Replace the .auto_managed.json sidecar with a .auto_managed/ marker
directory. Tracked version names now come from real single-component
dirents, removing the untrusted-input parsing, path-traversal checks,
and rmtree boundary guards that the JSON design required.
Also fix the dead Optional handling in _prune_auto_managed_versions,
extract _ensure_release_downloaded to drop the download_succeeded flag,
and reuse _provider_dir in init_frontend_unsafe.
Amp-Thread-ID: https://ampcode.com/threads/T-019eb879-1e6f-77aa-abb3-4d229d18061f
Co-authored-by: Amp <amp@ampcode.com>
Addresses review feedback on the auto-managed metadata helpers:
- json.load() on the metadata file can return non-dict values (e.g. a
bare list or a string); guard the root type before calling .get().
- A tampered or hand-edited .auto_managed.json could contain entries
like '../escape'. The previous code happily fed those into rmtree.
Filter such entries out at both read time and write time so they
never reach disk or cleanup, and add a belt-and-suspenders path
containment check in _prune_auto_managed_versions that requires the
resolved target to live strictly under the resolved provider dir.
Old ComfyUI_frontend releases pulled in via --front-end-version
<repo>@latest were never removed, causing web_custom_versions/ to
grow unbounded (one user reported 5.11 GB).
When the user requests an auto-resolving specifier (@latest or
@prerelease), record which concrete version was materialized in a
small .auto_managed.json next to the per-provider folders. On a
subsequent auto-managed run, prune any previously-tracked folder
that is no longer the current one. Explicitly pinned versions
(e.g. @v1.46.0) are left alone, and if a user explicitly pins a
version that had previously been downloaded under @latest, it is
promoted out of the auto-managed set so it survives future cleanup.
Adds installed and required workflow templates version information to the
/system_stats endpoint, allowing the frontend to detect and notify users
when their templates package is outdated.
- Add get_installed_templates_version() and get_required_templates_version()
methods to FrontendManager
- Include templates version info in system_stats response
- Add comprehensive unit tests for the new functionality
* Added the parameter required_frontend_version in the /system_stats api response
* Update server.py
* Created a function get_required_frontend_version and wrote tests for it
* Refactored the function to return currently installed frontend pacakage version
* Moved required_frontend to a new function and imported that in server.py
* Corrected test cases using mocking techniques
* Corrected files to comply with ruff formatting
* Add frontend manager
* Add tests
* nit
* Add unit test to github CI
* Fix path
* nit
* ignore
* Add logging
* Install test deps
* Remove 'stable' keyword support
* Update test
* Add web-root arg
* Rename web-root to front-end-root
* Add test on non-exist version number
* Use repo owner/name to replace hard coded provider list
* Inline cmd args
* nit
* Fix unit test
