feat: snippets feature

chore(i18n): sync translations with en-US (#37011 )
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
2026-06-04 07:56:20 +08:00 · 2026-06-03 19:01:57 +08:00 · 2026-06-03 09:42:37 +00:00 · 2026-06-03 09:39:58 +00:00 · 2026-06-03 09:14:01 +00:00 · 2026-06-03 09:11:50 +00:00
1412 changed files with 20146 additions and 82301 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,15 +0,0 @@
-**/node_modules
-**/.pnpm-store
-**/dist
-**/.next
-**/.turbo
-**/.cache
-**/__pycache__
-**/*.pyc
-**/.mypy_cache
-**/.ruff_cache
-.git
-.github
-*.md
-!web/README.md
-!api/README.md
--- a/.gitattributes
+++ b/.gitattributes
@ -5,7 +5,3 @@
 # them.

 *.sh      text eol=lf
-
-# Codegen output must stay byte-identical across platforms so
-# `pnpm tree:check` in CI does not trip on CRLF rewrites.
-*.generated.ts  text eol=lf
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -18,10 +18,6 @@
 # Docs
 /docs/ @crazywoola

-# CLI
-/cli/ @langgenius/maintainers
-/.github/workflows/cli-tests.yml @langgenius/maintainers
-
 # Backend (default owner, more specific rules below will override)
 /api/ @QuantumGhost

--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -110,114 +110,3 @@ updates:
      github-actions-dependencies:
        patterns:
          - "*"
-  - package-ecosystem: "uv"
-    directory: "/api"
-    target-branch: "lts/1.13.x"
-    open-pull-requests-limit: 10
-    schedule:
-      interval: "weekly"
-    groups:
-      flask:
-        patterns:
-          - "flask"
-          - "flask-*"
-          - "werkzeug"
-          - "gunicorn"
-      google:
-        patterns:
-          - "google-*"
-          - "googleapis-*"
-      opentelemetry:
-        patterns:
-          - "opentelemetry-*"
-      pydantic:
-        patterns:
-          - "pydantic"
-          - "pydantic-*"
-      llm:
-        patterns:
-          - "langfuse"
-          - "langsmith"
-          - "litellm"
-          - "mlflow*"
-          - "opik"
-          - "weave*"
-          - "arize*"
-          - "tiktoken"
-          - "transformers"
-      database:
-        patterns:
-          - "sqlalchemy"
-          - "psycopg2*"
-          - "psycogreen"
-          - "redis*"
-          - "alembic*"
-      storage:
-        patterns:
-          - "boto3*"
-          - "botocore*"
-          - "azure-*"
-          - "bce-*"
-          - "cos-python-*"
-          - "esdk-obs-*"
-          - "google-cloud-storage"
-          - "opendal"
-          - "oss2"
-          - "supabase*"
-          - "tos*"
-      vdb:
-        patterns:
-          - "alibabacloud*"
-          - "chromadb"
-          - "clickhouse-*"
-          - "clickzetta-*"
-          - "couchbase"
-          - "elasticsearch"
-          - "opensearch-py"
-          - "oracledb"
-          - "pgvect*"
-          - "pymilvus"
-          - "pymochow"
-          - "pyobvector"
-          - "qdrant-client"
-          - "intersystems-*"
-          - "tablestore"
-          - "tcvectordb"
-          - "tidb-vector"
-          - "upstash-*"
-          - "volcengine-*"
-          - "weaviate-*"
-          - "xinference-*"
-          - "mo-vector"
-          - "mysql-connector-*"
-      dev:
-        patterns:
-          - "coverage"
-          - "dotenv-linter"
-          - "faker"
-          - "lxml-stubs"
-          - "basedpyright"
-          - "ruff"
-          - "pytest*"
-          - "types-*"
-          - "boto3-stubs"
-          - "hypothesis"
-          - "pandas-stubs"
-          - "scipy-stubs"
-          - "import-linter"
-          - "celery-types"
-          - "mypy*"
-          - "pyrefly"
-      python-packages:
-        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    target-branch: "lts/1.13.x"
-    open-pull-requests-limit: 5
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions-dependencies:
-        patterns:
-          - "*"
--- a/.github/workflows/cli-release.yml
+++ b/.github/workflows/cli-release.yml
@ -1,88 +0,0 @@
-name: CLI Release
-
-on:
-  workflow_dispatch:
-  push:
-    tags:
-      - 'difyctl-v*'
-
-concurrency:
-  group: cli-release-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  release:
-    name: build standalone binaries (all targets)
-    runs-on: depot-ubuntu-24.04
-    if: github.repository == 'langgenius/dify'
-    permissions:
-      contents: write
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./cli
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.2
-        with:
-          bun-version: latest
-
-      - name: Read cli/package.json
-        id: manifest
-        run: |
-          version=$(node -p "require('./package.json').version")
-          channel=$(node -p "require('./package.json').difyctl.channel")
-          minDify=$(node -p "require('./package.json').difyctl.compat.minDify")
-          maxDify=$(node -p "require('./package.json').difyctl.compat.maxDify")
-          {
-              echo "version=$version"
-              echo "channel=$channel"
-              echo "minDify=$minDify"
-              echo "maxDify=$maxDify"
-          } >> "$GITHUB_OUTPUT"
-
-      - name: Validate manifest
-        run: scripts/release-validate-manifest.sh
-
-      - name: Install cross-arch native prebuilds
-        # Re-installs node_modules with every @napi-rs/keyring platform variant
-        # so `bun build --compile` can embed the right .node into each target.
-        working-directory: ./
-        run: NPM_CONFIG_USERCONFIG="$PWD/cli/scripts/cross-arch.npmrc" pnpm install --frozen-lockfile
-
-      - name: Compile standalone binaries (all targets)
-        env:
-          CLI_VERSION: ${{ steps.manifest.outputs.version }}
-          DIFYCTL_CHANNEL: ${{ steps.manifest.outputs.channel }}
-          DIFYCTL_MIN_DIFY: ${{ steps.manifest.outputs.minDify }}
-          DIFYCTL_MAX_DIFY: ${{ steps.manifest.outputs.maxDify }}
-        run: |
-          DIFYCTL_COMMIT="$(git rev-parse HEAD)" \
-          DIFYCTL_BUILD_DATE="$(git log -1 --format=%cI HEAD)" \
-            pnpm build:bin
-
-      - name: Generate sha256 checksum file
-        env:
-          CLI_VERSION: ${{ steps.manifest.outputs.version }}
-        run: scripts/release-write-checksums.sh
-
-      - name: Publish GitHub Release
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
-        with:
-          tag_name: difyctl-v${{ steps.manifest.outputs.version }}
-          name: difyctl ${{ steps.manifest.outputs.version }}
-          prerelease: ${{ steps.manifest.outputs.channel != 'stable' }}
-          generate_release_notes: true
-          fail_on_unmatched_files: true
-          files: |
-            cli/dist/bin/difyctl-v*
--- a/.github/workflows/cli-smoke.yml
+++ b/.github/workflows/cli-smoke.yml
@ -1,60 +0,0 @@
-name: CLI Smoke (live dify)
-
-on:
-  workflow_dispatch:
-    inputs:
-      dify_version:
-        description: "Dify image tag to test against (e.g. 1.7.0)"
-        type: string
-        required: true
-      cli_ref:
-        description: "Git ref to build the cli from (default: current branch)"
-        type: string
-        required: false
-
-permissions:
-  contents: read
-
-jobs:
-  smoke:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    defaults:
-      run:
-        shell: bash
-    steps:
-      - name: Checkout cli ref
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ inputs.cli_ref || github.ref }}
-          persist-credentials: false
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Bring up dify
-        env:
-          DIFY_VERSION: ${{ inputs.dify_version }}
-        run: |
-          cd docker
-          cp .env.example .env
-          DIFY_API_IMAGE_TAG="$DIFY_VERSION" \
-          DIFY_WEB_IMAGE_TAG="$DIFY_VERSION" \
-          docker compose up -d api worker web db redis
-          for i in $(seq 1 60); do
-              if curl -fsS http://localhost:5001/health >/dev/null 2>&1; then
-                  echo "dify api ready after ${i}s"
-                  break
-              fi
-              sleep 1
-          done
-
-      - name: Run smoke against live dify
-        working-directory: ./cli
-        run: pnpm exec tsx scripts/run-smoke.ts --base-url http://localhost:5001
-
-      - name: Dump dify logs on failure
-        if: failure()
-        run: |
-          cd docker
-          docker compose logs api worker web --tail=200
--- a/.github/workflows/cli-tests.yml
+++ b/.github/workflows/cli-tests.yml
@ -1,50 +0,0 @@
-name: CLI Tests
-
-on:
-  workflow_call:
-    secrets:
-      CODECOV_TOKEN:
-        required: false
-
-permissions:
-  contents: read
-
-concurrency:
-  group: cli-tests-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    name: CLI Tests (${{ matrix.os }})
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [depot-ubuntu-24.04, windows-latest, macos-latest]
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./cli
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: CI pipeline (typecheck, lint, coverage, build)
-        run: pnpm ci
-
-      - name: Report coverage
-        if: ${{ env.CODECOV_TOKEN != '' && matrix.os == 'depot-ubuntu-24.04' }}
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
-        with:
-          directory: cli/coverage
-          flags: cli
-        env:
-          CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@ -42,7 +42,6 @@ jobs:
    runs-on: depot-ubuntu-24.04
    outputs:
      api-changed: ${{ steps.changes.outputs.api }}
-      cli-changed: ${{ steps.changes.outputs.cli }}
      e2e-changed: ${{ steps.changes.outputs.e2e }}
      web-changed: ${{ steps.changes.outputs.web }}
      vdb-changed: ${{ steps.changes.outputs.vdb }}
@ -63,18 +62,6 @@ jobs:
              - 'docker/generate_docker_compose'
              - 'docker/ssrf_proxy/**'
              - 'docker/volumes/sandbox/conf/**'
-            cli:
-              - 'cli/**'
-              - 'packages/tsconfig/**'
-              - 'package.json'
-              - 'pnpm-lock.yaml'
-              - 'pnpm-workspace.yaml'
-              - 'eslint.config.mjs'
-              - '.npmrc'
-              - '.nvmrc'
-              - '.github/workflows/cli-tests.yml'
-              - '.github/workflows/cli-docker-build.yml'
-              - '.github/actions/setup-web/**'
            web:
              - 'web/**'
              - 'packages/**'
@ -197,66 +184,6 @@ jobs:
          echo "API tests were not required, but the skip job finished with result: $SKIP_RESULT" >&2
          exit 1

-  cli-tests-run:
-    name: Run CLI Tests
-    needs:
-      - pre_job
-      - check-changes
-    if: needs.pre_job.outputs.should_skip != 'true' && needs.check-changes.outputs.cli-changed == 'true'
-    uses: ./.github/workflows/cli-tests.yml
-    secrets: inherit
-
-  cli-tests-skip:
-    name: Skip CLI Tests
-    needs:
-      - pre_job
-      - check-changes
-    if: needs.pre_job.outputs.should_skip != 'true' && needs.check-changes.outputs.cli-changed != 'true'
-    runs-on: depot-ubuntu-24.04
-    steps:
-      - name: Report skipped CLI tests
-        run: echo "No CLI-related changes detected; skipping CLI tests."
-
-  cli-tests:
-    name: CLI Tests
-    if: ${{ always() }}
-    needs:
-      - pre_job
-      - check-changes
-      - cli-tests-run
-      - cli-tests-skip
-    runs-on: depot-ubuntu-24.04
-    steps:
-      - name: Finalize CLI Tests status
-        env:
-          SHOULD_SKIP_WORKFLOW: ${{ needs.pre_job.outputs.should_skip }}
-          TESTS_CHANGED: ${{ needs.check-changes.outputs.cli-changed }}
-          RUN_RESULT: ${{ needs.cli-tests-run.result }}
-          SKIP_RESULT: ${{ needs.cli-tests-skip.result }}
-        run: |
-          if [[ "$SHOULD_SKIP_WORKFLOW" == 'true' ]]; then
-            echo "CLI tests were skipped because this workflow run duplicated a successful or newer run."
-            exit 0
-          fi
-
-          if [[ "$TESTS_CHANGED" == 'true' ]]; then
-            if [[ "$RUN_RESULT" == 'success' ]]; then
-              echo "CLI tests ran successfully."
-              exit 0
-            fi
-
-            echo "CLI tests were required but finished with result: $RUN_RESULT" >&2
-            exit 1
-          fi
-
-          if [[ "$SKIP_RESULT" == 'success' ]]; then
-            echo "CLI tests were skipped because no CLI-related files changed."
-            exit 0
-          fi
-
-          echo "CLI tests were not required, but the skip job finished with result: $SKIP_RESULT" >&2
-          exit 1
-
  web-tests-run:
    name: Run Web Tests
    needs:
--- a/.github/workflows/pyrefly-type-coverage-comment.yml
+++ b/.github/workflows/pyrefly-type-coverage-comment.yml
@ -63,8 +63,8 @@ jobs:
        id: render
        run: |
          comment_body="$(uv run --directory api python libs/pyrefly_type_coverage.py \
-            --base "$GITHUB_WORKSPACE/base_report.json" \
-            < "$GITHUB_WORKSPACE/pr_report.json")"
+            --base base_report.json \
+            < pr_report.json)"

          {
            echo "### Pyrefly Type Coverage"
--- a/.github/workflows/pyrefly-type-coverage.yml
+++ b/.github/workflows/pyrefly-type-coverage.yml
@ -65,9 +65,6 @@ jobs:
          # Save structured data for the fork-PR comment workflow
          cp /tmp/pyrefly_report_pr.json pr_report.json
          cp /tmp/pyrefly_report_base.json base_report.json
-          # Keep fork-PR comments correct while the trusted workflow_run job is
-          # still using the default-branch renderer, which resolves --base from api/.
-          cp /tmp/pyrefly_report_base.json api/base_report.json

      - name: Save PR number
        run: |
@ -80,7 +77,6 @@ jobs:
          path: |
            pr_report.json
            base_report.json
-            api/base_report.json
            pr_number.txt

      - name: Comment PR with type coverage
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@ -47,10 +47,6 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        run: uv run --directory api --dev lint-imports

-      - name: Run Response Contract Linter
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: uv run --project api --dev python api/dev/lint_response_contracts.py --fail-on-mismatch
-
      - name: Run Type Checks
        if: steps.changed-files.outputs.any_changed == 'true'
        run: make type-check-core
--- a/.gitignore
+++ b/.gitignore
@ -115,12 +115,6 @@ venv/
 ENV/
 env.bak/
 venv.bak/
-
-# cli/ has a src/env/ module (DIFY_* registry) — don't treat it as a venv
-!/cli/src/env/
-!/cli/src/commands/env/
-# cli/scripts/lib/ holds TS build helpers (resolve-buildinfo etc.) — don't treat as Python lib/
-!/cli/scripts/lib/
 .conda/

 # Spyder project settings
@ -253,9 +247,8 @@ scripts/stress-test/reports/
 # settings
 *.local.json
 *.local.md
-*.local.toml

 # Code Agent Folder
 .qoder/*
-.context/
+.context/*
 .eslintcache
--- a/11
+++ b/11
@ -75,19 +75,13 @@ check:
 	@echo "✅ Code check complete"

 lint:
-	@echo "🔧 Running ruff format, check with fixes, response contract lint, import linter, and dotenv-linter..."
+	@echo "🔧 Running ruff format, check with fixes, import linter, and dotenv-linter..."
 	@uv run --project api --dev ruff format ./api
 	@uv run --project api --dev ruff check --fix ./api
-	@$(MAKE) api-contract-lint
 	@uv run --directory api --dev lint-imports
 	@uv run --project api --dev dotenv-linter ./api/.env.example ./web/.env.example
 	@echo "✅ Linting complete"

-api-contract-lint:
-	@echo "🔎 Linting Flask response contracts..."
-	@uv run --project api --dev python api/dev/lint_response_contracts.py
-	@echo "✅ Response contract lint complete"
-
 type-check:
 	@echo "📝 Running type checks (pyrefly + mypy)..."
 	@./dev/pyrefly-check-local $(PATH_TO_CHECK)
@ -197,7 +191,6 @@ help:
 	@echo "  make format         - Format code with ruff"
 	@echo "  make check          - Check code with ruff"
 	@echo "  make lint           - Format, fix, and lint code (ruff, imports, dotenv)"
-	@echo "  make api-contract-lint - Check Flask response docs against returned schemas"
 	@echo "  make type-check     - Run type checks (pyrefly, mypy)"
 	@echo "  make type-check-core - Run core type checks (pyrefly, mypy)"
 	@echo "  make test           - Run backend unit tests (or TARGET_TESTS=./api/tests/<target_tests>)"
@ -211,4 +204,4 @@ help:
 	@echo "  make build-push-all - Build and push all Docker images"

 # Phony targets
-.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help format check lint api-contract-lint type-check test test-all
+.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help format check lint type-check test test-all
--- a/api/.env.example
+++ b/api/.env.example
@ -657,7 +657,6 @@ PLUGIN_REMOTE_INSTALL_PORT=5003
 PLUGIN_REMOTE_INSTALL_HOST=localhost
 PLUGIN_MAX_PACKAGE_SIZE=15728640
 PLUGIN_MODEL_SCHEMA_CACHE_TTL=3600
-PLUGIN_MODEL_PROVIDERS_CACHE_TTL=86400
 INNER_API_KEY_FOR_PLUGIN=QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1

 # Marketplace configuration
--- a/api/AGENTS.md
+++ b/api/AGENTS.md
@ -195,7 +195,6 @@ Before opening a PR / submitting:
 - Controllers: parse input via Pydantic, invoke services, return serialised responses; no business logic.
 - Services: coordinate repositories, providers, background tasks; keep side effects explicit.
 - Document non-obvious behaviour with concise docstrings and comments.
- For `204 No Content` responses, return an empty body only; never return a dict, model, or other payload.
 - For Flask-RESTX controller request, query, and response schemas, follow `controllers/API_SCHEMA_GUIDE.md`.
  In short: use Pydantic models, document GET query params with `query_params_from_model(...)`, register response
  DTOs with `register_response_schema_models(...)`, serialize response DTOs with `dump_response(...)`,
--- a/api/app_factory.py
+++ b/api/app_factory.py
@ -159,7 +159,6 @@ def initialize_extensions(app: DifyApp):
        ext_logstore,
        ext_mail,
        ext_migrate,
-        ext_oauth_bearer,
        ext_orjson,
        ext_otel,
        ext_proxy_fix,
@ -204,7 +203,6 @@ def initialize_extensions(app: DifyApp):
        ext_enterprise_telemetry,
        ext_request_logging,
        ext_session_factory,
-        ext_oauth_bearer,
    ]
    for ext in extensions:
        short_name = ext.__name__.split(".")[-1]
@ -223,11 +221,10 @@ def initialize_extensions(app: DifyApp):

 def create_migrations_app() -> DifyApp:
    app = create_flask_app_with_configs()
-    from extensions import ext_commands, ext_database, ext_migrate
+    from extensions import ext_database, ext_migrate

    # Initialize only required extensions
    ext_database.init_app(app)
    ext_migrate.init_app(app)
-    ext_commands.init_app(app)

    return app
--- a/api/clients/agent_backend/init.py
+++ b/api/clients/agent_backend/init.py
@ -30,23 +30,19 @@ from clients.agent_backend.factory import create_agent_backend_run_client
 from clients.agent_backend.fake_client import FakeAgentBackendRunClient, FakeAgentBackendScenario
 from clients.agent_backend.request_builder import (
    AGENT_SOUL_PROMPT_LAYER_ID,
-    DIFY_EXECUTION_CONTEXT_LAYER_ID,
-    DIFY_PLUGIN_TOOLS_LAYER_ID,
+    DIFY_PLUGIN_CONTEXT_LAYER_ID,
    WORKFLOW_NODE_JOB_PROMPT_LAYER_ID,
    WORKFLOW_USER_PROMPT_LAYER_ID,
    AgentBackendModelConfig,
    AgentBackendOutputConfig,
    AgentBackendRunRequestBuilder,
    AgentBackendWorkflowNodeRunInput,
-    CleanupLayerSpec,
-    extract_cleanup_layer_specs,
    redact_for_agent_backend_log,
 )

 __all__ = [
    "AGENT_SOUL_PROMPT_LAYER_ID",
-    "DIFY_EXECUTION_CONTEXT_LAYER_ID",
-    "DIFY_PLUGIN_TOOLS_LAYER_ID",
+    "DIFY_PLUGIN_CONTEXT_LAYER_ID",
    "WORKFLOW_NODE_JOB_PROMPT_LAYER_ID",
    "WORKFLOW_USER_PROMPT_LAYER_ID",
    "AgentBackendError",
@ -70,11 +66,9 @@ __all__ = [
    "AgentBackendTransportError",
    "AgentBackendValidationError",
    "AgentBackendWorkflowNodeRunInput",
-    "CleanupLayerSpec",
    "DifyAgentBackendRunClient",
    "FakeAgentBackendRunClient",
    "FakeAgentBackendScenario",
    "create_agent_backend_run_client",
-    "extract_cleanup_layer_specs",
    "redact_for_agent_backend_log",
 ]
--- a/api/clients/agent_backend/fake_client.py
+++ b/api/clients/agent_backend/fake_client.py
@ -20,8 +20,6 @@ from dify_agent.protocol import (
    RunEvent,
    RunFailedEvent,
    RunFailedEventData,
-    RunPausedEvent,
-    RunPausedEventData,
    RunStartedEvent,
    RunStatusResponse,
    RunSucceededEvent,
@ -36,7 +34,6 @@ class FakeAgentBackendScenario(StrEnum):

    SUCCESS = "success"
    FAILED = "failed"
-    PAUSED = "paused"


 class FakeAgentBackendRunClient:
@ -92,13 +89,6 @@ class FakeAgentBackendRunClient:
                    updated_at=_FIXED_TIME,
                    error="fake failure",
                )
-            case FakeAgentBackendScenario.PAUSED:
-                return RunStatusResponse(
-                    run_id=run_id,
-                    status="paused",
-                    created_at=_FIXED_TIME,
-                    updated_at=_FIXED_TIME,
-                )

    def _events(self, run_id: str) -> tuple[RunEvent, ...]:
        match self.scenario:
@ -125,17 +115,3 @@ class FakeAgentBackendRunClient:
                        data=RunFailedEventData(error="fake failure", reason="unit_test"),
                    ),
                )
-            case FakeAgentBackendScenario.PAUSED:
-                return (
-                    RunStartedEvent(id="1-0", run_id=run_id, created_at=_FIXED_TIME),
-                    RunPausedEvent(
-                        id="2-0",
-                        run_id=run_id,
-                        created_at=_FIXED_TIME,
-                        data=RunPausedEventData(
-                            reason="human_input_required",
-                            message="Agent requested human input.",
-                            session_snapshot=CompositorSessionSnapshot(layers=[]),
-                        ),
-                    ),
-                )
--- a/api/clients/agent_backend/request_builder.py
+++ b/api/clients/agent_backend/request_builder.py
@ -4,37 +4,29 @@ This module is intentionally an adapter, not a wire DTO package. The emitted
 object is always ``dify_agent.protocol.CreateRunRequest`` so the Agent backend
 protocol has a single owner. API-only context such as Agent Soul vs workflow job
 prompt is preserved in layer names and metadata until the dedicated product
-schemas land in later phases. Dify-owned execution identifiers are emitted as an
-explicit ``dify.execution_context`` layer so the run request stays fully
-composition-driven.
+schemas land in later phases.
 """

 from __future__ import annotations

-from typing import ClassVar, cast
+from typing import ClassVar

 from agenton.compositor import CompositorSessionSnapshot
-from agenton.compositor.schemas import LayerSessionSnapshot
 from agenton.layers import ExitIntent
 from agenton_collections.layers.plain import PLAIN_PROMPT_LAYER_TYPE_ID, PromptLayerConfig
-from agenton_collections.layers.pydantic_ai import PYDANTIC_AI_HISTORY_LAYER_TYPE_ID
 from dify_agent.layers.dify_plugin import (
+    DIFY_PLUGIN_LAYER_TYPE_ID,
    DIFY_PLUGIN_LLM_LAYER_TYPE_ID,
-    DIFY_PLUGIN_TOOLS_LAYER_TYPE_ID,
    DifyPluginCredentialValue,
+    DifyPluginLayerConfig,
    DifyPluginLLMLayerConfig,
-    DifyPluginToolsLayerConfig,
-)
-from dify_agent.layers.execution_context import (
-    DIFY_EXECUTION_CONTEXT_LAYER_TYPE_ID,
-    DifyExecutionContextLayerConfig,
 )
 from dify_agent.layers.output import DIFY_OUTPUT_LAYER_TYPE_ID, DifyOutputLayerConfig
 from dify_agent.protocol import (
-    DIFY_AGENT_HISTORY_LAYER_ID,
    DIFY_AGENT_MODEL_LAYER_ID,
    DIFY_AGENT_OUTPUT_LAYER_ID,
    CreateRunRequest,
+    ExecutionContext,
    LayerExitSignals,
    RunComposition,
    RunLayerSpec,
@ -45,109 +37,27 @@ from pydantic import BaseModel, ConfigDict, Field, JsonValue, field_validator
 AGENT_SOUL_PROMPT_LAYER_ID = "agent_soul_prompt"
 WORKFLOW_NODE_JOB_PROMPT_LAYER_ID = "workflow_node_job_prompt"
 WORKFLOW_USER_PROMPT_LAYER_ID = "workflow_user_prompt"
-DIFY_EXECUTION_CONTEXT_LAYER_ID = "execution_context"
-DIFY_PLUGIN_TOOLS_LAYER_ID = "tools"
-
-# Layer types that hold credentials in their per-run config. These are excluded
-# from the cleanup-replay composition (and from the snapshot that is sent with
-# the cleanup request) because we deliberately do not persist plaintext
-# credentials between runs.
-_CLEANUP_EXCLUDED_LAYER_TYPES: tuple[str, ...] = (
-    DIFY_PLUGIN_LLM_LAYER_TYPE_ID,
-    DIFY_PLUGIN_TOOLS_LAYER_TYPE_ID,
-)
-
-
-class CleanupLayerSpec(BaseModel):
-    """One layer node replayed by an Agent backend cleanup-only run.
-
-    Cleanup composition cannot include credential-bearing plugin layers, so we
-    persist only the non-plugin layer specs together with the original config.
-    Storing the config (rather than just ``name``/``type``) means cleanup does
-    not depend on the original build-time inputs being re-derivable.
-    """
-
-    name: str
-    type: str
-    deps: dict[str, str] = Field(default_factory=dict)
-    metadata: dict[str, JsonValue] = Field(default_factory=dict)
-    config: JsonValue = None
-
-    model_config: ClassVar[ConfigDict] = ConfigDict(extra="forbid")
-
-
-def extract_cleanup_layer_specs(composition: RunComposition) -> list[CleanupLayerSpec]:
-    """Project the in-flight composition into the persistable cleanup spec list.
-
-    Plugin layers are intentionally dropped (their configs hold credentials and
-    the lifecycle contract says "do not include an LLM layer" during cleanup).
-    The filtered names must later drive snapshot filtering so the agenton
-    compositor's name-order check still passes for the cleanup run.
-    """
-    excluded = set(_CLEANUP_EXCLUDED_LAYER_TYPES)
-    specs: list[CleanupLayerSpec] = []
-    for layer in composition.layers:
-        if layer.type in excluded:
-            continue
-        config_value: JsonValue = None
-        if isinstance(layer.config, BaseModel):
-            config_value = layer.config.model_dump(mode="json", warnings=False)
-        else:
-            # ``RunLayerSpec.config`` is typed as ``LayerConfigInput`` which
-            # includes ``Mapping[str, object] | bytes``. In the cleanup-replay
-            # pipeline our builder only emits BaseModel-derived configs or
-            # ``None``, so the wider input alias narrows safely here.
-            config_value = cast(JsonValue, layer.config)
-        specs.append(
-            CleanupLayerSpec(
-                name=layer.name,
-                type=layer.type,
-                deps=dict(layer.deps),
-                metadata=dict(layer.metadata),
-                config=config_value,
-            )
-        )
-    return specs
-
-
-def _filter_snapshot_to_specs(
-    snapshot: CompositorSessionSnapshot,
-    specs: list[CleanupLayerSpec],
-) -> CompositorSessionSnapshot:
-    """Keep only snapshot layers whose names appear in the cleanup spec list.
-
-    The agenton compositor rejects a snapshot whose layer-name sequence does
-    not match the active composition exactly. Cleanup-replay drops plugin
-    layers, so we must drop the matching snapshot entries here.
-    """
-    kept_names = {spec.name for spec in specs}
-    filtered_layers: list[LayerSessionSnapshot] = [layer for layer in snapshot.layers if layer.name in kept_names]
-    if len(filtered_layers) == len(snapshot.layers):
-        return snapshot
-    return CompositorSessionSnapshot(schema_version=snapshot.schema_version, layers=filtered_layers)
+DIFY_PLUGIN_CONTEXT_LAYER_ID = "plugin"


 class AgentBackendModelConfig(BaseModel):
    """API-side model/plugin selection before it is converted to Dify Agent layers."""

+    tenant_id: str
    plugin_id: str
    model_provider: str
    model: str
+    user_id: str | None = None
    credentials: dict[str, DifyPluginCredentialValue] = Field(default_factory=dict)
-    model_settings: dict[str, JsonValue] = Field(default_factory=dict)

    model_config: ClassVar[ConfigDict] = ConfigDict(extra="forbid")


 class AgentBackendOutputConfig(BaseModel):
-    """API-side structured output declaration for the conventional output layer.
-
-    The structured-output tool name is fixed to ``final_output`` inside
-    ``dify_agent.layers.output`` so callers only control the JSON Schema plus
-    optional description/strictness metadata.
-    """
+    """API-side structured output declaration for the conventional output layer."""

    json_schema: dict[str, JsonValue]
+    name: str = "final_result"
    description: str | None = None
    strict: bool | None = None

@ -158,17 +68,15 @@ class AgentBackendWorkflowNodeRunInput(BaseModel):
    """Inputs needed to build the first workflow-node-oriented Agent backend run request."""

    model: AgentBackendModelConfig
-    execution_context: DifyExecutionContextLayerConfig
+    execution_context: ExecutionContext
    workflow_node_job_prompt: str
    user_prompt: str
    agent_soul_prompt: str | None = None
    purpose: RunPurpose = "workflow_node"
    idempotency_key: str | None = None
    output: AgentBackendOutputConfig | None = None
-    tools: DifyPluginToolsLayerConfig | None = None
    session_snapshot: CompositorSessionSnapshot | None = None
-    include_history: bool = True
-    suspend_on_exit: bool = True
+    suspend_on_exit: bool = False
    metadata: dict[str, JsonValue] = Field(default_factory=dict)

    model_config: ClassVar[ConfigDict] = ConfigDict(extra="forbid", arbitrary_types_allowed=True)
@ -184,50 +92,6 @@ class AgentBackendWorkflowNodeRunInput(BaseModel):
 class AgentBackendRunRequestBuilder:
    """Converts API product state into the public ``dify-agent`` run protocol."""

-    def build_cleanup_request(
-        self,
-        *,
-        session_snapshot: CompositorSessionSnapshot,
-        composition_layer_specs: list[CleanupLayerSpec],
-        idempotency_key: str | None = None,
-        metadata: dict[str, JsonValue] | None = None,
-    ) -> CreateRunRequest:
-        """Build a lifecycle-only cleanup request that replays the prior layers.
-
-        The agenton compositor enforces that the session snapshot's layer names
-        match the active composition in order, so cleanup must replay the same
-        non-plugin layer graph that produced the snapshot. Plugin layers
-        (``dify.plugin.llm``, ``dify.plugin.tools``) are excluded from both the
-        composition and the snapshot before submission because their configs
-        require credentials that are not persisted between runs.
-        """
-        if not composition_layer_specs:
-            raise ValueError(
-                "build_cleanup_request requires composition_layer_specs; an empty "
-                "composition would fail the agent backend's snapshot validation."
-            )
-        request_metadata = dict(metadata or {})
-        request_metadata["agent_backend_lifecycle"] = "session_cleanup"
-        layers = [
-            RunLayerSpec(
-                name=spec.name,
-                type=spec.type,
-                deps=dict(spec.deps),
-                metadata=dict(spec.metadata),
-                config=spec.config,
-            )
-            for spec in composition_layer_specs
-        ]
-        filtered_snapshot = _filter_snapshot_to_specs(session_snapshot, composition_layer_specs)
-        return CreateRunRequest(
-            composition=RunComposition(layers=layers),
-            purpose="workflow_node",
-            idempotency_key=idempotency_key,
-            metadata=request_metadata,
-            session_snapshot=filtered_snapshot,
-            on_exit=LayerExitSignals(default=ExitIntent.DELETE),
-        )
-
    def build_for_workflow_node(self, run_input: AgentBackendWorkflowNodeRunInput) -> CreateRunRequest:
        """Build a workflow Agent Node run request without defining another wire schema."""
        layers: list[RunLayerSpec] = []
@ -256,52 +120,29 @@ class AgentBackendRunRequestBuilder:
                    config=PromptLayerConfig(user=run_input.user_prompt),
                ),
                RunLayerSpec(
-                    name=DIFY_EXECUTION_CONTEXT_LAYER_ID,
-                    type=DIFY_EXECUTION_CONTEXT_LAYER_TYPE_ID,
+                    name=DIFY_PLUGIN_CONTEXT_LAYER_ID,
+                    type=DIFY_PLUGIN_LAYER_TYPE_ID,
                    metadata=run_input.metadata,
-                    config=run_input.execution_context,
+                    config=DifyPluginLayerConfig(
+                        tenant_id=run_input.model.tenant_id,
+                        plugin_id=run_input.model.plugin_id,
+                        user_id=run_input.model.user_id,
+                    ),
                ),
-            ]
-        )
-
-        if run_input.include_history:
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_AGENT_HISTORY_LAYER_ID,
-                    type=PYDANTIC_AI_HISTORY_LAYER_TYPE_ID,
-                    metadata={**run_input.metadata, "origin": "agent_session_history"},
-                )
-            )
-
-        layers.extend(
-            [
                RunLayerSpec(
                    name=DIFY_AGENT_MODEL_LAYER_ID,
                    type=DIFY_PLUGIN_LLM_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
+                    deps={"plugin": DIFY_PLUGIN_CONTEXT_LAYER_ID},
                    metadata=run_input.metadata,
                    config=DifyPluginLLMLayerConfig(
-                        plugin_id=run_input.model.plugin_id,
                        model_provider=run_input.model.model_provider,
                        model=run_input.model.model,
                        credentials=run_input.model.credentials,
-                        model_settings=run_input.model.model_settings or None,
                    ),
                ),
            ]
        )

-        if run_input.tools is not None and run_input.tools.tools:
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_PLUGIN_TOOLS_LAYER_ID,
-                    type=DIFY_PLUGIN_TOOLS_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
-                    metadata=run_input.metadata,
-                    config=run_input.tools,
-                )
-            )
-
        if run_input.output is not None:
            layers.append(
                RunLayerSpec(
@ -310,6 +151,7 @@ class AgentBackendRunRequestBuilder:
                    metadata=run_input.metadata,
                    config=DifyOutputLayerConfig(
                        json_schema=run_input.output.json_schema,
+                        name=run_input.output.name,
                        description=run_input.output.description,
                        strict=run_input.output.strict,
                    ),
@ -318,6 +160,7 @@ class AgentBackendRunRequestBuilder:

        return CreateRunRequest(
            composition=RunComposition(layers=layers),
+            execution_context=run_input.execution_context,
            purpose=run_input.purpose,
            idempotency_key=run_input.idempotency_key,
            metadata=run_input.metadata,
--- a/api/commands/init.py
+++ b/api/commands/init.py
@ -3,7 +3,6 @@ CLI command modules extracted from `commands.py`.
 """

 from .account import create_tenant, reset_email, reset_password
-from .data_migrate import data_migrate, legacy_model_types
 from .plugin import (
    extract_plugins,
    extract_unique_plugins,
@ -45,7 +44,6 @@ __all__ = [
    "clear_orphaned_file_records",
    "convert_to_agent_apps",
    "create_tenant",
-    "data_migrate",
    "delete_archived_workflow_runs",
    "export_app_messages",
    "extract_plugins",
@ -54,7 +52,6 @@ __all__ = [
    "fix_app_site_missing",
    "install_plugins",
    "install_rag_pipeline_plugins",
-    "legacy_model_types",
    "migrate_annotation_vector_database",
    "migrate_data_for_plugin",
    "migrate_knowledge_vector_database",
--- a/api/commands/data_migrate.py
+++ b/api/commands/data_migrate.py
@ -1,179 +0,0 @@
-import io
-import os
-import sys
-from contextlib import AbstractContextManager, nullcontext
-from pathlib import Path
-from typing import cast
-
-import click
-
-from extensions.ext_database import db
-from graphon.model_runtime.entities.model_entities import ModelType
-from services.legacy_model_type_migration import (
-    VALID_TABLE_NAMES,
-    LegacyModelTypeMigrationService,
-    load_tenant_ids_from_file,
-)
-
-_SUPPORTED_MODEL_TYPE_CHOICES = (
-    ModelType.LLM.value,
-    ModelType.TEXT_EMBEDDING.value,
-    ModelType.RERANK.value,
-)
-_DEFAULT_CONCURRENCY = os.cpu_count() or 1
-
-
-def _normalize_multi_value_option(
-    values: tuple[str, ...],
-    *,
-    valid_values: tuple[str, ...],
-    option_name: str,
-) -> tuple[str, ...]:
-    normalized_values: list[str] = []
-    seen_values: set[str] = set()
-
-    for value in values:
-        for item in value.split(","):
-            normalized_item = item.strip()
-            if not normalized_item:
-                continue
-            if normalized_item not in valid_values:
-                raise click.BadParameter(
-                    f"invalid value '{normalized_item}'. valid values: {', '.join(valid_values)}",
-                    param_hint=option_name,
-                )
-            if normalized_item in seen_values:
-                continue
-            seen_values.add(normalized_item)
-            normalized_values.append(normalized_item)
-
-    return tuple(normalized_values)
-
-
-@click.group(
-    "data-migrate",
-    help="Online data migration commands.",
-)
-def data_migrate() -> None:
-    """Namespace for production data migration commands."""
-
-
-@click.command(
-    "legacy-model-types",
-    help=(
-        "Migrate legacy provider model_type values to canonical values. "
-        "Default is dry-run and emits JSON lines only. "
-        "If --tables includes provider_model_credentials, the command may also update "
-        "provider_models and load_balancing_model_configs references so merged credentials stay reachable."
-    ),
-)
-@click.option(
-    "--apply",
-    is_flag=True,
-    default=False,
-    help="Apply the migration. Default is dry-run.",
-)
-@click.option(
-    "--tables",
-    "tables",
-    multiple=True,
-    type=str,
-    help=(
-        "Limit migration to specific tables. Accepts comma-separated values or repeated flags.\n"
-        "\n"
-        "Options: load_balancing_model_configs, provider_model_credentials, "
-        "provider_model_settings, provider_models, tenant_default_models.\n\n"
-        "When provider_model_credentials is selected, provider_models and "
-        "load_balancing_model_configs may also be updated for credential reference rewrites.\n"
-        "\n"
-        "If unspecified, all relevant tables are migrated."
-    ),
-)
-@click.option(
-    "--model-types",
-    "model_types",
-    multiple=True,
-    type=str,
-    help=(
-        "Canonical model types to migrate. Accepts comma-separated values or repeated flags.\n"
-        "\n"
-        "Options: llm,text-embedding,rerank\n"
-        "\n"
-        "If unspecified, all relevant legacy model types are migrated."
-    ),
-)
-@click.option(
-    "--tenant-id-file",
-    type=click.Path(exists=True, dir_okay=False, readable=True, resolve_path=True),
-    help="Optional file containing tenant ids, one per line.",
-)
-@click.option(
-    "--output",
-    type=click.Path(dir_okay=False, resolve_path=True, path_type=Path),
-    help=(
-        "Optional file path for JSON lines event logs. Defaults to stdout.\n"
-        "It's highly recommended to save the event logs to a file and preserve it for a period of time."
-    ),
-)
-@click.option(
-    "--concurrency",
-    type=click.IntRange(min=1),
-    default=_DEFAULT_CONCURRENCY,
-    show_default=True,
-    help="Number of tenant-level worker threads to run in parallel.",
-)
-def legacy_model_types(
-    apply: bool,
-    tables: tuple[str, ...],
-    model_types: tuple[str, ...],
-    tenant_id_file: str | None,
-    output: Path | None,
-    concurrency: int = _DEFAULT_CONCURRENCY,
-) -> None:
-    """
-    Migrate legacy provider-related model_type values and emit JSON lines events.
-    """
-
-    normalized_tables = _normalize_multi_value_option(
-        tables,
-        valid_values=VALID_TABLE_NAMES,
-        option_name="--tables",
-    )
-    normalized_model_types = _normalize_multi_value_option(
-        model_types,
-        valid_values=_SUPPORTED_MODEL_TYPE_CHOICES,
-        option_name="--model-types",
-    )
-    selected_model_types = (
-        tuple(ModelType.value_of(model_type) for model_type in normalized_model_types)
-        if normalized_model_types
-        else (
-            ModelType.LLM,
-            ModelType.TEXT_EMBEDDING,
-            ModelType.RERANK,
-        )
-    )
-    tenant_ids = load_tenant_ids_from_file(tenant_id_file) if tenant_id_file else None
-
-    output_context: AbstractContextManager[io.TextIOBase]
-    if output is None:
-        output_context = nullcontext(cast(io.TextIOBase, sys.stdout))
-    else:
-        try:
-            output_context = output.open("w", encoding="utf-8")
-        except OSError as exc:
-            raise click.ClickException(f"failed to open output file '{output}': {exc.strerror or exc}") from exc
-
-    with output_context as output_stream:
-        LegacyModelTypeMigrationService(
-            engine=db.engine,
-            apply=apply,
-            concurrency=concurrency,
-            output=cast(io.TextIOBase, output_stream),
-            tables=normalized_tables or None,
-            model_types=selected_model_types,
-            tenant_ids=tenant_ids,
-        ).migrate()
-
-
-data_migrate.add_command(legacy_model_types)
--- a/api/commands/plugin.py
+++ b/api/commands/plugin.py
@ -11,7 +11,6 @@ from configs import dify_config
 from core.helper import encrypter
 from core.plugin.entities.plugin_daemon import CredentialType
 from core.plugin.impl.plugin import PluginInstaller
-from core.plugin.plugin_service import PluginService
 from core.tools.utils.system_encryption import encrypt_system_params
 from extensions.ext_database import db
 from models import Tenant
@ -21,6 +20,7 @@ from models.source import DataSourceApiKeyAuthBinding, DataSourceOauthBinding
 from models.tools import ToolOAuthSystemClient
 from services.plugin.data_migration import PluginDataMigration
 from services.plugin.plugin_migration import PluginMigration
+from services.plugin.plugin_service import PluginService

 logger = logging.getLogger(__name__)

--- a/api/configs/deploy/init.py
+++ b/api/configs/deploy/init.py
@ -1,5 +1,3 @@
-from typing import Literal
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -25,7 +23,7 @@ class DeploymentConfig(BaseSettings):
        default=False,
    )

-    EDITION: Literal["SELF_HOSTED", "CLOUD"] = Field(
+    EDITION: str = Field(
        description="Deployment edition of the application (e.g., 'SELF_HOSTED', 'CLOUD')",
        default="SELF_HOSTED",
    )
--- a/api/configs/extra/init.py
+++ b/api/configs/extra/init.py
@ -1,4 +1,3 @@
-from configs.extra.agent_backend_config import AgentBackendConfig
 from configs.extra.archive_config import ArchiveStorageConfig
 from configs.extra.notion_config import NotionConfig
 from configs.extra.sentry_config import SentryConfig
@ -6,7 +5,6 @@ from configs.extra.sentry_config import SentryConfig

 class ExtraServiceConfig(
    # place the configs in alphabet order
-    AgentBackendConfig,
    ArchiveStorageConfig,
    NotionConfig,
    SentryConfig,
--- a/api/configs/extra/agent_backend_config.py
+++ b/api/configs/extra/agent_backend_config.py
@ -1,23 +0,0 @@
-from pydantic import Field
-from pydantic_settings import BaseSettings
-
-
-class AgentBackendConfig(BaseSettings):
-    """
-    Configuration settings for the Agent backend runtime integration.
-    """
-
-    AGENT_BACKEND_BASE_URL: str | None = Field(
-        description="Base URL for the Dify Agent backend service.",
-        default=None,
-    )
-
-    AGENT_BACKEND_USE_FAKE: bool = Field(
-        description="Use the deterministic in-process fake Agent backend client.",
-        default=False,
-    )
-
-    AGENT_BACKEND_FAKE_SCENARIO: str = Field(
-        description="Scenario used by the fake Agent backend client.",
-        default="success",
-    )
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -265,11 +265,6 @@ class PluginConfig(BaseSettings):
        default=60 * 60,
    )

-    PLUGIN_MODEL_PROVIDERS_CACHE_TTL: PositiveInt = Field(
-        description="TTL in seconds for caching tenant plugin model providers in Redis",
-        default=60 * 60 * 24,
-    )
-
    PLUGIN_MAX_FILE_SIZE: PositiveInt = Field(
        description="Maximum allowed size (bytes) for plugin-generated files",
        default=50 * 1024 * 1024,
@ -525,44 +520,6 @@ class HttpConfig(BaseSettings):
    def WEB_API_CORS_ALLOW_ORIGINS(self) -> list[str]:
        return self.inner_WEB_API_CORS_ALLOW_ORIGINS.split(",")

-    OPENAPI_ENABLED: bool = Field(
-        description=(
-            "Enable the /openapi/v1/* endpoint group used by difyctl and other "
-            "programmatic clients. Set to true to activate; disabled by default."
-        ),
-        validation_alias=AliasChoices("OPENAPI_ENABLED"),
-        default=False,
-    )
-
-    inner_OPENAPI_CORS_ALLOW_ORIGINS: str = Field(
-        description=(
-            "Comma-separated allowlist for /openapi/v1/* CORS. "
-            "Default empty = same-origin only. Browser-cookie routes within "
-            "the group reject cross-origin OPTIONS regardless of this list."
-        ),
-        validation_alias=AliasChoices("OPENAPI_CORS_ALLOW_ORIGINS"),
-        default="",
-    )
-
-    @computed_field
-    def OPENAPI_CORS_ALLOW_ORIGINS(self) -> list[str]:
-        return [o for o in self.inner_OPENAPI_CORS_ALLOW_ORIGINS.split(",") if o]
-
-    inner_OPENAPI_KNOWN_CLIENT_IDS: str = Field(
-        description=(
-            "Comma-separated client_id values accepted at "
-            "POST /openapi/v1/oauth/device/code. New CLIs / SDKs added here "
-            "without code changes. Unknown client_id returns 400 unsupported_client."
-        ),
-        validation_alias=AliasChoices("OPENAPI_KNOWN_CLIENT_IDS"),
-        default="difyctl",
-    )
-
-    @computed_field  # type: ignore[misc]
-    @property
-    def OPENAPI_KNOWN_CLIENT_IDS(self) -> frozenset[str]:
-        return frozenset(c for c in self.inner_OPENAPI_KNOWN_CLIENT_IDS.split(",") if c)
-
    HTTP_REQUEST_MAX_CONNECT_TIMEOUT: int = Field(
        ge=1, description="Maximum connection timeout in seconds for HTTP requests", default=10
    )
@ -938,17 +895,6 @@ class AuthConfig(BaseSettings):
        default=86400,
    )

-    ENABLE_OAUTH_BEARER: bool = Field(
-        description="Enable OAuth bearer authentication (device-flow + Service API /v1/* bearer middleware).",
-        default=True,
-    )
-
-    OPENAPI_RATE_LIMIT_PER_TOKEN: PositiveInt = Field(
-        description="Per-token rate limit on /openapi/v1/* (requests per minute). "
-        "Bucket keyed on sha256(token), shared across api replicas via Redis.",
-        default=60,
-    )
-

 class ModerationConfig(BaseSettings):
    """
@ -1235,14 +1181,6 @@ class CeleryScheduleTasksConfig(BaseSettings):
        description="Enable scheduled workflow run cleanup task",
        default=False,
    )
-    ENABLE_CLEAN_OAUTH_ACCESS_TOKENS_TASK: bool = Field(
-        description="Enable scheduled cleanup of revoked/expired OAuth access-token rows past retention.",
-        default=True,
-    )
-    OAUTH_ACCESS_TOKEN_RETENTION_DAYS: PositiveInt = Field(
-        description="Days to retain revoked OAuth access-token rows before deletion.",
-        default=30,
-    )
    ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK: bool = Field(
        description="Enable mail clean document notify task",
        default=False,
--- a/api/configs/middleware/vdb/milvus_config.py
+++ b/api/configs/middleware/vdb/milvus_config.py
@ -41,21 +41,3 @@ class MilvusConfig(BaseSettings):
        description='Milvus text analyzer parameters, e.g., {"type": "chinese"} for Chinese segmentation support.',
        default=None,
    )
-
-    MILVUS_SECURE: bool = Field(
-        description="Enable TLS for the Milvus connection (one-way TLS). When True, the client uses gRPC over TLS "
-        "and verifies the server certificate. Equivalent to passing secure=True to pymilvus.",
-        default=False,
-    )
-
-    MILVUS_SERVER_PEM_PATH: str | None = Field(
-        description="Filesystem path inside the container to the Milvus server certificate (PEM). Mount this via "
-        "a Kubernetes secret. Used as pymilvus's server_pem_path when MILVUS_SECURE is True.",
-        default=None,
-    )
-
-    MILVUS_SERVER_NAME: str | None = Field(
-        description="Server name (TLS SNI / certificate CN or SAN) to verify against the Milvus server certificate. "
-        "Required when MILVUS_SERVER_PEM_PATH is set.",
-        default=None,
-    )
--- a/api/configs/remote_settings_sources/apollo/init.py
+++ b/api/configs/remote_settings_sources/apollo/init.py
@ -1,5 +1,5 @@
 from collections.abc import Mapping
-from typing import Any, override
+from typing import Any

 from pydantic import Field
 from pydantic.fields import FieldInfo
@ -48,7 +48,6 @@ class ApolloSettingsSource(RemoteSettingsSource):
        self.namespace = configs["APOLLO_NAMESPACE"]
        self.remote_configs = self.client.get_all_dicts(self.namespace)

-    @override
    def get_field_value(self, field: FieldInfo, field_name: str) -> tuple[Any, str, bool]:
        if not isinstance(self.remote_configs, dict):
            raise ValueError(f"remote configs is not dict, but {type(self.remote_configs)}")
--- a/api/configs/remote_settings_sources/nacos/init.py
+++ b/api/configs/remote_settings_sources/nacos/init.py
@ -1,7 +1,7 @@
 import logging
 import os
 from collections.abc import Mapping
-from typing import Any, override
+from typing import Any

 from pydantic.fields import FieldInfo

@ -41,7 +41,6 @@ class NacosSettingsSource(RemoteSettingsSource):
        except Exception as e:
            raise RuntimeError(f"Failed to parse config: {e}")

-    @override
    def get_field_value(self, field: FieldInfo, field_name: str) -> tuple[Any, str, bool]:
        field_value = self.remote_configs.get(field_name)
        if field_value is None:
--- a/api/context/execution_context.py
+++ b/api/context/execution_context.py
@ -10,7 +10,7 @@ import threading
 from abc import ABC, abstractmethod
 from collections.abc import Callable, Generator
 from contextlib import AbstractContextManager, contextmanager
-from typing import Any, Protocol, final, override, runtime_checkable
+from typing import Any, Protocol, final, runtime_checkable

 from pydantic import BaseModel

@ -133,12 +133,10 @@ class NullAppContext(AppContext):
        self._config = config or {}
        self._extensions: dict[str, Any] = {}

-    @override
    def get_config(self, key: str, default: Any = None) -> Any:
        """Get configuration value by key."""
        return self._config.get(key, default)

-    @override
    def get_extension(self, name: str) -> Any:
        """Get extension by name."""
        return self._extensions.get(name)
@ -148,7 +146,6 @@ class NullAppContext(AppContext):
        self._extensions[name] = extension

    @contextmanager
-    @override
    def enter(self) -> Generator[None, None, None]:
        """Enter null context (no-op)."""
        yield
--- a/api/context/flask_app_context.py
+++ b/api/context/flask_app_context.py
@ -6,7 +6,7 @@ import contextvars
 import threading
 from collections.abc import Generator
 from contextlib import contextmanager
-from typing import Any, final, override
+from typing import Any, final

 from flask import Flask, current_app, g

@ -30,18 +30,15 @@ class FlaskAppContext(AppContext):
        """
        self._flask_app = flask_app

-    @override
    def get_config(self, key: str, default: Any = None) -> Any:
        """Get configuration value from Flask app config."""
        return self._flask_app.config.get(key, default)

-    @override
    def get_extension(self, name: str) -> Any:
        """Get Flask extension by name."""
        return self._flask_app.extensions.get(name)

    @contextmanager
-    @override
    def enter(self) -> Generator[None, None, None]:
        """Enter Flask app context."""
        with self._flask_app.app_context():
--- a/api/controllers/common/helpers.py
+++ b/api/controllers/common/helpers.py
@ -36,24 +36,6 @@ class FileInfo(BaseModel):
    size: int


-def decode_remote_url(url: str, query_string: bytes | str = b"") -> str:
-    decoded_url = urllib.parse.unquote(url)
-    if isinstance(query_string, bytes):
-        raw_query = query_string.decode()
-    else:
-        raw_query = query_string
-    if not raw_query:
-        return decoded_url
-
-    if decoded_url.endswith(("?", "&")):
-        separator = ""
-    elif urllib.parse.urlsplit(decoded_url).query:
-        separator = "&"
-    else:
-        separator = "?"
-    return f"{decoded_url}{separator}{raw_query}"
-
-
 def guess_file_info_from_response(response: httpx.Response):
    url = str(response.url)
    # Try to extract filename from URL
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@ -68,7 +68,6 @@ from .app import (
    workflow_app_log,
    workflow_comment,
    workflow_draft_variable,
-    workflow_node_output_inspector,
    workflow_run,
    workflow_statistic,
    workflow_trigger,
@ -119,6 +118,7 @@ from .explore import (
    saved_message,
    trial,
 )
+from .snippets import snippet_workflow, snippet_workflow_draft_variable
 from .socketio import workflow as socketio_workflow

 # Import tag controllers
@ -134,6 +134,7 @@ from .workspace import (
    model_providers,
    models,
    plugin,
+    snippets,
    tool_providers,
    trigger_providers,
    workspace,
@ -206,6 +207,9 @@ __all__ = [
    "saved_message",
    "setup",
    "site",
+    "snippet_workflow",
+    "snippet_workflow_draft_variable",
+    "snippets",
    "socketio_workflow",
    "spec",
    "statistic",
@ -219,7 +223,6 @@ __all__ = [
    "workflow_app_log",
    "workflow_comment",
    "workflow_draft_variable",
-    "workflow_node_output_inspector",
    "workflow_run",
    "workflow_statistic",
    "workflow_trigger",
--- a/api/controllers/console/agent/composer.py
+++ b/api/controllers/console/agent/composer.py
@ -5,7 +5,7 @@ from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from libs.login import current_account_with_tenant, login_required
-from models.model import App, AppMode
+from models.model import AppMode
 from services.agent.composer_service import AgentComposerService
 from services.agent.composer_validator import ComposerConfigValidator
 from services.entities.agent_entities import ComposerSavePayload
@ -19,7 +19,7 @@ class WorkflowAgentComposerApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def get(self, app_model: App, node_id: str):
+    def get(self, app_model, node_id: str):
        _, tenant_id = current_account_with_tenant()
        return AgentComposerService.load_workflow_composer(
            tenant_id=tenant_id,
@ -33,7 +33,7 @@ class WorkflowAgentComposerApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def put(self, app_model: App, node_id: str):
+    def put(self, app_model, node_id: str):
        account, tenant_id = current_account_with_tenant()
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        return AgentComposerService.save_workflow_composer(
@ -52,7 +52,7 @@ class WorkflowAgentComposerValidateApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def post(self, app_model: App, node_id: str):
+    def post(self, app_model, node_id: str):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        ComposerConfigValidator.validate_save_payload(payload)
        return {"result": "success", "errors": []}
@ -64,7 +64,7 @@ class WorkflowAgentComposerCandidatesApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def get(self, app_model: App, node_id: str):
+    def get(self, app_model, node_id: str):
        return AgentComposerService.get_workflow_candidates(app_id=app_model.id)


@ -74,7 +74,7 @@ class WorkflowAgentComposerImpactApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def post(self, app_model: App, node_id: str):
+    def post(self, app_model, node_id: str):
        _, tenant_id = current_account_with_tenant()
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        current_snapshot_id = payload.binding.current_snapshot_id if payload.binding else None
@ -91,7 +91,7 @@ class WorkflowAgentComposerSaveToRosterApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    def post(self, app_model: App, node_id: str):
+    def post(self, app_model, node_id: str):
        account, tenant_id = current_account_with_tenant()
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        return AgentComposerService.save_workflow_composer(
@ -109,7 +109,7 @@ class AgentAppComposerApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model()
-    def get(self, app_model: App):
+    def get(self, app_model):
        _, tenant_id = current_account_with_tenant()
        return AgentComposerService.load_agent_app_composer(tenant_id=tenant_id, app_id=app_model.id)

@ -119,7 +119,7 @@ class AgentAppComposerApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @get_app_model()
-    def put(self, app_model: App):
+    def put(self, app_model):
        account, tenant_id = current_account_with_tenant()
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        return AgentComposerService.save_agent_app_composer(
@ -137,7 +137,7 @@ class AgentAppComposerValidateApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model()
-    def post(self, app_model: App):
+    def post(self, app_model):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        ComposerConfigValidator.validate_save_payload(payload)
        return {"result": "success", "errors": []}
@ -149,5 +149,5 @@ class AgentAppComposerCandidatesApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model()
-    def get(self, app_model: App):
+    def get(self, app_model):
        return AgentComposerService.get_agent_app_candidates(app_id=app_model.id)
--- a/api/controllers/console/agent/roster.py
+++ b/api/controllers/console/agent/roster.py
@ -1,5 +1,3 @@
-from uuid import UUID
-
 from flask import request
 from flask_restx import Resource
 from pydantic import BaseModel, Field
@ -82,7 +80,7 @@ class AgentRosterDetailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, agent_id: UUID):
+    def get(self, agent_id):
        _, tenant_id = current_account_with_tenant()
        return _agent_roster_service().get_roster_agent_detail(tenant_id=tenant_id, agent_id=str(agent_id))

@ -91,7 +89,7 @@ class AgentRosterDetailApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def patch(self, agent_id: UUID):
+    def patch(self, agent_id):
        account, tenant_id = current_account_with_tenant()
        payload = RosterAgentUpdatePayload.model_validate(console_ns.payload or {})
        return _agent_roster_service().update_roster_agent(
@ -102,7 +100,7 @@ class AgentRosterDetailApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def delete(self, agent_id: UUID):
+    def delete(self, agent_id):
        account, tenant_id = current_account_with_tenant()
        _agent_roster_service().archive_roster_agent(tenant_id=tenant_id, agent_id=str(agent_id), account_id=account.id)
        return "", 204
@ -113,7 +111,7 @@ class AgentRosterVersionsApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, agent_id: UUID):
+    def get(self, agent_id):
        _, tenant_id = current_account_with_tenant()
        return {"data": _agent_roster_service().list_agent_versions(tenant_id=tenant_id, agent_id=str(agent_id))}

@ -123,7 +121,7 @@ class AgentRosterVersionDetailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, agent_id: UUID, version_id: UUID):
+    def get(self, agent_id, version_id):
        _, tenant_id = current_account_with_tenant()
        return _agent_roster_service().get_agent_version_detail(
            tenant_id=tenant_id,
--- a/api/controllers/console/apikey.py
+++ b/api/controllers/console/apikey.py
@ -1,5 +1,4 @@
 from datetime import datetime
-from uuid import UUID

 import flask_restx
 from flask_restx import Resource
@ -9,25 +8,18 @@ from sqlalchemy import delete, func, select
 from sqlalchemy.orm import sessionmaker
 from werkzeug.exceptions import Forbidden

-from controllers.common.schema import register_response_schema_models
+from controllers.common.schema import register_schema_models
 from extensions.ext_database import db
 from fields.base import ResponseModel
-from libs.helper import dump_response, to_timestamp
-from libs.login import login_required
-from models import Account
+from libs.helper import to_timestamp
+from libs.login import current_account_with_tenant, login_required
 from models.dataset import Dataset
 from models.enums import ApiTokenType
 from models.model import ApiToken, App
 from services.api_token_service import ApiTokenCache

 from . import console_ns
-from .wraps import (
-    account_initialization_required,
-    edit_permission_required,
-    setup_required,
-    with_current_tenant_id,
-    with_current_user,
-)
+from .wraps import account_initialization_required, edit_permission_required, setup_required


 class ApiKeyItem(ResponseModel):
@ -47,7 +39,7 @@ class ApiKeyList(ResponseModel):
    data: list[ApiKeyItem]


-register_response_schema_models(console_ns, ApiKeyItem, ApiKeyList)
+register_schema_models(console_ns, ApiKeyItem, ApiKeyList)


 def _get_resource(resource_id, tenant_id, resource_model):
@ -71,11 +63,10 @@ class BaseApiKeyListResource(Resource):
    token_prefix: str | None = None
    max_keys = 10

-    def get(self, resource_id: str, current_tenant_id: str) -> dict[str, object]:
-        return dump_response(ApiKeyList, self._get_api_key_list(resource_id, current_tenant_id))
-
-    def _get_api_key_list(self, resource_id: str, current_tenant_id: str) -> ApiKeyList:
+    def get(self, resource_id):
        assert self.resource_id_field is not None, "resource_id_field must be set"
+        resource_id = str(resource_id)
+        _, current_tenant_id = current_account_with_tenant()

        _get_resource(resource_id, current_tenant_id, self.resource_model)
        keys = db.session.scalars(
@ -83,14 +74,13 @@ class BaseApiKeyListResource(Resource):
                ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id
            )
        ).all()
-        return ApiKeyList.model_validate({"data": keys}, from_attributes=True)
+        return ApiKeyList.model_validate({"data": keys}, from_attributes=True).model_dump(mode="json")

    @edit_permission_required
-    def post(self, resource_id: str, current_tenant_id: str) -> tuple[dict[str, object], int]:
-        return dump_response(ApiKeyItem, self._create_api_key(resource_id, current_tenant_id)), 201
-
-    def _create_api_key(self, resource_id: str, current_tenant_id: str) -> ApiToken:
+    def post(self, resource_id):
        assert self.resource_id_field is not None, "resource_id_field must be set"
+        resource_id = str(resource_id)
+        _, current_tenant_id = current_account_with_tenant()
        _get_resource(resource_id, current_tenant_id, self.resource_model)
        current_key_count: int = (
            db.session.scalar(
@ -117,7 +107,7 @@ class BaseApiKeyListResource(Resource):
        api_token.type = self.resource_type
        db.session.add(api_token)
        db.session.commit()
-        return api_token
+        return ApiKeyItem.model_validate(api_token, from_attributes=True).model_dump(mode="json"), 201


 class BaseApiKeyResource(Resource):
@ -127,20 +117,9 @@ class BaseApiKeyResource(Resource):
    resource_model: type | None = None
    resource_id_field: str | None = None

-    def delete(
-        self, resource_id: str, api_key_id: str, current_tenant_id: str, current_user: Account
-    ) -> tuple[str, int]:
-        self._delete_api_key(resource_id, api_key_id, current_tenant_id, current_user)
-        return "", 204
-
-    def _delete_api_key(
-        self,
-        resource_id: str,
-        api_key_id: str,
-        current_tenant_id: str,
-        current_user: Account,
-    ) -> None:
+    def delete(self, resource_id: str, api_key_id: str):
        assert self.resource_id_field is not None, "resource_id_field must be set"
+        current_user, current_tenant_id = current_account_with_tenant()
        _get_resource(resource_id, current_tenant_id, self.resource_model)

        if not current_user.is_admin_or_owner:
@ -167,6 +146,8 @@ class BaseApiKeyResource(Resource):
        db.session.execute(delete(ApiToken).where(ApiToken.id == api_key_id))
        db.session.commit()

+        return {"result": "success"}, 204
+

@console_ns.route("/apps/<uuid:resource_id>/api-keys")
 class AppApiKeyListResource(BaseApiKeyListResource):
@ -174,21 +155,18 @@ class AppApiKeyListResource(BaseApiKeyListResource):
    @console_ns.doc(description="Get all API keys for an app")
    @console_ns.doc(params={"resource_id": "App ID"})
    @console_ns.response(200, "API keys retrieved successfully", console_ns.models[ApiKeyList.__name__])
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, resource_id: UUID) -> dict[str, object]:
+    def get(self, resource_id):  # type: ignore
        """Get all API keys for an app"""
-        return dump_response(ApiKeyList, self._get_api_key_list(str(resource_id), current_tenant_id))
+        return super().get(resource_id)

    @console_ns.doc("create_app_api_key")
    @console_ns.doc(description="Create a new API key for an app")
    @console_ns.doc(params={"resource_id": "App ID"})
    @console_ns.response(201, "API key created successfully", console_ns.models[ApiKeyItem.__name__])
    @console_ns.response(400, "Maximum keys exceeded")
-    @with_current_tenant_id
-    @edit_permission_required
-    def post(self, current_tenant_id: str, resource_id: UUID) -> tuple[dict[str, object], int]:
+    def post(self, resource_id):  # type: ignore
        """Create a new API key for an app"""
-        return dump_response(ApiKeyItem, self._create_api_key(str(resource_id), current_tenant_id)), 201
+        return super().post(resource_id)

    resource_type = ApiTokenType.APP
    resource_model = App
@ -202,14 +180,9 @@ class AppApiKeyResource(BaseApiKeyResource):
    @console_ns.doc(description="Delete an API key for an app")
    @console_ns.doc(params={"resource_id": "App ID", "api_key_id": "API key ID"})
    @console_ns.response(204, "API key deleted successfully")
-    @with_current_user
-    @with_current_tenant_id
-    def delete(
-        self, current_tenant_id: str, current_user: Account, resource_id: UUID, api_key_id: UUID
-    ) -> tuple[str, int]:
+    def delete(self, resource_id, api_key_id):
        """Delete an API key for an app"""
-        self._delete_api_key(str(resource_id), str(api_key_id), current_tenant_id, current_user)
-        return "", 204
+        return super().delete(resource_id, api_key_id)

    resource_type = ApiTokenType.APP
    resource_model = App
@ -222,21 +195,18 @@ class DatasetApiKeyListResource(BaseApiKeyListResource):
    @console_ns.doc(description="Get all API keys for a dataset")
    @console_ns.doc(params={"resource_id": "Dataset ID"})
    @console_ns.response(200, "API keys retrieved successfully", console_ns.models[ApiKeyList.__name__])
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, resource_id: UUID) -> dict[str, object]:
+    def get(self, resource_id):  # type: ignore
        """Get all API keys for a dataset"""
-        return dump_response(ApiKeyList, self._get_api_key_list(str(resource_id), current_tenant_id))
+        return super().get(resource_id)

    @console_ns.doc("create_dataset_api_key")
    @console_ns.doc(description="Create a new API key for a dataset")
    @console_ns.doc(params={"resource_id": "Dataset ID"})
    @console_ns.response(201, "API key created successfully", console_ns.models[ApiKeyItem.__name__])
    @console_ns.response(400, "Maximum keys exceeded")
-    @with_current_tenant_id
-    @edit_permission_required
-    def post(self, current_tenant_id: str, resource_id: UUID) -> tuple[dict[str, object], int]:
+    def post(self, resource_id):  # type: ignore
        """Create a new API key for a dataset"""
-        return dump_response(ApiKeyItem, self._create_api_key(str(resource_id), current_tenant_id)), 201
+        return super().post(resource_id)

    resource_type = ApiTokenType.DATASET
    resource_model = Dataset
@ -250,14 +220,9 @@ class DatasetApiKeyResource(BaseApiKeyResource):
    @console_ns.doc(description="Delete an API key for a dataset")
    @console_ns.doc(params={"resource_id": "Dataset ID", "api_key_id": "API key ID"})
    @console_ns.response(204, "API key deleted successfully")
-    @with_current_user
-    @with_current_tenant_id
-    def delete(
-        self, current_tenant_id: str, current_user: Account, resource_id: UUID, api_key_id: UUID
-    ) -> tuple[str, int]:
+    def delete(self, resource_id, api_key_id):
        """Delete an API key for a dataset"""
-        self._delete_api_key(str(resource_id), str(api_key_id), current_tenant_id, current_user)
-        return "", 204
+        return super().delete(resource_id, api_key_id)

    resource_type = ApiTokenType.DATASET
    resource_model = Dataset
--- a/api/controllers/console/app/agent.py
+++ b/api/controllers/console/app/agent.py
@ -8,7 +8,7 @@ from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.helper import uuid_value
 from libs.login import login_required
-from models.model import App, AppMode
+from models.model import AppMode
 from services.agent_service import AgentService


@ -39,7 +39,7 @@ class AgentLogApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.AGENT_CHAT])
-    def get(self, app_model: App):
+    def get(self, app_model):
        """Get agent logs"""
        args = AgentLogQuery.model_validate(request.args.to_dict(flat=True))

--- a/api/controllers/console/app/annotation.py
+++ b/api/controllers/console/app/annotation.py
@ -159,15 +159,13 @@ class AppAnnotationSettingUpdateApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def post(self, app_id: UUID, annotation_setting_id: UUID):
-        annotation_setting_id_str = str(annotation_setting_id)
+    def post(self, app_id: UUID, annotation_setting_id):
+        annotation_setting_id = str(annotation_setting_id)

        args = AnnotationSettingUpdatePayload.model_validate(console_ns.payload)

        setting_args: UpdateAnnotationSettingArgs = {"score_threshold": args.score_threshold}
-        result = AppAnnotationService.update_app_annotation_setting(
-            str(app_id), annotation_setting_id_str, setting_args
-        )
+        result = AppAnnotationService.update_app_annotation_setting(str(app_id), annotation_setting_id, setting_args)
        return result, 200


@ -183,9 +181,9 @@ class AnnotationReplyActionStatusApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    def get(self, app_id: UUID, job_id: UUID, action: str):
-        job_id_str = str(job_id)
-        app_annotation_job_key = f"{action}_app_annotation_job_{job_id_str}"
+    def get(self, app_id: UUID, job_id, action):
+        job_id = str(job_id)
+        app_annotation_job_key = f"{action}_app_annotation_job_{str(job_id)}"
        cache_result = redis_client.get(app_annotation_job_key)
        if cache_result is None:
            raise ValueError("The job does not exist.")
@ -193,10 +191,10 @@ class AnnotationReplyActionStatusApi(Resource):
        job_status = cache_result.decode()
        error_msg = ""
        if job_status == "error":
-            app_annotation_error_key = f"{action}_app_annotation_error_{job_id_str}"
+            app_annotation_error_key = f"{action}_app_annotation_error_{str(job_id)}"
            error_msg = redis_client.get(app_annotation_error_key).decode()

-        return {"job_id": job_id_str, "job_status": job_status, "error_msg": error_msg}, 200
+        return {"job_id": job_id, "job_status": job_status, "error_msg": error_msg}, 200


@console_ns.route("/apps/<uuid:app_id>/annotations")
@ -271,12 +269,12 @@ class AnnotationApi(Resource):
                    "message": "annotation_ids are required if the parameter is provided.",
                }, 400

-            AppAnnotationService.delete_app_annotations_in_batch(str(app_id), annotation_ids)
-            return "", 204
+            result = AppAnnotationService.delete_app_annotations_in_batch(str(app_id), annotation_ids)
+            return result, 204
        # If no annotation_ids are provided, handle clearing all annotations
        else:
            AppAnnotationService.clear_all_annotations(str(app_id))
-            return "", 204
+            return {"result": "success"}, 204


@console_ns.route("/apps/<uuid:app_id>/annotations/export")
@ -337,7 +335,7 @@ class AnnotationUpdateDeleteApi(Resource):
    @edit_permission_required
    def delete(self, app_id: UUID, annotation_id: UUID):
        AppAnnotationService.delete_app_annotation(str(app_id), str(annotation_id))
-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/apps/<uuid:app_id>/annotations/batch-import")
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@ -16,7 +16,7 @@ from controllers.common.fields import RedirectUrlResponse, SimpleResultResponse
 from controllers.common.helpers import FileInfo
 from controllers.common.schema import register_enum_models, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.app.wraps import get_app_model, with_session
+from controllers.console.app.wraps import get_app_model
 from controllers.console.workspace.models import LoadBalancingPayload
 from controllers.console.wraps import (
    account_initialization_required,
@ -26,6 +26,7 @@ from controllers.console.wraps import (
    is_admin_or_owner_required,
    setup_required,
 )
+from core.db.session_factory import session_factory
 from core.ops.ops_trace_manager import OpsTraceManager
 from core.rag.entities import PreProcessingRule, Rule, Segmentation
 from core.rag.retrieval.retrieval_methods import RetrievalMethod
@ -573,7 +574,7 @@ class AppApi(Resource):
    @account_initialization_required
    @enterprise_license_required
    @get_app_model(mode=None)
-    def get(self, app_model: App):
+    def get(self, app_model):
        """Get app detail"""
        app_service = AppService()

@ -581,7 +582,7 @@ class AppApi(Resource):

        if FeatureService.get_system_features().webapp_auth.enabled:
            app_setting = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id=str(app_model.id))
-            app_model.access_mode = app_setting.access_mode  # type: ignore[attr-defined]
+            app_model.access_mode = app_setting.access_mode

        response_model = AppDetailWithSite.model_validate(app_model, from_attributes=True)
        return response_model.model_dump(mode="json")
@ -598,7 +599,7 @@ class AppApi(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def put(self, app_model: App):
+    def put(self, app_model):
        """Update app"""
        args = UpdateAppPayload.model_validate(console_ns.payload)

@ -627,12 +628,12 @@ class AppApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def delete(self, app_model: App):
+    def delete(self, app_model):
        """Delete app"""
        app_service = AppService()
        app_service.delete_app(app_model)

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/apps/<uuid:app_id>/copy")
@ -648,7 +649,7 @@ class AppCopyApi(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        """Copy app"""
        # The role of the current user in the ta table must be admin, owner, or editor
        current_user, _ = current_account_with_tenant()
@ -709,7 +710,7 @@ class AppExportApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        """Export app"""
        args = AppExportQuery.model_validate(request.args.to_dict(flat=True))

@ -731,7 +732,7 @@ class AppPublishToCreatorsPlatformApi(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        """Publish app to Creators Platform"""
        from configs import dify_config
        from core.helper.creators import get_redirect_url, upload_dsl
@ -762,7 +763,7 @@ class AppNameApi(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        args = AppNamePayload.model_validate(console_ns.payload)

        app_service = AppService()
@ -784,7 +785,7 @@ class AppIconApi(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        args = AppIconPayload.model_validate(console_ns.payload or {})

        app_service = AppService()
@ -811,7 +812,7 @@ class AppSiteStatus(Resource):
    @account_initialization_required
    @get_app_model(mode=None)
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        args = AppSiteStatusPayload.model_validate(console_ns.payload)

        app_service = AppService()
@ -833,7 +834,7 @@ class AppApiStatus(Resource):
    @is_admin_or_owner_required
    @account_initialization_required
    @get_app_model(mode=None)
-    def post(self, app_model: App):
+    def post(self, app_model):
        args = AppApiStatusPayload.model_validate(console_ns.payload)

        app_service = AppService()
@ -851,11 +852,11 @@ class AppTraceApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_session
    @get_app_model
-    def get(self, session: Session, app_model: App):
+    def get(self, app_model):
        """Get app trace"""
-        app_trace_config = OpsTraceManager.get_app_tracing_config(app_model.id, session)
+        with session_factory.create_session() as session:
+            app_trace_config = OpsTraceManager.get_app_tracing_config(app_model.id, session)

        return app_trace_config

@ -874,7 +875,7 @@ class AppTraceApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @get_app_model
-    def post(self, app_model: App):
+    def post(self, app_model):
        # add app trace
        args = AppTracePayload.model_validate(console_ns.payload)

--- a/api/controllers/console/app/app_import.py
+++ b/api/controllers/console/app/app_import.py
@ -97,7 +97,7 @@ class AppImportConfirmApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    def post(self, import_id: str):
+    def post(self, import_id):
        # Check user role first
        current_user, _ = current_account_with_tenant()

--- a/api/controllers/console/app/audio.py
+++ b/api/controllers/console/app/audio.py
@ -70,7 +70,7 @@ class ChatMessageAudioApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
-    def post(self, app_model: App):
+    def post(self, app_model):
        file = request.files["file"]

        try:
@ -171,7 +171,7 @@ class TextModesApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        try:
            args = TextToSpeechVoiceQuery.model_validate(request.args.to_dict(flat=True))

--- a/api/controllers/console/app/completion.py
+++ b/api/controllers/console/app/completion.py
@ -33,7 +33,7 @@ from libs import helper
 from libs.helper import uuid_value
 from libs.login import current_user, login_required
 from models import Account
-from models.model import App, AppMode
+from models.model import AppMode
 from services.app_generate_service import AppGenerateService
 from services.app_task_service import AppTaskService
 from services.errors.llm import InvokeRateLimitError
@ -84,7 +84,7 @@ class CompletionMessageApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
-    def post(self, app_model: App):
+    def post(self, app_model):
        args_model = CompletionMessagePayload.model_validate(console_ns.payload)
        args = args_model.model_dump(exclude_none=True, by_alias=True)

@ -131,7 +131,7 @@ class CompletionMessageStopApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
-    def post(self, app_model: App, task_id: str):
+    def post(self, app_model, task_id):
        if not isinstance(current_user, Account):
            raise ValueError("current_user must be an Account instance")

@ -159,7 +159,7 @@ class ChatMessageApi(Resource):
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT])
    @edit_permission_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        args_model = ChatMessagePayload.model_validate(console_ns.payload)
        args = args_model.model_dump(exclude_none=True, by_alias=True)

@ -212,7 +212,7 @@ class ChatMessageStopApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
-    def post(self, app_model: App, task_id: str):
+    def post(self, app_model, task_id):
        if not isinstance(current_user, Account):
            raise ValueError("current_user must be an Account instance")

--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@ -1,5 +1,4 @@
 from typing import Literal
-from uuid import UUID

 import sqlalchemy as sa
 from flask import abort, request
@ -30,10 +29,13 @@ from fields.conversation_fields import (
 from fields.conversation_fields import (
    ConversationWithSummaryPagination as ConversationWithSummaryPaginationResponse,
 )
+from fields.conversation_fields import (
+    ResultResponse,
+)
 from libs.datetime_utils import naive_utc_now, parse_time_range
 from libs.login import current_account_with_tenant, login_required
 from models import Conversation, EndUser, Message, MessageAnnotation
-from models.model import App, AppMode
+from models.model import AppMode
 from services.conversation_service import ConversationService
 from services.errors.conversation import ConversationNotExistsError

@ -75,6 +77,7 @@ register_schema_models(
    ConversationMessageDetailResponse,
    ConversationWithSummaryPaginationResponse,
    ConversationDetailResponse,
+    ResultResponse,
    CompletionConversationQuery,
    ChatConversationQuery,
 )
@ -93,7 +96,7 @@ class CompletionConversationApi(Resource):
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
    @edit_permission_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        current_user, _ = current_account_with_tenant()
        args = CompletionConversationQuery.model_validate(request.args.to_dict(flat=True))

@ -134,7 +137,7 @@ class CompletionConversationApi(Resource):
                .join(  # type: ignore
                    MessageAnnotation, MessageAnnotation.conversation_id == Conversation.id
                )
-                .group_by(Conversation.id)
+                .distinct()
            )
        elif args.annotation_status == "not_annotated":
            query = (
@ -165,10 +168,10 @@ class CompletionConversationDetailApi(Resource):
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
    @edit_permission_required
-    def get(self, app_model: App, conversation_id: UUID):
-        conversation_id_str = str(conversation_id)
+    def get(self, app_model, conversation_id):
+        conversation_id = str(conversation_id)
        return ConversationMessageDetailResponse.model_validate(
-            _get_conversation(app_model, conversation_id_str), from_attributes=True
+            _get_conversation(app_model, conversation_id), from_attributes=True
        ).model_dump(mode="json")

    @console_ns.doc("delete_completion_conversation")
@ -182,16 +185,16 @@ class CompletionConversationDetailApi(Resource):
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
    @edit_permission_required
-    def delete(self, app_model: App, conversation_id: UUID):
+    def delete(self, app_model, conversation_id):
        current_user, _ = current_account_with_tenant()
-        conversation_id_str = str(conversation_id)
+        conversation_id = str(conversation_id)

        try:
-            ConversationService.delete(app_model, conversation_id_str, current_user)
+            ConversationService.delete(app_model, conversation_id, current_user)
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return "", 204
+        return ResultResponse(result="success").model_dump(mode="json"), 204


@console_ns.route("/apps/<uuid:app_id>/chat-conversations")
@ -207,7 +210,7 @@ class ChatConversationApi(Resource):
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    @edit_permission_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        current_user, _ = current_account_with_tenant()
        args = ChatConversationQuery.model_validate(request.args.to_dict(flat=True))

@ -272,7 +275,7 @@ class ChatConversationApi(Resource):
                    .join(  # type: ignore
                        MessageAnnotation, MessageAnnotation.conversation_id == Conversation.id
                    )
-                    .group_by(Conversation.id)
+                    .distinct()
                )
            case "not_annotated":
                query = (
@ -318,10 +321,10 @@ class ChatConversationDetailApi(Resource):
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    @edit_permission_required
-    def get(self, app_model: App, conversation_id: UUID):
-        conversation_id_str = str(conversation_id)
+    def get(self, app_model, conversation_id):
+        conversation_id = str(conversation_id)
        return ConversationDetailResponse.model_validate(
-            _get_conversation(app_model, conversation_id_str), from_attributes=True
+            _get_conversation(app_model, conversation_id), from_attributes=True
        ).model_dump(mode="json")

    @console_ns.doc("delete_chat_conversation")
@ -335,16 +338,16 @@ class ChatConversationDetailApi(Resource):
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    @account_initialization_required
    @edit_permission_required
-    def delete(self, app_model: App, conversation_id: UUID):
+    def delete(self, app_model, conversation_id):
        current_user, _ = current_account_with_tenant()
-        conversation_id_str = str(conversation_id)
+        conversation_id = str(conversation_id)

        try:
-            ConversationService.delete(app_model, conversation_id_str, current_user)
+            ConversationService.delete(app_model, conversation_id, current_user)
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return "", 204
+        return ResultResponse(result="success").model_dump(mode="json"), 204


 def _get_conversation(app_model, conversation_id):
--- a/api/controllers/console/app/conversation_variables.py
+++ b/api/controllers/console/app/conversation_variables.py
@ -19,7 +19,7 @@ from fields.base import ResponseModel
 from libs.helper import to_timestamp
 from libs.login import login_required
 from models import ConversationVariable
-from models.model import App, AppMode
+from models.model import AppMode


 class ConversationVariablesQuery(BaseModel):
@ -94,7 +94,7 @@ class ConversationVariablesApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=AppMode.ADVANCED_CHAT)
-    def get(self, app_model: App):
+    def get(self, app_model):
        args = ConversationVariablesQuery.model_validate(request.args.to_dict(flat=True))

        stmt = (
--- a/api/controllers/console/app/generator.py
+++ b/api/controllers/console/app/generator.py
@ -11,7 +11,7 @@ from controllers.console.app.error import (
    ProviderNotInitializeError,
    ProviderQuotaExceededError,
 )
-from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
+from controllers.console.wraps import account_initialization_required, setup_required
 from core.app.app_config.entities import ModelConfig
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from core.helper.code_executor.code_node_provider import CodeNodeProvider
@ -22,7 +22,7 @@ from core.llm_generator.llm_generator import LLMGenerator
 from extensions.ext_database import db
 from graphon.model_runtime.entities.llm_entities import LLMMode
 from graphon.model_runtime.errors.invoke import InvokeError
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from models import App
 from services.workflow_service import WorkflowService

@ -64,9 +64,9 @@ class RuleGenerateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        args = RuleGeneratePayload.model_validate(console_ns.payload)
+        _, current_tenant_id = current_account_with_tenant()

        try:
            rules = LLMGenerator.generate_rule_config(tenant_id=current_tenant_id, args=args)
@ -93,9 +93,9 @@ class RuleCodeGenerateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        args = RuleCodeGeneratePayload.model_validate(console_ns.payload)
+        _, current_tenant_id = current_account_with_tenant()

        try:
            code_result = LLMGenerator.generate_code(
@ -125,9 +125,9 @@ class RuleStructuredOutputGenerateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        args = RuleStructuredOutputPayload.model_validate(console_ns.payload)
+        _, current_tenant_id = current_account_with_tenant()

        try:
            structured_output = LLMGenerator.generate_structured_output(
@ -157,9 +157,9 @@ class InstructionGenerateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        args = InstructionGeneratePayload.model_validate(console_ns.payload)
+        _, current_tenant_id = current_account_with_tenant()
        providers: list[type[CodeNodeProvider]] = [Python3CodeProvider, JavascriptCodeProvider]
        code_provider: type[CodeNodeProvider] | None = next(
            (p for p in providers if p.is_accept_language(args.language)), None
--- a/api/controllers/console/app/mcp_server.py
+++ b/api/controllers/console/app/mcp_server.py
@ -1,7 +1,6 @@
 import json
 from datetime import datetime
 from typing import Any
-from uuid import UUID

 from flask_restx import Resource
 from pydantic import BaseModel, Field, field_validator
@ -11,18 +10,13 @@ from werkzeug.exceptions import NotFound
 from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import (
-    account_initialization_required,
-    edit_permission_required,
-    setup_required,
-    with_current_tenant_id,
-)
+from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from libs.helper import to_timestamp
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from models.enums import AppMCPServerStatus
-from models.model import App, AppMCPServer
+from models.model import AppMCPServer


 class MCPServerCreatePayload(BaseModel):
@ -78,7 +72,7 @@ class AppMCPServerController(Resource):
    @account_initialization_required
    @setup_required
    @get_app_model
-    def get(self, app_model: App):
+    def get(self, app_model):
        server = db.session.scalar(select(AppMCPServer).where(AppMCPServer.app_id == app_model.id).limit(1))
        if server is None:
            return {}
@ -97,8 +91,8 @@ class AppMCPServerController(Resource):
    @login_required
    @setup_required
    @edit_permission_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, app_model: App):
+    def post(self, app_model):
+        _, current_tenant_id = current_account_with_tenant()
        payload = MCPServerCreatePayload.model_validate(console_ns.payload or {})

        description = payload.description
@ -132,7 +126,7 @@ class AppMCPServerController(Resource):
    @setup_required
    @account_initialization_required
    @edit_permission_required
-    def put(self, app_model: App):
+    def put(self, app_model):
        payload = MCPServerUpdatePayload.model_validate(console_ns.payload or {})
        server = db.session.get(AppMCPServer, payload.id)
        if not server:
@ -168,8 +162,8 @@ class AppMCPServerRefreshController(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, server_id: UUID):
+    def get(self, server_id):
+        _, current_tenant_id = current_account_with_tenant()
        server = db.session.scalar(
            select(AppMCPServer)
            .where(AppMCPServer.id == server_id, AppMCPServer.tenant_id == current_tenant_id)
--- a/api/controllers/console/app/message.py
+++ b/api/controllers/console/app/message.py
@ -1,7 +1,6 @@
 import logging
 from datetime import datetime
 from typing import Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -45,7 +44,7 @@ from libs.helper import to_timestamp, uuid_value
 from libs.infinite_scroll_pagination import InfiniteScrollPagination
 from libs.login import current_account_with_tenant, login_required
 from models.enums import FeedbackFromSource, FeedbackRating
-from models.model import App, AppMode, Conversation, Message, MessageAnnotation, MessageFeedback
+from models.model import AppMode, Conversation, Message, MessageAnnotation, MessageFeedback
 from services.errors.conversation import ConversationNotExistsError
 from services.errors.message import MessageNotExistsError, SuggestedQuestionsAfterAnswerDisabledError
 from services.message_service import MessageService, attach_message_extra_contents
@ -180,7 +179,7 @@ class ChatMessageListApi(Resource):
    @setup_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    @edit_permission_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        args = ChatMessagesQuery.model_validate(request.args.to_dict())

        conversation = db.session.scalar(
@ -257,7 +256,7 @@ class MessageFeedbackApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def post(self, app_model: App):
+    def post(self, app_model):
        current_user, _ = current_account_with_tenant()

        args = MessageFeedbackPayload.model_validate(console_ns.payload)
@ -314,7 +313,7 @@ class MessageAnnotationCountApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        count = db.session.scalar(
            select(func.count(MessageAnnotation.id)).where(MessageAnnotation.app_id == app_model.id)
        )
@ -337,13 +336,13 @@ class MessageSuggestedQuestionApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
-    def get(self, app_model: App, message_id: UUID):
+    def get(self, app_model, message_id):
        current_user, _ = current_account_with_tenant()
-        message_id_str = str(message_id)
+        message_id = str(message_id)

        try:
            questions = MessageService.get_suggested_questions_after_answer(
-                app_model=app_model, message_id=message_id_str, user=current_user, invoke_from=InvokeFrom.DEBUGGER
+                app_model=app_model, message_id=message_id, user=current_user, invoke_from=InvokeFrom.DEBUGGER
            )
        except MessageNotExistsError:
            raise NotFound("Message not found")
@ -379,7 +378,7 @@ class MessageFeedbackExportApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        args = FeedbackExportQuery.model_validate(request.args.to_dict())

        # Import the service function
@ -417,11 +416,11 @@ class MessageApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App, message_id: UUID):
-        message_id_str = str(message_id)
+    def get(self, app_model, message_id: str):
+        message_id = str(message_id)

        message = db.session.scalar(
-            select(Message).where(Message.id == message_id_str, Message.app_id == app_model.id).limit(1)
+            select(Message).where(Message.id == message_id, Message.app_id == app_model.id).limit(1)
        )

        if not message:
--- a/api/controllers/console/app/model_config.py
+++ b/api/controllers/console/app/model_config.py
@ -16,7 +16,7 @@ from events.app_event import app_model_config_was_updated
 from extensions.ext_database import db
 from libs.datetime_utils import naive_utc_now
 from libs.login import current_account_with_tenant, login_required
-from models.model import App, AppMode, AppModelConfig
+from models.model import AppMode, AppModelConfig
 from services.app_model_config_service import AppModelConfigService


@ -52,7 +52,7 @@ class ModelConfigResource(Resource):
    @edit_permission_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.AGENT_CHAT, AppMode.CHAT, AppMode.COMPLETION])
-    def post(self, app_model: App):
+    def post(self, app_model):
        """Modify app model config"""
        current_user, current_tenant_id = current_account_with_tenant()
        # validate config
--- a/api/controllers/console/app/ops_trace.py
+++ b/api/controllers/console/app/ops_trace.py
@ -128,6 +128,6 @@ class TraceAppConfigApi(Resource):
            result = OpsService.delete_tracing_app_config(app_id=app_model.id, tracing_provider=args.tracing_provider)
            if not result:
                raise TracingConfigNotExist()
-            return "", 204
+            return {"result": "success"}, 204
        except Exception as e:
            raise BadRequest(str(e))
--- a/api/controllers/console/app/site.py
+++ b/api/controllers/console/app/site.py
@ -20,7 +20,6 @@ from fields.base import ResponseModel
 from libs.datetime_utils import naive_utc_now
 from libs.login import current_account_with_tenant, login_required
 from models import Site
-from models.model import App


 class AppSiteUpdatePayload(BaseModel):
@ -85,7 +84,7 @@ class AppSite(Resource):
    @edit_permission_required
    @account_initialization_required
    @get_app_model
-    def post(self, app_model: App):
+    def post(self, app_model):
        args = AppSiteUpdatePayload.model_validate(console_ns.payload or {})
        current_user, _ = current_account_with_tenant()
        site = db.session.scalar(select(Site).where(Site.app_id == app_model.id).limit(1))
@ -134,7 +133,7 @@ class AppSiteAccessTokenReset(Resource):
    @is_admin_or_owner_required
    @account_initialization_required
    @get_app_model
-    def post(self, app_model: App):
+    def post(self, app_model):
        current_user, _ = current_account_with_tenant()
        site = db.session.scalar(select(Site).where(Site.app_id == app_model.id).limit(1))

--- a/api/controllers/console/app/statistic.py
+++ b/api/controllers/console/app/statistic.py
@ -15,7 +15,6 @@ from libs.datetime_utils import parse_time_range
 from libs.helper import convert_datetime_to_date
 from libs.login import current_account_with_tenant, login_required
 from models import AppMode
-from models.model import App


 class StatisticTimeRangeQuery(BaseModel):
@ -48,7 +47,7 @@ class DailyMessageStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -62,12 +61,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -109,7 +104,7 @@ class DailyConversationStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -123,12 +118,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -169,7 +160,7 @@ class DailyTerminalsStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -183,12 +174,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -230,7 +217,7 @@ class DailyTokenCostStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -245,12 +232,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -294,7 +277,7 @@ class AverageSessionInteractionStatistic(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -316,12 +299,8 @@ FROM
        WHERE
            c.app_id = :app_id
            AND m.invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -374,7 +353,7 @@ class UserSatisfactionRateStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -392,12 +371,8 @@ LEFT JOIN
 WHERE
    m.app_id = :app_id
    AND m.invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -444,7 +419,7 @@ class AverageResponseTimeStatistic(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))
@ -458,12 +433,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
@ -505,7 +476,7 @@ class TokensPerSecondStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()
        args = StatisticTimeRangeQuery.model_validate(request.args.to_dict(flat=True))

@ -521,12 +492,8 @@ FROM
 WHERE
    app_id = :app_id
    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER}
        assert account.timezone is not None
-        arg_dict: dict[str, object] = {
-            "tz": account.timezone,
-            "app_id": app_model.id,
-            "invoke_from": InvokeFrom.DEBUGGER,
-        }

        try:
            start_datetime_utc, end_datetime_utc = parse_time_range(args.start, args.end, account.timezone)
--- a/api/controllers/console/app/workflow_comment.py
+++ b/api/controllers/console/app/workflow_comment.py
@ -311,7 +311,7 @@ class WorkflowCommentDetailApi(Resource):
            user_id=current_user.id,
        )

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/apps/<uuid:app_id>/workflow/comments/<string:comment_id>/resolve")
@ -431,7 +431,7 @@ class WorkflowCommentReplyDetailApi(Resource):
            user_id=current_user.id,
        )

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/apps/<uuid:app_id>/workflow/comments/mention-users")
--- a/api/controllers/console/app/workflow_draft_variable.py
+++ b/api/controllers/console/app/workflow_draft_variable.py
@ -2,7 +2,6 @@ import logging
 from collections.abc import Callable
 from functools import wraps
 from typing import Any, TypedDict
-from uuid import UUID

 from flask import Response, request
 from flask_restx import Resource, fields, marshal, marshal_with
@ -83,14 +82,13 @@ def _serialize_var_value(variable: WorkflowDraftVariable):
    # create a copy of the value to avoid affecting the model cache.
    value = value.model_copy(deep=True)
    # Refresh the url signature before returning it to client.
-    match value:
-        case FileSegment():
-            file = value.value
+    if isinstance(value, FileSegment):
+        file = value.value
+        file.remote_url = file.generate_url()
+    elif isinstance(value, ArrayFileSegment):
+        files = value.value
+        for file in files:
            file.remote_url = file.generate_url()
-        case ArrayFileSegment():
-            files = value.value
-            for file in files:
-                file.remote_url = file.generate_url()
    return _convert_values_to_json_serializable_object(value)


@ -347,15 +345,14 @@ class VariableApi(Resource):
    @console_ns.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(workflow_draft_variable_model)
-    def get(self, app_model: App, variable_id: UUID):
+    def get(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
-        variable_id_str = str(variable_id)
        variable = _ensure_variable_access(
-            variable=draft_var_srv.get_variable(variable_id=variable_id_str),
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
            app_id=app_model.id,
-            variable_id=variable_id_str,
+            variable_id=variable_id,
        )
        return variable

@ -366,7 +363,7 @@ class VariableApi(Resource):
    @console_ns.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(workflow_draft_variable_model)
-    def patch(self, app_model: App, variable_id: UUID):
+    def patch(self, app_model: App, variable_id: str):
        # Request payload for file types:
        #
        # Local File:
@ -393,11 +390,10 @@ class VariableApi(Resource):
        )
        args_model = WorkflowDraftVariableUpdatePayload.model_validate(console_ns.payload or {})

-        variable_id_str = str(variable_id)
        variable = _ensure_variable_access(
-            variable=draft_var_srv.get_variable(variable_id=variable_id_str),
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
            app_id=app_model.id,
-            variable_id=variable_id_str,
+            variable_id=variable_id,
        )

        new_name = args_model.name
@ -438,15 +434,14 @@ class VariableApi(Resource):
    @console_ns.response(204, "Variable deleted successfully")
    @console_ns.response(404, "Variable not found")
    @_api_prerequisite
-    def delete(self, app_model: App, variable_id: UUID):
+    def delete(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
-        variable_id_str = str(variable_id)
        variable = _ensure_variable_access(
-            variable=draft_var_srv.get_variable(variable_id=variable_id_str),
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
            app_id=app_model.id,
-            variable_id=variable_id_str,
+            variable_id=variable_id,
        )
        draft_var_srv.delete_variable(variable)
        db.session.commit()
@ -462,7 +457,7 @@ class VariableResetApi(Resource):
    @console_ns.response(204, "Variable reset (no content)")
    @console_ns.response(404, "Variable not found")
    @_api_prerequisite
-    def put(self, app_model: App, variable_id: UUID):
+    def put(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
@ -473,11 +468,10 @@ class VariableResetApi(Resource):
            raise NotFoundError(
                f"Draft workflow not found, app_id={app_model.id}",
            )
-        variable_id_str = str(variable_id)
        variable = _ensure_variable_access(
-            variable=draft_var_srv.get_variable(variable_id=variable_id_str),
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
            app_id=app_model.id,
-            variable_id=variable_id_str,
+            variable_id=variable_id,
        )

        resetted = draft_var_srv.reset_variable(draft_workflow, variable)
--- a/api/controllers/console/app/workflow_node_output_inspector.py
+++ b/api/controllers/console/app/workflow_node_output_inspector.py
@ -1,415 +0,0 @@
-"""Console REST endpoints for the Node Output Inspector (Stage 4 §8 / §10.3).
-
-PRD §Node Output Inspector replaces the consumer-organized Variable Inspector
-with a producer-organized view of each node's declared outputs and their
-per-run status. This module exposes two parallel sets of three read-only
-endpoints — one for ``/workflows/draft/runs/...`` (Composer test runs) and one
-for ``/workflows/published/runs/...`` (real App API / webapp / webhook /
-schedule / plugin triggers). Both sets share the same service code, the same
-response shapes, and the same error codes; the URL is the *only* difference,
-so the frontend can pick the right prefix based on which run-detail page the
-user is on.
-
-Decision D-1 (published Inspector deferred) was lifted 2026-05-26 — the
-``published_run_inspector_not_implemented`` 404 code is therefore no longer
-produced.
-
-URLs follow the design doc and reuse the existing
-``/apps/<uuid:app_id>/workflows/draft/...`` prefix from
-:mod:`controllers.console.app.workflow_draft_variable`. The
-``published`` prefix mirrors it shape-for-shape.
-"""
-
-from __future__ import annotations
-
-import json
-import logging
-from collections.abc import Iterator
-from uuid import UUID
-
-from flask import Response
-from flask_restx import Resource
-
-from controllers.console import console_ns
-from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import account_initialization_required, setup_required
-from libs.exception import BaseHTTPException
-from libs.login import login_required
-from models import App, AppMode
-from services.workflow import inspector_events
-from services.workflow.node_output_inspector_service import (
-    NodeOutputInspectorError,
-    NodeOutputInspectorService,
-)
-
-logger = logging.getLogger(__name__)
-
-
-# Heartbeat cadence — every N empty subscribe ticks emit a SSE comment so
-# intervening proxies (nginx, ingress) don't reap the idle connection.
-# ``inspector_events.subscribe`` ticks at 1s, so 15 → 15s heartbeat.
-_HEARTBEAT_EVERY_TICKS = 15
-# Hard ceiling on a single stream — if we never see a terminal workflow
-# event (engine crashed, redis dropped the message), force-close after this
-# many ticks (= seconds).
-_STREAM_HARD_TIMEOUT_TICKS = 1800  # 30 min
-
-
-def _service() -> NodeOutputInspectorService:
-    """One-line factory so tests can monkeypatch a stub if needed."""
-    return NodeOutputInspectorService()
-
-
-def _serve_snapshot(app_model: App, run_id: UUID) -> dict:
-    """Resource-body shared by draft + published snapshot endpoints.
-
-    Pulled out so the 6 REST routes don't duplicate the same 6-line try/except
-    + ``model_dump`` ritual — the routes shrink to one-liners and the actual
-    behaviour lives here, where unit tests can hit it without spinning up
-    Flask request context.
-    """
-    try:
-        snapshot = _service().snapshot_workflow_run(app_model=app_model, workflow_run_id=str(run_id))
-    except NodeOutputInspectorError as error:
-        raise _InspectorNotFound(error) from error
-    return snapshot.model_dump(mode="json")
-
-
-def _serve_node_detail(app_model: App, run_id: UUID, node_id: str) -> dict:
-    """Resource-body shared by draft + published node-detail endpoints."""
-    try:
-        view = _service().node_detail(
-            app_model=app_model,
-            workflow_run_id=str(run_id),
-            node_id=node_id,
-        )
-    except NodeOutputInspectorError as error:
-        raise _InspectorNotFound(error) from error
-    return view.model_dump(mode="json")
-
-
-def _serve_output_preview(app_model: App, run_id: UUID, node_id: str, output_name: str) -> dict:
-    """Resource-body shared by draft + published output-preview endpoints."""
-    try:
-        preview = _service().output_preview(
-            app_model=app_model,
-            workflow_run_id=str(run_id),
-            node_id=node_id,
-            output_name=output_name,
-        )
-    except NodeOutputInspectorError as error:
-        raise _InspectorNotFound(error) from error
-    return preview.model_dump(mode="json")
-
-
-class _InspectorNotFound(BaseHTTPException):
-    """404 that preserves the inspector's specific error code.
-
-    Without this the response body collapses to a generic ``not_found`` code
-    and clients lose the ability to distinguish, e.g.,
-    ``workflow_run_not_found`` from ``published_run_inspector_not_implemented``.
-    """
-
-    code = 404
-
-    def __init__(self, error: NodeOutputInspectorError) -> None:
-        self.error_code = error.code
-        super().__init__(description=str(error))
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/draft/runs/<uuid:run_id>/node-outputs")
-class WorkflowDraftRunNodeOutputsApi(Resource):
-    """Whole-run snapshot organized by producer node."""
-
-    @console_ns.doc("get_workflow_draft_run_node_outputs")
-    @console_ns.doc(description="Snapshot of every node's declared outputs for a draft workflow run.")
-    @console_ns.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
-    @console_ns.response(404, "Workflow run not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
-        return _serve_snapshot(app_model, run_id)
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/draft/runs/<uuid:run_id>/node-outputs/<string:node_id>")
-class WorkflowDraftRunNodeOutputDetailApi(Resource):
-    """One node's declared outputs + per-output status."""
-
-    @console_ns.doc("get_workflow_draft_run_node_output_detail")
-    @console_ns.doc(description="One node's declared outputs for a draft workflow run.")
-    @console_ns.doc(
-        params={
-            "app_id": "Application ID",
-            "run_id": "Workflow run ID",
-            "node_id": "Node ID inside the workflow graph",
-        }
-    )
-    @console_ns.response(404, "Workflow run / node not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID, node_id: str):
-        return _serve_node_detail(app_model, run_id, node_id)
-
-
-@console_ns.route(
-    "/apps/<uuid:app_id>/workflows/draft/runs/<uuid:run_id>/node-outputs/<string:node_id>/<string:output_name>/preview"
-)
-class WorkflowDraftRunNodeOutputPreviewApi(Resource):
-    """Full value for one declared output (with signed URL for file refs)."""
-
-    @console_ns.doc("get_workflow_draft_run_node_output_preview")
-    @console_ns.doc(description="Full value for one declared output, including signed download URL for files.")
-    @console_ns.doc(
-        params={
-            "app_id": "Application ID",
-            "run_id": "Workflow run ID",
-            "node_id": "Node ID inside the workflow graph",
-            "output_name": "Declared output name as exposed by Composer",
-        }
-    )
-    @console_ns.response(404, "Workflow run / node / output not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID, node_id: str, output_name: str):
-        return _serve_output_preview(app_model, run_id, node_id, output_name)
-
-
-# ──────────────────────────────────────────────────────────────────────────────
-# SSE event stream — shared generator used by draft + published variants
-# ──────────────────────────────────────────────────────────────────────────────
-
-
-def _sse_envelope(event: str, data: dict | str, event_id: int) -> str:
-    """Format one SSE record per D-5 ``{event, data, id}`` envelope.
-
-    ``data`` is JSON-serialized when given as a dict; raw strings are
-    forwarded unchanged so we can also emit ``:keepalive`` comment lines.
-    """
-    payload = data if isinstance(data, str) else json.dumps(data, ensure_ascii=False)
-    return f"event: {event}\nid: {event_id}\ndata: {payload}\n\n"
-
-
-def _stream_inspector_events(app_model: App, run_id: UUID) -> Iterator[str]:
-    """Yield SSE-framed strings for one workflow run.
-
-    The stream begins with a full ``snapshot`` event so the client has a
-    starting state without needing a separate REST GET. Then for every
-    ``node_changed`` message from the pub/sub channel we re-read that node
-    from DB and push a fresh ``node_changed`` event. When the workflow run
-    reaches a terminal state we push one final ``workflow_run_completed``
-    event and close the stream.
-
-    Failures inside the loop are caught and surfaced as ``error`` events so
-    the frontend can show a banner rather than seeing the connection drop
-    silently. The Inspector never raises across the SSE boundary.
-    """
-    service = _service()
-    run_id_str = str(run_id)
-
-    # Initial snapshot — also flushes a 404 back at the client right away
-    # if the run is gone (raised before yielding any bytes, so Flask turns it
-    # into the normal HTTP 404 path).
-    try:
-        snapshot = service.snapshot_workflow_run(app_model=app_model, workflow_run_id=run_id_str)
-    except NodeOutputInspectorError as error:
-        raise _InspectorNotFound(error) from error
-
-    event_id = 0
-    yield _sse_envelope("snapshot", snapshot.model_dump(mode="json"), event_id)
-
-    # If the run already finished by the time the client connected, emit
-    # the terminal envelope synchronously and close — no point subscribing.
-    # The enum value for partial success is the hyphenated ``partial-succeeded``
-    # (graphon.enums.WorkflowExecutionStatus), not ``partial_succeeded``.
-    if snapshot.workflow_run_status.value in {"succeeded", "failed", "stopped", "partial-succeeded"}:
-        event_id += 1
-        yield _sse_envelope(
-            "workflow_run_completed",
-            {"workflow_run_id": run_id_str, "workflow_run_status": snapshot.workflow_run_status.value},
-            event_id,
-        )
-        return
-
-    # Live subscription
-    ticks_since_heartbeat = 0
-    total_ticks = 0
-    for message in inspector_events.subscribe(run_id_str, timeout_seconds=1.0):
-        total_ticks += 1
-        if total_ticks > _STREAM_HARD_TIMEOUT_TICKS:
-            logger.warning(
-                "Inspector SSE: forcing close after %ds without terminal event for run %s",
-                _STREAM_HARD_TIMEOUT_TICKS,
-                run_id_str,
-            )
-            return
-
-        # Heartbeat sentinel — ``inspector_events.subscribe`` synthesizes a
-        # ``node_changed`` message with both fields ``None`` on every redis
-        # timeout. Real ``workflow_completed`` messages keep their kind even
-        # when status couldn't be resolved (publisher race), so checking kind
-        # first makes the heartbeat branch safe.
-        if message.kind == "node_changed" and message.node_id is None and message.status is None:
-            ticks_since_heartbeat += 1
-            if ticks_since_heartbeat >= _HEARTBEAT_EVERY_TICKS:
-                yield ":keepalive\n\n"
-                ticks_since_heartbeat = 0
-            continue
-        ticks_since_heartbeat = 0
-
-        if message.kind == "workflow_completed":
-            event_id += 1
-            yield _sse_envelope(
-                "workflow_run_completed",
-                {"workflow_run_id": run_id_str, "workflow_run_status": message.status or "unknown"},
-                event_id,
-            )
-            return
-
-        # node_changed: recompute the node slice from DB
-        if not message.node_id:
-            continue
-        try:
-            node_view = service.node_detail(
-                app_model=app_model,
-                workflow_run_id=run_id_str,
-                node_id=message.node_id,
-            )
-        except NodeOutputInspectorError:
-            # Node may not appear in the graph yet (race with persistence); skip.
-            continue
-        except Exception:
-            logger.warning(
-                "Inspector SSE: node_detail failed for run %s node %s",
-                run_id_str,
-                message.node_id,
-                exc_info=True,
-            )
-            event_id += 1
-            yield _sse_envelope(
-                "error",
-                {"node_id": message.node_id, "message": "failed to refresh node detail"},
-                event_id,
-            )
-            continue
-
-        event_id += 1
-        yield _sse_envelope("node_changed", node_view.model_dump(mode="json"), event_id)
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/draft/runs/<uuid:run_id>/node-outputs/events")
-class WorkflowDraftRunNodeOutputEventsApi(Resource):
-    """SSE stream of inspector deltas for a draft run."""
-
-    @console_ns.doc("stream_workflow_draft_run_node_output_events")
-    @console_ns.doc(description="Server-Sent Events stream of inspector deltas for a draft workflow run.")
-    @console_ns.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
-    @console_ns.response(404, "Workflow run not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
-        return Response(
-            _stream_inspector_events(app_model, run_id),
-            mimetype="text/event-stream",
-            headers={"Cache-Control": "no-cache", "Connection": "keep-alive"},
-        )
-
-
-# ──────────────────────────────────────────────────────────────────────────────
-# Published-run endpoints — symmetric to the draft trio above
-# ──────────────────────────────────────────────────────────────────────────────
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/published/runs/<uuid:run_id>/node-outputs")
-class WorkflowPublishedRunNodeOutputsApi(Resource):
-    """Whole-run snapshot for a *published* workflow run.
-
-    Same response shape as the ``/draft/`` variant — frontend can multiplex
-    based on which page (Composer test-run vs. Run History) is mounted.
-    """
-
-    @console_ns.doc("get_workflow_published_run_node_outputs")
-    @console_ns.doc(description="Snapshot of every node's declared outputs for a published workflow run.")
-    @console_ns.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
-    @console_ns.response(404, "Workflow run not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
-        return _serve_snapshot(app_model, run_id)
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/published/runs/<uuid:run_id>/node-outputs/<string:node_id>")
-class WorkflowPublishedRunNodeOutputDetailApi(Resource):
-    """One node's declared outputs + per-output status (published run)."""
-
-    @console_ns.doc("get_workflow_published_run_node_output_detail")
-    @console_ns.doc(description="One node's declared outputs for a published workflow run.")
-    @console_ns.doc(
-        params={
-            "app_id": "Application ID",
-            "run_id": "Workflow run ID",
-            "node_id": "Node ID inside the workflow graph",
-        }
-    )
-    @console_ns.response(404, "Workflow run / node not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID, node_id: str):
-        return _serve_node_detail(app_model, run_id, node_id)
-
-
-@console_ns.route(
-    "/apps/<uuid:app_id>/workflows/published/runs/<uuid:run_id>"
-    "/node-outputs/<string:node_id>/<string:output_name>/preview"
-)
-class WorkflowPublishedRunNodeOutputPreviewApi(Resource):
-    """Full value for one declared output of a published run."""
-
-    @console_ns.doc("get_workflow_published_run_node_output_preview")
-    @console_ns.doc(description="Full value for one declared output of a published run.")
-    @console_ns.doc(
-        params={
-            "app_id": "Application ID",
-            "run_id": "Workflow run ID",
-            "node_id": "Node ID inside the workflow graph",
-            "output_name": "Declared output name as exposed by Composer",
-        }
-    )
-    @console_ns.response(404, "Workflow run / node / output not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID, node_id: str, output_name: str):
-        return _serve_output_preview(app_model, run_id, node_id, output_name)
-
-
-@console_ns.route("/apps/<uuid:app_id>/workflows/published/runs/<uuid:run_id>/node-outputs/events")
-class WorkflowPublishedRunNodeOutputEventsApi(Resource):
-    """SSE stream of inspector deltas for a published run."""
-
-    @console_ns.doc("stream_workflow_published_run_node_output_events")
-    @console_ns.doc(description="Server-Sent Events stream of inspector deltas for a published workflow run.")
-    @console_ns.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
-    @console_ns.response(404, "Workflow run not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
-        return Response(
-            _stream_inspector_events(app_model, run_id),
-            mimetype="text/event-stream",
-            headers={"Cache-Control": "no-cache", "Connection": "keep-alive"},
-        )
--- a/api/controllers/console/app/workflow_run.py
+++ b/api/controllers/console/app/workflow_run.py
@ -1,6 +1,5 @@
 from datetime import UTC, datetime, timedelta
 from typing import Literal, cast
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -189,7 +188,7 @@ class WorkflowRunExportApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model()
-    def get(self, app_model: App, run_id: UUID):
+    def get(self, app_model: App, run_id: str):
        tenant_id = str(app_model.tenant_id)
        app_id = str(app_model.id)
        run_id_str = str(run_id)
@ -368,14 +367,14 @@ class WorkflowRunDetailApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
+    def get(self, app_model: App, run_id):
        """
        Get workflow run detail
        """
-        run_id_str = str(run_id)
+        run_id = str(run_id)

        workflow_run_service = WorkflowRunService()
-        workflow_run = workflow_run_service.get_workflow_run(app_model=app_model, run_id=run_id_str)
+        workflow_run = workflow_run_service.get_workflow_run(app_model=app_model, run_id=run_id)
        if workflow_run is None:
            raise NotFoundError("Workflow run not found")

@ -397,17 +396,17 @@ class WorkflowRunNodeExecutionListApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App, run_id: UUID):
+    def get(self, app_model: App, run_id):
        """
        Get workflow run node execution list
        """
-        run_id_str = str(run_id)
+        run_id = str(run_id)

        workflow_run_service = WorkflowRunService()
        user = cast("Account | EndUser", current_user)
        node_executions = workflow_run_service.get_workflow_run_node_executions(
            app_model=app_model,
-            run_id=run_id_str,
+            run_id=run_id,
            user=user,
        )

--- a/api/controllers/console/app/workflow_statistic.py
+++ b/api/controllers/console/app/workflow_statistic.py
@ -11,7 +11,7 @@ from extensions.ext_database import db
 from libs.datetime_utils import parse_time_range
 from libs.login import current_account_with_tenant, login_required
 from models.enums import WorkflowRunTriggeredFrom
-from models.model import App, AppMode
+from models.model import AppMode
 from repositories.factory import DifyAPIRepositoryFactory


@ -46,7 +46,7 @@ class WorkflowDailyRunsStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = WorkflowStatisticQuery.model_validate(request.args.to_dict(flat=True))
@ -86,7 +86,7 @@ class WorkflowDailyTerminalsStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = WorkflowStatisticQuery.model_validate(request.args.to_dict(flat=True))
@ -126,7 +126,7 @@ class WorkflowDailyTokenCostStatistic(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = WorkflowStatisticQuery.model_validate(request.args.to_dict(flat=True))
@ -166,7 +166,7 @@ class WorkflowAverageAppInteractionStatistic(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.WORKFLOW])
-    def get(self, app_model: App):
+    def get(self, app_model):
        account, _ = current_account_with_tenant()

        args = WorkflowStatisticQuery.model_validate(request.args.to_dict(flat=True))
--- a/api/controllers/console/app/wraps.py
+++ b/api/controllers/console/app/wraps.py
@ -1,38 +1,16 @@
-"""Controller decorators for console app resources.
-
-`with_session` opens one SQLAlchemy session for a request handler and injects it
-as the first argument after `self`. Handlers use a transaction by default so
-migrated write paths keep commit/rollback handling; pure read handlers may opt
-out with `write=False`. App-loading decorators prefer that injected session when
-present, while still supporting existing handlers that have not been migrated
-yet and still rely on Flask-SQLAlchemy's scoped `db.session`.
-"""
-
 from collections.abc import Callable
 from functools import wraps
-from typing import Concatenate, cast, overload
+from typing import overload

 from sqlalchemy import select
-from sqlalchemy.orm import Session

 from controllers.console.app.error import AppNotFoundError
-from core.db.session_factory import session_factory
 from extensions.ext_database import db
 from libs.login import current_account_with_tenant
 from models import App, AppMode


-def _load_app_model(session: Session, app_id: str) -> App | None:
-    """Load the tenant-scoped app row with the request session owned by `with_session`."""
-    _, current_tenant_id = current_account_with_tenant()
-    app_model = session.scalar(
-        select(App).where(App.id == app_id, App.tenant_id == current_tenant_id, App.status == "normal").limit(1)
-    )
-    return app_model
-
-
-def _load_app_model_from_scoped_session(app_id: str) -> App | None:
-    """Load the app row for legacy handlers that have not adopted request session injection yet."""
+def _load_app_model(app_id: str) -> App | None:
    _, current_tenant_id = current_account_with_tenant()
    app_model = db.session.scalar(
        select(App).where(App.id == app_id, App.tenant_id == current_tenant_id, App.status == "normal").limit(1)
@ -45,63 +23,6 @@ def _load_app_model_with_trial(app_id: str) -> App | None:
    return app_model


-@overload
-def with_session[T, **P, R](
-    view: Callable[Concatenate[T, Session, P], R],
-    *,
-    write: bool = True,
-) -> Callable[Concatenate[T, P], R]: ...
-
-
-@overload
-def with_session[T, **P, R](
-    view: None = None,
-    *,
-    write: bool = True,
-) -> Callable[[Callable[Concatenate[T, Session, P], R]], Callable[Concatenate[T, P], R]]: ...
-
-
-def with_session[T, **P, R](
-    view: Callable[Concatenate[T, Session, P], R] | None = None,
-    *,
-    write: bool = True,
-) -> (
-    Callable[Concatenate[T, P], R] | Callable[[Callable[Concatenate[T, Session, P], R]], Callable[Concatenate[T, P], R]]
-):
-    """Inject a request-scoped session, using a transaction only for write handlers."""
-
-    def decorator(view: Callable[Concatenate[T, Session, P], R]) -> Callable[Concatenate[T, P], R]:
-        @wraps(view)
-        def wrapper(self: T, *args: P.args, **kwargs: P.kwargs) -> R:
-            if write:
-                with session_factory.get_session_maker().begin() as session:
-                    return view(self, session, *args, **kwargs)
-
-            with session_factory.create_session() as session:
-                return view(self, session, *args, **kwargs)
-
-        return wrapper
-
-    if view is None:
-        return decorator
-    return decorator(view)
-
-
-def _get_injected_session(args: tuple[object, ...]) -> Session | None:
-    """Return the request session inserted by `with_session`, if this handler has been migrated."""
-    if len(args) < 2:
-        return None
-
-    candidate = args[1]
-    if isinstance(candidate, Session):
-        return candidate
-
-    if hasattr(candidate, "scalar") and hasattr(candidate, "commit") and hasattr(candidate, "rollback"):
-        return cast(Session, candidate)
-
-    return None
-
-
@overload
 def get_app_model[**P, R](
    view: Callable[P, R],
@ -123,13 +44,6 @@ def get_app_model[**P, R](
    *,
    mode: AppMode | list[AppMode] | None = None,
 ) -> Callable[P, R] | Callable[[Callable[P, R]], Callable[P, R]]:
-    """Inject the App model for handlers that receive an `app_id` path parameter.
-
-    New handlers may compose `@with_session` above this decorator so the app row
-    is loaded through the same request-scoped session used by the controller.
-    Existing handlers continue to work through `db.session` until migrated.
-    """
-
    def decorator(view_func: Callable[P, R]) -> Callable[P, R]:
        @wraps(view_func)
        def decorated_view(*args: P.args, **kwargs: P.kwargs) -> R:
@ -141,11 +55,7 @@ def get_app_model[**P, R](

            del kwargs["app_id"]

-            session = _get_injected_session(args)
-            if session is None:
-                app_model = _load_app_model_from_scoped_session(app_id)
-            else:
-                app_model = _load_app_model(session, app_id)
+            app_model = _load_app_model(app_id)

            if not app_model:
                raise AppNotFoundError()
--- a/api/controllers/console/auth/data_source_bearer_auth.py
+++ b/api/controllers/console/auth/data_source_bearer_auth.py
@ -1,16 +1,14 @@
-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import BaseModel, Field

 from controllers.common.schema import register_response_schema_models, register_schema_models
 from fields.base import ResponseModel
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from services.auth.api_key_auth_service import ApiKeyAuthService

 from .. import console_ns
 from ..auth.error import ApiKeyAuthFailedError
-from ..wraps import account_initialization_required, is_admin_or_owner_required, setup_required, with_current_tenant_id
+from ..wraps import account_initialization_required, is_admin_or_owner_required, setup_required


 class ApiKeyAuthBindingPayload(BaseModel):
@ -42,8 +40,8 @@ class ApiKeyAuthDataSource(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str):
+    def get(self):
+        _, current_tenant_id = current_account_with_tenant()
        data_source_api_key_bindings = ApiKeyAuthService.get_provider_auth_list(current_tenant_id)
        if data_source_api_key_bindings:
            return {
@ -69,9 +67,9 @@ class ApiKeyAuthDataSourceBinding(Resource):
    @account_initialization_required
    @is_admin_or_owner_required
    @console_ns.expect(console_ns.models[ApiKeyAuthBindingPayload.__name__])
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        # The role of the current user in the table must be admin or owner
+        _, current_tenant_id = current_account_with_tenant()
        payload = ApiKeyAuthBindingPayload.model_validate(console_ns.payload)
        data = payload.model_dump()
        ApiKeyAuthService.validate_api_key_auth_args(data)
@ -89,9 +87,10 @@ class ApiKeyAuthDataSourceBindingDelete(Resource):
    @account_initialization_required
    @is_admin_or_owner_required
    @console_ns.response(204, "Binding deleted successfully")
-    @with_current_tenant_id
-    def delete(self, current_tenant_id: str, binding_id: UUID):
+    def delete(self, binding_id):
        # The role of the current user in the table must be admin or owner
-        ApiKeyAuthService.delete_provider_auth(current_tenant_id, str(binding_id))
+        _, current_tenant_id = current_account_with_tenant()

-        return "", 204
+        ApiKeyAuthService.delete_provider_auth(current_tenant_id, binding_id)
+
+        return {"result": "success"}, 204
--- a/api/controllers/console/auth/data_source_oauth.py
+++ b/api/controllers/console/auth/data_source_oauth.py
@ -1,5 +1,4 @@
 import logging
-from uuid import UUID

 import httpx
 from flask import current_app, redirect, request
@ -159,15 +158,16 @@ class OAuthDataSourceSync(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, provider: str, binding_id: UUID):
-        binding_id_str = str(binding_id)
+    def get(self, provider, binding_id):
+        provider = str(provider)
+        binding_id = str(binding_id)
        OAUTH_DATASOURCE_PROVIDERS = get_oauth_providers()
        with current_app.app_context():
            oauth_provider = OAUTH_DATASOURCE_PROVIDERS.get(provider)
        if not oauth_provider:
            return {"error": "Invalid provider"}, 400
        try:
-            oauth_provider.sync_data_source(binding_id_str)
+            oauth_provider.sync_data_source(binding_id)
        except httpx.HTTPStatusError as e:
            logger.exception(
                "An error occurred during the OAuthCallback process with %s: %s", provider, e.response.text
--- a/api/controllers/console/auth/oauth_server.py
+++ b/api/controllers/console/auth/oauth_server.py
@ -8,9 +8,9 @@ from flask_restx import Resource
 from pydantic import BaseModel
 from werkzeug.exceptions import BadRequest, NotFound

-from controllers.console.wraps import account_initialization_required, setup_required, with_current_user
+from controllers.console.wraps import account_initialization_required, setup_required
 from graphon.model_runtime.utils.encoders import jsonable_encoder
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from models import Account
 from models.model import OAuthProviderApp
 from services.oauth_server import OAUTH_ACCESS_TOKEN_EXPIRES_IN, OAuthGrantType, OAuthServerService
@ -133,10 +133,12 @@ class OAuthServerUserAuthorizeApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
    @oauth_server_client_id_required
-    def post(self, oauth_provider_app: OAuthProviderApp, current_user: Account):
-        user_account_id = current_user.id
+    def post(self, oauth_provider_app: OAuthProviderApp):
+        current_user, _ = current_account_with_tenant()
+        account = current_user
+        user_account_id = account.id
+
        code = OAuthServerService.sign_oauth_authorization_code(oauth_provider_app.client_id, user_account_id)
        return jsonable_encoder(
            {
--- a/api/controllers/console/datasets/data_source.py
+++ b/api/controllers/console/datasets/data_source.py
@ -1,7 +1,6 @@
 import json
 from collections.abc import Generator
 from typing import Any, Literal, cast
-from uuid import UUID

 from flask import request
 from flask_restx import Resource, fields, marshal_with
@ -48,6 +47,7 @@ class NotionEstimatePayload(BaseModel):
 class DataSourceNotionListQuery(BaseModel):
    dataset_id: str | None = Field(default=None, description="Dataset ID")
    credential_id: str = Field(..., description="Credential ID", min_length=1)
+    datasource_parameters: dict[str, Any] | None = Field(default=None, description="Datasource parameters JSON string")


 class DataSourceNotionPreviewQuery(BaseModel):
@ -204,6 +204,9 @@ class DataSourceNotionListApi(Resource):

        query = DataSourceNotionListQuery.model_validate(request.args.to_dict())

+        # Get datasource_parameters from query string (optional, for GitHub and other datasources)
+        datasource_parameters = query.datasource_parameters or {}
+
        datasource_provider_service = DatasourceProviderService()
        credential = datasource_provider_service.get_datasource_credentials(
            tenant_id=current_tenant_id,
@ -251,7 +254,7 @@ class DataSourceNotionListApi(Resource):
            online_document_result: Generator[OnlineDocumentPagesMessage, None, None] = (
                datasource_runtime.get_online_document_pages(
                    user_id=current_user.id,
-                    datasource_parameters={},
+                    datasource_parameters=datasource_parameters,
                    provider_type=datasource_runtime.datasource_provider_type(),
                )
            )
@ -290,7 +293,7 @@ class DataSourceNotionApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[TextContentResponse.__name__])
-    def get(self, page_id: UUID, page_type: str):
+    def get(self, page_id, page_type):
        _, current_tenant_id = current_account_with_tenant()

        query = DataSourceNotionPreviewQuery.model_validate(request.args.to_dict())
@ -303,11 +306,11 @@ class DataSourceNotionApi(Resource):
            plugin_id="langgenius/notion_datasource",
        )

-        page_id_str = str(page_id)
+        page_id = str(page_id)

        extractor = NotionExtractor(
            notion_workspace_id="",
-            notion_obj_id=page_id_str,
+            notion_obj_id=page_id,
            notion_page_type=page_type,
            notion_access_token=credential.get("integration_secret"),
            tenant_id=current_tenant_id,
@ -364,7 +367,7 @@ class DataSourceNotionDatasetSyncApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
        if dataset is None:
@ -382,7 +385,7 @@ class DataSourceNotionDocumentSyncApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def get(self, dataset_id: UUID, document_id: UUID):
+    def get(self, dataset_id, document_id):
        dataset_id_str = str(dataset_id)
        document_id_str = str(document_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@ -1,17 +1,15 @@
-from datetime import datetime
-from typing import Any
-from uuid import UUID
+from typing import Any, cast

 from flask import request
-from flask_restx import Resource
-from pydantic import BaseModel, Field, field_validator, model_validator
+from flask_restx import Resource, fields, marshal, marshal_with
+from pydantic import BaseModel, Field, field_validator
 from sqlalchemy import func, select
 from werkzeug.exceptions import Forbidden, NotFound

 import services
 from configs import dify_config
 from controllers.common.fields import ApiBaseUrlResponse, SimpleResultResponse, UsageCheckResponse
-from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models
+from controllers.common.schema import get_or_create_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
 from controllers.console.apikey import ApiKeyItem, ApiKeyList
 from controllers.console.app.error import ProviderNotInitializeError
@ -32,10 +30,26 @@ from core.rag.extractor.entity.extract_setting import ExtractSetting, NotionInfo
 from core.rag.index_processor.constant.index_type import IndexTechniqueType
 from core.rag.retrieval.retrieval_methods import RetrievalMethod
 from extensions.ext_database import db
-from fields.base import ResponseModel
-from fields.dataset_fields import DatasetDetailResponse
+from fields.app_fields import app_detail_kernel_fields, related_app_list
+from fields.dataset_fields import (
+    content_fields,
+    dataset_detail_fields,
+    dataset_fields,
+    dataset_query_detail_fields,
+    dataset_retrieval_model_fields,
+    doc_metadata_fields,
+    external_knowledge_info_fields,
+    external_retrieval_model_fields,
+    file_info_fields,
+    icon_info_fields,
+    keyword_setting_fields,
+    reranking_model_fields,
+    tag_fields,
+    vector_setting_fields,
+    weighted_score_fields,
+)
+from fields.document_fields import document_status_fields
 from graphon.model_runtime.entities.model_entities import ModelType
-from libs.helper import build_icon_url, dump_response, to_timestamp
 from libs.login import current_account_with_tenant, login_required
 from libs.url_utils import normalize_api_base_url
 from models import ApiToken, Dataset, Document, DocumentSegment, UploadFile
@ -47,6 +61,58 @@ from services.dataset_service import DatasetPermissionService, DatasetService, D

 register_response_schema_models(console_ns, ApiBaseUrlResponse, SimpleResultResponse, UsageCheckResponse)

+# Register models for flask_restx to avoid dict type issues in Swagger
+dataset_base_model = get_or_create_model("DatasetBase", dataset_fields)
+
+tag_model = get_or_create_model("Tag", tag_fields)
+
+keyword_setting_model = get_or_create_model("DatasetKeywordSetting", keyword_setting_fields)
+vector_setting_model = get_or_create_model("DatasetVectorSetting", vector_setting_fields)
+
+weighted_score_fields_copy = weighted_score_fields.copy()
+weighted_score_fields_copy["keyword_setting"] = fields.Nested(keyword_setting_model)
+weighted_score_fields_copy["vector_setting"] = fields.Nested(vector_setting_model)
+weighted_score_model = get_or_create_model("DatasetWeightedScore", weighted_score_fields_copy)
+
+reranking_model = get_or_create_model("DatasetRerankingModel", reranking_model_fields)
+
+dataset_retrieval_model_fields_copy = dataset_retrieval_model_fields.copy()
+dataset_retrieval_model_fields_copy["reranking_model"] = fields.Nested(reranking_model)
+dataset_retrieval_model_fields_copy["weights"] = fields.Nested(weighted_score_model, allow_null=True)
+dataset_retrieval_model = get_or_create_model("DatasetRetrievalModel", dataset_retrieval_model_fields_copy)
+
+external_knowledge_info_model = get_or_create_model("ExternalKnowledgeInfo", external_knowledge_info_fields)
+
+external_retrieval_model = get_or_create_model("ExternalRetrievalModel", external_retrieval_model_fields)
+
+doc_metadata_model = get_or_create_model("DatasetDocMetadata", doc_metadata_fields)
+
+icon_info_model = get_or_create_model("DatasetIconInfo", icon_info_fields)
+
+dataset_detail_fields_copy = dataset_detail_fields.copy()
+dataset_detail_fields_copy["retrieval_model_dict"] = fields.Nested(dataset_retrieval_model)
+dataset_detail_fields_copy["tags"] = fields.List(fields.Nested(tag_model))
+dataset_detail_fields_copy["external_knowledge_info"] = fields.Nested(external_knowledge_info_model)
+dataset_detail_fields_copy["external_retrieval_model"] = fields.Nested(external_retrieval_model, allow_null=True)
+dataset_detail_fields_copy["doc_metadata"] = fields.List(fields.Nested(doc_metadata_model))
+dataset_detail_fields_copy["icon_info"] = fields.Nested(icon_info_model)
+dataset_detail_model = get_or_create_model("DatasetDetail", dataset_detail_fields_copy)
+
+file_info_model = get_or_create_model("DatasetFileInfo", file_info_fields)
+
+content_fields_copy = content_fields.copy()
+content_fields_copy["file_info"] = fields.Nested(file_info_model, allow_null=True)
+content_model = get_or_create_model("DatasetContent", content_fields_copy)
+
+dataset_query_detail_fields_copy = dataset_query_detail_fields.copy()
+dataset_query_detail_fields_copy["queries"] = fields.Nested(content_model)
+dataset_query_detail_model = get_or_create_model("DatasetQueryDetail", dataset_query_detail_fields_copy)
+
+app_detail_kernel_model = get_or_create_model("AppDetailKernel", app_detail_kernel_fields)
+related_app_list_copy = related_app_list.copy()
+related_app_list_copy["data"] = fields.List(fields.Nested(app_detail_kernel_model))
+related_app_list_model = get_or_create_model("RelatedAppList", related_app_list_copy)
+

 def _validate_indexing_technique(value: str | None) -> str | None:
    if value is None:
@ -142,165 +208,9 @@ class ConsoleDatasetListQuery(BaseModel):
    tag_ids: list[str] = Field(default_factory=list, description="Filter by tag IDs")


-class DatasetListItemResponse(DatasetDetailResponse):
-    partial_member_list: list[str]
-
-
-class DatasetListResponse(ResponseModel):
-    data: list[DatasetListItemResponse]
-    has_more: bool
-    limit: int
-    total: int
-    page: int
-
-
-class DatasetDetailWithPartialMembersResponse(DatasetDetailResponse):
-    partial_member_list: list[str] | None = None
-
-
-class DatasetQueryFileInfoResponse(ResponseModel):
-    id: str
-    name: str
-    size: int
-    extension: str
-    mime_type: str
-    source_url: str
-
-
-class DatasetQueryContentResponse(ResponseModel):
-    content_type: str
-    content: str
-    file_info: DatasetQueryFileInfoResponse | None = None
-
-
-class DatasetQueryDetailResponse(ResponseModel):
-    id: str
-    queries: list[DatasetQueryContentResponse]
-    source: str
-    source_app_id: str | None
-    created_by_role: str
-    created_by: str
-    created_at: int
-
-    @field_validator("created_at", mode="before")
-    @classmethod
-    def _normalize_created_at(cls, value: datetime | int | None) -> int | None:
-        return to_timestamp(value)
-
-
-class DatasetQueryListResponse(ResponseModel):
-    data: list[DatasetQueryDetailResponse]
-    has_more: bool
-    limit: int
-    total: int
-    page: int
-
-
-class RelatedAppResponse(ResponseModel):
-    id: str
-    name: str
-    description: str
-    mode: str = Field(validation_alias="mode_compatible_with_agent")
-    icon_type: str | None
-    icon: str | None
-    icon_background: str | None
-    icon_url: str | None = None
-
-    @model_validator(mode="after")
-    def _set_icon_url(self) -> "RelatedAppResponse":
-        self.icon_url = self.icon_url or build_icon_url(self.icon_type, self.icon)
-        return self
-
-
-class RelatedAppListResponse(ResponseModel):
-    data: list[RelatedAppResponse]
-    total: int
-
-
-class DocumentStatusResponse(ResponseModel):
-    id: str
-    indexing_status: str
-    processing_started_at: int | None
-    parsing_completed_at: int | None
-    cleaning_completed_at: int | None
-    splitting_completed_at: int | None
-    completed_at: int | None
-    paused_at: int | None
-    error: str | None
-    stopped_at: int | None
-    completed_segments: int | None = None
-    total_segments: int | None = None
-
-    @field_validator(
-        "processing_started_at",
-        "parsing_completed_at",
-        "cleaning_completed_at",
-        "splitting_completed_at",
-        "completed_at",
-        "paused_at",
-        "stopped_at",
-        mode="before",
-    )
-    @classmethod
-    def _normalize_timestamp(cls, value: datetime | int | None) -> int | None:
-        return to_timestamp(value)
-
-
-class DocumentStatusListResponse(ResponseModel):
-    data: list[DocumentStatusResponse]
-
-
-class ErrorDocsResponse(DocumentStatusListResponse):
-    total: int
-
-
-class IndexingEstimatePreviewItemResponse(ResponseModel):
-    content: str
-    child_chunks: list[str] | None = None
-    summary: str | None = None
-
-
-class IndexingEstimateQaPreviewItemResponse(ResponseModel):
-    question: str
-    answer: str
-
-
-class IndexingEstimateResponse(ResponseModel):
-    total_segments: int
-    preview: list[IndexingEstimatePreviewItemResponse]
-    qa_preview: list[IndexingEstimateQaPreviewItemResponse] | None = None
-
-
-class RetrievalSettingResponse(ResponseModel):
-    retrieval_method: list[str]
-
-
-class PartialMemberListResponse(ResponseModel):
-    data: list[str]
-
-
-class AutoDisableLogsResponse(ResponseModel):
-    document_ids: list[str]
-    count: int
-
-
 register_schema_models(
    console_ns, DatasetCreatePayload, DatasetUpdatePayload, IndexingEstimatePayload, ConsoleDatasetListQuery
 )
-register_response_schema_models(
-    console_ns,
-    DatasetDetailResponse,
-    DatasetDetailWithPartialMembersResponse,
-    DatasetListResponse,
-    DatasetQueryListResponse,
-    IndexingEstimateResponse,
-    RelatedAppListResponse,
-    DocumentStatusListResponse,
-    ErrorDocsResponse,
-    RetrievalSettingResponse,
-    PartialMemberListResponse,
-    AutoDisableLogsResponse,
-)


 def _get_retrieval_methods_by_vector_type(vector_type: str | None, is_mock: bool = False) -> dict[str, list[str]]:
@ -383,8 +293,17 @@ def _get_retrieval_methods_by_vector_type(vector_type: str | None, is_mock: bool
 class DatasetListApi(Resource):
    @console_ns.doc("get_datasets")
    @console_ns.doc(description="Get list of datasets")
-    @console_ns.doc(params=query_params_from_model(ConsoleDatasetListQuery))
-    @console_ns.response(200, "Datasets retrieved successfully", console_ns.models[DatasetListResponse.__name__])
+    @console_ns.doc(
+        params={
+            "page": "Page number (default: 1)",
+            "limit": "Number of items per page (default: 20)",
+            "ids": "Filter by dataset IDs (list)",
+            "keyword": "Search keyword",
+            "tag_ids": "Filter by tag IDs (list)",
+            "include_all": "Include all datasets (default: false)",
+        }
+    )
+    @console_ns.response(200, "Datasets retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -423,7 +342,7 @@ class DatasetListApi(Resource):
        for embedding_model in embedding_models:
            model_names.append(f"{embedding_model.model}:{embedding_model.provider.provider}")

-        data = [dump_response(DatasetDetailResponse, dataset) for dataset in datasets]
+        data = cast(list[dict[str, Any]], marshal(datasets, dataset_detail_fields))
        dataset_ids = [item["id"] for item in data if item.get("permission") == "partial_members"]
        partial_members_map: dict[str, list[str]] = {}
        if dataset_ids:
@ -460,12 +379,12 @@ class DatasetListApi(Resource):
            "total": total,
            "page": query.page,
        }
-        return dump_response(DatasetListResponse, response), 200
+        return response, 200

    @console_ns.doc("create_dataset")
    @console_ns.doc(description="Create a new dataset")
    @console_ns.expect(console_ns.models[DatasetCreatePayload.__name__])
-    @console_ns.response(201, "Dataset created successfully", console_ns.models[DatasetDetailResponse.__name__])
+    @console_ns.response(201, "Dataset created successfully")
    @console_ns.response(400, "Invalid request parameters")
    @setup_required
    @login_required
@ -494,7 +413,7 @@ class DatasetListApi(Resource):
        except services.errors.dataset.DatasetNameDuplicateError:
            raise DatasetNameDuplicateError()

-        return dump_response(DatasetDetailResponse, dataset), 201
+        return marshal(dataset, dataset_detail_fields), 201


@console_ns.route("/datasets/<uuid:dataset_id>")
@ -502,17 +421,13 @@ class DatasetApi(Resource):
    @console_ns.doc("get_dataset")
    @console_ns.doc(description="Get dataset details")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Dataset retrieved successfully",
-        console_ns.models[DatasetDetailWithPartialMembersResponse.__name__],
-    )
+    @console_ns.response(200, "Dataset retrieved successfully", dataset_detail_model)
    @console_ns.response(404, "Dataset not found")
    @console_ns.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        current_user, current_tenant_id = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -522,7 +437,7 @@ class DatasetApi(Resource):
            DatasetService.check_dataset_permission(dataset, current_user)
        except services.errors.account.NoPermissionError as e:
            raise Forbidden(str(e))
-        data = dump_response(DatasetDetailResponse, dataset)
+        data = cast(dict[str, Any], marshal(dataset, dataset_detail_fields))
        if dataset.indexing_technique == IndexTechniqueType.HIGH_QUALITY:
            if dataset.embedding_model_provider:
                provider_id = ModelProviderID(dataset.embedding_model_provider)
@ -555,18 +470,14 @@ class DatasetApi(Resource):
    @console_ns.doc("update_dataset")
    @console_ns.doc(description="Update dataset details")
    @console_ns.expect(console_ns.models[DatasetUpdatePayload.__name__])
-    @console_ns.response(
-        200,
-        "Dataset updated successfully",
-        console_ns.models[DatasetDetailWithPartialMembersResponse.__name__],
-    )
+    @console_ns.response(200, "Dataset updated successfully", dataset_detail_model)
    @console_ns.response(404, "Dataset not found")
    @console_ns.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def patch(self, dataset_id: UUID):
+    def patch(self, dataset_id):
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
        if dataset is None:
@ -595,7 +506,7 @@ class DatasetApi(Resource):
        if dataset is None:
            raise NotFound("Dataset not found.")

-        result_data = dump_response(DatasetDetailResponse, dataset)
+        result_data = cast(dict[str, Any], marshal(dataset, dataset_detail_fields))
        tenant_id = current_tenant_id

        if payload.partial_member_list is not None and payload.permission == DatasetPermissionEnum.PARTIAL_TEAM:
@ -614,7 +525,7 @@ class DatasetApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Dataset deleted successfully")
-    def delete(self, dataset_id: UUID):
+    def delete(self, dataset_id):
        dataset_id_str = str(dataset_id)
        current_user, _ = current_account_with_tenant()

@ -624,7 +535,7 @@ class DatasetApi(Resource):
        try:
            if DatasetService.delete_dataset(dataset_id_str, current_user):
                DatasetPermissionService.clear_partial_member_list(dataset_id_str)
-                return "", 204
+                return {"result": "success"}, 204
            else:
                raise NotFound("Dataset not found.")
        except services.errors.dataset.DatasetInUseError:
@ -644,7 +555,7 @@ class DatasetUseCheckApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        dataset_id_str = str(dataset_id)

        dataset_is_using = DatasetService.dataset_use_check(dataset_id_str)
@ -656,15 +567,11 @@ class DatasetQueryApi(Resource):
    @console_ns.doc("get_dataset_queries")
    @console_ns.doc(description="Get dataset query history")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Query history retrieved successfully",
-        console_ns.models[DatasetQueryListResponse.__name__],
-    )
+    @console_ns.response(200, "Query history retrieved successfully", dataset_query_detail_model)
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -682,24 +589,20 @@ class DatasetQueryApi(Resource):
        dataset_queries, total = DatasetService.get_dataset_queries(dataset_id=dataset.id, page=page, per_page=limit)

        response = {
-            "data": dataset_queries,
+            "data": marshal(dataset_queries, dataset_query_detail_model),
            "has_more": len(dataset_queries) == limit,
            "limit": limit,
            "total": total,
            "page": page,
        }
-        return dump_response(DatasetQueryListResponse, response), 200
+        return response, 200


@console_ns.route("/datasets/indexing-estimate")
 class DatasetIndexingEstimateApi(Resource):
    @console_ns.doc("estimate_dataset_indexing")
    @console_ns.doc(description="Estimate dataset indexing cost")
-    @console_ns.response(
-        200,
-        "Indexing estimate calculated successfully",
-        console_ns.models[IndexingEstimateResponse.__name__],
-    )
+    @console_ns.response(200, "Indexing estimate calculated successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -796,15 +699,12 @@ class DatasetRelatedAppListApi(Resource):
    @console_ns.doc("get_dataset_related_apps")
    @console_ns.doc(description="Get applications related to dataset")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Related apps retrieved successfully",
-        console_ns.models[RelatedAppListResponse.__name__],
-    )
+    @console_ns.response(200, "Related apps retrieved successfully", related_app_list_model)
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    @marshal_with(related_app_list_model)
+    def get(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -824,7 +724,7 @@ class DatasetRelatedAppListApi(Resource):
            if app_model:
                related_apps.append(app_model)

-        return dump_response(RelatedAppListResponse, {"data": related_apps, "total": len(related_apps)}), 200
+        return {"data": related_apps, "total": len(related_apps)}, 200


@console_ns.route("/datasets/<uuid:dataset_id>/indexing-status")
@ -832,19 +732,15 @@ class DatasetIndexingStatusApi(Resource):
    @console_ns.doc("get_dataset_indexing_status")
    @console_ns.doc(description="Get dataset indexing status")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Indexing status retrieved successfully",
-        console_ns.models[DocumentStatusListResponse.__name__],
-    )
+    @console_ns.response(200, "Indexing status retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        _, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)
        documents = db.session.scalars(
-            select(Document).where(Document.dataset_id == dataset_id_str, Document.tenant_id == current_tenant_id)
+            select(Document).where(Document.dataset_id == dataset_id, Document.tenant_id == current_tenant_id)
        ).all()
        documents_status = []
        for document in documents:
@ -882,8 +778,9 @@ class DatasetIndexingStatusApi(Resource):
                "completed_segments": completed_segments,
                "total_segments": total_segments,
            }
-            documents_status.append(document_dict)
-        return dump_response(DocumentStatusListResponse, {"data": documents_status}), 200
+            documents_status.append(marshal(document_dict, document_status_fields))
+        data = {"data": documents_status}
+        return data, 200


@console_ns.route("/datasets/api-keys")
@ -952,15 +849,15 @@ class DatasetApiDeleteApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    def delete(self, api_key_id: UUID):
+    def delete(self, api_key_id):
        _, current_tenant_id = current_account_with_tenant()
-        api_key_id_str = str(api_key_id)
+        api_key_id = str(api_key_id)
        key = db.session.scalar(
            select(ApiToken)
            .where(
                ApiToken.tenant_id == current_tenant_id,
                ApiToken.type == self.resource_type,
-                ApiToken.id == api_key_id_str,
+                ApiToken.id == api_key_id,
            )
            .limit(1)
        )
@ -976,7 +873,7 @@ class DatasetApiDeleteApi(Resource):
        db.session.delete(key)
        db.session.commit()

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/api-keys/<string:status>")
@ -985,7 +882,7 @@ class DatasetEnableApiApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def post(self, dataset_id: UUID, status: str):
+    def post(self, dataset_id, status):
        dataset_id_str = str(dataset_id)

        DatasetService.update_dataset_api_status(dataset_id_str, status == "enable")
@ -1010,18 +907,13 @@ class DatasetApiBaseUrlApi(Resource):
 class DatasetRetrievalSettingApi(Resource):
    @console_ns.doc("get_dataset_retrieval_setting")
    @console_ns.doc(description="Get dataset retrieval settings")
-    @console_ns.response(
-        200, "Retrieval settings retrieved successfully", console_ns.models[RetrievalSettingResponse.__name__]
-    )
+    @console_ns.response(200, "Retrieval settings retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
    def get(self):
        vector_type = dify_config.VECTOR_STORE
-        return dump_response(
-            RetrievalSettingResponse,
-            _get_retrieval_methods_by_vector_type(vector_type, is_mock=False),
-        )
+        return _get_retrieval_methods_by_vector_type(vector_type, is_mock=False)


@console_ns.route("/datasets/retrieval-setting/<string:vector_type>")
@ -1029,19 +921,12 @@ class DatasetRetrievalSettingMockApi(Resource):
    @console_ns.doc("get_dataset_retrieval_setting_mock")
    @console_ns.doc(description="Get mock dataset retrieval settings by vector type")
    @console_ns.doc(params={"vector_type": "Vector store type"})
-    @console_ns.response(
-        200,
-        "Mock retrieval settings retrieved successfully",
-        console_ns.models[RetrievalSettingResponse.__name__],
-    )
+    @console_ns.response(200, "Mock retrieval settings retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, vector_type: str):
-        return dump_response(
-            RetrievalSettingResponse,
-            _get_retrieval_methods_by_vector_type(vector_type, is_mock=True),
-        )
+    def get(self, vector_type):
+        return _get_retrieval_methods_by_vector_type(vector_type, is_mock=True)


@console_ns.route("/datasets/<uuid:dataset_id>/error-docs")
@ -1049,19 +934,19 @@ class DatasetErrorDocs(Resource):
    @console_ns.doc("get_dataset_error_docs")
    @console_ns.doc(description="Get dataset error documents")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(200, "Error documents retrieved successfully", console_ns.models[ErrorDocsResponse.__name__])
+    @console_ns.response(200, "Error documents retrieved successfully")
    @console_ns.response(404, "Dataset not found")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
        if dataset is None:
            raise NotFound("Dataset not found.")
        results = DocumentService.get_error_documents_by_dataset_id(dataset_id_str)

-        return dump_response(ErrorDocsResponse, {"data": results, "total": len(results)}), 200
+        return {"data": [marshal(item, document_status_fields) for item in results], "total": len(results)}, 200


@console_ns.route("/datasets/<uuid:dataset_id>/permission-part-users")
@ -1069,17 +954,13 @@ class DatasetPermissionUserListApi(Resource):
    @console_ns.doc("get_dataset_permission_users")
    @console_ns.doc(description="Get dataset permission user list")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Permission users retrieved successfully",
-        console_ns.models[PartialMemberListResponse.__name__],
-    )
+    @console_ns.response(200, "Permission users retrieved successfully")
    @console_ns.response(404, "Dataset not found")
    @console_ns.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -1092,7 +973,9 @@ class DatasetPermissionUserListApi(Resource):

        partial_members_list = DatasetPermissionService.get_dataset_partial_member_list(dataset_id_str)

-        return dump_response(PartialMemberListResponse, {"data": partial_members_list}), 200
+        return {
+            "data": partial_members_list,
+        }, 200


@console_ns.route("/datasets/<uuid:dataset_id>/auto-disable-logs")
@ -1100,18 +983,14 @@ class DatasetAutoDisableLogApi(Resource):
    @console_ns.doc("get_dataset_auto_disable_logs")
    @console_ns.doc(description="Get dataset auto disable logs")
    @console_ns.doc(params={"dataset_id": "Dataset ID"})
-    @console_ns.response(
-        200,
-        "Auto disable logs retrieved successfully",
-        console_ns.models[AutoDisableLogsResponse.__name__],
-    )
+    @console_ns.response(200, "Auto disable logs retrieved successfully")
    @console_ns.response(404, "Dataset not found")
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
        if dataset is None:
            raise NotFound("Dataset not found.")
-        return dump_response(AutoDisableLogsResponse, DatasetService.get_dataset_auto_disable_logs(dataset_id_str)), 200
+        return DatasetService.get_dataset_auto_disable_logs(dataset_id_str), 200
--- a/api/controllers/console/datasets/datasets_document.py
+++ b/api/controllers/console/datasets/datasets_document.py
@ -5,7 +5,6 @@ from collections.abc import Sequence
 from contextlib import ExitStack
 from datetime import datetime
 from typing import Any, Literal, cast
-from uuid import UUID

 import sqlalchemy as sa
 from flask import request, send_file
@ -316,9 +315,9 @@ class DatasetDocumentListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        current_user, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)
        raw_args = request.args.to_dict()
        param = DocumentDatasetListParam.model_validate(raw_args)
        page = param.page
@ -343,7 +342,7 @@ class DatasetDocumentListApi(Resource):
                    )
        except (ArgumentTypeError, ValueError, Exception):
            fetch = False
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")

@ -352,7 +351,7 @@ class DatasetDocumentListApi(Resource):
        except services.errors.account.NoPermissionError as e:
            raise Forbidden(str(e))

-        query = select(Document).where(Document.dataset_id == dataset_id_str, Document.tenant_id == current_tenant_id)
+        query = select(Document).where(Document.dataset_id == str(dataset_id), Document.tenant_id == current_tenant_id)

        if status:
            query = DocumentService.apply_display_status_filter(query, status)
@ -373,7 +372,7 @@ class DatasetDocumentListApi(Resource):
                    sa.select(
                        DocumentSegment.document_id, sa.func.sum(DocumentSegment.hit_count).label("total_hit_count")
                    )
-                    .where(DocumentSegment.dataset_id == dataset_id_str)
+                    .where(DocumentSegment.dataset_id == str(dataset_id))
                    .group_by(DocumentSegment.document_id)
                    .subquery()
                )
@ -445,11 +444,11 @@ class DatasetDocumentListApi(Resource):
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[KnowledgeConfig.__name__])
    @console_ns.response(200, "Documents created successfully", console_ns.models[DatasetAndDocumentResponse.__name__])
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id):
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)

-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)

        if not dataset:
            raise NotFound("Dataset not found.")
@ -473,7 +472,7 @@ class DatasetDocumentListApi(Resource):

        try:
            documents, batch = DocumentService.save_document_with_dataset_id(dataset, knowledge_config, current_user)
-            dataset = DatasetService.get_dataset(dataset_id_str)
+            dataset = DatasetService.get_dataset(dataset_id)

        except ProviderTokenNotInitError as ex:
            raise ProviderNotInitializeError(ex.description)
@ -491,9 +490,9 @@ class DatasetDocumentListApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Documents deleted successfully")
-    def delete(self, dataset_id: UUID):
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+    def delete(self, dataset_id):
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if dataset is None:
            raise NotFound("Dataset not found.")
        # check user's model setting
@ -505,7 +504,7 @@ class DatasetDocumentListApi(Resource):
        except services.errors.document.DocumentIndexingError:
            raise DocumentIndexingError("Cannot delete document during indexing.")

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/init")
@ -583,11 +582,11 @@ class DocumentIndexingEstimateApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
+    def get(self, dataset_id, document_id):
        _, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        document = self.get_document(dataset_id_str, document_id_str)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        document = self.get_document(dataset_id, document_id)

        if document.indexing_status in {IndexingStatus.COMPLETED, IndexingStatus.ERROR}:
            raise DocumentAlreadyFinishedError()
@ -625,7 +624,7 @@ class DocumentIndexingEstimateApi(DocumentResource):
                        data_process_rule_dict,
                        document.doc_form,
                        "English",
-                        dataset_id_str,
+                        dataset_id,
                    )
                    return estimate_response.model_dump(), 200
                except LLMBadRequestError:
@ -648,10 +647,11 @@ class DocumentBatchIndexingEstimateApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, batch: str):
+    def get(self, dataset_id, batch):
        _, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        documents = self.get_batch_documents(dataset_id_str, batch)
+        dataset_id = str(dataset_id)
+        batch = str(batch)
+        documents = self.get_batch_documents(dataset_id, batch)
        if not documents:
            return {"tokens": 0, "total_price": 0, "currency": "USD", "total_segments": 0, "preview": []}, 200
        data_process_rule = documents[0].dataset_process_rule
@ -725,7 +725,7 @@ class DocumentBatchIndexingEstimateApi(DocumentResource):
                    data_process_rule_dict,
                    document.doc_form,
                    "English",
-                    dataset_id_str,
+                    dataset_id,
                )
                return response.model_dump(), 200
            except LLMBadRequestError:
@ -745,9 +745,10 @@ class DocumentBatchIndexingStatusApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, batch: str):
-        dataset_id_str = str(dataset_id)
-        documents = self.get_batch_documents(dataset_id_str, batch)
+    def get(self, dataset_id, batch):
+        dataset_id = str(dataset_id)
+        batch = str(batch)
+        documents = self.get_batch_documents(dataset_id, batch)
        documents_status = []
        for document in documents:
            completed_segments = (
@ -799,16 +800,16 @@ class DocumentIndexingStatusApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        document = self.get_document(dataset_id_str, document_id_str)
+    def get(self, dataset_id, document_id):
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        document = self.get_document(dataset_id, document_id)

        completed_segments = (
            db.session.scalar(
                select(func.count(DocumentSegment.id)).where(
                    DocumentSegment.completed_at.isnot(None),
-                    DocumentSegment.document_id == str(document_id_str),
+                    DocumentSegment.document_id == str(document_id),
                    DocumentSegment.status != SegmentStatus.RE_SEGMENT,
                )
            )
@ -817,7 +818,7 @@ class DocumentIndexingStatusApi(DocumentResource):
        total_segments = (
            db.session.scalar(
                select(func.count(DocumentSegment.id)).where(
-                    DocumentSegment.document_id == str(document_id_str),
+                    DocumentSegment.document_id == str(document_id),
                    DocumentSegment.status != SegmentStatus.RE_SEGMENT,
                )
            )
@ -860,10 +861,10 @@ class DocumentApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        document = self.get_document(dataset_id_str, document_id_str)
+    def get(self, dataset_id, document_id):
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        document = self.get_document(dataset_id, document_id)

        metadata = request.args.get("metadata", "all")
        if metadata not in self.METADATA_CHOICES:
@ -872,7 +873,7 @@ class DocumentApi(DocumentResource):
        if metadata == "only":
            response = {"id": document.id, "doc_type": document.doc_type, "doc_metadata": document.doc_metadata_details}
        elif metadata == "without":
-            dataset_process_rules = DatasetService.get_process_rules(dataset_id_str)
+            dataset_process_rules = DatasetService.get_process_rules(dataset_id)
            document_process_rules = document.dataset_process_rule.to_dict() if document.dataset_process_rule else {}
            response = {
                "id": document.id,
@ -906,7 +907,7 @@ class DocumentApi(DocumentResource):
                "need_summary": document.need_summary if document.need_summary is not None else False,
            }
        else:
-            dataset_process_rules = DatasetService.get_process_rules(dataset_id_str)
+            dataset_process_rules = DatasetService.get_process_rules(dataset_id)
            document_process_rules = document.dataset_process_rule.to_dict() if document.dataset_process_rule else {}
            response = {
                "id": document.id,
@ -949,23 +950,23 @@ class DocumentApi(DocumentResource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Document deleted successfully")
-    def delete(self, dataset_id: UUID, document_id: UUID):
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+    def delete(self, dataset_id, document_id):
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if dataset is None:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)

-        document = self.get_document(dataset_id_str, document_id_str)
+        document = self.get_document(dataset_id, document_id)

        try:
            DocumentService.delete_document(document)
        except services.errors.document.DocumentIndexingError:
            raise DocumentIndexingError("Cannot delete document during indexing.")

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/download")
@ -979,7 +980,7 @@ class DocumentDownloadApi(DocumentResource):
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def get(self, dataset_id: UUID, document_id: UUID) -> dict[str, Any]:
+    def get(self, dataset_id: str, document_id: str) -> dict[str, Any]:
        # Reuse the shared permission/tenant checks implemented in DocumentResource.
        document = self.get_document(str(dataset_id), str(document_id))
        return {"url": DocumentService.get_document_download_url(document)}
@ -996,16 +997,16 @@ class DocumentBatchDownloadZipApi(DocumentResource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[DocumentBatchDownloadZipPayload.__name__])
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id: str):
        """Stream a ZIP archive containing the requested uploaded documents."""
        # Parse and validate request payload.
        payload = DocumentBatchDownloadZipPayload.model_validate(console_ns.payload or {})

        current_user, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)
        document_ids: list[str] = [str(document_id) for document_id in payload.document_ids]
        upload_files, download_name = DocumentService.prepare_document_batch_download_zip(
-            dataset_id=dataset_id_str,
+            dataset_id=dataset_id,
            document_ids=document_ids,
            tenant_id=current_tenant_id,
            current_user=current_user,
@ -1043,11 +1044,11 @@ class DocumentProcessingApi(DocumentResource):
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def patch(self, dataset_id: UUID, document_id: UUID, action: Literal["pause", "resume"]):
+    def patch(self, dataset_id, document_id, action: Literal["pause", "resume"]):
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        document = self.get_document(dataset_id_str, document_id_str)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        document = self.get_document(dataset_id, document_id)

        # The role of the current user in the ta table must be admin, owner, dataset_operator, or editor
        if not current_user.is_dataset_editor:
@ -1091,11 +1092,11 @@ class DocumentMetadataApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def put(self, dataset_id: UUID, document_id: UUID):
+    def put(self, dataset_id, document_id):
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        document = self.get_document(dataset_id_str, document_id_str)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        document = self.get_document(dataset_id, document_id)

        req_data = DocumentMetadataUpdatePayload.model_validate(request.get_json() or {})

@ -1140,10 +1141,10 @@ class DocumentStatusApi(DocumentResource):
    @cloud_edition_billing_resource_check("vector_space")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def patch(self, dataset_id: UUID, action: Literal["enable", "disable", "archive", "un_archive"]):
+    def patch(self, dataset_id, action: Literal["enable", "disable", "archive", "un_archive"]):
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if dataset is None:
            raise NotFound("Dataset not found.")

@ -1178,16 +1179,16 @@ class DocumentPauseApi(DocumentResource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Document paused successfully")
-    def patch(self, dataset_id: UUID, document_id: UUID):
+    def patch(self, dataset_id, document_id):
        """pause document."""
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)

-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")

-        document = DocumentService.get_document(dataset.id, document_id_str)
+        document = DocumentService.get_document(dataset.id, document_id)

        # 404 if document not found
        if document is None:
@ -1203,7 +1204,7 @@ class DocumentPauseApi(DocumentResource):
        except services.errors.document.DocumentIndexingError:
            raise DocumentIndexingError("Cannot pause completed document.")

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/processing/resume")
@ -1213,14 +1214,14 @@ class DocumentRecoverApi(DocumentResource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Document resumed successfully")
-    def patch(self, dataset_id: UUID, document_id: UUID):
+    def patch(self, dataset_id, document_id):
        """recover document."""
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
-        document = DocumentService.get_document(dataset.id, document_id_str)
+        document = DocumentService.get_document(dataset.id, document_id)

        # 404 if document not found
        if document is None:
@ -1235,7 +1236,7 @@ class DocumentRecoverApi(DocumentResource):
        except services.errors.document.DocumentIndexingError:
            raise DocumentIndexingError("Document is not in paused status.")

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/retry")
@ -1246,11 +1247,11 @@ class DocumentRetryApi(DocumentResource):
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[DocumentRetryPayload.__name__])
    @console_ns.response(204, "Documents retry started successfully")
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id):
        """retry document."""
        payload = DocumentRetryPayload.model_validate(console_ns.payload or {})
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        retry_documents = []
        if not dataset:
            raise NotFound("Dataset not found.")
@ -1276,9 +1277,9 @@ class DocumentRetryApi(DocumentResource):
                logger.exception("Failed to retry document, document id: %s", document_id)
                continue
        # retry document
-        DocumentService.retry_document(dataset_id_str, retry_documents)
+        DocumentService.retry_document(dataset_id, retry_documents)

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/rename")
@ -1288,7 +1289,7 @@ class DocumentRenameApi(DocumentResource):
    @account_initialization_required
    @console_ns.response(200, "Document renamed successfully", console_ns.models[DocumentResponse.__name__])
    @console_ns.expect(console_ns.models[DocumentRenamePayload.__name__])
-    def post(self, dataset_id: UUID, document_id: UUID):
+    def post(self, dataset_id, document_id):
        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
        current_user, _ = current_account_with_tenant()
        if not current_user.is_dataset_editor:
@ -1300,7 +1301,7 @@ class DocumentRenameApi(DocumentResource):
        payload = DocumentRenamePayload.model_validate(console_ns.payload or {})

        try:
-            document = DocumentService.rename_document(str(dataset_id), str(document_id), payload.name)
+            document = DocumentService.rename_document(dataset_id, document_id, payload.name)
        except services.errors.document.DocumentIndexingError:
            raise DocumentIndexingError("Cannot delete document during indexing.")

@ -1313,15 +1314,15 @@ class WebsiteDocumentSyncApi(DocumentResource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def get(self, dataset_id: UUID, document_id: UUID):
+    def get(self, dataset_id, document_id):
        """sync website document."""
        _, current_tenant_id = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset.id, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset.id, document_id)
        if not document:
            raise NotFound("Document not found.")
        if document.tenant_id != current_tenant_id:
@ -1332,7 +1333,7 @@ class WebsiteDocumentSyncApi(DocumentResource):
        if DocumentService.check_archived(document):
            raise ArchivedDocumentImmutableError()
        # sync document
-        DocumentService.sync_website_document(dataset_id_str, document)
+        DocumentService.sync_website_document(dataset_id, document)

        return {"result": "success"}, 200

@ -1342,19 +1343,19 @@ class DocumentPipelineExecutionLogApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
+    def get(self, dataset_id, document_id):
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)

-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
-        document = DocumentService.get_document(dataset.id, document_id_str)
+        document = DocumentService.get_document(dataset.id, document_id)
        if not document:
            raise NotFound("Document not found.")
        log = db.session.scalar(
            select(DocumentPipelineExecutionLog)
-            .where(DocumentPipelineExecutionLog.document_id == document_id_str)
+            .where(DocumentPipelineExecutionLog.document_id == document_id)
            .order_by(DocumentPipelineExecutionLog.created_at.desc())
            .limit(1)
        )
@ -1391,7 +1392,7 @@ class DocumentGenerateSummaryApi(Resource):
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id):
        """
        Generate summary index for specified documents.

@ -1400,10 +1401,10 @@ class DocumentGenerateSummaryApi(Resource):
        then asynchronously generates summary indexes for the provided documents.
        """
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)

        # Get dataset
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")

@ -1437,7 +1438,7 @@ class DocumentGenerateSummaryApi(Resource):
            raise ValueError("Summary index is not enabled for this dataset. Please enable it in the dataset settings.")

        # Verify all documents exist and belong to the dataset
-        documents = DocumentService.get_documents_by_ids(dataset_id_str, document_list)
+        documents = DocumentService.get_documents_by_ids(dataset_id, document_list)

        if len(documents) != len(document_list):
            found_ids = {doc.id for doc in documents}
@ -1451,7 +1452,7 @@ class DocumentGenerateSummaryApi(Resource):
        if documents_to_update:
            document_ids_to_update = [str(doc.id) for doc in documents_to_update]
            DocumentService.update_documents_need_summary(
-                dataset_id=dataset_id_str,
+                dataset_id=dataset_id,
                document_ids=document_ids_to_update,
                need_summary=True,
            )
@ -1464,11 +1465,11 @@ class DocumentGenerateSummaryApi(Resource):
                continue

            # Dispatch async task
-            generate_summary_index_task.delay(dataset_id_str, document.id)
+            generate_summary_index_task.delay(dataset_id, document.id)
            logger.info(
                "Dispatched summary generation task for document %s in dataset %s",
                document.id,
-                dataset_id_str,
+                dataset_id,
            )

        return {"result": "success"}, 200
@ -1484,7 +1485,7 @@ class DocumentSummaryStatusApi(DocumentResource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
+    def get(self, dataset_id, document_id):
        """
        Get summary index generation status for a document.

@ -1498,11 +1499,11 @@ class DocumentSummaryStatusApi(DocumentResource):
        - summaries: List of summary records with status and content preview
        """
        current_user, _ = current_account_with_tenant()
-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)

        # Get dataset
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")

@ -1516,8 +1517,8 @@ class DocumentSummaryStatusApi(DocumentResource):
        from services.summary_index_service import SummaryIndexService

        result = SummaryIndexService.get_document_summary_status_detail(
-            document_id=document_id_str,
-            dataset_id=dataset_id_str,
+            document_id=document_id,
+            dataset_id=dataset_id,
        )

        return result, 200
--- a/api/controllers/console/datasets/datasets_segments.py
+++ b/api/controllers/console/datasets/datasets_segments.py
@ -1,6 +1,4 @@
 import uuid
-from typing import Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource, marshal
@ -115,12 +113,12 @@ class DatasetDocumentSegmentListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID):
+    def get(self, dataset_id, document_id):
        current_user, current_tenant_id = current_account_with_tenant()

-        dataset_id_str = str(dataset_id)
-        document_id_str = str(document_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        document_id = str(document_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")

@ -129,7 +127,7 @@ class DatasetDocumentSegmentListApi(Resource):
        except services.errors.account.NoPermissionError as e:
            raise Forbidden(str(e))

-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document = DocumentService.get_document(dataset_id, document_id)

        if not document:
            raise NotFound("Document not found.")
@ -150,7 +148,7 @@ class DatasetDocumentSegmentListApi(Resource):
        query = (
            select(DocumentSegment)
            .where(
-                DocumentSegment.document_id == document_id_str,
+                DocumentSegment.document_id == str(document_id),
                DocumentSegment.tenant_id == current_tenant_id,
            )
            .order_by(DocumentSegment.position.asc())
@ -169,12 +167,9 @@ class DatasetDocumentSegmentListApi(Resource):
            # Use database-specific methods for JSON array search
            if dify_config.SQLALCHEMY_DATABASE_URI_SCHEME == "postgresql":
                # PostgreSQL: Use jsonb_array_elements_text to properly handle Unicode/Chinese text
-                # Guard with jsonb_typeof to avoid "cannot extract elements from a scalar" error
-                # when keywords is null or a non-array JSON value.
                keywords_condition = func.array_to_string(
                    func.array(
                        select(func.jsonb_array_elements_text(cast(DocumentSegment.keywords, JSONB)))
-                        .where(func.jsonb_typeof(cast(DocumentSegment.keywords, JSONB)) == "array")
                        .correlate(DocumentSegment)
                        .scalar_subquery()
                    ),
@ -206,9 +201,7 @@ class DatasetDocumentSegmentListApi(Resource):
        if segment_ids:
            from services.summary_index_service import SummaryIndexService

-            summary_records = SummaryIndexService.get_segments_summaries(
-                segment_ids=segment_ids, dataset_id=dataset_id_str
-            )
+            summary_records = SummaryIndexService.get_segments_summaries(segment_ids=segment_ids, dataset_id=dataset_id)
            # Only include enabled summaries (already filtered by service)
            summaries = {chunk_id: summary.summary_content for chunk_id, summary in summary_records.items()}

@ -233,19 +226,19 @@ class DatasetDocumentSegmentListApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Segments deleted successfully")
-    def delete(self, dataset_id: UUID, document_id: UUID):
+    def delete(self, dataset_id, document_id):
        current_user, _ = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        segment_ids = request.args.getlist("segment_id")
@ -258,7 +251,7 @@ class DatasetDocumentSegmentListApi(Resource):
        except services.errors.account.NoPermissionError as e:
            raise Forbidden(str(e))
        SegmentService.delete_segments(segment_ids, document, dataset)
-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/segment/<string:action>")
@ -269,15 +262,15 @@ class DatasetDocumentSegmentApi(Resource):
    @cloud_edition_billing_resource_check("vector_space")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def patch(self, dataset_id: UUID, document_id: UUID, action: Literal["enable", "disable"]):
+    def patch(self, dataset_id, document_id, action):
        current_user, current_tenant_id = current_account_with_tenant()

-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        # check user's model setting
@ -328,17 +321,17 @@ class DatasetDocumentSegmentAddApi(Resource):
    @cloud_edition_billing_knowledge_limit_check("add_segment")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[SegmentCreatePayload.__name__])
-    def post(self, dataset_id: UUID, document_id: UUID):
+    def post(self, dataset_id, document_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        if not current_user.is_dataset_editor:
@ -368,7 +361,7 @@ class DatasetDocumentSegmentAddApi(Resource):
        payload_dict = payload.model_dump(exclude_none=True)
        SegmentService.segment_create_args_validate(payload_dict, document)
        segment = SegmentService.create_segment(payload_dict, document, dataset)
-        return {"data": _get_segment_with_summary(segment, dataset_id_str), "doc_form": document.doc_form}, 200
+        return {"data": _get_segment_with_summary(segment, dataset_id), "doc_form": document.doc_form}, 200


@console_ns.route("/datasets/<uuid:dataset_id>/documents/<uuid:document_id>/segments/<uuid:segment_id>")
@ -379,19 +372,19 @@ class DatasetDocumentSegmentUpdateApi(Resource):
    @cloud_edition_billing_resource_check("vector_space")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[SegmentUpdatePayload.__name__])
-    def patch(self, dataset_id: UUID, document_id: UUID, segment_id: UUID):
+    def patch(self, dataset_id, document_id, segment_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        if dataset.indexing_technique == IndexTechniqueType.HIGH_QUALITY:
@ -411,10 +404,10 @@ class DatasetDocumentSegmentUpdateApi(Resource):
            except ProviderTokenNotInitError as ex:
                raise ProviderNotInitializeError(ex.description)
            # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
@ -435,33 +428,33 @@ class DatasetDocumentSegmentUpdateApi(Resource):
        segment = SegmentService.update_segment(
            SegmentUpdateArgs.model_validate(payload.model_dump(exclude_none=True)), segment, document, dataset
        )
-        return {"data": _get_segment_with_summary(segment, dataset_id_str), "doc_form": document.doc_form}, 200
+        return {"data": _get_segment_with_summary(segment, dataset_id), "doc_form": document.doc_form}, 200

    @setup_required
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Segment deleted successfully")
-    def delete(self, dataset_id: UUID, document_id: UUID, segment_id: UUID):
+    def delete(self, dataset_id, document_id, segment_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
@ -474,7 +467,7 @@ class DatasetDocumentSegmentUpdateApi(Resource):
        except services.errors.account.NoPermissionError as e:
            raise Forbidden(str(e))
        SegmentService.delete_segment(segment, document, dataset)
-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route(
@ -490,17 +483,17 @@ class DatasetDocumentSegmentBatchImportApi(Resource):
    @cloud_edition_billing_knowledge_limit_check("add_segment")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[BatchImportPayload.__name__])
-    def post(self, dataset_id: UUID, document_id: UUID):
+    def post(self, dataset_id, document_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")

@ -524,8 +517,8 @@ class DatasetDocumentSegmentBatchImportApi(Resource):
            batch_create_segment_to_index_task.delay(
                str(job_id),
                upload_file_id,
-                dataset_id_str,
-                document_id_str,
+                dataset_id,
+                document_id,
                current_tenant_id,
                current_user.id,
            )
@ -537,7 +530,7 @@ class DatasetDocumentSegmentBatchImportApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, job_id=None, dataset_id: UUID | None = None, document_id: UUID | None = None):
+    def get(self, job_id=None, dataset_id=None, document_id=None):
        if job_id is None:
            raise NotFound("The job does not exist.")
        job_id = str(job_id)
@ -558,24 +551,24 @@ class ChildChunkAddApi(Resource):
    @cloud_edition_billing_knowledge_limit_check("add_segment")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[ChildChunkCreatePayload.__name__])
-    def post(self, dataset_id: UUID, document_id: UUID, segment_id: UUID):
+    def post(self, dataset_id, document_id, segment_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
@ -613,26 +606,26 @@ class ChildChunkAddApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, dataset_id: UUID, document_id: UUID, segment_id: UUID):
+    def get(self, dataset_id, document_id, segment_id):
        _, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
@ -649,9 +642,7 @@ class ChildChunkAddApi(Resource):
        limit = min(args.limit, 100)
        keyword = args.keyword

-        child_chunks = SegmentService.get_child_chunks(
-            segment_id_str, document_id_str, dataset_id_str, page, limit, keyword
-        )
+        child_chunks = SegmentService.get_child_chunks(segment_id, document_id, dataset_id, page, limit, keyword)
        return {
            "data": marshal(child_chunks.items, child_chunk_fields),
            "total": child_chunks.total,
@ -665,26 +656,26 @@ class ChildChunkAddApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("vector_space")
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def patch(self, dataset_id: UUID, document_id: UUID, segment_id: UUID):
+    def patch(self, dataset_id, document_id, segment_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
            # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
@ -714,39 +705,39 @@ class ChildChunkUpdateApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.response(204, "Child chunk deleted successfully")
-    def delete(self, dataset_id: UUID, document_id: UUID, segment_id: UUID, child_chunk_id: UUID):
+    def delete(self, dataset_id, document_id, segment_id, child_chunk_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
        # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
            raise NotFound("Segment not found.")
        # check child chunk
-        child_chunk_id_str = str(child_chunk_id)
+        child_chunk_id = str(child_chunk_id)
        child_chunk = db.session.scalar(
            select(ChildChunk)
            .where(
-                ChildChunk.id == str(child_chunk_id_str),
+                ChildChunk.id == str(child_chunk_id),
                ChildChunk.tenant_id == current_tenant_id,
                ChildChunk.segment_id == segment.id,
-                ChildChunk.document_id == document_id_str,
+                ChildChunk.document_id == document_id,
            )
            .limit(1)
        )
@ -763,7 +754,7 @@ class ChildChunkUpdateApi(Resource):
            SegmentService.delete_child_chunk(child_chunk, dataset)
        except ChildChunkDeleteIndexServiceError as e:
            raise ChildChunkDeleteIndexError(str(e))
-        return "", 204
+        return {"result": "success"}, 204

    @setup_required
    @login_required
@ -771,39 +762,39 @@ class ChildChunkUpdateApi(Resource):
    @cloud_edition_billing_resource_check("vector_space")
    @cloud_edition_billing_rate_limit_check("knowledge")
    @console_ns.expect(console_ns.models[ChildChunkUpdatePayload.__name__])
-    def patch(self, dataset_id: UUID, document_id: UUID, segment_id: UUID, child_chunk_id: UUID):
+    def patch(self, dataset_id, document_id, segment_id, child_chunk_id):
        current_user, current_tenant_id = current_account_with_tenant()

        # check dataset
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
+        dataset_id = str(dataset_id)
+        dataset = DatasetService.get_dataset(dataset_id)
        if not dataset:
            raise NotFound("Dataset not found.")
        # check user's model setting
        DatasetService.check_dataset_model_setting(dataset)
        # check document
-        document_id_str = str(document_id)
-        document = DocumentService.get_document(dataset_id_str, document_id_str)
+        document_id = str(document_id)
+        document = DocumentService.get_document(dataset_id, document_id)
        if not document:
            raise NotFound("Document not found.")
            # check segment
-        segment_id_str = str(segment_id)
+        segment_id = str(segment_id)
        segment = db.session.scalar(
            select(DocumentSegment)
-            .where(DocumentSegment.id == segment_id_str, DocumentSegment.tenant_id == current_tenant_id)
+            .where(DocumentSegment.id == str(segment_id), DocumentSegment.tenant_id == current_tenant_id)
            .limit(1)
        )
        if not segment:
            raise NotFound("Segment not found.")
        # check child chunk
-        child_chunk_id_str = str(child_chunk_id)
+        child_chunk_id = str(child_chunk_id)
        child_chunk = db.session.scalar(
            select(ChildChunk)
            .where(
-                ChildChunk.id == str(child_chunk_id_str),
+                ChildChunk.id == str(child_chunk_id),
                ChildChunk.tenant_id == current_tenant_id,
                ChildChunk.segment_id == segment.id,
-                ChildChunk.document_id == document_id_str,
+                ChildChunk.document_id == document_id,
            )
            .limit(1)
        )
--- a/api/controllers/console/datasets/external.py
+++ b/api/controllers/console/datasets/external.py
@ -1,5 +1,3 @@
-from uuid import UUID
-
 from flask import request
 from flask_restx import Resource, fields, marshal
 from pydantic import BaseModel, Field
@ -10,12 +8,7 @@ from controllers.common.fields import UsageCountResponse
 from controllers.common.schema import get_or_create_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
 from controllers.console.datasets.error import DatasetNameDuplicateError
-from controllers.console.wraps import (
-    account_initialization_required,
-    edit_permission_required,
-    setup_required,
-    with_current_tenant_id,
-)
+from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from fields.dataset_fields import (
    dataset_detail_fields,
    dataset_retrieval_model_fields,
@ -131,9 +124,9 @@ class ExternalApiTemplateListApi(Resource):
    @console_ns.response(200, "External API templates retrieved successfully")
    @setup_required
    @login_required
-    @with_current_tenant_id
    @account_initialization_required
-    def get(self, current_tenant_id: str):
+    def get(self):
+        _, current_tenant_id = current_account_with_tenant()
        query = ExternalApiTemplateListQuery.model_validate(request.args.to_dict())

        external_knowledge_apis, total = ExternalDatasetService.get_external_knowledge_apis(
@ -182,11 +175,11 @@ class ExternalApiTemplateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, external_knowledge_api_id: UUID):
+    def get(self, external_knowledge_api_id):
        _, current_tenant_id = current_account_with_tenant()
-        external_knowledge_api_id_str = str(external_knowledge_api_id)
+        external_knowledge_api_id = str(external_knowledge_api_id)
        external_knowledge_api = ExternalDatasetService.get_external_knowledge_api(
-            external_knowledge_api_id_str, current_tenant_id
+            external_knowledge_api_id, current_tenant_id
        )
        if external_knowledge_api is None:
            raise NotFound("API template not found.")
@ -197,9 +190,9 @@ class ExternalApiTemplateApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.expect(console_ns.models[ExternalKnowledgeApiPayload.__name__])
-    def patch(self, external_knowledge_api_id: UUID):
+    def patch(self, external_knowledge_api_id):
        current_user, current_tenant_id = current_account_with_tenant()
-        external_knowledge_api_id_str = str(external_knowledge_api_id)
+        external_knowledge_api_id = str(external_knowledge_api_id)

        payload = ExternalKnowledgeApiPayload.model_validate(console_ns.payload or {})
        ExternalDatasetService.validate_api_list(payload.settings)
@ -207,7 +200,7 @@ class ExternalApiTemplateApi(Resource):
        external_knowledge_api = ExternalDatasetService.update_external_knowledge_api(
            tenant_id=current_tenant_id,
            user_id=current_user.id,
-            external_knowledge_api_id=external_knowledge_api_id_str,
+            external_knowledge_api_id=external_knowledge_api_id,
            args=payload.model_dump(),
        )

@ -217,15 +210,15 @@ class ExternalApiTemplateApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(204, "External knowledge API deleted successfully")
-    def delete(self, external_knowledge_api_id: UUID):
+    def delete(self, external_knowledge_api_id):
        current_user, current_tenant_id = current_account_with_tenant()
-        external_knowledge_api_id_str = str(external_knowledge_api_id)
+        external_knowledge_api_id = str(external_knowledge_api_id)

        if not (current_user.has_edit_permission or current_user.is_dataset_operator):
            raise Forbidden()

-        ExternalDatasetService.delete_external_knowledge_api(current_tenant_id, external_knowledge_api_id_str)
-        return "", 204
+        ExternalDatasetService.delete_external_knowledge_api(current_tenant_id, external_knowledge_api_id)
+        return {"result": "success"}, 204


@console_ns.route("/datasets/external-knowledge-api/<uuid:external_knowledge_api_id>/use-check")
@ -237,12 +230,12 @@ class ExternalApiUseCheckApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def get(self, external_knowledge_api_id: UUID):
+    def get(self, external_knowledge_api_id):
        _, current_tenant_id = current_account_with_tenant()
-        external_knowledge_api_id_str = str(external_knowledge_api_id)
+        external_knowledge_api_id = str(external_knowledge_api_id)

        external_knowledge_api_is_using, count = ExternalDatasetService.external_knowledge_api_use_check(
-            external_knowledge_api_id_str, current_tenant_id
+            external_knowledge_api_id, current_tenant_id
        )
        return {"is_using": external_knowledge_api_is_using, "count": count}, 200

@ -293,7 +286,7 @@ class ExternalKnowledgeHitTestingApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
--- a/api/controllers/console/datasets/hit_testing.py
+++ b/api/controllers/console/datasets/hit_testing.py
@ -1,12 +1,14 @@
 from __future__ import annotations

-from uuid import UUID
+from datetime import datetime
+from typing import Any

 from flask_restx import Resource
+from pydantic import Field, field_validator

-from controllers.common.schema import register_response_schema_models, register_schema_models
-from fields.hit_testing_fields import HitTestingResponse
-from libs.helper import dump_response
+from controllers.common.schema import register_schema_models
+from fields.base import ResponseModel
+from libs.helper import to_timestamp
 from libs.login import login_required

 from .. import console_ns
@ -17,8 +19,86 @@ from ..wraps import (
    setup_required,
 )

-register_schema_models(console_ns, HitTestingPayload)
-register_response_schema_models(console_ns, HitTestingResponse)
+
+class HitTestingDocument(ResponseModel):
+    id: str | None = None
+    data_source_type: str | None = None
+    name: str | None = None
+    doc_type: str | None = None
+    doc_metadata: Any | None = None
+
+
+class HitTestingSegment(ResponseModel):
+    id: str | None = None
+    position: int | None = None
+    document_id: str | None = None
+    content: str | None = None
+    sign_content: str | None = None
+    answer: str | None = None
+    word_count: int | None = None
+    tokens: int | None = None
+    keywords: list[str] = Field(default_factory=list)
+    index_node_id: str | None = None
+    index_node_hash: str | None = None
+    hit_count: int | None = None
+    enabled: bool | None = None
+    disabled_at: int | None = None
+    disabled_by: str | None = None
+    status: str | None = None
+    created_by: str | None = None
+    created_at: int | None = None
+    indexing_at: int | None = None
+    completed_at: int | None = None
+    error: str | None = None
+    stopped_at: int | None = None
+    document: HitTestingDocument | None = None
+
+    @field_validator("disabled_at", "created_at", "indexing_at", "completed_at", "stopped_at", mode="before")
+    @classmethod
+    def _normalize_timestamp(cls, value: datetime | int | None) -> int | None:
+        return to_timestamp(value)
+
+
+class HitTestingChildChunk(ResponseModel):
+    id: str | None = None
+    content: str | None = None
+    position: int | None = None
+    score: float | None = None
+
+
+class HitTestingFile(ResponseModel):
+    id: str | None = None
+    name: str | None = None
+    size: int | None = None
+    extension: str | None = None
+    mime_type: str | None = None
+    source_url: str | None = None
+
+
+class HitTestingRecord(ResponseModel):
+    segment: HitTestingSegment | None = None
+    child_chunks: list[HitTestingChildChunk] = Field(default_factory=list)
+    score: float | None = None
+    tsne_position: Any | None = None
+    files: list[HitTestingFile] = Field(default_factory=list)
+    summary: str | None = None
+
+
+class HitTestingResponse(ResponseModel):
+    query: str
+    records: list[HitTestingRecord] = Field(default_factory=list)
+
+
+register_schema_models(
+    console_ns,
+    HitTestingPayload,
+    HitTestingDocument,
+    HitTestingSegment,
+    HitTestingChildChunk,
+    HitTestingFile,
+    HitTestingRecord,
+    HitTestingResponse,
+)


@console_ns.route("/datasets/<uuid:dataset_id>/hit-testing")
@ -38,11 +118,12 @@ class HitTestingApi(Resource, DatasetsHitTestingBase):
    @login_required
    @account_initialization_required
    @cloud_edition_billing_rate_limit_check("knowledge")
-    def post(self, dataset_id: UUID) -> dict[str, object]:
+    def post(self, dataset_id):
        dataset_id_str = str(dataset_id)

        dataset = self.get_and_validate_dataset(dataset_id_str)
-        args = self.parse_args(console_ns.payload)
+        payload = HitTestingPayload.model_validate(console_ns.payload or {})
+        args = payload.model_dump(exclude_none=True)
        self.hit_testing_args_check(args)

-        return dump_response(HitTestingResponse, self.perform_hit_testing(dataset, args))
+        return HitTestingResponse.model_validate(self.perform_hit_testing(dataset, args)).model_dump(mode="json")
--- a/api/controllers/console/datasets/hit_testing_base.py
+++ b/api/controllers/console/datasets/hit_testing_base.py
@ -1,6 +1,7 @@
 import logging
-from typing import Any, cast
+from typing import Any

+from flask_restx import marshal
 from pydantic import BaseModel, Field
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound

@ -18,10 +19,10 @@ from core.errors.error import (
    ProviderTokenNotInitError,
    QuotaExceededError,
 )
+from fields.hit_testing_fields import hit_testing_record_fields
 from graphon.model_runtime.errors.invoke import InvokeError
 from libs.login import current_user
 from models.account import Account
-from models.dataset import Dataset
 from services.dataset_service import DatasetService
 from services.entities.knowledge_entities.knowledge_entities import RetrievalModel
 from services.hit_testing_service import HitTestingService
@ -37,6 +38,16 @@ class HitTestingPayload(BaseModel):


 class DatasetsHitTestingBase:
+    @staticmethod
+    def _extract_hit_testing_query(query: Any) -> str:
+        """Return the query string from the service response shape."""
+        if isinstance(query, dict):
+            content = query.get("content")
+            if isinstance(content, str):
+                return content
+
+        raise ValueError("Invalid hit testing query response")
+
    @staticmethod
    def _prepare_hit_testing_records(records: Any) -> list[dict[str, Any]]:
        """Ensure collection fields match the API schema before response validation."""
@ -52,7 +63,6 @@ class DatasetsHitTestingBase:
            segment = normalized_record.get("segment")
            if isinstance(segment, dict):
                normalized_segment = dict(segment)
-                normalized_segment.setdefault("sign_content", None)
                if normalized_segment.get("keywords") is None:
                    normalized_segment["keywords"] = []
                normalized_record["segment"] = normalized_segment
@ -63,15 +73,12 @@ class DatasetsHitTestingBase:
            if normalized_record.get("files") is None:
                normalized_record["files"] = []

-            normalized_record.setdefault("tsne_position", None)
-            normalized_record.setdefault("summary", None)
-
            normalized_records.append(normalized_record)

        return normalized_records

    @staticmethod
-    def get_and_validate_dataset(dataset_id: str) -> Dataset:
+    def get_and_validate_dataset(dataset_id: str):
        assert isinstance(current_user, Account)
        dataset = DatasetService.get_dataset(dataset_id)
        if dataset is None:
@ -85,35 +92,33 @@ class DatasetsHitTestingBase:
        return dataset

    @staticmethod
-    def hit_testing_args_check(args: dict[str, Any]) -> None:
+    def hit_testing_args_check(args: dict[str, Any]):
        HitTestingService.hit_testing_args_check(args)

    @staticmethod
-    def parse_args(payload: dict[str, Any] | None) -> dict[str, Any]:
+    def parse_args(payload: dict[str, Any]) -> dict[str, Any]:
        """Validate and return hit-testing arguments from an incoming payload."""
        hit_testing_payload = HitTestingPayload.model_validate(payload or {})
        return hit_testing_payload.model_dump(exclude_none=True)

    @staticmethod
-    def perform_hit_testing(dataset: Dataset, args: dict[str, Any]) -> dict[str, Any]:
+    def perform_hit_testing(dataset, args):
        assert isinstance(current_user, Account)
        try:
            response = HitTestingService.retrieve(
                dataset=dataset,
-                query=cast(str, args.get("query")),
+                query=args.get("query"),
                account=current_user,
                retrieval_model=args.get("retrieval_model"),
-                external_retrieval_model=cast(dict[str, Any], args.get("external_retrieval_model")),
+                external_retrieval_model=args.get("external_retrieval_model"),
                attachment_ids=args.get("attachment_ids"),
                limit=10,
            )
-            query = response.get("query")
-            if not isinstance(query, dict) or not isinstance(query.get("content"), str):
-                raise ValueError("Invalid hit testing query response")
-
            return {
-                "query": {"content": query["content"]},
-                "records": DatasetsHitTestingBase._prepare_hit_testing_records(response.get("records", [])),
+                "query": DatasetsHitTestingBase._extract_hit_testing_query(response.get("query")),
+                "records": DatasetsHitTestingBase._prepare_hit_testing_records(
+                    marshal(response.get("records", []), hit_testing_record_fields)
+                ),
            }
        except services.errors.index.IndexNotInitializedError:
            raise DatasetNotInitializedError()
--- a/api/controllers/console/datasets/metadata.py
+++ b/api/controllers/console/datasets/metadata.py
@ -1,19 +1,14 @@
 from typing import Literal
-from uuid import UUID

-from flask_restx import Resource
+from flask_restx import Resource, marshal_with
 from werkzeug.exceptions import NotFound

 from controllers.common.controller_schemas import MetadataUpdatePayload
+from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
 from controllers.console.wraps import account_initialization_required, enterprise_license_required, setup_required
-from fields.dataset_fields import (
-    DatasetMetadataBuiltInFieldsResponse,
-    DatasetMetadataListResponse,
-    DatasetMetadataResponse,
-)
-from libs.helper import dump_response
+from fields.dataset_fields import dataset_metadata_fields
 from libs.login import current_account_with_tenant, login_required
 from services.dataset_service import DatasetService
 from services.entities.knowledge_entities.knowledge_entities import (
@ -27,12 +22,7 @@ from services.metadata_service import MetadataService
 register_schema_models(
    console_ns, MetadataArgs, MetadataOperationData, MetadataUpdatePayload, DocumentMetadataOperation, MetadataDetail
 )
-register_response_schema_models(
-    console_ns,
-    DatasetMetadataBuiltInFieldsResponse,
-    DatasetMetadataListResponse,
-    DatasetMetadataResponse,
-)
+register_response_schema_models(console_ns, SimpleResultResponse)


@console_ns.route("/datasets/<uuid:dataset_id>/metadata")
@ -41,9 +31,9 @@ class DatasetMetadataCreateApi(Resource):
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @console_ns.response(201, "Metadata created successfully", console_ns.models[DatasetMetadataResponse.__name__])
+    @marshal_with(dataset_metadata_fields)
    @console_ns.expect(console_ns.models[MetadataArgs.__name__])
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        metadata_args = MetadataArgs.model_validate(console_ns.payload or {})

@ -54,22 +44,18 @@ class DatasetMetadataCreateApi(Resource):
        DatasetService.check_dataset_permission(dataset, current_user)

        metadata = MetadataService.create_metadata(dataset_id_str, metadata_args)
-        return dump_response(DatasetMetadataResponse, metadata), 201
+        return metadata, 201

    @setup_required
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @console_ns.response(
-        200, "Metadata retrieved successfully", console_ns.models[DatasetMetadataListResponse.__name__]
-    )
-    def get(self, dataset_id: UUID):
+    def get(self, dataset_id):
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
        if dataset is None:
            raise NotFound("Dataset not found.")
-        metadata = MetadataService.get_dataset_metadatas(dataset)
-        return dump_response(DatasetMetadataListResponse, metadata), 200
+        return MetadataService.get_dataset_metadatas(dataset), 200


@console_ns.route("/datasets/<uuid:dataset_id>/metadata/<uuid:metadata_id>")
@ -78,9 +64,9 @@ class DatasetMetadataApi(Resource):
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @console_ns.response(200, "Metadata updated successfully", console_ns.models[DatasetMetadataResponse.__name__])
+    @marshal_with(dataset_metadata_fields)
    @console_ns.expect(console_ns.models[MetadataUpdatePayload.__name__])
-    def patch(self, dataset_id: UUID, metadata_id: UUID):
+    def patch(self, dataset_id, metadata_id):
        current_user, _ = current_account_with_tenant()
        payload = MetadataUpdatePayload.model_validate(console_ns.payload or {})
        name = payload.name
@ -93,14 +79,14 @@ class DatasetMetadataApi(Resource):
        DatasetService.check_dataset_permission(dataset, current_user)

        metadata = MetadataService.update_metadata_name(dataset_id_str, metadata_id_str, name)
-        return dump_response(DatasetMetadataResponse, metadata), 200
+        return metadata, 200

    @setup_required
    @login_required
    @account_initialization_required
    @enterprise_license_required
    @console_ns.response(204, "Metadata deleted successfully")
-    def delete(self, dataset_id: UUID, metadata_id: UUID):
+    def delete(self, dataset_id, metadata_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        metadata_id_str = str(metadata_id)
@ -110,8 +96,7 @@ class DatasetMetadataApi(Resource):
        DatasetService.check_dataset_permission(dataset, current_user)

        MetadataService.delete_metadata(dataset_id_str, metadata_id_str)
-        # Frontend callers only await success and invalidate metadata caches; no response body is consumed.
-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/datasets/metadata/built-in")
@ -120,14 +105,9 @@ class DatasetMetadataBuiltInFieldApi(Resource):
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @console_ns.response(
-        200,
-        "Built-in fields retrieved successfully",
-        console_ns.models[DatasetMetadataBuiltInFieldsResponse.__name__],
-    )
    def get(self):
        built_in_fields = MetadataService.get_built_in_fields()
-        return dump_response(DatasetMetadataBuiltInFieldsResponse, {"fields": built_in_fields}), 200
+        return {"fields": built_in_fields}, 200


@console_ns.route("/datasets/<uuid:dataset_id>/metadata/built-in/<string:action>")
@ -136,8 +116,8 @@ class DatasetMetadataBuiltInFieldActionApi(Resource):
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @console_ns.response(204, "Action completed successfully")
-    def post(self, dataset_id: UUID, action: Literal["enable", "disable"]):
+    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
+    def post(self, dataset_id, action: Literal["enable", "disable"]):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -150,8 +130,7 @@ class DatasetMetadataBuiltInFieldActionApi(Resource):
                MetadataService.enable_built_in_field(dataset)
            case "disable":
                MetadataService.disable_built_in_field(dataset)
-        # Frontend callers only await success and invalidate metadata caches; no response body is consumed.
-        return "", 204
+        return {"result": "success"}, 200


@console_ns.route("/datasets/<uuid:dataset_id>/documents/metadata")
@ -161,11 +140,8 @@ class DocumentMetadataEditApi(Resource):
    @account_initialization_required
    @enterprise_license_required
    @console_ns.expect(console_ns.models[MetadataOperationData.__name__])
-    @console_ns.response(
-        204,
-        "Documents metadata updated successfully",
-    )
-    def post(self, dataset_id: UUID):
+    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
+    def post(self, dataset_id):
        current_user, _ = current_account_with_tenant()
        dataset_id_str = str(dataset_id)
        dataset = DatasetService.get_dataset(dataset_id_str)
@ -177,5 +153,4 @@ class DocumentMetadataEditApi(Resource):

        MetadataService.update_documents_metadata(dataset, metadata_args)

-        # Frontend callers only await success and invalidate caches; no response body is consumed.
-        return "", 204
+        return {"result": "success"}, 200
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_datasets.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_datasets.py
@ -1,6 +1,6 @@
 from flask_restx import Resource, marshal
 from pydantic import BaseModel
-from sqlalchemy.orm import Session
+from sqlalchemy.orm import sessionmaker
 from werkzeug.exceptions import Forbidden

 import services
@ -54,13 +54,12 @@ class CreateRagPipelineDatasetApi(Resource):
            yaml_content=payload.yaml_content,
        )
        try:
-            with Session(db.engine, expire_on_commit=False) as session:
+            with sessionmaker(db.engine).begin() as session:
                rag_pipeline_dsl_service = RagPipelineDslService(session)
                import_info = rag_pipeline_dsl_service.create_rag_pipeline_dataset(
                    tenant_id=current_tenant_id,
                    rag_pipeline_dataset_create_entity=rag_pipeline_dataset_create_entity,
                )
-                session.commit()
            if rag_pipeline_dataset_create_entity.permission == "partial_members":
                DatasetPermissionService.update_partial_member_list(
                    current_tenant_id,
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_draft_variable.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_draft_variable.py
@ -1,7 +1,6 @@
 import logging
 from collections.abc import Callable
 from typing import Any, NoReturn
-from uuid import UUID

 from flask import Response, request
 from flask_restx import Resource, marshal, marshal_with
@ -169,22 +168,21 @@ class RagPipelineVariableApi(Resource):

    @_api_prerequisite
    @marshal_with(workflow_draft_variable_model)
-    def get(self, pipeline: Pipeline, variable_id: UUID):
+    def get(self, pipeline: Pipeline, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
-        variable_id_str = str(variable_id)
-        variable = draft_var_srv.get_variable(variable_id=variable_id_str)
+        variable = draft_var_srv.get_variable(variable_id=variable_id)
        if variable is None:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        if variable.app_id != pipeline.id:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        return variable

    @_api_prerequisite
    @marshal_with(workflow_draft_variable_model)
    @console_ns.expect(console_ns.models[WorkflowDraftVariablePatchPayload.__name__])
-    def patch(self, pipeline: Pipeline, variable_id: UUID):
+    def patch(self, pipeline: Pipeline, variable_id: str):
        # Request payload for file types:
        #
        # Local File:
@ -212,12 +210,11 @@ class RagPipelineVariableApi(Resource):
        payload = WorkflowDraftVariablePatchPayload.model_validate(console_ns.payload or {})
        args = payload.model_dump(exclude_none=True)

-        variable_id_str = str(variable_id)
-        variable = draft_var_srv.get_variable(variable_id=variable_id_str)
+        variable = draft_var_srv.get_variable(variable_id=variable_id)
        if variable is None:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        if variable.app_id != pipeline.id:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")

        new_name = args.get(self._PATCH_NAME_FIELD, None)
        raw_value = args.get(self._PATCH_VALUE_FIELD, None)
@ -253,16 +250,15 @@ class RagPipelineVariableApi(Resource):
        return variable

    @_api_prerequisite
-    def delete(self, pipeline: Pipeline, variable_id: UUID):
+    def delete(self, pipeline: Pipeline, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
-        variable_id_str = str(variable_id)
-        variable = draft_var_srv.get_variable(variable_id=variable_id_str)
+        variable = draft_var_srv.get_variable(variable_id=variable_id)
        if variable is None:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        if variable.app_id != pipeline.id:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        draft_var_srv.delete_variable(variable)
        db.session.commit()
        return Response("", 204)
@ -271,7 +267,7 @@ class RagPipelineVariableApi(Resource):
@console_ns.route("/rag/pipelines/<uuid:pipeline_id>/workflows/draft/variables/<uuid:variable_id>/reset")
 class RagPipelineVariableResetApi(Resource):
    @_api_prerequisite
-    def put(self, pipeline: Pipeline, variable_id: UUID):
+    def put(self, pipeline: Pipeline, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
            session=db.session(),
        )
@ -282,12 +278,11 @@ class RagPipelineVariableResetApi(Resource):
            raise NotFoundError(
                f"Draft workflow not found, pipeline_id={pipeline.id}",
            )
-        variable_id_str = str(variable_id)
-        variable = draft_var_srv.get_variable(variable_id=variable_id_str)
+        variable = draft_var_srv.get_variable(variable_id=variable_id)
        if variable is None:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")
        if variable.app_id != pipeline.id:
-            raise NotFoundError(description=f"variable not found, id={variable_id_str}")
+            raise NotFoundError(description=f"variable not found, id={variable_id}")

        resetted = draft_var_srv.reset_variable(draft_workflow, variable)
        db.session.commit()
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_import.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_import.py
@ -1,7 +1,7 @@
 from flask import request
 from flask_restx import Resource, fields, marshal_with  # type: ignore
 from pydantic import BaseModel, Field
-from sqlalchemy.orm import Session
+from sqlalchemy.orm import sessionmaker

 from controllers.common.schema import get_or_create_model, register_schema_models
 from controllers.console import console_ns
@ -67,12 +67,10 @@ class RagPipelineImportApi(Resource):
        current_user, _ = current_account_with_tenant()
        payload = RagPipelineImportPayload.model_validate(console_ns.payload or {})

-        # Use a plain Session so that caught exceptions inside the service
-        # (which return FAILED status instead of re-raising) do not leave the
-        # transaction in a closed state that a .begin() context manager cannot
-        # handle.  See app_import.py for the canonical pattern.
-        with Session(db.engine, expire_on_commit=False) as session:
+        # Create service with session
+        with sessionmaker(db.engine).begin() as session:
            import_service = RagPipelineDslService(session)
+            # Import app
            account = current_user
            result = import_service.import_rag_pipeline(
                account=account,
@ -82,10 +80,6 @@ class RagPipelineImportApi(Resource):
                pipeline_id=payload.pipeline_id,
                dataset_name=payload.name,
            )
-            if result.status == ImportStatus.FAILED:
-                session.rollback()
-            else:
-                session.commit()

        # Return appropriate status code based on result
        status = result.status
@ -105,17 +99,15 @@ class RagPipelineImportConfirmApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @marshal_with(pipeline_import_model)
-    def post(self, import_id: str):
+    def post(self, import_id):
        current_user, _ = current_account_with_tenant()

-        with Session(db.engine, expire_on_commit=False) as session:
+        # Create service with session
+        with sessionmaker(db.engine).begin() as session:
            import_service = RagPipelineDslService(session)
+            # Confirm import
            account = current_user
            result = import_service.confirm_import(import_id=import_id, account=account)
-            if result.status == ImportStatus.FAILED:
-                session.rollback()
-            else:
-                session.commit()

        # Return appropriate status code based on result
        if result.status == ImportStatus.FAILED:
@ -132,7 +124,7 @@ class RagPipelineImportCheckDependenciesApi(Resource):
    @edit_permission_required
    @marshal_with(pipeline_import_check_dependencies_model)
    def get(self, pipeline: Pipeline):
-        with Session(db.engine, expire_on_commit=False) as session:
+        with sessionmaker(db.engine).begin() as session:
            import_service = RagPipelineDslService(session)
            result = import_service.check_dependencies(pipeline=pipeline)

@ -150,7 +142,7 @@ class RagPipelineExportApi(Resource):
        # Add include_secret params
        query = IncludeSecretQuery.model_validate(request.args.to_dict())

-        with Session(db.engine, expire_on_commit=False) as session:
+        with sessionmaker(db.engine).begin() as session:
            export_service = RagPipelineDslService(session)
            result = export_service.export_rag_pipeline_dsl(
                pipeline=pipeline, include_secret=query.include_secret == "true"
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
@ -1,7 +1,6 @@
 import json
 import logging
 from typing import Any, Literal, cast
-from uuid import UUID

 from flask import abort, request
 from flask_restx import Resource
@ -876,14 +875,14 @@ class RagPipelineWorkflowRunDetailApi(Resource):
    @login_required
    @account_initialization_required
    @get_rag_pipeline
-    def get(self, pipeline: Pipeline, run_id: UUID):
+    def get(self, pipeline: Pipeline, run_id):
        """
        Get workflow run detail
        """
-        run_id_str = str(run_id)
+        run_id = str(run_id)

        rag_pipeline_service = RagPipelineService()
-        workflow_run = rag_pipeline_service.get_rag_pipeline_workflow_run(pipeline=pipeline, run_id=run_id_str)
+        workflow_run = rag_pipeline_service.get_rag_pipeline_workflow_run(pipeline=pipeline, run_id=run_id)
        if workflow_run is None:
            raise NotFound("Workflow run not found")

@ -901,17 +900,17 @@ class RagPipelineWorkflowRunNodeExecutionListApi(Resource):
    @login_required
    @account_initialization_required
    @get_rag_pipeline
-    def get(self, pipeline: Pipeline, run_id: UUID):
+    def get(self, pipeline: Pipeline, run_id: str):
        """
        Get workflow run node execution list
        """
-        run_id_str = str(run_id)
+        run_id = str(run_id)

        rag_pipeline_service = RagPipelineService()
        user = cast("Account | EndUser", current_user)
        node_executions = rag_pipeline_service.get_rag_pipeline_workflow_run_node_executions(
            pipeline=pipeline,
-            run_id=run_id_str,
+            run_id=run_id,
            user=user,
        )

@ -961,15 +960,15 @@ class RagPipelineTransformApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def post(self, dataset_id: UUID):
+    def post(self, dataset_id: str):
        current_user, _ = current_account_with_tenant()

        if not (current_user.has_edit_permission or current_user.is_dataset_operator):
            raise Forbidden()

-        dataset_id_str = str(dataset_id)
+        dataset_id = str(dataset_id)
        rag_pipeline_transform_service = RagPipelineTransformService()
-        result = rag_pipeline_transform_service.transform_dataset(dataset_id_str)
+        result = rag_pipeline_transform_service.transform_dataset(dataset_id)
        return result


--- a/api/controllers/console/explore/audio.py
+++ b/api/controllers/console/explore/audio.py
@ -20,7 +20,6 @@ from controllers.console.app.error import (
 from controllers.console.explore.wraps import InstalledAppResource
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from graphon.model_runtime.errors.invoke import InvokeError
-from models.model import InstalledApp
 from services.audio_service import AudioService
 from services.errors.audio import (
    AudioTooLargeServiceError,
@ -41,10 +40,8 @@ register_schema_model(console_ns, TextToAudioPayload)
    endpoint="installed_app_audio",
 )
 class ChatAudioApi(InstalledAppResource):
-    def post(self, installed_app: InstalledApp):
+    def post(self, installed_app):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()

        file = request.files["file"]

@ -84,10 +81,8 @@ class ChatAudioApi(InstalledAppResource):
 )
 class ChatTextApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[TextToAudioPayload.__name__])
-    def post(self, installed_app: InstalledApp):
+    def post(self, installed_app):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        try:
            payload = TextToAudioPayload.model_validate(console_ns.payload or {})

--- a/api/controllers/console/explore/completion.py
+++ b/api/controllers/console/explore/completion.py
@ -31,7 +31,7 @@ from libs import helper
 from libs.datetime_utils import naive_utc_now
 from libs.login import current_user
 from models import Account
-from models.model import AppMode, InstalledApp
+from models.model import AppMode
 from services.app_generate_service import AppGenerateService
 from services.app_task_service import AppTaskService
 from services.errors.llm import InvokeRateLimitError
@ -83,10 +83,8 @@ register_response_schema_models(console_ns, SimpleResultResponse)
 )
 class CompletionApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[CompletionMessageExplorePayload.__name__])
-    def post(self, installed_app: InstalledApp):
+    def post(self, installed_app):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        if app_model.mode != AppMode.COMPLETION:
            raise NotCompletionAppError()

@ -135,10 +133,8 @@ class CompletionApi(InstalledAppResource):
 )
 class CompletionStopApi(InstalledAppResource):
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def post(self, installed_app: InstalledApp, task_id: str):
+    def post(self, installed_app, task_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        if app_model.mode != AppMode.COMPLETION:
            raise NotCompletionAppError()

@ -161,10 +157,8 @@ class CompletionStopApi(InstalledAppResource):
 )
 class ChatApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[ChatMessagePayload.__name__])
-    def post(self, installed_app: InstalledApp):
+    def post(self, installed_app):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
@ -215,10 +209,8 @@ class ChatApi(InstalledAppResource):
 )
 class ChatStopApi(InstalledAppResource):
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def post(self, installed_app: InstalledApp, task_id: str):
+    def post(self, installed_app, task_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
--- a/api/controllers/console/explore/conversation.py
+++ b/api/controllers/console/explore/conversation.py
@ -1,5 +1,4 @@
 from typing import Any
-from uuid import UUID

 from flask import request
 from pydantic import BaseModel, Field, TypeAdapter
@ -8,7 +7,6 @@ from werkzeug.exceptions import NotFound

 from controllers.common.controller_schemas import ConversationRenamePayload
 from controllers.common.schema import register_response_schema_models, register_schema_models
-from controllers.console.app.error import AppUnavailableError
 from controllers.console.explore.error import NotChatAppError
 from controllers.console.explore.wraps import InstalledAppResource
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -21,7 +19,7 @@ from fields.conversation_fields import (
 from libs.helper import UUIDStrOrEmpty
 from libs.login import current_user
 from models import Account
-from models.model import AppMode, InstalledApp
+from models.model import AppMode
 from services.conversation_service import ConversationService
 from services.errors.conversation import ConversationNotExistsError, LastConversationNotExistsError
 from services.web_conversation_service import WebConversationService
@ -45,10 +43,8 @@ register_response_schema_models(console_ns, ResultResponse)
 )
 class ConversationListApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[ConversationListQuery.__name__])
-    def get(self, installed_app: InstalledApp):
+    def get(self, installed_app):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
@ -95,10 +91,8 @@ class ConversationListApi(InstalledAppResource):
 )
 class ConversationApi(InstalledAppResource):
    @console_ns.response(204, "Conversation deleted successfully")
-    def delete(self, installed_app: InstalledApp, c_id: UUID):
+    def delete(self, installed_app, c_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
@ -111,7 +105,7 @@ class ConversationApi(InstalledAppResource):
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")

-        return "", 204
+        return ResultResponse(result="success").model_dump(mode="json"), 204


@console_ns.route(
@ -120,10 +114,8 @@ class ConversationApi(InstalledAppResource):
 )
 class ConversationRenameApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[ConversationRenamePayload.__name__])
-    def post(self, installed_app: InstalledApp, c_id: UUID):
+    def post(self, installed_app, c_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
@ -153,10 +145,8 @@ class ConversationRenameApi(InstalledAppResource):
 )
 class ConversationPinApi(InstalledAppResource):
    @console_ns.response(200, "Success", console_ns.models[ResultResponse.__name__])
-    def patch(self, installed_app: InstalledApp, c_id: UUID):
+    def patch(self, installed_app, c_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
@ -179,10 +169,8 @@ class ConversationPinApi(InstalledAppResource):
 )
 class ConversationUnPinApi(InstalledAppResource):
    @console_ns.response(200, "Success", console_ns.models[ResultResponse.__name__])
-    def patch(self, installed_app: InstalledApp, c_id: UUID):
+    def patch(self, installed_app, c_id):
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()
--- a/api/controllers/console/explore/installed_app.py
+++ b/api/controllers/console/explore/installed_app.py
@ -262,7 +262,7 @@ class InstalledAppApi(InstalledAppResource):
    """

    @console_ns.response(204, "App uninstalled successfully")
-    def delete(self, installed_app: InstalledApp):
+    def delete(self, installed_app):
        _, current_tenant_id = current_account_with_tenant()
        if installed_app.app_owner_tenant_id == current_tenant_id:
            raise BadRequest("You can't uninstall an app owned by the current tenant")
@ -270,10 +270,10 @@ class InstalledAppApi(InstalledAppResource):
        db.session.delete(installed_app)
        db.session.commit()

-        return "", 204
+        return {"result": "success", "message": "App uninstalled successfully"}, 204

    @console_ns.response(200, "Success", console_ns.models[SimpleResultMessageResponse.__name__])
-    def patch(self, installed_app: InstalledApp):
+    def patch(self, installed_app):
        payload = InstalledAppUpdatePayload.model_validate(console_ns.payload or {})

        commit_args = False
--- a/api/controllers/console/explore/message.py
+++ b/api/controllers/console/explore/message.py
@ -1,6 +1,5 @@
 import logging
 from typing import Literal
-from uuid import UUID

 from flask import request
 from pydantic import BaseModel, TypeAdapter
@ -10,7 +9,6 @@ from controllers.common.controller_schemas import MessageFeedbackPayload, Messag
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console.app.error import (
    AppMoreLikeThisDisabledError,
-    AppUnavailableError,
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
    ProviderNotInitializeError,
@ -22,16 +20,15 @@ from controllers.console.explore.error import (
    NotCompletionAppError,
 )
 from controllers.console.explore.wraps import InstalledAppResource
-from controllers.console.wraps import with_current_user
 from core.app.entities.app_invoke_entities import InvokeFrom
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
 from fields.conversation_fields import ResultResponse
 from fields.message_fields import MessageInfiniteScrollPagination, MessageListItem, SuggestedQuestionsResponse
 from graphon.model_runtime.errors.invoke import InvokeError
 from libs import helper
-from models import Account
+from libs.login import current_account_with_tenant
 from models.enums import FeedbackRating
-from models.model import AppMode, InstalledApp
+from models.model import AppMode
 from services.app_generate_service import AppGenerateService
 from services.errors.app import MoreLikeThisDisabledError
 from services.errors.conversation import ConversationNotExistsError
@ -61,11 +58,9 @@ register_response_schema_models(console_ns, ResultResponse, SuggestedQuestionsRe
 )
 class MessageListApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[MessageListQuery.__name__])
-    @with_current_user
-    def get(self, current_user: Account, installed_app: InstalledApp):
+    def get(self, installed_app):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()

        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
@ -100,20 +95,18 @@ class MessageListApi(InstalledAppResource):
 class MessageFeedbackApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[MessageFeedbackPayload.__name__])
    @console_ns.response(200, "Feedback submitted successfully", console_ns.models[ResultResponse.__name__])
-    @with_current_user
-    def post(self, current_user: Account, installed_app: InstalledApp, message_id: UUID):
+    def post(self, installed_app, message_id):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()

-        message_id_str = str(message_id)
+        message_id = str(message_id)

        payload = MessageFeedbackPayload.model_validate(console_ns.payload or {})

        try:
            MessageService.create_feedback(
                app_model=app_model,
-                message_id=message_id_str,
+                message_id=message_id,
                user=current_user,
                rating=FeedbackRating(payload.rating) if payload.rating else None,
                content=payload.content,
@ -130,15 +123,13 @@ class MessageFeedbackApi(InstalledAppResource):
 )
 class MessageMoreLikeThisApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[MoreLikeThisQuery.__name__])
-    @with_current_user
-    def get(self, current_user: Account, installed_app: InstalledApp, message_id: UUID):
+    def get(self, installed_app, message_id):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        if app_model.mode != "completion":
            raise NotCompletionAppError()

-        message_id_str = str(message_id)
+        message_id = str(message_id)

        args = MoreLikeThisQuery.model_validate(request.args.to_dict())

@ -148,7 +139,7 @@ class MessageMoreLikeThisApi(InstalledAppResource):
            response = AppGenerateService.generate_more_like_this(
                app_model=app_model,
                user=current_user,
-                message_id=message_id_str,
+                message_id=message_id,
                invoke_from=InvokeFrom.EXPLORE,
                streaming=streaming,
            )
@ -178,20 +169,18 @@ class MessageMoreLikeThisApi(InstalledAppResource):
 )
 class MessageSuggestedQuestionApi(InstalledAppResource):
    @console_ns.response(200, "Success", console_ns.models[SuggestedQuestionsResponse.__name__])
-    @with_current_user
-    def get(self, current_user: Account, installed_app: InstalledApp, message_id: UUID):
+    def get(self, installed_app, message_id):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode not in {AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT}:
            raise NotChatAppError()

-        message_id_str = str(message_id)
+        message_id = str(message_id)

        try:
            questions = MessageService.get_suggested_questions_after_answer(
-                app_model=app_model, user=current_user, message_id=message_id_str, invoke_from=InvokeFrom.EXPLORE
+                app_model=app_model, user=current_user, message_id=message_id, invoke_from=InvokeFrom.EXPLORE
            )
        except MessageNotExistsError:
            raise NotFound("Message not found")
--- a/api/controllers/console/explore/saved_message.py
+++ b/api/controllers/console/explore/saved_message.py
@ -1,5 +1,3 @@
-from uuid import UUID
-
 from flask import request
 from pydantic import TypeAdapter
 from werkzeug.exceptions import NotFound
@ -7,14 +5,11 @@ from werkzeug.exceptions import NotFound
 from controllers.common.controller_schemas import SavedMessageCreatePayload, SavedMessageListQuery
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.app.error import AppUnavailableError
 from controllers.console.explore.error import NotCompletionAppError
 from controllers.console.explore.wraps import InstalledAppResource
-from controllers.console.wraps import with_current_user
 from fields.conversation_fields import ResultResponse
 from fields.message_fields import SavedMessageInfiniteScrollPagination, SavedMessageItem
-from models import Account
-from models.model import InstalledApp
+from libs.login import current_account_with_tenant
 from services.errors.message import MessageNotExistsError
 from services.saved_message_service import SavedMessageService

@ -25,11 +20,9 @@ register_response_schema_models(console_ns, ResultResponse)
@console_ns.route("/installed-apps/<uuid:installed_app_id>/saved-messages", endpoint="installed_app_saved_messages")
 class SavedMessageListApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[SavedMessageListQuery.__name__])
-    @with_current_user
-    def get(self, current_user: Account, installed_app: InstalledApp):
+    def get(self, installed_app):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        if app_model.mode != "completion":
            raise NotCompletionAppError()

@ -51,11 +44,9 @@ class SavedMessageListApi(InstalledAppResource):

    @console_ns.expect(console_ns.models[SavedMessageCreatePayload.__name__])
    @console_ns.response(200, "Success", console_ns.models[ResultResponse.__name__])
-    @with_current_user
-    def post(self, current_user: Account, installed_app: InstalledApp):
+    def post(self, installed_app):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()
        if app_model.mode != "completion":
            raise NotCompletionAppError()

@ -74,17 +65,15 @@ class SavedMessageListApi(InstalledAppResource):
 )
 class SavedMessageApi(InstalledAppResource):
    @console_ns.response(204, "Saved message deleted successfully")
-    @with_current_user
-    def delete(self, current_user: Account, installed_app: InstalledApp, message_id: UUID):
+    def delete(self, installed_app, message_id):
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
-        if app_model is None:
-            raise AppUnavailableError()

-        message_id_str = str(message_id)
+        message_id = str(message_id)

        if app_model.mode != "completion":
            raise NotCompletionAppError()

-        SavedMessageService.delete(app_model, current_user, message_id_str)
+        SavedMessageService.delete(app_model, current_user, message_id)

-        return "", 204
+        return ResultResponse(result="success").model_dump(mode="json"), 204
--- a/api/controllers/console/explore/workflow.py
+++ b/api/controllers/console/explore/workflow.py
@ -13,7 +13,6 @@ from controllers.console.app.error import (
 )
 from controllers.console.explore.error import NotWorkflowAppError
 from controllers.console.explore.wraps import InstalledAppResource
-from controllers.console.wraps import with_current_user
 from controllers.web.error import InvokeRateLimitError as InvokeRateLimitHttpError
 from core.app.apps.base_app_queue_manager import AppQueueManager
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -26,7 +25,7 @@ from extensions.ext_redis import redis_client
 from graphon.graph_engine.manager import GraphEngineManager
 from graphon.model_runtime.errors.invoke import InvokeError
 from libs import helper
-from models import Account
+from libs.login import current_account_with_tenant
 from models.model import AppMode, InstalledApp
 from services.app_generate_service import AppGenerateService
 from services.errors.llm import InvokeRateLimitError
@ -42,11 +41,11 @@ register_response_schema_models(console_ns, SimpleResultResponse)
@console_ns.route("/installed-apps/<uuid:installed_app_id>/workflows/run")
 class InstalledAppWorkflowRunApi(InstalledAppResource):
    @console_ns.expect(console_ns.models[WorkflowRunPayload.__name__])
-    @with_current_user
-    def post(self, current_user: Account, installed_app: InstalledApp):
+    def post(self, installed_app: InstalledApp):
        """
        Run workflow
        """
+        current_user, _ = current_account_with_tenant()
        app_model = installed_app.app
        if not app_model:
            raise NotWorkflowAppError()
--- a/api/controllers/console/extension.py
+++ b/api/controllers/console/extension.py
@ -1,6 +1,5 @@
 from datetime import datetime
 from typing import Any
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -9,14 +8,14 @@ from pydantic import BaseModel, Field, TypeAdapter, field_validator
 from constants import HIDDEN_VALUE
 from fields.base import ResponseModel
 from libs.helper import to_timestamp
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from models.api_based_extension import APIBasedExtension
 from services.api_based_extension_service import APIBasedExtensionService
 from services.code_based_extension_service import CodeBasedExtensionService

 from ..common.schema import DEFAULT_REF_TEMPLATE_SWAGGER_2_0, register_schema_models
 from . import console_ns
-from .wraps import account_initialization_required, setup_required, with_current_tenant_id
+from .wraps import account_initialization_required, setup_required


 class CodeBasedExtensionQuery(BaseModel):
@ -116,11 +115,11 @@ class APIBasedExtensionAPI(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str):
+    def get(self):
+        _, tenant_id = current_account_with_tenant()
        return [
            _serialize_api_based_extension(extension)
-            for extension in APIBasedExtensionService.get_all_by_tenant_id(current_tenant_id)
+            for extension in APIBasedExtensionService.get_all_by_tenant_id(tenant_id)
        ]

    @console_ns.doc("create_api_based_extension")
@ -130,9 +129,9 @@ class APIBasedExtensionAPI(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str):
+    def post(self):
        payload = APIBasedExtensionPayload.model_validate(console_ns.payload or {})
+        _, current_tenant_id = current_account_with_tenant()

        extension_data = APIBasedExtension(
            tenant_id=current_tenant_id,
@ -153,12 +152,12 @@ class APIBasedExtensionDetailAPI(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, id: UUID):
+    def get(self, id):
        api_based_extension_id = str(id)
+        _, tenant_id = current_account_with_tenant()

        return _serialize_api_based_extension(
-            APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id)
+            APIBasedExtensionService.get_with_tenant_id(tenant_id, api_based_extension_id)
        )

    @console_ns.doc("update_api_based_extension")
@ -169,9 +168,9 @@ class APIBasedExtensionDetailAPI(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, id: UUID):
+    def post(self, id):
        api_based_extension_id = str(id)
+        _, current_tenant_id = current_account_with_tenant()

        extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id)

@ -197,12 +196,12 @@ class APIBasedExtensionDetailAPI(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def delete(self, current_tenant_id: str, id: UUID):
+    def delete(self, id):
        api_based_extension_id = str(id)
+        _, current_tenant_id = current_account_with_tenant()

        extension_data_from_db = APIBasedExtensionService.get_with_tenant_id(current_tenant_id, api_based_extension_id)

        APIBasedExtensionService.delete(extension_data_from_db)

-        return "", 204
+        return {"result": "success"}, 204
--- a/api/controllers/console/feature.py
+++ b/api/controllers/console/feature.py
@ -2,13 +2,13 @@ from flask_restx import Resource
 from werkzeug.exceptions import Unauthorized

 from controllers.common.schema import register_response_schema_models
-from libs.login import current_user, login_required
-from services.feature_service import FeatureModel, FeatureService, LimitationModel, SystemFeatureModel
+from libs.login import current_account_with_tenant, current_user, login_required
+from services.feature_service import FeatureModel, FeatureService, SystemFeatureModel

 from . import console_ns
-from .wraps import account_initialization_required, cloud_utm_record, setup_required, with_current_tenant_id
+from .wraps import account_initialization_required, cloud_utm_record, setup_required

-register_response_schema_models(console_ns, FeatureModel, LimitationModel, SystemFeatureModel)
+register_response_schema_models(console_ns, FeatureModel, SystemFeatureModel)


@console_ns.route("/features")
@ -24,34 +24,11 @@ class FeatureApi(Resource):
    @login_required
    @account_initialization_required
    @cloud_utm_record
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str):
+    def get(self):
        """Get feature configuration for current tenant"""
-        payload = FeatureService.get_features(
-            current_tenant_id,
-            exclude_vector_space=True,
-        ).model_dump()
-        payload.pop("vector_space", None)
-        return payload
+        _, current_tenant_id = current_account_with_tenant()

-
-@console_ns.route("/features/vector-space")
-class FeatureVectorSpaceApi(Resource):
-    @console_ns.doc("get_tenant_feature_vector_space")
-    @console_ns.doc(description="Get vector-space usage and limit for current tenant")
-    @console_ns.response(
-        200,
-        "Success",
-        console_ns.models[LimitationModel.__name__],
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @cloud_utm_record
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str):
-        """Get vector-space usage and limit for current tenant"""
-        return FeatureService.get_vector_space(current_tenant_id).model_dump()
+        return FeatureService.get_features(current_tenant_id).model_dump()


@console_ns.route("/system-features")
--- a/api/controllers/console/files.py
+++ b/api/controllers/console/files.py
@ -1,5 +1,4 @@
 from typing import Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -22,13 +21,10 @@ from controllers.console.wraps import (
    account_initialization_required,
    cloud_edition_billing_resource_check,
    setup_required,
-    with_current_tenant_id,
-    with_current_user,
 )
 from extensions.ext_database import db
 from fields.file_fields import FileResponse, UploadConfig
-from libs.login import login_required
-from models import Account
+from libs.login import current_account_with_tenant, login_required
 from services.file_service import FileService

 from . import console_ns
@ -65,8 +61,8 @@ class FileApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("documents")
    @console_ns.response(201, "File uploaded successfully", console_ns.models[FileResponse.__name__])
-    @with_current_user
-    def post(self, current_user: Account):
+    def post(self):
+        current_user, _ = current_account_with_tenant()
        source_str = request.form.get("source")
        source: Literal["datasets"] | None = "datasets" if source_str == "datasets" else None

@ -110,10 +106,10 @@ class FilePreviewApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.response(200, "Success", console_ns.models[TextContentResponse.__name__])
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, file_id: UUID):
-        file_id_str = str(file_id)
-        text = FileService(db.engine).get_file_preview(file_id_str, current_tenant_id)
+    def get(self, file_id):
+        file_id = str(file_id)
+        _, tenant_id = current_account_with_tenant()
+        text = FileService(db.engine).get_file_preview(file_id, tenant_id)
        return {"content": text}


--- a/api/controllers/console/notification.py
+++ b/api/controllers/console/notification.py
@ -8,14 +8,8 @@ from pydantic import BaseModel, Field
 from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_response_schema_models
 from controllers.console import console_ns
-from controllers.console.wraps import (
-    account_initialization_required,
-    only_edition_cloud,
-    setup_required,
-    with_current_user,
-)
-from libs.login import login_required
-from models import Account
+from controllers.console.wraps import account_initialization_required, only_edition_cloud, setup_required
+from libs.login import current_account_with_tenant, login_required
 from services.billing_service import BillingService

 # Notification content is stored under three lang tags.
@ -76,10 +70,11 @@ class NotificationApi(Resource):
    )
    @setup_required
    @login_required
-    @with_current_user
    @account_initialization_required
    @only_edition_cloud
-    def get(self, current_user: Account):
+    def get(self):
+        current_user, _ = current_account_with_tenant()
+
        result = BillingService.get_account_notification(str(current_user.id))

        # Proto JSON uses camelCase field names (Kratos default marshaling).
@ -118,11 +113,11 @@ class NotificationDismissApi(Resource):
    )
    @setup_required
    @login_required
-    @with_current_user
    @account_initialization_required
    @only_edition_cloud
    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    def post(self, current_user: Account):
+    def post(self):
+        current_user, _ = current_account_with_tenant()
        payload = DismissNotificationPayload.model_validate(request.get_json())
        BillingService.dismiss_notification(
            notification_id=payload.notification_id,
--- a/api/controllers/console/remote_files.py
+++ b/api/controllers/console/remote_files.py
@ -1,5 +1,6 @@
+import urllib.parse
+
 import httpx
-from flask import request
 from flask_restx import Resource
 from pydantic import BaseModel, Field

@ -12,13 +13,11 @@ from controllers.common.errors import (
 )
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.wraps import with_current_user
 from core.helper import ssrf_proxy
 from extensions.ext_database import db
 from fields.file_fields import FileWithSignedUrl, RemoteFileInfo
 from graphon.file import helpers as file_helpers
-from libs.login import login_required
-from models import Account
+from libs.login import current_account_with_tenant, login_required
 from services.file_service import FileService


@ -35,7 +34,7 @@ class GetRemoteFileInfo(Resource):
    @console_ns.response(200, "Success", console_ns.models[RemoteFileInfo.__name__])
    @login_required
    def get(self, url: str):
-        decoded_url = helpers.decode_remote_url(url, request.query_string)
+        decoded_url = urllib.parse.unquote(url)
        resp = ssrf_proxy.head(decoded_url)
        if resp.status_code != httpx.codes.OK:
            resp = ssrf_proxy.get(decoded_url, timeout=3)
@ -51,8 +50,7 @@ class RemoteFileUpload(Resource):
    @console_ns.expect(console_ns.models[RemoteFileUploadPayload.__name__])
    @console_ns.response(201, "File uploaded successfully", console_ns.models[FileWithSignedUrl.__name__])
    @login_required
-    @with_current_user
-    def post(self, current_user: Account):
+    def post(self):
        payload = RemoteFileUploadPayload.model_validate(console_ns.payload)
        url = payload.url

@ -77,11 +75,12 @@ class RemoteFileUpload(Resource):
        content = resp.content if resp.request.method == "GET" else ssrf_proxy.get(url).content

        try:
+            user, _ = current_account_with_tenant()
            upload_file = FileService(db.engine).upload_file(
                filename=file_info.filename,
                content=content,
                mimetype=file_info.mimetype,
-                user=current_user,
+                user=user,
                source_url=url,
            )
        except services.errors.file.FileTooLargeError as file_too_large_error:
--- a/api/controllers/console/snippets/payloads.py
+++ b/api/controllers/console/snippets/payloads.py
@ -0,0 +1,164 @@
+import uuid
+from typing import Any, Literal
+
+from pydantic import AliasChoices, BaseModel, Field, field_validator
+
+
+class SnippetListQuery(BaseModel):
+    """Query parameters for listing snippets."""
+
+    page: int = Field(default=1, ge=1, le=99999)
+    limit: int = Field(default=20, ge=1, le=100)
+    keyword: str | None = None
+    is_published: bool | None = Field(default=None, description="Filter by published status")
+    creators: list[str] | None = Field(
+        default=None,
+        description="Filter by creator account IDs",
+        validation_alias=AliasChoices("creators", "creator_id"),
+    )
+    tag_ids: list[str] | None = Field(default=None, description="Filter by tag IDs")
+
+    @field_validator("creators", mode="before")
+    @classmethod
+    def parse_creators(cls, value: object) -> list[str] | None:
+        """Normalize creators filter from query string or list input."""
+        return cls._normalize_string_list(value)
+
+    @field_validator("tag_ids", mode="before")
+    @classmethod
+    def parse_tag_ids(cls, value: object) -> list[str] | None:
+        """Normalize and validate tag IDs from query string or list input."""
+        items = cls._normalize_string_list(value)
+        if not items:
+            return None
+        try:
+            return [str(uuid.UUID(item)) for item in items]
+        except ValueError as exc:
+            raise ValueError("Invalid UUID format in tag_ids.") from exc
+
+    @staticmethod
+    def _normalize_string_list(value: object) -> list[str] | None:
+        if value is None:
+            return None
+        if isinstance(value, str):
+            return [item.strip() for item in value.split(",") if item.strip()] or None
+        if isinstance(value, list):
+            return [str(item).strip() for item in value if str(item).strip()] or None
+        return None
+
+
+class IconInfo(BaseModel):
+    """Icon information model."""
+
+    icon: str | None = None
+    icon_type: Literal["emoji", "image"] | None = None
+    icon_background: str | None = None
+    icon_url: str | None = None
+
+
+class InputFieldDefinition(BaseModel):
+    """Input field definition for snippet parameters."""
+
+    default: str | None = None
+    hint: bool | None = None
+    label: str | None = None
+    max_length: int | None = None
+    options: list[str] | None = None
+    placeholder: str | None = None
+    required: bool | None = None
+    type: str | None = None  # e.g., "text-input"
+
+
+class CreateSnippetPayload(BaseModel):
+    """Payload for creating a new snippet."""
+
+    name: str = Field(..., min_length=1, max_length=255)
+    description: str | None = Field(default=None, max_length=2000)
+    type: Literal["node", "group"] = "node"
+    icon_info: IconInfo | None = None
+    graph: dict[str, Any] | None = None
+    input_fields: list[InputFieldDefinition] | None = Field(default_factory=list)
+
+
+class UpdateSnippetPayload(BaseModel):
+    """Payload for updating a snippet."""
+
+    name: str | None = Field(default=None, min_length=1, max_length=255)
+    description: str | None = Field(default=None, max_length=2000)
+    icon_info: IconInfo | None = None
+
+
+class SnippetDraftSyncPayload(BaseModel):
+    """Payload for syncing snippet draft workflow."""
+
+    graph: dict[str, Any]
+    hash: str | None = None
+    conversation_variables: list[dict[str, Any]] | None = Field(
+        default=None,
+        description="Ignored. Snippet workflows do not persist conversation variables.",
+    )
+    input_fields: list[dict[str, Any]] | None = None
+
+
+class SnippetWorkflowListQuery(BaseModel):
+    """Query parameters for listing snippet published workflows."""
+
+    page: int = Field(default=1, ge=1, le=99999)
+    limit: int = Field(default=10, ge=1, le=100)
+
+
+class WorkflowRunQuery(BaseModel):
+    """Query parameters for workflow runs."""
+
+    last_id: str | None = None
+    limit: int = Field(default=20, ge=1, le=100)
+
+
+class SnippetDraftRunPayload(BaseModel):
+    """Payload for running snippet draft workflow."""
+
+    inputs: dict[str, Any]
+    files: list[dict[str, Any]] | None = None
+
+
+class SnippetDraftNodeRunPayload(BaseModel):
+    """Payload for running a single node in snippet draft workflow."""
+
+    inputs: dict[str, Any]
+    query: str = ""
+    files: list[dict[str, Any]] | None = None
+
+
+class SnippetIterationNodeRunPayload(BaseModel):
+    """Payload for running an iteration node in snippet draft workflow."""
+
+    inputs: dict[str, Any] | None = None
+
+
+class SnippetLoopNodeRunPayload(BaseModel):
+    """Payload for running a loop node in snippet draft workflow."""
+
+    inputs: dict[str, Any] | None = None
+
+
+class PublishWorkflowPayload(BaseModel):
+    """Payload for publishing snippet workflow."""
+
+    knowledge_base_setting: dict[str, Any] | None = None
+
+
+class SnippetImportPayload(BaseModel):
+    """Payload for importing snippet from DSL."""
+
+    mode: str = Field(..., description="Import mode: yaml-content or yaml-url")
+    yaml_content: str | None = Field(default=None, description="YAML content (required for yaml-content mode)")
+    yaml_url: str | None = Field(default=None, description="YAML URL (required for yaml-url mode)")
+    name: str | None = Field(default=None, description="Override snippet name")
+    description: str | None = Field(default=None, description="Override snippet description")
+    snippet_id: str | None = Field(default=None, description="Snippet ID to update (optional)")
+
+
+class IncludeSecretQuery(BaseModel):
+    """Query parameter for including secret variables in export."""
+
+    include_secret: str = Field(default="false", description="Whether to include secret variables")
--- a/api/controllers/console/snippets/snippet_workflow.py
+++ b/api/controllers/console/snippets/snippet_workflow.py
@ -0,0 +1,638 @@
+import logging
+from collections.abc import Callable
+from functools import wraps
+from typing import ParamSpec, TypeVar
+
+from flask import request
+from flask_restx import Resource
+from pydantic import Field
+from sqlalchemy.orm import Session
+from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
+
+from controllers.common.schema import register_response_schema_models, register_schema_models
+from controllers.console import console_ns
+from controllers.console.app.error import DraftWorkflowNotExist, DraftWorkflowNotSync
+from controllers.console.app.workflow import (
+    RESTORE_SOURCE_WORKFLOW_MUST_BE_PUBLISHED_MESSAGE,
+    WorkflowPaginationResponse,
+    WorkflowResponse,
+)
+from controllers.console.snippets.payloads import (
+    PublishWorkflowPayload,
+    SnippetDraftNodeRunPayload,
+    SnippetDraftRunPayload,
+    SnippetDraftSyncPayload,
+    SnippetIterationNodeRunPayload,
+    SnippetLoopNodeRunPayload,
+    SnippetWorkflowListQuery,
+    WorkflowRunQuery,
+)
+from controllers.console.wraps import (
+    account_initialization_required,
+    edit_permission_required,
+    setup_required,
+)
+from core.app.apps.base_app_queue_manager import AppQueueManager
+from core.app.entities.app_invoke_entities import InvokeFrom
+from extensions.ext_database import db
+from extensions.ext_redis import redis_client
+from fields.workflow_run_fields import (
+    WorkflowRunDetailResponse,
+    WorkflowRunNodeExecutionListResponse,
+    WorkflowRunNodeExecutionResponse,
+    WorkflowRunPaginationResponse,
+)
+from graphon.graph_engine.manager import GraphEngineManager
+from libs import helper
+from libs.helper import TimestampField
+from libs.login import current_account_with_tenant, login_required
+from models.snippet import CustomizedSnippet
+from services.errors.app import IsDraftWorkflowError, WorkflowHashNotEqualError, WorkflowNotFoundError
+from services.snippet_generate_service import SnippetGenerateService
+from services.snippet_service import SnippetService
+
+logger = logging.getLogger(__name__)
+
+P = ParamSpec("P")
+R = TypeVar("R")
+
+# Register Pydantic models with Swagger
+class SnippetWorkflowResponse(WorkflowResponse):
+    input_fields: list[dict] = Field(default_factory=list)
+
+
+register_schema_models(
+    console_ns,
+    SnippetDraftSyncPayload,
+    SnippetDraftNodeRunPayload,
+    SnippetDraftRunPayload,
+    SnippetIterationNodeRunPayload,
+    SnippetLoopNodeRunPayload,
+    SnippetWorkflowListQuery,
+    WorkflowRunQuery,
+    PublishWorkflowPayload,
+)
+register_response_schema_models(
+    console_ns,
+    SnippetWorkflowResponse,
+    WorkflowPaginationResponse,
+    WorkflowRunPaginationResponse,
+    WorkflowRunDetailResponse,
+    WorkflowRunNodeExecutionListResponse,
+    WorkflowRunNodeExecutionResponse,
+)
+
+
+class SnippetNotFoundError(Exception):
+    """Snippet not found error."""
+
+    pass
+
+
+def get_snippet(view_func: Callable[P, R]):
+    """Decorator to fetch and validate snippet access."""
+
+    @wraps(view_func)
+    def decorated_view(*args: P.args, **kwargs: P.kwargs):
+        if not kwargs.get("snippet_id"):
+            raise ValueError("missing snippet_id in path parameters")
+
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet_id = str(kwargs.get("snippet_id"))
+        del kwargs["snippet_id"]
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=snippet_id,
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        kwargs["snippet"] = snippet
+
+        return view_func(*args, **kwargs)
+
+    return decorated_view
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft")
+class SnippetDraftWorkflowApi(Resource):
+    @console_ns.doc("get_snippet_draft_workflow")
+    @console_ns.response(200, "Draft workflow retrieved successfully", console_ns.models[SnippetWorkflowResponse.__name__])
+    @console_ns.response(404, "Snippet or draft workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def get(self, snippet: CustomizedSnippet):
+        """Get draft workflow for snippet."""
+        snippet_service = SnippetService()
+        workflow = snippet_service.get_draft_workflow(snippet=snippet)
+
+        if not workflow:
+            raise DraftWorkflowNotExist()
+
+        db.session.expunge(workflow)
+        workflow.conversation_variables = []
+        workflow.input_fields = snippet.input_fields_list
+        return SnippetWorkflowResponse.model_validate(workflow, from_attributes=True).model_dump(mode="json")
+
+    @console_ns.doc("sync_snippet_draft_workflow")
+    @console_ns.expect(console_ns.models.get(SnippetDraftSyncPayload.__name__))
+    @console_ns.response(200, "Draft workflow synced successfully")
+    @console_ns.response(400, "Hash mismatch")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet):
+        """Sync draft workflow for snippet."""
+        current_user, _ = current_account_with_tenant()
+
+        payload = SnippetDraftSyncPayload.model_validate(console_ns.payload or {})
+
+        try:
+            snippet_service = SnippetService()
+            workflow = snippet_service.sync_draft_workflow(
+                snippet=snippet,
+                graph=payload.graph,
+                unique_hash=payload.hash,
+                account=current_user,
+                input_fields=payload.input_fields,
+            )
+        except WorkflowHashNotEqualError:
+            raise DraftWorkflowNotSync()
+        except ValueError as e:
+            return {"message": str(e)}, 400
+
+        return {
+            "result": "success",
+            "hash": workflow.unique_hash,
+            "updated_at": TimestampField().format(workflow.updated_at or workflow.created_at),
+        }
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/config")
+class SnippetDraftConfigApi(Resource):
+    @console_ns.doc("get_snippet_draft_config")
+    @console_ns.response(200, "Draft config retrieved successfully")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def get(self, snippet: CustomizedSnippet):
+        """Get snippet draft workflow configuration limits."""
+        return {
+            "parallel_depth_limit": 3,
+        }
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/publish")
+class SnippetPublishedWorkflowApi(Resource):
+    @console_ns.doc("get_snippet_published_workflow")
+    @console_ns.response(200, "Published workflow retrieved successfully", console_ns.models[SnippetWorkflowResponse.__name__])
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def get(self, snippet: CustomizedSnippet):
+        """Get published workflow for snippet."""
+        if not snippet.is_published:
+            return None
+
+        snippet_service = SnippetService()
+        workflow = snippet_service.get_published_workflow(snippet=snippet)
+
+        if not workflow:
+            return None
+
+        workflow.input_fields = snippet.input_fields_list
+        return SnippetWorkflowResponse.model_validate(workflow, from_attributes=True).model_dump(mode="json")
+
+    @console_ns.doc("publish_snippet_workflow")
+    @console_ns.expect(console_ns.models.get(PublishWorkflowPayload.__name__))
+    @console_ns.response(200, "Workflow published successfully")
+    @console_ns.response(400, "No draft workflow found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet):
+        """Publish snippet workflow."""
+        current_user, _ = current_account_with_tenant()
+        snippet_service = SnippetService()
+
+        with Session(db.engine) as session:
+            snippet = session.merge(snippet)
+            try:
+                workflow = snippet_service.publish_workflow(
+                    session=session,
+                    snippet=snippet,
+                    account=current_user,
+                )
+                workflow_created_at = TimestampField().format(workflow.created_at)
+                session.commit()
+            except ValueError as e:
+                return {"message": str(e)}, 400
+
+        return {
+            "result": "success",
+            "created_at": workflow_created_at,
+        }
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/default-workflow-block-configs")
+class SnippetDefaultBlockConfigsApi(Resource):
+    @console_ns.doc("get_snippet_default_block_configs")
+    @console_ns.response(200, "Default block configs retrieved successfully")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def get(self, snippet: CustomizedSnippet):
+        """Get default block configurations for snippet workflow."""
+        snippet_service = SnippetService()
+        return snippet_service.get_default_block_configs()
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows")
+class SnippetPublishedAllWorkflowApi(Resource):
+    @console_ns.expect(console_ns.models[SnippetWorkflowListQuery.__name__])
+    @console_ns.doc("get_all_snippet_published_workflows")
+    @console_ns.doc(description="Get all published workflows for a snippet")
+    @console_ns.doc(params={"snippet_id": "Snippet ID"})
+    @console_ns.response(200, "Published workflows retrieved successfully", console_ns.models[WorkflowPaginationResponse.__name__])
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def get(self, snippet: CustomizedSnippet):
+        """Get all published workflow versions for snippet."""
+        args = SnippetWorkflowListQuery.model_validate(request.args.to_dict(flat=True))
+
+        snippet_service = SnippetService()
+        with Session(db.engine) as session:
+            workflows, has_more = snippet_service.get_all_published_workflows(
+                session=session,
+                snippet=snippet,
+                page=args.page,
+                limit=args.limit,
+            )
+
+        return WorkflowPaginationResponse.model_validate(
+            {
+                "items": workflows,
+                "page": args.page,
+                "limit": args.limit,
+                "has_more": has_more,
+            },
+            from_attributes=True,
+        ).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/<string:workflow_id>/restore")
+class SnippetDraftWorkflowRestoreApi(Resource):
+    @console_ns.doc("restore_snippet_workflow_to_draft")
+    @console_ns.doc(description="Restore a published snippet workflow version into the draft workflow")
+    @console_ns.doc(params={"snippet_id": "Snippet ID", "workflow_id": "Published workflow ID"})
+    @console_ns.response(200, "Workflow restored successfully")
+    @console_ns.response(400, "Source workflow must be published")
+    @console_ns.response(404, "Workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet, workflow_id: str):
+        """Restore a published snippet workflow version into the draft workflow."""
+        current_user, _ = current_account_with_tenant()
+        snippet_service = SnippetService()
+
+        try:
+            workflow = snippet_service.restore_published_workflow_to_draft(
+                snippet=snippet,
+                workflow_id=workflow_id,
+                account=current_user,
+            )
+        except IsDraftWorkflowError as exc:
+            raise BadRequest(RESTORE_SOURCE_WORKFLOW_MUST_BE_PUBLISHED_MESSAGE) from exc
+        except WorkflowNotFoundError as exc:
+            raise NotFound(str(exc)) from exc
+        except ValueError as exc:
+            raise BadRequest(str(exc)) from exc
+
+        return {
+            "result": "success",
+            "hash": workflow.unique_hash,
+            "updated_at": TimestampField().format(workflow.updated_at or workflow.created_at),
+        }
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflow-runs")
+class SnippetWorkflowRunsApi(Resource):
+    @console_ns.doc("list_snippet_workflow_runs")
+    @console_ns.response(200, "Workflow runs retrieved successfully", console_ns.models[WorkflowRunPaginationResponse.__name__])
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    def get(self, snippet: CustomizedSnippet):
+        """List workflow runs for snippet."""
+        query = WorkflowRunQuery.model_validate(
+            {
+                "last_id": request.args.get("last_id"),
+                "limit": request.args.get("limit", type=int, default=20),
+            }
+        )
+        args = {
+            "last_id": query.last_id,
+            "limit": query.limit,
+        }
+
+        snippet_service = SnippetService()
+        result = snippet_service.get_snippet_workflow_runs(snippet=snippet, args=args)
+
+        return WorkflowRunPaginationResponse.model_validate(result, from_attributes=True).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflow-runs/<uuid:run_id>")
+class SnippetWorkflowRunDetailApi(Resource):
+    @console_ns.doc("get_snippet_workflow_run_detail")
+    @console_ns.response(200, "Workflow run detail retrieved successfully", console_ns.models[WorkflowRunDetailResponse.__name__])
+    @console_ns.response(404, "Workflow run not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    def get(self, snippet: CustomizedSnippet, run_id):
+        """Get workflow run detail for snippet."""
+        run_id = str(run_id)
+
+        snippet_service = SnippetService()
+        workflow_run = snippet_service.get_snippet_workflow_run(snippet=snippet, run_id=run_id)
+
+        if not workflow_run:
+            raise NotFound("Workflow run not found")
+
+        return WorkflowRunDetailResponse.model_validate(workflow_run, from_attributes=True).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflow-runs/<uuid:run_id>/node-executions")
+class SnippetWorkflowRunNodeExecutionsApi(Resource):
+    @console_ns.doc("list_snippet_workflow_run_node_executions")
+    @console_ns.response(
+        200,
+        "Node executions retrieved successfully",
+        console_ns.models[WorkflowRunNodeExecutionListResponse.__name__],
+    )
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    def get(self, snippet: CustomizedSnippet, run_id):
+        """List node executions for a workflow run."""
+        run_id = str(run_id)
+
+        snippet_service = SnippetService()
+        node_executions = snippet_service.get_snippet_workflow_run_node_executions(
+            snippet=snippet,
+            run_id=run_id,
+        )
+
+        return WorkflowRunNodeExecutionListResponse.model_validate(
+            {"data": node_executions}, from_attributes=True
+        ).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/nodes/<string:node_id>/run")
+class SnippetDraftNodeRunApi(Resource):
+    @console_ns.doc("run_snippet_draft_node")
+    @console_ns.doc(description="Run a single node in snippet draft workflow (single-step debugging)")
+    @console_ns.doc(params={"snippet_id": "Snippet ID", "node_id": "Node ID"})
+    @console_ns.expect(console_ns.models.get(SnippetDraftNodeRunPayload.__name__))
+    @console_ns.response(
+        200, "Node run completed successfully", console_ns.models[WorkflowRunNodeExecutionResponse.__name__]
+    )
+    @console_ns.response(404, "Snippet or draft workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet, node_id: str):
+        """
+        Run a single node in snippet draft workflow.
+
+        Executes a specific node with provided inputs for single-step debugging.
+        Returns the node execution result including status, outputs, and timing.
+        """
+        current_user, _ = current_account_with_tenant()
+        payload = SnippetDraftNodeRunPayload.model_validate(console_ns.payload or {})
+
+        user_inputs = payload.inputs
+
+        # Get draft workflow for file parsing
+        snippet_service = SnippetService()
+        draft_workflow = snippet_service.get_draft_workflow(snippet=snippet)
+        if not draft_workflow:
+            raise NotFound("Draft workflow not found")
+
+        files = SnippetGenerateService.parse_files(draft_workflow, payload.files)
+
+        workflow_node_execution = SnippetGenerateService.run_draft_node(
+            snippet=snippet,
+            node_id=node_id,
+            user_inputs=user_inputs,
+            account=current_user,
+            query=payload.query,
+            files=files,
+        )
+
+        return WorkflowRunNodeExecutionResponse.model_validate(
+            workflow_node_execution, from_attributes=True
+        ).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/nodes/<string:node_id>/last-run")
+class SnippetDraftNodeLastRunApi(Resource):
+    @console_ns.doc("get_snippet_draft_node_last_run")
+    @console_ns.doc(description="Get last run result for a node in snippet draft workflow")
+    @console_ns.doc(params={"snippet_id": "Snippet ID", "node_id": "Node ID"})
+    @console_ns.response(
+        200, "Node last run retrieved successfully", console_ns.models[WorkflowRunNodeExecutionResponse.__name__]
+    )
+    @console_ns.response(404, "Snippet, draft workflow, or node last run not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    def get(self, snippet: CustomizedSnippet, node_id: str):
+        """
+        Get the last run result for a specific node in snippet draft workflow.
+
+        Returns the most recent execution record for the given node,
+        including status, inputs, outputs, and timing information.
+        """
+        snippet_service = SnippetService()
+        draft_workflow = snippet_service.get_draft_workflow(snippet=snippet)
+        if not draft_workflow:
+            raise NotFound("Draft workflow not found")
+
+        node_exec = snippet_service.get_snippet_node_last_run(
+            snippet=snippet,
+            workflow=draft_workflow,
+            node_id=node_id,
+        )
+        if node_exec is None:
+            raise NotFound("Node last run not found")
+
+        return WorkflowRunNodeExecutionResponse.model_validate(node_exec, from_attributes=True).model_dump(mode="json")
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/iteration/nodes/<string:node_id>/run")
+class SnippetDraftRunIterationNodeApi(Resource):
+    @console_ns.doc("run_snippet_draft_iteration_node")
+    @console_ns.doc(description="Run draft workflow iteration node for snippet")
+    @console_ns.doc(params={"snippet_id": "Snippet ID", "node_id": "Node ID"})
+    @console_ns.expect(console_ns.models.get(SnippetIterationNodeRunPayload.__name__))
+    @console_ns.response(200, "Iteration node run started successfully (SSE stream)")
+    @console_ns.response(404, "Snippet or draft workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet, node_id: str):
+        """
+        Run a draft workflow iteration node for snippet.
+
+        Iteration nodes execute their internal sub-graph multiple times over an input list.
+        Returns an SSE event stream with iteration progress and results.
+        """
+        current_user, _ = current_account_with_tenant()
+        args = SnippetIterationNodeRunPayload.model_validate(console_ns.payload or {}).model_dump(exclude_none=True)
+
+        try:
+            response = SnippetGenerateService.generate_single_iteration(
+                snippet=snippet, user=current_user, node_id=node_id, args=args, streaming=True
+            )
+
+            return helper.compact_generate_response(response)
+        except ValueError as e:
+            raise e
+        except Exception:
+            logger.exception("internal server error.")
+            raise InternalServerError()
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/loop/nodes/<string:node_id>/run")
+class SnippetDraftRunLoopNodeApi(Resource):
+    @console_ns.doc("run_snippet_draft_loop_node")
+    @console_ns.doc(description="Run draft workflow loop node for snippet")
+    @console_ns.doc(params={"snippet_id": "Snippet ID", "node_id": "Node ID"})
+    @console_ns.expect(console_ns.models.get(SnippetLoopNodeRunPayload.__name__))
+    @console_ns.response(200, "Loop node run started successfully (SSE stream)")
+    @console_ns.response(404, "Snippet or draft workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet, node_id: str):
+        """
+        Run a draft workflow loop node for snippet.
+
+        Loop nodes execute their internal sub-graph repeatedly until a condition is met.
+        Returns an SSE event stream with loop progress and results.
+        """
+        current_user, _ = current_account_with_tenant()
+        args = SnippetLoopNodeRunPayload.model_validate(console_ns.payload or {})
+
+        try:
+            response = SnippetGenerateService.generate_single_loop(
+                snippet=snippet, user=current_user, node_id=node_id, args=args, streaming=True
+            )
+
+            return helper.compact_generate_response(response)
+        except ValueError as e:
+            raise e
+        except Exception:
+            logger.exception("internal server error.")
+            raise InternalServerError()
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/run")
+class SnippetDraftWorkflowRunApi(Resource):
+    @console_ns.doc("run_snippet_draft_workflow")
+    @console_ns.expect(console_ns.models.get(SnippetDraftRunPayload.__name__))
+    @console_ns.response(200, "Draft workflow run started successfully (SSE stream)")
+    @console_ns.response(404, "Snippet or draft workflow not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet):
+        """
+        Run draft workflow for snippet.
+
+        Executes the snippet's draft workflow with the provided inputs
+        and returns an SSE event stream with execution progress and results.
+        """
+        current_user, _ = current_account_with_tenant()
+
+        payload = SnippetDraftRunPayload.model_validate(console_ns.payload or {})
+        args = payload.model_dump(exclude_none=True)
+
+        try:
+            response = SnippetGenerateService.generate(
+                snippet=snippet,
+                user=current_user,
+                args=args,
+                invoke_from=InvokeFrom.DEBUGGER,
+                streaming=True,
+            )
+
+            return helper.compact_generate_response(response)
+        except ValueError as e:
+            raise e
+        except Exception:
+            logger.exception("internal server error.")
+            raise InternalServerError()
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflow-runs/tasks/<string:task_id>/stop")
+class SnippetWorkflowTaskStopApi(Resource):
+    @console_ns.doc("stop_snippet_workflow_task")
+    @console_ns.response(200, "Task stopped successfully")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    def post(self, snippet: CustomizedSnippet, task_id: str):
+        """
+        Stop a running snippet workflow task.
+
+        Uses both the legacy stop flag mechanism and the graph engine
+        command channel for backward compatibility.
+        """
+        # Stop using both mechanisms for backward compatibility
+        # Legacy stop flag mechanism (without user check)
+        AppQueueManager.set_stop_flag_no_user_check(task_id)
+
+        # New graph engine command channel mechanism
+        GraphEngineManager(redis_client).send_stop_command(task_id)
+
+        return {"result": "success"}
--- a/api/controllers/console/snippets/snippet_workflow_draft_variable.py
+++ b/api/controllers/console/snippets/snippet_workflow_draft_variable.py
@ -0,0 +1,319 @@
+"""
+Snippet draft workflow variable APIs.
+
+Mirrors console app routes under /apps/.../workflows/draft/variables for snippet scope,
+using CustomizedSnippet.id as WorkflowDraftVariable.app_id (same invariant as snippet execution).
+
+Snippet workflows do not expose system variables (`node_id == sys`) or conversation variables
+(`node_id == conversation`): paginated list queries exclude those rows; single-variable GET/PATCH/DELETE/reset
+reject them; `GET .../system-variables` and `GET .../conversation-variables` return empty lists for API parity.
+Other routes mirror `workflow_draft_variable` app APIs under `/snippets/...`.
+"""
+
+from collections.abc import Callable
+from functools import wraps
+from typing import Any, ParamSpec, TypeVar
+
+from flask import Response, request
+from flask_restx import Resource, marshal, marshal_with
+from sqlalchemy.orm import Session
+
+from controllers.console import console_ns
+from controllers.console.app.error import DraftWorkflowNotExist
+from controllers.console.app.workflow_draft_variable import (
+    WorkflowDraftVariableListQuery,
+    WorkflowDraftVariableUpdatePayload,
+    _ensure_variable_access,
+    _file_access_controller,
+    validate_node_id,
+    workflow_draft_variable_list_model,
+    workflow_draft_variable_list_without_value_model,
+    workflow_draft_variable_model,
+)
+from controllers.console.snippets.snippet_workflow import get_snippet
+from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
+from controllers.web.error import InvalidArgumentError, NotFoundError
+from core.workflow.variable_prefixes import CONVERSATION_VARIABLE_NODE_ID, SYSTEM_VARIABLE_NODE_ID
+from extensions.ext_database import db
+from factories.file_factory import build_from_mapping, build_from_mappings
+from factories.variable_factory import build_segment_with_type
+from graphon.variables.types import SegmentType
+from libs.login import current_user, login_required
+from models.snippet import CustomizedSnippet
+from models.workflow import WorkflowDraftVariable
+from services.snippet_service import SnippetService
+from services.workflow_draft_variable_service import WorkflowDraftVariableList, WorkflowDraftVariableService
+
+P = ParamSpec("P")
+R = TypeVar("R")
+
+_SNIPPET_EXCLUDED_DRAFT_VARIABLE_NODE_IDS: frozenset[str] = frozenset(
+    {SYSTEM_VARIABLE_NODE_ID, CONVERSATION_VARIABLE_NODE_ID}
+)
+
+
+def _ensure_snippet_draft_variable_row_allowed(
+    *,
+    variable: WorkflowDraftVariable,
+    variable_id: str,
+) -> None:
+    """Snippet scope only supports canvas-node draft variables; treat sys/conversation rows as not found."""
+    if variable.node_id in _SNIPPET_EXCLUDED_DRAFT_VARIABLE_NODE_IDS:
+        raise NotFoundError(description=f"variable not found, id={variable_id}")
+
+
+def _snippet_draft_var_prerequisite(f: Callable[P, R]) -> Callable[P, R]:
+    """Setup, auth, snippet resolution, and tenant edit permission (same stack as snippet workflow APIs)."""
+
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_snippet
+    @edit_permission_required
+    @wraps(f)
+    def wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+        return f(*args, **kwargs)
+
+    return wrapper
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/variables")
+class SnippetWorkflowVariableCollectionApi(Resource):
+    @console_ns.expect(console_ns.models[WorkflowDraftVariableListQuery.__name__])
+    @console_ns.doc("get_snippet_workflow_variables")
+    @console_ns.doc(description="List draft workflow variables without values (paginated, snippet scope)")
+    @console_ns.response(
+        200,
+        "Workflow variables retrieved successfully",
+        workflow_draft_variable_list_without_value_model,
+    )
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_list_without_value_model)
+    def get(self, snippet: CustomizedSnippet) -> WorkflowDraftVariableList:
+        args = WorkflowDraftVariableListQuery.model_validate(request.args.to_dict(flat=True))  # type: ignore
+
+        snippet_service = SnippetService()
+        if snippet_service.get_draft_workflow(snippet=snippet) is None:
+            raise DraftWorkflowNotExist()
+
+        with Session(bind=db.engine, expire_on_commit=False) as session:
+            draft_var_srv = WorkflowDraftVariableService(session=session)
+            workflow_vars = draft_var_srv.list_variables_without_values(
+                app_id=snippet.id,
+                page=args.page,
+                limit=args.limit,
+                user_id=current_user.id,
+                exclude_node_ids=_SNIPPET_EXCLUDED_DRAFT_VARIABLE_NODE_IDS,
+            )
+
+        return workflow_vars
+
+    @console_ns.doc("delete_snippet_workflow_variables")
+    @console_ns.doc(description="Delete all draft workflow variables for the current user (snippet scope)")
+    @console_ns.response(204, "Workflow variables deleted successfully")
+    @_snippet_draft_var_prerequisite
+    def delete(self, snippet: CustomizedSnippet) -> Response:
+        draft_var_srv = WorkflowDraftVariableService(session=db.session())
+        draft_var_srv.delete_user_workflow_variables(snippet.id, user_id=current_user.id)
+        db.session.commit()
+        return Response("", 204)
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/nodes/<string:node_id>/variables")
+class SnippetNodeVariableCollectionApi(Resource):
+    @console_ns.doc("get_snippet_node_variables")
+    @console_ns.doc(description="Get variables for a specific node (snippet draft workflow)")
+    @console_ns.response(200, "Node variables retrieved successfully", workflow_draft_variable_list_model)
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_list_model)
+    def get(self, snippet: CustomizedSnippet, node_id: str) -> WorkflowDraftVariableList:
+        validate_node_id(node_id)
+        with Session(bind=db.engine, expire_on_commit=False) as session:
+            draft_var_srv = WorkflowDraftVariableService(session=session)
+            node_vars = draft_var_srv.list_node_variables(snippet.id, node_id, user_id=current_user.id)
+
+        return node_vars
+
+    @console_ns.doc("delete_snippet_node_variables")
+    @console_ns.doc(description="Delete all variables for a specific node (snippet draft workflow)")
+    @console_ns.response(204, "Node variables deleted successfully")
+    @_snippet_draft_var_prerequisite
+    def delete(self, snippet: CustomizedSnippet, node_id: str) -> Response:
+        validate_node_id(node_id)
+        srv = WorkflowDraftVariableService(db.session())
+        srv.delete_node_variables(snippet.id, node_id, user_id=current_user.id)
+        db.session.commit()
+        return Response("", 204)
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/variables/<uuid:variable_id>")
+class SnippetVariableApi(Resource):
+    @console_ns.doc("get_snippet_workflow_variable")
+    @console_ns.doc(description="Get a specific draft workflow variable (snippet scope)")
+    @console_ns.response(200, "Variable retrieved successfully", workflow_draft_variable_model)
+    @console_ns.response(404, "Variable not found")
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_model)
+    def get(self, snippet: CustomizedSnippet, variable_id: str) -> WorkflowDraftVariable:
+        draft_var_srv = WorkflowDraftVariableService(session=db.session())
+        variable = _ensure_variable_access(
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
+            app_id=snippet.id,
+            variable_id=variable_id,
+        )
+        _ensure_snippet_draft_variable_row_allowed(variable=variable, variable_id=variable_id)
+        return variable
+
+    @console_ns.doc("update_snippet_workflow_variable")
+    @console_ns.doc(description="Update a draft workflow variable (snippet scope)")
+    @console_ns.expect(console_ns.models[WorkflowDraftVariableUpdatePayload.__name__])
+    @console_ns.response(200, "Variable updated successfully", workflow_draft_variable_model)
+    @console_ns.response(404, "Variable not found")
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_model)
+    def patch(self, snippet: CustomizedSnippet, variable_id: str) -> WorkflowDraftVariable:
+        draft_var_srv = WorkflowDraftVariableService(session=db.session())
+        args_model = WorkflowDraftVariableUpdatePayload.model_validate(console_ns.payload or {})
+
+        variable = _ensure_variable_access(
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
+            app_id=snippet.id,
+            variable_id=variable_id,
+        )
+        _ensure_snippet_draft_variable_row_allowed(variable=variable, variable_id=variable_id)
+
+        new_name = args_model.name
+        raw_value = args_model.value
+        if new_name is None and raw_value is None:
+            return variable
+
+        new_value = None
+        if raw_value is not None:
+            if variable.value_type == SegmentType.FILE:
+                if not isinstance(raw_value, dict):
+                    raise InvalidArgumentError(description=f"expected dict for file, got {type(raw_value)}")
+                raw_value = build_from_mapping(
+                    mapping=raw_value,
+                    tenant_id=snippet.tenant_id,
+                    access_controller=_file_access_controller,
+                )
+            elif variable.value_type == SegmentType.ARRAY_FILE:
+                if not isinstance(raw_value, list):
+                    raise InvalidArgumentError(description=f"expected list for files, got {type(raw_value)}")
+                if len(raw_value) > 0 and not isinstance(raw_value[0], dict):
+                    raise InvalidArgumentError(description=f"expected dict for files[0], got {type(raw_value)}")
+                raw_value = build_from_mappings(
+                    mappings=raw_value,
+                    tenant_id=snippet.tenant_id,
+                    access_controller=_file_access_controller,
+                )
+            new_value = build_segment_with_type(variable.value_type, raw_value)
+        draft_var_srv.update_variable(variable, name=new_name, value=new_value)
+        db.session.commit()
+        return variable
+
+    @console_ns.doc("delete_snippet_workflow_variable")
+    @console_ns.doc(description="Delete a draft workflow variable (snippet scope)")
+    @console_ns.response(204, "Variable deleted successfully")
+    @console_ns.response(404, "Variable not found")
+    @_snippet_draft_var_prerequisite
+    def delete(self, snippet: CustomizedSnippet, variable_id: str) -> Response:
+        draft_var_srv = WorkflowDraftVariableService(session=db.session())
+        variable = _ensure_variable_access(
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
+            app_id=snippet.id,
+            variable_id=variable_id,
+        )
+        _ensure_snippet_draft_variable_row_allowed(variable=variable, variable_id=variable_id)
+        draft_var_srv.delete_variable(variable)
+        db.session.commit()
+        return Response("", 204)
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/variables/<uuid:variable_id>/reset")
+class SnippetVariableResetApi(Resource):
+    @console_ns.doc("reset_snippet_workflow_variable")
+    @console_ns.doc(description="Reset a draft workflow variable to its default value (snippet scope)")
+    @console_ns.response(200, "Variable reset successfully", workflow_draft_variable_model)
+    @console_ns.response(204, "Variable reset (no content)")
+    @console_ns.response(404, "Variable not found")
+    @_snippet_draft_var_prerequisite
+    def put(self, snippet: CustomizedSnippet, variable_id: str) -> Response | Any:
+        draft_var_srv = WorkflowDraftVariableService(session=db.session())
+        snippet_service = SnippetService()
+        draft_workflow = snippet_service.get_draft_workflow(snippet=snippet)
+        if draft_workflow is None:
+            raise NotFoundError(
+                f"Draft workflow not found, snippet_id={snippet.id}",
+            )
+        variable = _ensure_variable_access(
+            variable=draft_var_srv.get_variable(variable_id=variable_id),
+            app_id=snippet.id,
+            variable_id=variable_id,
+        )
+        _ensure_snippet_draft_variable_row_allowed(variable=variable, variable_id=variable_id)
+
+        resetted = draft_var_srv.reset_variable(draft_workflow, variable)
+        db.session.commit()
+        if resetted is None:
+            return Response("", 204)
+        return marshal(resetted, workflow_draft_variable_model)
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/conversation-variables")
+class SnippetConversationVariableCollectionApi(Resource):
+    @console_ns.doc("get_snippet_conversation_variables")
+    @console_ns.doc(
+        description="Conversation variables are not used in snippet workflows; returns an empty list for API parity"
+    )
+    @console_ns.response(200, "Conversation variables retrieved successfully", workflow_draft_variable_list_model)
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_list_model)
+    def get(self, snippet: CustomizedSnippet) -> WorkflowDraftVariableList:
+        return WorkflowDraftVariableList(variables=[])
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/system-variables")
+class SnippetSystemVariableCollectionApi(Resource):
+    @console_ns.doc("get_snippet_system_variables")
+    @console_ns.doc(
+        description="System variables are not used in snippet workflows; returns an empty list for API parity"
+    )
+    @console_ns.response(200, "System variables retrieved successfully", workflow_draft_variable_list_model)
+    @_snippet_draft_var_prerequisite
+    @marshal_with(workflow_draft_variable_list_model)
+    def get(self, snippet: CustomizedSnippet) -> WorkflowDraftVariableList:
+        return WorkflowDraftVariableList(variables=[])
+
+
+@console_ns.route("/snippets/<uuid:snippet_id>/workflows/draft/environment-variables")
+class SnippetEnvironmentVariableCollectionApi(Resource):
+    @console_ns.doc("get_snippet_environment_variables")
+    @console_ns.doc(description="Get environment variables from snippet draft workflow graph")
+    @console_ns.response(200, "Environment variables retrieved successfully")
+    @console_ns.response(404, "Draft workflow not found")
+    @_snippet_draft_var_prerequisite
+    def get(self, snippet: CustomizedSnippet) -> dict[str, list[dict[str, Any]]]:
+        snippet_service = SnippetService()
+        workflow = snippet_service.get_draft_workflow(snippet=snippet)
+        if workflow is None:
+            raise DraftWorkflowNotExist()
+
+        env_vars_list: list[dict[str, Any]] = []
+        for v in workflow.environment_variables:
+            env_vars_list.append(
+                {
+                    "id": v.id,
+                    "type": "env",
+                    "name": v.name,
+                    "description": v.description,
+                    "selector": v.selector,
+                    "value_type": v.value_type.exposed_type().value,
+                    "value": v.value,
+                    "edited": False,
+                    "visible": True,
+                    "editable": True,
+                }
+            )
+
+        return {"items": env_vars_list}
--- a/api/controllers/console/tag/tags.py
+++ b/api/controllers/console/tag/tags.py
@ -1,5 +1,4 @@
 from typing import Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -9,16 +8,9 @@ from werkzeug.exceptions import Forbidden
 from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.wraps import (
-    account_initialization_required,
-    edit_permission_required,
-    setup_required,
-    with_current_tenant_id,
-    with_current_user,
-)
+from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
 from fields.base import ResponseModel
-from libs.login import login_required
-from models import Account
+from libs.login import current_account_with_tenant, login_required
 from models.enums import TagType
 from services.tag_service import (
    SaveTagPayload,
@ -51,7 +43,7 @@ class TagBindingRemovePayload(BaseModel):


 class TagListQueryParam(BaseModel):
-    type: Literal["knowledge", "app", ""] = Field("", description="Tag type filter")
+    type: Literal["knowledge", "app", "snippet", ""] = Field("", description="Tag type filter")
    keyword: str | None = Field(None, description="Search keyword")


@ -96,11 +88,14 @@ class TagListApi(Resource):
    @login_required
    @account_initialization_required
    @console_ns.doc(
-        params={"type": 'Tag type filter. Can be "knowledge" or "app".', "keyword": "Search keyword for tag name."}
+        params={
+            "type": 'Tag type filter. Can be "knowledge", "app", or "snippet".',
+            "keyword": "Search keyword for tag name.",
+        }
    )
    @console_ns.doc(responses={200: ("Success", [console_ns.models[TagResponse.__name__]])})
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str):
+    def get(self):
+        _, current_tenant_id = current_account_with_tenant()
        raw_args = request.args.to_dict()
        param = TagListQueryParam.model_validate(raw_args)
        tags = TagService.get_tags(param.type, current_tenant_id, param.keyword)
@ -116,9 +111,9 @@ class TagListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
-    def post(self, current_user: Account):
-        # Allow users with edit permission, or dataset editors (including dataset operators).
+    def post(self):
+        current_user, _ = current_account_with_tenant()
+        # The role of the current user in the ta table must be admin, owner, or editor
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

@ -139,17 +134,17 @@ class TagUpdateDeleteApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
-    def patch(self, current_user: Account, tag_id: UUID):
-        tag_id_str = str(tag_id)
+    def patch(self, tag_id):
+        current_user, _ = current_account_with_tenant()
+        tag_id = str(tag_id)
        # The role of the current user in the ta table must be admin, owner, or editor
        if not (current_user.has_edit_permission or current_user.is_dataset_editor):
            raise Forbidden()

        payload = TagUpdateRequestPayload.model_validate(console_ns.payload or {})
-        tag = TagService.update_tags(UpdateTagPayload(name=payload.name), tag_id_str)
+        tag = TagService.update_tags(UpdateTagPayload(name=payload.name), tag_id)

-        binding_count = TagService.get_tag_binding_count(tag_id_str)
+        binding_count = TagService.get_tag_binding_count(tag_id)

        response = TagResponse.model_validate(
            {"id": tag.id, "name": tag.name, "type": tag.type, "binding_count": binding_count}
@ -162,27 +157,28 @@ class TagUpdateDeleteApi(Resource):
    @account_initialization_required
    @edit_permission_required
    @console_ns.response(204, "Tag deleted successfully")
-    def delete(self, tag_id: UUID):
-        tag_id_str = str(tag_id)
+    def delete(self, tag_id):
+        tag_id = str(tag_id)

-        TagService.delete_tag(tag_id_str)
+        TagService.delete_tag(tag_id)

        return "", 204


-def _require_tag_binding_edit_permission(current_user: Account) -> None:
+def _require_tag_binding_edit_permission() -> None:
    """
    Ensure the current account can edit tag bindings.

    Tag binding operations are allowed for users who can edit resources (app/dataset) within the current tenant.
    """
+    current_user, _ = current_account_with_tenant()
    # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
    if not (current_user.has_edit_permission or current_user.is_dataset_editor):
        raise Forbidden()


-def _create_tag_bindings(current_user: Account) -> tuple[dict[str, str], int]:
-    _require_tag_binding_edit_permission(current_user)
+def _create_tag_bindings() -> tuple[dict[str, str], int]:
+    _require_tag_binding_edit_permission()

    payload = TagBindingPayload.model_validate(console_ns.payload or {})
    TagService.save_tag_binding(
@ -195,8 +191,8 @@ def _create_tag_bindings(current_user: Account) -> tuple[dict[str, str], int]:
    return {"result": "success"}, 200


-def _remove_tag_bindings(current_user: Account) -> tuple[dict[str, str], int]:
-    _require_tag_binding_edit_permission(current_user)
+def _remove_tag_bindings() -> tuple[dict[str, str], int]:
+    _require_tag_binding_edit_permission()

    payload = TagBindingRemovePayload.model_validate(console_ns.payload or {})
    TagService.delete_tag_binding(
@ -219,9 +215,8 @@ class TagBindingCollectionApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
-    def post(self, current_user: Account):
-        return _create_tag_bindings(current_user)
+    def post(self):
+        return _create_tag_bindings()


@console_ns.route("/tag-bindings/remove")
@ -235,6 +230,5 @@ class TagBindingRemoveApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
-    def post(self, current_user: Account):
-        return _remove_tag_bindings(current_user)
+    def post(self):
+        return _remove_tag_bindings()
--- a/api/controllers/console/workspace/members.py
+++ b/api/controllers/console/workspace/members.py
@ -1,10 +1,8 @@
 from urllib import parse
-from uuid import UUID

 from flask import abort, request
 from flask_restx import Resource
 from pydantic import BaseModel, Field, TypeAdapter
-from sqlalchemy import func, select

 import services
 from configs import dify_config
@ -23,15 +21,15 @@ from controllers.console.auth.error import (
 from controllers.console.error import EmailSendIpLimitError, WorkspaceMembersLimitExceeded
 from controllers.console.wraps import (
    account_initialization_required,
+    cloud_edition_billing_resource_check,
    is_allow_transfer_owner,
    setup_required,
 )
 from extensions.ext_database import db
-from extensions.ext_redis import redis_client
 from fields.member_fields import AccountWithRole, AccountWithRoleList
 from libs.helper import extract_remote_ip
 from libs.login import current_account_with_tenant, login_required
-from models.account import Account, TenantAccountJoin, TenantAccountRole
+from models.account import Account, TenantAccountRole
 from services.account_service import AccountService, RegisterService, TenantService
 from services.errors.account import AccountAlreadyInTenantError
 from services.feature_service import FeatureService
@ -77,55 +75,7 @@ register_response_schema_models(console_ns, SimpleResultDataResponse, Verificati
 def _is_role_enabled(role: TenantAccountRole | str, tenant_id: str) -> bool:
    if role != TenantAccountRole.DATASET_OPERATOR:
        return True
-    return FeatureService.get_features(tenant_id=tenant_id, exclude_vector_space=True).dataset_operator_enabled
-
-
-def _normalize_invitee_emails(emails: list[str]) -> list[str]:
-    return list(dict.fromkeys(email.lower() for email in emails))
-
-
-def _count_new_member_invites(tenant_id: str, emails: list[str]) -> int:
-    new_member_count = 0
-    for email in emails:
-        account = AccountService.get_account_by_email_with_case_fallback(email)
-        if not account:
-            new_member_count += 1
-            continue
-
-        exists = db.session.scalar(
-            select(TenantAccountJoin.id)
-            .where(TenantAccountJoin.tenant_id == tenant_id, TenantAccountJoin.account_id == account.id)
-            .limit(1)
-        )
-        if not exists:
-            new_member_count += 1
-
-    return new_member_count
-
-
-def _count_current_members(tenant_id: str) -> int:
-    return (
-        db.session.scalar(select(func.count(TenantAccountJoin.id)).where(TenantAccountJoin.tenant_id == tenant_id)) or 0
-    )
-
-
-def _check_member_invite_limits(tenant_id: str, new_member_count: int) -> None:
-    if new_member_count <= 0:
-        return
-
-    features = FeatureService.get_features(tenant_id=tenant_id, exclude_vector_space=True)
-
-    if dify_config.ENTERPRISE_ENABLED:
-        workspace_members = features.workspace_members
-        if workspace_members.enabled is True and not workspace_members.is_available(new_member_count):
-            raise WorkspaceMembersLimitExceeded()
-        return
-
-    if dify_config.BILLING_ENABLED and features.billing.enabled is True:
-        members = features.members
-        current_member_count = _count_current_members(tenant_id)
-        if 0 < members.limit < current_member_count + new_member_count:
-            raise WorkspaceMembersLimitExceeded()
+    return FeatureService.get_features(tenant_id=tenant_id).dataset_operator_enabled


@console_ns.route("/workspaces/current/members")
@ -154,11 +104,12 @@ class MemberInviteEmailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @cloud_edition_billing_resource_check("members")
    def post(self):
        payload = console_ns.payload or {}
        args = MemberInvitePayload.model_validate(payload)

-        invitee_emails = _normalize_invitee_emails(args.emails)
+        invitee_emails = args.emails
        invitee_role = args.role
        interface_language = args.language
        if not TenantAccountRole.is_non_owner_role(invitee_role):
@ -178,36 +129,37 @@ class MemberInviteEmailApi(Resource):
        invitation_results = []
        console_web_url = dify_config.CONSOLE_WEB_URL

-        tenant_id = inviter.current_tenant.id
-        with redis_client.lock(f"workspace_member_invite:{tenant_id}", timeout=60):
-            new_member_count = _count_new_member_invites(tenant_id, invitee_emails)
-            _check_member_invite_limits(tenant_id, new_member_count)
+        workspace_members = FeatureService.get_features(tenant_id=inviter.current_tenant.id).workspace_members

-            for invitee_email in invitee_emails:
-                try:
-                    if not inviter.current_tenant:
-                        raise ValueError("No current tenant")
-                    token = RegisterService.invite_new_member(
-                        tenant=inviter.current_tenant,
-                        email=invitee_email,
-                        language=interface_language,
-                        role=invitee_role,
-                        inviter=inviter,
-                    )
-                    encoded_invitee_email = parse.quote(invitee_email)
-                    invitation_results.append(
-                        {
-                            "status": "success",
-                            "email": invitee_email,
-                            "url": f"{console_web_url}/activate?email={encoded_invitee_email}&token={token}",
-                        }
-                    )
-                except AccountAlreadyInTenantError:
-                    invitation_results.append(
-                        {"status": "success", "email": invitee_email, "url": f"{console_web_url}/signin"}
-                    )
-                except Exception as e:
-                    invitation_results.append({"status": "failed", "email": invitee_email, "message": str(e)})
+        if not workspace_members.is_available(len(invitee_emails)):
+            raise WorkspaceMembersLimitExceeded()
+
+        for invitee_email in invitee_emails:
+            normalized_invitee_email = invitee_email.lower()
+            try:
+                if not inviter.current_tenant:
+                    raise ValueError("No current tenant")
+                token = RegisterService.invite_new_member(
+                    tenant=inviter.current_tenant,
+                    email=invitee_email,
+                    language=interface_language,
+                    role=invitee_role,
+                    inviter=inviter,
+                )
+                encoded_invitee_email = parse.quote(normalized_invitee_email)
+                invitation_results.append(
+                    {
+                        "status": "success",
+                        "email": normalized_invitee_email,
+                        "url": f"{console_web_url}/activate?email={encoded_invitee_email}&token={token}",
+                    }
+                )
+            except AccountAlreadyInTenantError:
+                invitation_results.append(
+                    {"status": "success", "email": normalized_invitee_email, "url": f"{console_web_url}/signin"}
+                )
+            except Exception as e:
+                invitation_results.append({"status": "failed", "email": normalized_invitee_email, "message": str(e)})

        return {
            "result": "success",
@ -223,7 +175,7 @@ class MemberCancelInviteApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def delete(self, member_id: UUID):
+    def delete(self, member_id):
        current_user, _ = current_account_with_tenant()
        if not current_user.current_tenant:
            raise ValueError("No current tenant")
@ -256,7 +208,7 @@ class MemberUpdateRoleApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    def put(self, member_id: UUID):
+    def put(self, member_id):
        payload = console_ns.payload or {}
        args = MemberRoleUpdatePayload.model_validate(payload)
        new_role = args.role
@ -399,7 +351,7 @@ class OwnerTransfer(Resource):
    @login_required
    @account_initialization_required
    @is_allow_transfer_owner
-    def post(self, member_id: UUID):
+    def post(self, member_id):
        payload = console_ns.payload or {}
        args = OwnerTransferPayload.model_validate(payload)

--- a/api/controllers/console/workspace/model_providers.py
+++ b/api/controllers/console/workspace/model_providers.py
@ -194,7 +194,7 @@ class ModelProviderCredentialApi(Resource):
            tenant_id=current_tenant_id, provider=provider, credential_id=args.credential_id
        )

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/workspaces/current/model-providers/<path:provider>/credentials/switch")
--- a/api/controllers/console/workspace/models.py
+++ b/api/controllers/console/workspace/models.py
@ -8,17 +8,12 @@ from pydantic import BaseModel, Field, field_validator
 from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_enum_models, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.wraps import (
-    account_initialization_required,
-    is_admin_or_owner_required,
-    setup_required,
-    with_current_tenant_id,
-)
+from controllers.console.wraps import account_initialization_required, is_admin_or_owner_required, setup_required
 from graphon.model_runtime.entities.model_entities import ModelType
 from graphon.model_runtime.errors.validate import CredentialsValidateFailedError
 from graphon.model_runtime.utils.encoders import jsonable_encoder
 from libs.helper import uuid_value
-from libs.login import login_required
+from libs.login import current_account_with_tenant, login_required
 from services.model_load_balancing_service import ModelLoadBalancingService
 from services.model_provider_service import ModelProviderService

@ -143,8 +138,9 @@ class DefaultModelApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str):
+    def get(self):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserGetDefault.model_validate(request.args.to_dict(flat=True))

        model_provider_service = ModelProviderService()
@ -160,8 +156,9 @@ class DefaultModelApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str):
+    def post(self):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserPostDefault.model_validate(console_ns.payload)
        model_provider_service = ModelProviderService()
        model_settings = args.model_settings
@ -192,8 +189,9 @@ class ModelProviderModelApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, provider):
+    def get(self, provider):
+        _, tenant_id = current_account_with_tenant()
+
        model_provider_service = ModelProviderService()
        models = model_provider_service.get_models_by_provider(tenant_id=tenant_id, provider=provider)

@ -204,9 +202,9 @@ class ModelProviderModelApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str, provider: str):
+    def post(self, provider: str):
        # To save the model's load balance configs
+        _, tenant_id = current_account_with_tenant()
        args = ParserPostModels.model_validate(console_ns.payload)

        if args.config_from == "custom-model":
@ -251,8 +249,9 @@ class ModelProviderModelApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, provider: str):
+    def delete(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserDeleteModels.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -260,7 +259,7 @@ class ModelProviderModelApi(Resource):
            tenant_id=tenant_id, provider=provider, model=args.model, model_type=args.model_type
        )

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/workspaces/current/model-providers/<path:provider>/models/credentials")
@ -269,8 +268,9 @@ class ModelProviderModelCredentialApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, provider: str):
+    def get(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserGetCredentials.model_validate(request.args.to_dict(flat=True))

        model_provider_service = ModelProviderService()
@ -323,8 +323,9 @@ class ModelProviderModelCredentialApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str, provider: str):
+    def post(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserCreateCredential.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -354,8 +355,8 @@ class ModelProviderModelCredentialApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def put(self, current_tenant_id: str, provider: str):
+    def put(self, provider: str):
+        _, current_tenant_id = current_account_with_tenant()
        args = ParserUpdateCredential.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -381,8 +382,8 @@ class ModelProviderModelCredentialApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def delete(self, current_tenant_id: str, provider: str):
+    def delete(self, provider: str):
+        _, current_tenant_id = current_account_with_tenant()
        args = ParserDeleteCredential.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -394,7 +395,7 @@ class ModelProviderModelCredentialApi(Resource):
            credential_id=args.credential_id,
        )

-        return "", 204
+        return {"result": "success"}, 204


@console_ns.route("/workspaces/current/model-providers/<path:provider>/models/credentials/switch")
@ -405,8 +406,8 @@ class ModelProviderModelCredentialSwitchApi(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, provider: str):
+    def post(self, provider: str):
+        _, current_tenant_id = current_account_with_tenant()
        args = ParserSwitch.model_validate(console_ns.payload)

        service = ModelProviderService()
@ -429,8 +430,9 @@ class ModelProviderModelEnableApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def patch(self, tenant_id: str, provider: str):
+    def patch(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserDeleteModels.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -450,8 +452,9 @@ class ModelProviderModelDisableApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def patch(self, tenant_id: str, provider: str):
+    def patch(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
+
        args = ParserDeleteModels.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -477,8 +480,8 @@ class ModelProviderModelValidateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str, provider: str):
+    def post(self, provider: str):
+        _, tenant_id = current_account_with_tenant()
        args = ParserValidate.model_validate(console_ns.payload)

        model_provider_service = ModelProviderService()
@ -512,9 +515,9 @@ class ModelProviderModelParameterRuleApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, provider: str):
+    def get(self, provider: str):
        args = ParserParameter.model_validate(request.args.to_dict(flat=True))
+        _, tenant_id = current_account_with_tenant()

        model_provider_service = ModelProviderService()
        parameter_rules = model_provider_service.get_model_parameter_rules(
@ -529,8 +532,8 @@ class ModelProviderAvailableModelApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, model_type: str):
+    def get(self, model_type):
+        _, tenant_id = current_account_with_tenant()
        model_provider_service = ModelProviderService()
        models = model_provider_service.get_models_by_model_type(tenant_id=tenant_id, model_type=model_type)

--- a/api/controllers/console/workspace/plugin.py
+++ b/api/controllers/console/workspace/plugin.py
@ -15,7 +15,6 @@ from controllers.console import console_ns
 from controllers.console.workspace import plugin_permission_required
 from controllers.console.wraps import account_initialization_required, is_admin_or_owner_required, setup_required
 from core.plugin.impl.exc import PluginDaemonClientSideError
-from core.plugin.plugin_service import PluginService
 from fields.base import ResponseModel
 from graphon.model_runtime.utils.encoders import jsonable_encoder
 from libs.login import current_account_with_tenant, login_required
@ -23,6 +22,7 @@ from models.account import TenantPluginAutoUpgradeStrategy, TenantPluginPermissi
 from services.plugin.plugin_auto_upgrade_service import PluginAutoUpgradeService
 from services.plugin.plugin_parameter_service import PluginParameterService
 from services.plugin.plugin_permission_service import PluginPermissionService
+from services.plugin.plugin_service import PluginService


 class ParserList(BaseModel):
--- a/api/controllers/console/workspace/snippets.py
+++ b/api/controllers/console/workspace/snippets.py
@ -0,0 +1,416 @@
+import logging
+import re
+from urllib.parse import quote
+
+from flask import Response, request
+from flask_restx import Resource, marshal
+from sqlalchemy.orm import Session
+from werkzeug.datastructures import MultiDict
+from werkzeug.exceptions import NotFound
+
+from controllers.common.schema import register_schema_models
+from controllers.console import console_ns
+from controllers.console.snippets.payloads import (
+    CreateSnippetPayload,
+    IncludeSecretQuery,
+    SnippetImportPayload,
+    SnippetListQuery,
+    UpdateSnippetPayload,
+)
+from controllers.console.wraps import (
+    account_initialization_required,
+    edit_permission_required,
+    setup_required,
+)
+from extensions.ext_database import db
+from fields.snippet_fields import snippet_fields, snippet_list_fields, snippet_pagination_fields
+from libs.login import current_account_with_tenant, login_required
+from models.snippet import SnippetType
+from services.app_dsl_service import ImportStatus
+from services.snippet_dsl_service import SnippetDslService
+from services.snippet_service import SnippetService
+
+logger = logging.getLogger(__name__)
+_TAG_IDS_BRACKET_PATTERN = re.compile(r"^tag_ids\[(\d+)\]$")
+_CREATOR_IDS_BRACKET_PATTERN = re.compile(r"^creator_ids\[(\d+)\]$")
+
+
+def _normalize_snippet_list_query_args(query_args: MultiDict[str, str]) -> dict[str, str | list[str]]:
+    normalized: dict[str, str | list[str]] = {}
+    indexed_tag_ids: list[tuple[int, str]] = []
+    indexed_creator_ids: list[tuple[int, str]] = []
+
+    for key in query_args:
+        match = _TAG_IDS_BRACKET_PATTERN.fullmatch(key)
+        if match:
+            indexed_tag_ids.extend((int(match.group(1)), value) for value in query_args.getlist(key))
+            continue
+
+        match = _CREATOR_IDS_BRACKET_PATTERN.fullmatch(key)
+        if match:
+            indexed_creator_ids.extend((int(match.group(1)), value) for value in query_args.getlist(key))
+            continue
+
+        value = query_args.get(key)
+        if value is not None:
+            normalized[key] = value
+
+    if indexed_tag_ids:
+        normalized["tag_ids"] = [value for _, value in sorted(indexed_tag_ids)]
+    if indexed_creator_ids:
+        normalized["creators"] = [value for _, value in sorted(indexed_creator_ids)]
+
+    return normalized
+
+
+# Register Pydantic models with Swagger
+register_schema_models(
+    console_ns,
+    SnippetListQuery,
+    CreateSnippetPayload,
+    UpdateSnippetPayload,
+    SnippetImportPayload,
+    IncludeSecretQuery,
+)
+
+# Create namespace models for marshaling
+snippet_model = console_ns.model("Snippet", snippet_fields)
+snippet_list_model = console_ns.model("SnippetList", snippet_list_fields)
+snippet_pagination_model = console_ns.model("SnippetPagination", snippet_pagination_fields)
+
+
+@console_ns.route("/workspaces/current/customized-snippets")
+class CustomizedSnippetsApi(Resource):
+    @console_ns.doc("list_customized_snippets")
+    @console_ns.expect(console_ns.models.get(SnippetListQuery.__name__))
+    @console_ns.response(200, "Snippets retrieved successfully", snippet_pagination_model)
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def get(self):
+        """List customized snippets with pagination and search."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        query = SnippetListQuery.model_validate(_normalize_snippet_list_query_args(request.args))
+
+        snippets, total, has_more = SnippetService.get_snippets(
+            tenant_id=current_tenant_id,
+            page=query.page,
+            limit=query.limit,
+            keyword=query.keyword,
+            is_published=query.is_published,
+            creators=query.creators,
+            tag_ids=query.tag_ids,
+        )
+
+        return {
+            "data": marshal(snippets, snippet_list_fields),
+            "page": query.page,
+            "limit": query.limit,
+            "total": total,
+            "has_more": has_more,
+        }, 200
+
+    @console_ns.doc("create_customized_snippet")
+    @console_ns.expect(console_ns.models.get(CreateSnippetPayload.__name__))
+    @console_ns.response(201, "Snippet created successfully", snippet_model)
+    @console_ns.response(400, "Invalid request")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def post(self):
+        """Create a new customized snippet."""
+        current_user, current_tenant_id = current_account_with_tenant()
+
+        payload = CreateSnippetPayload.model_validate(console_ns.payload or {})
+
+        try:
+            snippet_type = SnippetType(payload.type)
+        except ValueError:
+            snippet_type = SnippetType.NODE
+
+        try:
+            if payload.graph is not None:
+                SnippetService.validate_snippet_graph_forbidden_nodes(payload.graph)
+
+            snippet = SnippetService.create_snippet(
+                tenant_id=current_tenant_id,
+                name=payload.name,
+                description=payload.description,
+                snippet_type=snippet_type,
+                icon_info=payload.icon_info.model_dump() if payload.icon_info else None,
+                input_fields=[f.model_dump() for f in payload.input_fields] if payload.input_fields else None,
+                account=current_user,
+            )
+        except ValueError as e:
+            return {"message": str(e)}, 400
+
+        return marshal(snippet, snippet_fields), 201
+
+
+@console_ns.route("/workspaces/current/customized-snippets/<uuid:snippet_id>")
+class CustomizedSnippetDetailApi(Resource):
+    @console_ns.doc("get_customized_snippet")
+    @console_ns.response(200, "Snippet retrieved successfully", snippet_model)
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def get(self, snippet_id: str):
+        """Get customized snippet details."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        return marshal(snippet, snippet_fields), 200
+
+    @console_ns.doc("update_customized_snippet")
+    @console_ns.expect(console_ns.models.get(UpdateSnippetPayload.__name__))
+    @console_ns.response(200, "Snippet updated successfully", snippet_model)
+    @console_ns.response(400, "Invalid request")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def patch(self, snippet_id: str):
+        """Update customized snippet."""
+        current_user, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        payload = UpdateSnippetPayload.model_validate(console_ns.payload or {})
+        update_data = payload.model_dump(exclude_unset=True)
+
+        if "icon_info" in update_data and update_data["icon_info"] is not None:
+            update_data["icon_info"] = payload.icon_info.model_dump() if payload.icon_info else None
+
+        if not update_data:
+            return {"message": "No valid fields to update"}, 400
+
+        try:
+            with Session(db.engine, expire_on_commit=False) as session:
+                snippet = session.merge(snippet)
+                snippet = SnippetService.update_snippet(
+                    session=session,
+                    snippet=snippet,
+                    account_id=current_user.id,
+                    data=update_data,
+                )
+                session.commit()
+        except ValueError as e:
+            return {"message": str(e)}, 400
+
+        return marshal(snippet, snippet_fields), 200
+
+    @console_ns.doc("delete_customized_snippet")
+    @console_ns.response(204, "Snippet deleted successfully")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def delete(self, snippet_id: str):
+        """Delete customized snippet."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        with Session(db.engine) as session:
+            snippet = session.merge(snippet)
+            SnippetService.delete_snippet(
+                session=session,
+                snippet=snippet,
+            )
+            session.commit()
+
+        return "", 204
+
+
+@console_ns.route("/workspaces/current/customized-snippets/<uuid:snippet_id>/export")
+class CustomizedSnippetExportApi(Resource):
+    @console_ns.doc("export_customized_snippet")
+    @console_ns.doc(description="Export snippet configuration as DSL")
+    @console_ns.doc(params={"snippet_id": "Snippet ID to export"})
+    @console_ns.response(200, "Snippet exported successfully")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def get(self, snippet_id: str):
+        """Export snippet as DSL."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        # Get include_secret parameter
+        query = IncludeSecretQuery.model_validate(request.args.to_dict())
+
+        with Session(db.engine) as session:
+            export_service = SnippetDslService(session)
+            result = export_service.export_snippet_dsl(snippet=snippet, include_secret=query.include_secret == "true")
+
+        # Set filename with .snippet extension
+        filename = f"{snippet.name}.snippet"
+        encoded_filename = quote(filename)
+        
+        response = Response(
+            result,
+            mimetype="application/x-yaml",
+        )
+        response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
+        response.headers["Content-Type"] = "application/x-yaml"
+        
+        return response
+
+
+@console_ns.route("/workspaces/current/customized-snippets/imports")
+class CustomizedSnippetImportApi(Resource):
+    @console_ns.doc("import_customized_snippet")
+    @console_ns.doc(description="Import snippet from DSL")
+    @console_ns.expect(console_ns.models.get(SnippetImportPayload.__name__))
+    @console_ns.response(200, "Snippet imported successfully")
+    @console_ns.response(202, "Import pending confirmation")
+    @console_ns.response(400, "Import failed")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def post(self):
+        """Import snippet from DSL."""
+        current_user, _ = current_account_with_tenant()
+        payload = SnippetImportPayload.model_validate(console_ns.payload or {})
+
+        with Session(db.engine) as session:
+            import_service = SnippetDslService(session)
+            result = import_service.import_snippet(
+                account=current_user,
+                import_mode=payload.mode,
+                yaml_content=payload.yaml_content,
+                yaml_url=payload.yaml_url,
+                snippet_id=payload.snippet_id,
+                name=payload.name,
+                description=payload.description,
+            )
+            session.commit()
+
+        # Return appropriate status code based on result
+        status = result.status
+        if status == ImportStatus.FAILED:
+            return result.model_dump(mode="json"), 400
+        elif status == ImportStatus.PENDING:
+            return result.model_dump(mode="json"), 202
+        return result.model_dump(mode="json"), 200
+
+
+@console_ns.route("/workspaces/current/customized-snippets/imports/<string:import_id>/confirm")
+class CustomizedSnippetImportConfirmApi(Resource):
+    @console_ns.doc("confirm_snippet_import")
+    @console_ns.doc(description="Confirm a pending snippet import")
+    @console_ns.doc(params={"import_id": "Import ID to confirm"})
+    @console_ns.response(200, "Import confirmed successfully")
+    @console_ns.response(400, "Import failed")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def post(self, import_id: str):
+        """Confirm a pending snippet import."""
+        current_user, _ = current_account_with_tenant()
+
+        with Session(db.engine) as session:
+            import_service = SnippetDslService(session)
+            result = import_service.confirm_import(import_id=import_id, account=current_user)
+            session.commit()
+
+        if result.status == ImportStatus.FAILED:
+            return result.model_dump(mode="json"), 400
+        return result.model_dump(mode="json"), 200
+
+
+@console_ns.route("/workspaces/current/customized-snippets/<uuid:snippet_id>/check-dependencies")
+class CustomizedSnippetCheckDependenciesApi(Resource):
+    @console_ns.doc("check_snippet_dependencies")
+    @console_ns.doc(description="Check dependencies for a snippet")
+    @console_ns.doc(params={"snippet_id": "Snippet ID"})
+    @console_ns.response(200, "Dependencies checked successfully")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def get(self, snippet_id: str):
+        """Check dependencies for a snippet."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        with Session(db.engine) as session:
+            import_service = SnippetDslService(session)
+            result = import_service.check_dependencies(snippet=snippet)
+
+        return result.model_dump(mode="json"), 200
+
+
+@console_ns.route("/workspaces/current/customized-snippets/<uuid:snippet_id>/use-count/increment")
+class CustomizedSnippetUseCountIncrementApi(Resource):
+    @console_ns.doc("increment_snippet_use_count")
+    @console_ns.doc(description="Increment snippet use count by 1")
+    @console_ns.doc(params={"snippet_id": "Snippet ID"})
+    @console_ns.response(200, "Use count incremented successfully")
+    @console_ns.response(404, "Snippet not found")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @edit_permission_required
+    def post(self, snippet_id: str):
+        """Increment snippet use count when it is inserted into a workflow."""
+        _, current_tenant_id = current_account_with_tenant()
+
+        snippet = SnippetService.get_snippet_by_id(
+            snippet_id=str(snippet_id),
+            tenant_id=current_tenant_id,
+        )
+
+        if not snippet:
+            raise NotFound("Snippet not found")
+
+        with Session(db.engine) as session:
+            snippet = session.merge(snippet)
+            SnippetService.increment_use_count(session=session, snippet=snippet)
+            session.commit()
+            session.refresh(snippet)
+
+        return {"result": "success", "use_count": snippet.use_count}, 200
--- a/api/controllers/console/workspace/workspace.py
+++ b/api/controllers/console/workspace/workspace.py
@ -166,10 +166,10 @@ class TenantListApi(Resource):
                if tenant_plan:
                    plan = tenant_plan["plan"] or CloudPlan.SANDBOX
                else:
-                    features = FeatureService.get_features(tenant.id, exclude_vector_space=True)
+                    features = FeatureService.get_features(tenant.id)
                    plan = features.billing.subscription.plan or CloudPlan.SANDBOX
            elif not is_enterprise_only:
-                features = FeatureService.get_features(tenant.id, exclude_vector_space=True)
+                features = FeatureService.get_features(tenant.id)
                plan = features.billing.subscription.plan or CloudPlan.SANDBOX

            # Create a dictionary with tenant attributes
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@ -4,7 +4,6 @@ import os
 import time
 from collections.abc import Callable
 from functools import wraps
-from typing import Concatenate

 from flask import abort, request
 from sqlalchemy import select
@ -17,7 +16,6 @@ from extensions.ext_database import db
 from extensions.ext_redis import redis_client
 from libs.encryption import FieldEncryption
 from libs.login import current_account_with_tenant
-from models import Account
 from models.account import AccountStatus
 from models.dataset import RateLimitLog
 from models.model import DifySetup
@ -84,7 +82,9 @@ def only_edition_self_hosted[**P, R](view: Callable[P, R]) -> Callable[P, R]:
 def cloud_edition_billing_enabled[**P, R](view: Callable[P, R]) -> Callable[P, R]:
    @wraps(view)
    def decorated(*args: P.args, **kwargs: P.kwargs):
-        if not dify_config.BILLING_ENABLED:
+        _, current_tenant_id = current_account_with_tenant()
+        features = FeatureService.get_features(current_tenant_id)
+        if not features.billing.enabled:
            abort(403, "Billing feature is not enabled.")
        return view(*args, **kwargs)

@ -96,28 +96,21 @@ def cloud_edition_billing_resource_check[**P, R](resource: str) -> Callable[[Cal
        @wraps(view)
        def decorated(*args: P.args, **kwargs: P.kwargs):
            _, current_tenant_id = current_account_with_tenant()
-            if resource == "vector_space":
-                if not dify_config.BILLING_ENABLED:
-                    return view(*args, **kwargs)
-
-                vector_space = FeatureService.get_vector_space(current_tenant_id)
-                if 0 < vector_space.limit <= vector_space.size:
-                    abort(
-                        403,
-                        "The capacity of the knowledge storage space has reached the limit of your subscription.",
-                    )
-                return view(*args, **kwargs)
-
-            features = FeatureService.get_features(current_tenant_id, exclude_vector_space=True)
+            features = FeatureService.get_features(current_tenant_id)
            if features.billing.enabled:
                members = features.members
                apps = features.apps
+                vector_space = features.vector_space
                documents_upload_quota = features.documents_upload_quota
                annotation_quota_limit = features.annotation_quota_limit
                if resource == "members" and 0 < members.limit <= members.size:
                    abort(403, "The number of members has reached the limit of your subscription.")
                elif resource == "apps" and 0 < apps.limit <= apps.size:
                    abort(403, "The number of apps has reached the limit of your subscription.")
+                elif resource == "vector_space" and 0 < vector_space.limit <= vector_space.size:
+                    abort(
+                        403, "The capacity of the knowledge storage space has reached the limit of your subscription."
+                    )
                elif resource == "documents" and 0 < documents_upload_quota.limit <= documents_upload_quota.size:
                    # The api of file upload is used in the multiple places,
                    # so we need to check the source of the request from datasets
@ -147,7 +140,7 @@ def cloud_edition_billing_knowledge_limit_check[**P, R](
        @wraps(view)
        def decorated(*args: P.args, **kwargs: P.kwargs):
            _, current_tenant_id = current_account_with_tenant()
-            features = FeatureService.get_features(current_tenant_id, exclude_vector_space=True)
+            features = FeatureService.get_features(current_tenant_id)
            if features.billing.enabled:
                if resource == "add_segment":
                    if features.billing.subscription.plan == CloudPlan.SANDBOX:
@ -205,11 +198,15 @@ def cloud_utm_record[**P, R](view: Callable[P, R]) -> Callable[P, R]:
    @wraps(view)
    def decorated(*args: P.args, **kwargs: P.kwargs):
        with contextlib.suppress(Exception):
-            utm_info = request.cookies.get("utm_info")
-            if dify_config.BILLING_ENABLED and utm_info:
-                _, current_tenant_id = current_account_with_tenant()
-                utm_info_dict: UtmInfo = json.loads(utm_info)
-                OperationService.record_utm(current_tenant_id, utm_info_dict)
+            _, current_tenant_id = current_account_with_tenant()
+            features = FeatureService.get_features(current_tenant_id)
+
+            if features.billing.enabled:
+                utm_info = request.cookies.get("utm_info")
+
+                if utm_info:
+                    utm_info_dict: UtmInfo = json.loads(utm_info)
+                    OperationService.record_utm(current_tenant_id, utm_info_dict)

        return view(*args, **kwargs)

@ -298,7 +295,7 @@ def knowledge_pipeline_publish_enabled[**P, R](view: Callable[P, R]) -> Callable
    @wraps(view)
    def decorated(*args: P.args, **kwargs: P.kwargs):
        _, current_tenant_id = current_account_with_tenant()
-        features = FeatureService.get_features(current_tenant_id, exclude_vector_space=True)
+        features = FeatureService.get_features(current_tenant_id)
        if features.knowledge_pipeline.publish_enabled:
            return view(*args, **kwargs)
        abort(403)
@ -312,6 +309,7 @@ def edit_permission_required[**P, R](f: Callable[P, R]) -> Callable[P, R]:
        from werkzeug.exceptions import Forbidden

        from libs.login import current_user
+        from models import Account

        user = current_user._get_current_object()  # type: ignore
        if not isinstance(user, Account):
@ -329,6 +327,7 @@ def is_admin_or_owner_required[**P, R](f: Callable[P, R]) -> Callable[P, R]:
        from werkzeug.exceptions import Forbidden

        from libs.login import current_user
+        from models import Account

        user = current_user._get_current_object()
        if not isinstance(user, Account) or not user.is_admin_or_owner:
@ -496,25 +495,3 @@ def decrypt_code_field[**P, R](view: Callable[P, R]) -> Callable[P, R]:
        return view(*args, **kwargs)

    return decorated
-
-
-def with_current_tenant_id[T, **P, R](
-    view: Callable[Concatenate[T, str, P], R],
-) -> Callable[Concatenate[T, P], R]:
-    @wraps(view)
-    def decorated(self: T, *args: P.args, **kwargs: P.kwargs) -> R:
-        _, current_tenant_id = current_account_with_tenant()
-        return view(self, current_tenant_id, *args, **kwargs)
-
-    return decorated
-
-
-def with_current_user[T, **P, R](
-    view: Callable[Concatenate[T, Account, P], R],
-) -> Callable[Concatenate[T, P], R]:
-    @wraps(view)
-    def decorated(self: T, *args: P.args, **kwargs: P.kwargs) -> R:
-        current_user, _ = current_account_with_tenant()
-        return view(self, current_user, *args, **kwargs)
-
-    return decorated
--- a/api/controllers/files/image_preview.py
+++ b/api/controllers/files/image_preview.py
@ -1,5 +1,4 @@
 from urllib.parse import quote
-from uuid import UUID

 from flask import Response, request
 from flask_restx import Resource
@ -50,8 +49,8 @@ class ImagePreviewApi(Resource):
            415: "Unsupported file type",
        }
    )
-    def get(self, file_id: UUID):
-        file_id_str = str(file_id)
+    def get(self, file_id):
+        file_id = str(file_id)

        args = FileSignatureQuery.model_validate(request.args.to_dict(flat=True))
        timestamp = args.timestamp
@ -60,7 +59,7 @@ class ImagePreviewApi(Resource):

        try:
            generator, mimetype = FileService(db.engine).get_image_preview(
-                file_id=file_id_str,
+                file_id=file_id,
                timestamp=timestamp,
                nonce=nonce,
                sign=sign,
@ -92,14 +91,14 @@ class FilePreviewApi(Resource):
            415: "Unsupported file type",
        }
    )
-    def get(self, file_id: UUID):
-        file_id_str = str(file_id)
+    def get(self, file_id):
+        file_id = str(file_id)

        args = FilePreviewQuery.model_validate(request.args.to_dict(flat=True))

        try:
            generator, upload_file = FileService(db.engine).get_file_generator_by_file_id(
-                file_id=file_id_str,
+                file_id=file_id,
                timestamp=args.timestamp,
                nonce=args.nonce,
                sign=args.sign,
@ -160,10 +159,10 @@ class WorkspaceWebappLogoApi(Resource):
            415: "Unsupported file type",
        }
    )
-    def get(self, workspace_id: UUID):
-        workspace_id_str = str(workspace_id)
+    def get(self, workspace_id):
+        workspace_id = str(workspace_id)

-        custom_config = TenantService.get_custom_config(workspace_id_str)
+        custom_config = TenantService.get_custom_config(workspace_id)
        webapp_logo_file_id = custom_config.get("replace_webapp_logo") if custom_config is not None else None

        if not webapp_logo_file_id:
--- a/api/controllers/files/tool_files.py
+++ b/api/controllers/files/tool_files.py
@ -1,5 +1,4 @@
 from urllib.parse import quote
-from uuid import UUID

 from flask import Response, request
 from flask_restx import Resource
@ -46,19 +45,17 @@ class ToolFileApi(Resource):
            415: "Unsupported file type",
        }
    )
-    def get(self, file_id: UUID, extension: str):
-        file_id_str = str(file_id)
+    def get(self, file_id, extension):
+        file_id = str(file_id)

        args = ToolFileQuery.model_validate(request.args.to_dict())
-        if not verify_tool_file_signature(
-            file_id=file_id_str, timestamp=args.timestamp, nonce=args.nonce, sign=args.sign
-        ):
+        if not verify_tool_file_signature(file_id=file_id, timestamp=args.timestamp, nonce=args.nonce, sign=args.sign):
            raise Forbidden("Invalid request.")

        try:
            tool_file_manager = ToolFileManager()
            stream, tool_file = tool_file_manager.get_file_generator_by_tool_file_id(
-                file_id_str,
+                file_id,
            )

            if not stream or not tool_file:
--- a/api/controllers/openapi/init.py
+++ b/api/controllers/openapi/init.py
@ -1,142 +0,0 @@
-from flask import Blueprint
-from flask_restx import Namespace
-
-from libs.device_flow_security import attach_anti_framing
-from libs.external_api import ExternalApi
-
-bp = Blueprint("openapi", __name__, url_prefix="/openapi/v1")
-attach_anti_framing(bp)
-
-api = ExternalApi(
-    bp,
-    version="1.0",
-    title="OpenAPI",
-    description="User-scoped programmatic API (bearer auth)",
-)
-
-openapi_ns = Namespace("openapi", description="User-scoped operations", path="/")
-
-# Register response/query models BEFORE importing controller modules so that
-# @openapi_ns.response / @openapi_ns.expect decorators can resolve model names.
-from controllers.common.schema import register_response_schema_models, register_schema_models
-from controllers.openapi._models import (
-    AccountPayload,
-    AccountResponse,
-    AppDescribeInfo,
-    AppDescribeQuery,
-    AppDescribeResponse,
-    AppInfoResponse,
-    AppListQuery,
-    AppListResponse,
-    AppListRow,
-    AppRunRequest,
-    DeviceCodeRequest,
-    DeviceCodeResponse,
-    DeviceLookupQuery,
-    DeviceLookupResponse,
-    DeviceMutateRequest,
-    DeviceMutateResponse,
-    DevicePollRequest,
-    MemberActionResponse,
-    MemberInvitePayload,
-    MemberInviteResponse,
-    MemberListQuery,
-    MemberListResponse,
-    MemberResponse,
-    MemberRoleUpdatePayload,
-    MessageMetadata,
-    PermittedExternalAppsListQuery,
-    PermittedExternalAppsListResponse,
-    RevokeResponse,
-    ServerVersionResponse,
-    SessionListResponse,
-    SessionRow,
-    TagItem,
-    UsageInfo,
-    WorkflowRunData,
-    WorkspaceDetailResponse,
-    WorkspaceListResponse,
-    WorkspacePayload,
-    WorkspaceSummaryResponse,
-)
-from fields.file_fields import FileResponse
-
-register_schema_models(
-    openapi_ns,
-    AppDescribeQuery,
-    AppListQuery,
-    AppRunRequest,
-    DeviceCodeRequest,
-    DevicePollRequest,
-    DeviceLookupQuery,
-    DeviceMutateRequest,
-    MemberInvitePayload,
-    MemberListQuery,
-    MemberRoleUpdatePayload,
-    PermittedExternalAppsListQuery,
-)
-register_response_schema_models(
-    openapi_ns,
-    TagItem,
-    UsageInfo,
-    MessageMetadata,
-    AppListRow,
-    AppListResponse,
-    AppInfoResponse,
-    AppDescribeInfo,
-    AppDescribeResponse,
-    WorkflowRunData,
-    AccountPayload,
-    WorkspacePayload,
-    AccountResponse,
-    SessionRow,
-    SessionListResponse,
-    PermittedExternalAppsListResponse,
-    RevokeResponse,
-    WorkspaceSummaryResponse,
-    WorkspaceListResponse,
-    WorkspaceDetailResponse,
-    MemberResponse,
-    MemberListResponse,
-    MemberInviteResponse,
-    MemberActionResponse,
-    DeviceCodeResponse,
-    DeviceLookupResponse,
-    DeviceMutateResponse,
-    FileResponse,
-    ServerVersionResponse,
-)
-
-from . import (
-    _meta,
-    account,
-    app_run,
-    apps,
-    apps_permitted_external,
-    files,
-    human_input_form,
-    index,
-    oauth_device,
-    oauth_device_sso,
-    workflow_events,
-    workspaces,
-)
-
-# Request models are imported from _models.py and registered above.
-
-__all__ = [
-    "_meta",
-    "account",
-    "app_run",
-    "apps",
-    "apps_permitted_external",
-    "files",
-    "human_input_form",
-    "index",
-    "oauth_device",
-    "oauth_device_sso",
-    "workflow_events",
-    "workspaces",
-]
-
-api.add_namespace(openapi_ns)
--- a/api/controllers/openapi/_audit.py
+++ b/api/controllers/openapi/_audit.py
@ -1,66 +0,0 @@
-"""Audit emission for openapi app-run endpoints.
-
-Pattern: logger.info with extra={"audit": True, "event": "app.run.openapi", ...}
-matches the existing oauth_device convention. The EE OTel exporter consults
-its own allowlist to decide whether to ship the line.
-"""
-
-from __future__ import annotations
-
-import logging
-
-logger = logging.getLogger(__name__)
-
-EVENT_APP_RUN_OPENAPI = "app.run.openapi"
-EVENT_OPENAPI_WRONG_SURFACE_DENIED = "openapi.wrong_surface_denied"
-
-
-def emit_app_run(
-    *,
-    app_id: str,
-    tenant_id: str,
-    caller_kind: str,
-    mode: str,
-    surface: str,
-) -> None:
-    logger.info(
-        "audit: %s app_id=%s tenant_id=%s caller_kind=%s mode=%s surface=%s",
-        EVENT_APP_RUN_OPENAPI,
-        app_id,
-        tenant_id,
-        caller_kind,
-        mode,
-        surface,
-        extra={
-            "audit": True,
-            "event": EVENT_APP_RUN_OPENAPI,
-            "app_id": app_id,
-            "tenant_id": tenant_id,
-            "caller_kind": caller_kind,
-            "mode": mode,
-            "surface": surface,
-        },
-    )
-
-
-def emit_wrong_surface(
-    *,
-    subject_type: str | None,
-    attempted_path: str,
-    client_id: str | None,
-    token_id: str | None,
-) -> None:
-    logger.warning(
-        "audit: %s subject_type=%s attempted_path=%s",
-        EVENT_OPENAPI_WRONG_SURFACE_DENIED,
-        subject_type,
-        attempted_path,
-        extra={
-            "audit": True,
-            "event": EVENT_OPENAPI_WRONG_SURFACE_DENIED,
-            "subject_type": subject_type,
-            "attempted_path": attempted_path,
-            "client_id": client_id,
-            "token_id": token_id,
-        },
-    )
--- a/api/controllers/openapi/_input_schema.py
+++ b/api/controllers/openapi/_input_schema.py
@ -1,143 +0,0 @@
-"""Server-side JSON Schema derivation from Dify `user_input_form`."""
-
-from __future__ import annotations
-
-from typing import Any, cast
-
-from controllers.service_api.app.error import AppUnavailableError
-from models import App
-from models.model import AppMode
-
-JSON_SCHEMA_DRAFT = "https://json-schema.org/draft/2020-12/schema"
-
-EMPTY_INPUT_SCHEMA: dict[str, Any] = {
-    "$schema": JSON_SCHEMA_DRAFT,
-    "type": "object",
-    "properties": {},
-    "required": [],
-}
-
-_CHAT_FAMILY = frozenset({AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT})
-
-
-def _file_object_shape() -> dict[str, Any]:
-    """Single-file value shape. Forward-compat placeholder; refine when file-API contract pins."""
-    return {
-        "type": "object",
-        "properties": {
-            "type": {"type": "string"},
-            "transfer_method": {"type": "string"},
-            "url": {"type": "string"},
-            "upload_file_id": {"type": "string"},
-        },
-        "additionalProperties": True,
-    }
-
-
-def _row_to_schema(row_type: str, row: dict[str, Any]) -> dict[str, Any] | None:
-    label = row.get("label") or row.get("variable", "")
-    base: dict[str, Any] = {"title": label} if label else {}
-
-    if row_type in ("text-input", "paragraph"):
-        out: dict[str, Any] = {"type": "string"} | base
-        max_length = row.get("max_length")
-        if isinstance(max_length, int) and max_length > 0:
-            out["maxLength"] = max_length
-        return out
-
-    if row_type == "select":
-        return {"type": "string"} | base | {"enum": list(row.get("options") or [])}
-
-    if row_type == "number":
-        return {"type": "number"} | base
-
-    if row_type == "file":
-        return _file_object_shape() | base
-
-    if row_type == "file-list":
-        return {
-            "type": "array",
-            "items": _file_object_shape(),
-        } | base
-
-    return None
-
-
-def _form_to_jsonschema(form: list[dict[str, Any]]) -> tuple[dict[str, Any], list[str]]:
-    """Translate a user_input_form row list into (properties, required-list).
-
-    Each row is a single-key dict: `{"text-input": {variable, label, required, ...}}`.
-    Unknown variable types are skipped (forward-compat).
-    """
-    properties: dict[str, Any] = {}
-    required: list[str] = []
-    for row in form:
-        if not isinstance(row, dict) or len(row) != 1:
-            continue
-        ((row_type, row_body),) = row.items()
-        if not isinstance(row_body, dict):
-            continue
-        variable = row_body.get("variable")
-        if not variable:
-            continue
-        schema = _row_to_schema(row_type, row_body)
-        if schema is None:
-            continue
-        properties[variable] = schema
-        if row_body.get("required"):
-            required.append(variable)
-    return properties, required
-
-
-def resolve_app_config(app: App) -> tuple[dict[str, Any], list[dict[str, Any]]]:
-    """Resolve `(features_dict, user_input_form)` for parameters / schema derivation.
-
-    Raises `AppUnavailableError` on misconfigured apps.
-    """
-    if app.mode in {AppMode.ADVANCED_CHAT, AppMode.WORKFLOW}:
-        workflow = app.workflow
-        if workflow is None:
-            raise AppUnavailableError()
-        return (
-            workflow.features_dict,
-            cast(list[dict[str, Any]], workflow.user_input_form(to_old_structure=True)),
-        )
-
-    app_model_config = app.app_model_config
-    if app_model_config is None:
-        raise AppUnavailableError()
-    features_dict = cast(dict[str, Any], app_model_config.to_dict())
-    return features_dict, cast(list[dict[str, Any]], features_dict.get("user_input_form", []))
-
-
-def build_input_schema(app: App) -> dict[str, Any]:
-    """Derive Draft 2020-12 JSON Schema from `user_input_form` + app mode.
-
-    chat / agent-chat / advanced-chat: top-level `query` (required, minLength=1) + `inputs` object.
-    completion / workflow: `inputs` object only.
-    Raises `AppUnavailableError` on misconfigured apps.
-    """
-    _, user_input_form = resolve_app_config(app)
-    inputs_props, inputs_required = _form_to_jsonschema(user_input_form)
-
-    properties: dict[str, Any] = {}
-    required: list[str] = []
-
-    if app.mode in _CHAT_FAMILY:
-        properties["query"] = {"type": "string", "minLength": 1}
-        required.append("query")
-
-    properties["inputs"] = {
-        "type": "object",
-        "properties": inputs_props,
-        "required": inputs_required,
-        "additionalProperties": False,
-    }
-    required.append("inputs")
-
-    return {
-        "$schema": JSON_SCHEMA_DRAFT,
-        "type": "object",
-        "properties": properties,
-        "required": required,
-    }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
FFXN	a380fcc6f7	feat: snippets feature	2026-06-03 19:01:57 +08:00
github-actions[bot]	35a55813d2	chore(i18n): sync translations with en-US (#37011 ) Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>	2026-06-03 09:42:37 +00:00
Yunlu Wen	a247d625e5	chore(deps): bump pyjwt to 2.13.0 (#37008 )	2026-06-03 09:39:58 +00:00
yyh	5c7f05bd10	fix(web): auth form state management (#37003 )	2026-06-03 09:14:01 +00:00
Siyu/Audrey Xiao	02e1a60cde	chore: add missing @override decorator to api/configs (#37006 ) Co-authored-by: mac <mac@1234.local>	2026-06-03 09:11:50 +00:00
chariri	57b573d02b	refactor(api): migrate tenant/user via DI for several endpoints (#37004 )	2026-06-03 08:59:00 +00:00
yyh	9de40e8f21	chore: update Claude skill links (#36997 )	2026-06-03 08:00:35 +00:00
Xiyuan Chen	cad0942f4d	fix(api): enforce workspace membership + role checks in auth pipeline (#36931 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 07:31:47 +00:00
-LAN-	cb9b1b593e	feat: add Milvus TLS env examples (#36980 )	2026-06-03 07:16:18 +00:00
呆萌闷油瓶	2a8bdc2373	fix: pydantic_core._pydantic_core.ValidationError: 2 validation errors for DatasetDetailResponse (#36753 )	2026-06-03 07:10:55 +00:00
WUMIKE233	ee6a07d13c	refactor: use explicit session in inner api user auth (#36995 )	2026-06-03 07:06:38 +00:00
yyh	2d6c9300e3	fix(api): tighten agent v2 generated contracts (#36989 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 06:52:40 +00:00
Myshkin451	d6b4c800c2	refactor(web): migrate account education notice storage (#36991 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 06:39:22 +00:00
yyh	1b37635f92	fix: configure server console api url (#36958 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 06:22:46 +00:00
Joel	86af36429d	fix: create app from template modal has no backdrop (#36987 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 06:14:46 +00:00
Asuka Minato	b96ea94505	chore: add :str to <path: parameter (#36913 ) Co-authored-by: 99 <wh2099@pm.me> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 05:25:11 +00:00
eryue0220	d649cccda0	chore: add missing @override decorato to `api/extensions` (#36941 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org>	2026-06-03 05:25:08 +00:00
lmlm	5cbbd78f38	refactor(web): migrate chat sidebar collapse storage (#36963 ) Co-authored-by: lmlm <7487674+popsiclelmlm@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 04:40:48 +00:00
Evan	5a0ad4ecd9	fix: normalize json_schema from string to dict in VariableEntity (#36777 )	2026-06-03 04:33:25 +00:00
Li zhongyu	1e76b9e1b8	refactor(web): migrate workflow-node-panel-width to useSetLocalStorage (#36983 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 04:32:41 +00:00
chariri	1b972c4e09	refactor(api): migrate tenant/user via DI for several endpoints (#36971 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 04:24:17 +00:00
Li zhongyu	7968d2c3c8	refactor(web): migrate workflow-variable-inpsect-panel-height to useSetLocalStorage (#36982 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 03:48:59 +00:00
Li zhongyu	7507e9ba67	refactor(web): migrate debug-and-preview-panel-width to useSetLocalStorage (#36977 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 03:27:15 +00:00
y	ca31762e26	refactor(web): migrate education verifying storage to useLocalStorage (#36934 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-03 02:16:59 +00:00
Asuka Minato	f591da7865	ci: ruff cover agent (#36949 )	2026-06-02 11:40:19 +00:00
Yunlu Wen	f19679b217	refactor: improve network error and allow verbose output (#36923 )	2026-06-02 10:43:40 +00:00
lmlm	b682591c7a	refactor(web): migrate question classifier label hint storage (#36932 ) Co-authored-by: lmlm <7487674+popsiclelmlm@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 10:28:50 +00:00
Myshkin451	8f6b59feff	refactor(web): migrate rag recommendations collapsed storage (#36940 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 09:08:51 +00:00
Zongrong Li	99833f65d8	refactor(web): migrate NEED_REFRESH_APP_LIST_KEY to useLocalStorage/useSetLocalStorage (#36908 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: yyh <yuanyouhuilyz@gmail.com>	2026-06-02 08:41:01 +00:00
yyh	696fc5c213	refactor(web): manage goto anything open state with atom (#36938 )	2026-06-02 08:23:18 +00:00
盐粒 Yanli	eae44cfecb	feat(dify-agent): add shell layer (#36838 )	2026-06-02 07:54:52 +00:00
yyh	dea4e66456	fix(web): use generated account-profile contracts (#36927 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 07:28:05 +00:00
Evan	3cd0da303a	refactor: remove unused Flask-RESTX field dicts from end_user and conversation_variable fields (#28015 ) (#36929 )	2026-06-02 07:27:23 +00:00
zyssyz123	888483a2f8	fix: user token (#36930 )	2026-06-02 07:20:07 +00:00
Likalikali	7056985f72	refactor: inject current user id in stop message endpoints (#36925 ) Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 06:48:10 +00:00
Xiyuan Chen	6ce61eae59	fix(cli): invalidate app metadata cache on 422 to clear stale data (#36921 )	2026-06-02 05:20:33 +00:00
yyh	079af312c6	fix(contracts): include account avatar url in profile schema (#36924 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 04:30:47 +00:00
Xiyuan Chen	0da13dfe4d	refactor(cli): unify token storage behind Store + add host/account switching (#36830 )	2026-06-02 04:05:53 +00:00
lmlm	1ff4d75084	refactor(web): migrate anthropic quota notice storage (#36922 ) Co-authored-by: lmlm <7487674+popsiclelmlm@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>	2026-06-02 04:05:15 +00:00
zyssyz123	e35d23c3cb	feat(api): Agent App type S1 — AppMode.AGENT + create flow + binding (#36829 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 03:50:10 +00:00
Cocoon-Break	e530e84772	refactor(web): migrate NOTE_SHOW_AUTHOR_STORAGE_KEY to useLocalStorage/useSetLocalStorage (#36915 ) Signed-off-by: Cocoon-Break <54054995+kuishou68@users.noreply.github.com> Co-authored-by: lingxiu58 <86288566+lingxiu58@users.noreply.github.com> Co-authored-by: pojian68 <232320289+pojian68@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>	2026-06-02 03:44:47 +00:00
Myshkin451	2257a4f1ef	refactor(web): migrate workflow featured collapsed storage (#36918 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 03:40:59 +00:00
yyh	f465dc5090	fix(web): defer react-scan loader (#36920 )	2026-06-02 03:34:55 +00:00
Stephen Zhou	5c1cfe6ada	chore: ignore .vinext (#36914 )	2026-06-02 02:43:15 +00:00
QuantumGhost	8d401d84c7	chore(api): adjust migration timestamp metadata for a1b2c3d4e5f6 (#36910 )	2026-06-02 02:22:47 +00:00
Stephen Zhou	b74287c2ab	chore: update deps (#36911 )	2026-06-02 02:10:59 +00:00
goingforstudying-ctrl	c64d3e98c4	fix(tools): use short-lived sessions for icon lookups to prevent idle-in-transaction (#36903 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-02 01:59:10 +00:00
yyh	a3265f722e	docs: add client state guidelines (#36900 )	2026-06-01 11:44:50 +00:00
Escape0707	5658065b97	test: satisfy strict pyrefly for migrated container tests (#36791 )	2026-06-01 11:09:40 +00:00
yyh	8fc2807194	feat(web): create system-features vertical (#36894 )	2026-06-01 10:15:25 +00:00
非法操作	fc7716704d	chore: not request system-features for cloud edition (#36891 ) Co-authored-by: yyh <yuanyouhuilyz@gmail.com>	2026-06-01 09:31:16 +00:00
-LAN-	71ffaacb58	fix(api): centralize remote file retrieval (#36399 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-06-01 09:25:08 +00:00
L1nSn0w	cfc1cf2b8c	refactor(cli/http): replace ky with a self-contained HTTP client (#36711 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-01 09:04:42 +00:00
yyh	055d9b9f0a	refactor(web): migrate local storage hook usage (#36890 )	2026-06-01 08:20:13 +00:00
yyh	21711bebeb	refactor(web): migrate local storage access to react hook (#36888 )	2026-06-01 07:57:54 +00:00
yyh	becccbf288	fix(web): read pnpm config env in standalone start (#36887 )	2026-06-01 07:18:50 +00:00
YungLe	86497045c9	feat: per-credential visibility control for plugin credentials (#35468 ) Co-authored-by: Yang <yang@Yangs-MacBook-Pro.local> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-01 05:56:18 +00:00
Haijie Zhi	687a177b24	chore: add override decorators to core repositories (#36885 )	2026-06-01 05:24:21 +00:00
meaqua9420	4a6d278354	refactor(web): mark workflow run props readonly (#36857 )	2026-06-01 05:06:21 +00:00
yyh	7d69302e9f	chore: update deps (#36884 )	2026-06-01 04:28:04 +00:00
yyh	bcd573e560	fix(web): respect marketplace feature flag in model selector (#36883 )	2026-06-01 04:11:58 +00:00
yyh	07c0c4e7b1	chore(web): remove TanStack devtools (#36882 )	2026-06-01 03:57:50 +00:00
yyh	a8a2ca7b98	chore(cli): move eslint config into cli package (#36878 )	2026-06-01 03:54:14 +00:00
krishkantiuj-ren	de47d43b65	refactor: convert isinstance chains to match/case syntax (#36862 ) Co-authored-by: krishkantiuj-ren <hiccup.cc.3@gmail.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org>	2026-06-01 03:45:19 +00:00
WOLIKIMCHENG	240912cef5	fix(api): preserve hierarchical estimate rules (#36852 ) Co-authored-by: root <kinsonnee@gmail.com>	2026-06-01 03:16:09 +00:00
Minh Triet Bui	72e040ead3	docs: add security policy (#36873 )	2026-06-01 09:58:32 +08:00
Yunlu Wen	c0ee821d45	refactor: use absolute path for inter dir importing (#36822 ) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-01 01:32:16 +00:00
御风	c7c3296572	fix: MCP search results include only MCP providers (#36871 ) Co-authored-by: LL201314-II <you@example.com>	2026-06-01 01:13:51 +00:00
shuntaro okuma	e7be04fd58	fix(api): dedup EndUser in plugin get_user by session_id for Reverse Invocation (#36742 )	2026-06-01 00:57:29 +00:00
Evan	df6b5be50a	refactor: convert isinstance chains to match/case (part 5) (#36503 )	2026-05-31 15:08:59 +00:00
duongynhi000005-oss	8e5f09091b	refactor: convert if isinstance chains to match case (#36846 ) Co-authored-by: duongynhi000005-oss <duongynhi000005-oss@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org>	2026-05-31 15:05:43 +00:00
Tianle	0a3005701f	refactor: inject current user into user-only controllers (#36754 ) Co-authored-by: Asuka Minato <i@asukaminato.eu.org>	2026-05-31 15:03:15 +00:00
Evan	d8571ce965	refactor: convert isinstance chains to match/case (part 4) (#36274 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org>	2026-05-31 14:44:17 +00:00
duongynhi000005-oss	f241ae25be	fix: #36585 dep inject current user id (#36845 ) Co-authored-by: duongynhi000005-oss <duongynhi000005-oss@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-31 14:37:39 +00:00
Evan	c6474a2a8b	refactor: convert isinstance chains to match/case (part 8) (#36869 )	2026-05-31 14:11:05 +00:00
yyh	480d05bc48	fix(web): prefetch workspace and guard routes with contract query (#36870 )	2026-05-31 14:02:00 +00:00
yyh	f75725ccd9	feat(web): add server oRPC client (#36856 )	2026-05-31 13:14:28 +00:00
yyh	2fe8c48255	refactor(web): scope workflow hotkeys (#36860 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-31 13:14:13 +00:00
非法操作	ec5404cc9d	chore: split trial models to a single API (#36796 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-31 13:09:13 +00:00
yyh	20f62b9919	fix(web): use generated current workspace query (#36843 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-31 13:04:18 +00:00
非法操作	04f5555580	chore: split to single app_dsl_version API (#36864 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-31 12:13:44 +00:00
krishkantiuj-ren	129af96c23	chore: add missing @override decorators to pipeline WorkflowAppGenerateResponseConverter (#36859 ) Co-authored-by: krishkantiuj-ren <hiccup.cc.3@gmail.com>	2026-05-31 12:02:17 +00:00
Asuka Minato	df40960f5d	chore: dep inject for model (#36750 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: WH-2099 <wh2099@pm.me>	2026-05-30 17:40:46 +00:00
chariri	599960024d	refactor(api): migrate console/service_api.dataset.document to BaseModel (#36506 ) Co-authored-by: WH-2099 <wh2099@pm.me> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-30 14:38:27 +00:00
yyh	6805d9bfc0	fix(auth): reset profile query after login (#36851 )	2026-05-30 14:34:04 +00:00
chariri	928f888ef5	refactor(api): migrate console/service_api.dataset.segment to BaseModel (#36522 ) Co-authored-by: WH-2099 <wh2099@pm.me> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-30 13:54:01 +00:00
yyh	f46c03460e	fix(auth): avoid leaking request origin in refresh redirects (#36847 )	2026-05-30 05:55:18 +00:00
Myshkin451	0b60338ad5	chore: reuse injected SQLAlchemy sessions in app read paths (#36798 )	2026-05-30 00:23:58 +00:00
yyh	91ac465982	fix(web): use default profile query cache (#36832 )	2026-05-29 14:18:39 +00:00
yyh	9490d63c50	refactor(web): remove app initializer and move auth boot logic to route boundaries (#36818 )	2026-05-29 12:26:34 +00:00
非法操作	ae538ced47	chore: using single SSH_SCRIPT for saas dev (#36827 )	2026-05-29 10:07:15 +00:00
Evan	487249728b	fix: remove unnecessary # type: ignore comments (#24494 ) (#36825 )	2026-05-29 09:41:32 +00:00
Evan	372a2e3e9c	refactor: convert isinstance chains to match/case (part 7) (#35902 ) (#36826 )	2026-05-29 09:40:33 +00:00
Yunlu Wen	4939a9c33d	refactor: add ts common style check for web and cli (#36823 )	2026-05-29 09:26:32 +00:00
Yunlu Wen	b6f92f1dc4	fix(cli): fix style (#36821 )	2026-05-29 08:34:36 +00:00
非法操作	ce276573a8	chore: deploy saas dev workflow (#36819 )	2026-05-29 08:30:55 +00:00
Yunlu Wen	5070cc9668	refactor(cli): optimize error handling in flag parsing (#36810 )	2026-05-29 07:39:26 +00:00
Joel	a392a72960	chore: not store search tag condition in url (#36814 )	2026-05-29 07:30:35 +00:00
Xiyuan Chen	30270b5c30	fix(device): surface SSO errors on /device and fix CLI null-account crash on external-SSO login (#36781 )	2026-05-29 06:51:34 +00:00
Joel	24715a9570	chore: unified plugin status icon position (#36816 )	2026-05-29 06:45:25 +00:00
WOLIKIMCHENG	c530a5d272	fix(api): validate annotation list pagination query (#36807 ) Co-authored-by: root <kinsonnee@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-29 06:25:48 +00:00
Joel	418ee7398e	fix: install failed plugin dose not show icon (#36811 )	2026-05-29 06:07:43 +00:00
Escape0707	78f40c0d25	test: stabilize modal context pricing test (#36524 )	2026-05-29 05:19:37 +00:00
zyssyz123	2cc567c6a3	feat: add DTO for agent api (#36797 ) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-29 03:36:41 +00:00
Escape0707	a180ab19e4	chore: type check test container tests (#36790 )	2026-05-29 01:54:25 +00:00
Escape0707	13eaa436e7	test: isolate Redis state in container tests (#36740 )	2026-05-28 12:42:25 +00:00
Yunlu Wen	3596d12e4c	refactor(cli): use Store interface as token storage (#36726 )	2026-05-28 10:02:51 +00:00
Xiyuan Chen	e8de10a3b5	feat(docker): add missing OPENAPI_* env vars to shared.env.example (#36752 )	2026-05-28 08:52:03 +00:00
wangxiaolei	f5ab5e7eb3	fix: fix cannot extract elements from a scalar (#36769 )	2026-05-28 07:31:36 +00:00
Blackoutta	0c40e1c2a0	feat: add cross-environment app migration workflow (#36765 ) Co-authored-by: XW <wei.xu1@wiz.ai> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2026-05-28 07:30:33 +00:00
Aladdin Aliyev	c29d76757e	docs(api): fix typo in vector migration docstrings (#36741 )	2026-05-28 07:15:34 +00:00
Crazywoola	91c1d3ad81	fix: handle null plugin badges (#36767 )	2026-05-28 07:00:32 +00:00
Nishchay Mahor	57b02e341c	refactor: add @override decorators to storage backend subclasses (#36406 ) (#36755 )	2026-05-28 06:04:47 +00:00
Xiyuan Chen	b94ff65e9f	fix(docker): copy dify-agent source into production stage (#36757 )	2026-05-28 06:01:11 +00:00
Escape0707	678260e34e	test: migrate workspace members tests to containers (#36738 ) Co-authored-by: jamesrayammons <63717587+jamesrayammons@users.noreply.github.com>	2026-05-28 06:01:05 +00:00
Kuroda Kayn	739e34d08a	fix(docker): pin web docker node version (#36756 )	2026-05-28 05:25:41 +00:00
-LAN-	825fb9cb89	chore(codeowners): add Riskey for service API docs (#36731 )	2026-05-28 05:06:12 +00:00