perf(api): utilize the message_workflow_run_id_idx while querying messages (#32944)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

.github/workflows/style.yml

@@ -89,7 +89,7 @@ jobs:
         uses: actions/setup-node@v6
         if: steps.changed-files.outputs.any_changed == 'true'
         with:
-          node-version: 24
+          node-version: 22
           cache: pnpm
           cache-dependency-path: ./web/pnpm-lock.yaml
 

.github/workflows/tool-test-sdks.yaml

@@ -28,7 +28,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: 24
+          node-version: 22
           cache: ''
           cache-dependency-path: 'pnpm-lock.yaml'
 

.github/workflows/translate-i18n-claude.yml

@@ -57,7 +57,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: 24
+          node-version: 22
           cache: pnpm
           cache-dependency-path: ./web/pnpm-lock.yaml
 

.github/workflows/web-tests.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: 24
+          node-version: 22
           cache: pnpm
           cache-dependency-path: ./web/pnpm-lock.yaml
 
@@ -398,7 +398,7 @@ jobs:
         uses: actions/setup-node@v6
         if: steps.changed-files.outputs.any_changed == 'true'
         with:
-          node-version: 24
+          node-version: 22
           cache: pnpm
           cache-dependency-path: ./web/pnpm-lock.yaml
 

api/.env.example

@@ -715,6 +715,7 @@ ANNOTATION_IMPORT_MAX_CONCURRENT=5
 # Sandbox expired records clean configuration
 SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
 SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
+SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL=200
 SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
 SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL=90000
 

api/configs/feature/__init__.py

@@ -1344,6 +1344,10 @@ class SandboxExpiredRecordsCleanConfig(BaseSettings):
         description="Maximum number of records to process in each batch",
         default=1000,
     )
+    SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL: PositiveInt = Field(
+        description="Maximum interval in milliseconds between batches",
+        default=200,
+    )
     SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: PositiveInt = Field(
         description="Retention days for sandbox expired workflow_run records and message records",
         default=30,

api/controllers/console/remote_files.py

@@ -1,6 +1,7 @@
 import urllib.parse
 
 import httpx
+from flask_restx import Resource
 from pydantic import BaseModel, Field
 
 import services
@@ -10,12 +11,12 @@ from controllers.common.errors import (
     RemoteFileUploadError,
     UnsupportedFileTypeError,
 )
-from controllers.fastopenapi import console_router
+from controllers.console import console_ns
 from core.file import helpers as file_helpers
 from core.helper import ssrf_proxy
 from extensions.ext_database import db
 from fields.file_fields import FileWithSignedUrl, RemoteFileInfo
-from libs.login import current_account_with_tenant
+from libs.login import current_account_with_tenant, login_required
 from services.file_service import FileService
 
 
@@ -23,69 +24,73 @@ class RemoteFileUploadPayload(BaseModel):
     url: str = Field(..., description="URL to fetch")
 
 
-@console_router.get(
-    "/remote-files/<path:url>",
-    response_model=RemoteFileInfo,
-    tags=["console"],
-)
-def get_remote_file_info(url: str) -> RemoteFileInfo:
-    decoded_url = urllib.parse.unquote(url)
-    resp = ssrf_proxy.head(decoded_url)
-    if resp.status_code != httpx.codes.OK:
-        resp = ssrf_proxy.get(decoded_url, timeout=3)
-    resp.raise_for_status()
-    return RemoteFileInfo(
-        file_type=resp.headers.get("Content-Type", "application/octet-stream"),
-        file_length=int(resp.headers.get("Content-Length", 0)),
-    )
-
-
-@console_router.post(
-    "/remote-files/upload",
-    response_model=FileWithSignedUrl,
-    tags=["console"],
-    status_code=201,
-)
-def upload_remote_file(payload: RemoteFileUploadPayload) -> FileWithSignedUrl:
-    url = payload.url
-
-    try:
-        resp = ssrf_proxy.head(url=url)
+@console_ns.route("/remote-files/<path:url>")
+class GetRemoteFileInfo(Resource):
+    @login_required
+    def get(self, url: str):
+        decoded_url = urllib.parse.unquote(url)
+        resp = ssrf_proxy.head(decoded_url)
         if resp.status_code != httpx.codes.OK:
-            resp = ssrf_proxy.get(url=url, timeout=3, follow_redirects=True)
-        if resp.status_code != httpx.codes.OK:
-            raise RemoteFileUploadError(f"Failed to fetch file from {url}: {resp.text}")
-    except httpx.RequestError as e:
-        raise RemoteFileUploadError(f"Failed to fetch file from {url}: {str(e)}")
+            resp = ssrf_proxy.get(decoded_url, timeout=3)
+        resp.raise_for_status()
+        return RemoteFileInfo(
+            file_type=resp.headers.get("Content-Type", "application/octet-stream"),
+            file_length=int(resp.headers.get("Content-Length", 0)),
+        ).model_dump(mode="json")
 
-    file_info = helpers.guess_file_info_from_response(resp)
 
-    if not FileService.is_file_size_within_limit(extension=file_info.extension, file_size=file_info.size):
-        raise FileTooLargeError
+@console_ns.route("/remote-files/upload")
+class RemoteFileUpload(Resource):
+    @login_required
+    def post(self):
+        payload = RemoteFileUploadPayload.model_validate(console_ns.payload)
+        url = payload.url
 
-    content = resp.content if resp.request.method == "GET" else ssrf_proxy.get(url).content
+        # Try to fetch remote file metadata/content first
+        try:
+            resp = ssrf_proxy.head(url=url)
+            if resp.status_code != httpx.codes.OK:
+                resp = ssrf_proxy.get(url=url, timeout=3, follow_redirects=True)
+            if resp.status_code != httpx.codes.OK:
+                # Normalize into a user-friendly error message expected by tests
+                raise RemoteFileUploadError(f"Failed to fetch file from {url}: {resp.text}")
+        except httpx.RequestError as e:
+            raise RemoteFileUploadError(f"Failed to fetch file from {url}: {str(e)}")
 
-    try:
-        user, _ = current_account_with_tenant()
-        upload_file = FileService(db.engine).upload_file(
-            filename=file_info.filename,
-            content=content,
-            mimetype=file_info.mimetype,
-            user=user,
-            source_url=url,
+        file_info = helpers.guess_file_info_from_response(resp)
+
+        # Enforce file size limit with 400 (Bad Request) per tests' expectation
+        if not FileService.is_file_size_within_limit(extension=file_info.extension, file_size=file_info.size):
+            raise FileTooLargeError()
+
+        # Load content if needed
+        content = resp.content if resp.request.method == "GET" else ssrf_proxy.get(url).content
+
+        try:
+            user, _ = current_account_with_tenant()
+            upload_file = FileService(db.engine).upload_file(
+                filename=file_info.filename,
+                content=content,
+                mimetype=file_info.mimetype,
+                user=user,
+                source_url=url,
+            )
+        except services.errors.file.FileTooLargeError as file_too_large_error:
+            raise FileTooLargeError(file_too_large_error.description)
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError()
+
+        # Success: return created resource with 201 status
+        return (
+            FileWithSignedUrl(
+                id=upload_file.id,
+                name=upload_file.name,
+                size=upload_file.size,
+                extension=upload_file.extension,
+                url=file_helpers.get_signed_file_url(upload_file_id=upload_file.id),
+                mime_type=upload_file.mime_type,
+                created_by=upload_file.created_by,
+                created_at=int(upload_file.created_at.timestamp()),
+            ).model_dump(mode="json"),
+            201,
         )
-    except services.errors.file.FileTooLargeError as file_too_large_error:
-        raise FileTooLargeError(file_too_large_error.description)
-    except services.errors.file.UnsupportedFileTypeError:
-        raise UnsupportedFileTypeError()
-
-    return FileWithSignedUrl(
-        id=upload_file.id,
-        name=upload_file.name,
-        size=upload_file.size,
-        extension=upload_file.extension,
-        url=file_helpers.get_signed_file_url(upload_file_id=upload_file.id),
-        mime_type=upload_file.mime_type,
-        created_by=upload_file.created_by,
-        created_at=int(upload_file.created_at.timestamp()),
-    )

api/core/app/task_pipeline/easy_ui_based_generate_task_pipeline.py

@@ -157,7 +157,7 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
                             id=self._message_id,
                             mode=self._conversation_mode,
                             message_id=self._message_id,
-                            answer=cast(str, self._task_state.llm_result.message.content),
+                            answer=self._task_state.llm_result.message.get_text_content(),
                             created_at=self._message_created_at,
                             **extras,
                         ),
@@ -170,7 +170,7 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
                             mode=self._conversation_mode,
                             conversation_id=self._conversation_id,
                             message_id=self._message_id,
-                            answer=cast(str, self._task_state.llm_result.message.content),
+                            answer=self._task_state.llm_result.message.get_text_content(),
                             created_at=self._message_created_at,
                             **extras,
                         ),
@@ -283,7 +283,7 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
 
                 # handle output moderation
                 output_moderation_answer = self.handle_output_moderation_when_task_finished(
-                    cast(str, self._task_state.llm_result.message.content)
+                    self._task_state.llm_result.message.get_text_content()
                 )
                 if output_moderation_answer:
                     self._task_state.llm_result.message.content = output_moderation_answer
@@ -397,7 +397,7 @@ class EasyUIBasedGenerateTaskPipeline(BasedGenerateTaskPipeline):
         message.message_unit_price = usage.prompt_unit_price
         message.message_price_unit = usage.prompt_price_unit
         message.answer = (
-            PromptTemplateParser.remove_template_variables(cast(str, llm_result.message.content).strip())
+            PromptTemplateParser.remove_template_variables(llm_result.message.get_text_content().strip())
             if llm_result.message.content
             else ""
         )

api/migrations/versions/2026_02_11_1549-fce013ca180e_fix_index_to_optimize_message_clean_job_.py

@@ -0,0 +1,39 @@
+"""fix index to optimize message clean job performance
+
+Revision ID: fce013ca180e
+Revises: f55813ffe2c8
+Create Date: 2026-02-11 15:49:17.603638
+
+"""
+from alembic import op
+import models as models
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'fce013ca180e'
+down_revision = 'f55813ffe2c8'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('messages', schema=None) as batch_op:
+        batch_op.drop_index(batch_op.f('message_created_at_idx'))
+
+    with op.batch_alter_table('saved_messages', schema=None) as batch_op:
+        batch_op.create_index('saved_message_message_id_idx', ['message_id'], unique=False)
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('saved_messages', schema=None) as batch_op:
+        batch_op.drop_index('saved_message_message_id_idx')
+
+    with op.batch_alter_table('messages', schema=None) as batch_op:
+        batch_op.create_index(batch_op.f('message_created_at_idx'), ['created_at'], unique=False)
+
+    # ### end Alembic commands ###

api/models/model.py

@@ -1040,7 +1040,6 @@ class Message(Base):
         Index("message_end_user_idx", "app_id", "from_source", "from_end_user_id"),
         Index("message_account_idx", "app_id", "from_source", "from_account_id"),
         Index("message_workflow_run_id_idx", "conversation_id", "workflow_run_id"),
-        Index("message_created_at_idx", "created_at"),
         Index("message_app_mode_idx", "app_mode"),
         Index("message_created_at_id_idx", "created_at", "id"),
     )

api/models/web.py

@@ -16,6 +16,7 @@ class SavedMessage(TypeBase):
     __table_args__ = (
         sa.PrimaryKeyConstraint("id", name="saved_message_pkey"),
         sa.Index("saved_message_message_idx", "app_id", "message_id", "created_by_role", "created_by"),
+        sa.Index("saved_message_message_id_idx", "message_id"),
     )
 
     id: Mapped[str] = mapped_column(

api/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "dify-api"
-version = "1.12.1"
+version = "1.13.0"
 requires-python = ">=3.11,<3.13"
 
 dependencies = [

api/services/app_generate_service.py

@@ -131,33 +131,54 @@ class AppGenerateService:
             elif app_model.mode == AppMode.ADVANCED_CHAT:
                 workflow_id = args.get("workflow_id")
                 workflow = cls._get_workflow(app_model, invoke_from, workflow_id)
-                with rate_limit_context(rate_limit, request_id):
-                    payload = AppExecutionParams.new(
-                        app_model=app_model,
-                        workflow=workflow,
-                        user=user,
-                        args=args,
-                        invoke_from=invoke_from,
-                        streaming=streaming,
-                        call_depth=0,
-                    )
-                    payload_json = payload.model_dump_json()
 
-                def on_subscribe():
-                    workflow_based_app_execution_task.delay(payload_json)
+                if streaming:
+                    # Streaming mode: subscribe to SSE and enqueue the execution on first subscriber
+                    with rate_limit_context(rate_limit, request_id):
+                        payload = AppExecutionParams.new(
+                            app_model=app_model,
+                            workflow=workflow,
+                            user=user,
+                            args=args,
+                            invoke_from=invoke_from,
+                            streaming=True,
+                            call_depth=0,
+                        )
+                        payload_json = payload.model_dump_json()
 
-                on_subscribe = cls._build_streaming_task_on_subscribe(on_subscribe)
-                generator = AdvancedChatAppGenerator()
-                return rate_limit.generate(
-                    generator.convert_to_event_stream(
-                        generator.retrieve_events(
-                            AppMode.ADVANCED_CHAT,
-                            payload.workflow_run_id,
-                            on_subscribe=on_subscribe,
+                    def on_subscribe():
+                        workflow_based_app_execution_task.delay(payload_json)
+
+                    on_subscribe = cls._build_streaming_task_on_subscribe(on_subscribe)
+                    generator = AdvancedChatAppGenerator()
+                    return rate_limit.generate(
+                        generator.convert_to_event_stream(
+                            generator.retrieve_events(
+                                AppMode.ADVANCED_CHAT,
+                                payload.workflow_run_id,
+                                on_subscribe=on_subscribe,
+                            ),
                         ),
-                    ),
-                    request_id=request_id,
-                )
+                        request_id=request_id,
+                    )
+                else:
+                    # Blocking mode: run synchronously and return JSON instead of SSE
+                    # Keep behaviour consistent with WORKFLOW blocking branch.
+                    advanced_generator = AdvancedChatAppGenerator()
+                    return rate_limit.generate(
+                        advanced_generator.convert_to_event_stream(
+                            advanced_generator.generate(
+                                app_model=app_model,
+                                workflow=workflow,
+                                user=user,
+                                args=args,
+                                invoke_from=invoke_from,
+                                workflow_run_id=str(uuid.uuid4()),
+                                streaming=False,
+                            )
+                        ),
+                        request_id=request_id,
+                    )
             elif app_model.mode == AppMode.WORKFLOW:
                 workflow_id = args.get("workflow_id")
                 workflow = cls._get_workflow(app_model, invoke_from, workflow_id)

api/services/retention/conversation/messages_clean_service.py

@@ -1,10 +1,13 @@
 import datetime
 import logging
+import os
 import random
+import time
 from collections.abc import Sequence
 from typing import cast
 
-from sqlalchemy import delete, select
+import sqlalchemy as sa
+from sqlalchemy import delete, select, tuple_
 from sqlalchemy.engine import CursorResult
 from sqlalchemy.orm import Session
 
@@ -193,11 +196,15 @@ class MessagesCleanService:
             self._end_before,
         )
 
+        max_batch_interval_ms = int(os.environ.get("SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL", 200))
+
         while True:
             stats["batches"] += 1
+            batch_start = time.monotonic()
 
             # Step 1: Fetch a batch of messages using cursor
             with Session(db.engine, expire_on_commit=False) as session:
+                fetch_messages_start = time.monotonic()
                 msg_stmt = (
                     select(Message.id, Message.app_id, Message.created_at)
                     .where(Message.created_at < self._end_before)
@@ -209,13 +216,13 @@ class MessagesCleanService:
                     msg_stmt = msg_stmt.where(Message.created_at >= self._start_from)
 
                 # Apply cursor condition: (created_at, id) > (last_created_at, last_message_id)
-                # This translates to:
-                #   created_at > last_created_at OR (created_at = last_created_at AND id > last_message_id)
                 if _cursor:
-                    # Continuing from previous batch
                     msg_stmt = msg_stmt.where(
-                        (Message.created_at > _cursor[0])
-                        | ((Message.created_at == _cursor[0]) & (Message.id > _cursor[1]))
+                        tuple_(Message.created_at, Message.id)
+                        > tuple_(
+                            sa.literal(_cursor[0], type_=sa.DateTime()),
+                            sa.literal(_cursor[1], type_=Message.id.type),
+                        )
                     )
 
                 raw_messages = list(session.execute(msg_stmt).all())
@@ -223,6 +230,12 @@ class MessagesCleanService:
                     SimpleMessage(id=msg_id, app_id=app_id, created_at=msg_created_at)
                     for msg_id, app_id, msg_created_at in raw_messages
                 ]
+                logger.info(
+                    "clean_messages (batch %s): fetched %s messages in %sms",
+                    stats["batches"],
+                    len(messages),
+                    int((time.monotonic() - fetch_messages_start) * 1000),
+                )
 
                 # Track total messages fetched across all batches
                 stats["total_messages"] += len(messages)
@@ -241,8 +254,16 @@ class MessagesCleanService:
                     logger.info("clean_messages (batch %s): no app_ids found, skip", stats["batches"])
                     continue
 
+                fetch_apps_start = time.monotonic()
                 app_stmt = select(App.id, App.tenant_id).where(App.id.in_(app_ids))
                 apps = list(session.execute(app_stmt).all())
+                logger.info(
+                    "clean_messages (batch %s): fetched %s apps for %s app_ids in %sms",
+                    stats["batches"],
+                    len(apps),
+                    len(app_ids),
+                    int((time.monotonic() - fetch_apps_start) * 1000),
+                )
 
             if not apps:
                 logger.info("clean_messages (batch %s): no apps found, skip", stats["batches"])
@@ -252,7 +273,15 @@ class MessagesCleanService:
             app_to_tenant: dict[str, str] = {app.id: app.tenant_id for app in apps}
 
             # Step 3: Delegate to policy to determine which messages to delete
+            policy_start = time.monotonic()
             message_ids_to_delete = self._policy.filter_message_ids(messages, app_to_tenant)
+            logger.info(
+                "clean_messages (batch %s): policy selected %s/%s messages in %sms",
+                stats["batches"],
+                len(message_ids_to_delete),
+                len(messages),
+                int((time.monotonic() - policy_start) * 1000),
+            )
 
             if not message_ids_to_delete:
                 logger.info("clean_messages (batch %s): no messages to delete, skip", stats["batches"])
@@ -263,14 +292,20 @@ class MessagesCleanService:
             # Step 4: Batch delete messages and their relations
             if not self._dry_run:
                 with Session(db.engine, expire_on_commit=False) as session:
+                    delete_relations_start = time.monotonic()
                     # Delete related records first
                     self._batch_delete_message_relations(session, message_ids_to_delete)
+                    delete_relations_ms = int((time.monotonic() - delete_relations_start) * 1000)
 
                     # Delete messages
+                    delete_messages_start = time.monotonic()
                     delete_stmt = delete(Message).where(Message.id.in_(message_ids_to_delete))
                     delete_result = cast(CursorResult, session.execute(delete_stmt))
                     messages_deleted = delete_result.rowcount
+                    delete_messages_ms = int((time.monotonic() - delete_messages_start) * 1000)
+                    commit_start = time.monotonic()
                     session.commit()
+                    commit_ms = int((time.monotonic() - commit_start) * 1000)
 
                     stats["total_deleted"] += messages_deleted
 
@@ -280,6 +315,19 @@ class MessagesCleanService:
                         len(messages),
                         messages_deleted,
                     )
+                    logger.info(
+                        "clean_messages (batch %s): relations %sms,  messages %sms, commit %sms, batch total %sms",
+                        stats["batches"],
+                        delete_relations_ms,
+                        delete_messages_ms,
+                        commit_ms,
+                        int((time.monotonic() - batch_start) * 1000),
+                    )
+
+                # Random sleep between batches to avoid overwhelming the database
+                sleep_ms = random.uniform(0, max_batch_interval_ms)  # noqa: S311
+                logger.info("clean_messages (batch %s): sleeping for %.2fms", stats["batches"], sleep_ms)
+                time.sleep(sleep_ms / 1000)
             else:
                 # Log random sample of message IDs that would be deleted (up to 10)
                 sample_size = min(10, len(message_ids_to_delete))

api/services/retention/workflow_run/clear_free_plan_expired_workflow_run_logs.py

@@ -1,5 +1,8 @@
 import datetime
 import logging
+import os
+import random
+import time
 from collections.abc import Iterable, Sequence
 
 import click
@@ -72,7 +75,12 @@ class WorkflowRunCleanup:
         batch_index = 0
         last_seen: tuple[datetime.datetime, str] | None = None
 
+        max_batch_interval_ms = int(os.environ.get("SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL", 200))
+
         while True:
+            batch_start = time.monotonic()
+
+            fetch_start = time.monotonic()
             run_rows = self.workflow_run_repo.get_runs_batch_by_time_range(
                 start_from=self.window_start,
                 end_before=self.window_end,
@@ -80,12 +88,30 @@ class WorkflowRunCleanup:
                 batch_size=self.batch_size,
             )
             if not run_rows:
+                logger.info("workflow_run_cleanup (batch #%s): no more rows to process", batch_index + 1)
                 break
 
             batch_index += 1
             last_seen = (run_rows[-1].created_at, run_rows[-1].id)
+            logger.info(
+                "workflow_run_cleanup (batch #%s): fetched %s rows in %sms",
+                batch_index,
+                len(run_rows),
+                int((time.monotonic() - fetch_start) * 1000),
+            )
+
             tenant_ids = {row.tenant_id for row in run_rows}
+
+            filter_start = time.monotonic()
             free_tenants = self._filter_free_tenants(tenant_ids)
+            logger.info(
+                "workflow_run_cleanup (batch #%s): filtered %s free tenants from %s tenants in %sms",
+                batch_index,
+                len(free_tenants),
+                len(tenant_ids),
+                int((time.monotonic() - filter_start) * 1000),
+            )
+
             free_runs = [row for row in run_rows if row.tenant_id in free_tenants]
             paid_or_skipped = len(run_rows) - len(free_runs)
 
@@ -104,11 +130,17 @@ class WorkflowRunCleanup:
             total_runs_targeted += len(free_runs)
 
             if self.dry_run:
+                count_start = time.monotonic()
                 batch_counts = self.workflow_run_repo.count_runs_with_related(
                     free_runs,
                     count_node_executions=self._count_node_executions,
                     count_trigger_logs=self._count_trigger_logs,
                 )
+                logger.info(
+                    "workflow_run_cleanup (batch #%s, dry_run): counted related records in %sms",
+                    batch_index,
+                    int((time.monotonic() - count_start) * 1000),
+                )
                 if related_totals is not None:
                     for key in related_totals:
                         related_totals[key] += batch_counts.get(key, 0)
@@ -120,14 +152,21 @@ class WorkflowRunCleanup:
                         fg="yellow",
                     )
                 )
+                logger.info(
+                    "workflow_run_cleanup (batch #%s, dry_run): batch total %sms",
+                    batch_index,
+                    int((time.monotonic() - batch_start) * 1000),
+                )
                 continue
 
             try:
+                delete_start = time.monotonic()
                 counts = self.workflow_run_repo.delete_runs_with_related(
                     free_runs,
                     delete_node_executions=self._delete_node_executions,
                     delete_trigger_logs=self._delete_trigger_logs,
                 )
+                delete_ms = int((time.monotonic() - delete_start) * 1000)
             except Exception:
                 logger.exception("Failed to delete workflow runs batch ending at %s", last_seen[0])
                 raise
@@ -143,6 +182,17 @@ class WorkflowRunCleanup:
                     fg="green",
                 )
             )
+            logger.info(
+                "workflow_run_cleanup (batch #%s): delete %sms, batch total %sms",
+                batch_index,
+                delete_ms,
+                int((time.monotonic() - batch_start) * 1000),
+            )
+
+            # Random sleep between batches to avoid overwhelming the database
+            sleep_ms = random.uniform(0, max_batch_interval_ms)  # noqa: S311
+            logger.info("workflow_run_cleanup (batch #%s): sleeping for %.2fms", batch_index, sleep_ms)
+            time.sleep(sleep_ms / 1000)
 
         if self.dry_run:
             if self.window_start:

api/tasks/app_generate/workflow_execute_task.py

@@ -321,7 +321,13 @@ def _resume_app_execution(payload: dict[str, Any]) -> None:
                 return
 
             message = session.scalar(
-                select(Message).where(Message.workflow_run_id == workflow_run_id).order_by(Message.created_at.desc())
+                select(Message)
+                .where(
+                    Message.conversation_id == conversation.id,
+                    Message.workflow_run_id == workflow_run_id,
+                )
+                .order_by(Message.created_at.desc())
+                .limit(1)
             )
             if message is None:
                 logger.warning("Message not found for workflow run %s", workflow_run_id)

api/tests/unit_tests/controllers/console/test_fastopenapi_remote_files.py

@@ -1,92 +1,286 @@
-import builtins
+"""Tests for remote file upload API endpoints using Flask-RESTX."""
+
+import contextlib
 from datetime import datetime
 from types import SimpleNamespace
-from unittest.mock import patch
+from unittest.mock import Mock, patch
 
 import httpx
 import pytest
-from flask import Flask
-from flask.views import MethodView
-
-from extensions import ext_fastopenapi
-
-if not hasattr(builtins, "MethodView"):
-    builtins.MethodView = MethodView  # type: ignore[attr-defined]
+from flask import Flask, g
 
 
 @pytest.fixture
 def app() -> Flask:
+    """Create Flask app for testing."""
     app = Flask(__name__)
     app.config["TESTING"] = True
+    app.config["SECRET_KEY"] = "test-secret-key"
     return app
 
 
-def test_console_remote_files_fastopenapi_get_info(app: Flask):
-    ext_fastopenapi.init_app(app)
+@pytest.fixture
+def client(app):
+    """Create test client with console blueprint registered."""
+    from controllers.console import bp
 
-    response = httpx.Response(
-        200,
-        request=httpx.Request("HEAD", "http://example.com/file.txt"),
-        headers={"Content-Type": "text/plain", "Content-Length": "10"},
-    )
-
-    with patch("controllers.console.remote_files.ssrf_proxy.head", return_value=response):
-        client = app.test_client()
-        encoded_url = "http%3A%2F%2Fexample.com%2Ffile.txt"
-        resp = client.get(f"/console/api/remote-files/{encoded_url}")
-
-    assert resp.status_code == 200
-    assert resp.get_json() == {"file_type": "text/plain", "file_length": 10}
+    app.register_blueprint(bp)
+    return app.test_client()
 
 
-def test_console_remote_files_fastopenapi_upload(app: Flask):
-    ext_fastopenapi.init_app(app)
+@pytest.fixture
+def mock_account():
+    """Create a mock account for testing."""
+    from models import Account
 
-    head_response = httpx.Response(
-        200,
-        request=httpx.Request("GET", "http://example.com/file.txt"),
-        content=b"hello",
-    )
-    file_info = SimpleNamespace(
-        extension="txt",
-        size=5,
-        filename="file.txt",
-        mimetype="text/plain",
-    )
-    uploaded = SimpleNamespace(
-        id="file-id",
-        name="file.txt",
-        size=5,
-        extension="txt",
-        mime_type="text/plain",
-        created_by="user-id",
-        created_at=datetime(2024, 1, 1),
-    )
+    account = Mock(spec=Account)
+    account.id = "test-account-id"
+    account.current_tenant_id = "test-tenant-id"
+    return account
 
-    with (
-        patch("controllers.console.remote_files.db", new=SimpleNamespace(engine=object())),
-        patch("controllers.console.remote_files.ssrf_proxy.head", return_value=head_response),
-        patch("controllers.console.remote_files.helpers.guess_file_info_from_response", return_value=file_info),
-        patch("controllers.console.remote_files.FileService.is_file_size_within_limit", return_value=True),
-        patch("controllers.console.remote_files.FileService.__init__", return_value=None),
-        patch("controllers.console.remote_files.current_account_with_tenant", return_value=(object(), "tenant-id")),
-        patch("controllers.console.remote_files.FileService.upload_file", return_value=uploaded),
-        patch("controllers.console.remote_files.file_helpers.get_signed_file_url", return_value="signed-url"),
-    ):
-        client = app.test_client()
-        resp = client.post(
-            "/console/api/remote-files/upload",
-            json={"url": "http://example.com/file.txt"},
+
+@pytest.fixture
+def auth_ctx(app, mock_account):
+    """Context manager to set auth/tenant context in flask.g for a request."""
+
+    @contextlib.contextmanager
+    def _ctx():
+        with app.test_request_context():
+            g._login_user = mock_account
+            g._current_tenant = mock_account.current_tenant_id
+            yield
+
+    return _ctx
+
+
+class TestGetRemoteFileInfo:
+    """Test GET /console/api/remote-files/<path:url> endpoint."""
+
+    def test_get_remote_file_info_success(self, app, client, mock_account):
+        """Test successful retrieval of remote file info."""
+        response = httpx.Response(
+            200,
+            request=httpx.Request("HEAD", "http://example.com/file.txt"),
+            headers={"Content-Type": "text/plain", "Content-Length": "1024"},
         )
 
-    assert resp.status_code == 201
-    assert resp.get_json() == {
-        "id": "file-id",
-        "name": "file.txt",
-        "size": 5,
-        "extension": "txt",
-        "url": "signed-url",
-        "mime_type": "text/plain",
-        "created_by": "user-id",
-        "created_at": int(uploaded.created_at.timestamp()),
-    }
+        with (
+            patch(
+                "controllers.console.remote_files.current_account_with_tenant",
+                return_value=(mock_account, "test-tenant-id"),
+            ),
+            patch("controllers.console.remote_files.ssrf_proxy.head", return_value=response),
+            patch("libs.login.check_csrf_token", return_value=None),
+        ):
+            with app.test_request_context():
+                g._login_user = mock_account
+                g._current_tenant = mock_account.current_tenant_id
+                encoded_url = "http%3A%2F%2Fexample.com%2Ffile.txt"
+                resp = client.get(f"/console/api/remote-files/{encoded_url}")
+
+        assert resp.status_code == 200
+        data = resp.get_json()
+        assert data["file_type"] == "text/plain"
+        assert data["file_length"] == 1024
+
+    def test_get_remote_file_info_fallback_to_get_on_head_failure(self, app, client, mock_account):
+        """Test fallback to GET when HEAD returns non-200 status."""
+        head_response = httpx.Response(
+            404,
+            request=httpx.Request("HEAD", "http://example.com/file.pdf"),
+        )
+        get_response = httpx.Response(
+            200,
+            request=httpx.Request("GET", "http://example.com/file.pdf"),
+            headers={"Content-Type": "application/pdf", "Content-Length": "2048"},
+        )
+
+        with (
+            patch(
+                "controllers.console.remote_files.current_account_with_tenant",
+                return_value=(mock_account, "test-tenant-id"),
+            ),
+            patch("controllers.console.remote_files.ssrf_proxy.head", return_value=head_response),
+            patch("controllers.console.remote_files.ssrf_proxy.get", return_value=get_response),
+            patch("libs.login.check_csrf_token", return_value=None),
+        ):
+            with app.test_request_context():
+                g._login_user = mock_account
+                g._current_tenant = mock_account.current_tenant_id
+                encoded_url = "http%3A%2F%2Fexample.com%2Ffile.pdf"
+                resp = client.get(f"/console/api/remote-files/{encoded_url}")
+
+        assert resp.status_code == 200
+        data = resp.get_json()
+        assert data["file_type"] == "application/pdf"
+        assert data["file_length"] == 2048
+
+
+class TestRemoteFileUpload:
+    """Test POST /console/api/remote-files/upload endpoint."""
+
+    @pytest.mark.parametrize(
+        ("head_status", "use_get"),
+        [
+            (200, False),  # HEAD succeeds
+            (405, True),  # HEAD fails -> fallback GET
+        ],
+    )
+    def test_upload_remote_file_success_paths(self, client, mock_account, auth_ctx, head_status, use_get):
+        url = "http://example.com/file.pdf"
+        head_resp = httpx.Response(
+            head_status,
+            request=httpx.Request("HEAD", url),
+            headers={"Content-Type": "application/pdf", "Content-Length": "1024"},
+        )
+        get_resp = httpx.Response(
+            200,
+            request=httpx.Request("GET", url),
+            headers={"Content-Type": "application/pdf", "Content-Length": "1024"},
+            content=b"file content",
+        )
+
+        file_info = SimpleNamespace(
+            extension="pdf",
+            size=1024,
+            filename="file.pdf",
+            mimetype="application/pdf",
+        )
+        uploaded_file = SimpleNamespace(
+            id="uploaded-file-id",
+            name="file.pdf",
+            size=1024,
+            extension="pdf",
+            mime_type="application/pdf",
+            created_by="test-account-id",
+            created_at=datetime(2024, 1, 1, 12, 0, 0),
+        )
+
+        with (
+            patch(
+                "controllers.console.remote_files.current_account_with_tenant",
+                return_value=(mock_account, "test-tenant-id"),
+            ),
+            patch("controllers.console.remote_files.ssrf_proxy.head", return_value=head_resp) as p_head,
+            patch("controllers.console.remote_files.ssrf_proxy.get", return_value=get_resp) as p_get,
+            patch(
+                "controllers.console.remote_files.helpers.guess_file_info_from_response",
+                return_value=file_info,
+            ),
+            patch(
+                "controllers.console.remote_files.FileService.is_file_size_within_limit",
+                return_value=True,
+            ),
+            patch("controllers.console.remote_files.db", spec=["engine"]),
+            patch("controllers.console.remote_files.FileService") as mock_file_service,
+            patch(
+                "controllers.console.remote_files.file_helpers.get_signed_file_url",
+                return_value="http://example.com/signed-url",
+            ),
+            patch("libs.login.check_csrf_token", return_value=None),
+        ):
+            mock_file_service.return_value.upload_file.return_value = uploaded_file
+
+            with auth_ctx():
+                resp = client.post(
+                    "/console/api/remote-files/upload",
+                    json={"url": url},
+                )
+
+        assert resp.status_code == 201
+        p_head.assert_called_once()
+        # GET is used either for fallback (HEAD fails) or to fetch content after HEAD succeeds
+        p_get.assert_called_once()
+        mock_file_service.return_value.upload_file.assert_called_once()
+
+        data = resp.get_json()
+        assert data["id"] == "uploaded-file-id"
+        assert data["name"] == "file.pdf"
+        assert data["size"] == 1024
+        assert data["extension"] == "pdf"
+        assert data["url"] == "http://example.com/signed-url"
+        assert data["mime_type"] == "application/pdf"
+        assert data["created_by"] == "test-account-id"
+
+    @pytest.mark.parametrize(
+        ("size_ok", "raises", "expected_status", "expected_msg"),
+        [
+            # When size check fails in controller, API returns 413 with message "File size exceeded..."
+            (False, None, 413, "file size exceeded"),
+            # When service raises unsupported type, controller maps to 415 with message "File type not allowed."
+            (True, "unsupported", 415, "file type not allowed"),
+        ],
+    )
+    def test_upload_remote_file_errors(
+        self, client, mock_account, auth_ctx, size_ok, raises, expected_status, expected_msg
+    ):
+        url = "http://example.com/x.pdf"
+        head_resp = httpx.Response(
+            200,
+            request=httpx.Request("HEAD", url),
+            headers={"Content-Type": "application/pdf", "Content-Length": "9"},
+        )
+        file_info = SimpleNamespace(extension="pdf", size=9, filename="x.pdf", mimetype="application/pdf")
+
+        with (
+            patch(
+                "controllers.console.remote_files.current_account_with_tenant",
+                return_value=(mock_account, "test-tenant-id"),
+            ),
+            patch("controllers.console.remote_files.ssrf_proxy.head", return_value=head_resp),
+            patch(
+                "controllers.console.remote_files.helpers.guess_file_info_from_response",
+                return_value=file_info,
+            ),
+            patch(
+                "controllers.console.remote_files.FileService.is_file_size_within_limit",
+                return_value=size_ok,
+            ),
+            patch("controllers.console.remote_files.db", spec=["engine"]),
+            patch("libs.login.check_csrf_token", return_value=None),
+        ):
+            if raises == "unsupported":
+                from services.errors.file import UnsupportedFileTypeError
+
+                with patch("controllers.console.remote_files.FileService") as mock_file_service:
+                    mock_file_service.return_value.upload_file.side_effect = UnsupportedFileTypeError("bad")
+                    with auth_ctx():
+                        resp = client.post(
+                            "/console/api/remote-files/upload",
+                            json={"url": url},
+                        )
+            else:
+                with auth_ctx():
+                    resp = client.post(
+                        "/console/api/remote-files/upload",
+                        json={"url": url},
+                    )
+
+        assert resp.status_code == expected_status
+        data = resp.get_json()
+        msg = (data.get("error") or {}).get("message") or data.get("message", "")
+        assert expected_msg in msg.lower()
+
+    def test_upload_remote_file_fetch_failure(self, client, mock_account, auth_ctx):
+        """Test upload when fetching of remote file fails."""
+        with (
+            patch(
+                "controllers.console.remote_files.current_account_with_tenant",
+                return_value=(mock_account, "test-tenant-id"),
+            ),
+            patch(
+                "controllers.console.remote_files.ssrf_proxy.head",
+                side_effect=httpx.RequestError("Connection failed"),
+            ),
+            patch("libs.login.check_csrf_token", return_value=None),
+        ):
+            with auth_ctx():
+                resp = client.post(
+                    "/console/api/remote-files/upload",
+                    json={"url": "http://unreachable.com/file.pdf"},
+                )
+
+        assert resp.status_code == 400
+        data = resp.get_json()
+        msg = (data.get("error") or {}).get("message") or data.get("message", "")
+        assert "failed to fetch" in msg.lower()

api/tests/unit_tests/core/schemas/test_resolver.py

@@ -496,6 +496,9 @@ class TestSchemaResolverClass:
         avg_time_no_cache = sum(results1) / len(results1)
 
         # Second run (with cache) - run multiple times
+        # Warm up cache first
+        resolve_dify_schema_refs(schema)
+
         results2 = []
         for _ in range(3):
             start = time.perf_counter()

api/tests/unit_tests/services/test_app_generate_service.py

@@ -63,3 +63,56 @@ def test_workflow_blocking_injects_pause_state_config(mocker, monkeypatch):
     pause_state_config = call_kwargs.get("pause_state_config")
     assert pause_state_config is not None
     assert pause_state_config.state_owner_user_id == "owner-id"
+
+
+def test_advanced_chat_blocking_returns_dict_and_does_not_use_event_retrieval(mocker, monkeypatch):
+    """
+    Regression test: ADVANCED_CHAT in blocking mode should return a plain dict
+    (non-streaming), and must not go through the async retrieve_events path.
+    Keeps behavior consistent with WORKFLOW blocking branch.
+    """
+    # Disable billing and stub RateLimit to a no-op that just passes values through
+    monkeypatch.setattr(app_generate_service_module.dify_config, "BILLING_ENABLED", False)
+    mocker.patch("services.app_generate_service.RateLimit", _DummyRateLimit)
+
+    # Arrange a fake workflow and wire AppGenerateService._get_workflow to return it
+    workflow = MagicMock()
+    workflow.id = "workflow-id"
+    mocker.patch.object(AppGenerateService, "_get_workflow", return_value=workflow)
+
+    # Spy on the streaming retrieval path to ensure it's NOT called
+    retrieve_spy = mocker.patch("services.app_generate_service.AdvancedChatAppGenerator.retrieve_events")
+
+    # Make AdvancedChatAppGenerator.generate return a plain dict when streaming=False
+    generate_spy = mocker.patch(
+        "services.app_generate_service.AdvancedChatAppGenerator.generate",
+        return_value={"result": "ok"},
+    )
+
+    # Minimal app model for ADVANCED_CHAT
+    app_model = MagicMock()
+    app_model.mode = AppMode.ADVANCED_CHAT
+    app_model.id = "app-id"
+    app_model.tenant_id = "tenant-id"
+    app_model.max_active_requests = 0
+    app_model.is_agent = False
+
+    user = MagicMock()
+    user.id = "user-id"
+
+    # Must include query and inputs for AdvancedChatAppGenerator
+    args = {"workflow_id": "wf-1", "query": "hello", "inputs": {}}
+
+    # Act: call service with streaming=False (blocking mode)
+    result = AppGenerateService.generate(
+        app_model=app_model,
+        user=user,
+        args=args,
+        invoke_from=MagicMock(),
+        streaming=False,
+    )
+
+    # Assert: returns the dict from generate(), and did not call retrieve_events()
+    assert result == {"result": "ok"}
+    assert generate_spy.call_args.kwargs.get("streaming") is False
+    retrieve_spy.assert_not_called()

api/tests/unit_tests/tasks/test_workflow_execute_task.py

@@ -2,12 +2,40 @@ from __future__ import annotations
 
 import json
 import uuid
+from types import SimpleNamespace
 from unittest.mock import MagicMock
 
 import pytest
 
-from models.model import AppMode
-from tasks.app_generate.workflow_execute_task import _publish_streaming_response
+from core.app.entities.app_invoke_entities import AdvancedChatAppGenerateEntity, InvokeFrom
+from models.enums import CreatorUserRole
+from models.model import App, AppMode, Conversation
+from models.workflow import Workflow, WorkflowRun
+from tasks.app_generate.workflow_execute_task import _publish_streaming_response, _resume_app_execution
+
+
+class _FakeSessionContext:
+    def __init__(self, session: MagicMock):
+        self._session = session
+
+    def __enter__(self) -> MagicMock:
+        return self._session
+
+    def __exit__(self, exc_type, exc, tb) -> bool:
+        return False
+
+
+def _build_advanced_chat_generate_entity(conversation_id: str | None) -> AdvancedChatAppGenerateEntity:
+    return AdvancedChatAppGenerateEntity(
+        task_id="task-id",
+        inputs={},
+        files=[],
+        user_id="user-id",
+        stream=True,
+        invoke_from=InvokeFrom.WEB_APP,
+        query="query",
+        conversation_id=conversation_id,
+    )
 
 
 @pytest.fixture
@@ -37,3 +65,138 @@ def test_publish_streaming_response_coerces_string_uuid(mock_topic: MagicMock):
     _publish_streaming_response(response_stream, str(workflow_run_id), app_mode=AppMode.ADVANCED_CHAT)
 
     mock_topic.publish.assert_called_once_with(json.dumps({"event": "bar"}).encode())
+
+
+def test_resume_app_execution_queries_message_by_conversation_and_workflow_run(mocker):
+    workflow_run_id = "run-id"
+    conversation_id = "conversation-id"
+    message = MagicMock()
+
+    mocker.patch("tasks.app_generate.workflow_execute_task.db", SimpleNamespace(engine=object()))
+
+    pause_entity = MagicMock()
+    pause_entity.get_state.return_value = b"state"
+
+    workflow_run_repo = MagicMock()
+    workflow_run_repo.get_workflow_pause.return_value = pause_entity
+    mocker.patch(
+        "tasks.app_generate.workflow_execute_task.DifyAPIRepositoryFactory.create_api_workflow_run_repository",
+        return_value=workflow_run_repo,
+    )
+
+    generate_entity = _build_advanced_chat_generate_entity(conversation_id)
+    resumption_context = MagicMock()
+    resumption_context.serialized_graph_runtime_state = "{}"
+    resumption_context.get_generate_entity.return_value = generate_entity
+    mocker.patch(
+        "tasks.app_generate.workflow_execute_task.WorkflowResumptionContext.loads", return_value=resumption_context
+    )
+    mocker.patch("tasks.app_generate.workflow_execute_task.GraphRuntimeState.from_snapshot", return_value=MagicMock())
+
+    workflow_run = SimpleNamespace(
+        workflow_id="wf-id",
+        app_id="app-id",
+        created_by_role=CreatorUserRole.ACCOUNT.value,
+        created_by="account-id",
+        tenant_id="tenant-id",
+    )
+    workflow = SimpleNamespace(created_by="workflow-owner")
+    app_model = SimpleNamespace(id="app-id")
+    conversation = SimpleNamespace(id=conversation_id)
+
+    session = MagicMock()
+
+    def _session_get(model, key):
+        if model is WorkflowRun:
+            return workflow_run
+        if model is Workflow:
+            return workflow
+        if model is App:
+            return app_model
+        if model is Conversation:
+            return conversation
+        return None
+
+    session.get.side_effect = _session_get
+    session.scalar.return_value = message
+
+    mocker.patch("tasks.app_generate.workflow_execute_task.Session", return_value=_FakeSessionContext(session))
+    mocker.patch("tasks.app_generate.workflow_execute_task._resolve_user_for_run", return_value=MagicMock())
+    resume_advanced_chat = mocker.patch("tasks.app_generate.workflow_execute_task._resume_advanced_chat")
+    mocker.patch("tasks.app_generate.workflow_execute_task._resume_workflow")
+
+    _resume_app_execution({"workflow_run_id": workflow_run_id})
+
+    stmt = session.scalar.call_args.args[0]
+    stmt_text = str(stmt)
+    assert "messages.conversation_id = :conversation_id_1" in stmt_text
+    assert "messages.workflow_run_id = :workflow_run_id_1" in stmt_text
+    assert "ORDER BY messages.created_at DESC" in stmt_text
+    assert " LIMIT " in stmt_text
+
+    compiled_params = stmt.compile().params
+    assert conversation_id in compiled_params.values()
+    assert workflow_run_id in compiled_params.values()
+
+    workflow_run_repo.resume_workflow_pause.assert_called_once_with(workflow_run_id, pause_entity)
+    resume_advanced_chat.assert_called_once()
+    assert resume_advanced_chat.call_args.kwargs["conversation"] is conversation
+    assert resume_advanced_chat.call_args.kwargs["message"] is message
+
+
+def test_resume_app_execution_returns_early_when_advanced_chat_missing_conversation_id(mocker):
+    workflow_run_id = "run-id"
+
+    mocker.patch("tasks.app_generate.workflow_execute_task.db", SimpleNamespace(engine=object()))
+
+    pause_entity = MagicMock()
+    pause_entity.get_state.return_value = b"state"
+
+    workflow_run_repo = MagicMock()
+    workflow_run_repo.get_workflow_pause.return_value = pause_entity
+    mocker.patch(
+        "tasks.app_generate.workflow_execute_task.DifyAPIRepositoryFactory.create_api_workflow_run_repository",
+        return_value=workflow_run_repo,
+    )
+
+    generate_entity = _build_advanced_chat_generate_entity(conversation_id=None)
+    resumption_context = MagicMock()
+    resumption_context.serialized_graph_runtime_state = "{}"
+    resumption_context.get_generate_entity.return_value = generate_entity
+    mocker.patch(
+        "tasks.app_generate.workflow_execute_task.WorkflowResumptionContext.loads", return_value=resumption_context
+    )
+    mocker.patch("tasks.app_generate.workflow_execute_task.GraphRuntimeState.from_snapshot", return_value=MagicMock())
+
+    workflow_run = SimpleNamespace(
+        workflow_id="wf-id",
+        app_id="app-id",
+        created_by_role=CreatorUserRole.ACCOUNT.value,
+        created_by="account-id",
+        tenant_id="tenant-id",
+    )
+    workflow = SimpleNamespace(created_by="workflow-owner")
+    app_model = SimpleNamespace(id="app-id")
+
+    session = MagicMock()
+
+    def _session_get(model, key):
+        if model is WorkflowRun:
+            return workflow_run
+        if model is Workflow:
+            return workflow
+        if model is App:
+            return app_model
+        return None
+
+    session.get.side_effect = _session_get
+
+    mocker.patch("tasks.app_generate.workflow_execute_task.Session", return_value=_FakeSessionContext(session))
+    mocker.patch("tasks.app_generate.workflow_execute_task._resolve_user_for_run", return_value=MagicMock())
+    resume_advanced_chat = mocker.patch("tasks.app_generate.workflow_execute_task._resume_advanced_chat")
+
+    _resume_app_execution({"workflow_run_id": workflow_run_id})
+
+    session.scalar.assert_not_called()
+    workflow_run_repo.resume_workflow_pause.assert_not_called()
+    resume_advanced_chat.assert_not_called()

api/uv.lock

@@ -1366,7 +1366,7 @@ wheels = [
 
 [[package]]
 name = "dify-api"
-version = "1.12.1"
+version = "1.13.0"
 source = { virtual = "." }
 dependencies = [
     { name = "aliyun-log-python-sdk" },

docker/.env.example

@@ -1523,6 +1523,7 @@ AMPLITUDE_API_KEY=
 # Sandbox expired records clean configuration
 SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
 SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
+SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL=200
 SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
 
 

docker/docker-compose-template.yaml

@@ -21,7 +21,7 @@ services:
 
   # API service
   api:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -63,7 +63,7 @@ services:
   # worker service
   # The Celery worker for processing all queues (dataset, workflow, mail, etc.)
   worker:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -102,7 +102,7 @@ services:
   # worker_beat service
   # Celery beat for scheduling periodic tasks.
   worker_beat:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -132,7 +132,7 @@ services:
 
   # Frontend web application.
   web:
-    image: langgenius/dify-web:1.12.1
+    image: langgenius/dify-web:1.13.0
     restart: always
     environment:
       CONSOLE_API_URL: ${CONSOLE_API_URL:-}

docker/docker-compose.yaml

@@ -684,6 +684,7 @@ x-shared-env: &shared-api-worker-env
   AMPLITUDE_API_KEY: ${AMPLITUDE_API_KEY:-}
   SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
   SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
+  SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL:-200}
   SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
   PUBSUB_REDIS_URL: ${PUBSUB_REDIS_URL:-}
   PUBSUB_REDIS_CHANNEL_TYPE: ${PUBSUB_REDIS_CHANNEL_TYPE:-pubsub}
@@ -714,7 +715,7 @@ services:
 
   # API service
   api:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -756,7 +757,7 @@ services:
   # worker service
   # The Celery worker for processing all queues (dataset, workflow, mail, etc.)
   worker:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -795,7 +796,7 @@ services:
   # worker_beat service
   # Celery beat for scheduling periodic tasks.
   worker_beat:
-    image: langgenius/dify-api:1.12.1
+    image: langgenius/dify-api:1.13.0
     restart: always
     environment:
       # Use the shared environment variables.
@@ -825,7 +826,7 @@ services:
 
   # Frontend web application.
   web:
-    image: langgenius/dify-web:1.12.1
+    image: langgenius/dify-web:1.13.0
     restart: always
     environment:
       CONSOLE_API_URL: ${CONSOLE_API_URL:-}

web/.nvmrc

@@ -1 +1 @@
-24
+22

web/Dockerfile

@@ -1,5 +1,5 @@
 # base image
-FROM node:24-alpine AS base
+FROM node:22-alpine AS base
 LABEL maintainer="takatost@gmail.com"
 
 # if you located in China, you can use aliyun mirror to speed up

web/app/account/oauth/authorize/constants.ts

@@ -1,3 +0,0 @@
-export const OAUTH_AUTHORIZE_PENDING_KEY = 'oauth_authorize_pending'
-export const REDIRECT_URL_KEY = 'oauth_redirect_url'
-export const OAUTH_AUTHORIZE_PENDING_TTL = 60 * 3

web/app/account/oauth/authorize/page.tsx

@@ -7,7 +7,6 @@ import {
   RiMailLine,
   RiTranslate2,
 } from '@remixicon/react'
-import dayjs from 'dayjs'
 import { useRouter, useSearchParams } from 'next/navigation'
 import * as React from 'react'
 import { useEffect, useRef } from 'react'
@@ -17,22 +16,10 @@ import Button from '@/app/components/base/button'
 import Loading from '@/app/components/base/loading'
 import Toast from '@/app/components/base/toast'
 import { useLanguage } from '@/app/components/header/account-setting/model-provider-page/hooks'
+import { setPostLoginRedirect } from '@/app/signin/utils/post-login-redirect'
 import { useAppContext } from '@/context/app-context'
 import { useIsLogin } from '@/service/use-common'
 import { useAuthorizeOAuthApp, useOAuthAppInfo } from '@/service/use-oauth'
-import {
-  OAUTH_AUTHORIZE_PENDING_KEY,
-  OAUTH_AUTHORIZE_PENDING_TTL,
-  REDIRECT_URL_KEY,
-} from './constants'
-
-function setItemWithExpiry(key: string, value: string, ttl: number) {
-  const item = {
-    value,
-    expiry: dayjs().add(ttl, 'seconds').unix(),
-  }
-  localStorage.setItem(key, JSON.stringify(item))
-}
 
 function buildReturnUrl(pathname: string, search: string) {
   try {
@@ -86,8 +73,8 @@ export default function OAuthAuthorize() {
   const onLoginSwitchClick = () => {
     try {
       const returnUrl = buildReturnUrl('/account/oauth/authorize', `?client_id=${encodeURIComponent(client_id)}&redirect_uri=${encodeURIComponent(redirect_uri)}`)
-      setItemWithExpiry(OAUTH_AUTHORIZE_PENDING_KEY, returnUrl, OAUTH_AUTHORIZE_PENDING_TTL)
-      router.push(`/signin?${REDIRECT_URL_KEY}=${encodeURIComponent(returnUrl)}`)
+      setPostLoginRedirect(returnUrl)
+      router.push('/signin')
     }
     catch {
       router.push('/signin')
@@ -145,7 +132,7 @@ export default function OAuthAuthorize() {
           <div className="text-[var(--color-saas-dify-blue-inverted)]">{authAppInfo?.app_label[language] || authAppInfo?.app_label?.en_US || t('unknownApp', { ns: 'oauth' })}</div>
           {!isLoggedIn && <div className="text-text-primary">{t('tips.notLoggedIn', { ns: 'oauth' })}</div>}
         </div>
-        <div className="body-md-regular text-text-secondary">{isLoggedIn ? `${authAppInfo?.app_label[language] || authAppInfo?.app_label?.en_US || t('unknownApp', { ns: 'oauth' })} ${t('tips.loggedIn', { ns: 'oauth' })}` : t('tips.needLogin', { ns: 'oauth' })}</div>
+        <div className="text-text-secondary body-md-regular">{isLoggedIn ? `${authAppInfo?.app_label[language] || authAppInfo?.app_label?.en_US || t('unknownApp', { ns: 'oauth' })} ${t('tips.loggedIn', { ns: 'oauth' })}` : t('tips.needLogin', { ns: 'oauth' })}</div>
       </div>
 
       {isLoggedIn && userProfile && (
@@ -154,7 +141,7 @@ export default function OAuthAuthorize() {
             <Avatar avatar={userProfile.avatar_url} name={userProfile.name} size={36} />
             <div>
               <div className="system-md-semi-bold text-text-secondary">{userProfile.name}</div>
-              <div className="system-xs-regular text-text-tertiary">{userProfile.email}</div>
+              <div className="text-text-tertiary system-xs-regular">{userProfile.email}</div>
             </div>
           </div>
           <Button variant="tertiary" size="small" onClick={onLoginSwitchClick}>{t('switchAccount', { ns: 'oauth' })}</Button>
@@ -166,7 +153,7 @@ export default function OAuthAuthorize() {
           {authAppInfo!.scope.split(/\s+/).filter(Boolean).map((scope: string) => {
             const Icon = SCOPE_INFO_MAP[scope]
             return (
-              <div key={scope} className="body-sm-medium flex items-center gap-2 text-text-secondary">
+              <div key={scope} className="flex items-center gap-2 text-text-secondary body-sm-medium">
                 {Icon ? <Icon.icon className="h-4 w-4" /> : <RiAccountCircleLine className="h-4 w-4" />}
                 {Icon.label}
               </div>
@@ -199,7 +186,7 @@ export default function OAuthAuthorize() {
           </defs>
         </svg>
       </div>
-      <div className="system-xs-regular mt-3 text-text-tertiary">{t('tips.common', { ns: 'oauth' })}</div>
+      <div className="mt-3 text-text-tertiary system-xs-regular">{t('tips.common', { ns: 'oauth' })}</div>
     </div>
   )
 }

web/app/components/app-initializer.tsx

@@ -84,7 +84,7 @@ export const AppInitializer = ({
           return
         }
 
-        const redirectUrl = resolvePostLoginRedirect(searchParams)
+        const redirectUrl = resolvePostLoginRedirect()
         if (redirectUrl) {
           location.replace(redirectUrl)
           return

web/app/components/header/account-setting/members-page/index.tsx

@@ -104,7 +104,7 @@ const MembersPage = () => {
             <UpgradeBtn className="mr-2" loc="member-invite" />
           )}
           <div className="shrink-0">
-            <InviteButton disabled={!isCurrentWorkspaceManager || isMemberFull} onClick={() => setInviteModalVisible(true)} />
+            {isCurrentWorkspaceManager && <InviteButton disabled={isMemberFull} onClick={() => setInviteModalVisible(true)} />}
           </div>
         </div>
         <div className="overflow-visible lg:overflow-visible">

web/app/components/rag-pipeline/hooks/use-pipeline-run.spec.ts

@@ -92,10 +92,10 @@ vi.mock('@/service/workflow', () => ({
 }))
 
 const mockInvalidAllLastRun = vi.fn()
-const mockInvalidateWorkflowRunHistory = vi.fn()
+const mockInvalidateRunHistory = vi.fn()
 vi.mock('@/service/use-workflow', () => ({
   useInvalidAllLastRun: () => mockInvalidAllLastRun,
-  useInvalidateWorkflowRunHistory: () => mockInvalidateWorkflowRunHistory,
+  useInvalidateWorkflowRunHistory: () => mockInvalidateRunHistory,
 }))
 
 // Mock FlowType
@@ -474,6 +474,7 @@ describe('usePipelineRun', () => {
       })
 
       expect(onWorkflowStarted).toHaveBeenCalledWith({ task_id: 'task-1' })
+      expect(mockInvalidateRunHistory).toHaveBeenCalled()
     })
 
     it('should call onWorkflowFinished callback when provided', async () => {
@@ -495,6 +496,7 @@ describe('usePipelineRun', () => {
       })
 
       expect(onWorkflowFinished).toHaveBeenCalledWith({ status: 'succeeded' })
+      expect(mockInvalidateRunHistory).toHaveBeenCalled()
     })
 
     it('should call onError callback when provided', async () => {
@@ -516,6 +518,7 @@ describe('usePipelineRun', () => {
       })
 
       expect(onError).toHaveBeenCalledWith({ message: 'error' })
+      expect(mockInvalidateRunHistory).toHaveBeenCalled()
     })
 
     it('should call onNodeStarted callback when provided', async () => {

web/app/signin/check-code/page.tsx

@@ -57,7 +57,7 @@ export default function CheckCode() {
           router.replace(`/signin/invite-settings?${searchParams.toString()}`)
         }
         else {
-          const redirectUrl = resolvePostLoginRedirect(searchParams)
+          const redirectUrl = resolvePostLoginRedirect()
           router.replace(redirectUrl || '/apps')
         }
       }
@@ -95,8 +95,8 @@ export default function CheckCode() {
         <RiMailSendFill className="h-6 w-6 text-2xl text-text-accent-light-mode-only" />
       </div>
       <div className="pb-4 pt-2">
-        <h2 className="title-4xl-semi-bold text-text-primary">{t('checkCode.checkYourEmail', { ns: 'login' })}</h2>
-        <p className="body-md-regular mt-2 text-text-secondary">
+        <h2 className="text-text-primary title-4xl-semi-bold">{t('checkCode.checkYourEmail', { ns: 'login' })}</h2>
+        <p className="mt-2 text-text-secondary body-md-regular">
           <span>
             {t('checkCode.tipsPrefix', { ns: 'login' })}
             <strong>{email}</strong>
@@ -107,7 +107,7 @@ export default function CheckCode() {
       </div>
 
       <form onSubmit={handleSubmit}>
-        <label htmlFor="code" className="system-md-semibold mb-1 text-text-secondary">{t('checkCode.verificationCode', { ns: 'login' })}</label>
+        <label htmlFor="code" className="mb-1 text-text-secondary system-md-semibold">{t('checkCode.verificationCode', { ns: 'login' })}</label>
         <Input
           ref={codeInputRef}
           id="code"
@@ -127,7 +127,7 @@ export default function CheckCode() {
         <div className="inline-block rounded-full bg-background-default-dimmed p-1">
           <RiArrowLeftLine size={12} />
         </div>
-        <span className="system-xs-regular ml-2">{t('back', { ns: 'login' })}</span>
+        <span className="ml-2 system-xs-regular">{t('back', { ns: 'login' })}</span>
       </div>
     </div>
   )

web/app/signin/components/mail-and-password-auth.tsx

@@ -78,7 +78,7 @@ export default function MailAndPasswordAuth({ isInvite, isEmailSetup, allowRegis
           router.replace(`/signin/invite-settings?${searchParams.toString()}`)
         }
         else {
-          const redirectUrl = resolvePostLoginRedirect(searchParams)
+          const redirectUrl = resolvePostLoginRedirect()
           router.replace(redirectUrl || '/apps')
         }
       }
@@ -105,7 +105,7 @@ export default function MailAndPasswordAuth({ isInvite, isEmailSetup, allowRegis
   return (
     <form onSubmit={noop}>
       <div className="mb-3">
-        <label htmlFor="email" className="system-md-semibold my-2 text-text-secondary">
+        <label htmlFor="email" className="my-2 text-text-secondary system-md-semibold">
           {t('email', { ns: 'login' })}
         </label>
         <div className="mt-1">
@@ -124,7 +124,7 @@ export default function MailAndPasswordAuth({ isInvite, isEmailSetup, allowRegis
 
       <div className="mb-3">
         <label htmlFor="password" className="my-2 flex items-center justify-between">
-          <span className="system-md-semibold text-text-secondary">{t('password', { ns: 'login' })}</span>
+          <span className="text-text-secondary system-md-semibold">{t('password', { ns: 'login' })}</span>
           <Link
             href={`/reset-password?${searchParams.toString()}`}
             className={`system-xs-regular ${isEmailSetup ? 'text-components-button-secondary-accent-text' : 'pointer-events-none text-components-button-secondary-accent-text-disabled'}`}

web/app/signin/invite-settings/page.tsx

@@ -56,7 +56,7 @@ export default function InviteSettingsPage() {
       if (res.result === 'success') {
         // Tokens are now stored in cookies by the backend
         await setLocaleOnClient(language, false)
-        const redirectUrl = resolvePostLoginRedirect(searchParams)
+        const redirectUrl = resolvePostLoginRedirect()
         router.replace(redirectUrl || '/apps')
       }
     }
@@ -72,7 +72,7 @@ export default function InviteSettingsPage() {
       <div className="flex flex-col md:w-[400px]">
         <div className="mx-auto w-full">
           <div className="mb-3 flex h-14 w-14 items-center justify-center rounded-2xl border border-components-panel-border-subtle text-2xl font-bold shadow-lg">🤷‍♂️</div>
-          <h2 className="title-4xl-semi-bold text-text-primary">{t('invalid', { ns: 'login' })}</h2>
+          <h2 className="text-text-primary title-4xl-semi-bold">{t('invalid', { ns: 'login' })}</h2>
         </div>
         <div className="mx-auto mt-6 w-full">
           <Button variant="primary" className="w-full !text-sm">
@@ -89,11 +89,11 @@ export default function InviteSettingsPage() {
         <RiAccountCircleLine className="h-6 w-6 text-2xl text-text-accent-light-mode-only" />
       </div>
       <div className="pb-4 pt-2">
-        <h2 className="title-4xl-semi-bold text-text-primary">{t('setYourAccount', { ns: 'login' })}</h2>
+        <h2 className="text-text-primary title-4xl-semi-bold">{t('setYourAccount', { ns: 'login' })}</h2>
       </div>
       <form onSubmit={noop}>
         <div className="mb-5">
-          <label htmlFor="name" className="system-md-semibold my-2 text-text-secondary">
+          <label htmlFor="name" className="my-2 text-text-secondary system-md-semibold">
             {t('name', { ns: 'login' })}
           </label>
           <div className="mt-1">
@@ -114,7 +114,7 @@ export default function InviteSettingsPage() {
           </div>
         </div>
         <div className="mb-5">
-          <label htmlFor="name" className="system-md-semibold my-2 text-text-secondary">
+          <label htmlFor="name" className="my-2 text-text-secondary system-md-semibold">
             {t('interfaceLanguage', { ns: 'login' })}
           </label>
           <div className="mt-1">
@@ -129,7 +129,7 @@ export default function InviteSettingsPage() {
         </div>
         {/* timezone */}
         <div className="mb-5">
-          <label htmlFor="timezone" className="system-md-semibold text-text-secondary">
+          <label htmlFor="timezone" className="text-text-secondary system-md-semibold">
             {t('timezone', { ns: 'login' })}
           </label>
           <div className="mt-1">
@@ -153,11 +153,11 @@ export default function InviteSettingsPage() {
         </div>
       </form>
       {!systemFeatures.branding.enabled && (
-        <div className="system-xs-regular mt-2 block w-full text-text-tertiary">
+        <div className="mt-2 block w-full text-text-tertiary system-xs-regular">
           {t('license.tip', { ns: 'login' })}
       &nbsp;
           <Link
-            className="system-xs-medium text-text-accent-secondary"
+            className="text-text-accent-secondary system-xs-medium"
             target="_blank"
             rel="noopener noreferrer"
             href={LICENSE_LINK}

web/app/signin/normal-form.tsx

@@ -42,7 +42,7 @@ const NormalForm = () => {
     try {
       if (isLoggedIn) {
         setIsRedirecting(true)
-        const redirectUrl = resolvePostLoginRedirect(searchParams)
+        const redirectUrl = resolvePostLoginRedirect()
         router.replace(redirectUrl || '/apps')
         return
       }
@@ -98,8 +98,8 @@ const NormalForm = () => {
               <RiContractLine className="h-5 w-5" />
               <RiErrorWarningFill className="absolute -right-1 -top-1 h-4 w-4 text-text-warning-secondary" />
             </div>
-            <p className="system-sm-medium text-text-primary">{t('licenseLost', { ns: 'login' })}</p>
-            <p className="system-xs-regular mt-1 text-text-tertiary">{t('licenseLostTip', { ns: 'login' })}</p>
+            <p className="text-text-primary system-sm-medium">{t('licenseLost', { ns: 'login' })}</p>
+            <p className="mt-1 text-text-tertiary system-xs-regular">{t('licenseLostTip', { ns: 'login' })}</p>
           </div>
         </div>
       </div>
@@ -114,8 +114,8 @@ const NormalForm = () => {
               <RiContractLine className="h-5 w-5" />
               <RiErrorWarningFill className="absolute -right-1 -top-1 h-4 w-4 text-text-warning-secondary" />
             </div>
-            <p className="system-sm-medium text-text-primary">{t('licenseExpired', { ns: 'login' })}</p>
-            <p className="system-xs-regular mt-1 text-text-tertiary">{t('licenseExpiredTip', { ns: 'login' })}</p>
+            <p className="text-text-primary system-sm-medium">{t('licenseExpired', { ns: 'login' })}</p>
+            <p className="mt-1 text-text-tertiary system-xs-regular">{t('licenseExpiredTip', { ns: 'login' })}</p>
           </div>
         </div>
       </div>
@@ -130,8 +130,8 @@ const NormalForm = () => {
               <RiContractLine className="h-5 w-5" />
               <RiErrorWarningFill className="absolute -right-1 -top-1 h-4 w-4 text-text-warning-secondary" />
             </div>
-            <p className="system-sm-medium text-text-primary">{t('licenseInactive', { ns: 'login' })}</p>
-            <p className="system-xs-regular mt-1 text-text-tertiary">{t('licenseInactiveTip', { ns: 'login' })}</p>
+            <p className="text-text-primary system-sm-medium">{t('licenseInactive', { ns: 'login' })}</p>
+            <p className="mt-1 text-text-tertiary system-xs-regular">{t('licenseInactiveTip', { ns: 'login' })}</p>
           </div>
         </div>
       </div>
@@ -144,12 +144,12 @@ const NormalForm = () => {
         {isInviteLink
           ? (
               <div className="mx-auto w-full">
-                <h2 className="title-4xl-semi-bold text-text-primary">
+                <h2 className="text-text-primary title-4xl-semi-bold">
                   {t('join', { ns: 'login' })}
                   {workspaceName}
                 </h2>
                 {!systemFeatures.branding.enabled && (
-                  <p className="body-md-regular mt-2 text-text-tertiary">
+                  <p className="mt-2 text-text-tertiary body-md-regular">
                     {t('joinTipStart', { ns: 'login' })}
                     {workspaceName}
                     {t('joinTipEnd', { ns: 'login' })}
@@ -159,8 +159,8 @@ const NormalForm = () => {
             )
           : (
               <div className="mx-auto w-full">
-                <h2 className="title-4xl-semi-bold text-text-primary">{systemFeatures.branding.enabled ? t('pageTitleForE', { ns: 'login' }) : t('pageTitle', { ns: 'login' })}</h2>
-                <p className="body-md-regular mt-2 text-text-tertiary">{t('welcome', { ns: 'login' })}</p>
+                <h2 className="text-text-primary title-4xl-semi-bold">{systemFeatures.branding.enabled ? t('pageTitleForE', { ns: 'login' }) : t('pageTitle', { ns: 'login' })}</h2>
+                <p className="mt-2 text-text-tertiary body-md-regular">{t('welcome', { ns: 'login' })}</p>
               </div>
             )}
         <div className="relative">
@@ -177,7 +177,7 @@ const NormalForm = () => {
             <div className="relative mt-6">
               <div className="flex items-center">
                 <div className="h-px flex-1 bg-gradient-to-r from-background-gradient-mask-transparent to-divider-regular"></div>
-                <span className="system-xs-medium-uppercase px-3 text-text-tertiary">{t('or', { ns: 'login' })}</span>
+                <span className="px-3 text-text-tertiary system-xs-medium-uppercase">{t('or', { ns: 'login' })}</span>
                 <div className="h-px flex-1 bg-gradient-to-l from-background-gradient-mask-transparent to-divider-regular"></div>
               </div>
             </div>
@@ -190,7 +190,7 @@ const NormalForm = () => {
                     <MailAndCodeAuth isInvite={isInviteLink} />
                     {systemFeatures.enable_email_password_login && (
                       <div className="cursor-pointer py-1 text-center" onClick={() => { updateAuthType('password') }}>
-                        <span className="system-xs-medium text-components-button-secondary-accent-text">{t('usePassword', { ns: 'login' })}</span>
+                        <span className="text-components-button-secondary-accent-text system-xs-medium">{t('usePassword', { ns: 'login' })}</span>
                       </div>
                     )}
                   </>
@@ -200,7 +200,7 @@ const NormalForm = () => {
                     <MailAndPasswordAuth isInvite={isInviteLink} isEmailSetup={systemFeatures.is_email_setup} allowRegistration={systemFeatures.is_allow_register} />
                     {systemFeatures.enable_email_code_login && (
                       <div className="cursor-pointer py-1 text-center" onClick={() => { updateAuthType('code') }}>
-                        <span className="system-xs-medium text-components-button-secondary-accent-text">{t('useVerificationCode', { ns: 'login' })}</span>
+                        <span className="text-components-button-secondary-accent-text system-xs-medium">{t('useVerificationCode', { ns: 'login' })}</span>
                       </div>
                     )}
                   </>
@@ -227,8 +227,8 @@ const NormalForm = () => {
                 <div className="shadows-shadow-lg mb-2 flex h-10 w-10 items-center justify-center rounded-xl bg-components-card-bg shadow">
                   <RiDoorLockLine className="h-5 w-5" />
                 </div>
-                <p className="system-sm-medium text-text-primary">{t('noLoginMethod', { ns: 'login' })}</p>
-                <p className="system-xs-regular mt-1 text-text-tertiary">{t('noLoginMethodTip', { ns: 'login' })}</p>
+                <p className="text-text-primary system-sm-medium">{t('noLoginMethod', { ns: 'login' })}</p>
+                <p className="mt-1 text-text-tertiary system-xs-regular">{t('noLoginMethodTip', { ns: 'login' })}</p>
               </div>
               <div className="relative my-2 py-2">
                 <div className="absolute inset-0 flex items-center" aria-hidden="true">
@@ -239,11 +239,11 @@ const NormalForm = () => {
           )}
           {!systemFeatures.branding.enabled && (
             <>
-              <div className="system-xs-regular mt-2 block w-full text-text-tertiary">
+              <div className="mt-2 block w-full text-text-tertiary system-xs-regular">
                 {t('tosDesc', { ns: 'login' })}
               &nbsp;
                 <Link
-                  className="system-xs-medium text-text-secondary hover:underline"
+                  className="text-text-secondary system-xs-medium hover:underline"
                   target="_blank"
                   rel="noopener noreferrer"
                   href="https://dify.ai/terms"
@@ -252,7 +252,7 @@ const NormalForm = () => {
                 </Link>
               &nbsp;&&nbsp;
                 <Link
-                  className="system-xs-medium text-text-secondary hover:underline"
+                  className="text-text-secondary system-xs-medium hover:underline"
                   target="_blank"
                   rel="noopener noreferrer"
                   href="https://dify.ai/privacy"
@@ -261,11 +261,11 @@ const NormalForm = () => {
                 </Link>
               </div>
               {IS_CE_EDITION && (
-                <div className="w-hull system-xs-regular mt-2 block text-text-tertiary">
+                <div className="w-hull mt-2 block text-text-tertiary system-xs-regular">
                   {t('goToInit', { ns: 'login' })}
               &nbsp;
                   <Link
-                    className="system-xs-medium text-text-secondary hover:underline"
+                    className="text-text-secondary system-xs-medium hover:underline"
                     href="/install"
                   >
                     {t('setAdminAccount', { ns: 'login' })}

web/app/signin/utils/post-login-redirect.ts

@@ -1,37 +1,15 @@
-import type { ReadonlyURLSearchParams } from 'next/navigation'
-import dayjs from 'dayjs'
-import { OAUTH_AUTHORIZE_PENDING_KEY, REDIRECT_URL_KEY } from '@/app/account/oauth/authorize/constants'
+let postLoginRedirect: string | null = null
 
-function getItemWithExpiry(key: string): string | null {
-  const itemStr = localStorage.getItem(key)
-  if (!itemStr)
-    return null
-
-  try {
-    const item = JSON.parse(itemStr)
-    localStorage.removeItem(key)
-    if (!item?.value)
-      return null
-
-    return dayjs().unix() > item.expiry ? null : item.value
-  }
-  catch {
-    return null
-  }
+export const setPostLoginRedirect = (value: string | null) => {
+  postLoginRedirect = value
 }
 
-export const resolvePostLoginRedirect = (searchParams: ReadonlyURLSearchParams) => {
-  const redirectUrl = searchParams.get(REDIRECT_URL_KEY)
-  if (redirectUrl) {
-    try {
-      localStorage.removeItem(OAUTH_AUTHORIZE_PENDING_KEY)
-      return decodeURIComponent(redirectUrl)
-    }
-    catch (e) {
-      console.error('Failed to decode redirect URL:', e)
-      return redirectUrl
-    }
+export const resolvePostLoginRedirect = () => {
+  if (postLoginRedirect) {
+    const redirectUrl = postLoginRedirect
+    postLoginRedirect = null
+    return redirectUrl
   }
 
-  return getItemWithExpiry(OAUTH_AUTHORIZE_PENDING_KEY)
+  return null
 }

web/eslint-suppressions.json

@@ -278,9 +278,6 @@
     }
   },
   "app/account/oauth/authorize/page.tsx": {
-    "tailwindcss/enforce-consistent-class-order": {
-      "count": 4
-    },
     "ts/no-explicit-any": {
       "count": 1
     }
@@ -8593,29 +8590,16 @@
       "count": 6
     }
   },
-  "app/signin/check-code/page.tsx": {
-    "tailwindcss/enforce-consistent-class-order": {
-      "count": 4
-    }
-  },
   "app/signin/components/mail-and-code-auth.tsx": {
     "tailwindcss/enforce-consistent-class-order": {
       "count": 1
     }
   },
   "app/signin/components/mail-and-password-auth.tsx": {
-    "tailwindcss/enforce-consistent-class-order": {
-      "count": 2
-    },
     "ts/no-explicit-any": {
       "count": 1
     }
   },
-  "app/signin/invite-settings/page.tsx": {
-    "tailwindcss/enforce-consistent-class-order": {
-      "count": 7
-    }
-  },
   "app/signin/layout.tsx": {
     "tailwindcss/enforce-consistent-class-order": {
       "count": 1
@@ -8624,11 +8608,6 @@
       "count": 1
     }
   },
-  "app/signin/normal-form.tsx": {
-    "tailwindcss/enforce-consistent-class-order": {
-      "count": 20
-    }
-  },
   "app/signin/one-more-step.tsx": {
     "tailwindcss/enforce-consistent-class-order": {
       "count": 7

web/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dify-web",
   "type": "module",
-  "version": "1.12.1",
+  "version": "1.13.0",
   "private": true,
   "packageManager": "pnpm@10.27.0+sha512.72d699da16b1179c14ba9e64dc71c9a40988cbdc65c264cb0e489db7de917f20dcf4d64d8723625f2969ba52d4b7e2a1170682d9ac2a5dcaeaab732b7e16f04a",
   "imports": {
@@ -23,7 +23,7 @@
     "and_qq >= 14.9"
   ],
   "engines": {
-    "node": ">=24"
+    "node": "^22"
   },
   "scripts": {
     "dev": "next dev",