mirror of
https://github.com/Comfy-Org/ComfyUI-Manager.git
synced 2026-06-23 00:09:25 +08:00
e4c5401dd5
Some checks are pending
Python Linting / Run Ruff (push) Waiting to run
* feat(security): add dedicated install flags decoupled from security_level Gate 'install via git URL' and 'install via pip' with dedicated opt-in boolean flags (allow_git_url_install / allow_pip_install) in config.ini [default], fully replacing the security_level term on those surfaces (REPLACE, not AND — a strict level no longer denies when the flag is on; a weak level no longer allows when the flag is off). - glob/manager_server.py: pure predicate is_dedicated_install_allowed (flag AND loopback, request-time args.listen); REPLACE gates at /customnode/install/git_url and /customnode/install/pip; batch unknown-URL arm routes through the same full predicate at the risky position (loopback term is load-bearing — the middle entry gate has no network-position term; the entry gate itself stays in force); unknown-pip in batch stays unconditionally blocked; new SECURITY_MESSAGE_FLAG_* denial constants name the responsible flag; security_403_response gains flag_token (comfyui_outdated keeps precedence) - glob/manager_core.py: register both keys (read via get_bool default-false, write list, exception fallback); "true"-only truthy; restart-only activation - js/common.js: 403 dialog copy names the responsible flag at the two install call sites - README.md: security-policy docs for both flags (per-surface scope incl. the batch entry-gate qualifier, REPLACE decoupling, loopback bound, opt-in config snippet, default-deny + migration note); stale tier lists corrected against the actual gates - CHANGELOG.md: opt-in migration note + accepted residual risk (flags bypass the forced-strong outdated-ComfyUI hardening on loopback, opt-in only), decoupling claim qualified for the batch entry gate Tests: unit suite (predicate truth table, REPLACE litmus both directions, AST binding-proofs against live handlers, subprocess-isolated config contract) plus a real-server E2E suite that mounts the Manager-under-test via git worktree (exact-SHA pin, detached) against a real ComfyUI and exercises both flag surfaces and both arms — deny arms (403 + flag-naming body/log + no install artifact), git-URL allow arm (real clone), pip allow arm as a two-phase reservation oracle — with zero-residual self-clean. Module skips without E2E_COMFYUI_ROOT; unit suite unaffected. The manager-v4 branch ships the identical policy (shared invariants + config contract); this tree uses the degraded predicate 'flag AND loopback' (no personal_cloud-equivalent mode here). * bump version to v3.41 |
||
|---|---|---|
| .. | ||
| cm_global.py | ||
| cnr_utils.py | ||
| git_utils.py | ||
| manager_core.py | ||
| manager_downloader.py | ||
| manager_migration.py | ||
| manager_server.py | ||
| manager_util.py | ||
| node_package.py | ||
| README.md | ||
| security_check.py | ||
| share_3rdparty.py | ||
ComfyUI-Manager: Core Backend (glob)
This directory contains the Python backend modules that power ComfyUI-Manager, handling the core functionality of node management, downloading, security, and server operations.
Core Modules
- manager_core.py: The central implementation of management functions, handling configuration, installation, updates, and node management.
- manager_server.py: Implements server functionality and API endpoints for the web interface to interact with the backend.
- manager_downloader.py: Handles downloading operations for models, extensions, and other resources.
- manager_util.py: Provides utility functions used throughout the system.
Specialized Modules
- cm_global.py: Maintains global variables and state management across the system.
- cnr_utils.py: Helper utilities for interacting with the custom node registry (CNR).
- git_utils.py: Git-specific utilities for repository operations.
- node_package.py: Handles the packaging and installation of node extensions.
- security_check.py: Implements the multi-level security system for installation safety.
- share_3rdparty.py: Manages integration with third-party sharing platforms.
Architecture
The backend follows a modular design pattern with clear separation of concerns:
- Core Layer: Manager modules provide the primary API and business logic
- Utility Layer: Helper modules provide specialized functionality
- Integration Layer: Modules that connect to external systems
Security Model
The system implements a comprehensive security framework with multiple levels:
- Block: Highest security - blocks most remote operations
- High: Allows only specific trusted operations
- Middle: Standard security for most users
- Normal-: More permissive for advanced users
- Weak: Lowest security for development environments
Implementation Details
- The backend is designed to work seamlessly with ComfyUI
- Asynchronous task queuing is implemented for background operations
- The system supports multiple installation modes
- Error handling and risk assessment are integrated throughout the codebase
API Integration
The backend exposes a REST API via manager_server.py that enables:
- Custom node management (install, update, disable, remove)
- Model downloading and organization
- System configuration
- Snapshot management
- Workflow component handling