fix: Avoid foreign key violation on span table with topological sort by erichare · Pull Request #12242 · langflow-ai/langflow

erichare · 2026-03-18T18:02:25Z

This pull request improves the reliability and correctness of span insertion into the database by ensuring parent spans are always inserted before their children, which is necessary for PostgreSQL's foreign key enforcement. It introduces new helper methods for resolving and sorting spans, and adds comprehensive tests to validate this behavior and handle edge cases like cycles.

Core improvements to span insertion order:

Refactored _flush_to_database in native.py to pre-compute UUIDs for spans and perform a topological sort, ensuring that parent spans are inserted before their children, preventing foreign key violations in PostgreSQL.
Added _resolve_span_uuids and _topological_sort_spans helper methods to encapsulate UUID resolution and topological sorting logic for spans, including cycle detection and safe handling of unresolvable dependencies.

Testing and validation:

Added the TestTopologicalSortSpans test class to verify correct sorting of spans in various scenarios, including no parents, nested spans, cycles, and self-parenting.
Added the TestFlushParentChildOrder test class to ensure that the database merge order respects parent-before-child insertion, even when spans are provided out of order.

coderabbitai · 2026-03-18T18:02:31Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8319c2c8-2de0-454f-9b25-0e896c857c6b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix-foreign-key-backport

📝 Coding Plan

Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-03-18T18:07:34Z

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	23.49% (8246/35103)	16.2% (4466/27557)	16.26% (1200/7376)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
2723	0 💤	0 ❌	0 🔥	45.065s ⏱️

Adam-Aghili

LGTM

Tested general functionality traces for LLM and agent component and checked for previously discoverd bugs. Did not find any.

codecov · 2026-03-18T18:16:10Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 37.42%. Comparing base (0a6f7e0) to head (910aa42).
⚠️ Report is 1 commits behind head on release-1.8.2.

❌ Your project status has failed because the head coverage (41.63%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-1.8.2   #12242      +/-   ##
=================================================
+ Coverage          37.39%   37.42%   +0.02%     
=================================================
  Files               1592     1593       +1     
  Lines              78364    78398      +34     
  Branches           11890    11890              
=================================================
+ Hits               29308    29341      +33     
  Misses             47384    47384              
- Partials            1672     1673       +1

Flag	Coverage Δ
backend	`57.69% <100.00%> (+0.07%)`	⬆️
frontend	`21.05% <ø> (ø)`
lfx	`41.63% <ø> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...c/backend/base/langflow/services/tracing/native.py	`95.75% <100.00%> (+3.66%)`	⬆️
...end/base/langflow/services/tracing/span_sorting.py	`100.00% <100.00%> (ø)`

... and 12 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Cristhianzl

Summary

This PR fixes a real PostgreSQL foreign key violation when child spans are inserted before their parents. It introduces two new methods (_resolve_span_uuids and _topological_sort_spans) and comprehensive tests.

🔴 CRITICAL: Security & PII

PII in Logs - ZERO TOLERANCE

The only new log is a logger.warning that reports the count of affected spans — no PII.

General Security

All user inputs are sanitized and validated at system boundaries
No secrets/credentials in code
No internal details exposed in error messages to end users
External/untrusted data is never trusted without validation
SQL queries use parameterized statements (uses SQLAlchemy ORM session.merge)
No hardcoded API keys, tokens, or passwords
Sensitive data is not stored in plain text

Result: ✅ PASS

🔴 CRITICAL: DRY Principle

Types/Models: No duplicate type definitions
Classes: No duplicate class implementations
Functions: UUID resolution logic was previously inline in _flush_to_database — the PR correctly extracts it into _resolve_span_uuids, eliminating duplication
Constants: No duplicate constant definitions
Validation: No duplicate validation logic
API calls: N/A

Result: ✅ PASS

🔴 CRITICAL: File Structure Limits

Hard Limits Per File — `native.py`

Metric	Maximum Allowed	Value After PR	Status
Lines of code (excl. imports, types, docs)	300	~633	❌ VIOLATION
Functions with DIFFERENT responsibilities	5	13+	❌ VIOLATION
Functions with SAME responsibility	10	N/A	✅ OK
Main classes per file	1	1 (NativeTracer)	✅ OK
Small related classes	5	0	✅ OK

Note: The file was already in violation before this PR (559 lines, 11 methods). The PR adds +74 net lines and 2 new methods without any structural refactoring.

Methods in native.py after PR (13 total, 6+ different responsibility categories):

Responsibility	Methods
Orchestration	`add_trace`, `end_trace`, `end`, `wait_for_flush`
Data Persistence	`_flush_to_database`
Formatting/Serialization	`_build_completed_span`, `_resolve_span_uuids`
Parsing/Sorting	`_topological_sort_spans`, `_map_trace_type`
External Communication	`get_langchain_callback`, `add_langchain_span`, `end_langchain_span`
Configuration	`_is_enabled`

Mixed prefixes in same file: add_*, end_*, _flush_*, _build_*, get_*, _resolve_*, _topological_sort_*, _map_*, _is_*

Hard Limits Per File — `test_native_tracer.py`

Metric	Maximum Allowed	Value After PR	Status
Lines of code	300	~606	❌ VIOLATION

Single Responsibility Test

Can you describe native.py in ONE sentence WITHOUT "and" or "or"?

❌ "Manages tracing and resolves span UUIDs and performs topological sorting and persists to database and manages LangChain callbacks"

Coesion — Over-Engineering Check

The two new methods are NOT over-engineering:

_resolve_span_uuids has ~25 lines of real logic, testable in isolation
_topological_sort_spans has ~30 lines of real logic, is @staticmethod, has its own tests
Both are used by _flush_to_database and could be imported from another module

✅ Extraction is justified — but they should live in separate files per the rules.

Result: ❌ FAIL — 3 hard limit violations

🟠 IMPORTANT: Architecture & Structure

Single Responsibility Principle

Each file has ONE clear responsibility — ❌ native.py has 6+ responsibilities
Each function does ONE thing — new methods are well-focused
Each class has ONE reason to change — debatable given mixed concerns
No function names with "and", "or", "then", or vague "process"
No monolithic files that "do everything" — ❌ native.py is monolithic

Layer Separation

No business logic in controllers/handlers
No HTTP concerns in service layer
Repository operations are within DB session scope

Recommended File Structure

services/tracing/
├── native.py                → Orchestration: add_trace, end_trace, end, wait_for_flush
├── native_callback.py       → (already exists) callback handler
├── native_persistence.py    → Data Persistence: _flush_to_database, _resolve_span_uuids
├── span_sorting.py          → Sorting: _topological_sort_spans (@staticmethod, reusable)
└── formatting.py            → (already exists) safe_int_tokens

Result: ❌ FAIL

🟠 IMPORTANT: Code Quality

SOLID Principles

Clean Code

Strong typing: Explicit type annotations on parameters and return values
Early returns: Present in topological sort (cycle detection break)
No magic values: No magic numbers/strings introduced
Naming: _resolve_span_uuids and _topological_sort_spans are descriptive and intention-revealing
Immutability: ⚠️ span_data["parent_span_id"] = None mutates the original dict in-place during cycle handling — may cause unexpected side effects if completed_spans is accessed after the sort

Specific Code Issues

Issue 1 — In-place mutation of original data (_topological_sort_spans):

if isinstance(span_data, dict):
    span_data["parent_span_id"] = None

This modifies self.completed_spans in-place. If any downstream code relies on parent_span_id after flush, it will see inconsistent data. Should create a copy or use a new dict.

Issue 2 — Redundant local import (_resolve_span_uuids):

from uuid import UUID as UUID_

UUID is already imported at the top of the file (from uuid import UUID, uuid5). The local import creates an unnecessary alias. Same issue exists in _flush_to_database.

Result: ⚠️ PARTIAL PASS — 2 issues to address

🟠 IMPORTANT: Error Handling

Expected errors are handled explicitly — cycles detected and handled with warning
No silent failures — logger.warning on cycle detection
Errors include meaningful context — warning message includes count of affected spans
Clear distinction between recoverable errors and fatal exceptions — cycle is treated as recoverable (breaks parent relationship), not as exception
Inputs validated at system boundaries — invalid UUIDs handled via uuid5 fallback

Result: ✅ PASS

🟡 RECOMMENDED: Observability

Structured logging at key decision points — logger.warning on cycle
Appropriate log levels — warning is correct for abnormal but recoverable situation
NO sensitive data in logs — only span count is logged
No redundant logs

Result: ✅ PASS

🟡 RECOMMENDED: Comments

No comments explaining WHAT — comments explain WHY (PostgreSQL FK enforcement)
Comments only explain WHY — non-obvious decisions documented
No commented-out code
Docstrings on new methods are explanatory and relevant

Result: ✅ PASS

🟢 TESTING

Coverage Requirements

Unit tests for core logic — TestTopologicalSortSpans covers the algorithm
Success cases — test_no_parents, test_child_after_parent, test_deep_nesting
Error cases — test_cycle_two_node, test_self_parent_span
Edge cases — test_empty_input, test_parent_outside_batch
Invalid inputs — ❌ No test for _resolve_span_uuids with string parent IDs (non-UUID)

Test Quality

Clear test names: test_child_after_parent, test_deep_nesting, test_cycle_two_node
Independent tests — each test generates its own UUIDs
Deterministic tests
External dependencies mocked — TestFlushParentChildOrder uses AsyncMock for session
Tests validate behavior, not implementation
Clear Arrange-Act-Assert structure

Test Issues

Issue 3 — Incorrect patch path (test_flush_inserts_parent_before_child):
The test patches lfx.services.deps.session_scope, but the import in native.py is from lfx.services.deps import session_scope. If the module has already resolved the import, the patch may not work correctly. The patch should target langflow.services.tracing.native.session_scope (the module that uses the import).

Issue 4 — Missing test for _resolve_span_uuids:
This method has significant branching logic (valid UUID vs invalid, parent as UUID instance vs string) that is not tested in isolation.

Result: ⚠️ PARTIAL PASS — 2 issues

🟢 LEGACY CODE AWARENESS

Not prolonging bad patterns — the extraction of methods is a step in the right direction
New code is cleanly structured internally
❌ Does not address the pre-existing structural debt in native.py

Result: ⚠️ PARTIAL PASS

📋 Final Checklist

🔴 CRITICAL (Blockers)
[x] No PII in any logs, prints, or webhook messages
[x] No secrets/credentials in code
[x] No duplicate types, classes, or logic (DRY)
[ ] No file exceeds 300 lines                                    ❌ native.py ~633, test ~606
[ ] No file has more than 5 functions with DIFFERENT responsibilities  ❌ native.py has 6+ categories
[x] No file has more than 10 functions even with same responsibility
[x] No file has more than 1 main class
[ ] No mixed responsibility prefixes in same file                 ❌ add_*, end_*, _flush_*, _build_*, get_*, _resolve_*, _topological_sort_*

🟠 IMPORTANT (Must fix)
[ ] Each file/function has single responsibility                  ❌ native.py has 6+ responsibilities
[x] Proper error handling (no silent failures)
[x] Strong typing (no any/object types)
[x] Inputs validated at boundaries
[x] Types in dedicated types file (N/A)
[x] Constants in dedicated constants file (LANGFLOW_SPAN_NAMESPACE and TYPE_MAP could be extracted)

🟡 RECOMMENDED (Should fix)
[x] Appropriate logging at key points
[x] No unnecessary comments
[x] No over-engineering

🟢 NICE TO HAVE (Polish)
[x] Unit tests for core logic
[ ] Tests cover success, error, and edge cases                    ⚠️ Missing _resolve_span_uuids tests
[x] Not prolonging legacy bad patterns

All Issues Summary

#	Severity	Description	File	Action Required
1	🔴 CRITICAL	File exceeds 300 lines (633 lines)	`native.py`	Split by responsibility into separate files
2	🔴 CRITICAL	13+ functions with 6+ different responsibility categories	`native.py`	Extract to separate files per category
3	🔴 CRITICAL	Mixed function prefixes in same file	`native.py`	Follows from fix #1/#2
4	🟠 IMPORTANT	In-place mutation of `span_data["parent_span_id"]` in cycle handling	`_topological_sort_spans`	Create a copy instead of mutating original
5	🟠 IMPORTANT	Redundant `from uuid import UUID as UUID_` inside method	`_resolve_span_uuids`	Use the top-level `UUID` import
6	🟢 TESTING	Patch path `lfx.services.deps.session_scope` may not work	`test_flush_inserts_parent_before_child`	Patch at `langflow.services.tracing.native.session_scope`
7	🟢 TESTING	No isolated test for `_resolve_span_uuids`	`test_native_tracer.py`	Add tests for string parent IDs, invalid UUIDs

Cristhianzl

lgtm

…isable) (#12553) * fix: Fixes Kubernetes deployment crash on runtime_port parsing (#11968) (#11975) * feat: add runtime port validation for Kubernetes service discovery * test: add unit tests for runtime port validation in Settings * fix: improve runtime port validation to handle exceptions and edge cases Co-authored-by: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai> * fix(frontend): show delete option for default session when it has messages (#11969) * feat: add documentation link to Guardrails component (#11978) * feat: add documentation link to Guardrails component * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * feat: traces v0 (#11689) (#11983) * feat: traces v0 v0 for traces includes: - filters: status, token usage range and datatime - accordian rows per trace Could add: - more filter options. Ecamples: session_id, trace_id and latency range * fix: token range * feat: create sidebar buttons for logs and trace add sidebar buttons for logs and trace remove lods canvas control * fix: fix duplicate trace ID insertion hopefully fix duplicate trace ID insertion on windows * fix: update tests and alembic tables for uts update tests and alembic tables for uts * chore: add session_id * chore: allo grouping by session_id and flow_id * chore: update race input output * chore: change run name to flow_name - flow_id was flow_name - trace_id now flow_name - flow_id * facelift * clean up and add testcases * clean up and add testcases * merge Alembic detected multiple heads * [autofix.ci] apply automated fixes * improve testcases * remodel files * chore: address gabriel simple changes address gabriel simple changes in traces.py and native.py * clean up and testcases * chore: address OTel and PG status comments #11689 (comment) #11689 (comment) * chore: OTel span naming convention model name is now set using name = f"{operation} {model_name}" if model_name else operation * add traces * feat: use uv sources for CPU-only PyTorch (#11884) * feat: use uv sources for CPU-only PyTorch Configure [tool.uv.sources] with pytorch-cpu index to avoid ~6GB CUDA dependencies in Docker images. This replaces hardcoded wheel URLs with a cleaner index-based approach. - Add pytorch-cpu index with explicit = true - Add torch/torchvision to [tool.uv.sources] - Add explicit torch/torchvision deps to trigger source override - Regenerate lockfile without nvidia/cuda/triton packages - Add required-environments for multi-platform support * fix: update regex to only replace name in [project] section The previous regex matched all lines starting with `name = "..."`, which incorrectly renamed the UV index `pytorch-cpu` to `langflow-nightly` during nightly builds. This caused `uv lock` to fail with: "Package torch references an undeclared index: pytorch-cpu" The new regex specifically targets the name field within the [project] section only, avoiding unintended replacements in other sections like [[tool.uv.index]]. * style: fix ruff quote style * fix: remove required-environments to fix Python 3.13 macOS x86_64 CI The required-environments setting was causing hard failures when packages like torch didn't have wheels for specific platform/Python combinations. Without this setting, uv resolves optimistically and handles missing wheels gracefully at runtime instead of failing during resolution. --------- * LE-270: Hydration and Console Log error (#11628) * LE-270: add fix hydration issues * LE-270: fix disable field on max token on language model --------- * test: add wait for selector in mcp server tests (#11883) * Add wait for selector in mcp server tests * [autofix.ci] apply automated fixes * Add more awit for selectors * [autofix.ci] apply automated fixes --------- * fix: reduce visual lag in frontend (#11686) * Reduce lag in frontend by batching react events and reducing minimval visual build time * Cleanup * [autofix.ci] apply automated fixes * add tests and improve code read * [autofix.ci] apply automated fixes * Remove debug log --------- * feat: lazy load imports for language model component (#11737) * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * comp index * docs: azure default temperature (#11829) * change-azure-openai-default-temperature-to-1.0 * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes --------- * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix unit test? * add no-group dev to docker builds * [autofix.ci] apply automated fixes --------- * feat: generate requirements.txt from dependencies (#11810) * Base script to generate requirements Dymanically picks dependency for LanguageM Comp. Requires separate change to remove eager loading. * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * Add CLI command to create reqs * correctly exclude langchain imports * Add versions to reqs * dynamically resolve provider imports for language model comp * Lazy load imports for reqs, some ruff fixes * Add dynamic resolves for embedding model comp * Add install hints * Add missing provider tests; add warnings in reqs script * Add a few warnings and fix install hint * update comments add logging * Package hints, warnings, comments, tests * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Add alias for watsonx * Fix anthropic for basic prompt, azure mapping * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * ruff * [autofix.ci] apply automated fixes * test formatting * ruff * [autofix.ci] apply automated fixes --------- * fix: add handle to file input to be able to receive text (#11825) * changed base file and file components to support muitiple files and files from messages * update component index * update input file component to clear value and show placeholder * updated starter projects * [autofix.ci] apply automated fixes * updated base file, file and video file to share robust file verification method * updated component index * updated templates * fix whitespaces * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * add file upload test for files fed through the handle * [autofix.ci] apply automated fixes * added tests and fixed things pointed out by revies * update component index * fixed test * ruff fixes * Update component_index.json * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * updated component index * updated component index * removed handle from file input * Added functionality to use multiple files on the File Path, and to allow files on the langflow file system. * [autofix.ci] apply automated fixes * fixed lfx test * build component index --------- * docs: Add AGENTS.md development guide (#11922) * add AGENTS.md rule to project * change to agents-example * remove agents.md * add example description * chore: address cris I1 comment address cris I1 comment * chore: address cris I5 address cris I5 * chore: address cris I6 address cris I6 * chore: address cris R7 address cris R7 * fix testcase * chore: address cris R2 address cris R2 * restructure insight page into sidenav * added header and total run node * restructing branch * chore: address gab otel model changes address gab otel model changes will need no migration tables * chore: update alembic migration tables update alembic migration tables after model changes * add empty state for gropu sessions * remove invalid mock * test: update and add backend tests update and add backend tests * chore: address backend code rabbit comments address backend code rabbit comments * chore: address code rabbit frontend comments address code rabbit frontend comments * chore: test_native_tracer minor fix address c1 test_native_tracer minor fix address c1 * chore: address C2 + C3 address C2 + C3 * chore: address H1-H5 address H1-H5 * test: update test_native_tracer update test_native_tracer * fixes * chore: address M2 address m2 * chore: address M1 address M1 * dry changes, factorization * chore: fix 422 spam and clean comments fix 422 spam and clean comments * chore: address M12 address M12 * chore: address M3 address M3 * chore: address M4 address M4 * chore: address M5 address M5 * chore: clean up for M7, M9, M11 clean up for M7, M9, M11 * chore: address L2,L4,L5,L6 + any test address L2,L4,L5 and L6 + any test * chore: alembic + comment clean up alembic + comment clean up * chore: remove depricated test_traces file remove depricated test_traces file. test have all been moved to test_traces_api.py * fix datetime * chore: fix test_trace_api ge=0 is allowed now fix test_trace_api ge=0 is allowed now * chore: remove unused traces cost flow remove unused traces cost flow * fix traces test * fix traces test * fix traces test * fix traces test * fix traces test * chore: address gabriels otel coment address gabriels otel coment latest --------- Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: olayinkaadelakun <olayinka.adelakun@ibm.com> Co-authored-by: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com> Co-authored-by: cristhianzl <cristhian.lousa@gmail.com> Co-authored-by: Hamza Rashid <74062092+HzaRashid@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Lucas Oliveira <62335616+lucaseduoli@users.noreply.github.com> Co-authored-by: Edwin Jose <edwin.jose@datastax.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> * fix(test): Fix superuser timeout test errors by replacing heavy clien… (#11982) fix(test): Fix superuser timeout test errors by replacing heavy client fixture (#11972) * fix super user timeout test error * fix fixture db test * remove canary test * [autofix.ci] apply automated fixes * flaky test --------- Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * refactor(components): Replace eager import with lazy loading in agentics module (#11974) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: add ondelete=CASCADE to TraceBase.flow_id to match migration (#12002) * fix: add ondelete=CASCADE to TraceBase.flow_id to match migration The migration file creates the trace table's flow_id foreign key with ondelete="CASCADE", but the model was missing this parameter. This mismatch caused the migration validator to block startup. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: add defensive migration to ensure trace.flow_id has CASCADE Adds a migration that ensures the trace.flow_id foreign key has ondelete=CASCADE. While the original migration already creates it with CASCADE, this provides a safety net for any databases that may have gotten into an inconsistent state. * fix: dynamically find FK constraint name in migration The original migration did not name the FK constraint, so it gets an auto-generated name that varies by database. This fix queries the database to find the actual constraint name before dropping it. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix: LE-456 - Update ButtonSendWrapper to handle building state and improve button functionality (#12000) * fix: Update ButtonSendWrapper to handle building state and improve button functionality * fix(frontend): rename stop button title to avoid Playwright selector conflict The "Stop building" title caused getByRole('button', { name: 'Stop' }) to match two elements, breaking Playwright tests in shards 19, 20, 22, 25. Renamed to "Cancel" to avoid the collision with the no-input stop button. * Fix: pydantic fail because output is list, instead of a dict (#11987) pydantic fail because output is list, instead of a dict Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> * refactor: Update guardrails icons (#12016) * Update guardrails.py Changing the heuristic threshold icons. The field was using the default icons. I added icons related to the security theme. * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Viktor Avelino <64113566+viktoravelino@users.noreply.github.com> * feat(ui): Replace Show column toggle with eye icon in advanced dialog (#12028) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix(ui): Prevent auto-focus and tooltip on dialog close button (#12027) * fix: reset button (#12024) fix reset button Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> * fix: Handle message inputs when ingesting knowledge (#11988) * fix: Handle message inputs when ingesting knowledge * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_ingestion.py * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix(ui): add error handling for invalid JSON uploads via upload button (#11985) * fix(ui): add error handling for invalid JSON uploads via upload button * feat(frontend): added new test for file upload * feat(frontend): added new test for file upload * fix(ui): Add array validation for provider variables mapping (#12032) * fix: LM span is now properly parent of ChatOpenAI (#12012) * fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase * fix: Design fix for traces (#12021) * fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase * design fix * fix testcases * fix header * fix testcase --------- Co-authored-by: Adam Aghili <Adam.Aghili@ibm.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> * fix: Add file upload extension filter for multi-select and folders (#12034) * fix: plaground - inspection panel feedback (#12013) * fix: update layout and variant for file previews in chat messages * fix: update background color to 'bg-muted' in chat header and input wrapper components * refactor(CanvasControls): remove unused inspection panel logic and clean up code * fix: remove 'bg-muted' class from chat header and add 'bg-primary-foreground' to chat sidebar * fix: add Escape key functionality to close sidebar * fix: playground does not scroll down to the latest user message upon … (#12040) fix: playground does not scroll down to the latest user message upon sending (Regression) (#12006) * fixes scroll is on input message * feat: re-engage Safari sticky scroll mode when user sends message Add custom event 'langflow-scroll-to-bottom' to force SafariScrollFix back into sticky mode when user sends a new message. This ensures the chat scrolls to bottom even if user had scrolled up, fixing behavior where Safari's scroll fix would remain disengaged after manual scrolling. Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Ent… (#12039) fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Entries (#12009) * removed book and added file. makes more sense * feat: add accent-blue color to design system and update knowledge base file icon - Add accent-blue color variables to light and dark themes in CSS - Register accent-blue in Tailwind config with DEFAULT and foreground variants - Update knowledge base file icon fallback color from hardcoded text-blue-500 to text-accent-blue-foreground Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: MCP Server Modal Improvements (#12017) (#12038) * fixes to the mcp modal for style * style: convert double quotes to single quotes in baseModal component * style: convert double quotes to single quotes in addMcpServerModal component Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: change loop description (#12018) (#12037) * fix: change loop description (#12018) * docs: simplify Loop component description in starter project and component index * [autofix.ci] apply automated fixes * style: format Loop component description to comply with line length limits * fixed component index * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * feat: add mutual exclusivity between ChatInput and Webhook components (#12036) * feat: add mutual exclusivity between ChatInput and Webhook components * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes --------- Co-authored-by: Janardan S Kavia <janardanskavia@Janardans-MacBook-Pro.local> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: mcp config issue (#12045) * Only process dict template fields In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema. * Check and handle MCP server URL changes When skipping creation of an existing MCP server for a user's starter projects, first compute the expected project URL and compare it to URLs found in the existing config args. If the URL matches, keep skipping and log that the server is correctly configured; if the URL differs (e.g., port changed on restart), log the difference and allow the flow to update the server configuration. Adds URL extraction and improved debug messages to support automatic updates when server endpoints change. --------- Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * fix: langflow breaks when we click on the last level of the chain (#12044) Langflow breaks when we click on the last level of the chain. Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> * fix: standardize "README" title and update API key configuration note… (#12051) fix: standardize "README" title and update API key configuration notes in 3 main flow templates (#12005) * updated for README * chore: update secrets baseline with new line numbers * fixed test Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: Cherry-pick Knowledge Base Improvements (le-480) into release-1.8.0 (#12052) * fix: improve knowledge base UI consistency and pagination handling - Change quote style from double to single quotes throughout knowledge base components - Update "Hide Sources" button label to "Hide Configuration" for clarity - Restructure SourceChunksPage layout to use xl:container for consistent spacing - Add controlled page input state with validation on blur and Enter key - Synchronize page input field with pagination controls to prevent state drift - Reset page input to "1" when changing page * refactor: extract page input commit logic into reusable function Extract page input validation and commit logic from handlePageInputBlur and handlePageInputKeyDown into a shared commitPageInput function to eliminate code duplication. * fix(ui): ensure session deletion properly clears backend and cache (#12043) * fix(ui): ensure session deletion properly clears backend and cache * fix: resolved PR comments and add new regression test * fix: resolved PR comments and add new regression test * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Check template field is dict before access (#12035) Only process dict template fields In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema. Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * fix: hide Knowledge Ingestion component and rename Retrieval to Knowledge Base (#12054) * fix: hide Knowledge Ingestion component and rename Retrieval to Knowledge Base Move ingestion component to deactivated folder so it's excluded from dynamic discovery. Rename KnowledgeRetrievalComponent to KnowledgeBaseComponent with display_name "Knowledge Base". Update all exports, component index, starter project, frontend sidebar filter, and tests. * fix: update test_ingestion import to use deactivated module path * fix: skip deactivated KnowledgeIngestion test suite * [autofix.ci] apply automated fixes * fix: standardize formatting and indentation in StepperModal component --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Embedding Model Field Stuck in Infinite Loading When No Model Provider is Configured (release-1.8.0) (#12053) * fix: add showEmptyState prop to ModelInputComponent for better UX when no models are enabled * style: convert double quotes to single quotes in modelInputComponent * fixes refresh and kb blocker * style: convert double quotes to single quotes in ModelTrigger component * style: convert double quotes to single quotes in model provider components - Convert all double quotes to single quotes in use-get-model-providers.ts and ModelProvidersContent.tsx - Remove try-catch block in getModelProvidersFn to let errors propagate for React Query retry and stale data preservation - Add flex-shrink-0 to provider list container to prevent layout issues * fix: Close model dropdown popover before refresh to prevent width glitch (#12067) fix(test): Reduce response length assertions in flaky integration tests (#12057) * feat: Add PDF and DOCX ingestion support for Knowledge Bases (#12064) * add pdf and docx for knowledge bases * ruff style checker fix * fix jest test * fix: Use global LLM in knowledge retrieval (#11989) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> fix(test): Reduce response length assertions in flaky integration tests (#12057) * fix: Regenerate the knowledge retrieval template (#12070) * fix: refactor KnowledgeBaseEmptyState to use optimistic updates hook (#12069) * fix: refactor KnowledgeBaseEmptyState to use optimistic updates hook * updated tst * fix: Apply provider variable config to Agent build_config (#12050) * Apply provider variable config to Agent build_config Import and use apply_provider_variable_config_to_build_config in the Agent component so provider-specific variable settings (advanced/required/info/env fallbacks) are applied to the build_config. Provider-specific fields (e.g. base_url_ibm_watsonx, project_id) are hidden/disabled by default before applying the provider config. Updated embedded agent code in starter project JSONs and bumped their code_hashes accordingly. * [autofix.ci] apply automated fixes * update tests --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> Co-authored-by: himavarshagoutham <himavarshajan17@gmail.com> * LE-489: KB Metrics calculation batch caculator (#12049) Fixed metric calculator to be more robust and scalable. * fix(ui): Correct AstraDB icon size to use relative units (#12137) * fix(api): Handle Windows ChromaDB file locks when deleting Knowledge Bases (#12132) Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Fix image preview for Windows paths in playground (#12136) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * chore: update fastapi dep (#12141) update fastapi dependency * fix: Properly propagate max tokens param to Agent (#12151) * fix: Properly Propagate max_tokens param * Update tests and templates * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: include uv/uvx in runtime Docker image (#12127) * fix: include uv/uvx in runtime Docker image add uv/uvx to runtime image so uvx is available in container i did this for all images which might be too much * chore: address supply chain attack addres ram's supply chain attack comment * chore: upgrade pyproject versions upgrade pyproject versions * fix: preserve api key configuration on flow export (#12129) * fix: preserve api key configuration on flow export Made-with: Cursor * fix individual component's field * [autofix.ci] apply automated fixes * unhide var name * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fetch relevant provider keys * update starter projects * update based on env var * [autofix.ci] apply automated fixes * fetch only env variables * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * update starter projects * fix ruff errors * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * don't remove api keys if chosen by user * remove redundant code * [autofix.ci] apply automated fixes * fix update build config * remove api keys refactor * only load values when exists in db * modify other components * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Template updates * [autofix.ci] apply automated fixes * Component index update * Fix frontend test * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * preserve var names * [autofix.ci] apply automated fixes * update caution for saving api keys --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare <ericrhare@gmail.com> * Fix: Tweaks override ENV VARIABLES (#12152) Modified tweak behaviour to be overridable if env variable is set on the GUI. * fix(mcp): Handle missing config file in MCP client availability detection (#12172) * Handle missing config file in MCP client availability detection * code improvements * [autofix.ci] apply automated fixes * code improvements review * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: nightly now properly gets 1.9.0 branch (#12215) before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+\.[0-9]+\.[0-9]+$' * docs: add search icon (#12216) add-back-svg * fix: Avoid foreign key violation on span table with topological sort (#12242) * fix: Topological sort on child spans * Update test_native_tracer.py * address review comments * fix: Disable tool calling for Gemini 3 models (#12238) * chore: upgrade versions upgrade pyproject and package.json versions * feat: Add Windows Playwright tests to nightly builds (#12264) * feat: Add Windows Playwright tests to nightly builds - Add windows-latest to typescript_test.yml runner options - Add shell: bash to all script steps for cross-platform compatibility - Split Playwright installation into OS-aware steps (Linux uses --with-deps, Windows/macOS/self-hosted don't) - Fix artifact naming with OS prefix to prevent conflicts: blob-report-${{ runner.os }}-${{ matrix.shardIndex }} - Split frontend-tests into separate Linux and Windows jobs in nightly_build.yml - Add ref parameter to all test jobs to checkout code from release branch - Add resolve-release-branch to needs dependencies - Update Slack notifications to handle both Linux and Windows test results - Windows tests are non-blocking (not checked in release-nightly-build condition) - Update .secrets.baseline with new line number (263 -> 347) for LANGFLOW_ENG_SLACK_WEBHOOK_URL Fixes LE-566 * fix: Use contains() for self-hosted runner detection - Replace exact string equality (==, !=) with contains() for substring matching - Fixes issue when inputs.runs-on is array format: '["self-hosted", "linux", "ARM64", ...]' - Ensures self-hosted Linux runners correctly skip --with-deps flag Addresses CodeRabbit feedback on PR #12264 * docs: docling dependencies for langflow desktop and updated Desktop env vars (#12273) * release-note * docs-update-docling-page-and-move-release-note * docs-update-env-file-for-desktop * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> --------- Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * docs: contribute to next release candidate branch and not main (#12247) docs-contribute-to-rc-not-main * docs: gemini3 tool calling is temporarily disabled (#12274) docs-gemini3-toolcalling-disabled * fix: replace grep -oP with sed for Node.js version extraction in Docker images (#12330) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. Fixes the Docker base build failure in the v1.8.2 release workflow. * fix(docker): remove broken npm self-upgrade from Docker images Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient. This is the same fix as PR #12309 on release-1.9.0. * fix: Add ephemeral file upload and credential env fallback (#12333) Co-authored-by: vjgit96 <vijay.katuri@ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> fix: replace grep -oP with sed for Node.js version extraction in Docker images (#12330) fix as PR #12309 on release-1.9.0. * fix: prevent overwriting user-selected global variables in provider c… (#12329) * fix: prevent overwriting user-selected global variables in provider c… (#12217) * fix: nightly now properly gets 1.9.0 branch (#12215) before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+\.[0-9]+\.[0-9]+$' * docs: add search icon (#12216) add-back-svg * fix: prevent overwriting user-selected global variables in provider config Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable. This fix adds a check to only auto-set the environment variable if: - The field is currently empty, OR - The field is not already configured to load from the database This preserves user selections while still providing automatic configuration for new/empty fields. Added comprehensive unit tests to verify: - Auto-setting env vars for empty fields - Preserving user-selected global variables - Overwriting hardcoded values (expected behavior) - Skipping when env var is not set - Applying component metadata correctly * [autofix.ci] apply automated fixes * style: use dictionary comprehension instead of for-loop Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions * chore: retrigger CI build * test: improve test coverage and clarity for provider config - Renamed test_apply_provider_config_overwrites_hardcoded_value to test_apply_provider_config_replaces_hardcoded_with_env_var for clarity - Added test_apply_provider_config_idempotent_when_already_set to document idempotent behavior when value already matches env var key - Removed sensitive value from debug log message to prevent potential exposure of API keys or credentials These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data. * chore: retrigger CI build --------- Co-Authored-By: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-Authored-By: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-Authored-By: Steve Haertel <shaertel@ca.ibm.com> Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-Authored-By: Eric Hare <ericrhare@gmail.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_unified_models.py --------- Co-authored-by: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Steve Haertel <shaertel@ca.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * chore: version bump and merge 1.8.2 (#12335) * fix: replace grep -oP with sed for Node.js version extraction in Docker images (#12330) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. Fixes the Docker base build failure in the v1.8.2 release workflow. * fix(docker): remove broken npm self-upgrade from Docker images Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient. This is the same fix as PR #12309 on release-1.9.0. * chore: version bump and merge 1.8.2 bump version to 1.8.3, 0.8.3 and 0.3.3 merge changes added to 1.8.2 into 1.8.3 --------- Co-authored-by: vjgit96 <vijay.katuri@ibm.com> * fix: disable dangerous deserialization by default in FAISS component … (#12334) * fix: disable dangerous deserialization by default in FAISS component (#11999) * fix: disable dangerous deserialization by default in FAISS component Change the default value of allow_dangerous_deserialization from True to False to prevent remote code execution via malicious pickle files. This addresses a security vulnerability where an attacker could upload a crafted pickle file and trigger arbitrary code execution when the FAISS component loads the index. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix: set allow_dangerous_deserialization to false in Nvidia Remix starter project and add regression test - Changed allow_dangerous_deserialization default from true to false in Nvidia Remix.json starter project to match the FAISS component security fix - Added regression tests to ensure the default value does not revert to True * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * fix: skip FAISS test gracefully when langchain_community is not installed * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> * fix: replace removed Langflow-runner with ubuntu-latest for AMD64 Docker builds * revert: restore Langflow-runner for AMD64 Docker builds Runner group has been restored by Chris. Reverting ubuntu-latest back to Langflow-runner for faster Docker image builds. * fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerabili… (#12419) fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerability (#12078) Adds override for tar-fs in package.json to ensure versions prior to 2.1.4 are never resolved. Addresses CVE in tar-fs <2.1.4 (PVR0686558) where symlink validation bypass was possible with a crafted tarball. Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * chore: bump versions bump versions * fix: Fix shareable playground build events and message rendering (#12421) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: restore langflow-logo-color-black-solid.svg removed in docs release (#12445) * fix: Cherry-pick nightly SDK build fixes to main (#12491) * fix: Build and install the langflow-sdk for lfx (fixes nightly) (#12481) * fix: Build and install the langflow-sdk for lfx * Publish sdk as a nightly * Update ci.yml * Update python_test.yml * Update ci.yml * fix: Properly grep for the langflow version (#12486) * fix: Properly grep for the langflow version * Mount the sdk where needed * Skip the sdk * [autofix.ci] apply automated fixes * Update setup.py * fix(docker): Remove broken npm self-upgrade from Docker images (#12309) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds (#12331) The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> Co-authored-by: vjgit96 <vijay.katuri@ibm.com> --------- Co-authored-by: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-authored-by: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai> Co-authored-by: keval shah <kevalvirat@gmail.com> Co-authored-by: Antônio Alexandre Borges Lima <104531655+AntonioABLima@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: olayinkaadelakun <olayinka.adelakun@ibm.com> Co-authored-by: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com> Co-authored-by: cristhianzl <cristhian.lousa@gmail.com> Co-authored-by: Hamza Rashid <74062092+HzaRashid@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Lucas Oliveira <62335616+lucaseduoli@users.noreply.github.com> Co-authored-by: Edwin Jose <edwin.jose@datastax.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> Co-authored-by: Viktor Avelino <64113566+viktoravelino@users.noreply.github.com> Co-authored-by: Lucas Democh <ldgoularte@gmail.com> Co-authored-by: Eric Hare <ericrhare@gmail.com> Co-authored-by: Adam Aghili <Adam.Aghili@ibm.com> Co-authored-by: Debojit Kaushik <Kaushik.debojit@gmail.com> Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> Co-authored-by: Janardan S Kavia <janardanskavia@Janardans-MacBook-Pro.local> Co-authored-by: himavarshagoutham <himavarshajan17@gmail.com> Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> Co-authored-by: Steve Haertel <shaertel@ca.ibm.com> Co-authored-by: Tarcio <rodriguestarcio.adv@gmail.com>

* fix: Fixes Kubernetes deployment crash on runtime_port parsing (langflow-ai#11968) (langflow-ai#11975) * feat: add runtime port validation for Kubernetes service discovery * test: add unit tests for runtime port validation in Settings * fix: improve runtime port validation to handle exceptions and edge cases Co-authored-by: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai> * fix(frontend): show delete option for default session when it has messages (langflow-ai#11969) * feat: add documentation link to Guardrails component (langflow-ai#11978) * feat: add documentation link to Guardrails component * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * feat: traces v0 (langflow-ai#11689) (langflow-ai#11983) * feat: traces v0 v0 for traces includes: - filters: status, token usage range and datatime - accordian rows per trace Could add: - more filter options. Ecamples: session_id, trace_id and latency range * fix: token range * feat: create sidebar buttons for logs and trace add sidebar buttons for logs and trace remove lods canvas control * fix: fix duplicate trace ID insertion hopefully fix duplicate trace ID insertion on windows * fix: update tests and alembic tables for uts update tests and alembic tables for uts * chore: add session_id * chore: allo grouping by session_id and flow_id * chore: update race input output * chore: change run name to flow_name - flow_id was flow_name - trace_id now flow_name - flow_id * facelift * clean up and add testcases * clean up and add testcases * merge Alembic detected multiple heads * [autofix.ci] apply automated fixes * improve testcases * remodel files * chore: address gabriel simple changes address gabriel simple changes in traces.py and native.py * clean up and testcases * chore: address OTel and PG status comments langflow-ai#11689 (comment) langflow-ai#11689 (comment) * chore: OTel span naming convention model name is now set using name = f"{operation} {model_name}" if model_name else operation * add traces * feat: use uv sources for CPU-only PyTorch (langflow-ai#11884) * feat: use uv sources for CPU-only PyTorch Configure [tool.uv.sources] with pytorch-cpu index to avoid ~6GB CUDA dependencies in Docker images. This replaces hardcoded wheel URLs with a cleaner index-based approach. - Add pytorch-cpu index with explicit = true - Add torch/torchvision to [tool.uv.sources] - Add explicit torch/torchvision deps to trigger source override - Regenerate lockfile without nvidia/cuda/triton packages - Add required-environments for multi-platform support * fix: update regex to only replace name in [project] section The previous regex matched all lines starting with `name = "..."`, which incorrectly renamed the UV index `pytorch-cpu` to `langflow-nightly` during nightly builds. This caused `uv lock` to fail with: "Package torch references an undeclared index: pytorch-cpu" The new regex specifically targets the name field within the [project] section only, avoiding unintended replacements in other sections like [[tool.uv.index]]. * style: fix ruff quote style * fix: remove required-environments to fix Python 3.13 macOS x86_64 CI The required-environments setting was causing hard failures when packages like torch didn't have wheels for specific platform/Python combinations. Without this setting, uv resolves optimistically and handles missing wheels gracefully at runtime instead of failing during resolution. --------- * LE-270: Hydration and Console Log error (langflow-ai#11628) * LE-270: add fix hydration issues * LE-270: fix disable field on max token on language model --------- * test: add wait for selector in mcp server tests (langflow-ai#11883) * Add wait for selector in mcp server tests * [autofix.ci] apply automated fixes * Add more awit for selectors * [autofix.ci] apply automated fixes --------- * fix: reduce visual lag in frontend (langflow-ai#11686) * Reduce lag in frontend by batching react events and reducing minimval visual build time * Cleanup * [autofix.ci] apply automated fixes * add tests and improve code read * [autofix.ci] apply automated fixes * Remove debug log --------- * feat: lazy load imports for language model component (langflow-ai#11737) * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * comp index * docs: azure default temperature (langflow-ai#11829) * change-azure-openai-default-temperature-to-1.0 * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * [autofix.ci] apply automated fixes --------- * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix unit test? * add no-group dev to docker builds * [autofix.ci] apply automated fixes --------- * feat: generate requirements.txt from dependencies (langflow-ai#11810) * Base script to generate requirements Dymanically picks dependency for LanguageM Comp. Requires separate change to remove eager loading. * Lazy load imports for language model component Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc. * Add backwards-compat functions * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Add exception handling * Add CLI command to create reqs * correctly exclude langchain imports * Add versions to reqs * dynamically resolve provider imports for language model comp * Lazy load imports for reqs, some ruff fixes * Add dynamic resolves for embedding model comp * Add install hints * Add missing provider tests; add warnings in reqs script * Add a few warnings and fix install hint * update comments add logging * Package hints, warnings, comments, tests * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Add alias for watsonx * Fix anthropic for basic prompt, azure mapping * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * ruff * [autofix.ci] apply automated fixes * test formatting * ruff * [autofix.ci] apply automated fixes --------- * fix: add handle to file input to be able to receive text (langflow-ai#11825) * changed base file and file components to support muitiple files and files from messages * update component index * update input file component to clear value and show placeholder * updated starter projects * [autofix.ci] apply automated fixes * updated base file, file and video file to share robust file verification method * updated component index * updated templates * fix whitespaces * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * add file upload test for files fed through the handle * [autofix.ci] apply automated fixes * added tests and fixed things pointed out by revies * update component index * fixed test * ruff fixes * Update component_index.json * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * updated component index * updated component index * removed handle from file input * Added functionality to use multiple files on the File Path, and to allow files on the langflow file system. * [autofix.ci] apply automated fixes * fixed lfx test * build component index --------- * docs: Add AGENTS.md development guide (langflow-ai#11922) * add AGENTS.md rule to project * change to agents-example * remove agents.md * add example description * chore: address cris I1 comment address cris I1 comment * chore: address cris I5 address cris I5 * chore: address cris I6 address cris I6 * chore: address cris R7 address cris R7 * fix testcase * chore: address cris R2 address cris R2 * restructure insight page into sidenav * added header and total run node * restructing branch * chore: address gab otel model changes address gab otel model changes will need no migration tables * chore: update alembic migration tables update alembic migration tables after model changes * add empty state for gropu sessions * remove invalid mock * test: update and add backend tests update and add backend tests * chore: address backend code rabbit comments address backend code rabbit comments * chore: address code rabbit frontend comments address code rabbit frontend comments * chore: test_native_tracer minor fix address c1 test_native_tracer minor fix address c1 * chore: address C2 + C3 address C2 + C3 * chore: address H1-H5 address H1-H5 * test: update test_native_tracer update test_native_tracer * fixes * chore: address M2 address m2 * chore: address M1 address M1 * dry changes, factorization * chore: fix 422 spam and clean comments fix 422 spam and clean comments * chore: address M12 address M12 * chore: address M3 address M3 * chore: address M4 address M4 * chore: address M5 address M5 * chore: clean up for M7, M9, M11 clean up for M7, M9, M11 * chore: address L2,L4,L5,L6 + any test address L2,L4,L5 and L6 + any test * chore: alembic + comment clean up alembic + comment clean up * chore: remove depricated test_traces file remove depricated test_traces file. test have all been moved to test_traces_api.py * fix datetime * chore: fix test_trace_api ge=0 is allowed now fix test_trace_api ge=0 is allowed now * chore: remove unused traces cost flow remove unused traces cost flow * fix traces test * fix traces test * fix traces test * fix traces test * fix traces test * chore: address gabriels otel coment address gabriels otel coment latest --------- Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: olayinkaadelakun <olayinka.adelakun@ibm.com> Co-authored-by: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com> Co-authored-by: cristhianzl <cristhian.lousa@gmail.com> Co-authored-by: Hamza Rashid <74062092+HzaRashid@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Lucas Oliveira <62335616+lucaseduoli@users.noreply.github.com> Co-authored-by: Edwin Jose <edwin.jose@datastax.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> * fix(test): Fix superuser timeout test errors by replacing heavy clien… (langflow-ai#11982) fix(test): Fix superuser timeout test errors by replacing heavy client fixture (langflow-ai#11972) * fix super user timeout test error * fix fixture db test * remove canary test * [autofix.ci] apply automated fixes * flaky test --------- Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * refactor(components): Replace eager import with lazy loading in agentics module (langflow-ai#11974) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: add ondelete=CASCADE to TraceBase.flow_id to match migration (langflow-ai#12002) * fix: add ondelete=CASCADE to TraceBase.flow_id to match migration The migration file creates the trace table's flow_id foreign key with ondelete="CASCADE", but the model was missing this parameter. This mismatch caused the migration validator to block startup. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: add defensive migration to ensure trace.flow_id has CASCADE Adds a migration that ensures the trace.flow_id foreign key has ondelete=CASCADE. While the original migration already creates it with CASCADE, this provides a safety net for any databases that may have gotten into an inconsistent state. * fix: dynamically find FK constraint name in migration The original migration did not name the FK constraint, so it gets an auto-generated name that varies by database. This fix queries the database to find the actual constraint name before dropping it. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix: LE-456 - Update ButtonSendWrapper to handle building state and improve button functionality (langflow-ai#12000) * fix: Update ButtonSendWrapper to handle building state and improve button functionality * fix(frontend): rename stop button title to avoid Playwright selector conflict The "Stop building" title caused getByRole('button', { name: 'Stop' }) to match two elements, breaking Playwright tests in shards 19, 20, 22, 25. Renamed to "Cancel" to avoid the collision with the no-input stop button. * Fix: pydantic fail because output is list, instead of a dict (langflow-ai#11987) pydantic fail because output is list, instead of a dict Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> * refactor: Update guardrails icons (langflow-ai#12016) * Update guardrails.py Changing the heuristic threshold icons. The field was using the default icons. I added icons related to the security theme. * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Viktor Avelino <64113566+viktoravelino@users.noreply.github.com> * feat(ui): Replace Show column toggle with eye icon in advanced dialog (langflow-ai#12028) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix(ui): Prevent auto-focus and tooltip on dialog close button (langflow-ai#12027) * fix: reset button (langflow-ai#12024) fix reset button Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> * fix: Handle message inputs when ingesting knowledge (langflow-ai#11988) * fix: Handle message inputs when ingesting knowledge * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_ingestion.py * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix(ui): add error handling for invalid JSON uploads via upload button (langflow-ai#11985) * fix(ui): add error handling for invalid JSON uploads via upload button * feat(frontend): added new test for file upload * feat(frontend): added new test for file upload * fix(ui): Add array validation for provider variables mapping (langflow-ai#12032) * fix: LM span is now properly parent of ChatOpenAI (langflow-ai#12012) * fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase * fix: Design fix for traces (langflow-ai#12021) * fix: LM span is now properly parent of ChatOpenAI Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice * chore: clean up comments clean up comments * chore: incase -> incase incase -> incase * design fix * fix testcases * fix header * fix testcase --------- Co-authored-by: Adam Aghili <Adam.Aghili@ibm.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> * fix: Add file upload extension filter for multi-select and folders (langflow-ai#12034) * fix: plaground - inspection panel feedback (langflow-ai#12013) * fix: update layout and variant for file previews in chat messages * fix: update background color to 'bg-muted' in chat header and input wrapper components * refactor(CanvasControls): remove unused inspection panel logic and clean up code * fix: remove 'bg-muted' class from chat header and add 'bg-primary-foreground' to chat sidebar * fix: add Escape key functionality to close sidebar * fix: playground does not scroll down to the latest user message upon … (langflow-ai#12040) fix: playground does not scroll down to the latest user message upon sending (Regression) (langflow-ai#12006) * fixes scroll is on input message * feat: re-engage Safari sticky scroll mode when user sends message Add custom event 'langflow-scroll-to-bottom' to force SafariScrollFix back into sticky mode when user sends a new message. This ensures the chat scrolls to bottom even if user had scrolled up, fixing behavior where Safari's scroll fix would remain disengaged after manual scrolling. Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Ent… (langflow-ai#12039) fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Entries (langflow-ai#12009) * removed book and added file. makes more sense * feat: add accent-blue color to design system and update knowledge base file icon - Add accent-blue color variables to light and dark themes in CSS - Register accent-blue in Tailwind config with DEFAULT and foreground variants - Update knowledge base file icon fallback color from hardcoded text-blue-500 to text-accent-blue-foreground Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: MCP Server Modal Improvements (langflow-ai#12017) (langflow-ai#12038) * fixes to the mcp modal for style * style: convert double quotes to single quotes in baseModal component * style: convert double quotes to single quotes in addMcpServerModal component Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: change loop description (langflow-ai#12018) (langflow-ai#12037) * fix: change loop description (langflow-ai#12018) * docs: simplify Loop component description in starter project and component index * [autofix.ci] apply automated fixes * style: format Loop component description to comply with line length limits * fixed component index * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * feat: add mutual exclusivity between ChatInput and Webhook components (langflow-ai#12036) * feat: add mutual exclusivity between ChatInput and Webhook components * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes * refactor: address PR feedback - add comprehensive tests and constants * [autofix.ci] apply automated fixes --------- Co-authored-by: Janardan S Kavia <janardanskavia@Janardans-MacBook-Pro.local> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: mcp config issue (langflow-ai#12045) * Only process dict template fields In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema. * Check and handle MCP server URL changes When skipping creation of an existing MCP server for a user's starter projects, first compute the expected project URL and compare it to URLs found in the existing config args. If the URL matches, keep skipping and log that the server is correctly configured; if the URL differs (e.g., port changed on restart), log the difference and allow the flow to update the server configuration. Adds URL extraction and improved debug messages to support automatic updates when server endpoints change. --------- Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * fix: langflow breaks when we click on the last level of the chain (langflow-ai#12044) Langflow breaks when we click on the last level of the chain. Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> * fix: standardize "README" title and update API key configuration note… (langflow-ai#12051) fix: standardize "README" title and update API key configuration notes in 3 main flow templates (langflow-ai#12005) * updated for README * chore: update secrets baseline with new line numbers * fixed test Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> * fix: Cherry-pick Knowledge Base Improvements (le-480) into release-1.8.0 (langflow-ai#12052) * fix: improve knowledge base UI consistency and pagination handling - Change quote style from double to single quotes throughout knowledge base components - Update "Hide Sources" button label to "Hide Configuration" for clarity - Restructure SourceChunksPage layout to use xl:container for consistent spacing - Add controlled page input state with validation on blur and Enter key - Synchronize page input field with pagination controls to prevent state drift - Reset page input to "1" when changing page * refactor: extract page input commit logic into reusable function Extract page input validation and commit logic from handlePageInputBlur and handlePageInputKeyDown into a shared commitPageInput function to eliminate code duplication. * fix(ui): ensure session deletion properly clears backend and cache (langflow-ai#12043) * fix(ui): ensure session deletion properly clears backend and cache * fix: resolved PR comments and add new regression test * fix: resolved PR comments and add new regression test * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Check template field is dict before access (langflow-ai#12035) Only process dict template fields In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema. Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * fix: hide Knowledge Ingestion component and rename Retrieval to Knowledge Base (langflow-ai#12054) * fix: hide Knowledge Ingestion component and rename Retrieval to Knowledge Base Move ingestion component to deactivated folder so it's excluded from dynamic discovery. Rename KnowledgeRetrievalComponent to KnowledgeBaseComponent with display_name "Knowledge Base". Update all exports, component index, starter project, frontend sidebar filter, and tests. * fix: update test_ingestion import to use deactivated module path * fix: skip deactivated KnowledgeIngestion test suite * [autofix.ci] apply automated fixes * fix: standardize formatting and indentation in StepperModal component --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Embedding Model Field Stuck in Infinite Loading When No Model Provider is Configured (release-1.8.0) (langflow-ai#12053) * fix: add showEmptyState prop to ModelInputComponent for better UX when no models are enabled * style: convert double quotes to single quotes in modelInputComponent * fixes refresh and kb blocker * style: convert double quotes to single quotes in ModelTrigger component * style: convert double quotes to single quotes in model provider components - Convert all double quotes to single quotes in use-get-model-providers.ts and ModelProvidersContent.tsx - Remove try-catch block in getModelProvidersFn to let errors propagate for React Query retry and stale data preservation - Add flex-shrink-0 to provider list container to prevent layout issues * fix: Close model dropdown popover before refresh to prevent width glitch (langflow-ai#12067) fix(test): Reduce response length assertions in flaky integration tests (langflow-ai#12057) * feat: Add PDF and DOCX ingestion support for Knowledge Bases (langflow-ai#12064) * add pdf and docx for knowledge bases * ruff style checker fix * fix jest test * fix: Use global LLM in knowledge retrieval (langflow-ai#11989) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> fix(test): Reduce response length assertions in flaky integration tests (langflow-ai#12057) * fix: Regenerate the knowledge retrieval template (langflow-ai#12070) * fix: refactor KnowledgeBaseEmptyState to use optimistic updates hook (langflow-ai#12069) * fix: refactor KnowledgeBaseEmptyState to use optimistic updates hook * updated tst * fix: Apply provider variable config to Agent build_config (langflow-ai#12050) * Apply provider variable config to Agent build_config Import and use apply_provider_variable_config_to_build_config in the Agent component so provider-specific variable settings (advanced/required/info/env fallbacks) are applied to the build_config. Provider-specific fields (e.g. base_url_ibm_watsonx, project_id) are hidden/disabled by default before applying the provider config. Updated embedded agent code in starter project JSONs and bumped their code_hashes accordingly. * [autofix.ci] apply automated fixes * update tests --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> Co-authored-by: himavarshagoutham <himavarshajan17@gmail.com> * LE-489: KB Metrics calculation batch caculator (langflow-ai#12049) Fixed metric calculator to be more robust and scalable. * fix(ui): Correct AstraDB icon size to use relative units (langflow-ai#12137) * fix(api): Handle Windows ChromaDB file locks when deleting Knowledge Bases (langflow-ai#12132) Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: Fix image preview for Windows paths in playground (langflow-ai#12136) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * chore: update fastapi dep (langflow-ai#12141) update fastapi dependency * fix: Properly propagate max tokens param to Agent (langflow-ai#12151) * fix: Properly Propagate max_tokens param * Update tests and templates * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: include uv/uvx in runtime Docker image (langflow-ai#12127) * fix: include uv/uvx in runtime Docker image add uv/uvx to runtime image so uvx is available in container i did this for all images which might be too much * chore: address supply chain attack addres ram's supply chain attack comment * chore: upgrade pyproject versions upgrade pyproject versions * fix: preserve api key configuration on flow export (langflow-ai#12129) * fix: preserve api key configuration on flow export Made-with: Cursor * fix individual component's field * [autofix.ci] apply automated fixes * unhide var name * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fetch relevant provider keys * update starter projects * update based on env var * [autofix.ci] apply automated fixes * fetch only env variables * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * update starter projects * fix ruff errors * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * don't remove api keys if chosen by user * remove redundant code * [autofix.ci] apply automated fixes * fix update build config * remove api keys refactor * only load values when exists in db * modify other components * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * Template updates * [autofix.ci] apply automated fixes * Component index update * Fix frontend test * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * preserve var names * [autofix.ci] apply automated fixes * update caution for saving api keys --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare <ericrhare@gmail.com> * Fix: Tweaks override ENV VARIABLES (langflow-ai#12152) Modified tweak behaviour to be overridable if env variable is set on the GUI. * fix(mcp): Handle missing config file in MCP client availability detection (langflow-ai#12172) * Handle missing config file in MCP client availability detection * code improvements * [autofix.ci] apply automated fixes * code improvements review * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: nightly now properly gets 1.9.0 branch (langflow-ai#12215) before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+\.[0-9]+\.[0-9]+$' * docs: add search icon (langflow-ai#12216) add-back-svg * fix: Avoid foreign key violation on span table with topological sort (langflow-ai#12242) * fix: Topological sort on child spans * Update test_native_tracer.py * address review comments * fix: Disable tool calling for Gemini 3 models (langflow-ai#12238) * chore: upgrade versions upgrade pyproject and package.json versions * feat: Add Windows Playwright tests to nightly builds (langflow-ai#12264) * feat: Add Windows Playwright tests to nightly builds - Add windows-latest to typescript_test.yml runner options - Add shell: bash to all script steps for cross-platform compatibility - Split Playwright installation into OS-aware steps (Linux uses --with-deps, Windows/macOS/self-hosted don't) - Fix artifact naming with OS prefix to prevent conflicts: blob-report-${{ runner.os }}-${{ matrix.shardIndex }} - Split frontend-tests into separate Linux and Windows jobs in nightly_build.yml - Add ref parameter to all test jobs to checkout code from release branch - Add resolve-release-branch to needs dependencies - Update Slack notifications to handle both Linux and Windows test results - Windows tests are non-blocking (not checked in release-nightly-build condition) - Update .secrets.baseline with new line number (263 -> 347) for LANGFLOW_ENG_SLACK_WEBHOOK_URL Fixes LE-566 * fix: Use contains() for self-hosted runner detection - Replace exact string equality (==, !=) with contains() for substring matching - Fixes issue when inputs.runs-on is array format: '["self-hosted", "linux", "ARM64", ...]' - Ensures self-hosted Linux runners correctly skip --with-deps flag Addresses CodeRabbit feedback on PR langflow-ai#12264 * docs: docling dependencies for langflow desktop and updated Desktop env vars (langflow-ai#12273) * release-note * docs-update-docling-page-and-move-release-note * docs-update-env-file-for-desktop * Apply suggestions from code review Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> --------- Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * docs: contribute to next release candidate branch and not main (langflow-ai#12247) docs-contribute-to-rc-not-main * docs: gemini3 tool calling is temporarily disabled (langflow-ai#12274) docs-gemini3-toolcalling-disabled * fix: replace grep -oP with sed for Node.js version extraction in Docker images (langflow-ai#12330) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. Fixes the Docker base build failure in the v1.8.2 release workflow. * fix(docker): remove broken npm self-upgrade from Docker images Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient. This is the same fix as PR langflow-ai#12309 on release-1.9.0. * fix: Add ephemeral file upload and credential env fallback (langflow-ai#12333) Co-authored-by: vjgit96 <vijay.katuri@ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> fix: replace grep -oP with sed for Node.js version extraction in Docker images (langflow-ai#12330) fix as PR langflow-ai#12309 on release-1.9.0. * fix: prevent overwriting user-selected global variables in provider c… (langflow-ai#12329) * fix: prevent overwriting user-selected global variables in provider c… (langflow-ai#12217) * fix: nightly now properly gets 1.9.0 branch (langflow-ai#12215) before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+\.[0-9]+\.[0-9]+$' * docs: add search icon (langflow-ai#12216) add-back-svg * fix: prevent overwriting user-selected global variables in provider config Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable. This fix adds a check to only auto-set the environment variable if: - The field is currently empty, OR - The field is not already configured to load from the database This preserves user selections while still providing automatic configuration for new/empty fields. Added comprehensive unit tests to verify: - Auto-setting env vars for empty fields - Preserving user-selected global variables - Overwriting hardcoded values (expected behavior) - Skipping when env var is not set - Applying component metadata correctly * [autofix.ci] apply automated fixes * style: use dictionary comprehension instead of for-loop Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions * chore: retrigger CI build * test: improve test coverage and clarity for provider config - Renamed test_apply_provider_config_overwrites_hardcoded_value to test_apply_provider_config_replaces_hardcoded_with_env_var for clarity - Added test_apply_provider_config_idempotent_when_already_set to document idempotent behavior when value already matches env var key - Removed sensitive value from debug log message to prevent potential exposure of API keys or credentials These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data. * chore: retrigger CI build --------- Co-Authored-By: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-Authored-By: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-Authored-By: Steve Haertel <shaertel@ca.ibm.com> Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-Authored-By: Eric Hare <ericrhare@gmail.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * [autofix.ci] apply automated fixes (attempt 3/3) * Update test_unified_models.py --------- Co-authored-by: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Steve Haertel <shaertel@ca.ibm.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * chore: version bump and merge 1.8.2 (langflow-ai#12335) * fix: replace grep -oP with sed for Node.js version extraction in Docker images (langflow-ai#12330) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. Fixes the Docker base build failure in the v1.8.2 release workflow. * fix(docker): remove broken npm self-upgrade from Docker images Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient. This is the same fix as PR langflow-ai#12309 on release-1.9.0. * chore: version bump and merge 1.8.2 bump version to 1.8.3, 0.8.3 and 0.3.3 merge changes added to 1.8.2 into 1.8.3 --------- Co-authored-by: vjgit96 <vijay.katuri@ibm.com> * fix: disable dangerous deserialization by default in FAISS component … (langflow-ai#12334) * fix: disable dangerous deserialization by default in FAISS component (langflow-ai#11999) * fix: disable dangerous deserialization by default in FAISS component Change the default value of allow_dangerous_deserialization from True to False to prevent remote code execution via malicious pickle files. This addresses a security vulnerability where an attacker could upload a crafted pickle file and trigger arbitrary code execution when the FAISS component loads the index. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix: set allow_dangerous_deserialization to false in Nvidia Remix starter project and add regression test - Changed allow_dangerous_deserialization default from true to false in Nvidia Remix.json starter project to match the FAISS component security fix - Added regression tests to ensure the default value does not revert to True * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes * fix: skip FAISS test gracefully when langchain_community is not installed * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> * [autofix.ci] apply automated fixes --------- Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> * fix: replace removed Langflow-runner with ubuntu-latest for AMD64 Docker builds * revert: restore Langflow-runner for AMD64 Docker builds Runner group has been restored by Chris. Reverting ubuntu-latest back to Langflow-runner for faster Docker image builds. * fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerabili… (langflow-ai#12419) fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerability (langflow-ai#12078) Adds override for tar-fs in package.json to ensure versions prior to 2.1.4 are never resolved. Addresses CVE in tar-fs <2.1.4 (PVR0686558) where symlink validation bypass was possible with a crafted tarball. Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> * chore: bump versions bump versions * fix: Fix shareable playground build events and message rendering (langflow-ai#12421) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: restore langflow-logo-color-black-solid.svg removed in docs release (langflow-ai#12445) * fix: Cherry-pick nightly SDK build fixes to main (langflow-ai#12491) * fix: Build and install the langflow-sdk for lfx (fixes nightly) (langflow-ai#12481) * fix: Build and install the langflow-sdk for lfx * Publish sdk as a nightly * Update ci.yml * Update python_test.yml * Update ci.yml * fix: Properly grep for the langflow version (langflow-ai#12486) * fix: Properly grep for the langflow version * Mount the sdk where needed * Skip the sdk * [autofix.ci] apply automated fixes * Update setup.py * fix(docker): Remove broken npm self-upgrade from Docker images (langflow-ai#12309) * fix: replace grep -oP with sed for Node.js version extraction in Docker builds (langflow-ai#12331) The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant. This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL. --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa <cristhian.lousa@gmail.com> Co-authored-by: vjgit96 <vijay.katuri@ibm.com> * ci: increase backend test timeout --------- Co-authored-by: Adam-Aghili <149833988+Adam-Aghili@users.noreply.github.com> Co-authored-by: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai> Co-authored-by: keval shah <kevalvirat@gmail.com> Co-authored-by: Antônio Alexandre Borges Lima <104531655+AntonioABLima@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@Olayinkas-MacBook-Pro.local> Co-authored-by: Olayinka Adelakun <olayinkaadelakun@mac.war.can.ibm.com> Co-authored-by: Ram Gopal Srikar Katakam <44802869+RamGopalSrikar@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: olayinkaadelakun <olayinka.adelakun@ibm.com> Co-authored-by: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com> Co-authored-by: cristhianzl <cristhian.lousa@gmail.com> Co-authored-by: Hamza Rashid <74062092+HzaRashid@users.noreply.github.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> Co-authored-by: Lucas Oliveira <62335616+lucaseduoli@users.noreply.github.com> Co-authored-by: Edwin Jose <edwin.jose@datastax.com> Co-authored-by: Himavarsha <40851462+HimavarshaVS@users.noreply.github.com> Co-authored-by: Viktor Avelino <64113566+viktoravelino@users.noreply.github.com> Co-authored-by: Lucas Democh <ldgoularte@gmail.com> Co-authored-by: Adam Aghili <Adam.Aghili@ibm.com> Co-authored-by: Debojit Kaushik <Kaushik.debojit@gmail.com> Co-authored-by: Deon Sanchez <69873175+deon-sanchez@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com> Co-authored-by: Janardan S Kavia <janardanskavia@Janardans-MacBook-Pro.local> Co-authored-by: himavarshagoutham <himavarshajan17@gmail.com> Co-authored-by: vjgit96 <vijay.katuri@ibm.com> Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> Co-authored-by: Steve Haertel <shaertel@ca.ibm.com> Co-authored-by: Tarcio <rodriguestarcio.adv@gmail.com>

fix: Topological sort on child spans

a35d5eb

erichare requested review from Adam-Aghili and jordanrfrazier March 18, 2026 18:02

github-actions Bot added the bug Something isn't working label Mar 18, 2026

Update test_native_tracer.py

a9ae32b

erichare changed the title ~~fix: Topological sort on child spans~~ fix: Avoid foreign key violation on span table with topological sort Mar 18, 2026

github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Mar 18, 2026

Adam-Aghili approved these changes Mar 18, 2026

View reviewed changes

github-actions Bot added the lgtm This PR has been approved by a maintainer label Mar 18, 2026

Cristhianzl requested changes Mar 18, 2026

View reviewed changes

github-actions Bot removed the lgtm This PR has been approved by a maintainer label Mar 18, 2026

address review comments

910aa42

github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Mar 18, 2026

erichare requested a review from Cristhianzl March 18, 2026 21:55

codeflash-ai Bot reviewed Mar 18, 2026

View reviewed changes

Comment thread src/backend/base/langflow/services/tracing/span_sorting.py

Cristhianzl approved these changes Mar 19, 2026

View reviewed changes

github-actions Bot added the lgtm This PR has been approved by a maintainer label Mar 19, 2026

erichare merged commit e14caf8 into release-1.8.2 Mar 19, 2026
181 of 184 checks passed

erichare deleted the fix-foreign-key-backport branch March 19, 2026 14:43

avonian mentioned this pull request Mar 30, 2026

fix(traces): sort spans topologically before DB insert to avoid FK violations #12386

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Avoid foreign key violation on span table with topological sort#12242

fix: Avoid foreign key violation on span table with topological sort#12242
erichare merged 3 commits intorelease-1.8.2from
fix-foreign-key-backport

erichare commented Mar 18, 2026

Uh oh!

coderabbitai Bot commented Mar 18, 2026 •

edited

Loading

Review skipped

Uh oh!

github-actions Bot commented Mar 18, 2026 •

edited

Loading

Uh oh!

Adam-Aghili left a comment

Uh oh!

codecov Bot commented Mar 18, 2026 •

edited

Loading

Uh oh!

Cristhianzl left a comment •

edited

Loading

Uh oh!

Uh oh!

Cristhianzl left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

erichare commented Mar 18, 2026

Uh oh!

coderabbitai Bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

github-actions Bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Frontend Unit Test Coverage Report

Coverage Summary

Unit Test Results

Uh oh!

Adam-Aghili left a comment

Choose a reason for hiding this comment

Uh oh!

codecov Bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Cristhianzl left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Summary

🔴 CRITICAL: Security & PII

PII in Logs - ZERO TOLERANCE

General Security

🔴 CRITICAL: DRY Principle

🔴 CRITICAL: File Structure Limits

Hard Limits Per File — native.py

Hard Limits Per File — test_native_tracer.py

Single Responsibility Test

Coesion — Over-Engineering Check

🟠 IMPORTANT: Architecture & Structure

Single Responsibility Principle

Layer Separation

Recommended File Structure

🟠 IMPORTANT: Code Quality

SOLID Principles

Clean Code

Specific Code Issues

🟠 IMPORTANT: Error Handling

🟡 RECOMMENDED: Observability

🟡 RECOMMENDED: Comments

🟢 TESTING

Coverage Requirements

Test Quality

Test Issues

🟢 LEGACY CODE AWARENESS

📋 Final Checklist

All Issues Summary

Uh oh!

Uh oh!

Cristhianzl left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

coderabbitai Bot commented Mar 18, 2026 •

edited

Loading

github-actions Bot commented Mar 18, 2026 •

edited

Loading

codecov Bot commented Mar 18, 2026 •

edited

Loading

Cristhianzl left a comment •

edited

Loading

Hard Limits Per File — `native.py`

Hard Limits Per File — `test_native_tracer.py`