chore: exclude api and dify-agent from fmt

style: apply vp fmt baseline
chore: align fmt and lint boundaries
2026-06-16 21:06:20 +08:00 · 2026-06-15 18:02:36 +08:00 · 2026-06-15 17:51:17 +08:00 · 2026-06-15 17:51:16 +08:00 · 2026-06-15 09:29:53 +00:00 · 2026-06-15 17:24:49 +08:00
6472 changed files with 207377 additions and 210793 deletions
--- a/.agents/skills/backend-code-review/SKILL.md
+++ b/.agents/skills/backend-code-review/SKILL.md
@ -28,6 +28,7 @@ Follow these steps when using this skill:
 3. Compose the final output strictly follow the **Required Output Format**.

 Notes when using this skill:
+
 - Always include actionable fixes or suggestions (including possible code snippets).
 - Use best-effort `File:Line` references when a file path and line numbers are available; otherwise, use the most specific identifier you can.

@ -43,6 +44,7 @@ Notes when using this skill:
 ### 1. Security Review

 Check for:
+
 - SQL injection vulnerabilities
 - Server-Side Request Forgery (SSRF)
 - Command injection
@ -54,6 +56,7 @@ Check for:
 ### 2. Performance Review

 Check for:
+
 - N+1 queries
 - Missing database indexes
 - Memory leaks
@ -63,6 +66,7 @@ Check for:
 ### 3. Code Quality Review

 Check for:
+
 - Code forward compatibility
 - Code duplication (DRY violations)
 - Functions doing too much (SRP violations)
@ -75,6 +79,7 @@ Check for:
 ### 4. Testing Review

 Check for:
+
 - Missing test coverage for new code
 - Tests that don't test behavior
 - Flaky test patterns
@ -108,6 +113,7 @@ FilePath: <path> line <line>
 2. <code example> (optional, omit if not applicable)

 ---
+
 ... (repeat for each critical issue) ...

 Found <Y> suggestions for improvement:
@ -129,11 +135,13 @@ FilePath: <path> line <line>
 2. <code example> (optional, omit if not applicable)

 ---
+
 ... (repeat for each suggestion) ...

 Found <Z> optional nits:

 ## 🟢 Nits (Optional)
+
 ### 1. <brief description of the nit>

 FilePath: <path> line <line>
@ -148,6 +156,7 @@ FilePath: <path> line <line>
 - <minor suggestions>

 ---
+
 ... (repeat for each nits) ...

 ## ✅ What's Good
@ -164,5 +173,6 @@ FilePath: <path> line <line>

 ```markdown
 ## Code Review Summary
+
 ✅ No issues found.
-```
+```
--- a/.agents/skills/backend-code-review/references/architecture-rule.md
+++ b/.agents/skills/backend-code-review/references/architecture-rule.md
@ -1,11 +1,13 @@
 # Rule Catalog — Architecture

 ## Scope
+
 - Covers: controller/service/core-domain/libs/model layering, dependency direction, responsibility placement, observability-friendly flow.

 ## Rules

 ### Keep business logic out of controllers
+
 - Category: maintainability
 - Severity: critical
 - Description: Controllers should parse input, call services, and return serialized responses. Business decisions inside controllers make behavior hard to reuse and test.
@ -33,12 +35,14 @@
    ```

 ### Preserve layer dependency direction
+
 - Category: best practices
 - Severity: critical
 - Description: Controllers may depend on services, and services may depend on core/domain abstractions. Reversing this direction (for example, core importing controller/web modules) creates cycles and leaks transport concerns into domain code.
 - Suggested fix: Extract shared contracts into core/domain or service-level modules and make upper layers depend on lower, not the reverse.
 - Example:
  - Bad:
+
    ```python
    # core/policy/publish_policy.py
    from controllers.console.app import request_context
@ -46,7 +50,9 @@
    def can_publish() -> bool:
        return request_context.current_user.is_admin
    ```
+
  - Good:
+
    ```python
    # core/policy/publish_policy.py
    def can_publish(role: str) -> bool:
@ -57,6 +63,7 @@
    ```

 ### Keep libs business-agnostic
+
 - Category: maintainability
 - Severity: critical
 - Description: Modules under `api/libs/` should remain reusable, business-agnostic building blocks. They must not encode product/domain-specific rules, workflow orchestration, or business decisions.
@ -65,6 +72,7 @@
  - Keep `libs` dependencies clean: avoid importing service/controller/domain-specific modules into `api/libs/`.
 - Example:
  - Bad:
+
    ```python
    # api/libs/conversation_filter.py
    from services.conversation_service import ConversationService
@ -76,7 +84,9 @@
            return conversation.idle_days > 90
        return conversation.idle_days > 30
    ```
+
  - Good:
+
    ```python
    # api/libs/datetime_utils.py (business-agnostic helper)
    def older_than_days(idle_days: int, threshold_days: int) -> bool:
@ -88,4 +98,4 @@
    def should_archive_conversation(conversation, tenant_id: str) -> bool:
        threshold_days = 90 if has_paid_plan(tenant_id) else 30
        return older_than_days(conversation.idle_days, threshold_days)
-    ```
+    ```
--- a/.agents/skills/backend-code-review/references/db-schema-rule.md
+++ b/.agents/skills/backend-code-review/references/db-schema-rule.md
@ -1,12 +1,14 @@
 # Rule Catalog — DB Schema Design

 ## Scope
+
 - Covers: model/base inheritance, schema boundaries in model properties, tenant-aware schema design, index redundancy checks, dialect portability in models, and cross-database compatibility in migrations.
 - Does NOT cover: session lifecycle, transaction boundaries, and query execution patterns (handled by `sqlalchemy-rule.md`).

 ## Rules

 ### Do not query other tables inside `@property`
+
 - Category: [maintainability, performance]
 - Severity: critical
 - Description: A model `@property` must not open sessions or query other tables. This hides dependencies across models, tightly couples schema objects to data access, and can cause N+1 query explosions when iterating collections.
@ -16,6 +18,7 @@
  - For list/batch reads, fetch required related data explicitly (join/preload/bulk query) before rendering derived values.
 - Example:
  - Bad:
+
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
@ -26,7 +29,9 @@
                app = session.execute(select(App).where(App.id == self.app_id)).scalar_one()
                return app.name
    ```
+
  - Good:
+
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
@ -40,6 +45,7 @@
    ```

 ### Prefer including `tenant_id` in model definitions
+
 - Category: maintainability
 - Severity: suggestion
 - Description: In multi-tenant domains, include `tenant_id` in schema definitions whenever the entity belongs to tenant-owned data. This improves data isolation safety and keeps future partitioning/sharding strategies practical as data volume grows.
@ -49,6 +55,7 @@
  - Exception: if a table is explicitly designed as non-tenant-scoped global metadata, document that design decision clearly.
 - Example:
  - Bad:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -57,7 +64,9 @@
        id: Mapped[str] = mapped_column(StringUUID, primary_key=True)
        name: Mapped[str] = mapped_column(sa.String(255), nullable=False)
    ```
+
  - Good:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -69,6 +78,7 @@
    ```

 ### Detect and avoid duplicate/redundant indexes
+
 - Category: performance
 - Severity: suggestion
 - Description: Review index definitions for leftmost-prefix redundancy. For example, index `(a, b, c)` can safely cover most lookups for `(a, b)`. Keeping both may increase write overhead and can mislead the optimizer into suboptimal execution plans.
@ -93,6 +103,7 @@
    ```

 ### Avoid PostgreSQL-only dialect usage in models; wrap in `models.types`
+
 - Category: maintainability
 - Severity: critical
 - Description: Model/schema definitions should avoid PostgreSQL-only constructs directly in business models. When database-specific behavior is required, encapsulate it in `api/models/types.py` using both PostgreSQL and MySQL dialect implementations, then consume that abstraction from model code.
@ -101,6 +112,7 @@
  - Add or extend wrappers in `models.types` (for example, `AdjustedJSON`, `LongText`, `BinaryData`) to normalize behavior across PostgreSQL and MySQL.
 - Example:
  - Bad:
+
    ```python
    from sqlalchemy.dialects.postgresql import JSONB
    from sqlalchemy.orm import Mapped
@ -109,7 +121,9 @@
        __tablename__ = "tool_configs"
        config: Mapped[dict] = mapped_column(JSONB, nullable=False)
    ```
+
  - Good:
+
    ```python
    from sqlalchemy.orm import Mapped

@ -121,6 +135,7 @@
    ```

 ### Guard migration incompatibilities with dialect checks and shared types
+
 - Category: maintainability
 - Severity: critical
 - Description: Migration scripts under `api/migrations/versions/` must account for PostgreSQL/MySQL incompatibilities explicitly. For dialect-sensitive DDL or defaults, branch on the active dialect (for example, `conn.dialect.name == "postgresql"`), and prefer reusable compatibility abstractions from `models.types` where applicable.
@ -142,6 +157,7 @@
        )
    ```
  - Good:
+
    ```python
    def _is_pg(conn) -> bool:
        return conn.dialect.name == "postgresql"
--- a/.agents/skills/backend-code-review/references/repositories-rule.md
+++ b/.agents/skills/backend-code-review/references/repositories-rule.md
@ -1,17 +1,19 @@
 # Rule Catalog - Repositories Abstraction

 ## Scope
+
 - Covers: when to reuse existing repository abstractions, when to introduce new repositories, and how to preserve dependency direction between service/core and infrastructure implementations.
 - Does NOT cover: SQLAlchemy session lifecycle and query-shape specifics (handled by `sqlalchemy-rule.md`), and table schema/migration design (handled by `db-schema-rule.md`).

 ## Rules

 ### Introduce repositories abstraction
+
 - Category: maintainability
 - Severity: suggestion
 - Description: If a table/model already has a repository abstraction, all reads/writes/queries for that table should use the existing repository. If no repository exists, introduce one only when complexity justifies it, such as large/high-volume tables, repeated complex query logic, or likely storage-strategy variation.
 - Suggested fix:
-  - First check  `api/repositories`, `api/core/repositories`, and `api/extensions/*/repositories/` to verify whether the table/model already has a repository abstraction. If it exists, route all operations through it and add missing repository methods instead of bypassing it with ad-hoc SQLAlchemy access.
+  - First check `api/repositories`, `api/core/repositories`, and `api/extensions/*/repositories/` to verify whether the table/model already has a repository abstraction. If it exists, route all operations through it and add missing repository methods instead of bypassing it with ad-hoc SQLAlchemy access.
  - If no repository exists, add one only when complexity warrants it (for example, repeated complex queries, large data domains, or multiple storage strategies), while preserving dependency direction (service/core depends on abstraction; infra provides implementation).
 - Example:
  - Bad:
@ -26,6 +28,7 @@
            self.session.commit()
    ```
  - Good:
+
    ```python
    # Case A: Existing repository must be reused for all table operations.
    class AppService:
@ -37,6 +40,7 @@
    # If the query is missing, extend the existing abstraction.
    active_apps = self.app_repo.list_active_for_tenant(tenant_id=tenant_id)
    ```
+
  - Bad:
    ```python
    # No repository exists, but large-domain query logic is scattered in service code.
@ -46,6 +50,7 @@
            # many filters/joins/pagination variants duplicated across services
    ```
  - Good:
+
    ```python
    # Case B: Introduce repository for large/complex domains or storage variation.
    class ConversationRepository(Protocol):
--- a/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
+++ b/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
@ -1,12 +1,14 @@
 # Rule Catalog — SQLAlchemy Patterns

 ## Scope
+
 - Covers: SQLAlchemy session and transaction lifecycle, query construction, tenant scoping, raw SQL boundaries, and write-path concurrency safeguards.
 - Does NOT cover: table/model schema and migration design details (handled by `db-schema-rule.md`).

 ## Rules

 ### Use Session context manager with explicit transaction control behavior
+
 - Category: best practices
 - Severity: critical
 - Description: Session and transaction lifecycle must be explicit and bounded on write paths. Missing commits can silently drop intended updates, while ad-hoc or long-lived transactions increase contention, lock duration, and deadlock risk.
@ -16,6 +18,7 @@
  - Keep transaction windows short: avoid network I/O, heavy computation, or unrelated work inside the transaction.
 - Example:
  - Bad:
+
    ```python
    # Missing commit: write may never be persisted.
    with Session(db.engine, expire_on_commit=False) as session:
@ -28,7 +31,9 @@
        run.status = "cancelled"
        call_external_api()
    ```
+
  - Good:
+
    ```python
    # Option 1: explicit commit.
    with Session(db.engine, expire_on_commit=False) as session:
@ -46,6 +51,7 @@
    ```

 ### Enforce tenant_id scoping on shared-resource queries
+
 - Category: security
 - Severity: critical
 - Description: Reads and writes against shared tables must be scoped by `tenant_id` to prevent cross-tenant data leakage or corruption.
@ -66,6 +72,7 @@
    ```

 ### Prefer SQLAlchemy expressions over raw SQL by default
+
 - Category: maintainability
 - Severity: suggestion
 - Description: Raw SQL should be exceptional. ORM/Core expressions are easier to evolve, safer to compose, and more consistent with the codebase.
@ -88,6 +95,7 @@
    ```

 ### Protect write paths with concurrency safeguards
+
 - Category: quality
 - Severity: critical
 - Description: Multi-writer paths without explicit concurrency control can silently overwrite data. Choose the safeguard based on contention level, lock scope, and throughput cost instead of defaulting to one strategy.
@ -104,6 +112,7 @@
    session.commit()  # silently overwrites concurrent updates
    ```
  - Good:
+
    ```python
    # 1) Optimistic lock (low contention, retry on conflict)
    result = session.execute(
@ -136,4 +145,4 @@
    ).scalar_one()
    run.status = "cancelled"
    session.commit()
-    ```
+    ```
--- a/.agents/skills/component-refactoring/SKILL.md
+++ b/.agents/skills/component-refactoring/SKILL.md
@ -46,12 +46,12 @@ pnpm analyze-component <path> --json

 ### Complexity Score Interpretation

-| Score | Level | Action |
-|-------|-------|--------|
-| 0-25 | 🟢 Simple | Ready for testing |
-| 26-50 | 🟡 Medium | Consider minor refactoring |
-| 51-75 | 🟠 Complex | **Refactor before testing** |
-| 76-100 | 🔴 Very Complex | **Must refactor** |
+| Score  | Level           | Action                      |
+| ------ | --------------- | --------------------------- |
+| 0-25   | 🟢 Simple       | Ready for testing           |
+| 26-50  | 🟡 Medium       | Consider minor refactoring  |
+| 51-75  | 🟠 Complex      | **Refactor before testing** |
+| 76-100 | 🔴 Very Complex | **Must refactor**           |

 ## Core Refactoring Patterns

@ -67,9 +67,9 @@ function Configuration() {
  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
  const [datasetConfigs, setDatasetConfigs] = useState<DatasetConfigs>(...)
  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
+
  // 50+ lines of state management logic...
-  
+
  return <div>...</div>
 }

@ -78,9 +78,9 @@ function Configuration() {
 export const useModelConfig = (appId: string) => {
  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
+
  // Related state management logic here
-  
+
  return { modelConfig, setModelConfig, completionParams, setCompletionParams }
 }

@ -92,6 +92,7 @@ function Configuration() {
 ```

 **Dify Examples**:
+
 - `web/app/components/app/configuration/hooks/use-advanced-prompt-config.ts`
 - `web/app/components/app/configuration/debug/hooks.tsx`
 - `web/app/components/workflow/hooks/use-workflow.ts`
@ -123,7 +124,7 @@ const AppInfo = () => {

 const AppInfo = () => {
  const { showModal, setShowModal } = useAppInfoModals()
-  
+
  return (
    <div>
      <AppHeader appDetail={appDetail} />
@ -135,6 +136,7 @@ const AppInfo = () => {
 ```

 **Dify Examples**:
+
 - `web/app/components/app/configuration/` directory structure
 - `web/app/components/workflow/nodes/` per-node organization

@ -177,7 +179,7 @@ const TEMPLATE_MAP = {
 const Template = useMemo(() => {
  const modeTemplates = TEMPLATE_MAP[appDetail?.mode]
  if (!modeTemplates) return null
-  
+
  const TemplateComponent = modeTemplates[locale] || modeTemplates.default
  return <TemplateComponent appDetail={appDetail} />
 }, [appDetail, locale])
@ -188,11 +190,13 @@ const Template = useMemo(() => {
 **When**: Component directly handles API calls, data transformation, or complex async operations.

 **Dify Convention**:
+
 - This skill is for component decomposition, not query/mutation design.
 - Do not introduce deprecated `useInvalid` / `useReset`.
 - Do not add thin passthrough `useQuery` wrappers during refactoring; only extract a custom hook when it truly orchestrates multiple queries/mutations or shared derived state.

 **Dify Examples**:
+
 - `web/service/use-workflow.ts`
 - `web/service/use-common.ts`
 - `web/service/knowledge/use-dataset.ts`
@ -220,10 +224,10 @@ type ModalType = 'edit' | 'duplicate' | 'delete' | 'switch' | 'import' | null

 const useAppInfoModals = () => {
  const [activeModal, setActiveModal] = useState<ModalType>(null)
-  
+
  const openModal = useCallback((type: ModalType) => setActiveModal(type), [])
  const closeModal = useCallback(() => setActiveModal(null), [])
-  
+
  return {
    activeModal,
    openModal,
@ -248,7 +252,7 @@ const ConfigForm = () => {
    defaultValues: { name: '', description: '' },
    onSubmit: handleSubmit,
  })
-  
+
  return <form.Provider>...</form.Provider>
 }
 ```
@ -285,6 +289,7 @@ return <ConfigContext.Provider value={value}>...</ConfigContext.Provider>
 **When**: Refactoring workflow node components (`web/app/components/workflow/nodes/`).

 **Conventions**:
+
 - Keep node logic in `use-interactions.ts`
 - Extract panel UI to separate files
 - Use `_base` components for common patterns
@ -303,6 +308,7 @@ nodes/<node-type>/
 **When**: Refactoring app configuration components.

 **Conventions**:
+
 - Separate config sections into subdirectories
 - Use existing patterns from `web/app/components/app/configuration/`
 - Keep feature toggles in dedicated components
@ -312,6 +318,7 @@ nodes/<node-type>/
 **When**: Refactoring tool-related components (`web/app/components/tools/`).

 **Conventions**:
+
 - Follow existing modal patterns
 - Use service hooks from `web/service/use-tools.ts`
 - Keep provider-specific logic isolated
@ -325,6 +332,7 @@ pnpm refactor-component <path>
 ```

 This command will:
+
 - Analyze component complexity and features
 - Identify specific refactoring actions needed
 - Generate a prompt for AI assistant (auto-copied to clipboard on macOS)
@ -337,6 +345,7 @@ pnpm analyze-component <path> --json
 ```

 Identify:
+
 - Total complexity score
 - Max function complexity
 - Line count
@ -346,13 +355,13 @@ Identify:

 Create a refactoring plan based on detected features:

-| Detected Feature | Refactoring Action |
-|------------------|-------------------|
-| `hasState: true` + `hasEffects: true` | Extract custom hook |
-| `hasAPI: true` | Extract data/service hook |
-| `hasEvents: true` (many) | Extract event handlers |
-| `lineCount > 300` | Split into sub-components |
-| `maxComplexity > 50` | Simplify conditional logic |
+| Detected Feature                      | Refactoring Action         |
+| ------------------------------------- | -------------------------- |
+| `hasState: true` + `hasEffects: true` | Extract custom hook        |
+| `hasAPI: true`                        | Extract data/service hook  |
+| `hasEvents: true` (many)              | Extract event handlers     |
+| `lineCount > 300`                     | Split into sub-components  |
+| `maxComplexity > 50`                  | Simplify conditional logic |

 ### Step 4: Execute Incrementally

--- a/.agents/skills/component-refactoring/references/complexity-patterns.md
+++ b/.agents/skills/component-refactoring/references/complexity-patterns.md
@ -13,16 +13,16 @@ The `pnpm analyze-component` tool uses SonarJS cognitive complexity metrics:

 ### What Increases Complexity

-| Pattern | Complexity Impact |
-|---------|-------------------|
-| `if/else` | +1 per branch |
-| Nested conditions | +1 per nesting level |
-| `switch/case` | +1 per case |
-| `for/while/do` | +1 per loop |
-| `&&`/`||` chains | +1 per operator |
-| Nested callbacks | +1 per nesting level |
-| `try/catch` | +1 per catch |
-| Ternary expressions | +1 per nesting |
+| Pattern             | Complexity Impact    |
+| ------------------- | -------------------- | -------- | --------------- |
+| `if/else`           | +1 per branch        |
+| Nested conditions   | +1 per nesting level |
+| `switch/case`       | +1 per case          |
+| `for/while/do`      | +1 per loop          |
+| `&&`/`              |                      | ` chains | +1 per operator |
+| Nested callbacks    | +1 per nesting level |
+| `try/catch`         | +1 per catch         |
+| Ternary expressions | +1 per nesting       |

 ## Pattern 1: Replace Conditionals with Lookup Tables

@ -85,10 +85,10 @@ const TEMPLATE_MAP: Record<AppModeEnum, Record<string, ComponentType<TemplatePro
 // Clean component logic
 const Template = useMemo(() => {
  if (!appDetail?.mode) return null
-  
+
  const templates = TEMPLATE_MAP[appDetail.mode]
  if (!templates) return null
-  
+
  const TemplateComponent = templates[locale] ?? templates.default
  return <TemplateComponent appDetail={appDetail} />
 }, [appDetail, locale])
@ -124,17 +124,17 @@ const handleSubmit = () => {
    showValidationError()
    return
  }
-  
+
  if (!hasChanges) {
    showNoChangesMessage()
    return
  }
-  
+
  if (!isConnected) {
    showConnectionError()
    return
  }
-  
+
  submitData()
 }
 ```
@ -146,12 +146,10 @@ const handleSubmit = () => {
 ```typescript
 const canPublish = (() => {
  if (mode !== AppModeEnum.COMPLETION) {
-    if (!isAdvancedMode)
-      return true
+    if (!isAdvancedMode) return true

    if (modelModeType === ModelModeType.completion) {
-      if (!hasSetBlockStatus.history || !hasSetBlockStatus.query)
-        return false
+      if (!hasSetBlockStatus.history || !hasSetBlockStatus.query) return false
      return true
    }
    return true
@ -173,9 +171,8 @@ const canPublishInChatMode = () => {
 }

 // Clean main logic
-const canPublish = mode === AppModeEnum.COMPLETION
-  ? canPublishInCompletionMode()
-  : canPublishInChatMode()
+const canPublish =
+  mode === AppModeEnum.COMPLETION ? canPublishInCompletionMode() : canPublishInChatMode()
 ```

 ## Pattern 4: Replace Chained Ternaries
@ -232,7 +229,7 @@ const statusText = t(STATUS_TEXT_MAP[getStatusKey()])
 ```typescript
 const processData = (items: Item[]) => {
  const results: ProcessedItem[] = []
-  
+
  for (const item of items) {
    if (item.isValid) {
      for (const child of item.children) {
@ -250,7 +247,7 @@ const processData = (items: Item[]) => {
      }
    }
  }
-  
+
  return results
 }
 ```
@ -261,19 +258,19 @@ const processData = (items: Item[]) => {
 // Use functional approach
 const processData = (items: Item[]) => {
  return items
-    .filter(item => item.isValid)
-    .flatMap(item =>
+    .filter((item) => item.isValid)
+    .flatMap((item) =>
      item.children
-        .filter(child => child.isActive)
-        .flatMap(child =>
+        .filter((child) => child.isActive)
+        .flatMap((child) =>
          child.properties
-            .filter(prop => prop.value !== null)
-            .map(prop => ({
+            .filter((prop) => prop.value !== null)
+            .map((prop) => ({
              itemId: item.id,
              childId: child.id,
              propValue: prop.value,
-            }))
-        )
+            })),
+        ),
    )
 }
 ```
@ -309,10 +306,10 @@ const Component = () => {
      setDataSets(data)
    }
    hideSelectDataSet()
-    
+
    // 40 more lines of logic...
  }
-  
+
  return <div>...</div>
 }
 ```
@ -325,7 +322,7 @@ const useDatasetSelection = (dataSets: DataSet[], setDataSets: SetState<DataSet[
  const normalizeSelection = (data: DataSet[]) => {
    const hasUnloadedItem = data.some(item => !item.name)
    if (!hasUnloadedItem) return data
-    
+
    return produce(data, (draft) => {
      data.forEach((item, index) => {
        if (!item.name) {
@ -335,33 +332,33 @@ const useDatasetSelection = (dataSets: DataSet[], setDataSets: SetState<DataSet[
      })
    })
  }
-  
+
  const hasSelectionChanged = (newData: DataSet[]) => {
    return !isEqual(
      newData.map(item => item.id),
      dataSets.map(item => item.id)
    )
  }
-  
+
  return { normalizeSelection, hasSelectionChanged }
 }

 // Component becomes cleaner
 const Component = () => {
  const { normalizeSelection, hasSelectionChanged } = useDatasetSelection(dataSets, setDataSets)
-  
+
  const handleSelect = (data: DataSet[]) => {
    if (!hasSelectionChanged(data)) {
      hideSelectDataSet()
      return
    }
-    
+
    formattingChangedDispatcher()
    const normalized = normalizeSelection(data)
    setDataSets(normalized)
    hideSelectDataSet()
  }
-  
+
  return <div>...</div>
 }
 ```
@ -371,12 +368,13 @@ const Component = () => {
 **Before** (complexity: ~8):

 ```typescript
-const toggleDisabled = hasInsufficientPermissions
-  || appUnpublished
-  || missingStartNode
-  || triggerModeDisabled
-  || (isAdvancedApp && !currentWorkflow?.graph)
-  || (isBasicApp && !basicAppConfig.updated_at)
+const toggleDisabled =
+  hasInsufficientPermissions ||
+  appUnpublished ||
+  missingStartNode ||
+  triggerModeDisabled ||
+  (isAdvancedApp && !currentWorkflow?.graph) ||
+  (isBasicApp && !basicAppConfig.updated_at)
 ```

 **After** (complexity: ~3):
@ -425,8 +423,7 @@ const payload = useMemo(() => {
      description: '',
      type: item.value_type,
    }))
-  }
-  else if (detail && detail.tool) {
+  } else if (detail && detail.tool) {
    parameters = (inputs || []).map((item) => ({
      // Complex transformation...
    }))
@ -434,7 +431,7 @@ const payload = useMemo(() => {
      // Complex transformation...
    }))
  }
-  
+
  return {
    icon: detail?.icon || icon,
    label: detail?.label || name,
@ -450,7 +447,7 @@ const payload = useMemo(() => {
 const useParameterTransform = (inputs: InputVar[], detail?: ToolDetail, published?: boolean) => {
  return useMemo(() => {
    if (!published) {
-      return inputs.map(item => ({
+      return inputs.map((item) => ({
        name: item.variable,
        description: '',
        form: 'llm',
@ -458,15 +455,16 @@ const useParameterTransform = (inputs: InputVar[], detail?: ToolDetail, publishe
        type: item.type,
      }))
    }
-    
+
    if (!detail?.tool) return []
-    
-    return inputs.map(item => ({
+
+    return inputs.map((item) => ({
      name: item.variable,
      required: item.required,
      type: item.type === 'paragraph' ? 'string' : item.type,
-      description: detail.tool.parameters.find(p => p.name === item.variable)?.llm_description || '',
-      form: detail.tool.parameters.find(p => p.name === item.variable)?.form || 'llm',
+      description:
+        detail.tool.parameters.find((p) => p.name === item.variable)?.llm_description || '',
+      form: detail.tool.parameters.find((p) => p.name === item.variable)?.form || 'llm',
    }))
  }, [inputs, detail, published])
 }
@ -475,21 +473,24 @@ const useParameterTransform = (inputs: InputVar[], detail?: ToolDetail, publishe
 const parameters = useParameterTransform(inputs, detail, published)
 const outputParameters = useOutputTransform(outputs, detail, published)

-const payload = useMemo(() => ({
-  icon: detail?.icon || icon,
-  label: detail?.label || name,
-  parameters,
-  outputParameters,
-  // ...
-}), [detail, icon, name, parameters, outputParameters])
+const payload = useMemo(
+  () => ({
+    icon: detail?.icon || icon,
+    label: detail?.label || name,
+    parameters,
+    outputParameters,
+    // ...
+  }),
+  [detail, icon, name, parameters, outputParameters],
+)
 ```

 ## Target Metrics After Refactoring

-| Metric | Target |
-|--------|--------|
-| Total Complexity | < 50 |
-| Max Function Complexity | < 30 |
-| Function Length | < 30 lines |
-| Nesting Depth | ≤ 3 levels |
-| Conditional Chains | ≤ 3 conditions |
+| Metric                  | Target         |
+| ----------------------- | -------------- |
+| Total Complexity        | < 50           |
+| Max Function Complexity | < 30           |
+| Function Length         | < 30 lines     |
+| Nesting Depth           | ≤ 3 levels     |
+| Conditional Chains      | ≤ 3 conditions |
--- a/.agents/skills/component-refactoring/references/component-splitting.md
+++ b/.agents/skills/component-refactoring/references/component-splitting.md
@ -32,17 +32,17 @@ const ConfigurationPage = () => {
          <AppPublisher ... />
        </div>
      </div>
-      
+
      {/* Config Section - 200 lines */}
      <div className="config">
        <Config />
      </div>
-      
+
      {/* Debug Section - 150 lines */}
      <div className="debug">
        <Debug ... />
      </div>
-      
+
      {/* Modals Section - 100 lines */}
      {showSelectDataSet && <SelectDataSet ... />}
      {showHistoryModal && <EditHistoryModal ... />}
@ -70,7 +70,7 @@ function ConfigurationHeader({
  onPublish,
 }: ConfigurationHeaderProps) {
  const { t } = useTranslation()
-  
+
  return (
    <div className="header">
      <h1>{t('configuration.title')}</h1>
@ -87,7 +87,7 @@ function ConfigurationHeader({
 const ConfigurationPage = () => {
  const { modelConfig, setModelConfig } = useModelConfig()
  const { activeModal, openModal, closeModal } = useModalState()
-  
+
  return (
    <div>
      <ConfigurationHeader
@ -175,15 +175,15 @@ const AppInfo = () => {
  const [showDuplicate, setShowDuplicate] = useState(false)
  const [showDelete, setShowDelete] = useState(false)
  const [showSwitch, setShowSwitch] = useState(false)
-  
+
  const onEdit = async (data) => { /* 20 lines */ }
  const onDuplicate = async (data) => { /* 20 lines */ }
  const onDelete = async () => { /* 15 lines */ }
-  
+
  return (
    <div>
      {/* Main content */}
-      
+
      {showEdit && <EditModal onConfirm={onEdit} onClose={() => setShowEdit(false)} />}
      {showDuplicate && <DuplicateModal onConfirm={onDuplicate} onClose={() => setShowDuplicate(false)} />}
      {showDelete && <DeleteConfirm onConfirm={onDelete} onClose={() => setShowDelete(false)} />}
@ -248,12 +248,12 @@ function AppInfoModals({
 // Parent component
 const AppInfo = () => {
  const { activeModal, openModal, closeModal } = useModalState()
-  
+
  return (
    <div>
      {/* Main content with openModal triggers */}
      <Button onClick={() => openModal('edit')}>Edit</Button>
-      
+
      <AppInfoModals
        appDetail={appDetail}
        activeModal={activeModal}
@ -418,7 +418,7 @@ Use callbacks for child-to-parent communication:
 // Parent
 const Parent = () => {
  const [value, setValue] = useState('')
-  
+
  return (
    <Child
      value={value}
@ -460,7 +460,7 @@ function List<T>({ items, renderItem, renderEmpty }: ListProps<T>) {
  if (items.length === 0 && renderEmpty) {
    return <>{renderEmpty()}</>
  }
-  
+
  return (
    <div>
      {items.map((item, index) => renderItem(item, index))}
--- a/.agents/skills/component-refactoring/references/hook-extraction.md
+++ b/.agents/skills/component-refactoring/references/hook-extraction.md
@ -81,9 +81,9 @@ export const useModelConfig = ({
    // ... default values
    ...initialConfig,
  })
-  
+
  const [completionParams, setCompletionParams] = useState<FormValue>({})
-  
+
  const modelModeType = modelConfig.mode

  // Fill old app data missing model mode
@ -91,9 +91,11 @@ export const useModelConfig = ({
    if (hasFetchedDetail && !modelModeType) {
      const mode = currModel?.model_properties?.mode
      if (mode) {
-        setModelConfig(produce(modelConfig, (draft) => {
-          draft.mode = mode
-        }))
+        setModelConfig(
+          produce(modelConfig, (draft) => {
+            draft.mode = mode
+          }),
+        )
      }
    }
  }, [hasFetchedDetail, modelModeType, currModel])
@ -129,7 +131,7 @@ function Configuration() {
    currModel,
    hasFetchedDetail,
  })
-  
+
  // Component now focuses on UI
 }
 ```
@ -179,18 +181,21 @@ export const useConfigForm = (initialValues: ConfigFormValues) => {
  }, [values])

  const handleChange = useCallback((field: string, value: any) => {
-    setValues(prev => ({ ...prev, [field]: value }))
+    setValues((prev) => ({ ...prev, [field]: value }))
  }, [])

-  const handleSubmit = useCallback(async (onSubmit: (values: ConfigFormValues) => Promise<void>) => {
-    if (!validate()) return
-    setIsSubmitting(true)
-    try {
-      await onSubmit(values)
-    } finally {
-      setIsSubmitting(false)
-    }
-  }, [values, validate])
+  const handleSubmit = useCallback(
+    async (onSubmit: (values: ConfigFormValues) => Promise<void>) => {
+      if (!validate()) return
+      setIsSubmitting(true)
+      try {
+        await onSubmit(values)
+      } finally {
+        setIsSubmitting(false)
+      }
+    },
+    [values, validate],
+  )

  return { values, errors, isSubmitting, handleChange, handleSubmit }
 }
@ -233,7 +238,7 @@ export const useModalState = () => {
 export const useToggle = (initialValue = false) => {
  const [value, setValue] = useState(initialValue)

-  const toggle = useCallback(() => setValue(v => !v), [])
+  const toggle = useCallback(() => setValue((v) => !v), [])
  const setTrue = useCallback(() => setValue(true), [])
  const setFalse = useCallback(() => setValue(false), [])

@ -255,18 +260,22 @@ import { useModelConfig } from './use-model-config'

 describe('useModelConfig', () => {
  it('should initialize with default values', () => {
-    const { result } = renderHook(() => useModelConfig({
-      hasFetchedDetail: false,
-    }))
+    const { result } = renderHook(() =>
+      useModelConfig({
+        hasFetchedDetail: false,
+      }),
+    )

    expect(result.current.modelConfig.provider).toBe('langgenius/openai/openai')
    expect(result.current.modelModeType).toBe(ModelModeType.unset)
  })

  it('should update model config', () => {
-    const { result } = renderHook(() => useModelConfig({
-      hasFetchedDetail: true,
-    }))
+    const { result } = renderHook(() =>
+      useModelConfig({
+        hasFetchedDetail: true,
+      }),
+    )

    act(() => {
      result.current.setModelConfig({
--- a/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
+++ b/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
@ -1,4 +1,4 @@
 interface:
-  display_name: "E2E Cucumber + Playwright"
-  short_description: "Write and review Dify E2E scenarios."
-  default_prompt: "Use $e2e-cucumber-playwright to write or review a Dify E2E scenario under e2e/."
+  display_name: 'E2E Cucumber + Playwright'
+  short_description: 'Write and review Dify E2E scenarios.'
+  default_prompt: 'Use $e2e-cucumber-playwright to write or review a Dify E2E scenario under e2e/.'
--- a/.agents/skills/frontend-testing/SKILL.md
+++ b/.agents/skills/frontend-testing/SKILL.md
@ -93,10 +93,10 @@ describe('ComponentName', () => {
    it('should render without crashing', () => {
      // Arrange
      const props = { title: 'Test' }
-      
+
      // Act
      render(<Component {...props} />)
-      
+
      // Assert
      expect(screen.getByText('Test')).toBeInTheDocument()
    })
@ -115,9 +115,9 @@ describe('ComponentName', () => {
    it('should handle click events', () => {
      const handleClick = vi.fn()
      render(<Component onClick={handleClick} />)
-      
+
      fireEvent.click(screen.getByRole('button'))
-      
+
      expect(handleClick).toHaveBeenCalledTimes(1)
    })
  })
@ -278,16 +278,16 @@ it('should disable input when isReadOnly is true')

 ### Conditional (When Present)

-| Feature | Test Focus |
-|---------|-----------|
-| `useState` | Initial state, transitions, cleanup |
-| `useEffect` | Execution, dependencies, cleanup |
-| Event handlers | All onClick, onChange, onSubmit, keyboard |
-| API calls | Loading, success, error states |
-| Routing | Navigation, params, query strings |
-| `useCallback`/`useMemo` | Referential equality |
-| Context | Provider values, consumer behavior |
-| Forms | Validation, submission, error display |
+| Feature                 | Test Focus                                |
+| ----------------------- | ----------------------------------------- |
+| `useState`              | Initial state, transitions, cleanup       |
+| `useEffect`             | Execution, dependencies, cleanup          |
+| Event handlers          | All onClick, onChange, onSubmit, keyboard |
+| API calls               | Loading, success, error states            |
+| Routing                 | Navigation, params, query strings         |
+| `useCallback`/`useMemo` | Referential equality                      |
+| Context                 | Provider values, consumer behavior        |
+| Forms                   | Validation, submission, error display     |

 ## Coverage Goals (Per File)

--- a/.agents/skills/frontend-testing/assets/component-test.template.tsx
+++ b/.agents/skills/frontend-testing/assets/component-test.template.tsx
@ -108,10 +108,8 @@ describe('ComponentName', () => {
    it('should render without crashing', () => {
      // Arrange - Setup data and mocks
      // const props = createMockProps()
-
      // Act - Render the component
      // render(<ComponentName {...props} />)
-
      // Assert - Verify expected output
      // Prefer getByRole for accessibility; it's what users "see"
      // expect(screen.getByRole('...')).toBeInTheDocument()
--- a/.agents/skills/frontend-testing/references/async-testing.md
+++ b/.agents/skills/frontend-testing/references/async-testing.md
@ -9,7 +9,7 @@ import { render, screen, waitFor } from '@testing-library/react'

 it('should load and display data', async () => {
  render(<DataComponent />)
-  
+
  // Wait for element to appear
  await waitFor(() => {
    expect(screen.getByText('Loaded Data')).toBeInTheDocument()
@ -18,7 +18,7 @@ it('should load and display data', async () => {

 it('should hide loading spinner after load', async () => {
  render(<DataComponent />)
-  
+
  // Wait for element to disappear
  await waitFor(() => {
    expect(screen.queryByText('Loading...')).not.toBeInTheDocument()
@ -31,11 +31,11 @@ it('should hide loading spinner after load', async () => {
 ```typescript
 it('should show user name after fetch', async () => {
  render(<UserProfile />)
-  
+
  // findBy returns a promise, auto-waits up to 1000ms
  const userName = await screen.findByText('John Doe')
  expect(userName).toBeInTheDocument()
-  
+
  // findByRole with options
  const button = await screen.findByRole('button', { name: /submit/i })
  expect(button).toBeEnabled()
@ -50,13 +50,13 @@ import userEvent from '@testing-library/user-event'
 it('should submit form', async () => {
  const user = userEvent.setup()
  const onSubmit = vi.fn()
-  
+
  render(<Form onSubmit={onSubmit} />)
-  
+
  // userEvent methods are async
  await user.type(screen.getByLabelText('Email'), 'test@example.com')
  await user.click(screen.getByRole('button', { name: /submit/i }))
-  
+
  await waitFor(() => {
    expect(onSubmit).toHaveBeenCalledWith({ email: 'test@example.com' })
  })
@ -87,16 +87,16 @@ describe('Debounced Search', () => {
  it('should debounce search input', async () => {
    const onSearch = vi.fn()
    render(<SearchInput onSearch={onSearch} debounceMs={300} />)
-    
+
    // Type in the input
    fireEvent.change(screen.getByRole('textbox'), { target: { value: 'query' } })
-    
+
    // Search not called immediately
    expect(onSearch).not.toHaveBeenCalled()
-    
+
    // Advance timers
    vi.advanceTimersByTime(300)
-    
+
    // Now search is called
    expect(onSearch).toHaveBeenCalledWith('query')
  })
@ -111,23 +111,23 @@ it('should retry on failure', async () => {
  const fetchData = vi.fn()
    .mockRejectedValueOnce(new Error('Network error'))
    .mockResolvedValueOnce({ data: 'success' })
-  
+
  render(<RetryComponent fetchData={fetchData} retryDelayMs={1000} />)
-  
+
  // First call fails
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(1)
  })
-  
+
  // Advance timer for retry
  vi.advanceTimersByTime(1000)
-  
+
  // Second call succeeds
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(2)
    expect(screen.getByText('success')).toBeInTheDocument()
  })
-  
+
  vi.useRealTimers()
 })
 ```
@ -163,31 +163,31 @@ describe('DataFetcher', () => {

  it('should show loading state', () => {
    mockedApi.fetchData.mockImplementation(() => new Promise(() => {})) // Never resolves
-    
+
    render(<DataFetcher />)
-    
+
    expect(screen.getByTestId('loading-spinner')).toBeInTheDocument()
  })

  it('should show data on success', async () => {
    mockedApi.fetchData.mockResolvedValue({ items: ['Item 1', 'Item 2'] })
-    
+
    render(<DataFetcher />)
-    
+
    // Use findBy* for multiple async elements (better error messages than waitFor with multiple assertions)
    const item1 = await screen.findByText('Item 1')
    const item2 = await screen.findByText('Item 2')
    expect(item1).toBeInTheDocument()
    expect(item2).toBeInTheDocument()
-    
+
    expect(screen.queryByTestId('loading-spinner')).not.toBeInTheDocument()
  })

  it('should show error on failure', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Failed to fetch'))
-    
+
    render(<DataFetcher />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/failed to fetch/i)).toBeInTheDocument()
    })
@ -195,16 +195,16 @@ describe('DataFetcher', () => {

  it('should retry on error', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Network error'))
-    
+
    render(<DataFetcher />)
-    
+
    await waitFor(() => {
      expect(screen.getByRole('button', { name: /retry/i })).toBeInTheDocument()
    })
-    
+
    mockedApi.fetchData.mockResolvedValue({ items: ['Item 1'] })
    fireEvent.click(screen.getByRole('button', { name: /retry/i }))
-    
+
    await waitFor(() => {
      expect(screen.getByText('Item 1')).toBeInTheDocument()
    })
@ -218,19 +218,19 @@ describe('DataFetcher', () => {
 it('should submit form and show success', async () => {
  const user = userEvent.setup()
  mockedApi.createItem.mockResolvedValue({ id: '1', name: 'New Item' })
-  
+
  render(<CreateItemForm />)
-  
+
  await user.type(screen.getByLabelText('Name'), 'New Item')
  await user.click(screen.getByRole('button', { name: /create/i }))
-  
+
  // Button should be disabled during submission
  expect(screen.getByRole('button', { name: /creating/i })).toBeDisabled()
-  
+
  await waitFor(() => {
    expect(screen.getByText(/created successfully/i)).toBeInTheDocument()
  })
-  
+
  expect(mockedApi.createItem).toHaveBeenCalledWith({ name: 'New Item' })
 })
 ```
@ -242,9 +242,9 @@ it('should submit form and show success', async () => {
 ```typescript
 it('should fetch data on mount', async () => {
  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
-  
+
  render(<ComponentWithEffect fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledTimes(1)
  })
@ -256,15 +256,15 @@ it('should fetch data on mount', async () => {
 ```typescript
 it('should refetch when id changes', async () => {
  const fetchData = vi.fn().mockResolvedValue({ data: 'test' })
-  
+
  const { rerender } = render(<ComponentWithEffect id="1" fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledWith('1')
  })
-  
+
  rerender(<ComponentWithEffect id="2" fetchData={fetchData} />)
-  
+
  await waitFor(() => {
    expect(fetchData).toHaveBeenCalledWith('2')
    expect(fetchData).toHaveBeenCalledTimes(2)
@ -279,13 +279,13 @@ it('should cleanup subscription on unmount', () => {
  const subscribe = vi.fn()
  const unsubscribe = vi.fn()
  subscribe.mockReturnValue(unsubscribe)
-  
+
  const { unmount } = render(<SubscriptionComponent subscribe={subscribe} />)
-  
+
  expect(subscribe).toHaveBeenCalledTimes(1)
-  
+
  unmount()
-  
+
  expect(unsubscribe).toHaveBeenCalledTimes(1)
 })
 ```
--- a/.agents/skills/frontend-testing/references/checklist.md
+++ b/.agents/skills/frontend-testing/references/checklist.md
@ -51,16 +51,16 @@ Use this checklist when generating or reviewing tests for Dify frontend componen

 ### Conditional Sections (Add When Feature Present)

-| Feature | Add Tests For |
-|---------|---------------|
-| `useState` | Initial state, transitions, cleanup |
-| `useEffect` | Execution, dependencies, cleanup |
-| Event handlers | onClick, onChange, onSubmit, keyboard |
-| API calls | Loading, success, error states |
-| Routing | Navigation, params, query strings |
-| `useCallback`/`useMemo` | Referential equality |
-| Context | Provider values, consumer behavior |
-| Forms | Validation, submission, error display |
+| Feature                 | Add Tests For                         |
+| ----------------------- | ------------------------------------- |
+| `useState`              | Initial state, transitions, cleanup   |
+| `useEffect`             | Execution, dependencies, cleanup      |
+| Event handlers          | onClick, onChange, onSubmit, keyboard |
+| API calls               | Loading, success, error states        |
+| Routing                 | Navigation, params, query strings     |
+| `useCallback`/`useMemo` | Referential equality                  |
+| Context                 | Provider values, consumer behavior    |
+| Forms                   | Validation, submission, error display |

 ## Code Quality Checklist

@ -110,8 +110,8 @@ For the current file being tested:

 - [ ] 100% function coverage
 - [ ] 100% statement coverage
- [ ] >95% branch coverage
- [ ] >95% line coverage
+- [ ] > 95% branch coverage
+- [ ] > 95% line coverage

 ## Post-Generation (Per File)

--- a/.agents/skills/frontend-testing/references/common-patterns.md
+++ b/.agents/skills/frontend-testing/references/common-patterns.md
@ -107,13 +107,13 @@ describe('Counter', () => {
  it('should increment count', async () => {
    const user = userEvent.setup()
    render(<Counter initialCount={0} />)
-    
+
    // Initial state
    expect(screen.getByText('Count: 0')).toBeInTheDocument()
-    
+
    // Trigger transition
    await user.click(screen.getByRole('button', { name: /increment/i }))
-    
+
    // New state
    expect(screen.getByText('Count: 1')).toBeInTheDocument()
  })
@ -127,17 +127,17 @@ describe('ControlledInput', () => {
  it('should call onChange with new value', async () => {
    const user = userEvent.setup()
    const handleChange = vi.fn()
-    
+
    render(<ControlledInput value="" onChange={handleChange} />)
-    
+
    await user.type(screen.getByRole('textbox'), 'a')
-    
+
    expect(handleChange).toHaveBeenCalledWith('a')
  })

  it('should display controlled value', () => {
    render(<ControlledInput value="controlled" onChange={vi.fn()} />)
-    
+
    expect(screen.getByRole('textbox')).toHaveValue('controlled')
  })
 })
@ -149,26 +149,26 @@ describe('ControlledInput', () => {
 describe('ConditionalComponent', () => {
  it('should show loading state', () => {
    render(<DataDisplay isLoading={true} data={null} />)
-    
+
    expect(screen.getByText(/loading/i)).toBeInTheDocument()
    expect(screen.queryByTestId('data-content')).not.toBeInTheDocument()
  })

  it('should show error state', () => {
    render(<DataDisplay isLoading={false} data={null} error="Failed to load" />)
-    
+
    expect(screen.getByText(/failed to load/i)).toBeInTheDocument()
  })

  it('should show data when loaded', () => {
    render(<DataDisplay isLoading={false} data={{ name: 'Test' }} />)
-    
+
    expect(screen.getByText('Test')).toBeInTheDocument()
  })

  it('should show empty state when no data', () => {
    render(<DataDisplay isLoading={false} data={[]} />)
-    
+
    expect(screen.getByText(/no data/i)).toBeInTheDocument()
  })
 })
@ -186,7 +186,7 @@ describe('ItemList', () => {

  it('should render all items', () => {
    render(<ItemList items={items} />)
-    
+
    expect(screen.getAllByRole('listitem')).toHaveLength(3)
    items.forEach(item => {
      expect(screen.getByText(item.name)).toBeInTheDocument()
@ -196,17 +196,17 @@ describe('ItemList', () => {
  it('should handle item selection', async () => {
    const user = userEvent.setup()
    const onSelect = vi.fn()
-    
+
    render(<ItemList items={items} onSelect={onSelect} />)
-    
+
    await user.click(screen.getByText('Item 2'))
-    
+
    expect(onSelect).toHaveBeenCalledWith(items[1])
  })

  it('should handle empty list', () => {
    render(<ItemList items={[]} />)
-    
+
    expect(screen.getByText(/no items/i)).toBeInTheDocument()
  })
 })
@ -218,55 +218,55 @@ describe('ItemList', () => {
 describe('Modal', () => {
  it('should not render when closed', () => {
    render(<Modal isOpen={false} onClose={vi.fn()} />)
-    
+
    expect(screen.queryByRole('dialog')).not.toBeInTheDocument()
  })

  it('should render when open', () => {
    render(<Modal isOpen={true} onClose={vi.fn()} />)
-    
+
    expect(screen.getByRole('dialog')).toBeInTheDocument()
  })

  it('should call onClose when clicking overlay', async () => {
    const user = userEvent.setup()
    const handleClose = vi.fn()
-    
+
    render(<Modal isOpen={true} onClose={handleClose} />)
-    
+
    await user.click(screen.getByTestId('modal-overlay'))
-    
+
    expect(handleClose).toHaveBeenCalled()
  })

  it('should call onClose when pressing Escape', async () => {
    const user = userEvent.setup()
    const handleClose = vi.fn()
-    
+
    render(<Modal isOpen={true} onClose={handleClose} />)
-    
+
    await user.keyboard('{Escape}')
-    
+
    expect(handleClose).toHaveBeenCalled()
  })

  it('should trap focus inside modal', async () => {
    const user = userEvent.setup()
-    
+
    render(
      <Modal isOpen={true} onClose={vi.fn()}>
        <button>First</button>
        <button>Second</button>
      </Modal>
    )
-    
+
    // Focus should cycle within modal
    await user.tab()
    expect(screen.getByText('First')).toHaveFocus()
-    
+
    await user.tab()
    expect(screen.getByText('Second')).toHaveFocus()
-    
+
    await user.tab()
    expect(screen.getByText('First')).toHaveFocus() // Cycles back
  })
@ -280,13 +280,13 @@ describe('LoginForm', () => {
  it('should submit valid form', async () => {
    const user = userEvent.setup()
    const onSubmit = vi.fn()
-    
+
    render(<LoginForm onSubmit={onSubmit} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'test@example.com')
    await user.type(screen.getByLabelText(/password/i), 'password123')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(onSubmit).toHaveBeenCalledWith({
      email: 'test@example.com',
      password: 'password123',
@ -295,39 +295,39 @@ describe('LoginForm', () => {

  it('should show validation errors', async () => {
    const user = userEvent.setup()
-    
+
    render(<LoginForm onSubmit={vi.fn()} />)
-    
+
    // Submit empty form
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByText(/email is required/i)).toBeInTheDocument()
    expect(screen.getByText(/password is required/i)).toBeInTheDocument()
  })

  it('should validate email format', async () => {
    const user = userEvent.setup()
-    
+
    render(<LoginForm onSubmit={vi.fn()} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'invalid-email')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByText(/invalid email/i)).toBeInTheDocument()
  })

  it('should disable submit button while submitting', async () => {
    const user = userEvent.setup()
    const onSubmit = vi.fn(() => new Promise(resolve => setTimeout(resolve, 100)))
-    
+
    render(<LoginForm onSubmit={onSubmit} />)
-    
+
    await user.type(screen.getByLabelText(/email/i), 'test@example.com')
    await user.type(screen.getByLabelText(/password/i), 'password123')
    await user.click(screen.getByRole('button', { name: /sign in/i }))
-    
+
    expect(screen.getByRole('button', { name: /signing in/i })).toBeDisabled()
-    
+
    await waitFor(() => {
      expect(screen.getByRole('button', { name: /sign in/i })).toBeEnabled()
    })
@ -346,7 +346,7 @@ describe('StatusBadge', () => {
    ['info', 'bg-blue-500'],
  ])('should apply correct class for %s status', (status, expectedClass) => {
    render(<StatusBadge status={status} />)
-    
+
    expect(screen.getByTestId('status-badge')).toHaveClass(expectedClass)
  })

@ -357,7 +357,7 @@ describe('StatusBadge', () => {
    { input: 'invalid', expected: 'Unknown' },
  ])('should show "Unknown" for invalid input: $input', ({ input, expected }) => {
    render(<StatusBadge status={input} />)
-    
+
    expect(screen.getByText(expected)).toBeInTheDocument()
  })
 })
--- a/.agents/skills/frontend-testing/references/domain-components.md
+++ b/.agents/skills/frontend-testing/references/domain-components.md
@ -53,18 +53,18 @@ describe('NodeConfigPanel', () => {
    it('should render node type selector', () => {
      const node = createMockNode({ type: 'llm' })
      render(<NodeConfigPanel node={node} />)
-      
+
      expect(screen.getByLabelText(/model/i)).toBeInTheDocument()
    })

    it('should update node config on change', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'llm' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      await user.selectOptions(screen.getByLabelText(/model/i), 'gpt-4')
-      
+
      expect(mockWorkflowStore.updateNode).toHaveBeenCalledWith(
        node.id,
        expect.objectContaining({ model: 'gpt-4' })
@ -76,14 +76,14 @@ describe('NodeConfigPanel', () => {
    it('should show error for invalid input', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'code' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      // Enter invalid code
      const codeInput = screen.getByLabelText(/code/i)
      await user.clear(codeInput)
      await user.type(codeInput, 'invalid syntax {{{')
-      
+
      await waitFor(() => {
        expect(screen.getByText(/syntax error/i)).toBeInTheDocument()
      })
@ -91,11 +91,11 @@ describe('NodeConfigPanel', () => {

    it('should validate required fields', async () => {
      const node = createMockNode({ type: 'http', data: { url: '' } })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      fireEvent.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/url is required/i)).toBeInTheDocument()
      })
@ -113,28 +113,28 @@ describe('NodeConfigPanel', () => {
        id: 'node-2',
        type: 'llm',
      })
-      
+
      mockWorkflowStore.nodes = [upstreamNode, currentNode]
      mockWorkflowStore.edges = [{ source: 'node-1', target: 'node-2' }]
-      
+
      render(<NodeConfigPanel node={currentNode} />)
-      
+
      // Variable selector should show upstream variables
      fireEvent.click(screen.getByRole('button', { name: /add variable/i }))
-      
+
      expect(screen.getByText('user_input')).toBeInTheDocument()
    })

    it('should insert variable into prompt template', async () => {
      const user = userEvent.setup()
      const node = createMockNode({ type: 'llm' })
-      
+
      render(<NodeConfigPanel node={node} />)
-      
+
      // Click variable button
      await user.click(screen.getByRole('button', { name: /insert variable/i }))
      await user.click(screen.getByText('user_input'))
-      
+
      const promptInput = screen.getByLabelText(/prompt/i)
      expect(promptInput).toHaveValue(expect.stringContaining('{{user_input}}'))
    })
@ -179,14 +179,14 @@ describe('DocumentUploader', () => {
      const user = userEvent.setup()
      const onUpload = vi.fn()
      mockedService.uploadDocument.mockResolvedValue({ id: 'doc-1' })
-      
+
      render(<DocumentUploader onUpload={onUpload} />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      const input = screen.getByLabelText(/upload/i)
-      
+
      await user.upload(input, file)
-      
+
      await waitFor(() => {
        expect(mockedService.uploadDocument).toHaveBeenCalledWith(
          expect.any(FormData)
@ -196,35 +196,35 @@ describe('DocumentUploader', () => {

    it('should reject invalid file types', async () => {
      const user = userEvent.setup()
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.exe', { type: 'application/x-msdownload' })
      const input = screen.getByLabelText(/upload/i)
-      
+
      await user.upload(input, file)
-      
+
      expect(screen.getByText(/unsupported file type/i)).toBeInTheDocument()
      expect(mockedService.uploadDocument).not.toHaveBeenCalled()
    })

    it('should show upload progress', async () => {
      const user = userEvent.setup()
-      
+
      // Mock upload with progress
      mockedService.uploadDocument.mockImplementation(() => {
        return new Promise((resolve) => {
          setTimeout(() => resolve({ id: 'doc-1' }), 100)
        })
      })
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      expect(screen.getByRole('progressbar')).toBeInTheDocument()
-      
+
      await waitFor(() => {
        expect(screen.queryByRole('progressbar')).not.toBeInTheDocument()
      })
@ -235,12 +235,12 @@ describe('DocumentUploader', () => {
    it('should handle upload failure', async () => {
      const user = userEvent.setup()
      mockedService.uploadDocument.mockRejectedValue(new Error('Upload failed'))
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      await waitFor(() => {
        expect(screen.getByText(/upload failed/i)).toBeInTheDocument()
      })
@ -251,18 +251,18 @@ describe('DocumentUploader', () => {
      mockedService.uploadDocument
        .mockRejectedValueOnce(new Error('Network error'))
        .mockResolvedValueOnce({ id: 'doc-1' })
-      
+
      render(<DocumentUploader />)
-      
+
      const file = new File(['content'], 'test.pdf', { type: 'application/pdf' })
      await user.upload(screen.getByLabelText(/upload/i), file)
-      
+
      await waitFor(() => {
        expect(screen.getByRole('button', { name: /retry/i })).toBeInTheDocument()
      })
-      
+
      await user.click(screen.getByRole('button', { name: /retry/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/uploaded successfully/i)).toBeInTheDocument()
      })
@ -283,13 +283,13 @@ describe('DocumentList', () => {
        page: 1,
        pageSize: 10,
      })
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 1')).toBeInTheDocument()
      })
-      
+
      expect(mockedService.getDocuments).toHaveBeenCalledWith('ds-1', { page: 1 })
    })

@ -301,22 +301,22 @@ describe('DocumentList', () => {
        page: 1,
        pageSize: 10,
      })
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 1')).toBeInTheDocument()
      })
-      
+
      mockedService.getDocuments.mockResolvedValue({
        data: [{ id: '11', name: 'Doc 11' }],
        total: 50,
        page: 2,
        pageSize: 10,
      })
-      
+
      await user.click(screen.getByRole('button', { name: /next/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText('Doc 11')).toBeInTheDocument()
      })
@ -327,21 +327,21 @@ describe('DocumentList', () => {
    it('should filter by search query', async () => {
      const user = userEvent.setup()
      vi.useFakeTimers()
-      
+
      render(<DocumentList datasetId="ds-1" />)
-      
+
      await user.type(screen.getByPlaceholderText(/search/i), 'test query')
-      
+
      // Debounce
      vi.advanceTimersByTime(300)
-      
+
      await waitFor(() => {
        expect(mockedService.getDocuments).toHaveBeenCalledWith(
          'ds-1',
          expect.objectContaining({ search: 'test query' })
        )
      })
-      
+
      vi.useRealTimers()
    })
  })
@ -391,50 +391,50 @@ describe('AppConfigForm', () => {
  describe('Form Validation', () => {
    it('should require app name', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Clear name field
      await user.clear(screen.getByLabelText(/name/i))
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      expect(screen.getByText(/name is required/i)).toBeInTheDocument()
      expect(mockedService.updateAppConfig).not.toHaveBeenCalled()
    })

    it('should validate name length', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toBeInTheDocument()
      })
-      
+
      // Enter very long name
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'a'.repeat(101))
-      
+
      expect(screen.getByText(/name must be less than 100 characters/i)).toBeInTheDocument()
    })

    it('should allow empty optional fields', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockResolvedValue({ success: true })
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Leave description empty (optional)
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(mockedService.updateAppConfig).toHaveBeenCalled()
      })
@ -445,58 +445,58 @@ describe('AppConfigForm', () => {
    it('should save configuration', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockResolvedValue({ success: true })
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'Updated App')
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(mockedService.updateAppConfig).toHaveBeenCalledWith(
          'app-1',
          expect.objectContaining({ name: 'Updated App' })
        )
      })
-      
+
      expect(screen.getByText(/saved successfully/i)).toBeInTheDocument()
    })

    it('should reset to default values', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Make changes
      await user.clear(screen.getByLabelText(/name/i))
      await user.type(screen.getByLabelText(/name/i), 'Changed Name')
-      
+
      // Reset
      await user.click(screen.getByRole('button', { name: /reset/i }))
-      
+
      expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
    })

    it('should show unsaved changes warning', async () => {
      const user = userEvent.setup()
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      // Make changes
      await user.type(screen.getByLabelText(/name/i), ' Updated')
-      
+
      expect(screen.getByText(/unsaved changes/i)).toBeInTheDocument()
    })
  })
@ -505,15 +505,15 @@ describe('AppConfigForm', () => {
    it('should show error on save failure', async () => {
      const user = userEvent.setup()
      mockedService.updateAppConfig.mockRejectedValue(new Error('Server error'))
-      
+
      render(<AppConfigForm appId="app-1" />)
-      
+
      await waitFor(() => {
        expect(screen.getByLabelText(/name/i)).toHaveValue('My App')
      })
-      
+
      await user.click(screen.getByRole('button', { name: /save/i }))
-      
+
      await waitFor(() => {
        expect(screen.getByText(/failed to save/i)).toBeInTheDocument()
      })
--- a/.agents/skills/frontend-testing/references/mocking.md
+++ b/.agents/skills/frontend-testing/references/mocking.md
@ -54,12 +54,12 @@ See [Zustand Store Testing](#zustand-store-testing) section for full details.

 ## Mock Placement

-| Location | Purpose |
-|----------|---------|
-| `web/vitest.setup.ts` | Global mocks shared by all tests (`react-i18next`, `zustand`, clipboard, FloatingPortal, Monaco, localStorage`) |
-| `web/__mocks__/zustand.ts` | Zustand mock implementation (auto-resets stores after each test) |
-| `web/__mocks__/` | Reusable mock factories shared across multiple test files |
-| Test file | Test-specific mocks, inline with `vi.mock()` |
+| Location                   | Purpose                                                                                                         |
+| -------------------------- | --------------------------------------------------------------------------------------------------------------- |
+| `web/vitest.setup.ts`      | Global mocks shared by all tests (`react-i18next`, `zustand`, clipboard, FloatingPortal, Monaco, localStorage`) |
+| `web/__mocks__/zustand.ts` | Zustand mock implementation (auto-resets stores after each test)                                                |
+| `web/__mocks__/`           | Reusable mock factories shared across multiple test files                                                       |
+| Test file                  | Test-specific mocks, inline with `vi.mock()`                                                                    |

 Modules are not mocked automatically. Use `vi.mock` in test files, or add global mocks in `web/vitest.setup.ts`.

@ -85,10 +85,12 @@ The global mock provides:
 ```typescript
 import { createReactI18nextMock } from '@/test/i18n-mock'

-vi.mock('react-i18next', () => createReactI18nextMock({
-  'my.custom.key': 'Custom translation',
-  'button.save': 'Save',
-}))
+vi.mock('react-i18next', () =>
+  createReactI18nextMock({
+    'my.custom.key': 'Custom translation',
+    'button.save': 'Save',
+  }),
+)
 ```

 **Avoid**: Manually defining `useTranslation` mocks that just return the key - the global mock already does this.
@ -189,16 +191,16 @@ const mockedApi = vi.mocked(api)
 describe('Component', () => {
  beforeEach(() => {
    vi.clearAllMocks()
-    
+
    // Setup default mock implementation
    mockedApi.fetchData.mockResolvedValue({ data: [] })
  })

  it('should show data on success', async () => {
    mockedApi.fetchData.mockResolvedValue({ data: [{ id: 1 }] })
-    
+
    render(<Component />)
-    
+
    await waitFor(() => {
      expect(screen.getByText('1')).toBeInTheDocument()
    })
@ -206,9 +208,9 @@ describe('Component', () => {

  it('should show error on failure', async () => {
    mockedApi.fetchData.mockRejectedValue(new Error('Network error'))
-    
+
    render(<Component />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/error/i)).toBeInTheDocument()
    })
@ -231,9 +233,9 @@ describe('GithubComponent', () => {
        headers: { 'Content-Type': 'application/json' },
      }),
    )
-    
+
    render(<GithubComponent />)
-    
+
    await waitFor(() => {
      expect(screen.getByText('dify')).toBeInTheDocument()
    })
@ -246,9 +248,9 @@ describe('GithubComponent', () => {
        headers: { 'Content-Type': 'application/json' },
      }),
    )
-    
+
    render(<GithubComponent />)
-    
+
    await waitFor(() => {
      expect(screen.getByText(/error/i)).toBeInTheDocument()
    })
@ -267,25 +269,25 @@ import { createMockProviderContextValue, createMockPlan } from '@/__mocks__/prov
 describe('Component with Context', () => {
  it('should render for free plan', () => {
    const mockContext = createMockPlan('sandbox')
-    
+
    render(
      <ProviderContext.Provider value={mockContext}>
        <Component />
      </ProviderContext.Provider>
    )
-    
+
    expect(screen.getByText('Upgrade')).toBeInTheDocument()
  })

  it('should render for pro plan', () => {
    const mockContext = createMockPlan('professional')
-    
+
    render(
      <ProviderContext.Provider value={mockContext}>
        <Component />
      </ProviderContext.Provider>
    )
-    
+
    expect(screen.queryByText('Upgrade')).not.toBeInTheDocument()
  })
 })
@ -411,7 +413,7 @@ Manual mocking conflicts with the global Zustand mock and loses store functional
 ```typescript
 // ❌ WRONG: Don't mock the store module
 vi.mock('@/app/components/app/store', () => ({
-  useStore: (selector) => mockSelector(selector),  // Missing getState, setState!
+  useStore: (selector) => mockSelector(selector), // Missing getState, setState!
 }))

 // ❌ WRONG: This conflicts with global zustand mock
@ -439,14 +441,11 @@ const mockStore = {
 }

 vi.mock('@/app/components/app/store', () => ({
-  useStore: Object.assign(
-    (selector: (state: typeof mockStore) => unknown) => selector(mockStore),
-    {
-      getState: () => mockStore,
-      setState: vi.fn(),
-      subscribe: vi.fn(),
-    },
-  ),
+  useStore: Object.assign((selector: (state: typeof mockStore) => unknown) => selector(mockStore), {
+    getState: () => mockStore,
+    setState: vi.fn(),
+    subscribe: vi.fn(),
+  }),
 }))
 ```

@ -528,7 +527,7 @@ it('should display project owner', () => {
  const project = createMockProject({
    owner: createMockUser({ name: 'John Doe' }),
  })
-  
+
  render(<ProjectCard project={project} />)
  expect(screen.getByText('John Doe')).toBeInTheDocument()
 })
--- a/.agents/skills/frontend-testing/references/workflow.md
+++ b/.agents/skills/frontend-testing/references/workflow.md
@ -6,10 +6,10 @@ This guide defines the workflow for generating tests, especially for complex com

 This guide addresses **multi-file workflow** (how to process multiple test files). For coverage requirements within a single test file, see `web/docs/test.md` § Coverage Goals.

-| Scope | Rule |
-|-------|------|
-| **Single file** | Complete coverage in one generation (100% function, >95% branch) |
-| **Multi-file directory** | Process one file at a time, verify each before proceeding |
+| Scope                    | Rule                                                             |
+| ------------------------ | ---------------------------------------------------------------- |
+| **Single file**          | Complete coverage in one generation (100% function, >95% branch) |
+| **Multi-file directory** | Process one file at a time, verify each before proceeding        |

 ## ⚠️ Critical Rule: Incremental Approach for Multi-File Testing

@ -17,14 +17,14 @@ When testing a **directory with multiple files**, **NEVER generate all test file

 ### Why Incremental?

-| Batch Approach (❌) | Incremental Approach (✅) |
-|---------------------|---------------------------|
-| Generate 5+ tests at once | Generate 1 test at a time |
-| Run tests only at the end | Run test immediately after each file |
-| Multiple failures compound | Single point of failure, easy to debug |
-| Hard to identify root cause | Clear cause-effect relationship |
-| Mock issues affect many files | Mock issues caught early |
-| Messy git history | Clean, atomic commits possible |
+| Batch Approach (❌)           | Incremental Approach (✅)              |
+| ----------------------------- | -------------------------------------- |
+| Generate 5+ tests at once     | Generate 1 test at a time              |
+| Run tests only at the end     | Run test immediately after each file   |
+| Multiple failures compound    | Single point of failure, easy to debug |
+| Hard to identify root cause   | Clear cause-effect relationship        |
+| Mock issues affect many files | Mock issues caught early               |
+| Messy git history             | Clean, atomic commits possible         |

 ## Single File Workflow

@ -190,7 +190,7 @@ Update status as you complete each:
 ```
 # BAD: Writing all files then testing
 Write component-a.spec.tsx
-Write component-b.spec.tsx  
+Write component-b.spec.tsx
 Write component-c.spec.tsx
 Write component-d.spec.tsx
 Run pnpm test  ← Multiple failures, hard to debug
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,49 +1,43 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the
 // README at: https://github.com/devcontainers/templates/tree/main/src/anaconda
 {
-	"name": "Python 3.12",
-	"build": {
-		"context": "..",
-		"dockerfile": "Dockerfile"
-	},
-	"mounts": [
-		"source=dify-dev-tmp,target=/tmp,type=volume"
-	],
-	"features": {
-		"ghcr.io/devcontainers/features/node:1": {
-			"nodeGypDependencies": true,
-			"version": "lts"
-		},
-		"ghcr.io/devcontainers-extra/features/npm-package:1": {
-			"package": "typescript",
-			"version": "latest"
-		},
-		"ghcr.io/devcontainers/features/docker-in-docker:2": {
-			"moby": true,
-			"azureDnsAutoDetection": true,
-			"installDockerBuildx": true,
-			"version": "latest",
-			"dockerDashComposeVersion": "v2"
-		}
-	},
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"ms-python.pylint",
-				"GitHub.copilot",
-				"ms-python.python"
-			]
-		}
-	},
-	"postStartCommand": "./.devcontainer/post_start_command.sh",
-	"postCreateCommand": "./.devcontainer/post_create_command.sh"
-	// Features to add to the dev container. More info: https://containers.dev/features.
-	// "features": {},
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "python --version",
-	// Configure tool-specific properties.
-	// "customizations": {},
-	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-}
+  "name": "Python 3.12",
+  "build": {
+    "context": "..",
+    "dockerfile": "Dockerfile"
+  },
+  "mounts": ["source=dify-dev-tmp,target=/tmp,type=volume"],
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {
+      "nodeGypDependencies": true,
+      "version": "lts"
+    },
+    "ghcr.io/devcontainers-extra/features/npm-package:1": {
+      "package": "typescript",
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "moby": true,
+      "azureDnsAutoDetection": true,
+      "installDockerBuildx": true,
+      "version": "latest",
+      "dockerDashComposeVersion": "v2"
+    }
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": ["ms-python.pylint", "GitHub.copilot", "ms-python.python"]
+    }
+  },
+  "postStartCommand": "./.devcontainer/post_start_command.sh",
+  "postCreateCommand": "./.devcontainer/post_create_command.sh"
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "python --version",
+  // Configure tool-specific properties.
+  // "customizations": {},
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+}
--- a/.github/DISCUSSION_TEMPLATE/general.yml
+++ b/.github/DISCUSSION_TEMPLATE/general.yml
@ -1,17 +1,17 @@
-title: "General Discussion"
+title: 'General Discussion'
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/DISCUSSION_TEMPLATE/help.yml
+++ b/.github/DISCUSSION_TEMPLATE/help.yml
@ -1,17 +1,17 @@
-title: "Help"
+title: 'Help'
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/DISCUSSION_TEMPLATE/suggestion.yml
+++ b/.github/DISCUSSION_TEMPLATE/suggestion.yml
@ -3,15 +3,15 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have searched for existing issues [search for existing issues](https://github.com/langgenius/dify/issues), including closed ones.
          required: true
        - label: I confirm that I am using English to submit this report (我已阅读并同意 [Language Policy](https://github.com/langgenius/dify/issues/1542)).
          required: true
-        - label: "[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)"
+        - label: '[FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)'
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -1,4 +1,4 @@
-name: "🕷️ Bug report"
+name: '🕷️ Bug report'
 description: Report errors or unexpected behavior
 labels:
  - bug
@ -6,7 +6,7 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -18,7 +18,7 @@ body:
          required: true
        - label: 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true

  - type: input
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,13 +1,13 @@
 blank_issues_enabled: false
 contact_links:
  - name: "\U0001F510 Security Vulnerabilities"
-    url: "https://github.com/langgenius/dify/security/advisories/new"
+    url: 'https://github.com/langgenius/dify/security/advisories/new'
    about: Report security vulnerabilities through GitHub Security Advisories to ensure responsible disclosure. 💡 Please do not report security vulnerabilities in public issues.
  - name: "\U0001F4A1 Model Providers & Plugins"
-    url: "https://github.com/langgenius/dify-official-plugins/issues/new/choose"
+    url: 'https://github.com/langgenius/dify-official-plugins/issues/new/choose'
    about: Report issues with official plugins or model providers, you will need to provide the plugin version and other relevant details.
  - name: "\U0001F4AC Documentation Issues"
-    url: "https://github.com/langgenius/dify-docs/issues/new"
+    url: 'https://github.com/langgenius/dify-docs/issues/new'
    about: Report issues with the documentation, such as typos, outdated information, or missing content. Please provide the specific section and details of the issue.
  - name: "\U0001F4E7 Discussions"
    url: https://github.com/langgenius/dify/discussions/categories/general
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -1,4 +1,4 @@
-name: "⭐ Feature or enhancement request"
+name: '⭐ Feature or enhancement request'
 description: Propose something new.
 labels:
  - enhancement
@ -6,7 +6,7 @@ body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -14,7 +14,7 @@ body:
          required: true
        - label: I confirm that I am using English to submit this report, otherwise it will be closed.
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    attributes:
--- a/.github/ISSUE_TEMPLATE/refactor.yml
+++ b/.github/ISSUE_TEMPLATE/refactor.yml
@ -1,11 +1,11 @@
-name: "✨ Refactor or Chore"
+name: '✨ Refactor or Chore'
 description: Refactor existing code or perform maintenance chores to improve readability and reliability.
-title: "[Refactor/Chore] "
+title: '[Refactor/Chore] '
 body:
  - type: checkboxes
    attributes:
      label: Self Checks
-      description: "To make sure we get to you in time, please check the following :)"
+      description: 'To make sure we get to you in time, please check the following :)'
      options:
        - label: I have read the [Contributing Guide](https://github.com/langgenius/dify/blob/main/CONTRIBUTING.md) and [Language Policy](https://github.com/langgenius/dify/issues/1542).
          required: true
@ -17,26 +17,26 @@ body:
          required: true
        - label: 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
          required: true
-        - label: "Please do not modify this template :) and fill in all the required fields."
+        - label: 'Please do not modify this template :) and fill in all the required fields.'
          required: true
  - type: textarea
    id: description
    attributes:
      label: Description
-      placeholder: "Describe the refactor or chore you are proposing."
+      placeholder: 'Describe the refactor or chore you are proposing.'
    validations:
      required: true
  - type: textarea
    id: motivation
    attributes:
      label: Motivation
-      placeholder: "Explain why this refactor or chore is necessary."
+      placeholder: 'Explain why this refactor or chore is necessary.'
    validations:
      required: false
  - type: textarea
    id: additional-context
    attributes:
      label: Additional Context
-      placeholder: "Add any other context or screenshots about the request here."
+      placeholder: 'Add any other context or screenshots about the request here.'
    validations:
      required: false
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,223 +1,223 @@
 version: 2

 updates:
-  - package-ecosystem: "uv"
-    directory: "/api"
+  - package-ecosystem: 'uv'
+    directory: '/api'
    open-pull-requests-limit: 10
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      flask:
        patterns:
-          - "flask"
-          - "flask-*"
-          - "werkzeug"
-          - "gunicorn"
+          - 'flask'
+          - 'flask-*'
+          - 'werkzeug'
+          - 'gunicorn'
      google:
        patterns:
-          - "google-*"
-          - "googleapis-*"
+          - 'google-*'
+          - 'googleapis-*'
      opentelemetry:
        patterns:
-          - "opentelemetry-*"
+          - 'opentelemetry-*'
      pydantic:
        patterns:
-          - "pydantic"
-          - "pydantic-*"
+          - 'pydantic'
+          - 'pydantic-*'
      llm:
        patterns:
-          - "langfuse"
-          - "langsmith"
-          - "litellm"
-          - "mlflow*"
-          - "opik"
-          - "weave*"
-          - "arize*"
-          - "tiktoken"
-          - "transformers"
+          - 'langfuse'
+          - 'langsmith'
+          - 'litellm'
+          - 'mlflow*'
+          - 'opik'
+          - 'weave*'
+          - 'arize*'
+          - 'tiktoken'
+          - 'transformers'
      database:
        patterns:
-          - "sqlalchemy"
-          - "psycopg2*"
-          - "psycogreen"
-          - "redis*"
-          - "alembic*"
+          - 'sqlalchemy'
+          - 'psycopg2*'
+          - 'psycogreen'
+          - 'redis*'
+          - 'alembic*'
      storage:
        patterns:
-          - "boto3*"
-          - "botocore*"
-          - "azure-*"
-          - "bce-*"
-          - "cos-python-*"
-          - "esdk-obs-*"
-          - "google-cloud-storage"
-          - "opendal"
-          - "oss2"
-          - "supabase*"
-          - "tos*"
+          - 'boto3*'
+          - 'botocore*'
+          - 'azure-*'
+          - 'bce-*'
+          - 'cos-python-*'
+          - 'esdk-obs-*'
+          - 'google-cloud-storage'
+          - 'opendal'
+          - 'oss2'
+          - 'supabase*'
+          - 'tos*'
      vdb:
        patterns:
-          - "alibabacloud*"
-          - "chromadb"
-          - "clickhouse-*"
-          - "clickzetta-*"
-          - "couchbase"
-          - "elasticsearch"
-          - "opensearch-py"
-          - "oracledb"
-          - "pgvect*"
-          - "pymilvus"
-          - "pymochow"
-          - "pyobvector"
-          - "qdrant-client"
-          - "intersystems-*"
-          - "tablestore"
-          - "tcvectordb"
-          - "tidb-vector"
-          - "upstash-*"
-          - "volcengine-*"
-          - "weaviate-*"
-          - "xinference-*"
-          - "mo-vector"
-          - "mysql-connector-*"
+          - 'alibabacloud*'
+          - 'chromadb'
+          - 'clickhouse-*'
+          - 'clickzetta-*'
+          - 'couchbase'
+          - 'elasticsearch'
+          - 'opensearch-py'
+          - 'oracledb'
+          - 'pgvect*'
+          - 'pymilvus'
+          - 'pymochow'
+          - 'pyobvector'
+          - 'qdrant-client'
+          - 'intersystems-*'
+          - 'tablestore'
+          - 'tcvectordb'
+          - 'tidb-vector'
+          - 'upstash-*'
+          - 'volcengine-*'
+          - 'weaviate-*'
+          - 'xinference-*'
+          - 'mo-vector'
+          - 'mysql-connector-*'
      dev:
        patterns:
-          - "coverage"
-          - "dotenv-linter"
-          - "faker"
-          - "lxml-stubs"
-          - "basedpyright"
-          - "ruff"
-          - "pytest*"
-          - "types-*"
-          - "boto3-stubs"
-          - "hypothesis"
-          - "pandas-stubs"
-          - "scipy-stubs"
-          - "import-linter"
-          - "celery-types"
-          - "mypy*"
-          - "pyrefly"
+          - 'coverage'
+          - 'dotenv-linter'
+          - 'faker'
+          - 'lxml-stubs'
+          - 'basedpyright'
+          - 'ruff'
+          - 'pytest*'
+          - 'types-*'
+          - 'boto3-stubs'
+          - 'hypothesis'
+          - 'pandas-stubs'
+          - 'scipy-stubs'
+          - 'import-linter'
+          - 'celery-types'
+          - 'mypy*'
+          - 'pyrefly'
      python-packages:
        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
+          - '*'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
    open-pull-requests-limit: 5
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      github-actions-dependencies:
        patterns:
-          - "*"
-  - package-ecosystem: "uv"
-    directory: "/api"
-    target-branch: "lts/1.13.x"
+          - '*'
+  - package-ecosystem: 'uv'
+    directory: '/api'
+    target-branch: 'lts/1.13.x'
    open-pull-requests-limit: 10
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      flask:
        patterns:
-          - "flask"
-          - "flask-*"
-          - "werkzeug"
-          - "gunicorn"
+          - 'flask'
+          - 'flask-*'
+          - 'werkzeug'
+          - 'gunicorn'
      google:
        patterns:
-          - "google-*"
-          - "googleapis-*"
+          - 'google-*'
+          - 'googleapis-*'
      opentelemetry:
        patterns:
-          - "opentelemetry-*"
+          - 'opentelemetry-*'
      pydantic:
        patterns:
-          - "pydantic"
-          - "pydantic-*"
+          - 'pydantic'
+          - 'pydantic-*'
      llm:
        patterns:
-          - "langfuse"
-          - "langsmith"
-          - "litellm"
-          - "mlflow*"
-          - "opik"
-          - "weave*"
-          - "arize*"
-          - "tiktoken"
-          - "transformers"
+          - 'langfuse'
+          - 'langsmith'
+          - 'litellm'
+          - 'mlflow*'
+          - 'opik'
+          - 'weave*'
+          - 'arize*'
+          - 'tiktoken'
+          - 'transformers'
      database:
        patterns:
-          - "sqlalchemy"
-          - "psycopg2*"
-          - "psycogreen"
-          - "redis*"
-          - "alembic*"
+          - 'sqlalchemy'
+          - 'psycopg2*'
+          - 'psycogreen'
+          - 'redis*'
+          - 'alembic*'
      storage:
        patterns:
-          - "boto3*"
-          - "botocore*"
-          - "azure-*"
-          - "bce-*"
-          - "cos-python-*"
-          - "esdk-obs-*"
-          - "google-cloud-storage"
-          - "opendal"
-          - "oss2"
-          - "supabase*"
-          - "tos*"
+          - 'boto3*'
+          - 'botocore*'
+          - 'azure-*'
+          - 'bce-*'
+          - 'cos-python-*'
+          - 'esdk-obs-*'
+          - 'google-cloud-storage'
+          - 'opendal'
+          - 'oss2'
+          - 'supabase*'
+          - 'tos*'
      vdb:
        patterns:
-          - "alibabacloud*"
-          - "chromadb"
-          - "clickhouse-*"
-          - "clickzetta-*"
-          - "couchbase"
-          - "elasticsearch"
-          - "opensearch-py"
-          - "oracledb"
-          - "pgvect*"
-          - "pymilvus"
-          - "pymochow"
-          - "pyobvector"
-          - "qdrant-client"
-          - "intersystems-*"
-          - "tablestore"
-          - "tcvectordb"
-          - "tidb-vector"
-          - "upstash-*"
-          - "volcengine-*"
-          - "weaviate-*"
-          - "xinference-*"
-          - "mo-vector"
-          - "mysql-connector-*"
+          - 'alibabacloud*'
+          - 'chromadb'
+          - 'clickhouse-*'
+          - 'clickzetta-*'
+          - 'couchbase'
+          - 'elasticsearch'
+          - 'opensearch-py'
+          - 'oracledb'
+          - 'pgvect*'
+          - 'pymilvus'
+          - 'pymochow'
+          - 'pyobvector'
+          - 'qdrant-client'
+          - 'intersystems-*'
+          - 'tablestore'
+          - 'tcvectordb'
+          - 'tidb-vector'
+          - 'upstash-*'
+          - 'volcengine-*'
+          - 'weaviate-*'
+          - 'xinference-*'
+          - 'mo-vector'
+          - 'mysql-connector-*'
      dev:
        patterns:
-          - "coverage"
-          - "dotenv-linter"
-          - "faker"
-          - "lxml-stubs"
-          - "basedpyright"
-          - "ruff"
-          - "pytest*"
-          - "types-*"
-          - "boto3-stubs"
-          - "hypothesis"
-          - "pandas-stubs"
-          - "scipy-stubs"
-          - "import-linter"
-          - "celery-types"
-          - "mypy*"
-          - "pyrefly"
+          - 'coverage'
+          - 'dotenv-linter'
+          - 'faker'
+          - 'lxml-stubs'
+          - 'basedpyright'
+          - 'ruff'
+          - 'pytest*'
+          - 'types-*'
+          - 'boto3-stubs'
+          - 'hypothesis'
+          - 'pandas-stubs'
+          - 'scipy-stubs'
+          - 'import-linter'
+          - 'celery-types'
+          - 'mypy*'
+          - 'pyrefly'
      python-packages:
        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    target-branch: "lts/1.13.x"
+          - '*'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    target-branch: 'lts/1.13.x'
    open-pull-requests-limit: 5
    schedule:
-      interval: "weekly"
+      interval: 'weekly'
    groups:
      github-actions-dependencies:
        patterns:
-          - "*"
+          - '*'
--- a/.github/linters/.hadolint.yaml
+++ b/.github/linters/.hadolint.yaml
@ -1 +1 @@
-failure-threshold: "error"
+failure-threshold: 'error'
--- a/.github/linters/.yaml-lint.yml
+++ b/.github/linters/.yaml-lint.yml
@ -1,5 +1,4 @@
 ---
-
 extends: default

 rules:
--- a/.github/linters/editorconfig-checker.json
+++ b/.github/linters/editorconfig-checker.json
@ -1,22 +1,22 @@
 {
-    "Verbose": false,
-    "Debug": false,
-    "IgnoreDefaults": false,
-    "SpacesAfterTabs": false,
-    "NoColor": false,
-    "Exclude": [
-        "^web/public/vs/",
-        "^web/public/pdf.worker.min.mjs$",
-        "web/app/components/base/icons/src/vender/"
-    ],
-    "AllowedContentTypes": [],
-    "PassedFiles": [],
-    "Disable": {
-        "EndOfLine": false,
-        "Indentation": false,
-        "IndentSize": true,
-        "InsertFinalNewline": false,
-        "TrimTrailingWhitespace": false,
-        "MaxLineLength": false
-    }
+  "Verbose": false,
+  "Debug": false,
+  "IgnoreDefaults": false,
+  "SpacesAfterTabs": false,
+  "NoColor": false,
+  "Exclude": [
+    "^web/public/vs/",
+    "^web/public/pdf.worker.min.mjs$",
+    "web/app/components/base/icons/src/vender/"
+  ],
+  "AllowedContentTypes": [],
+  "PassedFiles": [],
+  "Disable": {
+    "EndOfLine": false,
+    "Indentation": false,
+    "IndentSize": true,
+    "InsertFinalNewline": false,
+    "TrimTrailingWhitespace": false,
+    "MaxLineLength": false
+  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -12,8 +12,8 @@
 ## Screenshots

 | Before | After |
-|--------|-------|
-| ... | ... |
+| ------ | ----- |
+| ...    | ...   |

 ## Checklist

--- a/.github/scripts/generate-i18n-changes.mjs
+++ b/.github/scripts/generate-i18n-changes.mjs
@ -8,31 +8,31 @@ const headSha = process.env.HEAD_SHA || ''
 const files = (process.env.CHANGED_FILES || '').split(/\s+/).filter(Boolean)
 const outputPath = process.env.I18N_CHANGES_OUTPUT_PATH || '/tmp/i18n-changes.json'

-const englishPath = fileStem => path.join(repoRoot, 'web', 'i18n', 'en-US', `${fileStem}.json`)
+const englishPath = (fileStem) => path.join(repoRoot, 'web', 'i18n', 'en-US', `${fileStem}.json`)

 const readCurrentJson = (fileStem) => {
  const filePath = englishPath(fileStem)
-  if (!fs.existsSync(filePath))
-    return null
+  if (!fs.existsSync(filePath)) return null

  return JSON.parse(fs.readFileSync(filePath, 'utf8'))
 }

 const readBaseJson = (fileStem) => {
-  if (!baseSha)
-    return null
+  if (!baseSha) return null

  try {
    const relativePath = `web/i18n/en-US/${fileStem}.json`
-    const content = execFileSync('git', ['show', `${baseSha}:${relativePath}`], { encoding: 'utf8' })
+    const content = execFileSync('git', ['show', `${baseSha}:${relativePath}`], {
+      encoding: 'utf8',
+    })
    return JSON.parse(content)
-  }
-  catch {
+  } catch {
    return null
  }
 }

-const compareJson = (beforeValue, afterValue) => JSON.stringify(beforeValue) === JSON.stringify(afterValue)
+const compareJson = (beforeValue, afterValue) =>
+  JSON.stringify(beforeValue) === JSON.stringify(afterValue)

 const changes = {}

@ -59,8 +59,7 @@ for (const fileStem of files) {
  }

  for (const key of Object.keys(beforeJson)) {
-    if (!(key in afterJson))
-      deleted.push(key)
+    if (!(key in afterJson)) deleted.push(key)
  }

  changes[fileStem] = {
@ -78,5 +77,5 @@ fs.writeFileSync(
    headSha,
    files,
    changes,
-  })
+  }),
 )
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@ -25,7 +25,7 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
@ -87,7 +87,7 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
@ -151,7 +151,7 @@ jobs:
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
--- a/.github/workflows/autofix.yml
+++ b/.github/workflows/autofix.yml
@ -1,12 +1,12 @@
 name: autofix.ci
 on:
  pull_request:
-    branches: ["main"]
+    branches: ['main']
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]
  push:
-    branches: ["main"]
+    branches: ['main']
 permissions:
  contents: read

@ -44,6 +44,12 @@ jobs:
            pnpm-lock.yaml
            pnpm-workspace.yaml
            .nvmrc
+            vite.config.ts
+            eslint.config.mjs
+            web/eslint.config.mjs
+            .vscode/**
+            .github/workflows/autofix.yml
+            .github/workflows/style.yml
      - name: Check api inputs
        if: github.event_name != 'merge_group'
        id: api-changes
@ -63,7 +69,7 @@ jobs:
      - if: github.event_name != 'merge_group'
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
-          python-version: "3.11"
+          python-version: '3.11'

      - if: github.event_name != 'merge_group'
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
@ -146,6 +152,12 @@ jobs:
        if: github.event_name != 'merge_group' && steps.api-changes.outputs.any_changed == 'true'
        run: pnpm --dir packages/contracts gen-api-contract-from-openapi

+      - name: Format web files
+        if: github.event_name != 'merge_group' && steps.web-changes.outputs.any_changed == 'true'
+        env:
+          CHANGED_FILES: ${{ steps.web-changes.outputs.all_changed_files }}
+        run: vp fmt --no-error-on-unmatched-pattern $CHANGED_FILES
+
      - name: ESLint autofix
        if: github.event_name != 'merge_group' && steps.web-changes.outputs.any_changed == 'true'
        run: |
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@ -3,14 +3,14 @@ name: Build and Push API & Web
 on:
  push:
    branches:
-      - "main"
-      - "deploy/**"
-      - "build/**"
-      - "release/e-*"
-      - "hotfix/**"
-      - "feat/hitl-backend"
+      - 'main'
+      - 'deploy/**'
+      - 'build/**'
+      - 'release/e-*'
+      - 'hotfix/**'
+      - 'feat/hitl-backend'
    tags:
-      - "*"
+      - '*'

 concurrency:
  group: build-push-${{ github.head_ref || github.run_id }}
@ -32,32 +32,32 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "build-api-amd64"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            artifact_context: "api"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
+          - service_name: 'build-api-amd64'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            artifact_context: 'api'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-api-arm64"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            artifact_context: "api"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
+          - service_name: 'build-api-arm64'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            artifact_context: 'api'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-web-amd64"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            artifact_context: "web"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'build-web-amd64'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            artifact_context: 'web'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-          - service_name: "build-web-arm64"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            artifact_context: "web"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'build-web-arm64'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            artifact_context: 'web'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4

@ -116,12 +116,12 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "validate-api-amd64"
-            build_context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "validate-web-amd64"
-            build_context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'validate-api-amd64'
+            build_context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'validate-web-amd64'
+            build_context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
@ -141,12 +141,12 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "merge-api-images"
-            image_name_env: "DIFY_API_IMAGE_NAME"
-            context: "api"
-          - service_name: "merge-web-images"
-            image_name_env: "DIFY_WEB_IMAGE_NAME"
-            context: "web"
+          - service_name: 'merge-api-images'
+            image_name_env: 'DIFY_API_IMAGE_NAME'
+            context: 'api'
+          - service_name: 'merge-web-images'
+            image_name_env: 'DIFY_WEB_IMAGE_NAME'
+            context: 'web'
    steps:
      - name: Download digests
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
--- a/.github/workflows/cli-e2e.yml
+++ b/.github/workflows/cli-e2e.yml
@ -4,19 +4,19 @@ on:
  workflow_dispatch:
    inputs:
      cli_ref:
-        description: "Git ref (default: current branch)"
+        description: 'Git ref (default: current branch)'
        type: string
        required: false

      edition:
-        description: "Dify edition"
+        description: 'Dify edition'
        type: choice
        required: false
        default: ee
        options: [ee, ce]

      test_scope:
-        description: "smoke = [P0] only  /  full = all cases"
+        description: 'smoke = [P0] only  /  full = all cases'
        type: choice
        required: false
        default: full
@ -24,23 +24,23 @@ on:

      # ── Suite on/off ────────────────────────────────────────────────────────
      suite_framework_output_error:
-        description: "framework + output + error-handling suites"
+        description: 'framework + output + error-handling suites'
        type: boolean
        default: true
      suite_discovery:
-        description: "discovery suite (get app / describe app)"
+        description: 'discovery suite (get app / describe app)'
        type: boolean
        default: true
      suite_run:
-        description: "run suite (basic / streaming / conversation / file / hitl)"
+        description: 'run suite (basic / streaming / conversation / file / hitl)'
        type: boolean
        default: true
      suite_auth:
-        description: "auth suite (login / status / whoami / use / devices / logout)"
+        description: 'auth suite (login / status / whoami / use / devices / logout)'
        type: boolean
        default: true
      suite_agent:
-        description: "agent suite"
+        description: 'agent suite'
        type: boolean
        default: true

@ -51,32 +51,31 @@ permissions:
 # Each job reads DIFY_E2E_TOKEN + app IDs from the provision job outputs,
 # so global-setup skips minting and finds existing apps in < 10 s.
 env:
-  DIFY_E2E_NO_KEYRING: "1"   # Linux CI has no keychain; skip probe
-  VITEST_RETRY:        "2"    # Retry flaky staging responses
+  DIFY_E2E_NO_KEYRING: '1' # Linux CI has no keychain; skip probe
+  VITEST_RETRY: '2' # Retry flaky staging responses

 jobs:
-
-# ════════════════════════════════════════════════════════════════════════════
-# 0. PROVISION — mint token + import DSL fixtures (runs once, outputs IDs)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 0. PROVISION — mint token + import DSL fixtures (runs once, outputs IDs)
+  # ════════════════════════════════════════════════════════════════════════════
  provision:
-    name: "Provision: mint token + DSL apps"
+    name: 'Provision: mint token + DSL apps'
    runs-on: ubuntu-latest
    timeout-minutes: 10
    outputs:
-      token:                      ${{ steps.out.outputs.DIFY_E2E_TOKEN }}
-      workspace_id:               ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_ID }}
-      workspace_name:             ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_NAME }}
-      ws2_id:                     ${{ steps.out.outputs.DIFY_E2E_WS2_ID }}
-      chat_app_id:                ${{ steps.out.outputs.DIFY_E2E_CHAT_APP_ID }}
-      workflow_app_id:            ${{ steps.out.outputs.DIFY_E2E_WORKFLOW_APP_ID }}
-      file_app_id:                ${{ steps.out.outputs.DIFY_E2E_FILE_APP_ID }}
-      file_chat_app_id:           ${{ steps.out.outputs.DIFY_E2E_FILE_CHAT_APP_ID }}
-      hitl_app_id:                ${{ steps.out.outputs.DIFY_E2E_HITL_APP_ID }}
-      hitl_external_app_id:       ${{ steps.out.outputs.DIFY_E2E_HITL_EXTERNAL_APP_ID }}
-      hitl_single_action_app_id:  ${{ steps.out.outputs.DIFY_E2E_HITL_SINGLE_ACTION_APP_ID }}
-      hitl_multi_node_app_id:     ${{ steps.out.outputs.DIFY_E2E_HITL_MULTI_NODE_APP_ID }}
-      ws2_app_id:                 ${{ steps.out.outputs.DIFY_E2E_WS2_APP_ID }}
+      token: ${{ steps.out.outputs.DIFY_E2E_TOKEN }}
+      workspace_id: ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_ID }}
+      workspace_name: ${{ steps.out.outputs.DIFY_E2E_WORKSPACE_NAME }}
+      ws2_id: ${{ steps.out.outputs.DIFY_E2E_WS2_ID }}
+      chat_app_id: ${{ steps.out.outputs.DIFY_E2E_CHAT_APP_ID }}
+      workflow_app_id: ${{ steps.out.outputs.DIFY_E2E_WORKFLOW_APP_ID }}
+      file_app_id: ${{ steps.out.outputs.DIFY_E2E_FILE_APP_ID }}
+      file_chat_app_id: ${{ steps.out.outputs.DIFY_E2E_FILE_CHAT_APP_ID }}
+      hitl_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_APP_ID }}
+      hitl_external_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_EXTERNAL_APP_ID }}
+      hitl_single_action_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_SINGLE_ACTION_APP_ID }}
+      hitl_multi_node_app_id: ${{ steps.out.outputs.DIFY_E2E_HITL_MULTI_NODE_APP_ID }}
+      ws2_app_id: ${{ steps.out.outputs.DIFY_E2E_WS2_APP_ID }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
@ -101,18 +100,18 @@ jobs:
        id: out
        working-directory: cli
        env:
-          DIFY_E2E_HOST:     ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:    ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_TOKEN:    ${{ secrets.DIFY_E2E_TOKEN }}
-          DIFY_E2E_EDITION:  ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ secrets.DIFY_E2E_TOKEN }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
        run: bun scripts/e2e-provision.ts

-# ════════════════════════════════════════════════════════════════════════════
-# 1-B. framework + output + error-handling (parallel with run/discovery)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-B. framework + output + error-handling (parallel with run/discovery)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-framework-output-error:
-    name: "Suite: framework + output + error-handling"
+    name: 'Suite: framework + output + error-handling'
    if: ${{ inputs.suite_framework_output_error != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -138,16 +137,16 @@ jobs:

      - name: Run framework + output + error-handling
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_CHAT_APP_ID:    ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/framework/**/*.e2e.ts,test/e2e/suites/output/**/*.e2e.ts,test/e2e/suites/error-handling/**/*.e2e.ts"
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/framework/**/*.e2e.ts,test/e2e/suites/output/**/*.e2e.ts,test/e2e/suites/error-handling/**/*.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -155,11 +154,11 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 1-C. Discovery (parallel)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-C. Discovery (parallel)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-discovery:
-    name: "Suite: discovery"
+    name: 'Suite: discovery'
    if: ${{ inputs.suite_discovery != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -185,17 +184,17 @@ jobs:

      - name: Run discovery suite
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:         ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_CHAT_APP_ID:    ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/discovery/**/*.e2e.ts"
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/discovery/**/*.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -203,11 +202,11 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 1-D. Run suite — 5 files in matrix (parallel)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-D. Run suite — 5 files in matrix (parallel)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-run:
-    name: "Suite: run / ${{ matrix.name }}"
+    name: 'Suite: run / ${{ matrix.name }}'
    if: ${{ inputs.suite_run != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -246,25 +245,25 @@ jobs:
      - run: pnpm install --frozen-lockfile
      - run: pnpm tree:gen

-      - name: "Run run/${{ matrix.name }}"
+      - name: 'Run run/${{ matrix.name }}'
        env:
-          DIFY_E2E_HOST:                      ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:                     ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:                  ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:                   ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_SSO_TOKEN:                 ${{ secrets.DIFY_E2E_SSO_TOKEN }}
-          DIFY_E2E_TOKEN:                     ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:              ${{ needs.provision.outputs.workspace_id }}
-          DIFY_E2E_WORKSPACE_NAME:            ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_CHAT_APP_ID:               ${{ needs.provision.outputs.chat_app_id }}
-          DIFY_E2E_WORKFLOW_APP_ID:           ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_FILE_APP_ID:               ${{ needs.provision.outputs.file_app_id }}
-          DIFY_E2E_FILE_CHAT_APP_ID:          ${{ needs.provision.outputs.file_chat_app_id }}
-          DIFY_E2E_HITL_APP_ID:               ${{ needs.provision.outputs.hitl_app_id }}
-          DIFY_E2E_HITL_EXTERNAL_APP_ID:      ${{ needs.provision.outputs.hitl_external_app_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_SSO_TOKEN: ${{ secrets.DIFY_E2E_SSO_TOKEN }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
+          DIFY_E2E_FILE_APP_ID: ${{ needs.provision.outputs.file_app_id }}
+          DIFY_E2E_FILE_CHAT_APP_ID: ${{ needs.provision.outputs.file_chat_app_id }}
+          DIFY_E2E_HITL_APP_ID: ${{ needs.provision.outputs.hitl_app_id }}
+          DIFY_E2E_HITL_EXTERNAL_APP_ID: ${{ needs.provision.outputs.hitl_external_app_id }}
          DIFY_E2E_HITL_SINGLE_ACTION_APP_ID: ${{ needs.provision.outputs.hitl_single_action_app_id }}
-          DIFY_E2E_HITL_MULTI_NODE_APP_ID:    ${{ needs.provision.outputs.hitl_multi_node_app_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/run/${{ matrix.file }}"
+          DIFY_E2E_HITL_MULTI_NODE_APP_ID: ${{ needs.provision.outputs.hitl_multi_node_app_id }}
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/run/${{ matrix.file }}'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -280,11 +279,11 @@ jobs:
          path: cli/test-results/
          retention-days: 3

-# ════════════════════════════════════════════════════════════════════════════
-# 1-E. auth/login + status + whoami (parallel, read-only, safe)
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 1-E. auth/login + status + whoami (parallel, read-only, safe)
+  # ════════════════════════════════════════════════════════════════════════════
  suite-auth-safe:
-    name: "Suite: auth (login / status / whoami)"
+    name: 'Suite: auth (login / status / whoami)'
    if: ${{ inputs.suite_auth != 'false' }}
    needs: provision
    runs-on: ubuntu-latest
@ -310,15 +309,15 @@ jobs:

      - name: Run auth/login + status + whoami
        env:
-          DIFY_E2E_HOST:           ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:          ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:       ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:        ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:          ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:   ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:         ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_INCLUDE: "test/e2e/suites/auth/login.e2e.ts,test/e2e/suites/auth/status.e2e.ts,test/e2e/suites/auth/whoami.e2e.ts"
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_INCLUDE: 'test/e2e/suites/auth/login.e2e.ts,test/e2e/suites/auth/status.e2e.ts,test/e2e/suites/auth/whoami.e2e.ts'
        run: |
          if [ "${{ inputs.test_scope }}" = "smoke" ]; then
            pnpm test:e2e -- -t "\[P0\]"
@ -326,13 +325,13 @@ jobs:
            pnpm test:e2e
          fi

-# ════════════════════════════════════════════════════════════════════════════
-# 2. DESTRUCTIVE — auth/use + devices + logout + agent (serial, runs LAST)
-#    Must wait for ALL parallel suites to finish to avoid token revocation
-#    invalidating other in-flight requests.
-# ════════════════════════════════════════════════════════════════════════════
+  # ════════════════════════════════════════════════════════════════════════════
+  # 2. DESTRUCTIVE — auth/use + devices + logout + agent (serial, runs LAST)
+  #    Must wait for ALL parallel suites to finish to avoid token revocation
+  #    invalidating other in-flight requests.
+  # ════════════════════════════════════════════════════════════════════════════
  suite-last:
-    name: "Suite: auth-use + devices + logout + agent (last, serial)"
+    name: 'Suite: auth-use + devices + logout + agent (last, serial)'
    # Runs when auth is selected; also runs after all parallel jobs finish
    if: ${{ inputs.suite_auth != 'false' || inputs.suite_agent != 'false' }}
    needs:
@ -366,20 +365,20 @@ jobs:

      - name: Run use / devices / logout / agent (serial)
        env:
-          DIFY_E2E_HOST:                      ${{ secrets.DIFY_E2E_HOST }}
-          DIFY_E2E_EMAIL:                     ${{ secrets.DIFY_E2E_EMAIL }}
-          DIFY_E2E_PASSWORD:                  ${{ secrets.DIFY_E2E_PASSWORD }}
-          DIFY_E2E_EDITION:                   ${{ inputs.edition || 'ee' }}
-          DIFY_E2E_TOKEN:                     ${{ needs.provision.outputs.token }}
-          DIFY_E2E_WORKSPACE_ID:              ${{ needs.provision.outputs.workspace_id }}
-          DIFY_E2E_WORKSPACE_NAME:            ${{ needs.provision.outputs.workspace_name }}
-          DIFY_E2E_WS2_ID:                    ${{ needs.provision.outputs.ws2_id }}
-          DIFY_E2E_CHAT_APP_ID:               ${{ needs.provision.outputs.chat_app_id }}
-          DIFY_E2E_WORKFLOW_APP_ID:           ${{ needs.provision.outputs.workflow_app_id }}
-          DIFY_E2E_HITL_APP_ID:               ${{ needs.provision.outputs.hitl_app_id }}
-          DIFY_E2E_HITL_EXTERNAL_APP_ID:      ${{ needs.provision.outputs.hitl_external_app_id }}
+          DIFY_E2E_HOST: ${{ secrets.DIFY_E2E_HOST }}
+          DIFY_E2E_EMAIL: ${{ secrets.DIFY_E2E_EMAIL }}
+          DIFY_E2E_PASSWORD: ${{ secrets.DIFY_E2E_PASSWORD }}
+          DIFY_E2E_EDITION: ${{ inputs.edition || 'ee' }}
+          DIFY_E2E_TOKEN: ${{ needs.provision.outputs.token }}
+          DIFY_E2E_WORKSPACE_ID: ${{ needs.provision.outputs.workspace_id }}
+          DIFY_E2E_WORKSPACE_NAME: ${{ needs.provision.outputs.workspace_name }}
+          DIFY_E2E_WS2_ID: ${{ needs.provision.outputs.ws2_id }}
+          DIFY_E2E_CHAT_APP_ID: ${{ needs.provision.outputs.chat_app_id }}
+          DIFY_E2E_WORKFLOW_APP_ID: ${{ needs.provision.outputs.workflow_app_id }}
+          DIFY_E2E_HITL_APP_ID: ${{ needs.provision.outputs.hitl_app_id }}
+          DIFY_E2E_HITL_EXTERNAL_APP_ID: ${{ needs.provision.outputs.hitl_external_app_id }}
          DIFY_E2E_HITL_SINGLE_ACTION_APP_ID: ${{ needs.provision.outputs.hitl_single_action_app_id }}
-          DIFY_E2E_HITL_MULTI_NODE_APP_ID:    ${{ needs.provision.outputs.hitl_multi_node_app_id }}
+          DIFY_E2E_HITL_MULTI_NODE_APP_ID: ${{ needs.provision.outputs.hitl_multi_node_app_id }}
        run: |
          # Collect files in safe order: use → devices → logout (revokes last) → agent
          FILES=()
--- a/.github/workflows/cli-edge.yml
+++ b/.github/workflows/cli-edge.yml
@ -1,74 +0,0 @@
-name: CLI Edge Publish
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - 'cli/**'
-      - 'packages/contracts/generated/api/openapi/**'
-  workflow_dispatch:
-
-concurrency:
-  group: difyctl-edge-publish
-  cancel-in-progress: false
-
-jobs:
-  publish:
-    name: build + publish edge to R2
-    runs-on: ${{ github.repository == 'langgenius/dify' && 'depot-ubuntu-24.04' || 'ubuntu-24.04' }}
-    if: vars.DIFYCTL_R2_BUCKET != ''
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./cli
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Enable cross-arch native prebuilds
-        working-directory: ./
-        run: cat cli/scripts/cross-arch.pnpm.yaml >> pnpm-workspace.yaml
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.2
-        with:
-          bun-version-file: cli/.bun-version
-
-      - name: Compute edge version
-        id: ver
-        run: echo "version=$(node scripts/release-naming.mjs edge-version "$(git rev-parse --short HEAD)")" >> "$GITHUB_OUTPUT"
-
-      - name: Compile standalone binaries (all targets, all-or-nothing)
-        run: |
-          CLI_VERSION="${{ steps.ver.outputs.version }}" \
-          DIFYCTL_CHANNEL=edge \
-          DIFYCTL_COMMIT="$(git rev-parse HEAD)" \
-          DIFYCTL_BUILD_DATE="$(git log -1 --format=%cI HEAD)" \
-            pnpm build:bin
-
-      - name: Generate sha256 checksums
-        run: CLI_VERSION="${{ steps.ver.outputs.version }}" scripts/release-write-checksums.sh
-
-      - name: Smoke the runner-arch binary
-        run: ./dist/bin/difyctl-v${{ steps.ver.outputs.version }}-linux-x64 version
-
-      - name: Publish to R2
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIFYCTL_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIFYCTL_R2_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: auto
-          AWS_REQUEST_CHECKSUM_CALCULATION: WHEN_REQUIRED
-          AWS_RESPONSE_CHECKSUM_VALIDATION: WHEN_REQUIRED
-          DIFYCTL_R2_S3_ENDPOINT: ${{ vars.DIFYCTL_R2_S3_ENDPOINT }}
-          DIFYCTL_R2_BUCKET: ${{ vars.DIFYCTL_R2_BUCKET }}
-          DIFYCTL_R2_PUBLIC_BASE: ${{ vars.DIFYCTL_R2_PUBLIC_BASE }}
-          DIFYCTL_COMMIT: ${{ github.sha }}
-        run: |
-          DIFYCTL_BUILD_DATE="$(git log -1 --format=%cI HEAD)" \
-            scripts/release-r2-publish.sh edge "${{ steps.ver.outputs.version }}"
--- a/.github/workflows/cli-smoke.yml
+++ b/.github/workflows/cli-smoke.yml
@ -4,11 +4,11 @@ on:
  workflow_dispatch:
    inputs:
      dify_version:
-        description: "Dify image tag to test against (e.g. 1.7.0)"
+        description: 'Dify image tag to test against (e.g. 1.7.0)'
        type: string
        required: true
      cli_ref:
-        description: "Git ref to build the cli from (default: current branch)"
+        description: 'Git ref to build the cli from (default: current branch)'
        type: string
        required: false

--- a/.github/workflows/db-migration-test.yml
+++ b/.github/workflows/db-migration-test.yml
@ -22,7 +22,7 @@ jobs:
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -72,7 +72,7 @@ jobs:
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
--- a/.github/workflows/deploy-agent.yml
+++ b/.github/workflows/deploy-agent.yml
@ -1,28 +0,0 @@
-name: Deploy Agent
-
-permissions:
-  contents: read
-
-on:
-  workflow_run:
-    workflows: ["Build and Push API & Web"]
-    branches:
-      - "deploy/agent"
-    types:
-      - completed
-
-jobs:
-  deploy:
-    runs-on: depot-ubuntu-24.04
-    if: |
-      github.event.workflow_run.conclusion == 'success' &&
-      github.event.workflow_run.head_branch == 'deploy/agent'
-    steps:
-      - name: Deploy to server
-        uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5
-        with:
-          host: ${{ secrets.AGENT_SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_PRIVATE_KEY }}
-          script: |
-            ${{ vars.SSH_SCRIPT_AGENT || secrets.SSH_SCRIPT_AGENT }}
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@ -2,9 +2,9 @@ name: Deploy Dev

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/dev"
+      - 'deploy/dev'
    types:
      - completed

--- a/.github/workflows/deploy-enterprise.yml
+++ b/.github/workflows/deploy-enterprise.yml
@ -5,9 +5,9 @@ permissions:

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/enterprise"
+      - 'deploy/enterprise'
    types:
      - completed

--- a/.github/workflows/deploy-hitl.yml
+++ b/.github/workflows/deploy-hitl.yml
@ -2,9 +2,9 @@ name: Deploy HITL

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "build/feat/hitl"
+      - 'build/feat/hitl'
    types:
      - completed

--- a/.github/workflows/deploy-saas.yml
+++ b/.github/workflows/deploy-saas.yml
@ -5,9 +5,9 @@ permissions:

 on:
  workflow_run:
-    workflows: ["Build and Push API & Web"]
+    workflows: ['Build and Push API & Web']
    branches:
-      - "deploy/saas"
+      - 'deploy/saas'
    types:
      - completed

--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@ -3,7 +3,7 @@ name: Build docker image
 on:
  pull_request:
    branches:
-      - "main"
+      - 'main'
    paths:
      - api/Dockerfile
      - api/Dockerfile.dockerignore
@ -28,26 +28,26 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "api-amd64"
+          - service_name: 'api-amd64'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "api-arm64"
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'api-arm64'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "web-amd64"
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'web-amd64'
            platform: linux/amd64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
-          - service_name: "web-arm64"
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
+          - service_name: 'web-arm64'
            platform: linux/arm64
            runs_on: depot-ubuntu-24.04-4
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Depot CLI
        uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1
@ -69,12 +69,12 @@ jobs:
    strategy:
      matrix:
        include:
-          - service_name: "api-amd64"
-            context: "{{defaultContext}}"
-            file: "api/Dockerfile"
-          - service_name: "web-amd64"
-            context: "{{defaultContext}}"
-            file: "web/Dockerfile"
+          - service_name: 'api-amd64'
+            context: '{{defaultContext}}'
+            file: 'api/Dockerfile'
+          - service_name: 'web-amd64'
+            context: '{{defaultContext}}'
+            file: 'web/Dockerfile'
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@ -1,4 +1,4 @@
-name: "Pull Request Labeler"
+name: 'Pull Request Labeler'
 on:
  pull_request_target:

--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@ -2,12 +2,12 @@ name: Main CI Pipeline

 on:
  pull_request:
-    branches: ["main"]
+    branches: ['main']
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]
  push:
-    branches: ["main"]
+    branches: ['main']

 permissions:
  actions: write
--- a/.github/workflows/semantic-pull-request.yml
+++ b/.github/workflows/semantic-pull-request.yml
@ -8,7 +8,7 @@ on:
      - reopened
      - synchronize
  merge_group:
-    branches: ["main"]
+    branches: ['main']
    types: [checks_requested]

 jobs:
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -11,7 +11,6 @@ on:

 jobs:
  stale:
-
    runs-on: depot-ubuntu-24.04
    permissions:
      issues: write
@ -23,8 +22,8 @@ jobs:
          days-before-issue-stale: 15
          days-before-issue-close: 3
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: "Closed due to inactivity. If you have any questions, you can reopen it."
-          stale-pr-message: "Closed due to inactivity. If you have any questions, you can reopen it."
+          stale-issue-message: 'Closed due to inactivity. If you have any questions, you can reopen it.'
+          stale-pr-message: 'Closed due to inactivity. If you have any questions, you can reopen it.'
          stale-issue-label: 'no-issue-activity'
          stale-pr-label: 'no-pr-activity'
          any-of-labels: '🌚 invalid,🙋‍♂️ question,wont-fix,no-issue-activity,no-pr-activity,💪 enhancement,🤔 cant-reproduce,🙏 help wanted'
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@ -36,7 +36,7 @@ jobs:
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: false
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install dependencies
@ -132,7 +132,10 @@ jobs:
            pnpm-lock.yaml
            pnpm-workspace.yaml
            .nvmrc
+            vite.config.ts
            eslint.config.mjs
+            .vscode/**
+            .github/workflows/autofix.yml
            .github/workflows/style.yml
            .github/actions/setup-web/**

@ -140,6 +143,12 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        uses: ./.github/actions/setup-web

+      - name: Format check
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+        run: vp fmt --check --no-error-on-unmatched-pattern $CHANGED_FILES
+
      - name: Restore ESLint cache
        if: steps.changed-files.outputs.any_changed == 'true'
        id: eslint-cache-restore
--- a/.github/workflows/vdb-tests-full.yml
+++ b/.github/workflows/vdb-tests-full.yml
@ -20,7 +20,7 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
@ -48,16 +48,16 @@ jobs:
      - name: Install dependencies
        run: uv sync --project api --dev

-#      - name: Set up Vector Store (TiDB)
-#        uses: hoverkraft-tech/compose-action@v2.0.2
-#        with:
-#          compose-file: docker/tidb/docker-compose.yaml
-#          services: |
-#            tidb
-#            tiflash
+      #      - name: Set up Vector Store (TiDB)
+      #        uses: hoverkraft-tech/compose-action@v2.0.2
+      #        with:
+      #          compose-file: docker/tidb/docker-compose.yaml
+      #          services: |
+      #            tidb
+      #            tiflash

-#      - name: Check VDB Ready (TiDB)
-#        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py
+      #      - name: Check VDB Ready (TiDB)
+      #        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py

      - name: Test Vector Stores
        run: |
--- a/.github/workflows/vdb-tests.yml
+++ b/.github/workflows/vdb-tests.yml
@ -17,7 +17,7 @@ jobs:
    strategy:
      matrix:
        python-version:
-          - "3.12"
+          - '3.12'

    steps:
      - name: Checkout code
@ -45,16 +45,16 @@ jobs:
      - name: Install dependencies
        run: uv sync --project api --dev

-#      - name: Set up Vector Store (TiDB)
-#        uses: hoverkraft-tech/compose-action@v2.0.2
-#        with:
-#          compose-file: docker/tidb/docker-compose.yaml
-#          services: |
-#            tidb
-#            tiflash
+      #      - name: Set up Vector Store (TiDB)
+      #        uses: hoverkraft-tech/compose-action@v2.0.2
+      #        with:
+      #          compose-file: docker/tidb/docker-compose.yaml
+      #          services: |
+      #            tidb
+      #            tiflash

-#      - name: Check VDB Ready (TiDB)
-#        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py
+      #      - name: Check VDB Ready (TiDB)
+      #        run: uv run --project api python api/providers/vdb/tidb-vector/tests/integration_tests/check_tiflash_ready.py

      - name: Test Vector Stores
        run: |
--- a/.github/workflows/web-e2e.yml
+++ b/.github/workflows/web-e2e.yml
@ -31,7 +31,7 @@ jobs:
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: true
-          python-version: "3.12"
+          python-version: '3.12'
          cache-dependency-glob: api/uv.lock

      - name: Install API dependencies
@ -47,7 +47,7 @@ jobs:
          E2E_ADMIN_EMAIL: e2e-admin@example.com
          E2E_ADMIN_NAME: E2E Admin
          E2E_ADMIN_PASSWORD: E2eAdmin12345
-          E2E_FORCE_WEB_BUILD: "1"
+          E2E_FORCE_WEB_BUILD: '1'
          E2E_INIT_PASSWORD: E2eInit12345
        run: vp run e2e:full

--- a/.github/workflows/web-tests.yml
+++ b/.github/workflows/web-tests.yml
@ -113,7 +113,7 @@ jobs:
        run: vp exec playwright install --with-deps chromium

      - name: Run dify-ui tests
-        run: vp test run --project unit --coverage --silent=passed-only
+        run: vp test run --coverage --silent=passed-only

      - name: Report coverage
        if: ${{ env.CODECOV_TOKEN != '' }}
@ -123,26 +123,3 @@ jobs:
          flags: dify-ui
        env:
          CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
-
-  dify-ui-storybook-test:
-    name: dify-ui Storybook Tests
-    runs-on: depot-ubuntu-24.04-4
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./packages/dify-ui
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Setup web environment
-        uses: ./.github/actions/setup-web
-
-      - name: Install Chromium for Browser Mode
-        run: vp exec playwright install --with-deps chromium
-
-      - name: Run dify-ui Storybook tests
-        run: vp run test:storybook
--- a/.vscode/settings.example.json
+++ b/.vscode/settings.example.json
@ -1,31 +1,17 @@
 {
-  "cucumber.features": [
-    "e2e/features/**/*.feature",
-  ],
-  "cucumber.glue": [
-    "e2e/features/**/*.ts",
-  ],
+  "cucumber.features": ["e2e/features/**/*.feature"],
+  "cucumber.glue": ["e2e/features/**/*.ts"],

  "tailwindCSS.experimental.configFile": "web/app/styles/globals.css",

-  // Auto fix
-  "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": "explicit",
-  },
+  // Format
+  "editor.formatOnSave": true,
+  "oxc.fmt.configPath": "./vite.config.ts",

-  // Silent the stylistic rules in your IDE, but still auto fix them
-  "eslint.rules.customizations": [
-    { "rule": "style/*", "severity": "off", "fixable": true },
-    { "rule": "format/*", "severity": "off", "fixable": true },
-    { "rule": "*-indent", "severity": "off", "fixable": true },
-    { "rule": "*-spacing", "severity": "off", "fixable": true },
-    { "rule": "*-spaces", "severity": "off", "fixable": true },
-    { "rule": "*-order", "severity": "off", "fixable": true },
-    { "rule": "*-dangle", "severity": "off", "fixable": true },
-    { "rule": "*-newline", "severity": "off", "fixable": true },
-    { "rule": "*quotes", "severity": "off", "fixable": true },
-    { "rule": "*semi", "severity": "off", "fixable": true }
-  ],
+  // Lint fix
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit"
+  },

  // Enable eslint for all supported languages
  "eslint.validate": [
--- a/AGENTS.md
+++ b/AGENTS.md
@ -31,7 +31,7 @@ The codebase is split into:
 ## Language Style

 - **Python**: Keep type hints on functions and attributes, and implement relevant special methods (e.g., `__repr__`, `__str__`). Prefer `TypedDict` over `dict` or `Mapping` for type safety and better code documentation.
- **TypeScript**: Use the strict config, rely on ESLint (`pnpm lint:fix` preferred) plus `pnpm type-check`, and avoid `any` types.
+- **TypeScript**: Use the strict config, rely on `vp fmt` for formatting, ESLint for lint-only fixes, plus `pnpm type-check`, and avoid `any` types.

 ## General Practices

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -34,11 +34,11 @@ Don't forget to link an existing issue or open a new issue in the PR's descripti

 How we prioritize:

-| Issue Type | Priority |
-| ------------------------------------------------------------ | --------------- |
-| Bugs in core functions (cloud service, cannot login, applications not working, security loopholes) | Critical |
-| Non-critical bugs, performance boosts | Medium Priority |
-| Minor fixes (typos, confusing but working UI) | Low Priority |
+| Issue Type                                                                                         | Priority        |
+| -------------------------------------------------------------------------------------------------- | --------------- |
+| Bugs in core functions (cloud service, cannot login, applications not working, security loopholes) | Critical        |
+| Non-critical bugs, performance boosts                                                              | Medium Priority |
+| Minor fixes (typos, confusing but working UI)                                                      | Low Priority    |

 ### Feature requests

@ -52,12 +52,12 @@ How we prioritize:

 How we prioritize:

-| Feature Type | Priority |
-| ------------------------------------------------------------ | --------------- |
-| High-Priority Features as being labeled by a team member | High Priority |
+| Feature Type                                                                                                                      | Priority        |
+| --------------------------------------------------------------------------------------------------------------------------------- | --------------- |
+| High-Priority Features as being labeled by a team member                                                                          | High Priority   |
 | Popular feature requests from our [community feedback board](https://github.com/langgenius/dify/discussions/categories/feedbacks) | Medium Priority |
-| Non-core features and minor enhancements | Low Priority |
-| Valuable but not immediate | Future-Feature |
+| Non-core features and minor enhancements                                                                                          | Low Priority    |
+| Valuable but not immediate                                                                                                        | Future-Feature  |

 ## Submitting your PR

--- a/api/.env.example
+++ b/api/.env.example
@ -774,11 +774,3 @@ EVENT_BUS_LISTENER_JOIN_TIMEOUT_MS=2000
 ENABLE_HUMAN_INPUT_TIMEOUT_TASK=true
 # Human input timeout check interval in minutes
 HUMAN_INPUT_TIMEOUT_TASK_INTERVAL=1
-
-# Nacos remote settings source HTTP timeouts (seconds).
-# Bound how long requests to the Nacos endpoint wait before failing, so a slow or
-# unresponsive Nacos server cannot stall API startup or token refresh.
-# Read timeout for Nacos requests (default: 10.0)
-DIFY_ENV_NACOS_REQUEST_TIMEOUT=10.0
-# Connect timeout for Nacos requests (default: 3.0)
-DIFY_ENV_NACOS_CONNECT_TIMEOUT=3.0
--- a/api/clients/agent_backend/request_builder.py
+++ b/api/clients/agent_backend/request_builder.py
@ -19,7 +19,6 @@ from agenton.compositor.schemas import LayerSessionSnapshot
 from agenton.layers import ExitIntent
 from agenton_collections.layers.plain import PLAIN_PROMPT_LAYER_TYPE_ID, PromptLayerConfig
 from agenton_collections.layers.pydantic_ai import PYDANTIC_AI_HISTORY_LAYER_TYPE_ID
-from dify_agent.layers.ask_human import DIFY_ASK_HUMAN_LAYER_TYPE_ID, DifyAskHumanLayerConfig
 from dify_agent.layers.dify_plugin import (
    DIFY_PLUGIN_LLM_LAYER_TYPE_ID,
    DIFY_PLUGIN_TOOLS_LAYER_TYPE_ID,
@ -39,7 +38,6 @@ from dify_agent.protocol import (
    DIFY_AGENT_MODEL_LAYER_ID,
    DIFY_AGENT_OUTPUT_LAYER_ID,
    CreateRunRequest,
-    DeferredToolResultsPayload,
    LayerExitSignals,
    RunComposition,
    RunLayerSpec,
@ -55,7 +53,6 @@ AGENT_APP_USER_PROMPT_LAYER_ID = "agent_app_user_prompt"
 DIFY_EXECUTION_CONTEXT_LAYER_ID = "execution_context"
 DIFY_DRIVE_LAYER_ID = "drive"
 DIFY_PLUGIN_TOOLS_LAYER_ID = "tools"
-DIFY_ASK_HUMAN_LAYER_ID = "ask_human"
 DIFY_SHELL_LAYER_ID = "shell"


@ -142,18 +139,11 @@ class AgentBackendWorkflowNodeRunInput(BaseModel):
    # Drive Skills & Files declaration (dify.drive) — an index the agent pulls
    # through the back proxy, never inline content; see AGENT_DRIVE_MANIFEST_ENABLED.
    drive_config: DifyDriveLayerConfig | None = None
-    # Human-in-the-loop ask_human deferred tool (dify.ask_human). Present only when
-    # the Agent Soul configures human involvement; a deferred call ends the run and
-    # the workflow pauses via the existing HITL form mechanism (ENG-635).
-    ask_human_config: DifyAskHumanLayerConfig | None = None
    # Inject the sandboxed shell layer (dify.shell). Requires the agent backend
    # to be wired with a shellctl entrypoint; see configs AGENT_SHELL_ENABLED.
    include_shell: bool = False
    shell_config: DifyShellLayerConfig | None = None
    session_snapshot: CompositorSessionSnapshot | None = None
-    # Human tool results fed back into a continuation run after a HITL submission
-    # (ENG-638). Keyed by the original deferred tool_call_id.
-    deferred_tool_results: DeferredToolResultsPayload | None = None
    include_history: bool = True
    suspend_on_exit: bool = True
    metadata: dict[str, JsonValue] = Field(default_factory=dict)
@ -188,17 +178,11 @@ class AgentBackendAgentAppRunInput(BaseModel):
    # Drive Skills & Files declaration (dify.drive) — an index the agent pulls
    # through the back proxy, never inline content; see AGENT_DRIVE_MANIFEST_ENABLED.
    drive_config: DifyDriveLayerConfig | None = None
-    # Human-in-the-loop ask_human deferred tool (dify.ask_human). Present only when
-    # the Agent Soul configures human involvement (ENG-635).
-    ask_human_config: DifyAskHumanLayerConfig | None = None
    # Inject the sandboxed shell layer (dify.shell). Requires the agent backend
    # to be wired with a shellctl entrypoint; see configs AGENT_SHELL_ENABLED.
    include_shell: bool = False
    shell_config: DifyShellLayerConfig | None = None
    session_snapshot: CompositorSessionSnapshot | None = None
-    # Human tool results fed back into a continuation run after a HITL submission
-    # (ENG-638). Keyed by the original deferred tool_call_id.
-    deferred_tool_results: DeferredToolResultsPayload | None = None
    include_history: bool = True
    suspend_on_exit: bool = True
    metadata: dict[str, JsonValue] = Field(default_factory=dict)
@ -300,19 +284,6 @@ class AgentBackendRunRequestBuilder:
                )
            )

-        if run_input.ask_human_config is not None:
-            # Human-in-the-loop ask_human deferred tool (dify.ask_human). A call ends
-            # the run with a deferred_tool_call; the caller pauses (workflow HITL) and
-            # later resumes with deferred_tool_results. Needs the history layer above.
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_ASK_HUMAN_LAYER_ID,
-                    type=DIFY_ASK_HUMAN_LAYER_TYPE_ID,
-                    metadata=run_input.metadata,
-                    config=run_input.ask_human_config,
-                )
-            )
-
        if run_input.include_shell:
            # Sandboxed bash workspace (dify.shell). Depends on execution_context so
            # the agent server can mint per-command Agent Stub env (back proxy);
@ -347,7 +318,6 @@ class AgentBackendRunRequestBuilder:
            idempotency_key=run_input.idempotency_key,
            metadata=run_input.metadata,
            session_snapshot=run_input.session_snapshot,
-            deferred_tool_results=run_input.deferred_tool_results,
            on_exit=LayerExitSignals(
                default=ExitIntent.SUSPEND if run_input.suspend_on_exit else ExitIntent.DELETE,
            ),
@ -483,19 +453,6 @@ class AgentBackendRunRequestBuilder:
                )
            )

-        if run_input.ask_human_config is not None:
-            # Human-in-the-loop ask_human deferred tool (dify.ask_human). A call ends
-            # the run with a deferred_tool_call; the caller pauses (workflow HITL) and
-            # later resumes with deferred_tool_results. Needs the history layer above.
-            layers.append(
-                RunLayerSpec(
-                    name=DIFY_ASK_HUMAN_LAYER_ID,
-                    type=DIFY_ASK_HUMAN_LAYER_TYPE_ID,
-                    metadata=run_input.metadata,
-                    config=run_input.ask_human_config,
-                )
-            )
-
        if run_input.include_shell:
            # Sandboxed bash workspace (dify.shell). Depends on execution_context so
            # the agent server can mint per-command Agent Stub env (back proxy);
@ -530,7 +487,6 @@ class AgentBackendRunRequestBuilder:
            idempotency_key=run_input.idempotency_key,
            metadata=run_input.metadata,
            session_snapshot=run_input.session_snapshot,
-            deferred_tool_results=run_input.deferred_tool_results,
            on_exit=LayerExitSignals(
                default=ExitIntent.SUSPEND if run_input.suspend_on_exit else ExitIntent.DELETE,
            ),
--- a/api/commands/init.py
+++ b/api/commands/init.py
@ -11,7 +11,6 @@ from .data_migration import (
    migration_data_wizard,
 )
 from .plugin import (
-    backfill_plugin_auto_upgrade,
    extract_plugins,
    extract_unique_plugins,
    install_plugins,
@ -50,7 +49,6 @@ from .vector import (
 __all__ = [
    "add_qdrant_index",
    "archive_workflow_runs",
-    "backfill_plugin_auto_upgrade",
    "clean_expired_messages",
    "clean_workflow_runs",
    "cleanup_orphaned_draft_variables",
--- a/api/commands/plugin.py
+++ b/api/commands/plugin.py
@ -1,11 +1,10 @@
 import json
 import logging
-import time
 from typing import Any, cast

 import click
 from pydantic import TypeAdapter
-from sqlalchemy import delete, func, select
+from sqlalchemy import delete, select
 from sqlalchemy.engine import CursorResult

 from configs import dify_config
@ -16,13 +15,11 @@ from core.plugin.plugin_service import PluginService
 from core.tools.utils.system_encryption import encrypt_system_params
 from extensions.ext_database import db
 from models import Tenant
-from models.account import TenantPluginAutoUpgradeStrategy
 from models.oauth import DatasourceOauthParamConfig, DatasourceProvider
 from models.provider_ids import DatasourceProviderID, ToolProviderID
 from models.source import DataSourceApiKeyAuthBinding, DataSourceOauthBinding
 from models.tools import ToolOAuthSystemClient
 from services.plugin.data_migration import PluginDataMigration
-from services.plugin.plugin_auto_upgrade_service import PluginAutoUpgradeService
 from services.plugin.plugin_migration import PluginMigration

 logger = logging.getLogger(__name__)
@ -405,110 +402,6 @@ def migrate_data_for_plugin():
    click.echo(click.style("Migrate data for plugin completed.", fg="green"))


-def _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit: int | None = None):
-    category_count = len(TenantPluginAutoUpgradeStrategy.PluginCategory)
-    stmt = (
-        select(TenantPluginAutoUpgradeStrategy.tenant_id)
-        .group_by(TenantPluginAutoUpgradeStrategy.tenant_id)
-        .having(func.count(func.distinct(TenantPluginAutoUpgradeStrategy.category)) < category_count)
-        .order_by(TenantPluginAutoUpgradeStrategy.tenant_id)
-    )
-
-    if limit is not None:
-        stmt = stmt.limit(limit)
-
-    return stmt
-
-
-def _count_auto_upgrade_strategy_tenant_ids(limit: int | None) -> int:
-    candidate_stmt = _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit).subquery()
-    return db.session.scalar(select(func.count()).select_from(candidate_stmt)) or 0
-
-
-def _iter_auto_upgrade_strategy_tenant_ids(limit: int | None):
-    stmt = _candidate_auto_upgrade_strategy_tenant_ids_stmt(limit).execution_options(yield_per=1000)
-    yield from db.session.scalars(stmt)
-
-
-@click.command(
-    "backfill-plugin-auto-upgrade",
-    help="Backfill category-scoped plugin auto-upgrade strategies and normalize plugin lists.",
-)
-@click.option("--tenant-id", multiple=True, help="Tenant ID to backfill. Can be passed multiple times.")
-@click.option("--limit", type=int, default=None, help="Maximum number of candidate tenants to process.")
-@click.option("--batch-size", type=int, default=500, show_default=True, help="Progress reporting batch size.")
-@click.option("--dry-run", is_flag=True, help="Only print candidate tenant count.")
-def backfill_plugin_auto_upgrade(
-    tenant_id: tuple[str, ...],
-    limit: int | None,
-    batch_size: int,
-    dry_run: bool,
-):
-    """
-    Backfill historical auto-upgrade strategies after the category column exists.
-
-    Missing category rows are created from the tenant's tool/default row. Pure default
-    strategies become latest for model plugins and fix-only for all other categories.
-    Tenants with include/exclude plugin IDs are split
-    by installed plugin category using plugin daemon metadata.
-    """
-    start_at = time.perf_counter()
-    candidate_count = len(tenant_id) if tenant_id else _count_auto_upgrade_strategy_tenant_ids(limit)
-    click.echo(click.style(f"Found {candidate_count} candidate tenants.", fg="yellow"))
-
-    if dry_run:
-        elapsed = time.perf_counter() - start_at
-        click.echo(click.style(f"Dry run completed. elapsed={elapsed:.2f}s", fg="green"))
-        return
-
-    tenant_ids = list(tenant_id) if tenant_id else _iter_auto_upgrade_strategy_tenant_ids(limit)
-
-    backfilled_count = 0
-    created_count = 0
-    normalized_count = 0
-    skipped_count = 0
-    failed_count = 0
-    for index, current_tenant_id in enumerate(tenant_ids, start=1):
-        try:
-            result = PluginAutoUpgradeService.backfill_strategy_categories(
-                current_tenant_id,
-            )
-        except Exception as e:
-            failed_count += 1
-            click.echo(click.style(f"Failed tenant {current_tenant_id}: {str(e)}", fg="red"))
-            continue
-
-        if result.created_count > 0:
-            backfilled_count += 1
-            created_count += result.created_count
-        elif not result.normalized:
-            skipped_count += 1
-        if result.normalized:
-            normalized_count += 1
-
-        if batch_size > 0 and index % batch_size == 0:
-            click.echo(
-                click.style(
-                    f"Processed {index}/{candidate_count} tenants. "
-                    f"backfilled={backfilled_count}, created_rows={created_count}, "
-                    f"normalized={normalized_count}, skipped={skipped_count}, failed={failed_count}, "
-                    f"elapsed={time.perf_counter() - start_at:.2f}s",
-                    fg="yellow",
-                )
-            )
-
-    elapsed = time.perf_counter() - start_at
-    click.echo(
-        click.style(
-            f"Backfill plugin auto-upgrade strategy categories completed. "
-            f"backfilled={backfilled_count}, created_rows={created_count}, "
-            f"normalized={normalized_count}, skipped={skipped_count}, failed={failed_count}, "
-            f"elapsed={elapsed:.2f}s",
-            fg="green",
-        )
-    )
-
-
@click.command("extract-plugins", help="Extract plugins.")
@click.option("--output_file", prompt=True, help="The file to store the extracted plugins.", default="plugins.jsonl")
@click.option("--workers", prompt=True, help="The number of workers to extract plugins.", default=10)
--- a/api/configs/remote_settings_sources/nacos/http_request.py
+++ b/api/configs/remote_settings_sources/nacos/http_request.py
@ -20,12 +20,6 @@ class NacosHttpClient:
        self.token: str | None = None
        self.token_ttl = 18000
        self.token_expire_time: float = 0
-        # Bounded timeouts so a slow or unresponsive Nacos server cannot hang the API
-        # service indefinitely during startup or token refresh.
-        self.timeout = httpx.Timeout(
-            float(os.getenv("DIFY_ENV_NACOS_REQUEST_TIMEOUT", "10.0")),
-            connect=float(os.getenv("DIFY_ENV_NACOS_CONNECT_TIMEOUT", "3.0")),
-        )

    def http_request(
        self, url: str, method: str = "GET", headers: dict[str, str] | None = None, params: dict[str, str] | None = None
@ -34,17 +28,12 @@ class NacosHttpClient:
            headers = {}
        if params is None:
            params = {}
-        full_url = "http://" + self.server + url
        try:
            self._inject_auth_info(headers, params)
-            response = httpx.request(method, url=full_url, headers=headers, params=params, timeout=self.timeout)
+            response = httpx.request(method, url="http://" + self.server + url, headers=headers, params=params)
            response.raise_for_status()
            return response.text
-        except httpx.TimeoutException as e:
-            logger.warning("Request to Nacos timed out (url=%s, timeout=%s): %s", full_url, self.timeout, e)
-            return f"Request to Nacos timed out: {e}"
        except httpx.RequestError as e:
-            logger.warning("Request to Nacos failed (url=%s): %s", full_url, e)
            return f"Request to Nacos failed: {e}"

    def _inject_auth_info(self, headers: dict[str, str], params: dict[str, str], module: str = "config") -> None:
@ -89,16 +78,13 @@ class NacosHttpClient:
        params = {"username": self.username, "password": self.password}
        url = "http://" + self.server + "/nacos/v1/auth/login"
        try:
-            resp = httpx.request("POST", url, headers=None, params=params, timeout=self.timeout)
+            resp = httpx.request("POST", url, headers=None, params=params)
            resp.raise_for_status()
            response_data = resp.json()
            self.token = response_data.get("accessToken")
            self.token_ttl = response_data.get("tokenTtl", 18000)
            self.token_expire_time = current_time + self.token_ttl - 10
            return self.token
-        except httpx.TimeoutException:
-            logger.exception("[get-access-token] request to Nacos timed out (url=%s, timeout=%s)", url, self.timeout)
-            raise
        except Exception:
            logger.exception("[get-access-token] exception occur")
            raise
--- a/api/controllers/console/agent/app_helpers.py
+++ b/api/controllers/console/agent/app_helpers.py
@ -1,10 +0,0 @@
-from uuid import UUID
-
-from extensions.ext_database import db
-from models.model import App
-from services.agent.roster_service import AgentRosterService
-
-
-def resolve_agent_app_model(*, tenant_id: str, agent_id: UUID) -> App:
-    """Resolve the hidden Agent App backing an Agent Console resource."""
-    return AgentRosterService(db.session).get_agent_app_model(tenant_id=tenant_id, agent_id=str(agent_id))
--- a/api/controllers/console/agent/composer.py
+++ b/api/controllers/console/agent/composer.py
@ -1,10 +1,7 @@
-from uuid import UUID
-
 from flask_restx import Resource

 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
    account_initialization_required,
@ -38,10 +35,6 @@ register_response_schema_models(
 )


-def _resolve_agent_app_id(*, tenant_id: str, agent_id: UUID) -> str:
-    return resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id).id
-
-
@console_ns.route("/apps/<uuid:app_id>/workflows/draft/nodes/<string:node_id>/agent-composer")
 class WorkflowAgentComposerApi(Resource):
    @console_ns.response(
@ -183,18 +176,18 @@ class WorkflowAgentComposerSaveToRosterApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/composer")
-class AgentComposerApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer")
+class AgentAppComposerApi(Resource):
    @console_ns.response(200, "Agent app composer state", console_ns.models[AgentAppComposerResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        return dump_response(
            AgentAppComposerResponse,
-            AgentComposerService.load_agent_app_composer(tenant_id=tenant_id, app_id=app_id),
+            AgentComposerService.load_agent_app_composer(tenant_id=tenant_id, app_id=app_model.id),
        )

    @console_ns.expect(console_ns.models[ComposerSavePayload.__name__])
@ -203,24 +196,24 @@ class AgentComposerApi(Resource):
    @login_required
    @account_initialization_required
    @edit_permission_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user_id
    @with_current_tenant_id
-    def put(self, tenant_id: str, account_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def put(self, tenant_id: str, account_id: str, app_model: App):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        return dump_response(
            AgentAppComposerResponse,
            AgentComposerService.save_agent_app_composer(
                tenant_id=tenant_id,
-                app_id=app_id,
+                app_id=app_model.id,
                account_id=account_id,
                payload=payload,
            ),
        )


-@console_ns.route("/agent/<uuid:agent_id>/composer/validate")
-class AgentComposerValidateApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer/validate")
+class AgentAppComposerValidateApi(Resource):
    @console_ns.expect(console_ns.models[ComposerSavePayload.__name__])
    @console_ns.response(
        200, "Agent app composer validation result", console_ns.models[AgentComposerValidateResponse.__name__]
@ -228,36 +221,36 @@ class AgentComposerValidateApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID):
-        _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, tenant_id: str, app_model: App):
        payload = ComposerSavePayload.model_validate(console_ns.payload or {})
        ComposerConfigValidator.validate_save_payload(payload)
        findings = AgentComposerService.collect_validation_findings(
            tenant_id=tenant_id,
            payload=payload,
-            agent_id=str(agent_id),
+            agent_id=AgentComposerService.resolve_bound_agent_id(tenant_id=tenant_id, app_id=app_model.id),
        )
        return dump_response(AgentComposerValidateResponse, {"result": "success", "errors": [], **findings})


-@console_ns.route("/agent/<uuid:agent_id>/composer/candidates")
-class AgentComposerCandidatesApi(Resource):
+@console_ns.route("/apps/<uuid:app_id>/agent-composer/candidates")
+class AgentAppComposerCandidatesApi(Resource):
    @console_ns.response(
        200, "Agent app composer candidates", console_ns.models[AgentComposerCandidatesResponse.__name__]
    )
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user_id
    @with_current_tenant_id
-    def get(self, tenant_id: str, current_user_id: str, agent_id: UUID):
-        app_id = _resolve_agent_app_id(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, current_user_id: str, app_model: App):
        return dump_response(
            AgentComposerCandidatesResponse,
            AgentComposerService.get_agent_app_candidates(
                tenant_id=tenant_id,
-                app_id=app_id,
+                app_id=app_model.id,
                user_id=current_user_id,
            ),
        )
--- a/api/controllers/console/agent/roster.py
+++ b/api/controllers/console/agent/roster.py
@ -6,21 +6,10 @@ from pydantic import BaseModel, Field

 from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.app.app import (
-    AppDetailWithSite,
-    AppListQuery,
-    AppPagination,
-    UpdateAppPayload,
-    _normalize_app_list_query_args,
-)
 from controllers.console.wraps import (
    account_initialization_required,
-    cloud_edition_billing_resource_check,
-    edit_permission_required,
-    enterprise_license_required,
    setup_required,
    with_current_tenant_id,
-    with_current_user,
 )
 from extensions.ext_database import db
 from fields.agent_fields import (
@ -29,17 +18,12 @@ from fields.agent_fields import (
    AgentInviteOptionsResponse,
    AgentPublishedReferenceResponse,
    AgentRosterListResponse,
+    AgentRosterResponse,
 )
 from libs.helper import dump_response
 from libs.login import login_required
-from models import Account
-from models.model import IconType
-from services.agent.errors import AgentNotFoundError
 from services.agent.roster_service import AgentRosterService
-from services.app_service import AppListParams, AppService, CreateAppParams
-from services.enterprise.enterprise_service import EnterpriseService
 from services.entities.agent_entities import RosterListQuery
-from services.feature_service import FeatureService


 class AgentInviteOptionsQuery(RosterListQuery):
@ -50,38 +34,20 @@ class AgentIdPath(BaseModel):
    agent_id: str


-class AgentAppCreatePayload(BaseModel):
-    name: str = Field(..., min_length=1, description="Agent name")
-    description: str | None = Field(default=None, description="Agent description (max 400 chars)", max_length=400)
-    role: str = Field(default="", description="Agent role", max_length=255)
-    icon_type: IconType | None = Field(default=None, description="Icon type")
-    icon: str | None = Field(default=None, description="Icon")
-    icon_background: str | None = Field(default=None, description="Icon background color")
-
-
-class AgentAppUpdatePayload(UpdateAppPayload):
-    role: str | None = Field(default=None, description="Agent role", max_length=255)
-
-
 register_schema_models(
    console_ns,
-    AgentAppCreatePayload,
-    AgentAppUpdatePayload,
    AgentInviteOptionsQuery,
    AgentIdPath,
-    AppListQuery,
-    UpdateAppPayload,
    RosterListQuery,
 )
 register_response_schema_models(
    console_ns,
-    AppDetailWithSite,
-    AppPagination,
    AgentConfigSnapshotDetailResponse,
    AgentConfigSnapshotListResponse,
    AgentInviteOptionsResponse,
    AgentPublishedReferenceResponse,
    AgentRosterListResponse,
+    AgentRosterResponse,
 )


@ -89,152 +55,25 @@ def _agent_roster_service() -> AgentRosterService:
    return AgentRosterService(db.session)


-def _serialize_agent_app_detail(app_model) -> dict:
-    app_model = AppService().get_app(app_model)
-    if FeatureService.get_system_features().webapp_auth.enabled:
-        app_setting = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id=str(app_model.id))
-        app_model.access_mode = app_setting.access_mode  # type: ignore[attr-defined]
-
-    agent = _agent_roster_service().get_app_backing_agent(tenant_id=app_model.tenant_id, app_id=app_model.id)
-    if not agent:
-        raise AgentNotFoundError()
-    payload = AppDetailWithSite.model_validate(app_model, from_attributes=True).model_dump(mode="json")
-    payload.pop("bound_agent_id", None)
-    payload["app_id"] = str(app_model.id)
-    payload["id"] = agent.id
-    payload["role"] = agent.role or ""
-    return payload
-
-
-def _serialize_agent_app_pagination(app_pagination, *, tenant_id: str) -> dict:
-    app_ids = [str(app.id) for app in app_pagination.items]
-    agents_by_app_id = _agent_roster_service().load_app_backing_agents_by_app_id(
-        tenant_id=tenant_id,
-        app_ids=app_ids,
-    )
-    payload = AppPagination.model_validate(app_pagination, from_attributes=True).model_dump(mode="json")
-    for item in payload["data"]:
-        app_id = item["id"]
-        item.pop("bound_agent_id", None)
-        agent = agents_by_app_id.get(app_id)
-        if agent:
-            item["app_id"] = app_id
-            item["id"] = agent.id
-            item["role"] = agent.role or ""
-    return payload
-
-
-def _resolve_agent_app_model(*, tenant_id: str, agent_id: UUID):
-    return _agent_roster_service().get_agent_app_model(tenant_id=tenant_id, agent_id=str(agent_id))
-
-
-@console_ns.route("/agent")
-class AgentAppListApi(Resource):
-    @console_ns.doc(params=query_params_from_model(AppListQuery))
-    @console_ns.response(200, "Agent app list", console_ns.models[AppPagination.__name__])
+@console_ns.route("/agents")
+class AgentRosterListApi(Resource):
+    @console_ns.doc(params=query_params_from_model(RosterListQuery))
+    @console_ns.response(200, "Agent roster list", console_ns.models[AgentRosterListResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
-    @with_current_user
    @with_current_tenant_id
-    def get(self, current_tenant_id: str, current_user: Account):
-        args = AppListQuery.model_validate(_normalize_app_list_query_args(request.args))
-        params = AppListParams(
-            page=args.page,
-            limit=args.limit,
-            mode="agent",
-            name=args.name,
-            tag_ids=args.tag_ids,
-            creator_ids=args.creator_ids,
-            is_created_by_me=args.is_created_by_me,
-            status="normal",
+    def get(self, tenant_id: str):
+        query = RosterListQuery.model_validate(request.args.to_dict(flat=True))
+        return dump_response(
+            AgentRosterListResponse,
+            _agent_roster_service().list_roster_agents(
+                tenant_id=tenant_id, page=query.page, limit=query.limit, keyword=query.keyword
+            ),
        )

-        app_pagination = AppService().get_paginate_apps(current_user.id, current_tenant_id, params)
-        if app_pagination is None:
-            empty = AppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
-            return empty.model_dump(mode="json")

-        return _serialize_agent_app_pagination(app_pagination, tenant_id=current_tenant_id)
-
-    @console_ns.expect(console_ns.models[AgentAppCreatePayload.__name__])
-    @console_ns.response(201, "Agent app created successfully", console_ns.models[AppDetailWithSite.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @console_ns.response(400, "Invalid request parameters")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @cloud_edition_billing_resource_check("apps")
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user: Account):
-        args = AgentAppCreatePayload.model_validate(console_ns.payload)
-        params = CreateAppParams(
-            name=args.name,
-            description=args.description,
-            mode="agent",
-            agent_role=args.role,
-            icon_type=args.icon_type,
-            icon=args.icon,
-            icon_background=args.icon_background,
-        )
-
-        app = AppService().create_app(current_tenant_id, params, current_user)
-        return _serialize_agent_app_detail(app), 201
-
-
-@console_ns.route("/agent/<uuid:agent_id>")
-class AgentAppApi(Resource):
-    @console_ns.response(200, "Agent app detail", console_ns.models[AppDetailWithSite.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _serialize_agent_app_detail(app_model)
-
-    @console_ns.expect(console_ns.models[AgentAppUpdatePayload.__name__])
-    @console_ns.response(200, "Agent app updated successfully", console_ns.models[AppDetailWithSite.__name__])
-    @console_ns.response(403, "Insufficient permissions")
-    @console_ns.response(400, "Invalid request parameters")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_tenant_id
-    def put(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        args = AgentAppUpdatePayload.model_validate(console_ns.payload)
-        args_dict: AppService.ArgsDict = {
-            "name": args.name,
-            "description": args.description or "",
-            "icon_type": args.icon_type,
-            "icon": args.icon or "",
-            "icon_background": args.icon_background or "",
-            "use_icon_as_answer_icon": args.use_icon_as_answer_icon or False,
-            "max_active_requests": args.max_active_requests or 0,
-            "role": args.role,
-        }
-        updated = AppService().update_app(app_model, args_dict)
-        return _serialize_agent_app_detail(updated)
-
-    @console_ns.response(204, "Agent app deleted successfully")
-    @console_ns.response(403, "Insufficient permissions")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, agent_id: UUID):
-        app_model = _resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        AppService().delete_app(app_model)
-        return "", 204
-
-
-@console_ns.route("/agent/invite-options")
+@console_ns.route("/agents/invite-options")
 class AgentInviteOptionsApi(Resource):
    @console_ns.doc(params=query_params_from_model(AgentInviteOptionsQuery))
    @console_ns.response(200, "Agent invite options", console_ns.models[AgentInviteOptionsResponse.__name__])
@ -256,7 +95,21 @@ class AgentInviteOptionsApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/versions")
+@console_ns.route("/agents/<uuid:agent_id>")
+class AgentRosterDetailApi(Resource):
+    @console_ns.response(200, "Agent detail", console_ns.models[AgentRosterResponse.__name__])
+    @setup_required
+    @login_required
+    @account_initialization_required
+    @with_current_tenant_id
+    def get(self, tenant_id: str, agent_id: UUID):
+        return dump_response(
+            AgentRosterResponse,
+            _agent_roster_service().get_roster_agent_detail(tenant_id=tenant_id, agent_id=str(agent_id)),
+        )
+
+
+@console_ns.route("/agents/<uuid:agent_id>/versions")
 class AgentRosterVersionsApi(Resource):
    @console_ns.response(200, "Agent versions", console_ns.models[AgentConfigSnapshotListResponse.__name__])
    @setup_required
@ -270,7 +123,7 @@ class AgentRosterVersionsApi(Resource):
        )


-@console_ns.route("/agent/<uuid:agent_id>/versions/<uuid:version_id>")
+@console_ns.route("/agents/<uuid:agent_id>/versions/<uuid:version_id>")
 class AgentRosterVersionDetailApi(Resource):
    @console_ns.response(200, "Agent version detail", console_ns.models[AgentConfigSnapshotDetailResponse.__name__])
    @setup_required
--- a/api/controllers/console/app/agent.py
+++ b/api/controllers/console/app/agent.py
@ -1,6 +1,5 @@
 import logging
 from typing import Any
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -14,14 +13,8 @@ from controllers.common.schema import (
    register_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import (
-    account_initialization_required,
-    setup_required,
-    with_current_tenant_id,
-    with_current_user,
-)
+from controllers.console.wraps import account_initialization_required, setup_required, with_current_user
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from libs.helper import uuid_value
@ -49,7 +42,7 @@ from services.file_service import FileService

 logger = logging.getLogger(__name__)

-_WORKFLOW_AGENT_DRIVE_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]
+_AGENT_DRIVE_APP_MODES = [AppMode.AGENT, AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]


 class AgentLogQuery(BaseModel):
@ -79,10 +72,6 @@ class AgentDriveDeleteFileQuery(AgentDriveMutationQuery):
    key: str = Field(min_length=1, description="Drive key, e.g. files/sample.pdf")


-class AgentDriveDeleteFileByAgentQuery(BaseModel):
-    key: str = Field(min_length=1, description="Drive key, e.g. files/sample.pdf")
-
-
 class AgentLogMetaResponse(ResponseModel):
    status: str
    executor: str
@ -149,7 +138,7 @@ class AgentDriveDeleteResponse(ResponseModel):
    config_version_id: str | None = None


-register_schema_models(console_ns, AgentLogQuery, AgentDriveFilePayload, AgentDriveDeleteFileByAgentQuery)
+register_schema_models(console_ns, AgentLogQuery, AgentDriveFilePayload)
 register_response_schema_models(
    console_ns,
    AgentDriveDeleteResponse,
@ -163,7 +152,7 @@ register_response_schema_models(


 def _resolve_agent_id(app_model: App, node_id: str | None) -> str | None:
-    if node_id and app_model.mode != AppMode.AGENT:
+    if node_id:
        return AgentComposerService.resolve_workflow_node_agent_id(
            tenant_id=app_model.tenant_id, app_id=app_model.id, node_id=node_id
        )
@ -174,192 +163,6 @@ def _agent_not_bound() -> tuple[dict[str, str], int]:
    return {"code": "agent_not_bound", "message": "no agent is bound for this app/node"}, 400


-def _upload_skill_for_app(*, current_user: Account):
-    if "file" not in request.files:
-        return {"code": "no_file", "message": "no skill file uploaded"}, 400
-    if len(request.files) > 1:
-        return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400
-
-    upload = request.files["file"]
-    content = upload.stream.read()
-    try:
-        manifest = SkillPackageService().validate_and_extract(content=content, filename=upload.filename or "")
-    except SkillPackageError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-    upload_file = FileService(db.engine).upload_file(
-        filename=upload.filename or "skill.zip",
-        content=content,
-        mimetype=upload.mimetype or "application/zip",
-        user=current_user,
-    )
-    skill_ref = manifest.to_skill_ref(file_id=upload_file.id)
-    return {"skill": skill_ref.model_dump(exclude_none=True), "manifest": manifest.model_dump()}, 201
-
-
-def _standardize_skill_for_app(*, current_user: Account, app_model: App):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    agent_id = _resolve_agent_id(app_model, query.node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "file" not in request.files:
-        return {"code": "no_file", "message": "no skill file uploaded"}, 400
-    if len(request.files) > 1:
-        return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400
-
-    upload = request.files["file"]
-    content = upload.stream.read()
-    try:
-        result = SkillStandardizeService().standardize(
-            content=content,
-            filename=upload.filename or "",
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-        )
-    except (SkillPackageError, AgentDriveError) as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    return result, 201
-
-
-def _commit_drive_file_for_app(*, current_user: Account, app_model: App, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    payload = AgentDriveFilePayload.model_validate(console_ns.payload or {})
-
-    upload_file = db.session.scalar(
-        select(UploadFile).where(
-            UploadFile.id == payload.upload_file_id,
-            UploadFile.tenant_id == app_model.tenant_id,
-        )
-    )
-    if upload_file is None:
-        return {"code": "upload_file_not_found", "message": "upload file not found in this workspace"}, 404
-
-    try:
-        key = normalize_drive_key(f"files/{upload_file.name}")
-        committed = AgentDriveService().commit(
-            tenant_id=app_model.tenant_id,
-            user_id=current_user.id,
-            agent_id=agent_id,
-            items=[
-                DriveCommitItem(
-                    key=key,
-                    file_ref=DriveFileRef(kind="upload_file", id=upload_file.id),
-                    # ADD FILE uploads exist solely to live in the drive, so the
-                    # drive owns (and physically cleans) the value on delete.
-                    value_owned_by_drive=True,
-                )
-            ],
-        )
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-    row = committed[0]
-    file_ref = AgentFileRefConfig.model_validate(
-        {
-            "id": row["key"],
-            "name": upload_file.name,
-            "file_id": upload_file.id,
-            "drive_key": row["key"],
-            "type": row.get("mime_type"),
-            "size": row.get("size"),
-        }
-    )
-    config_version_id = AgentComposerService.add_drive_file_ref(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        file_ref=file_ref,
-        app_id=app_model.id,
-        node_id=node_id,
-    )
-    return {
-        "file": {
-            "name": upload_file.name,
-            "drive_key": row["key"],
-            "file_id": upload_file.id,
-            "size": row.get("size"),
-            "mime_type": row.get("mime_type"),
-        },
-        "config_version_id": config_version_id,
-    }, 201
-
-
-def _delete_drive_file_for_app(*, current_user: Account, app_model: App, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveDeleteFileQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    try:
-        key = normalize_drive_key(query.key)
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-    config_version_id = AgentComposerService.remove_drive_refs(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        file_key=key,
-        app_id=app_model.id,
-        node_id=node_id,
-    )
-    removed_keys: list[str] = []
-    try:
-        removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, key=key)
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    except Exception:
-        # Soul-first ordering: the ref is already gone; orphan KV rows are
-        # harmless and an idempotent DELETE retry cleans them.
-        logger.exception("agent drive delete failed for key %s (soul already updated)", key)
-    return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}
-
-
-def _delete_skill_for_app(*, current_user: Account, app_model: App, slug: str, allow_node_id: bool = True):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    node_id = query.node_id if allow_node_id else None
-    agent_id = _resolve_agent_id(app_model, node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "/" in slug or not slug.strip():
-        return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
-
-    config_version_id = AgentComposerService.remove_drive_refs(
-        tenant_id=app_model.tenant_id,
-        agent_id=agent_id,
-        account_id=current_user.id,
-        skill_slug=slug,
-        app_id=app_model.id,
-        node_id=node_id,
-    )
-    removed_keys: list[str] = []
-    try:
-        removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=f"{slug}/")
-    except AgentDriveError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-    except Exception:
-        logger.exception("agent drive delete failed for skill %s (soul already updated)", slug)
-    return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}
-
-
-def _infer_skill_tools_for_app(*, app_model: App, slug: str):
-    query = query_params_from_request(AgentDriveMutationQuery)
-    agent_id = _resolve_agent_id(app_model, query.node_id)
-    if not agent_id:
-        return _agent_not_bound()
-    if "/" in slug or not slug.strip():
-        return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
-    try:
-        return SkillToolInferenceService().infer(tenant_id=app_model.tenant_id, agent_id=agent_id, slug=slug)
-    except SkillToolInferenceError as exc:
-        return {"code": exc.code, "message": exc.message}, exc.status_code
-
-
@console_ns.route("/apps/<uuid:app_id>/agent/logs")
 class AgentLogApi(Resource):
    @console_ns.doc("get_agent_logs")
@ -379,23 +182,6 @@ class AgentLogApi(Resource):
        return AgentService.get_agent_logs(app_model, args.conversation_id, args.message_id)


-@console_ns.route("/agent/<uuid:agent_id>/skills/upload")
-class AgentSkillUploadByAgentApi(Resource):
-    @console_ns.doc("upload_agent_skill_by_agent")
-    @console_ns.doc(description="Upload + validate a Skill package for an Agent App")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.response(201, "Skill validated", console_ns.models[AgentSkillUploadResponse.__name__])
-    @console_ns.response(400, "Invalid skill package")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _upload_skill_for_app(current_user=current_user)
-
-
@console_ns.route("/apps/<uuid:app_id>/agent/skills/upload")
 class AgentSkillUploadApi(Resource):
    @console_ns.doc("upload_agent_skill")
@ -406,7 +192,7 @@ class AgentSkillUploadApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def post(self, current_user: Account, app_model: App):
        """Validate an uploaded Skill package and persist the archive.
@ -414,28 +200,26 @@ class AgentSkillUploadApi(Resource):
        Returns a validated skill ref (to bind into the Agent soul config on save)
        plus its manifest. Standardizing into the agent drive is ENG-594.
        """
-        return _upload_skill_for_app(current_user=current_user)
+        if "file" not in request.files:
+            return {"code": "no_file", "message": "no skill file uploaded"}, 400
+        if len(request.files) > 1:
+            return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400

+        upload = request.files["file"]
+        content = upload.stream.read()
+        try:
+            manifest = SkillPackageService().validate_and_extract(content=content, filename=upload.filename or "")
+        except SkillPackageError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code

-@console_ns.route("/agent/<uuid:agent_id>/skills/standardize")
-class AgentSkillStandardizeByAgentApi(Resource):
-    @console_ns.doc("standardize_agent_skill_by_agent")
-    @console_ns.doc(description="Validate + standardize a Skill into an Agent App drive")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.response(
-        201,
-        "Skill standardized into drive",
-        console_ns.models[AgentSkillStandardizeResponse.__name__],
-    )
-    @console_ns.response(400, "Invalid skill package or no bound agent")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _standardize_skill_for_app(current_user=current_user, app_model=app_model)
+        upload_file = FileService(db.engine).upload_file(
+            filename=upload.filename or "skill.zip",
+            content=content,
+            mimetype=upload.mimetype or "application/zip",
+            user=current_user,
+        )
+        skill_ref = manifest.to_skill_ref(file_id=upload_file.id)
+        return {"skill": skill_ref.model_dump(exclude_none=True), "manifest": manifest.model_dump()}, 201


@console_ns.route("/apps/<uuid:app_id>/agent/skills/standardize")
@ -452,43 +236,32 @@ class AgentSkillStandardizeApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def post(self, current_user: Account, app_model: App):
        """Upload a Skill, validate it, and standardize it into the app agent's drive."""
-        return _standardize_skill_for_app(current_user=current_user, app_model=app_model)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "file" not in request.files:
+            return {"code": "no_file", "message": "no skill file uploaded"}, 400
+        if len(request.files) > 1:
+            return {"code": "too_many_files", "message": "only one skill file is allowed"}, 400

-
-@console_ns.route("/agent/<uuid:agent_id>/files")
-class AgentDriveFilesByAgentApi(Resource):
-    @console_ns.doc("commit_agent_drive_file_by_agent")
-    @console_ns.doc(description="Commit an uploaded file into the Agent App drive under files/<name>")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.expect(console_ns.models[AgentDriveFilePayload.__name__])
-    @console_ns.response(
-        201, "File committed into the agent drive", console_ns.models[AgentDriveFileCommitResponse.__name__]
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _commit_drive_file_for_app(current_user=current_user, app_model=app_model, allow_node_id=False)
-
-    @console_ns.doc("delete_agent_drive_file_by_agent")
-    @console_ns.doc(description="Delete one Agent App drive file by key")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveDeleteFileByAgentQuery)})
-    @console_ns.response(200, "File removed", console_ns.models[AgentDriveDeleteResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _delete_drive_file_for_app(current_user=current_user, app_model=app_model, allow_node_id=False)
+        upload = request.files["file"]
+        content = upload.stream.read()
+        try:
+            result = SkillStandardizeService().standardize(
+                content=content,
+                filename=upload.filename or "",
+                tenant_id=app_model.tenant_id,
+                user_id=current_user.id,
+                agent_id=agent_id,
+            )
+        except (SkillPackageError, AgentDriveError) as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        return result, 201


@console_ns.route("/apps/<uuid:app_id>/agent/files")
@ -503,11 +276,73 @@ class AgentDriveFilesApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def post(self, current_user: Account, app_model: App):
        """ADD FILE: commit one uploaded file into the bound agent's drive."""
-        return _commit_drive_file_for_app(current_user=current_user, app_model=app_model)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        payload = AgentDriveFilePayload.model_validate(console_ns.payload or {})
+
+        upload_file = db.session.scalar(
+            select(UploadFile).where(
+                UploadFile.id == payload.upload_file_id,
+                UploadFile.tenant_id == app_model.tenant_id,
+            )
+        )
+        if upload_file is None:
+            return {"code": "upload_file_not_found", "message": "upload file not found in this workspace"}, 404
+
+        try:
+            key = normalize_drive_key(f"files/{upload_file.name}")
+            committed = AgentDriveService().commit(
+                tenant_id=app_model.tenant_id,
+                user_id=current_user.id,
+                agent_id=agent_id,
+                items=[
+                    DriveCommitItem(
+                        key=key,
+                        file_ref=DriveFileRef(kind="upload_file", id=upload_file.id),
+                        # ADD FILE uploads exist solely to live in the drive, so the
+                        # drive owns (and physically cleans) the value on delete.
+                        value_owned_by_drive=True,
+                    )
+                ],
+            )
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+
+        row = committed[0]
+        file_ref = AgentFileRefConfig.model_validate(
+            {
+                "id": row["key"],
+                "name": upload_file.name,
+                "file_id": upload_file.id,
+                "drive_key": row["key"],
+                "type": row.get("mime_type"),
+                "size": row.get("size"),
+            }
+        )
+        config_version_id = AgentComposerService.add_drive_file_ref(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            file_ref=file_ref,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        return {
+            "file": {
+                "name": upload_file.name,
+                "drive_key": row["key"],
+                "file_id": upload_file.id,
+                "size": row.get("size"),
+                "mime_type": row.get("mime_type"),
+            },
+            "config_version_id": config_version_id,
+        }, 201

    @console_ns.doc("delete_agent_drive_file")
    @console_ns.doc(description="Delete one drive file by key; soul ref first, then the KV row (ENG-625 D5)")
@ -516,26 +351,36 @@ class AgentDriveFilesApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def delete(self, current_user: Account, app_model: App):
-        return _delete_drive_file_for_app(current_user=current_user, app_model=app_model)
+        query = query_params_from_request(AgentDriveDeleteFileQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        try:
+            key = normalize_drive_key(query.key)
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code

-
-@console_ns.route("/agent/<uuid:agent_id>/skills/<string:slug>")
-class AgentSkillByAgentApi(Resource):
-    @console_ns.doc("delete_agent_skill_by_agent")
-    @console_ns.doc(description="Delete a standardized skill from an Agent App drive")
-    @console_ns.doc(params={"agent_id": "Agent ID", "slug": "Skill slug (single path segment)"})
-    @console_ns.response(200, "Skill removed", console_ns.models[AgentDriveDeleteResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def delete(self, tenant_id: str, current_user: Account, agent_id: UUID, slug: str):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _delete_skill_for_app(current_user=current_user, app_model=app_model, slug=slug, allow_node_id=False)
+        config_version_id = AgentComposerService.remove_drive_refs(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            file_key=key,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        removed_keys: list[str] = []
+        try:
+            removed_keys = AgentDriveService().delete(tenant_id=app_model.tenant_id, agent_id=agent_id, key=key)
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        except Exception:
+            # Soul-first ordering: the ref is already gone; orphan KV rows are
+            # harmless and an idempotent DELETE retry cleans them.
+            logger.exception("agent drive delete failed for key %s (soul already updated)", key)
+        return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}


@console_ns.route("/apps/<uuid:app_id>/agent/skills/<string:slug>")
@ -555,29 +400,34 @@ class AgentSkillApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    @with_current_user
    def delete(self, current_user: Account, app_model: App, slug: str):
-        return _delete_skill_for_app(current_user=current_user, app_model=app_model, slug=slug)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "/" in slug or not slug.strip():
+            return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400

-
-@console_ns.route("/agent/<uuid:agent_id>/skills/<string:slug>/infer-tools")
-class AgentSkillInferToolsByAgentApi(Resource):
-    @console_ns.doc("infer_agent_skill_tools_by_agent")
-    @console_ns.doc(description="Infer CLI tool + ENV suggestions from a standardized Agent App skill")
-    @console_ns.doc(params={"agent_id": "Agent ID", "slug": "Skill slug (single path segment)"})
-    @console_ns.response(
-        200,
-        "Inference result (draft suggestions, nothing persisted)",
-        console_ns.models[SkillToolInferenceResult.__name__],
-    )
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID, slug: str):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        return _infer_skill_tools_for_app(app_model=app_model, slug=slug)
+        config_version_id = AgentComposerService.remove_drive_refs(
+            tenant_id=app_model.tenant_id,
+            agent_id=agent_id,
+            account_id=current_user.id,
+            skill_slug=slug,
+            app_id=app_model.id,
+            node_id=query.node_id,
+        )
+        removed_keys: list[str] = []
+        try:
+            removed_keys = AgentDriveService().delete(
+                tenant_id=app_model.tenant_id, agent_id=agent_id, prefix=f"{slug}/"
+            )
+        except AgentDriveError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
+        except Exception:
+            logger.exception("agent drive delete failed for skill %s (soul already updated)", slug)
+        return {"result": "success", "removed_keys": removed_keys, "config_version_id": config_version_id}


@console_ns.route("/apps/<uuid:app_id>/agent/skills/<string:slug>/infer-tools")
@ -601,7 +451,16 @@ class AgentSkillInferToolsApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_AGENT_DRIVE_APP_MODES)
+    @get_app_model(mode=_AGENT_DRIVE_APP_MODES)
    def post(self, app_model: App, slug: str):
        """Suggest CLI tools/env for a skill. Saving still goes through composer validation."""
-        return _infer_skill_tools_for_app(app_model=app_model, slug=slug)
+        query = query_params_from_request(AgentDriveMutationQuery)
+        agent_id = _resolve_agent_id(app_model, query.node_id)
+        if not agent_id:
+            return _agent_not_bound()
+        if "/" in slug or not slug.strip():
+            return {"code": "drive_key_invalid", "message": "skill slug must be a single path segment"}, 400
+        try:
+            return SkillToolInferenceService().infer(tenant_id=app_model.tenant_id, agent_id=agent_id, slug=slug)
+        except SkillToolInferenceError as exc:
+            return {"code": exc.code, "message": exc.message}, exc.status_code
--- a/api/controllers/console/app/agent_app_access.py
+++ b/api/controllers/console/app/agent_app_access.py
@ -5,31 +5,25 @@ reference. This exposes the read-only "Workflow access" surface from the PRD:
 which workflow apps use this Agent, without leaking the workflows' internals.
 """

-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import Field

 from controllers.common.schema import register_response_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
+from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from libs.login import login_required
+from models.model import App, AppMode
 from services.agent.roster_service import AgentRosterService


 class AgentReferencingWorkflowResponse(ResponseModel):
    app_id: str
    app_name: str
-    app_icon_type: str | None = None
-    app_icon: str | None = None
-    app_icon_background: str | None = None
    app_mode: str
-    app_updated_at: int | None = None
    workflow_id: str
-    workflow_version: str
    node_ids: list[str] = Field(default_factory=list)


@ -40,23 +34,23 @@ class AgentReferencingWorkflowsResponse(ResponseModel):
 register_response_schema_models(console_ns, AgentReferencingWorkflowsResponse)


-@console_ns.route("/agent/<uuid:agent_id>/referencing-workflows")
+@console_ns.route("/apps/<uuid:app_id>/agent-referencing-workflows")
 class AgentAppReferencingWorkflowsResource(Resource):
    @console_ns.doc("list_agent_app_referencing_workflows")
    @console_ns.doc(description="List workflow apps that reference this Agent App's bound Agent (read-only)")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
+    @console_ns.doc(params={"app_id": "Application ID"})
    @console_ns.response(
        200,
        "Referencing workflows listed successfully",
        console_ns.models[AgentReferencingWorkflowsResponse.__name__],
    )
-    @console_ns.response(404, "Agent not found")
+    @console_ns.response(404, "App not found")
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        workflows = AgentRosterService(db.session).list_workflows_referencing_app_agent(
            tenant_id=tenant_id, app_id=app_model.id
        )
--- a/api/controllers/console/app/agent_app_feature.py
+++ b/api/controllers/console/app/agent_app_feature.py
@ -9,20 +9,17 @@ persists them onto the app's ``app_model_config`` without touching anything the
 Soul owns.
 """

-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import BaseModel, Field

 from controllers.common.fields import SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
+from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
    account_initialization_required,
    edit_permission_required,
    setup_required,
-    with_current_tenant_id,
    with_current_user,
 )
 from events.app_event import app_model_config_was_updated
@ -35,6 +32,7 @@ from models.agent_config_entities import (
    AgentSuggestedQuestionsAfterAnswerFeatureConfig,
    AgentTextToSpeechFeatureConfig,
 )
+from models.model import App, AppMode
 from services.agent_app_feature_service import AgentAppFeatureConfigService


@ -66,23 +64,22 @@ register_schema_models(console_ns, AgentAppFeaturesPayload)
 register_response_schema_models(console_ns, SimpleResultResponse)


-@console_ns.route("/agent/<uuid:agent_id>/features")
+@console_ns.route("/apps/<uuid:app_id>/agent-features")
 class AgentAppFeatureConfigResource(Resource):
    @console_ns.doc("update_agent_app_features")
    @console_ns.doc(description="Update an Agent App's presentation features (opener, follow-up, citations, ...)")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
+    @console_ns.doc(params={"app_id": "Application ID"})
    @console_ns.expect(console_ns.models[AgentAppFeaturesPayload.__name__])
    @console_ns.response(200, "Features updated successfully", console_ns.models[SimpleResultResponse.__name__])
    @console_ns.response(400, "Invalid configuration")
-    @console_ns.response(404, "Agent not found")
+    @console_ns.response(404, "App not found")
    @setup_required
    @login_required
    @edit_permission_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_user
-    @with_current_tenant_id
-    def post(self, tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, current_user: Account, app_model: App):
        args = AgentAppFeaturesPayload.model_validate(console_ns.payload or {})

        new_app_model_config = AgentAppFeatureConfigService.update_features(
--- a/api/controllers/console/app/agent_app_sandbox.py
+++ b/api/controllers/console/app/agent_app_sandbox.py
@ -22,7 +22,6 @@ from controllers.common.schema import (
    register_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
 from fields.base import ResponseModel
@ -133,18 +132,18 @@ def _handle(exc: Exception) -> tuple[dict[str, object], int]:
    raise exc


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files")
 class AgentAppSandboxListResource(Resource):
    @console_ns.doc("list_agent_app_sandbox_files")
    @console_ns.doc(description="List a directory in an Agent App conversation sandbox")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentSandboxListQuery)})
+    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentSandboxListQuery)})
    @console_ns.response(200, "Listing returned", console_ns.models[SandboxListResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        query = query_params_from_request(AgentSandboxListQuery)
        try:
            result = AgentAppSandboxService().list_files(
@ -158,18 +157,18 @@ class AgentAppSandboxListResource(Resource):
        return result.model_dump()


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files/read")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files/read")
 class AgentAppSandboxReadResource(Resource):
    @console_ns.doc("read_agent_app_sandbox_file")
    @console_ns.doc(description="Read a text/binary preview file in an Agent App conversation sandbox")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentSandboxFileQuery)})
+    @console_ns.doc(params={"app_id": "Application ID", **query_params_from_model(AgentSandboxFileQuery)})
    @console_ns.response(200, "Preview returned", console_ns.models[SandboxReadResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def get(self, tenant_id: str, app_model: App):
        query = query_params_from_request(AgentSandboxFileQuery)
        try:
            result = AgentAppSandboxService().read_file(
@ -183,7 +182,7 @@ class AgentAppSandboxReadResource(Resource):
        return result.model_dump()


-@console_ns.route("/agent/<uuid:agent_id>/sandbox/files/upload")
+@console_ns.route("/apps/<uuid:app_id>/agent-sandbox/files/upload")
 class AgentAppSandboxUploadResource(Resource):
    @console_ns.doc("upload_agent_app_sandbox_file")
    @console_ns.doc(description="Upload one Agent App sandbox file as a Dify ToolFile mapping")
@ -192,9 +191,9 @@ class AgentAppSandboxUploadResource(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @get_app_model(mode=[AppMode.AGENT])
    @with_current_tenant_id
-    def post(self, tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
+    def post(self, tenant_id: str, app_model: App):
        payload = AgentSandboxUploadPayload.model_validate(request.get_json(silent=True) or {})
        try:
            result = AgentAppSandboxService().upload_file(
--- a/api/controllers/console/app/agent_drive_inspector.py
+++ b/api/controllers/console/app/agent_drive_inspector.py
@ -10,8 +10,6 @@ backend — drive data lives in the API's own DB/storage, served straight from

 from __future__ import annotations

-from uuid import UUID
-
 from flask_restx import Resource
 from pydantic import BaseModel, Field

@ -21,9 +19,8 @@ from controllers.common.schema import (
    register_response_schema_models,
 )
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.wraps import get_app_model
-from controllers.console.wraps import account_initialization_required, setup_required, with_current_tenant_id
+from controllers.console.wraps import account_initialization_required, setup_required
 from fields.base import ResponseModel
 from libs.login import login_required
 from models.model import App, AppMode
@ -36,19 +33,11 @@ class AgentDriveListQuery(BaseModel):
    node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)")


-class AgentDriveListByAgentQuery(BaseModel):
-    prefix: str = Field(default="", description="Key prefix filter: '<slug>/' for one skill, 'files/' for files")
-
-
 class AgentDriveFileQuery(BaseModel):
    key: str = Field(min_length=1, description="Drive key, e.g. tender-analyzer/SKILL.md")
    node_id: str | None = Field(default=None, description="Workflow node ID (workflow composer variant)")


-class AgentDriveFileByAgentQuery(BaseModel):
-    key: str = Field(min_length=1, description="Drive key, e.g. tender-analyzer/SKILL.md")
-
-
 class AgentDriveItemResponse(ResponseModel):
    key: str
    size: int | None = None
@ -96,66 +85,7 @@ def _handle(exc: AgentDriveError) -> tuple[dict[str, object], int]:
    return {"code": exc.code, "message": exc.message}, exc.status_code


-_WORKFLOW_APP_MODES = [AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files")
-class AgentDriveListByAgentApi(Resource):
-    @console_ns.doc("list_agent_drive_files_by_agent")
-    @console_ns.doc(description="List agent drive entries for an Agent App")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveListByAgentQuery)})
-    @console_ns.response(200, "Drive entries", console_ns.models[AgentDriveListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveListByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            items = AgentDriveService().manifest(tenant_id=tenant_id, agent_id=str(agent_id), prefix=query.prefix)
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"items": [{k: v for k, v in item.items() if k != "file_id"} for item in items]}
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files/preview")
-class AgentDrivePreviewByAgentApi(Resource):
-    @console_ns.doc("preview_agent_drive_file_by_agent")
-    @console_ns.doc(description="Truncated text preview of one Agent App drive value")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveFileByAgentQuery)})
-    @console_ns.response(200, "Preview", console_ns.models[AgentDrivePreviewResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveFileByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            return AgentDriveService().preview(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-        except AgentDriveError as exc:
-            return _handle(exc)
-
-
-@console_ns.route("/agent/<uuid:agent_id>/drive/files/download")
-class AgentDriveDownloadByAgentApi(Resource):
-    @console_ns.doc("download_agent_drive_file_by_agent")
-    @console_ns.doc(description="Time-limited external signed URL for one Agent App drive value")
-    @console_ns.doc(params={"agent_id": "Agent ID", **query_params_from_model(AgentDriveFileByAgentQuery)})
-    @console_ns.response(200, "Signed URL", console_ns.models[AgentDriveDownloadResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, agent_id: UUID):
-        query = query_params_from_request(AgentDriveFileByAgentQuery)
-        resolve_agent_app_model(tenant_id=tenant_id, agent_id=agent_id)
-        try:
-            url = AgentDriveService().download_url(tenant_id=tenant_id, agent_id=str(agent_id), key=query.key)
-        except AgentDriveError as exc:
-            return _handle(exc)
-        return {"url": url}
+_APP_MODES = [AppMode.AGENT, AppMode.WORKFLOW, AppMode.ADVANCED_CHAT]


@console_ns.route("/apps/<uuid:app_id>/agent/drive/files")
@ -167,7 +97,7 @@ class AgentDriveListApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveListQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
@ -191,7 +121,7 @@ class AgentDrivePreviewApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveFileQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
@ -212,7 +142,7 @@ class AgentDriveDownloadApi(Resource):
    @setup_required
    @login_required
    @account_initialization_required
-    @get_app_model(mode=_WORKFLOW_APP_MODES)
+    @get_app_model(mode=_APP_MODES)
    def get(self, app_model: App):
        query = query_params_from_request(AgentDriveFileQuery)
        agent_id = _resolve_agent_id(app_model, query.node_id)
@ -227,9 +157,6 @@ class AgentDriveDownloadApi(Resource):

 __all__ = [
    "AgentDriveDownloadApi",
-    "AgentDriveDownloadByAgentApi",
    "AgentDriveListApi",
-    "AgentDriveListByAgentApi",
    "AgentDrivePreviewApi",
-    "AgentDrivePreviewByAgentApi",
 ]
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@ -1,7 +1,6 @@
 import logging
 import re
 import uuid
-from collections.abc import Sequence
 from datetime import datetime
 from typing import Any, Literal, cast

@ -42,12 +41,12 @@ from core.trigger.constants import TRIGGER_NODE_TYPES
 from extensions.ext_database import db
 from fields.base import ResponseModel
 from graphon.enums import WorkflowExecutionStatus
-from libs.helper import build_icon_url, dump_response, to_timestamp
+from libs.helper import build_icon_url, to_timestamp
 from libs.login import login_required
 from models import Account, App, DatasetPermissionEnum, Workflow
 from models.model import IconType
 from services.app_dsl_service import AppDslService
-from services.app_service import AppListParams, AppListSortBy, AppService, CreateAppParams, StarredAppListParams
+from services.app_service import AppListParams, AppService, CreateAppParams
 from services.enterprise.enterprise_service import EnterpriseService
 from services.entities.dsl_entities import ImportMode, ImportStatus
 from services.entities.knowledge_entities.knowledge_entities import (
@ -64,7 +63,7 @@ from services.entities.knowledge_entities.knowledge_entities import (
 )
 from services.feature_service import FeatureService

-ALLOW_CREATE_APP_MODES = ["chat", "agent-chat", "advanced-chat", "workflow", "completion"]
+ALLOW_CREATE_APP_MODES = ["chat", "agent-chat", "agent", "advanced-chat", "workflow", "completion"]

 register_enum_models(console_ns, IconType)

@ -74,14 +73,10 @@ _CREATOR_IDS_BRACKET_PATTERN = re.compile(r"^creator_ids\[(\d+)\]$")
 AppListMode = Literal["completion", "chat", "advanced-chat", "workflow", "agent-chat", "agent", "channel", "all"]


-class AppListBaseQuery(BaseModel):
+class AppListQuery(BaseModel):
    page: int = Field(default=1, ge=1, le=99999, description="Page number (1-99999)")
    limit: int = Field(default=20, ge=1, le=100, description="Page size (1-100)")
    mode: AppListMode = Field(default=cast(AppListMode, "all"), description="App mode filter")
-    sort_by: AppListSortBy = Field(
-        default="last_modified",
-        description="Sort apps by last modified, recently created, or earliest created",
-    )
    name: str | None = Field(default=None, description="Filter by app name")
    tag_ids: list[str] | None = Field(default=None, description="Filter by tag IDs")
    creator_ids: list[str] | None = Field(default=None, description="Filter by creator account IDs")
@ -124,14 +119,6 @@ class AppListBaseQuery(BaseModel):
            raise ValueError("Invalid UUID format in creator_ids.") from exc


-class AppListQuery(AppListBaseQuery):
-    pass
-
-
-class StarredAppListQuery(AppListBaseQuery):
-    pass
-
-
 def _normalize_app_list_query_args(query_args: MultiDict[str, str]) -> dict[str, str | list[str]]:
    normalized: dict[str, str | list[str]] = {}
    indexed_tag_ids: list[tuple[int, str]] = []
@ -163,7 +150,9 @@ def _normalize_app_list_query_args(query_args: MultiDict[str, str]) -> dict[str,
 class CreateAppPayload(BaseModel):
    name: str = Field(..., min_length=1, description="App name")
    description: str | None = Field(default=None, description="App description (max 400 chars)", max_length=400)
-    mode: Literal["chat", "agent-chat", "advanced-chat", "workflow", "completion"] = Field(..., description="App mode")
+    mode: Literal["chat", "agent-chat", "agent", "advanced-chat", "workflow", "completion"] = Field(
+        ..., description="App mode"
+    )
    icon_type: IconType | None = Field(default=None, description="Icon type")
    icon: str | None = Field(default=None, description="Icon")
    icon_background: str | None = Field(default=None, description="Icon background color")
@ -398,12 +387,6 @@ class AppPartial(ResponseModel):
    create_user_name: str | None = None
    author_name: str | None = None
    has_draft_trigger: bool | None = None
-    # For Agent App type: the roster Agent backing this app (None otherwise).
-    bound_agent_id: str | None = None
-    # For Agent App responses exposed through /agent.
-    app_id: str | None = None
-    role: str | None = None
-    is_starred: bool = False

    @computed_field(return_type=str | None)  # type: ignore
    @property
@ -454,9 +437,6 @@ class AppDetailWithSite(AppDetail):
    site: Site | None = None
    # For Agent App type: the roster Agent backing this app (None otherwise).
    bound_agent_id: str | None = None
-    # For Agent App responses exposed through /agent.
-    app_id: str | None = None
-    role: str | None = None

    @computed_field(return_type=str | None)  # type: ignore
    @property
@ -476,54 +456,12 @@ class AppExportResponse(ResponseModel):
    data: str


-def _enrich_app_list_items(session: Session, *, apps: Sequence[App], tenant_id: str) -> None:
-    if FeatureService.get_system_features().webapp_auth.enabled:
-        app_ids = [str(app.id) for app in apps]
-        res = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids=app_ids)
-        if len(res) != len(app_ids):
-            raise BadRequest("Invalid app id in webapp auth")
-
-        for app in apps:
-            if str(app.id) in res:
-                app.access_mode = res[str(app.id)].access_mode
-
-    workflow_capable_app_ids = [str(app.id) for app in apps if app.mode in {"workflow", "advanced-chat"}]
-    draft_trigger_app_ids: set[str] = set()
-    if workflow_capable_app_ids:
-        draft_workflows = (
-            session.execute(
-                select(Workflow).where(
-                    Workflow.version == Workflow.VERSION_DRAFT,
-                    Workflow.app_id.in_(workflow_capable_app_ids),
-                    Workflow.tenant_id == tenant_id,
-                )
-            )
-            .scalars()
-            .all()
-        )
-        trigger_node_types = TRIGGER_NODE_TYPES
-        for workflow in draft_workflows:
-            node_id = None
-            try:
-                for node_id, node_data in workflow.walk_nodes():
-                    if node_data.get("type") in trigger_node_types:
-                        draft_trigger_app_ids.add(str(workflow.app_id))
-                        break
-            except Exception:
-                _logger.exception("error while walking nodes, workflow_id=%s, node_id=%s", workflow.id, node_id)
-                continue
-
-    for app in apps:
-        app.has_draft_trigger = str(app.id) in draft_trigger_app_ids
-
-
 register_enum_models(console_ns, RetrievalMethod, WorkflowExecutionStatus, DatasetPermissionEnum)
 register_response_schema_models(console_ns, AppTraceResponse, RedirectUrlResponse, SimpleResultResponse)

 register_schema_models(
    console_ns,
    AppListQuery,
-    StarredAppListQuery,
    CreateAppPayload,
    UpdateAppPayload,
    CopyAppPayload,
@ -583,7 +521,6 @@ class AppListApi(Resource):
            page=args.page,
            limit=args.limit,
            mode=args.mode,
-            sort_by=args.sort_by,
            name=args.name,
            tag_ids=args.tag_ids,
            creator_ids=args.creator_ids,
@ -597,7 +534,46 @@ class AppListApi(Resource):
            empty = AppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
            return empty.model_dump(mode="json"), 200

-        _enrich_app_list_items(session, apps=app_pagination.items, tenant_id=current_tenant_id)
+        if FeatureService.get_system_features().webapp_auth.enabled:
+            app_ids = [str(app.id) for app in app_pagination.items]
+            res = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids=app_ids)
+            if len(res) != len(app_ids):
+                raise BadRequest("Invalid app id in webapp auth")
+
+            for app in app_pagination.items:
+                if str(app.id) in res:
+                    app.access_mode = res[str(app.id)].access_mode
+
+        workflow_capable_app_ids = [
+            str(app.id) for app in app_pagination.items if app.mode in {"workflow", "advanced-chat"}
+        ]
+        draft_trigger_app_ids: set[str] = set()
+        if workflow_capable_app_ids:
+            draft_workflows = (
+                session.execute(
+                    select(Workflow).where(
+                        Workflow.version == Workflow.VERSION_DRAFT,
+                        Workflow.app_id.in_(workflow_capable_app_ids),
+                        Workflow.tenant_id == current_tenant_id,
+                    )
+                )
+                .scalars()
+                .all()
+            )
+            trigger_node_types = TRIGGER_NODE_TYPES
+            for workflow in draft_workflows:
+                node_id = None
+                try:
+                    for node_id, node_data in workflow.walk_nodes():
+                        if node_data.get("type") in trigger_node_types:
+                            draft_trigger_app_ids.add(str(workflow.app_id))
+                            break
+                except Exception:
+                    _logger.exception("error while walking nodes, workflow_id=%s, node_id=%s", workflow.id, node_id)
+                    continue
+
+        for app in app_pagination.items:
+            app.has_draft_trigger = str(app.id) in draft_trigger_app_ids

        pagination_model = AppPagination.model_validate(app_pagination, from_attributes=True)
        return pagination_model.model_dump(mode="json"), 200
@ -633,78 +609,6 @@ class AppListApi(Resource):
        return app_detail.model_dump(mode="json"), 201


-@console_ns.route("/apps/starred")
-class StarredAppListApi(Resource):
-    @console_ns.doc("list_starred_apps")
-    @console_ns.doc(description="Get applications starred by the current account")
-    @console_ns.doc(params=query_params_from_model(StarredAppListQuery))
-    @console_ns.response(200, "Success", console_ns.models[AppPagination.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_session(write=False)
-    @with_current_user_id
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, current_user_id: str, session: Session):
-        args = StarredAppListQuery.model_validate(_normalize_app_list_query_args(request.args))
-        params = StarredAppListParams(
-            page=args.page,
-            limit=args.limit,
-            mode=args.mode,
-            sort_by=args.sort_by,
-            name=args.name,
-            tag_ids=args.tag_ids,
-            creator_ids=args.creator_ids,
-            is_created_by_me=args.is_created_by_me,
-        )
-
-        app_pagination = AppService().get_paginate_starred_apps(current_user_id, current_tenant_id, params)
-        if not app_pagination:
-            empty = AppPagination(page=args.page, limit=args.limit, total=0, has_more=False, data=[])
-            return empty.model_dump(mode="json"), 200
-
-        _enrich_app_list_items(session, apps=app_pagination.items, tenant_id=current_tenant_id)
-
-        pagination_model = AppPagination.model_validate(app_pagination, from_attributes=True)
-        return pagination_model.model_dump(mode="json"), 200
-
-
-@console_ns.route("/apps/<uuid:app_id>/star")
-class AppStarApi(Resource):
-    @console_ns.doc("star_app")
-    @console_ns.doc(description="Star an application for the current account")
-    @console_ns.doc(params={"app_id": "Application ID"})
-    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    @console_ns.response(404, "App not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_user_id
-    @with_session
-    @get_app_model(mode=None)
-    def post(self, session: Session, current_user_id: str, app_model: App):
-        AppService.star_app(session, app=app_model, account_id=current_user_id)
-        return dump_response(SimpleResultResponse, {"result": "success"})
-
-    @console_ns.doc("unstar_app")
-    @console_ns.doc(description="Remove the current account's star from an application")
-    @console_ns.doc(params={"app_id": "Application ID"})
-    @console_ns.response(200, "Success", console_ns.models[SimpleResultResponse.__name__])
-    @console_ns.response(404, "App not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @enterprise_license_required
-    @with_current_user_id
-    @with_session
-    @get_app_model(mode=None)
-    def delete(self, session: Session, current_user_id: str, app_model: App):
-        AppService.unstar_app(session, app=app_model, account_id=current_user_id)
-        return dump_response(SimpleResultResponse, {"result": "success"})
-
-
@console_ns.route("/apps/<uuid:app_id>")
 class AppApi(Resource):
    @console_ns.doc("get_app_detail")
@ -724,7 +628,7 @@ class AppApi(Resource):

        if FeatureService.get_system_features().webapp_auth.enabled:
            app_setting = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id=str(app_model.id))
-            app_model.access_mode = app_setting.access_mode
+            app_model.access_mode = app_setting.access_mode  # type: ignore[attr-defined]

        response_model = AppDetailWithSite.model_validate(app_model, from_attributes=True)
        return response_model.model_dump(mode="json")
--- a/api/controllers/console/app/completion.py
+++ b/api/controllers/console/app/completion.py
@ -1,6 +1,5 @@
 import logging
 from typing import Any, Literal
-from uuid import UUID

 from flask import request
 from flask_restx import Resource
@ -11,7 +10,6 @@ import services
 from controllers.common.fields import GeneratedAppResponse, SimpleResultResponse
 from controllers.common.schema import register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.error import (
    AppUnavailableError,
    CompletionRequestError,
@ -25,7 +23,6 @@ from controllers.console.wraps import (
    account_initialization_required,
    edit_permission_required,
    setup_required,
-    with_current_tenant_id,
    with_current_user,
    with_current_user_id,
 )
@ -189,27 +186,51 @@ class ChatMessageApi(Resource):
    @edit_permission_required
    @with_current_user
    def post(self, current_user: Account, app_model: App):
-        return _create_chat_message(current_user=current_user, app_model=app_model)
+        raw_payload = console_ns.payload or {}
+        args_model = ChatMessagePayload.model_validate(raw_payload)
+        args = args_model.model_dump(exclude_none=True, by_alias=True)

+        streaming = _resolve_debugger_chat_streaming(
+            app_mode=AppMode.value_of(app_model.mode),
+            response_mode=args_model.response_mode,
+            response_mode_provided=isinstance(raw_payload, dict) and "response_mode" in raw_payload,
+        )
+        if AppMode.value_of(app_model.mode) == AppMode.AGENT:
+            args["response_mode"] = "streaming"
+        args["auto_generate_name"] = False

-@console_ns.route("/agent/<uuid:agent_id>/chat-messages")
-class AgentChatMessageApi(Resource):
-    @console_ns.doc("create_agent_chat_message")
-    @console_ns.doc(description="Generate an Agent App chat message for debugging")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.expect(console_ns.models[ChatMessagePayload.__name__])
-    @console_ns.response(200, "Chat message generated successfully", console_ns.models[GeneratedAppResponse.__name__])
-    @console_ns.response(400, "Invalid request parameters")
-    @console_ns.response(404, "Agent or conversation not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @edit_permission_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _create_chat_message(current_user=current_user, app_model=app_model)
+        external_trace_id = get_external_trace_id(request)
+        if external_trace_id:
+            args["external_trace_id"] = external_trace_id
+
+        try:
+            response = AppGenerateService.generate(
+                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
+            )
+
+            return helper.compact_generate_response(response)
+        except services.errors.conversation.ConversationNotExistsError:
+            raise NotFound("Conversation Not Exists.")
+        except services.errors.conversation.ConversationCompletedError:
+            raise ConversationCompletedError()
+        except services.errors.app_model_config.AppModelConfigBrokenError:
+            logger.exception("App model config broken.")
+            raise AppUnavailableError()
+        except ProviderTokenNotInitError as ex:
+            raise ProviderNotInitializeError(ex.description)
+        except QuotaExceededError:
+            raise ProviderQuotaExceededError()
+        except ModelCurrentlyNotSupportError:
+            raise ProviderModelCurrentlyNotSupportError()
+        except InvokeRateLimitError as ex:
+            raise InvokeRateLimitHttpError(ex.description)
+        except InvokeError as e:
+            raise CompletionRequestError(e.description)
+        except ValueError as e:
+            raise e
+        except Exception as e:
+            logger.exception("internal server error.")
+            raise InternalServerError()


@console_ns.route("/apps/<uuid:app_id>/chat-messages/<string:task_id>/stop")
@ -224,79 +245,12 @@ class ChatMessageStopApi(Resource):
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @with_current_user_id
    def post(self, current_user_id: str, app_model: App, task_id: str):
-        return _stop_chat_message(current_user_id=current_user_id, app_model=app_model, task_id=task_id)

-
-@console_ns.route("/agent/<uuid:agent_id>/chat-messages/<string:task_id>/stop")
-class AgentChatMessageStopApi(Resource):
-    @console_ns.doc("stop_agent_chat_message")
-    @console_ns.doc(description="Stop a running Agent App chat message generation")
-    @console_ns.doc(params={"agent_id": "Agent ID", "task_id": "Task ID to stop"})
-    @console_ns.response(200, "Task stopped successfully", console_ns.models[SimpleResultResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user_id
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user_id: str, agent_id: UUID, task_id: str):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _stop_chat_message(current_user_id=current_user_id, app_model=app_model, task_id=task_id)
-
-
-def _create_chat_message(*, current_user: Account, app_model: App):
-    raw_payload = console_ns.payload or {}
-    args_model = ChatMessagePayload.model_validate(raw_payload)
-    args = args_model.model_dump(exclude_none=True, by_alias=True)
-
-    streaming = _resolve_debugger_chat_streaming(
-        app_mode=AppMode.value_of(app_model.mode),
-        response_mode=args_model.response_mode,
-        response_mode_provided=isinstance(raw_payload, dict) and "response_mode" in raw_payload,
-    )
-    if AppMode.value_of(app_model.mode) == AppMode.AGENT:
-        args["response_mode"] = "streaming"
-    args["auto_generate_name"] = False
-
-    external_trace_id = get_external_trace_id(request)
-    if external_trace_id:
-        args["external_trace_id"] = external_trace_id
-
-    try:
-        response = AppGenerateService.generate(
-            app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=streaming
+        AppTaskService.stop_task(
+            task_id=task_id,
+            invoke_from=InvokeFrom.DEBUGGER,
+            user_id=current_user_id,
+            app_mode=AppMode.value_of(app_model.mode),
        )

-        return helper.compact_generate_response(response)
-    except services.errors.conversation.ConversationNotExistsError:
-        raise NotFound("Conversation Not Exists.")
-    except services.errors.conversation.ConversationCompletedError:
-        raise ConversationCompletedError()
-    except services.errors.app_model_config.AppModelConfigBrokenError:
-        logger.exception("App model config broken.")
-        raise AppUnavailableError()
-    except ProviderTokenNotInitError as ex:
-        raise ProviderNotInitializeError(ex.description)
-    except QuotaExceededError:
-        raise ProviderQuotaExceededError()
-    except ModelCurrentlyNotSupportError:
-        raise ProviderModelCurrentlyNotSupportError()
-    except InvokeRateLimitError as ex:
-        raise InvokeRateLimitHttpError(ex.description)
-    except InvokeError as e:
-        raise CompletionRequestError(e.description)
-    except ValueError as e:
-        raise e
-    except Exception as e:
-        logger.exception("internal server error.")
-        raise InternalServerError()
-
-
-def _stop_chat_message(*, current_user_id: str, app_model: App, task_id: str):
-    AppTaskService.stop_task(
-        task_id=task_id,
-        invoke_from=InvokeFrom.DEBUGGER,
-        user_id=current_user_id,
-        app_mode=AppMode.value_of(app_model.mode),
-    )
-
-    return {"result": "success"}, 200
+        return {"result": "success"}, 200
--- a/api/controllers/console/app/message.py
+++ b/api/controllers/console/app/message.py
@ -13,7 +13,6 @@ from controllers.common.controller_schemas import MessageFeedbackPayload as _Mes
 from controllers.common.fields import SimpleResultResponse, TextFileResponse
 from controllers.common.schema import query_params_from_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
-from controllers.console.agent.app_helpers import resolve_agent_app_model
 from controllers.console.app.error import (
    CompletionRequestError,
    ProviderModelCurrentlyNotSupportError,
@ -26,7 +25,6 @@ from controllers.console.wraps import (
    account_initialization_required,
    edit_permission_required,
    setup_required,
-    with_current_tenant_id,
    with_current_user,
 )
 from core.app.entities.app_invoke_entities import InvokeFrom
@ -185,25 +183,67 @@ class ChatMessageListApi(Resource):
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @edit_permission_required
    def get(self, app_model: App):
-        return _list_chat_messages(app_model=app_model)
+        args = ChatMessagesQuery.model_validate(request.args.to_dict())

+        conversation = db.session.scalar(
+            select(Conversation)
+            .where(Conversation.id == args.conversation_id, Conversation.app_id == app_model.id)
+            .limit(1)
+        )

-@console_ns.route("/agent/<uuid:agent_id>/chat-messages")
-class AgentChatMessageListApi(Resource):
-    @console_ns.doc("list_agent_chat_messages")
-    @console_ns.doc(description="Get Agent App chat messages for a conversation with pagination")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.doc(params=query_params_from_model(ChatMessagesQuery))
-    @console_ns.response(200, "Success", console_ns.models[MessageInfiniteScrollPaginationResponse.__name__])
-    @console_ns.response(404, "Agent or conversation not found")
-    @login_required
-    @account_initialization_required
-    @setup_required
-    @edit_permission_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _list_chat_messages(app_model=app_model)
+        if not conversation:
+            raise NotFound("Conversation Not Exists.")
+
+        if args.first_id:
+            first_message = db.session.scalar(
+                select(Message).where(Message.conversation_id == conversation.id, Message.id == args.first_id).limit(1)
+            )
+
+            if not first_message:
+                raise NotFound("First message not found")
+
+            history_messages = db.session.scalars(
+                select(Message)
+                .where(
+                    Message.conversation_id == conversation.id,
+                    Message.created_at < first_message.created_at,
+                    Message.id != first_message.id,
+                )
+                .order_by(Message.created_at.desc())
+                .limit(args.limit)
+            ).all()
+        else:
+            history_messages = db.session.scalars(
+                select(Message)
+                .where(Message.conversation_id == conversation.id)
+                .order_by(Message.created_at.desc())
+                .limit(args.limit)
+            ).all()
+
+        # Initialize has_more based on whether we have a full page
+        if len(history_messages) == args.limit:
+            current_page_first_message = history_messages[-1]
+            # Check if there are more messages before the current page
+            has_more = db.session.scalar(
+                select(
+                    exists().where(
+                        Message.conversation_id == conversation.id,
+                        Message.created_at < current_page_first_message.created_at,
+                        Message.id != current_page_first_message.id,
+                    )
+                )
+            )
+        else:
+            # If we don't have a full page, there are no more messages
+            has_more = False
+
+        history_messages = list(reversed(history_messages))
+        attach_message_extra_contents(history_messages)
+
+        return MessageInfiniteScrollPaginationResponse.model_validate(
+            InfiniteScrollPagination(data=history_messages, limit=args.limit, has_more=has_more),
+            from_attributes=True,
+        ).model_dump(mode="json")


@console_ns.route("/apps/<uuid:app_id>/feedbacks")
@ -221,25 +261,44 @@ class MessageFeedbackApi(Resource):
    @account_initialization_required
    @with_current_user
    def post(self, current_user: Account, app_model: App):
-        return _update_message_feedback(current_user=current_user, app_model=app_model)
+        args = MessageFeedbackPayload.model_validate(console_ns.payload)

+        message_id = str(args.message_id)

-@console_ns.route("/agent/<uuid:agent_id>/feedbacks")
-class AgentMessageFeedbackApi(Resource):
-    @console_ns.doc("create_agent_message_feedback")
-    @console_ns.doc(description="Create or update Agent App message feedback")
-    @console_ns.doc(params={"agent_id": "Agent ID"})
-    @console_ns.expect(console_ns.models[MessageFeedbackPayload.__name__])
-    @console_ns.response(200, "Feedback updated successfully", console_ns.models[SimpleResultResponse.__name__])
-    @console_ns.response(404, "Agent or message not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def post(self, current_tenant_id: str, current_user: Account, agent_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _update_message_feedback(current_user=current_user, app_model=app_model)
+        message = db.session.scalar(
+            select(Message).where(Message.id == message_id, Message.app_id == app_model.id).limit(1)
+        )
+
+        if not message:
+            raise NotFound("Message Not Exists.")
+
+        feedback = message.admin_feedback
+
+        if not args.rating and feedback:
+            db.session.delete(feedback)
+        elif args.rating and feedback:
+            feedback.rating = FeedbackRating(args.rating)
+            feedback.content = args.content
+        elif not args.rating and not feedback:
+            raise ValueError("rating cannot be None when feedback not exists")
+        else:
+            rating_value = args.rating
+            if rating_value is None:
+                raise ValueError("rating is required to create feedback")
+            feedback = MessageFeedback(
+                app_id=app_model.id,
+                conversation_id=message.conversation_id,
+                message_id=message.id,
+                rating=FeedbackRating(rating_value),
+                content=args.content,
+                from_source=FeedbackFromSource.ADMIN,
+                from_account_id=current_user.id,
+            )
+            db.session.add(feedback)
+
+        db.session.commit()
+
+        return {"result": "success"}


@console_ns.route("/apps/<uuid:app_id>/annotations/count")
@ -281,28 +340,31 @@ class MessageSuggestedQuestionApi(Resource):
    @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT, AppMode.AGENT])
    @with_current_user
    def get(self, current_user: Account, app_model: App, message_id: UUID):
-        return _get_message_suggested_questions(current_user=current_user, app_model=app_model, message_id=message_id)
+        message_id_str = str(message_id)

+        try:
+            questions = MessageService.get_suggested_questions_after_answer(
+                app_model=app_model, message_id=message_id_str, user=current_user, invoke_from=InvokeFrom.DEBUGGER
+            )
+        except MessageNotExistsError:
+            raise NotFound("Message not found")
+        except ConversationNotExistsError:
+            raise NotFound("Conversation not found")
+        except ProviderTokenNotInitError as ex:
+            raise ProviderNotInitializeError(ex.description)
+        except QuotaExceededError:
+            raise ProviderQuotaExceededError()
+        except ModelCurrentlyNotSupportError:
+            raise ProviderModelCurrentlyNotSupportError()
+        except InvokeError as e:
+            raise CompletionRequestError(e.description)
+        except SuggestedQuestionsAfterAnswerDisabledError:
+            raise AppSuggestedQuestionsAfterAnswerDisabledError()
+        except Exception:
+            logger.exception("internal server error.")
+            raise InternalServerError()

-@console_ns.route("/agent/<uuid:agent_id>/chat-messages/<uuid:message_id>/suggested-questions")
-class AgentMessageSuggestedQuestionApi(Resource):
-    @console_ns.doc("get_agent_message_suggested_questions")
-    @console_ns.doc(description="Get suggested questions for an Agent App message")
-    @console_ns.doc(params={"agent_id": "Agent ID", "message_id": "Message ID"})
-    @console_ns.response(
-        200,
-        "Suggested questions retrieved successfully",
-        console_ns.models[SuggestedQuestionsResponse.__name__],
-    )
-    @console_ns.response(404, "Agent, message, or conversation not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, current_user: Account, agent_id: UUID, message_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _get_message_suggested_questions(current_user=current_user, app_model=app_model, message_id=message_id)
+        return {"data": questions}


@console_ns.route("/apps/<uuid:app_id>/feedbacks/export")
@ -361,167 +423,14 @@ class MessageApi(Resource):
    @login_required
    @account_initialization_required
    def get(self, app_model: App, message_id: UUID):
-        return _get_message_detail(app_model=app_model, message_id=message_id)
+        message_id_str = str(message_id)

-
-@console_ns.route("/agent/<uuid:agent_id>/messages/<uuid:message_id>")
-class AgentMessageApi(Resource):
-    @console_ns.doc("get_agent_message")
-    @console_ns.doc(description="Get Agent App message details by ID")
-    @console_ns.doc(params={"agent_id": "Agent ID", "message_id": "Message ID"})
-    @console_ns.response(200, "Message retrieved successfully", console_ns.models[MessageDetailResponse.__name__])
-    @console_ns.response(404, "Agent or message not found")
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, current_tenant_id: str, agent_id: UUID, message_id: UUID):
-        app_model = resolve_agent_app_model(tenant_id=current_tenant_id, agent_id=agent_id)
-        return _get_message_detail(app_model=app_model, message_id=message_id)
-
-
-def _list_chat_messages(*, app_model: App):
-    args = ChatMessagesQuery.model_validate(request.args.to_dict())
-
-    conversation = db.session.scalar(
-        select(Conversation)
-        .where(Conversation.id == args.conversation_id, Conversation.app_id == app_model.id)
-        .limit(1)
-    )
-
-    if not conversation:
-        raise NotFound("Conversation Not Exists.")
-
-    if args.first_id:
-        first_message = db.session.scalar(
-            select(Message).where(Message.conversation_id == conversation.id, Message.id == args.first_id).limit(1)
+        message = db.session.scalar(
+            select(Message).where(Message.id == message_id_str, Message.app_id == app_model.id).limit(1)
        )

-        if not first_message:
-            raise NotFound("First message not found")
+        if not message:
+            raise NotFound("Message Not Exists.")

-        history_messages = db.session.scalars(
-            select(Message)
-            .where(
-                Message.conversation_id == conversation.id,
-                Message.created_at < first_message.created_at,
-                Message.id != first_message.id,
-            )
-            .order_by(Message.created_at.desc())
-            .limit(args.limit)
-        ).all()
-    else:
-        history_messages = db.session.scalars(
-            select(Message)
-            .where(Message.conversation_id == conversation.id)
-            .order_by(Message.created_at.desc())
-            .limit(args.limit)
-        ).all()
-
-    # Initialize has_more based on whether we have a full page
-    if len(history_messages) == args.limit:
-        current_page_first_message = history_messages[-1]
-        # Check if there are more messages before the current page
-        has_more = db.session.scalar(
-            select(
-                exists().where(
-                    Message.conversation_id == conversation.id,
-                    Message.created_at < current_page_first_message.created_at,
-                    Message.id != current_page_first_message.id,
-                )
-            )
-        )
-    else:
-        # If we don't have a full page, there are no more messages
-        has_more = False
-
-    history_messages = list(reversed(history_messages))
-    attach_message_extra_contents(history_messages)
-
-    return MessageInfiniteScrollPaginationResponse.model_validate(
-        InfiniteScrollPagination(data=history_messages, limit=args.limit, has_more=has_more),
-        from_attributes=True,
-    ).model_dump(mode="json")
-
-
-def _update_message_feedback(*, current_user: Account, app_model: App):
-    args = MessageFeedbackPayload.model_validate(console_ns.payload)
-
-    message_id = str(args.message_id)
-
-    message = db.session.scalar(
-        select(Message).where(Message.id == message_id, Message.app_id == app_model.id).limit(1)
-    )
-
-    if not message:
-        raise NotFound("Message Not Exists.")
-
-    feedback = message.admin_feedback
-
-    if not args.rating and feedback:
-        db.session.delete(feedback)
-    elif args.rating and feedback:
-        feedback.rating = FeedbackRating(args.rating)
-        feedback.content = args.content
-    elif not args.rating and not feedback:
-        raise ValueError("rating cannot be None when feedback not exists")
-    else:
-        rating_value = args.rating
-        if rating_value is None:
-            raise ValueError("rating is required to create feedback")
-        feedback = MessageFeedback(
-            app_id=app_model.id,
-            conversation_id=message.conversation_id,
-            message_id=message.id,
-            rating=FeedbackRating(rating_value),
-            content=args.content,
-            from_source=FeedbackFromSource.ADMIN,
-            from_account_id=current_user.id,
-        )
-        db.session.add(feedback)
-
-    db.session.commit()
-
-    return {"result": "success"}
-
-
-def _get_message_suggested_questions(*, current_user: Account, app_model: App, message_id: UUID):
-    message_id_str = str(message_id)
-
-    try:
-        questions = MessageService.get_suggested_questions_after_answer(
-            app_model=app_model, message_id=message_id_str, user=current_user, invoke_from=InvokeFrom.DEBUGGER
-        )
-    except MessageNotExistsError:
-        raise NotFound("Message not found")
-    except ConversationNotExistsError:
-        raise NotFound("Conversation not found")
-    except ProviderTokenNotInitError as ex:
-        raise ProviderNotInitializeError(ex.description)
-    except QuotaExceededError:
-        raise ProviderQuotaExceededError()
-    except ModelCurrentlyNotSupportError:
-        raise ProviderModelCurrentlyNotSupportError()
-    except InvokeError as e:
-        raise CompletionRequestError(e.description)
-    except SuggestedQuestionsAfterAnswerDisabledError:
-        raise AppSuggestedQuestionsAfterAnswerDisabledError()
-    except Exception:
-        logger.exception("internal server error.")
-        raise InternalServerError()
-
-    return {"data": questions}
-
-
-def _get_message_detail(*, app_model: App, message_id: UUID):
-    message_id_str = str(message_id)
-
-    message = db.session.scalar(
-        select(Message).where(Message.id == message_id_str, Message.app_id == app_model.id).limit(1)
-    )
-
-    if not message:
-        raise NotFound("Message Not Exists.")
-
-    attach_message_extra_contents([message])
-    return MessageDetailResponse.model_validate(message, from_attributes=True).model_dump(mode="json")
+        attach_message_extra_contents([message])
+        return MessageDetailResponse.model_validate(message, from_attributes=True).model_dump(mode="json")
--- a/api/controllers/console/app/workflow.py
+++ b/api/controllers/console/app/workflow.py
@ -2,12 +2,12 @@ import json
 import logging
 from collections.abc import Sequence
 from datetime import datetime
-from typing import Any, NotRequired, TypedDict, cast
+from typing import Any, NotRequired, TypedDict

 from flask import abort, request
 from flask_restx import Resource, fields
 from pydantic import AliasChoices, BaseModel, Field, RootModel, ValidationError, field_validator
-from sqlalchemy.orm import Session, sessionmaker
+from sqlalchemy.orm import sessionmaker
 from werkzeug.exceptions import BadRequest, Forbidden, InternalServerError, NotFound

 import services
@ -449,16 +449,8 @@ class DraftWorkflowApi(Resource):
        if not workflow:
            raise DraftWorkflowNotExist()

-        from services.agent.workflow_publish_service import WorkflowAgentPublishService
-
-        # Return workflow with response-only Agent node job projection so the
-        # front-end can treat draft graph node data as the editing source.
-        response = WorkflowResponse.model_validate(workflow, from_attributes=True).model_dump(mode="json")
-        response["graph"] = WorkflowAgentPublishService.project_draft_bindings_to_graph(
-            session=cast(Session, db.session),
-            draft_workflow=workflow,
-        )
-        return response
+        # return workflow, if not found, return 404
+        return dump_response(WorkflowResponse, workflow)

    @setup_required
    @login_required
--- a/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
+++ b/api/controllers/console/datasets/rag_pipeline/rag_pipeline_workflow.py
@ -994,7 +994,7 @@ class RagPipelineTransformApi(Resource):

        dataset_id_str = str(dataset_id)
        rag_pipeline_transform_service = RagPipelineTransformService()
-        result = rag_pipeline_transform_service.transform_dataset(dataset_id_str, db.session)
+        result = rag_pipeline_transform_service.transform_dataset(dataset_id_str)
        return result


--- a/api/controllers/console/explore/recommended_app.py
+++ b/api/controllers/console/explore/recommended_app.py
@ -66,10 +66,6 @@ class RecommendedAppListResponse(ResponseModel):
    categories: list[str]


-class LearnDifyAppListResponse(ResponseModel):
-    recommended_apps: list[RecommendedAppResponse]
-
-
 class RecommendedAppDetailResponse(RootModel[dict[str, Any]]):
    root: dict[str, Any]

@ -80,19 +76,10 @@ register_schema_models(
    RecommendedAppInfoResponse,
    RecommendedAppResponse,
    RecommendedAppListResponse,
-    LearnDifyAppListResponse,
 )
 register_response_schema_models(console_ns, RecommendedAppDetailResponse)


-def _resolve_language(language: str | None, user: Account) -> str:
-    if language and language in languages:
-        return language
-    if user.interface_language:
-        return user.interface_language
-    return languages[0]
-
-
@console_ns.route("/explore/apps")
 class RecommendedAppListApi(Resource):
    @console_ns.doc(params=query_params_from_model(RecommendedAppsQuery))
@ -103,7 +90,13 @@ class RecommendedAppListApi(Resource):
    def get(self, current_user: Account):
        # language args
        args = RecommendedAppsQuery.model_validate(request.args.to_dict(flat=True))
-        language_prefix = _resolve_language(args.language, current_user)
+        language = args.language
+        if language and language in languages:
+            language_prefix = language
+        elif current_user.interface_language:
+            language_prefix = current_user.interface_language
+        else:
+            language_prefix = languages[0]

        return RecommendedAppListResponse.model_validate(
            RecommendedAppService.get_recommended_apps_and_categories(db.session, language_prefix),
@ -111,23 +104,6 @@ class RecommendedAppListApi(Resource):
        ).model_dump(mode="json")


-@console_ns.route("/explore/apps/learn-dify")
-class LearnDifyAppListApi(Resource):
-    @console_ns.doc(params=query_params_from_model(RecommendedAppsQuery))
-    @console_ns.response(200, "Success", console_ns.models[LearnDifyAppListResponse.__name__])
-    @login_required
-    @account_initialization_required
-    @with_current_user
-    def get(self, current_user: Account):
-        args = RecommendedAppsQuery.model_validate(request.args.to_dict(flat=True))
-        language_prefix = _resolve_language(args.language, current_user)
-
-        return LearnDifyAppListResponse.model_validate(
-            RecommendedAppService.get_learn_dify_apps(db.session, language_prefix),
-            from_attributes=True,
-        ).model_dump(mode="json")
-
-
@console_ns.route("/explore/apps/<uuid:app_id>")
 class RecommendedAppApi(Resource):
    @console_ns.response(200, "Success", console_ns.models[RecommendedAppDetailResponse.__name__])
--- a/api/controllers/console/workspace/plugin.py
+++ b/api/controllers/console/workspace/plugin.py
@ -1,11 +1,10 @@
 import io
 from collections.abc import Mapping
-from datetime import datetime
-from typing import Any, Literal, TypedDict
+from typing import Any, Literal

 from flask import request, send_file
 from flask_restx import Resource
-from pydantic import BaseModel, ConfigDict, Field, RootModel
+from pydantic import BaseModel, Field, RootModel
 from werkzeug.datastructures import FileStorage
 from werkzeug.exceptions import Forbidden

@ -27,33 +26,15 @@ from controllers.console.wraps import (
    with_current_user,
    with_current_user_id,
 )
-from core.helper.position_helper import is_filtered
-from core.plugin.entities.plugin import PluginCategory, PluginInstallationSource
 from core.plugin.impl.exc import PluginDaemonClientSideError
 from core.plugin.plugin_service import PluginService
-from core.tools.builtin_tool.providers._positions import BuiltinToolProviderSort
-from core.tools.entities.common_entities import I18nObject
-from core.tools.entities.tool_entities import ToolProviderType
-from core.tools.tool_manager import ToolManager
 from fields.base import ResponseModel
 from graphon.model_runtime.utils.encoders import jsonable_encoder
-from libs.helper import dump_response
 from libs.login import login_required
 from models.account import Account, TenantPluginAutoUpgradeStrategy, TenantPluginPermission
-from models.provider_ids import ToolProviderID
-from services.entities.model_provider_entities import ProviderEntityResponse
 from services.plugin.plugin_auto_upgrade_service import PluginAutoUpgradeService
 from services.plugin.plugin_parameter_service import PluginParameterService
 from services.plugin.plugin_permission_service import PluginPermissionService
-from services.tools.tools_transform_service import ToolTransformService
-
-
-class AutoUpgradeSettingsResponse(TypedDict):
-    strategy_setting: TenantPluginAutoUpgradeStrategy.StrategySetting
-    upgrade_time_of_day: int
-    upgrade_mode: TenantPluginAutoUpgradeStrategy.UpgradeMode
-    exclude_plugins: list[str]
-    include_plugins: list[str]


 class ParserList(BaseModel):
@ -61,11 +42,6 @@ class ParserList(BaseModel):
    page_size: int = Field(default=256, ge=1, le=256, description="Page size (1-256)")


-class PluginCategoryListQuery(BaseModel):
-    page: int = Field(default=1, ge=1, description="Page number")
-    page_size: int = Field(default=256, ge=1, le=256, description="Page size (1-256)")
-
-
 class ParserLatest(BaseModel):
    plugin_ids: list[str]

@ -124,8 +100,8 @@ class ParserUninstall(BaseModel):


 class ParserPermissionChange(BaseModel):
-    install_permission: TenantPluginPermission.InstallPermission = TenantPluginPermission.InstallPermission.EVERYONE
-    debug_permission: TenantPluginPermission.DebugPermission = TenantPluginPermission.DebugPermission.EVERYONE
+    install_permission: TenantPluginPermission.InstallPermission
+    debug_permission: TenantPluginPermission.DebugPermission


 class ParserDynamicOptions(BaseModel):
@ -161,64 +137,13 @@ class PluginAutoUpgradeSettingsPayload(BaseModel):
    include_plugins: list[str] = Field(default_factory=list)


-class PluginAutoUpgradeChangeResponse(ResponseModel):
-    success: bool
-    message: str | None = None
-
-
-class PluginAutoUpgradeSettingsResponseModel(ResponseModel):
-    strategy_setting: TenantPluginAutoUpgradeStrategy.StrategySetting
-    upgrade_time_of_day: int
-    upgrade_mode: TenantPluginAutoUpgradeStrategy.UpgradeMode
-    exclude_plugins: list[str]
-    include_plugins: list[str]
-
-
-class PluginAutoUpgradeFetchResponse(ResponseModel):
-    category: TenantPluginAutoUpgradeStrategy.PluginCategory
-    auto_upgrade: PluginAutoUpgradeSettingsResponseModel
-
-
-class PluginDeclarationResponse(ResponseModel):
-    version: str
-    author: str | None
-    name: str
-    description: I18nObject
-    icon: str
-    icon_dark: str | None = None
-    label: I18nObject
-    category: PluginCategory
-    created_at: datetime
-    resource: Mapping[str, Any]
-    plugins: Mapping[str, list[str] | None]
-    tags: list[str] = Field(default_factory=list)
-    repo: str | None = None
-    verified: bool = False
-    tool: Mapping[str, Any] | None = None
-    model: ProviderEntityResponse | None = None
-    endpoint: Mapping[str, Any] | None = None
-    agent_strategy: Mapping[str, Any] | None = None
-    datasource: Mapping[str, Any] | None = None
-    trigger: Mapping[str, Any] | None = None
-    meta: Mapping[str, Any]
-
-
-class ParserAutoUpgradeChange(BaseModel):
-    model_config = ConfigDict(extra="forbid")
-
-    category: TenantPluginAutoUpgradeStrategy.PluginCategory
+class ParserPreferencesChange(BaseModel):
+    permission: PluginPermissionSettingsPayload
    auto_upgrade: PluginAutoUpgradeSettingsPayload


-class ParserAutoUpgradeFetch(BaseModel):
-    category: TenantPluginAutoUpgradeStrategy.PluginCategory
-
-
 class ParserExcludePlugin(BaseModel):
-    model_config = ConfigDict(extra="forbid")
-
    plugin_id: str
-    category: TenantPluginAutoUpgradeStrategy.PluginCategory


 class ParserReadme(BaseModel):
@ -232,63 +157,6 @@ class PluginDebuggingKeyResponse(ResponseModel):
    port: int


-class PluginCategoryInstalledPluginResponse(ResponseModel):
-    id: str
-    name: str
-    tenant_id: str
-    plugin_id: str
-    plugin_unique_identifier: str
-    endpoints_active: int
-    endpoints_setups: int
-    installation_id: str
-    declaration: PluginDeclarationResponse
-    runtime_type: str
-    version: str
-    created_at: datetime
-    updated_at: datetime
-    source: PluginInstallationSource
-    checksum: str
-    meta: Mapping[str, Any]
-
-
-class PluginCategoryBuiltinToolResponse(ResponseModel):
-    model_config = ConfigDict(extra="allow")
-
-    author: str
-    name: str
-    label: I18nObject
-    description: I18nObject
-    parameters: list[Mapping[str, Any]] | None = None
-    labels: list[str]
-    output_schema: Mapping[str, object]
-
-
-class PluginCategoryBuiltinToolProviderResponse(ResponseModel):
-    model_config = ConfigDict(extra="allow")
-
-    id: str
-    author: str
-    name: str
-    plugin_id: str | None
-    plugin_unique_identifier: str | None
-    description: I18nObject
-    icon: str | Mapping[str, str]
-    icon_dark: str | Mapping[str, str] | None
-    label: I18nObject
-    type: ToolProviderType
-    team_credentials: Mapping[str, object]
-    is_team_authorization: bool
-    allow_delete: bool
-    tools: list[PluginCategoryBuiltinToolResponse]
-    labels: list[str]
-
-
-class PluginCategoryListResponse(ResponseModel):
-    plugins: list[PluginCategoryInstalledPluginResponse]
-    builtin_tools: list[PluginCategoryBuiltinToolProviderResponse]
-    has_more: bool
-
-
 class PluginDaemonOperationResponse(RootModel[Any]):
    root: Any

@ -332,6 +200,11 @@ class PluginOperationSuccessResponse(ResponseModel):
    message: str | None = None


+class PluginPreferencesResponse(ResponseModel):
+    permission: PluginPermissionSettingsPayload
+    auto_upgrade: PluginAutoUpgradeSettingsPayload
+
+
 class PluginReadmeResponse(ResponseModel):
    readme: str

@ -339,7 +212,6 @@ class PluginReadmeResponse(ResponseModel):
 register_schema_models(
    console_ns,
    ParserList,
-    PluginCategoryListQuery,
    PluginAutoUpgradeSettingsPayload,
    PluginPermissionSettingsPayload,
    ParserLatest,
@ -356,21 +228,13 @@ register_schema_models(
    ParserPermissionChange,
    ParserDynamicOptions,
    ParserDynamicOptionsWithCredentials,
-    ParserAutoUpgradeChange,
-    ParserAutoUpgradeFetch,
+    ParserPreferencesChange,
    ParserExcludePlugin,
    ParserReadme,
 )
 register_response_schema_models(
    console_ns,
-    PluginAutoUpgradeChangeResponse,
-    PluginAutoUpgradeFetchResponse,
-    PluginAutoUpgradeSettingsResponseModel,
    BinaryFileResponse,
-    PluginCategoryBuiltinToolProviderResponse,
-    PluginCategoryBuiltinToolResponse,
-    PluginCategoryInstalledPluginResponse,
-    PluginCategoryListResponse,
    PluginDaemonOperationResponse,
    PluginDebuggingKeyResponse,
    PluginDynamicOptionsResponse,
@ -379,6 +243,7 @@ register_response_schema_models(
    PluginManifestResponse,
    PluginOperationSuccessResponse,
    PluginPermissionResponse,
+    PluginPreferencesResponse,
    PluginReadmeResponse,
    PluginTaskResponse,
    PluginTasksResponse,
@ -389,36 +254,12 @@ register_response_schema_models(
 register_enum_models(
    console_ns,
    TenantPluginPermission.DebugPermission,
-    TenantPluginAutoUpgradeStrategy.PluginCategory,
    TenantPluginAutoUpgradeStrategy.UpgradeMode,
    TenantPluginAutoUpgradeStrategy.StrategySetting,
    TenantPluginPermission.InstallPermission,
 )


-def _default_auto_upgrade_settings(
-    tenant_id: str,
-    category: TenantPluginAutoUpgradeStrategy.PluginCategory,
-) -> AutoUpgradeSettingsResponse:
-    return {
-        "strategy_setting": PluginAutoUpgradeService.default_strategy_setting_for_category(category),
-        "upgrade_time_of_day": PluginAutoUpgradeService.default_upgrade_time_of_day(tenant_id),
-        "upgrade_mode": TenantPluginAutoUpgradeStrategy.UpgradeMode.EXCLUDE,
-        "exclude_plugins": [],
-        "include_plugins": [],
-    }
-
-
-def _auto_upgrade_settings_to_dict(strategy: TenantPluginAutoUpgradeStrategy) -> AutoUpgradeSettingsResponse:
-    return {
-        "strategy_setting": strategy.strategy_setting,
-        "upgrade_time_of_day": strategy.upgrade_time_of_day,
-        "upgrade_mode": strategy.upgrade_mode,
-        "exclude_plugins": strategy.exclude_plugins,
-        "include_plugins": strategy.include_plugins,
-    }
-
-
 def _read_upload_content(file: FileStorage, max_size: int) -> bytes:
    """
    Read the uploaded file and validate its actual size before delegating to the plugin service.
@ -433,33 +274,6 @@ def _read_upload_content(file: FileStorage, max_size: int) -> bytes:
    return content


-def _list_hardcoded_builtin_tool_providers(tenant_id: str) -> list[dict[str, Any]]:
-    db_builtin_providers = {
-        str(ToolProviderID(provider.provider)): provider
-        for provider in ToolManager.list_default_builtin_providers(tenant_id)
-    }
-    builtin_providers = []
-
-    for provider in ToolManager.list_hardcoded_providers():
-        if is_filtered(
-            include_set=dify_config.POSITION_TOOL_INCLUDES_SET,
-            exclude_set=dify_config.POSITION_TOOL_EXCLUDES_SET,
-            data=provider,
-            name_func=lambda provider_controller: provider_controller.entity.identity.name,
-        ):
-            continue
-
-        user_provider = ToolTransformService.builtin_provider_to_user_provider(
-            provider_controller=provider,
-            db_provider=db_builtin_providers.get(provider.entity.identity.name),
-            decrypt_credentials=False,
-        )
-        ToolTransformService.repack_provider(tenant_id=tenant_id, provider=user_provider)
-        builtin_providers.append(user_provider)
-
-    return [provider.to_dict() for provider in BuiltinToolProviderSort.sort(builtin_providers)]
-
-
@console_ns.route("/workspaces/current/plugin/debugging-key")
 class PluginDebuggingKeyApi(Resource):
    @console_ns.response(200, "Success", console_ns.models[PluginDebuggingKeyResponse.__name__])
@ -498,41 +312,6 @@ class PluginListApi(Resource):
        return jsonable_encoder({"plugins": plugins_with_total.list, "total": plugins_with_total.total})


-@console_ns.route("/workspaces/current/plugin/<string:category>/list")
-class PluginCategoryListApi(Resource):
-    @console_ns.doc(params=query_params_from_model(PluginCategoryListQuery))
-    @console_ns.response(200, "Success", console_ns.models[PluginCategoryListResponse.__name__])
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @with_current_tenant_id
-    def get(self, tenant_id: str, category: str):
-        args = PluginCategoryListQuery.model_validate(request.args.to_dict(flat=True))
-
-        try:
-            plugin_category = PluginCategory(category)
-        except ValueError:
-            return {"code": "invalid_param", "message": "invalid plugin category"}, 400
-
-        try:
-            plugins = PluginService.list_by_category(tenant_id, plugin_category, args.page, args.page_size)
-        except PluginDaemonClientSideError as e:
-            return {"code": "plugin_error", "message": e.description}, 400
-
-        builtin_tools = []
-        if plugin_category == PluginCategory.Tool:
-            builtin_tools = _list_hardcoded_builtin_tool_providers(tenant_id)
-
-        return dump_response(
-            PluginCategoryListResponse,
-            {
-                "plugins": jsonable_encoder(plugins.list),
-                "builtin_tools": builtin_tools,
-                "has_more": plugins.has_more,
-            },
-        )
-
-
@console_ns.route("/workspaces/current/plugin/list/latest-versions")
 class PluginListLatestVersionsApi(Resource):
    @console_ns.expect(console_ns.models[ParserLatest.__name__])
@ -934,13 +713,11 @@ class PluginChangePermissionApi(Resource):

        args = ParserPermissionChange.model_validate(console_ns.payload)

-        set_permission_result = PluginPermissionService.change_permission(
-            tenant_id, args.install_permission, args.debug_permission
-        )
-        if not set_permission_result:
-            return jsonable_encoder({"success": False, "message": "Failed to set permission"})
-
-        return jsonable_encoder({"success": True})
+        return {
+            "success": PluginPermissionService.change_permission(
+                tenant_id, args.install_permission, args.debug_permission
+            )
+        }


@console_ns.route("/workspaces/current/plugin/permission/fetch")
@ -1029,10 +806,10 @@ class PluginFetchDynamicSelectOptionsWithCredentialsApi(Resource):
        return jsonable_encoder({"options": options})


-@console_ns.route("/workspaces/current/plugin/auto-upgrade/change")
-class PluginChangeAutoUpgradeApi(Resource):
-    @console_ns.expect(console_ns.models[ParserAutoUpgradeChange.__name__])
-    @console_ns.response(200, "Success", console_ns.models[PluginAutoUpgradeChangeResponse.__name__])
+@console_ns.route("/workspaces/current/plugin/preferences/change")
+class PluginChangePreferencesApi(Resource):
+    @console_ns.expect(console_ns.models[ParserPreferencesChange.__name__])
+    @console_ns.response(200, "Success", console_ns.models[PluginOperationSuccessResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
@ -1042,17 +819,38 @@ class PluginChangeAutoUpgradeApi(Resource):
        if not user.is_admin_or_owner:
            raise Forbidden()

-        args = ParserAutoUpgradeChange.model_validate(console_ns.payload)
+        args = ParserPreferencesChange.model_validate(console_ns.payload)
+
+        permission = args.permission
+
+        install_permission = permission.install_permission
+        debug_permission = permission.debug_permission

        auto_upgrade = args.auto_upgrade
+
+        strategy_setting = auto_upgrade.strategy_setting
+        upgrade_time_of_day = auto_upgrade.upgrade_time_of_day
+        upgrade_mode = auto_upgrade.upgrade_mode
+        exclude_plugins = auto_upgrade.exclude_plugins
+        include_plugins = auto_upgrade.include_plugins
+
+        # set permission
+        set_permission_result = PluginPermissionService.change_permission(
+            tenant_id,
+            install_permission,
+            debug_permission,
+        )
+        if not set_permission_result:
+            return jsonable_encoder({"success": False, "message": "Failed to set permission"})
+
+        # set auto upgrade strategy
        set_auto_upgrade_strategy_result = PluginAutoUpgradeService.change_strategy(
            tenant_id,
-            auto_upgrade.strategy_setting,
-            auto_upgrade.upgrade_time_of_day,
-            auto_upgrade.upgrade_mode,
-            auto_upgrade.exclude_plugins,
-            auto_upgrade.include_plugins,
-            category=args.category,
+            strategy_setting,
+            upgrade_time_of_day,
+            upgrade_mode,
+            exclude_plugins,
+            include_plugins,
        )
        if not set_auto_upgrade_strategy_result:
            return jsonable_encoder({"success": False, "message": "Failed to set auto upgrade strategy"})
@ -1060,35 +858,49 @@ class PluginChangeAutoUpgradeApi(Resource):
        return jsonable_encoder({"success": True})


-@console_ns.route("/workspaces/current/plugin/auto-upgrade/fetch")
-class PluginFetchAutoUpgradeApi(Resource):
-    @console_ns.doc(params=query_params_from_model(ParserAutoUpgradeFetch))
-    @console_ns.response(200, "Success", console_ns.models[PluginAutoUpgradeFetchResponse.__name__])
+@console_ns.route("/workspaces/current/plugin/preferences/fetch")
+class PluginFetchPreferencesApi(Resource):
+    @console_ns.response(200, "Success", console_ns.models[PluginPreferencesResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
    @with_current_tenant_id
    def get(self, tenant_id: str):
-        args = ParserAutoUpgradeFetch.model_validate(request.args.to_dict(flat=True))
-        auto_upgrade = PluginAutoUpgradeService.get_strategy(tenant_id, args.category)
-        auto_upgrade_dict = (
-            _auto_upgrade_settings_to_dict(auto_upgrade)
-            if auto_upgrade
-            else _default_auto_upgrade_settings(tenant_id, args.category)
-        )
+        permission = PluginPermissionService.get_permission(tenant_id)
+        permission_dict = {
+            "install_permission": TenantPluginPermission.InstallPermission.EVERYONE,
+            "debug_permission": TenantPluginPermission.DebugPermission.EVERYONE,
+        }

-        return jsonable_encoder(
-            {
-                "category": args.category,
-                "auto_upgrade": auto_upgrade_dict,
+        if permission:
+            permission_dict["install_permission"] = permission.install_permission
+            permission_dict["debug_permission"] = permission.debug_permission
+
+        auto_upgrade = PluginAutoUpgradeService.get_strategy(tenant_id)
+        auto_upgrade_dict = {
+            "strategy_setting": TenantPluginAutoUpgradeStrategy.StrategySetting.DISABLED,
+            "upgrade_time_of_day": 0,
+            "upgrade_mode": TenantPluginAutoUpgradeStrategy.UpgradeMode.EXCLUDE,
+            "exclude_plugins": [],
+            "include_plugins": [],
+        }
+
+        if auto_upgrade:
+            auto_upgrade_dict = {
+                "strategy_setting": auto_upgrade.strategy_setting,
+                "upgrade_time_of_day": auto_upgrade.upgrade_time_of_day,
+                "upgrade_mode": auto_upgrade.upgrade_mode,
+                "exclude_plugins": auto_upgrade.exclude_plugins,
+                "include_plugins": auto_upgrade.include_plugins,
            }
-        )
+
+        return jsonable_encoder({"permission": permission_dict, "auto_upgrade": auto_upgrade_dict})


-@console_ns.route("/workspaces/current/plugin/auto-upgrade/exclude")
+@console_ns.route("/workspaces/current/plugin/preferences/autoupgrade/exclude")
 class PluginAutoUpgradeExcludePluginApi(Resource):
    @console_ns.expect(console_ns.models[ParserExcludePlugin.__name__])
-    @console_ns.response(200, "Success", console_ns.models[SuccessResponse.__name__])
+    @console_ns.response(200, "Success", console_ns.models[PluginOperationSuccessResponse.__name__])
    @setup_required
    @login_required
    @account_initialization_required
@ -1097,9 +909,7 @@ class PluginAutoUpgradeExcludePluginApi(Resource):
        # exclude one single plugin
        args = ParserExcludePlugin.model_validate(console_ns.payload)

-        return jsonable_encoder(
-            {"success": PluginAutoUpgradeService.exclude_plugin(tenant_id, args.plugin_id, args.category)}
-        )
+        return jsonable_encoder({"success": PluginAutoUpgradeService.exclude_plugin(tenant_id, args.plugin_id)})


@console_ns.route("/workspaces/current/plugin/readme")
--- a/api/controllers/console/workspace/workspace.py
+++ b/api/controllers/console/workspace/workspace.py
@ -31,9 +31,9 @@ from controllers.console.wraps import (
 from enums.cloud_plan import CloudPlan
 from extensions.ext_database import db
 from fields.base import ResponseModel
-from libs.helper import OptionalTimestampField, TimestampField, dump_response, to_timestamp
+from libs.helper import TimestampField, dump_response, to_timestamp
 from libs.login import login_required
-from models.account import Account, Tenant, TenantAccountJoin, TenantCustomConfigDict, TenantStatus
+from models.account import Account, Tenant, TenantCustomConfigDict, TenantStatus
 from services.account_service import TenantService
 from services.billing_service import BillingService, SubscriptionPlan
 from services.enterprise.enterprise_service import EnterpriseService
@ -219,7 +219,6 @@ tenants_fields = {
    "plan": fields.String,
    "status": fields.String,
    "created_at": TimestampField,
-    "last_opened_at": OptionalTimestampField,
    "current": fields.Boolean,
 }

@ -235,12 +234,7 @@ class TenantListApi(Resource):
    @with_current_user
    @with_current_tenant_id
    def get(self, current_tenant_id: str, current_user: Account):
-        tenant_rows: list[tuple[Tenant, TenantAccountJoin]] = [
-            (tenant, membership)
-            for tenant, membership in TenantService.get_workspaces_for_account(db.session, current_user.id)
-            if tenant.status == TenantStatus.NORMAL
-        ]
-        tenants = [tenant for tenant, _ in tenant_rows]
+        tenants = TenantService.get_join_tenants(current_user)
        tenant_dicts = []
        is_enterprise_only = dify_config.ENTERPRISE_ENABLED and not dify_config.BILLING_ENABLED
        is_saas = dify_config.EDITION == "CLOUD" and dify_config.BILLING_ENABLED
@ -253,7 +247,7 @@ class TenantListApi(Resource):
                if not tenant_plans:
                    logger.warning("get_plan_bulk returned empty result, falling back to legacy feature path")

-        for tenant, membership in tenant_rows:
+        for tenant in tenants:
            plan: str = CloudPlan.SANDBOX
            if is_saas:
                tenant_plan = tenant_plans.get(tenant.id)
@ -272,7 +266,6 @@ class TenantListApi(Resource):
                "name": tenant.name,
                "status": tenant.status,
                "created_at": tenant.created_at,
-                "last_opened_at": membership.last_opened_at,
                "plan": plan,
                "current": tenant.id == current_tenant_id if current_tenant_id else False,
            }
--- a/api/core/app/apps/agent_app/app_generator.py
+++ b/api/core/app/apps/agent_app/app_generator.py
@ -158,110 +158,6 @@ class AgentAppGenerator(MessageBasedAppGenerator):
        )
        return AgentAppGenerateResponseConverter.convert(response=response, invoke_from=invoke_from)

-    def resume_after_form_submission(
-        self,
-        *,
-        app_model: App,
-        user: Account | EndUser,
-        conversation_id: str,
-        invoke_from: InvokeFrom,
-    ) -> None:
-        """Resume an Agent App conversation after a submitted ask_human HITL form.
-
-        ENG-635: triggered by a background task (not an HTTP request). Runs one
-        blocking turn with no user query; the runner threads the human's reply
-        into the agent run as deferred_tool_results and the assistant answer is
-        persisted to the conversation. Live streaming to a reconnected client is
-        out of scope here — the message is persisted and can be re-fetched.
-        """
-        agent, snapshot, agent_soul = self._resolve_agent(app_model)
-        conversation = ConversationService.get_conversation(
-            app_model=app_model, conversation_id=conversation_id, user=user
-        )
-
-        app_config = AgentAppConfigManager.get_app_config(
-            app_model=app_model,
-            agent_soul=agent_soul,
-            app_model_config=app_model.app_model_config,
-            conversation=conversation,
-        )
-        model_conf = ModelConfigConverter.convert(app_config)
-        trace_manager = TraceQueueManager(app_model.id, user.id if isinstance(user, Account) else user.session_id)
-
-        # ENG-638: the agent backend requires the resume composition's layer
-        # names to match the suspended snapshot, which includes the per-turn
-        # user-prompt layer. So re-send the original user message (the paused
-        # turn's query); the continuation is driven by deferred_tool_results and
-        # the restored snapshot, not by re-processing this prompt. A blank prompt
-        # would drop the user-prompt layer and fail the snapshot match.
-        paused_message = db.session.scalar(
-            select(Message)
-            .where(Message.conversation_id == conversation.id, Message.query != "")
-            .order_by(Message.created_at.desc())
-            .limit(1)
-        )
-        resume_query = paused_message.query if paused_message and paused_message.query else "(resumed)"
-
-        application_generate_entity = AgentAppGenerateEntity(
-            task_id=str(uuid.uuid4()),
-            app_config=app_config,
-            model_conf=model_conf,
-            conversation_id=conversation.id,
-            # A resume carries no new user inputs; the human's answer is the
-            # submitted form, threaded in by the runner as deferred_tool_results.
-            # The query re-sends the paused turn's message (see above).
-            inputs={},
-            query=resume_query,
-            files=[],
-            parent_message_id=UUID_NIL,
-            user_id=user.id,
-            stream=False,
-            invoke_from=invoke_from,
-            extras={"auto_generate_conversation_name": False},
-            call_depth=0,
-            trace_manager=trace_manager,
-            agent_id=agent.id,
-            agent_config_snapshot_id=snapshot.id,
-        )
-
-        conversation, message = self._init_generate_records(application_generate_entity, conversation)
-
-        queue_manager = MessageBasedAppQueueManager(
-            task_id=application_generate_entity.task_id,
-            user_id=application_generate_entity.user_id,
-            invoke_from=application_generate_entity.invoke_from,
-            conversation_id=conversation.id,
-            app_mode=conversation.mode,
-            message_id=message.id,
-        )
-
-        context = contextvars.copy_context()
-        worker_thread = threading.Thread(
-            target=self._generate_worker,
-            kwargs={
-                "flask_app": current_app._get_current_object(),  # type: ignore
-                "context": context,
-                "application_generate_entity": application_generate_entity,
-                "queue_manager": queue_manager,
-                "conversation_id": conversation.id,
-                "message_id": message.id,
-                "user_from": UserFrom.ACCOUNT if isinstance(user, Account) else UserFrom.END_USER,
-                # Resume continues a paused agent run; skip input guards (see _generate_worker).
-                "is_resume": True,
-            },
-        )
-        worker_thread.start()
-
-        # Blocking: drive the chat task pipeline to persist the assistant answer.
-        self._handle_response(
-            application_generate_entity=application_generate_entity,
-            queue_manager=queue_manager,
-            conversation=conversation,
-            message=message,
-            user=user,
-            stream=False,
-        )
-
    def _generate_worker(
        self,
        *,
@ -272,7 +168,6 @@ class AgentAppGenerator(MessageBasedAppGenerator):
        conversation_id: str,
        message_id: str,
        user_from: UserFrom,
-        is_resume: bool = False,
    ) -> None:
        from libs.flask_utils import preserve_flask_contexts

@ -282,30 +177,20 @@ class AgentAppGenerator(MessageBasedAppGenerator):
                message = self._get_message(message_id)
                app_config = application_generate_entity.app_config

-                if is_resume:
-                    # ENG-638: a resume continues a paused agent run; the human's
-                    # reply is threaded in by the runner as deferred_tool_results.
-                    # The query is the replayed paused-turn message, kept only to
-                    # match the suspended snapshot's layers — it is NOT new
-                    # end-user input, so input guards must NOT run. Moderation or an
-                    # annotation match on the replayed query would short-circuit the
-                    # turn and drop the human reply, stranding the ask_human session.
-                    query = application_generate_entity.query or ""
-                else:
-                    # Apply app-level input guards (content moderation + annotation
-                    # reply) before reaching the Agent backend, mirroring the EasyUI
-                    # chat / agent-chat runners. These can short-circuit the turn.
-                    app_model = db.session.get(App, app_config.app_id)
-                    if app_model is None:
-                        raise AgentAppGeneratorError("App not found")
-                    handled, query = self._run_input_guards(
-                        application_generate_entity=application_generate_entity,
-                        app_model=app_model,
-                        message=message,
-                        queue_manager=queue_manager,
-                    )
-                    if handled:
-                        return
+                # Apply app-level input guards (content moderation + annotation
+                # reply) before reaching the Agent backend, mirroring the EasyUI
+                # chat / agent-chat runners. These can short-circuit the turn.
+                app_model = db.session.get(App, app_config.app_id)
+                if app_model is None:
+                    raise AgentAppGeneratorError("App not found")
+                handled, query = self._run_input_guards(
+                    application_generate_entity=application_generate_entity,
+                    app_model=app_model,
+                    message=message,
+                    queue_manager=queue_manager,
+                )
+                if handled:
+                    return

                dify_context = DifyRunContext(
                    tenant_id=app_config.tenant_id,
--- a/api/core/app/apps/agent_app/app_runner.py
+++ b/api/core/app/apps/agent_app/app_runner.py
@ -14,12 +14,9 @@ import json
 import logging
 from typing import Any

-from dify_agent.layers.ask_human import AskHumanToolArgs
-from dify_agent.protocol import DeferredToolResultsPayload
 from pydantic import JsonValue

 from clients.agent_backend import (
-    AgentBackendDeferredToolCallInternalEvent,
    AgentBackendError,
    AgentBackendInternalEventType,
    AgentBackendRunClient,
@ -30,21 +27,13 @@ from clients.agent_backend import (
 )
 from core.app.apps.agent_app.runtime_request_builder import (
    AgentAppRuntimeBuildContext,
-    AgentAppRuntimeRequest,
    AgentAppRuntimeRequestBuilder,
 )
-from core.app.apps.agent_app.session_store import (
-    AgentAppRuntimeSessionStore,
-    AgentAppSessionScope,
-    StoredAgentAppSession,
-)
+from core.app.apps.agent_app.session_store import AgentAppRuntimeSessionStore, AgentAppSessionScope
 from core.app.apps.base_app_queue_manager import AppQueueManager, PublishFrom
 from core.app.apps.exc import GenerateTaskStoppedError
 from core.app.entities.app_invoke_entities import DifyRunContext
 from core.app.entities.queue_entities import QueueLLMChunkEvent, QueueMessageEndEvent
-from core.repositories.human_input_repository import HumanInputFormRepository, HumanInputFormRepositoryImpl
-from core.workflow.nodes.agent_v2.ask_human_hitl import AskHumanFormBuildError, create_ask_human_form
-from core.workflow.nodes.agent_v2.ask_human_resume import build_deferred_tool_results, resolve_ask_human_form
 from graphon.model_runtime.entities.llm_entities import LLMResult, LLMResultChunk, LLMResultChunkDelta, LLMUsage
 from graphon.model_runtime.entities.message_entities import AssistantPromptMessage
 from models.agent_config_entities import AgentSoulConfig
@ -115,13 +104,7 @@ class AgentAppRunner:
            agent_id=agent_id,
            agent_config_snapshot_id=agent_config_snapshot_id,
        )
-        # ENG-638: if a prior turn paused on ask_human and the form is now answered,
-        # resume by threading the human's reply into this run as deferred_tool_results.
-        stored = self._session_store.load_active_session(scope)
-        session_snapshot = stored.session_snapshot if stored is not None else None
-        deferred_tool_results = self._resolve_pending_ask_human(
-            stored=stored, dify_context=dify_context, message_id=message_id
-        )
+        session_snapshot = self._session_store.load_active_snapshot(scope)

        runtime = self._request_builder.build(
            AgentAppRuntimeBuildContext(
@ -133,29 +116,12 @@ class AgentAppRunner:
                user_query=query,
                idempotency_key=message_id,
                session_snapshot=session_snapshot,
-                deferred_tool_results=deferred_tool_results,
            )
        )

        create_response = self._agent_backend_client.create_run(runtime.request)
        terminal = self._consume_stream(create_response.run_id, queue_manager=queue_manager)

-        if isinstance(terminal, AgentBackendDeferredToolCallInternalEvent):
-            # ENG-635: the agent asked a human. End this turn with the question and
-            # a conversation-owned HITL form; a form submission resumes the run.
-            self._pause_for_ask_human(
-                terminal=terminal,
-                scope=scope,
-                dify_context=dify_context,
-                agent_soul=agent_soul,
-                conversation_id=conversation_id,
-                message_id=message_id,
-                model_name=model_name,
-                runtime=runtime,
-                queue_manager=queue_manager,
-            )
-            return
-
        if not isinstance(terminal, AgentBackendRunSucceededInternalEvent):
            error = getattr(terminal, "error", None) or "Agent backend run did not complete successfully."
            raise AgentBackendError(str(error))
@ -169,93 +135,6 @@ class AgentAppRunner:
            runtime_layer_specs=extract_runtime_layer_specs(runtime.request.composition),
        )

-    def _pause_for_ask_human(
-        self,
-        *,
-        terminal: AgentBackendDeferredToolCallInternalEvent,
-        scope: AgentAppSessionScope,
-        dify_context: DifyRunContext,
-        agent_soul: AgentSoulConfig,
-        conversation_id: str,
-        message_id: str,
-        model_name: str,
-        runtime: AgentAppRuntimeRequest,
-        queue_manager: AppQueueManager,
-    ) -> None:
-        """End the chat turn on a dify.ask_human call: create a conversation-owned
-        HITL form, persist the pause correlation, and surface the question."""
-        try:
-            created = create_ask_human_form(
-                deferred_tool_call=terminal.deferred_tool_call,
-                # Chat forms have no workflow node; key by the turn's message id.
-                node_id=message_id,
-                default_node_title="Agent",
-                contacts=agent_soul.human.contacts,
-                repository=self._build_form_repository(dify_context),
-                conversation_id=conversation_id,
-            )
-        except AskHumanFormBuildError as error:
-            raise AgentBackendError(f"Failed to build ask_human form for Agent App chat: {error}") from error
-
-        # Persist the snapshot + correlation so a form submission can start the
-        # second run with the human's answer (ENG-637/638 columns, conversation owner).
-        self._save_session(
-            scope=scope,
-            backend_run_id=terminal.run_id,
-            snapshot=terminal.session_snapshot,
-            runtime_layer_specs=extract_runtime_layer_specs(runtime.request.composition),
-            pending_form_id=created.form_id,
-            pending_tool_call_id=terminal.deferred_tool_call.tool_call_id,
-        )
-
-        # The structured form is delivered via the HITL surface(s); the chat turn
-        # ends by echoing the agent's question so the conversation reflects the ask.
-        self._publish_answer(
-            queue_manager=queue_manager,
-            model_name=model_name,
-            answer=self._ask_human_message(created.args),
-        )
-
-    def _resolve_pending_ask_human(
-        self,
-        *,
-        stored: StoredAgentAppSession | None,
-        dify_context: DifyRunContext,
-        message_id: str,
-    ) -> DeferredToolResultsPayload | None:
-        """Build deferred_tool_results when a pending ask_human form is answered."""
-        if stored is None or stored.pending_form_id is None or stored.pending_tool_call_id is None:
-            return None
-        outcome = resolve_ask_human_form(
-            form_id=stored.pending_form_id,
-            tenant_id=dify_context.tenant_id,
-            node_id=message_id,
-        )
-        if outcome is None or outcome.deferred_result is None:
-            # Form missing or still waiting — run a normal turn, no resume.
-            return None
-        return build_deferred_tool_results(
-            tool_call_id=stored.pending_tool_call_id,
-            result=outcome.deferred_result,
-        )
-
-    def _build_form_repository(self, dify_context: DifyRunContext) -> HumanInputFormRepository:
-        invoke_source = dify_context.invoke_from.value
-        return HumanInputFormRepositoryImpl(
-            tenant_id=dify_context.tenant_id,
-            app_id=dify_context.app_id,
-            workflow_execution_id=None,
-            invoke_source=invoke_source,
-            submission_actor_id=dify_context.user_id if invoke_source in {"debugger", "explore"} else None,
-        )
-
-    @staticmethod
-    def _ask_human_message(args: AskHumanToolArgs) -> str:
-        parts = [args.question]
-        if args.markdown:
-            parts.append(args.markdown)
-        return "\n\n".join(parts)
-
    def _consume_stream(self, run_id: str, *, queue_manager: AppQueueManager):
        terminal = None
        for public_event in self._agent_backend_client.stream_events(run_id):
@ -299,8 +178,6 @@ class AgentAppRunner:
        backend_run_id: str,
        snapshot: Any,
        runtime_layer_specs: Any,
-        pending_form_id: str | None = None,
-        pending_tool_call_id: str | None = None,
    ) -> None:
        try:
            self._session_store.save_active_snapshot(
@ -308,8 +185,6 @@ class AgentAppRunner:
                backend_run_id=backend_run_id,
                snapshot=snapshot,
                runtime_layer_specs=runtime_layer_specs,
-                pending_form_id=pending_form_id,
-                pending_tool_call_id=pending_tool_call_id,
            )
        except Exception:
            logger.warning(
--- a/api/core/app/apps/agent_app/runtime_request_builder.py
+++ b/api/core/app/apps/agent_app/runtime_request_builder.py
@ -18,7 +18,7 @@ from dify_agent.layers.execution_context import (
    DifyExecutionContextLayerConfig,
    DifyExecutionContextUserFrom,
 )
-from dify_agent.protocol import CreateRunRequest, DeferredToolResultsPayload
+from dify_agent.protocol import CreateRunRequest

 from clients.agent_backend import (
    AgentBackendAgentAppRunInput,
@ -34,7 +34,6 @@ from core.workflow.nodes.agent_v2.plugin_tools_builder import (
 )
 from core.workflow.nodes.agent_v2.runtime_request_builder import (
    append_runtime_warnings,
-    build_ask_human_layer_config,
    build_drive_layer_config,
    build_shell_layer_config,
 )
@ -65,8 +64,6 @@ class AgentAppRuntimeBuildContext:
    user_query: str
    idempotency_key: str
    session_snapshot: CompositorSessionSnapshot | None = None
-    # ENG-638: set when resuming a chat turn after a submitted ask_human form.
-    deferred_tool_results: DeferredToolResultsPayload | None = None


@dataclass(frozen=True, slots=True)
@ -157,11 +154,9 @@ class AgentAppRuntimeRequestBuilder:
                user_prompt=context.user_query,
                tools=tools_layer,
                drive_config=drive_config,
-                ask_human_config=build_ask_human_layer_config(agent_soul),
                include_shell=dify_config.AGENT_SHELL_ENABLED,
                shell_config=build_shell_layer_config(agent_soul),
                session_snapshot=context.session_snapshot,
-                deferred_tool_results=context.deferred_tool_results,
                idempotency_key=context.idempotency_key,
                metadata=metadata,
            )
--- a/api/core/app/apps/agent_app/session_store.py
+++ b/api/core/app/apps/agent_app/session_store.py
@ -56,10 +56,6 @@ class StoredAgentAppSession:
    session_snapshot: CompositorSessionSnapshot
    backend_run_id: str | None
    runtime_layer_specs: list[RuntimeLayerSpec] = field(default_factory=list)
-    # ENG-635: set while the conversation turn is paused on a dify.ask_human
-    # deferred call, awaiting a HITL form submission.
-    pending_form_id: str | None = None
-    pending_tool_call_id: str | None = None


 class AgentAppRuntimeSessionStore:
@ -79,8 +75,6 @@ class AgentAppRuntimeSessionStore:
                session_snapshot=CompositorSessionSnapshot.model_validate_json(row.session_snapshot),
                backend_run_id=row.backend_run_id,
                runtime_layer_specs=_deserialize_runtime_layer_specs(row.composition_layer_specs),
-                pending_form_id=row.pending_form_id,
-                pending_tool_call_id=row.pending_tool_call_id,
            )

    def load_active_session_for_conversation(
@ -131,8 +125,6 @@ class AgentAppRuntimeSessionStore:
        backend_run_id: str,
        snapshot: CompositorSessionSnapshot | None,
        runtime_layer_specs: list[RuntimeLayerSpec],
-        pending_form_id: str | None = None,
-        pending_tool_call_id: str | None = None,
    ) -> None:
        if snapshot is None:
            return
@ -152,8 +144,6 @@ class AgentAppRuntimeSessionStore:
                    session_snapshot=snapshot_json,
                    composition_layer_specs=runtime_layer_specs_json,
                    status=AgentRuntimeSessionStatus.ACTIVE,
-                    pending_form_id=pending_form_id,
-                    pending_tool_call_id=pending_tool_call_id,
                )
                session.add(row)
            else:
@ -162,9 +152,6 @@ class AgentAppRuntimeSessionStore:
                row.composition_layer_specs = runtime_layer_specs_json
                row.status = AgentRuntimeSessionStatus.ACTIVE
                row.cleaned_at = None
-                # Set (or clear, when omitted) the ask_human pause correlation.
-                row.pending_form_id = pending_form_id
-                row.pending_tool_call_id = pending_tool_call_id
            session.flush()
            other_rows = session.scalars(
                select(AgentRuntimeSession).where(
--- a/api/core/helper/marketplace.py
+++ b/api/core/helper/marketplace.py
@ -12,8 +12,6 @@ from extensions.ext_redis import redis_client
 marketplace_api_url = URL(str(dify_config.MARKETPLACE_API_URL))
 logger = logging.getLogger(__name__)

-MARKETPLACE_TIMEOUT = 30
-

 def get_plugin_pkg_url(plugin_unique_identifier: str) -> str:
    return str((marketplace_api_url / "api/v1/plugins/download").with_query(unique_identifier=plugin_unique_identifier))
@ -28,12 +26,7 @@ def batch_fetch_plugin_manifests(plugin_ids: list[str]) -> Sequence[MarketplaceP
        return []

    url = str(marketplace_api_url / "api/v1/plugins/batch")
-    response = httpx.post(
-        url,
-        json={"plugin_ids": plugin_ids},
-        headers={"X-Dify-Version": dify_config.project.version},
-        timeout=MARKETPLACE_TIMEOUT,
-    )
+    response = httpx.post(url, json={"plugin_ids": plugin_ids}, headers={"X-Dify-Version": dify_config.project.version})
    response.raise_for_status()

    return [MarketplacePluginDeclaration.model_validate(plugin) for plugin in response.json()["data"]["plugins"]]
@ -44,12 +37,7 @@ def batch_fetch_plugin_by_ids(plugin_ids: list[str]) -> list[dict]:
        return []

    url = str(marketplace_api_url / "api/v1/plugins/batch")
-    response = httpx.post(
-        url,
-        json={"plugin_ids": plugin_ids},
-        headers={"X-Dify-Version": dify_config.project.version},
-        timeout=MARKETPLACE_TIMEOUT,
-    )
+    response = httpx.post(url, json={"plugin_ids": plugin_ids}, headers={"X-Dify-Version": dify_config.project.version})
    response.raise_for_status()

    data = response.json()
@ -58,7 +46,7 @@ def batch_fetch_plugin_by_ids(plugin_ids: list[str]) -> list[dict]:

 def record_install_plugin_event(plugin_unique_identifier: str):
    url = str(marketplace_api_url / "api/v1/stats/plugins/install_count")
-    response = httpx.post(url, json={"unique_identifier": plugin_unique_identifier}, timeout=MARKETPLACE_TIMEOUT)
+    response = httpx.post(url, json={"unique_identifier": plugin_unique_identifier})
    response.raise_for_status()


@ -76,7 +64,7 @@ def fetch_global_plugin_manifest(cache_key_prefix: str, cache_ttl: int) -> None:
        Exception: If any other error occurs during fetching or caching
    """
    url = str(marketplace_api_url / "api/v1/dist/plugins/manifest.json")
-    response = httpx.get(url, headers={"X-Dify-Version": dify_config.project.version}, timeout=MARKETPLACE_TIMEOUT)
+    response = httpx.get(url, headers={"X-Dify-Version": dify_config.project.version}, timeout=30)
    response.raise_for_status()

    raw_json = response.json()
--- a/api/core/plugin/entities/plugin_daemon.py
+++ b/api/core/plugin/entities/plugin_daemon.py
@ -168,7 +168,6 @@ class PluginInstallTask(BasePluginEntity):
 class PluginInstallTaskStartResponse(BaseModel):
    all_installed: bool = Field(description="Whether all plugins are installed.")
    task_id: str = Field(description="The ID of the install task.")
-    task: PluginInstallTask | None = Field(default=None, description="The install task.")


 class PluginVerification(BaseModel):
@ -207,11 +206,6 @@ class PluginListResponse(BaseModel):
    total: int


-class PluginListWithoutTotalResponse(BaseModel):
-    list: list[PluginEntity]
-    has_more: bool
-
-
 class PluginDynamicSelectOptionsResponse(BaseModel):
    options: Sequence[PluginParameterOption] = Field(description="The options of the dynamic select.")

--- a/api/core/plugin/impl/plugin.py
+++ b/api/core/plugin/impl/plugin.py
@ -6,7 +6,6 @@ from requests import HTTPError
 from core.plugin.entities.bundle import PluginBundleDependency
 from core.plugin.entities.plugin import (
    MissingPluginDependency,
-    PluginCategory,
    PluginDeclaration,
    PluginEntity,
    PluginInstallation,
@ -17,7 +16,6 @@ from core.plugin.entities.plugin_daemon import (
    PluginInstallTask,
    PluginInstallTaskStartResponse,
    PluginListResponse,
-    PluginListWithoutTotalResponse,
    PluginReadmeResponse,
 )
 from core.plugin.impl.base import BasePluginClient
@ -76,16 +74,6 @@ class PluginInstaller(BasePluginClient):
            params={"page": page, "page_size": page_size, "response_type": "paged"},
        )

-    def list_plugins_by_category(
-        self, tenant_id: str, category: PluginCategory, page: int, page_size: int
-    ) -> PluginListWithoutTotalResponse:
-        return self._request_with_plugin_daemon_response(
-            "GET",
-            f"plugin/{tenant_id}/management/{category.value}/list",
-            PluginListWithoutTotalResponse,
-            params={"page": page, "page_size": page_size, "response_type": "paged"},
-        )
-
    def upload_pkg(
        self,
        tenant_id: str,
--- a/api/core/plugin/plugin_service.py
+++ b/api/core/plugin/plugin_service.py
@ -31,7 +31,6 @@ from core.helper.marketplace import download_plugin_pkg
 from core.helper.model_provider_cache import ProviderCredentialsCache, ProviderCredentialsCacheType
 from core.plugin.entities.bundle import PluginBundleDependency
 from core.plugin.entities.plugin import (
-    PluginCategory,
    PluginDeclaration,
    PluginEntity,
    PluginInstallation,
@ -42,7 +41,6 @@ from core.plugin.entities.plugin_daemon import (
    PluginInstallTask,
    PluginInstallTaskStatus,
    PluginListResponse,
-    PluginListWithoutTotalResponse,
    PluginModelProviderEntity,
    PluginVerification,
 )
@ -439,19 +437,6 @@ class PluginService:
        PluginService._reconcile_endpoint_counts(tenant_id, user_id, plugins.list)
        return plugins

-    @staticmethod
-    def list_by_category(
-        tenant_id: str, category: PluginCategory, page: int, page_size: int
-    ) -> PluginListWithoutTotalResponse:
-        """
-        List plugins in one category with a has-more cursor signal and without calculating total.
-
-        The daemon scans tenant installations in the existing list order and stops once it finds one extra match.
-        This keeps pagination usable before category is persisted on installation rows.
-        """
-        manager = PluginInstaller()
-        return manager.list_plugins_by_category(tenant_id, category, page, page_size)
-
    @staticmethod
    def _normalize_endpoint_count(value: object) -> int:
        """Convert daemon endpoint counters to safe non-negative integers.
--- a/api/core/plugin/utils/converter.py
+++ b/api/core/plugin/utils/converter.py
@ -6,13 +6,16 @@ from graphon.file import File

 def convert_parameters_to_plugin_format(parameters: dict[str, Any]) -> dict[str, Any]:
    for parameter_name, parameter in parameters.items():
-        match parameter:
-            case File():
-                parameters[parameter_name] = parameter.to_plugin_parameter()
-            case [*items] if all(isinstance(p, File) for p in items):
-                parameters[parameter_name] = [p.to_plugin_parameter() for p in items]
-            case ToolSelector():
-                parameters[parameter_name] = parameter.to_plugin_parameter()
-            case [*items] if all(isinstance(p, ToolSelector) for p in items):
-                parameters[parameter_name] = [p.to_plugin_parameter() for p in items]
+        if isinstance(parameter, File):
+            parameters[parameter_name] = parameter.to_plugin_parameter()
+        elif isinstance(parameter, list) and all(isinstance(p, File) for p in parameter):
+            parameters[parameter_name] = []
+            for p in parameter:
+                parameters[parameter_name].append(p.to_plugin_parameter())
+        elif isinstance(parameter, ToolSelector):
+            parameters[parameter_name] = parameter.to_plugin_parameter()
+        elif isinstance(parameter, list) and all(isinstance(p, ToolSelector) for p in parameter):
+            parameters[parameter_name] = []
+            for p in parameter:
+                parameters[parameter_name].append(p.to_plugin_parameter())
    return parameters
--- a/api/core/rag/extractor/watercrawl/client.py
+++ b/api/core/rag/extractor/watercrawl/client.py
@ -118,18 +118,16 @@ class WaterCrawlAPIClient(BaseAPIClient):
        response.raise_for_status()
        if response.status_code == 204:
            return None
-        content_type = response.headers.get("Content-Type", "")
-        media_type = content_type.split(";", 1)[0].strip().lower()
-        if media_type == "application/json":
+        if response.headers.get("Content-Type") == "application/json":
            return response.json() or {}

-        if media_type == "application/octet-stream":
+        if response.headers.get("Content-Type") == "application/octet-stream":
            return response.content

-        if media_type == "text/event-stream":
+        if response.headers.get("Content-Type") == "text/event-stream":
            return self.process_eventstream(response)

-        raise Exception(f"Unknown response type: {content_type}")
+        raise Exception(f"Unknown response type: {response.headers.get('Content-Type')}")

    def get_crawl_requests_list(self, page: int | None = None, page_size: int | None = None):
        query_params = {"page": page or 1, "page_size": page_size or 10}
@ -219,7 +217,7 @@ class WaterCrawlAPIClient(BaseAPIClient):
                return event_data["data"]

    def download_result(self, result_object: dict[str, Any]):
-        response = httpx.get(result_object["result"], timeout=30)
+        response = httpx.get(result_object["result"], timeout=None)
        try:
            response.raise_for_status()
            result_object["result"] = response.json()
--- a/api/core/rag/index_processor/processor/paragraph_index_processor.py
+++ b/api/core/rag/index_processor/processor/paragraph_index_processor.py
@ -5,8 +5,6 @@ import re
 import uuid
 from typing import Any, TypedDict, cast, override

-from sqlalchemy.orm import scoped_session
-
 logger = logging.getLogger(__name__)

 from sqlalchemy import select
@ -413,13 +411,11 @@ class ParagraphIndexProcessor(BaseIndexProcessor):
        if supports_vision:
            # First, try to get images from SegmentAttachmentBinding (preferred method)
            if segment_id:
-                image_files = ParagraphIndexProcessor._extract_images_from_segment_attachments(
-                    tenant_id, segment_id, db.session
-                )
+                image_files = ParagraphIndexProcessor._extract_images_from_segment_attachments(tenant_id, segment_id)

            # If no images from attachments, fall back to extracting from text
            if not image_files:
-                image_files = ParagraphIndexProcessor._extract_images_from_text(tenant_id, text, db.session)
+                image_files = ParagraphIndexProcessor._extract_images_from_text(tenant_id, text)

        # Build prompt messages
        prompt_messages = []
@ -473,7 +469,7 @@ class ParagraphIndexProcessor(BaseIndexProcessor):
        return summary_content, usage

    @staticmethod
-    def _extract_images_from_text(tenant_id: str, text: str, session: scoped_session) -> list[File]:
+    def _extract_images_from_text(tenant_id: str, text: str) -> list[File]:
        """
        Extract images from markdown text and convert them to File objects.

@ -522,7 +518,7 @@ class ParagraphIndexProcessor(BaseIndexProcessor):

        # Get unique IDs for database query
        unique_upload_file_ids = list(set(upload_file_id_list))
-        upload_files = session.scalars(
+        upload_files = db.session.scalars(
            select(UploadFile).where(UploadFile.id.in_(unique_upload_file_ids), UploadFile.tenant_id == tenant_id)
        ).all()

@ -553,9 +549,7 @@ class ParagraphIndexProcessor(BaseIndexProcessor):
        return file_objects

    @staticmethod
-    def _extract_images_from_segment_attachments(
-        tenant_id: str, segment_id: str, session: scoped_session
-    ) -> list[File]:
+    def _extract_images_from_segment_attachments(tenant_id: str, segment_id: str) -> list[File]:
        """
        Extract images from SegmentAttachmentBinding table (preferred method).
        This matches how DatasetRetrieval gets segment attachments.
@ -570,7 +564,7 @@ class ParagraphIndexProcessor(BaseIndexProcessor):
        from sqlalchemy import select

        # Query attachments from SegmentAttachmentBinding table
-        attachments_with_bindings = session.execute(
+        attachments_with_bindings = db.session.execute(
            select(SegmentAttachmentBinding, UploadFile)
            .join(UploadFile, UploadFile.id == SegmentAttachmentBinding.attachment_id)
            .where(
--- a/api/core/repositories/human_input_repository.py
+++ b/api/core/repositories/human_input_repository.py
@ -63,10 +63,6 @@ class FormCreateParams:
    display_in_ui: bool
    resolved_default_values: Mapping[str, Any]
    form_kind: HumanInputFormKind = HumanInputFormKind.RUNTIME
-    # ENG-635: the conversation this form belongs to. Set together with
-    # workflow_execution_id for chatflow runs; set alone (workflow_execution_id None)
-    # for Agent v2 chat ask_human forms, which have no workflow run.
-    conversation_id: str | None = None


 class HumanInputFormRecipientEntity(Protocol):
@ -221,9 +217,6 @@ class HumanInputFormRecord:
    recipient_id: str | None
    recipient_type: RecipientType | None
    access_token: str | None
-    # ENG-635: Agent v2 chat owner (NULL for workflow-owned forms). Trailing +
-    # defaulted so existing record constructions stay source-compatible.
-    conversation_id: str | None = None

    @property
    def submitted(self) -> bool:
@ -239,7 +232,6 @@ class HumanInputFormRecord:
        return cls(
            form_id=form_model.id,
            workflow_run_id=form_model.workflow_run_id,
-            conversation_id=form_model.conversation_id,
            node_id=form_model.node_id,
            tenant_id=form_model.tenant_id,
            app_id=form_model.app_id,
@ -441,15 +433,8 @@ class HumanInputFormRepositoryImpl:
        if not app_id:
            raise ValueError("app_id is required to create a human input form")
        workflow_execution_id = params.workflow_execution_id or self._workflow_execution_id
-        # A RUNTIME form must be owned by at least one of: a workflow run (workflow /
-        # Human-Input / agent node) or a conversation turn (ENG-635: Agent v2 chat
-        # ask_human; chatflow runs set both — workflow_run_id and conversation_id).
-        if (
-            params.form_kind == HumanInputFormKind.RUNTIME
-            and workflow_execution_id is None
-            and params.conversation_id is None
-        ):
-            raise ValueError("a runtime human input form requires a workflow_execution_id or conversation_id")
+        if params.form_kind == HumanInputFormKind.RUNTIME and workflow_execution_id is None:
+            raise ValueError("workflow_execution_id is required for runtime human input forms")

        with session_factory.create_session() as session, session.begin():
            # Generate unique form ID
@ -471,7 +456,6 @@ class HumanInputFormRepositoryImpl:
                tenant_id=self._tenant_id,
                app_id=app_id,
                workflow_run_id=workflow_execution_id,
-                conversation_id=params.conversation_id,
                form_kind=params.form_kind,
                node_id=params.node_id,
                form_definition=form_definition.model_dump_json(),
--- a/api/core/tools/__base/tool.py
+++ b/api/core/tools/__base/tool.py
@ -66,21 +66,20 @@ class Tool(ABC):
            message_id=message_id,
        )

-        match result:
-            case ToolInvokeMessage():
+        if isinstance(result, ToolInvokeMessage):

-                def single_generator() -> Generator[ToolInvokeMessage, None, None]:
-                    yield result
+            def single_generator() -> Generator[ToolInvokeMessage, None, None]:
+                yield result

-                return single_generator()
-            case list():
+            return single_generator()
+        elif isinstance(result, list):

-                def generator() -> Generator[ToolInvokeMessage, None, None]:
-                    yield from result
+            def generator() -> Generator[ToolInvokeMessage, None, None]:
+                yield from result

-                return generator()
-            case _:
-                return result
+            return generator()
+        else:
+            return result

    def _transform_tool_parameters_type(self, tool_parameters: dict[str, Any]) -> dict[str, Any]:
        """
--- a/api/core/workflow/node_factory.py
+++ b/api/core/workflow/node_factory.py
@ -334,7 +334,6 @@ class DifyNodeFactory(NodeFactory):
                self.graph_runtime_state.variable_pool,
                SystemVariableKey.WORKFLOW_EXECUTION_ID,
            ),
-            conversation_id_getter=self._conversation_id,
        )
        self._tool_runtime = DifyToolNodeRuntime(self._dify_context)
        self._http_request_file_manager = file_manager
--- a/api/core/workflow/node_runtime.py
+++ b/api/core/workflow/node_runtime.py
@ -710,12 +710,10 @@ class DifyHumanInputNodeRuntime(HumanInputNodeRuntimeProtocol):
        run_context: Mapping[str, Any] | DifyRunContext,
        *,
        workflow_execution_id_getter: Callable[[], str | None] | None = None,
-        conversation_id_getter: Callable[[], str | None] | None = None,
        form_repository: HumanInputFormRepository | None = None,
    ) -> None:
        self._run_context = resolve_dify_run_context(run_context)
        self._workflow_execution_id_getter = workflow_execution_id_getter
-        self._conversation_id_getter = conversation_id_getter
        self._form_repository = form_repository
        self._file_reference_factory = DifyFileReferenceFactory(self._run_context)

@ -764,7 +762,6 @@ class DifyHumanInputNodeRuntime(HumanInputNodeRuntimeProtocol):
        return DifyHumanInputNodeRuntime(
            self._run_context,
            workflow_execution_id_getter=self._workflow_execution_id_getter,
-            conversation_id_getter=self._conversation_id_getter,
            form_repository=form_repository,
        )

@ -802,9 +799,6 @@ class DifyHumanInputNodeRuntime(HumanInputNodeRuntimeProtocol):
        repo = self.build_form_repository()
        params = FormCreateParams(
            workflow_execution_id=self._workflow_execution_id_getter() if self._workflow_execution_id_getter else None,
-            # A chatflow (advanced-chat) run carries a conversation; tag the form with
-            # it too so it is queryable per conversation. None for a pure workflow run.
-            conversation_id=self._conversation_id_getter() if self._conversation_id_getter else None,
            node_id=node_id,
            form_config=node_data,
            rendered_content=rendered_content,
--- a/api/core/workflow/nodes/agent_v2/agent_node.py
+++ b/api/core/workflow/nodes/agent_v2/agent_node.py
@ -24,16 +24,13 @@ from clients.agent_backend import (
    extract_runtime_layer_specs,
 )
 from core.app.entities.app_invoke_entities import DIFY_RUN_CONTEXT_KEY, DifyRunContext
-from core.repositories.human_input_repository import HumanInputFormRepository, HumanInputFormRepositoryImpl
 from core.workflow.system_variables import SystemVariableKey, get_system_text
-from graphon.entities.pause_reason import HumanInputRequired, SchedulingPause
+from graphon.entities.pause_reason import SchedulingPause
 from graphon.enums import BuiltinNodeTypes, WorkflowNodeExecutionMetadataKey, WorkflowNodeExecutionStatus
 from graphon.node_events import NodeEventBase, NodeRunResult, PauseRequestedEvent, StreamCompletedEvent
 from graphon.nodes.base.node import Node
-from models.agent_config_entities import AgentSoulConfig, WorkflowNodeJobConfig
+from models.agent_config_entities import WorkflowNodeJobConfig

-from .ask_human_hitl import AskHumanFormBuildError, build_ask_human_pause_reason
-from .ask_human_resume import build_deferred_tool_results, resolve_ask_human_form
 from .binding_resolver import WorkflowAgentBindingError, WorkflowAgentBindingResolver
 from .entities import DifyAgentNodeData
 from .output_adapter import WorkflowAgentOutputAdapter
@ -120,12 +117,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
            self.graph_runtime_state.variable_pool,
            SystemVariableKey.WORKFLOW_EXECUTION_ID,
        )
-        # Set on chatflow (advanced-chat) runs; None for a pure workflow run. Lets an
-        # ask_human form be tagged with its conversation in addition to workflow_run_id.
-        conversation_id = get_system_text(
-            self.graph_runtime_state.variable_pool,
-            SystemVariableKey.CONVERSATION_ID,
-        )
        inputs: dict[str, Any] = {}
        process_data: dict[str, Any] = {}
        metadata: dict[str, Any] = {
@ -177,33 +168,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
        )
        outputs_by_name = {o.name: o for o in effective_outputs}

-        # ──── ENG-638: resume after a submitted/timed-out ask_human form ────
-        # graphon re-executes this _run when the outer workflow resumes. If a
-        # pending ask_human form is now terminal, thread the human's answer into
-        # the second Agent run as deferred_tool_results; if it is somehow still
-        # waiting, re-emit the same pause defensively.
-        deferred_tool_results = None
-        if self._session_store is not None:
-            stored_session = self._session_store.load_active_session(session_scope)
-            if stored_session is not None and stored_session.pending_form_id is not None:
-                resume_outcome = resolve_ask_human_form(
-                    form_id=stored_session.pending_form_id,
-                    tenant_id=dify_ctx.tenant_id,
-                    node_id=self._node_id,
-                )
-                if resume_outcome is not None and resume_outcome.repause is not None:
-                    yield PauseRequestedEvent(reason=resume_outcome.repause)
-                    return
-                if (
-                    resume_outcome is not None
-                    and resume_outcome.deferred_result is not None
-                    and stored_session.pending_tool_call_id is not None
-                ):
-                    deferred_tool_results = build_deferred_tool_results(
-                        tool_call_id=stored_session.pending_tool_call_id,
-                        result=resume_outcome.deferred_result,
-                    )
-
        # ──── Retry loop (Stage 4 §7) ────
        attempt = 0
        while True:
@ -224,7 +188,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
                        snapshot=bundle.snapshot,
                        attempt=attempt,
                        session_snapshot=session_snapshot,
-                        deferred_tool_results=deferred_tool_results,
                    )
                )
            except WorkflowAgentRuntimeRequestBuildError as error:
@ -288,56 +251,19 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
                return

            if isinstance(terminal_event, AgentBackendDeferredToolCallInternalEvent):
-                # ENG-636: a dify.ask_human deferred call pauses the *outer*
-                # workflow through the existing HITL form path. Any other deferred
-                # tool (none today) falls back to a generic scheduling pause. The
-                # form is built *before* the snapshot is saved so its id can be
-                # persisted as the pause correlation (ENG-637).
-                try:
-                    pause_reason: HumanInputRequired | SchedulingPause | None = build_ask_human_pause_reason(
-                        deferred_tool_call=terminal_event.deferred_tool_call,
-                        node_id=self._node_id,
-                        default_node_title=bundle.agent.name or self._node_id,
-                        workflow_run_id=workflow_run_id,
-                        conversation_id=conversation_id,
-                        contacts=AgentSoulConfig.model_validate(bundle.snapshot.config_snapshot_dict).human.contacts,
-                        repository=self._build_human_input_form_repository(
-                            dify_ctx=dify_ctx, workflow_run_id=workflow_run_id
-                        ),
-                    )
-                except AskHumanFormBuildError as error:
-                    yield self._failure_event(
-                        inputs=inputs,
-                        process_data=process_data,
-                        metadata=metadata,
-                        error=str(error),
-                        error_type="agent_ask_human_form_build_error",
-                    )
-                    return
-
-                # ENG-637: persist the awaiting-form id + deferred tool_call id
-                # next to the snapshot so the resumed node can rebuild
-                # deferred_tool_results from the submitted form.
-                pending_form_id: str | None = None
-                pending_tool_call_id: str | None = None
-                if isinstance(pause_reason, HumanInputRequired):
-                    pending_form_id = pause_reason.form_id
-                    pending_tool_call_id = terminal_event.deferred_tool_call.tool_call_id
-                else:
-                    pause_reason = SchedulingPause(
-                        message=terminal_event.message
-                        or "Agent backend run requested workflow pause for external input."
-                    )
                self._save_session_snapshot(
                    session_scope=session_scope,
                    backend_run_id=terminal_event.run_id,
                    snapshot=terminal_event.session_snapshot,
                    runtime_layer_specs=extract_runtime_layer_specs(runtime_request.request.composition),
                    metadata=metadata,
-                    pending_form_id=pending_form_id,
-                    pending_tool_call_id=pending_tool_call_id,
                )
-                yield PauseRequestedEvent(reason=pause_reason)
+                yield PauseRequestedEvent(
+                    reason=SchedulingPause(
+                        message=terminal_event.message
+                        or "Agent backend run requested workflow pause for external input."
+                    )
+                )
                return

            # Non-success terminal (failed / cancelled) skips per-output
@ -522,27 +448,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
            ],
        }

-    def _build_human_input_form_repository(
-        self,
-        *,
-        dify_ctx: DifyRunContext,
-        workflow_run_id: str | None,
-    ) -> HumanInputFormRepository:
-        """Construct the existing HITL form repository for ask_human form creation.
-
-        Mirrors the Human Input node's repository wiring (``node_runtime``) so the
-        ask_human form shares the same delivery/debug/console behavior: a
-        submission actor is only attributed for debugger/explore surfaces.
-        """
-        invoke_source = dify_ctx.invoke_from.value
-        return HumanInputFormRepositoryImpl(
-            tenant_id=dify_ctx.tenant_id,
-            app_id=dify_ctx.app_id,
-            workflow_execution_id=workflow_run_id,
-            invoke_source=invoke_source,
-            submission_actor_id=dify_ctx.user_id if invoke_source in {"debugger", "explore"} else None,
-        )
-
    def _save_session_snapshot(
        self,
        *,
@ -551,8 +456,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
        snapshot: CompositorSessionSnapshot | None,
        runtime_layer_specs: list[RuntimeLayerSpec],
        metadata: dict[str, Any],
-        pending_form_id: str | None = None,
-        pending_tool_call_id: str | None = None,
    ) -> None:
        if self._session_store is None:
            return
@ -562,8 +465,6 @@ class DifyAgentNode(Node[DifyAgentNodeData]):
                backend_run_id=backend_run_id,
                snapshot=snapshot,
                runtime_layer_specs=runtime_layer_specs,
-                pending_form_id=pending_form_id,
-                pending_tool_call_id=pending_tool_call_id,
            )
            agent_backend = dict(metadata.get("agent_backend") or {})
            agent_backend["session_snapshot_persisted"] = snapshot is not None
--- a/api/core/workflow/nodes/agent_v2/ask_human_hitl.py
+++ b/api/core/workflow/nodes/agent_v2/ask_human_hitl.py
@ -1,354 +0,0 @@
-"""Map a ``dify.ask_human`` deferred tool call onto the existing HITL form path.
-
-ENG-636. When an Agent backend run ends with a deferred ``dify.ask_human`` tool
-call, the workflow Agent node pauses the *outer* workflow through the very same
-``HumanInputRequired`` form mechanism the Human Input node uses — reusing the
-form repository, delivery channels, and submission endpoints unchanged. This
-module is a pure translation layer: model-facing ask_human tool args become
-graphon form entities (``HumanInputNodeData`` / ``FormInputConfig`` /
-``UserActionConfig``) plus Dify delivery configs. It adds no new HITL behavior.
-
-The agent-side ``dify.ask_human`` contract is richer than the workflow form
-schema in two places, handled here without widening the form vocabulary:
-
-* ask_human fields carry a human label; graphon ``FormInputConfig`` does not.
-  Labels are rendered into ``form_content`` next to a ``{{#$output.<name>#}}``
-  marker — exactly how the Human Input node positions labelled inputs today.
-* ask_human action ids are valid identifiers of any length; graphon
-  ``UserActionConfig.id`` caps ids at 20 chars. Over-long ids are clamped
-  deterministically (stable + collision-resistant) so the form always builds;
-  the human-visible action *label* is always preserved verbatim.
-"""
-
-from __future__ import annotations
-
-import hashlib
-from collections.abc import Mapping, Sequence
-from dataclasses import dataclass
-from typing import Any, assert_never
-
-from dify_agent.layers.ask_human import (
-    AskHumanAction,
-    AskHumanField,
-    AskHumanFileField,
-    AskHumanFileListField,
-    AskHumanParagraphField,
-    AskHumanSelectField,
-    AskHumanToolArgs,
-)
-from dify_agent.protocol import DeferredToolCallPayload
-from pydantic import ValidationError
-
-from core.repositories.human_input_repository import FormCreateParams, HumanInputFormRepository
-from core.workflow.human_input_adapter import (
-    DeliveryChannelConfig,
-    EmailDeliveryConfig,
-    EmailDeliveryMethod,
-    EmailRecipients,
-    ExternalRecipient,
-    InteractiveSurfaceDeliveryMethod,
-)
-from graphon.entities.pause_reason import HumanInputRequired
-from graphon.nodes.human_input.entities import (
-    FileInputConfig,
-    FileListInputConfig,
-    FormInputConfig,
-    HumanInputNodeData,
-    ParagraphInputConfig,
-    SelectInputConfig,
-    StringListSource,
-    StringSource,
-    UserActionConfig,
-)
-from graphon.nodes.human_input.enums import ButtonStyle, TimeoutUnit, ValueSourceType
-from models.agent_config_entities import AgentHumanContactConfig
-
-# Default ask_human tool name (see ``DifyAskHumanLayerConfig.tool_name``). The
-# Agent node only knows how to translate this one deferred tool into a form.
-DEFAULT_ASK_HUMAN_TOOL_NAME = "ask_human"
-
-# Graphon ``UserActionConfig.id`` hard-caps identifiers at 20 chars.
-_MAX_ACTION_ID_LEN = 20
-# No timeout lives in the ask_human contract; reuse the Human Input node default.
-_DEFAULT_TIMEOUT_HOURS = 36
-_EMAIL_SUBJECT_MAX_LEN = 120
-
-# ``ButtonStyle`` has no "destructive"; map the ask_human destructive intent onto
-# the closest existing form style rather than extending the HITL vocabulary.
-_ACTION_STYLE_TO_BUTTON: dict[str, ButtonStyle] = {
-    "default": ButtonStyle.DEFAULT,
-    "primary": ButtonStyle.PRIMARY,
-    "destructive": ButtonStyle.ACCENT,
-}
-
-# ask_human permits zero actions (a plain acknowledgement); the form surface
-# needs at least one submit affordance.
-_DEFAULT_SUBMIT_ACTION = UserActionConfig(id="submit", title="Submit", button_style=ButtonStyle.PRIMARY)
-
-
-class AskHumanFormBuildError(ValueError):
-    """Raised when ask_human tool args cannot be mapped to a HITL form."""
-
-
-def parse_ask_human_args(raw_args: object) -> AskHumanToolArgs:
-    """Validate the raw deferred-tool ``args`` payload into ``AskHumanToolArgs``."""
-    if isinstance(raw_args, AskHumanToolArgs):
-        return raw_args
-    if isinstance(raw_args, Mapping):
-        try:
-            return AskHumanToolArgs.model_validate(dict(raw_args))
-        except ValidationError as error:
-            raise AskHumanFormBuildError(f"invalid ask_human args: {error}") from error
-    raise AskHumanFormBuildError(f"ask_human args must be a mapping, got {type(raw_args).__name__}")
-
-
-def _clamp_action_id(action_id: str) -> str:
-    """Return a stable graphon-safe (<= 20 char) action id.
-
-    ask_human ids are already valid identifiers; ids within the limit pass
-    through untouched so the resume round-trip returns the model's exact id.
-    Over-long ids are truncated with a short content hash to stay deterministic
-    and collision-resistant while remaining a valid identifier.
-    """
-    if len(action_id) <= _MAX_ACTION_ID_LEN:
-        return action_id
-    digest = hashlib.blake2b(action_id.encode("utf-8"), digest_size=3).hexdigest()
-    prefix = action_id[: _MAX_ACTION_ID_LEN - len(digest) - 1]
-    return f"{prefix}_{digest}"
-
-
-def _to_form_input(field: AskHumanField) -> FormInputConfig:
-    match field:
-        case AskHumanParagraphField():
-            default = (
-                StringSource(type=ValueSourceType.CONSTANT, value=field.default) if field.default is not None else None
-            )
-            return ParagraphInputConfig(output_variable_name=field.name, default=default)
-        case AskHumanSelectField():
-            return SelectInputConfig(
-                output_variable_name=field.name,
-                option_source=StringListSource(
-                    type=ValueSourceType.CONSTANT,
-                    value=[option.value for option in field.options],
-                ),
-            )
-        case AskHumanFileField():
-            return FileInputConfig(output_variable_name=field.name)
-        case AskHumanFileListField():
-            return FileListInputConfig(output_variable_name=field.name, number_limits=field.max_files or 0)
-        case _:  # pragma: no cover - exhaustive over the discriminated union
-            assert_never(field)
-
-
-def _to_user_actions(actions: Sequence[AskHumanAction]) -> list[UserActionConfig]:
-    if not actions:
-        return [_DEFAULT_SUBMIT_ACTION]
-    return [
-        UserActionConfig(
-            id=_clamp_action_id(action.id),
-            title=action.label,
-            button_style=_ACTION_STYLE_TO_BUTTON.get(action.style, ButtonStyle.DEFAULT),
-        )
-        for action in actions
-    ]
-
-
-def _render_form_content(args: AskHumanToolArgs) -> str:
-    """Compose the markdown body, positioning each field's label + input marker.
-
-    Graphon ``FormInputConfig`` carries no label, so the field label is written
-    into the content next to the ``{{#$output.<name>#}}`` marker that the form
-    surface replaces with the live input — identical to the Human Input node.
-    """
-    blocks: list[str] = []
-    if args.title:
-        blocks.append(f"## {args.title}")
-    blocks.append(args.question)
-    if args.markdown:
-        blocks.append(args.markdown)
-    for field in args.fields:
-        label = f"{field.label} *" if field.required else field.label
-        blocks.append(f"**{label}**\n\n{{{{#$output.{field.name}#}}}}")
-    return "\n\n".join(blocks)
-
-
-def _resolved_default_values(args: AskHumanToolArgs) -> dict[str, Any]:
-    """Pre-fill map the form surface reads, keyed by output variable name.
-
-    The graphon select input has no default field, so a select default can only
-    be conveyed here; paragraph defaults are included for a uniform pre-fill.
-    """
-    defaults: dict[str, Any] = {}
-    for field in args.fields:
-        if isinstance(field, AskHumanParagraphField | AskHumanSelectField) and field.default is not None:
-            defaults[field.name] = field.default
-    return defaults
-
-
-def ask_human_args_to_node_data(args: AskHumanToolArgs, *, node_title: str) -> HumanInputNodeData:
-    """Translate validated ask_human args into a synthetic Human Input node config."""
-    return HumanInputNodeData(
-        title=node_title,
-        form_content=_render_form_content(args),
-        inputs=[_to_form_input(field) for field in args.fields],
-        user_actions=_to_user_actions(args.actions),
-        timeout=_DEFAULT_TIMEOUT_HOURS,
-        timeout_unit=TimeoutUnit.HOUR,
-    )
-
-
-def build_delivery_methods(
-    contacts: Sequence[AgentHumanContactConfig],
-    *,
-    args: AskHumanToolArgs,
-) -> list[DeliveryChannelConfig]:
-    """Build form delivery channels: always the interactive surface, plus email to
-    the configured human contacts (the recipients chosen in Agent Soul)."""
-    methods: list[DeliveryChannelConfig] = [InteractiveSurfaceDeliveryMethod()]
-
-    seen: set[str] = set()
-    emails: list[str] = []
-    for contact in contacts:
-        email = (contact.email or "").strip()
-        if email and email not in seen:
-            seen.add(email)
-            emails.append(email)
-
-    if emails:
-        subject = (args.title or args.question).strip()[:_EMAIL_SUBJECT_MAX_LEN]
-        if args.urgency == "high":
-            subject = f"[Action needed] {subject}"
-        body = f"{args.question}\n\nOpen the request: {EmailDeliveryConfig.URL_PLACEHOLDER}"
-        methods.append(
-            EmailDeliveryMethod(
-                config=EmailDeliveryConfig(
-                    recipients=EmailRecipients(items=[ExternalRecipient(email=email) for email in emails]),
-                    subject=subject,
-                    body=body,
-                )
-            )
-        )
-    return methods
-
-
-@dataclass(frozen=True, slots=True)
-class AskHumanFormCreated:
-    """A created ask_human HITL form, owner-agnostic (workflow run or conversation)."""
-
-    form_id: str
-    args: AskHumanToolArgs
-    node_data: HumanInputNodeData
-    node_title: str
-    resolved_default_values: dict[str, Any]
-
-
-def create_ask_human_form(
-    *,
-    deferred_tool_call: DeferredToolCallPayload,
-    node_id: str,
-    default_node_title: str,
-    contacts: Sequence[AgentHumanContactConfig],
-    repository: HumanInputFormRepository,
-    workflow_run_id: str | None = None,
-    conversation_id: str | None = None,
-    display_in_ui: bool = True,
-) -> AskHumanFormCreated:
-    """Create a HITL form from an ask_human deferred call (caller verified tool_name).
-
-    The form is owned by exactly one of ``workflow_run_id`` (workflow Agent node)
-    or ``conversation_id`` (Agent v2 chat). Raises ``AskHumanFormBuildError`` on
-    invalid args, a missing owner, or a repository failure.
-    """
-    if not workflow_run_id and not conversation_id:
-        raise AskHumanFormBuildError("an ask_human HITL form requires a workflow_run_id or conversation_id")
-
-    args = parse_ask_human_args(deferred_tool_call.args)
-    node_title = args.title or default_node_title
-    node_data = ask_human_args_to_node_data(args, node_title=node_title)
-    resolved_default_values = _resolved_default_values(args)
-
-    try:
-        form = repository.create_form(
-            FormCreateParams(
-                workflow_execution_id=workflow_run_id,
-                conversation_id=conversation_id,
-                node_id=node_id,
-                form_config=node_data,
-                # No workflow-variable placeholders to resolve — the content is
-                # fully model-authored, so rendered == template.
-                rendered_content=node_data.form_content,
-                delivery_methods=build_delivery_methods(contacts, args=args),
-                display_in_ui=display_in_ui,
-                resolved_default_values=resolved_default_values,
-            )
-        )
-    except ValueError as error:
-        raise AskHumanFormBuildError(f"failed to create ask_human HITL form: {error}") from error
-
-    return AskHumanFormCreated(
-        form_id=form.id,
-        args=args,
-        node_data=node_data,
-        node_title=node_title,
-        resolved_default_values=resolved_default_values,
-    )
-
-
-def build_ask_human_pause_reason(
-    *,
-    deferred_tool_call: DeferredToolCallPayload,
-    node_id: str,
-    default_node_title: str,
-    workflow_run_id: str | None,
-    contacts: Sequence[AgentHumanContactConfig],
-    repository: HumanInputFormRepository,
-    conversation_id: str | None = None,
-    expected_tool_name: str = DEFAULT_ASK_HUMAN_TOOL_NAME,
-    display_in_ui: bool = True,
-) -> HumanInputRequired | None:
-    """Create a workflow HITL form for an ask_human call and return its pause reason.
-
-    Returns ``None`` when the deferred call is *not* the ask_human tool, letting
-    the caller fall back to a generic scheduling pause. Raises
-    ``AskHumanFormBuildError`` when the call is ask_human but its args or the form
-    cannot be built — the caller should surface that as a node failure rather
-    than a silent, unresumable pause.
-    """
-    if deferred_tool_call.tool_name != expected_tool_name:
-        return None
-    if not workflow_run_id:
-        raise AskHumanFormBuildError("workflow_run_id is required to create an ask_human HITL form")
-
-    created = create_ask_human_form(
-        deferred_tool_call=deferred_tool_call,
-        node_id=node_id,
-        default_node_title=default_node_title,
-        contacts=contacts,
-        repository=repository,
-        workflow_run_id=workflow_run_id,
-        # A chatflow agent node also belongs to a conversation; tag the form so it is
-        # queryable per conversation. None for a pure workflow run (workflow_run_id only).
-        conversation_id=conversation_id,
-        display_in_ui=display_in_ui,
-    )
-    return HumanInputRequired(
-        form_id=created.form_id,
-        form_content=created.node_data.form_content,
-        inputs=list(created.node_data.inputs),
-        actions=list(created.node_data.user_actions),
-        node_id=node_id,
-        node_title=created.node_title,
-        resolved_default_values=created.resolved_default_values,
-    )
-
-
-__all__ = [
-    "DEFAULT_ASK_HUMAN_TOOL_NAME",
-    "AskHumanFormBuildError",
-    "AskHumanFormCreated",
-    "ask_human_args_to_node_data",
-    "build_ask_human_pause_reason",
-    "build_delivery_methods",
-    "create_ask_human_form",
-    "parse_ask_human_args",
-]
--- a/api/core/workflow/nodes/agent_v2/ask_human_resume.py
+++ b/api/core/workflow/nodes/agent_v2/ask_human_resume.py
@ -1,159 +0,0 @@
-"""Resume an Agent run after a dify.ask_human HITL form reaches a terminal state.
-
-ENG-638. When the outer workflow resumes (the human submitted the form, or it
-timed out), graphon re-executes the Agent node's ``_run``. This module reads the
-correlated HITL form (by ``pending_form_id``) and maps it back into the
-agent-side ``dify.ask_human`` contract so the node can start a *second* Agent run
-that carries the human's answer:
-
-* submitted  -> AskHumanToolResult(status="submitted", action, values)
-* timeout / expired -> AskHumanToolResult(status="timeout")
-* still waiting (defensive: the host resumed us early) -> re-emit the same
-  HumanInputRequired pause rebuilt from the stored form definition.
-
-It only *reads* existing HITL form state — it never mutates the form or the HITL
-submission flow. The DB read (``resolve_ask_human_form``) is kept thin so the
-mapping (``map_form_to_outcome``) stays pure and unit-testable.
-"""
-
-from __future__ import annotations
-
-import json
-from dataclasses import dataclass
-
-from dify_agent.layers.ask_human import (
-    AskHumanResultStatus,
-    AskHumanSelectedAction,
-    AskHumanToolResult,
-)
-from dify_agent.protocol import DeferredToolResultsPayload
-from pydantic import JsonValue
-from sqlalchemy import select
-
-from core.db.session_factory import session_factory
-from graphon.entities.pause_reason import HumanInputRequired
-from graphon.nodes.human_input.entities import FormDefinition
-from graphon.nodes.human_input.enums import HumanInputFormStatus
-from models.human_input import HumanInputForm
-
-# A WAITING form has not been answered yet; the other terminal states map onto
-# the agent-facing result status. EXPIRED (global timeout) and TIMEOUT
-# (node-level) both surface to the model as "timeout" so it can react.
-_FORM_STATUS_TO_RESULT: dict[HumanInputFormStatus, AskHumanResultStatus] = {
-    HumanInputFormStatus.SUBMITTED: "submitted",
-    HumanInputFormStatus.TIMEOUT: "timeout",
-    HumanInputFormStatus.EXPIRED: "timeout",
-}
-
-
-@dataclass(frozen=True, slots=True)
-class AskHumanResumeOutcome:
-    """Result of inspecting a correlated ask_human form on workflow resume.
-
-    Exactly one of ``deferred_result`` / ``repause`` is set:
-    * ``deferred_result`` — the form reached a terminal state; start the second run.
-    * ``repause`` — the form is still waiting; re-emit this pause defensively.
-    """
-
-    deferred_result: AskHumanToolResult | None = None
-    repause: HumanInputRequired | None = None
-
-
-def resolve_ask_human_form(*, form_id: str, tenant_id: str, node_id: str) -> AskHumanResumeOutcome | None:
-    """Load the correlated form and map it to a resume outcome.
-
-    Returns ``None`` when the form no longer exists (correlation lost) — the
-    caller should fall back to a normal (non-resume) Agent run.
-    """
-    with session_factory.create_session() as session:
-        form = session.scalar(
-            select(HumanInputForm).where(
-                HumanInputForm.id == form_id,
-                HumanInputForm.tenant_id == tenant_id,
-            )
-        )
-        if form is None:
-            return None
-        return map_form_to_outcome(
-            status=form.status,
-            selected_action_id=form.selected_action_id,
-            submitted_data=form.submitted_data,
-            rendered_content=form.rendered_content,
-            form_definition=form.form_definition,
-            form_id=form.id,
-            node_id=node_id,
-        )
-
-
-def map_form_to_outcome(
-    *,
-    status: HumanInputFormStatus,
-    selected_action_id: str | None,
-    submitted_data: str | None,
-    rendered_content: str,
-    form_definition: str,
-    form_id: str,
-    node_id: str,
-) -> AskHumanResumeOutcome:
-    """Map a terminal (or still-waiting) HITL form to a resume outcome. Pure."""
-    definition = FormDefinition.model_validate_json(form_definition)
-    if status == HumanInputFormStatus.WAITING:
-        return AskHumanResumeOutcome(repause=_rebuild_pause(definition=definition, form_id=form_id, node_id=node_id))
-
-    result_status = _FORM_STATUS_TO_RESULT.get(status, "unavailable")
-    if result_status != "submitted":
-        return AskHumanResumeOutcome(deferred_result=AskHumanToolResult(status=result_status))
-    return AskHumanResumeOutcome(
-        deferred_result=AskHumanToolResult(
-            status="submitted",
-            action=_selected_action(selected_action_id=selected_action_id, definition=definition),
-            values=_submitted_values(submitted_data),
-            rendered_content=rendered_content,
-        )
-    )
-
-
-def build_deferred_tool_results(*, tool_call_id: str, result: AskHumanToolResult) -> DeferredToolResultsPayload:
-    """Wrap an ask_human result as the deferred-tool-results payload for resume."""
-    return DeferredToolResultsPayload(calls={tool_call_id: result.model_dump(mode="json")})
-
-
-def _submitted_values(submitted_data: str | None) -> dict[str, JsonValue]:
-    if not submitted_data:
-        return {}
-    parsed = json.loads(submitted_data)
-    if not isinstance(parsed, dict):
-        return {}
-    return {str(key): value for key, value in parsed.items()}
-
-
-def _selected_action(*, selected_action_id: str | None, definition: FormDefinition) -> AskHumanSelectedAction | None:
-    if selected_action_id is None:
-        return None
-    # The form's user_action title is the verbatim ask_human action label set at
-    # form-build time; fall back to the id only if the action is somehow missing.
-    label = next(
-        (action.title for action in definition.user_actions if action.id == selected_action_id),
-        selected_action_id,
-    )
-    return AskHumanSelectedAction(id=selected_action_id, label=label)
-
-
-def _rebuild_pause(*, definition: FormDefinition, form_id: str, node_id: str) -> HumanInputRequired:
-    return HumanInputRequired(
-        form_id=form_id,
-        form_content=definition.rendered_content or definition.form_content,
-        inputs=list(definition.inputs),
-        actions=list(definition.user_actions),
-        node_id=node_id,
-        node_title=definition.node_title or node_id,
-        resolved_default_values=dict(definition.default_values),
-    )
-
-
-__all__ = [
-    "AskHumanResumeOutcome",
-    "build_deferred_tool_results",
-    "map_form_to_outcome",
-    "resolve_ask_human_form",
-]
--- a/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py
+++ b/api/core/workflow/nodes/agent_v2/runtime_feature_manifest.py
@ -18,15 +18,13 @@ SUPPORTED_AGENT_BACKEND_FEATURES = frozenset(
        # ENG-623: exposed at runtime as the dify.drive declaration layer
        # (an index the agent pulls through the back proxy).
        "skills_files",
-        # ENG-635: human involvement is exposed at runtime as the dify.ask_human
-        # deferred tool; a call pauses via the existing HITL form mechanism.
-        "human",
    }
 )

 RESERVED_AGENT_BACKEND_FEATURES = frozenset(
    {
        "knowledge",
+        "human",
        "memory",
    }
 )
@ -87,7 +85,6 @@ def build_runtime_feature_manifest(
    reserved_status["tools.cli_tools"] = "supported_by_shell_bootstrap"
    reserved_status["env"] = "supported_by_shell_bootstrap"
    reserved_status["sandbox"] = "forwarded_to_shell_layer_config"
-    reserved_status["human"] = "supported_by_ask_human_hitl" if agent_soul.human.contacts else "not_configured"

    return {
        "supported": sorted(SUPPORTED_AGENT_BACKEND_FEATURES),
--- a/api/core/workflow/nodes/agent_v2/runtime_request_builder.py
+++ b/api/core/workflow/nodes/agent_v2/runtime_request_builder.py
@ -5,7 +5,6 @@ from dataclasses import dataclass
 from typing import Any, Literal, Protocol, assert_never, cast

 from agenton.compositor import CompositorSessionSnapshot
-from dify_agent.layers.ask_human import DifyAskHumanLayerConfig
 from dify_agent.layers.drive import (
    DifyDriveFileConfig,
    DifyDriveLayerConfig,
@ -23,7 +22,7 @@ from dify_agent.layers.shell import (
    DifyShellSandboxConfig,
    DifyShellSecretRefConfig,
 )
-from dify_agent.protocol import CreateRunRequest, DeferredToolResultsPayload
+from dify_agent.protocol import CreateRunRequest
 from pydantic import BaseModel

 from clients.agent_backend import (
@ -104,9 +103,6 @@ class WorkflowAgentRuntimeBuildContext:
    # idempotency key so the backend treats each retry as a fresh request.
    attempt: int = 0
    session_snapshot: CompositorSessionSnapshot | None = None
-    # ENG-638: set when resuming after a submitted ask_human HITL form; threads
-    # the human's answer back into the second Agent run keyed by tool_call_id.
-    deferred_tool_results: DeferredToolResultsPayload | None = None


@dataclass(frozen=True, slots=True)
@ -221,11 +217,9 @@ class WorkflowAgentRuntimeRequestBuilder:
                output=self._build_output_config(node_job.declared_outputs),
                tools=tools_layer,
                drive_config=drive_config,
-                ask_human_config=build_ask_human_layer_config(agent_soul),
                include_shell=dify_config.AGENT_SHELL_ENABLED,
                shell_config=build_shell_layer_config(agent_soul),
                session_snapshot=context.session_snapshot,
-                deferred_tool_results=context.deferred_tool_results,
                idempotency_key=self._idempotency_key(context),
                metadata=metadata,
            )
@ -502,20 +496,6 @@ def build_shell_layer_config(agent_soul: AgentSoulConfig) -> DifyShellLayerConfi
    )


-def build_ask_human_layer_config(agent_soul: AgentSoulConfig) -> DifyAskHumanLayerConfig | None:
-    """Enable the dify.ask_human deferred tool when the soul configures human involvement.
-
-    HITL is opt-in: only when at least one human contact is configured does the
-    model get the ``ask_human`` tool (recipients for the resulting form come from
-    those contacts, ENG-635). Returns ``None`` to leave the tool off entirely.
-    The tool/field guardrails use the layer defaults; ``human.tools`` semantics are
-    out of scope this round.
-    """
-    if not agent_soul.human.contacts:
-        return None
-    return DifyAskHumanLayerConfig()
-
-
 def append_runtime_warnings(metadata: dict[str, Any], warnings: list[dict[str, str]]) -> None:
    """Merge build-time warnings into the metadata runtime-support manifest."""
    if not warnings:
--- a/api/core/workflow/nodes/agent_v2/session_store.py
+++ b/api/core/workflow/nodes/agent_v2/session_store.py
@ -47,20 +47,12 @@ class StoredWorkflowAgentSession:
    session_snapshot: CompositorSessionSnapshot
    backend_run_id: str | None
    runtime_layer_specs: list[RuntimeLayerSpec] = field(default_factory=list)
-    # ENG-637: set while the session is paused on a dify.ask_human deferred call.
-    pending_form_id: str | None = None
-    pending_tool_call_id: str | None = None


 class WorkflowAgentRuntimeSessionStore:
    """Stores Agent backend session snapshots for workflow Agent node re-entry."""

    def load_active_snapshot(self, scope: WorkflowAgentSessionScope) -> CompositorSessionSnapshot | None:
-        stored = self.load_active_session(scope)
-        return stored.session_snapshot if stored is not None else None
-
-    def load_active_session(self, scope: WorkflowAgentSessionScope) -> StoredWorkflowAgentSession | None:
-        """Load the active session row including any pending ask_human correlation."""
        if scope.workflow_run_id is None:
            return None

@ -77,14 +69,7 @@ class WorkflowAgentRuntimeSessionStore:
            )
            if row is None:
                return None
-            return StoredWorkflowAgentSession(
-                scope=scope,
-                session_snapshot=CompositorSessionSnapshot.model_validate_json(row.session_snapshot),
-                backend_run_id=row.backend_run_id,
-                runtime_layer_specs=_deserialize_specs(row.composition_layer_specs),
-                pending_form_id=row.pending_form_id,
-                pending_tool_call_id=row.pending_tool_call_id,
-            )
+            return CompositorSessionSnapshot.model_validate_json(row.session_snapshot)

    def list_active_sessions(self, *, workflow_run_id: str) -> list[StoredWorkflowAgentSession]:
        with session_factory.create_session() as session:
@ -124,8 +109,6 @@ class WorkflowAgentRuntimeSessionStore:
        backend_run_id: str,
        snapshot: CompositorSessionSnapshot | None,
        runtime_layer_specs: list[RuntimeLayerSpec],
-        pending_form_id: str | None = None,
-        pending_tool_call_id: str | None = None,
    ) -> None:
        if scope.workflow_run_id is None or snapshot is None:
            return
@ -158,8 +141,6 @@ class WorkflowAgentRuntimeSessionStore:
                    session_snapshot=snapshot_json,
                    composition_layer_specs=specs_json,
                    status=WorkflowAgentRuntimeSessionStatus.ACTIVE,
-                    pending_form_id=pending_form_id,
-                    pending_tool_call_id=pending_tool_call_id,
                )
                session.add(row)
            else:
@ -170,9 +151,6 @@ class WorkflowAgentRuntimeSessionStore:
                row.composition_layer_specs = specs_json
                row.status = WorkflowAgentRuntimeSessionStatus.ACTIVE
                row.cleaned_at = None
-                # Set (or clear, when omitted) the ask_human pause correlation.
-                row.pending_form_id = pending_form_id
-                row.pending_tool_call_id = pending_tool_call_id
            session.commit()

    def mark_cleaned(self, *, scope: WorkflowAgentSessionScope, backend_run_id: str | None = None) -> None:
--- a/api/extensions/ext_celery.py
+++ b/api/extensions/ext_celery.py
@ -153,7 +153,6 @@ def init_app(app: DifyApp) -> Celery:
        "tasks.trigger_processing_tasks",  # async trigger processing
        "tasks.generate_summary_index_task",  # summary index generation
        "tasks.regenerate_summary_index_task",  # summary index regeneration
-        "tasks.app_generate.resume_agent_app_task",  # ENG-635: Agent v2 chat ask_human resume
    ]
    day = dify_config.CELERY_BEAT_SCHEDULER_TIME

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Stephen Zhou	b7cb4927f5	chore: exclude api and dify-agent from fmt	2026-06-15 18:02:36 +08:00
Stephen Zhou	7d33794853	style: apply vp fmt baseline	2026-06-15 17:51:17 +08:00
Stephen Zhou	996148697e	chore: align fmt and lint boundaries	2026-06-15 17:51:16 +08:00
autofix-ci[bot]	af852a8176	[autofix.ci] apply automated fixes	2026-06-15 09:29:53 +00:00
Stephen Zhou	7ae49bacba	chore: remove stale stylistic disables	2026-06-15 17:24:49 +08:00
Stephen Zhou	e81a5ba3a8	chore: align fmt ignore patterns	2026-06-15 17:15:18 +08:00
Stephen Zhou	f0df9ee016	chore: simplify antfu formatting config	2026-06-15 17:10:54 +08:00
autofix-ci[bot]	0531ffaeba	[autofix.ci] apply automated fixes	2026-06-15 09:04:10 +00:00
Stephen Zhou	230faff872	style: apply vp fmt to tooling files	2026-06-15 16:59:40 +08:00
Stephen Zhou	b078c75ccf	chore: route formatting through vp fmt	2026-06-15 16:59:27 +08:00