fix: Enhance error handling for langchain-core version compatibility (#…

7b66dfb

…10768)

Adam-Aghili requested a review from jordanrfrazier December 12, 2025 15:56

Adam-Aghili closed this Dec 12, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix: cuga integration #10989

Fix: cuga integration #10989

Uh oh!

Adam-Aghili commented Dec 12, 2025 •

edited by coderabbitai bot

Loading

Uh oh!

coderabbitai bot commented Dec 12, 2025 •

edited

Loading

Review failed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

15 participants

Fix: cuga integration #10989

Fix: cuga integration #10989

Uh oh!

Conversation

Adam-Aghili commented Dec 12, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Dec 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review failed

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Possibly related PRs

Suggested labels

Suggested reviewers

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

15 participants

Adam-Aghili commented Dec 12, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Dec 12, 2025 •

edited

Loading