init

Refactor: Remove reportUnnecessaryContains from pyrightconfig.json (#26626 )
2026-01-20 12:09:27 +08:00 · 2025-10-10 16:26:05 +08:00 · 2025-10-10 16:25:41 +08:00 · 2025-10-09 10:22:41 +08:00 · 2025-10-09 10:21:56 +08:00 · 2025-10-09 09:24:47 +08:00
2590 changed files with 142057 additions and 42467 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/devcontainers/python:3.12
+FROM mcr.microsoft.com/devcontainers/python:3.12-bookworm

 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install libgmp-dev libmpfr-dev libmpc-dev
--- a/.devcontainer/post_create_command.sh
+++ b/.devcontainer/post_create_command.sh
@ -1,15 +1,16 @@
 #!/bin/bash
+WORKSPACE_ROOT=$(pwd)

 corepack enable
 cd web && pnpm install
 pipx install uv

-echo 'alias start-api="cd /workspaces/dify/api && uv run python -m flask run --host 0.0.0.0 --port=5001 --debug"' >> ~/.bashrc
-echo 'alias start-worker="cd /workspaces/dify/api && uv run python -m celery -A app.celery worker -P gevent -c 1 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion,plugin,workflow_storage"' >> ~/.bashrc
-echo 'alias start-web="cd /workspaces/dify/web && pnpm dev"' >> ~/.bashrc
-echo 'alias start-web-prod="cd /workspaces/dify/web && pnpm build && pnpm start"' >> ~/.bashrc
-echo 'alias start-containers="cd /workspaces/dify/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env up -d"' >> ~/.bashrc
-echo 'alias stop-containers="cd /workspaces/dify/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env down"' >> ~/.bashrc
+echo "alias start-api=\"cd $WORKSPACE_ROOT/api && uv run python -m flask run --host 0.0.0.0 --port=5001 --debug\"" >> ~/.bashrc
+echo "alias start-worker=\"cd $WORKSPACE_ROOT/api && uv run python -m celery -A app.celery worker -P gevent -c 1 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion,plugin,workflow_storage\"" >> ~/.bashrc
+echo "alias start-web=\"cd $WORKSPACE_ROOT/web && pnpm dev\"" >> ~/.bashrc
+echo "alias start-web-prod=\"cd $WORKSPACE_ROOT/web && pnpm build && pnpm start\"" >> ~/.bashrc
+echo "alias start-containers=\"cd $WORKSPACE_ROOT/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env up -d\"" >> ~/.bashrc
+echo "alias stop-containers=\"cd $WORKSPACE_ROOT/docker && docker-compose -f docker-compose.middleware.yaml -p dify --env-file middleware.env down\"" >> ~/.bashrc

 source /home/vscode/.bashrc

--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: "\U0001F510 Security Vulnerabilities"
+    url: "https://github.com/langgenius/dify/security/advisories/new"
+    about: Report security vulnerabilities through GitHub Security Advisories to ensure responsible disclosure. 💡 Please do not report security vulnerabilities in public issues.
  - name: "\U0001F4A1 Model Providers & Plugins"
    url: "https://github.com/langgenius/dify-official-plugins/issues/new/choose"
    about: Report issues with official plugins or model providers, you will need to provide the plugin version and other relevant details.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/web"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 2
+  - package-ecosystem: "uv"
+    directory: "/api"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 2
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@ -15,19 +15,67 @@ jobs:
      # Use uv to ensure we have the same ruff version in CI and locally.
      - uses: astral-sh/setup-uv@v6
        with:
-          python-version: "3.12"
+          python-version: "3.11"
      - run: |
          cd api
          uv sync --dev
+          # fmt first to avoid line too long
+          uv run ruff format ..
          # Fix lint errors
-          uv run ruff check --fix-only .
+          uv run ruff check --fix .
          # Format code
-          uv run ruff format .
+          uv run ruff format ..
+
      - name: ast-grep
        run: |
          uvx --from ast-grep-cli sg --pattern 'db.session.query($WHATEVER).filter($HERE)' --rewrite 'db.session.query($WHATEVER).where($HERE)' -l py --update-all
          uvx --from ast-grep-cli sg --pattern 'session.query($WHATEVER).filter($HERE)' --rewrite 'session.query($WHATEVER).where($HERE)' -l py --update-all
+          # Convert Optional[T] to T | None (ignoring quoted types)
+          cat > /tmp/optional-rule.yml << 'EOF'
+          id: convert-optional-to-union
+          language: python
+          rule:
+            kind: generic_type
+            all:
+              - has:
+                  kind: identifier
+                  pattern: Optional
+              - has:
+                  kind: type_parameter
+                  has:
+                    kind: type
+                    pattern: $T
+          fix: $T | None
+          EOF
+          uvx --from ast-grep-cli sg scan --inline-rules "$(cat /tmp/optional-rule.yml)" --update-all
+          # Fix forward references that were incorrectly converted (Python doesn't support "Type" | None syntax)
+          find . -name "*.py" -type f -exec sed -i.bak -E 's/"([^"]+)" \| None/Optional["\1"]/g; s/'"'"'([^'"'"']+)'"'"' \| None/Optional['"'"'\1'"'"']/g' {} \;
+          find . -name "*.py.bak" -type f -delete
+
      - name: mdformat
        run: |
          uvx mdformat .
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          package_json_file: web/package.json
+          run_install: false
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+          cache-dependency-path: ./web/package.json
+
+      - name: Web dependencies
+        working-directory: ./web
+        run: pnpm install --frozen-lockfile
+
+      - name: oxlint
+        working-directory: ./web
+        run: |
+          pnpx oxlint --fix
+
      - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@ -8,6 +8,7 @@ on:
      - "deploy/enterprise"
      - "build/**"
      - "release/e-*"
+      - "hotfix/**"
    tags:
      - "*"

--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@ -12,12 +12,13 @@ jobs:
  deploy:
    runs-on: ubuntu-latest
    if: |
-      github.event.workflow_run.conclusion == 'success'
+      github.event.workflow_run.conclusion == 'success' &&
+      github.event.workflow_run.head_branch == 'deploy/dev'
    steps:
      - name: Deploy to server
        uses: appleboy/ssh-action@v0.1.8
        with:
-          host: ${{ secrets.SSH_HOST }}
+          host: ${{ secrets.RAG_SSH_HOST }}
          username: ${{ secrets.SSH_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
--- a/.github/workflows/deploy-enterprise.yml
+++ b/.github/workflows/deploy-enterprise.yml
@ -19,11 +19,23 @@ jobs:
      github.event.workflow_run.head_branch == 'deploy/enterprise'

    steps:
-      - name: Deploy to server
-        uses: appleboy/ssh-action@v0.1.8
-        with:
-          host: ${{ secrets.ENTERPRISE_SSH_HOST }}
-          username: ${{ secrets.ENTERPRISE_SSH_USER }}
-          password: ${{ secrets.ENTERPRISE_SSH_PASSWORD }}
-          script: |
-            ${{ vars.ENTERPRISE_SSH_SCRIPT || secrets.ENTERPRISE_SSH_SCRIPT }}
+      - name: trigger deployments
+        env:
+          DEV_ENV_ADDRS: ${{ vars.DEV_ENV_ADDRS }}
+          DEPLOY_SECRET: ${{ secrets.DEPLOY_SECRET }}
+        run: |
+          IFS=',' read -ra ENDPOINTS <<< "${DEV_ENV_ADDRS:-}"
+          BODY='{"project":"dify-api","tag":"deploy-enterprise"}'
+
+          for ENDPOINT in "${ENDPOINTS[@]}"; do
+            ENDPOINT="$(echo "$ENDPOINT" | xargs)"
+            [ -z "$ENDPOINT" ] && continue
+
+            API_SIGNATURE=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$DEPLOY_SECRET" | awk '{print "sha256="$2}')
+
+            curl -sSf -X POST \
+              -H "Content-Type: application/json" \
+              -H "X-Hub-Signature-256: $API_SIGNATURE" \
+              -d "$BODY" \
+              "$ENDPOINT"
+          done
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@ -12,7 +12,6 @@ permissions:
  statuses: write
  contents: read

-
 jobs:
  python-style:
    name: Python Style
@ -44,6 +43,10 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        run: uv sync --project api --dev

+      - name: Run Import Linter
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: uv run --directory api --dev lint-imports
+
      - name: Run Basedpyright Checks
        if: steps.changed-files.outputs.any_changed == 'true'
        run: dev/basedpyright-check
@ -99,7 +102,6 @@ jobs:
        working-directory: ./web
        run: |
          pnpm run lint
-          pnpm run eslint

  docker-compose-template:
    name: Docker Compose Template
--- a/.gitignore
+++ b/.gitignore
@ -227,3 +227,11 @@ web/public/fallback-*.js
 .roo/
 api/.env.backup
 /clickzetta
+
+# Benchmark
+scripts/stress-test/setup/config/
+scripts/stress-test/reports/
+
+# mcp
+.playwright-mcp/
+.serena/
--- a/AGENTS.md
+++ b/AGENTS.md
@ -1 +0,0 @@
-CLAUDE.md
--- a/AGENTS.md
+++ b/AGENTS.md
@ -0,0 +1,54 @@
+# AGENTS.md
+
+## Project Overview
+
+Dify is an open-source platform for developing LLM applications with an intuitive interface combining agentic AI workflows, RAG pipelines, agent capabilities, and model management.
+
+The codebase is split into:
+
+- **Backend API** (`/api`): Python Flask application organized with Domain-Driven Design
+- **Frontend Web** (`/web`): Next.js 15 application using TypeScript and React 19
+- **Docker deployment** (`/docker`): Containerized deployment configurations
+
+## Backend Workflow
+
+- Run backend CLI commands through `uv run --project api <command>`.
+
+- Backend QA gate requires passing `make lint`, `make type-check`, and `uv run --project api --dev dev/pytest/pytest_unit_tests.sh` before review.
+
+- Use Makefile targets for linting and formatting; `make lint` and `make type-check` cover the required checks.
+
+- Integration tests are CI-only and are not expected to run in the local environment.
+
+## Frontend Workflow
+
+```bash
+cd web
+pnpm lint
+pnpm lint:fix
+pnpm test
+```
+
+## Testing & Quality Practices
+
+- Follow TDD: red → green → refactor.
+- Use `pytest` for backend tests with Arrange-Act-Assert structure.
+- Enforce strong typing; avoid `Any` and prefer explicit type annotations.
+- Write self-documenting code; only add comments that explain intent.
+
+## Language Style
+
+- **Python**: Keep type hints on functions and attributes, and implement relevant special methods (e.g., `__repr__`, `__str__`).
+- **TypeScript**: Use the strict config, lean on ESLint + Prettier workflows, and avoid `any` types.
+
+## General Practices
+
+- Prefer editing existing files; add new documentation only when requested.
+- Inject dependencies through constructors and preserve clean architecture boundaries.
+- Handle errors with domain-specific exceptions at the correct layer.
+
+## Project Conventions
+
+- Backend architecture adheres to DDD and Clean Architecture principles.
+- Async work runs through Celery with Redis as the broker.
+- Frontend user-facing strings must use `web/i18n/en-US/`; avoid hardcoded text.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -1,89 +0,0 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-## Project Overview
-
-Dify is an open-source platform for developing LLM applications with an intuitive interface combining agentic AI workflows, RAG pipelines, agent capabilities, and model management.
-
-The codebase consists of:
-
- **Backend API** (`/api`): Python Flask application with Domain-Driven Design architecture
- **Frontend Web** (`/web`): Next.js 15 application with TypeScript and React 19
- **Docker deployment** (`/docker`): Containerized deployment configurations
-
-## Development Commands
-
-### Backend (API)
-
-All Python commands must be prefixed with `uv run --project api`:
-
-```bash
-# Start development servers
-./dev/start-api                   # Start API server
-./dev/start-worker                # Start Celery worker
-
-# Run tests
-uv run --project api pytest      # Run all tests
-uv run --project api pytest tests/unit_tests/     # Unit tests only
-uv run --project api pytest tests/integration_tests/  # Integration tests
-
-# Code quality
-./dev/reformat                    # Run all formatters and linters
-uv run --project api ruff check --fix ./    # Fix linting issues
-uv run --project api ruff format ./         # Format code
-uv run --directory api basedpyright         # Type checking
-```
-
-### Frontend (Web)
-
-```bash
-cd web
-pnpm lint                         # Run ESLint
-pnpm eslint-fix                   # Fix ESLint issues
-pnpm test                         # Run Jest tests
-```
-
-## Testing Guidelines
-
-### Backend Testing
-
- Use `pytest` for all backend tests
- Write tests first (TDD approach)
- Test structure: Arrange-Act-Assert
-
-## Code Style Requirements
-
-### Python
-
- Use type hints for all functions and class attributes
- No `Any` types unless absolutely necessary
- Implement special methods (`__repr__`, `__str__`) appropriately
-
-### TypeScript/JavaScript
-
- Strict TypeScript configuration
- ESLint with Prettier integration
- Avoid `any` type
-
-## Important Notes
-
- **Environment Variables**: Always use UV for Python commands: `uv run --project api <command>`
- **Comments**: Only write meaningful comments that explain "why", not "what"
- **File Creation**: Always prefer editing existing files over creating new ones
- **Documentation**: Don't create documentation files unless explicitly requested
- **Code Quality**: Always run `./dev/reformat` before committing backend changes
-
-## Common Development Tasks
-
-### Adding a New API Endpoint
-
-1. Create controller in `/api/controllers/`
-1. Add service logic in `/api/services/`
-1. Update routes in controller's `__init__.py`
-1. Write tests in `/api/tests/`
-
-## Project-Specific Conventions
-
- All async tasks use Celery with Redis as broker
- **Internationalization**: Frontend supports multiple languages with English (`web/i18n/en-US/`) as the source. All user-facing text must use i18n keys, no hardcoded strings. Edit corresponding module files in `en-US/` directory for translations.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1 @@
+AGENTS.md
--- a/36
+++ b/36
@ -4,10 +4,13 @@ WEB_IMAGE=$(DOCKER_REGISTRY)/dify-web
 API_IMAGE=$(DOCKER_REGISTRY)/dify-api
 VERSION=latest

+# Default target - show help
+.DEFAULT_GOAL := help
+
 # Backend Development Environment Setup
 .PHONY: dev-setup prepare-docker prepare-web prepare-api

-# Default dev setup target
+# Dev setup target
 dev-setup: prepare-docker prepare-web prepare-api
 	@echo "✅ Backend development environment setup complete!"

@ -23,7 +26,6 @@ prepare-web:
 	@echo "🌐 Setting up web environment..."
 	@cp -n web/.env.example web/.env 2>/dev/null || echo "Web .env already exists"
 	@cd web && pnpm install
-	@cd web && pnpm build
 	@echo "✅ Web environment prepared (not started)"

 # Step 3: Prepare API environment
@ -46,6 +48,28 @@ dev-clean:
 	@rm -rf api/storage
 	@echo "✅ Cleanup complete"

+# Backend Code Quality Commands
+format:
+	@echo "🎨 Running ruff format..."
+	@uv run --project api --dev ruff format ./api
+	@echo "✅ Code formatting complete"
+
+check:
+	@echo "🔍 Running ruff check..."
+	@uv run --project api --dev ruff check ./api
+	@echo "✅ Code check complete"
+
+lint:
+	@echo "🔧 Running ruff format, check with fixes, and import linter..."
+	@uv run --project api --dev sh -c 'ruff format ./api && ruff check --fix ./api'
+	@uv run --directory api --dev lint-imports
+	@echo "✅ Linting complete"
+
+type-check:
+	@echo "📝 Running type check with basedpyright..."
+	@uv run --directory api --dev basedpyright
+	@echo "✅ Type check complete"
+
 # Build Docker images
 build-web:
 	@echo "Building web Docker image: $(WEB_IMAGE):$(VERSION)..."
@ -90,6 +114,12 @@ help:
 	@echo "  make prepare-api    - Set up API environment"
 	@echo "  make dev-clean      - Stop Docker middleware containers"
 	@echo ""
+	@echo "Backend Code Quality:"
+	@echo "  make format         - Format code with ruff"
+	@echo "  make check          - Check code with ruff"
+	@echo "  make lint           - Format and fix code with ruff"
+	@echo "  make type-check     - Run type checking with basedpyright"
+	@echo ""
 	@echo "Docker Build Targets:"
 	@echo "  make build-web      - Build web Docker image"
 	@echo "  make build-api      - Build API Docker image"
@ -98,4 +128,4 @@ help:
 	@echo "  make build-push-all - Build and push all Docker images"

 # Phony targets
-.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help
+.PHONY: build-web build-api push-web push-api build-all push-all build-push-all dev-setup prepare-docker prepare-web prepare-api dev-clean help format check lint type-check
--- a/README.md
+++ b/README.md
@ -40,18 +40,18 @@

 <p align="center">
  <a href="./README.md"><img alt="README in English" src="https://img.shields.io/badge/English-d9d9d9"></a>
-  <a href="./README_TW.md"><img alt="繁體中文文件" src="https://img.shields.io/badge/繁體中文-d9d9d9"></a>
-  <a href="./README_CN.md"><img alt="简体中文版自述文件" src="https://img.shields.io/badge/简体中文-d9d9d9"></a>
-  <a href="./README_JA.md"><img alt="日本語のREADME" src="https://img.shields.io/badge/日本語-d9d9d9"></a>
-  <a href="./README_ES.md"><img alt="README en Español" src="https://img.shields.io/badge/Español-d9d9d9"></a>
-  <a href="./README_FR.md"><img alt="README en Français" src="https://img.shields.io/badge/Français-d9d9d9"></a>
-  <a href="./README_KL.md"><img alt="README tlhIngan Hol" src="https://img.shields.io/badge/Klingon-d9d9d9"></a>
-  <a href="./README_KR.md"><img alt="README in Korean" src="https://img.shields.io/badge/한국어-d9d9d9"></a>
-  <a href="./README_AR.md"><img alt="README بالعربية" src="https://img.shields.io/badge/العربية-d9d9d9"></a>
-  <a href="./README_TR.md"><img alt="Türkçe README" src="https://img.shields.io/badge/Türkçe-d9d9d9"></a>
-  <a href="./README_VI.md"><img alt="README Tiếng Việt" src="https://img.shields.io/badge/Ti%E1%BA%BFng%20Vi%E1%BB%87t-d9d9d9"></a>
-  <a href="./README_DE.md"><img alt="README in Deutsch" src="https://img.shields.io/badge/German-d9d9d9"></a>
-  <a href="./README_BN.md"><img alt="README in বাংলা" src="https://img.shields.io/badge/বাংলা-d9d9d9"></a>
+  <a href="./docs/zh-TW/README.md"><img alt="繁體中文文件" src="https://img.shields.io/badge/繁體中文-d9d9d9"></a>
+  <a href="./docs/zh-CN/README.md"><img alt="简体中文文件" src="https://img.shields.io/badge/简体中文-d9d9d9"></a>
+  <a href="./docs/ja-JP/README.md"><img alt="日本語のREADME" src="https://img.shields.io/badge/日本語-d9d9d9"></a>
+  <a href="./docs/es-ES/README.md"><img alt="README en Español" src="https://img.shields.io/badge/Español-d9d9d9"></a>
+  <a href="./docs/fr-FR/README.md"><img alt="README en Français" src="https://img.shields.io/badge/Français-d9d9d9"></a>
+  <a href="./docs/tlh/README.md"><img alt="README tlhIngan Hol" src="https://img.shields.io/badge/Klingon-d9d9d9"></a>
+  <a href="./docs/ko-KR/README.md"><img alt="README in Korean" src="https://img.shields.io/badge/한국어-d9d9d9"></a>
+  <a href="./docs/ar-SA/README.md"><img alt="README بالعربية" src="https://img.shields.io/badge/العربية-d9d9d9"></a>
+  <a href="./docs/tr-TR/README.md"><img alt="Türkçe README" src="https://img.shields.io/badge/Türkçe-d9d9d9"></a>
+  <a href="./docs/vi-VN/README.md"><img alt="README Tiếng Việt" src="https://img.shields.io/badge/Ti%E1%BA%BFng%20Vi%E1%BB%87t-d9d9d9"></a>
+  <a href="./docs/de-DE/README.md"><img alt="README in Deutsch" src="https://img.shields.io/badge/German-d9d9d9"></a>
+  <a href="./docs/bn-BD/README.md"><img alt="README in বাংলা" src="https://img.shields.io/badge/বাংলা-d9d9d9"></a>
 </p>

 Dify is an open-source platform for developing LLM applications. Its intuitive interface combines agentic AI workflows, RAG pipelines, agent capabilities, model management, observability features, and more—allowing you to quickly move from prototype to production.
--- a/api/.env.example
+++ b/api/.env.example
@ -76,6 +76,7 @@ DB_HOST=localhost
 DB_PORT=5432
 DB_DATABASE=dify
 SQLALCHEMY_POOL_PRE_PING=true
+SQLALCHEMY_POOL_TIMEOUT=30

 # Storage configuration
 # use for store upload files, private keys...
@ -303,6 +304,8 @@ BAIDU_VECTOR_DB_API_KEY=dify
 BAIDU_VECTOR_DB_DATABASE=dify
 BAIDU_VECTOR_DB_SHARD=1
 BAIDU_VECTOR_DB_REPLICAS=3
+BAIDU_VECTOR_DB_INVERTED_INDEX_ANALYZER=DEFAULT_ANALYZER
+BAIDU_VECTOR_DB_INVERTED_INDEX_PARSER_MODE=COARSE_MODE

 # Upstash configuration
 UPSTASH_VECTOR_URL=your-server-url
@ -328,7 +331,7 @@ MATRIXONE_DATABASE=dify
 LINDORM_URL=http://ld-*******************-proxy-search-pub.lindorm.aliyuncs.com:30070
 LINDORM_USERNAME=admin
 LINDORM_PASSWORD=admin
-USING_UGC_INDEX=False
+LINDORM_USING_UGC=True
 LINDORM_QUERY_TIMEOUT=1

 # OceanBase Vector configuration
@ -405,6 +408,9 @@ SSRF_DEFAULT_TIME_OUT=5
 SSRF_DEFAULT_CONNECT_TIME_OUT=5
 SSRF_DEFAULT_READ_TIME_OUT=5
 SSRF_DEFAULT_WRITE_TIME_OUT=5
+SSRF_POOL_MAX_CONNECTIONS=100
+SSRF_POOL_MAX_KEEPALIVE_CONNECTIONS=20
+SSRF_POOL_KEEPALIVE_EXPIRY=5.0

 BATCH_UPLOAD_LIMIT=10
 KEYWORD_DATA_SOURCE_TYPE=database
@ -415,10 +421,14 @@ WORKFLOW_FILE_UPLOAD_LIMIT=10
 # CODE EXECUTION CONFIGURATION
 CODE_EXECUTION_ENDPOINT=http://127.0.0.1:8194
 CODE_EXECUTION_API_KEY=dify-sandbox
+CODE_EXECUTION_SSL_VERIFY=True
+CODE_EXECUTION_POOL_MAX_CONNECTIONS=100
+CODE_EXECUTION_POOL_MAX_KEEPALIVE_CONNECTIONS=20
+CODE_EXECUTION_POOL_KEEPALIVE_EXPIRY=5.0
 CODE_MAX_NUMBER=9223372036854775807
 CODE_MIN_NUMBER=-9223372036854775808
-CODE_MAX_STRING_LENGTH=80000
-TEMPLATE_TRANSFORM_MAX_LENGTH=80000
+CODE_MAX_STRING_LENGTH=400000
+TEMPLATE_TRANSFORM_MAX_LENGTH=400000
 CODE_MAX_STRING_ARRAY_LENGTH=30
 CODE_MAX_OBJECT_ARRAY_LENGTH=30
 CODE_MAX_NUMBER_ARRAY_LENGTH=1000
@ -458,9 +468,18 @@ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
 WORKFLOW_MAX_EXECUTION_STEPS=500
 WORKFLOW_MAX_EXECUTION_TIME=1200
 WORKFLOW_CALL_MAX_DEPTH=5
-WORKFLOW_PARALLEL_DEPTH_LIMIT=3
 MAX_VARIABLE_SIZE=204800

+# GraphEngine Worker Pool Configuration
+# Minimum number of workers per GraphEngine instance (default: 1)
+GRAPH_ENGINE_MIN_WORKERS=1
+# Maximum number of workers per GraphEngine instance (default: 10)
+GRAPH_ENGINE_MAX_WORKERS=10
+# Queue depth threshold that triggers worker scale up (default: 3)
+GRAPH_ENGINE_SCALE_UP_THRESHOLD=3
+# Seconds of idle time before scaling down workers (default: 5.0)
+GRAPH_ENGINE_SCALE_DOWN_IDLE_TIME=5.0
+
 # Workflow storage configuration
 # Options: rdbms, hybrid
 # rdbms: Use only the relational database (default)
@ -530,6 +549,7 @@ ENDPOINT_URL_TEMPLATE=http://localhost:5002/e/{hook_id}

 # Reset password token expiry minutes
 RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+EMAIL_REGISTER_TOKEN_EXPIRY_MINUTES=5
 CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES=5
 OWNER_TRANSFER_TOKEN_EXPIRY_MINUTES=5

@ -569,3 +589,7 @@ QUEUE_MONITOR_INTERVAL=30
 # Swagger UI configuration
 SWAGGER_UI_ENABLED=true
 SWAGGER_UI_PATH=/swagger-ui.html
+
+# Whether to encrypt dataset IDs when exporting DSL files (default: true)
+# Set to false to export dataset IDs as plain text for easier cross-environment import
+DSL_EXPORT_ENCRYPT_DATASET_ID=true
--- a/api/.importlinter
+++ b/api/.importlinter
@ -0,0 +1,105 @@
+[importlinter]
+root_packages =
+    core
+    configs
+    controllers
+    models
+    tasks
+    services
+
+[importlinter:contract:workflow]
+name = Workflow
+type=layers
+layers =
+    graph_engine
+    graph_events
+    graph
+    nodes
+    node_events
+    entities
+containers =
+    core.workflow
+ignore_imports =
+    core.workflow.nodes.base.node -> core.workflow.graph_events
+    core.workflow.nodes.iteration.iteration_node -> core.workflow.graph_events
+    core.workflow.nodes.loop.loop_node -> core.workflow.graph_events
+
+    core.workflow.nodes.node_factory -> core.workflow.graph
+    core.workflow.nodes.iteration.iteration_node -> core.workflow.graph_engine
+    core.workflow.nodes.iteration.iteration_node -> core.workflow.graph
+    core.workflow.nodes.iteration.iteration_node -> core.workflow.graph_engine.command_channels
+    core.workflow.nodes.loop.loop_node -> core.workflow.graph_engine
+    core.workflow.nodes.loop.loop_node -> core.workflow.graph
+    core.workflow.nodes.loop.loop_node -> core.workflow.graph_engine.command_channels
+
+[importlinter:contract:rsc]
+name = RSC
+type = layers
+layers =
+    graph_engine
+    response_coordinator
+containers =
+    core.workflow.graph_engine
+
+[importlinter:contract:worker]
+name = Worker
+type = layers
+layers =
+    graph_engine
+    worker
+containers =
+    core.workflow.graph_engine
+
+[importlinter:contract:graph-engine-architecture]
+name = Graph Engine Architecture
+type = layers
+layers =
+    graph_engine
+    orchestration
+    command_processing
+    event_management
+    error_handler
+    graph_traversal
+    graph_state_manager
+    worker_management
+    domain
+containers =
+    core.workflow.graph_engine
+
+[importlinter:contract:domain-isolation]
+name = Domain Model Isolation
+type = forbidden
+source_modules =
+    core.workflow.graph_engine.domain
+forbidden_modules =
+    core.workflow.graph_engine.worker_management
+    core.workflow.graph_engine.command_channels
+    core.workflow.graph_engine.layers
+    core.workflow.graph_engine.protocols
+
+[importlinter:contract:worker-management]
+name = Worker Management
+type = forbidden
+source_modules =
+    core.workflow.graph_engine.worker_management
+forbidden_modules =
+    core.workflow.graph_engine.orchestration
+    core.workflow.graph_engine.command_processing
+    core.workflow.graph_engine.event_management
+
+
+[importlinter:contract:graph-traversal-components]
+name = Graph Traversal Components
+type = layers
+layers =
+    edge_processor
+    skip_propagator
+containers =
+    core.workflow.graph_engine.graph_traversal
+
+[importlinter:contract:command-channels]
+name = Command Channels Independence
+type = independence
+modules =
+    core.workflow.graph_engine.command_channels.in_memory_channel
+    core.workflow.graph_engine.command_channels.redis_channel
--- a/api/.ruff.toml
+++ b/api/.ruff.toml
@ -5,7 +5,7 @@ line-length = 120
 quote-style = "double"

 [lint]
-preview = false
+preview = true
 select = [
    "B",       # flake8-bugbear rules
    "C4",      # flake8-comprehensions
@ -30,6 +30,7 @@ select = [
    "RUF022",  # unsorted-dunder-all
    "S506",    # unsafe-yaml-load
    "SIM",     # flake8-simplify rules
+    "T201",    # print-found
    "TRY400",  # error-instead-of-exception
    "TRY401",  # verbose-log-message
    "UP",      # pyupgrade rules
@ -45,6 +46,7 @@ select = [
    "G001", # don't use str format to logging messages
    "G003", # don't use + in logging messages
    "G004", # don't use f-strings to format logging messages
+    "UP042", # use StrEnum
 ]

 ignore = [
@ -64,6 +66,7 @@ ignore = [
    "B006",    # mutable-argument-default
    "B007",    # unused-loop-control-variable
    "B026",    # star-arg-unpacking-after-keyword-arg
+    "B901",    # allow return in yield
    "B903",    # class-as-data-structure
    "B904",    # raise-without-from-inside-except
    "B905",    # zip-without-explicit-strict
@ -89,11 +92,18 @@ ignore = [
 "configs/*" = [
    "N802", # invalid-function-name
 ]
+"core/model_runtime/callbacks/base_callback.py" = [
+    "T201",
+]
+"core/workflow/callbacks/workflow_logging_callback.py" = [
+    "T201",
+]
 "libs/gmpy2_pkcs10aep_cipher.py" = [
    "N803", # invalid-argument-name
 ]
 "tests/*" = [
    "F811", # redefined-while-unused
+    "T201", # allow print in tests
 ]

 [lint.pyflakes]
--- a/api/README.md
+++ b/api/README.md
@ -80,10 +80,10 @@
 1. If you need to handle and debug the async tasks (e.g. dataset importing and documents indexing), please start the worker service.

 ```bash
-uv run celery -A app.celery worker -P gevent -c 1 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation
+uv run celery -A app.celery worker -P gevent -c 2 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation
 ```

-Addition, if you want to debug the celery scheduled tasks, you can use the following command in another terminal:
+Additionally, if you want to debug the celery scheduled tasks, you can run the following command in another terminal to start the beat service:

 ```bash
 uv run celery -A app.celery beat
--- a/api/app.py
+++ b/api/app.py
@ -1,4 +1,3 @@
-import os
 import sys


@ -17,20 +16,20 @@ else:
    # It seems that JetBrains Python debugger does not work well with gevent,
    # so we need to disable gevent in debug mode.
    # If you are using debugpy and set GEVENT_SUPPORT=True, you can debug with gevent.
-    if (flask_debug := os.environ.get("FLASK_DEBUG", "0")) and flask_debug.lower() in {"false", "0", "no"}:
-        from gevent import monkey
+    # if (flask_debug := os.environ.get("FLASK_DEBUG", "0")) and flask_debug.lower() in {"false", "0", "no"}:
+    # from gevent import monkey
+    #
+    # # gevent
+    # monkey.patch_all()
+    #
+    # from grpc.experimental import gevent as grpc_gevent  # type: ignore
+    #
+    # # grpc gevent
+    # grpc_gevent.init_gevent()

-        # gevent
-        monkey.patch_all()
-
-        from grpc.experimental import gevent as grpc_gevent  # type: ignore
-
-        # grpc gevent
-        grpc_gevent.init_gevent()
-
-        import psycogreen.gevent  # type: ignore
-
-        psycogreen.gevent.patch_psycopg()
+    # import psycogreen.gevent  # type: ignore
+    #
+    # psycogreen.gevent.patch_psycopg()

    from app_factory import create_app

--- a/api/app_factory.py
+++ b/api/app_factory.py
@ -50,6 +50,7 @@ def initialize_extensions(app: DifyApp):
        ext_commands,
        ext_compress,
        ext_database,
+        ext_elasticsearch,
        ext_hosting_provider,
        ext_import_modules,
        ext_logging,
@ -82,6 +83,7 @@ def initialize_extensions(app: DifyApp):
        ext_migrate,
        ext_redis,
        ext_storage,
+        ext_elasticsearch,
        ext_celery,
        ext_login,
        ext_mail,
--- a/api/celery_entrypoint.py
+++ b/api/celery_entrypoint.py
@ -0,0 +1,13 @@
+import psycogreen.gevent as pscycogreen_gevent  # type: ignore
+from grpc.experimental import gevent as grpc_gevent  # type: ignore
+
+# grpc gevent
+grpc_gevent.init_gevent()
+print("gRPC patched with gevent.", flush=True)  # noqa: T201
+pscycogreen_gevent.patch_psycopg()
+print("psycopg2 patched with gevent.", flush=True)  # noqa: T201
+
+
+from app import app, celery
+
+__all__ = ["app", "celery"]
--- a/api/commands.py
+++ b/api/commands.py
--- a/api/configs/init.py
+++ b/api/configs/init.py
@ -1,3 +1,3 @@
 from .app_config import DifyConfig

-dify_config = DifyConfig()
+dify_config = DifyConfig()  # type: ignore
--- a/api/configs/extra/notion_config.py
+++ b/api/configs/extra/notion_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,28 +7,28 @@ class NotionConfig(BaseSettings):
    Configuration settings for Notion integration
    """

-    NOTION_CLIENT_ID: Optional[str] = Field(
+    NOTION_CLIENT_ID: str | None = Field(
        description="Client ID for Notion API authentication. Required for OAuth 2.0 flow.",
        default=None,
    )

-    NOTION_CLIENT_SECRET: Optional[str] = Field(
+    NOTION_CLIENT_SECRET: str | None = Field(
        description="Client secret for Notion API authentication. Required for OAuth 2.0 flow.",
        default=None,
    )

-    NOTION_INTEGRATION_TYPE: Optional[str] = Field(
+    NOTION_INTEGRATION_TYPE: str | None = Field(
        description="Type of Notion integration."
        " Set to 'internal' for internal integrations, or None for public integrations.",
        default=None,
    )

-    NOTION_INTERNAL_SECRET: Optional[str] = Field(
+    NOTION_INTERNAL_SECRET: str | None = Field(
        description="Secret key for internal Notion integrations. Required when NOTION_INTEGRATION_TYPE is 'internal'.",
        default=None,
    )

-    NOTION_INTEGRATION_TOKEN: Optional[str] = Field(
+    NOTION_INTEGRATION_TOKEN: str | None = Field(
        description="Integration token for Notion API access. Used for direct API calls without OAuth flow.",
        default=None,
    )
--- a/api/configs/extra/sentry_config.py
+++ b/api/configs/extra/sentry_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeFloat
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class SentryConfig(BaseSettings):
    Configuration settings for Sentry error tracking and performance monitoring
    """

-    SENTRY_DSN: Optional[str] = Field(
+    SENTRY_DSN: str | None = Field(
        description="Sentry Data Source Name (DSN)."
        " This is the unique identifier of your Sentry project, used to send events to the correct project.",
        default=None,
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -1,4 +1,5 @@
-from typing import Literal, Optional
+from enum import StrEnum
+from typing import Literal

 from pydantic import (
    AliasChoices,
@ -31,6 +32,12 @@ class SecurityConfig(BaseSettings):
        description="Duration in minutes for which a password reset token remains valid",
        default=5,
    )
+
+    EMAIL_REGISTER_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+        description="Duration in minutes for which a email register token remains valid",
+        default=5,
+    )
+
    CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
        description="Duration in minutes for which a change email token remains valid",
        default=5,
@ -51,7 +58,7 @@ class SecurityConfig(BaseSettings):
        default=False,
    )

-    ADMIN_API_KEY: Optional[str] = Field(
+    ADMIN_API_KEY: str | None = Field(
        description="admin api key for authentication",
        default=None,
    )
@ -91,21 +98,36 @@ class CodeExecutionSandboxConfig(BaseSettings):
        default="dify-sandbox",
    )

-    CODE_EXECUTION_CONNECT_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_CONNECT_TIMEOUT: float | None = Field(
        description="Connection timeout in seconds for code execution requests",
        default=10.0,
    )

-    CODE_EXECUTION_READ_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_READ_TIMEOUT: float | None = Field(
        description="Read timeout in seconds for code execution requests",
        default=60.0,
    )

-    CODE_EXECUTION_WRITE_TIMEOUT: Optional[float] = Field(
+    CODE_EXECUTION_WRITE_TIMEOUT: float | None = Field(
        description="Write timeout in seconds for code execution request",
        default=10.0,
    )

+    CODE_EXECUTION_POOL_MAX_CONNECTIONS: PositiveInt = Field(
+        description="Maximum number of concurrent connections for the code execution HTTP client",
+        default=100,
+    )
+
+    CODE_EXECUTION_POOL_MAX_KEEPALIVE_CONNECTIONS: PositiveInt = Field(
+        description="Maximum number of persistent keep-alive connections for the code execution HTTP client",
+        default=20,
+    )
+
+    CODE_EXECUTION_POOL_KEEPALIVE_EXPIRY: PositiveFloat | None = Field(
+        description="Keep-alive expiry in seconds for idle connections (set to None to disable)",
+        default=5.0,
+    )
+
    CODE_MAX_NUMBER: PositiveInt = Field(
        description="Maximum allowed numeric value in code execution",
        default=9223372036854775807,
@ -128,7 +150,7 @@ class CodeExecutionSandboxConfig(BaseSettings):

    CODE_MAX_STRING_LENGTH: PositiveInt = Field(
        description="Maximum allowed length for strings in code execution",
-        default=80000,
+        default=400_000,
    )

    CODE_MAX_STRING_ARRAY_LENGTH: PositiveInt = Field(
@ -146,6 +168,11 @@ class CodeExecutionSandboxConfig(BaseSettings):
        default=1000,
    )

+    CODE_EXECUTION_SSL_VERIFY: bool = Field(
+        description="Enable or disable SSL verification for code execution requests",
+        default=True,
+    )
+

 class PluginConfig(BaseSettings):
    """
@ -362,17 +389,17 @@ class HttpConfig(BaseSettings):
        default=3,
    )

-    SSRF_PROXY_ALL_URL: Optional[str] = Field(
+    SSRF_PROXY_ALL_URL: str | None = Field(
        description="Proxy URL for HTTP or HTTPS requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )

-    SSRF_PROXY_HTTP_URL: Optional[str] = Field(
+    SSRF_PROXY_HTTP_URL: str | None = Field(
        description="Proxy URL for HTTP requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )

-    SSRF_PROXY_HTTPS_URL: Optional[str] = Field(
+    SSRF_PROXY_HTTPS_URL: str | None = Field(
        description="Proxy URL for HTTPS requests to prevent Server-Side Request Forgery (SSRF)",
        default=None,
    )
@ -397,6 +424,21 @@ class HttpConfig(BaseSettings):
        default=5,
    )

+    SSRF_POOL_MAX_CONNECTIONS: PositiveInt = Field(
+        description="Maximum number of concurrent connections for the SSRF HTTP client",
+        default=100,
+    )
+
+    SSRF_POOL_MAX_KEEPALIVE_CONNECTIONS: PositiveInt = Field(
+        description="Maximum number of persistent keep-alive connections for the SSRF HTTP client",
+        default=20,
+    )
+
+    SSRF_POOL_KEEPALIVE_EXPIRY: PositiveFloat | None = Field(
+        description="Keep-alive expiry in seconds for idle SSRF connections (set to None to disable)",
+        default=5.0,
+    )
+
    RESPECT_XFORWARD_HEADERS_ENABLED: bool = Field(
        description="Enable handling of X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port headers"
        " when the app is behind a single trusted reverse proxy.",
@ -414,7 +456,7 @@ class InnerAPIConfig(BaseSettings):
        default=False,
    )

-    INNER_API_KEY: Optional[str] = Field(
+    INNER_API_KEY: str | None = Field(
        description="API key for accessing the internal API",
        default=None,
    )
@ -430,7 +472,7 @@ class LoggingConfig(BaseSettings):
        default="INFO",
    )

-    LOG_FILE: Optional[str] = Field(
+    LOG_FILE: str | None = Field(
        description="File path for log output.",
        default=None,
    )
@ -450,12 +492,12 @@ class LoggingConfig(BaseSettings):
        default="%(asctime)s.%(msecs)03d %(levelname)s [%(threadName)s] [%(filename)s:%(lineno)d] - %(message)s",
    )

-    LOG_DATEFORMAT: Optional[str] = Field(
+    LOG_DATEFORMAT: str | None = Field(
        description="Date format string for log timestamps",
        default=None,
    )

-    LOG_TZ: Optional[str] = Field(
+    LOG_TZ: str | None = Field(
        description="Timezone for log timestamps (e.g., 'America/New_York')",
        default="UTC",
    )
@ -499,6 +541,22 @@ class UpdateConfig(BaseSettings):
    )


+class WorkflowVariableTruncationConfig(BaseSettings):
+    WORKFLOW_VARIABLE_TRUNCATION_MAX_SIZE: PositiveInt = Field(
+        # 100KB
+        1024_000,
+        description="Maximum size for variable to trigger final truncation.",
+    )
+    WORKFLOW_VARIABLE_TRUNCATION_STRING_LENGTH: PositiveInt = Field(
+        100000,
+        description="maximum length for string to trigger tuncation, measure in number of characters",
+    )
+    WORKFLOW_VARIABLE_TRUNCATION_ARRAY_LENGTH: PositiveInt = Field(
+        1000,
+        description="maximum length for array to trigger truncation.",
+    )
+
+
 class WorkflowConfig(BaseSettings):
    """
    Configuration for workflow execution
@ -519,16 +577,38 @@ class WorkflowConfig(BaseSettings):
        default=5,
    )

-    WORKFLOW_PARALLEL_DEPTH_LIMIT: PositiveInt = Field(
-        description="Maximum allowed depth for nested parallel executions",
-        default=3,
-    )
-
    MAX_VARIABLE_SIZE: PositiveInt = Field(
        description="Maximum size in bytes for a single variable in workflows. Default to 200 KB.",
        default=200 * 1024,
    )

+    TEMPLATE_TRANSFORM_MAX_LENGTH: PositiveInt = Field(
+        description="Maximum number of characters allowed in Template Transform node output",
+        default=400_000,
+    )
+
+    # GraphEngine Worker Pool Configuration
+    GRAPH_ENGINE_MIN_WORKERS: PositiveInt = Field(
+        description="Minimum number of workers per GraphEngine instance",
+        default=1,
+    )
+
+    GRAPH_ENGINE_MAX_WORKERS: PositiveInt = Field(
+        description="Maximum number of workers per GraphEngine instance",
+        default=10,
+    )
+
+    GRAPH_ENGINE_SCALE_UP_THRESHOLD: PositiveInt = Field(
+        description="Queue depth threshold that triggers worker scale up",
+        default=3,
+    )
+
+    GRAPH_ENGINE_SCALE_DOWN_IDLE_TIME: float = Field(
+        description="Seconds of idle time before scaling down workers",
+        default=5.0,
+        ge=0.1,
+    )
+

 class WorkflowNodeExecutionConfig(BaseSettings):
    """
@ -579,6 +659,67 @@ class RepositoryConfig(BaseSettings):
    )


+class ElasticsearchConfig(BaseSettings):
+    """
+    Configuration for Elasticsearch integration
+    """
+
+    ELASTICSEARCH_ENABLED: bool = Field(
+        description="Enable Elasticsearch for workflow logs storage",
+        default=False,
+    )
+
+    ELASTICSEARCH_HOSTS: list[str] = Field(
+        description="List of Elasticsearch hosts",
+        default=["http://localhost:9200"],
+    )
+
+    ELASTICSEARCH_USERNAME: str | None = Field(
+        description="Elasticsearch username for authentication",
+        default=None,
+    )
+
+    ELASTICSEARCH_PASSWORD: str | None = Field(
+        description="Elasticsearch password for authentication",
+        default=None,
+    )
+
+    ELASTICSEARCH_USE_SSL: bool = Field(
+        description="Use SSL/TLS for Elasticsearch connections",
+        default=False,
+    )
+
+    ELASTICSEARCH_VERIFY_CERTS: bool = Field(
+        description="Verify SSL certificates for Elasticsearch connections",
+        default=True,
+    )
+
+    ELASTICSEARCH_CA_CERTS: str | None = Field(
+        description="Path to CA certificates file for Elasticsearch SSL verification",
+        default=None,
+    )
+
+    ELASTICSEARCH_TIMEOUT: int = Field(
+        description="Elasticsearch request timeout in seconds",
+        default=30,
+    )
+
+    ELASTICSEARCH_MAX_RETRIES: int = Field(
+        description="Maximum number of retries for Elasticsearch requests",
+        default=3,
+    )
+
+    ELASTICSEARCH_INDEX_PREFIX: str = Field(
+        description="Prefix for Elasticsearch indices",
+        default="dify",
+    )
+
+    ELASTICSEARCH_RETENTION_DAYS: int = Field(
+        description="Number of days to retain data in Elasticsearch",
+        default=30,
+    )
+
+
 class AuthConfig(BaseSettings):
    """
    Configuration for authentication and OAuth
@ -589,22 +730,22 @@ class AuthConfig(BaseSettings):
        default="/console/api/oauth/authorize",
    )

-    GITHUB_CLIENT_ID: Optional[str] = Field(
+    GITHUB_CLIENT_ID: str | None = Field(
        description="GitHub OAuth client ID",
        default=None,
    )

-    GITHUB_CLIENT_SECRET: Optional[str] = Field(
+    GITHUB_CLIENT_SECRET: str | None = Field(
        description="GitHub OAuth client secret",
        default=None,
    )

-    GOOGLE_CLIENT_ID: Optional[str] = Field(
+    GOOGLE_CLIENT_ID: str | None = Field(
        description="Google OAuth client ID",
        default=None,
    )

-    GOOGLE_CLIENT_SECRET: Optional[str] = Field(
+    GOOGLE_CLIENT_SECRET: str | None = Field(
        description="Google OAuth client secret",
        default=None,
    )
@ -639,6 +780,11 @@ class AuthConfig(BaseSettings):
        default=86400,
    )

+    EMAIL_REGISTER_LOCKOUT_DURATION: PositiveInt = Field(
+        description="Time (in seconds) a user must wait before retrying email register after exceeding the rate limit.",
+        default=86400,
+    )
+

 class ModerationConfig(BaseSettings):
    """
@ -662,47 +808,71 @@ class ToolConfig(BaseSettings):
    )


+class TemplateMode(StrEnum):
+    # unsafe mode allows flexible operations in templates, but may cause security vulnerabilities
+    UNSAFE = "unsafe"
+
+    # sandbox mode restricts some unsafe operations like accessing __class__.
+    # however, it is still not 100% safe, for example, cpu exploitation can happen.
+    SANDBOX = "sandbox"
+
+    # templating is disabled
+    DISABLED = "disabled"
+
+
 class MailConfig(BaseSettings):
    """
    Configuration for email services
    """

-    MAIL_TYPE: Optional[str] = Field(
+    MAIL_TEMPLATING_MODE: TemplateMode = Field(
+        description="Template mode for email services",
+        default=TemplateMode.SANDBOX,
+    )
+
+    MAIL_TEMPLATING_TIMEOUT: int = Field(
+        description="""
+        Timeout for email templating in seconds. Used to prevent infinite loops in malicious templates. 
+        Only available in sandbox mode.""",
+        default=3,
+    )
+
+    MAIL_TYPE: str | None = Field(
        description="Email service provider type ('smtp' or 'resend' or 'sendGrid), default to None.",
        default=None,
    )

-    MAIL_DEFAULT_SEND_FROM: Optional[str] = Field(
+    MAIL_DEFAULT_SEND_FROM: str | None = Field(
        description="Default email address to use as the sender",
        default=None,
    )

-    RESEND_API_KEY: Optional[str] = Field(
+    RESEND_API_KEY: str | None = Field(
        description="API key for Resend email service",
        default=None,
    )

-    RESEND_API_URL: Optional[str] = Field(
+    RESEND_API_URL: str | None = Field(
        description="API URL for Resend email service",
        default=None,
    )

-    SMTP_SERVER: Optional[str] = Field(
+    SMTP_SERVER: str | None = Field(
        description="SMTP server hostname",
        default=None,
    )

-    SMTP_PORT: Optional[int] = Field(
+    SMTP_PORT: int | None = Field(
        description="SMTP server port number",
        default=465,
    )

-    SMTP_USERNAME: Optional[str] = Field(
+    SMTP_USERNAME: str | None = Field(
        description="Username for SMTP authentication",
        default=None,
    )

-    SMTP_PASSWORD: Optional[str] = Field(
+    SMTP_PASSWORD: str | None = Field(
        description="Password for SMTP authentication",
        default=None,
    )
@ -722,7 +892,7 @@ class MailConfig(BaseSettings):
        default=50,
    )

-    SENDGRID_API_KEY: Optional[str] = Field(
+    SENDGRID_API_KEY: str | None = Field(
        description="API key for SendGrid service",
        default=None,
    )
@ -745,17 +915,17 @@ class RagEtlConfig(BaseSettings):
        default="database",
    )

-    UNSTRUCTURED_API_URL: Optional[str] = Field(
+    UNSTRUCTURED_API_URL: str | None = Field(
        description="API URL for Unstructured.io service",
        default=None,
    )

-    UNSTRUCTURED_API_KEY: Optional[str] = Field(
+    UNSTRUCTURED_API_KEY: str | None = Field(
        description="API key for Unstructured.io service",
        default="",
    )

-    SCARF_NO_ANALYTICS: Optional[str] = Field(
+    SCARF_NO_ANALYTICS: str | None = Field(
        description="This is about whether to disable Scarf analytics in Unstructured library.",
        default="false",
    )
@ -796,6 +966,11 @@ class DataSetConfig(BaseSettings):
        default=30,
    )

+    DSL_EXPORT_ENCRYPT_DATASET_ID: bool = Field(
+        description="Enable or disable dataset ID encryption when exporting DSL files",
+        default=True,
+    )
+

 class WorkspaceConfig(BaseSettings):
    """
@ -994,6 +1169,7 @@ class FeatureConfig(
    AuthConfig,  # Changed from OAuthConfig to AuthConfig
    BillingConfig,
    CodeExecutionSandboxConfig,
+    ElasticsearchConfig,
    PluginConfig,
    MarketplaceConfig,
    DataSetConfig,
@ -1025,5 +1201,6 @@ class FeatureConfig(
    CeleryBeatConfig,
    CeleryScheduleTasksConfig,
    WorkflowLogConfig,
+    WorkflowVariableTruncationConfig,
 ):
    pass
--- a/api/configs/feature/hosted_service/init.py
+++ b/api/configs/feature/hosted_service/init.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt
 from pydantic_settings import BaseSettings

@ -40,17 +38,17 @@ class HostedOpenAiConfig(BaseSettings):
    Configuration for hosted OpenAI service
    """

-    HOSTED_OPENAI_API_KEY: Optional[str] = Field(
+    HOSTED_OPENAI_API_KEY: str | None = Field(
        description="API key for hosted OpenAI service",
        default=None,
    )

-    HOSTED_OPENAI_API_BASE: Optional[str] = Field(
+    HOSTED_OPENAI_API_BASE: str | None = Field(
        description="Base URL for hosted OpenAI API",
        default=None,
    )

-    HOSTED_OPENAI_API_ORGANIZATION: Optional[str] = Field(
+    HOSTED_OPENAI_API_ORGANIZATION: str | None = Field(
        description="Organization ID for hosted OpenAI service",
        default=None,
    )
@ -110,12 +108,12 @@ class HostedAzureOpenAiConfig(BaseSettings):
        default=False,
    )

-    HOSTED_AZURE_OPENAI_API_KEY: Optional[str] = Field(
+    HOSTED_AZURE_OPENAI_API_KEY: str | None = Field(
        description="API key for hosted Azure OpenAI service",
        default=None,
    )

-    HOSTED_AZURE_OPENAI_API_BASE: Optional[str] = Field(
+    HOSTED_AZURE_OPENAI_API_BASE: str | None = Field(
        description="Base URL for hosted Azure OpenAI API",
        default=None,
    )
@ -131,12 +129,12 @@ class HostedAnthropicConfig(BaseSettings):
    Configuration for hosted Anthropic service
    """

-    HOSTED_ANTHROPIC_API_BASE: Optional[str] = Field(
+    HOSTED_ANTHROPIC_API_BASE: str | None = Field(
        description="Base URL for hosted Anthropic API",
        default=None,
    )

-    HOSTED_ANTHROPIC_API_KEY: Optional[str] = Field(
+    HOSTED_ANTHROPIC_API_KEY: str | None = Field(
        description="API key for hosted Anthropic service",
        default=None,
    )
@ -222,11 +220,28 @@ class HostedFetchAppTemplateConfig(BaseSettings):
    )


+class HostedFetchPipelineTemplateConfig(BaseSettings):
+    """
+    Configuration for fetching pipeline templates
+    """
+
+    HOSTED_FETCH_PIPELINE_TEMPLATES_MODE: str = Field(
+        description="Mode for fetching pipeline templates: remote, db, or builtin default to remote,",
+        default="remote",
+    )
+
+    HOSTED_FETCH_PIPELINE_TEMPLATES_REMOTE_DOMAIN: str = Field(
+        description="Domain for fetching remote pipeline templates",
+        default="https://tmpl.dify.ai",
+    )
+
+
 class HostedServiceConfig(
    # place the configs in alphabet order
    HostedAnthropicConfig,
    HostedAzureOpenAiConfig,
    HostedFetchAppTemplateConfig,
+    HostedFetchPipelineTemplateConfig,
    HostedMinmaxConfig,
    HostedOpenAiConfig,
    HostedSparkConfig,
--- a/api/configs/middleware/init.py
+++ b/api/configs/middleware/init.py
@ -1,5 +1,5 @@
 import os
-from typing import Any, Literal, Optional
+from typing import Any, Literal
 from urllib.parse import parse_qsl, quote_plus

 from pydantic import Field, NonNegativeFloat, NonNegativeInt, PositiveFloat, PositiveInt, computed_field
@ -78,18 +78,18 @@ class StorageConfig(BaseSettings):


 class VectorStoreConfig(BaseSettings):
-    VECTOR_STORE: Optional[str] = Field(
+    VECTOR_STORE: str | None = Field(
        description="Type of vector store to use for efficient similarity search."
        " Set to None if not using a vector store.",
        default=None,
    )

-    VECTOR_STORE_WHITELIST_ENABLE: Optional[bool] = Field(
+    VECTOR_STORE_WHITELIST_ENABLE: bool | None = Field(
        description="Enable whitelist for vector store.",
        default=False,
    )

-    VECTOR_INDEX_NAME_PREFIX: Optional[str] = Field(
+    VECTOR_INDEX_NAME_PREFIX: str | None = Field(
        description="Prefix used to create collection name in vector database",
        default="Vector_index",
    )
@ -187,6 +187,11 @@ class DatabaseConfig(BaseSettings):
        default=False,
    )

+    SQLALCHEMY_POOL_TIMEOUT: NonNegativeInt = Field(
+        description="Number of seconds to wait for a connection from the pool before raising a timeout error.",
+        default=30,
+    )
+
    RETRIEVAL_SERVICE_EXECUTORS: NonNegativeInt = Field(
        description="Number of processes for the retrieval service, default to CPU cores.",
        default=os.cpu_count() or 1,
@ -216,6 +221,7 @@ class DatabaseConfig(BaseSettings):
            "connect_args": connect_args,
            "pool_use_lifo": self.SQLALCHEMY_POOL_USE_LIFO,
            "pool_reset_on_return": None,
+            "pool_timeout": self.SQLALCHEMY_POOL_TIMEOUT,
        }


@ -225,26 +231,26 @@ class CeleryConfig(DatabaseConfig):
        default="redis",
    )

-    CELERY_BROKER_URL: Optional[str] = Field(
+    CELERY_BROKER_URL: str | None = Field(
        description="URL of the message broker for Celery tasks.",
        default=None,
    )

-    CELERY_USE_SENTINEL: Optional[bool] = Field(
+    CELERY_USE_SENTINEL: bool | None = Field(
        description="Whether to use Redis Sentinel for high availability.",
        default=False,
    )

-    CELERY_SENTINEL_MASTER_NAME: Optional[str] = Field(
+    CELERY_SENTINEL_MASTER_NAME: str | None = Field(
        description="Name of the Redis Sentinel master.",
        default=None,
    )

-    CELERY_SENTINEL_PASSWORD: Optional[str] = Field(
+    CELERY_SENTINEL_PASSWORD: str | None = Field(
        description="Password of the Redis Sentinel master.",
        default=None,
    )
-    CELERY_SENTINEL_SOCKET_TIMEOUT: Optional[PositiveFloat] = Field(
+    CELERY_SENTINEL_SOCKET_TIMEOUT: PositiveFloat | None = Field(
        description="Timeout for Redis Sentinel socket operations in seconds.",
        default=0.1,
    )
@ -268,12 +274,12 @@ class InternalTestConfig(BaseSettings):
    Configuration settings for Internal Test
    """

-    AWS_SECRET_ACCESS_KEY: Optional[str] = Field(
+    AWS_SECRET_ACCESS_KEY: str | None = Field(
        description="Internal test AWS secret access key",
        default=None,
    )

-    AWS_ACCESS_KEY_ID: Optional[str] = Field(
+    AWS_ACCESS_KEY_ID: str | None = Field(
        description="Internal test AWS access key ID",
        default=None,
    )
@ -284,15 +290,15 @@ class DatasetQueueMonitorConfig(BaseSettings):
    Configuration settings for Dataset Queue Monitor
    """

-    QUEUE_MONITOR_THRESHOLD: Optional[NonNegativeInt] = Field(
+    QUEUE_MONITOR_THRESHOLD: NonNegativeInt | None = Field(
        description="Threshold for dataset queue monitor",
        default=200,
    )
-    QUEUE_MONITOR_ALERT_EMAILS: Optional[str] = Field(
+    QUEUE_MONITOR_ALERT_EMAILS: str | None = Field(
        description="Emails for dataset queue monitor alert, separated by commas",
        default=None,
    )
-    QUEUE_MONITOR_INTERVAL: Optional[NonNegativeFloat] = Field(
+    QUEUE_MONITOR_INTERVAL: NonNegativeFloat | None = Field(
        description="Interval for dataset queue monitor in minutes",
        default=30,
    )
--- a/api/configs/middleware/cache/redis_config.py
+++ b/api/configs/middleware/cache/redis_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt, PositiveFloat, PositiveInt
 from pydantic_settings import BaseSettings

@ -19,12 +17,12 @@ class RedisConfig(BaseSettings):
        default=6379,
    )

-    REDIS_USERNAME: Optional[str] = Field(
+    REDIS_USERNAME: str | None = Field(
        description="Username for Redis authentication (if required)",
        default=None,
    )

-    REDIS_PASSWORD: Optional[str] = Field(
+    REDIS_PASSWORD: str | None = Field(
        description="Password for Redis authentication (if required)",
        default=None,
    )
@ -44,47 +42,47 @@ class RedisConfig(BaseSettings):
        default="CERT_NONE",
    )

-    REDIS_SSL_CA_CERTS: Optional[str] = Field(
+    REDIS_SSL_CA_CERTS: str | None = Field(
        description="Path to the CA certificate file for SSL verification",
        default=None,
    )

-    REDIS_SSL_CERTFILE: Optional[str] = Field(
+    REDIS_SSL_CERTFILE: str | None = Field(
        description="Path to the client certificate file for SSL authentication",
        default=None,
    )

-    REDIS_SSL_KEYFILE: Optional[str] = Field(
+    REDIS_SSL_KEYFILE: str | None = Field(
        description="Path to the client private key file for SSL authentication",
        default=None,
    )

-    REDIS_USE_SENTINEL: Optional[bool] = Field(
+    REDIS_USE_SENTINEL: bool | None = Field(
        description="Enable Redis Sentinel mode for high availability",
        default=False,
    )

-    REDIS_SENTINELS: Optional[str] = Field(
+    REDIS_SENTINELS: str | None = Field(
        description="Comma-separated list of Redis Sentinel nodes (host:port)",
        default=None,
    )

-    REDIS_SENTINEL_SERVICE_NAME: Optional[str] = Field(
+    REDIS_SENTINEL_SERVICE_NAME: str | None = Field(
        description="Name of the Redis Sentinel service to monitor",
        default=None,
    )

-    REDIS_SENTINEL_USERNAME: Optional[str] = Field(
+    REDIS_SENTINEL_USERNAME: str | None = Field(
        description="Username for Redis Sentinel authentication (if required)",
        default=None,
    )

-    REDIS_SENTINEL_PASSWORD: Optional[str] = Field(
+    REDIS_SENTINEL_PASSWORD: str | None = Field(
        description="Password for Redis Sentinel authentication (if required)",
        default=None,
    )

-    REDIS_SENTINEL_SOCKET_TIMEOUT: Optional[PositiveFloat] = Field(
+    REDIS_SENTINEL_SOCKET_TIMEOUT: PositiveFloat | None = Field(
        description="Socket timeout in seconds for Redis Sentinel connections",
        default=0.1,
    )
@ -94,12 +92,12 @@ class RedisConfig(BaseSettings):
        default=False,
    )

-    REDIS_CLUSTERS: Optional[str] = Field(
+    REDIS_CLUSTERS: str | None = Field(
        description="Comma-separated list of Redis Clusters nodes (host:port)",
        default=None,
    )

-    REDIS_CLUSTERS_PASSWORD: Optional[str] = Field(
+    REDIS_CLUSTERS_PASSWORD: str | None = Field(
        description="Password for Redis Clusters authentication (if required)",
        default=None,
    )
--- a/api/configs/middleware/storage/aliyun_oss_storage_config.py
+++ b/api/configs/middleware/storage/aliyun_oss_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,37 +7,37 @@ class AliyunOSSStorageConfig(BaseSettings):
    Configuration settings for Aliyun Object Storage Service (OSS)
    """

-    ALIYUN_OSS_BUCKET_NAME: Optional[str] = Field(
+    ALIYUN_OSS_BUCKET_NAME: str | None = Field(
        description="Name of the Aliyun OSS bucket to store and retrieve objects",
        default=None,
    )

-    ALIYUN_OSS_ACCESS_KEY: Optional[str] = Field(
+    ALIYUN_OSS_ACCESS_KEY: str | None = Field(
        description="Access key ID for authenticating with Aliyun OSS",
        default=None,
    )

-    ALIYUN_OSS_SECRET_KEY: Optional[str] = Field(
+    ALIYUN_OSS_SECRET_KEY: str | None = Field(
        description="Secret access key for authenticating with Aliyun OSS",
        default=None,
    )

-    ALIYUN_OSS_ENDPOINT: Optional[str] = Field(
+    ALIYUN_OSS_ENDPOINT: str | None = Field(
        description="URL of the Aliyun OSS endpoint for your chosen region",
        default=None,
    )

-    ALIYUN_OSS_REGION: Optional[str] = Field(
+    ALIYUN_OSS_REGION: str | None = Field(
        description="Aliyun OSS region where your bucket is located (e.g., 'oss-cn-hangzhou')",
        default=None,
    )

-    ALIYUN_OSS_AUTH_VERSION: Optional[str] = Field(
+    ALIYUN_OSS_AUTH_VERSION: str | None = Field(
        description="Version of the authentication protocol to use with Aliyun OSS (e.g., 'v4')",
        default=None,
    )

-    ALIYUN_OSS_PATH: Optional[str] = Field(
+    ALIYUN_OSS_PATH: str | None = Field(
        description="Base path within the bucket to store objects (e.g., 'my-app-data/')",
        default=None,
    )
--- a/api/configs/middleware/storage/amazon_s3_storage_config.py
+++ b/api/configs/middleware/storage/amazon_s3_storage_config.py
@ -1,4 +1,4 @@
-from typing import Literal, Optional
+from typing import Literal

 from pydantic import Field
 from pydantic_settings import BaseSettings
@ -9,27 +9,27 @@ class S3StorageConfig(BaseSettings):
    Configuration settings for S3-compatible object storage
    """

-    S3_ENDPOINT: Optional[str] = Field(
+    S3_ENDPOINT: str | None = Field(
        description="URL of the S3-compatible storage endpoint (e.g., 'https://s3.amazonaws.com')",
        default=None,
    )

-    S3_REGION: Optional[str] = Field(
+    S3_REGION: str | None = Field(
        description="Region where the S3 bucket is located (e.g., 'us-east-1')",
        default=None,
    )

-    S3_BUCKET_NAME: Optional[str] = Field(
+    S3_BUCKET_NAME: str | None = Field(
        description="Name of the S3 bucket to store and retrieve objects",
        default=None,
    )

-    S3_ACCESS_KEY: Optional[str] = Field(
+    S3_ACCESS_KEY: str | None = Field(
        description="Access key ID for authenticating with the S3 service",
        default=None,
    )

-    S3_SECRET_KEY: Optional[str] = Field(
+    S3_SECRET_KEY: str | None = Field(
        description="Secret access key for authenticating with the S3 service",
        default=None,
    )
--- a/api/configs/middleware/storage/azure_blob_storage_config.py
+++ b/api/configs/middleware/storage/azure_blob_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,22 +7,22 @@ class AzureBlobStorageConfig(BaseSettings):
    Configuration settings for Azure Blob Storage
    """

-    AZURE_BLOB_ACCOUNT_NAME: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_NAME: str | None = Field(
        description="Name of the Azure Storage account (e.g., 'mystorageaccount')",
        default=None,
    )

-    AZURE_BLOB_ACCOUNT_KEY: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_KEY: str | None = Field(
        description="Access key for authenticating with the Azure Storage account",
        default=None,
    )

-    AZURE_BLOB_CONTAINER_NAME: Optional[str] = Field(
+    AZURE_BLOB_CONTAINER_NAME: str | None = Field(
        description="Name of the Azure Blob container to store and retrieve objects",
        default=None,
    )

-    AZURE_BLOB_ACCOUNT_URL: Optional[str] = Field(
+    AZURE_BLOB_ACCOUNT_URL: str | None = Field(
        description="URL of the Azure Blob storage endpoint (e.g., 'https://mystorageaccount.blob.core.windows.net')",
        default=None,
    )
--- a/api/configs/middleware/storage/baidu_obs_storage_config.py
+++ b/api/configs/middleware/storage/baidu_obs_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,22 +7,22 @@ class BaiduOBSStorageConfig(BaseSettings):
    Configuration settings for Baidu Object Storage Service (OBS)
    """

-    BAIDU_OBS_BUCKET_NAME: Optional[str] = Field(
+    BAIDU_OBS_BUCKET_NAME: str | None = Field(
        description="Name of the Baidu OBS bucket to store and retrieve objects (e.g., 'my-obs-bucket')",
        default=None,
    )

-    BAIDU_OBS_ACCESS_KEY: Optional[str] = Field(
+    BAIDU_OBS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Baidu OBS",
        default=None,
    )

-    BAIDU_OBS_SECRET_KEY: Optional[str] = Field(
+    BAIDU_OBS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Baidu OBS",
        default=None,
    )

-    BAIDU_OBS_ENDPOINT: Optional[str] = Field(
+    BAIDU_OBS_ENDPOINT: str | None = Field(
        description="URL of the Baidu OSS endpoint for your chosen region (e.g., 'https://.bj.bcebos.com')",
        default=None,
    )
--- a/api/configs/middleware/storage/clickzetta_volume_storage_config.py
+++ b/api/configs/middleware/storage/clickzetta_volume_storage_config.py
@ -1,7 +1,5 @@
 """ClickZetta Volume Storage Configuration"""

-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,17 +7,17 @@ from pydantic_settings import BaseSettings
 class ClickZettaVolumeStorageConfig(BaseSettings):
    """Configuration for ClickZetta Volume storage."""

-    CLICKZETTA_VOLUME_USERNAME: Optional[str] = Field(
+    CLICKZETTA_VOLUME_USERNAME: str | None = Field(
        description="Username for ClickZetta Volume authentication",
        default=None,
    )

-    CLICKZETTA_VOLUME_PASSWORD: Optional[str] = Field(
+    CLICKZETTA_VOLUME_PASSWORD: str | None = Field(
        description="Password for ClickZetta Volume authentication",
        default=None,
    )

-    CLICKZETTA_VOLUME_INSTANCE: Optional[str] = Field(
+    CLICKZETTA_VOLUME_INSTANCE: str | None = Field(
        description="ClickZetta instance identifier",
        default=None,
    )
@ -49,7 +47,7 @@ class ClickZettaVolumeStorageConfig(BaseSettings):
        default="user",
    )

-    CLICKZETTA_VOLUME_NAME: Optional[str] = Field(
+    CLICKZETTA_VOLUME_NAME: str | None = Field(
        description="ClickZetta volume name for external volumes",
        default=None,
    )
--- a/api/configs/middleware/storage/google_cloud_storage_config.py
+++ b/api/configs/middleware/storage/google_cloud_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class GoogleCloudStorageConfig(BaseSettings):
    Configuration settings for Google Cloud Storage
    """

-    GOOGLE_STORAGE_BUCKET_NAME: Optional[str] = Field(
+    GOOGLE_STORAGE_BUCKET_NAME: str | None = Field(
        description="Name of the Google Cloud Storage bucket to store and retrieve objects (e.g., 'my-gcs-bucket')",
        default=None,
    )

-    GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: Optional[str] = Field(
+    GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: str | None = Field(
        description="Base64-encoded JSON key file for Google Cloud service account authentication",
        default=None,
    )
--- a/api/configs/middleware/storage/huawei_obs_storage_config.py
+++ b/api/configs/middleware/storage/huawei_obs_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,22 +7,22 @@ class HuaweiCloudOBSStorageConfig(BaseSettings):
    Configuration settings for Huawei Cloud Object Storage Service (OBS)
    """

-    HUAWEI_OBS_BUCKET_NAME: Optional[str] = Field(
+    HUAWEI_OBS_BUCKET_NAME: str | None = Field(
        description="Name of the Huawei Cloud OBS bucket to store and retrieve objects (e.g., 'my-obs-bucket')",
        default=None,
    )

-    HUAWEI_OBS_ACCESS_KEY: Optional[str] = Field(
+    HUAWEI_OBS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Huawei Cloud OBS",
        default=None,
    )

-    HUAWEI_OBS_SECRET_KEY: Optional[str] = Field(
+    HUAWEI_OBS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Huawei Cloud OBS",
        default=None,
    )

-    HUAWEI_OBS_SERVER: Optional[str] = Field(
+    HUAWEI_OBS_SERVER: str | None = Field(
        description="Endpoint URL for Huawei Cloud OBS (e.g., 'https://obs.cn-north-4.myhuaweicloud.com')",
        default=None,
    )
--- a/api/configs/middleware/storage/oci_storage_config.py
+++ b/api/configs/middleware/storage/oci_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class OCIStorageConfig(BaseSettings):
    Configuration settings for Oracle Cloud Infrastructure (OCI) Object Storage
    """

-    OCI_ENDPOINT: Optional[str] = Field(
+    OCI_ENDPOINT: str | None = Field(
        description="URL of the OCI Object Storage endpoint (e.g., 'https://objectstorage.us-phoenix-1.oraclecloud.com')",
        default=None,
    )

-    OCI_REGION: Optional[str] = Field(
+    OCI_REGION: str | None = Field(
        description="OCI region where the bucket is located (e.g., 'us-phoenix-1')",
        default=None,
    )

-    OCI_BUCKET_NAME: Optional[str] = Field(
+    OCI_BUCKET_NAME: str | None = Field(
        description="Name of the OCI Object Storage bucket to store and retrieve objects (e.g., 'my-oci-bucket')",
        default=None,
    )

-    OCI_ACCESS_KEY: Optional[str] = Field(
+    OCI_ACCESS_KEY: str | None = Field(
        description="Access key (also known as API key) for authenticating with OCI Object Storage",
        default=None,
    )

-    OCI_SECRET_KEY: Optional[str] = Field(
+    OCI_SECRET_KEY: str | None = Field(
        description="Secret key associated with the access key for authenticating with OCI Object Storage",
        default=None,
    )
--- a/api/configs/middleware/storage/supabase_storage_config.py
+++ b/api/configs/middleware/storage/supabase_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,17 +7,17 @@ class SupabaseStorageConfig(BaseSettings):
    Configuration settings for Supabase Object Storage Service
    """

-    SUPABASE_BUCKET_NAME: Optional[str] = Field(
+    SUPABASE_BUCKET_NAME: str | None = Field(
        description="Name of the Supabase bucket to store and retrieve objects (e.g., 'dify-bucket')",
        default=None,
    )

-    SUPABASE_API_KEY: Optional[str] = Field(
+    SUPABASE_API_KEY: str | None = Field(
        description="API KEY for authenticating with Supabase",
        default=None,
    )

-    SUPABASE_URL: Optional[str] = Field(
+    SUPABASE_URL: str | None = Field(
        description="URL of the Supabase",
        default=None,
    )
--- a/api/configs/middleware/storage/tencent_cos_storage_config.py
+++ b/api/configs/middleware/storage/tencent_cos_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class TencentCloudCOSStorageConfig(BaseSettings):
    Configuration settings for Tencent Cloud Object Storage (COS)
    """

-    TENCENT_COS_BUCKET_NAME: Optional[str] = Field(
+    TENCENT_COS_BUCKET_NAME: str | None = Field(
        description="Name of the Tencent Cloud COS bucket to store and retrieve objects",
        default=None,
    )

-    TENCENT_COS_REGION: Optional[str] = Field(
+    TENCENT_COS_REGION: str | None = Field(
        description="Tencent Cloud region where the COS bucket is located (e.g., 'ap-guangzhou')",
        default=None,
    )

-    TENCENT_COS_SECRET_ID: Optional[str] = Field(
+    TENCENT_COS_SECRET_ID: str | None = Field(
        description="SecretId for authenticating with Tencent Cloud COS (part of API credentials)",
        default=None,
    )

-    TENCENT_COS_SECRET_KEY: Optional[str] = Field(
+    TENCENT_COS_SECRET_KEY: str | None = Field(
        description="SecretKey for authenticating with Tencent Cloud COS (part of API credentials)",
        default=None,
    )

-    TENCENT_COS_SCHEME: Optional[str] = Field(
+    TENCENT_COS_SCHEME: str | None = Field(
        description="Protocol scheme for COS requests: 'https' (recommended) or 'http'",
        default=None,
    )
--- a/api/configs/middleware/storage/volcengine_tos_storage_config.py
+++ b/api/configs/middleware/storage/volcengine_tos_storage_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class VolcengineTOSStorageConfig(BaseSettings):
    Configuration settings for Volcengine Tinder Object Storage (TOS)
    """

-    VOLCENGINE_TOS_BUCKET_NAME: Optional[str] = Field(
+    VOLCENGINE_TOS_BUCKET_NAME: str | None = Field(
        description="Name of the Volcengine TOS bucket to store and retrieve objects (e.g., 'my-tos-bucket')",
        default=None,
    )

-    VOLCENGINE_TOS_ACCESS_KEY: Optional[str] = Field(
+    VOLCENGINE_TOS_ACCESS_KEY: str | None = Field(
        description="Access Key ID for authenticating with Volcengine TOS",
        default=None,
    )

-    VOLCENGINE_TOS_SECRET_KEY: Optional[str] = Field(
+    VOLCENGINE_TOS_SECRET_KEY: str | None = Field(
        description="Secret Access Key for authenticating with Volcengine TOS",
        default=None,
    )

-    VOLCENGINE_TOS_ENDPOINT: Optional[str] = Field(
+    VOLCENGINE_TOS_ENDPOINT: str | None = Field(
        description="URL of the Volcengine TOS endpoint (e.g., 'https://tos-cn-beijing.volces.com')",
        default=None,
    )

-    VOLCENGINE_TOS_REGION: Optional[str] = Field(
+    VOLCENGINE_TOS_REGION: str | None = Field(
        description="Volcengine region where the TOS bucket is located (e.g., 'cn-beijing')",
        default=None,
    )
--- a/api/configs/middleware/vdb/analyticdb_config.py
+++ b/api/configs/middleware/vdb/analyticdb_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -11,37 +9,37 @@ class AnalyticdbConfig(BaseSettings):
    https://www.alibabacloud.com/help/en/analyticdb-for-postgresql/getting-started/create-an-instance-instances-with-vector-engine-optimization-enabled
    """

-    ANALYTICDB_KEY_ID: Optional[str] = Field(
+    ANALYTICDB_KEY_ID: str | None = Field(
        default=None, description="The Access Key ID provided by Alibaba Cloud for API authentication."
    )
-    ANALYTICDB_KEY_SECRET: Optional[str] = Field(
+    ANALYTICDB_KEY_SECRET: str | None = Field(
        default=None, description="The Secret Access Key corresponding to the Access Key ID for secure API access."
    )
-    ANALYTICDB_REGION_ID: Optional[str] = Field(
+    ANALYTICDB_REGION_ID: str | None = Field(
        default=None,
        description="The region where the AnalyticDB instance is deployed (e.g., 'cn-hangzhou', 'ap-southeast-1').",
    )
-    ANALYTICDB_INSTANCE_ID: Optional[str] = Field(
+    ANALYTICDB_INSTANCE_ID: str | None = Field(
        default=None,
        description="The unique identifier of the AnalyticDB instance you want to connect to.",
    )
-    ANALYTICDB_ACCOUNT: Optional[str] = Field(
+    ANALYTICDB_ACCOUNT: str | None = Field(
        default=None,
        description="The account name used to log in to the AnalyticDB instance"
        " (usually the initial account created with the instance).",
    )
-    ANALYTICDB_PASSWORD: Optional[str] = Field(
+    ANALYTICDB_PASSWORD: str | None = Field(
        default=None, description="The password associated with the AnalyticDB account for database authentication."
    )
-    ANALYTICDB_NAMESPACE: Optional[str] = Field(
+    ANALYTICDB_NAMESPACE: str | None = Field(
        default=None, description="The namespace within AnalyticDB for schema isolation (if using namespace feature)."
    )
-    ANALYTICDB_NAMESPACE_PASSWORD: Optional[str] = Field(
+    ANALYTICDB_NAMESPACE_PASSWORD: str | None = Field(
        default=None,
        description="The password for accessing the specified namespace within the AnalyticDB instance"
        " (if namespace feature is enabled).",
    )
-    ANALYTICDB_HOST: Optional[str] = Field(
+    ANALYTICDB_HOST: str | None = Field(
        default=None, description="The host of the AnalyticDB instance you want to connect to."
    )
    ANALYTICDB_PORT: PositiveInt = Field(
--- a/api/configs/middleware/vdb/baidu_vector_config.py
+++ b/api/configs/middleware/vdb/baidu_vector_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class BaiduVectorDBConfig(BaseSettings):
    Configuration settings for Baidu Vector Database
    """

-    BAIDU_VECTOR_DB_ENDPOINT: Optional[str] = Field(
+    BAIDU_VECTOR_DB_ENDPOINT: str | None = Field(
        description="URL of the Baidu Vector Database service (e.g., 'http://vdb.bj.baidubce.com')",
        default=None,
    )
@ -19,17 +17,17 @@ class BaiduVectorDBConfig(BaseSettings):
        default=30000,
    )

-    BAIDU_VECTOR_DB_ACCOUNT: Optional[str] = Field(
+    BAIDU_VECTOR_DB_ACCOUNT: str | None = Field(
        description="Account for authenticating with the Baidu Vector Database",
        default=None,
    )

-    BAIDU_VECTOR_DB_API_KEY: Optional[str] = Field(
+    BAIDU_VECTOR_DB_API_KEY: str | None = Field(
        description="API key for authenticating with the Baidu Vector Database service",
        default=None,
    )

-    BAIDU_VECTOR_DB_DATABASE: Optional[str] = Field(
+    BAIDU_VECTOR_DB_DATABASE: str | None = Field(
        description="Name of the specific Baidu Vector Database to connect to",
        default=None,
    )
@ -43,3 +41,13 @@ class BaiduVectorDBConfig(BaseSettings):
        description="Number of replicas for the Baidu Vector Database (default is 3)",
        default=3,
    )
+
+    BAIDU_VECTOR_DB_INVERTED_INDEX_ANALYZER: str = Field(
+        description="Analyzer type for inverted index in Baidu Vector Database (default is DEFAULT_ANALYZER)",
+        default="DEFAULT_ANALYZER",
+    )
+
+    BAIDU_VECTOR_DB_INVERTED_INDEX_PARSER_MODE: str = Field(
+        description="Parser mode for inverted index in Baidu Vector Database (default is COARSE_MODE)",
+        default="COARSE_MODE",
+    )
--- a/api/configs/middleware/vdb/chroma_config.py
+++ b/api/configs/middleware/vdb/chroma_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class ChromaConfig(BaseSettings):
    Configuration settings for Chroma vector database
    """

-    CHROMA_HOST: Optional[str] = Field(
+    CHROMA_HOST: str | None = Field(
        description="Hostname or IP address of the Chroma server (e.g., 'localhost' or '192.168.1.100')",
        default=None,
    )
@ -19,22 +17,22 @@ class ChromaConfig(BaseSettings):
        default=8000,
    )

-    CHROMA_TENANT: Optional[str] = Field(
+    CHROMA_TENANT: str | None = Field(
        description="Tenant identifier for multi-tenancy support in Chroma",
        default=None,
    )

-    CHROMA_DATABASE: Optional[str] = Field(
+    CHROMA_DATABASE: str | None = Field(
        description="Name of the Chroma database to connect to",
        default=None,
    )

-    CHROMA_AUTH_PROVIDER: Optional[str] = Field(
+    CHROMA_AUTH_PROVIDER: str | None = Field(
        description="Authentication provider for Chroma (e.g., 'basic', 'token', or a custom provider)",
        default=None,
    )

-    CHROMA_AUTH_CREDENTIALS: Optional[str] = Field(
+    CHROMA_AUTH_CREDENTIALS: str | None = Field(
        description="Authentication credentials for Chroma (format depends on the auth provider)",
        default=None,
    )
--- a/api/configs/middleware/vdb/clickzetta_config.py
+++ b/api/configs/middleware/vdb/clickzetta_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,62 +7,62 @@ class ClickzettaConfig(BaseSettings):
    Clickzetta Lakehouse vector database configuration
    """

-    CLICKZETTA_USERNAME: Optional[str] = Field(
+    CLICKZETTA_USERNAME: str | None = Field(
        description="Username for authenticating with Clickzetta Lakehouse",
        default=None,
    )

-    CLICKZETTA_PASSWORD: Optional[str] = Field(
+    CLICKZETTA_PASSWORD: str | None = Field(
        description="Password for authenticating with Clickzetta Lakehouse",
        default=None,
    )

-    CLICKZETTA_INSTANCE: Optional[str] = Field(
+    CLICKZETTA_INSTANCE: str | None = Field(
        description="Clickzetta Lakehouse instance ID",
        default=None,
    )

-    CLICKZETTA_SERVICE: Optional[str] = Field(
+    CLICKZETTA_SERVICE: str | None = Field(
        description="Clickzetta API service endpoint (e.g., 'api.clickzetta.com')",
        default="api.clickzetta.com",
    )

-    CLICKZETTA_WORKSPACE: Optional[str] = Field(
+    CLICKZETTA_WORKSPACE: str | None = Field(
        description="Clickzetta workspace name",
        default="default",
    )

-    CLICKZETTA_VCLUSTER: Optional[str] = Field(
+    CLICKZETTA_VCLUSTER: str | None = Field(
        description="Clickzetta virtual cluster name",
        default="default_ap",
    )

-    CLICKZETTA_SCHEMA: Optional[str] = Field(
+    CLICKZETTA_SCHEMA: str | None = Field(
        description="Database schema name in Clickzetta",
        default="public",
    )

-    CLICKZETTA_BATCH_SIZE: Optional[int] = Field(
+    CLICKZETTA_BATCH_SIZE: int | None = Field(
        description="Batch size for bulk insert operations",
        default=100,
    )

-    CLICKZETTA_ENABLE_INVERTED_INDEX: Optional[bool] = Field(
+    CLICKZETTA_ENABLE_INVERTED_INDEX: bool | None = Field(
        description="Enable inverted index for full-text search capabilities",
        default=True,
    )

-    CLICKZETTA_ANALYZER_TYPE: Optional[str] = Field(
+    CLICKZETTA_ANALYZER_TYPE: str | None = Field(
        description="Analyzer type for full-text search: keyword, english, chinese, unicode",
        default="chinese",
    )

-    CLICKZETTA_ANALYZER_MODE: Optional[str] = Field(
+    CLICKZETTA_ANALYZER_MODE: str | None = Field(
        description="Analyzer mode for tokenization: max_word (fine-grained) or smart (intelligent)",
        default="smart",
    )

-    CLICKZETTA_VECTOR_DISTANCE_FUNCTION: Optional[str] = Field(
+    CLICKZETTA_VECTOR_DISTANCE_FUNCTION: str | None = Field(
        description="Distance function for vector similarity: l2_distance or cosine_distance",
        default="cosine_distance",
    )
--- a/api/configs/middleware/vdb/couchbase_config.py
+++ b/api/configs/middleware/vdb/couchbase_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class CouchbaseConfig(BaseSettings):
    Couchbase configs
    """

-    COUCHBASE_CONNECTION_STRING: Optional[str] = Field(
+    COUCHBASE_CONNECTION_STRING: str | None = Field(
        description="COUCHBASE connection string",
        default=None,
    )

-    COUCHBASE_USER: Optional[str] = Field(
+    COUCHBASE_USER: str | None = Field(
        description="COUCHBASE user",
        default=None,
    )

-    COUCHBASE_PASSWORD: Optional[str] = Field(
+    COUCHBASE_PASSWORD: str | None = Field(
        description="COUCHBASE password",
        default=None,
    )

-    COUCHBASE_BUCKET_NAME: Optional[str] = Field(
+    COUCHBASE_BUCKET_NAME: str | None = Field(
        description="COUCHBASE bucket name",
        default=None,
    )

-    COUCHBASE_SCOPE_NAME: Optional[str] = Field(
+    COUCHBASE_SCOPE_NAME: str | None = Field(
        description="COUCHBASE scope name",
        default=None,
    )
--- a/api/configs/middleware/vdb/elasticsearch_config.py
+++ b/api/configs/middleware/vdb/elasticsearch_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt, model_validator
 from pydantic_settings import BaseSettings

@ -10,7 +8,7 @@ class ElasticsearchConfig(BaseSettings):
    Can load from environment variables or .env files.
    """

-    ELASTICSEARCH_HOST: Optional[str] = Field(
+    ELASTICSEARCH_HOST: str | None = Field(
        description="Hostname or IP address of the Elasticsearch server (e.g., 'localhost' or '192.168.1.100')",
        default="127.0.0.1",
    )
@ -20,30 +18,28 @@ class ElasticsearchConfig(BaseSettings):
        default=9200,
    )

-    ELASTICSEARCH_USERNAME: Optional[str] = Field(
+    ELASTICSEARCH_USERNAME: str | None = Field(
        description="Username for authenticating with Elasticsearch (default is 'elastic')",
        default="elastic",
    )

-    ELASTICSEARCH_PASSWORD: Optional[str] = Field(
+    ELASTICSEARCH_PASSWORD: str | None = Field(
        description="Password for authenticating with Elasticsearch (default is 'elastic')",
        default="elastic",
    )

    # Elastic Cloud (optional)
-    ELASTICSEARCH_USE_CLOUD: Optional[bool] = Field(
+    ELASTICSEARCH_USE_CLOUD: bool | None = Field(
        description="Set to True to use Elastic Cloud instead of self-hosted Elasticsearch", default=False
    )
-    ELASTICSEARCH_CLOUD_URL: Optional[str] = Field(
+    ELASTICSEARCH_CLOUD_URL: str | None = Field(
        description="Full URL for Elastic Cloud deployment (e.g., 'https://example.es.region.aws.found.io:443')",
        default=None,
    )
-    ELASTICSEARCH_API_KEY: Optional[str] = Field(
-        description="API key for authenticating with Elastic Cloud", default=None
-    )
+    ELASTICSEARCH_API_KEY: str | None = Field(description="API key for authenticating with Elastic Cloud", default=None)

    # Common options
-    ELASTICSEARCH_CA_CERTS: Optional[str] = Field(
+    ELASTICSEARCH_CA_CERTS: str | None = Field(
        description="Path to CA certificate file for SSL verification", default=None
    )
    ELASTICSEARCH_VERIFY_CERTS: bool = Field(
--- a/api/configs/middleware/vdb/huawei_cloud_config.py
+++ b/api/configs/middleware/vdb/huawei_cloud_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,17 +7,17 @@ class HuaweiCloudConfig(BaseSettings):
    Configuration settings for Huawei cloud search service
    """

-    HUAWEI_CLOUD_HOSTS: Optional[str] = Field(
+    HUAWEI_CLOUD_HOSTS: str | None = Field(
        description="Hostname or IP address of the Huawei cloud search service instance",
        default=None,
    )

-    HUAWEI_CLOUD_USER: Optional[str] = Field(
+    HUAWEI_CLOUD_USER: str | None = Field(
        description="Username for authenticating with Huawei cloud search service",
        default=None,
    )

-    HUAWEI_CLOUD_PASSWORD: Optional[str] = Field(
+    HUAWEI_CLOUD_PASSWORD: str | None = Field(
        description="Password for authenticating with Huawei cloud search service",
        default=None,
    )
--- a/api/configs/middleware/vdb/lindorm_config.py
+++ b/api/configs/middleware/vdb/lindorm_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class LindormConfig(BaseSettings):
    Lindorm configs
    """

-    LINDORM_URL: Optional[str] = Field(
+    LINDORM_URL: str | None = Field(
        description="Lindorm url",
        default=None,
    )
-    LINDORM_USERNAME: Optional[str] = Field(
+    LINDORM_USERNAME: str | None = Field(
        description="Lindorm user",
        default=None,
    )
-    LINDORM_PASSWORD: Optional[str] = Field(
+    LINDORM_PASSWORD: str | None = Field(
        description="Lindorm password",
        default=None,
    )
-    DEFAULT_INDEX_TYPE: Optional[str] = Field(
+    LINDORM_INDEX_TYPE: str | None = Field(
        description="Lindorm Vector Index Type, hnsw or flat is available in dify",
        default="hnsw",
    )
-    DEFAULT_DISTANCE_TYPE: Optional[str] = Field(
+    LINDORM_DISTANCE_TYPE: str | None = Field(
        description="Vector Distance Type, support l2, cosinesimil, innerproduct", default="l2"
    )
-    USING_UGC_INDEX: Optional[bool] = Field(
-        description="Using UGC index will store the same type of Index in a single index but can retrieve separately.",
-        default=False,
+    LINDORM_USING_UGC: bool | None = Field(
+        description="Using UGC index will store indexes with the same IndexType/Dimension in a single big index.",
+        default=True,
    )
-    LINDORM_QUERY_TIMEOUT: Optional[float] = Field(description="The lindorm search request timeout (s)", default=2.0)
+    LINDORM_QUERY_TIMEOUT: float | None = Field(description="The lindorm search request timeout (s)", default=2.0)
--- a/api/configs/middleware/vdb/milvus_config.py
+++ b/api/configs/middleware/vdb/milvus_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,22 +7,22 @@ class MilvusConfig(BaseSettings):
    Configuration settings for Milvus vector database
    """

-    MILVUS_URI: Optional[str] = Field(
+    MILVUS_URI: str | None = Field(
        description="URI for connecting to the Milvus server (e.g., 'http://localhost:19530' or 'https://milvus-instance.example.com:19530')",
        default="http://127.0.0.1:19530",
    )

-    MILVUS_TOKEN: Optional[str] = Field(
+    MILVUS_TOKEN: str | None = Field(
        description="Authentication token for Milvus, if token-based authentication is enabled",
        default=None,
    )

-    MILVUS_USER: Optional[str] = Field(
+    MILVUS_USER: str | None = Field(
        description="Username for authenticating with Milvus, if username/password authentication is enabled",
        default=None,
    )

-    MILVUS_PASSWORD: Optional[str] = Field(
+    MILVUS_PASSWORD: str | None = Field(
        description="Password for authenticating with Milvus, if username/password authentication is enabled",
        default=None,
    )
@ -40,7 +38,7 @@ class MilvusConfig(BaseSettings):
        default=True,
    )

-    MILVUS_ANALYZER_PARAMS: Optional[str] = Field(
+    MILVUS_ANALYZER_PARAMS: str | None = Field(
        description='Milvus text analyzer parameters, e.g., {"type": "chinese"} for Chinese segmentation support.',
        default=None,
    )
--- a/api/configs/middleware/vdb/oceanbase_config.py
+++ b/api/configs/middleware/vdb/oceanbase_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class OceanBaseVectorConfig(BaseSettings):
    Configuration settings for OceanBase Vector database
    """

-    OCEANBASE_VECTOR_HOST: Optional[str] = Field(
+    OCEANBASE_VECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the OceanBase Vector server (e.g. 'localhost')",
        default=None,
    )

-    OCEANBASE_VECTOR_PORT: Optional[PositiveInt] = Field(
+    OCEANBASE_VECTOR_PORT: PositiveInt | None = Field(
        description="Port number on which the OceanBase Vector server is listening (default is 2881)",
        default=2881,
    )

-    OCEANBASE_VECTOR_USER: Optional[str] = Field(
+    OCEANBASE_VECTOR_USER: str | None = Field(
        description="Username for authenticating with the OceanBase Vector database",
        default=None,
    )

-    OCEANBASE_VECTOR_PASSWORD: Optional[str] = Field(
+    OCEANBASE_VECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the OceanBase Vector database",
        default=None,
    )

-    OCEANBASE_VECTOR_DATABASE: Optional[str] = Field(
+    OCEANBASE_VECTOR_DATABASE: str | None = Field(
        description="Name of the OceanBase Vector database to connect to",
        default=None,
    )
@ -39,3 +37,15 @@ class OceanBaseVectorConfig(BaseSettings):
        "with older versions",
        default=False,
    )
+
+    OCEANBASE_FULLTEXT_PARSER: str | None = Field(
+        description=(
+            "Fulltext parser to use for text indexing. "
+            "Built-in options: 'ngram' (N-gram tokenizer for English/numbers), "
+            "'beng' (Basic English tokenizer), 'space' (Space-based tokenizer), "
+            "'ngram2' (Improved N-gram tokenizer), 'ik' (Chinese tokenizer). "
+            "External plugins (require installation): 'japanese_ftparser' (Japanese tokenizer), "
+            "'thai_ftparser' (Thai tokenizer). Default is 'ik'"
+        ),
+        default="ik",
+    )
--- a/api/configs/middleware/vdb/opengauss_config.py
+++ b/api/configs/middleware/vdb/opengauss_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class OpenGaussConfig(BaseSettings):
    Configuration settings for OpenGauss
    """

-    OPENGAUSS_HOST: Optional[str] = Field(
+    OPENGAUSS_HOST: str | None = Field(
        description="Hostname or IP address of the OpenGauss server(e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class OpenGaussConfig(BaseSettings):
        default=6600,
    )

-    OPENGAUSS_USER: Optional[str] = Field(
+    OPENGAUSS_USER: str | None = Field(
        description="Username for authenticating with the OpenGauss database",
        default=None,
    )

-    OPENGAUSS_PASSWORD: Optional[str] = Field(
+    OPENGAUSS_PASSWORD: str | None = Field(
        description="Password for authenticating with the OpenGauss database",
        default=None,
    )

-    OPENGAUSS_DATABASE: Optional[str] = Field(
+    OPENGAUSS_DATABASE: str | None = Field(
        description="Name of the OpenGauss database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/opensearch_config.py
+++ b/api/configs/middleware/vdb/opensearch_config.py
@ -1,5 +1,5 @@
-import enum
-from typing import Literal, Optional
+from enum import Enum
+from typing import Literal

 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings
@ -10,7 +10,7 @@ class OpenSearchConfig(BaseSettings):
    Configuration settings for OpenSearch
    """

-    class AuthMethod(enum.StrEnum):
+    class AuthMethod(Enum):
        """
        Authentication method for OpenSearch
        """
@ -18,7 +18,7 @@ class OpenSearchConfig(BaseSettings):
        BASIC = "basic"
        AWS_MANAGED_IAM = "aws_managed_iam"

-    OPENSEARCH_HOST: Optional[str] = Field(
+    OPENSEARCH_HOST: str | None = Field(
        description="Hostname or IP address of the OpenSearch server (e.g., 'localhost' or 'opensearch.example.com')",
        default=None,
    )
@ -43,21 +43,21 @@ class OpenSearchConfig(BaseSettings):
        default=AuthMethod.BASIC,
    )

-    OPENSEARCH_USER: Optional[str] = Field(
+    OPENSEARCH_USER: str | None = Field(
        description="Username for authenticating with OpenSearch",
        default=None,
    )

-    OPENSEARCH_PASSWORD: Optional[str] = Field(
+    OPENSEARCH_PASSWORD: str | None = Field(
        description="Password for authenticating with OpenSearch",
        default=None,
    )

-    OPENSEARCH_AWS_REGION: Optional[str] = Field(
+    OPENSEARCH_AWS_REGION: str | None = Field(
        description="AWS region for OpenSearch (e.g. 'us-west-2')",
        default=None,
    )

-    OPENSEARCH_AWS_SERVICE: Optional[Literal["es", "aoss"]] = Field(
+    OPENSEARCH_AWS_SERVICE: Literal["es", "aoss"] | None = Field(
        description="AWS service for OpenSearch (e.g. 'aoss' for OpenSearch Serverless)", default=None
    )
--- a/api/configs/middleware/vdb/oracle_config.py
+++ b/api/configs/middleware/vdb/oracle_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,33 +7,33 @@ class OracleConfig(BaseSettings):
    Configuration settings for Oracle database
    """

-    ORACLE_USER: Optional[str] = Field(
+    ORACLE_USER: str | None = Field(
        description="Username for authenticating with the Oracle database",
        default=None,
    )

-    ORACLE_PASSWORD: Optional[str] = Field(
+    ORACLE_PASSWORD: str | None = Field(
        description="Password for authenticating with the Oracle database",
        default=None,
    )

-    ORACLE_DSN: Optional[str] = Field(
+    ORACLE_DSN: str | None = Field(
        description="Oracle database connection string. For traditional database, use format 'host:port/service_name'. "
        "For autonomous database, use the service name from tnsnames.ora in the wallet",
        default=None,
    )

-    ORACLE_CONFIG_DIR: Optional[str] = Field(
+    ORACLE_CONFIG_DIR: str | None = Field(
        description="Directory containing the tnsnames.ora configuration file. Only used in thin mode connection",
        default=None,
    )

-    ORACLE_WALLET_LOCATION: Optional[str] = Field(
+    ORACLE_WALLET_LOCATION: str | None = Field(
        description="Oracle wallet directory path containing the wallet files for secure connection",
        default=None,
    )

-    ORACLE_WALLET_PASSWORD: Optional[str] = Field(
+    ORACLE_WALLET_PASSWORD: str | None = Field(
        description="Password to decrypt the Oracle wallet, if it is encrypted",
        default=None,
    )
--- a/api/configs/middleware/vdb/pgvector_config.py
+++ b/api/configs/middleware/vdb/pgvector_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class PGVectorConfig(BaseSettings):
    Configuration settings for PGVector (PostgreSQL with vector extension)
    """

-    PGVECTOR_HOST: Optional[str] = Field(
+    PGVECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the PostgreSQL server with PGVector extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class PGVectorConfig(BaseSettings):
        default=5433,
    )

-    PGVECTOR_USER: Optional[str] = Field(
+    PGVECTOR_USER: str | None = Field(
        description="Username for authenticating with the PostgreSQL database",
        default=None,
    )

-    PGVECTOR_PASSWORD: Optional[str] = Field(
+    PGVECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the PostgreSQL database",
        default=None,
    )

-    PGVECTOR_DATABASE: Optional[str] = Field(
+    PGVECTOR_DATABASE: str | None = Field(
        description="Name of the PostgreSQL database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/pgvectors_config.py
+++ b/api/configs/middleware/vdb/pgvectors_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class PGVectoRSConfig(BaseSettings):
    Configuration settings for PGVecto.RS (Rust-based vector extension for PostgreSQL)
    """

-    PGVECTO_RS_HOST: Optional[str] = Field(
+    PGVECTO_RS_HOST: str | None = Field(
        description="Hostname or IP address of the PostgreSQL server with PGVecto.RS extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class PGVectoRSConfig(BaseSettings):
        default=5431,
    )

-    PGVECTO_RS_USER: Optional[str] = Field(
+    PGVECTO_RS_USER: str | None = Field(
        description="Username for authenticating with the PostgreSQL database using PGVecto.RS",
        default=None,
    )

-    PGVECTO_RS_PASSWORD: Optional[str] = Field(
+    PGVECTO_RS_PASSWORD: str | None = Field(
        description="Password for authenticating with the PostgreSQL database using PGVecto.RS",
        default=None,
    )

-    PGVECTO_RS_DATABASE: Optional[str] = Field(
+    PGVECTO_RS_DATABASE: str | None = Field(
        description="Name of the PostgreSQL database with PGVecto.RS extension to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/qdrant_config.py
+++ b/api/configs/middleware/vdb/qdrant_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class QdrantConfig(BaseSettings):
    Configuration settings for Qdrant vector database
    """

-    QDRANT_URL: Optional[str] = Field(
+    QDRANT_URL: str | None = Field(
        description="URL of the Qdrant server (e.g., 'http://localhost:6333' or 'https://qdrant.example.com')",
        default=None,
    )

-    QDRANT_API_KEY: Optional[str] = Field(
+    QDRANT_API_KEY: str | None = Field(
        description="API key for authenticating with the Qdrant server",
        default=None,
    )
--- a/api/configs/middleware/vdb/relyt_config.py
+++ b/api/configs/middleware/vdb/relyt_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class RelytConfig(BaseSettings):
    Configuration settings for Relyt database
    """

-    RELYT_HOST: Optional[str] = Field(
+    RELYT_HOST: str | None = Field(
        description="Hostname or IP address of the Relyt server (e.g., 'localhost' or 'relyt.example.com')",
        default=None,
    )
@ -19,17 +17,17 @@ class RelytConfig(BaseSettings):
        default=9200,
    )

-    RELYT_USER: Optional[str] = Field(
+    RELYT_USER: str | None = Field(
        description="Username for authenticating with the Relyt database",
        default=None,
    )

-    RELYT_PASSWORD: Optional[str] = Field(
+    RELYT_PASSWORD: str | None = Field(
        description="Password for authenticating with the Relyt database",
        default=None,
    )

-    RELYT_DATABASE: Optional[str] = Field(
+    RELYT_DATABASE: str | None = Field(
        description="Name of the Relyt database to connect to (default is 'default')",
        default="default",
    )
--- a/api/configs/middleware/vdb/tablestore_config.py
+++ b/api/configs/middleware/vdb/tablestore_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,22 +7,22 @@ class TableStoreConfig(BaseSettings):
    Configuration settings for TableStore.
    """

-    TABLESTORE_ENDPOINT: Optional[str] = Field(
+    TABLESTORE_ENDPOINT: str | None = Field(
        description="Endpoint address of the TableStore server (e.g. 'https://instance-name.cn-hangzhou.ots.aliyuncs.com')",
        default=None,
    )

-    TABLESTORE_INSTANCE_NAME: Optional[str] = Field(
+    TABLESTORE_INSTANCE_NAME: str | None = Field(
        description="Instance name to access TableStore server (eg. 'instance-name')",
        default=None,
    )

-    TABLESTORE_ACCESS_KEY_ID: Optional[str] = Field(
+    TABLESTORE_ACCESS_KEY_ID: str | None = Field(
        description="AccessKey id for the instance name",
        default=None,
    )

-    TABLESTORE_ACCESS_KEY_SECRET: Optional[str] = Field(
+    TABLESTORE_ACCESS_KEY_SECRET: str | None = Field(
        description="AccessKey secret for the instance name",
        default=None,
    )
--- a/api/configs/middleware/vdb/tencent_vector_config.py
+++ b/api/configs/middleware/vdb/tencent_vector_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class TencentVectorDBConfig(BaseSettings):
    Configuration settings for Tencent Vector Database
    """

-    TENCENT_VECTOR_DB_URL: Optional[str] = Field(
+    TENCENT_VECTOR_DB_URL: str | None = Field(
        description="URL of the Tencent Vector Database service (e.g., 'https://vectordb.tencentcloudapi.com')",
        default=None,
    )

-    TENCENT_VECTOR_DB_API_KEY: Optional[str] = Field(
+    TENCENT_VECTOR_DB_API_KEY: str | None = Field(
        description="API key for authenticating with the Tencent Vector Database service",
        default=None,
    )
@ -24,12 +22,12 @@ class TencentVectorDBConfig(BaseSettings):
        default=30,
    )

-    TENCENT_VECTOR_DB_USERNAME: Optional[str] = Field(
+    TENCENT_VECTOR_DB_USERNAME: str | None = Field(
        description="Username for authenticating with the Tencent Vector Database (if required)",
        default=None,
    )

-    TENCENT_VECTOR_DB_PASSWORD: Optional[str] = Field(
+    TENCENT_VECTOR_DB_PASSWORD: str | None = Field(
        description="Password for authenticating with the Tencent Vector Database (if required)",
        default=None,
    )
@ -44,7 +42,7 @@ class TencentVectorDBConfig(BaseSettings):
        default=2,
    )

-    TENCENT_VECTOR_DB_DATABASE: Optional[str] = Field(
+    TENCENT_VECTOR_DB_DATABASE: str | None = Field(
        description="Name of the specific Tencent Vector Database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/tidb_on_qdrant_config.py
+++ b/api/configs/middleware/vdb/tidb_on_qdrant_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, NonNegativeInt, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class TidbOnQdrantConfig(BaseSettings):
    Tidb on Qdrant configs
    """

-    TIDB_ON_QDRANT_URL: Optional[str] = Field(
+    TIDB_ON_QDRANT_URL: str | None = Field(
        description="Tidb on Qdrant url",
        default=None,
    )

-    TIDB_ON_QDRANT_API_KEY: Optional[str] = Field(
+    TIDB_ON_QDRANT_API_KEY: str | None = Field(
        description="Tidb on Qdrant api key",
        default=None,
    )
@ -34,37 +32,37 @@ class TidbOnQdrantConfig(BaseSettings):
        default=6334,
    )

-    TIDB_PUBLIC_KEY: Optional[str] = Field(
+    TIDB_PUBLIC_KEY: str | None = Field(
        description="Tidb account public key",
        default=None,
    )

-    TIDB_PRIVATE_KEY: Optional[str] = Field(
+    TIDB_PRIVATE_KEY: str | None = Field(
        description="Tidb account private key",
        default=None,
    )

-    TIDB_API_URL: Optional[str] = Field(
+    TIDB_API_URL: str | None = Field(
        description="Tidb API url",
        default=None,
    )

-    TIDB_IAM_API_URL: Optional[str] = Field(
+    TIDB_IAM_API_URL: str | None = Field(
        description="Tidb IAM API url",
        default=None,
    )

-    TIDB_REGION: Optional[str] = Field(
+    TIDB_REGION: str | None = Field(
        description="Tidb serverless region",
        default="regions/aws-us-east-1",
    )

-    TIDB_PROJECT_ID: Optional[str] = Field(
+    TIDB_PROJECT_ID: str | None = Field(
        description="Tidb project id",
        default=None,
    )

-    TIDB_SPEND_LIMIT: Optional[int] = Field(
+    TIDB_SPEND_LIMIT: int | None = Field(
        description="Tidb spend limit",
        default=100,
    )
--- a/api/configs/middleware/vdb/tidb_vector_config.py
+++ b/api/configs/middleware/vdb/tidb_vector_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,27 +7,27 @@ class TiDBVectorConfig(BaseSettings):
    Configuration settings for TiDB Vector database
    """

-    TIDB_VECTOR_HOST: Optional[str] = Field(
+    TIDB_VECTOR_HOST: str | None = Field(
        description="Hostname or IP address of the TiDB Vector server (e.g., 'localhost' or 'tidb.example.com')",
        default=None,
    )

-    TIDB_VECTOR_PORT: Optional[PositiveInt] = Field(
+    TIDB_VECTOR_PORT: PositiveInt | None = Field(
        description="Port number on which the TiDB Vector server is listening (default is 4000)",
        default=4000,
    )

-    TIDB_VECTOR_USER: Optional[str] = Field(
+    TIDB_VECTOR_USER: str | None = Field(
        description="Username for authenticating with the TiDB Vector database",
        default=None,
    )

-    TIDB_VECTOR_PASSWORD: Optional[str] = Field(
+    TIDB_VECTOR_PASSWORD: str | None = Field(
        description="Password for authenticating with the TiDB Vector database",
        default=None,
    )

-    TIDB_VECTOR_DATABASE: Optional[str] = Field(
+    TIDB_VECTOR_DATABASE: str | None = Field(
        description="Name of the TiDB Vector database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/upstash_config.py
+++ b/api/configs/middleware/vdb/upstash_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class UpstashConfig(BaseSettings):
    Configuration settings for Upstash vector database
    """

-    UPSTASH_VECTOR_URL: Optional[str] = Field(
+    UPSTASH_VECTOR_URL: str | None = Field(
        description="URL of the upstash server (e.g., 'https://vector.upstash.io')",
        default=None,
    )

-    UPSTASH_VECTOR_TOKEN: Optional[str] = Field(
+    UPSTASH_VECTOR_TOKEN: str | None = Field(
        description="Token for authenticating with the upstash server",
        default=None,
    )
--- a/api/configs/middleware/vdb/vastbase_vector_config.py
+++ b/api/configs/middleware/vdb/vastbase_vector_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,7 +7,7 @@ class VastbaseVectorConfig(BaseSettings):
    Configuration settings for Vector (Vastbase with vector extension)
    """

-    VASTBASE_HOST: Optional[str] = Field(
+    VASTBASE_HOST: str | None = Field(
        description="Hostname or IP address of the Vastbase server with Vector extension (e.g., 'localhost')",
        default=None,
    )
@ -19,17 +17,17 @@ class VastbaseVectorConfig(BaseSettings):
        default=5432,
    )

-    VASTBASE_USER: Optional[str] = Field(
+    VASTBASE_USER: str | None = Field(
        description="Username for authenticating with the Vastbase database",
        default=None,
    )

-    VASTBASE_PASSWORD: Optional[str] = Field(
+    VASTBASE_PASSWORD: str | None = Field(
        description="Password for authenticating with the Vastbase database",
        default=None,
    )

-    VASTBASE_DATABASE: Optional[str] = Field(
+    VASTBASE_DATABASE: str | None = Field(
        description="Name of the Vastbase database to connect to",
        default=None,
    )
--- a/api/configs/middleware/vdb/vikingdb_config.py
+++ b/api/configs/middleware/vdb/vikingdb_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field
 from pydantic_settings import BaseSettings

@ -11,14 +9,14 @@ class VikingDBConfig(BaseSettings):
    https://www.volcengine.com/docs/6291/65568
    """

-    VIKINGDB_ACCESS_KEY: Optional[str] = Field(
+    VIKINGDB_ACCESS_KEY: str | None = Field(
        description="The Access Key provided by Volcengine VikingDB for API authentication."
        "Refer to the following documentation for details on obtaining credentials:"
        "https://www.volcengine.com/docs/6291/65568",
        default=None,
    )

-    VIKINGDB_SECRET_KEY: Optional[str] = Field(
+    VIKINGDB_SECRET_KEY: str | None = Field(
        description="The Secret Key provided by Volcengine VikingDB for API authentication.",
        default=None,
    )
--- a/api/configs/middleware/vdb/weaviate_config.py
+++ b/api/configs/middleware/vdb/weaviate_config.py
@ -1,5 +1,3 @@
-from typing import Optional
-
 from pydantic import Field, PositiveInt
 from pydantic_settings import BaseSettings

@ -9,12 +7,12 @@ class WeaviateConfig(BaseSettings):
    Configuration settings for Weaviate vector database
    """

-    WEAVIATE_ENDPOINT: Optional[str] = Field(
+    WEAVIATE_ENDPOINT: str | None = Field(
        description="URL of the Weaviate server (e.g., 'http://localhost:8080' or 'https://weaviate.example.com')",
        default=None,
    )

-    WEAVIATE_API_KEY: Optional[str] = Field(
+    WEAVIATE_API_KEY: str | None = Field(
        description="API key for authenticating with the Weaviate server",
        default=None,
    )
--- a/api/configs/remote_settings_sources/apollo/init.py
+++ b/api/configs/remote_settings_sources/apollo/init.py
@ -1,5 +1,5 @@
 from collections.abc import Mapping
-from typing import Any, Optional
+from typing import Any

 from pydantic import Field
 from pydantic.fields import FieldInfo
@ -15,22 +15,22 @@ class ApolloSettingsSourceInfo(BaseSettings):
    Packaging build information
    """

-    APOLLO_APP_ID: Optional[str] = Field(
+    APOLLO_APP_ID: str | None = Field(
        description="apollo app_id",
        default=None,
    )

-    APOLLO_CLUSTER: Optional[str] = Field(
+    APOLLO_CLUSTER: str | None = Field(
        description="apollo cluster",
        default=None,
    )

-    APOLLO_CONFIG_URL: Optional[str] = Field(
+    APOLLO_CONFIG_URL: str | None = Field(
        description="apollo config url",
        default=None,
    )

-    APOLLO_NAMESPACE: Optional[str] = Field(
+    APOLLO_NAMESPACE: str | None = Field(
        description="apollo namespace",
        default=None,
    )
--- a/api/configs/remote_settings_sources/apollo/utils.py
+++ b/api/configs/remote_settings_sources/apollo/utils.py
@ -29,7 +29,7 @@ def no_key_cache_key(namespace: str, key: str) -> str:


 # Returns whether the obtained value is obtained, and None if it does not
-def get_value_from_dict(namespace_cache: dict[str, Any] | None, key: str) -> Any | None:
+def get_value_from_dict(namespace_cache: dict[str, Any] | None, key: str) -> Any:
    if namespace_cache:
        kv_data = namespace_cache.get(CONFIGURATIONS)
        if kv_data is None:
--- a/api/configs/remote_settings_sources/nacos/http_request.py
+++ b/api/configs/remote_settings_sources/nacos/http_request.py
@ -5,7 +5,7 @@ import logging
 import os
 import time

-import requests
+import httpx

 logger = logging.getLogger(__name__)

@ -30,10 +30,10 @@ class NacosHttpClient:
            params = {}
        try:
            self._inject_auth_info(headers, params)
-            response = requests.request(method, url="http://" + self.server + url, headers=headers, params=params)
+            response = httpx.request(method, url="http://" + self.server + url, headers=headers, params=params)
            response.raise_for_status()
            return response.text
-        except requests.RequestException as e:
+        except httpx.RequestError as e:
            return f"Request to Nacos failed: {e}"

    def _inject_auth_info(self, headers: dict[str, str], params: dict[str, str], module: str = "config") -> None:
@ -78,7 +78,7 @@ class NacosHttpClient:
        params = {"username": self.username, "password": self.password}
        url = "http://" + self.server + "/nacos/v1/auth/login"
        try:
-            resp = requests.request("POST", url, headers=None, params=params)
+            resp = httpx.request("POST", url, headers=None, params=params)
            resp.raise_for_status()
            response_data = resp.json()
            self.token = response_data.get("accessToken")
--- a/api/constants/init.py
+++ b/api/constants/init.py
@ -1,4 +1,5 @@
 from configs import dify_config
+from libs.collection_utils import convert_to_lower_and_upper_set

 HIDDEN_VALUE = "[__HIDDEN__]"
 UNKNOWN_VALUE = "[__UNKNOWN__]"
@ -6,24 +7,39 @@ UUID_NIL = "00000000-0000-0000-0000-000000000000"

 DEFAULT_FILE_NUMBER_LIMITS = 3

-IMAGE_EXTENSIONS = ["jpg", "jpeg", "png", "webp", "gif", "svg"]
-IMAGE_EXTENSIONS.extend([ext.upper() for ext in IMAGE_EXTENSIONS])
+IMAGE_EXTENSIONS = convert_to_lower_and_upper_set({"jpg", "jpeg", "png", "webp", "gif", "svg"})

-VIDEO_EXTENSIONS = ["mp4", "mov", "mpeg", "webm"]
-VIDEO_EXTENSIONS.extend([ext.upper() for ext in VIDEO_EXTENSIONS])
-
-AUDIO_EXTENSIONS = ["mp3", "m4a", "wav", "amr", "mpga"]
-AUDIO_EXTENSIONS.extend([ext.upper() for ext in AUDIO_EXTENSIONS])
+VIDEO_EXTENSIONS = convert_to_lower_and_upper_set({"mp4", "mov", "mpeg", "webm"})

+AUDIO_EXTENSIONS = convert_to_lower_and_upper_set({"mp3", "m4a", "wav", "amr", "mpga"})

+_doc_extensions: set[str]
 if dify_config.ETL_TYPE == "Unstructured":
-    DOCUMENT_EXTENSIONS = ["txt", "markdown", "md", "mdx", "pdf", "html", "htm", "xlsx", "xls", "vtt", "properties"]
-    DOCUMENT_EXTENSIONS.extend(("doc", "docx", "csv", "eml", "msg", "pptx", "xml", "epub"))
+    _doc_extensions = {
+        "txt",
+        "markdown",
+        "md",
+        "mdx",
+        "pdf",
+        "html",
+        "htm",
+        "xlsx",
+        "xls",
+        "vtt",
+        "properties",
+        "doc",
+        "docx",
+        "csv",
+        "eml",
+        "msg",
+        "pptx",
+        "xml",
+        "epub",
+    }
    if dify_config.UNSTRUCTURED_API_URL:
-        DOCUMENT_EXTENSIONS.append("ppt")
-    DOCUMENT_EXTENSIONS.extend([ext.upper() for ext in DOCUMENT_EXTENSIONS])
+        _doc_extensions.add("ppt")
 else:
-    DOCUMENT_EXTENSIONS = [
+    _doc_extensions = {
        "txt",
        "markdown",
        "md",
@ -37,5 +53,5 @@ else:
        "csv",
        "vtt",
        "properties",
-    ]
-    DOCUMENT_EXTENSIONS.extend([ext.upper() for ext in DOCUMENT_EXTENSIONS])
+    }
+DOCUMENT_EXTENSIONS: set[str] = convert_to_lower_and_upper_set(_doc_extensions)
--- a/api/constants/model_template.py
+++ b/api/constants/model_template.py
@ -7,7 +7,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # workflow default mode
    AppMode.WORKFLOW: {
        "app": {
-            "mode": AppMode.WORKFLOW.value,
+            "mode": AppMode.WORKFLOW,
            "enable_site": True,
            "enable_api": True,
        }
@ -15,7 +15,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # completion default mode
    AppMode.COMPLETION: {
        "app": {
-            "mode": AppMode.COMPLETION.value,
+            "mode": AppMode.COMPLETION,
            "enable_site": True,
            "enable_api": True,
        },
@ -44,7 +44,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # chat default mode
    AppMode.CHAT: {
        "app": {
-            "mode": AppMode.CHAT.value,
+            "mode": AppMode.CHAT,
            "enable_site": True,
            "enable_api": True,
        },
@ -60,7 +60,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # advanced-chat default mode
    AppMode.ADVANCED_CHAT: {
        "app": {
-            "mode": AppMode.ADVANCED_CHAT.value,
+            "mode": AppMode.ADVANCED_CHAT,
            "enable_site": True,
            "enable_api": True,
        },
@ -68,7 +68,7 @@ default_app_templates: Mapping[AppMode, Mapping] = {
    # agent-chat default mode
    AppMode.AGENT_CHAT: {
        "app": {
-            "mode": AppMode.AGENT_CHAT.value,
+            "mode": AppMode.AGENT_CHAT,
            "enable_site": True,
            "enable_api": True,
        },
--- a/api/contexts/init.py
+++ b/api/contexts/init.py
@ -5,10 +5,10 @@ from typing import TYPE_CHECKING
 from contexts.wrapper import RecyclableContextVar

 if TYPE_CHECKING:
+    from core.datasource.__base.datasource_provider import DatasourcePluginProviderController
    from core.model_runtime.entities.model_entities import AIModelEntity
    from core.plugin.entities.plugin_daemon import PluginModelProviderEntity
    from core.tools.plugin_tool.provider import PluginToolProviderController
-    from core.workflow.entities.variable_pool import VariablePool


 """
@ -33,3 +33,11 @@ plugin_model_schema_lock: RecyclableContextVar[Lock] = RecyclableContextVar(Cont
 plugin_model_schemas: RecyclableContextVar[dict[str, "AIModelEntity"]] = RecyclableContextVar(
    ContextVar("plugin_model_schemas")
 )
+
+datasource_plugin_providers: RecyclableContextVar[dict[str, "DatasourcePluginProviderController"]] = (
+    RecyclableContextVar(ContextVar("datasource_plugin_providers"))
+)
+
+datasource_plugin_providers_lock: RecyclableContextVar[Lock] = RecyclableContextVar(
+    ContextVar("datasource_plugin_providers_lock")
+)
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@ -1,49 +1,48 @@
+from importlib import import_module
+
 from flask import Blueprint
+from flask_restx import Namespace

 from libs.external_api import ExternalApi

-from .app.app_import import AppImportApi, AppImportCheckDependenciesApi, AppImportConfirmApi
-from .explore.audio import ChatAudioApi, ChatTextApi
-from .explore.completion import ChatApi, ChatStopApi, CompletionApi, CompletionStopApi
-from .explore.conversation import (
-    ConversationApi,
-    ConversationListApi,
-    ConversationPinApi,
-    ConversationRenameApi,
-    ConversationUnPinApi,
-)
-from .explore.message import (
-    MessageFeedbackApi,
-    MessageListApi,
-    MessageMoreLikeThisApi,
-    MessageSuggestedQuestionApi,
-)
-from .explore.workflow import (
-    InstalledAppWorkflowRunApi,
-    InstalledAppWorkflowTaskStopApi,
-)
-from .files import FileApi, FilePreviewApi, FileSupportTypeApi
-from .remote_files import RemoteFileInfoApi, RemoteFileUploadApi
-
 bp = Blueprint("console", __name__, url_prefix="/console/api")
-api = ExternalApi(bp)

-# File
-api.add_resource(FileApi, "/files/upload")
-api.add_resource(FilePreviewApi, "/files/<uuid:file_id>/preview")
-api.add_resource(FileSupportTypeApi, "/files/support-type")
+api = ExternalApi(
+    bp,
+    version="1.0",
+    title="Console API",
+    description="Console management APIs for app configuration, monitoring, and administration",
+)

-# Remote files
-api.add_resource(RemoteFileInfoApi, "/remote-files/<path:url>")
-api.add_resource(RemoteFileUploadApi, "/remote-files/upload")
+console_ns = Namespace("console", description="Console management API operations", path="/")

-# Import App
-api.add_resource(AppImportApi, "/apps/imports")
-api.add_resource(AppImportConfirmApi, "/apps/imports/<string:import_id>/confirm")
-api.add_resource(AppImportCheckDependenciesApi, "/apps/imports/<string:app_id>/check-dependencies")
+RESOURCE_MODULES = (
+    "controllers.console.app.app_import",
+    "controllers.console.explore.audio",
+    "controllers.console.explore.completion",
+    "controllers.console.explore.conversation",
+    "controllers.console.explore.message",
+    "controllers.console.explore.workflow",
+    "controllers.console.files",
+    "controllers.console.remote_files",
+)

+for module_name in RESOURCE_MODULES:
+    import_module(module_name)
+
+# Ensure resource modules are imported so route decorators are evaluated.
 # Import other controllers
-from . import admin, apikey, extension, feature, ping, setup, version
+from . import (
+    admin,
+    apikey,
+    extension,
+    feature,
+    init_validate,
+    ping,
+    setup,
+    spec,
+    version,
+)

 # Import app controllers
 from .app import (
@ -70,7 +69,16 @@ from .app import (
 )

 # Import auth controllers
-from .auth import activate, data_source_bearer_auth, data_source_oauth, forgot_password, login, oauth, oauth_server
+from .auth import (
+    activate,
+    data_source_bearer_auth,
+    data_source_oauth,
+    email_register,
+    forgot_password,
+    login,
+    oauth,
+    oauth_server,
+)

 # Import billing controllers
 from .billing import billing, compliance
@ -86,6 +94,15 @@ from .datasets import (
    metadata,
    website,
 )
+from .datasets.rag_pipeline import (
+    datasource_auth,
+    datasource_content_preview,
+    rag_pipeline,
+    rag_pipeline_datasets,
+    rag_pipeline_draft_variable,
+    rag_pipeline_import,
+    rag_pipeline_workflow,
+)

 # Import explore controllers
 from .explore import (
@ -95,77 +112,6 @@ from .explore import (
    saved_message,
 )

-# Explore Audio
-api.add_resource(ChatAudioApi, "/installed-apps/<uuid:installed_app_id>/audio-to-text", endpoint="installed_app_audio")
-api.add_resource(ChatTextApi, "/installed-apps/<uuid:installed_app_id>/text-to-audio", endpoint="installed_app_text")
-
-# Explore Completion
-api.add_resource(
-    CompletionApi, "/installed-apps/<uuid:installed_app_id>/completion-messages", endpoint="installed_app_completion"
-)
-api.add_resource(
-    CompletionStopApi,
-    "/installed-apps/<uuid:installed_app_id>/completion-messages/<string:task_id>/stop",
-    endpoint="installed_app_stop_completion",
-)
-api.add_resource(
-    ChatApi, "/installed-apps/<uuid:installed_app_id>/chat-messages", endpoint="installed_app_chat_completion"
-)
-api.add_resource(
-    ChatStopApi,
-    "/installed-apps/<uuid:installed_app_id>/chat-messages/<string:task_id>/stop",
-    endpoint="installed_app_stop_chat_completion",
-)
-
-# Explore Conversation
-api.add_resource(
-    ConversationRenameApi,
-    "/installed-apps/<uuid:installed_app_id>/conversations/<uuid:c_id>/name",
-    endpoint="installed_app_conversation_rename",
-)
-api.add_resource(
-    ConversationListApi, "/installed-apps/<uuid:installed_app_id>/conversations", endpoint="installed_app_conversations"
-)
-api.add_resource(
-    ConversationApi,
-    "/installed-apps/<uuid:installed_app_id>/conversations/<uuid:c_id>",
-    endpoint="installed_app_conversation",
-)
-api.add_resource(
-    ConversationPinApi,
-    "/installed-apps/<uuid:installed_app_id>/conversations/<uuid:c_id>/pin",
-    endpoint="installed_app_conversation_pin",
-)
-api.add_resource(
-    ConversationUnPinApi,
-    "/installed-apps/<uuid:installed_app_id>/conversations/<uuid:c_id>/unpin",
-    endpoint="installed_app_conversation_unpin",
-)
-
-
-# Explore Message
-api.add_resource(MessageListApi, "/installed-apps/<uuid:installed_app_id>/messages", endpoint="installed_app_messages")
-api.add_resource(
-    MessageFeedbackApi,
-    "/installed-apps/<uuid:installed_app_id>/messages/<uuid:message_id>/feedbacks",
-    endpoint="installed_app_message_feedback",
-)
-api.add_resource(
-    MessageMoreLikeThisApi,
-    "/installed-apps/<uuid:installed_app_id>/messages/<uuid:message_id>/more-like-this",
-    endpoint="installed_app_more_like_this",
-)
-api.add_resource(
-    MessageSuggestedQuestionApi,
-    "/installed-apps/<uuid:installed_app_id>/messages/<uuid:message_id>/suggested-questions",
-    endpoint="installed_app_suggested_question",
-)
-# Explore Workflow
-api.add_resource(InstalledAppWorkflowRunApi, "/installed-apps/<uuid:installed_app_id>/workflows/run")
-api.add_resource(
-    InstalledAppWorkflowTaskStopApi, "/installed-apps/<uuid:installed_app_id>/workflows/tasks/<string:task_id>/stop"
-)
-
 # Import tag controllers
 from .tag import tags

@ -182,3 +128,80 @@ from .workspace import (
    tool_providers,
    workspace,
 )
+
+api.add_namespace(console_ns)
+
+__all__ = [
+    "account",
+    "activate",
+    "admin",
+    "advanced_prompt_template",
+    "agent",
+    "agent_providers",
+    "annotation",
+    "api",
+    "apikey",
+    "app",
+    "audio",
+    "billing",
+    "bp",
+    "completion",
+    "compliance",
+    "console_ns",
+    "conversation",
+    "conversation_variables",
+    "data_source",
+    "data_source_bearer_auth",
+    "data_source_oauth",
+    "datasets",
+    "datasets_document",
+    "datasets_segments",
+    "datasource_auth",
+    "datasource_content_preview",
+    "email_register",
+    "endpoint",
+    "extension",
+    "external",
+    "feature",
+    "forgot_password",
+    "generator",
+    "hit_testing",
+    "init_validate",
+    "installed_app",
+    "load_balancing_config",
+    "login",
+    "mcp_server",
+    "members",
+    "message",
+    "metadata",
+    "model_config",
+    "model_providers",
+    "models",
+    "oauth",
+    "oauth_server",
+    "ops_trace",
+    "parameter",
+    "ping",
+    "plugin",
+    "rag_pipeline",
+    "rag_pipeline_datasets",
+    "rag_pipeline_draft_variable",
+    "rag_pipeline_import",
+    "rag_pipeline_workflow",
+    "recommended_app",
+    "saved_message",
+    "setup",
+    "site",
+    "spec",
+    "statistic",
+    "tags",
+    "tool_providers",
+    "version",
+    "website",
+    "workflow",
+    "workflow_app_log",
+    "workflow_draft_variable",
+    "workflow_run",
+    "workflow_statistic",
+    "workspace",
+]
--- a/api/controllers/console/admin.py
+++ b/api/controllers/console/admin.py
@ -3,7 +3,7 @@ from functools import wraps
 from typing import ParamSpec, TypeVar

 from flask import request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import NotFound, Unauthorized
@ -12,7 +12,7 @@ P = ParamSpec("P")
 R = TypeVar("R")
 from configs import dify_config
 from constants.languages import supported_language
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.wraps import only_edition_cloud
 from extensions.ext_database import db
 from models.model import App, InstalledApp, RecommendedApp
@ -45,7 +45,28 @@ def admin_required(view: Callable[P, R]):
    return decorated


+@console_ns.route("/admin/insert-explore-apps")
 class InsertExploreAppListApi(Resource):
+    @api.doc("insert_explore_app")
+    @api.doc(description="Insert or update an app in the explore list")
+    @api.expect(
+        api.model(
+            "InsertExploreAppRequest",
+            {
+                "app_id": fields.String(required=True, description="Application ID"),
+                "desc": fields.String(description="App description"),
+                "copyright": fields.String(description="Copyright information"),
+                "privacy_policy": fields.String(description="Privacy policy"),
+                "custom_disclaimer": fields.String(description="Custom disclaimer"),
+                "language": fields.String(required=True, description="Language code"),
+                "category": fields.String(required=True, description="App category"),
+                "position": fields.Integer(required=True, description="Display position"),
+            },
+        )
+    )
+    @api.response(200, "App updated successfully")
+    @api.response(201, "App inserted successfully")
+    @api.response(404, "App not found")
    @only_edition_cloud
    @admin_required
    def post(self):
@ -115,7 +136,12 @@ class InsertExploreAppListApi(Resource):
                return {"result": "success"}, 200


+@console_ns.route("/admin/insert-explore-apps/<uuid:app_id>")
 class InsertExploreAppApi(Resource):
+    @api.doc("delete_explore_app")
+    @api.doc(description="Remove an app from the explore list")
+    @api.doc(params={"app_id": "Application ID to remove"})
+    @api.response(204, "App removed successfully")
    @only_edition_cloud
    @admin_required
    def delete(self, app_id):
@ -152,7 +178,3 @@ class InsertExploreAppApi(Resource):
        db.session.commit()

        return {"result": "success"}, 204
-
-
-api.add_resource(InsertExploreAppListApi, "/admin/insert-explore-apps")
-api.add_resource(InsertExploreAppApi, "/admin/insert-explore-apps/<uuid:app_id>")
--- a/api/controllers/console/apikey.py
+++ b/api/controllers/console/apikey.py
@ -1,8 +1,7 @@
-from typing import Any, Optional
-
 import flask_restx
 from flask_login import current_user
 from flask_restx import Resource, fields, marshal_with
+from flask_restx._http import HTTPStatus
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden
@ -13,7 +12,7 @@ from libs.login import login_required
 from models.dataset import Dataset
 from models.model import ApiToken, App

-from . import api
+from . import api, console_ns
 from .wraps import account_initialization_required, setup_required

 api_key_fields = {
@ -40,7 +39,7 @@ def _get_resource(resource_id, tenant_id, resource_model):
            ).scalar_one_or_none()

    if resource is None:
-        flask_restx.abort(404, message=f"{resource_model.__name__} not found.")
+        flask_restx.abort(HTTPStatus.NOT_FOUND, message=f"{resource_model.__name__} not found.")

    return resource

@ -49,7 +48,7 @@ class BaseApiKeyListResource(Resource):
    method_decorators = [account_initialization_required, login_required, setup_required]

    resource_type: str | None = None
-    resource_model: Optional[Any] = None
+    resource_model: type | None = None
    resource_id_field: str | None = None
    token_prefix: str | None = None
    max_keys = 10
@ -59,11 +58,11 @@ class BaseApiKeyListResource(Resource):
        assert self.resource_id_field is not None, "resource_id_field must be set"
        resource_id = str(resource_id)
        _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)
-        keys = (
-            db.session.query(ApiToken)
-            .where(ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id)
-            .all()
-        )
+        keys = db.session.scalars(
+            select(ApiToken).where(
+                ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id
+            )
+        ).all()
        return {"items": keys}

    @marshal_with(api_key_fields)
@ -82,7 +81,7 @@ class BaseApiKeyListResource(Resource):

        if current_key_count >= self.max_keys:
            flask_restx.abort(
-                400,
+                HTTPStatus.BAD_REQUEST,
                message=f"Cannot create more than {self.max_keys} API keys for this resource type.",
                custom="max_keys_exceeded",
            )
@ -102,7 +101,7 @@ class BaseApiKeyResource(Resource):
    method_decorators = [account_initialization_required, login_required, setup_required]

    resource_type: str | None = None
-    resource_model: Optional[Any] = None
+    resource_model: type | None = None
    resource_id_field: str | None = None

    def delete(self, resource_id, api_key_id):
@ -126,7 +125,7 @@ class BaseApiKeyResource(Resource):
        )

        if key is None:
-            flask_restx.abort(404, message="API key not found")
+            flask_restx.abort(HTTPStatus.NOT_FOUND, message="API key not found")

        db.session.query(ApiToken).where(ApiToken.id == api_key_id).delete()
        db.session.commit()
@ -134,7 +133,25 @@ class BaseApiKeyResource(Resource):
        return {"result": "success"}, 204


+@console_ns.route("/apps/<uuid:resource_id>/api-keys")
 class AppApiKeyListResource(BaseApiKeyListResource):
+    @api.doc("get_app_api_keys")
+    @api.doc(description="Get all API keys for an app")
+    @api.doc(params={"resource_id": "App ID"})
+    @api.response(200, "Success", api_key_list)
+    def get(self, resource_id):
+        """Get all API keys for an app"""
+        return super().get(resource_id)
+
+    @api.doc("create_app_api_key")
+    @api.doc(description="Create a new API key for an app")
+    @api.doc(params={"resource_id": "App ID"})
+    @api.response(201, "API key created successfully", api_key_fields)
+    @api.response(400, "Maximum keys exceeded")
+    def post(self, resource_id):
+        """Create a new API key for an app"""
+        return super().post(resource_id)
+
    def after_request(self, resp):
        resp.headers["Access-Control-Allow-Origin"] = "*"
        resp.headers["Access-Control-Allow-Credentials"] = "true"
@ -146,7 +163,16 @@ class AppApiKeyListResource(BaseApiKeyListResource):
    token_prefix = "app-"


+@console_ns.route("/apps/<uuid:resource_id>/api-keys/<uuid:api_key_id>")
 class AppApiKeyResource(BaseApiKeyResource):
+    @api.doc("delete_app_api_key")
+    @api.doc(description="Delete an API key for an app")
+    @api.doc(params={"resource_id": "App ID", "api_key_id": "API key ID"})
+    @api.response(204, "API key deleted successfully")
+    def delete(self, resource_id, api_key_id):
+        """Delete an API key for an app"""
+        return super().delete(resource_id, api_key_id)
+
    def after_request(self, resp):
        resp.headers["Access-Control-Allow-Origin"] = "*"
        resp.headers["Access-Control-Allow-Credentials"] = "true"
@ -157,7 +183,25 @@ class AppApiKeyResource(BaseApiKeyResource):
    resource_id_field = "app_id"


+@console_ns.route("/datasets/<uuid:resource_id>/api-keys")
 class DatasetApiKeyListResource(BaseApiKeyListResource):
+    @api.doc("get_dataset_api_keys")
+    @api.doc(description="Get all API keys for a dataset")
+    @api.doc(params={"resource_id": "Dataset ID"})
+    @api.response(200, "Success", api_key_list)
+    def get(self, resource_id):
+        """Get all API keys for a dataset"""
+        return super().get(resource_id)
+
+    @api.doc("create_dataset_api_key")
+    @api.doc(description="Create a new API key for a dataset")
+    @api.doc(params={"resource_id": "Dataset ID"})
+    @api.response(201, "API key created successfully", api_key_fields)
+    @api.response(400, "Maximum keys exceeded")
+    def post(self, resource_id):
+        """Create a new API key for a dataset"""
+        return super().post(resource_id)
+
    def after_request(self, resp):
        resp.headers["Access-Control-Allow-Origin"] = "*"
        resp.headers["Access-Control-Allow-Credentials"] = "true"
@ -169,7 +213,16 @@ class DatasetApiKeyListResource(BaseApiKeyListResource):
    token_prefix = "ds-"


+@console_ns.route("/datasets/<uuid:resource_id>/api-keys/<uuid:api_key_id>")
 class DatasetApiKeyResource(BaseApiKeyResource):
+    @api.doc("delete_dataset_api_key")
+    @api.doc(description="Delete an API key for a dataset")
+    @api.doc(params={"resource_id": "Dataset ID", "api_key_id": "API key ID"})
+    @api.response(204, "API key deleted successfully")
+    def delete(self, resource_id, api_key_id):
+        """Delete an API key for a dataset"""
+        return super().delete(resource_id, api_key_id)
+
    def after_request(self, resp):
        resp.headers["Access-Control-Allow-Origin"] = "*"
        resp.headers["Access-Control-Allow-Credentials"] = "true"
@ -178,9 +231,3 @@ class DatasetApiKeyResource(BaseApiKeyResource):
    resource_type = "dataset"
    resource_model = Dataset
    resource_id_field = "dataset_id"
-
-
-api.add_resource(AppApiKeyListResource, "/apps/<uuid:resource_id>/api-keys")
-api.add_resource(AppApiKeyResource, "/apps/<uuid:resource_id>/api-keys/<uuid:api_key_id>")
-api.add_resource(DatasetApiKeyListResource, "/datasets/<uuid:resource_id>/api-keys")
-api.add_resource(DatasetApiKeyResource, "/datasets/<uuid:resource_id>/api-keys/<uuid:api_key_id>")
--- a/api/controllers/console/app/advanced_prompt_template.py
+++ b/api/controllers/console/app/advanced_prompt_template.py
@ -1,12 +1,26 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.login import login_required
 from services.advanced_prompt_template_service import AdvancedPromptTemplateService


+@console_ns.route("/app/prompt-templates")
 class AdvancedPromptTemplateList(Resource):
+    @api.doc("get_advanced_prompt_templates")
+    @api.doc(description="Get advanced prompt templates based on app mode and model configuration")
+    @api.expect(
+        api.parser()
+        .add_argument("app_mode", type=str, required=True, location="args", help="Application mode")
+        .add_argument("model_mode", type=str, required=True, location="args", help="Model mode")
+        .add_argument("has_context", type=str, default="true", location="args", help="Whether has context")
+        .add_argument("model_name", type=str, required=True, location="args", help="Model name")
+    )
+    @api.response(
+        200, "Prompt templates retrieved successfully", fields.List(fields.Raw(description="Prompt template data"))
+    )
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -19,6 +33,3 @@ class AdvancedPromptTemplateList(Resource):
        args = parser.parse_args()

        return AdvancedPromptTemplateService.get_prompt(args)
-
-
-api.add_resource(AdvancedPromptTemplateList, "/app/prompt-templates")
--- a/api/controllers/console/app/agent.py
+++ b/api/controllers/console/app/agent.py
@ -1,6 +1,6 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.helper import uuid_value
@ -9,7 +9,18 @@ from models.model import AppMode
 from services.agent_service import AgentService


+@console_ns.route("/apps/<uuid:app_id>/agent/logs")
 class AgentLogApi(Resource):
+    @api.doc("get_agent_logs")
+    @api.doc(description="Get agent execution logs for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("message_id", type=str, required=True, location="args", help="Message UUID")
+        .add_argument("conversation_id", type=str, required=True, location="args", help="Conversation UUID")
+    )
+    @api.response(200, "Agent logs retrieved successfully", fields.List(fields.Raw(description="Agent log entries")))
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -23,6 +34,3 @@ class AgentLogApi(Resource):
        args = parser.parse_args()

        return AgentService.get_agent_logs(app_model, args["conversation_id"], args["message_id"])
-
-
-api.add_resource(AgentLogApi, "/apps/<uuid:app_id>/agent/logs")
--- a/api/controllers/console/app/annotation.py
+++ b/api/controllers/console/app/annotation.py
@ -2,11 +2,11 @@ from typing import Literal

 from flask import request
 from flask_login import current_user
-from flask_restx import Resource, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden

 from controllers.common.errors import NoFileUploadedError, TooManyFilesError
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.wraps import (
    account_initialization_required,
    cloud_edition_billing_resource_check,
@ -21,7 +21,23 @@ from libs.login import login_required
 from services.annotation_service import AppAnnotationService


+@console_ns.route("/apps/<uuid:app_id>/annotation-reply/<string:action>")
 class AnnotationReplyActionApi(Resource):
+    @api.doc("annotation_reply_action")
+    @api.doc(description="Enable or disable annotation reply for an app")
+    @api.doc(params={"app_id": "Application ID", "action": "Action to perform (enable/disable)"})
+    @api.expect(
+        api.model(
+            "AnnotationReplyActionRequest",
+            {
+                "score_threshold": fields.Float(required=True, description="Score threshold for annotation matching"),
+                "embedding_provider_name": fields.String(required=True, description="Embedding provider name"),
+                "embedding_model_name": fields.String(required=True, description="Embedding model name"),
+            },
+        )
+    )
+    @api.response(200, "Action completed successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -43,7 +59,13 @@ class AnnotationReplyActionApi(Resource):
        return result, 200


+@console_ns.route("/apps/<uuid:app_id>/annotation-setting")
 class AppAnnotationSettingDetailApi(Resource):
+    @api.doc("get_annotation_setting")
+    @api.doc(description="Get annotation settings for an app")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Annotation settings retrieved successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -56,7 +78,23 @@ class AppAnnotationSettingDetailApi(Resource):
        return result, 200


+@console_ns.route("/apps/<uuid:app_id>/annotation-settings/<uuid:annotation_setting_id>")
 class AppAnnotationSettingUpdateApi(Resource):
+    @api.doc("update_annotation_setting")
+    @api.doc(description="Update annotation settings for an app")
+    @api.doc(params={"app_id": "Application ID", "annotation_setting_id": "Annotation setting ID"})
+    @api.expect(
+        api.model(
+            "AnnotationSettingUpdateRequest",
+            {
+                "score_threshold": fields.Float(required=True, description="Score threshold"),
+                "embedding_provider_name": fields.String(required=True, description="Embedding provider"),
+                "embedding_model_name": fields.String(required=True, description="Embedding model"),
+            },
+        )
+    )
+    @api.response(200, "Settings updated successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -75,7 +113,13 @@ class AppAnnotationSettingUpdateApi(Resource):
        return result, 200


+@console_ns.route("/apps/<uuid:app_id>/annotation-reply/<string:action>/status/<uuid:job_id>")
 class AnnotationReplyActionStatusApi(Resource):
+    @api.doc("get_annotation_reply_action_status")
+    @api.doc(description="Get status of annotation reply action job")
+    @api.doc(params={"app_id": "Application ID", "job_id": "Job ID", "action": "Action type"})
+    @api.response(200, "Job status retrieved successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -99,7 +143,19 @@ class AnnotationReplyActionStatusApi(Resource):
        return {"job_id": job_id, "job_status": job_status, "error_msg": error_msg}, 200


+@console_ns.route("/apps/<uuid:app_id>/annotations")
 class AnnotationApi(Resource):
+    @api.doc("list_annotations")
+    @api.doc(description="Get annotations for an app with pagination")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("page", type=int, location="args", default=1, help="Page number")
+        .add_argument("limit", type=int, location="args", default=20, help="Page size")
+        .add_argument("keyword", type=str, location="args", default="", help="Search keyword")
+    )
+    @api.response(200, "Annotations retrieved successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -122,6 +178,21 @@ class AnnotationApi(Resource):
        }
        return response, 200

+    @api.doc("create_annotation")
+    @api.doc(description="Create a new annotation for an app")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "CreateAnnotationRequest",
+            {
+                "question": fields.String(required=True, description="Question text"),
+                "answer": fields.String(required=True, description="Answer text"),
+                "annotation_reply": fields.Raw(description="Annotation reply data"),
+            },
+        )
+    )
+    @api.response(201, "Annotation created successfully", annotation_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -168,7 +239,13 @@ class AnnotationApi(Resource):
            return {"result": "success"}, 204


+@console_ns.route("/apps/<uuid:app_id>/annotations/export")
 class AnnotationExportApi(Resource):
+    @api.doc("export_annotations")
+    @api.doc(description="Export all annotations for an app")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Annotations exported successfully", fields.List(fields.Nested(annotation_fields)))
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -182,7 +259,14 @@ class AnnotationExportApi(Resource):
        return response, 200


+@console_ns.route("/apps/<uuid:app_id>/annotations/<uuid:annotation_id>")
 class AnnotationUpdateDeleteApi(Resource):
+    @api.doc("update_delete_annotation")
+    @api.doc(description="Update or delete an annotation")
+    @api.doc(params={"app_id": "Application ID", "annotation_id": "Annotation ID"})
+    @api.response(200, "Annotation updated successfully", annotation_fields)
+    @api.response(204, "Annotation deleted successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -214,7 +298,14 @@ class AnnotationUpdateDeleteApi(Resource):
        return {"result": "success"}, 204


+@console_ns.route("/apps/<uuid:app_id>/annotations/batch-import")
 class AnnotationBatchImportApi(Resource):
+    @api.doc("batch_import_annotations")
+    @api.doc(description="Batch import annotations from CSV file")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Batch import started successfully")
+    @api.response(403, "Insufficient permissions")
+    @api.response(400, "No file uploaded or too many files")
    @setup_required
    @login_required
    @account_initialization_required
@ -239,7 +330,13 @@ class AnnotationBatchImportApi(Resource):
        return AppAnnotationService.batch_import_app_annotations(app_id, file)


+@console_ns.route("/apps/<uuid:app_id>/annotations/batch-import-status/<uuid:job_id>")
 class AnnotationBatchImportStatusApi(Resource):
+    @api.doc("get_batch_import_status")
+    @api.doc(description="Get status of batch import job")
+    @api.doc(params={"app_id": "Application ID", "job_id": "Job ID"})
+    @api.response(200, "Job status retrieved successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -262,7 +359,20 @@ class AnnotationBatchImportStatusApi(Resource):
        return {"job_id": job_id, "job_status": job_status, "error_msg": error_msg}, 200


+@console_ns.route("/apps/<uuid:app_id>/annotations/<uuid:annotation_id>/hit-histories")
 class AnnotationHitHistoryListApi(Resource):
+    @api.doc("list_annotation_hit_histories")
+    @api.doc(description="Get hit histories for an annotation")
+    @api.doc(params={"app_id": "Application ID", "annotation_id": "Annotation ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("page", type=int, location="args", default=1, help="Page number")
+        .add_argument("limit", type=int, location="args", default=20, help="Page size")
+    )
+    @api.response(
+        200, "Hit histories retrieved successfully", fields.List(fields.Nested(annotation_hit_history_fields))
+    )
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -285,17 +395,3 @@ class AnnotationHitHistoryListApi(Resource):
            "page": page,
        }
        return response
-
-
-api.add_resource(AnnotationReplyActionApi, "/apps/<uuid:app_id>/annotation-reply/<string:action>")
-api.add_resource(
-    AnnotationReplyActionStatusApi, "/apps/<uuid:app_id>/annotation-reply/<string:action>/status/<uuid:job_id>"
-)
-api.add_resource(AnnotationApi, "/apps/<uuid:app_id>/annotations")
-api.add_resource(AnnotationExportApi, "/apps/<uuid:app_id>/annotations/export")
-api.add_resource(AnnotationUpdateDeleteApi, "/apps/<uuid:app_id>/annotations/<uuid:annotation_id>")
-api.add_resource(AnnotationBatchImportApi, "/apps/<uuid:app_id>/annotations/batch-import")
-api.add_resource(AnnotationBatchImportStatusApi, "/apps/<uuid:app_id>/annotations/batch-import-status/<uuid:job_id>")
-api.add_resource(AnnotationHitHistoryListApi, "/apps/<uuid:app_id>/annotations/<uuid:annotation_id>/hit-histories")
-api.add_resource(AppAnnotationSettingDetailApi, "/apps/<uuid:app_id>/annotation-setting")
-api.add_resource(AppAnnotationSettingUpdateApi, "/apps/<uuid:app_id>/annotation-settings/<uuid:annotation_setting_id>")
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@ -2,12 +2,12 @@ import uuid
 from typing import cast

 from flask_login import current_user
-from flask_restx import Resource, inputs, marshal, marshal_with, reqparse
+from flask_restx import Resource, fields, inputs, marshal, marshal_with, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import BadRequest, Forbidden, abort

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
    account_initialization_required,
@ -19,6 +19,7 @@ from core.ops.ops_trace_manager import OpsTraceManager
 from extensions.ext_database import db
 from fields.app_fields import app_detail_fields, app_detail_fields_with_site, app_pagination_fields
 from libs.login import login_required
+from libs.validators import validate_description_length
 from models import Account, App
 from services.app_dsl_service import AppDslService, ImportMode
 from services.app_service import AppService
@ -28,13 +29,27 @@ from services.feature_service import FeatureService
 ALLOW_CREATE_APP_MODES = ["chat", "agent-chat", "advanced-chat", "workflow", "completion"]


-def _validate_description_length(description):
-    if description and len(description) > 400:
-        raise ValueError("Description cannot exceed 400 characters.")
-    return description
-
-
+@console_ns.route("/apps")
 class AppListApi(Resource):
+    @api.doc("list_apps")
+    @api.doc(description="Get list of applications with pagination and filtering")
+    @api.expect(
+        api.parser()
+        .add_argument("page", type=int, location="args", help="Page number (1-99999)", default=1)
+        .add_argument("limit", type=int, location="args", help="Page size (1-100)", default=20)
+        .add_argument(
+            "mode",
+            type=str,
+            location="args",
+            choices=["completion", "chat", "advanced-chat", "workflow", "agent-chat", "channel", "all"],
+            default="all",
+            help="App mode filter",
+        )
+        .add_argument("name", type=str, location="args", help="Filter by app name")
+        .add_argument("tag_ids", type=str, location="args", help="Comma-separated tag IDs")
+        .add_argument("is_created_by_me", type=bool, location="args", help="Filter by creator")
+    )
+    @api.response(200, "Success", app_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -91,6 +106,24 @@ class AppListApi(Resource):

        return marshal(app_pagination, app_pagination_fields), 200

+    @api.doc("create_app")
+    @api.doc(description="Create a new application")
+    @api.expect(
+        api.model(
+            "CreateAppRequest",
+            {
+                "name": fields.String(required=True, description="App name"),
+                "description": fields.String(description="App description (max 400 chars)"),
+                "mode": fields.String(required=True, enum=ALLOW_CREATE_APP_MODES, description="App mode"),
+                "icon_type": fields.String(description="Icon type"),
+                "icon": fields.String(description="Icon"),
+                "icon_background": fields.String(description="Icon background color"),
+            },
+        )
+    )
+    @api.response(201, "App created successfully", app_detail_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -100,7 +133,7 @@ class AppListApi(Resource):
        """Create app"""
        parser = reqparse.RequestParser()
        parser.add_argument("name", type=str, required=True, location="json")
-        parser.add_argument("description", type=_validate_description_length, location="json")
+        parser.add_argument("description", type=validate_description_length, location="json")
        parser.add_argument("mode", type=str, choices=ALLOW_CREATE_APP_MODES, location="json")
        parser.add_argument("icon_type", type=str, location="json")
        parser.add_argument("icon", type=str, location="json")
@ -115,12 +148,21 @@ class AppListApi(Resource):
            raise BadRequest("mode is required")

        app_service = AppService()
+        if not isinstance(current_user, Account):
+            raise ValueError("current_user must be an Account instance")
+        if current_user.current_tenant_id is None:
+            raise ValueError("current_user.current_tenant_id cannot be None")
        app = app_service.create_app(current_user.current_tenant_id, args, current_user)

        return app, 201


+@console_ns.route("/apps/<uuid:app_id>")
 class AppApi(Resource):
+    @api.doc("get_app_detail")
+    @api.doc(description="Get application details")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Success", app_detail_fields_with_site)
    @setup_required
    @login_required
    @account_initialization_required
@ -139,6 +181,26 @@ class AppApi(Resource):

        return app_model

+    @api.doc("update_app")
+    @api.doc(description="Update application details")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "UpdateAppRequest",
+            {
+                "name": fields.String(required=True, description="App name"),
+                "description": fields.String(description="App description (max 400 chars)"),
+                "icon_type": fields.String(description="Icon type"),
+                "icon": fields.String(description="Icon"),
+                "icon_background": fields.String(description="Icon background color"),
+                "use_icon_as_answer_icon": fields.Boolean(description="Use icon as answer icon"),
+                "max_active_requests": fields.Integer(description="Maximum active requests"),
+            },
+        )
+    )
+    @api.response(200, "App updated successfully", app_detail_fields_with_site)
+    @api.response(403, "Insufficient permissions")
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -152,7 +214,7 @@ class AppApi(Resource):

        parser = reqparse.RequestParser()
        parser.add_argument("name", type=str, required=True, nullable=False, location="json")
-        parser.add_argument("description", type=_validate_description_length, location="json")
+        parser.add_argument("description", type=validate_description_length, location="json")
        parser.add_argument("icon_type", type=str, location="json")
        parser.add_argument("icon", type=str, location="json")
        parser.add_argument("icon_background", type=str, location="json")
@ -161,14 +223,31 @@ class AppApi(Resource):
        args = parser.parse_args()

        app_service = AppService()
-        app_model = app_service.update_app(app_model, args)
+        # Construct ArgsDict from parsed arguments
+        from services.app_service import AppService as AppServiceType
+
+        args_dict: AppServiceType.ArgsDict = {
+            "name": args["name"],
+            "description": args.get("description", ""),
+            "icon_type": args.get("icon_type", ""),
+            "icon": args.get("icon", ""),
+            "icon_background": args.get("icon_background", ""),
+            "use_icon_as_answer_icon": args.get("use_icon_as_answer_icon", False),
+            "max_active_requests": args.get("max_active_requests", 0),
+        }
+        app_model = app_service.update_app(app_model, args_dict)

        return app_model

+    @api.doc("delete_app")
+    @api.doc(description="Delete application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(204, "App deleted successfully")
+    @api.response(403, "Insufficient permissions")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def delete(self, app_model):
        """Delete app"""
        # The role of the current user in the ta table must be admin, owner, or editor
@ -181,7 +260,25 @@ class AppApi(Resource):
        return {"result": "success"}, 204


+@console_ns.route("/apps/<uuid:app_id>/copy")
 class AppCopyApi(Resource):
+    @api.doc("copy_app")
+    @api.doc(description="Create a copy of an existing application")
+    @api.doc(params={"app_id": "Application ID to copy"})
+    @api.expect(
+        api.model(
+            "CopyAppRequest",
+            {
+                "name": fields.String(description="Name for the copied app"),
+                "description": fields.String(description="Description for the copied app"),
+                "icon_type": fields.String(description="Icon type"),
+                "icon": fields.String(description="Icon"),
+                "icon_background": fields.String(description="Icon background color"),
+            },
+        )
+    )
+    @api.response(201, "App copied successfully", app_detail_fields_with_site)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -195,7 +292,7 @@ class AppCopyApi(Resource):

        parser = reqparse.RequestParser()
        parser.add_argument("name", type=str, location="json")
-        parser.add_argument("description", type=_validate_description_length, location="json")
+        parser.add_argument("description", type=validate_description_length, location="json")
        parser.add_argument("icon_type", type=str, location="json")
        parser.add_argument("icon", type=str, location="json")
        parser.add_argument("icon_background", type=str, location="json")
@ -223,11 +320,26 @@ class AppCopyApi(Resource):
        return app, 201


+@console_ns.route("/apps/<uuid:app_id>/export")
 class AppExportApi(Resource):
+    @api.doc("export_app")
+    @api.doc(description="Export application configuration as DSL")
+    @api.doc(params={"app_id": "Application ID to export"})
+    @api.expect(
+        api.parser()
+        .add_argument("include_secret", type=bool, location="args", default=False, help="Include secrets in export")
+        .add_argument("workflow_id", type=str, location="args", help="Specific workflow ID to export")
+    )
+    @api.response(
+        200,
+        "App exported successfully",
+        api.model("AppExportResponse", {"data": fields.String(description="DSL export data")}),
+    )
+    @api.response(403, "Insufficient permissions")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        """Export app"""
        # The role of the current user in the ta table must be admin, owner, or editor
@ -247,7 +359,13 @@ class AppExportApi(Resource):
        }


+@console_ns.route("/apps/<uuid:app_id>/name")
 class AppNameApi(Resource):
+    @api.doc("check_app_name")
+    @api.doc(description="Check if app name is available")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(api.parser().add_argument("name", type=str, required=True, location="args", help="Name to check"))
+    @api.response(200, "Name availability checked")
    @setup_required
    @login_required
    @account_initialization_required
@ -263,12 +381,28 @@ class AppNameApi(Resource):
        args = parser.parse_args()

        app_service = AppService()
-        app_model = app_service.update_app_name(app_model, args.get("name"))
+        app_model = app_service.update_app_name(app_model, args["name"])

        return app_model


+@console_ns.route("/apps/<uuid:app_id>/icon")
 class AppIconApi(Resource):
+    @api.doc("update_app_icon")
+    @api.doc(description="Update application icon")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AppIconRequest",
+            {
+                "icon": fields.String(required=True, description="Icon data"),
+                "icon_type": fields.String(description="Icon type"),
+                "icon_background": fields.String(description="Icon background color"),
+            },
+        )
+    )
+    @api.response(200, "Icon updated successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -285,12 +419,23 @@ class AppIconApi(Resource):
        args = parser.parse_args()

        app_service = AppService()
-        app_model = app_service.update_app_icon(app_model, args.get("icon"), args.get("icon_background"))
+        app_model = app_service.update_app_icon(app_model, args.get("icon") or "", args.get("icon_background") or "")

        return app_model


+@console_ns.route("/apps/<uuid:app_id>/site-enable")
 class AppSiteStatus(Resource):
+    @api.doc("update_app_site_status")
+    @api.doc(description="Enable or disable app site")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AppSiteStatusRequest", {"enable_site": fields.Boolean(required=True, description="Enable or disable site")}
+        )
+    )
+    @api.response(200, "Site status updated successfully", app_detail_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -306,12 +451,23 @@ class AppSiteStatus(Resource):
        args = parser.parse_args()

        app_service = AppService()
-        app_model = app_service.update_app_site_status(app_model, args.get("enable_site"))
+        app_model = app_service.update_app_site_status(app_model, args["enable_site"])

        return app_model


+@console_ns.route("/apps/<uuid:app_id>/api-enable")
 class AppApiStatus(Resource):
+    @api.doc("update_app_api_status")
+    @api.doc(description="Enable or disable app API")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AppApiStatusRequest", {"enable_api": fields.Boolean(required=True, description="Enable or disable API")}
+        )
+    )
+    @api.response(200, "API status updated successfully", app_detail_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -327,12 +483,17 @@ class AppApiStatus(Resource):
        args = parser.parse_args()

        app_service = AppService()
-        app_model = app_service.update_app_api_status(app_model, args.get("enable_api"))
+        app_model = app_service.update_app_api_status(app_model, args["enable_api"])

        return app_model


+@console_ns.route("/apps/<uuid:app_id>/trace")
 class AppTraceApi(Resource):
+    @api.doc("get_app_trace")
+    @api.doc(description="Get app tracing configuration")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Trace configuration retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -342,6 +503,20 @@ class AppTraceApi(Resource):

        return app_trace_config

+    @api.doc("update_app_trace")
+    @api.doc(description="Update app tracing configuration")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AppTraceRequest",
+            {
+                "enabled": fields.Boolean(required=True, description="Enable or disable tracing"),
+                "tracing_provider": fields.String(required=True, description="Tracing provider"),
+            },
+        )
+    )
+    @api.response(200, "Trace configuration updated successfully")
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -361,14 +536,3 @@ class AppTraceApi(Resource):
        )

        return {"result": "success"}
-
-
-api.add_resource(AppListApi, "/apps")
-api.add_resource(AppApi, "/apps/<uuid:app_id>")
-api.add_resource(AppCopyApi, "/apps/<uuid:app_id>/copy")
-api.add_resource(AppExportApi, "/apps/<uuid:app_id>/export")
-api.add_resource(AppNameApi, "/apps/<uuid:app_id>/name")
-api.add_resource(AppIconApi, "/apps/<uuid:app_id>/icon")
-api.add_resource(AppSiteStatus, "/apps/<uuid:app_id>/site-enable")
-api.add_resource(AppApiStatus, "/apps/<uuid:app_id>/api-enable")
-api.add_resource(AppTraceApi, "/apps/<uuid:app_id>/trace")
--- a/api/controllers/console/app/app_import.py
+++ b/api/controllers/console/app/app_import.py
@ -20,7 +20,10 @@ from services.app_dsl_service import AppDslService, ImportStatus
 from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService

+from .. import console_ns

+
+@console_ns.route("/apps/imports")
 class AppImportApi(Resource):
    @setup_required
    @login_required
@ -74,6 +77,7 @@ class AppImportApi(Resource):
        return result.model_dump(mode="json"), 200


+@console_ns.route("/apps/imports/<string:import_id>/confirm")
 class AppImportConfirmApi(Resource):
    @setup_required
    @login_required
@ -98,6 +102,7 @@ class AppImportConfirmApi(Resource):
        return result.model_dump(mode="json"), 200


+@console_ns.route("/apps/imports/<string:app_id>/check-dependencies")
 class AppImportCheckDependenciesApi(Resource):
    @setup_required
    @login_required
--- a/api/controllers/console/app/audio.py
+++ b/api/controllers/console/app/audio.py
@ -1,11 +1,11 @@
 import logging

 from flask import request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
 from werkzeug.exceptions import InternalServerError

 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    AppUnavailableError,
    AudioTooLargeError,
@ -34,7 +34,18 @@ from services.errors.audio import (
 logger = logging.getLogger(__name__)


+@console_ns.route("/apps/<uuid:app_id>/audio-to-text")
 class ChatMessageAudioApi(Resource):
+    @api.doc("chat_message_audio_transcript")
+    @api.doc(description="Transcript audio to text for chat messages")
+    @api.doc(params={"app_id": "App ID"})
+    @api.response(
+        200,
+        "Audio transcription successful",
+        api.model("AudioTranscriptResponse", {"text": fields.String(description="Transcribed text from audio")}),
+    )
+    @api.response(400, "Bad request - No audio uploaded or unsupported type")
+    @api.response(413, "Audio file too large")
    @setup_required
    @login_required
    @account_initialization_required
@ -76,11 +87,28 @@ class ChatMessageAudioApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/text-to-audio")
 class ChatMessageTextApi(Resource):
+    @api.doc("chat_message_text_to_speech")
+    @api.doc(description="Convert text to speech for chat messages")
+    @api.doc(params={"app_id": "App ID"})
+    @api.expect(
+        api.model(
+            "TextToSpeechRequest",
+            {
+                "message_id": fields.String(description="Message ID"),
+                "text": fields.String(required=True, description="Text to convert to speech"),
+                "voice": fields.String(description="Voice to use for TTS"),
+                "streaming": fields.Boolean(description="Whether to stream the audio"),
+            },
+        )
+    )
+    @api.response(200, "Text to speech conversion successful")
+    @api.response(400, "Bad request - Invalid parameters")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def post(self, app_model: App):
        try:
            parser = reqparse.RequestParser()
@ -124,11 +152,18 @@ class ChatMessageTextApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/text-to-audio/voices")
 class TextModesApi(Resource):
+    @api.doc("get_text_to_speech_voices")
+    @api.doc(description="Get available TTS voices for a specific language")
+    @api.doc(params={"app_id": "App ID"})
+    @api.expect(api.parser().add_argument("language", type=str, required=True, location="args", help="Language code"))
+    @api.response(200, "TTS voices retrieved successfully", fields.List(fields.Raw(description="Available voices")))
+    @api.response(400, "Invalid language parameter")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        try:
            parser = reqparse.RequestParser()
@ -164,8 +199,3 @@ class TextModesApi(Resource):
        except Exception as e:
            logger.exception("Failed to handle get request to TextModesApi")
            raise InternalServerError()
-
-
-api.add_resource(ChatMessageAudioApi, "/apps/<uuid:app_id>/audio-to-text")
-api.add_resource(ChatMessageTextApi, "/apps/<uuid:app_id>/text-to-audio")
-api.add_resource(TextModesApi, "/apps/<uuid:app_id>/text-to-audio/voices")
--- a/api/controllers/console/app/completion.py
+++ b/api/controllers/console/app/completion.py
@ -1,12 +1,11 @@
 import logging

-import flask_login
 from flask import request
-from flask_restx import Resource, reqparse
-from werkzeug.exceptions import InternalServerError, NotFound
+from flask_restx import Resource, fields, reqparse
+from werkzeug.exceptions import Forbidden, InternalServerError, NotFound

 import services
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    AppUnavailableError,
    CompletionRequestError,
@ -29,7 +28,8 @@ from core.helper.trace_id_helper import get_external_trace_id
 from core.model_runtime.errors.invoke import InvokeError
 from libs import helper
 from libs.helper import uuid_value
-from libs.login import login_required
+from libs.login import current_user, login_required
+from models import Account
 from models.model import AppMode
 from services.app_generate_service import AppGenerateService
 from services.errors.llm import InvokeRateLimitError
@ -38,7 +38,27 @@ logger = logging.getLogger(__name__)


 # define completion message api for user
+@console_ns.route("/apps/<uuid:app_id>/completion-messages")
 class CompletionMessageApi(Resource):
+    @api.doc("create_completion_message")
+    @api.doc(description="Generate completion message for debugging")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "CompletionMessageRequest",
+            {
+                "inputs": fields.Raw(required=True, description="Input variables"),
+                "query": fields.String(description="Query text", default=""),
+                "files": fields.List(fields.Raw(), description="Uploaded files"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+                "response_mode": fields.String(enum=["blocking", "streaming"], description="Response mode"),
+                "retriever_from": fields.String(default="dev", description="Retriever source"),
+            },
+        )
+    )
+    @api.response(200, "Completion generated successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -56,11 +76,11 @@ class CompletionMessageApi(Resource):
        streaming = args["response_mode"] != "blocking"
        args["auto_generate_name"] = False

-        account = flask_login.current_user
-
        try:
+            if not isinstance(current_user, Account):
+                raise ValueError("current_user must be an Account or EndUser instance")
            response = AppGenerateService.generate(
-                app_model=app_model, user=account, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
+                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
            )

            return helper.compact_generate_response(response)
@ -86,25 +106,58 @@ class CompletionMessageApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/completion-messages/<string:task_id>/stop")
 class CompletionMessageStopApi(Resource):
+    @api.doc("stop_completion_message")
+    @api.doc(description="Stop a running completion message generation")
+    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID to stop"})
+    @api.response(200, "Task stopped successfully")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=AppMode.COMPLETION)
    def post(self, app_model, task_id):
-        account = flask_login.current_user
-
-        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, account.id)
+        if not isinstance(current_user, Account):
+            raise ValueError("current_user must be an Account instance")
+        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, current_user.id)

        return {"result": "success"}, 200


+@console_ns.route("/apps/<uuid:app_id>/chat-messages")
 class ChatMessageApi(Resource):
+    @api.doc("create_chat_message")
+    @api.doc(description="Generate chat message for debugging")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "ChatMessageRequest",
+            {
+                "inputs": fields.Raw(required=True, description="Input variables"),
+                "query": fields.String(required=True, description="User query"),
+                "files": fields.List(fields.Raw(), description="Uploaded files"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+                "conversation_id": fields.String(description="Conversation ID"),
+                "parent_message_id": fields.String(description="Parent message ID"),
+                "response_mode": fields.String(enum=["blocking", "streaming"], description="Response mode"),
+                "retriever_from": fields.String(default="dev", description="Retriever source"),
+            },
+        )
+    )
+    @api.response(200, "Chat message generated successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(404, "App or conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT])
    def post(self, app_model):
+        if not isinstance(current_user, Account):
+            raise Forbidden()
+
+        if not current_user.has_edit_permission:
+            raise Forbidden()
+
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, required=True, location="json")
        parser.add_argument("query", type=str, required=True, location="json")
@ -123,11 +176,11 @@ class ChatMessageApi(Resource):
        if external_trace_id:
            args["external_trace_id"] = external_trace_id

-        account = flask_login.current_user
-
        try:
+            if not isinstance(current_user, Account):
+                raise ValueError("current_user must be an Account or EndUser instance")
            response = AppGenerateService.generate(
-                app_model=app_model, user=account, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
+                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
            )

            return helper.compact_generate_response(response)
@ -155,20 +208,19 @@ class ChatMessageApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
 class ChatMessageStopApi(Resource):
+    @api.doc("stop_chat_message")
+    @api.doc(description="Stop a running chat message generation")
+    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID to stop"})
+    @api.response(200, "Task stopped successfully")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    def post(self, app_model, task_id):
-        account = flask_login.current_user
-
-        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, account.id)
+        if not isinstance(current_user, Account):
+            raise ValueError("current_user must be an Account instance")
+        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, current_user.id)

        return {"result": "success"}, 200
-
-
-api.add_resource(CompletionMessageApi, "/apps/<uuid:app_id>/completion-messages")
-api.add_resource(CompletionMessageStopApi, "/apps/<uuid:app_id>/completion-messages/<string:task_id>/stop")
-api.add_resource(ChatMessageApi, "/apps/<uuid:app_id>/chat-messages")
-api.add_resource(ChatMessageStopApi, "/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@ -1,6 +1,7 @@
 from datetime import datetime

 import pytz  # pip install pytz
+import sqlalchemy as sa
 from flask_login import current_user
 from flask_restx import Resource, marshal_with, reqparse
 from flask_restx.inputs import int_range
@ -8,7 +9,7 @@ from sqlalchemy import func, or_
 from sqlalchemy.orm import joinedload
 from werkzeug.exceptions import Forbidden, NotFound

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -22,13 +23,35 @@ from fields.conversation_fields import (
 from libs.datetime_utils import naive_utc_now
 from libs.helper import DatetimeString
 from libs.login import login_required
-from models import Conversation, EndUser, Message, MessageAnnotation
+from models import Account, Conversation, EndUser, Message, MessageAnnotation
 from models.model import AppMode
 from services.conversation_service import ConversationService
 from services.errors.conversation import ConversationNotExistsError


+@console_ns.route("/apps/<uuid:app_id>/completion-conversations")
 class CompletionConversationApi(Resource):
+    @api.doc("list_completion_conversations")
+    @api.doc(description="Get completion conversations with pagination and filtering")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("keyword", type=str, location="args", help="Search keyword")
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+        .add_argument(
+            "annotation_status",
+            type=str,
+            location="args",
+            choices=["annotated", "not_annotated", "all"],
+            default="all",
+            help="Annotation status filter",
+        )
+        .add_argument("page", type=int, location="args", default=1, help="Page number")
+        .add_argument("limit", type=int, location="args", default=20, help="Page size (1-100)")
+    )
+    @api.response(200, "Success", conversation_pagination_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -48,7 +71,7 @@ class CompletionConversationApi(Resource):
        parser.add_argument("limit", type=int_range(1, 100), default=20, location="args")
        args = parser.parse_args()

-        query = db.select(Conversation).where(
+        query = sa.select(Conversation).where(
            Conversation.app_id == app_model.id, Conversation.mode == "completion", Conversation.is_deleted.is_(False)
        )

@ -101,7 +124,14 @@ class CompletionConversationApi(Resource):
        return conversations


+@console_ns.route("/apps/<uuid:app_id>/completion-conversations/<uuid:conversation_id>")
 class CompletionConversationDetailApi(Resource):
+    @api.doc("get_completion_conversation")
+    @api.doc(description="Get completion conversation details with messages")
+    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
+    @api.response(200, "Success", conversation_message_detail_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -114,6 +144,12 @@ class CompletionConversationDetailApi(Resource):

        return _get_conversation(app_model, conversation_id)

+    @api.doc("delete_completion_conversation")
+    @api.doc(description="Delete a completion conversation")
+    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
+    @api.response(204, "Conversation deleted successfully")
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -124,6 +160,8 @@ class CompletionConversationDetailApi(Resource):
        conversation_id = str(conversation_id)

        try:
+            if not isinstance(current_user, Account):
+                raise ValueError("current_user must be an Account instance")
            ConversationService.delete(app_model, conversation_id, current_user)
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
@ -131,7 +169,38 @@ class CompletionConversationDetailApi(Resource):
        return {"result": "success"}, 204


+@console_ns.route("/apps/<uuid:app_id>/chat-conversations")
 class ChatConversationApi(Resource):
+    @api.doc("list_chat_conversations")
+    @api.doc(description="Get chat conversations with pagination, filtering and summary")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("keyword", type=str, location="args", help="Search keyword")
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+        .add_argument(
+            "annotation_status",
+            type=str,
+            location="args",
+            choices=["annotated", "not_annotated", "all"],
+            default="all",
+            help="Annotation status filter",
+        )
+        .add_argument("message_count_gte", type=int, location="args", help="Minimum message count")
+        .add_argument("page", type=int, location="args", default=1, help="Page number")
+        .add_argument("limit", type=int, location="args", default=20, help="Page size (1-100)")
+        .add_argument(
+            "sort_by",
+            type=str,
+            location="args",
+            choices=["created_at", "-created_at", "updated_at", "-updated_at"],
+            default="-updated_at",
+            help="Sort field and direction",
+        )
+    )
+    @api.response(200, "Success", conversation_with_summary_pagination_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -168,7 +237,7 @@ class ChatConversationApi(Resource):
            .subquery()
        )

-        query = db.select(Conversation).where(Conversation.app_id == app_model.id, Conversation.is_deleted.is_(False))
+        query = sa.select(Conversation).where(Conversation.app_id == app_model.id, Conversation.is_deleted.is_(False))

        if args["keyword"]:
            keyword_filter = f"%{args['keyword']}%"
@ -239,7 +308,7 @@ class ChatConversationApi(Resource):
                .having(func.count(Message.id) >= args["message_count_gte"])
            )

-        if app_model.mode == AppMode.ADVANCED_CHAT.value:
+        if app_model.mode == AppMode.ADVANCED_CHAT:
            query = query.where(Conversation.invoke_from != InvokeFrom.DEBUGGER.value)

        match args["sort_by"]:
@ -259,7 +328,14 @@ class ChatConversationApi(Resource):
        return conversations


+@console_ns.route("/apps/<uuid:app_id>/chat-conversations/<uuid:conversation_id>")
 class ChatConversationDetailApi(Resource):
+    @api.doc("get_chat_conversation")
+    @api.doc(description="Get chat conversation details")
+    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
+    @api.response(200, "Success", conversation_detail_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -272,6 +348,12 @@ class ChatConversationDetailApi(Resource):

        return _get_conversation(app_model, conversation_id)

+    @api.doc("delete_chat_conversation")
+    @api.doc(description="Delete a chat conversation")
+    @api.doc(params={"app_id": "Application ID", "conversation_id": "Conversation ID"})
+    @api.response(204, "Conversation deleted successfully")
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
@ -282,6 +364,8 @@ class ChatConversationDetailApi(Resource):
        conversation_id = str(conversation_id)

        try:
+            if not isinstance(current_user, Account):
+                raise ValueError("current_user must be an Account instance")
            ConversationService.delete(app_model, conversation_id, current_user)
        except ConversationNotExistsError:
            raise NotFound("Conversation Not Exists.")
@ -289,12 +373,6 @@ class ChatConversationDetailApi(Resource):
        return {"result": "success"}, 204


-api.add_resource(CompletionConversationApi, "/apps/<uuid:app_id>/completion-conversations")
-api.add_resource(CompletionConversationDetailApi, "/apps/<uuid:app_id>/completion-conversations/<uuid:conversation_id>")
-api.add_resource(ChatConversationApi, "/apps/<uuid:app_id>/chat-conversations")
-api.add_resource(ChatConversationDetailApi, "/apps/<uuid:app_id>/chat-conversations/<uuid:conversation_id>")
-
-
 def _get_conversation(app_model, conversation_id):
    conversation = (
        db.session.query(Conversation)
--- a/api/controllers/console/app/conversation_variables.py
+++ b/api/controllers/console/app/conversation_variables.py
@ -2,7 +2,7 @@ from flask_restx import Resource, marshal_with, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -12,7 +12,17 @@ from models import ConversationVariable
 from models.model import AppMode


+@console_ns.route("/apps/<uuid:app_id>/conversation-variables")
 class ConversationVariablesApi(Resource):
+    @api.doc("get_conversation_variables")
+    @api.doc(description="Get conversation variables for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser().add_argument(
+            "conversation_id", type=str, location="args", help="Conversation ID to filter variables"
+        )
+    )
+    @api.response(200, "Conversation variables retrieved successfully", paginated_conversation_variable_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -55,6 +65,3 @@ class ConversationVariablesApi(Resource):
                for row in rows
            ],
        }
-
-
-api.add_resource(ConversationVariablesApi, "/apps/<uuid:app_id>/conversation-variables")
--- a/api/controllers/console/app/generator.py
+++ b/api/controllers/console/app/generator.py
@ -1,9 +1,9 @@
 from collections.abc import Sequence

 from flask_login import current_user
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
@ -16,10 +16,29 @@ from core.helper.code_executor.javascript.javascript_code_provider import Javasc
 from core.helper.code_executor.python3.python3_code_provider import Python3CodeProvider
 from core.llm_generator.llm_generator import LLMGenerator
 from core.model_runtime.errors.invoke import InvokeError
+from extensions.ext_database import db
 from libs.login import login_required
+from models import App
+from services.workflow_service import WorkflowService


+@console_ns.route("/rule-generate")
 class RuleGenerateApi(Resource):
+    @api.doc("generate_rule_config")
+    @api.doc(description="Generate rule configuration using LLM")
+    @api.expect(
+        api.model(
+            "RuleGenerateRequest",
+            {
+                "instruction": fields.String(required=True, description="Rule generation instruction"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+                "no_variable": fields.Boolean(required=True, default=False, description="Whether to exclude variables"),
+            },
+        )
+    )
+    @api.response(200, "Rule configuration generated successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -50,7 +69,26 @@ class RuleGenerateApi(Resource):
        return rules


+@console_ns.route("/rule-code-generate")
 class RuleCodeGenerateApi(Resource):
+    @api.doc("generate_rule_code")
+    @api.doc(description="Generate code rules using LLM")
+    @api.expect(
+        api.model(
+            "RuleCodeGenerateRequest",
+            {
+                "instruction": fields.String(required=True, description="Code generation instruction"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+                "no_variable": fields.Boolean(required=True, default=False, description="Whether to exclude variables"),
+                "code_language": fields.String(
+                    default="javascript", description="Programming language for code generation"
+                ),
+            },
+        )
+    )
+    @api.response(200, "Code rules generated successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -82,7 +120,22 @@ class RuleCodeGenerateApi(Resource):
        return code_result


+@console_ns.route("/rule-structured-output-generate")
 class RuleStructuredOutputGenerateApi(Resource):
+    @api.doc("generate_structured_output")
+    @api.doc(description="Generate structured output rules using LLM")
+    @api.expect(
+        api.model(
+            "StructuredOutputGenerateRequest",
+            {
+                "instruction": fields.String(required=True, description="Structured output generation instruction"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+            },
+        )
+    )
+    @api.response(200, "Structured output generated successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -111,7 +164,27 @@ class RuleStructuredOutputGenerateApi(Resource):
        return structured_output


+@console_ns.route("/instruction-generate")
 class InstructionGenerateApi(Resource):
+    @api.doc("generate_instruction")
+    @api.doc(description="Generate instruction for workflow nodes or general use")
+    @api.expect(
+        api.model(
+            "InstructionGenerateRequest",
+            {
+                "flow_id": fields.String(required=True, description="Workflow/Flow ID"),
+                "node_id": fields.String(description="Node ID for workflow context"),
+                "current": fields.String(description="Current instruction text"),
+                "language": fields.String(default="javascript", description="Programming language (javascript/python)"),
+                "instruction": fields.String(required=True, description="Instruction for generation"),
+                "model_config": fields.Raw(required=True, description="Model configuration"),
+                "ideal_output": fields.String(description="Expected ideal output"),
+            },
+        )
+    )
+    @api.response(200, "Instruction generated successfully")
+    @api.response(400, "Invalid request parameters or flow/workflow not found")
+    @api.response(402, "Provider quota exceeded")
    @setup_required
    @login_required
    @account_initialization_required
@ -135,9 +208,6 @@ class InstructionGenerateApi(Resource):
        try:
            # Generate from nothing for a workflow node
            if (args["current"] == code_template or args["current"] == "") and args["node_id"] != "":
-                from models import App, db
-                from services.workflow_service import WorkflowService
-
                app = db.session.query(App).where(App.id == args["flow_id"]).first()
                if not app:
                    return {"error": f"app {args['flow_id']} not found"}, 400
@ -191,6 +261,7 @@ class InstructionGenerateApi(Resource):
                    instruction=args["instruction"],
                    model_config=args["model_config"],
                    ideal_output=args["ideal_output"],
+                    workflow_service=WorkflowService(),
                )
            return {"error": "incompatible parameters"}, 400
        except ProviderTokenNotInitError as ex:
@ -203,7 +274,21 @@ class InstructionGenerateApi(Resource):
            raise CompletionRequestError(e.description)


+@console_ns.route("/instruction-generate/template")
 class InstructionGenerationTemplateApi(Resource):
+    @api.doc("get_instruction_template")
+    @api.doc(description="Get instruction generation template")
+    @api.expect(
+        api.model(
+            "InstructionTemplateRequest",
+            {
+                "instruction": fields.String(required=True, description="Template instruction"),
+                "ideal_output": fields.String(description="Expected ideal output"),
+            },
+        )
+    )
+    @api.response(200, "Template retrieved successfully")
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -222,10 +307,3 @@ class InstructionGenerationTemplateApi(Resource):
                return {"data": INSTRUCTION_GENERATE_TEMPLATE_CODE}
            case _:
                raise ValueError(f"Invalid type: {args['type']}")
-
-
-api.add_resource(RuleGenerateApi, "/rule-generate")
-api.add_resource(RuleCodeGenerateApi, "/rule-code-generate")
-api.add_resource(RuleStructuredOutputGenerateApi, "/rule-structured-output-generate")
-api.add_resource(InstructionGenerateApi, "/instruction-generate")
-api.add_resource(InstructionGenerationTemplateApi, "/instruction-generate/template")
--- a/api/controllers/console/app/mcp_server.py
+++ b/api/controllers/console/app/mcp_server.py
@ -2,10 +2,10 @@ import json
 from enum import StrEnum

 from flask_login import current_user
-from flask_restx import Resource, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal_with, reqparse
 from werkzeug.exceptions import NotFound

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -19,7 +19,12 @@ class AppMCPServerStatus(StrEnum):
    INACTIVE = "inactive"


+@console_ns.route("/apps/<uuid:app_id>/server")
 class AppMCPServerController(Resource):
+    @api.doc("get_app_mcp_server")
+    @api.doc(description="Get MCP server configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "MCP server configuration retrieved successfully", app_server_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -29,6 +34,20 @@ class AppMCPServerController(Resource):
        server = db.session.query(AppMCPServer).where(AppMCPServer.app_id == app_model.id).first()
        return server

+    @api.doc("create_app_mcp_server")
+    @api.doc(description="Create MCP server configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "MCPServerCreateRequest",
+            {
+                "description": fields.String(description="Server description"),
+                "parameters": fields.Raw(required=True, description="Server parameters configuration"),
+            },
+        )
+    )
+    @api.response(201, "MCP server configuration created successfully", app_server_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -59,6 +78,23 @@ class AppMCPServerController(Resource):
        db.session.commit()
        return server

+    @api.doc("update_app_mcp_server")
+    @api.doc(description="Update MCP server configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "MCPServerUpdateRequest",
+            {
+                "id": fields.String(required=True, description="Server ID"),
+                "description": fields.String(description="Server description"),
+                "parameters": fields.Raw(required=True, description="Server parameters configuration"),
+                "status": fields.String(description="Server status"),
+            },
+        )
+    )
+    @api.response(200, "MCP server configuration updated successfully", app_server_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Server not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -94,7 +130,14 @@ class AppMCPServerController(Resource):
        return server


+@console_ns.route("/apps/<uuid:server_id>/server/refresh")
 class AppMCPServerRefreshController(Resource):
+    @api.doc("refresh_app_mcp_server")
+    @api.doc(description="Refresh MCP server configuration and regenerate server code")
+    @api.doc(params={"server_id": "Server ID"})
+    @api.response(200, "MCP server refreshed successfully", app_server_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "Server not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -113,7 +156,3 @@ class AppMCPServerRefreshController(Resource):
        server.server_code = AppMCPServer.generate_server_code(16)
        db.session.commit()
        return server
-
-
-api.add_resource(AppMCPServerController, "/apps/<uuid:app_id>/server")
-api.add_resource(AppMCPServerRefreshController, "/apps/<uuid:server_id>/server/refresh")
--- a/api/controllers/console/app/message.py
+++ b/api/controllers/console/app/message.py
@ -1,12 +1,11 @@
 import logging

-from flask_login import current_user
 from flask_restx import Resource, fields, marshal_with, reqparse
 from flask_restx.inputs import int_range
 from sqlalchemy import exists, select
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
@ -27,7 +26,8 @@ from extensions.ext_database import db
 from fields.conversation_fields import annotation_fields, message_detail_fields
 from libs.helper import uuid_value
 from libs.infinite_scroll_pagination import InfiniteScrollPagination
-from libs.login import login_required
+from libs.login import current_user, login_required
+from models.account import Account
 from models.model import AppMode, Conversation, Message, MessageAnnotation, MessageFeedback
 from services.annotation_service import AppAnnotationService
 from services.errors.conversation import ConversationNotExistsError
@ -37,6 +37,7 @@ from services.message_service import MessageService
 logger = logging.getLogger(__name__)


+@console_ns.route("/apps/<uuid:app_id>/chat-messages")
 class ChatMessageListApi(Resource):
    message_infinite_scroll_pagination_fields = {
        "limit": fields.Integer,
@ -44,12 +45,26 @@ class ChatMessageListApi(Resource):
        "data": fields.List(fields.Nested(message_detail_fields)),
    }

+    @api.doc("list_chat_messages")
+    @api.doc(description="Get chat messages for a conversation with pagination")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("conversation_id", type=str, required=True, location="args", help="Conversation ID")
+        .add_argument("first_id", type=str, location="args", help="First message ID for pagination")
+        .add_argument("limit", type=int, location="args", default=20, help="Number of messages to return (1-100)")
+    )
+    @api.response(200, "Success", message_infinite_scroll_pagination_fields)
+    @api.response(404, "Conversation not found")
    @setup_required
    @login_required
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
    @account_initialization_required
    @marshal_with(message_infinite_scroll_pagination_fields)
    def get(self, app_model):
+        if not isinstance(current_user, Account) or not current_user.has_edit_permission:
+            raise Forbidden()
+
        parser = reqparse.RequestParser()
        parser.add_argument("conversation_id", required=True, type=uuid_value, location="args")
        parser.add_argument("first_id", type=uuid_value, location="args")
@ -117,12 +132,31 @@ class ChatMessageListApi(Resource):
        return InfiniteScrollPagination(data=history_messages, limit=args["limit"], has_more=has_more)


+@console_ns.route("/apps/<uuid:app_id>/feedbacks")
 class MessageFeedbackApi(Resource):
+    @api.doc("create_message_feedback")
+    @api.doc(description="Create or update message feedback (like/dislike)")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "MessageFeedbackRequest",
+            {
+                "message_id": fields.String(required=True, description="Message ID"),
+                "rating": fields.String(enum=["like", "dislike"], description="Feedback rating"),
+            },
+        )
+    )
+    @api.response(200, "Feedback updated successfully")
+    @api.response(404, "Message not found")
+    @api.response(403, "Insufficient permissions")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def post(self, app_model):
+        if current_user is None:
+            raise Forbidden()
+
        parser = reqparse.RequestParser()
        parser.add_argument("message_id", required=True, type=uuid_value, location="json")
        parser.add_argument("rating", type=str, choices=["like", "dislike", None], location="json")
@ -159,7 +193,24 @@ class MessageFeedbackApi(Resource):
        return {"result": "success"}


+@console_ns.route("/apps/<uuid:app_id>/annotations")
 class MessageAnnotationApi(Resource):
+    @api.doc("create_message_annotation")
+    @api.doc(description="Create message annotation")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "MessageAnnotationRequest",
+            {
+                "message_id": fields.String(description="Message ID"),
+                "question": fields.String(required=True, description="Question text"),
+                "answer": fields.String(required=True, description="Answer text"),
+                "annotation_reply": fields.Raw(description="Annotation reply"),
+            },
+        )
+    )
+    @api.response(200, "Annotation created successfully", annotation_fields)
+    @api.response(403, "Insufficient permissions")
    @setup_required
    @login_required
    @account_initialization_required
@ -167,7 +218,9 @@ class MessageAnnotationApi(Resource):
    @get_app_model
    @marshal_with(annotation_fields)
    def post(self, app_model):
-        if not current_user.is_editor:
+        if not isinstance(current_user, Account):
+            raise Forbidden()
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -181,18 +234,37 @@ class MessageAnnotationApi(Resource):
        return annotation


+@console_ns.route("/apps/<uuid:app_id>/annotations/count")
 class MessageAnnotationCountApi(Resource):
+    @api.doc("get_annotation_count")
+    @api.doc(description="Get count of message annotations for the app")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(
+        200,
+        "Annotation count retrieved successfully",
+        api.model("AnnotationCountResponse", {"count": fields.Integer(description="Number of annotations")}),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        count = db.session.query(MessageAnnotation).where(MessageAnnotation.app_id == app_model.id).count()

        return {"count": count}


+@console_ns.route("/apps/<uuid:app_id>/chat-messages/<uuid:message_id>/suggested-questions")
 class MessageSuggestedQuestionApi(Resource):
+    @api.doc("get_message_suggested_questions")
+    @api.doc(description="Get suggested questions for a message")
+    @api.doc(params={"app_id": "Application ID", "message_id": "Message ID"})
+    @api.response(
+        200,
+        "Suggested questions retrieved successfully",
+        api.model("SuggestedQuestionsResponse", {"data": fields.List(fields.String(description="Suggested question"))}),
+    )
+    @api.response(404, "Message or conversation not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -225,7 +297,13 @@ class MessageSuggestedQuestionApi(Resource):
        return {"data": questions}


+@console_ns.route("/apps/<uuid:app_id>/messages/<uuid:message_id>")
 class MessageApi(Resource):
+    @api.doc("get_message")
+    @api.doc(description="Get message details by ID")
+    @api.doc(params={"app_id": "Application ID", "message_id": "Message ID"})
+    @api.response(200, "Message retrieved successfully", message_detail_fields)
+    @api.response(404, "Message not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -240,11 +318,3 @@ class MessageApi(Resource):
            raise NotFound("Message Not Exists.")

        return message
-
-
-api.add_resource(MessageSuggestedQuestionApi, "/apps/<uuid:app_id>/chat-messages/<uuid:message_id>/suggested-questions")
-api.add_resource(ChatMessageListApi, "/apps/<uuid:app_id>/chat-messages", endpoint="console_chat_messages")
-api.add_resource(MessageFeedbackApi, "/apps/<uuid:app_id>/feedbacks")
-api.add_resource(MessageAnnotationApi, "/apps/<uuid:app_id>/annotations")
-api.add_resource(MessageAnnotationCountApi, "/apps/<uuid:app_id>/annotations/count")
-api.add_resource(MessageApi, "/apps/<uuid:app_id>/messages/<uuid:message_id>", endpoint="console_message")
--- a/api/controllers/console/app/model_config.py
+++ b/api/controllers/console/app/model_config.py
@ -3,9 +3,10 @@ from typing import cast

 from flask import request
 from flask_login import current_user
-from flask_restx import Resource
+from flask_restx import Resource, fields
+from werkzeug.exceptions import Forbidden

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.agent.entities import AgentToolEntity
@ -14,17 +15,51 @@ from core.tools.utils.configuration import ToolParameterConfigurationManager
 from events.app_event import app_model_config_was_updated
 from extensions.ext_database import db
 from libs.login import login_required
+from models.account import Account
 from models.model import AppMode, AppModelConfig
 from services.app_model_config_service import AppModelConfigService


+@console_ns.route("/apps/<uuid:app_id>/model-config")
 class ModelConfigResource(Resource):
+    @api.doc("update_app_model_config")
+    @api.doc(description="Update application model configuration")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "ModelConfigRequest",
+            {
+                "provider": fields.String(description="Model provider"),
+                "model": fields.String(description="Model name"),
+                "configs": fields.Raw(description="Model configuration parameters"),
+                "opening_statement": fields.String(description="Opening statement"),
+                "suggested_questions": fields.List(fields.String(), description="Suggested questions"),
+                "more_like_this": fields.Raw(description="More like this configuration"),
+                "speech_to_text": fields.Raw(description="Speech to text configuration"),
+                "text_to_speech": fields.Raw(description="Text to speech configuration"),
+                "retrieval_model": fields.Raw(description="Retrieval model configuration"),
+                "tools": fields.List(fields.Raw(), description="Available tools"),
+                "dataset_configs": fields.Raw(description="Dataset configurations"),
+                "agent_mode": fields.Raw(description="Agent mode configuration"),
+            },
+        )
+    )
+    @api.response(200, "Model configuration updated successfully")
+    @api.response(400, "Invalid configuration")
+    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.AGENT_CHAT, AppMode.CHAT, AppMode.COMPLETION])
    def post(self, app_model):
        """Modify app model config"""
+        if not isinstance(current_user, Account):
+            raise Forbidden()
+
+        if not current_user.has_edit_permission:
+            raise Forbidden()
+
+        assert current_user.current_tenant_id is not None, "The tenant information should be loaded."
        # validate config
        model_configuration = AppModelConfigService.validate_configuration(
            tenant_id=current_user.current_tenant_id,
@ -39,7 +74,7 @@ class ModelConfigResource(Resource):
        )
        new_app_model_config = new_app_model_config.from_model_config_dict(model_configuration)

-        if app_model.mode == AppMode.AGENT_CHAT.value or app_model.is_agent:
+        if app_model.mode == AppMode.AGENT_CHAT or app_model.is_agent:
            # get original app model config
            original_app_model_config = (
                db.session.query(AppModelConfig).where(AppModelConfig.id == app_model.app_model_config_id).first()
@ -142,6 +177,3 @@ class ModelConfigResource(Resource):
        app_model_config_was_updated.send(app_model, app_model_config=new_app_model_config)

        return {"result": "success"}
-
-
-api.add_resource(ModelConfigResource, "/apps/<uuid:app_id>/model-config")
--- a/api/controllers/console/app/ops_trace.py
+++ b/api/controllers/console/app/ops_trace.py
@ -1,18 +1,31 @@
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse
 from werkzeug.exceptions import BadRequest

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import TracingConfigCheckError, TracingConfigIsExist, TracingConfigNotExist
 from controllers.console.wraps import account_initialization_required, setup_required
 from libs.login import login_required
 from services.ops_service import OpsService


+@console_ns.route("/apps/<uuid:app_id>/trace-config")
 class TraceAppConfigApi(Resource):
    """
    Manage trace app configurations
    """

+    @api.doc("get_trace_app_config")
+    @api.doc(description="Get tracing configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser().add_argument(
+            "tracing_provider", type=str, required=True, location="args", help="Tracing provider name"
+        )
+    )
+    @api.response(
+        200, "Tracing configuration retrieved successfully", fields.Raw(description="Tracing configuration data")
+    )
+    @api.response(400, "Invalid request parameters")
    @setup_required
    @login_required
    @account_initialization_required
@ -29,6 +42,22 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))

+    @api.doc("create_trace_app_config")
+    @api.doc(description="Create a new tracing configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "TraceConfigCreateRequest",
+            {
+                "tracing_provider": fields.String(required=True, description="Tracing provider name"),
+                "tracing_config": fields.Raw(required=True, description="Tracing configuration data"),
+            },
+        )
+    )
+    @api.response(
+        201, "Tracing configuration created successfully", fields.Raw(description="Created configuration data")
+    )
+    @api.response(400, "Invalid request parameters or configuration already exists")
    @setup_required
    @login_required
    @account_initialization_required
@ -51,6 +80,20 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))

+    @api.doc("update_trace_app_config")
+    @api.doc(description="Update an existing tracing configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "TraceConfigUpdateRequest",
+            {
+                "tracing_provider": fields.String(required=True, description="Tracing provider name"),
+                "tracing_config": fields.Raw(required=True, description="Updated tracing configuration data"),
+            },
+        )
+    )
+    @api.response(200, "Tracing configuration updated successfully", fields.Raw(description="Success response"))
+    @api.response(400, "Invalid request parameters or configuration not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -71,6 +114,16 @@ class TraceAppConfigApi(Resource):
        except Exception as e:
            raise BadRequest(str(e))

+    @api.doc("delete_trace_app_config")
+    @api.doc(description="Delete an existing tracing configuration for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser().add_argument(
+            "tracing_provider", type=str, required=True, location="args", help="Tracing provider name"
+        )
+    )
+    @api.response(204, "Tracing configuration deleted successfully")
+    @api.response(400, "Invalid request parameters or configuration not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -87,6 +140,3 @@ class TraceAppConfigApi(Resource):
            return {"result": "success"}, 204
        except Exception as e:
            raise BadRequest(str(e))
-
-
-api.add_resource(TraceAppConfigApi, "/apps/<uuid:app_id>/trace-config")
--- a/api/controllers/console/app/site.py
+++ b/api/controllers/console/app/site.py
@ -1,16 +1,16 @@
 from flask_login import current_user
-from flask_restx import Resource, marshal_with, reqparse
+from flask_restx import Resource, fields, marshal_with, reqparse
 from werkzeug.exceptions import Forbidden, NotFound

 from constants.languages import supported_language
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
 from fields.app_fields import app_site_fields
 from libs.datetime_utils import naive_utc_now
 from libs.login import login_required
-from models import Site
+from models import Account, Site


 def parse_app_site_args():
@ -36,7 +36,39 @@ def parse_app_site_args():
    return parser.parse_args()


+@console_ns.route("/apps/<uuid:app_id>/site")
 class AppSite(Resource):
+    @api.doc("update_app_site")
+    @api.doc(description="Update application site configuration")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AppSiteRequest",
+            {
+                "title": fields.String(description="Site title"),
+                "icon_type": fields.String(description="Icon type"),
+                "icon": fields.String(description="Icon"),
+                "icon_background": fields.String(description="Icon background color"),
+                "description": fields.String(description="Site description"),
+                "default_language": fields.String(description="Default language"),
+                "chat_color_theme": fields.String(description="Chat color theme"),
+                "chat_color_theme_inverted": fields.Boolean(description="Inverted chat color theme"),
+                "customize_domain": fields.String(description="Custom domain"),
+                "copyright": fields.String(description="Copyright text"),
+                "privacy_policy": fields.String(description="Privacy policy"),
+                "custom_disclaimer": fields.String(description="Custom disclaimer"),
+                "customize_token_strategy": fields.String(
+                    enum=["must", "allow", "not_allow"], description="Token strategy"
+                ),
+                "prompt_public": fields.Boolean(description="Make prompt public"),
+                "show_workflow_steps": fields.Boolean(description="Show workflow steps"),
+                "use_icon_as_answer_icon": fields.Boolean(description="Use icon as answer icon"),
+            },
+        )
+    )
+    @api.response(200, "Site configuration updated successfully", app_site_fields)
+    @api.response(403, "Insufficient permissions")
+    @api.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -75,6 +107,8 @@ class AppSite(Resource):
            if value is not None:
                setattr(site, attr_name, value)

+        if not isinstance(current_user, Account):
+            raise ValueError("current_user must be an Account instance")
        site.updated_by = current_user.id
        site.updated_at = naive_utc_now()
        db.session.commit()
@ -82,7 +116,14 @@ class AppSite(Resource):
        return site


+@console_ns.route("/apps/<uuid:app_id>/site/access-token-reset")
 class AppSiteAccessTokenReset(Resource):
+    @api.doc("reset_app_site_access_token")
+    @api.doc(description="Reset access token for application site")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Access token reset successfully", app_site_fields)
+    @api.response(403, "Insufficient permissions (admin/owner required)")
+    @api.response(404, "App or site not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -99,12 +140,10 @@ class AppSiteAccessTokenReset(Resource):
            raise NotFound

        site.code = Site.generate_code(16)
+        if not isinstance(current_user, Account):
+            raise ValueError("current_user must be an Account instance")
        site.updated_by = current_user.id
        site.updated_at = naive_utc_now()
        db.session.commit()

        return site
-
-
-api.add_resource(AppSite, "/apps/<uuid:app_id>/site")
-api.add_resource(AppSiteAccessTokenReset, "/apps/<uuid:app_id>/site/access-token-reset")
--- a/api/controllers/console/app/statistic.py
+++ b/api/controllers/console/app/statistic.py
@ -5,9 +5,9 @@ import pytz
 import sqlalchemy as sa
 from flask import jsonify
 from flask_login import current_user
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -17,11 +17,25 @@ from libs.login import login_required
 from models import AppMode, Message


+@console_ns.route("/apps/<uuid:app_id>/statistics/daily-messages")
 class DailyMessageStatistic(Resource):
+    @api.doc("get_daily_message_statistics")
+    @api.doc(description="Get daily message statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Daily message statistics retrieved successfully",
+        fields.List(fields.Raw(description="Daily message count data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -36,8 +50,9 @@ class DailyMessageStatistic(Resource):
 FROM
    messages
 WHERE
-    app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    app_id = :app_id
+    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -74,11 +89,25 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/daily-conversations")
 class DailyConversationStatistic(Resource):
+    @api.doc("get_daily_conversation_statistics")
+    @api.doc(description="Get daily conversation statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Daily conversation statistics retrieved successfully",
+        fields.List(fields.Raw(description="Daily conversation count data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -126,11 +155,25 @@ class DailyConversationStatistic(Resource):
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/daily-end-users")
 class DailyTerminalsStatistic(Resource):
+    @api.doc("get_daily_terminals_statistics")
+    @api.doc(description="Get daily terminal/end-user statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Daily terminal statistics retrieved successfully",
+        fields.List(fields.Raw(description="Daily terminal count data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -145,8 +188,9 @@ class DailyTerminalsStatistic(Resource):
 FROM
    messages
 WHERE
-    app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    app_id = :app_id
+    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -183,11 +227,25 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/token-costs")
 class DailyTokenCostStatistic(Resource):
+    @api.doc("get_daily_token_cost_statistics")
+    @api.doc(description="Get daily token cost statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Daily token cost statistics retrieved successfully",
+        fields.List(fields.Raw(description="Daily token cost data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -203,8 +261,9 @@ class DailyTokenCostStatistic(Resource):
 FROM
    messages
 WHERE
-    app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    app_id = :app_id
+    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -243,7 +302,21 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/average-session-interactions")
 class AverageSessionInteractionStatistic(Resource):
+    @api.doc("get_average_session_interaction_statistics")
+    @api.doc(description="Get average session interaction statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Average session interaction statistics retrieved successfully",
+        fields.List(fields.Raw(description="Average session interaction data")),
+    )
    @setup_required
    @login_required
    @account_initialization_required
@ -270,8 +343,9 @@ FROM
            messages m
            ON c.id = m.conversation_id
        WHERE
-            c.app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+            c.app_id = :app_id
+            AND m.invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -319,11 +393,25 @@ ORDER BY
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/user-satisfaction-rate")
 class UserSatisfactionRateStatistic(Resource):
+    @api.doc("get_user_satisfaction_rate_statistics")
+    @api.doc(description="Get user satisfaction rate statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "User satisfaction rate statistics retrieved successfully",
+        fields.List(fields.Raw(description="User satisfaction rate data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -342,8 +430,9 @@ LEFT JOIN
    message_feedbacks mf
    ON mf.message_id=m.id AND mf.rating='like'
 WHERE
-    m.app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    m.app_id = :app_id
+    AND m.invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -385,7 +474,21 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/average-response-time")
 class AverageResponseTimeStatistic(Resource):
+    @api.doc("get_average_response_time_statistics")
+    @api.doc(description="Get average response time statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Average response time statistics retrieved successfully",
+        fields.List(fields.Raw(description="Average response time data")),
+    )
    @setup_required
    @login_required
    @account_initialization_required
@ -404,8 +507,9 @@ class AverageResponseTimeStatistic(Resource):
 FROM
    messages
 WHERE
-    app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    app_id = :app_id
+    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -442,11 +546,25 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/statistics/tokens-per-second")
 class TokensPerSecondStatistic(Resource):
+    @api.doc("get_tokens_per_second_statistics")
+    @api.doc(description="Get tokens per second statistics for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.parser()
+        .add_argument("start", type=str, location="args", help="Start date (YYYY-MM-DD HH:MM)")
+        .add_argument("end", type=str, location="args", help="End date (YYYY-MM-DD HH:MM)")
+    )
+    @api.response(
+        200,
+        "Tokens per second statistics retrieved successfully",
+        fields.List(fields.Raw(description="Tokens per second data")),
+    )
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -464,8 +582,9 @@ class TokensPerSecondStatistic(Resource):
 FROM
    messages
 WHERE
-    app_id = :app_id"""
-        arg_dict = {"tz": account.timezone, "app_id": app_model.id}
+    app_id = :app_id
+    AND invoke_from != :invoke_from"""
+        arg_dict = {"tz": account.timezone, "app_id": app_model.id, "invoke_from": InvokeFrom.DEBUGGER.value}

        timezone = pytz.timezone(account.timezone)
        utc_timezone = pytz.utc
@ -500,13 +619,3 @@ WHERE
                response_data.append({"date": str(i.date), "tps": round(i.tokens_per_second, 4)})

        return jsonify({"data": response_data})
-
-
-api.add_resource(DailyMessageStatistic, "/apps/<uuid:app_id>/statistics/daily-messages")
-api.add_resource(DailyConversationStatistic, "/apps/<uuid:app_id>/statistics/daily-conversations")
-api.add_resource(DailyTerminalsStatistic, "/apps/<uuid:app_id>/statistics/daily-end-users")
-api.add_resource(DailyTokenCostStatistic, "/apps/<uuid:app_id>/statistics/token-costs")
-api.add_resource(AverageSessionInteractionStatistic, "/apps/<uuid:app_id>/statistics/average-session-interactions")
-api.add_resource(UserSatisfactionRateStatistic, "/apps/<uuid:app_id>/statistics/user-satisfaction-rate")
-api.add_resource(AverageResponseTimeStatistic, "/apps/<uuid:app_id>/statistics/average-response-time")
-api.add_resource(TokensPerSecondStatistic, "/apps/<uuid:app_id>/statistics/tokens-per-second")
--- a/api/controllers/console/app/workflow.py
+++ b/api/controllers/console/app/workflow.py
@ -4,18 +4,13 @@ from collections.abc import Sequence
 from typing import cast

 from flask import abort, request
-from flask_restx import Resource, inputs, marshal_with, reqparse
+from flask_restx import Resource, fields, inputs, marshal_with, reqparse
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden, InternalServerError, NotFound

 import services
-from configs import dify_config
-from controllers.console import api
-from controllers.console.app.error import (
-    ConversationCompletedError,
-    DraftWorkflowNotExist,
-    DraftWorkflowNotSync,
-)
+from controllers.console import api, console_ns
+from controllers.console.app.error import ConversationCompletedError, DraftWorkflowNotExist, DraftWorkflowNotSync
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from controllers.web.error import InvokeRateLimitError as InvokeRateLimitHttpError
@ -24,6 +19,7 @@ from core.app.apps.base_app_queue_manager import AppQueueManager
 from core.app.entities.app_invoke_entities import InvokeFrom
 from core.file.models import File
 from core.helper.trace_id_helper import get_external_trace_id
+from core.workflow.graph_engine.manager import GraphEngineManager
 from extensions.ext_database import db
 from factories import file_factory, variable_factory
 from fields.workflow_fields import workflow_fields, workflow_pagination_fields
@ -61,7 +57,13 @@ def _parse_file(workflow: Workflow, files: list[dict] | None = None) -> Sequence
    return file_objs


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft")
 class DraftWorkflowApi(Resource):
+    @api.doc("get_draft_workflow")
+    @api.doc(description="Get draft workflow for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Draft workflow retrieved successfully", workflow_fields)
+    @api.response(404, "Draft workflow not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -73,7 +75,7 @@ class DraftWorkflowApi(Resource):
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        # fetch draft workflow by app_model
@ -90,13 +92,30 @@ class DraftWorkflowApi(Resource):
    @login_required
    @account_initialization_required
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
+    @api.doc("sync_draft_workflow")
+    @api.doc(description="Sync draft workflow configuration")
+    @api.expect(
+        api.model(
+            "SyncDraftWorkflowRequest",
+            {
+                "graph": fields.Raw(required=True, description="Workflow graph configuration"),
+                "features": fields.Raw(required=True, description="Workflow features configuration"),
+                "hash": fields.String(description="Workflow hash for validation"),
+                "environment_variables": fields.List(fields.Raw, required=True, description="Environment variables"),
+                "conversation_variables": fields.List(fields.Raw, description="Conversation variables"),
+            },
+        )
+    )
+    @api.response(200, "Draft workflow synced successfully", workflow_fields)
+    @api.response(400, "Invalid workflow configuration")
+    @api.response(403, "Permission denied")
    def post(self, app_model: App):
        """
        Sync draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        content_type = request.headers.get("Content-Type", "")
@ -163,7 +182,25 @@ class DraftWorkflowApi(Resource):
        }


+@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/run")
 class AdvancedChatDraftWorkflowRunApi(Resource):
+    @api.doc("run_advanced_chat_draft_workflow")
+    @api.doc(description="Run draft workflow for advanced chat application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "AdvancedChatWorkflowRunRequest",
+            {
+                "query": fields.String(required=True, description="User query"),
+                "inputs": fields.Raw(description="Input variables"),
+                "files": fields.List(fields.Raw, description="File uploads"),
+                "conversation_id": fields.String(description="Conversation ID"),
+            },
+        )
+    )
+    @api.response(200, "Workflow run started successfully")
+    @api.response(400, "Invalid request parameters")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -174,7 +211,7 @@ class AdvancedChatDraftWorkflowRunApi(Resource):
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        if not isinstance(current_user, Account):
@ -212,7 +249,23 @@ class AdvancedChatDraftWorkflowRunApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/iteration/nodes/<string:node_id>/run")
 class AdvancedChatDraftRunIterationNodeApi(Resource):
+    @api.doc("run_advanced_chat_draft_iteration_node")
+    @api.doc(description="Run draft workflow iteration node for advanced chat")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.expect(
+        api.model(
+            "IterationNodeRunRequest",
+            {
+                "task_id": fields.String(required=True, description="Task ID"),
+                "inputs": fields.Raw(description="Input variables"),
+            },
+        )
+    )
+    @api.response(200, "Iteration node run started successfully")
+    @api.response(403, "Permission denied")
+    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -224,7 +277,7 @@ class AdvancedChatDraftRunIterationNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -248,7 +301,23 @@ class AdvancedChatDraftRunIterationNodeApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/iteration/nodes/<string:node_id>/run")
 class WorkflowDraftRunIterationNodeApi(Resource):
+    @api.doc("run_workflow_draft_iteration_node")
+    @api.doc(description="Run draft workflow iteration node")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.expect(
+        api.model(
+            "WorkflowIterationNodeRunRequest",
+            {
+                "task_id": fields.String(required=True, description="Task ID"),
+                "inputs": fields.Raw(description="Input variables"),
+            },
+        )
+    )
+    @api.response(200, "Workflow iteration node run started successfully")
+    @api.response(403, "Permission denied")
+    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -260,7 +329,7 @@ class WorkflowDraftRunIterationNodeApi(Resource):
        # The role of the current user in the ta table must be admin, owner, or editor
        if not isinstance(current_user, Account):
            raise Forbidden()
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -284,7 +353,23 @@ class WorkflowDraftRunIterationNodeApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflows/draft/loop/nodes/<string:node_id>/run")
 class AdvancedChatDraftRunLoopNodeApi(Resource):
+    @api.doc("run_advanced_chat_draft_loop_node")
+    @api.doc(description="Run draft workflow loop node for advanced chat")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.expect(
+        api.model(
+            "LoopNodeRunRequest",
+            {
+                "task_id": fields.String(required=True, description="Task ID"),
+                "inputs": fields.Raw(description="Input variables"),
+            },
+        )
+    )
+    @api.response(200, "Loop node run started successfully")
+    @api.response(403, "Permission denied")
+    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -297,7 +382,7 @@ class AdvancedChatDraftRunLoopNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -321,7 +406,23 @@ class AdvancedChatDraftRunLoopNodeApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/loop/nodes/<string:node_id>/run")
 class WorkflowDraftRunLoopNodeApi(Resource):
+    @api.doc("run_workflow_draft_loop_node")
+    @api.doc(description="Run draft workflow loop node")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.expect(
+        api.model(
+            "WorkflowLoopNodeRunRequest",
+            {
+                "task_id": fields.String(required=True, description="Task ID"),
+                "inputs": fields.Raw(description="Input variables"),
+            },
+        )
+    )
+    @api.response(200, "Workflow loop node run started successfully")
+    @api.response(403, "Permission denied")
+    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -334,7 +435,7 @@ class WorkflowDraftRunLoopNodeApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -358,7 +459,22 @@ class WorkflowDraftRunLoopNodeApi(Resource):
            raise InternalServerError()


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/run")
 class DraftWorkflowRunApi(Resource):
+    @api.doc("run_draft_workflow")
+    @api.doc(description="Run draft workflow")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.expect(
+        api.model(
+            "DraftWorkflowRunRequest",
+            {
+                "inputs": fields.Raw(required=True, description="Input variables"),
+                "files": fields.List(fields.Raw, description="File uploads"),
+            },
+        )
+    )
+    @api.response(200, "Draft workflow run started successfully")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -371,7 +487,7 @@ class DraftWorkflowRunApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -397,7 +513,14 @@ class DraftWorkflowRunApi(Resource):
            raise InvokeRateLimitHttpError(ex.description)


+@console_ns.route("/apps/<uuid:app_id>/workflow-runs/tasks/<string:task_id>/stop")
 class WorkflowTaskStopApi(Resource):
+    @api.doc("stop_workflow_task")
+    @api.doc(description="Stop running workflow task")
+    @api.doc(params={"app_id": "Application ID", "task_id": "Task ID"})
+    @api.response(200, "Task stopped successfully")
+    @api.response(404, "Task not found")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -410,15 +533,35 @@ class WorkflowTaskStopApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

-        AppQueueManager.set_stop_flag(task_id, InvokeFrom.DEBUGGER, current_user.id)
+        # Stop using both mechanisms for backward compatibility
+        # Legacy stop flag mechanism (without user check)
+        AppQueueManager.set_stop_flag_no_user_check(task_id)
+
+        # New graph engine command channel mechanism
+        GraphEngineManager.send_stop_command(task_id)

        return {"result": "success"}


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/run")
 class DraftWorkflowNodeRunApi(Resource):
+    @api.doc("run_draft_workflow_node")
+    @api.doc(description="Run draft workflow node")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.expect(
+        api.model(
+            "DraftWorkflowNodeRunRequest",
+            {
+                "inputs": fields.Raw(description="Input variables"),
+            },
+        )
+    )
+    @api.response(200, "Node run started successfully", workflow_run_node_execution_fields)
+    @api.response(403, "Permission denied")
+    @api.response(404, "Node not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -432,7 +575,7 @@ class DraftWorkflowNodeRunApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -466,7 +609,13 @@ class DraftWorkflowNodeRunApi(Resource):
        return workflow_node_execution


+@console_ns.route("/apps/<uuid:app_id>/workflows/publish")
 class PublishedWorkflowApi(Resource):
+    @api.doc("get_published_workflow")
+    @api.doc(description="Get published workflow for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Published workflow retrieved successfully", workflow_fields)
+    @api.response(404, "Published workflow not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -480,7 +629,7 @@ class PublishedWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        # fetch published workflow by app_model
@ -501,7 +650,7 @@ class PublishedWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -538,7 +687,12 @@ class PublishedWorkflowApi(Resource):
        }


+@console_ns.route("/apps/<uuid:app_id>/workflows/default-workflow-block-configs")
 class DefaultBlockConfigsApi(Resource):
+    @api.doc("get_default_block_configs")
+    @api.doc(description="Get default block configurations for workflow")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Default block configurations retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -551,7 +705,7 @@ class DefaultBlockConfigsApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        # Get default block configs
@ -559,7 +713,13 @@ class DefaultBlockConfigsApi(Resource):
        return workflow_service.get_default_block_configs()


+@console_ns.route("/apps/<uuid:app_id>/workflows/default-workflow-block-configs/<string:block_type>")
 class DefaultBlockConfigApi(Resource):
+    @api.doc("get_default_block_config")
+    @api.doc(description="Get default block configuration by type")
+    @api.doc(params={"app_id": "Application ID", "block_type": "Block type"})
+    @api.response(200, "Default block configuration retrieved successfully")
+    @api.response(404, "Block type not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -571,7 +731,7 @@ class DefaultBlockConfigApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -592,7 +752,14 @@ class DefaultBlockConfigApi(Resource):
        return workflow_service.get_default_block_config(node_type=block_type, filters=filters)


+@console_ns.route("/apps/<uuid:app_id>/convert-to-workflow")
 class ConvertToWorkflowApi(Resource):
+    @api.doc("convert_to_workflow")
+    @api.doc(description="Convert application to workflow mode")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Application converted to workflow successfully")
+    @api.response(400, "Application cannot be converted")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -606,7 +773,7 @@ class ConvertToWorkflowApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        if request.data:
@ -629,20 +796,12 @@ class ConvertToWorkflowApi(Resource):
        }


-class WorkflowConfigApi(Resource):
-    """Resource for workflow configuration."""
-
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
-    def get(self, app_model: App):
-        return {
-            "parallel_depth_limit": dify_config.WORKFLOW_PARALLEL_DEPTH_LIMIT,
-        }
-
-
+@console_ns.route("/apps/<uuid:app_id>/workflows")
 class PublishedAllWorkflowApi(Resource):
+    @api.doc("get_all_published_workflows")
+    @api.doc(description="Get all published workflows for an application")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Published workflows retrieved successfully", workflow_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -655,7 +814,7 @@ class PublishedAllWorkflowApi(Resource):

        if not isinstance(current_user, Account):
            raise Forbidden()
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -693,7 +852,23 @@ class PublishedAllWorkflowApi(Resource):
            }


+@console_ns.route("/apps/<uuid:app_id>/workflows/<string:workflow_id>")
 class WorkflowByIdApi(Resource):
+    @api.doc("update_workflow_by_id")
+    @api.doc(description="Update workflow by ID")
+    @api.doc(params={"app_id": "Application ID", "workflow_id": "Workflow ID"})
+    @api.expect(
+        api.model(
+            "UpdateWorkflowRequest",
+            {
+                "environment_variables": fields.List(fields.Raw, description="Environment variables"),
+                "conversation_variables": fields.List(fields.Raw, description="Conversation variables"),
+            },
+        )
+    )
+    @api.response(200, "Workflow updated successfully", workflow_fields)
+    @api.response(404, "Workflow not found")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -706,7 +881,7 @@ class WorkflowByIdApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        parser = reqparse.RequestParser()
@ -719,7 +894,6 @@ class WorkflowByIdApi(Resource):
            raise ValueError("Marked name cannot exceed 20 characters")
        if args.marked_comment and len(args.marked_comment) > 100:
            raise ValueError("Marked comment cannot exceed 100 characters")
-        args = parser.parse_args()

        # Prepare update data
        update_data = {}
@ -762,7 +936,7 @@ class WorkflowByIdApi(Resource):
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()

        workflow_service = WorkflowService()
@ -785,7 +959,14 @@ class WorkflowByIdApi(Resource):
        return None, 204


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/last-run")
 class DraftWorkflowNodeLastRunApi(Resource):
+    @api.doc("get_draft_workflow_node_last_run")
+    @api.doc(description="Get last run result for draft workflow node")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.response(200, "Node last run retrieved successfully", workflow_run_node_execution_fields)
+    @api.response(404, "Node last run not found")
+    @api.response(403, "Permission denied")
    @setup_required
    @login_required
    @account_initialization_required
@ -804,73 +985,3 @@ class DraftWorkflowNodeLastRunApi(Resource):
        if node_exec is None:
            raise NotFound("last run not found")
        return node_exec
-
-
-api.add_resource(
-    DraftWorkflowApi,
-    "/apps/<uuid:app_id>/workflows/draft",
-)
-api.add_resource(
-    WorkflowConfigApi,
-    "/apps/<uuid:app_id>/workflows/draft/config",
-)
-api.add_resource(
-    AdvancedChatDraftWorkflowRunApi,
-    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/run",
-)
-api.add_resource(
-    DraftWorkflowRunApi,
-    "/apps/<uuid:app_id>/workflows/draft/run",
-)
-api.add_resource(
-    WorkflowTaskStopApi,
-    "/apps/<uuid:app_id>/workflow-runs/tasks/<string:task_id>/stop",
-)
-api.add_resource(
-    DraftWorkflowNodeRunApi,
-    "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/run",
-)
-api.add_resource(
-    AdvancedChatDraftRunIterationNodeApi,
-    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/iteration/nodes/<string:node_id>/run",
-)
-api.add_resource(
-    WorkflowDraftRunIterationNodeApi,
-    "/apps/<uuid:app_id>/workflows/draft/iteration/nodes/<string:node_id>/run",
-)
-api.add_resource(
-    AdvancedChatDraftRunLoopNodeApi,
-    "/apps/<uuid:app_id>/advanced-chat/workflows/draft/loop/nodes/<string:node_id>/run",
-)
-api.add_resource(
-    WorkflowDraftRunLoopNodeApi,
-    "/apps/<uuid:app_id>/workflows/draft/loop/nodes/<string:node_id>/run",
-)
-api.add_resource(
-    PublishedWorkflowApi,
-    "/apps/<uuid:app_id>/workflows/publish",
-)
-api.add_resource(
-    PublishedAllWorkflowApi,
-    "/apps/<uuid:app_id>/workflows",
-)
-api.add_resource(
-    DefaultBlockConfigsApi,
-    "/apps/<uuid:app_id>/workflows/default-workflow-block-configs",
-)
-api.add_resource(
-    DefaultBlockConfigApi,
-    "/apps/<uuid:app_id>/workflows/default-workflow-block-configs/<string:block_type>",
-)
-api.add_resource(
-    ConvertToWorkflowApi,
-    "/apps/<uuid:app_id>/convert-to-workflow",
-)
-api.add_resource(
-    WorkflowByIdApi,
-    "/apps/<uuid:app_id>/workflows/<string:workflow_id>",
-)
-api.add_resource(
-    DraftWorkflowNodeLastRunApi,
-    "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/last-run",
-)
--- a/api/controllers/console/app/workflow_app_log.py
+++ b/api/controllers/console/app/workflow_app_log.py
@ -3,10 +3,10 @@ from flask_restx import Resource, marshal_with, reqparse
 from flask_restx.inputs import int_range
 from sqlalchemy.orm import Session

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
-from core.workflow.entities.workflow_execution import WorkflowExecutionStatus
+from core.workflow.enums import WorkflowExecutionStatus
 from extensions.ext_database import db
 from fields.workflow_app_log_fields import workflow_app_log_pagination_fields
 from libs.login import login_required
@ -15,7 +15,24 @@ from models.model import AppMode
 from services.workflow_app_service import WorkflowAppService


+@console_ns.route("/apps/<uuid:app_id>/workflow-app-logs")
 class WorkflowAppLogApi(Resource):
+    @api.doc("get_workflow_app_logs")
+    @api.doc(description="Get workflow application execution logs")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(
+        params={
+            "keyword": "Search keyword for filtering logs",
+            "status": "Filter by execution status (succeeded, failed, stopped, partial-succeeded)",
+            "created_at__before": "Filter logs created before this timestamp",
+            "created_at__after": "Filter logs created after this timestamp",
+            "created_by_end_user_session_id": "Filter by end user session ID",
+            "created_by_account": "Filter by account",
+            "page": "Page number (1-99999)",
+            "limit": "Number of items per page (1-100)",
+        }
+    )
+    @api.response(200, "Workflow app logs retrieved successfully", workflow_app_log_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -78,6 +95,3 @@ class WorkflowAppLogApi(Resource):
            )

            return workflow_app_log_pagination
-
-
-api.add_resource(WorkflowAppLogApi, "/apps/<uuid:app_id>/workflow-app-logs")
--- a/api/controllers/console/app/workflow_draft_variable.py
+++ b/api/controllers/console/app/workflow_draft_variable.py
@ -6,21 +6,23 @@ from flask_restx import Resource, fields, inputs, marshal, marshal_with, reqpars
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.error import (
    DraftWorkflowNotExist,
 )
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from controllers.web.error import InvalidArgumentError, NotFoundError
+from core.file import helpers as file_helpers
 from core.variables.segment_group import SegmentGroup
 from core.variables.segments import ArrayFileSegment, FileSegment, Segment
 from core.variables.types import SegmentType
 from core.workflow.constants import CONVERSATION_VARIABLE_NODE_ID, SYSTEM_VARIABLE_NODE_ID
+from extensions.ext_database import db
 from factories.file_factory import build_from_mapping, build_from_mappings
 from factories.variable_factory import build_segment_with_type
 from libs.login import current_user, login_required
-from models import App, AppMode, db
+from models import App, AppMode
 from models.account import Account
 from models.workflow import WorkflowDraftVariable
 from services.workflow_draft_variable_service import WorkflowDraftVariableList, WorkflowDraftVariableService
@ -74,6 +76,22 @@ def _serialize_variable_type(workflow_draft_var: WorkflowDraftVariable) -> str:
    return value_type.exposed_type().value


+def _serialize_full_content(variable: WorkflowDraftVariable) -> dict | None:
+    """Serialize full_content information for large variables."""
+    if not variable.is_truncated():
+        return None
+
+    variable_file = variable.variable_file
+    assert variable_file is not None
+
+    return {
+        "size_bytes": variable_file.size,
+        "value_type": variable_file.value_type.exposed_type().value,
+        "length": variable_file.length,
+        "download_url": file_helpers.get_signed_file_url(variable_file.upload_file_id, as_attachment=True),
+    }
+
+
 _WORKFLOW_DRAFT_VARIABLE_WITHOUT_VALUE_FIELDS = {
    "id": fields.String,
    "type": fields.String(attribute=lambda model: model.get_variable_type()),
@ -83,11 +101,13 @@ _WORKFLOW_DRAFT_VARIABLE_WITHOUT_VALUE_FIELDS = {
    "value_type": fields.String(attribute=_serialize_variable_type),
    "edited": fields.Boolean(attribute=lambda model: model.edited),
    "visible": fields.Boolean,
+    "is_truncated": fields.Boolean(attribute=lambda model: model.file_id is not None),
 }

 _WORKFLOW_DRAFT_VARIABLE_FIELDS = dict(
    _WORKFLOW_DRAFT_VARIABLE_WITHOUT_VALUE_FIELDS,
    value=fields.Raw(attribute=_serialize_var_value),
+    full_content=fields.Raw(attribute=_serialize_full_content),
 )

 _WORKFLOW_DRAFT_ENV_VARIABLE_FIELDS = {
@ -137,14 +157,20 @@ def _api_prerequisite(f):
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
    def wrapper(*args, **kwargs):
        assert isinstance(current_user, Account)
-        if not current_user.is_editor:
+        if not current_user.has_edit_permission:
            raise Forbidden()
        return f(*args, **kwargs)

    return wrapper


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables")
 class WorkflowVariableCollectionApi(Resource):
+    @api.doc("get_workflow_variables")
+    @api.doc(description="Get draft workflow variables")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"page": "Page number (1-100000)", "limit": "Number of items per page (1-100)"})
+    @api.response(200, "Workflow variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_WITHOUT_VALUE_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_WITHOUT_VALUE_FIELDS)
    def get(self, app_model: App):
@ -173,6 +199,9 @@ class WorkflowVariableCollectionApi(Resource):

        return workflow_vars

+    @api.doc("delete_workflow_variables")
+    @api.doc(description="Delete all draft workflow variables")
+    @api.response(204, "Workflow variables deleted successfully")
    @_api_prerequisite
    def delete(self, app_model: App):
        draft_var_srv = WorkflowDraftVariableService(
@ -201,7 +230,12 @@ def validate_node_id(node_id: str) -> NoReturn | None:
    return None


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/variables")
 class NodeVariableCollectionApi(Resource):
+    @api.doc("get_node_variables")
+    @api.doc(description="Get variables for a specific node")
+    @api.doc(params={"app_id": "Application ID", "node_id": "Node ID"})
+    @api.response(200, "Node variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App, node_id: str):
@ -214,6 +248,9 @@ class NodeVariableCollectionApi(Resource):

        return node_vars

+    @api.doc("delete_node_variables")
+    @api.doc(description="Delete all variables for a specific node")
+    @api.response(204, "Node variables deleted successfully")
    @_api_prerequisite
    def delete(self, app_model: App, node_id: str):
        validate_node_id(node_id)
@ -223,10 +260,16 @@ class NodeVariableCollectionApi(Resource):
        return Response("", 204)


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>")
 class VariableApi(Resource):
    _PATCH_NAME_FIELD = "name"
    _PATCH_VALUE_FIELD = "value"

+    @api.doc("get_variable")
+    @api.doc(description="Get a specific workflow variable")
+    @api.doc(params={"app_id": "Application ID", "variable_id": "Variable ID"})
+    @api.response(200, "Variable retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
+    @api.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_FIELDS)
    def get(self, app_model: App, variable_id: str):
@ -240,6 +283,19 @@ class VariableApi(Resource):
            raise NotFoundError(description=f"variable not found, id={variable_id}")
        return variable

+    @api.doc("update_variable")
+    @api.doc(description="Update a workflow variable")
+    @api.expect(
+        api.model(
+            "UpdateVariableRequest",
+            {
+                "name": fields.String(description="Variable name"),
+                "value": fields.Raw(description="Variable value"),
+            },
+        )
+    )
+    @api.response(200, "Variable updated successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
+    @api.response(404, "Variable not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_FIELDS)
    def patch(self, app_model: App, variable_id: str):
@ -302,6 +358,10 @@ class VariableApi(Resource):
        db.session.commit()
        return variable

+    @api.doc("delete_variable")
+    @api.doc(description="Delete a workflow variable")
+    @api.response(204, "Variable deleted successfully")
+    @api.response(404, "Variable not found")
    @_api_prerequisite
    def delete(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
@ -317,7 +377,14 @@ class VariableApi(Resource):
        return Response("", 204)


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>/reset")
 class VariableResetApi(Resource):
+    @api.doc("reset_variable")
+    @api.doc(description="Reset a workflow variable to its default value")
+    @api.doc(params={"app_id": "Application ID", "variable_id": "Variable ID"})
+    @api.response(200, "Variable reset successfully", _WORKFLOW_DRAFT_VARIABLE_FIELDS)
+    @api.response(204, "Variable reset (no content)")
+    @api.response(404, "Variable not found")
    @_api_prerequisite
    def put(self, app_model: App, variable_id: str):
        draft_var_srv = WorkflowDraftVariableService(
@ -358,7 +425,13 @@ def _get_variable_list(app_model: App, node_id) -> WorkflowDraftVariableList:
    return draft_vars


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/conversation-variables")
 class ConversationVariableCollectionApi(Resource):
+    @api.doc("get_conversation_variables")
+    @api.doc(description="Get conversation variables for workflow")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Conversation variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
+    @api.response(404, "Draft workflow not found")
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App):
@ -374,14 +447,25 @@ class ConversationVariableCollectionApi(Resource):
        return _get_variable_list(app_model, CONVERSATION_VARIABLE_NODE_ID)


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/system-variables")
 class SystemVariableCollectionApi(Resource):
+    @api.doc("get_system_variables")
+    @api.doc(description="Get system variables for workflow")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "System variables retrieved successfully", _WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    @_api_prerequisite
    @marshal_with(_WORKFLOW_DRAFT_VARIABLE_LIST_FIELDS)
    def get(self, app_model: App):
        return _get_variable_list(app_model, SYSTEM_VARIABLE_NODE_ID)


+@console_ns.route("/apps/<uuid:app_id>/workflows/draft/environment-variables")
 class EnvironmentVariableCollectionApi(Resource):
+    @api.doc("get_environment_variables")
+    @api.doc(description="Get environment variables for workflow")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.response(200, "Environment variables retrieved successfully")
+    @api.response(404, "Draft workflow not found")
    @_api_prerequisite
    def get(self, app_model: App):
        """
@ -413,16 +497,3 @@ class EnvironmentVariableCollectionApi(Resource):
            )

        return {"items": env_vars_list}
-
-
-api.add_resource(
-    WorkflowVariableCollectionApi,
-    "/apps/<uuid:app_id>/workflows/draft/variables",
-)
-api.add_resource(NodeVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/variables")
-api.add_resource(VariableApi, "/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>")
-api.add_resource(VariableResetApi, "/apps/<uuid:app_id>/workflows/draft/variables/<uuid:variable_id>/reset")
-
-api.add_resource(ConversationVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/conversation-variables")
-api.add_resource(SystemVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/system-variables")
-api.add_resource(EnvironmentVariableCollectionApi, "/apps/<uuid:app_id>/workflows/draft/environment-variables")
--- a/api/controllers/console/app/workflow_run.py
+++ b/api/controllers/console/app/workflow_run.py
@ -4,7 +4,7 @@ from flask_login import current_user
 from flask_restx import Resource, marshal_with, reqparse
 from flask_restx.inputs import int_range

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from fields.workflow_run_fields import (
@ -19,7 +19,13 @@ from models import Account, App, AppMode, EndUser
 from services.workflow_run_service import WorkflowRunService


+@console_ns.route("/apps/<uuid:app_id>/advanced-chat/workflow-runs")
 class AdvancedChatAppWorkflowRunListApi(Resource):
+    @api.doc("get_advanced_chat_workflow_runs")
+    @api.doc(description="Get advanced chat workflow run list")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"last_id": "Last run ID for pagination", "limit": "Number of items per page (1-100)"})
+    @api.response(200, "Workflow runs retrieved successfully", advanced_chat_workflow_run_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -40,7 +46,13 @@ class AdvancedChatAppWorkflowRunListApi(Resource):
        return result


+@console_ns.route("/apps/<uuid:app_id>/workflow-runs")
 class WorkflowRunListApi(Resource):
+    @api.doc("get_workflow_runs")
+    @api.doc(description="Get workflow run list")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"last_id": "Last run ID for pagination", "limit": "Number of items per page (1-100)"})
+    @api.response(200, "Workflow runs retrieved successfully", workflow_run_pagination_fields)
    @setup_required
    @login_required
    @account_initialization_required
@ -61,7 +73,13 @@ class WorkflowRunListApi(Resource):
        return result


+@console_ns.route("/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>")
 class WorkflowRunDetailApi(Resource):
+    @api.doc("get_workflow_run_detail")
+    @api.doc(description="Get workflow run detail")
+    @api.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
+    @api.response(200, "Workflow run detail retrieved successfully", workflow_run_detail_fields)
+    @api.response(404, "Workflow run not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -79,7 +97,13 @@ class WorkflowRunDetailApi(Resource):
        return workflow_run


+@console_ns.route("/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>/node-executions")
 class WorkflowRunNodeExecutionListApi(Resource):
+    @api.doc("get_workflow_run_node_executions")
+    @api.doc(description="Get workflow run node execution list")
+    @api.doc(params={"app_id": "Application ID", "run_id": "Workflow run ID"})
+    @api.response(200, "Node executions retrieved successfully", workflow_run_node_execution_list_fields)
+    @api.response(404, "Workflow run not found")
    @setup_required
    @login_required
    @account_initialization_required
@ -100,9 +124,3 @@ class WorkflowRunNodeExecutionListApi(Resource):
        )

        return {"data": node_executions}
-
-
-api.add_resource(AdvancedChatAppWorkflowRunListApi, "/apps/<uuid:app_id>/advanced-chat/workflow-runs")
-api.add_resource(WorkflowRunListApi, "/apps/<uuid:app_id>/workflow-runs")
-api.add_resource(WorkflowRunDetailApi, "/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>")
-api.add_resource(WorkflowRunNodeExecutionListApi, "/apps/<uuid:app_id>/workflow-runs/<uuid:run_id>/node-executions")
--- a/api/controllers/console/app/workflow_statistic.py
+++ b/api/controllers/console/app/workflow_statistic.py
@ -7,7 +7,7 @@ from flask import jsonify
 from flask_login import current_user
 from flask_restx import Resource, reqparse

-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required
 from extensions.ext_database import db
@ -17,11 +17,17 @@ from models.enums import WorkflowRunTriggeredFrom
 from models.model import AppMode


+@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/daily-conversations")
 class WorkflowDailyRunsStatistic(Resource):
+    @api.doc("get_workflow_daily_runs_statistic")
+    @api.doc(description="Get workflow daily runs statistics")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
+    @api.response(200, "Daily runs statistics retrieved successfully")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -79,11 +85,17 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/daily-terminals")
 class WorkflowDailyTerminalsStatistic(Resource):
+    @api.doc("get_workflow_daily_terminals_statistic")
+    @api.doc(description="Get workflow daily terminals statistics")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
+    @api.response(200, "Daily terminals statistics retrieved successfully")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -141,11 +153,17 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/token-costs")
 class WorkflowDailyTokenCostStatistic(Resource):
+    @api.doc("get_workflow_daily_token_cost_statistic")
+    @api.doc(description="Get workflow daily token cost statistics")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
+    @api.response(200, "Daily token cost statistics retrieved successfully")
+    @get_app_model
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model
    def get(self, app_model):
        account = current_user

@ -208,7 +226,13 @@ WHERE
        return jsonify({"data": response_data})


+@console_ns.route("/apps/<uuid:app_id>/workflow/statistics/average-app-interactions")
 class WorkflowAverageAppInteractionStatistic(Resource):
+    @api.doc("get_workflow_average_app_interaction_statistic")
+    @api.doc(description="Get workflow average app interaction statistics")
+    @api.doc(params={"app_id": "Application ID"})
+    @api.doc(params={"start": "Start date and time (YYYY-MM-DD HH:MM)", "end": "End date and time (YYYY-MM-DD HH:MM)"})
+    @api.response(200, "Average app interaction statistics retrieved successfully")
    @setup_required
    @login_required
    @account_initialization_required
@ -285,11 +309,3 @@ GROUP BY
                )

        return jsonify({"data": response_data})
-
-
-api.add_resource(WorkflowDailyRunsStatistic, "/apps/<uuid:app_id>/workflow/statistics/daily-conversations")
-api.add_resource(WorkflowDailyTerminalsStatistic, "/apps/<uuid:app_id>/workflow/statistics/daily-terminals")
-api.add_resource(WorkflowDailyTokenCostStatistic, "/apps/<uuid:app_id>/workflow/statistics/token-costs")
-api.add_resource(
-    WorkflowAverageAppInteractionStatistic, "/apps/<uuid:app_id>/workflow/statistics/average-app-interactions"
-)
--- a/api/controllers/console/app/wraps.py
+++ b/api/controllers/console/app/wraps.py
@ -1,6 +1,6 @@
 from collections.abc import Callable
 from functools import wraps
-from typing import Optional, Union
+from typing import ParamSpec, TypeVar, Union

 from controllers.console.app.error import AppNotFoundError
 from extensions.ext_database import db
@ -8,8 +8,11 @@ from libs.login import current_user
 from models import App, AppMode
 from models.account import Account

+P = ParamSpec("P")
+R = TypeVar("R")

-def _load_app_model(app_id: str) -> Optional[App]:
+
+def _load_app_model(app_id: str) -> App | None:
    assert isinstance(current_user, Account)
    app_model = (
        db.session.query(App)
@ -19,10 +22,10 @@ def _load_app_model(app_id: str) -> Optional[App]:
    return app_model


-def get_app_model(view: Optional[Callable] = None, *, mode: Union[AppMode, list[AppMode], None] = None):
-    def decorator(view_func):
+def get_app_model(view: Callable[P, R] | None = None, *, mode: Union[AppMode, list[AppMode], None] = None):
+    def decorator(view_func: Callable[P, R]):
        @wraps(view_func)
-        def decorated_view(*args, **kwargs):
+        def decorated_view(*args: P.args, **kwargs: P.kwargs):
            if not kwargs.get("app_id"):
                raise ValueError("missing app_id in path parameters")

--- a/api/controllers/console/auth/activate.py
+++ b/api/controllers/console/auth/activate.py
@ -1,8 +1,8 @@
 from flask import request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource, fields, reqparse

 from constants.languages import supported_language
-from controllers.console import api
+from controllers.console import api, console_ns
 from controllers.console.error import AlreadyActivateError
 from extensions.ext_database import db
 from libs.datetime_utils import naive_utc_now
@ -10,14 +10,36 @@ from libs.helper import StrLen, email, extract_remote_ip, timezone
 from models.account import AccountStatus
 from services.account_service import AccountService, RegisterService

+active_check_parser = reqparse.RequestParser()
+active_check_parser.add_argument(
+    "workspace_id", type=str, required=False, nullable=True, location="args", help="Workspace ID"
+)
+active_check_parser.add_argument(
+    "email", type=email, required=False, nullable=True, location="args", help="Email address"
+)
+active_check_parser.add_argument(
+    "token", type=str, required=True, nullable=False, location="args", help="Activation token"
+)

+
+@console_ns.route("/activate/check")
 class ActivateCheckApi(Resource):
+    @api.doc("check_activation_token")
+    @api.doc(description="Check if activation token is valid")
+    @api.expect(active_check_parser)
+    @api.response(
+        200,
+        "Success",
+        api.model(
+            "ActivationCheckResponse",
+            {
+                "is_valid": fields.Boolean(description="Whether token is valid"),
+                "data": fields.Raw(description="Activation data if valid"),
+            },
+        ),
+    )
    def get(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="args")
-        parser.add_argument("email", type=email, required=False, nullable=True, location="args")
-        parser.add_argument("token", type=str, required=True, nullable=False, location="args")
-        args = parser.parse_args()
+        args = active_check_parser.parse_args()

        workspaceId = args["workspace_id"]
        reg_email = args["email"]
@ -38,18 +60,36 @@ class ActivateCheckApi(Resource):
            return {"is_valid": False}


+active_parser = reqparse.RequestParser()
+active_parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="json")
+active_parser.add_argument("email", type=email, required=False, nullable=True, location="json")
+active_parser.add_argument("token", type=str, required=True, nullable=False, location="json")
+active_parser.add_argument("name", type=StrLen(30), required=True, nullable=False, location="json")
+active_parser.add_argument(
+    "interface_language", type=supported_language, required=True, nullable=False, location="json"
+)
+active_parser.add_argument("timezone", type=timezone, required=True, nullable=False, location="json")
+
+
+@console_ns.route("/activate")
 class ActivateApi(Resource):
+    @api.doc("activate_account")
+    @api.doc(description="Activate account with invitation token")
+    @api.expect(active_parser)
+    @api.response(
+        200,
+        "Account activated successfully",
+        api.model(
+            "ActivationResponse",
+            {
+                "result": fields.String(description="Operation result"),
+                "data": fields.Raw(description="Login token data"),
+            },
+        ),
+    )
+    @api.response(400, "Already activated or invalid token")
    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="json")
-        parser.add_argument("email", type=email, required=False, nullable=True, location="json")
-        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
-        parser.add_argument("name", type=StrLen(30), required=True, nullable=False, location="json")
-        parser.add_argument(
-            "interface_language", type=supported_language, required=True, nullable=False, location="json"
-        )
-        parser.add_argument("timezone", type=timezone, required=True, nullable=False, location="json")
-        args = parser.parse_args()
+        args = active_parser.parse_args()

        invitation = RegisterService.get_invitation_if_token_valid(args["workspace_id"], args["email"], args["token"])
        if invitation is None:
@ -70,7 +110,3 @@ class ActivateApi(Resource):
        token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))

        return {"result": "success", "data": token_pair.model_dump()}
-
-
-api.add_resource(ActivateCheckApi, "/activate/check")
-api.add_resource(ActivateApi, "/activate")
--- a/api/controllers/console/auth/data_source_bearer_auth.py
+++ b/api/controllers/console/auth/data_source_bearer_auth.py
@ -2,7 +2,7 @@ from flask_login import current_user
 from flask_restx import Resource, reqparse
 from werkzeug.exceptions import Forbidden

-from controllers.console import api
+from controllers.console import console_ns
 from controllers.console.auth.error import ApiKeyAuthFailedError
 from libs.login import login_required
 from services.auth.api_key_auth_service import ApiKeyAuthService
@ -10,6 +10,7 @@ from services.auth.api_key_auth_service import ApiKeyAuthService
 from ..wraps import account_initialization_required, setup_required


+@console_ns.route("/api-key-auth/data-source")
 class ApiKeyAuthDataSource(Resource):
    @setup_required
    @login_required
@ -33,6 +34,7 @@ class ApiKeyAuthDataSource(Resource):
        return {"sources": []}


+@console_ns.route("/api-key-auth/data-source/binding")
 class ApiKeyAuthDataSourceBinding(Resource):
    @setup_required
    @login_required
@ -54,6 +56,7 @@ class ApiKeyAuthDataSourceBinding(Resource):
        return {"result": "success"}, 200


+@console_ns.route("/api-key-auth/data-source/<uuid:binding_id>")
 class ApiKeyAuthDataSourceBindingDelete(Resource):
    @setup_required
    @login_required
@ -66,8 +69,3 @@ class ApiKeyAuthDataSourceBindingDelete(Resource):
        ApiKeyAuthService.delete_provider_auth(current_user.current_tenant_id, binding_id)

        return {"result": "success"}, 204
-
-
-api.add_resource(ApiKeyAuthDataSource, "/api-key-auth/data-source")
-api.add_resource(ApiKeyAuthDataSourceBinding, "/api-key-auth/data-source/binding")
-api.add_resource(ApiKeyAuthDataSourceBindingDelete, "/api-key-auth/data-source/<uuid:binding_id>")
--- a/Show More
+++ b/Show More