chore: exclude api and dify-agent from fmt

style: apply vp fmt baseline
chore: align fmt and lint boundaries
2026-06-24 16:18:13 +08:00 · 2026-06-15 18:02:36 +08:00 · 2026-06-15 17:51:17 +08:00 · 2026-06-15 17:51:16 +08:00 · 2026-06-15 09:29:53 +00:00 · 2026-06-15 17:24:49 +08:00
7879 changed files with 254724 additions and 376220 deletions
--- a/.agents/skills/backend-code-review/SKILL.md
+++ b/.agents/skills/backend-code-review/SKILL.md
@ -28,6 +28,7 @@ Follow these steps when using this skill:
 3. Compose the final output strictly follow the **Required Output Format**.

 Notes when using this skill:
+
 - Always include actionable fixes or suggestions (including possible code snippets).
 - Use best-effort `File:Line` references when a file path and line numbers are available; otherwise, use the most specific identifier you can.

@ -43,6 +44,7 @@ Notes when using this skill:
 ### 1. Security Review

 Check for:
+
 - SQL injection vulnerabilities
 - Server-Side Request Forgery (SSRF)
 - Command injection
@ -54,6 +56,7 @@ Check for:
 ### 2. Performance Review

 Check for:
+
 - N+1 queries
 - Missing database indexes
 - Memory leaks
@ -63,6 +66,7 @@ Check for:
 ### 3. Code Quality Review

 Check for:
+
 - Code forward compatibility
 - Code duplication (DRY violations)
 - Functions doing too much (SRP violations)
@ -75,6 +79,7 @@ Check for:
 ### 4. Testing Review

 Check for:
+
 - Missing test coverage for new code
 - Tests that don't test behavior
 - Flaky test patterns
@ -108,6 +113,7 @@ FilePath: <path> line <line>
 2. <code example> (optional, omit if not applicable)

 ---
+
 ... (repeat for each critical issue) ...

 Found <Y> suggestions for improvement:
@ -129,11 +135,13 @@ FilePath: <path> line <line>
 2. <code example> (optional, omit if not applicable)

 ---
+
 ... (repeat for each suggestion) ...

 Found <Z> optional nits:

 ## 🟢 Nits (Optional)
+
 ### 1. <brief description of the nit>

 FilePath: <path> line <line>
@ -148,6 +156,7 @@ FilePath: <path> line <line>
 - <minor suggestions>

 ---
+
 ... (repeat for each nits) ...

 ## ✅ What's Good
@ -164,5 +173,6 @@ FilePath: <path> line <line>

 ```markdown
 ## Code Review Summary
+
 ✅ No issues found.
-```
+```
--- a/.agents/skills/backend-code-review/references/architecture-rule.md
+++ b/.agents/skills/backend-code-review/references/architecture-rule.md
@ -1,11 +1,13 @@
 # Rule Catalog — Architecture

 ## Scope
+
 - Covers: controller/service/core-domain/libs/model layering, dependency direction, responsibility placement, observability-friendly flow.

 ## Rules

 ### Keep business logic out of controllers
+
 - Category: maintainability
 - Severity: critical
 - Description: Controllers should parse input, call services, and return serialized responses. Business decisions inside controllers make behavior hard to reuse and test.
@ -33,12 +35,14 @@
    ```

 ### Preserve layer dependency direction
+
 - Category: best practices
 - Severity: critical
 - Description: Controllers may depend on services, and services may depend on core/domain abstractions. Reversing this direction (for example, core importing controller/web modules) creates cycles and leaks transport concerns into domain code.
 - Suggested fix: Extract shared contracts into core/domain or service-level modules and make upper layers depend on lower, not the reverse.
 - Example:
  - Bad:
+
    ```python
    # core/policy/publish_policy.py
    from controllers.console.app import request_context
@ -46,7 +50,9 @@
    def can_publish() -> bool:
        return request_context.current_user.is_admin
    ```
+
  - Good:
+
    ```python
    # core/policy/publish_policy.py
    def can_publish(role: str) -> bool:
@ -57,6 +63,7 @@
    ```

 ### Keep libs business-agnostic
+
 - Category: maintainability
 - Severity: critical
 - Description: Modules under `api/libs/` should remain reusable, business-agnostic building blocks. They must not encode product/domain-specific rules, workflow orchestration, or business decisions.
@ -65,6 +72,7 @@
  - Keep `libs` dependencies clean: avoid importing service/controller/domain-specific modules into `api/libs/`.
 - Example:
  - Bad:
+
    ```python
    # api/libs/conversation_filter.py
    from services.conversation_service import ConversationService
@ -76,7 +84,9 @@
            return conversation.idle_days > 90
        return conversation.idle_days > 30
    ```
+
  - Good:
+
    ```python
    # api/libs/datetime_utils.py (business-agnostic helper)
    def older_than_days(idle_days: int, threshold_days: int) -> bool:
@ -88,4 +98,4 @@
    def should_archive_conversation(conversation, tenant_id: str) -> bool:
        threshold_days = 90 if has_paid_plan(tenant_id) else 30
        return older_than_days(conversation.idle_days, threshold_days)
-    ```
+    ```
--- a/.agents/skills/backend-code-review/references/db-schema-rule.md
+++ b/.agents/skills/backend-code-review/references/db-schema-rule.md
@ -1,12 +1,14 @@
 # Rule Catalog — DB Schema Design

 ## Scope
+
 - Covers: model/base inheritance, schema boundaries in model properties, tenant-aware schema design, index redundancy checks, dialect portability in models, and cross-database compatibility in migrations.
 - Does NOT cover: session lifecycle, transaction boundaries, and query execution patterns (handled by `sqlalchemy-rule.md`).

 ## Rules

 ### Do not query other tables inside `@property`
+
 - Category: [maintainability, performance]
 - Severity: critical
 - Description: A model `@property` must not open sessions or query other tables. This hides dependencies across models, tightly couples schema objects to data access, and can cause N+1 query explosions when iterating collections.
@ -16,6 +18,7 @@
  - For list/batch reads, fetch required related data explicitly (join/preload/bulk query) before rendering derived values.
 - Example:
  - Bad:
+
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
@ -26,7 +29,9 @@
                app = session.execute(select(App).where(App.id == self.app_id)).scalar_one()
                return app.name
    ```
+
  - Good:
+
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
@ -40,6 +45,7 @@
    ```

 ### Prefer including `tenant_id` in model definitions
+
 - Category: maintainability
 - Severity: suggestion
 - Description: In multi-tenant domains, include `tenant_id` in schema definitions whenever the entity belongs to tenant-owned data. This improves data isolation safety and keeps future partitioning/sharding strategies practical as data volume grows.
@ -49,6 +55,7 @@
  - Exception: if a table is explicitly designed as non-tenant-scoped global metadata, document that design decision clearly.
 - Example:
  - Bad:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -57,7 +64,9 @@
        id: Mapped[str] = mapped_column(StringUUID, primary_key=True)
        name: Mapped[str] = mapped_column(sa.String(255), nullable=False)
    ```
+
  - Good:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -69,6 +78,7 @@
    ```

 ### Detect and avoid duplicate/redundant indexes
+
 - Category: performance
 - Severity: suggestion
 - Description: Review index definitions for leftmost-prefix redundancy. For example, index `(a, b, c)` can safely cover most lookups for `(a, b)`. Keeping both may increase write overhead and can mislead the optimizer into suboptimal execution plans.
@ -93,6 +103,7 @@
    ```

 ### Avoid PostgreSQL-only dialect usage in models; wrap in `models.types`
+
 - Category: maintainability
 - Severity: critical
 - Description: Model/schema definitions should avoid PostgreSQL-only constructs directly in business models. When database-specific behavior is required, encapsulate it in `api/models/types.py` using both PostgreSQL and MySQL dialect implementations, then consume that abstraction from model code.
@ -101,6 +112,7 @@
  - Add or extend wrappers in `models.types` (for example, `AdjustedJSON`, `LongText`, `BinaryData`) to normalize behavior across PostgreSQL and MySQL.
 - Example:
  - Bad:
+
    ```python
    from sqlalchemy.dialects.postgresql import JSONB
    from sqlalchemy.orm import Mapped
@ -109,7 +121,9 @@
        __tablename__ = "tool_configs"
        config: Mapped[dict] = mapped_column(JSONB, nullable=False)
    ```
+
  - Good:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -121,6 +135,7 @@
    ```

 ### Guard migration incompatibilities with dialect checks and shared types
+
 - Category: maintainability
 - Severity: critical
 - Description: Migration scripts under `api/migrations/versions/` must account for PostgreSQL/MySQL incompatibilities explicitly. For dialect-sensitive DDL or defaults, branch on the active dialect (for example, `conn.dialect.name == "postgresql"`), and prefer reusable compatibility abstractions from `models.types` where applicable.
@ -142,6 +157,7 @@
        )
    ```
  - Good:
+
    ```python
    def _is_pg(conn) -> bool:
        return conn.dialect.name == "postgresql"
--- a/.agents/skills/backend-code-review/references/repositories-rule.md
+++ b/.agents/skills/backend-code-review/references/repositories-rule.md
@ -1,17 +1,19 @@
 # Rule Catalog - Repositories Abstraction

 ## Scope
+
 - Covers: when to reuse existing repository abstractions, when to introduce new repositories, and how to preserve dependency direction between service/core and infrastructure implementations.
 - Does NOT cover: SQLAlchemy session lifecycle and query-shape specifics (handled by `sqlalchemy-rule.md`), and table schema/migration design (handled by `db-schema-rule.md`).

 ## Rules

 ### Introduce repositories abstraction
+
 - Category: maintainability
 - Severity: suggestion
 - Description: If a table/model already has a repository abstraction, all reads/writes/queries for that table should use the existing repository. If no repository exists, introduce one only when complexity justifies it, such as large/high-volume tables, repeated complex query logic, or likely storage-strategy variation.
 - Suggested fix:
-  - First check  `api/repositories`, `api/core/repositories`, and `api/extensions/*/repositories/` to verify whether the table/model already has a repository abstraction. If it exists, route all operations through it and add missing repository methods instead of bypassing it with ad-hoc SQLAlchemy access.
+  - First check `api/repositories`, `api/core/repositories`, and `api/extensions/*/repositories/` to verify whether the table/model already has a repository abstraction. If it exists, route all operations through it and add missing repository methods instead of bypassing it with ad-hoc SQLAlchemy access.
  - If no repository exists, add one only when complexity warrants it (for example, repeated complex queries, large data domains, or multiple storage strategies), while preserving dependency direction (service/core depends on abstraction; infra provides implementation).
 - Example:
  - Bad:
@ -26,6 +28,7 @@
            self.session.commit()
    ```
  - Good:
+
    ```python
    # Case A: Existing repository must be reused for all table operations.
    class AppService:
@ -37,6 +40,7 @@
    # If the query is missing, extend the existing abstraction.
    active_apps = self.app_repo.list_active_for_tenant(tenant_id=tenant_id)
    ```
+
  - Bad:
    ```python
    # No repository exists, but large-domain query logic is scattered in service code.
@ -46,6 +50,7 @@
            # many filters/joins/pagination variants duplicated across services
    ```
  - Good:
+
    ```python
    # Case B: Introduce repository for large/complex domains or storage variation.
    class ConversationRepository(Protocol):
--- a/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
+++ b/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
@ -1,12 +1,14 @@
 # Rule Catalog — SQLAlchemy Patterns

 ## Scope
+
 - Covers: SQLAlchemy session and transaction lifecycle, query construction, tenant scoping, raw SQL boundaries, and write-path concurrency safeguards.
 - Does NOT cover: table/model schema and migration design details (handled by `db-schema-rule.md`).

 ## Rules

 ### Use Session context manager with explicit transaction control behavior
+
 - Category: best practices
 - Severity: critical
 - Description: Session and transaction lifecycle must be explicit and bounded on write paths. Missing commits can silently drop intended updates, while ad-hoc or long-lived transactions increase contention, lock duration, and deadlock risk.
@ -16,6 +18,7 @@
  - Keep transaction windows short: avoid network I/O, heavy computation, or unrelated work inside the transaction.
 - Example:
  - Bad:
+
    ```python
    # Missing commit: write may never be persisted.
    with Session(db.engine, expire_on_commit=False) as session:
@ -28,7 +31,9 @@
        run.status = "cancelled"
        call_external_api()
    ```
+
  - Good:
+
    ```python
    # Option 1: explicit commit.
    with Session(db.engine, expire_on_commit=False) as session:
@ -46,6 +51,7 @@
    ```

 ### Enforce tenant_id scoping on shared-resource queries
+
 - Category: security
 - Severity: critical
 - Description: Reads and writes against shared tables must be scoped by `tenant_id` to prevent cross-tenant data leakage or corruption.
@ -66,6 +72,7 @@
    ```

 ### Prefer SQLAlchemy expressions over raw SQL by default
+
 - Category: maintainability
 - Severity: suggestion
 - Description: Raw SQL should be exceptional. ORM/Core expressions are easier to evolve, safer to compose, and more consistent with the codebase.
@ -88,6 +95,7 @@
    ```

 ### Protect write paths with concurrency safeguards
+
 - Category: quality
 - Severity: critical
 - Description: Multi-writer paths without explicit concurrency control can silently overwrite data. Choose the safeguard based on contention level, lock scope, and throughput cost instead of defaulting to one strategy.
@ -104,6 +112,7 @@
    session.commit()  # silently overwrites concurrent updates
    ```
  - Good:
+
    ```python
    # 1) Optimistic lock (low contention, retry on conflict)
    result = session.execute(
@ -136,4 +145,4 @@
    ).scalar_one()
    run.status = "cancelled"
    session.commit()
-    ```
+    ```
--- a/.agents/skills/component-refactoring/SKILL.md
+++ b/.agents/skills/component-refactoring/SKILL.md
@ -0,0 +1,449 @@
+---
+name: component-refactoring
+description: Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component --json` shows complexity > 50 or lineCount > 300, when the user asks for code splitting, hook extraction, or complexity reduction, or when `pnpm analyze-component` warns to refactor before testing; avoid for simple/well-structured components, third-party wrappers, or when the user explicitly wants testing without refactoring.
+---
+
+# Dify Component Refactoring Skill
+
+Refactor high-complexity React components in the Dify frontend codebase with the patterns and workflow below.
+
+> **Complexity Threshold**: Components with complexity > 50 (measured by `pnpm analyze-component`) should be refactored before testing.
+
+## Quick Reference
+
+### Commands (run from `web/`)
+
+Use paths relative to `web/` (e.g., `app/components/...`).
+Use `refactor-component` for refactoring prompts and `analyze-component` for testing prompts and metrics.
+
+```bash
+cd web
+
+# Generate refactoring prompt
+pnpm refactor-component <path>
+
+# Output refactoring analysis as JSON
+pnpm refactor-component <path> --json
+
+# Generate testing prompt (after refactoring)
+pnpm analyze-component <path>
+
+# Output testing analysis as JSON
+pnpm analyze-component <path> --json
+```
+
+### Complexity Analysis
+
+```bash
+# Analyze component complexity
+pnpm analyze-component <path> --json
+
+# Key metrics to check:
+# - complexity: normalized score 0-100 (target < 50)
+# - maxComplexity: highest single function complexity
+# - lineCount: total lines (target < 300)
+```
+
+### Complexity Score Interpretation
+
+| Score  | Level           | Action                      |
+| ------ | --------------- | --------------------------- |
+| 0-25   | 🟢 Simple       | Ready for testing           |
+| 26-50  | 🟡 Medium       | Consider minor refactoring  |
+| 51-75  | 🟠 Complex      | **Refactor before testing** |
+| 76-100 | 🔴 Very Complex | **Must refactor**           |
+
+## Core Refactoring Patterns
+
+### Pattern 1: Extract Custom Hooks
+
+**When**: Component has complex state management, multiple `useState`/`useEffect`, or business logic mixed with UI.
+
+**Dify Convention**: Place hooks in a `hooks/` subdirectory or alongside the component as `use-<feature>.ts`.
+
+```typescript
+// ❌ Before: Complex state logic in component
+function Configuration() {
+  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
+  const [datasetConfigs, setDatasetConfigs] = useState<DatasetConfigs>(...)
+  const [completionParams, setCompletionParams] = useState<FormValue>({})
+
+  // 50+ lines of state management logic...
+
+  return <div>...</div>
+}
+
+// ✅ After: Extract to custom hook
+// hooks/use-model-config.ts
+export const useModelConfig = (appId: string) => {
+  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
+  const [completionParams, setCompletionParams] = useState<FormValue>({})
+
+  // Related state management logic here
+
+  return { modelConfig, setModelConfig, completionParams, setCompletionParams }
+}
+
+// Component becomes cleaner
+function Configuration() {
+  const { modelConfig, setModelConfig } = useModelConfig(appId)
+  return <div>...</div>
+}
+```
+
+**Dify Examples**:
+
+- `web/app/components/app/configuration/hooks/use-advanced-prompt-config.ts`
+- `web/app/components/app/configuration/debug/hooks.tsx`
+- `web/app/components/workflow/hooks/use-workflow.ts`
+
+### Pattern 2: Extract Sub-Components
+
+**When**: Single component has multiple UI sections, conditional rendering blocks, or repeated patterns.
+
+**Dify Convention**: Place sub-components in subdirectories or as separate files in the same directory.
+
+```typescript
+// ❌ Before: Monolithic JSX with multiple sections
+const AppInfo = () => {
+  return (
+    <div>
+      {/* 100 lines of header UI */}
+      {/* 100 lines of operations UI */}
+      {/* 100 lines of modals */}
+    </div>
+  )
+}
+
+// ✅ After: Split into focused components
+// app-info/
+//   ├── index.tsx           (orchestration only)
+//   ├── app-header.tsx      (header UI)
+//   ├── app-operations.tsx  (operations UI)
+//   └── app-modals.tsx      (modal management)
+
+const AppInfo = () => {
+  const { showModal, setShowModal } = useAppInfoModals()
+
+  return (
+    <div>
+      <AppHeader appDetail={appDetail} />
+      <AppOperations onAction={handleAction} />
+      <AppModals show={showModal} onClose={() => setShowModal(null)} />
+    </div>
+  )
+}
+```
+
+**Dify Examples**:
+
+- `web/app/components/app/configuration/` directory structure
+- `web/app/components/workflow/nodes/` per-node organization
+
+### Pattern 3: Simplify Conditional Logic
+
+**When**: Deep nesting (> 3 levels), complex ternaries, or multiple `if/else` chains.
+
+```typescript
+// ❌ Before: Deeply nested conditionals
+const Template = useMemo(() => {
+  if (appDetail?.mode === AppModeEnum.CHAT) {
+    switch (locale) {
+      case LanguagesSupported[1]:
+        return <TemplateChatZh />
+      case LanguagesSupported[7]:
+        return <TemplateChatJa />
+      default:
+        return <TemplateChatEn />
+    }
+  }
+  if (appDetail?.mode === AppModeEnum.ADVANCED_CHAT) {
+    // Another 15 lines...
+  }
+  // More conditions...
+}, [appDetail, locale])
+
+// ✅ After: Use lookup tables + early returns
+const TEMPLATE_MAP = {
+  [AppModeEnum.CHAT]: {
+    [LanguagesSupported[1]]: TemplateChatZh,
+    [LanguagesSupported[7]]: TemplateChatJa,
+    default: TemplateChatEn,
+  },
+  [AppModeEnum.ADVANCED_CHAT]: {
+    [LanguagesSupported[1]]: TemplateAdvancedChatZh,
+    // ...
+  },
+}
+
+const Template = useMemo(() => {
+  const modeTemplates = TEMPLATE_MAP[appDetail?.mode]
+  if (!modeTemplates) return null
+
+  const TemplateComponent = modeTemplates[locale] || modeTemplates.default
+  return <TemplateComponent appDetail={appDetail} />
+}, [appDetail, locale])
+```
+
+### Pattern 4: Extract API/Data Logic
+
+**When**: Component directly handles API calls, data transformation, or complex async operations.
+
+**Dify Convention**:
+
+- This skill is for component decomposition, not query/mutation design.
+- Do not introduce deprecated `useInvalid` / `useReset`.
+- Do not add thin passthrough `useQuery` wrappers during refactoring; only extract a custom hook when it truly orchestrates multiple queries/mutations or shared derived state.
+
+**Dify Examples**:
+
+- `web/service/use-workflow.ts`
+- `web/service/use-common.ts`
+- `web/service/knowledge/use-dataset.ts`
+- `web/service/knowledge/use-document.ts`
+
+### Pattern 5: Extract Modal/Dialog Management
+
+**When**: Component manages multiple modals with complex open/close states.
+
+**Dify Convention**: Modals should be extracted with their state management.
+
+```typescript
+// ❌ Before: Multiple modal states in component
+const AppInfo = () => {
+  const [showEditModal, setShowEditModal] = useState(false)
+  const [showDuplicateModal, setShowDuplicateModal] = useState(false)
+  const [showConfirmDelete, setShowConfirmDelete] = useState(false)
+  const [showSwitchModal, setShowSwitchModal] = useState(false)
+  const [showImportDSLModal, setShowImportDSLModal] = useState(false)
+  // 5+ more modal states...
+}
+
+// ✅ After: Extract to modal management hook
+type ModalType = 'edit' | 'duplicate' | 'delete' | 'switch' | 'import' | null
+
+const useAppInfoModals = () => {
+  const [activeModal, setActiveModal] = useState<ModalType>(null)
+
+  const openModal = useCallback((type: ModalType) => setActiveModal(type), [])
+  const closeModal = useCallback(() => setActiveModal(null), [])
+
+  return {
+    activeModal,
+    openModal,
+    closeModal,
+    isOpen: (type: ModalType) => activeModal === type,
+  }
+}
+```
+
+### Pattern 6: Extract Form Logic
+
+**When**: Complex form validation, submission handling, or field transformation.
+
+**Dify Convention**: Use `@tanstack/react-form` patterns from `web/app/components/base/form/`.
+
+```typescript
+// ✅ Use existing form infrastructure
+import { useAppForm } from '@/app/components/base/form'
+
+const ConfigForm = () => {
+  const form = useAppForm({
+    defaultValues: { name: '', description: '' },
+    onSubmit: handleSubmit,
+  })
+
+  return <form.Provider>...</form.Provider>
+}
+```
+
+## Dify-Specific Refactoring Guidelines
+
+### 1. Context Provider Extraction
+
+**When**: Component provides complex context values with multiple states.
+
+```typescript
+// ❌ Before: Large context value object
+const value = {
+  appId, isAPIKeySet, isTrailFinished, mode, modelModeType,
+  promptMode, isAdvancedMode, isAgent, isOpenAI, isFunctionCall,
+  // 50+ more properties...
+}
+return <ConfigContext.Provider value={value}>...</ConfigContext.Provider>
+
+// ✅ After: Split into domain-specific contexts
+<ModelConfigProvider value={modelConfigValue}>
+  <DatasetConfigProvider value={datasetConfigValue}>
+    <UIConfigProvider value={uiConfigValue}>
+      {children}
+    </UIConfigProvider>
+  </DatasetConfigProvider>
+</ModelConfigProvider>
+```
+
+**Dify Reference**: `web/context/` directory structure
+
+### 2. Workflow Node Components
+
+**When**: Refactoring workflow node components (`web/app/components/workflow/nodes/`).
+
+**Conventions**:
+
+- Keep node logic in `use-interactions.ts`
+- Extract panel UI to separate files
+- Use `_base` components for common patterns
+
+```
+nodes/<node-type>/
+  ├── index.tsx              # Node registration
+  ├── node.tsx               # Node visual component
+  ├── panel.tsx              # Configuration panel
+  ├── use-interactions.ts    # Node-specific hooks
+  └── types.ts               # Type definitions
+```
+
+### 3. Configuration Components
+
+**When**: Refactoring app configuration components.
+
+**Conventions**:
+
+- Separate config sections into subdirectories
+- Use existing patterns from `web/app/components/app/configuration/`
+- Keep feature toggles in dedicated components
+
+### 4. Tool/Plugin Components
+
+**When**: Refactoring tool-related components (`web/app/components/tools/`).
+
+**Conventions**:
+
+- Follow existing modal patterns
+- Use service hooks from `web/service/use-tools.ts`
+- Keep provider-specific logic isolated
+
+## Refactoring Workflow
+
+### Step 1: Generate Refactoring Prompt
+
+```bash
+pnpm refactor-component <path>
+```
+
+This command will:
+
+- Analyze component complexity and features
+- Identify specific refactoring actions needed
+- Generate a prompt for AI assistant (auto-copied to clipboard on macOS)
+- Provide detailed requirements based on detected patterns
+
+### Step 2: Analyze Details
+
+```bash
+pnpm analyze-component <path> --json
+```
+
+Identify:
+
+- Total complexity score
+- Max function complexity
+- Line count
+- Features detected (state, effects, API, etc.)
+
+### Step 3: Plan
+
+Create a refactoring plan based on detected features:
+
+| Detected Feature                      | Refactoring Action         |
+| ------------------------------------- | -------------------------- |
+| `hasState: true` + `hasEffects: true` | Extract custom hook        |
+| `hasAPI: true`                        | Extract data/service hook  |
+| `hasEvents: true` (many)              | Extract event handlers     |
+| `lineCount > 300`                     | Split into sub-components  |
+| `maxComplexity > 50`                  | Simplify conditional logic |
+
+### Step 4: Execute Incrementally
+
+1. **Extract one piece at a time**
+2. **Run lint, type-check, and tests after each extraction**
+3. **Verify functionality before next step**
+
+```
+For each extraction:
+  ┌────────────────────────────────────────┐
+  │ 1. Extract code                        │
+  │ 2. Run: pnpm lint:fix                  │
+  │ 3. Run: pnpm type-check                │
+  │ 4. Run: pnpm test                      │
+  │ 5. Test functionality manually         │
+  │ 6. PASS? → Next extraction             │
+  │    FAIL? → Fix before continuing       │
+  └────────────────────────────────────────┘
+```
+
+### Step 5: Verify
+
+After refactoring:
+
+```bash
+# Re-run refactor command to verify improvements
+pnpm refactor-component <path>
+
+# If complexity < 25 and lines < 200, you'll see:
+# ✅ COMPONENT IS WELL-STRUCTURED
+
+# For detailed metrics:
+pnpm analyze-component <path> --json
+
+# Target metrics:
+# - complexity < 50
+# - lineCount < 300
+# - maxComplexity < 30
+```
+
+## Common Mistakes to Avoid
+
+### ❌ Over-Engineering
+
+```typescript
+// ❌ Too many tiny hooks
+const useButtonText = () => useState('Click')
+const useButtonDisabled = () => useState(false)
+const useButtonLoading = () => useState(false)
+
+// ✅ Cohesive hook with related state
+const useButtonState = () => {
+  const [text, setText] = useState('Click')
+  const [disabled, setDisabled] = useState(false)
+  const [loading, setLoading] = useState(false)
+  return { text, setText, disabled, setDisabled, loading, setLoading }
+}
+```
+
+### ❌ Breaking Existing Patterns
+
+- Follow existing directory structures
+- Maintain naming conventions
+- Preserve export patterns for compatibility
+
+### ❌ Premature Abstraction
+
+- Only extract when there's clear complexity benefit
+- Don't create abstractions for single-use code
+- Keep refactored code in the same domain area
+
+## References
+
+### Dify Codebase Examples
+
+- **Hook extraction**: `web/app/components/app/configuration/hooks/`
+- **Component splitting**: `web/app/components/app/configuration/`
+- **Service hooks**: `web/service/use-*.ts`
+- **Workflow patterns**: `web/app/components/workflow/hooks/`
+- **Form patterns**: `web/app/components/base/form/`
+
+### Related Skills
+
+- `frontend-testing` - For testing refactored components
+- `web/docs/test.md` - Testing specification
--- a/.agents/skills/component-refactoring/references/complexity-patterns.md
+++ b/.agents/skills/component-refactoring/references/complexity-patterns.md
@ -0,0 +1,496 @@
+# Complexity Reduction Patterns
+
+This document provides patterns for reducing cognitive complexity in Dify React components.
+
+## Understanding Complexity
+
+### SonarJS Cognitive Complexity
+
+The `pnpm analyze-component` tool uses SonarJS cognitive complexity metrics:
+
+- **Total Complexity**: Sum of all functions' complexity in the file
+- **Max Complexity**: Highest single function complexity
+
+### What Increases Complexity
+
+| Pattern             | Complexity Impact    |
+| ------------------- | -------------------- | -------- | --------------- |
+| `if/else`           | +1 per branch        |
+| Nested conditions   | +1 per nesting level |
+| `switch/case`       | +1 per case          |
+| `for/while/do`      | +1 per loop          |
+| `&&`/`              |                      | ` chains | +1 per operator |
+| Nested callbacks    | +1 per nesting level |
+| `try/catch`         | +1 per catch         |
+| Ternary expressions | +1 per nesting       |
+
+## Pattern 1: Replace Conditionals with Lookup Tables
+
+**Before** (complexity: ~15):
+
+```typescript
+const Template = useMemo(() => {
+  if (appDetail?.mode === AppModeEnum.CHAT) {
+    switch (locale) {
+      case LanguagesSupported[1]:
+        return <TemplateChatZh appDetail={appDetail} />
+      case LanguagesSupported[7]:
+        return <TemplateChatJa appDetail={appDetail} />
+      default:
+        return <TemplateChatEn appDetail={appDetail} />
+    }
+  }
+  if (appDetail?.mode === AppModeEnum.ADVANCED_CHAT) {
+    switch (locale) {
+      case LanguagesSupported[1]:
+        return <TemplateAdvancedChatZh appDetail={appDetail} />
+      case LanguagesSupported[7]:
+        return <TemplateAdvancedChatJa appDetail={appDetail} />
+      default:
+        return <TemplateAdvancedChatEn appDetail={appDetail} />
+    }
+  }
+  if (appDetail?.mode === AppModeEnum.WORKFLOW) {
+    // Similar pattern...
+  }
+  return null
+}, [appDetail, locale])
+```
+
+**After** (complexity: ~3):
+
+```typescript
+import type { ComponentType } from 'react'
+
+// Define lookup table outside component
+const TEMPLATE_MAP: Record<AppModeEnum, Record<string, ComponentType<TemplateProps>>> = {
+  [AppModeEnum.CHAT]: {
+    [LanguagesSupported[1]]: TemplateChatZh,
+    [LanguagesSupported[7]]: TemplateChatJa,
+    default: TemplateChatEn,
+  },
+  [AppModeEnum.ADVANCED_CHAT]: {
+    [LanguagesSupported[1]]: TemplateAdvancedChatZh,
+    [LanguagesSupported[7]]: TemplateAdvancedChatJa,
+    default: TemplateAdvancedChatEn,
+  },
+  [AppModeEnum.WORKFLOW]: {
+    [LanguagesSupported[1]]: TemplateWorkflowZh,
+    [LanguagesSupported[7]]: TemplateWorkflowJa,
+    default: TemplateWorkflowEn,
+  },
+  // ...
+}
+
+// Clean component logic
+const Template = useMemo(() => {
+  if (!appDetail?.mode) return null
+
+  const templates = TEMPLATE_MAP[appDetail.mode]
+  if (!templates) return null
+
+  const TemplateComponent = templates[locale] ?? templates.default
+  return <TemplateComponent appDetail={appDetail} />
+}, [appDetail, locale])
+```
+
+## Pattern 2: Use Early Returns
+
+**Before** (complexity: ~10):
+
+```typescript
+const handleSubmit = () => {
+  if (isValid) {
+    if (hasChanges) {
+      if (isConnected) {
+        submitData()
+      } else {
+        showConnectionError()
+      }
+    } else {
+      showNoChangesMessage()
+    }
+  } else {
+    showValidationError()
+  }
+}
+```
+
+**After** (complexity: ~4):
+
+```typescript
+const handleSubmit = () => {
+  if (!isValid) {
+    showValidationError()
+    return
+  }
+
+  if (!hasChanges) {
+    showNoChangesMessage()
+    return
+  }
+
+  if (!isConnected) {
+    showConnectionError()
+    return
+  }
+
+  submitData()
+}
+```
+
+## Pattern 3: Extract Complex Conditions
+
+**Before** (complexity: high):
+
+```typescript
+const canPublish = (() => {
+  if (mode !== AppModeEnum.COMPLETION) {
+    if (!isAdvancedMode) return true
+
+    if (modelModeType === ModelModeType.completion) {
+      if (!hasSetBlockStatus.history || !hasSetBlockStatus.query) return false
+      return true
+    }
+    return true
+  }
+  return !promptEmpty
+})()
+```
+
+**After** (complexity: lower):
+
+```typescript
+// Extract to named functions
+const canPublishInCompletionMode = () => !promptEmpty
+
+const canPublishInChatMode = () => {
+  if (!isAdvancedMode) return true
+  if (modelModeType !== ModelModeType.completion) return true
+  return hasSetBlockStatus.history && hasSetBlockStatus.query
+}
+
+// Clean main logic
+const canPublish =
+  mode === AppModeEnum.COMPLETION ? canPublishInCompletionMode() : canPublishInChatMode()
+```
+
+## Pattern 4: Replace Chained Ternaries
+
+**Before** (complexity: ~5):
+
+```typescript
+const statusText = serverActivated
+  ? t('status.running')
+  : serverPublished
+    ? t('status.inactive')
+    : appUnpublished
+      ? t('status.unpublished')
+      : t('status.notConfigured')
+```
+
+**After** (complexity: ~2):
+
+```typescript
+const getStatusText = () => {
+  if (serverActivated) return t('status.running')
+  if (serverPublished) return t('status.inactive')
+  if (appUnpublished) return t('status.unpublished')
+  return t('status.notConfigured')
+}
+
+const statusText = getStatusText()
+```
+
+Or use lookup:
+
+```typescript
+const STATUS_TEXT_MAP = {
+  running: 'status.running',
+  inactive: 'status.inactive',
+  unpublished: 'status.unpublished',
+  notConfigured: 'status.notConfigured',
+} as const
+
+const getStatusKey = (): keyof typeof STATUS_TEXT_MAP => {
+  if (serverActivated) return 'running'
+  if (serverPublished) return 'inactive'
+  if (appUnpublished) return 'unpublished'
+  return 'notConfigured'
+}
+
+const statusText = t(STATUS_TEXT_MAP[getStatusKey()])
+```
+
+## Pattern 5: Flatten Nested Loops
+
+**Before** (complexity: high):
+
+```typescript
+const processData = (items: Item[]) => {
+  const results: ProcessedItem[] = []
+
+  for (const item of items) {
+    if (item.isValid) {
+      for (const child of item.children) {
+        if (child.isActive) {
+          for (const prop of child.properties) {
+            if (prop.value !== null) {
+              results.push({
+                itemId: item.id,
+                childId: child.id,
+                propValue: prop.value,
+              })
+            }
+          }
+        }
+      }
+    }
+  }
+
+  return results
+}
+```
+
+**After** (complexity: lower):
+
+```typescript
+// Use functional approach
+const processData = (items: Item[]) => {
+  return items
+    .filter((item) => item.isValid)
+    .flatMap((item) =>
+      item.children
+        .filter((child) => child.isActive)
+        .flatMap((child) =>
+          child.properties
+            .filter((prop) => prop.value !== null)
+            .map((prop) => ({
+              itemId: item.id,
+              childId: child.id,
+              propValue: prop.value,
+            })),
+        ),
+    )
+}
+```
+
+## Pattern 6: Extract Event Handler Logic
+
+**Before** (complexity: high in component):
+
+```typescript
+const Component = () => {
+  const handleSelect = (data: DataSet[]) => {
+    if (isEqual(data.map(item => item.id), dataSets.map(item => item.id))) {
+      hideSelectDataSet()
+      return
+    }
+
+    formattingChangedDispatcher()
+    let newDatasets = data
+    if (data.find(item => !item.name)) {
+      const newSelected = produce(data, (draft) => {
+        data.forEach((item, index) => {
+          if (!item.name) {
+            const newItem = dataSets.find(i => i.id === item.id)
+            if (newItem)
+              draft[index] = newItem
+          }
+        })
+      })
+      setDataSets(newSelected)
+      newDatasets = newSelected
+    }
+    else {
+      setDataSets(data)
+    }
+    hideSelectDataSet()
+
+    // 40 more lines of logic...
+  }
+
+  return <div>...</div>
+}
+```
+
+**After** (complexity: lower):
+
+```typescript
+// Extract to hook or utility
+const useDatasetSelection = (dataSets: DataSet[], setDataSets: SetState<DataSet[]>) => {
+  const normalizeSelection = (data: DataSet[]) => {
+    const hasUnloadedItem = data.some(item => !item.name)
+    if (!hasUnloadedItem) return data
+
+    return produce(data, (draft) => {
+      data.forEach((item, index) => {
+        if (!item.name) {
+          const existing = dataSets.find(i => i.id === item.id)
+          if (existing) draft[index] = existing
+        }
+      })
+    })
+  }
+
+  const hasSelectionChanged = (newData: DataSet[]) => {
+    return !isEqual(
+      newData.map(item => item.id),
+      dataSets.map(item => item.id)
+    )
+  }
+
+  return { normalizeSelection, hasSelectionChanged }
+}
+
+// Component becomes cleaner
+const Component = () => {
+  const { normalizeSelection, hasSelectionChanged } = useDatasetSelection(dataSets, setDataSets)
+
+  const handleSelect = (data: DataSet[]) => {
+    if (!hasSelectionChanged(data)) {
+      hideSelectDataSet()
+      return
+    }
+
+    formattingChangedDispatcher()
+    const normalized = normalizeSelection(data)
+    setDataSets(normalized)
+    hideSelectDataSet()
+  }
+
+  return <div>...</div>
+}
+```
+
+## Pattern 7: Reduce Boolean Logic Complexity
+
+**Before** (complexity: ~8):
+
+```typescript
+const toggleDisabled =
+  hasInsufficientPermissions ||
+  appUnpublished ||
+  missingStartNode ||
+  triggerModeDisabled ||
+  (isAdvancedApp && !currentWorkflow?.graph) ||
+  (isBasicApp && !basicAppConfig.updated_at)
+```
+
+**After** (complexity: ~3):
+
+```typescript
+// Extract meaningful boolean functions
+const isAppReady = () => {
+  if (isAdvancedApp) return !!currentWorkflow?.graph
+  return !!basicAppConfig.updated_at
+}
+
+const hasRequiredPermissions = () => {
+  return isCurrentWorkspaceEditor && !hasInsufficientPermissions
+}
+
+const canToggle = () => {
+  if (!hasRequiredPermissions()) return false
+  if (!isAppReady()) return false
+  if (missingStartNode) return false
+  if (triggerModeDisabled) return false
+  return true
+}
+
+const toggleDisabled = !canToggle()
+```
+
+## Pattern 8: Simplify useMemo/useCallback Dependencies
+
+**Before** (complexity: multiple recalculations):
+
+```typescript
+const payload = useMemo(() => {
+  let parameters: Parameter[] = []
+  let outputParameters: OutputParameter[] = []
+
+  if (!published) {
+    parameters = (inputs || []).map((item) => ({
+      name: item.variable,
+      description: '',
+      form: 'llm',
+      required: item.required,
+      type: item.type,
+    }))
+    outputParameters = (outputs || []).map((item) => ({
+      name: item.variable,
+      description: '',
+      type: item.value_type,
+    }))
+  } else if (detail && detail.tool) {
+    parameters = (inputs || []).map((item) => ({
+      // Complex transformation...
+    }))
+    outputParameters = (outputs || []).map((item) => ({
+      // Complex transformation...
+    }))
+  }
+
+  return {
+    icon: detail?.icon || icon,
+    label: detail?.label || name,
+    // ...more fields
+  }
+}, [detail, published, workflowAppId, icon, name, description, inputs, outputs])
+```
+
+**After** (complexity: separated concerns):
+
+```typescript
+// Separate transformations
+const useParameterTransform = (inputs: InputVar[], detail?: ToolDetail, published?: boolean) => {
+  return useMemo(() => {
+    if (!published) {
+      return inputs.map((item) => ({
+        name: item.variable,
+        description: '',
+        form: 'llm',
+        required: item.required,
+        type: item.type,
+      }))
+    }
+
+    if (!detail?.tool) return []
+
+    return inputs.map((item) => ({
+      name: item.variable,
+      required: item.required,
+      type: item.type === 'paragraph' ? 'string' : item.type,
+      description:
+        detail.tool.parameters.find((p) => p.name === item.variable)?.llm_description || '',
+      form: detail.tool.parameters.find((p) => p.name === item.variable)?.form || 'llm',
+    }))
+  }, [inputs, detail, published])
+}
+
+// Component uses hook
+const parameters = useParameterTransform(inputs, detail, published)
+const outputParameters = useOutputTransform(outputs, detail, published)
+
+const payload = useMemo(
+  () => ({
+    icon: detail?.icon || icon,
+    label: detail?.label || name,
+    parameters,
+    outputParameters,
+    // ...
+  }),
+  [detail, icon, name, parameters, outputParameters],
+)
+```
+
+## Target Metrics After Refactoring
+
+| Metric                  | Target         |
+| ----------------------- | -------------- |
+| Total Complexity        | < 50           |
+| Max Function Complexity | < 30           |
+| Function Length         | < 30 lines     |
+| Nesting Depth           | ≤ 3 levels     |
+| Conditional Chains      | ≤ 3 conditions |
--- a/.agents/skills/component-refactoring/references/component-splitting.md
+++ b/.agents/skills/component-refactoring/references/component-splitting.md
@ -0,0 +1,477 @@
+# Component Splitting Patterns
+
+This document provides detailed guidance on splitting large components into smaller, focused components in Dify.
+
+## When to Split Components
+
+Split a component when you identify:
+
+1. **Multiple UI sections** - Distinct visual areas with minimal coupling that can be composed independently
+1. **Conditional rendering blocks** - Large `{condition && <JSX />}` blocks
+1. **Repeated patterns** - Similar UI structures used multiple times
+1. **300+ lines** - Component exceeds manageable size
+1. **Modal clusters** - Multiple modals rendered in one component
+
+## Splitting Strategies
+
+### Strategy 1: Section-Based Splitting
+
+Identify visual sections and extract each as a component.
+
+```typescript
+// ❌ Before: Monolithic component (500+ lines)
+const ConfigurationPage = () => {
+  return (
+    <div>
+      {/* Header Section - 50 lines */}
+      <div className="header">
+        <h1>{t('configuration.title')}</h1>
+        <div className="actions">
+          {isAdvancedMode && <Badge>Advanced</Badge>}
+          <ModelParameterModal ... />
+          <AppPublisher ... />
+        </div>
+      </div>
+
+      {/* Config Section - 200 lines */}
+      <div className="config">
+        <Config />
+      </div>
+
+      {/* Debug Section - 150 lines */}
+      <div className="debug">
+        <Debug ... />
+      </div>
+
+      {/* Modals Section - 100 lines */}
+      {showSelectDataSet && <SelectDataSet ... />}
+      {showHistoryModal && <EditHistoryModal ... />}
+      {showUseGPT4Confirm && <Confirm ... />}
+    </div>
+  )
+}
+
+// ✅ After: Split into focused components
+// configuration/
+//   ├── index.tsx              (orchestration)
+//   ├── configuration-header.tsx
+//   ├── configuration-content.tsx
+//   ├── configuration-debug.tsx
+//   └── configuration-modals.tsx
+
+// configuration-header.tsx
+interface ConfigurationHeaderProps {
+  isAdvancedMode: boolean
+  onPublish: () => void
+}
+
+function ConfigurationHeader({
+  isAdvancedMode,
+  onPublish,
+}: ConfigurationHeaderProps) {
+  const { t } = useTranslation()
+
+  return (
+    <div className="header">
+      <h1>{t('configuration.title')}</h1>
+      <div className="actions">
+        {isAdvancedMode && <Badge>Advanced</Badge>}
+        <ModelParameterModal ... />
+        <AppPublisher onPublish={onPublish} />
+      </div>
+    </div>
+  )
+}
+
+// index.tsx (orchestration only)
+const ConfigurationPage = () => {
+  const { modelConfig, setModelConfig } = useModelConfig()
+  const { activeModal, openModal, closeModal } = useModalState()
+
+  return (
+    <div>
+      <ConfigurationHeader
+        isAdvancedMode={isAdvancedMode}
+        onPublish={handlePublish}
+      />
+      <ConfigurationContent
+        modelConfig={modelConfig}
+        onConfigChange={setModelConfig}
+      />
+      {!isMobile && (
+        <ConfigurationDebug
+          inputs={inputs}
+          onSetting={handleSetting}
+        />
+      )}
+      <ConfigurationModals
+        activeModal={activeModal}
+        onClose={closeModal}
+      />
+    </div>
+  )
+}
+```
+
+### Strategy 2: Conditional Block Extraction
+
+Extract large conditional rendering blocks.
+
+```typescript
+// ❌ Before: Large conditional blocks
+const AppInfo = () => {
+  return (
+    <div>
+      {expand ? (
+        <div className="expanded">
+          {/* 100 lines of expanded view */}
+        </div>
+      ) : (
+        <div className="collapsed">
+          {/* 50 lines of collapsed view */}
+        </div>
+      )}
+    </div>
+  )
+}
+
+// ✅ After: Separate view components
+function AppInfoExpanded({ appDetail, onAction }: AppInfoViewProps) {
+  return (
+    <div className="expanded">
+      {/* Clean, focused expanded view */}
+    </div>
+  )
+}
+
+function AppInfoCollapsed({ appDetail, onAction }: AppInfoViewProps) {
+  return (
+    <div className="collapsed">
+      {/* Clean, focused collapsed view */}
+    </div>
+  )
+}
+
+const AppInfo = () => {
+  return (
+    <div>
+      {expand
+        ? <AppInfoExpanded appDetail={appDetail} onAction={handleAction} />
+        : <AppInfoCollapsed appDetail={appDetail} onAction={handleAction} />
+      }
+    </div>
+  )
+}
+```
+
+### Strategy 3: Modal Extraction
+
+Extract modals with their trigger logic.
+
+```typescript
+// ❌ Before: Multiple modals in one component
+const AppInfo = () => {
+  const [showEdit, setShowEdit] = useState(false)
+  const [showDuplicate, setShowDuplicate] = useState(false)
+  const [showDelete, setShowDelete] = useState(false)
+  const [showSwitch, setShowSwitch] = useState(false)
+
+  const onEdit = async (data) => { /* 20 lines */ }
+  const onDuplicate = async (data) => { /* 20 lines */ }
+  const onDelete = async () => { /* 15 lines */ }
+
+  return (
+    <div>
+      {/* Main content */}
+
+      {showEdit && <EditModal onConfirm={onEdit} onClose={() => setShowEdit(false)} />}
+      {showDuplicate && <DuplicateModal onConfirm={onDuplicate} onClose={() => setShowDuplicate(false)} />}
+      {showDelete && <DeleteConfirm onConfirm={onDelete} onClose={() => setShowDelete(false)} />}
+      {showSwitch && <SwitchModal ... />}
+    </div>
+  )
+}
+
+// ✅ After: Modal manager component
+// app-info-modals.tsx
+type ModalType = 'edit' | 'duplicate' | 'delete' | 'switch' | null
+
+interface AppInfoModalsProps {
+  appDetail: AppDetail
+  activeModal: ModalType
+  onClose: () => void
+  onSuccess: () => void
+}
+
+function AppInfoModals({
+  appDetail,
+  activeModal,
+  onClose,
+  onSuccess,
+}: AppInfoModalsProps) {
+  const handleEdit = async (data) => { /* logic */ }
+  const handleDuplicate = async (data) => { /* logic */ }
+  const handleDelete = async () => { /* logic */ }
+
+  return (
+    <>
+      {activeModal === 'edit' && (
+        <EditModal
+          appDetail={appDetail}
+          onConfirm={handleEdit}
+          onClose={onClose}
+        />
+      )}
+      {activeModal === 'duplicate' && (
+        <DuplicateModal
+          appDetail={appDetail}
+          onConfirm={handleDuplicate}
+          onClose={onClose}
+        />
+      )}
+      {activeModal === 'delete' && (
+        <DeleteConfirm
+          onConfirm={handleDelete}
+          onClose={onClose}
+        />
+      )}
+      {activeModal === 'switch' && (
+        <SwitchModal
+          appDetail={appDetail}
+          onClose={onClose}
+        />
+      )}
+    </>
+  )
+}
+
+// Parent component
+const AppInfo = () => {
+  const { activeModal, openModal, closeModal } = useModalState()
+
+  return (
+    <div>
+      {/* Main content with openModal triggers */}
+      <Button onClick={() => openModal('edit')}>Edit</Button>
+
+      <AppInfoModals
+        appDetail={appDetail}
+        activeModal={activeModal}
+        onClose={closeModal}
+        onSuccess={handleSuccess}
+      />
+    </div>
+  )
+}
+```
+
+### Strategy 4: List Item Extraction
+
+Extract repeated item rendering.
+
+```typescript
+// ❌ Before: Inline item rendering
+const OperationsList = () => {
+  return (
+    <div>
+      {operations.map(op => (
+        <div key={op.id} className="operation-item">
+          <span className="icon">{op.icon}</span>
+          <span className="title">{op.title}</span>
+          <span className="description">{op.description}</span>
+          <button onClick={() => op.onClick()}>
+            {op.actionLabel}
+          </button>
+          {op.badge && <Badge>{op.badge}</Badge>}
+          {/* More complex rendering... */}
+        </div>
+      ))}
+    </div>
+  )
+}
+
+// ✅ After: Extracted item component
+interface OperationItemProps {
+  operation: Operation
+  onAction: (id: string) => void
+}
+
+function OperationItem({ operation, onAction }: OperationItemProps) {
+  return (
+    <div className="operation-item">
+      <span className="icon">{operation.icon}</span>
+      <span className="title">{operation.title}</span>
+      <span className="description">{operation.description}</span>
+      <button onClick={() => onAction(operation.id)}>
+        {operation.actionLabel}
+      </button>
+      {operation.badge && <Badge>{operation.badge}</Badge>}
+    </div>
+  )
+}
+
+const OperationsList = () => {
+  const handleAction = useCallback((id: string) => {
+    const op = operations.find(o => o.id === id)
+    op?.onClick()
+  }, [operations])
+
+  return (
+    <div>
+      {operations.map(op => (
+        <OperationItem
+          key={op.id}
+          operation={op}
+          onAction={handleAction}
+        />
+      ))}
+    </div>
+  )
+}
+```
+
+## Directory Structure Patterns
+
+### Pattern A: Flat Structure (Simple Components)
+
+For components with 2-3 sub-components:
+
+```
+component-name/
+  ├── index.tsx           # Main component
+  ├── sub-component-a.tsx
+  ├── sub-component-b.tsx
+  └── types.ts            # Shared types
+```
+
+### Pattern B: Nested Structure (Complex Components)
+
+For components with many sub-components:
+
+```
+component-name/
+  ├── index.tsx           # Main orchestration
+  ├── types.ts            # Shared types
+  ├── hooks/
+  │   ├── use-feature-a.ts
+  │   └── use-feature-b.ts
+  ├── components/
+  │   ├── header/
+  │   │   └── index.tsx
+  │   ├── content/
+  │   │   └── index.tsx
+  │   └── modals/
+  │       └── index.tsx
+  └── utils/
+      └── helpers.ts
+```
+
+### Pattern C: Feature-Based Structure (Dify Standard)
+
+Following Dify's existing patterns:
+
+```
+configuration/
+  ├── index.tsx           # Main page component
+  ├── base/               # Base/shared components
+  │   ├── feature-panel/
+  │   ├── group-name/
+  │   └── operation-btn/
+  ├── config/             # Config section
+  │   ├── index.tsx
+  │   ├── agent/
+  │   └── automatic/
+  ├── dataset-config/     # Dataset section
+  │   ├── index.tsx
+  │   ├── card-item/
+  │   └── params-config/
+  ├── debug/              # Debug section
+  │   ├── index.tsx
+  │   └── hooks.tsx
+  └── hooks/              # Shared hooks
+      └── use-advanced-prompt-config.ts
+```
+
+## Props Design
+
+### Minimal Props Principle
+
+Pass only what's needed:
+
+```typescript
+// ❌ Bad: Passing entire objects when only some fields needed
+<ConfigHeader appDetail={appDetail} modelConfig={modelConfig} />
+
+// ✅ Good: Destructure to minimum required
+<ConfigHeader
+  appName={appDetail.name}
+  isAdvancedMode={modelConfig.isAdvanced}
+  onPublish={handlePublish}
+/>
+```
+
+### Callback Props Pattern
+
+Use callbacks for child-to-parent communication:
+
+```typescript
+// Parent
+const Parent = () => {
+  const [value, setValue] = useState('')
+
+  return (
+    <Child
+      value={value}
+      onChange={setValue}
+      onSubmit={handleSubmit}
+    />
+  )
+}
+
+// Child
+interface ChildProps {
+  value: string
+  onChange: (value: string) => void
+  onSubmit: () => void
+}
+
+function Child({ value, onChange, onSubmit }: ChildProps) {
+  return (
+    <div>
+      <input value={value} onChange={e => onChange(e.target.value)} />
+      <button onClick={onSubmit}>Submit</button>
+    </div>
+  )
+}
+```
+
+### Render Props for Flexibility
+
+When sub-components need parent context:
+
+```typescript
+interface ListProps<T> {
+  items: T[]
+  renderItem: (item: T, index: number) => React.ReactNode
+  renderEmpty?: () => React.ReactNode
+}
+
+function List<T>({ items, renderItem, renderEmpty }: ListProps<T>) {
+  if (items.length === 0 && renderEmpty) {
+    return <>{renderEmpty()}</>
+  }
+
+  return (
+    <div>
+      {items.map((item, index) => renderItem(item, index))}
+    </div>
+  )
+}
+
+// Usage
+<List
+  items={operations}
+  renderItem={(op, i) => <OperationItem key={i} operation={op} />}
+  renderEmpty={() => <EmptyState message="No operations" />}
+/>
+```
--- a/.agents/skills/component-refactoring/references/hook-extraction.md
+++ b/.agents/skills/component-refactoring/references/hook-extraction.md
@ -0,0 +1,290 @@
+# Hook Extraction Patterns
+
+This document provides detailed guidance on extracting custom hooks from complex components in Dify.
+
+## When to Extract Hooks
+
+Extract a custom hook when you identify:
+
+1. **Coupled state groups** - Multiple `useState` hooks that are always used together
+1. **Complex effects** - `useEffect` with multiple dependencies or cleanup logic
+1. **Business logic** - Data transformations, validations, or calculations
+1. **Reusable patterns** - Logic that appears in multiple components
+
+## Extraction Process
+
+### Step 1: Identify State Groups
+
+Look for state variables that are logically related:
+
+```typescript
+// ❌ These belong together - extract to hook
+const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
+const [completionParams, setCompletionParams] = useState<FormValue>({})
+const [modelModeType, setModelModeType] = useState<ModelModeType>(...)
+
+// These are model-related state that should be in useModelConfig()
+```
+
+### Step 2: Identify Related Effects
+
+Find effects that modify the grouped state:
+
+```typescript
+// ❌ These effects belong with the state above
+useEffect(() => {
+  if (hasFetchedDetail && !modelModeType) {
+    const mode = currModel?.model_properties.mode
+    if (mode) {
+      const newModelConfig = produce(modelConfig, (draft) => {
+        draft.mode = mode
+      })
+      setModelConfig(newModelConfig)
+    }
+  }
+}, [textGenerationModelList, hasFetchedDetail, modelModeType, currModel])
+```
+
+### Step 3: Create the Hook
+
+```typescript
+// hooks/use-model-config.ts
+import type { FormValue } from '@/app/components/header/account-setting/model-provider-page/declarations'
+import type { ModelConfig } from '@/models/debug'
+import { produce } from 'immer'
+import { useEffect, useState } from 'react'
+import { ModelModeType } from '@/types/app'
+
+interface UseModelConfigParams {
+  initialConfig?: Partial<ModelConfig>
+  currModel?: { model_properties?: { mode?: ModelModeType } }
+  hasFetchedDetail: boolean
+}
+
+interface UseModelConfigReturn {
+  modelConfig: ModelConfig
+  setModelConfig: (config: ModelConfig) => void
+  completionParams: FormValue
+  setCompletionParams: (params: FormValue) => void
+  modelModeType: ModelModeType
+}
+
+export const useModelConfig = ({
+  initialConfig,
+  currModel,
+  hasFetchedDetail,
+}: UseModelConfigParams): UseModelConfigReturn => {
+  const [modelConfig, setModelConfig] = useState<ModelConfig>({
+    provider: 'langgenius/openai/openai',
+    model_id: 'gpt-3.5-turbo',
+    mode: ModelModeType.unset,
+    // ... default values
+    ...initialConfig,
+  })
+
+  const [completionParams, setCompletionParams] = useState<FormValue>({})
+
+  const modelModeType = modelConfig.mode
+
+  // Fill old app data missing model mode
+  useEffect(() => {
+    if (hasFetchedDetail && !modelModeType) {
+      const mode = currModel?.model_properties?.mode
+      if (mode) {
+        setModelConfig(
+          produce(modelConfig, (draft) => {
+            draft.mode = mode
+          }),
+        )
+      }
+    }
+  }, [hasFetchedDetail, modelModeType, currModel])
+
+  return {
+    modelConfig,
+    setModelConfig,
+    completionParams,
+    setCompletionParams,
+    modelModeType,
+  }
+}
+```
+
+### Step 4: Update Component
+
+```typescript
+// Before: 50+ lines of state management
+function Configuration() {
+  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
+  // ... lots of related state and effects
+}
+
+// After: Clean component
+function Configuration() {
+  const {
+    modelConfig,
+    setModelConfig,
+    completionParams,
+    setCompletionParams,
+    modelModeType,
+  } = useModelConfig({
+    currModel,
+    hasFetchedDetail,
+  })
+
+  // Component now focuses on UI
+}
+```
+
+## Naming Conventions
+
+### Hook Names
+
+- Use `use` prefix: `useModelConfig`, `useDatasetConfig`
+- Be specific: `useAdvancedPromptConfig` not `usePrompt`
+- Include domain: `useWorkflowVariables`, `useMCPServer`
+
+### File Names
+
+- Kebab-case: `use-model-config.ts`
+- Place in `hooks/` subdirectory when multiple hooks exist
+- Place alongside component for single-use hooks
+
+### Return Type Names
+
+- Suffix with `Return`: `UseModelConfigReturn`
+- Suffix params with `Params`: `UseModelConfigParams`
+
+## Common Hook Patterns in Dify
+
+### 1. Data Fetching / Mutation Hooks
+
+When hook extraction touches query or mutation code, do not use this reference as the source of truth for data-layer patterns.
+
+- Do not introduce deprecated `useInvalid` / `useReset`.
+- Do not extract thin passthrough `useQuery` hooks; only extract orchestration hooks.
+
+### 2. Form State Hook
+
+```typescript
+// Pattern: Form state + validation + submission
+export const useConfigForm = (initialValues: ConfigFormValues) => {
+  const [values, setValues] = useState(initialValues)
+  const [errors, setErrors] = useState<Record<string, string>>({})
+  const [isSubmitting, setIsSubmitting] = useState(false)
+
+  const validate = useCallback(() => {
+    const newErrors: Record<string, string> = {}
+    if (!values.name) newErrors.name = 'Name is required'
+    setErrors(newErrors)
+    return Object.keys(newErrors).length === 0
+  }, [values])
+
+  const handleChange = useCallback((field: string, value: any) => {
+    setValues((prev) => ({ ...prev, [field]: value }))
+  }, [])
+
+  const handleSubmit = useCallback(
+    async (onSubmit: (values: ConfigFormValues) => Promise<void>) => {
+      if (!validate()) return
+      setIsSubmitting(true)
+      try {
+        await onSubmit(values)
+      } finally {
+        setIsSubmitting(false)
+      }
+    },
+    [values, validate],
+  )
+
+  return { values, errors, isSubmitting, handleChange, handleSubmit }
+}
+```
+
+### 3. Modal State Hook
+
+```typescript
+// Pattern: Multiple modal management
+type ModalType = 'edit' | 'delete' | 'duplicate' | null
+
+export const useModalState = () => {
+  const [activeModal, setActiveModal] = useState<ModalType>(null)
+  const [modalData, setModalData] = useState<any>(null)
+
+  const openModal = useCallback((type: ModalType, data?: any) => {
+    setActiveModal(type)
+    setModalData(data)
+  }, [])
+
+  const closeModal = useCallback(() => {
+    setActiveModal(null)
+    setModalData(null)
+  }, [])
+
+  return {
+    activeModal,
+    modalData,
+    openModal,
+    closeModal,
+    isOpen: useCallback((type: ModalType) => activeModal === type, [activeModal]),
+  }
+}
+```
+
+### 4. Toggle/Boolean Hook
+
+```typescript
+// Pattern: Boolean state with convenience methods
+export const useToggle = (initialValue = false) => {
+  const [value, setValue] = useState(initialValue)
+
+  const toggle = useCallback(() => setValue((v) => !v), [])
+  const setTrue = useCallback(() => setValue(true), [])
+  const setFalse = useCallback(() => setValue(false), [])
+
+  return [value, { toggle, setTrue, setFalse, set: setValue }] as const
+}
+
+// Usage
+const [isExpanded, { toggle, setTrue: expand, setFalse: collapse }] = useToggle()
+```
+
+## Testing Extracted Hooks
+
+After extraction, test hooks in isolation:
+
+```typescript
+// use-model-config.spec.ts
+import { renderHook, act } from '@testing-library/react'
+import { useModelConfig } from './use-model-config'
+
+describe('useModelConfig', () => {
+  it('should initialize with default values', () => {
+    const { result } = renderHook(() =>
+      useModelConfig({
+        hasFetchedDetail: false,
+      }),
+    )
+
+    expect(result.current.modelConfig.provider).toBe('langgenius/openai/openai')
+    expect(result.current.modelModeType).toBe(ModelModeType.unset)
+  })
+
+  it('should update model config', () => {
+    const { result } = renderHook(() =>
+      useModelConfig({
+        hasFetchedDetail: true,
+      }),
+    )
+
+    act(() => {
+      result.current.setModelConfig({
+        ...result.current.modelConfig,
+        model_id: 'gpt-4',
+      })
+    })
+
+    expect(result.current.modelConfig.model_id).toBe('gpt-4')
+  })
+})
+```
--- a/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
+++ b/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
@ -1,4 +1,4 @@
 interface:
-  display_name: "E2E Cucumber + Playwright"
-  short_description: "Write and review Dify E2E scenarios."
-  default_prompt: "Use $e2e-cucumber-playwright to write or review a Dify E2E scenario under e2e/."
+  display_name: 'E2E Cucumber + Playwright'
+  short_description: 'Write and review Dify E2E scenarios.'
+  default_prompt: 'Use $e2e-cucumber-playwright to write or review a Dify E2E scenario under e2e/.'
--- a/.agents/skills/frontend-testing/SKILL.md
+++ b/.agents/skills/frontend-testing/SKILL.md
@ -93,10 +93,10 @@ describe('ComponentName', () => {
    it('should render without crashing', () => {
      // Arrange
      const props = { title: 'Test' }
-      
+
      // Act
      render(<Component {...props} />)
-      
+
      // Assert
      expect(screen.getByText('Test')).toBeInTheDocument()
    })
@ -115,9 +115,9 @@ describe('ComponentName', () => {
    it('should handle click events', () => {
      const handleClick = vi.fn()
      render(<Component onClick={handleClick} />)
-      
+
      fireEvent.click(screen.getByRole('button'))
-      
+
      expect(handleClick).toHaveBeenCalledTimes(1)
    })
  })
@ -278,16 +278,16 @@ it('should disable input when isReadOnly is true')

 ### Conditional (When Present)

-| Feature | Test Focus |
-|---------|-----------|
-| `useState` | Initial state, transitions, cleanup |
-| `useEffect` | Execution, dependencies, cleanup |
-| Event handlers | All onClick, onChange, onSubmit, keyboard |
-| API calls | Loading, success, error states |
-| Routing | Navigation, params, query strings |
-| `useCallback`/`useMemo` | Referential equality |
-| Context | Provider values, consumer behavior |
-| Forms | Validation, submission, error display |
+| Feature                 | Test Focus                                |
+| ----------------------- | ----------------------------------------- |
+| `useState`              | Initial state, transitions, cleanup       |
+| `useEffect`             | Execution, dependencies, cleanup          |
+| Event handlers          | All onClick, onChange, onSubmit, keyboard |
+| API calls               | Loading, success, error states            |
+| Routing                 | Navigation, params, query strings         |
+| `useCallback`/`useMemo` | Referential equality                      |
+| Context                 | Provider values, consumer behavior        |
+| Forms                   | Validation, submission, error display     |

 ## Coverage Goals (Per File)

--- a/.agents/skills/frontend-testing/assets/component-test.template.tsx
+++ b/.agents/skills/frontend-testing/assets/component-test.template.tsx
@ -108,10 +108,8 @@ describe('ComponentName', () => {
    it('should render without crashing', () => {
      // Arrange - Setup data and mocks
      // const props = createMockProps()
-
      // Act - Render the component
      // render(<ComponentName {...props} />)
-
      // Assert - Verify expected output
      // Prefer getByRole for accessibility; it's what users "see"
      // expect(screen.getByRole('...')).toBeInTheDocument()
--- a/.agents/skills/frontend-testing/references/async-testing.md
+++ b/.agents/skills/frontend-testing/references/async-testing.md
@ -9,7 +9,7 @@ import { render, screen, waitFor } from '@testing-library/react'

 it('should load and display data', async () => {
  render(<DataComponent />)
-  
+
  // Wait for element to appear
  await waitFor(() => {
    expect(screen.getByText('Loaded Data')).toBeInTheDocument()
@ -18,7 +18,7 @@ it('should load and display data', async () => {

 it('should hide loading spinner after load', async () => {
  render(<DataComponent />)
-  
+
  // Wait for element to disappear
  await waitFor(() => {
    expect(screen.queryByText('Loading...')).not.toBeInTheDocument()
@ -31,11 +31,11 @@ it('should hide loading spinner after load', async () => {
 ```typescript
 it('should show user name after fetch', async () => {
  render(<UserProfile />)
-  
+
  // findBy returns a promise, auto-waits up to 1000ms
  const userName = await screen.findByText('John Doe')
  expect(userName).toBeInTheDocument()
-  
+
  // findByRole with options
  const button = await screen.findByRole('button', { name: /submit/i })
  expect(button).toBeEnabled()
@ -50,13 +50,13 @@ import userEvent from '@testing-library/user-event'
 it('should submit form', async () => {
  const user = userEvent.setup()
  const onSubmit = vi.fn()
-  
+
  render(<Form onSubmit={onSubmit} />)
-  
+
  // userEvent methods are async
  await user.type(screen.getByLabelText('Email'), 'test@example.com')
  await user.click(screen.getByRole('button', { name: /submit/i }))
-  
+
  await waitFor(() => {
    expect(onSubmit).toHaveBeenCalledWith({ email: 'test@example.com' })
  })
@ -87,16 +87,16 @@ describe('Debounced Search', () => {
  it('should debounce search input', async () => {
    const onSearch = vi.fn()
    render(<SearchInput onSearch={onSearch} debounceMs={300} />)
-    
+
    // Type in the input
    fireEvent.change(screen.getByRole('textbox'), { target: { value: 'query' } })
-    
+
    // Search not called immediately
    expect(onSearch).not.toHaveBeenCalled()
-    
+
    // Advance timers
    vi.advanceTimersByTime(300)
-    
+
    // Now search is called
    expect(onSearch).toHaveBeenCalledWith('query')
  })
@ -111,23 +111,23 @@ it('should retry on failure', async () => {
  const fetchData = vi.fn()
    .mockRejectedValueOnce(new Error('Network error'))
    .mockResolvedValueOnce({ data: 'success' })
-  
+
  render(<RetryComponent fetchData={fetchData} retryDelayMs={1000} />)
-  
+
  // First call fails
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(1)
  })
-  
+
  // Advance timer for retry
  vi.advanceTimersByTime(1000)
-  
+
  // Second call succeeds
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(2)
    expect(screen.getByText('success')).toBeInTheDocument()
  })
-  
+
  vi.useRealTimers()
 })
 ```
@ -163,31 +163,31 @@ describe('DataFetcher', () => {

  it('should show loading state', () => {
    mockedApi.fetchData.mockImplementation(() => new Promise(() => {})) // Never resolves
-    
+
    render(<DataFetcher />)
-    
+
    expect(screen.getByTestId('loading-spinner')).toBeInTheDocument()
  })

  it('should show data on success', async () => {
    mockedApi.fetchData.mockResolvedValue({ items: ['Item 1', 'Item 2'] })
-    
+
    render(<DataFetcher />)
-    
+
    // Use findBy* for multiple async elements (better error messages than waitFor with multiple assertions)
    const item1 = await screen.findByText('Item 1')
    const item2 = await screen.findByText('Item 2')
    expect(item1).toBeInTheDocument()
    expect(item2).toBeInTheDocument()
-    
+
    expect(screen.queryByTestId('loading-spinner')).not.toBeInTheDocument()
  })

  it('should show error on failure', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Failed to fetch'))
-    
+
    render(<DataFetcher />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/failed to fetch/i)).toBeInTheDocument()
    })
@ -195,16 +195,16 @@ describe('DataFetcher', () => {

  it('should retry on error', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Network error'))
-    
+
    render(<DataFetcher />)
-    
+
    await waitFor(() => {
      expect(screen.getByRole('button', { name: /retry/i })).toBeInTheDocument()
    })
-    
+
    mockedApi.fetchData.mockResolvedValue({ items: ['Item 1'] })
    fireEvent.click(screen.getByRole('button', { name: /retry/i }))
-    
+
    await waitFor(() => {
      expect(screen.getByText('Item 1')).toBeInTheDocument()
    })
@ -218,19 +218,19 @@ describe('DataFetcher', () => {
 it('should submit form and show success', async () => {
  const user = userEvent.setup()
  mockedApi.createItem.mockResolvedValue({ id: '1', name: 'New Item' })
-  
+
  render(<CreateItemForm />)
-  
+
  await user.type(screen.getByLabelText('Name'), 'New Item')
  await user.click(screen.getByRole('button', { name: /create/i }))
-  
+
  // Button should be disabled during submission
  expect(screen.getByRole('button', { name: /creating/i })).toBeDisabled()
-  
+
  await waitFor(() => {
    expect(screen.getByText(/created successfully/i)).toBeInTheDocument()
  })
-  
+
  expect(mockedApi.createItem).toHaveBeenCalledWith({ name: 'New Item' })
 })
 ```
@ -242,9 +242,9 @@ it('should submit form and show success', async () => {
 ```typescript
 it('should fetch data on mount', async () => {
  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
-  
+
  render(<ComponentWithEffect fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(1)
  })
@ -256,15 +256,15 @@ it('should fetch data on mount', async () => {
 ```typescript
 it('should refetch when id changes', async () => {
  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
-  
+
  const { rerender } = render(<ComponentWithEffect id="1" fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledWith('1')
  })
-  
+
  rerender(<ComponentWithEffect id="2" fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledWith('2')
    expect(fetchData).toHaveBeenCalledTimes(2)
@ -279,13 +279,13 @@ it('should cleanup subscription on unmount', () => {
  const subscribe = vi.fn()
  const unsubscribe = vi.fn()
  subscribe.mockReturnValue(unsubscribe)
-  
+
  const { unmount } = render(<SubscriptionComponent subscribe={subscribe} />)
-  
+
  expect(subscribe).toHaveBeenCalledTimes(1)
-  
+
  unmount()
-  
+
  expect(unsubscribe).toHaveBeenCalledTimes(1)
 })
 ```
--- a/.agents/skills/frontend-testing/references/checklist.md
+++ b/.agents/skills/frontend-testing/references/checklist.md
@ -51,16 +51,16 @@ Use this checklist when generating or reviewing tests for Dify frontend componen

 ### Conditional Sections (Add When Feature Present)

-| Feature | Add Tests For |
-|---------|---------------|
-| `useState` | Initial state, transitions, cleanup |
-| `useEffect` | Execution, dependencies, cleanup |
-| Event handlers | onClick, onChange, onSubmit, keyboard |
-| API calls | Loading, success, error states |
-| Routing | Navigation, params, query strings |
-| `useCallback`/`useMemo` | Referential equality |
-| Context | Provider values, consumer behavior |
-| Forms | Validation, submission, error display |
+| Feature                 | Add Tests For                         |
+| ----------------------- | ------------------------------------- |
+| `useState`              | Initial state, transitions, cleanup   |
+| `useEffect`             | Execution, dependencies, cleanup      |
+| Event handlers          | onClick, onChange, onSubmit, keyboard |
+| API calls               | Loading, success, error states        |
+| Routing                 | Navigation, params, query strings     |
+| `useCallback`/`useMemo` | Referential equality                  |
+| Context                 | Provider values, consumer behavior    |
+| Forms                   | Validation, submission, error display |

 ## Code Quality Checklist

@ -110,8 +110,8 @@ For the current file being tested:

 - [ ] 100% function coverage
 - [ ] 100% statement coverage
- [ ] >95% branch coverage
- [ ] >95% line coverage
+- [ ] > 95% branch coverage
+- [ ] > 95% line coverage

 ## Post-Generation (Per File)

--- a/.agents/skills/frontend-testing/references/common-patterns.md
+++ b/.agents/skills/frontend-testing/references/common-patterns.md
@ -107,13 +107,13 @@ describe('Counter', () => {
  it('should increment count', async () => {
    const user = userEvent.setup()
    render(<Counter initialCount={0} />)
-    
+
    // Initial state
    expect(screen.getByText('Count: 0')).toBeInTheDocument()
-    
+
    // Trigger transition
    await user.click(screen.getByRole('button', { name: /increment/i }))
-    
+
    // New state
    expect(screen.getByText('Count: 1')).toBeInTheDocument()
  })
@ -127,17 +127,17 @@ describe('ControlledInput', () => {
  it('should call onChange with new value', async () => {
    const user = userEvent.setup()
    const handleChange = vi.fn()
-    
+
    render(<ControlledInput value="" onChange={handleChange} />)
-    
+
    await user.type(screen.getByRole('textbox'), 'a')
-    
+
    expect(handleChange).toHaveBeenCalledWith('a')
  })

  it('should display controlled value', () => {
    render(<ControlledInput value="controlled" onChange={vi.fn()} />)
-    
+
    expect(screen.getByRole('textbox')).toHaveValue('controlled')
  })
 })
@ -149,26 +149,26 @@ describe('ControlledInput', () => {
 describe('ConditionalComponent', () => {
  it('should show loading state', () => {
    render(<DataDisplay isLoading={true} data={null} />)
-    
+
    expect(screen.getByText(/loading/i)).toBeInTheDocument()
    expect(screen.queryByTestId('data-content')).not.toBeInTheDocument()
  })

  it('should show error state', () => {
    render(<DataDisplay isLoading={false} data={null} error="Failed to load" />)
-    
+
    expect(screen.getByText(/failed to load/i)).toBeInTheDocument()
  })

  it('should show data when loaded', () => {
    render(<DataDisplay isLoading={false} data={{ name: 'Test' }} />)
-    
+
    expect(screen.getByText('Test')).toBeInTheDocument()
  })

  it('should show empty state when no data', () => {
    render(<DataDisplay isLoading={false} data={[]} />)
-    
+
    expect(screen.getByText(/no data/i)).toBeInTheDocument()
  })
 })
@ -186,7 +186,7 @@ describe('ItemList', () => {

  it('should render all items', () => {
    render(<ItemList items={items} />)
-    
+
    expect(screen.getAllByRole('listitem')).toHaveLength(3)
    items.forEach(item => {
      expect(screen.getByText(item.name)).toBeInTheDocument()
@ -196,17 +196,17 @@ describe('ItemList', () => {
  it('should handle item selection', async () => {
    const user = userEvent.setup()
    const onSelect = vi.fn()
-    
+
    render(<ItemList items={items} onSelect={onSelect} />)
-    
+
    await user.click(screen.getByText('Item 2'))
-    
+
    expect(onSelect).toHaveBeenCalledWith(items[1])
  })

  it('should handle empty list', () => {
    render(<ItemList items={[]} />)
-    
+
    expect(screen.getByText(/no items/i)).toBeInTheDocument()
  })
 })
@ -218,55 +218,55 @@ describe('ItemList', () => {
 describe('Modal', () => {
  it('should not render when closed', () => {
    render(<Modal isOpen={false} onClose={vi.fn()} />)
-    
+
    expect(screen.queryByRole('dialog')).not.toBeInTheDocument()
  })

  it('should render when open', () => {
    render(<Modal isOpen={true} onClose={vi.fn()} />)
-    
+
    expect(screen.getByRole('dialog')).toBeInTheDocument()
  })

  it('should call onClose when clicking overlay', async () => {
    const user = userEvent.setup()
    const handleClose = vi.fn()
-    
+
    render(<Modal isOpen={true} onClose={handleClose} />)
-    
+
    await user.click(screen.getByTestId('modal-overlay'))
-    
+
    expect(handleClose).toHaveBeenCalled()
  })

  it('should call onClose when pressing Escape', async () => {
    const user = userEvent.setup()
    const handleClose = vi.fn()
-    
+
    render(<Modal isOpen={true} onClose={handleClose} />)
-    
+
    await user.keyboard('{Escape}')
-    
+
    expect(handleClose).toHaveBeenCalled()
  })

  it('should trap focus inside modal', async () => {
    const user = userEvent.setup()
-    
+
    render(
      <Modal isOpen={true} onClose={vi.fn()}>
        <button>First</button>
        <button>Second</button>
      </Modal>
    )
-    
+
    // Focus should cycle within modal
    await user.tab()
    expect(screen.getByText('First')).toHaveFocus()
-    
+
    await user.tab()
    expect(screen.getByText('Second')).toHaveFocus()
-    
+
    await user.tab()
    expect(screen.getByText('First')).toHaveFocus() // Cycles back
  })
@ -280,13 +280,13 @@ describe('LoginForm', () => {
  it('should submit valid form', async () => {
    const user = userEvent.setup()
    const onSubmit = vi.fn()
-    
+
    render(<LoginForm onSubmit={onSubmit} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'test@example.com')
    await user.type(screen.getByLabelText(/password/i), 'password123')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(onSubmit).toHaveBeenCalledWith({
      email: 'test@example.com',
      password: 'password123',
@ -295,39 +295,39 @@ describe('LoginForm', () => {

  it('should show validation errors', async () => {
    const user = userEvent.setup()
-    
+
    render(<LoginForm onSubmit={vi.fn()} />)
-    
+
    // Submit empty form
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByText(/email is required/i)).toBeInTheDocument()
    expect(screen.getByText(/password is required/i)).toBeInTheDocument()
  })

  it('should validate email format', async () => {
    const user = userEvent.setup()
-    
+
    render(<LoginForm onSubmit={vi.fn()} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'invalid-email')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByText(/invalid email/i)).toBeInTheDocument()
  })

  it('should disable submit button while submitting', async () => {
    const user = userEvent.setup()
    const onSubmit = vi.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
-    
+
    render(<LoginForm onSubmit={onSubmit} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'test@example.com')
    await user.type(screen.getByLabelText(/password/i), 'password123')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByRole('button', { name: /signing in/i })).toBeDisabled()
-    
+
    await waitFor(() => {
      expect(screen.getByRole('button', { name: /sign in/i })).toBeEnabled()
    })
@ -346,7 +346,7 @@ describe('StatusBadge', () => {
    ['info', 'bg-blue-500'],
  ])('should apply correct class for %s status', (status, expectedClass) => {
    render(<StatusBadge status={status} />)
-    
+
    expect(screen.getByTestId('status-badge')).toHaveClass(expectedClass)
  })

@ -357,7 +357,7 @@ describe('StatusBadge', () => {
    { input: 'invalid', expected: 'Unknown' },
  ])('should show "Unknown" for invalid input: $input', ({ input, expected }) => {
    render(<StatusBadge status={input} />)
-    
+
    expect(screen.getByText(expected)).toBeInTheDocument()
  })
 })
--- a/.agents/skills/frontend-testing/references/domain-components.md
+++ b/.agents/skills/frontend-testing/references/domain-components.md
@ -53,18 +53,18 @@ describe('NodeConfigPanel', () => {
    it('should render node type selector', () => {
      const node = createMockNode({ type: 'llm' })
      render(<NodeConfigPanel node={node} />)
-      
+
      expect(screen.getByLabelText(/model/i)).toBeInTheDocument()
    })

    it('should update node config on change', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'llm' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      await user.selectOptions(screen.getByLabelText(/model/i), 'gpt-4')
-      
+
      expect(mockWorkflowStore.updateNode).toHaveBeenCalledWith(
        node.id,
        expect.objectContaining({ model: 'gpt-4' })
@ -76,14 +76,14 @@ describe('NodeConfigPanel', () => {
    it('should show error for invalid input', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'code' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      // Enter invalid code
      const codeInput = screen.getByLabelText(/code/i)
      await user.clear(codeInput)
      await user.type(codeInput, 'invalid syntax {{{')
-      
+
      await waitFor(() => {
        expect(screen.getByText(/syntax error/i)).toBeInTheDocument()
      })
@ -91,11 +91,11 @@ describe('NodeConfigPanel', () => {

    it('should validate required fields', async () => {
      const node = createMockNode({ type: 'http', data: { url: '' } })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      fireEvent.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/url is required/i)).toBeInTheDocument()
      })
@ -113,28 +113,28 @@ describe('NodeConfigPanel', () => {
        id: 'node-2',
        type: 'llm',
      })
-      
+
      mockWorkflowStore.nodes = [upstreamNode, currentNode]
      mockWorkflowStore.edges = [{ source: 'node-1', target: 'node-2' }]
-      
+
      render(<NodeConfigPanel node={currentNode} />)
-      
+
      // Variable selector should show upstream variables
      fireEvent.click(screen.getByRole('button', { name: /add variable/i }))
-      
+
      expect(screen.getByText('user_input')).toBeInTheDocument()
    })

    it('should insert variable into prompt template', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'llm' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      // Click variable button
      await user.click(screen.getByRole('button', { name: /insert variable/i }))
      await user.click(screen.getByText('user_input'))
-      
+
      const promptInput = screen.getByLabelText(/prompt/i)
      expect(promptInput).toHaveValue(expect.stringContaining('{{user_input}}'))
    })
@ -179,14 +179,14 @@ describe('DocumentUploader', () => {
      const user = userEvent.setup()
      const onUpload = vi.fn()
      mockedService.uploadDocument.mockResolvedValue({ id: 'doc-1' })
-      
+
      render(<DocumentUploader onUpload={onUpload} />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      const input = screen.getByLabelText(/upload/i)
-      
+
      await user.upload(input, file)
-      
+
      await waitFor(() => {
        expect(mockedService.uploadDocument).toHaveBeenCalledWith(
          expect.any(FormData)
@ -196,35 +196,35 @@ describe('DocumentUploader', () => {

    it('should reject invalid file types', async () => {
      const user = userEvent.setup()
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.exe', { type: 'application/x-msdownload' })
      const input = screen.getByLabelText(/upload/i)
-      
+
      await user.upload(input, file)
-      
+
      expect(screen.getByText(/unsupported file type/i)).toBeInTheDocument()
      expect(mockedService.uploadDocument).not.toHaveBeenCalled()
    })

    it('should show upload progress', async () => {
      const user = userEvent.setup()
-      
+
      // Mock upload with progress
      mockedService.uploadDocument.mockImplementation(() => {
        return new Promise((resolve) => {
          setTimeout(() => resolve({ id: 'doc-1' }), 100)
        })
      })
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      expect(screen.getByRole('progressbar')).toBeInTheDocument()
-      
+
      await waitFor(() => {
        expect(screen.queryByRole('progressbar')).not.toBeInTheDocument()
      })
@ -235,12 +235,12 @@ describe('DocumentUploader', () => {
    it('should handle upload failure', async () => {
      const user = userEvent.setup()
      mockedService.uploadDocument.mockRejectedValue(new Error('Upload failed'))
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      await waitFor(() => {
        expect(screen.getByText(/upload failed/i)).toBeInTheDocument()
      })
@ -251,18 +251,18 @@ describe('DocumentUploader', () => {
      mockedService.uploadDocument
        .mockRejectedValueOnce(new Error('Network error'))
        .mockResolvedValueOnce({ id: 'doc-1' })
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      await waitFor(() => {
        expect(screen.getByRole('button', { name: /retry/i })).toBeInTheDocument()
      })
-      
+
      await user.click(screen.getByRole('button', { name: /retry/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/uploaded successfully/i)).toBeInTheDocument()
      })
@ -283,13 +283,13 @@ describe('DocumentList', () => {
        page: 1,
        pageSize: 10,
      })
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 1')).toBeInTheDocument()
      })
-      
+
      expect(mockedService.getDocuments).toHaveBeenCalledWith('ds-1', { page: 1 })
    })

@ -301,22 +301,22 @@ describe('DocumentList', () => {
        page: 1,
        pageSize: 10,
      })
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 1')).toBeInTheDocument()
      })
-      
+
      mockedService.getDocuments.mockResolvedValue({
        data: [{ id: '11', name: 'Doc 11' }],
        total: 50,
        page: 2,
        pageSize: 10,
      })
-      
+
      await user.click(screen.getByRole('button', { name: /next/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 11')).toBeInTheDocument()
      })
@ -327,21 +327,21 @@ describe('DocumentList', () => {
    it('should filter by search query', async () => {
      const user = userEvent.setup()
      vi.useFakeTimers()
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await user.type(screen.getByPlaceholderText(/search/i), 'test query')
-      
+
      // Debounce
      vi.advanceTimersByTime(300)
-      
+
      await waitFor(() => {
        expect(mockedService.getDocuments).toHaveBeenCalledWith(
          'ds-1',
          expect.objectContaining({ search: 'test query' })
        )
      })
-      
+
      vi.useRealTimers()
    })
  })
@ -391,50 +391,50 @@ describe('AppConfigForm', () => {
  describe('Form Validation', () => {
    it('should require app name', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Clear name field
      await user.clear(screen.getByLabelText(/name/i))
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      expect(screen.getByText(/name is required/i)).toBeInTheDocument()
      expect(mockedService.updateAppConfig).not.toHaveBeenCalled()
    })

    it('should validate name length', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toBeInTheDocument()
      })
-      
+
      // Enter very long name
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'a'.repeat(101))
-      
+
      expect(screen.getByText(/name must be less than 100 characters/i)).toBeInTheDocument()
    })

    it('should allow empty optional fields', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockResolvedValue({ success: true })
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Leave description empty (optional)
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(mockedService.updateAppConfig).toHaveBeenCalled()
      })
@ -445,58 +445,58 @@ describe('AppConfigForm', () => {
    it('should save configuration', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockResolvedValue({ success: true })
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'Updated App')
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(mockedService.updateAppConfig).toHaveBeenCalledWith(
          'app-1',
          expect.objectContaining({ name: 'Updated App' })
        )
      })
-      
+
      expect(screen.getByText(/saved successfully/i)).toBeInTheDocument()
    })

    it('should reset to default values', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Make changes
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'Changed Name')
-      
+
      // Reset
      await user.click(screen.getByRole('button', { name: /reset/i }))
-      
+
      expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
    })

    it('should show unsaved changes warning', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Make changes
      await user.type(screen.getByLabelText(/name/i), ' Updated')
-      
+
      expect(screen.getByText(/unsaved changes/i)).toBeInTheDocument()
    })
  })
@ -505,15 +505,15 @@ describe('AppConfigForm', () => {
    it('should show error on save failure', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockRejectedValue(new Error('Server error'))
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/failed to save/i)).toBeInTheDocument()
      })
--- a/.agents/skills/frontend-testing/references/mocking.md
+++ b/.agents/skills/frontend-testing/references/mocking.md
@ -54,12 +54,12 @@ See [Zustand Store Testing](#zustand-store-testing) section for full details.

 ## Mock Placement

-| Location | Purpose |
-|----------|---------|
-| `web/vitest.setup.ts` | Global mocks shared by all tests (`react-i18next`, `zustand`, clipboard, FloatingPortal, Monaco, localStorage`) |
-| `web/__mocks__/zustand.ts` | Zustand mock implementation (auto-resets stores after each test) |
-| `web/__mocks__/` | Reusable mock factories shared across multiple test files |
-| Test file | Test-specific mocks, inline with `vi.mock()` |
+| Location                   | Purpose                                                                                                         |
+| -------------------------- | --------------------------------------------------------------------------------------------------------------- |
+| `web/vitest.setup.ts`      | Global mocks shared by all tests (`react-i18next`, `zustand`, clipboard, FloatingPortal, Monaco, localStorage`) |
+| `web/__mocks__/zustand.ts` | Zustand mock implementation (auto-resets stores after each test)                                                |
+| `web/__mocks__/`           | Reusable mock factories shared across multiple test files                                                       |
+| Test file                  | Test-specific mocks, inline with `vi.mock()`                                                                    |

 Modules are not mocked automatically. Use `vi.mock` in test files, or add global mocks in `web/vitest.setup.ts`.

@ -85,10 +85,12 @@ The global mock provides:
 ```typescript
 import { createReactI18nextMock } from '@/test/i18n-mock'

-vi.mock('react-i18next', () => createReactI18nextMock({
-  'my.custom.key': 'Custom translation',
-  'button.save': 'Save',
-}))
+vi.mock('react-i18next', () =>
+  createReactI18nextMock({
+    'my.custom.key': 'Custom translation',
+    'button.save': 'Save',
+  }),
+)
 ```

 **Avoid**: Manually defining `useTranslation` mocks that just return the key - the global mock already does this.
@ -189,16 +191,16 @@ const mockedApi = vi.mocked(api)
 describe('Component', () => {
  beforeEach(() => {
    vi.clearAllMocks()
-    
+
    // Setup default mock implementation
    mockedApi.fetchData.mockResolvedValue({ data: [] })
  })

  it('should show data on success', async () => {
    mockedApi.fetchData.mockResolvedValue({ data: [{ id: 1 }] })
-    
+
    render(<Component />)
-    
+
    await waitFor(() => {
      expect(screen.getByText('1')).toBeInTheDocument()
    })
@ -206,9 +208,9 @@ describe('Component', () => {

  it('should show error on failure', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Network error'))
-    
+
    render(<Component />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/error/i)).toBeInTheDocument()
    })
@ -231,9 +233,9 @@ describe('GithubComponent', () => {
        headers: { 'Content-Type': 'application/json' },
      }),
    )
-    
+
    render(<GithubComponent />)
-    
+
    await waitFor(() => {
      expect(screen.getByText('dify')).toBeInTheDocument()
    })
@ -246,9 +248,9 @@ describe('GithubComponent', () => {
        headers: { 'Content-Type': 'application/json' },
      }),
    )
-    
+
    render(<GithubComponent />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/error/i)).toBeInTheDocument()
    })
@ -267,25 +269,25 @@ import { createMockProviderContextValue, createMockPlan } from '@/__mocks__/prov
 describe('Component with Context', () => {
  it('should render for free plan', () => {
    const mockContext = createMockPlan('sandbox')
-    
+
    render(
      <ProviderContext.Provider value={mockContext}>
        <Component />
      </ProviderContext.Provider>
    )
-    
+
    expect(screen.getByText('Upgrade')).toBeInTheDocument()
  })

  it('should render for pro plan', () => {
    const mockContext = createMockPlan('professional')
-    
+
    render(
      <ProviderContext.Provider value={mockContext}>
        <Component />
      </ProviderContext.Provider>
    )
-    
+
    expect(screen.queryByText('Upgrade')).not.toBeInTheDocument()
  })
 })
@ -411,7 +413,7 @@ Manual mocking conflicts with the global Zustand mock and loses store functional
 ```typescript
 // ❌ WRONG: Don't mock the store module
 vi.mock('@/app/components/app/store', () => ({
-  useStore: (selector) => mockSelector(selector),  // Missing getState, setState!
+  useStore: (selector) => mockSelector(selector), // Missing getState, setState!
 }))

 // ❌ WRONG: This conflicts with global zustand mock
@ -439,14 +441,11 @@ const mockStore = {
 }

 vi.mock('@/app/components/app/store', () => ({
-  useStore: Object.assign(
-    (selector: (state: typeof mockStore) => unknown) => selector(mockStore),
-    {
-      getState: () => mockStore,
-      setState: vi.fn(),
-      subscribe: vi.fn(),
-    },
-  ),
+  useStore: Object.assign((selector: (state: typeof mockStore) => unknown) => selector(mockStore), {
+    getState: () => mockStore,
+    setState: vi.fn(),
+    subscribe: vi.fn(),
+  }),
 }))
 ```

@ -528,7 +527,7 @@ it('should display project owner', () => {
  const project = createMockProject({
    owner: createMockUser({ name: 'John Doe' }),
  })
-  
+
  render(<ProjectCard project={project} />)
  expect(screen.getByText('John Doe')).toBeInTheDocument()
 })
--- a/.agents/skills/frontend-testing/references/workflow.md
+++ b/.agents/skills/frontend-testing/references/workflow.md
@ -6,10 +6,10 @@ This guide defines the workflow for generating tests, especially for complex com

 This guide addresses **multi-file workflow** (how to process multiple test files). For coverage requirements within a single test file, see `web/docs/test.md` § Coverage Goals.

-| Scope | Rule |
-|-------|------|
-| **Single file** | Complete coverage in one generation (100% function, >95% branch) |
-| **Multi-file directory** | Process one file at a time, verify each before proceeding |
+| Scope                    | Rule                                                             |
+| ------------------------ | ---------------------------------------------------------------- |
+| **Single file**          | Complete coverage in one generation (100% function, >95% branch) |
+| **Multi-file directory** | Process one file at a time, verify each before proceeding        |

 ## ⚠️ Critical Rule: Incremental Approach for Multi-File Testing

@ -17,14 +17,14 @@ When testing a **directory with multiple files**, **NEVER generate all test file

 ### Why Incremental?

-| Batch Approach (❌) | Incremental Approach (✅) |
-|---------------------|---------------------------|
-| Generate 5+ tests at once | Generate 1 test at a time |
-| Run tests only at the end | Run test immediately after each file |
-| Multiple failures compound | Single point of failure, easy to debug |
-| Hard to identify root cause | Clear cause-effect relationship |
-| Mock issues affect many files | Mock issues caught early |
-| Messy git history | Clean, atomic commits possible |
+| Batch Approach (❌)           | Incremental Approach (✅)              |
+| ----------------------------- | -------------------------------------- |
+| Generate 5+ tests at once     | Generate 1 test at a time              |
+| Run tests only at the end     | Run test immediately after each file   |
+| Multiple failures compound    | Single point of failure, easy to debug |
+| Hard to identify root cause   | Clear cause-effect relationship        |
+| Mock issues affect many files | Mock issues caught early               |
+| Messy git history             | Clean, atomic commits possible         |

 ## Single File Workflow

@ -190,7 +190,7 @@ Update status as you complete each:
 ```
 # BAD: Writing all files then testing
 Write component-a.spec.tsx
-Write component-b.spec.tsx  
+Write component-b.spec.tsx
 Write component-c.spec.tsx
 Write component-d.spec.tsx
 Run pnpm test  ← Multiple failures, hard to debug
--- a/.agents/skills/how-to-write-component/SKILL.md
+++ b/.agents/skills/how-to-write-component/SKILL.md
@ -1,59 +1,27 @@
 ---
 name: how-to-write-component
-description: Use when writing, refactoring, or reviewing React/TypeScript components in Dify web, especially decisions about component ownership, props/types, URL/query state, Jotai state, async state, generated API contracts, queries/mutations, overlays, effects, navigation, performance, and empty states.
+description: React/TypeScript component style guide. Use when writing, refactoring, or reviewing React components, especially around props typing, state boundaries, shared local state with Jotai atoms, API types, query/mutation contracts, navigation, memoization, wrappers, and empty-state handling.
 ---

 # How To Write A Component

-Use this as the component decision guide for Dify web. Existing code is reference material, not automatic precedent; if touched code violates these rules, adapt it and fix equivalent patterns in the same feature branch.
-
-## First Decisions
-
-| Question | Default | Promote or extract only when |
-| --- | --- | --- |
-| Where should code live? | Keep it local to the feature workflow, route, or owner. | Multiple verticals need the same stable primitive. |
-| Who owns state, data, and handlers? | The lowest component that uses them. | A parent coordinates shared loading, errors, empty UI, selection, submission, navigation, or one consistent snapshot. |
-| Should this become Jotai state? | Keep synchronous UI/form state in component or DOM state. | Siblings need one source of truth, the value drives atoms, or scoped workflow state must survive hidden/unmounted steps. |
-| Should URL state enter Jotai? | Let Next.js route params and `nuqs` own URL state and updates. | Query atoms or shared derived atoms need a read-only bridge hydrated at the route/surface boundary. |
-| Should this query/mutation become an atom? | Use TanStack Query hooks at the lowest owner. | It reads atom state, feeds derived atoms, or participates in shared Jotai workflow orchestration. |
-| Should this be a helper/wrapper? | Prefer direct readable code at the use site. | The name captures a stable domain rule or the wrapper owns real behavior, validation, state, error handling, or semantics. |
-| Is an Effect needed? | No. Derive during render or handle the user action in the event handler. | It synchronizes with an external system such as browser APIs, subscriptions, timers, analytics, or imperative DOM/non-React widgets. |
+Use this as the decision guide for React/TypeScript component structure. Existing code is reference material, not automatic precedent; when it conflicts with these rules, adapt the approach instead of reproducing the violation.

 ## Core Defaults

- Search before adding UI, hooks, helpers, query utilities, or styling patterns. Reuse existing base components, feature components, hooks, utilities, and design styles when they fit.
- Follow Dify's CSS-first Tailwind v4 contract from `packages/dify-ui/README.md` and `packages/dify-ui/AGENTS.md`. Prefer design-system tokens, utilities, and radius mappings over generic Tailwind choices.
- Group feature code by workflow, route, or ownership area: components, hooks, local types, query helpers, atoms, constants, and small utilities should live near the code that changes with them.
- Keep source/default selection, validation, dirty checks, and payload shaping close to the workflow that owns submit behavior. Do not hide flow-specific priority order, fallback behavior, or submit semantics in generic utilities.
- Prefer direct conditionals for small branch-specific decisions, especially form source selection and request payload assembly.
- Loading states for page sections, cards, lists, tables, forms, and drawers should be skeletons scoped to the content being loaded. Use spinners only for small inline busy indicators.
+- Search before adding UI, hooks, helpers, or styling patterns. Reuse existing base components, feature components, hooks, utilities, and design styles when they fit.
+- Group code by feature workflow, route, or ownership area: components, hooks, local types, query helpers, atoms, constants, and small utilities should live near the code that changes with them.
+- Promote code to shared only when multiple verticals need the same stable primitive. Otherwise keep it local and compose shared primitives inside the owning feature.
+- Follow Dify's CSS-first Tailwind v4 contract from `packages/dify-ui/README.md` and `packages/dify-ui/AGENTS.md`. Prefer design-system tokens, utilities, and radius mappings over generic Tailwind guidance.

-## Layout And Ownership
+## Ownership

- State-heavy wizards, drawers, modals, and secondary workflows can be a small feature surface: an entry file, one feature-local state file when Jotai is actually needed, and shallow `ui/` owners that match real visual regions.
- The entry file handles route integration, provider wiring, close behavior, and surface mounting. The composition owner handles high-level workflow branching. The closest visual owner handles section branching.
- Repeated TanStack query calls in sibling components are acceptable when each component independently consumes the data; TanStack Query deduplicates and shares cache.
- Pass stable domain identity across boundaries. Do not forward derived presentation state when the receiver can derive it from its own data source.
- A component that owns a visual surface should also own data access, loading, empty, and error states for content rendered inside it unless a parent truly coordinates that state.
- Avoid prop drilling. One pass-through layer is acceptable; repeated forwarding means ownership should move down or into feature-scoped Jotai UI state. Keep server/cache state in Query and API flow.
- Do not replace prop drilling with one large view-model hook threaded through section props. Move each hook, query, derived value, and handler to the concrete section that consumes it.
- Keep callbacks in a parent only for workflow coordination such as form submission, shared selection, batch behavior, or navigation. Otherwise let the child, menu, or row own the action.
-
-## Feature-Scoped Jotai
-
- A Jotai-backed feature has one feature-local state file for shared primitive atoms, query atoms, derived atoms, write-only actions, mutation atoms, submission orchestration, provider exports, and optional scope configuration.
- Keep component-owned synchronous UI state local even inside Jotai features: dialog open flags, menus/popovers, confirmations, field drafts, and selected local options usually belong in component state.
- Use uncontrolled `@langgenius/dify-ui/form` and `@langgenius/dify-ui/field` controls for edit/create forms whose fields are read only at submit time. Initialize query-backed defaults with `defaultValue` and keyed remounts.
- Promote form state to atoms only when another component must react to in-progress values, a draft must survive unmount/remount in the scoped workflow, or multiple steps share the same editable draft before submit.
- Treat `useParams`, route args, and `nuqs` query state as framework-owned state. When atom logic needs those values, hydrate primitive atoms at the route or surface boundary, such as with `useHydrateAtoms(..., { dangerouslyForceHydrate: true })`; keep URL updates in the route/query-state APIs instead of write atoms.
- For async work tied to atom state, use `atomWithQuery` or `atomWithMutation`; write atoms should update only the inputs that drive those atoms. This applies to pure frontend async work as well as network requests, so do not hand-roll loading/error/in-flight state with `useState` or `useRef` for atom-orchestrated async behavior. For component-owned remote work, use `useQuery` or `useMutation` directly.
- Row-local async state belongs to the row owner unless it participates in a shared Jotai workflow or needs atom-scoped reset semantics.
- Leave query and mutation atoms unscoped so they keep shared QueryClient cache and invalidation behavior. Scope resettable primitives and explicit hydration tuples; scope a derived atom only when every dependency should be private to that surface.
- For scoped primitives that are always hydrated by `ScopeProvider`, prefer `atomWithLazy<T>(() => { throw new Error(...) })` when consumers should see a non-null type.
- Order state files by dependency graph: types/constants, primitives, query atoms, query-data derived atoms, business/readiness derived atoms, write actions, mutation atoms, submission orchestration, provider exports.
- Name derived atoms as business facts and write atoms as user or workflow commands. Components should read or write the exact atom they need with `useAtomValue` or `useSetAtom`.
- Menu/dialog `open` state usually stays local, but a scoped atom is acceptable when a composed menu plus secondary surface would otherwise pass confusing `open`/`onClose` props through unrelated layers. Scope that primitive with the surface instance so reset behavior stays local.
- Keep independent dialog lifecycles separate. Avoid one discriminated "current action dialog" atom when dialogs have separate open state, loading guards, or reset behavior.
+- Put local state, queries, mutations, handlers, and derived UI data in the lowest component that uses them. Extract a purpose-built owner component only when the logic has no natural home.
+- Repeated TanStack query calls in sibling components are acceptable when each component independently consumes the data. Do not hoist a query only because it is duplicated; TanStack Query handles deduplication and cache sharing.
+- Hoist state, queries, or callbacks to a parent only when the parent consumes the data, coordinates shared loading/error/empty UI, needs one consistent snapshot, or owns a workflow spanning children.
+- Avoid prop drilling. One pass-through layer is acceptable; repeated forwarding means ownership should move down or into feature-scoped Jotai UI state. Keep server/cache state in query and API data flow.
+- Keep callbacks in a parent only for workflow coordination such as form submission, shared selection, batch behavior, or navigation. Otherwise let the child or row own its action.
+- Prefer uncontrolled DOM state and CSS variables before adding controlled props.

 ## Components, Props, And Types

@ -61,57 +29,43 @@ Use this as the component decision guide for Dify web. Existing code is referenc
 - Prefer `function` for top-level components and module helpers. Use arrow functions for local callbacks, handlers, and lambda-style APIs.
 - Prefer named exports. Use default exports only where the framework requires them, such as Next.js route files.
 - Type simple one-off props inline. Use a named `Props` type only when reused, exported, complex, or clearer.
- Use API-generated or API-returned types at component boundaries. Keep small UI conversion helpers and one-off UI extensions beside the component that needs them.
- Do not create type aliases that only rename another type. Use aliases only for real UI concepts, refinements, or reusable local contracts.
- Name values by their domain role and backend API contract, especially persistent IDs and route params. Normalize framework or route params at the boundary.
- Put fallback and invariant checks in the lowest component that already handles that state. Do not extract helpers whose only behavior is hiding missing display data.
-
-## Generated API And Nullable Data
-
- Treat generated contracts as authoritative at API, query, mutation, cache, and service boundaries. For enterprise APIs, use `packages/contracts/generated/enterprise/*`.
- Do not hand-write DTO mirrors, widen generated fields/enums, or add parallel frontend enum/status layers unless they model product state not represented by the API.
- Use generated enum objects and union types directly in props, comparisons, status logic, and i18n keys. Presentation-only tone maps should be keyed by generated enums.
- Normalize or coerce only at real boundaries: user-entered forms, search, URL/query params, file names, DOM IDs, or legacy adapters.
- Do not coerce nullable or optional API strings to `''` in query, derived model, or payload-building code. Keep `null` or `undefined` until the final boundary requiring a string.
- Do not use `value || undefined` for mutation fields where `''` means "clear this value". Trim or normalize at the form boundary, then preserve intentional empty strings.
- Prefer nullable-tolerant render props for API-returned rows. Narrow only where a real value is required, such as mutation params, route hrefs, select values, query input, or required React keys.
- Build required values in the same branch that proves them, using `flatMap`, a local loop, or an early return. Avoid truthiness guards, `filter(Boolean)`, `filter(item => item.id)`, and `!` after filters.
- Use conditional spreads or explicit pushes for conditional array items instead of `undefined` placeholders followed by narrowing filters.
- Empty collection fallbacks are for not-yet-loaded query data or genuinely nullable collections at the owning render boundary, not for hiding required API fields.
+- Use API-generated or API-returned types at component boundaries. Keep small UI conversion helpers beside the component that needs them.
+- Name values by their domain role and backend API contract, and keep that name stable across the call chain, especially IDs like `appInstanceId`. Normalize framework or route params at the boundary.
+- Keep fallback and invariant checks at the lowest component that already handles that state; callers should pass raw values through instead of duplicating checks.

 ## Queries And Mutations

- Keep `web/contract/*` as the API shape source of truth and follow the `{ params, query?, body? }` input shape.
- Consume generated queries with `useQuery(consoleQuery.xxx.queryOptions(...))` or `useQuery(marketplaceQuery.xxx.queryOptions(...))`.
- Consume owner-local mutations with `useMutation(consoleQuery.xxx.mutationOptions(...))` or `useMutation(marketplaceQuery.xxx.mutationOptions(...))` when pending/error state is not consumed by feature atoms.
- In `atomWithQuery`, `atomWithInfiniteQuery`, and `atomWithMutation`, return generated `queryOptions()`, `infiniteOptions()`, or `mutationOptions()` directly. Pass `enabled`, `retry`, `placeholderData`, `select`, and pagination options into the generated call instead of spreading options into a hand-built object.
- For generated oRPC options with missing required input, branch the whole input with `input: condition ? validInput : skipToken` and `enabled: Boolean(condition)`. Never place `skipToken` inside a nested placeholder payload or coerce required IDs to `''`.
- When prefetch and render use the same request, extract local query options or a query-options atom so `prefetchQuery` and `useQuery`/`atomWithQuery` share the exact options.
- For custom query or mutation functions, wrap options with TanStack `queryOptions(...)` or `mutationOptions(...)`.
- Avoid pass-through hooks and thin `web/service/use-*` wrappers that only rename generated options. Keep feature hooks for real orchestration, workflow state, or shared domain behavior.
- Put shared cache behavior in `createTanstackQueryUtils(...experimental_defaults...)`. Component or atom callbacks may handle local toasts, closing dialogs, and navigation, but should not replace shared invalidation or patch shared server state locally.
- For overlays that may open heavier secondary content, prefetch from the trigger/menu open event with `queryClient.prefetchQuery(queryOptions)` when `onOpenChange` is available. Do not mount hidden subscribers just to warm cache.
+- Keep `web/contract/*` as the single source of truth for API shape; follow existing domain/router patterns and the `{ params, query?, body? }` input shape.
+- Consume queries directly with `useQuery(consoleQuery.xxx.queryOptions(...))` or `useQuery(marketplaceQuery.xxx.queryOptions(...))`.
+- Avoid pass-through hooks and thin `web/service/use-*` wrappers that only rename `queryOptions()` or `mutationOptions()`. Extract a small `queryOptions` helper only when repeated call-site options justify it.
+- Keep feature hooks for real orchestration, workflow state, or shared domain behavior.
+- For missing required query input, use `input: skipToken`; use `enabled` only for extra business gating after the input is valid.
+- Consume mutations directly with `useMutation(consoleQuery.xxx.mutationOptions(...))` or `useMutation(marketplaceQuery.xxx.mutationOptions(...))`; use oRPC clients as `mutationFn` only for custom flows.
+- Put shared cache behavior in `createTanstackQueryUtils(...experimental_defaults...)`; components may add UI feedback callbacks, but should not own shared invalidation rules.
 - Do not use deprecated `useInvalid` or `useReset`.
 - Prefer `mutate(...)`; use `mutateAsync(...)` only when Promise semantics are required, and wrap awaited calls in `try/catch`.

-## Boundaries And Overlays
+## Component Boundaries

- Use the first level below a page or tab to organize independent page sections when it adds structure. This layer is layout/semantic first, not automatically the data owner.
- Treat component names, semantic roles, and user- or design-marked visual regions as boundary constraints. Keep adjacent UI as a sibling owner or introduce a correctly named broader owner.
+- Use the first level below a page or tab to organize independent page sections when it adds real structure. This layer is layout/semantic first, not automatically the data owner.
+- Split deeper components by the data and state each layer actually needs. Each component should access only necessary data, and ownership should stay at the lowest consumer.
 - Keep cohesive forms, menu bodies, and one-off helpers local unless they need their own state, reuse, or semantic boundary.
- Separate hidden secondary surfaces from the trigger's main flow. For dialogs, dropdowns, popovers, and similar branches, extract a small local component when hidden content would obscure the parent.
- Preserve composability by separating behavior ownership from placement ownership: an action can own trigger/open/menu content while the caller owns slots, offsets, and alignment.
- When a dialog, dropdown, or popover accepts controlled `open`, mount it unconditionally unless unmounting is required for performance or reset semantics. Use keyed scope or local state reset instead of `{open && <Surface />}` wrappers.
- When opening a dialog from a menu item, keep the menu and dialog as sibling surfaces. Let the menu command open the dialog, and mount the dialog outside menu popup content.
- For dialogs and alert dialogs, keep the root responsible for `open` wiring and put query/mutation hooks inside the content component when work should mount only after the overlay opens.
- Prefer uncontrolled overlay roots when the library can own open state. Use `onOpenChange` for side effects and CSS/data selectors for open-state styling.
- Avoid wrapper DOM unless it provides layout, semantics, accessibility, state ownership, or library integration. Avoid shallow wrappers, hook-to-props adapters, layout-only render props, children pass-through wrappers, and prop renaming unless they add real behavior or a real boundary.
+- Separate hidden secondary surfaces from the trigger's main flow. For dialogs, dropdowns, popovers, and similar branches, extract a small local component that owns the trigger, open state, and hidden content when it would obscure the parent flow.
+- Preserve composability by separating behavior ownership from layout ownership. A dropdown action may own its trigger, open state, and menu content; the caller owns placement such as slots, offsets, and alignment.
+- Avoid unnecessary DOM hierarchy. Do not add wrapper elements unless they provide layout, semantics, accessibility, state ownership, or integration with a library API; prefer fragments or styling an existing element when possible.
+- Avoid shallow wrappers and prop renaming unless the wrapper adds validation, orchestration, error handling, state ownership, or a real semantic boundary.

-## Effects, Navigation, And Performance
+## You Might Not Need An Effect
+
+- Use Effects only to synchronize with external systems such as browser APIs, non-React widgets, subscriptions, timers, analytics that must run because the component was shown, or imperative DOM integration.
+- Do not use Effects to transform props or state for rendering. Calculate derived values during render, and use `useMemo` only when the calculation is actually expensive.
+- Do not use Effects to handle user actions. Put action-specific logic in the event handler where the cause is known.
+- Do not use Effects to copy one state value into another state value representing the same concept. Pick one source of truth and derive the rest during render.
+- Do not reset or adjust state from props with an Effect. Prefer a `key` reset, storing a stable ID and deriving the selected object, or guarded same-component render-time adjustment when truly necessary.
+- Prefer framework data APIs or TanStack Query for data fetching instead of writing request Effects in components.
+- If an Effect still seems necessary, first name the external system it synchronizes with. If there is no external system, remove the Effect and restructure the state or event flow.
+
+## Navigation And Performance

- Use Effects only to synchronize with external systems. Do not use Effects to transform props/state for rendering, handle user actions, copy state, reset state from props, or fetch data.
- For forms initialized from query data, prefer keyed remounts or surface-entry atom hydration over Effects that copy query data into form state.
- Prefer framework data APIs or TanStack Query for data fetching.
 - Prefer `Link` for normal navigation. Use router APIs only for command-flow side effects such as mutation success, guarded redirects, or form submission.
- Before using `memo`, move changing state down to the smallest component that uses it. If state must wrap stable content, lift the stable content up and pass it as `children`.
 - Avoid `memo`, `useMemo`, and `useCallback` unless there is a clear performance reason.
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,49 +1,43 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the
 // README at: https://github.com/devcontainers/templates/tree/main/src/anaconda
 {
-	"name": "Python 3.12",
-	"build": {
-		"context": "..",
-		"dockerfile": "Dockerfile"
-	},
-	"mounts": [
-		"source=dify-dev-tmp,target=/tmp,type=volume"
-	],
-	"features": {
-		"ghcr.io/devcontainers/features/node:1": {
-			"nodeGypDependencies": true,
-			"version": "lts"
-		},
-		"ghcr.io/devcontainers-extra/features/npm-package:1": {
-			"package": "typescript",
-			"version": "latest"
-		},
-		"ghcr.io/devcontainers/features/docker-in-docker:2": {
-			"moby": true,
-			"azureDnsAutoDetection": true,
-			"installDockerBuildx": true,
-			"version": "latest",
-			"dockerDashComposeVersion": "v2"
-		}
-	},
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"ms-python.pylint",
-				"GitHub.copilot",
-				"ms-python.python"
-			]
-		}
-	},
-	"postStartCommand": "./.devcontainer/post_start_command.sh",
-	"postCreateCommand": "./.devcontainer/post_create_command.sh"
-	// Features to add to the dev container. More info: https://containers.dev/features.
-	// "features": {},
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "python --version",
-	// Configure tool-specific properties.
-	// "customizations": {},
-	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-}
+  "name": "Python 3.12",
+  "build": {
+    "context": "..",
+    "dockerfile": "Dockerfile"
+  },
+  "mounts": ["source=dify-dev-tmp,target=/tmp,type=volume"],
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {
+      "nodeGypDependencies": true,
+      "version": "lts"
+    },
+    "ghcr.io/devcontainers-extra/features/npm-package:1": {
+      "package": "typescript",
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "moby": true,
+      "azureDnsAutoDetection": true,
+      "installDockerBuildx": true,
+      "version": "latest",
+      "dockerDashComposeVersion": "v2"
+    }
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": ["ms-python.pylint", "GitHub.copilot", "ms-python.python"]
+    }
+  },
+  "postStartCommand": "./.devcontainer/post_start_command.sh",
+  "postCreateCommand": "./.devcontainer/post_create_command.sh"
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "python --version",
+  // Configure tool-specific properties.
+  // "customizations": {},
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+}
--- a/.github/DISCUSSION_TEMPLATE/general.yml
+++ b/.github/DISCUSSION_TEMPLATE/general.yml
@ -1,17 +1,17 @@
-title: "General Discussion"
+title: 'General Discussion'
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/DISCUSSION_TEMPLATE/help.yml
+++ b/.github/DISCUSSION_TEMPLATE/help.yml
@ -1,17 +1,17 @@
-title: "Help"
+title: 'Help'
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/DISCUSSION_TEMPLATE/suggestion.yml
+++ b/.github/DISCUSSION_TEMPLATE/suggestion.yml
@ -3,15 +3,15 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -1,4 +1,4 @@
-name: "🕷️ Bug report"
+name: '🕷️ Bug report'
 description: Report errors or unexpected behavior
 labels:
  - bug
@ -6,7 +6,7 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -18,7 +18,7 @@ body:
          required: true
        - label: 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true

  - type: input
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,13 +1,13 @@
 blank_issues_enabled: false
 contact_links:
  - name: "\U0001F510 Security Vulnerabilities"
-    url: "https://github.com/langgenius/dify/security/advisories/new"
+    url: 'https://github.com/langgenius/dify/security/advisories/new'
    about: Report security vulnerabilities through GitHub Security Advisories to ensure responsible disclosure. 💡 Please do not report security vulnerabilities in public issues.
  - name: "\U0001F4A1 Model Providers & Plugins"
-    url: "https://github.com/langgenius/dify-official-plugins/issues/new/choose"
+    url: 'https://github.com/langgenius/dify-official-plugins/issues/new/choose'
    about: Report issues with official plugins or model providers, you will need to provide the plugin version and other relevant details.
  - name: "\U0001F4AC Documentation Issues"
-    url: "https://github.com/langgenius/dify-docs/issues/new"
+    url: 'https://github.com/langgenius/dify-docs/issues/new'
    about: Report issues with the documentation, such as typos, outdated information, or missing content. Please provide the specific section and details of the issue.
  - name: "\U0001F4E7 Discussions"
    url: https://github.com/langgenius/dify/discussions/categories/general
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -1,4 +1,4 @@
-name: "⭐ Feature or enhancement request"
+name: '⭐ Feature or enhancement request'
 description: Propose something new.
 labels:
  - enhancement
@ -6,7 +6,7 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -14,7 +14,7 @@ body:
          required: true
        - label: I confirm that I am using English to submit this report, otherwise it will be closed.
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/ISSUE_TEMPLATE/refactor.yml
+++ b/.github/ISSUE_TEMPLATE/refactor.yml
@ -1,11 +1,11 @@
-name: "✨ Refactor or Chore"
+name: '✨ Refactor or Chore'
 description: Refactor existing code or perform maintenance chores to improve readability and reliability.
-title: "[Refactor/Chore] "
+title: '[Refactor/Chore] '
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -17,26 +17,26 @@ body:
          required: true
        - label: 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    id: description
    attributes:
      label: Description
-      placeholder: "Describe the refactor or chore you are proposing."
+      placeholder: 'Describe the refactor or chore you are proposing.'
    validations:
      required: true
  - type: textarea
    id: motivation
    attributes:
      label: Motivation
-      placeholder: "Explain why this refactor or chore is necessary."
+      placeholder: 'Explain why this refactor or chore is necessary.'
    validations:
      required: false
  - type: textarea
    id: additional-context
    attributes:
      label: Additional Context
-      placeholder: "Add any other context or screenshots about the request here."
+      placeholder: 'Add any other context or screenshots about the request here.'
    validations:
      required: false
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,223 +1,223 @@
 version: 2

 updates:
-  - package-ecosystem: "uv"
-    directory: "/api"
+  - package-ecosystem: 'uv'
+    directory: '/api'
    open-pull-requests-limit: 10
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      flask:
        patterns:
-          - "flask"
-          - "flask-*"
-          - "werkzeug"
-          - "gunicorn"
+          - 'flask'
+          - 'flask-*'
+          - 'werkzeug'
+          - 'gunicorn'
      google:
        patterns:
-          - "google-*"
-          - "googleapis-*"
+          - 'google-*'
+          - 'googleapis-*'
      opentelemetry:
        patterns:
-          - "opentelemetry-*"
+          - 'opentelemetry-*'
      pydantic:
        patterns:
-          - "pydantic"
-          - "pydantic-*"
+          - 'pydantic'
+          - 'pydantic-*'
      llm:
        patterns:
-          - "langfuse"
-          - "langsmith"
-          - "litellm"
-          - "mlflow*"
-          - "opik"
-          - "weave*"
-          - "arize*"
-          - "tiktoken"
-          - "transformers"
+          - 'langfuse'
+          - 'langsmith'
+          - 'litellm'
+          - 'mlflow*'
+          - 'opik'
+          - 'weave*'
+          - 'arize*'
+          - 'tiktoken'
+          - 'transformers'
      database:
        patterns:
-          - "sqlalchemy"
-          - "psycopg2*"
-          - "psycogreen"
-          - "redis*"
-          - "alembic*"
+          - 'sqlalchemy'
+          - 'psycopg2*'
+          - 'psycogreen'
+          - 'redis*'
+          - 'alembic*'
      storage:
        patterns:
-          - "boto3*"
-          - "botocore*"
-          - "azure-*"
-          - "bce-*"
-          - "cos-python-*"
-          - "esdk-obs-*"
-          - "google-cloud-storage"
-          - "opendal"
-          - "oss2"
-          - "supabase*"
-          - "tos*"
+          - 'boto3*'
+          - 'botocore*'
+          - 'azure-*'
+          - 'bce-*'
+          - 'cos-python-*'
+          - 'esdk-obs-*'
+          - 'google-cloud-storage'
+          - 'opendal'
+          - 'oss2'
+          - 'supabase*'
+          - 'tos*'
      vdb:
        patterns:
-          - "alibabacloud*"
-          - "chromadb"
-          - "clickhouse-*"
-          - "clickzetta-*"
-          - "couchbase"
-          - "elasticsearch"
-          - "opensearch-py"
-          - "oracledb"
-          - "pgvect*"
-          - "pymilvus"
-          - "pymochow"
-          - "pyobvector"
-          - "qdrant-client"
-          - "intersystems-*"
-          - "tablestore"
-          - "tcvectordb"
-          - "tidb-vector"
-          - "upstash-*"
-          - "volcengine-*"
-          - "weaviate-*"
-          - "xinference-*"
-          - "mo-vector"
-          - "mysql-connector-*"
+          - 'alibabacloud*'
+          - 'chromadb'
+          - 'clickhouse-*'
+          - 'clickzetta-*'
+          - 'couchbase'
+          - 'elasticsearch'
+          - 'opensearch-py'
+          - 'oracledb'
+          - 'pgvect*'
+          - 'pymilvus'
+          - 'pymochow'
+          - 'pyobvector'
+          - 'qdrant-client'
+          - 'intersystems-*'
+          - 'tablestore'
+          - 'tcvectordb'
+          - 'tidb-vector'
+          - 'upstash-*'
+          - 'volcengine-*'
+          - 'weaviate-*'
+          - 'xinference-*'
+          - 'mo-vector'
+          - 'mysql-connector-*'
      dev:
        patterns:
-          - "coverage"
-          - "dotenv-linter"
-          - "faker"
-          - "lxml-stubs"
-          - "basedpyright"
-          - "ruff"
-          - "pytest*"
-          - "types-*"
-          - "boto3-stubs"
-          - "hypothesis"
-          - "pandas-stubs"
-          - "scipy-stubs"
-          - "import-linter"
-          - "celery-types"
-          - "mypy*"
-          - "pyrefly"
+          - 'coverage'
+          - 'dotenv-linter'
+          - 'faker'
+          - 'lxml-stubs'
+          - 'basedpyright'
+          - 'ruff'
+          - 'pytest*'
+          - 'types-*'
+          - 'boto3-stubs'
+          - 'hypothesis'
+          - 'pandas-stubs'
+          - 'scipy-stubs'
+          - 'import-linter'
+          - 'celery-types'
+          - 'mypy*'
+          - 'pyrefly'
      python-packages:
        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
+          - '*'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
    open-pull-requests-limit: 5
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      github-actions-dependencies:
        patterns:
-          - "*"
-  - package-ecosystem: "uv"
-    directory: "/api"
-    target-branch: "lts/1.13.x"
+          - '*'
+  - package-ecosystem: 'uv'
+    directory: '/api'
+    target-branch: 'lts/1.13.x'
    open-pull-requests-limit: 10
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      flask:
        patterns:
-          - "flask"
-          - "flask-*"
-          - "werkzeug"
-          - "gunicorn"
+          - 'flask'
+          - 'flask-*'
+          - 'werkzeug'
+          - 'gunicorn'
      google:
        patterns:
-          - "google-*"
-          - "googleapis-*"
+          - 'google-*'
+          - 'googleapis-*'
      opentelemetry:
        patterns:
-          - "opentelemetry-*"
+          - 'opentelemetry-*'
      pydantic:
        patterns:
-          - "pydantic"
-          - "pydantic-*"
+          - 'pydantic'
+          - 'pydantic-*'
      llm:
        patterns:
-          - "langfuse"
-          - "langsmith"
-          - "litellm"
-          - "mlflow*"
-          - "opik"
-          - "weave*"
-          - "arize*"
-          - "tiktoken"
-          - "transformers"
+          - 'langfuse'
+          - 'langsmith'
+          - 'litellm'
+          - 'mlflow*'
+          - 'opik'
+          - 'weave*'
+          - 'arize*'
+          - 'tiktoken'
+          - 'transformers'
      database:
        patterns:
-          - "sqlalchemy"
-          - "psycopg2*"
-          - "psycogreen"
-          - "redis*"
-          - "alembic*"
+          - 'sqlalchemy'
+          - 'psycopg2*'
+          - 'psycogreen'
+          - 'redis*'
+          - 'alembic*'
      storage:
        patterns:
-          - "boto3*"
-          - "botocore*"
-          - "azure-*"
-          - "bce-*"
-          - "cos-python-*"
-          - "esdk-obs-*"
-          - "google-cloud-storage"
-          - "opendal"
-          - "oss2"
-          - "supabase*"
-          - "tos*"
+          - 'boto3*'
+          - 'botocore*'
+          - 'azure-*'
+          - 'bce-*'
+          - 'cos-python-*'
+          - 'esdk-obs-*'
+          - 'google-cloud-storage'
+          - 'opendal'
+          - 'oss2'
+          - 'supabase*'
+          - 'tos*'
      vdb:
        patterns:
-          - "alibabacloud*"
-          - "chromadb"
-          - "clickhouse-*"
-          - "clickzetta-*"
-          - "couchbase"
-          - "elasticsearch"
-          - "opensearch-py"
-          - "oracledb"
-          - "pgvect*"
-          - "pymilvus"
-          - "pymochow"
-          - "pyobvector"
-          - "qdrant-client"
-          - "intersystems-*"
-          - "tablestore"
-          - "tcvectordb"
-          - "tidb-vector"
-          - "upstash-*"
-          - "volcengine-*"
-          - "weaviate-*"
-          - "xinference-*"
-          - "mo-vector"
-          - "mysql-connector-*"
+          - 'alibabacloud*'
+          - 'chromadb'
+          - 'clickhouse-*'
+          - 'clickzetta-*'
+          - 'couchbase'
+          - 'elasticsearch'
+          - 'opensearch-py'
+          - 'oracledb'
+          - 'pgvect*'
+          - 'pymilvus'
+          - 'pymochow'
+          - 'pyobvector'
+          - 'qdrant-client'
+          - 'intersystems-*'
+          - 'tablestore'
+          - 'tcvectordb'
+          - 'tidb-vector'
+          - 'upstash-*'
+          - 'volcengine-*'
+          - 'weaviate-*'
+          - 'xinference-*'
+          - 'mo-vector'
+          - 'mysql-connector-*'
      dev:
        patterns:
-          - "coverage"
-          - "dotenv-linter"
-          - "faker"
-          - "lxml-stubs"
-          - "basedpyright"
-          - "ruff"
-          - "pytest*"
-          - "types-*"
-          - "boto3-stubs"
-          - "hypothesis"
-          - "pandas-stubs"
-          - "scipy-stubs"
-          - "import-linter"
-          - "celery-types"
-          - "mypy*"
-          - "pyrefly"
+          - 'coverage'
+          - 'dotenv-linter'
+          - 'faker'
+          - 'lxml-stubs'
+          - 'basedpyright'
+          - 'ruff'
+          - 'pytest*'
+          - 'types-*'
+          - 'boto3-stubs'
+          - 'hypothesis'
+          - 'pandas-stubs'
+          - 'scipy-stubs'
+          - 'import-linter'
+          - 'celery-types'
+          - 'mypy*'
+          - 'pyrefly'
      python-packages:
        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    target-branch: "lts/1.13.x"
+          - '*'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    target-branch: 'lts/1.13.x'
    open-pull-requests-limit: 5
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      github-actions-dependencies:
        patterns:
-          - "*"
+          - '*'
--- a/.github/linters/.hadolint.yaml
+++ b/.github/linters/.hadolint.yaml
@ -1 +1 @@
-failure-threshold: "error"
+failure-threshold: 'error'
--- a/.github/linters/.yaml-lint.yml
+++ b/.github/linters/.yaml-lint.yml
@ -1,5 +1,4 @@
 ---
-
 extends: default

 rules:
--- a/.github/linters/editorconfig-checker.json
+++ b/.github/linters/editorconfig-checker.json
@ -1,22 +1,22 @@
 {
-    "Verbose": false,
-    "Debug": false,
-    "IgnoreDefaults": false,
-    "SpacesAfterTabs": false,
-    "NoColor": false,
-    "Exclude": [
-        "^web/public/vs/",
-        "^web/public/pdf.worker.min.mjs$",
-        "web/app/components/base/icons/src/vender/"
-    ],
-    "AllowedContentTypes": [],
-    "PassedFiles": [],
-    "Disable": {
-        "EndOfLine": false,
-        "Indentation": false,
-        "IndentSize": true,
-        "InsertFinalNewline": false,
-        "TrimTrailingWhitespace": false,
-        "MaxLineLength": false
-    }
+  "Verbose": false,
+  "Debug": false,
+  "IgnoreDefaults": false,
+  "SpacesAfterTabs": false,
+  "NoColor": false,
+  "Exclude": [
+    "^web/public/vs/",
+    "^web/public/pdf.worker.min.mjs$",
+    "web/app/components/base/icons/src/vender/"
+  ],
+  "AllowedContentTypes": [],
+  "PassedFiles": [],
+  "Disable": {
+    "EndOfLine": false,
+    "Indentation": false,
+    "IndentSize": true,
+    "InsertFinalNewline": false,
+    "TrimTrailingWhitespace": false,
+    "MaxLineLength": false
+  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -12,8 +12,8 @@
 ## Screenshots

 | Before | After |
-|--------|-------|
-| ... | ... |
+| ------ | ----- |
+| ...    | ...   |

 ## Checklist

--- a/.github/scripts/generate-i18n-changes.mjs
+++ b/.github/scripts/generate-i18n-changes.mjs
@ -8,31 +8,31 @@ const headSha = process.env.HEAD_SHA || ''
 const files = (process.env.CHANGED_FILES || '').split(/\s+/).filter(Boolean)
 const outputPath = process.env.I18N_CHANGES_OUTPUT_PATH || '/tmp/i18n-changes.json'

-const englishPath = fileStem => path.join(repoRoot, 'web', 'i18n', 'en-US', `${fileStem}.json`)
+const englishPath = (fileStem) => path.join(repoRoot, 'web', 'i18n', 'en-US', `${fileStem}.json`)

 const readCurrentJson = (fileStem) => {
  const filePath = englishPath(fileStem)
-  if (!fs.existsSync(filePath))
-    return null
+  if (!fs.existsSync(filePath)) return null

  return JSON.parse(fs.readFileSync(filePath, 'utf8'))
 }

 const readBaseJson = (fileStem) => {
-  if (!baseSha)
-    return null
+  if (!baseSha) return null

  try {
    const relativePath = `web/i18n/en-US/${fileStem}.json`
-    const content = execFileSync('git', ['show', `${baseSha}:${relativePath}`], { encoding: 'utf8' })
+    const content = execFileSync('git', ['show', `${baseSha}:${relativePath}`], {
+      encoding: 'utf8',
+    })
    return JSON.parse(content)
-  }
-  catch {
+  } catch {
    return null
  }
 }

-const compareJson = (beforeValue, afterValue) => JSON.stringify(beforeValue) === JSON.stringify(afterValue)
+const compareJson = (beforeValue, afterValue) =>
+  JSON.stringify(beforeValue) === JSON.stringify(afterValue)

 const changes = {}

@ -59,8 +59,7 @@ for (const fileStem of files) {
  }

  for (const key of Object.keys(beforeJson)) {
-    if (!(key in afterJson))
-      deleted.push(key)
+    if (!(key in afterJson)) deleted.push(key)
  }

  changes[fileStem] = {
@ -78,5 +77,5 @@ fs.writeFileSync(
    headSha,
    files,
    changes,
-  })
+  }),
 )
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@ -25,17 +25,17 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
@ -87,17 +87,17 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
@ -142,16 +142,16 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -195,7 +195,7 @@ jobs:

      - name: Report coverage
        if: ${{ env.CODECOV_TOKEN != '' }}
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
        with:
          files: ./coverage.xml
          disable_search: true
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@ -1,12 +1,12 @@
 name: autofix.ci
 on:
  pull_request:
-    branches: ["main"]
+    branches: ['main']
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]
  push:
-    branches: ["main"]
+    branches: ['main']
 permissions:
  contents: read

@ -20,7 +20,7 @@ jobs:
        run: echo "autofix.ci updates pull request branches, not merge group refs."

      - if: github.event_name != 'merge_group'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Check Docker Compose inputs
        if: github.event_name != 'merge_group'
@ -44,6 +44,12 @@ jobs:
            pnpm-lock.yaml
            pnpm-workspace.yaml
            .nvmrc
+            vite.config.ts
+            eslint.config.mjs
+            web/eslint.config.mjs
+            .vscode/**
+            .github/workflows/autofix.yml
+            .github/workflows/style.yml
      - name: Check api inputs
        if: github.event_name != 'merge_group'
        id: api-changes
@ -63,10 +69,10 @@ jobs:
      - if: github.event_name != 'merge_group'
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
-          python-version: "3.11"
+          python-version: '3.11'

      - if: github.event_name != 'merge_group'
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0

      - name: Generate Docker Compose
        if: github.event_name != 'merge_group' && steps.docker-compose-changes.outputs.any_changed == 'true'
@ -146,6 +152,12 @@ jobs:
        if: github.event_name != 'merge_group' && steps.api-changes.outputs.any_changed == 'true'
        run: pnpm --dir packages/contracts gen-api-contract-from-openapi

+      - name: Format web files
+        if: github.event_name != 'merge_group' && steps.web-changes.outputs.any_changed == 'true'
+        env:
+          CHANGED_FILES: ${{ steps.web-changes.outputs.all_changed_files }}
+        run: vp fmt --no-error-on-unmatched-pattern $CHANGED_FILES
+
      - name: ESLint autofix
        if: github.event_name != 'merge_group' && steps.web-changes.outputs.any_changed == 'true'
        run: |
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@ -3,13 +3,14 @@ name: Build and Push API & Web
 on:
  push:
    branches:
-      - "main"
-      - "deploy/**"
-      - "build/**"
-      - "release/e-*"
-      - "hotfix/**"
+      - 'main'
+      - 'deploy/**'
+      - 'build/**'
+      - 'release/e-*'
+      - 'hotfix/**'
+      - 'feat/hitl-backend'
    tags:
-      - "*"
+      - '*'

 concurrency:
  group: build-push-${{ github.head_ref || github.run_id }}
@ -20,8 +21,6 @@ env:
  DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
  DIFY_WEB_IMAGE_NAME: ${{ vars.DIFY_WEB_IMAGE_NAME || 'langgenius/dify-web' }}
  DIFY_API_IMAGE_NAME: ${{ vars.DIFY_API_IMAGE_NAME || 'langgenius/dify-api' }}
-  DIFY_AGENT_IMAGE_NAME: ${{ vars.DIFY_AGENT_IMAGE_NAME || 'langgenius/dify-agent-backend' }}
-  DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME: ${{ vars.DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME || 'langgenius/dify-agent-local-sandbox' }}

 jobs:
  build:
@ -33,60 +32,32 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "build-api-amd64"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            artifact_context: "api"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
+          - service_name: 'build-api-amd64'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            artifact_context: 'api'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-api-arm64"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            artifact_context: "api"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
+          - service_name: 'build-api-arm64'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            artifact_context: 'api'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-web-amd64"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            artifact_context: "web"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'build-web-amd64'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            artifact_context: 'web'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-web-arm64"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            artifact_context: "web"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
-            platform: linux/arm64
-            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-agent-amd64"
-            image_name_env: "DIFY_AGENT_IMAGE_NAME"
-            artifact_context: "agent"
-            build_context: "{{defaultContext}}"
-            file: "dify-agent/Dockerfile"
-            platform: linux/amd64
-            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-agent-arm64"
-            image_name_env: "DIFY_AGENT_IMAGE_NAME"
-            artifact_context: "agent"
-            build_context: "{{defaultContext}}"
-            file: "dify-agent/Dockerfile"
-            platform: linux/arm64
-            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-agent-local-sandbox-amd64"
-            image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME"
-            artifact_context: "local-sandbox"
-            build_context: "{{defaultContext}}:dify-agent"
-            file: "docker/local-sandbox/Dockerfile"
-            platform: linux/amd64
-            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-agent-local-sandbox-arm64"
-            image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME"
-            artifact_context: "local-sandbox"
-            build_context: "{{defaultContext}}:dify-agent"
-            file: "docker/local-sandbox/Dockerfile"
+          - service_name: 'build-web-arm64'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            artifact_context: 'web'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4

@ -97,7 +68,7 @@ jobs:
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

      - name: Login to Docker Hub
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          username: ${{ env.DOCKERHUB_USER }}
          password: ${{ env.DOCKERHUB_TOKEN }}
@ -107,13 +78,13 @@ jobs:

      - name: Extract metadata for Docker
        id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: ${{ env[matrix.image_name_env] }}

      - name: Build Docker image
        id: build
-        uses: depot/build-push-action@98e78adca7817480b8185f474a400b451d74e287 # v1.18.0
+        uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
        with:
          project: ${{ vars.DEPOT_PROJECT_ID }}
          context: ${{ matrix.build_context }}
@ -145,24 +116,18 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "validate-api-amd64"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "validate-web-amd64"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
-          - service_name: "validate-agent-amd64"
-            build_context: "{{defaultContext}}"
-            file: "dify-agent/Dockerfile"
-          - service_name: "validate-agent-local-sandbox-amd64"
-            build_context: "{{defaultContext}}:dify-agent"
-            file: "docker/local-sandbox/Dockerfile"
+          - service_name: 'validate-api-amd64'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'validate-web-amd64'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Validate Docker image
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          push: false
          context: ${{ matrix.build_context }}
@ -176,18 +141,12 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "merge-api-images"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            context: "api"
-          - service_name: "merge-web-images"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            context: "web"
-          - service_name: "merge-agent-images"
-            image_name_env: "DIFY_AGENT_IMAGE_NAME"
-            context: "agent"
-          - service_name: "merge-agent-local-sandbox-images"
-            image_name_env: "DIFY_AGENT_LOCAL_SANDBOX_IMAGE_NAME"
-            context: "local-sandbox"
+          - service_name: 'merge-api-images'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            context: 'api'
+          - service_name: 'merge-web-images'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            context: 'web'
    steps:
      - name: Download digests
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
@ -197,14 +156,14 @@ jobs:
          merge-multiple: true

      - name: Login to Docker Hub
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          username: ${{ env.DOCKERHUB_USER }}
          password: ${{ env.DOCKERHUB_TOKEN }}

      - name: Extract metadata for Docker
        id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: ${{ env[matrix.image_name_env] }}
          tags: |
--- a/.github/workflows/cli-e2e.yml
+++ b/.github/workflows/cli-e2e.yml
@ -4,19 +4,19 @@ on:
  workflow_dispatch:
    inputs:
      cli_ref:
-        description: "Git ref (default: current branch)"
+        description: 'Git ref (default: current branch)'
        type: string
        required: false

      edition:
-        description: "Dify edition"
+        description: 'Dify edition'
        type: choice
        required: false
        default: ee
        options: [ee, ce]

      test_scope:
-        description: "smoke = [P0] only  /  full = all cases"
+        description: 'smoke = [P0] only  /  full = all cases'
        type: choice
        required: false
        default: full
@ -24,23 +24,23 @@ on:

      # ── Suite on/off ────────────────────────────────────────────────────────
      suite_framework_output_error:
-        description: "framework + output + error-handling suites"
+        description: 'framework + output + error-handling suites'
        type: boolean
        default: true
      suite_discovery:
-        description: "discovery suite (get app / describe app)"
+        description: 'discovery suite (get app / describe app)'
        type: boolean
        default: true
      suite_run:
-        description: "run suite (basic / streaming / conversation / file / hitl)"
+        description: 'run suite (basic / streaming / conversation / file / hitl)'
        type: boolean
        default: true
      suite_auth:
-        description: "auth suite (login / status / whoami / use / devices / logout)"
+        description: 'auth suite (login / status / whoami / use / devices / logout)'
        type: boolean
        default: true
      suite_agent:
-        description: "agent suite"
+        description: 'agent suite'
        type: boolean
        default: true

@ -51,35 +51,34 @@ permissions:
 # Each job reads DIFY_E2E_TOKEN + app IDs from the provision job outputs,
 # so global-setup skips minting and finds existing apps in < 10 s.
 env:
-  DIFY_E2E_NO_KEYRING: "1"   # Linux CI has no keychain; skip probe
-  VITEST_RETRY:        "2"    # Retry flaky staging responses
+  DIFY_E2E_NO_KEYRING: '1' # Linux CI has no keychain; skip probe
+  VITEST_RETRY: '2' # Retry flaky staging responses

 jobs:
-
-# ════════════════════════════════════════════════════════════════════════════
-# 0. PROVISION — mint token + import DSL fixtures (runs once, outputs IDs)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 0. PROVISION — mint token + import DSL fixtures (runs once, outputs IDs)
+  # ════════════════════════════════════════════════════════════════════════════
  provision:
-    name: "Provision: mint token + DSL apps"
+    name: 'Provision: mint token + DSL apps'
    runs-on: ubuntu-latest
    timeout-minutes: 10
    outputs:
-      token:                      ${{ steps.out.outputs.DIFY_E2E_TOKEN }}
-      workspace_id:               ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_ID }}
-      workspace_name:             ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_NAME }}
-      ws2_id:                     ${{ steps.out.outputs.DIFY_E2E_WS2_ID }}
-      chat_app_id:                ${{ steps.out.outputs.DIFY_E2E_CHAT_APP_ID }}
-      workflow_app_id:            ${{ steps.out.outputs.DIFY_E2E_WORKFLOW_APP_ID }}
-      file_app_id:                ${{ steps.out.outputs.DIFY_E2E_FILE_APP_ID }}
-      file_chat_app_id:           ${{ steps.out.outputs.DIFY_E2E_FILE_CHAT_APP_ID }}
-      hitl_app_id:                ${{ steps.out.outputs.DIFY_E2E_HITL_APP_ID }}
-      hitl_external_app_id:       ${{ steps.out.outputs.DIFY_E2E_HITL_EXTERNAL_APP_ID }}
-      hitl_single_action_app_id:  ${{ steps.out.outputs.DIFY_E2E_HITL_SINGLE_ACTION_APP_ID }}
-      hitl_multi_node_app_id:     ${{ steps.out.outputs.DIFY_E2E_HITL_MULTI_NODE_APP_ID }}
-      ws2_app_id:                 ${{ steps.out.outputs.DIFY_E2E_WS2_APP_ID }}
+      token: ${{ steps.out.outputs.DIFY_E2E_TOKEN }}
+      workspace_id: ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_ID }}
+      workspace_name: ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_NAME }}
+      ws2_id: ${{ steps.out.outputs.DIFY_E2E_WS2_ID }}
+      chat_app_id: ${{ steps.out.outputs.DIFY_E2E_CHAT_APP_ID }}
+      workflow_app_id: ${{ steps.out.outputs.DIFY_E2E_WORKFLOW_APP_ID }}
+      file_app_id: ${{ steps.out.outputs.DIFY_E2E_FILE_APP_ID }}
+      file_chat_app_id: ${{ steps.out.outputs.DIFY_E2E_FILE_CHAT_APP_ID }}
+      hitl_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_APP_ID }}
+      hitl_external_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_EXTERNAL_APP_ID }}
+      hitl_single_action_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_SINGLE_ACTION_APP_ID }}
+      hitl_multi_node_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_MULTI_NODE_APP_ID }}
+      ws2_app_id: ${{ steps.out.outputs.DIFY_E2E_WS2_APP_ID }}

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -88,7 +87,7 @@ jobs:
        with:
          bun-version: latest

-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with:
          package_json_field: packageManager
          run_install: false
@ -101,18 +100,18 @@ jobs:
        id: out
        working-directory: cli
        env:
-          DIFY_E2E_HOST:     ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:    ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_TOKEN:    ${{ secrets.DIFY_E2E_TOKEN }}
-          DIFY_E2E_EDITION:  ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ secrets.DIFY_E2E_TOKEN }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
        run: bun scripts/e2e-provision.ts

-# ════════════════════════════════════════════════════════════════════════════
-# 1-B. framework + output + error-handling (parallel with run/discovery)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-B. framework + output + error-handling (parallel with run/discovery)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-framework-output-error:
-    name: "Suite: framework + output + error-handling"
+    name: 'Suite: framework + output + error-handling'
    if: ${{ inputs.suite_framework_output_error != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -123,7 +122,7 @@ jobs:
        shell: bash

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -131,23 +130,23 @@ jobs:
      - uses: ./.github/actions/setup-web
      - uses: oven-sh/setup-bun@v2
        with: { bun-version: latest }
-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with: { package_json_field: packageManager, run_install: false }
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

      - name: Run framework + output + error-handling
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_CHAT_APP_ID:    ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/framework/**/*.e2e.ts,test/e2e/suites/output/**/*.e2e.ts,test/e2e/suites/error-handling/**/*.e2e.ts"
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/framework/**/*.e2e.ts,test/e2e/suites/output/**/*.e2e.ts,test/e2e/suites/error-handling/**/*.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -155,11 +154,11 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 1-C. Discovery (parallel)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-C. Discovery (parallel)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-discovery:
-    name: "Suite: discovery"
+    name: 'Suite: discovery'
    if: ${{ inputs.suite_discovery != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -170,7 +169,7 @@ jobs:
        shell: bash

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -178,24 +177,24 @@ jobs:
      - uses: ./.github/actions/setup-web
      - uses: oven-sh/setup-bun@v2
        with: { bun-version: latest }
-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with: { package_json_field: packageManager, run_install: false }
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

      - name: Run discovery suite
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:         ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_CHAT_APP_ID:    ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/discovery/**/*.e2e.ts"
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/discovery/**/*.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -203,11 +202,11 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 1-D. Run suite — 5 files in matrix (parallel)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-D. Run suite — 5 files in matrix (parallel)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-run:
-    name: "Suite: run / ${{ matrix.name }}"
+    name: 'Suite: run / ${{ matrix.name }}'
    if: ${{ inputs.suite_run != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -233,7 +232,7 @@ jobs:
        shell: bash

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -241,30 +240,30 @@ jobs:
      - uses: ./.github/actions/setup-web
      - uses: oven-sh/setup-bun@v2
        with: { bun-version: latest }
-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with: { package_json_field: packageManager, run_install: false }
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

-      - name: "Run run/${{ matrix.name }}"
+      - name: 'Run run/${{ matrix.name }}'
        env:
-          DIFY_E2E_HOST:                      ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:                     ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:                  ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:                   ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_SSO_TOKEN:                 ${{ secrets.DIFY_E2E_SSO_TOKEN }}
-          DIFY_E2E_TOKEN:                     ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:              ${{ needs.provision.outputs.workspace_id }}
-          DIFY_E2E_WORKSPACE_NAME:            ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_CHAT_APP_ID:               ${{ needs.provision.outputs.chat_app_id }}
-          DIFY_E2E_WORKFLOW_APP_ID:           ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_FILE_APP_ID:               ${{ needs.provision.outputs.file_app_id }}
-          DIFY_E2E_FILE_CHAT_APP_ID:          ${{ needs.provision.outputs.file_chat_app_id }}
-          DIFY_E2E_HITL_APP_ID:               ${{ needs.provision.outputs.hitl_app_id }}
-          DIFY_E2E_HITL_EXTERNAL_APP_ID:      ${{ needs.provision.outputs.hitl_external_app_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_SSO_TOKEN: ${{ secrets.DIFY_E2E_SSO_TOKEN }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
+          DIFY_E2E_FILE_APP_ID: ${{ needs.provision.outputs.file_app_id }}
+          DIFY_E2E_FILE_CHAT_APP_ID: ${{ needs.provision.outputs.file_chat_app_id }}
+          DIFY_E2E_HITL_APP_ID: ${{ needs.provision.outputs.hitl_app_id }}
+          DIFY_E2E_HITL_EXTERNAL_APP_ID: ${{ needs.provision.outputs.hitl_external_app_id }}
          DIFY_E2E_HITL_SINGLE_ACTION_APP_ID: ${{ needs.provision.outputs.hitl_single_action_app_id }}
-          DIFY_E2E_HITL_MULTI_NODE_APP_ID:    ${{ needs.provision.outputs.hitl_multi_node_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/run/${{ matrix.file }}"
+          DIFY_E2E_HITL_MULTI_NODE_APP_ID: ${{ needs.provision.outputs.hitl_multi_node_app_id }}
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/run/${{ matrix.file }}'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -274,17 +273,17 @@ jobs:

      - name: Upload results on failure
        if: failure()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v4
        with:
          name: e2e-run-${{ matrix.name }}-${{ github.run_id }}
          path: cli/test-results/
          retention-days: 3

-# ════════════════════════════════════════════════════════════════════════════
-# 1-E. auth/login + status + whoami (parallel, read-only, safe)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-E. auth/login + status + whoami (parallel, read-only, safe)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-auth-safe:
-    name: "Suite: auth (login / status / whoami)"
+    name: 'Suite: auth (login / status / whoami)'
    if: ${{ inputs.suite_auth != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -295,7 +294,7 @@ jobs:
        shell: bash

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -303,22 +302,22 @@ jobs:
      - uses: ./.github/actions/setup-web
      - uses: oven-sh/setup-bun@v2
        with: { bun-version: latest }
-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with: { package_json_field: packageManager, run_install: false }
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

      - name: Run auth/login + status + whoami
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:         ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/auth/login.e2e.ts,test/e2e/suites/auth/status.e2e.ts,test/e2e/suites/auth/whoami.e2e.ts"
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/auth/login.e2e.ts,test/e2e/suites/auth/status.e2e.ts,test/e2e/suites/auth/whoami.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -326,13 +325,13 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 2. DESTRUCTIVE — auth/use + devices + logout + agent (serial, runs LAST)
-#    Must wait for ALL parallel suites to finish to avoid token revocation
-#    invalidating other in-flight requests.
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 2. DESTRUCTIVE — auth/use + devices + logout + agent (serial, runs LAST)
+  #    Must wait for ALL parallel suites to finish to avoid token revocation
+  #    invalidating other in-flight requests.
+  # ════════════════════════════════════════════════════════════════════════════
  suite-last:
-    name: "Suite: auth-use + devices + logout + agent (last, serial)"
+    name: 'Suite: auth-use + devices + logout + agent (last, serial)'
    # Runs when auth is selected; also runs after all parallel jobs finish
    if: ${{ inputs.suite_auth != 'false' || inputs.suite_agent != 'false' }}
    needs:
@ -351,7 +350,7 @@ jobs:
        shell: bash

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
@ -359,27 +358,27 @@ jobs:
      - uses: ./.github/actions/setup-web
      - uses: oven-sh/setup-bun@v2
        with: { bun-version: latest }
-      - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
+      - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
        with: { package_json_field: packageManager, run_install: false }
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

      - name: Run use / devices / logout / agent (serial)
        env:
-          DIFY_E2E_HOST:                      ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:                     ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:                  ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:                   ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:                     ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:              ${{ needs.provision.outputs.workspace_id }}
-          DIFY_E2E_WORKSPACE_NAME:            ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:                    ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_CHAT_APP_ID:               ${{ needs.provision.outputs.chat_app_id }}
-          DIFY_E2E_WORKFLOW_APP_ID:           ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_HITL_APP_ID:               ${{ needs.provision.outputs.hitl_app_id }}
-          DIFY_E2E_HITL_EXTERNAL_APP_ID:      ${{ needs.provision.outputs.hitl_external_app_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
+          DIFY_E2E_HITL_APP_ID: ${{ needs.provision.outputs.hitl_app_id }}
+          DIFY_E2E_HITL_EXTERNAL_APP_ID: ${{ needs.provision.outputs.hitl_external_app_id }}
          DIFY_E2E_HITL_SINGLE_ACTION_APP_ID: ${{ needs.provision.outputs.hitl_single_action_app_id }}
-          DIFY_E2E_HITL_MULTI_NODE_APP_ID:    ${{ needs.provision.outputs.hitl_multi_node_app_id }}
+          DIFY_E2E_HITL_MULTI_NODE_APP_ID: ${{ needs.provision.outputs.hitl_multi_node_app_id }}
        run: |
          # Collect files in safe order: use → devices → logout (revokes last) → agent
          FILES=()
@ -408,7 +407,7 @@ jobs:

      - name: Upload results on failure
        if: failure()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v4
        with:
          name: e2e-last-${{ github.run_id }}
          path: cli/test-results/
--- a/.github/workflows/cli-edge.yml
+++ b/.github/workflows/cli-edge.yml
@ -1,74 +0,0 @@
-name: CLI Edge Publish
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - 'cli/**'
-      - 'packages/contracts/generated/api/openapi/**'
-  workflow_dispatch:
-
-concurrency:
-  group: difyctl-edge-publish
-  cancel-in-progress: false
-
-jobs:
-  publish:
-    name: build + publish edge to R2
-    runs-on: ${{ github.repository == 'langgenius/dify' && 'depot-ubuntu-24.04' || 'ubuntu-24.04' }}
-    if: vars.DIFYCTL_R2_BUCKET != ''
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./cli
-    steps:
-      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Enable cross-arch native prebuilds
-        working-directory: ./
-        run: cat cli/scripts/cross-arch.pnpm.yaml >> pnpm-workspace.yaml
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.2
-        with:
-          bun-version-file: cli/.bun-version
-
-      - name: Compute edge version
-        id: ver
-        run: echo "version=$(node scripts/release-naming.mjs edge-version "$(git rev-parse --short HEAD)")" >> "$GITHUB_OUTPUT"
-
-      - name: Compile standalone binaries (all targets, all-or-nothing)
-        run: |
-          CLI_VERSION="${{ steps.ver.outputs.version }}" \
-          DIFYCTL_CHANNEL=edge \
-          DIFYCTL_COMMIT="$(git rev-parse HEAD)" \
-          DIFYCTL_BUILD_DATE="$(git log -1 --format=%cI HEAD)" \
-            pnpm build:bin
-
-      - name: Generate sha256 checksums
-        run: CLI_VERSION="${{ steps.ver.outputs.version }}" scripts/release-write-checksums.sh
-
-      - name: Smoke the runner-arch binary
-        run: ./dist/bin/difyctl-v${{ steps.ver.outputs.version }}-linux-x64 version
-
-      - name: Publish to R2
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIFYCTL_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIFYCTL_R2_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: auto
-          AWS_REQUEST_CHECKSUM_CALCULATION: WHEN_REQUIRED
-          AWS_RESPONSE_CHECKSUM_VALIDATION: WHEN_REQUIRED
-          DIFYCTL_R2_S3_ENDPOINT: ${{ vars.DIFYCTL_R2_S3_ENDPOINT }}
-          DIFYCTL_R2_BUCKET: ${{ vars.DIFYCTL_R2_BUCKET }}
-          DIFYCTL_R2_PUBLIC_BASE: ${{ vars.DIFYCTL_R2_PUBLIC_BASE }}
-          DIFYCTL_COMMIT: ${{ github.sha }}
-        run: |
-          DIFYCTL_BUILD_DATE="$(git log -1 --format=%cI HEAD)" \
-            scripts/release-r2-publish.sh edge "${{ steps.ver.outputs.version }}"
--- a/.github/workflows/cli-release.yml
+++ b/.github/workflows/cli-release.yml
@ -35,7 +35,7 @@ jobs:
      dify_tag: ${{ steps.resolve.outputs.dify_tag }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -98,7 +98,7 @@ jobs:
      DIFY_TAG: ${{ needs.validate.outputs.dify_tag }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          fetch-depth: 1
--- a/.github/workflows/cli-smoke.yml
+++ b/.github/workflows/cli-smoke.yml
@ -4,11 +4,11 @@ on:
  workflow_dispatch:
    inputs:
      dify_version:
-        description: "Dify image tag to test against (e.g. 1.7.0)"
+        description: 'Dify image tag to test against (e.g. 1.7.0)'
        type: string
        required: true
      cli_ref:
-        description: "Git ref to build the cli from (default: current branch)"
+        description: 'Git ref to build the cli from (default: current branch)'
        type: string
        required: false

@ -24,7 +24,7 @@ jobs:
        shell: bash
    steps:
      - name: Checkout cli ref
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ inputs.cli_ref || github.ref }}
          persist-credentials: false
--- a/.github/workflows/cli-tests.yml
+++ b/.github/workflows/cli-tests.yml
@ -30,7 +30,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -51,7 +51,7 @@ jobs:

      - name: Report coverage
        if: ${{ env.CODECOV_TOKEN != '' && matrix.os == 'depot-ubuntu-24.04' }}
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          directory: cli/coverage
          flags: cli
--- a/.github/workflows/db-migration-test.yml
+++ b/.github/workflows/db-migration-test.yml
@ -13,16 +13,16 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -40,7 +40,7 @@ jobs:
          cp envs/middleware.env.example middleware.env

      - name: Set up Middlewares
-        uses: hoverkraft-tech/compose-action@11beaa1c2dae4e8ed7b1665aa074723b6cecb0e4 # v3.0.0
+        uses: hoverkraft-tech/compose-action@d2bee4f07e8ca410d6b196d00f90c12e7d48c33a # v2.6.0
        with:
          compose-file: |
            docker/docker-compose.middleware.yaml
@ -63,16 +63,16 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -94,7 +94,7 @@ jobs:
          sed -i 's/DB_USERNAME=postgres/DB_USERNAME=mysql/' middleware.env

      - name: Set up Middlewares
-        uses: hoverkraft-tech/compose-action@11beaa1c2dae4e8ed7b1665aa074723b6cecb0e4 # v3.0.0
+        uses: hoverkraft-tech/compose-action@d2bee4f07e8ca410d6b196d00f90c12e7d48c33a # v2.6.0
        with:
          compose-file: |
            docker/docker-compose.middleware.yaml
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@ -2,9 +2,9 @@ name: Deploy Dev

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/dev"
+      - 'deploy/dev'
    types:
      - completed

--- a/.github/workflows/deploy-enterprise.yml
+++ b/.github/workflows/deploy-enterprise.yml
@ -5,9 +5,9 @@ permissions:

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/enterprise"
+      - 'deploy/enterprise'
    types:
      - completed

--- a/.github/workflows/deploy-agent.yml
+++ b/.github/workflows/deploy-agent.yml
@ -1,13 +1,10 @@
-name: Deploy Agent
-
-permissions:
-  contents: read
+name: Deploy HITL

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/agent"
+      - 'build/feat/hitl'
    types:
      - completed

@ -16,13 +13,13 @@ jobs:
    runs-on: depot-ubuntu-24.04
    if: |
      github.event.workflow_run.conclusion == 'success' &&
-      github.event.workflow_run.head_branch == 'deploy/agent'
+      github.event.workflow_run.head_branch == 'build/feat/hitl'
    steps:
      - name: Deploy to server
        uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5
        with:
-          host: ${{ secrets.AGENT_SSH_HOST }}
+          host: ${{ secrets.HITL_SSH_HOST }}
          username: ${{ secrets.SSH_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
-            ${{ vars.SSH_SCRIPT_AGENT || secrets.SSH_SCRIPT_AGENT }}
+            ${{ vars.SSH_SCRIPT || secrets.SSH_SCRIPT }}
--- a/.github/workflows/deploy-saas.yml
+++ b/.github/workflows/deploy-saas.yml
@ -5,9 +5,9 @@ permissions:

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/saas"
+      - 'deploy/saas'
    types:
      - completed

--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@ -3,7 +3,7 @@ name: Build docker image
 on:
  pull_request:
    branches:
-      - "main"
+      - 'main'
    paths:
      - api/Dockerfile
      - api/Dockerfile.dockerignore
@ -28,32 +28,32 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "api-amd64"
+          - service_name: 'api-amd64'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "api-arm64"
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'api-arm64'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "web-amd64"
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'web-amd64'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
-          - service_name: "web-arm64"
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
+          - service_name: 'web-arm64'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Depot CLI
        uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1

      - name: Build Docker Image
-        uses: depot/build-push-action@98e78adca7817480b8185f474a400b451d74e287 # v1.18.0
+        uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
        with:
          project: ${{ vars.DEPOT_PROJECT_ID }}
          push: false
@ -69,18 +69,18 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "api-amd64"
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "web-amd64"
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'api-amd64'
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'web-amd64'
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Build Docker Image
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          push: false
          context: ${{ matrix.context }}
--- a/.github/workflows/hotfix-cherry-pick.yml
+++ b/.github/workflows/hotfix-cherry-pick.yml
@ -24,7 +24,7 @@ jobs:
    name: Require cherry-pick provenance
    runs-on: depot-ubuntu-24.04
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@ -1,4 +1,4 @@
-name: "Pull Request Labeler"
+name: 'Pull Request Labeler'
 on:
  pull_request_target:

--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@ -2,12 +2,12 @@ name: Main CI Pipeline

 on:
  pull_request:
-    branches: ["main"]
+    branches: ['main']
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]
  push:
-    branches: ["main"]
+    branches: ['main']

 permissions:
  actions: write
@ -48,7 +48,7 @@ jobs:
      vdb-changed: ${{ steps.changes.outputs.vdb }}
      migration-changed: ${{ steps.changes.outputs.migration }}
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: changes
        with:
--- a/.github/workflows/pyrefly-diff.yml
+++ b/.github/workflows/pyrefly-diff.yml
@ -17,12 +17,12 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout PR branch
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - name: Setup Python & UV
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true

--- a/.github/workflows/pyrefly-type-coverage-comment.yml
+++ b/.github/workflows/pyrefly-type-coverage-comment.yml
@ -21,10 +21,10 @@ jobs:
    if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.pull_requests[0].head.repo.full_name != github.repository }}
    steps:
      - name: Checkout default branch (trusted code)
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Setup Python & UV
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true

--- a/.github/workflows/pyrefly-type-coverage.yml
+++ b/.github/workflows/pyrefly-type-coverage.yml
@ -17,12 +17,12 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout PR branch
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - name: Setup Python & UV
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true

--- a/.github/workflows/semantic-pull-request.yml
+++ b/.github/workflows/semantic-pull-request.yml
@ -8,7 +8,7 @@ on:
      - reopened
      - synchronize
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]

 jobs:
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -11,20 +11,19 @@ on:

 jobs:
  stale:
-
    runs-on: depot-ubuntu-24.04
    permissions:
      issues: write
      pull-requests: write

    steps:
-      - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
        with:
          days-before-issue-stale: 15
          days-before-issue-close: 3
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: "Closed due to inactivity. If you have any questions, you can reopen it."
-          stale-pr-message: "Closed due to inactivity. If you have any questions, you can reopen it."
+          stale-issue-message: 'Closed due to inactivity. If you have any questions, you can reopen it.'
+          stale-pr-message: 'Closed due to inactivity. If you have any questions, you can reopen it.'
          stale-issue-label: 'no-issue-activity'
          stale-pr-label: 'no-pr-activity'
          any-of-labels: '🌚 invalid,🙋‍♂️ question,wont-fix,no-issue-activity,no-pr-activity,💪 enhancement,🤔 cant-reproduce,🙏 help wanted'
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@ -19,7 +19,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -33,10 +33,10 @@ jobs:

      - name: Setup UV and Python
        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: false
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -71,7 +71,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -105,10 +105,6 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        run: vp run knip

-      - name: Web dead code check production
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: vp run knip:production
-
  ts-common-style:
    name: TS Common
    runs-on: depot-ubuntu-24.04
@ -118,7 +114,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -136,7 +132,10 @@ jobs:
            pnpm-lock.yaml
            pnpm-workspace.yaml
            .nvmrc
+            vite.config.ts
            eslint.config.mjs
+            .vscode/**
+            .github/workflows/autofix.yml
            .github/workflows/style.yml
            .github/actions/setup-web/**

@ -144,6 +143,12 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        uses: ./.github/actions/setup-web

+      - name: Format check
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+        run: vp fmt --check --no-error-on-unmatched-pattern $CHANGED_FILES
+
      - name: Restore ESLint cache
        if: steps.changed-files.outputs.any_changed == 'true'
        id: eslint-cache-restore
@ -175,7 +180,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false
--- a/.github/workflows/tool-test-sdks.yaml
+++ b/.github/workflows/tool-test-sdks.yaml
@ -24,7 +24,7 @@ jobs:
        working-directory: sdks/nodejs-client

    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

--- a/.github/workflows/translate-i18n-claude.yml
+++ b/.github/workflows/translate-i18n-claude.yml
@ -40,7 +40,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
@ -158,7 +158,7 @@ jobs:

      - name: Run Claude Code for Translation Sync
        if: steps.context.outputs.CHANGED_FILES != ''
-        uses: anthropics/claude-code-action@806af32823ef69c8ef357086c573a902af641307 # v1.0.151
+        uses: anthropics/claude-code-action@1dc994ee7a008f0ecc866d9ac23ef036b7229f84 # v1.0.127
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/trigger-i18n-sync.yml
+++ b/.github/workflows/trigger-i18n-sync.yml
@ -21,7 +21,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

--- a/.github/workflows/vdb-tests-full.yml
+++ b/.github/workflows/vdb-tests-full.yml
@ -20,11 +20,11 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -36,7 +36,7 @@ jobs:
          remove_tool_cache: true

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
@ -48,16 +48,16 @@ jobs:
      - name: Install dependencies
        run: uv sync --project api --dev

-#      - name: Set up Vector Store (TiDB)
-#        uses: hoverkraft-tech/compose-action@v2.0.2
-#        with:
-#          compose-file: docker/tidb/docker-compose.yaml
-#          services: |
-#            tidb
-#            tiflash
+      #      - name: Set up Vector Store (TiDB)
+      #        uses: hoverkraft-tech/compose-action@v2.0.2
+      #        with:
+      #          compose-file: docker/tidb/docker-compose.yaml
+      #          services: |
+      #            tidb
+      #            tiflash

-#      - name: Check VDB Ready (TiDB)
-#        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py
+      #      - name: Check VDB Ready (TiDB)
+      #        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py

      - name: Test Vector Stores
        run: |
--- a/.github/workflows/vdb-tests.yml
+++ b/.github/workflows/vdb-tests.yml
@ -17,11 +17,11 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -33,7 +33,7 @@ jobs:
          remove_tool_cache: true

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
          python-version: ${{ matrix.python-version }}
@ -45,16 +45,16 @@ jobs:
      - name: Install dependencies
        run: uv sync --project api --dev

-#      - name: Set up Vector Store (TiDB)
-#        uses: hoverkraft-tech/compose-action@v2.0.2
-#        with:
-#          compose-file: docker/tidb/docker-compose.yaml
-#          services: |
-#            tidb
-#            tiflash
+      #      - name: Set up Vector Store (TiDB)
+      #        uses: hoverkraft-tech/compose-action@v2.0.2
+      #        with:
+      #          compose-file: docker/tidb/docker-compose.yaml
+      #          services: |
+      #            tidb
+      #            tiflash

-#      - name: Check VDB Ready (TiDB)
-#        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py
+      #      - name: Check VDB Ready (TiDB)
+      #        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py

      - name: Test Vector Stores
        run: |
--- a/.github/workflows/web-e2e.yml
+++ b/.github/workflows/web-e2e.yml
@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -28,10 +28,10 @@ jobs:
        uses: ./.github/actions/setup-web

      - name: Setup UV and Python
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install API dependencies
@ -47,7 +47,7 @@ jobs:
          E2E_ADMIN_EMAIL: e2e-admin@example.com
          E2E_ADMIN_NAME: E2E Admin
          E2E_ADMIN_PASSWORD: E2eAdmin12345
-          E2E_FORCE_WEB_BUILD: "1"
+          E2E_FORCE_WEB_BUILD: '1'
          E2E_INIT_PASSWORD: E2eInit12345
        run: vp run e2e:full

--- a/.github/workflows/web-tests.yml
+++ b/.github/workflows/web-tests.yml
@ -31,7 +31,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -64,7 +64,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -83,7 +83,7 @@ jobs:

      - name: Report coverage
        if: ${{ env.CODECOV_TOKEN != '' }}
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
        with:
          directory: web/coverage
          flags: web
@ -102,7 +102,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -113,36 +113,13 @@ jobs:
        run: vp exec playwright install --with-deps chromium

      - name: Run dify-ui tests
-        run: vp test run --project unit --coverage --silent=passed-only
+        run: vp test run --coverage --silent=passed-only

      - name: Report coverage
        if: ${{ env.CODECOV_TOKEN != '' }}
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
        with:
          directory: packages/dify-ui/coverage
          flags: dify-ui
        env:
          CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
-
-  dify-ui-storybook-test:
-    name: dify-ui Storybook Tests
-    runs-on: depot-ubuntu-24.04-4
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./packages/dify-ui
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Install Chromium for Browser Mode
-        run: vp exec playwright install --with-deps chromium
-
-      - name: Run dify-ui Storybook tests
-        run: vp run test:storybook
--- a/.vscode/settings.example.json
+++ b/.vscode/settings.example.json
@ -1,31 +1,17 @@
 {
-  "cucumber.features": [
-    "e2e/features/**/*.feature",
-  ],
-  "cucumber.glue": [
-    "e2e/features/**/*.ts",
-  ],
+  "cucumber.features": ["e2e/features/**/*.feature"],
+  "cucumber.glue": ["e2e/features/**/*.ts"],

  "tailwindCSS.experimental.configFile": "web/app/styles/globals.css",

-  // Auto fix
-  "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": "explicit",
-  },
+  // Format
+  "editor.formatOnSave": true,
+  "oxc.fmt.configPath": "./vite.config.ts",

-  // Silent the stylistic rules in your IDE, but still auto fix them
-  "eslint.rules.customizations": [
-    { "rule": "style/*", "severity": "off", "fixable": true },
-    { "rule": "format/*", "severity": "off", "fixable": true },
-    { "rule": "*-indent", "severity": "off", "fixable": true },
-    { "rule": "*-spacing", "severity": "off", "fixable": true },
-    { "rule": "*-spaces", "severity": "off", "fixable": true },
-    { "rule": "*-order", "severity": "off", "fixable": true },
-    { "rule": "*-dangle", "severity": "off", "fixable": true },
-    { "rule": "*-newline", "severity": "off", "fixable": true },
-    { "rule": "*quotes", "severity": "off", "fixable": true },
-    { "rule": "*semi", "severity": "off", "fixable": true }
-  ],
+  // Lint fix
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit"
+  },

  // Enable eslint for all supported languages
  "eslint.validate": [
--- a/AGENTS.md
+++ b/AGENTS.md
@ -31,7 +31,7 @@ The codebase is split into:
 ## Language Style

 - **Python**: Keep type hints on functions and attributes, and implement relevant special methods (e.g., `__repr__`, `__str__`). Prefer `TypedDict` over `dict` or `Mapping` for type safety and better code documentation.
- **TypeScript**: Use the strict config, rely on ESLint (`pnpm lint:fix` preferred) plus `pnpm type-check`, and avoid `any` types.
+- **TypeScript**: Use the strict config, rely on `vp fmt` for formatting, ESLint for lint-only fixes, plus `pnpm type-check`, and avoid `any` types.

 ## General Practices

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -34,11 +34,11 @@ Don't forget to link an existing issue or open a new issue in the PR's descripti

 How we prioritize:

-| Issue Type | Priority |
-| ------------------------------------------------------------ | --------------- |
-| Bugs in core functions (cloud service, cannot login, applications not working, security loopholes) | Critical |
-| Non-critical bugs, performance boosts | Medium Priority |
-| Minor fixes (typos, confusing but working UI) | Low Priority |
+| Issue Type                                                                                         | Priority        |
+| -------------------------------------------------------------------------------------------------- | --------------- |
+| Bugs in core functions (cloud service, cannot login, applications not working, security loopholes) | Critical        |
+| Non-critical bugs, performance boosts                                                              | Medium Priority |
+| Minor fixes (typos, confusing but working UI)                                                      | Low Priority    |

 ### Feature requests

@ -52,12 +52,12 @@ How we prioritize:

 How we prioritize:

-| Feature Type | Priority |
-| ------------------------------------------------------------ | --------------- |
-| High-Priority Features as being labeled by a team member | High Priority |
+| Feature Type                                                                                                                      | Priority        |
+| --------------------------------------------------------------------------------------------------------------------------------- | --------------- |
+| High-Priority Features as being labeled by a team member                                                                          | High Priority   |
 | Popular feature requests from our [community feedback board](https://github.com/langgenius/dify/discussions/categories/feedbacks) | Medium Priority |
-| Non-core features and minor enhancements | Low Priority |
-| Valuable but not immediate | Future-Feature |
+| Non-core features and minor enhancements                                                                                          | Low Priority    |
+| Valuable but not immediate                                                                                                        | Future-Feature  |

 ## Submitting your PR

--- a/api/.env.example
+++ b/api/.env.example
@ -768,16 +768,9 @@ EVENT_BUS_REDIS_CHANNEL_TYPE=pubsub
 # Whether to use Redis cluster mode while use redis as event bus.
 #  It's highly recommended to enable this for large deployments.
 EVENT_BUS_REDIS_USE_CLUSTERS=false
+EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS=2000

 # Whether to Enable human input timeout check task
 ENABLE_HUMAN_INPUT_TIMEOUT_TASK=true
 # Human input timeout check interval in minutes
 HUMAN_INPUT_TIMEOUT_TASK_INTERVAL=1
-
-# Nacos remote settings source HTTP timeouts (seconds).
-# Bound how long requests to the Nacos endpoint wait before failing, so a slow or
-# unresponsive Nacos server cannot stall API startup or token refresh.
-# Read timeout for Nacos requests (default: 10.0)
-DIFY_ENV_NACOS_REQUEST_TIMEOUT=10.0
-# Connect timeout for Nacos requests (default: 3.0)
-DIFY_ENV_NACOS_CONNECT_TIMEOUT=3.0
--- a/api/clients/agent_backend/init.py
+++ b/api/clients/agent_backend/init.py
@ -33,7 +33,6 @@ from clients.agent_backend.fake_client import FakeAgentBackendRunClient, FakeAge
 from clients.agent_backend.request_builder import (
    AGENT_SOUL_PROMPT_LAYER_ID,
    DIFY_EXECUTION_CONTEXT_LAYER_ID,
-    DIFY_KNOWLEDGE_BASE_LAYER_ID,
    DIFY_PLUGIN_TOOLS_LAYER_ID,
    WORKFLOW_NODE_JOB_PROMPT_LAYER_ID,
    WORKFLOW_USER_PROMPT_LAYER_ID,
@ -48,7 +47,6 @@ from clients.agent_backend.request_builder import (
 __all__ = [
    "AGENT_SOUL_PROMPT_LAYER_ID",
    "DIFY_EXECUTION_CONTEXT_LAYER_ID",
-    "DIFY_KNOWLEDGE_BASE_LAYER_ID",
    "DIFY_PLUGIN_TOOLS_LAYER_ID",
    "WORKFLOW_NODE_JOB_PROMPT_LAYER_ID",
    "WORKFLOW_USER_PROMPT_LAYER_ID",
--- a/api/clients/agent_backend/request_builder.py
+++ b/api/clients/agent_backend/request_builder.py
@ -19,7 +19,6 @@ from agenton.compositor.schemas import LayerSessionSnapshot
 from agenton.layers import ExitIntent
 from agenton_collections.layers.plain import PLAIN_PROMPT_LAYER_TYPE_ID, PromptLayerConfig
 from agenton_collections.layers.pydantic_ai import PYDANTIC_AI_HISTORY_LAYER_TYPE_ID
-from dify_agent.layers.ask_human import DIFY_ASK_HUMAN_LAYER_TYPE_ID, DifyAskHumanLayerConfig
 from dify_agent.layers.dify_plugin import (
    DIFY_PLUGIN_LLM_LAYER_TYPE_ID,
    DIFY_PLUGIN_TOOLS_LAYER_TYPE_ID,
@ -32,7 +31,6 @@ from dify_agent.layers.execution_context import (
    DIFY_EXECUTION_CONTEXT_LAYER_TYPE_ID,
    DifyExecutionContextLayerConfig,
 )
-from dify_agent.layers.knowledge import DIFY_KNOWLEDGE_BASE_LAYER_TYPE_ID, DifyKnowledgeBaseLayerConfig
 from dify_agent.layers.output import DIFY_OUTPUT_LAYER_TYPE_ID, DifyOutputLayerConfig
 from dify_agent.layers.shell import DIFY_SHELL_LAYER_TYPE_ID, DifyShellLayerConfig
 from dify_agent.protocol import (
@ -40,7 +38,6 @@ from dify_agent.protocol import (
    DIFY_AGENT_MODEL_LAYER_ID,
    DIFY_AGENT_OUTPUT_LAYER_ID,
    CreateRunRequest,
-    DeferredToolResultsPayload,
    LayerExitSignals,
    RunComposition,
    RunLayerSpec,
@ -56,8 +53,6 @@ AGENT_APP_USER_PROMPT_LAYER_ID = "agent_app_user_prompt"
 DIFY_EXECUTION_CONTEXT_LAYER_ID = "execution_context"
 DIFY_DRIVE_LAYER_ID = "drive"
 DIFY_PLUGIN_TOOLS_LAYER_ID = "tools"
-DIFY_KNOWLEDGE_BASE_LAYER_ID = "knowledge"
-DIFY_ASK_HUMAN_LAYER_ID = "ask_human"
 DIFY_SHELL_LAYER_ID = "shell"


@ -78,13 +73,6 @@ def _filter_snapshot_to_specs(
    return CompositorSessionSnapshot(schema_version=snapshot.schema_version, layers=filtered_layers)


-def _shell_layer_deps(*, include_drive: bool) -> dict[str, str]:
-    deps = {"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID}
-    if include_drive:
-        deps["drive"] = DIFY_DRIVE_LAYER_ID
-    return deps
-
-
 class AgentBackendModelConfig(BaseModel):
    """API-side model/plugin selection before it is converted to Dify Agent layers."""

@ -148,22 +136,14 @@ class AgentBackendWorkflowNodeRunInput(BaseModel):
    idempotency_key: str | None = None
    output: AgentBackendOutputConfig | None = None
    tools: DifyPluginToolsLayerConfig | None = None
-    knowledge: DifyKnowledgeBaseLayerConfig | None = None
    # Drive Skills & Files declaration (dify.drive) — an index the agent pulls
    # through the back proxy, never inline content; see AGENT_DRIVE_MANIFEST_ENABLED.
    drive_config: DifyDriveLayerConfig | None = None
-    # Human-in-the-loop ask_human deferred tool (dify.ask_human). Present only when
-    # the Agent Soul configures human involvement; a deferred call ends the run and
-    # the workflow pauses via the existing HITL form mechanism (ENG-635).
-    ask_human_config: DifyAskHumanLayerConfig | None = None
    # Inject the sandboxed shell layer (dify.shell). Requires the agent backend
    # to be wired with a shellctl entrypoint; see configs AGENT_SHELL_ENABLED.
    include_shell: bool = False
    shell_config: DifyShellLayerConfig | None = None
    session_snapshot: CompositorSessionSnapshot | None = None
-    # Human tool results fed back into a continuation run after a HITL submission
-    # (ENG-638). Keyed by the original deferred tool_call_id.
-    deferred_tool_results: DeferredToolResultsPayload | None = None
    include_history: bool = True
    suspend_on_exit: bool = True
    metadata: dict[str, JsonValue] = Field(default_factory=dict)
@ -195,21 +175,14 @@ class AgentBackendAgentAppRunInput(BaseModel):
    idempotency_key: str | None = None
    output: AgentBackendOutputConfig | None = None
    tools: DifyPluginToolsLayerConfig | None = None
-    knowledge: DifyKnowledgeBaseLayerConfig | None = None
    # Drive Skills & Files declaration (dify.drive) — an index the agent pulls
    # through the back proxy, never inline content; see AGENT_DRIVE_MANIFEST_ENABLED.
    drive_config: DifyDriveLayerConfig | None = None
-    # Human-in-the-loop ask_human deferred tool (dify.ask_human). Present only when
-    # the Agent Soul configures human involvement (ENG-635).
-    ask_human_config: DifyAskHumanLayerConfig | None = None
    # Inject the sandboxed shell layer (dify.shell). Requires the agent backend
    # to be wired with a shellctl entrypoint; see configs AGENT_SHELL_ENABLED.
    include_shell: bool = False
    shell_config: DifyShellLayerConfig | None = None
    session_snapshot: CompositorSessionSnapshot | None = None
-    # Human tool results fed back into a continuation run after a HITL submission
-    # (ENG-638). Keyed by the original deferred tool_call_id.
-    deferred_tool_results: DeferredToolResultsPayload | None = None
    include_history: bool = True
    suspend_on_exit: bool = True
    metadata: dict[str, JsonValue] = Field(default_factory=dict)
@ -232,7 +205,7 @@ class AgentBackendRunRequestBuilder:

        Layer graph: optional Agent Soul system prompt → user prompt →
        execution context → optional history (multi-turn) → LLM → optional
-        plugin tools / knowledge search → optional structured output. Mirrors the workflow-node
+        plugin tools → optional structured output. Mirrors the workflow-node
        layer ordering minus the workflow-job / previous-node prompt.
        """
        layers: list[RunLayerSpec] = []
@ -270,7 +243,6 @@ class AgentBackendRunRequestBuilder:
                RunLayerSpec(
                    name=DIFY_DRIVE_LAYER_ID,
                    type=DIFY_DRIVE_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
                    metadata=run_input.metadata,
                    config=run_input.drive_config,
                )
@ -312,40 +284,15 @@ class AgentBackendRunRequestBuilder:
                )
            )

-        if run_input.knowledge is not None and run_input.knowledge.sets:
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_KNOWLEDGE_BASE_LAYER_ID,
-                    type=DIFY_KNOWLEDGE_BASE_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
-                    metadata=run_input.metadata,
-                    config=run_input.knowledge,
-                )
-            )
-
-        if run_input.ask_human_config is not None:
-            # Human-in-the-loop ask_human deferred tool (dify.ask_human). A call ends
-            # the run with a deferred_tool_call; the caller pauses (workflow HITL) and
-            # later resumes with deferred_tool_results. Needs the history layer above.
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_ASK_HUMAN_LAYER_ID,
-                    type=DIFY_ASK_HUMAN_LAYER_TYPE_ID,
-                    metadata=run_input.metadata,
-                    config=run_input.ask_human_config,
-                )
-            )
-
        if run_input.include_shell:
-            # Sandboxed bash workspace (dify.shell). Depends on execution_context
-            # so the agent server can mint per-command Agent Stub env, and on
-            # drive when present so that env points at /mnt/drive/<drive_ref>.
+            # Sandboxed bash workspace (dify.shell). Depends on execution_context so
+            # the agent server can mint per-command Agent Stub env (back proxy);
            # shellctl connection itself is server-injected.
            layers.append(
                RunLayerSpec(
                    name=DIFY_SHELL_LAYER_ID,
                    type=DIFY_SHELL_LAYER_TYPE_ID,
-                    deps=_shell_layer_deps(include_drive=run_input.drive_config is not None),
+                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
                    metadata=run_input.metadata,
                    config=run_input.shell_config or DifyShellLayerConfig(),
                )
@ -371,7 +318,6 @@ class AgentBackendRunRequestBuilder:
            idempotency_key=run_input.idempotency_key,
            metadata=run_input.metadata,
            session_snapshot=run_input.session_snapshot,
-            deferred_tool_results=run_input.deferred_tool_results,
            on_exit=LayerExitSignals(
                default=ExitIntent.SUSPEND if run_input.suspend_on_exit else ExitIntent.DELETE,
            ),
@ -422,12 +368,7 @@ class AgentBackendRunRequestBuilder:
        )

    def build_for_workflow_node(self, run_input: AgentBackendWorkflowNodeRunInput) -> CreateRunRequest:
-        """Build a workflow Agent Node run request without defining another wire schema.
-
-        Layer graph mirrors the workflow surface: prompts → execution context →
-        optional drive/history → LLM → optional plugin tools / knowledge search
-        → optional auxiliary layers such as ask_human, shell, and structured output.
-        """
+        """Build a workflow Agent Node run request without defining another wire schema."""
        layers: list[RunLayerSpec] = []
        if run_input.agent_soul_prompt:
            layers.append(
@ -469,7 +410,6 @@ class AgentBackendRunRequestBuilder:
                RunLayerSpec(
                    name=DIFY_DRIVE_LAYER_ID,
                    type=DIFY_DRIVE_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
                    metadata=run_input.metadata,
                    config=run_input.drive_config,
                )
@ -513,40 +453,15 @@ class AgentBackendRunRequestBuilder:
                )
            )

-        if run_input.knowledge is not None and run_input.knowledge.sets:
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_KNOWLEDGE_BASE_LAYER_ID,
-                    type=DIFY_KNOWLEDGE_BASE_LAYER_TYPE_ID,
-                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
-                    metadata=run_input.metadata,
-                    config=run_input.knowledge,
-                )
-            )
-
-        if run_input.ask_human_config is not None:
-            # Human-in-the-loop ask_human deferred tool (dify.ask_human). A call ends
-            # the run with a deferred_tool_call; the caller pauses (workflow HITL) and
-            # later resumes with deferred_tool_results. Needs the history layer above.
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_ASK_HUMAN_LAYER_ID,
-                    type=DIFY_ASK_HUMAN_LAYER_TYPE_ID,
-                    metadata=run_input.metadata,
-                    config=run_input.ask_human_config,
-                )
-            )
-
        if run_input.include_shell:
-            # Sandboxed bash workspace (dify.shell). Depends on execution_context
-            # so the agent server can mint per-command Agent Stub env, and on
-            # drive when present so that env points at /mnt/drive/<drive_ref>.
+            # Sandboxed bash workspace (dify.shell). Depends on execution_context so
+            # the agent server can mint per-command Agent Stub env (back proxy);
            # shellctl connection itself is server-injected.
            layers.append(
                RunLayerSpec(
                    name=DIFY_SHELL_LAYER_ID,
                    type=DIFY_SHELL_LAYER_TYPE_ID,
-                    deps=_shell_layer_deps(include_drive=run_input.drive_config is not None),
+                    deps={"execution_context": DIFY_EXECUTION_CONTEXT_LAYER_ID},
                    metadata=run_input.metadata,
                    config=run_input.shell_config or DifyShellLayerConfig(),
                )
@ -572,7 +487,6 @@ class AgentBackendRunRequestBuilder:
            idempotency_key=run_input.idempotency_key,
            metadata=run_input.metadata,
            session_snapshot=run_input.session_snapshot,
-            deferred_tool_results=run_input.deferred_tool_results,
            on_exit=LayerExitSignals(
                default=ExitIntent.SUSPEND if run_input.suspend_on_exit else ExitIntent.DELETE,
            ),
--- a/api/commands/init.py
+++ b/api/commands/init.py
@ -11,7 +11,6 @@ from .data_migration import (
    migration_data_wizard,
 )
 from .plugin import (
-    backfill_plugin_auto_upgrade,
    extract_plugins,
    extract_unique_plugins,
    install_plugins,
@ -22,10 +21,8 @@ from .plugin import (
    setup_system_trigger_oauth_client,
    transform_datasource_credentials,
 )
-from .rbac import migrate_member_roles_to_rbac
 from .retention import (
    archive_workflow_runs,
-    archive_workflow_runs_plan,
    clean_expired_messages,
    clean_workflow_runs,
    cleanup_orphaned_draft_variables,
@ -52,8 +49,6 @@ from .vector import (
 __all__ = [
    "add_qdrant_index",
    "archive_workflow_runs",
-    "archive_workflow_runs_plan",
-    "backfill_plugin_auto_upgrade",
    "clean_expired_messages",
    "clean_workflow_runs",
    "cleanup_orphaned_draft_variables",
@ -77,7 +72,6 @@ __all__ = [
    "migrate_annotation_vector_database",
    "migrate_data_for_plugin",
    "migrate_knowledge_vector_database",
-    "migrate_member_roles_to_rbac",
    "migrate_oss",
    "migration_data_wizard",
    "old_metadata_migration",
--- a/api/commands/account.py
+++ b/api/commands/account.py
@ -25,7 +25,7 @@ def reset_password(email, new_password, password_confirm):
        return
    normalized_email = email.strip().lower()

-    account = AccountService.get_account_by_email_with_case_fallback(db.session, email.strip())
+    account = AccountService.get_account_by_email_with_case_fallback(email.strip())

    if not account:
        click.echo(click.style(f"Account not found for email: {email}", fg="red"))
@ -67,7 +67,7 @@ def reset_email(email, new_email, email_confirm):
        return
    normalized_new_email = new_email.strip().lower()

-    account = AccountService.get_account_by_email_with_case_fallback(db.session, email.strip())
+    account = AccountService.get_account_by_email_with_case_fallback(email.strip())

    if not account:
        click.echo(click.style(f"Account not found for email: {email}", fg="red"))
@ -133,9 +133,8 @@ def create_tenant(email: str, language: str | None = None, name: str | None = No
        password=new_password,
        language=language,
        create_workspace_required=False,
-        session=db.session,
    )
-    TenantService.create_owner_tenant_if_not_exist(account, name, session=db.session)
+    TenantService.create_owner_tenant_if_not_exist(account, name)

    click.echo(
        click.style(
--- a/api/commands/plugin.py
+++ b/api/commands/plugin.py
@ -1,11 +1,10 @@
 import json
 import logging
-import time
 from typing import Any, cast

 import click
 from pydantic import TypeAdapter
-from sqlalchemy import delete, func, select
+from sqlalchemy import delete, select
 from sqlalchemy.engine import CursorResult

 from configs import dify_config
@ -16,13 +15,11 @@ from core.plugin.plugin_service import PluginService
 from core.tools.utils.system_encryption import encrypt_system_params
 from extensions.ext_database import db
 from models import Tenant
-from models.account import TenantPluginAutoUpgradeStrategy
 from models.oauth import DatasourceOauthParamConfig, DatasourceProvider
 from models.provider_ids import DatasourceProviderID, ToolProviderID
 from models.source import DataSourceApiKeyAuthBinding, DataSourceOauthBinding
 from models.tools import ToolOAuthSystemClient
 from services.plugin.data_migration import PluginDataMigration
-from services.plugin.plugin_auto_upgrade_service import PluginAutoUpgradeService
 from services.plugin.plugin_migration import PluginMigration

 logger = logging.getLogger(__name__)
@ -405,110 +402,6 @@ def migrate_data_for_plugin():
    click.echo(click.style("Migrate data for plugin completed.", fg="green"))


-def _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit: int | None = None):
-    category_count = len(TenantPluginAutoUpgradeStrategy.PluginCategory)
-    stmt = (
-        select(TenantPluginAutoUpgradeStrategy.tenant_id)
-        .group_by(TenantPluginAutoUpgradeStrategy.tenant_id)
-        .having(func.count(func.distinct(TenantPluginAutoUpgradeStrategy.category)) < category_count)
-        .order_by(TenantPluginAutoUpgradeStrategy.tenant_id)
-    )
-
-    if limit is not None:
-        stmt = stmt.limit(limit)
-
-    return stmt
-
-
-def _count_auto_upgrade_strategy_tenant_ids(limit: int | None) -> int:
-    candidate_stmt = _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit).subquery()
-    return db.session.scalar(select(func.count()).select_from(candidate_stmt)) or 0
-
-
-def _iter_auto_upgrade_strategy_tenant_ids(limit: int | None):
-    stmt = _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit).execution_options(yield_per=1000)
-    yield from db.session.scalars(stmt)
-
-
-@click.command(
-    "backfill-plugin-auto-upgrade",
-    help="Backfill category-scoped plugin auto-upgrade strategies and normalize plugin lists.",
-)
-@click.option("--tenant-id", multiple=True, help="Tenant ID to backfill. Can be passed multiple times.")
-@click.option("--limit", type=int, default=None, help="Maximum number of candidate tenants to process.")
-@click.option("--batch-size", type=int, default=500, show_default=True, help="Progress reporting batch size.")
-@click.option("--dry-run", is_flag=True, help="Only print candidate tenant count.")
-def backfill_plugin_auto_upgrade(
-    tenant_id: tuple[str, ...],
-    limit: int | None,
-    batch_size: int,
-    dry_run: bool,
-):
-    """
-    Backfill historical auto-upgrade strategies after the category column exists.
-
-    Missing category rows are created from the tenant's tool/default row. Pure default
-    strategies become latest for model plugins and fix-only for all other categories.
-    Tenants with include/exclude plugin IDs are split
-    by installed plugin category using plugin daemon metadata.
-    """
-    start_at = time.perf_counter()
-    candidate_count = len(tenant_id) if tenant_id else _count_auto_upgrade_strategy_tenant_ids(limit)
-    click.echo(click.style(f"Found {candidate_count} candidate tenants.", fg="yellow"))
-
-    if dry_run:
-        elapsed = time.perf_counter() - start_at
-        click.echo(click.style(f"Dry run completed. elapsed={elapsed:.2f}s", fg="green"))
-        return
-
-    tenant_ids = list(tenant_id) if tenant_id else _iter_auto_upgrade_strategy_tenant_ids(limit)
-
-    backfilled_count = 0
-    created_count = 0
-    normalized_count = 0
-    skipped_count = 0
-    failed_count = 0
-    for index, current_tenant_id in enumerate(tenant_ids, start=1):
-        try:
-            result = PluginAutoUpgradeService.backfill_strategy_categories(
-                current_tenant_id,
-            )
-        except Exception as e:
-            failed_count += 1
-            click.echo(click.style(f"Failed tenant {current_tenant_id}: {str(e)}", fg="red"))
-            continue
-
-        if result.created_count > 0:
-            backfilled_count += 1
-            created_count += result.created_count
-        elif not result.normalized:
-            skipped_count += 1
-        if result.normalized:
-            normalized_count += 1
-
-        if batch_size > 0 and index % batch_size == 0:
-            click.echo(
-                click.style(
-                    f"Processed {index}/{candidate_count} tenants. "
-                    f"backfilled={backfilled_count}, created_rows={created_count}, "
-                    f"normalized={normalized_count}, skipped={skipped_count}, failed={failed_count}, "
-                    f"elapsed={time.perf_counter() - start_at:.2f}s",
-                    fg="yellow",
-                )
-            )
-
-    elapsed = time.perf_counter() - start_at
-    click.echo(
-        click.style(
-            f"Backfill plugin auto-upgrade strategy categories completed. "
-            f"backfilled={backfilled_count}, created_rows={created_count}, "
-            f"normalized={normalized_count}, skipped={skipped_count}, failed={failed_count}, "
-            f"elapsed={elapsed:.2f}s",
-            fg="green",
-        )
-    )
-
-
@click.command("extract-plugins", help="Extract plugins.")
@click.option("--output_file", prompt=True, help="The file to store the extracted plugins.", default="plugins.jsonl")
@click.option("--workers", prompt=True, help="The number of workers to extract plugins.", default=10)
--- a/api/commands/rbac.py
+++ b/api/commands/rbac.py
@ -1,112 +0,0 @@
-from __future__ import annotations
-
-import click
-from sqlalchemy import select
-
-from core.db.session_factory import session_factory
-from models import TenantAccountJoin, TenantAccountRole
-from services.enterprise.rbac_service import ListOption, RBACService
-
-
-def _resolve_builtin_role_id(tenant_id: str, operator_account_id: str, legacy_role: str) -> str:
-    """Resolve a legacy workspace role to the current tenant's builtin RBAC role id.
-
-    The migration replays the old `TenantAccountJoin.role` values onto the
-    RBAC member-role binding API. Builtin RBAC roles are tenant-scoped and
-    identified by runtime ids, so the command must look them up per tenant.
-    """
-    expected_builtin_tag = {
-        TenantAccountRole.OWNER.value: "owner",
-        TenantAccountRole.ADMIN.value: "admin",
-        TenantAccountRole.EDITOR.value: "editor",
-        TenantAccountRole.NORMAL.value: "normal",
-        TenantAccountRole.DATASET_OPERATOR.value: "dataset_operator",
-    }.get(legacy_role)
-    if not expected_builtin_tag:
-        raise ValueError(f"Unsupported legacy workspace role: {legacy_role}")
-
-    roles = RBACService.Roles.list(
-        tenant_id=tenant_id,
-        account_id=operator_account_id,
-        options=ListOption(page_number=1, results_per_page=100),
-    ).data
-    for role in roles:
-        if role.is_builtin and role.category == "global_system_default" and role.role_tag == expected_builtin_tag:
-            return str(role.id)
-
-    raise ValueError(f"Builtin RBAC role not found for tenant={tenant_id}, legacy_role={legacy_role}")
-
-
-@click.command(
-    "rbac-migrate-member-roles", help="Migrate legacy workspace member roles into RBAC member-role bindings."
-)
-@click.option("--tenant-id", help="Only migrate a single workspace.")
-@click.option("--dry-run", is_flag=True, default=False, help="Preview the migration without writing RBAC bindings.")
-def migrate_member_roles_to_rbac(tenant_id: str | None, dry_run: bool) -> None:
-    """Backfill RBAC member-role bindings from legacy `TenantAccountJoin.role` data.
-
-    This is an offline migration command for workspaces that already have
-    members in the legacy role model but need matching records in the RBAC
-    member-role binding store.
-    """
-    click.echo(click.style("Starting RBAC member-role migration.", fg="green"))
-
-    with session_factory.create_session() as session:
-        stmt = select(TenantAccountJoin).order_by(TenantAccountJoin.tenant_id.asc(), TenantAccountJoin.id.asc())
-        if tenant_id:
-            stmt = stmt.where(TenantAccountJoin.tenant_id == tenant_id)
-
-        joins = list(session.scalars(stmt).all())
-
-    if not joins:
-        click.echo(click.style("No workspace members found for migration.", fg="yellow"))
-        return
-
-    owner_account_by_tenant: dict[str, str] = {}
-    resolved_role_ids: dict[tuple[str, str], str] = {}
-    migrated_count = 0
-
-    for join in joins:
-        workspace_id = str(join.tenant_id)
-        member_account_id = str(join.account_id)
-        legacy_role = str(join.role)
-
-        if workspace_id not in owner_account_by_tenant:
-            owner_join = next(
-                (
-                    item
-                    for item in joins
-                    if str(item.tenant_id) == workspace_id and str(item.role) == TenantAccountRole.OWNER.value
-                ),
-                None,
-            )
-            if not owner_join:
-                raise ValueError(f"Workspace owner not found for tenant={workspace_id}")
-            owner_account_by_tenant[workspace_id] = str(owner_join.account_id)
-
-        operator_account_id = owner_account_by_tenant[workspace_id]
-        cache_key = (workspace_id, legacy_role)
-        if cache_key not in resolved_role_ids:
-            resolved_role_ids[cache_key] = _resolve_builtin_role_id(workspace_id, operator_account_id, legacy_role)
-
-        resolved_role_id = resolved_role_ids[cache_key]
-        click.echo(
-            f"tenant={workspace_id} member={member_account_id} "
-            f"legacy_role={legacy_role} -> rbac_role_id={resolved_role_id}"
-        )
-
-        if dry_run:
-            continue
-
-        RBACService.MemberRoles.replace(
-            tenant_id=workspace_id,
-            account_id=operator_account_id,
-            member_account_id=member_account_id,
-            role_ids=[resolved_role_id],
-        )
-        migrated_count += 1
-
-    if dry_run:
-        click.echo(click.style("Dry run completed. No RBAC bindings were written.", fg="yellow"))
-    else:
-        click.echo(click.style(f"RBAC member-role migration completed. Migrated {migrated_count} members.", fg="green"))
--- a/api/commands/retention.py
+++ b/api/commands/retention.py
@ -12,160 +12,10 @@ from services.clear_free_plan_tenant_expired_logs import ClearFreePlanTenantExpi
 from services.retention.conversation.messages_clean_policy import create_message_clean_policy
 from services.retention.conversation.messages_clean_service import MessagesCleanService
 from services.retention.workflow_run.clear_free_plan_expired_workflow_run_logs import WorkflowRunCleanup
-from services.retention.workflow_run.tenant_prefix import tenant_prefix_condition
 from tasks.remove_app_and_related_data_task import delete_draft_variables_batch

 logger = logging.getLogger(__name__)

-_HEX_PREFIXES = tuple("0123456789abcdef")
-
-
-class WorkflowRunArchivePlanRow(TypedDict):
-    tenant_prefix: str
-    total_tenants: int
-    workflow_runs: int
-    workflow_node_executions: int
-    paid_tenants: int
-    unpaid_tenants: int
-
-
-class WorkflowRunArchiveTenantPlan(TypedDict):
-    archive_tenant_ids: list[str] | None
-    paid_tenant_ids: list[str]
-    unpaid_tenant_ids: list[str]
-
-
-def _parse_tenant_prefixes(prefixes: str | None) -> list[str]:
-    if not prefixes:
-        return []
-
-    parsed = []
-    for raw_prefix in prefixes.split(","):
-        prefix = raw_prefix.strip().lower()
-        if not prefix:
-            continue
-        if len(prefix) != 1 or prefix not in _HEX_PREFIXES:
-            raise click.UsageError("--tenant-prefixes must be a comma-separated list of hex digits, e.g. 0,1,a,f.")
-        parsed.append(prefix)
-    return sorted(set(parsed))
-
-
-def _get_archive_candidate_tenant_ids_by_prefix(
-    prefix: str,
-    *,
-    start_from: datetime.datetime | None,
-    end_before: datetime.datetime,
-) -> list[str]:
-    from graphon.enums import WorkflowExecutionStatus
-    from models.workflow import WorkflowRun
-    from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver
-
-    conditions = [
-        WorkflowRun.created_at < end_before,
-        WorkflowRun.status.in_(WorkflowExecutionStatus.ended_values()),
-        WorkflowRun.type.in_(WorkflowRunArchiver.ARCHIVED_TYPE),
-        tenant_prefix_condition(WorkflowRun.tenant_id, prefix),
-    ]
-    if start_from is not None:
-        conditions.append(WorkflowRun.created_at >= start_from)
-
-    tenant_ids = db.session.scalars(
-        sa.select(WorkflowRun.tenant_id).where(*conditions).distinct().order_by(WorkflowRun.tenant_id)
-    ).all()
-    return list(tenant_ids)
-
-
-def _filter_paid_workflow_archive_tenant_ids(tenant_ids: list[str]) -> tuple[list[str], list[str]]:
-    from configs import dify_config
-    from enums.cloud_plan import CloudPlan
-    from services.billing_service import BillingService
-
-    tenant_ids = sorted(set(tenant_ids))
-    if not tenant_ids:
-        return [], []
-    if not dify_config.BILLING_ENABLED:
-        return tenant_ids, []
-
-    plans = BillingService.get_plan_bulk_with_cache(tenant_ids)
-    paid_tenant_ids = [
-        tenant_id
-        for tenant_id in tenant_ids
-        if plans.get(tenant_id) and plans[tenant_id].get("plan") in (CloudPlan.PROFESSIONAL, CloudPlan.TEAM)
-    ]
-    unpaid_tenant_ids = sorted(set(tenant_ids) - set(paid_tenant_ids))
-    return paid_tenant_ids, unpaid_tenant_ids
-
-
-def _resolve_archive_tenant_ids_from_plan(
-    *,
-    tenant_ids: str | None,
-    tenant_prefixes: list[str],
-    start_from: datetime.datetime | None,
-    end_before: datetime.datetime,
-) -> WorkflowRunArchiveTenantPlan:
-    """
-    Resolve the archive tenant scope once before scanning workflow_runs.
-
-    Prefix rollout should use the tenant list collected by the same planning path, then archive by
-    tenant_id IN (...). Scanning workflow_runs with a tenant prefix range in every archive run is too expensive on
-    the large production table this command is meant to shrink.
-    """
-    if tenant_ids:
-        requested_tenant_ids = [tid.strip() for tid in tenant_ids.split(",") if tid.strip()]
-    elif tenant_prefixes:
-        requested_tenant_ids = []
-        for prefix in tenant_prefixes:
-            requested_tenant_ids.extend(
-                _get_archive_candidate_tenant_ids_by_prefix(
-                    prefix,
-                    start_from=start_from,
-                    end_before=end_before,
-                )
-            )
-    else:
-        return WorkflowRunArchiveTenantPlan(
-            archive_tenant_ids=None,
-            paid_tenant_ids=[],
-            unpaid_tenant_ids=[],
-        )
-
-    paid_tenant_ids, unpaid_tenant_ids = _filter_paid_workflow_archive_tenant_ids(requested_tenant_ids)
-    return WorkflowRunArchiveTenantPlan(
-        archive_tenant_ids=paid_tenant_ids,
-        paid_tenant_ids=paid_tenant_ids,
-        unpaid_tenant_ids=unpaid_tenant_ids,
-    )
-
-
-def _resolve_archive_time_range(
-    *,
-    before_days: int,
-    from_days_ago: int | None,
-    to_days_ago: int | None,
-    start_from: datetime.datetime | None,
-    end_before: datetime.datetime | None,
-) -> tuple[int, datetime.datetime | None, datetime.datetime | None]:
-    if (start_from is None) ^ (end_before is None):
-        raise click.UsageError("--start-from and --end-before must be provided together.")
-
-    if (from_days_ago is None) ^ (to_days_ago is None):
-        raise click.UsageError("--from-days-ago and --to-days-ago must be provided together.")
-
-    if from_days_ago is not None and to_days_ago is not None:
-        if start_from or end_before:
-            raise click.UsageError("Choose either day offsets or explicit dates, not both.")
-        if from_days_ago <= to_days_ago:
-            raise click.UsageError("--from-days-ago must be greater than --to-days-ago.")
-        now = datetime.datetime.now()
-        start_from = now - datetime.timedelta(days=from_days_ago)
-        end_before = now - datetime.timedelta(days=to_days_ago)
-        before_days = 0
-
-    if start_from and end_before and start_from >= end_before:
-        raise click.UsageError("--start-from must be earlier than --end-before.")
-
-    return before_days, start_from, end_before
-

@click.command("clear-free-plan-tenant-expired-logs", help="Clear free plan tenant expired logs.")
@click.option("--days", prompt=True, help="The days to clear free plan tenant expired logs.", default=30)
@ -289,143 +139,11 @@ def clean_workflow_runs(
    )


-@click.command(
-    "archive-workflow-runs-plan",
-    help="Plan workflow run archive rollout by tenant ID first hex digit.",
-)
-@click.option("--before-days", default=90, show_default=True, help="Plan runs older than N days.")
-@click.option(
-    "--from-days-ago",
-    default=None,
-    type=click.IntRange(min=0),
-    help="Lower bound in days ago (older). Must be paired with --to-days-ago.",
-)
-@click.option(
-    "--to-days-ago",
-    default=None,
-    type=click.IntRange(min=0),
-    help="Upper bound in days ago (newer). Must be paired with --from-days-ago.",
-)
-@click.option(
-    "--start-from",
-    type=click.DateTime(formats=["%Y-%m-%d", "%Y-%m-%dT%H:%M:%S"]),
-    default=None,
-    help="Plan runs created at or after this timestamp (UTC if no timezone).",
-)
-@click.option(
-    "--end-before",
-    type=click.DateTime(formats=["%Y-%m-%d", "%Y-%m-%dT%H:%M:%S"]),
-    default=None,
-    help="Plan runs created before this timestamp (UTC if no timezone).",
-)
-@click.option(
-    "--include-archived",
-    is_flag=True,
-    help="Compatibility no-op for V2 bundle archive; plan counts source rows in the requested window.",
-)
-def archive_workflow_runs_plan(
-    before_days: int,
-    from_days_ago: int | None,
-    to_days_ago: int | None,
-    start_from: datetime.datetime | None,
-    end_before: datetime.datetime | None,
-    include_archived: bool,
-):
-    """
-    Print the 16 tenant-prefix rollout rows used to choose archive execution order.
-
-    Counts use the same workflow run eligibility as archive-workflow-runs: ended runs,
-    supported workflow types, and the requested created_at window. V2 bundle archive
-    does not maintain per-run archive logs, so this plan reports source-table volume.
-    """
-    from graphon.enums import WorkflowExecutionStatus
-    from models.workflow import WorkflowNodeExecutionModel, WorkflowRun
-    from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver
-
-    before_days, start_from, end_before = _resolve_archive_time_range(
-        before_days=before_days,
-        from_days_ago=from_days_ago,
-        to_days_ago=to_days_ago,
-        start_from=start_from,
-        end_before=end_before,
-    )
-    plan_end_before = end_before or datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=before_days)
-    if include_archived:
-        click.echo(click.style("--include-archived is a no-op for V2 bundle archive plans.", fg="yellow"))
-
-    rows: list[WorkflowRunArchivePlanRow] = []
-    for prefix in _HEX_PREFIXES:
-        tenant_ids = _get_archive_candidate_tenant_ids_by_prefix(
-            prefix,
-            start_from=start_from,
-            end_before=plan_end_before,
-        )
-        total_tenants = len(tenant_ids)
-        paid_tenant_ids, unpaid_tenant_ids = _filter_paid_workflow_archive_tenant_ids(tenant_ids)
-
-        run_conditions = [
-            WorkflowRun.created_at < plan_end_before,
-            WorkflowRun.status.in_(WorkflowExecutionStatus.ended_values()),
-            WorkflowRun.type.in_(WorkflowRunArchiver.ARCHIVED_TYPE),
-            tenant_prefix_condition(WorkflowRun.tenant_id, prefix),
-        ]
-        if start_from is not None:
-            run_conditions.append(WorkflowRun.created_at >= start_from)
-        workflow_runs = (
-            db.session.scalar(sa.select(sa.func.count()).select_from(WorkflowRun).where(*run_conditions)) or 0
-        )
-        candidate_runs = sa.select(WorkflowRun.id).where(*run_conditions).subquery()
-        workflow_node_executions = (
-            db.session.scalar(
-                sa.select(sa.func.count())
-                .select_from(WorkflowNodeExecutionModel)
-                .join(candidate_runs, WorkflowNodeExecutionModel.workflow_run_id == candidate_runs.c.id)
-            )
-            or 0
-        )
-
-        rows.append(
-            WorkflowRunArchivePlanRow(
-                tenant_prefix=prefix,
-                total_tenants=total_tenants,
-                workflow_runs=workflow_runs,
-                workflow_node_executions=workflow_node_executions,
-                paid_tenants=len(paid_tenant_ids),
-                unpaid_tenants=len(unpaid_tenant_ids),
-            )
-        )
-
-    click.echo(
-        click.style(
-            f"Workflow archive plan for runs before {plan_end_before.isoformat()}"
-            f"{f' and at/after {start_from.isoformat()}' if start_from else ''}.",
-            fg="white",
-        )
-    )
-    click.echo("tenant_prefix,total_tenants,workflow_runs,workflow_node_executions,paid_tenants,unpaid_tenants")
-    for row in rows:
-        click.echo(
-            f"{row['tenant_prefix']},{row['total_tenants']},{row['workflow_runs']},"
-            f"{row['workflow_node_executions']},{row['paid_tenants']},{row['unpaid_tenants']}"
-        )
-
-    ordered_rows = sorted(
-        rows,
-        key=lambda row: (row["workflow_runs"] + row["workflow_node_executions"], row["tenant_prefix"]),
-    )
-    click.echo("suggested_execution_order=" + ",".join(row["tenant_prefix"] for row in ordered_rows))
-
-
@click.command(
    "archive-workflow-runs",
    help="Archive workflow runs for paid plan tenants to S3-compatible storage.",
 )
@click.option("--tenant-ids", default=None, help="Optional comma-separated tenant IDs for grayscale rollout.")
-@click.option(
-    "--tenant-prefixes",
-    default=None,
-    help="Optional comma-separated tenant ID first hex digits for rollout waves, e.g. 0,1,a,f.",
-)
@click.option("--before-days", default=90, show_default=True, help="Archive runs older than N days.")
@click.option(
    "--from-days-ago",
@ -451,36 +169,13 @@ def archive_workflow_runs_plan(
    default=None,
    help="Archive runs created before this timestamp (UTC if no timezone).",
 )
-@click.option("--batch-size", default=100, show_default=True, help="Maximum workflow runs per archive bundle.")
-@click.option(
-    "--workers",
-    default=1,
-    show_default=True,
-    type=int,
-    help="Reserved; bundle archive currently runs serially.",
-)
-@click.option(
-    "--run-shard-index",
-    default=None,
-    type=click.IntRange(min=0),
-    help="Zero-based workflow run shard index for parallel cron jobs. Must be paired with --run-shard-total.",
-)
-@click.option(
-    "--run-shard-total",
-    default=None,
-    type=click.IntRange(min=1, max=16),
-    help="Total workflow run shard count for parallel cron jobs. Must be paired with --run-shard-index.",
-)
+@click.option("--batch-size", default=100, show_default=True, help="Batch size for processing.")
+@click.option("--workers", default=1, show_default=True, type=int, help="Concurrent workflow runs to archive.")
@click.option("--limit", default=None, type=int, help="Maximum number of runs to archive.")
@click.option("--dry-run", is_flag=True, help="Preview without archiving.")
-@click.option(
-    "--delete-after-archive",
-    is_flag=True,
-    help="Not supported by bundle archive; use a separate bundle delete workflow after validation.",
-)
+@click.option("--delete-after-archive", is_flag=True, help="Delete runs and related data after archiving.")
 def archive_workflow_runs(
    tenant_ids: str | None,
-    tenant_prefixes: str | None,
    before_days: int,
    from_days_ago: int | None,
    to_days_ago: int | None,
@ -488,8 +183,6 @@ def archive_workflow_runs(
    end_before: datetime.datetime | None,
    batch_size: int,
    workers: int,
-    run_shard_index: int | None,
-    run_shard_total: int | None,
    limit: int | None,
    dry_run: bool,
    delete_after_archive: bool,
@ -497,19 +190,14 @@ def archive_workflow_runs(
    """
    Archive workflow runs for paid plan tenants older than the specified days.

-    This command writes V2 tenant/month/shard archive bundles. Each bundle contains Parquet snapshots from:
-    - workflow_runs
-    - workflow_app_logs
+    This command archives the following tables to storage:
    - workflow_node_executions
    - workflow_node_execution_offload
    - workflow_pauses
    - workflow_pause_reasons
    - workflow_trigger_logs

-    Source database rows are always preserved by archive. Deletion must be handled by
-    a separate bundle-level delete workflow after manifest, checksum, row-count, and
-    restore-sampling validation. In --dry-run mode, no storage or database writes
-    happen; the command estimates per-table Parquet bytes and object size instead.
+    The workflow_runs and workflow_app_logs tables are preserved for UI listing.
    """
    from services.retention.workflow_run.archive_paid_plan_workflow_run import WorkflowRunArchiver

@ -521,58 +209,32 @@ def archive_workflow_runs(
        )
    )

-    try:
-        before_days, start_from, end_before = _resolve_archive_time_range(
-            before_days=before_days,
-            from_days_ago=from_days_ago,
-            to_days_ago=to_days_ago,
-            start_from=start_from,
-            end_before=end_before,
-        )
-        parsed_tenant_prefixes = _parse_tenant_prefixes(tenant_prefixes)
-    except click.UsageError as e:
-        click.echo(click.style(e.message, fg="red"))
+    if (start_from is None) ^ (end_before is None):
+        click.echo(click.style("start-from and end-before must be provided together.", fg="red"))
+        return
+
+    if (from_days_ago is None) ^ (to_days_ago is None):
+        click.echo(click.style("from-days-ago and to-days-ago must be provided together.", fg="red"))
+        return
+
+    if from_days_ago is not None and to_days_ago is not None:
+        if start_from or end_before:
+            click.echo(click.style("Choose either day offsets or explicit dates, not both.", fg="red"))
+            return
+        if from_days_ago <= to_days_ago:
+            click.echo(click.style("from-days-ago must be greater than to-days-ago.", fg="red"))
+            return
+        now = datetime.datetime.now()
+        start_from = now - datetime.timedelta(days=from_days_ago)
+        end_before = now - datetime.timedelta(days=to_days_ago)
+        before_days = 0
+
+    if start_from and end_before and start_from >= end_before:
+        click.echo(click.style("start-from must be earlier than end-before.", fg="red"))
        return
-    plan_end_before = end_before or datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=before_days)
    if workers < 1:
        click.echo(click.style("workers must be at least 1.", fg="red"))
        return
-    if (run_shard_index is None) ^ (run_shard_total is None):
-        click.echo(click.style("run-shard-index and run-shard-total must be provided together.", fg="red"))
-        return
-    if run_shard_index is not None and run_shard_total is not None and run_shard_index >= run_shard_total:
-        click.echo(click.style("run-shard-index must be less than run-shard-total.", fg="red"))
-        return
-    if delete_after_archive:
-        click.echo(click.style("delete-after-archive is not supported by bundle archive.", fg="red"))
-        return
-
-    try:
-        tenant_plan = _resolve_archive_tenant_ids_from_plan(
-            tenant_ids=tenant_ids,
-            tenant_prefixes=parsed_tenant_prefixes,
-            start_from=start_from,
-            end_before=plan_end_before,
-        )
-    except Exception:
-        logger.exception("Failed to resolve workflow archive tenant plan")
-        click.echo(click.style("Failed to resolve workflow archive tenant plan.", fg="red"))
-        return
-
-    planned_tenant_ids = tenant_plan["archive_tenant_ids"]
-    planned_paid_tenant_ids = tenant_plan["paid_tenant_ids"] if planned_tenant_ids is not None else None
-    paid_tenants = len(tenant_plan["paid_tenant_ids"])
-    unpaid_tenants = len(tenant_plan["unpaid_tenant_ids"])
-    if planned_tenant_ids is not None:
-        click.echo(
-            click.style(
-                f"Resolved archive tenant plan: paid_tenants={paid_tenants}, unpaid_tenants={unpaid_tenants}.",
-                fg="white",
-            )
-        )
-        if not planned_tenant_ids:
-            click.echo(click.style("No paid tenants matched the archive plan; nothing to archive.", fg="yellow"))
-            return

    archiver = WorkflowRunArchiver(
        days=before_days,
@ -580,11 +242,7 @@ def archive_workflow_runs(
        start_from=start_from,
        end_before=end_before,
        workers=workers,
-        tenant_ids=planned_tenant_ids,
-        tenant_prefixes=parsed_tenant_prefixes,
-        paid_tenant_ids=planned_paid_tenant_ids,
-        run_shard_index=run_shard_index,
-        run_shard_total=run_shard_total,
+        tenant_ids=[tid.strip() for tid in tenant_ids.split(",")] if tenant_ids else None,
        limit=limit,
        dry_run=dry_run,
        delete_after_archive=delete_after_archive,
@ -594,9 +252,7 @@ def archive_workflow_runs(
        click.style(
            f"Summary: processed={summary.total_runs_processed}, archived={summary.runs_archived}, "
            f"skipped={summary.runs_skipped}, failed={summary.runs_failed}, "
-            f"bundles_archived={summary.bundles_archived}, bundles_skipped={summary.bundles_skipped}, "
-            f"bundles_failed={summary.bundles_failed}, "
-            f"object_size_bytes={summary.total_object_size_bytes}, time={summary.total_elapsed_time:.2f}s",
+            f"time={summary.total_elapsed_time:.2f}s",
            fg="cyan",
        )
    )
@ -612,52 +268,6 @@ def archive_workflow_runs(
    )


-def _echo_bundle_archive_operation_summary(summary) -> None:
-    status = "completed successfully" if summary.bundles_failed == 0 else "completed with failures"
-    fg = "green" if summary.bundles_failed == 0 else "red"
-    click.echo(
-        click.style(
-            f"{summary.operation} {status}. "
-            f"bundles_success={summary.bundles_succeeded} bundles_failed={summary.bundles_failed} "
-            f"runs={summary.runs_processed} rows={summary.rows_processed} "
-            f"archive_bytes={summary.archive_bytes} duration={summary.elapsed_time:.2f}s "
-            f"validation_time={summary.validation_time:.2f}s "
-            f"runs_per_second={summary.runs_per_second:.2f} rows_per_second={summary.rows_per_second:.2f} "
-            f"bytes_per_second={summary.bytes_per_second:.2f}",
-            fg=fg,
-        )
-    )
-    click.echo(click.style("table,row_count", fg="white"))
-    for table_name in [
-        "workflow_runs",
-        "workflow_app_logs",
-        "workflow_node_executions",
-        "workflow_node_execution_offload",
-        "workflow_pauses",
-        "workflow_pause_reasons",
-        "workflow_trigger_logs",
-    ]:
-        click.echo(f"{table_name},{summary.table_counts.get(table_name, 0)}")
-    for result in summary.results:
-        if result.success:
-            click.echo(
-                click.style(
-                    f"  bundle={result.bundle_id} tenant={result.tenant_id} runs={result.run_count} "
-                    f"rows={result.row_count} archive_bytes={result.archive_bytes} "
-                    f"time={result.elapsed_time:.2f}s validation={result.validation_time:.2f}s",
-                    fg="white",
-                )
-            )
-        else:
-            click.echo(
-                click.style(
-                    f"  failed bundle={result.bundle_id} tenant={result.tenant_id} "
-                    f"object_prefix={result.object_prefix} error={result.error}",
-                    fg="red",
-                )
-            )
-
-
@click.command(
    "restore-workflow-runs",
    help="Restore archived workflow runs from S3-compatible storage.",
@ -680,8 +290,8 @@ def _echo_bundle_archive_operation_summary(summary) -> None:
    default=None,
    help="Optional upper bound (exclusive) for created_at; must be paired with --start-from.",
 )
-@click.option("--workers", default=1, show_default=True, type=int, help="V1 --run-id compatibility only.")
-@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of V2 bundles to restore.")
+@click.option("--workers", default=1, show_default=True, type=int, help="Concurrent workflow runs to restore.")
+@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of runs to restore.")
@click.option("--dry-run", is_flag=True, help="Preview without restoring.")
 def restore_workflow_runs(
    tenant_ids: str | None,
@ -693,18 +303,15 @@ def restore_workflow_runs(
    dry_run: bool,
 ):
    """
-    Restore archived workflow runs from storage to the database.
+    Restore an archived workflow run from storage to the database.

-    Batch restore uses V2 bundle metadata and validates archive objects before writing source rows. This restores:
-    - workflow_runs
-    - workflow_app_logs
+    This restores the following tables:
    - workflow_node_executions
    - workflow_node_execution_offload
    - workflow_pauses
    - workflow_pause_reasons
    - workflow_trigger_logs
    """
-    from services.retention.workflow_run.bundle_archive_maintenance import WorkflowRunBundleArchiveMaintenance
    from services.retention.workflow_run.restore_archived_workflow_run import WorkflowRunRestore

    parsed_tenant_ids = None
@ -728,46 +335,39 @@ def restore_workflow_runs(
        )
    )

+    restorer = WorkflowRunRestore(dry_run=dry_run, workers=workers)
    if run_id:
-        restorer = WorkflowRunRestore(dry_run=dry_run, workers=workers)
        results = [restorer.restore_by_run_id(run_id)]
-        end_time = datetime.datetime.now(datetime.UTC)
-        elapsed = end_time - start_time
-
-        successes = sum(1 for result in results if result.success)
-        failures = len(results) - successes
-
-        if failures == 0:
-            click.echo(
-                click.style(
-                    f"Restore completed successfully. success={successes} duration={elapsed}",
-                    fg="green",
-                )
-            )
-        else:
-            click.echo(
-                click.style(
-                    f"Restore completed with failures. success={successes} failed={failures} duration={elapsed}",
-                    fg="red",
-                )
-            )
-        return
-
-    if workers != 1:
-        click.echo(
-            click.style("--workers is ignored for V2 bundle restore; bundles are processed serially.", fg="yellow")
+    else:
+        assert start_from is not None
+        assert end_before is not None
+        results = restorer.restore_batch(
+            parsed_tenant_ids,
+            start_date=start_from,
+            end_date=end_before,
+            limit=limit,
+        )
+
+    end_time = datetime.datetime.now(datetime.UTC)
+    elapsed = end_time - start_time
+
+    successes = sum(1 for result in results if result.success)
+    failures = len(results) - successes
+
+    if failures == 0:
+        click.echo(
+            click.style(
+                f"Restore completed successfully. success={successes} duration={elapsed}",
+                fg="green",
+            )
+        )
+    else:
+        click.echo(
+            click.style(
+                f"Restore completed with failures. success={successes} failed={failures} duration={elapsed}",
+                fg="red",
+            )
        )
-    assert start_from is not None
-    assert end_before is not None
-    bundle_restorer = WorkflowRunBundleArchiveMaintenance(dry_run=dry_run, strict_content_validation=True)
-    summary = bundle_restorer.restore_batch(
-        tenant_ids=parsed_tenant_ids,
-        start_date=start_from,
-        end_date=end_before,
-        limit=limit,
-    )
-    _echo_bundle_archive_operation_summary(summary)
-    return


@click.command(
@ -792,20 +392,8 @@ def restore_workflow_runs(
    default=None,
    help="Optional upper bound (exclusive) for created_at; must be paired with --start-from.",
 )
-@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of V2 bundles to delete.")
+@click.option("--limit", type=int, default=100, show_default=True, help="Maximum number of runs to delete.")
@click.option("--dry-run", is_flag=True, help="Preview without deleting.")
-@click.option(
-    "--skip-bad-archives",
-    is_flag=True,
-    help="Continue batch deletion when one archive object fails validation.",
-)
-@click.option(
-    "--restore-sample-interval",
-    type=int,
-    default=0,
-    show_default=True,
-    help="Run restore dry-run after every N successful deletes; 0 disables restore sampling.",
-)
 def delete_archived_workflow_runs(
    tenant_ids: str | None,
    run_id: str | None,
@ -813,16 +401,10 @@ def delete_archived_workflow_runs(
    end_before: datetime.datetime | None,
    limit: int,
    dry_run: bool,
-    skip_bad_archives: bool,
-    restore_sample_interval: int,
 ):
    """
    Delete archived workflow runs from the database.
-
-    Batch delete uses V2 bundle metadata and validates object existence, manifest schema, object size, checksum, row
-    counts, and source/archive content checksums before deleting source rows. `--run-id` keeps the V1 per-run path.
    """
-    from services.retention.workflow_run.bundle_archive_maintenance import WorkflowRunBundleArchiveMaintenance
    from services.retention.workflow_run.delete_archived_workflow_run import ArchivedWorkflowRunDeletion

    parsed_tenant_ids = None
@ -835,8 +417,6 @@ def delete_archived_workflow_runs(
        raise click.UsageError("--start-from and --end-before must be provided together.")
    if run_id is None and (start_from is None or end_before is None):
        raise click.UsageError("--start-from and --end-before are required for batch delete.")
-    if restore_sample_interval < 0:
-        raise click.BadParameter("restore-sample-interval must be >= 0")

    start_time = datetime.datetime.now(datetime.UTC)
    target_desc = f"workflow run {run_id}" if run_id else "workflow runs"
@ -847,85 +427,56 @@ def delete_archived_workflow_runs(
        )
    )

+    deleter = ArchivedWorkflowRunDeletion(dry_run=dry_run)
    if run_id:
-        deleter = ArchivedWorkflowRunDeletion(
-            dry_run=dry_run,
-            skip_bad_archives=skip_bad_archives,
-            restore_sample_interval=restore_sample_interval,
-        )
        results = [deleter.delete_by_run_id(run_id)]
-        for result in results:
-            if result.success:
-                click.echo(
-                    click.style(
-                        f"{'[DRY RUN] Would delete' if dry_run else 'Deleted'} "
-                        f"workflow run {result.run_id} (tenant={result.tenant_id}, "
-                        f"archive_key={result.archive_key}, counts={result.validated_counts})",
-                        fg="green",
-                    )
-                )
-                if result.restore_sampled:
-                    sample_status = "passed" if result.restore_sample_success else "failed"
-                    click.echo(
-                        click.style(
-                            f"  restore dry-run sample {sample_status} for workflow run {result.run_id}",
-                            fg="green" if result.restore_sample_success else "red",
-                        )
-                    )
-            else:
-                click.echo(
-                    click.style(
-                        f"Failed to delete workflow run {result.run_id}: {result.error}",
-                        fg="red",
-                    )
-                )
-                click.echo(
-                    click.style(
-                        "  runbook: pause this delete window, verify archive storage object and manifest/checksum, "
-                        "retry the same run after fixing storage or DB drift, or rerun with --skip-bad-archives "
-                        "to quarantine this run and continue the batch.",
-                        fg="yellow",
-                    )
-                )
+    else:
+        assert start_from is not None
+        assert end_before is not None
+        results = deleter.delete_batch(
+            parsed_tenant_ids,
+            start_date=start_from,
+            end_date=end_before,
+            limit=limit,
+        )

-        end_time = datetime.datetime.now(datetime.UTC)
-        elapsed = end_time - start_time
-
-        successes = sum(1 for result in results if result.success)
-        failures = len(results) - successes
-
-        if failures == 0:
+    for result in results:
+        if result.success:
            click.echo(
                click.style(
-                    f"Delete completed successfully. success={successes} duration={elapsed}",
+                    f"{'[DRY RUN] Would delete' if dry_run else 'Deleted'} "
+                    f"workflow run {result.run_id} (tenant={result.tenant_id})",
                    fg="green",
                )
            )
        else:
            click.echo(
                click.style(
-                    f"Delete completed with failures. success={successes} failed={failures} duration={elapsed}",
+                    f"Failed to delete workflow run {result.run_id}: {result.error}",
                    fg="red",
                )
            )
-        return

-    if restore_sample_interval:
-        click.echo(click.style("--restore-sample-interval is ignored for V2 bundle delete.", fg="yellow"))
-    assert start_from is not None
-    assert end_before is not None
-    bundle_deleter = WorkflowRunBundleArchiveMaintenance(
-        dry_run=dry_run,
-        strict_content_validation=True,
-        stop_on_error=not skip_bad_archives,
-    )
-    summary = bundle_deleter.delete_batch(
-        tenant_ids=parsed_tenant_ids,
-        start_date=start_from,
-        end_date=end_before,
-        limit=limit,
-    )
-    _echo_bundle_archive_operation_summary(summary)
+    end_time = datetime.datetime.now(datetime.UTC)
+    elapsed = end_time - start_time
+
+    successes = sum(1 for result in results if result.success)
+    failures = len(results) - successes
+
+    if failures == 0:
+        click.echo(
+            click.style(
+                f"Delete completed successfully. success={successes} duration={elapsed}",
+                fg="green",
+            )
+        )
+    else:
+        click.echo(
+            click.style(
+                f"Delete completed with failures. success={successes} failed={failures} duration={elapsed}",
+                fg="red",
+            )
+        )


 def _find_orphaned_draft_variables(batch_size: int = 1000) -> list[str]:
--- a/api/configs/enterprise/init.py
+++ b/api/configs/enterprise/init.py
@ -29,11 +29,6 @@ class EnterpriseFeatureConfig(BaseSettings):
        "This helps gain runtime performance by trading off consistency.",
    )

-    RBAC_ENABLED: bool = Field(
-        description="Enable enterprise RBAC APIs. When disabled, compatibility responses fall back to legacy roles.",
-        default=False,
-    )
-

 class EnterpriseTelemetryConfig(BaseSettings):
    """
--- a/api/configs/middleware/cache/redis_pubsub_config.py
+++ b/api/configs/middleware/cache/redis_pubsub_config.py
@ -2,6 +2,7 @@ from typing import Literal, Protocol, cast
 from urllib.parse import quote_plus, urlunparse

 from pydantic import AliasChoices, Field
+from pydantic.types import NonNegativeInt
 from pydantic_settings import BaseSettings


@ -70,6 +71,24 @@ class RedisPubSubConfig(BaseSettings):
        default=600,
    )

+    PUBSUB_LISTENER_JOIN_TIMEOUT_MS: NonNegativeInt = Field(
+        validation_alias=AliasChoices("EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS", "PUBSUB_LISTENER_JOIN_TIMEOUT_MS"),
+        description=(
+            "Maximum time (milliseconds) that ``Subscription.close()`` waits for its listener thread to "
+            "finish before returning. Bounds the tail latency between a terminal event being delivered to "
+            "an SSE client and the response stream actually closing.\n\n"
+            "The listener thread blocks on a polling read (XREAD BLOCK for streams, get_message timeout "
+            "for pubsub/sharded) with a fixed 1s window, so close() naturally has to wait up to ~1s for "
+            "the thread to notice the subscription was closed. Setting this lower (e.g. 100) lets close() "
+            "return promptly while the daemon listener thread cleans itself up on the next poll "
+            "boundary - safe because the listener holds no critical state and exits within one poll "
+            "window. Setting it higher (e.g. 5000) gives the listener more grace before close() gives up "
+            "and logs a warning. Default 2000ms preserves the pre-change behaviour.\n\n"
+            "Also accepts ENV: EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS."
+        ),
+        default=2000,
+    )
+
    def _build_default_pubsub_url(self) -> str:
        defaults = _redis_defaults(self)
        if not defaults.REDIS_HOST or not defaults.REDIS_PORT:
--- a/api/configs/remote_settings_sources/nacos/http_request.py
+++ b/api/configs/remote_settings_sources/nacos/http_request.py
@ -20,12 +20,6 @@ class NacosHttpClient:
        self.token: str | None = None
        self.token_ttl = 18000
        self.token_expire_time: float = 0
-        # Bounded timeouts so a slow or unresponsive Nacos server cannot hang the API
-        # service indefinitely during startup or token refresh.
-        self.timeout = httpx.Timeout(
-            float(os.getenv("DIFY_ENV_NACOS_REQUEST_TIMEOUT", "10.0")),
-            connect=float(os.getenv("DIFY_ENV_NACOS_CONNECT_TIMEOUT", "3.0")),
-        )

    def http_request(
        self, url: str, method: str = "GET", headers: dict[str, str] | None = None, params: dict[str, str] | None = None
@ -34,17 +28,12 @@ class NacosHttpClient:
            headers = {}
        if params is None:
            params = {}
-        full_url = "http://" + self.server + url
        try:
            self._inject_auth_info(headers, params)
-            response = httpx.request(method, url=full_url, headers=headers, params=params, timeout=self.timeout)
+            response = httpx.request(method, url="http://" + self.server + url, headers=headers, params=params)
            response.raise_for_status()
            return response.text
-        except httpx.TimeoutException as e:
-            logger.warning("Request to Nacos timed out (url=%s, timeout=%s): %s", full_url, self.timeout, e)
-            return f"Request to Nacos timed out: {e}"
        except httpx.RequestError as e:
-            logger.warning("Request to Nacos failed (url=%s): %s", full_url, e)
            return f"Request to Nacos failed: {e}"

    def _inject_auth_info(self, headers: dict[str, str], params: dict[str, str], module: str = "config") -> None:
@ -89,16 +78,13 @@ class NacosHttpClient:
        params = {"username": self.username, "password": self.password}
        url = "http://" + self.server + "/nacos/v1/auth/login"
        try:
-            resp = httpx.request("POST", url, headers=None, params=params, timeout=self.timeout)
+            resp = httpx.request("POST", url, headers=None, params=params)
            resp.raise_for_status()
            response_data = resp.json()
            self.token = response_data.get("accessToken")
            self.token_ttl = response_data.get("tokenTtl", 18000)
            self.token_expire_time = current_time + self.token_ttl - 10
            return self.token
-        except httpx.TimeoutException:
-            logger.exception("[get-access-token] request to Nacos timed out (url=%s, timeout=%s)", url, self.timeout)
-            raise
        except Exception:
            logger.exception("[get-access-token] exception occur")
            raise
--- a/api/controllers/common/app_access.py
+++ b/api/controllers/common/app_access.py
@ -1,107 +0,0 @@
-from __future__ import annotations
-
-from collections.abc import Sequence
-from dataclasses import dataclass
-from typing import TYPE_CHECKING
-
-from services.enterprise import rbac_service as enterprise_rbac_service
-
-if TYPE_CHECKING:
-    from services.app_service import AppListBaseParams
-    from services.enterprise.rbac_service import MyPermissionsResponse
-
-# Permission keys (dot-notation, from MyPermissionsResponse) that grant
-# list/preview access to an app. Keep this the single source of truth for both
-# the console and OpenAPI app-list endpoints.
-APP_LIST_PERMISSION_KEYS: frozenset[str] = frozenset({"app.preview", "app.acl.preview", "app.full_access"})
-
-# Workspace permission key that lets a caller see apps they maintain even when
-# those apps are not in their preview whitelist.
-_MANAGE_OWN_APPS_PERMISSION_KEY = "app.create_and_management"
-
-
-def has_app_list_permission(permission_keys: Sequence[str]) -> bool:
-    """Return True if any of ``permission_keys`` grants app list/preview access."""
-    return any(permission_key in APP_LIST_PERMISSION_KEYS for permission_key in permission_keys)
-
-
-@dataclass(frozen=True)
-class AppAccessFilter:
-    """Resolved RBAC visibility for app list/read endpoints.
-
-    ``accessible_app_ids`` of ``None`` means the caller can see every app in the
-    workspace (unrestricted). Otherwise it is the exact set of app ids the
-    caller may preview; combined with ``can_manage_own_apps`` it also covers
-    apps the caller maintains.
-    """
-
-    accessible_app_ids: set[str] | None
-    can_manage_own_apps: bool
-
-    @classmethod
-    def unrestricted(cls) -> AppAccessFilter:
-        """Filter that imposes no restriction (RBAC disabled / not applicable)."""
-        return cls(accessible_app_ids=None, can_manage_own_apps=False)
-
-    def is_app_accessible(self, app_id: str, maintainer: str | None, account_id: str) -> bool:
-        """Whether a single app is visible to the caller under this filter.
-
-        Mirrors the service-layer query gate: an app is visible when the filter
-        is unrestricted, the app id is whitelisted, or the caller maintains it
-        and holds ``app.create_and_management``.
-        """
-        if self.accessible_app_ids is None:
-            return True
-        if app_id in self.accessible_app_ids:
-            return True
-        return self.can_manage_own_apps and maintainer is not None and maintainer == account_id
-
-    def apply_to_params(self, params: AppListBaseParams) -> None:
-        if self.accessible_app_ids is None:
-            return
-        params.accessible_app_ids = sorted(self.accessible_app_ids)
-        params.include_own_apps = self.can_manage_own_apps
-
-
-def resolve_app_access_filter(
-    tenant_id: str,
-    account_id: str,
-    *,
-    permissions: MyPermissionsResponse | None = None,
-) -> AppAccessFilter:
-    """Compute the RBAC app-access filter for ``account_id`` in ``tenant_id``.
-
-    Pass ``permissions`` when the caller has already fetched the snapshot (the
-    console controller reuses it for per-app permission keys) to avoid a second
-    inner-API round trip; otherwise it is fetched here.
-    """
-    if permissions is None:
-        permissions = enterprise_rbac_service.RBACService.MyPermissions.get(tenant_id, account_id)
-    whitelist_scope = enterprise_rbac_service.RBACService.AppAccess.whitelist_resources(tenant_id, account_id)
-
-    can_manage_own_apps = _MANAGE_OWN_APPS_PERMISSION_KEY in permissions.workspace.permission_keys
-    has_default_preview = has_app_list_permission(permissions.app.default_permission_keys) or has_app_list_permission(
-        permissions.workspace.permission_keys
-    )
-
-    permission_app_ids: set[str] | None = None
-    if not has_default_preview:
-        # Collect apps the caller can preview via per-app permission overrides.
-        permission_app_ids = {
-            override.resource_id
-            for override in permissions.app.overrides
-            if has_app_list_permission(override.permission_keys)
-        }
-
-    accessible_app_ids: set[str] | None
-    if getattr(whitelist_scope, "unrestricted", False):
-        accessible_app_ids = permission_app_ids
-    else:
-        accessible_app_ids = set(whitelist_scope.resource_ids)
-        if permission_app_ids is not None:
-            accessible_app_ids |= permission_app_ids
-        elif has_default_preview:
-            # Default preview overrides the whitelist restriction.
-            accessible_app_ids = None
-
-    return AppAccessFilter(accessible_app_ids=accessible_app_ids, can_manage_own_apps=can_manage_own_apps)
--- a/api/controllers/common/controller_schemas.py
+++ b/api/controllers/common/controller_schemas.py
@ -1,8 +1,7 @@
-from copy import deepcopy
-from typing import Annotated, Any, Literal, override
+from typing import Any, Literal
 from uuid import UUID

-from pydantic import BaseModel, Field, GetJsonSchemaHandler, WithJsonSchema, model_validator
+from pydantic import BaseModel, Field, model_validator

 from libs.helper import UUIDStrOrEmpty

@ -10,53 +9,8 @@ from libs.helper import UUIDStrOrEmpty


 class ConversationRenamePayload(BaseModel):
-    name: str | None = Field(
-        default=None,
-        description="Conversation name. Required when `auto_generate` is `false`.",
-    )
-    auto_generate: bool = Field(
-        default=False,
-        description="Automatically generate the conversation name. When `true`, the `name` field is ignored.",
-    )
-
-    @classmethod
-    @override
-    def __get_pydantic_json_schema__(cls, core_schema: Any, handler: GetJsonSchemaHandler) -> dict[str, Any]:
-        schema = handler.resolve_ref_schema(handler(core_schema))
-        properties = schema.get("properties")
-        if not isinstance(properties, dict):
-            return schema
-
-        auto_generate_schema = deepcopy(properties.get("auto_generate", {"type": "boolean"}))
-        name_schema = deepcopy(properties.get("name", {"type": "string"}))
-        non_blank_name_schema: dict[str, Any] = {"pattern": r".*\S.*", "type": "string"}
-        if isinstance(name_schema, dict) and isinstance(name_schema.get("title"), str):
-            non_blank_name_schema["title"] = name_schema["title"]
-
-        auto_generate_true_schema = {**auto_generate_schema, "enum": [True]}
-        auto_generate_true_schema.pop("default", None)
-
-        return {
-            **schema,
-            "anyOf": [
-                {
-                    "properties": {
-                        "auto_generate": auto_generate_true_schema,
-                        "name": name_schema,
-                    },
-                    "required": ["auto_generate"],
-                    "type": "object",
-                },
-                {
-                    "properties": {
-                        "auto_generate": {**auto_generate_schema, "enum": [False]},
-                        "name": non_blank_name_schema,
-                    },
-                    "required": ["name"],
-                    "type": "object",
-                },
-            ],
-        }
+    name: str | None = None
+    auto_generate: bool = False

    @model_validator(mode="after")
    def validate_name_requirement(self):
@ -70,28 +24,14 @@ class ConversationRenamePayload(BaseModel):


 class MessageListQuery(BaseModel):
-    conversation_id: UUIDStrOrEmpty = Field(description="Conversation ID.")
-    first_id: UUIDStrOrEmpty | None = Field(
-        default=None,
-        description=(
-            "The ID of the first chat record on the current page. Omit this value to fetch the latest messages; "
-            "for subsequent pages, use the first message ID from the current list to fetch older messages."
-        ),
-    )
-    limit: int = Field(
-        default=20,
-        ge=1,
-        le=100,
-        description="Number of chat history messages to return per request.",
-    )
+    conversation_id: UUIDStrOrEmpty = Field(description="Conversation UUID")
+    first_id: UUIDStrOrEmpty | None = Field(default=None, description="First message ID for pagination")
+    limit: int = Field(default=20, ge=1, le=100, description="Number of messages to return (1-100)")


 class MessageFeedbackPayload(BaseModel):
-    rating: Literal["like", "dislike"] | None = Field(
-        default=None,
-        description="Feedback rating. Set to `null` to revoke previously submitted feedback.",
-    )
-    content: str | None = Field(default=None, description="Optional text feedback providing additional detail.")
+    rating: Literal["like", "dislike"] | None = None
+    content: str | None = None


 # --- Saved message schemas ---
@ -108,39 +48,6 @@ class SavedMessageCreatePayload(BaseModel):

 # --- Workflow schemas ---

-WORKFLOW_INPUT_FILE_ITEM_SCHEMA: dict[str, object] = {
-    "type": "object",
-    "required": ["type", "transfer_method"],
-    "properties": {
-        "type": {
-            "description": "File type.",
-            "enum": ["document", "image", "audio", "video", "custom"],
-            "type": "string",
-        },
-        "transfer_method": {
-            "description": "Transfer method: `remote_url` for file URL, `local_file` for uploaded file.",
-            "enum": ["remote_url", "local_file"],
-            "type": "string",
-        },
-        "url": {
-            "description": "File URL when `transfer_method` is `remote_url`.",
-            "format": "url",
-            "type": "string",
-        },
-        "upload_file_id": {
-            "description": (
-                "Uploaded file ID obtained from the [Upload File](/api-reference/files/upload-file) API when "
-                "`transfer_method` is `local_file`."
-            ),
-            "type": "string",
-        },
-    },
-}
-WORKFLOW_INPUT_FILE_LIST_SCHEMA: dict[str, object] = {
-    "anyOf": [{"items": WORKFLOW_INPUT_FILE_ITEM_SCHEMA, "type": "array"}, {"type": "null"}]
-}
-WorkflowInputFileList = Annotated[list[dict[str, Any]] | None, WithJsonSchema(WORKFLOW_INPUT_FILE_LIST_SCHEMA)]
-

 class DefaultBlockConfigQuery(BaseModel):
    q: str | None = None
@ -154,22 +61,8 @@ class WorkflowListQuery(BaseModel):


 class WorkflowRunPayload(BaseModel):
-    inputs: dict[str, Any] = Field(
-        description=(
-            "Key-value pairs for workflow input variables. Values for file-type variables should be arrays of "
-            "file objects with `type`, `transfer_method`, and either `url` or `upload_file_id`. Refer to the "
-            "`user_input_form` field in the [Get App Parameters](/api-reference/applications/get-app-parameters) "
-            "response to discover the variable names and types expected by your app."
-        )
-    )
-    files: WorkflowInputFileList = Field(
-        default=None,
-        description=(
-            "File list for workflow system file inputs. Available when file upload is enabled for the workflow. "
-            "To attach a local file, first upload it via [Upload File](/api-reference/files/upload-file) and use "
-            "the returned `id` as `upload_file_id` with `transfer_method: local_file`."
-        ),
-    )
+    inputs: dict[str, Any]
+    files: list[dict[str, Any]] | None = Field(default=None)


 class WorkflowUpdatePayload(BaseModel):
@ -184,49 +77,28 @@ DOCUMENT_BATCH_DOWNLOAD_ZIP_MAX_DOCS = 100


 class ChildChunkCreatePayload(BaseModel):
-    content: str = Field(description="Child chunk text content.")
+    content: str


 class ChildChunkUpdatePayload(BaseModel):
-    content: str = Field(description="Child chunk text content.")
+    content: str


 class DocumentBatchDownloadZipPayload(BaseModel):
    """Request payload for bulk downloading documents as a zip archive."""

-    document_ids: list[UUID] = Field(
-        ...,
-        min_length=1,
-        max_length=DOCUMENT_BATCH_DOWNLOAD_ZIP_MAX_DOCS,
-        description="List of document IDs to include in the ZIP download.",
-    )
+    document_ids: list[UUID] = Field(..., min_length=1, max_length=DOCUMENT_BATCH_DOWNLOAD_ZIP_MAX_DOCS)


 class MetadataUpdatePayload(BaseModel):
-    name: str = Field(description="New metadata field name.")
+    name: str


 # --- Audio schemas ---


-UUIDString = Annotated[str, WithJsonSchema({"format": "uuid", "type": "string"})]
-
-
 class TextToAudioPayload(BaseModel):
-    message_id: UUIDString | None = Field(
-        default=None,
-        description="Message ID. Takes priority over `text` when both are provided.",
-    )
-    voice: str | None = Field(
-        default=None,
-        description=(
-            "Voice to use for text-to-speech. Available voices depend on the TTS provider configured for this app. "
-            "Omit to use the app's configured voice when available; that value is exposed by "
-            "[Get App Parameters](/api-reference/applications/get-app-parameters) as `text_to_speech.voice`."
-        ),
-    )
-    text: str | None = Field(default=None, description="Speech content to convert.")
-    streaming: bool | None = Field(
-        default=None,
-        description="Reserved for compatibility; TTS response streaming is determined by the provider output.",
-    )
+    message_id: str | None = Field(default=None, description="Message ID")
+    voice: str | None = Field(default=None, description="Voice to use for TTS")
+    text: str | None = Field(default=None, description="Text to convert to audio")
+    streaming: bool | None = Field(default=None, description="Enable streaming response")
--- a/api/controllers/common/fields.py
+++ b/api/controllers/common/fields.py
@ -153,7 +153,6 @@ class ApiBaseUrlResponse(ResponseModel):

 class NewAppResponse(ResponseModel):
    new_app_id: str
-    permission_keys: list[str] = Field(default_factory=list)


 class Parameters(BaseModel):
--- a/api/controllers/common/human_input.py
+++ b/api/controllers/common/human_input.py
@ -35,23 +35,17 @@ class HumanInputFormSubmitPayload(BaseModel):
        ),
        examples=[HUMAN_INPUT_FORM_INPUT_EXAMPLE],
    )
-    action: str = Field(
-        description=(
-            "ID of the action button the recipient selected. Must match one of the `id` values from the form's "
-            "`user_actions` list."
-        )
-    )
+    action: str


 def stringify_form_default_values(values: dict[str, object]) -> dict[str, str]:
    """Serialize default values into strings expected by human-input form clients."""
    result: dict[str, str] = {}
    for key, value in values.items():
-        match value:
-            case None:
-                result[key] = ""
-            case dict() | list():
-                result[key] = json.dumps(value, ensure_ascii=False)
-            case _:
-                result[key] = str(value)
+        if value is None:
+            result[key] = ""
+        elif isinstance(value, (dict, list)):
+            result[key] = json.dumps(value, ensure_ascii=False)
+        else:
+            result[key] = str(value)
    return result
--- a/api/controllers/common/wraps.py
+++ b/api/controllers/common/wraps.py
@ -1,68 +1,9 @@
 from collections.abc import Callable
 from functools import wraps

-from sqlalchemy import select
-from werkzeug.exceptions import Forbidden, NotFound
-
-from configs import dify_config
 from core.rbac import RBACPermission, RBACResourceScope
-from extensions.ext_database import db
-from libs.login import current_account_with_tenant
-from models.dataset import Dataset
-from models.model import App
-from services.enterprise.rbac_service import RBACService

-__all__ = ["RBACPermission", "RBACResourceScope", "enforce_rbac_access", "rbac_permission_required"]
-
-
-def enforce_rbac_access(
-    *,
-    tenant_id: str,
-    account_id: str,
-    resource_type: RBACResourceScope,
-    scene: RBACPermission,
-    resource_required: bool = True,
-    path_args: dict[str, object] | None = None,
-) -> None:
-    """Enforce enterprise RBAC for an explicit account/tenant pair.
-
-    This is the flask-login-independent core of the RBAC gate so it can run
-    inside request-handling layers that resolve the caller themselves (e.g. the
-    openapi auth pipeline, which has the account on ``AuthData`` before
-    flask-login is mounted).
-
-    No-op when ``RBAC_ENABLED`` is ``False``. For resource-scoped checks the
-    resource ID is taken from ``path_args`` merged with ``request.view_args``;
-    resource ownership short-circuits the check. Raises ``Forbidden`` when
-    access is denied. For workspace-level checks pass ``resource_required=False``
-    so the RBAC request omits ``resource_id``.
-
-    Args:
-        tenant_id: The tenant the access is evaluated against.
-        account_id: The account requesting access.
-        resource_type: The :class:`RBACResourceScope` member (app/dataset/workspace).
-        scene: The :class:`RBACPermission` permission point, e.g. ``RBACPermission.APP_DELETE``.
-        resource_required: Whether a concrete resource ID is required.
-        path_args: Extra path arguments to merge with ``request.view_args``.
-    """
-    if not dify_config.RBAC_ENABLED:
-        return
-
-    check_resource_type = None if resource_type == RBACResourceScope.WORKSPACE else resource_type
-    resource_id = None
-    if resource_required and check_resource_type:
-        resource_id = _extract_resource_id(resource_type, path_args)
-        if _is_resource_owned_by_current_user(tenant_id, account_id, resource_type, resource_id):
-            return
-    allowed = RBACService.CheckAccess.check(
-        tenant_id,
-        account_id,
-        scene=scene,
-        resource_type=check_resource_type,
-        resource_id=resource_id,
-    )
-    if not allowed:
-        raise Forbidden()
+__all__ = ["RBACPermission", "RBACResourceScope", "rbac_permission_required"]


 def rbac_permission_required[**P, R](
@ -71,96 +12,19 @@ def rbac_permission_required[**P, R](
    *,
    resource_required: bool = True,
 ) -> Callable[[Callable[P, R]], Callable[P, R]]:
-    """Check enterprise RBAC permissions for the current flask-login user.
-
-    When ``RBAC_ENABLED`` is ``False`` the decorator is a no-op and the
-    request passes through unchanged. When enabled it resolves the current
-    account/tenant and delegates to :func:`enforce_rbac_access`, raising
-    ``Forbidden`` if access is denied.
+    """Check enterprise RBAC permissions for the current user.

    Args:
        resource_type: The :class:`RBACResourceScope` member (app/dataset/workspace).
-        scene: The :class:`RBACPermission` permission point, e.g. ``RBACPermission.APP_DELETE``.
+        scene: The :class:`RBACPermission` permission point.
        resource_required: Whether a concrete resource ID is required.
    """

    def decorator(view: Callable[P, R]) -> Callable[P, R]:
        @wraps(view)
        def decorated(*args: P.args, **kwargs: P.kwargs) -> R:
-            if not dify_config.RBAC_ENABLED:
-                return view(*args, **kwargs)
-
-            current_user, current_tenant_id = current_account_with_tenant()
-            enforce_rbac_access(
-                tenant_id=current_tenant_id,
-                account_id=current_user.id,
-                resource_type=resource_type,
-                scene=scene,
-                resource_required=resource_required,
-                path_args=kwargs,
-            )
            return view(*args, **kwargs)

        return decorated

    return decorator
-
-
-def _is_resource_owned_by_current_user(
-    tenant_id: str, account_id: str, resource_type: RBACResourceScope, resource_id: str
-) -> bool:
-    if resource_type == RBACResourceScope.APP:
-        maintainer = db.session.scalar(
-            select(App.maintainer).where(
-                App.id == resource_id,
-                App.tenant_id == tenant_id,
-                App.status == "normal",
-            )
-        )
-        return maintainer == account_id
-
-    if resource_type == RBACResourceScope.DATASET:
-        maintainer = db.session.scalar(
-            select(Dataset.maintainer).where(
-                Dataset.id == resource_id,
-                Dataset.tenant_id == tenant_id,
-            )
-        )
-        return maintainer == account_id
-
-    return False
-
-
-def _extract_resource_id(resource_type: RBACResourceScope, path_args: dict[str, object] | None = None) -> str:
-    """Extract the resource ID from matched path arguments.
-
-    Some legacy route classes use neutral names such as ``resource_id`` for
-    app/dataset resources, and Agent App routes use ``agent_id`` as the app id.
-    Dataset endpoints behind a rag-pipeline route contain ``pipeline_id``
-    instead of ``dataset_id``. In that case we look up the associated
-    ``Dataset`` row via ``Dataset.pipeline_id``.
-    """
-    from flask import request
-
-    view_args = request.view_args or {}
-    matched_args = {**view_args, **(path_args or {})}
-
-    if resource_type == RBACResourceScope.APP:
-        app_id = matched_args.get("app_id") or matched_args.get("agent_id") or matched_args.get("resource_id")
-        if not app_id:
-            raise ValueError("Missing app_id in request path")
-        return str(app_id)
-
-    if resource_type == RBACResourceScope.DATASET:
-        dataset_id = matched_args.get("dataset_id") or matched_args.get("resource_id")
-        if dataset_id:
-            return str(dataset_id)
-
-        pipeline_id = matched_args.get("pipeline_id")
-        if pipeline_id:
-            dataset = db.session.scalar(select(Dataset).where(Dataset.pipeline_id == str(pipeline_id)))
-            if not dataset:
-                raise NotFound("Dataset not found for pipeline")
-            return str(dataset.id)
-        raise ValueError("Missing dataset_id or pipeline_id in request path")
-    raise ValueError(f"Unknown resource_type: {resource_type}")
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@ -139,7 +139,6 @@ from .workspace import (
    model_providers,
    models,
    plugin,
-    rbac,
    snippets,
    tool_providers,
    trigger_providers,
@ -213,7 +212,6 @@ __all__ = [
    "rag_pipeline_draft_variable",
    "rag_pipeline_import",
    "rag_pipeline_workflow",
-    "rbac",
    "recommended_app",
    "saved_message",
    "setup",
--- a/api/controllers/console/agent/app_helpers.py
+++ b/api/controllers/console/agent/app_helpers.py
@ -1,10 +0,0 @@
-from uuid import UUID
-
-from extensions.ext_database import db
-from models.model import App
-from services.agent.roster_service import AgentRosterService
-
-
-def resolve_agent_app_model(*, tenant_id: str, agent_id: UUID) -> App:
-    """Resolve the hidden Agent App backing an Agent Console resource."""
-    return AgentRosterService(db.session).get_agent_app_model(tenant_id=tenant_id, agent_id=str(agent_id))
--- a/api/controllers/console/agent/composer.py
+++ b/api/controllers/console/agent/composer.py
@ -1,17 +1,11 @@
-from uuid import UUID
-
 from flask_restx import Resource

 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
    with_current_tenant_id,
    with_current_user_id,
@ -28,9 +22,9 @@ from libs.login import login_required
 from models.model import App, AppMode
 from services.agent.composer_service import AgentComposerService
 from services.agent.composer_validator import ComposerConfigValidator
-from services.entities.agent_entities import ComposerSavePayload, WorkflowComposerCopyFromRosterPayload
+from services.entities.agent_entities import ComposerSavePayload

-register_schema_models(console_ns, ComposerSavePayload, WorkflowComposerCopyFromRosterPayload)
+register_schema_models(console_ns, ComposerSavePayload)
 register_response_schema_models(
    console_ns,
    AgentAppComposerResponse,
@ -41,10 +35,6 @@ register_response_schema_models(
 )


-def _resolve_agent_app_id(*, tenant_id: str, agent_id: UUID) -> str:
-    return resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id).id
-
-
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/agent-composer")
 class WorkflowAgentComposerApi(Resource):
    @console_ns.response(
@ -73,7 +63,6 @@ class WorkflowAgentComposerApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
    @with_current_user_id
    @with_current_tenant_id
@ -91,38 +80,6 @@ class WorkflowAgentComposerApi(Resource):
        )


-@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/agent-composer/copy-from-roster")
-class WorkflowAgentComposerCopyFromRosterApi(Resource):
-    @console_ns.expect(console_ns.models[WorkflowComposerCopyFromRosterPayload.__name__])
-    @console_ns.response(
-        200,
-        "Workflow roster agent copied to inline agent",
-        console_ns.models[WorkflowAgentComposerResponse.__name__],
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
-    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
-    @with_current_user_id
-    @with_current_tenant_id
-    def post(self, tenant_id: str, account_id: str, app_model: App, node_id: str):
-        payload = WorkflowComposerCopyFromRosterPayload.model_validate(console_ns.payload or {})
-        return dump_response(
-            WorkflowAgentComposerResponse,
-            AgentComposerService.copy_workflow_composer_from_roster(
-                tenant_id=tenant_id,
-                app_id=app_model.id,
-                node_id=node_id,
-                account_id=account_id,
-                source_agent_id=payload.source_agent_id,
-                source_snapshot_id=payload.source_snapshot_id,
-                idempotency_key=payload.idempotency_key,
-            ),
-        )
-
-
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/agent-composer/validate")
 class WorkflowAgentComposerValidateApi(Resource):
    @console_ns.expect(console_ns.models[ComposerSavePayload.__name__])
@ -136,8 +93,7 @@ class WorkflowAgentComposerValidateApi(Resource):
    @with_current_tenant_id
    def post(self, tenant_id: str, app_model: App, node_id: str):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
-        ComposerConfigValidator.validate_publish_payload(payload)
-        AgentComposerService.validate_knowledge_datasets(tenant_id=tenant_id, agent_soul=payload.agent_soul)
+        ComposerConfigValidator.validate_save_payload(payload)
        findings = AgentComposerService.collect_validation_findings(
            tenant_id=tenant_id,
            payload=payload,
@ -203,7 +159,6 @@ class WorkflowAgentComposerSaveToRosterApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @get_app_model(mode=[AppMode.WORKFLOW, AppMode.ADVANCED_CHAT])
    @with_current_user_id
    @with_current_tenant_id
@ -221,18 +176,18 @@ class WorkflowAgentComposerSaveToRosterApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/composer")
-class AgentComposerApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer")
+class AgentAppComposerApi(Resource):
    @console_ns.response(200, "Agent app composer state", console_ns.models[AgentAppComposerResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        return dump_response(
            AgentAppComposerResponse,
-            AgentComposerService.load_agent_app_composer(tenant_id=tenant_id, app_id=app_id),
+            AgentComposerService.load_agent_app_composer(tenant_id=tenant_id, app_id=app_model.id),
        )

    @console_ns.expect(console_ns.models[ComposerSavePayload.__name__])
@ -241,25 +196,24 @@ class AgentComposerApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user_id
    @with_current_tenant_id
-    def put(self, tenant_id: str, account_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def put(self, tenant_id: str, account_id: str, app_model: App):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        return dump_response(
            AgentAppComposerResponse,
            AgentComposerService.save_agent_app_composer(
                tenant_id=tenant_id,
-                app_id=app_id,
+                app_id=app_model.id,
                account_id=account_id,
                payload=payload,
            ),
        )


-@console_ns.route("/agent/<uuid:agent_id>/composer/validate")
-class AgentComposerValidateApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer/validate")
+class AgentAppComposerValidateApi(Resource):
    @console_ns.expect(console_ns.models[ComposerSavePayload.__name__])
    @console_ns.response(
        200, "Agent app composer validation result", console_ns.models[AgentComposerValidateResponse.__name__]
@ -267,37 +221,36 @@ class AgentComposerValidateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID):
-        _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, tenant_id: str, app_model: App):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
-        ComposerConfigValidator.validate_publish_payload(payload)
-        AgentComposerService.validate_knowledge_datasets(tenant_id=tenant_id, agent_soul=payload.agent_soul)
+        ComposerConfigValidator.validate_save_payload(payload)
        findings = AgentComposerService.collect_validation_findings(
            tenant_id=tenant_id,
            payload=payload,
-            agent_id=str(agent_id),
+            agent_id=AgentComposerService.resolve_bound_agent_id(tenant_id=tenant_id, app_id=app_model.id),
        )
        return dump_response(AgentComposerValidateResponse, {"result": "success", "errors": [], **findings})


-@console_ns.route("/agent/<uuid:agent_id>/composer/candidates")
-class AgentComposerCandidatesApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer/candidates")
+class AgentAppComposerCandidatesApi(Resource):
    @console_ns.response(
        200, "Agent app composer candidates", console_ns.models[AgentComposerCandidatesResponse.__name__]
    )
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user_id
    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, current_user_id: str, app_model: App):
        return dump_response(
            AgentComposerCandidatesResponse,
            AgentComposerService.get_agent_app_candidates(
                tenant_id=tenant_id,
-                app_id=app_id,
+                app_id=app_model.id,
                user_id=current_user_id,
            ),
        )
--- a/api/controllers/console/agent/roster.py
+++ b/api/controllers/console/agent/roster.py
@ -1,72 +1,29 @@
 from uuid import UUID

-from flask import abort, request
+from flask import request
 from flask_restx import Resource
-from pydantic import AliasChoices, BaseModel, Field, field_validator
-from sqlalchemy import func, select
+from pydantic import BaseModel, Field

 from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
-from controllers.console.apikey import ApiKeyItem, ApiKeyList, BaseApiKeyListResource, BaseApiKeyResource
-from controllers.console.app.app import (
-    AppDetailWithSite as GenericAppDetailWithSite,
-)
-from controllers.console.app.app import (
-    AppListQuery,
-    _normalize_app_list_query_args,
-)
-from controllers.console.app.app import (
-    AppPagination as GenericAppPagination,
-)
-from controllers.console.app.app import (
-    AppPartial as GenericAppPartial,
-)
-from controllers.console.app.app import (
-    UpdateAppPayload as GenericUpdateAppPayload,
-)
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
-    edit_permission_required,
-    enterprise_license_required,
-    is_admin_or_owner_required,
-    rbac_permission_required,
    setup_required,
    with_current_tenant_id,
-    with_current_user,
 )
 from extensions.ext_database import db
 from fields.agent_fields import (
    AgentConfigSnapshotDetailResponse,
    AgentConfigSnapshotListResponse,
-    AgentConfigSnapshotRestoreResponse,
    AgentInviteOptionsResponse,
-    AgentLogListResponse,
-    AgentLogMessageListResponse,
-    AgentLogSourceListResponse,
    AgentPublishedReferenceResponse,
    AgentRosterListResponse,
-    AgentStatisticSummaryEnvelopeResponse,
+    AgentRosterResponse,
 )
-from libs.datetime_utils import parse_time_range
 from libs.helper import dump_response
 from libs.login import login_required
-from models import Account
-from models.enums import ApiTokenType
-from models.model import ApiToken, App, IconType
-from services.agent.errors import AgentNotFoundError
-from services.agent.observability_service import (
-    AgentLogQueryParams,
-    AgentObservabilityService,
-    AgentStatisticsQueryParams,
-)
 from services.agent.roster_service import AgentRosterService
-from services.app_service import AppListParams, AppService, CreateAppParams
-from services.enterprise.enterprise_service import EnterpriseService
 from services.entities.agent_entities import RosterListQuery
-from services.feature_service import FeatureService


 class AgentInviteOptionsQuery(RosterListQuery):
@ -77,216 +34,20 @@ class AgentIdPath(BaseModel):
    agent_id: str


-class AgentAppCreatePayload(BaseModel):
-    name: str = Field(..., min_length=1, description="Agent name")
-    description: str | None = Field(default=None, description="Agent description (max 400 chars)", max_length=400)
-    role: str = Field(..., min_length=1, description="Agent role", max_length=255)
-    icon_type: IconType | None = Field(default=None, description="Icon type")
-    icon: str | None = Field(default=None, description="Icon")
-    icon_background: str | None = Field(default=None, description="Icon background color")
-
-    @field_validator("role")
-    @classmethod
-    def validate_role(cls, value: str) -> str:
-        role = value.strip()
-        if not role:
-            raise ValueError("Agent role is required.")
-        return role
-
-
-# Keep agent-app roster DTOs agent-specific instead of reusing the shared
-# /apps response/request models. The roster surface needs Agent-only fields such
-# as `role`, while the generic console/apps contracts must stay unchanged.
-class AgentAppUpdatePayload(GenericUpdateAppPayload):
-    role: str = Field(..., min_length=1, description="Agent role", max_length=255)
-
-    @field_validator("role")
-    @classmethod
-    def validate_role(cls, value: str) -> str:
-        role = value.strip()
-        if not role:
-            raise ValueError("Agent role is required.")
-        return role
-
-
-class AgentAppCopyPayload(BaseModel):
-    name: str | None = Field(default=None, description="Name for the copied agent")
-    description: str | None = Field(default=None, description="Description for the copied agent", max_length=400)
-    role: str | None = Field(default=None, description="Role for the copied agent", max_length=255)
-    icon_type: IconType | None = Field(default=None, description="Icon type")
-    icon: str | None = Field(default=None, description="Icon")
-    icon_background: str | None = Field(default=None, description="Icon background color")
-
-    @field_validator("role")
-    @classmethod
-    def validate_role(cls, value: str | None) -> str | None:
-        if value is None:
-            return None
-        role = value.strip()
-        if not role:
-            raise ValueError("Agent role is required when provided.")
-        return role
-
-
-class AgentApiStatusPayload(BaseModel):
-    enable_api: bool = Field(..., description="Enable or disable Agent service API")
-
-
-class AgentApiAccessResponse(BaseModel):
-    enabled: bool
-    service_api_base_url: str
-    streaming_only: bool = True
-    chat_endpoint: str
-    stop_endpoint: str
-    conversations_endpoint: str
-    messages_endpoint: str
-    files_upload_endpoint: str
-    parameters_endpoint: str
-    info_endpoint: str
-    meta_endpoint: str
-    api_rpm: int
-    api_rph: int
-    api_key_count: int
-
-
-class AgentAppPublishedReferenceResponse(BaseModel):
-    app_id: str
-    app_name: str
-    app_icon_type: str | None = None
-    app_icon: str | None = None
-    app_icon_background: str | None = None
-
-
-class AgentLogsQuery(BaseModel):
-    page: int = Field(default=1, ge=1, description="Page number")
-    limit: int = Field(default=20, ge=1, le=100, description="Page size")
-    keyword: str | None = Field(default=None, description="Search query, answer, or conversation name")
-    status: str | None = Field(default=None, description="Deprecated single status filter")
-    statuses: list[str] = Field(default_factory=list, description="Filter by one or more of success, failed, paused")
-    source: str | None = Field(
-        default=None,
-        description="Deprecated single source filter",
-    )
-    sources: list[str] = Field(
-        default_factory=list,
-        description=(
-            "Filter by one or more source IDs, e.g. webapp:<app_id> "
-            "or workflow:<app_id>:<workflow_id>:<version>:<node_id>"
-        ),
-    )
-    sort_by: str = Field(default="updated_at", description="Sort by created_at or updated_at")
-    sort_order: str = Field(default="desc", description="Sort order: asc or desc")
-    start: str | None = Field(default=None, description="Start date (YYYY-MM-DD HH:MM)")
-    end: str | None = Field(default=None, description="End date (YYYY-MM-DD HH:MM)")
-
-    @field_validator("keyword", "status", "source", "start", "end", mode="before")
-    @classmethod
-    def empty_string_to_none(cls, value: str | None) -> str | None:
-        if value == "":
-            return None
-        return value
-
-    @field_validator("statuses", "sources", mode="before")
-    @classmethod
-    def empty_list_values_to_list(cls, value: object) -> list[str]:
-        if value in (None, ""):
-            return []
-        if isinstance(value, str):
-            return [value]
-        if isinstance(value, list):
-            return [item for item in value if item]
-        return []
-
-    @field_validator("sort_by")
-    @classmethod
-    def validate_sort_by(cls, value: str) -> str:
-        normalized = value.strip().lower()
-        if normalized not in {"created_at", "updated_at"}:
-            raise ValueError("sort_by must be created_at or updated_at")
-        return normalized
-
-    @field_validator("sort_order")
-    @classmethod
-    def validate_sort_order(cls, value: str) -> str:
-        normalized = value.strip().lower()
-        if normalized not in {"asc", "desc"}:
-            raise ValueError("sort_order must be asc or desc")
-        return normalized
-
-
-class AgentStatisticsQuery(BaseModel):
-    source: str | None = Field(
-        default=None,
-        description="Filter by all, console/explore, api/service-api, web-app, debugger, openapi, or trigger",
-    )
-    start: str | None = Field(default=None, description="Start date (YYYY-MM-DD HH:MM)")
-    end: str | None = Field(default=None, description="End date (YYYY-MM-DD HH:MM)")
-
-    @field_validator("source", "start", "end", mode="before")
-    @classmethod
-    def empty_string_to_none(cls, value: str | None) -> str | None:
-        if value == "":
-            return None
-        return value
-
-
-class AgentAppPartial(GenericAppPartial):
-    app_id: str | None = None
-    debug_conversation_id: str | None = None
-    role: str | None = None
-    active_config_is_published: bool = False
-    published_reference_count: int = 0
-    published_references: list[AgentAppPublishedReferenceResponse] = Field(default_factory=list)
-
-
-class AgentAppDetailWithSite(GenericAppDetailWithSite):
-    app_id: str | None = None
-    debug_conversation_id: str | None = None
-    role: str | None = None
-    active_config_is_published: bool = False
-
-
-class AgentDebugConversationRefreshResponse(BaseModel):
-    debug_conversation_id: str
-
-
-class AgentAppPagination(GenericAppPagination):
-    data: list[AgentAppPartial] = Field(  # type: ignore[assignment]  # pyrefly: ignore[bad-override-mutable-attribute]
-        validation_alias=AliasChoices("items", "data")
-    )
-
-
 register_schema_models(
    console_ns,
-    AgentAppCreatePayload,
-    AgentAppUpdatePayload,
-    AgentAppCopyPayload,
-    AgentApiStatusPayload,
    AgentInviteOptionsQuery,
-    AgentLogsQuery,
-    AgentStatisticsQuery,
    AgentIdPath,
-    AppListQuery,
    RosterListQuery,
 )
 register_response_schema_models(
    console_ns,
-    AgentAppPagination,
-    AgentApiAccessResponse,
-    AgentAppPublishedReferenceResponse,
-    AgentAppDetailWithSite,
-    AgentAppPartial,
-    AgentDebugConversationRefreshResponse,
    AgentConfigSnapshotDetailResponse,
    AgentConfigSnapshotListResponse,
-    AgentConfigSnapshotRestoreResponse,
    AgentInviteOptionsResponse,
-    AgentLogListResponse,
-    AgentLogMessageListResponse,
-    AgentLogSourceListResponse,
    AgentPublishedReferenceResponse,
    AgentRosterListResponse,
-    AgentStatisticSummaryEnvelopeResponse,
+    AgentRosterResponse,
 )


@ -294,393 +55,25 @@ def _agent_roster_service() -> AgentRosterService:
    return AgentRosterService(db.session)


-def _serialize_agent_app_detail(app_model, *, current_user: Account) -> dict:
-    """Serialize an Agent App detail using roster-only DTOs.
-
-    `/agent` responses are roster-shaped rather than raw app-shaped: `id`
-    becomes the backing roster Agent id, `app_id` carries the underlying App
-    id, and `role` is injected from the backing roster Agent. Keeping that
-    remap in this serializer lets generated console/agent contracts expose the
-    roster persona fields without widening the shared /apps detail schema.
-    """
-
-    app_model = AppService().get_app(app_model)
-    if FeatureService.get_system_features().webapp_auth.enabled:
-        app_setting = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id=str(app_model.id))
-        app_model.access_mode = app_setting.access_mode  # type: ignore[attr-defined]
-
-    roster_service = _agent_roster_service()
-    payload = AgentAppDetailWithSite.model_validate(app_model, from_attributes=True).model_dump(mode="json")
-    agent = roster_service.get_app_backing_agent(tenant_id=app_model.tenant_id, app_id=str(app_model.id))
-    if not agent:
-        raise AgentNotFoundError()
-    payload.pop("bound_agent_id", None)
-    payload["app_id"] = str(app_model.id)
-    payload["id"] = agent.id
-    payload["debug_conversation_id"] = roster_service.get_or_create_agent_app_debug_conversation_id(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent.id,
-        account_id=current_user.id,
-    )
-    payload["role"] = agent.role or ""
-    payload["active_config_is_published"] = roster_service.active_config_is_published(
-        tenant_id=app_model.tenant_id,
-        agent=agent,
-    )
-    return payload
-
-
-def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str, current_user: Account) -> dict:
-    """Serialize Agent App lists with roster-shaped items.
-
-    Each item starts from the shared App list shape, then drops
-    `bound_agent_id`, rewrites `id` to the backing roster Agent id, stores the
-    original App id in `app_id`, and injects roster-only `role` when a backing
-    Agent is present.
-    """
-
-    app_ids = [str(app.id) for app in app_pagination.items]
-    roster_service = _agent_roster_service()
-    agents_by_app_id = roster_service.load_app_backing_agents_by_app_id(
-        tenant_id=tenant_id,
-        app_ids=app_ids,
-    )
-    active_config_is_published_by_agent_id = roster_service.load_active_config_is_published_by_agent_id(
-        tenant_id=tenant_id,
-        agents=list(agents_by_app_id.values()),
-    )
-    published_references_by_agent_id = roster_service.load_published_references_by_agent_id(
-        tenant_id=tenant_id,
-        agent_ids=[agent.id for agent in agents_by_app_id.values()],
-    )
-    debug_conversation_ids_by_agent_id = roster_service.load_or_create_agent_app_debug_conversation_ids_by_agent_id(
-        tenant_id=tenant_id,
-        agents=list(agents_by_app_id.values()),
-        account_id=current_user.id,
-    )
-    payload = AgentAppPagination.model_validate(app_pagination, from_attributes=True).model_dump(mode="json")
-    for item in payload["data"]:
-        app_id = item["id"]
-        item.pop("bound_agent_id", None)
-        agent = agents_by_app_id.get(app_id)
-        if agent:
-            item["app_id"] = app_id
-            item["id"] = agent.id
-            item["debug_conversation_id"] = debug_conversation_ids_by_agent_id.get(agent.id)
-            item["role"] = agent.role or ""
-            item["active_config_is_published"] = active_config_is_published_by_agent_id.get(agent.id, False)
-            published_references = published_references_by_agent_id.get(agent.id, [])
-            item["published_reference_count"] = len(published_references)
-            item["published_references"] = [
-                {
-                    "app_id": reference["app_id"],
-                    "app_name": reference["app_name"],
-                    "app_icon_type": reference["app_icon_type"],
-                    "app_icon": reference["app_icon"],
-                    "app_icon_background": reference["app_icon_background"],
-                }
-                for reference in published_references
-            ]
-    return AgentAppPagination.model_validate(payload).model_dump(
-        mode="json",
-        exclude={"data": {"__all__": {"bound_agent_id"}}},
-    )
-
-
-def _resolve_agent_app_model(*, tenant_id: str, agent_id: UUID):
-    return resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-
-
-def _agent_api_key_count(app_id: str) -> int:
-    return (
-        db.session.scalar(
-            select(func.count(ApiToken.id)).where(
-                ApiToken.type == ApiTokenType.APP,
-                ApiToken.app_id == app_id,
-            )
-        )
-        or 0
-    )
-
-
-def _serialize_agent_api_access(app_model: App) -> dict:
-    base_url = app_model.api_base_url
-    response = AgentApiAccessResponse(
-        enabled=bool(app_model.enable_api),
-        service_api_base_url=base_url,
-        chat_endpoint=f"{base_url}/chat-messages",
-        stop_endpoint=f"{base_url}/chat-messages/{{task_id}}/stop",
-        conversations_endpoint=f"{base_url}/conversations",
-        messages_endpoint=f"{base_url}/messages",
-        files_upload_endpoint=f"{base_url}/files/upload",
-        parameters_endpoint=f"{base_url}/parameters",
-        info_endpoint=f"{base_url}/info",
-        meta_endpoint=f"{base_url}/meta",
-        api_rpm=app_model.api_rpm or 0,
-        api_rph=app_model.api_rph or 0,
-        api_key_count=_agent_api_key_count(str(app_model.id)),
-    )
-    return response.model_dump(mode="json")
-
-
-def _agent_observability_service() -> AgentObservabilityService:
-    return AgentObservabilityService(db.session)
-
-
-def _parse_observability_time_range(start: str | None, end: str | None, account: Account):
-    timezone = account.timezone or "UTC"
-    try:
-        return parse_time_range(start, end, timezone)
-    except ValueError as exc:
-        abort(400, description=str(exc))
-
-
-def _multi_query_values(name: str, legacy_name: str | None = None) -> list[str]:
-    values: list[str] = []
-    for query_name in (name, f"{name}[]"):
-        values.extend(request.args.getlist(query_name))
-    if legacy_name:
-        values.extend(request.args.getlist(legacy_name))
-    parsed: list[str] = []
-    for value in values:
-        parsed.extend(item.strip() for item in value.split(",") if item.strip())
-    return parsed
-
-
-@console_ns.route("/agent")
-class AgentAppListApi(Resource):
-    @console_ns.doc(params=query_params_from_model(AppListQuery))
-    @console_ns.response(200, "Agent app list", console_ns.models[AgentAppPagination.__name__])
+@console_ns.route("/agents")
+class AgentRosterListApi(Resource):
+    @console_ns.doc(params=query_params_from_model(RosterListQuery))
+    @console_ns.response(200, "Agent roster list", console_ns.models[AgentRosterListResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
    @with_current_tenant_id
-    def get(self, current_tenant_id: str, current_user: Account):
-        args = AppListQuery.model_validate(_normalize_app_list_query_args(request.args))
-        params = AppListParams(
-            page=args.page,
-            limit=args.limit,
-            mode="agent",
-            name=args.name,
-            tag_ids=args.tag_ids,
-            creator_ids=args.creator_ids,
-            is_created_by_me=args.is_created_by_me,
-            status="normal",
-        )
-
-        app_pagination = AppService().get_paginate_apps(current_user.id, current_tenant_id, params, db.session)
-        if app_pagination is None:
-            empty = AgentAppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
-            return empty.model_dump(mode="json")
-
-        return _serialize_agent_app_pagination(
-            app_pagination,
-            tenant_id=current_tenant_id,
-            current_user=current_user,
-        )
-
-    @console_ns.expect(console_ns.models[AgentAppCreatePayload.__name__])
-    @console_ns.response(201, "Agent app created successfully", console_ns.models[AgentAppDetailWithSite.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @console_ns.response(400, "Invalid request parameters")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user: Account):
-        args = AgentAppCreatePayload.model_validate(console_ns.payload)
-        params = CreateAppParams(
-            name=args.name,
-            description=args.description,
-            mode="agent",
-            agent_role=args.role,
-            icon_type=args.icon_type,
-            icon=args.icon,
-            icon_background=args.icon_background,
-        )
-
-        app = AppService().create_app(current_tenant_id, params, current_user)
-        return _serialize_agent_app_detail(app, current_user=current_user), 201
-
-
-@console_ns.route("/agent/<uuid:agent_id>")
-class AgentAppApi(Resource):
-    @console_ns.response(200, "Agent app detail", console_ns.models[AgentAppDetailWithSite.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_user
-    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _serialize_agent_app_detail(app_model, current_user=current_user)
-
-    @console_ns.expect(console_ns.models[AgentAppUpdatePayload.__name__])
-    @console_ns.response(200, "Agent app updated successfully", console_ns.models[AgentAppDetailWithSite.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @console_ns.response(400, "Invalid request parameters")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def put(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        args = AgentAppUpdatePayload.model_validate(console_ns.payload)
-        args_dict: AppService.ArgsDict = {
-            "name": args.name,
-            "description": args.description or "",
-            "icon_type": args.icon_type,
-            "icon": args.icon or "",
-            "icon_background": args.icon_background or "",
-            "use_icon_as_answer_icon": args.use_icon_as_answer_icon or False,
-            "max_active_requests": args.max_active_requests or 0,
-            "role": args.role,
-        }
-        updated = AppService().update_app(app_model, args_dict)
-        return _serialize_agent_app_detail(updated, current_user=current_user)
-
-    @console_ns.response(204, "Agent app deleted successfully")
-    @console_ns.response(403, "Insufficient permissions")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        AppService().delete_app(app_model)
-        return "", 204
-
-
-@console_ns.route("/agent/<uuid:agent_id>/debug-conversation/refresh")
-class AgentDebugConversationRefreshApi(Resource):
-    @console_ns.response(
-        200,
-        "Agent debug conversation refreshed",
-        console_ns.models[AgentDebugConversationRefreshResponse.__name__],
-    )
-    @console_ns.response(403, "Insufficient permissions")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        debug_conversation_id = _agent_roster_service().refresh_agent_app_debug_conversation_id(
-            tenant_id=tenant_id,
-            agent_id=str(agent_id),
-            account_id=current_user.id,
-        )
-        return AgentDebugConversationRefreshResponse(debug_conversation_id=debug_conversation_id).model_dump(
-            mode="json"
+    def get(self, tenant_id: str):
+        query = RosterListQuery.model_validate(request.args.to_dict(flat=True))
+        return dump_response(
+            AgentRosterListResponse,
+            _agent_roster_service().list_roster_agents(
+                tenant_id=tenant_id, page=query.page, limit=query.limit, keyword=query.keyword
+            ),
        )


-@console_ns.route("/agent/<uuid:agent_id>/copy")
-class AgentAppCopyApi(Resource):
-    @console_ns.expect(console_ns.models[AgentAppCopyPayload.__name__])
-    @console_ns.response(201, "Agent app copied successfully", console_ns.models[AgentAppDetailWithSite.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @console_ns.response(400, "Invalid request parameters")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        args = AgentAppCopyPayload.model_validate(console_ns.payload or {})
-        copied_app = _agent_roster_service().duplicate_agent_app(
-            tenant_id=tenant_id,
-            agent_id=str(agent_id),
-            account=current_user,
-            name=args.name,
-            description=args.description,
-            role=args.role,
-            icon_type=args.icon_type,
-            icon=args.icon,
-            icon_background=args.icon_background,
-        )
-        return _serialize_agent_app_detail(copied_app, current_user=current_user), 201
-
-
-@console_ns.route("/agent/<uuid:agent_id>/api-access")
-class AgentApiAccessApi(Resource):
-    @console_ns.response(200, "Agent service API access", console_ns.models[AgentApiAccessResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _serialize_agent_api_access(app_model)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/api-enable")
-class AgentApiStatusApi(Resource):
-    @console_ns.expect(console_ns.models[AgentApiStatusPayload.__name__])
-    @console_ns.response(200, "Agent service API status updated", console_ns.models[AgentApiAccessResponse.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @setup_required
-    @login_required
-    @is_admin_or_owner_required
-    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
-    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        args = AgentApiStatusPayload.model_validate(console_ns.payload)
-        app_model = AppService().update_app_api_status(app_model, args.enable_api)
-        return _serialize_agent_api_access(app_model)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/api-keys")
-class AgentApiKeyListApi(BaseApiKeyListResource):
-    resource_type = ApiTokenType.APP
-    resource_model = App
-    resource_id_field = "app_id"
-    token_prefix = "app-"
-
-    @console_ns.response(200, "Agent service API keys", console_ns.models[ApiKeyList.__name__])
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID) -> dict[str, object]:
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return dump_response(ApiKeyList, self._get_api_key_list(str(app_model.id), tenant_id))
-
-    @console_ns.response(201, "Agent service API key created", console_ns.models[ApiKeyItem.__name__])
-    @console_ns.response(400, "Maximum keys exceeded")
-    @with_current_tenant_id
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
-    def post(self, tenant_id: str, agent_id: UUID) -> tuple[dict[str, object], int]:
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return dump_response(ApiKeyItem, self._create_api_key(str(app_model.id), tenant_id)), 201
-
-
-@console_ns.route("/agent/<uuid:agent_id>/api-keys/<uuid:api_key_id>")
-class AgentApiKeyApi(BaseApiKeyResource):
-    resource_type = ApiTokenType.APP
-    resource_model = App
-    resource_id_field = "app_id"
-
-    @console_ns.response(204, "Agent service API key deleted")
-    @with_current_user
-    @with_current_tenant_id
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
-    def delete(self, tenant_id: str, current_user: Account, agent_id: UUID, api_key_id: UUID) -> tuple[str, int]:
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        self._delete_api_key(str(app_model.id), str(api_key_id), tenant_id, current_user)
-        return "", 204
-
-
-@console_ns.route("/agent/invite-options")
+@console_ns.route("/agents/invite-options")
 class AgentInviteOptionsApi(Resource):
    @console_ns.doc(params=query_params_from_model(AgentInviteOptionsQuery))
    @console_ns.response(200, "Agent invite options", console_ns.models[AgentInviteOptionsResponse.__name__])
@ -702,125 +95,21 @@ class AgentInviteOptionsApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/logs")
-class AgentLogsApi(Resource):
-    @console_ns.doc(params=query_params_from_model(AgentLogsQuery))
-    @console_ns.response(200, "Agent logs", console_ns.models[AgentLogListResponse.__name__])
+@console_ns.route("/agents/<uuid:agent_id>")
+class AgentRosterDetailApi(Resource):
+    @console_ns.response(200, "Agent detail", console_ns.models[AgentRosterResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        query_data: dict[str, object] = dict(request.args.to_dict(flat=True))
-        query_data["sources"] = _multi_query_values("sources", "source")
-        query_data["statuses"] = _multi_query_values("statuses", "status")
-        query = AgentLogsQuery.model_validate(query_data)
-        start, end = _parse_observability_time_range(query.start, query.end, current_user)
-        try:
-            payload = _agent_observability_service().list_logs(
-                app=app_model,
-                agent_id=str(agent_id),
-                params=AgentLogQueryParams(
-                    page=query.page,
-                    limit=query.limit,
-                    keyword=query.keyword,
-                    statuses=tuple(query.statuses),
-                    sources=tuple(query.sources),
-                    sort_by=query.sort_by,
-                    sort_order=query.sort_order,
-                    start=start,
-                    end=end,
-                ),
-            )
-        except ValueError as exc:
-            abort(400, description=str(exc))
-        return dump_response(AgentLogListResponse, payload)
+    def get(self, tenant_id: str, agent_id: UUID):
+        return dump_response(
+            AgentRosterResponse,
+            _agent_roster_service().get_roster_agent_detail(tenant_id=tenant_id, agent_id=str(agent_id)),
+        )


-@console_ns.route("/agent/<uuid:agent_id>/logs/<uuid:conversation_id>/messages")
-class AgentLogMessagesApi(Resource):
-    @console_ns.doc(params=query_params_from_model(AgentLogsQuery))
-    @console_ns.response(200, "Agent log messages", console_ns.models[AgentLogMessageListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user: Account, agent_id: UUID, conversation_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        query_data: dict[str, object] = dict(request.args.to_dict(flat=True))
-        query_data["sources"] = _multi_query_values("sources", "source")
-        query_data["statuses"] = _multi_query_values("statuses", "status")
-        query = AgentLogsQuery.model_validate(query_data)
-        start, end = _parse_observability_time_range(query.start, query.end, current_user)
-        try:
-            payload = _agent_observability_service().list_log_messages(
-                app=app_model,
-                agent_id=str(agent_id),
-                conversation_id=str(conversation_id),
-                params=AgentLogQueryParams(
-                    page=query.page,
-                    limit=query.limit,
-                    keyword=query.keyword,
-                    statuses=tuple(query.statuses),
-                    sources=tuple(query.sources),
-                    sort_by=query.sort_by,
-                    sort_order=query.sort_order,
-                    start=start,
-                    end=end,
-                ),
-            )
-        except ValueError as exc:
-            abort(400, description=str(exc))
-        return dump_response(AgentLogMessageListResponse, payload)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/log-sources")
-class AgentLogSourcesApi(Resource):
-    @console_ns.response(200, "Agent log sources", console_ns.models[AgentLogSourceListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        payload = _agent_observability_service().list_log_sources(app=app_model, agent_id=str(agent_id))
-        return dump_response(AgentLogSourceListResponse, payload)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/statistics/summary")
-class AgentStatisticsSummaryApi(Resource):
-    @console_ns.doc(params=query_params_from_model(AgentStatisticsQuery))
-    @console_ns.response(
-        200,
-        "Agent monitoring summary and chart data",
-        console_ns.models[AgentStatisticSummaryEnvelopeResponse.__name__],
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        query = AgentStatisticsQuery.model_validate(request.args.to_dict(flat=True))
-        timezone = current_user.timezone or "UTC"
-        start, end = _parse_observability_time_range(query.start, query.end, current_user)
-        try:
-            payload = _agent_observability_service().get_statistics_summary(
-                app=app_model,
-                agent_id=str(agent_id),
-                params=AgentStatisticsQueryParams(source=query.source, start=start, end=end, timezone=timezone),
-            )
-        except ValueError as exc:
-            abort(400, description=str(exc))
-        return dump_response(AgentStatisticSummaryEnvelopeResponse, payload)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/versions")
+@console_ns.route("/agents/<uuid:agent_id>/versions")
 class AgentRosterVersionsApi(Resource):
    @console_ns.response(200, "Agent versions", console_ns.models[AgentConfigSnapshotListResponse.__name__])
    @setup_required
@ -834,7 +123,7 @@ class AgentRosterVersionsApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/versions/<uuid:version_id>")
+@console_ns.route("/agents/<uuid:agent_id>/versions/<uuid:version_id>")
 class AgentRosterVersionDetailApi(Resource):
    @console_ns.response(200, "Agent version detail", console_ns.models[AgentConfigSnapshotDetailResponse.__name__])
    @setup_required
@ -850,24 +139,3 @@ class AgentRosterVersionDetailApi(Resource):
                version_id=str(version_id),
            ),
        )
-
-
-@console_ns.route("/agent/<uuid:agent_id>/versions/<uuid:version_id>/restore")
-class AgentRosterVersionRestoreApi(Resource):
-    @console_ns.response(200, "Agent version restored", console_ns.models[AgentConfigSnapshotRestoreResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID, version_id: UUID):
-        return dump_response(
-            AgentConfigSnapshotRestoreResponse,
-            _agent_roster_service().restore_agent_version(
-                tenant_id=tenant_id,
-                agent_id=str(agent_id),
-                version_id=str(version_id),
-                account_id=current_user.id,
-            ),
-        )
--- a/api/controllers/console/apikey.py
+++ b/api/controllers/console/apikey.py
@ -9,7 +9,6 @@ from sqlalchemy import delete, func, select
 from sqlalchemy.orm import sessionmaker
 from werkzeug.exceptions import Forbidden

-from configs import dify_config
 from controllers.common.schema import register_response_schema_models
 from extensions.ext_database import db
 from fields.base import ResponseModel
@ -23,11 +22,8 @@ from services.api_token_service import ApiTokenCache

 from . import console_ns
 from .wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
    with_current_tenant_id,
    with_current_user,
@ -147,7 +143,7 @@ class BaseApiKeyResource(Resource):
        assert self.resource_id_field is not None, "resource_id_field must be set"
        _get_resource(resource_id, current_tenant_id, self.resource_model)

-        if not dify_config.RBAC_ENABLED and not current_user.is_admin_or_owner:
+        if not current_user.is_admin_or_owner:
            raise Forbidden()

        key = db.session.scalar(
@ -190,7 +186,6 @@ class AppApiKeyListResource(BaseApiKeyListResource):
    @console_ns.response(400, "Maximum keys exceeded")
    @with_current_tenant_id
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
    def post(self, current_tenant_id: str, resource_id: UUID) -> tuple[dict[str, object], int]:
        """Create a new API key for an app"""
        return dump_response(ApiKeyItem, self._create_api_key(str(resource_id), current_tenant_id)), 201
@ -209,7 +204,6 @@ class AppApiKeyResource(BaseApiKeyResource):
    @console_ns.response(204, "API key deleted successfully")
    @with_current_user
    @with_current_tenant_id
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
    def delete(
        self, current_tenant_id: str, current_user: Account, resource_id: UUID, api_key_id: UUID
    ) -> tuple[str, int]:
@ -240,7 +234,6 @@ class DatasetApiKeyListResource(BaseApiKeyListResource):
    @console_ns.response(400, "Maximum keys exceeded")
    @with_current_tenant_id
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.DATASET, RBACPermission.DATASET_API_KEY_MANAGE)
    def post(self, current_tenant_id: str, resource_id: UUID) -> tuple[dict[str, object], int]:
        """Create a new API key for a dataset"""
        return dump_response(ApiKeyItem, self._create_api_key(str(resource_id), current_tenant_id)), 201
@ -259,7 +252,6 @@ class DatasetApiKeyResource(BaseApiKeyResource):
    @console_ns.response(204, "API key deleted successfully")
    @with_current_user
    @with_current_tenant_id
-    @rbac_permission_required(RBACResourceScope.DATASET, RBACPermission.DATASET_API_KEY_MANAGE)
    def delete(
        self, current_tenant_id: str, current_user: Account, resource_id: UUID, api_key_id: UUID
    ) -> tuple[str, int]:
--- a/api/controllers/console/app/agent.py
+++ b/api/controllers/console/app/agent.py
@ -1,5 +1,5 @@
+import logging
 from typing import Any
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -13,32 +13,23 @@ from controllers.common.schema import (
    register_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
-    account_initialization_required,
-    rbac_permission_required,
-    setup_required,
-    with_current_tenant_id,
-    with_current_user,
-)
+from controllers.console.wraps import account_initialization_required, setup_required, with_current_user
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from libs.helper import uuid_value
 from libs.login import login_required
 from models import Account
+from models.agent_config_entities import AgentFileRefConfig, AgentSkillRefConfig
 from models.model import App, AppMode, UploadFile
 from services.agent.composer_service import AgentComposerService
-from services.agent.skill_package_service import SkillManifest, SkillPackageError
+from services.agent.skill_package_service import SkillManifest, SkillPackageError, SkillPackageService
 from services.agent.skill_standardize_service import SkillStandardizeService
 from services.agent.skill_tool_inference_service import (
    SkillToolInferenceError,
    SkillToolInferenceResult,
    SkillToolInferenceService,
 )
-from services.agent.soul_files_service import AgentSoulFilesService
 from services.agent_drive_service import (
    AgentDriveError,
    AgentDriveService,
@ -47,16 +38,11 @@ from services.agent_drive_service import (
    normalize_drive_key,
 )
 from services.agent_service import AgentService
+from services.file_service import FileService

-_WORKFLOW_AGENT_DRIVE_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]
-_AGENT_SKILL_UPLOAD_PARAMS = {
-    "file": {
-        "in": "formData",
-        "type": "file",
-        "required": True,
-        "description": "Skill package (.zip or .skill).",
-    }
-}
+logger = logging.getLogger(__name__)
+
+_AGENT_DRIVE_APP_MODES = [AppMode.AGENT, AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]


 class AgentLogQuery(BaseModel):
@ -86,10 +72,6 @@ class AgentDriveDeleteFileQuery(AgentDriveMutationQuery):
    key: str = Field(min_length=1, description="Drive key, e.g. files/sample.pdf")


-class AgentDriveDeleteFileByAgentQuery(BaseModel):
-    key: str = Field(min_length=1, description="Drive key, e.g. files/sample.pdf")
-
-
 class AgentLogMetaResponse(ResponseModel):
    status: str
    executor: str
@ -127,16 +109,13 @@ class AgentLogResponse(ResponseModel):
    files: list[Any] = Field(default_factory=list)


-class AgentUploadedSkillResponse(ResponseModel):
-    name: str
-    description: str
-    path: str
-    skill_md_key: str
-    archive_key: str | None = None
-
-
 class AgentSkillUploadResponse(ResponseModel):
-    skill: AgentUploadedSkillResponse
+    skill: AgentSkillRefConfig
+    manifest: SkillManifest
+
+
+class AgentSkillStandardizeResponse(ResponseModel):
+    skill: AgentSkillRefConfig
    manifest: SkillManifest


@ -150,28 +129,30 @@ class AgentDriveFileResponse(ResponseModel):

 class AgentDriveFileCommitResponse(ResponseModel):
    file: AgentDriveFileResponse
+    config_version_id: str | None = None


 class AgentDriveDeleteResponse(ResponseModel):
    result: str
    removed_keys: list[str] = Field(default_factory=list)
+    config_version_id: str | None = None


-register_schema_models(console_ns, AgentLogQuery, AgentDriveFilePayload, AgentDriveDeleteFileByAgentQuery)
+register_schema_models(console_ns, AgentLogQuery, AgentDriveFilePayload)
 register_response_schema_models(
    console_ns,
    AgentDriveDeleteResponse,
    AgentDriveFileCommitResponse,
    AgentDriveFileResponse,
    AgentLogResponse,
-    AgentUploadedSkillResponse,
+    AgentSkillStandardizeResponse,
    AgentSkillUploadResponse,
    SkillToolInferenceResult,
 )


 def _resolve_agent_id(app_model: App, node_id: str | None) -> str | None:
-    if node_id and app_model.mode != AppMode.AGENT:
+    if node_id:
        return AgentComposerService.resolve_workflow_node_agent_id(
            tenant_id=app_model.tenant_id, app_id=app_model.id, node_id=node_id
        )
@ -182,184 +163,6 @@ def _agent_not_bound() -> tuple[dict[str, str], int]:
    return {"code": "agent_not_bound", "message": "no agent is bound for this app/node"}, 400


-def _sync_active_soul_files(
-    *,
-    tenant_id: str,
-    agent_id: str,
-    account_id: str,
-    committed_items: list[dict[str, Any]],
-) -> None:
-    AgentSoulFilesService.sync_drive_commit_to_active_soul(
-        tenant_id=tenant_id,
-        agent_id=agent_id,
-        account_id=account_id,
-        committed_items=committed_items,
-    )
-    db.session.commit()
-
-
-def _upload_skill_for_app(*, current_user: Account, app_model: App):
-    """Upload one skill package and commit its normalized files into the agent drive."""
-
-    query = query_params_from_request(AgentDriveMutationQuery)
-    agent_id = _resolve_agent_id(app_model, query.node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "file" not in request.files:
-        return {"code": "no_file", "message": "no skill file uploaded"}, 400
-    if len(request.files) > 1:
-        return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400
-
-    upload = request.files["file"]
-    content = upload.stream.read()
-    standardize_service = SkillStandardizeService()
-    try:
-        result = standardize_service.standardize(
-            content=content,
-            filename=upload.filename or "",
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-        )
-    except (SkillPackageError, AgentDriveError) as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    _sync_active_soul_files(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        committed_items=standardize_service.last_committed_items,
-    )
-    return result, 201
-
-
-def _commit_drive_file_for_app(*, current_user: Account, app_model: App, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    payload = AgentDriveFilePayload.model_validate(console_ns.payload or {})
-
-    upload_file = db.session.scalar(
-        select(UploadFile).where(
-            UploadFile.id == payload.upload_file_id,
-            UploadFile.tenant_id == app_model.tenant_id,
-        )
-    )
-    if upload_file is None:
-        return {"code": "upload_file_not_found", "message": "upload file not found in this workspace"}, 404
-
-    try:
-        key = normalize_drive_key(f"files/{upload_file.name}")
-        committed = AgentDriveService().commit(
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-            items=[
-                DriveCommitItem(
-                    key=key,
-                    file_ref=DriveFileRef(kind="upload_file", id=upload_file.id),
-                    # ADD FILE uploads exist solely to live in the drive, so the
-                    # drive owns (and physically cleans) the value on delete.
-                    value_owned_by_drive=True,
-                )
-            ],
-        )
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    _sync_active_soul_files(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        committed_items=committed,
-    )
-
-    row = committed[0]
-    return {
-        "file": {
-            "name": upload_file.name,
-            "drive_key": row["key"],
-            "file_id": upload_file.id,
-            "size": row.get("size"),
-            "mime_type": row.get("mime_type"),
-        },
-    }, 201
-
-
-def _delete_drive_file_for_app(*, current_user: Account, app_model: App, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveDeleteFileQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    try:
-        key = normalize_drive_key(query.key)
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-    try:
-        result = AgentDriveService().commit(
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-            items=[DriveCommitItem(key=key, file_ref=None)],
-        )
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    _sync_active_soul_files(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        committed_items=result,
-    )
-    removed_keys = [item["key"] for item in result if item.get("removed")]
-    return {"result": "success", "removed_keys": removed_keys}
-
-
-def _delete_skill_for_app(*, current_user: Account, app_model: App, slug: str, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "/" in slug or not slug.strip():
-        return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
-
-    try:
-        result = AgentDriveService().commit(
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-            items=[
-                DriveCommitItem(key=f"{slug}/SKILL.md", file_ref=None),
-                DriveCommitItem(key=f"{slug}/.DIFY-SKILL-FULL.zip", file_ref=None),
-            ],
-        )
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    _sync_active_soul_files(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        committed_items=result,
-    )
-    removed_keys = [item["key"] for item in result if item.get("removed")]
-    return {"result": "success", "removed_keys": removed_keys}
-
-
-def _infer_skill_tools_for_app(*, app_model: App, slug: str):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    agent_id = _resolve_agent_id(app_model, query.node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "/" in slug or not slug.strip():
-        return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
-    try:
-        return SkillToolInferenceService().infer(tenant_id=app_model.tenant_id, agent_id=agent_id, slug=slug)
-    except SkillToolInferenceError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-
@console_ns.route("/apps/<uuid:app_id>/agent/logs")
 class AgentLogApi(Resource):
    @console_ns.doc("get_agent_logs")
@ -371,7 +174,6 @@ class AgentLogApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    @get_app_model(mode=[AppMode.AGENT_CHAT])
    def get(self, app_model: App):
        """Get agent logs"""
@ -380,77 +182,86 @@ class AgentLogApi(Resource):
        return AgentService.get_agent_logs(app_model, args.conversation_id, args.message_id)


-@console_ns.route("/agent/<uuid:agent_id>/skills/upload")
-class AgentSkillUploadByAgentApi(Resource):
-    @console_ns.doc("upload_agent_skill_by_agent")
-    @console_ns.doc(description="Upload + standardize a Skill into an Agent App drive")
-    @console_ns.doc(consumes=["multipart/form-data"], params={"agent_id": "Agent ID", **_AGENT_SKILL_UPLOAD_PARAMS})
-    @console_ns.response(201, "Skill uploaded into drive", console_ns.models[AgentSkillUploadResponse.__name__])
-    @console_ns.response(400, "Invalid skill package or no bound agent")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _upload_skill_for_app(current_user=current_user, app_model=app_model)
-
-
@console_ns.route("/apps/<uuid:app_id>/agent/skills/upload")
 class AgentSkillUploadApi(Resource):
    @console_ns.doc("upload_agent_skill")
-    @console_ns.doc(description="Upload + standardize a Skill into the agent drive")
-    @console_ns.doc(
-        consumes=["multipart/form-data"],
-        params={
-            "app_id": "Application ID",
-            **query_params_from_model(AgentDriveMutationQuery),
-            **_AGENT_SKILL_UPLOAD_PARAMS,
-        },
+    @console_ns.doc(description="Upload + validate a Skill package (.zip/.skill) and extract its manifest")
+    @console_ns.doc(params={"app_id": "Application ID"})
+    @console_ns.response(201, "Skill validated", console_ns.models[AgentSkillUploadResponse.__name__])
+    @console_ns.response(400, "Invalid skill package")
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
+    @with_current_user
+    def post(self, current_user: Account, app_model: App):
+        """Validate an uploaded Skill package and persist the archive.
+
+        Returns a validated skill ref (to bind into the Agent soul config on save)
+        plus its manifest. Standardizing into the agent drive is ENG-594.
+        """
+        if "file" not in request.files:
+            return {"code": "no_file", "message": "no skill file uploaded"}, 400
+        if len(request.files) > 1:
+            return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400
+
+        upload = request.files["file"]
+        content = upload.stream.read()
+        try:
+            manifest = SkillPackageService().validate_and_extract(content=content, filename=upload.filename or "")
+        except SkillPackageError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+
+        upload_file = FileService(db.engine).upload_file(
+            filename=upload.filename or "skill.zip",
+            content=content,
+            mimetype=upload.mimetype or "application/zip",
+            user=current_user,
+        )
+        skill_ref = manifest.to_skill_ref(file_id=upload_file.id)
+        return {"skill": skill_ref.model_dump(exclude_none=True), "manifest": manifest.model_dump()}, 201
+
+
+@console_ns.route("/apps/<uuid:app_id>/agent/skills/standardize")
+class AgentSkillStandardizeApi(Resource):
+    @console_ns.doc("standardize_agent_skill")
+    @console_ns.doc(description="Validate + standardize a Skill into the agent drive (ENG-594)")
+    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentDriveMutationQuery)})
+    @console_ns.response(
+        201,
+        "Skill standardized into drive",
+        console_ns.models[AgentSkillStandardizeResponse.__name__],
    )
-    @console_ns.response(201, "Skill uploaded into drive", console_ns.models[AgentSkillUploadResponse.__name__])
    @console_ns.response(400, "Invalid skill package or no bound agent")
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def post(self, current_user: Account, app_model: App):
-        """Upload a Skill, validate it, and commit drive-backed skill files."""
-        return _upload_skill_for_app(current_user=current_user, app_model=app_model)
+        """Upload a Skill, validate it, and standardize it into the app agent's drive."""
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "file" not in request.files:
+            return {"code": "no_file", "message": "no skill file uploaded"}, 400
+        if len(request.files) > 1:
+            return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400

-
-@console_ns.route("/agent/<uuid:agent_id>/files")
-class AgentDriveFilesByAgentApi(Resource):
-    @console_ns.doc("commit_agent_drive_file_by_agent")
-    @console_ns.doc(description="Commit an uploaded file into the Agent App drive under files/<name>")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.expect(console_ns.models[AgentDriveFilePayload.__name__])
-    @console_ns.response(
-        201, "File committed into the agent drive", console_ns.models[AgentDriveFileCommitResponse.__name__]
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _commit_drive_file_for_app(current_user=current_user, app_model=app_model, allow_node_id=False)
-
-    @console_ns.doc("delete_agent_drive_file_by_agent")
-    @console_ns.doc(description="Delete one Agent App drive file by key")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveDeleteFileByAgentQuery)})
-    @console_ns.response(200, "File removed", console_ns.models[AgentDriveDeleteResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _delete_drive_file_for_app(current_user=current_user, app_model=app_model, allow_node_id=False)
+        upload = request.files["file"]
+        content = upload.stream.read()
+        try:
+            result = SkillStandardizeService().standardize(
+                content=content,
+                filename=upload.filename or "",
+                tenant_id=app_model.tenant_id,
+                user_id=current_user.id,
+                agent_id=agent_id,
+            )
+        except (SkillPackageError, AgentDriveError) as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        return result, 201


@console_ns.route("/apps/<uuid:app_id>/agent/files")
@ -465,45 +276,119 @@ class AgentDriveFilesApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def post(self, current_user: Account, app_model: App):
        """ADD FILE: commit one uploaded file into the bound agent's drive."""
-        return _commit_drive_file_for_app(current_user=current_user, app_model=app_model)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        payload = AgentDriveFilePayload.model_validate(console_ns.payload or {})
+
+        upload_file = db.session.scalar(
+            select(UploadFile).where(
+                UploadFile.id == payload.upload_file_id,
+                UploadFile.tenant_id == app_model.tenant_id,
+            )
+        )
+        if upload_file is None:
+            return {"code": "upload_file_not_found", "message": "upload file not found in this workspace"}, 404
+
+        try:
+            key = normalize_drive_key(f"files/{upload_file.name}")
+            committed = AgentDriveService().commit(
+                tenant_id=app_model.tenant_id,
+                user_id=current_user.id,
+                agent_id=agent_id,
+                items=[
+                    DriveCommitItem(
+                        key=key,
+                        file_ref=DriveFileRef(kind="upload_file", id=upload_file.id),
+                        # ADD FILE uploads exist solely to live in the drive, so the
+                        # drive owns (and physically cleans) the value on delete.
+                        value_owned_by_drive=True,
+                    )
+                ],
+            )
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+
+        row = committed[0]
+        file_ref = AgentFileRefConfig.model_validate(
+            {
+                "id": row["key"],
+                "name": upload_file.name,
+                "file_id": upload_file.id,
+                "drive_key": row["key"],
+                "type": row.get("mime_type"),
+                "size": row.get("size"),
+            }
+        )
+        config_version_id = AgentComposerService.add_drive_file_ref(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            file_ref=file_ref,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        return {
+            "file": {
+                "name": upload_file.name,
+                "drive_key": row["key"],
+                "file_id": upload_file.id,
+                "size": row.get("size"),
+                "mime_type": row.get("mime_type"),
+            },
+            "config_version_id": config_version_id,
+        }, 201

    @console_ns.doc("delete_agent_drive_file")
-    @console_ns.doc(description="Delete one drive file by key via drive commit-null semantics")
+    @console_ns.doc(description="Delete one drive file by key; soul ref first, then the KV row (ENG-625 D5)")
    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentDriveDeleteFileQuery)})
    @console_ns.response(200, "File removed", console_ns.models[AgentDriveDeleteResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def delete(self, current_user: Account, app_model: App):
-        return _delete_drive_file_for_app(current_user=current_user, app_model=app_model)
+        query = query_params_from_request(AgentDriveDeleteFileQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        try:
+            key = normalize_drive_key(query.key)
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code

-
-@console_ns.route("/agent/<uuid:agent_id>/skills/<string:slug>")
-class AgentSkillByAgentApi(Resource):
-    @console_ns.doc("delete_agent_skill_by_agent")
-    @console_ns.doc(description="Delete a standardized skill from an Agent App drive")
-    @console_ns.doc(params={"agent_id": "Agent ID", "slug": "Skill slug (single path segment)"})
-    @console_ns.response(200, "Skill removed", console_ns.models[AgentDriveDeleteResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, current_user: Account, agent_id: UUID, slug: str):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _delete_skill_for_app(current_user=current_user, app_model=app_model, slug=slug, allow_node_id=False)
+        config_version_id = AgentComposerService.remove_drive_refs(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            file_key=key,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        removed_keys: list[str] = []
+        try:
+            removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, key=key)
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        except Exception:
+            # Soul-first ordering: the ref is already gone; orphan KV rows are
+            # harmless and an idempotent DELETE retry cleans them.
+            logger.exception("agent drive delete failed for key %s (soul already updated)", key)
+        return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}


@console_ns.route("/apps/<uuid:app_id>/agent/skills/<string:slug>")
 class AgentSkillApi(Resource):
    @console_ns.doc("delete_agent_skill")
-    @console_ns.doc(description="Delete a standardized skill by removing its known drive keys via commit-null")
+    @console_ns.doc(
+        description="Delete a standardized skill: soul ref first, then the <slug>/ drive prefix (ENG-625 D5)"
+    )
    @console_ns.doc(
        params={
            "app_id": "Application ID",
@ -515,29 +400,34 @@ class AgentSkillApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def delete(self, current_user: Account, app_model: App, slug: str):
-        return _delete_skill_for_app(current_user=current_user, app_model=app_model, slug=slug)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "/" in slug or not slug.strip():
+            return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400

-
-@console_ns.route("/agent/<uuid:agent_id>/skills/<string:slug>/infer-tools")
-class AgentSkillInferToolsByAgentApi(Resource):
-    @console_ns.doc("infer_agent_skill_tools_by_agent")
-    @console_ns.doc(description="Infer CLI tool + ENV suggestions from a standardized Agent App skill")
-    @console_ns.doc(params={"agent_id": "Agent ID", "slug": "Skill slug (single path segment)"})
-    @console_ns.response(
-        200,
-        "Inference result (draft suggestions, nothing persisted)",
-        console_ns.models[SkillToolInferenceResult.__name__],
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID, slug: str):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _infer_skill_tools_for_app(app_model=app_model, slug=slug)
+        config_version_id = AgentComposerService.remove_drive_refs(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            skill_slug=slug,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        removed_keys: list[str] = []
+        try:
+            removed_keys = AgentDriveService().delete(
+                tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=f"{slug}/"
+            )
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        except Exception:
+            logger.exception("agent drive delete failed for skill %s (soul already updated)", slug)
+        return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}


@console_ns.route("/apps/<uuid:app_id>/agent/skills/<string:slug>/infer-tools")
@ -561,7 +451,16 @@ class AgentSkillInferToolsApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    def post(self, app_model: App, slug: str):
        """Suggest CLI tools/env for a skill. Saving still goes through composer validation."""
-        return _infer_skill_tools_for_app(app_model=app_model, slug=slug)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "/" in slug or not slug.strip():
+            return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
+        try:
+            return SkillToolInferenceService().infer(tenant_id=app_model.tenant_id, agent_id=agent_id, slug=slug)
+        except SkillToolInferenceError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
--- a/api/controllers/console/app/agent_app_access.py
+++ b/api/controllers/console/app/agent_app_access.py
@ -5,31 +5,25 @@ reference. This exposes the read-only "Workflow access" surface from the PRD:
 which workflow apps use this Agent, without leaking the workflows' internals.
 """

-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import Field

 from controllers.common.schema import register_response_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
+from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from libs.login import login_required
+from models.model import App, AppMode
 from services.agent.roster_service import AgentRosterService


 class AgentReferencingWorkflowResponse(ResponseModel):
    app_id: str
    app_name: str
-    app_icon_type: str | None = None
-    app_icon: str | None = None
-    app_icon_background: str | None = None
    app_mode: str
-    app_updated_at: int | None = None
    workflow_id: str
-    workflow_version: str
    node_ids: list[str] = Field(default_factory=list)


@ -40,23 +34,23 @@ class AgentReferencingWorkflowsResponse(ResponseModel):
 register_response_schema_models(console_ns, AgentReferencingWorkflowsResponse)


-@console_ns.route("/agent/<uuid:agent_id>/referencing-workflows")
+@console_ns.route("/apps/<uuid:app_id>/agent-referencing-workflows")
 class AgentAppReferencingWorkflowsResource(Resource):
    @console_ns.doc("list_agent_app_referencing_workflows")
    @console_ns.doc(description="List workflow apps that reference this Agent App's bound Agent (read-only)")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
+    @console_ns.doc(params={"app_id": "Application ID"})
    @console_ns.response(
        200,
        "Referencing workflows listed successfully",
        console_ns.models[AgentReferencingWorkflowsResponse.__name__],
    )
-    @console_ns.response(404, "Agent not found")
+    @console_ns.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        workflows = AgentRosterService(db.session).list_workflows_referencing_app_agent(
            tenant_id=tenant_id, app_id=app_model.id
        )
--- a/api/controllers/console/app/agent_app_feature.py
+++ b/api/controllers/console/app/agent_app_feature.py
@ -9,27 +9,20 @@ persists them onto the app's ``app_model_config`` without touching anything the
 Soul owns.
 """

-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import BaseModel, Field

 from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
+from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
-    with_current_tenant_id,
    with_current_user,
 )
 from events.app_event import app_model_config_was_updated
-from extensions.ext_database import db
 from libs.helper import dump_response
 from libs.login import login_required
 from models import Account
@ -39,6 +32,7 @@ from models.agent_config_entities import (
    AgentSuggestedQuestionsAfterAnswerFeatureConfig,
    AgentTextToSpeechFeatureConfig,
 )
+from models.model import App, AppMode
 from services.agent_app_feature_service import AgentAppFeatureConfigService


@ -70,31 +64,28 @@ register_schema_models(console_ns, AgentAppFeaturesPayload)
 register_response_schema_models(console_ns, SimpleResultResponse)


-@console_ns.route("/agent/<uuid:agent_id>/features")
+@console_ns.route("/apps/<uuid:app_id>/agent-features")
 class AgentAppFeatureConfigResource(Resource):
    @console_ns.doc("update_agent_app_features")
    @console_ns.doc(description="Update an Agent App's presentation features (opener, follow-up, citations, ...)")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
+    @console_ns.doc(params={"app_id": "Application ID"})
    @console_ns.expect(console_ns.models[AgentAppFeaturesPayload.__name__])
    @console_ns.response(200, "Features updated successfully", console_ns.models[SimpleResultResponse.__name__])
    @console_ns.response(400, "Invalid configuration")
-    @console_ns.response(404, "Agent not found")
+    @console_ns.response(404, "App not found")
    @setup_required
    @login_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_CREATE_AND_MANAGEMENT)
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, current_user: Account, app_model: App):
        args = AgentAppFeaturesPayload.model_validate(console_ns.payload or {})

        new_app_model_config = AgentAppFeatureConfigService.update_features(
            app_model=app_model,
            account=current_user,
            config=args.model_dump(exclude_none=True),
-            session=db.session,
        )

        app_model_config_was_updated.send(app_model, app_model_config=new_app_model_config)
--- a/api/controllers/console/app/agent_app_sandbox.py
+++ b/api/controllers/console/app/agent_app_sandbox.py
@ -22,7 +22,6 @@ from controllers.common.schema import (
    register_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
 from fields.base import ResponseModel
@ -133,18 +132,18 @@ def _handle(exc: Exception) -> tuple[dict[str, object], int]:
    raise exc


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files")
 class AgentAppSandboxListResource(Resource):
    @console_ns.doc("list_agent_app_sandbox_files")
    @console_ns.doc(description="List a directory in an Agent App conversation sandbox")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentSandboxListQuery)})
+    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentSandboxListQuery)})
    @console_ns.response(200, "Listing returned", console_ns.models[SandboxListResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        query = query_params_from_request(AgentSandboxListQuery)
        try:
            result = AgentAppSandboxService().list_files(
@ -158,18 +157,18 @@ class AgentAppSandboxListResource(Resource):
        return result.model_dump()


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files/read")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files/read")
 class AgentAppSandboxReadResource(Resource):
    @console_ns.doc("read_agent_app_sandbox_file")
    @console_ns.doc(description="Read a text/binary preview file in an Agent App conversation sandbox")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentSandboxFileQuery)})
+    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentSandboxFileQuery)})
    @console_ns.response(200, "Preview returned", console_ns.models[SandboxReadResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        query = query_params_from_request(AgentSandboxFileQuery)
        try:
            result = AgentAppSandboxService().read_file(
@ -183,7 +182,7 @@ class AgentAppSandboxReadResource(Resource):
        return result.model_dump()


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files/upload")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files/upload")
 class AgentAppSandboxUploadResource(Resource):
    @console_ns.doc("upload_agent_app_sandbox_file")
    @console_ns.doc(description="Upload one Agent App sandbox file as a Dify ToolFile mapping")
@ -192,9 +191,9 @@ class AgentAppSandboxUploadResource(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, tenant_id: str, app_model: App):
        payload = AgentSandboxUploadPayload.model_validate(request.get_json(silent=True) or {})
        try:
            result = AgentAppSandboxService().upload_file(
--- a/api/controllers/console/app/agent_drive_inspector.py
+++ b/api/controllers/console/app/agent_drive_inspector.py
@ -10,12 +10,6 @@ backend — drive data lives in the API's own DB/storage, served straight from

 from __future__ import annotations

-import json
-from collections.abc import Mapping
-from typing import Any
-from uuid import UUID
-
-from flask import Response
 from flask_restx import Resource
 from pydantic import BaseModel, Field

@ -25,15 +19,12 @@ from controllers.common.schema import (
    register_response_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
-from extensions.ext_database import db
+from controllers.console.wraps import account_initialization_required, setup_required
 from fields.base import ResponseModel
 from libs.login import login_required
 from models.model import App, AppMode
 from services.agent.composer_service import AgentComposerService
-from services.agent.soul_files_service import AgentSoulFilesService
 from services.agent_drive_service import AgentDriveError, AgentDriveService


@ -42,23 +33,11 @@ class AgentDriveListQuery(BaseModel):
    node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)")


-class AgentDriveListByAgentQuery(BaseModel):
-    prefix: str = Field(default="", description="Key prefix filter: '<slug>/' for one skill, 'files/' for files")
-
-
 class AgentDriveFileQuery(BaseModel):
    key: str = Field(min_length=1, description="Drive key, e.g. tender-analyzer/SKILL.md")
    node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)")


-class AgentDriveFileByAgentQuery(BaseModel):
-    key: str = Field(min_length=1, description="Drive key, e.g. tender-analyzer/SKILL.md")
-
-
-class AgentDriveSkillInspectQuery(BaseModel):
-    node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)")
-
-
 class AgentDriveItemResponse(ResponseModel):
    key: str
    size: int | None = None
@ -66,63 +45,12 @@ class AgentDriveItemResponse(ResponseModel):
    hash: str | None = None
    file_kind: str
    created_at: int | None = None
-    is_skill: bool | None = None
-    skill_metadata: str | None = None


 class AgentDriveListResponse(ResponseModel):
    items: list[AgentDriveItemResponse] = Field(default_factory=list)


-class AgentDriveSkillItemResponse(ResponseModel):
-    path: str
-    skill_md_key: str
-    archive_key: str | None = None
-    name: str
-    description: str
-    size: int | None = None
-    mime_type: str | None = None
-    hash: str | None = None
-    created_at: int | None = None
-
-
-class AgentDriveSkillListResponse(ResponseModel):
-    items: list[AgentDriveSkillItemResponse] = Field(default_factory=list)
-
-
-class AgentDriveSkillFileResponse(ResponseModel):
-    path: str
-    name: str
-    type: str
-    drive_key: str | None = None
-    available_in_drive: bool
-
-
-class AgentDriveSkillMarkdownResponse(ResponseModel):
-    key: str
-    size: int | None = None
-    truncated: bool
-    binary: bool
-    text: str | None = None
-
-
-class AgentDriveSkillInspectResponse(ResponseModel):
-    path: str
-    skill_md_key: str
-    archive_key: str | None = None
-    name: str
-    description: str
-    size: int | None = None
-    mime_type: str | None = None
-    hash: str | None = None
-    created_at: int | None = None
-    source: str
-    files: list[AgentDriveSkillFileResponse] = Field(default_factory=list)
-    file_tree: list[dict[str, Any]] = Field(default_factory=list)
-    skill_md: AgentDriveSkillMarkdownResponse
-    warnings: list[str] = Field(default_factory=list)
-
-
 class AgentDrivePreviewResponse(ResponseModel):
    key: str
    size: int | None = None
@ -136,12 +64,7 @@ class AgentDriveDownloadResponse(ResponseModel):


 register_response_schema_models(
-    console_ns,
-    AgentDriveDownloadResponse,
-    AgentDriveListResponse,
-    AgentDrivePreviewResponse,
-    AgentDriveSkillInspectResponse,
-    AgentDriveSkillListResponse,
+    console_ns, AgentDriveListResponse, AgentDrivePreviewResponse, AgentDriveDownloadResponse
 )


@ -162,163 +85,7 @@ def _handle(exc: AgentDriveError) -> tuple[dict[str, object], int]:
    return {"code": exc.code, "message": exc.message}, exc.status_code


-def _versioned_manifest(*, tenant_id: str, agent_id: str, prefix: str = "") -> list[dict[str, Any]]:
-    agent_soul = AgentSoulFilesService.active_agent_soul(session=db.session, tenant_id=tenant_id, agent_id=agent_id)
-    normalized_prefix = prefix.strip().lstrip("/")
-    skill_prefixes = AgentSoulFilesService.allowed_skill_prefixes(agent_soul)
-    if normalized_prefix and any(normalized_prefix.startswith(p) for p in skill_prefixes):
-        return AgentDriveService().manifest(tenant_id=tenant_id, agent_id=agent_id, prefix=normalized_prefix)
-    return AgentSoulFilesService.list_files(
-        session=db.session,
-        tenant_id=tenant_id,
-        agent_id=agent_id,
-        prefix=normalized_prefix,
-    )
-
-
-def _versioned_skills(*, tenant_id: str, agent_id: str) -> list[dict[str, Any]]:
-    return AgentSoulFilesService.list_skills(session=db.session, tenant_id=tenant_id, agent_id=agent_id)
-
-
-def _assert_key_in_active_soul(*, tenant_id: str, agent_id: str, key: str) -> None:
-    agent_soul = AgentSoulFilesService.active_agent_soul(session=db.session, tenant_id=tenant_id, agent_id=agent_id)
-    if not AgentSoulFilesService.key_allowed_by_soul(agent_soul=agent_soul, key=key):
-        raise AgentDriveError(
-            "drive_key_not_in_agent_soul",
-            "drive key is not part of the active Agent Soul version",
-            status_code=404,
-        )
-
-
-def _assert_skill_in_active_soul(*, tenant_id: str, agent_id: str, skill_path: str) -> None:
-    agent_soul = AgentSoulFilesService.active_agent_soul(session=db.session, tenant_id=tenant_id, agent_id=agent_id)
-    wanted = skill_path.strip().strip("/")
-    for skill in agent_soul.files.skills:
-        path = skill.path
-        if not path and skill.skill_md_key:
-            path = AgentSoulFilesService.skill_path_from_key(skill.skill_md_key)
-        if path == wanted:
-            return
-    raise AgentDriveError(
-        "skill_not_in_agent_soul",
-        "skill is not part of the active Agent Soul version",
-        status_code=404,
-    )
-
-
-def _json_response(data: Mapping[str, Any]):
-    return Response(
-        response=json.dumps(data, ensure_ascii=False, separators=(",", ":")),
-        content_type="application/json; charset=utf-8",
-    )
-
-
-_WORKFLOW_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files")
-class AgentDriveListByAgentApi(Resource):
-    @console_ns.doc("list_agent_drive_files_by_agent")
-    @console_ns.doc(description="List agent drive entries for an Agent App")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveListByAgentQuery)})
-    @console_ns.response(200, "Drive entries", console_ns.models[AgentDriveListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveListByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            items = _versioned_manifest(tenant_id=tenant_id, agent_id=str(agent_id), prefix=query.prefix)
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"items": [{k: v for k, v in item.items() if k != "file_id"} for item in items]}
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/skills")
-class AgentDriveSkillListByAgentApi(Resource):
-    @console_ns.doc("list_agent_drive_skills_by_agent")
-    @console_ns.doc(description="List drive-backed skills for an Agent App")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.response(200, "Drive skills", console_ns.models[AgentDriveSkillListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            items = _versioned_skills(tenant_id=tenant_id, agent_id=str(agent_id))
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"items": items}
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/skills/<path:skill_path>/inspect")
-class AgentDriveSkillInspectByAgentApi(Resource):
-    @console_ns.doc("inspect_agent_drive_skill_by_agent")
-    @console_ns.doc(description="Inspect one drive-backed skill for slash-menu hover/detail UI")
-    @console_ns.doc(params={"agent_id": "Agent ID", "skill_path": "Skill path/slug, e.g. tender-analyzer"})
-    @console_ns.response(200, "Drive skill inspect view", console_ns.models[AgentDriveSkillInspectResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID, skill_path: str):
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            _assert_skill_in_active_soul(tenant_id=tenant_id, agent_id=str(agent_id), skill_path=skill_path)
-            return _json_response(
-                AgentDriveService().inspect_skill(
-                    tenant_id=tenant_id,
-                    agent_id=str(agent_id),
-                    skill_path=skill_path,
-                )
-            )
-        except AgentDriveError as exc:
-            return _handle(exc)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files/preview")
-class AgentDrivePreviewByAgentApi(Resource):
-    @console_ns.doc("preview_agent_drive_file_by_agent")
-    @console_ns.doc(description="Truncated text preview of one Agent App drive value")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveFileByAgentQuery)})
-    @console_ns.response(200, "Preview", console_ns.models[AgentDrivePreviewResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveFileByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            _assert_key_in_active_soul(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-            return AgentDriveService().preview(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-        except AgentDriveError as exc:
-            return _handle(exc)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files/download")
-class AgentDriveDownloadByAgentApi(Resource):
-    @console_ns.doc("download_agent_drive_file_by_agent")
-    @console_ns.doc(description="Time-limited external signed URL for one Agent App drive value")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveFileByAgentQuery)})
-    @console_ns.response(200, "Signed URL", console_ns.models[AgentDriveDownloadResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveFileByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            _assert_key_in_active_soul(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-            url = AgentDriveService().download_url(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"url": url}
+_APP_MODES = [AppMode.AGENT, AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]


@console_ns.route("/apps/<uuid:app_id>/agent/drive/files")
@ -330,14 +97,14 @@ class AgentDriveListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveListQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
        if not agent_id:
            return _agent_not_bound()
        try:
-            items = _versioned_manifest(tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=query.prefix)
+            items = AgentDriveService().manifest(tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=query.prefix)
        except AgentDriveError as exc:
            return _handle(exc)
        # the inner manifest exposes file_id for agent-side pulls; the console
@ -345,62 +112,6 @@ class AgentDriveListApi(Resource):
        return {"items": [{k: v for k, v in item.items() if k != "file_id"} for item in items]}


-@console_ns.route("/apps/<uuid:app_id>/agent/drive/skills")
-class AgentDriveSkillListApi(Resource):
-    @console_ns.doc("list_agent_drive_skills")
-    @console_ns.doc(description="List drive-backed skills for the bound agent")
-    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentDriveListQuery)})
-    @console_ns.response(200, "Drive skills", console_ns.models[AgentDriveSkillListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
-    def get(self, app_model: App):
-        query = query_params_from_request(AgentDriveListQuery)
-        agent_id = _resolve_agent_id(app_model, query.node_id)
-        if not agent_id:
-            return _agent_not_bound()
-        try:
-            items = _versioned_skills(tenant_id=app_model.tenant_id, agent_id=agent_id)
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"items": items}
-
-
-@console_ns.route("/apps/<uuid:app_id>/agent/drive/skills/<path:skill_path>/inspect")
-class AgentDriveSkillInspectApi(Resource):
-    @console_ns.doc("inspect_agent_drive_skill")
-    @console_ns.doc(description="Inspect one drive-backed skill for slash-menu hover/detail UI")
-    @console_ns.doc(
-        params={
-            "app_id": "Application ID",
-            "skill_path": "Skill path/slug, e.g. tender-analyzer",
-            **query_params_from_model(AgentDriveSkillInspectQuery),
-        }
-    )
-    @console_ns.response(200, "Drive skill inspect view", console_ns.models[AgentDriveSkillInspectResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
-    def get(self, app_model: App, skill_path: str):
-        query = query_params_from_request(AgentDriveSkillInspectQuery)
-        agent_id = _resolve_agent_id(app_model, query.node_id)
-        if not agent_id:
-            return _agent_not_bound()
-        try:
-            _assert_skill_in_active_soul(tenant_id=app_model.tenant_id, agent_id=agent_id, skill_path=skill_path)
-            return _json_response(
-                AgentDriveService().inspect_skill(
-                    tenant_id=app_model.tenant_id,
-                    agent_id=agent_id,
-                    skill_path=skill_path,
-                )
-            )
-        except AgentDriveError as exc:
-            return _handle(exc)
-
-
@console_ns.route("/apps/<uuid:app_id>/agent/drive/files/preview")
 class AgentDrivePreviewApi(Resource):
    @console_ns.doc("preview_agent_drive_file")
@ -410,14 +121,13 @@ class AgentDrivePreviewApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveFileQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
        if not agent_id:
            return _agent_not_bound()
        try:
-            _assert_key_in_active_soul(tenant_id=app_model.tenant_id, agent_id=agent_id, key=query.key)
            return AgentDriveService().preview(tenant_id=app_model.tenant_id, agent_id=agent_id, key=query.key)
        except AgentDriveError as exc:
            return _handle(exc)
@ -432,14 +142,13 @@ class AgentDriveDownloadApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveFileQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
        if not agent_id:
            return _agent_not_bound()
        try:
-            _assert_key_in_active_soul(tenant_id=app_model.tenant_id, agent_id=agent_id, key=query.key)
            url = AgentDriveService().download_url(tenant_id=app_model.tenant_id, agent_id=agent_id, key=query.key)
        except AgentDriveError as exc:
            return _handle(exc)
@ -448,13 +157,6 @@ class AgentDriveDownloadApi(Resource):

 __all__ = [
    "AgentDriveDownloadApi",
-    "AgentDriveDownloadByAgentApi",
    "AgentDriveListApi",
-    "AgentDriveListByAgentApi",
    "AgentDrivePreviewApi",
-    "AgentDrivePreviewByAgentApi",
-    "AgentDriveSkillInspectApi",
-    "AgentDriveSkillInspectByAgentApi",
-    "AgentDriveSkillListApi",
-    "AgentDriveSkillListByAgentApi",
 ]
--- a/api/controllers/console/app/annotation.py
+++ b/api/controllers/console/app/annotation.py
@ -9,17 +9,13 @@ from controllers.common.errors import NoFileUploadedError, TooManyFilesError
 from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    annotation_import_concurrency_limit,
    annotation_import_rate_limit,
    cloud_edition_billing_resource_check,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
 )
-from extensions.ext_database import db
 from extensions.ext_redis import redis_client
 from fields.annotation_fields import (
    Annotation,
@ -159,7 +155,6 @@ class AnnotationReplyActionApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    def post(self, app_id: UUID, action: Literal["enable", "disable"]):
        args = AnnotationReplyPayload.model_validate(console_ns.payload)
        match action:
@ -190,7 +185,6 @@ class AppAnnotationSettingDetailApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID):
        result = AppAnnotationService.get_app_annotation_setting_by_app_id(str(app_id))
        return result, 200
@ -208,7 +202,6 @@ class AppAnnotationSettingUpdateApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    def post(self, app_id: UUID, annotation_setting_id: UUID):
        annotation_setting_id_str = str(annotation_setting_id)

@ -237,7 +230,6 @@ class AnnotationReplyActionStatusApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID, job_id: UUID, action: str):
        job_id_str = str(job_id)
        app_annotation_job_key = f"{action}_app_annotation_job_{job_id_str}"
@ -266,7 +258,6 @@ class AnnotationApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID):
        args = AnnotationListQuery.model_validate(request.args.to_dict(flat=True))
        page = args.page
@ -295,7 +286,6 @@ class AnnotationApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    def post(self, app_id: UUID):
        args = CreateAnnotationPayload.model_validate(console_ns.payload)
        upsert_args: UpsertAnnotationArgs = {}
@ -314,7 +304,6 @@ class AnnotationApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_CREATE_AND_MANAGEMENT)
    @console_ns.response(204, "Annotations deleted successfully")
    def delete(self, app_id: UUID):

@ -353,7 +342,6 @@ class AnnotationExportApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID):
        annotation_list = AppAnnotationService.export_annotation_list_by_app_id(str(app_id))
        annotation_models = TypeAdapter(list[Annotation]).validate_python(annotation_list, from_attributes=True)
@ -381,7 +369,6 @@ class AnnotationUpdateDeleteApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    def post(self, app_id: UUID, annotation_id: UUID):
        args = UpdateAnnotationPayload.model_validate(console_ns.payload)
        update_args: UpdateAnnotationArgs = {}
@ -389,19 +376,16 @@ class AnnotationUpdateDeleteApi(Resource):
            update_args["answer"] = args.answer
        if args.question is not None:
            update_args["question"] = args.question
-        annotation = AppAnnotationService.update_app_annotation_directly(
-            update_args, str(app_id), str(annotation_id), db.session
-        )
+        annotation = AppAnnotationService.update_app_annotation_directly(update_args, str(app_id), str(annotation_id))
        return Annotation.model_validate(annotation, from_attributes=True).model_dump(mode="json")

    @setup_required
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @console_ns.response(204, "Annotation deleted successfully")
    def delete(self, app_id: UUID, annotation_id: UUID):
-        AppAnnotationService.delete_app_annotation(str(app_id), str(annotation_id), db.session)
+        AppAnnotationService.delete_app_annotation(str(app_id), str(annotation_id))
        return "", 204


@ -426,7 +410,6 @@ class AnnotationBatchImportApi(Resource):
    @annotation_import_rate_limit
    @annotation_import_concurrency_limit
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    def post(self, app_id: UUID):
        from configs import dify_config

@ -479,7 +462,6 @@ class AnnotationBatchImportStatusApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("annotation")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID, job_id: UUID):
        indexing_cache_key = f"app_annotation_batch_import_{str(job_id)}"
        cache_result = redis_client.get(indexing_cache_key)
@ -510,7 +492,6 @@ class AnnotationHitHistoryListApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_id: UUID, annotation_id: UUID):
        page = request.args.get("page", default=1, type=int)
        limit = request.args.get("limit", default=20, type=int)
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@ -1,9 +1,8 @@
 import logging
 import re
 import uuid
-from collections.abc import Sequence
 from datetime import datetime
-from typing import Any, Literal
+from typing import Any, Literal, cast

 from flask import request
 from flask_restx import Resource
@ -11,10 +10,8 @@ from pydantic import AliasChoices, BaseModel, Field, computed_field, field_valid
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from werkzeug.datastructures import MultiDict
-from werkzeug.exceptions import BadRequest, NotFound
+from werkzeug.exceptions import BadRequest

-from configs import dify_config
-from controllers.common.app_access import resolve_app_access_filter
 from controllers.common.fields import RedirectUrlResponse, SimpleResultResponse
 from controllers.common.helpers import FileInfo
 from controllers.common.schema import (
@ -27,14 +24,11 @@ from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model, with_session
 from controllers.console.workspace.models import LoadBalancingPayload
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    cloud_edition_billing_resource_check,
    edit_permission_required,
    enterprise_license_required,
    is_admin_or_owner_required,
-    rbac_permission_required,
    setup_required,
    with_current_tenant_id,
    with_current_user,
@ -47,13 +41,12 @@ from core.trigger.constants import TRIGGER_NODE_TYPES
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from graphon.enums import WorkflowExecutionStatus
-from libs.helper import build_icon_url, dump_response, to_timestamp
+from libs.helper import build_icon_url, to_timestamp
 from libs.login import login_required
 from models import Account, App, DatasetPermissionEnum, Workflow
 from models.model import IconType
 from services.app_dsl_service import AppDslService
-from services.app_service import AppListParams, AppListSortBy, AppService, CreateAppParams, StarredAppListParams
-from services.enterprise import rbac_service as enterprise_rbac_service
+from services.app_service import AppListParams, AppService, CreateAppParams
 from services.enterprise.enterprise_service import EnterpriseService
 from services.entities.dsl_entities import ImportMode, ImportStatus
 from services.entities.knowledge_entities.knowledge_entities import (
@ -70,7 +63,7 @@ from services.entities.knowledge_entities.knowledge_entities import (
 )
 from services.feature_service import FeatureService

-ALLOW_CREATE_APP_MODES = ["chat", "agent-chat", "advanced-chat", "workflow", "completion"]
+ALLOW_CREATE_APP_MODES = ["chat", "agent-chat", "agent", "advanced-chat", "workflow", "completion"]

 register_enum_models(console_ns, IconType)

@ -78,17 +71,12 @@ _logger = logging.getLogger(__name__)
 _TAG_IDS_BRACKET_PATTERN = re.compile(r"^tag_ids\[(\d+)\]$")
 _CREATOR_IDS_BRACKET_PATTERN = re.compile(r"^creator_ids\[(\d+)\]$")
 AppListMode = Literal["completion", "chat", "advanced-chat", "workflow", "agent-chat", "agent", "channel", "all"]
-DEFAULT_APP_LIST_MODE: AppListMode = "all"


-class AppListBaseQuery(BaseModel):
+class AppListQuery(BaseModel):
    page: int = Field(default=1, ge=1, le=99999, description="Page number (1-99999)")
    limit: int = Field(default=20, ge=1, le=100, description="Page size (1-100)")
-    mode: AppListMode = Field(default=DEFAULT_APP_LIST_MODE, description="App mode filter")
-    sort_by: AppListSortBy = Field(
-        default="last_modified",
-        description="Sort apps by last modified, recently created, or earliest created",
-    )
+    mode: AppListMode = Field(default=cast(AppListMode, "all"), description="App mode filter")
    name: str | None = Field(default=None, description="Filter by app name")
    tag_ids: list[str] | None = Field(default=None, description="Filter by tag IDs")
    creator_ids: list[str] | None = Field(default=None, description="Filter by creator account IDs")
@ -131,14 +119,6 @@ class AppListBaseQuery(BaseModel):
            raise ValueError("Invalid UUID format in creator_ids.") from exc


-class AppListQuery(AppListBaseQuery):
-    pass
-
-
-class StarredAppListQuery(AppListBaseQuery):
-    pass
-
-
 def _normalize_app_list_query_args(query_args: MultiDict[str, str]) -> dict[str, str | list[str]]:
    normalized: dict[str, str | list[str]] = {}
    indexed_tag_ids: list[tuple[int, str]] = []
@ -170,7 +150,9 @@ def _normalize_app_list_query_args(query_args: MultiDict[str, str]) -> dict[str,
 class CreateAppPayload(BaseModel):
    name: str = Field(..., min_length=1, description="App name")
    description: str | None = Field(default=None, description="App description (max 400 chars)", max_length=400)
-    mode: Literal["chat", "agent-chat", "advanced-chat", "workflow", "completion"] = Field(..., description="App mode")
+    mode: Literal["chat", "agent-chat", "agent", "advanced-chat", "workflow", "completion"] = Field(
+        ..., description="App mode"
+    )
    icon_type: IconType | None = Field(default=None, description="Icon type")
    icon: str | None = Field(default=None, description="Icon")
    icon_background: str | None = Field(default=None, description="Icon background color")
@ -331,7 +313,7 @@ class ModelConfig(ResponseModel):
        return to_timestamp(value)


-class AppDetailSiteResponse(ResponseModel):
+class Site(ResponseModel):
    access_token: str | None = Field(default=None, validation_alias="code")
    code: str | None = None
    title: str | None = None
@ -405,13 +387,6 @@ class AppPartial(ResponseModel):
    create_user_name: str | None = None
    author_name: str | None = None
    has_draft_trigger: bool | None = None
-    permission_keys: list[str] = Field(default_factory=list)
-    # For Agent App type: the roster Agent backing this app (None otherwise).
-    bound_agent_id: str | None = None
-    # For Agent App responses exposed through /agent.
-    app_id: str | None = None
-    is_starred: bool = False
-    maintainer: str | None = None

    @computed_field(return_type=str | None)  # type: ignore
    @property
@ -447,8 +422,6 @@ class AppDetail(ResponseModel):
    updated_at: int | None = None
    access_mode: str | None = None
    tags: list[Tag] = Field(default_factory=list)
-    permission_keys: list[str] = Field(default_factory=list)
-    maintainer: str | None = None

    @field_validator("created_at", "updated_at", mode="before")
    @classmethod
@ -461,11 +434,9 @@ class AppDetailWithSite(AppDetail):
    api_base_url: str | None = None
    max_active_requests: int | None = None
    deleted_tools: list[DeletedTool] = Field(default_factory=list)
-    site: AppDetailSiteResponse | None = None
+    site: Site | None = None
    # For Agent App type: the roster Agent backing this app (None otherwise).
    bound_agent_id: str | None = None
-    # For Agent App responses exposed through /agent.
-    app_id: str | None = None

    @computed_field(return_type=str | None)  # type: ignore
    @property
@ -485,54 +456,12 @@ class AppExportResponse(ResponseModel):
    data: str


-def _enrich_app_list_items(session: Session, *, apps: Sequence[App], tenant_id: str) -> None:
-    if FeatureService.get_system_features().webapp_auth.enabled:
-        app_ids = [str(app.id) for app in apps]
-        res = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids=app_ids)
-        if len(res) != len(app_ids):
-            raise BadRequest("Invalid app id in webapp auth")
-
-        for app in apps:
-            if str(app.id) in res:
-                app.access_mode = res[str(app.id)].access_mode
-
-    workflow_capable_app_ids = [str(app.id) for app in apps if app.mode in {"workflow", "advanced-chat"}]
-    draft_trigger_app_ids: set[str] = set()
-    if workflow_capable_app_ids:
-        draft_workflows = (
-            session.execute(
-                select(Workflow).where(
-                    Workflow.version == Workflow.VERSION_DRAFT,
-                    Workflow.app_id.in_(workflow_capable_app_ids),
-                    Workflow.tenant_id == tenant_id,
-                )
-            )
-            .scalars()
-            .all()
-        )
-        trigger_node_types = TRIGGER_NODE_TYPES
-        for workflow in draft_workflows:
-            node_id = None
-            try:
-                for node_id, node_data in workflow.walk_nodes():
-                    if node_data.get("type") in trigger_node_types:
-                        draft_trigger_app_ids.add(str(workflow.app_id))
-                        break
-            except Exception:
-                _logger.exception("error while walking nodes, workflow_id=%s, node_id=%s", workflow.id, node_id)
-                continue
-
-    for app in apps:
-        app.has_draft_trigger = str(app.id) in draft_trigger_app_ids
-
-
 register_enum_models(console_ns, RetrievalMethod, WorkflowExecutionStatus, DatasetPermissionEnum)
 register_response_schema_models(console_ns, AppTraceResponse, RedirectUrlResponse, SimpleResultResponse)

 register_schema_models(
    console_ns,
    AppListQuery,
-    StarredAppListQuery,
    CreateAppPayload,
    UpdateAppPayload,
    CopyAppPayload,
@ -546,9 +475,12 @@ register_schema_models(
    WorkflowPartial,
    ModelConfigPartial,
    ModelConfig,
-    AppDetailSiteResponse,
+    Site,
    DeletedTool,
+    AppPartial,
    AppDetail,
+    AppDetailWithSite,
+    AppPagination,
    AppExportResponse,
    Segmentation,
    PreProcessingRule,
@ -568,13 +500,6 @@ register_schema_models(
    LoadBalancingPayload,
 )

-register_response_schema_models(
-    console_ns,
-    AppPartial,
-    AppDetailWithSite,
-    AppPagination,
-)
-

@console_ns.route("/apps")
 class AppListApi(Resource):
@ -596,46 +521,61 @@ class AppListApi(Resource):
            page=args.page,
            limit=args.limit,
            mode=args.mode,
-            sort_by=args.sort_by,
            name=args.name,
            tag_ids=args.tag_ids,
            creator_ids=args.creator_ids,
            is_created_by_me=args.is_created_by_me,
        )

-        permissions = enterprise_rbac_service.RBACService.MyPermissions.get(
-            str(current_tenant_id),
-            current_user_id,
-        )
-        if dify_config.RBAC_ENABLED:
-            access_filter = resolve_app_access_filter(
-                str(current_tenant_id),
-                current_user_id,
-                permissions=permissions,
-            )
-            access_filter.apply_to_params(params)
-
        # get app list
        app_service = AppService()
-        app_pagination = app_service.get_paginate_apps(current_user_id, current_tenant_id, params, db.session)
+        app_pagination = app_service.get_paginate_apps(current_user_id, current_tenant_id, params)
        if not app_pagination:
            empty = AppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
            return empty.model_dump(mode="json"), 200

-        app_ids = [str(app.id) for app in app_pagination.items]
-        permission_keys_map = permissions.app.permission_keys_by_resource_ids(app_ids)
-        _enrich_app_list_items(session, apps=app_pagination.items, tenant_id=current_tenant_id)
+        if FeatureService.get_system_features().webapp_auth.enabled:
+            app_ids = [str(app.id) for app in app_pagination.items]
+            res = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids=app_ids)
+            if len(res) != len(app_ids):
+                raise BadRequest("Invalid app id in webapp auth")
+
+            for app in app_pagination.items:
+                if str(app.id) in res:
+                    app.access_mode = res[str(app.id)].access_mode
+
+        workflow_capable_app_ids = [
+            str(app.id) for app in app_pagination.items if app.mode in {"workflow", "advanced-chat"}
+        ]
+        draft_trigger_app_ids: set[str] = set()
+        if workflow_capable_app_ids:
+            draft_workflows = (
+                session.execute(
+                    select(Workflow).where(
+                        Workflow.version == Workflow.VERSION_DRAFT,
+                        Workflow.app_id.in_(workflow_capable_app_ids),
+                        Workflow.tenant_id == current_tenant_id,
+                    )
+                )
+                .scalars()
+                .all()
+            )
+            trigger_node_types = TRIGGER_NODE_TYPES
+            for workflow in draft_workflows:
+                node_id = None
+                try:
+                    for node_id, node_data in workflow.walk_nodes():
+                        if node_data.get("type") in trigger_node_types:
+                            draft_trigger_app_ids.add(str(workflow.app_id))
+                            break
+                except Exception:
+                    _logger.exception("error while walking nodes, workflow_id=%s, node_id=%s", workflow.id, node_id)
+                    continue
+
+        for app in app_pagination.items:
+            app.has_draft_trigger = str(app.id) in draft_trigger_app_ids

        pagination_model = AppPagination.model_validate(app_pagination, from_attributes=True)
-        if app_pagination.items:
-            pagination_model = pagination_model.model_copy(
-                update={
-                    "data": [
-                        item.model_copy(update={"permission_keys": permission_keys_map.get(str(item.id), [])})
-                        for item in pagination_model.data
-                    ]
-                }
-            )
        return pagination_model.model_dump(mode="json"), 200

    @console_ns.doc("create_app")
@ -647,7 +587,6 @@ class AppListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_CREATE_AND_MANAGEMENT, resource_required=False)
    @cloud_edition_billing_resource_check("apps")
    @edit_permission_required
    @with_current_user
@ -666,89 +605,10 @@ class AppListApi(Resource):

        app_service = AppService()
        app = app_service.create_app(current_tenant_id, params, current_user)
-        permission_keys_map = enterprise_rbac_service.RBACService.AppPermissions.batch_get(
-            str(current_tenant_id),
-            current_user.id,
-            [str(app.id)],
-        )
-        app_detail = AppDetailWithSite.model_validate(app, from_attributes=True).model_copy(
-            update={"permission_keys": permission_keys_map.get(str(app.id), [])}
-        )
+        app_detail = AppDetailWithSite.model_validate(app, from_attributes=True)
        return app_detail.model_dump(mode="json"), 201


-@console_ns.route("/apps/starred")
-class StarredAppListApi(Resource):
-    @console_ns.doc("list_starred_apps")
-    @console_ns.doc(description="Get applications starred by the current account")
-    @console_ns.doc(params=query_params_from_model(StarredAppListQuery))
-    @console_ns.response(200, "Success", console_ns.models[AppPagination.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_session(write=False)
-    @with_current_user_id
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, current_user_id: str, session: Session):
-        args = StarredAppListQuery.model_validate(_normalize_app_list_query_args(request.args))
-        params = StarredAppListParams(
-            page=args.page,
-            limit=args.limit,
-            mode=args.mode,
-            sort_by=args.sort_by,
-            name=args.name,
-            tag_ids=args.tag_ids,
-            creator_ids=args.creator_ids,
-            is_created_by_me=args.is_created_by_me,
-        )
-
-        app_pagination = AppService().get_paginate_starred_apps(current_user_id, current_tenant_id, params, db.session)
-        if not app_pagination:
-            empty = AppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
-            return empty.model_dump(mode="json"), 200
-
-        _enrich_app_list_items(session, apps=app_pagination.items, tenant_id=current_tenant_id)
-
-        pagination_model = AppPagination.model_validate(app_pagination, from_attributes=True)
-        return pagination_model.model_dump(mode="json"), 200
-
-
-@console_ns.route("/apps/<uuid:app_id>/star")
-class AppStarApi(Resource):
-    @console_ns.doc("star_app")
-    @console_ns.doc(description="Star an application for the current account")
-    @console_ns.doc(params={"app_id": "Application ID"})
-    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    @console_ns.response(404, "App not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_user_id
-    @with_session
-    @get_app_model(mode=None)
-    def post(self, session: Session, current_user_id: str, app_model: App):
-        AppService.star_app(session, app=app_model, account_id=current_user_id)
-        return dump_response(SimpleResultResponse, {"result": "success"})
-
-    @console_ns.doc("unstar_app")
-    @console_ns.doc(description="Remove the current account's star from an application")
-    @console_ns.doc(params={"app_id": "Application ID"})
-    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    @console_ns.response(404, "App not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_user_id
-    @with_session
-    @get_app_model(mode=None)
-    def delete(self, session: Session, current_user_id: str, app_model: App):
-        AppService.unstar_app(session, app=app_model, account_id=current_user_id)
-        return dump_response(SimpleResultResponse, {"result": "success"})
-
-
@console_ns.route("/apps/<uuid:app_id>")
 class AppApi(Resource):
    @console_ns.doc("get_app_detail")
@ -759,11 +619,8 @@ class AppApi(Resource):
    @login_required
    @account_initialization_required
    @enterprise_license_required
-    @with_current_user
-    @with_current_tenant_id
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    @get_app_model(mode=None)
-    def get(self, current_tenant_id: str, current_user: Account, app_model: App):
+    def get(self, app_model: App):
        """Get app detail"""
        app_service = AppService()

@ -771,18 +628,9 @@ class AppApi(Resource):

        if FeatureService.get_system_features().webapp_auth.enabled:
            app_setting = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id=str(app_model.id))
-            app_model.access_mode = app_setting.access_mode
+            app_model.access_mode = app_setting.access_mode  # type: ignore[attr-defined]

-        permissions = enterprise_rbac_service.RBACService.MyPermissions.get(
-            str(current_tenant_id),
-            current_user.id,
-            app_id=str(app_model.id),
-        )
-        permission_keys_map = permissions.app.permission_keys_by_resource_ids([str(app_model.id)])
-
-        response_model = AppDetailWithSite.model_validate(app_model, from_attributes=True).model_copy(
-            update={"permission_keys": permission_keys_map.get(str(app_model.id), [])}
-        )
+        response_model = AppDetailWithSite.model_validate(app_model, from_attributes=True)
        return response_model.model_dump(mode="json")

    @console_ns.doc("update_app")
@ -795,9 +643,8 @@ class AppApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @get_app_model(mode=None)
+    @edit_permission_required
    def put(self, app_model: App):
        """Update app"""
        args = UpdateAppPayload.model_validate(console_ns.payload)
@ -822,12 +669,11 @@ class AppApi(Resource):
    @console_ns.doc(params={"app_id": "Application ID"})
    @console_ns.response(204, "App deleted successfully")
    @console_ns.response(403, "Insufficient permissions")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_DELETE)
-    @get_app_model
    def delete(self, app_model: App):
        """Delete app"""
        app_service = AppService()
@ -847,12 +693,10 @@ class AppCopyApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_CREATE_AND_MANAGEMENT)
-    @with_current_user
-    @with_current_tenant_id
    @get_app_model(mode=None)
-    def post(self, current_tenant_id: str, current_user: Account, app_model: App):
+    @edit_permission_required
+    @with_current_user
+    def post(self, current_user: Account, app_model: App):
        """Copy app"""
        # The role of the current user in the ta table must be admin, owner, or editor
        args = CopyAppPayload.model_validate(console_ns.payload or {})
@ -894,17 +738,7 @@ class AppCopyApi(Resource):
            stmt = select(App).where(App.id == result.app_id)
            app = session.scalar(stmt)

-        if not app:
-            raise NotFound("App not found")
-
-        permission_keys_map = enterprise_rbac_service.RBACService.AppPermissions.batch_get(
-            str(current_tenant_id),
-            current_user.id,
-            [str(app.id)],
-        )
-        response_model = AppDetailWithSite.model_validate(app, from_attributes=True).model_copy(
-            update={"permission_keys": permission_keys_map.get(str(app.id), [])}
-        )
+        response_model = AppDetailWithSite.model_validate(app, from_attributes=True)
        return response_model.model_dump(mode="json"), 201


@ -916,12 +750,11 @@ class AppExportApi(Resource):
    @console_ns.doc(params=query_params_from_model(AppExportQuery))
    @console_ns.response(200, "App exported successfully", console_ns.models[AppExportResponse.__name__])
    @console_ns.response(403, "Insufficient permissions")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_IMPORT_EXPORT_DSL)
-    @get_app_model
    def get(self, app_model: App):
        """Export app"""
        args = AppExportQuery.model_validate(request.args.to_dict(flat=True))
@ -942,12 +775,12 @@ class AppPublishToCreatorsPlatformApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_IMPORT_EXPORT_DSL)
-    @with_current_user_id
    @get_app_model(mode=None)
+    @edit_permission_required
+    @with_current_user_id
    def post(self, current_user_id: str, app_model: App):
        """Publish app to Creators Platform"""
+        from configs import dify_config
        from core.helper.creators import get_redirect_url, upload_dsl

        if not dify_config.CREATORS_PLATFORM_FEATURES_ENABLED:
@ -972,9 +805,8 @@ class AppNameApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @get_app_model(mode=None)
+    @edit_permission_required
    def post(self, app_model: App):
        args = AppNamePayload.model_validate(console_ns.payload)

@ -995,9 +827,8 @@ class AppIconApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @get_app_model(mode=None)
+    @edit_permission_required
    def post(self, app_model: App):
        args = AppIconPayload.model_validate(console_ns.payload or {})

@ -1023,9 +854,8 @@ class AppSiteStatus(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
    @get_app_model(mode=None)
+    @edit_permission_required
    def post(self, app_model: App):
        args = AppSiteStatusPayload.model_validate(console_ns.payload)

@ -1047,7 +877,6 @@ class AppApiStatus(Resource):
    @login_required
    @is_admin_or_owner_required
    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_RELEASE_AND_VERSION)
    @get_app_model(mode=None)
    def post(self, app_model: App):
        args = AppApiStatusPayload.model_validate(console_ns.payload)
@ -1072,7 +901,6 @@ class AppTraceApi(Resource):
    @login_required
    @account_initialization_required
    @with_session
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    @get_app_model
    def get(self, session: Session, app_model: App):
        """Get app trace"""
@ -1094,7 +922,6 @@ class AppTraceApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_MONITOR)
    @get_app_model
    def post(self, app_model: App):
        # add app trace
--- a/api/controllers/console/app/app_import.py
+++ b/api/controllers/console/app/app_import.py
@ -2,36 +2,25 @@ from flask_restx import Resource
 from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session

-from configs import dify_config
 from controllers.common.schema import register_enum_models, register_schema_models
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    cloud_edition_billing_resource_check,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
    with_current_user,
 )
 from extensions.ext_database import db
-from extensions.ext_redis import redis_client
-from libs.login import current_account_with_tenant, login_required
+from libs.login import login_required
 from models.account import Account
 from models.model import App
-from services.app_dsl_service import (
-    IMPORT_INFO_REDIS_KEY_PREFIX,
-    AppDslService,
-    Import,
-    PendingData,
-)
+from services.app_dsl_service import AppDslService, Import
 from services.enterprise.enterprise_service import EnterpriseService
 from services.entities.dsl_entities import CheckDependenciesResult, ImportStatus
 from services.feature_service import FeatureService

 from .. import console_ns
-from .permission_keys import get_app_permission_keys


 class AppImportPayload(BaseModel):
@ -50,24 +39,6 @@ register_enum_models(console_ns, ImportStatus)
 register_schema_models(console_ns, AppImportPayload, Import, CheckDependenciesResult)


-def _current_user_and_tenant_id(current_user: Account | None) -> tuple[Account, str | None]:
-    if current_user is None:
-        account, tenant_id = current_account_with_tenant()
-        return account, str(tenant_id) if tenant_id else None
-
-    current_tenant_id = getattr(current_user, "current_tenant_id", None)
-    if current_tenant_id:
-        return current_user, str(current_tenant_id)
-
-    current_tenant = getattr(current_user, "current_tenant", None)
-    current_tenant_object_id = getattr(current_tenant, "id", None)
-    if current_tenant_object_id:
-        return current_user, str(current_tenant_object_id)
-
-    account, fallback_tenant_id = current_account_with_tenant()
-    return account, str(fallback_tenant_id) if fallback_tenant_id else None
-
-
@console_ns.route("/apps/imports")
 class AppImportApi(Resource):
    @console_ns.expect(console_ns.models[AppImportPayload.__name__])
@ -79,11 +50,10 @@ class AppImportApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("apps")
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_IMPORT_EXPORT_DSL, resource_required=False)
    @with_current_user
-    def post(self, current_user: Account | None = None):
+    def post(self, current_user: Account):
+        # Check user role first
        args = AppImportPayload.model_validate(console_ns.payload)
-        current_user = current_user if current_user is not None else _current_user_and_tenant_id(None)[0]

        # AppDslService performs internal commits for some creation paths, so use a plain
        # Session here instead of nesting it inside sessionmaker(...).begin().
@ -107,20 +77,6 @@ class AppImportApi(Resource):
                session.rollback()
            else:
                session.commit()
-
-        is_created_app = args.app_id is None and result.status in {
-            ImportStatus.COMPLETED,
-            ImportStatus.COMPLETED_WITH_WARNINGS,
-        }
-        if dify_config.RBAC_ENABLED and is_created_app and result.app_id:
-            current_user, current_tenant_id = _current_user_and_tenant_id(current_user)
-            if current_tenant_id:
-                result.permission_keys = get_app_permission_keys(
-                    current_tenant_id,
-                    current_user.id,
-                    result.app_id,
-                )
-
        if result.app_id and FeatureService.get_system_features().webapp_auth.enabled:
            # update web app setting as private
            EnterpriseService.WebAppAuth.update_app_access_mode(result.app_id, "private")
@ -143,16 +99,9 @@ class AppImportConfirmApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_IMPORT_EXPORT_DSL, resource_required=False)
    @with_current_user
-    def post(self, current_user: Account | None = None, import_id: str = ""):
-        current_user = current_user if current_user is not None else _current_user_and_tenant_id(None)[0]
-        redis_key = f"{IMPORT_INFO_REDIS_KEY_PREFIX}{import_id}"
-        pending_data_raw = redis_client.get(redis_key)
-        pending_data: PendingData | None = None
-        if pending_data_raw:
-            pending_data = PendingData.model_validate_json(pending_data_raw)
-
+    def post(self, current_user: Account, import_id: str):
+        # Check user role first
        with Session(db.engine, expire_on_commit=False) as session:
            import_service = AppDslService(session)
            # Confirm import
@ -163,24 +112,6 @@ class AppImportConfirmApi(Resource):
            else:
                session.commit()

-        is_created_app = bool(
-            pending_data
-            and pending_data.app_id is None
-            and result.status
-            in {
-                ImportStatus.COMPLETED,
-                ImportStatus.COMPLETED_WITH_WARNINGS,
-            }
-        )
-        if dify_config.RBAC_ENABLED and is_created_app and result.app_id:
-            current_user, current_tenant_id = _current_user_and_tenant_id(current_user)
-            if current_tenant_id:
-                result.permission_keys = get_app_permission_keys(
-                    current_tenant_id,
-                    current_user.id,
-                    result.app_id,
-                )
-
        # Return appropriate status code based on result
        if result.status == ImportStatus.FAILED:
            return result.model_dump(mode="json"), 400
@ -189,17 +120,12 @@ class AppImportConfirmApi(Resource):

@console_ns.route("/apps/imports/<string:app_id>/check-dependencies")
 class AppImportCheckDependenciesApi(Resource):
-    @console_ns.response(
-        200,
-        "Dependencies checked",
-        console_ns.models[CheckDependenciesResult.__name__],
-    )
+    @console_ns.response(200, "Dependencies checked", console_ns.models[CheckDependenciesResult.__name__])
    @setup_required
    @login_required
    @get_app_model
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    def get(self, app_model: App):
        with Session(db.engine, expire_on_commit=False) as session:
            import_service = AppDslService(session)
--- a/api/controllers/console/app/audio.py
+++ b/api/controllers/console/app/audio.py
@ -22,15 +22,8 @@ from controllers.console.app.error import (
    UnsupportedAudioTypeError,
 )
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
-    account_initialization_required,
-    rbac_permission_required,
-    setup_required,
-)
+from controllers.console.wraps import account_initialization_required, setup_required
 from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotInitError, QuotaExceededError
-from extensions.ext_database import db
 from graphon.model_runtime.errors.invoke import InvokeError
 from libs.login import login_required
 from models import App, AppMode
@ -133,17 +126,16 @@ class ChatMessageTextApi(Resource):
        console_ns.models[AudioBinaryResponse.__name__],
    )
    @console_ns.response(400, "Bad request - Invalid parameters")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def post(self, app_model: App):
        try:
            payload = TextToSpeechPayload.model_validate(console_ns.payload)

            response = AudioService.transcript_tts(
                app_model=app_model,
-                session=db.session,
                text=payload.text,
                voice=payload.voice,
                message_id=payload.message_id,
@ -188,11 +180,10 @@ class TextModesApi(Resource):
        console_ns.models[TextToSpeechVoiceListResponse.__name__],
    )
    @console_ns.response(400, "Invalid language parameter")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
-    @get_app_model
    def get(self, app_model: App):
        try:
            args = TextToSpeechVoiceQuery.model_validate(request.args.to_dict(flat=True))
--- a/api/controllers/console/app/completion.py
+++ b/api/controllers/console/app/completion.py
@ -1,6 +1,5 @@
 import logging
 from typing import Any, Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -11,7 +10,6 @@ import services
 from controllers.common.fields import GeneratedAppResponse, SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.error import (
    AppUnavailableError,
    CompletionRequestError,
@ -22,13 +20,9 @@ from controllers.console.app.error import (
 )
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
-    with_current_tenant_id,
    with_current_user,
    with_current_user_id,
 )
@ -40,15 +34,12 @@ from core.errors.error import (
    QuotaExceededError,
 )
 from core.helper.trace_id_helper import get_external_trace_id
-from extensions.ext_database import db
 from graphon.model_runtime.errors.invoke import InvokeError
 from libs import helper
 from libs.helper import uuid_value
 from libs.login import login_required
 from models import Account
 from models.model import App, AppMode
-from services.agent.errors import AgentNotFoundError
-from services.agent.roster_service import AgentRosterService
 from services.app_generate_service import AppGenerateService
 from services.app_task_service import AppTaskService
 from services.errors.llm import InvokeRateLimitError
@ -119,9 +110,8 @@ class CompletionMessageApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_TEST_AND_RUN)
    @get_app_model(mode=AppMode.COMPLETION)
+    @with_current_user
    def post(self, current_user: Account, app_model: App):
        args_model = CompletionMessagePayload.model_validate(console_ns.payload)
        args = args_model.model_dump(exclude_none=True, by_alias=True)
@ -166,8 +156,8 @@ class CompletionMessageStopApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user_id
    @get_app_model(mode=AppMode.COMPLETION)
+    @with_current_user_id
    def post(self, current_user_id: str, app_model: App, task_id: str):

        AppTaskService.stop_task(
@ -192,39 +182,55 @@ class ChatMessageApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_TEST_AND_RUN)
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.AGENT])
-    def post(self, current_tenant_id: str, current_user: Account, app_model: App):
-        return _create_chat_message(current_tenant_id=current_tenant_id, current_user=current_user, app_model=app_model)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/chat-messages")
-class AgentChatMessageApi(Resource):
-    @console_ns.doc("create_agent_chat_message")
-    @console_ns.doc(description="Generate an Agent App chat message for debugging")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.expect(console_ns.models[ChatMessagePayload.__name__])
-    @console_ns.response(200, "Chat message generated successfully", console_ns.models[GeneratedAppResponse.__name__])
-    @console_ns.response(400, "Invalid request parameters")
-    @console_ns.response(404, "Agent or conversation not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_TEST_AND_RUN)
    @with_current_user
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _create_chat_message(
-            current_tenant_id=current_tenant_id,
-            current_user=current_user,
-            app_model=app_model,
-            agent_id=str(agent_id),
+    def post(self, current_user: Account, app_model: App):
+        raw_payload = console_ns.payload or {}
+        args_model = ChatMessagePayload.model_validate(raw_payload)
+        args = args_model.model_dump(exclude_none=True, by_alias=True)
+
+        streaming = _resolve_debugger_chat_streaming(
+            app_mode=AppMode.value_of(app_model.mode),
+            response_mode=args_model.response_mode,
+            response_mode_provided=isinstance(raw_payload, dict) and "response_mode" in raw_payload,
        )
+        if AppMode.value_of(app_model.mode) == AppMode.AGENT:
+            args["response_mode"] = "streaming"
+        args["auto_generate_name"] = False
+
+        external_trace_id = get_external_trace_id(request)
+        if external_trace_id:
+            args["external_trace_id"] = external_trace_id
+
+        try:
+            response = AppGenerateService.generate(
+                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
+            )
+
+            return helper.compact_generate_response(response)
+        except services.errors.conversation.ConversationNotExistsError:
+            raise NotFound("Conversation Not Exists.")
+        except services.errors.conversation.ConversationCompletedError:
+            raise ConversationCompletedError()
+        except services.errors.app_model_config.AppModelConfigBrokenError:
+            logger.exception("App model config broken.")
+            raise AppUnavailableError()
+        except ProviderTokenNotInitError as ex:
+            raise ProviderNotInitializeError(ex.description)
+        except QuotaExceededError:
+            raise ProviderQuotaExceededError()
+        except ModelCurrentlyNotSupportError:
+            raise ProviderModelCurrentlyNotSupportError()
+        except InvokeRateLimitError as ex:
+            raise InvokeRateLimitHttpError(ex.description)
+        except InvokeError as e:
+            raise CompletionRequestError(e.description)
+        except ValueError as e:
+            raise e
+        except Exception as e:
+            logger.exception("internal server error.")
+            raise InternalServerError()


@console_ns.route("/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
@ -236,116 +242,15 @@ class ChatMessageStopApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user_id
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
-    def post(self, current_user_id: str, app_model: App, task_id: str):
-        return _stop_chat_message(current_user_id=current_user_id, app_model=app_model, task_id=task_id)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/chat-messages/<string:task_id>/stop")
-class AgentChatMessageStopApi(Resource):
-    @console_ns.doc("stop_agent_chat_message")
-    @console_ns.doc(description="Stop a running Agent App chat message generation")
-    @console_ns.doc(params={"agent_id": "Agent ID", "task_id": "Task ID to stop"})
-    @console_ns.response(200, "Task stopped successfully", console_ns.models[SimpleResultResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
    @with_current_user_id
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user_id: str, agent_id: UUID, task_id: str):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _stop_chat_message(current_user_id=current_user_id, app_model=app_model, task_id=task_id)
+    def post(self, current_user_id: str, app_model: App, task_id: str):

-
-def _resolve_current_user_agent_debug_conversation_id(
-    *, current_tenant_id: str, current_user: Account, app_model: App, agent_id: str | None
-) -> str:
-    roster_service = AgentRosterService(db.session)
-    if agent_id:
-        return roster_service.get_or_create_agent_app_debug_conversation_id(
-            tenant_id=current_tenant_id,
-            agent_id=agent_id,
-            account_id=current_user.id,
+        AppTaskService.stop_task(
+            task_id=task_id,
+            invoke_from=InvokeFrom.DEBUGGER,
+            user_id=current_user_id,
+            app_mode=AppMode.value_of(app_model.mode),
        )

-    agent = roster_service.get_app_backing_agent(tenant_id=current_tenant_id, app_id=str(app_model.id))
-    if agent is None:
-        raise AgentNotFoundError()
-    return roster_service.get_or_create_agent_app_debug_conversation_id(
-        tenant_id=current_tenant_id,
-        agent_id=agent.id,
-        account_id=current_user.id,
-    )
-
-
-def _create_chat_message(
-    *, current_user: Account, app_model: App, current_tenant_id: str | None = None, agent_id: str | None = None
-):
-    raw_payload = console_ns.payload or {}
-    args_model = ChatMessagePayload.model_validate(raw_payload)
-    args = args_model.model_dump(exclude_none=True, by_alias=True)
-
-    if AppMode.value_of(app_model.mode) == AppMode.AGENT:
-        debug_conversation_id = _resolve_current_user_agent_debug_conversation_id(
-            current_tenant_id=current_tenant_id or app_model.tenant_id,
-            current_user=current_user,
-            app_model=app_model,
-            agent_id=agent_id,
-        )
-        if args_model.conversation_id and args_model.conversation_id != debug_conversation_id:
-            raise NotFound("Conversation Not Exists.")
-        args["conversation_id"] = debug_conversation_id
-
-    streaming = _resolve_debugger_chat_streaming(
-        app_mode=AppMode.value_of(app_model.mode),
-        response_mode=args_model.response_mode,
-        response_mode_provided=isinstance(raw_payload, dict) and "response_mode" in raw_payload,
-    )
-    if AppMode.value_of(app_model.mode) == AppMode.AGENT:
-        args["response_mode"] = "streaming"
-    args["auto_generate_name"] = False
-
-    external_trace_id = get_external_trace_id(request)
-    if external_trace_id:
-        args["external_trace_id"] = external_trace_id
-
-    try:
-        response = AppGenerateService.generate(
-            app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
-        )
-
-        return helper.compact_generate_response(response)
-    except services.errors.conversation.ConversationNotExistsError:
-        raise NotFound("Conversation Not Exists.")
-    except services.errors.conversation.ConversationCompletedError:
-        raise ConversationCompletedError()
-    except services.errors.app_model_config.AppModelConfigBrokenError:
-        logger.exception("App model config broken.")
-        raise AppUnavailableError()
-    except ProviderTokenNotInitError as ex:
-        raise ProviderNotInitializeError(ex.description)
-    except QuotaExceededError:
-        raise ProviderQuotaExceededError()
-    except ModelCurrentlyNotSupportError:
-        raise ProviderModelCurrentlyNotSupportError()
-    except InvokeRateLimitError as ex:
-        raise InvokeRateLimitHttpError(ex.description)
-    except InvokeError as e:
-        raise CompletionRequestError(e.description)
-    except ValueError as e:
-        raise e
-    except Exception as e:
-        logger.exception("internal server error.")
-        raise InternalServerError()
-
-
-def _stop_chat_message(*, current_user_id: str, app_model: App, task_id: str):
-    AppTaskService.stop_task(
-        task_id=task_id,
-        invoke_from=InvokeFrom.DEBUGGER,
-        user_id=current_user_id,
-        app_mode=AppMode.value_of(app_model.mode),
-    )
-
-    return {"result": "success"}, 200
+        return {"result": "success"}, 200
--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@ -13,11 +13,8 @@ from controllers.common.schema import query_params_from_model, register_schema_m
 from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
    with_current_user,
 )
@ -100,10 +97,9 @@ class CompletionConversationApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=AppMode.COMPLETION)
    @edit_permission_required
    @with_current_user
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
-    @get_app_model(mode=AppMode.COMPLETION)
    def get(self, current_user: Account, app_model: App):
        args = CompletionConversationQuery.model_validate(request.args.to_dict(flat=True))

@ -173,10 +169,9 @@ class CompletionConversationDetailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=AppMode.COMPLETION)
    @edit_permission_required
    @with_current_user
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
-    @get_app_model(mode=AppMode.COMPLETION)
    def get(self, current_user: Account, app_model: App, conversation_id: UUID):
        conversation_id_str = str(conversation_id)
        return ConversationMessageDetailResponse.model_validate(
@ -192,10 +187,9 @@ class CompletionConversationDetailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
-    @with_current_user
    @get_app_model(mode=AppMode.COMPLETION)
+    @edit_permission_required
+    @with_current_user
    def delete(self, current_user: Account, app_model: App, conversation_id: UUID):
        conversation_id_str = str(conversation_id)

@ -218,10 +212,9 @@ class ChatConversationApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @edit_permission_required
    @with_current_user
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
-    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    def get(self, current_user: Account, app_model: App):
        args = ChatConversationQuery.model_validate(request.args.to_dict(flat=True))

@ -330,10 +323,9 @@ class ChatConversationDetailApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @edit_permission_required
    @with_current_user
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
-    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    def get(self, current_user: Account, app_model: App, conversation_id: UUID):
        conversation_id_str = str(conversation_id)
        return ConversationDetailResponse.model_validate(
@ -348,11 +340,10 @@ class ChatConversationDetailApi(Resource):
    @console_ns.response(404, "Conversation not found")
    @setup_required
    @login_required
+    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @with_current_user
-    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    def delete(self, current_user: Account, app_model: App, conversation_id: UUID):
        conversation_id_str = str(conversation_id)

--- a/api/controllers/console/app/conversation_variables.py
+++ b/api/controllers/console/app/conversation_variables.py
@ -12,13 +12,7 @@ from sqlalchemy.orm import sessionmaker
 from controllers.common.schema import query_params_from_model, register_schema_models
 from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
-    account_initialization_required,
-    rbac_permission_required,
-    setup_required,
-)
+from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
 from fields._value_type_serializer import serialize_value_type
 from fields.base import ResponseModel
@ -99,7 +93,6 @@ class ConversationVariablesApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_CREATE_AND_MANAGEMENT)
    @get_app_model(mode=AppMode.ADVANCED_CHAT)
    def get(self, app_model: App):
        args = ConversationVariablesQuery.model_validate(request.args.to_dict(flat=True))
--- a/api/controllers/console/app/mcp_server.py
+++ b/api/controllers/console/app/mcp_server.py
@ -12,11 +12,8 @@ from controllers.common.schema import register_schema_models
 from controllers.console import console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
-    RBACPermission,
-    RBACResourceScope,
    account_initialization_required,
    edit_permission_required,
-    rbac_permission_required,
    setup_required,
    with_current_tenant_id,
 )
@ -86,7 +83,6 @@ class AppMCPServerController(Resource):
    @login_required
    @account_initialization_required
    @setup_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    @get_app_model
    def get(self, app_model: App):
        server = db.session.scalar(select(AppMCPServer).where(AppMCPServer.app_id == app_model.id).limit(1))
@ -103,12 +99,11 @@ class AppMCPServerController(Resource):
    )
    @console_ns.response(403, "Insufficient permissions")
    @account_initialization_required
+    @get_app_model
    @login_required
    @setup_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
    @with_current_tenant_id
-    @get_app_model
    def post(self, current_tenant_id: str, app_model: App):
        payload = MCPServerCreatePayload.model_validate(console_ns.payload or {})

@ -138,12 +133,11 @@ class AppMCPServerController(Resource):
    )
    @console_ns.response(403, "Insufficient permissions")
    @console_ns.response(404, "Server not found")
+    @get_app_model
    @login_required
    @setup_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_EDIT)
-    @get_app_model
    def put(self, app_model: App):
        payload = MCPServerUpdatePayload.model_validate(console_ns.payload or {})
        server = db.session.get(AppMCPServer, payload.id)
@ -180,7 +174,6 @@ class AppMCPServerRefreshController(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
-    @rbac_permission_required(RBACResourceScope.APP, RBACPermission.APP_VIEW_LAYOUT)
    @with_current_tenant_id
    def get(self, current_tenant_id: str, server_id: UUID):
        server = db.session.scalar(
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Stephen Zhou	b7cb4927f5	chore: exclude api and dify-agent from fmt	2026-06-15 18:02:36 +08:00
Stephen Zhou	7d33794853	style: apply vp fmt baseline	2026-06-15 17:51:17 +08:00
Stephen Zhou	996148697e	chore: align fmt and lint boundaries	2026-06-15 17:51:16 +08:00
autofix-ci[bot]	af852a8176	[autofix.ci] apply automated fixes	2026-06-15 09:29:53 +00:00
Stephen Zhou	7ae49bacba	chore: remove stale stylistic disables	2026-06-15 17:24:49 +08:00
Stephen Zhou	e81a5ba3a8	chore: align fmt ignore patterns	2026-06-15 17:15:18 +08:00
Stephen Zhou	f0df9ee016	chore: simplify antfu formatting config	2026-06-15 17:10:54 +08:00
autofix-ci[bot]	0531ffaeba	[autofix.ci] apply automated fixes	2026-06-15 09:04:10 +00:00
Stephen Zhou	230faff872	style: apply vp fmt to tooling files	2026-06-15 16:59:40 +08:00
Stephen Zhou	b078c75ccf	chore: route formatting through vp fmt	2026-06-15 16:59:27 +08:00