- approval gate now honors latest review state per reviewer; a reviewer
who later submits CHANGES_REQUESTED or has their approval dismissed no
longer counts as approved. Plain COMMENTED follow-ups don't override
an existing approval (matches GitHub's own behavior).
- success summary links to the tag's tree URL instead of /releases/tag/,
which would 404 because this workflow creates an annotated git tag,
not a GitHub Release object.
The workflow now does its own gating rather than trusting the operator
to pre-stage a clean candidate, and creates the version-bump commit
itself so the candidate branch can be a pure cherry-pick chain.
Operator flow (changed):
- Locally cherry-pick the backport commits onto the previous stable
tag. NO version-bump commit.
- Push the candidate branch and open a PR against `master`.
- Wait for CI green; get an APPROVED review from a user listed in the
repo variable `STABLE_RELEASE_APPROVERS`.
- Run the workflow with `source_branch` = candidate branch.
Workflow now verifies, in order:
1. `source_branch` matches a safe ref-name regex.
2. `STABLE_RELEASE_APPROVERS` repo variable is configured.
3. Latest stable tag = highest semver `vX.Y.Z`; next version is
`last_tag_patch + 1` (computed; no longer a workflow input).
4. Source branch exists on origin; target release branch and tag
do NOT exist (refuse to overwrite).
5. Branch is rooted at the latest stable tag:
* tag is an ancestor of source HEAD,
* `merge-base(source, master) == tag commit` (no master commits
sneaked in via merge/rebase),
* no merge commits in `tag..source` (linear cherry-picks only).
6. Version files on the candidate still equal the previous tag's
version (operator must NOT include a version bump). Read via
`git show | python3 -c '...'` so candidate code is never executed,
and `comfyui_version.py` is statically AST-parsed for `__version__`.
7. PR for the source branch exists, targets master, head SHA matches
the candidate, has an APPROVED review on that exact SHA from an
allow-listed user (stale approvals on older commits don't count),
and all check-runs / commit-statuses on the SHA are success /
neutral / skipped. `mergeable_state` is intentionally not used —
backport branches by definition aren't "up-to-date with master".
After all gates pass, the workflow creates the version-bump commit
itself (edits `pyproject.toml` + `comfyui_version.py` via stdlib regex,
commits as `github-actions[bot]`), then atomically pushes
`release/v<version>` + `v<version>` annotated tag using
`RELEASE_BOT_TOKEN`.
Kept from the previous revision: atomic ref push, `persist-credentials:
false` checkout, AST-based version-file parse (never `exec()`), all
inputs flow through `env:` vars (no command injection), `dry_run`
short-circuits the push step, pre-flight existence checks, step summary
linking to `release-stable-all.yml`.
Verified end-to-end against Kosinkadink/ComfyUI with sentinel `v0.99.99`
→ `v0.99.100`: dry-run passed all 11 steps; real run created
`release/v0.99.100` + `v0.99.100` atomically. Negative cases for the
approval gate and version-file gate also exercised.
* initial WanDancer support
* nodes_wandancer: Add list form of chunker.
Create an alternate list form of the node so the chunk gens can be
trivially looped by the comfy executor.
* Closer match to original soxr resampling
* Remove librosa node
* Cleanup
---------
Co-authored-by: Rattus <rattus128@gmail.com>
* Add description field to all blueprint subgraphs
Sets the 'description' field on every subgraph blueprint node,
which will show on the node preview and tooltip. Covers all 51
blueprint files under blueprints/.
* Update blueprint descriptions with researched model info
* Refine blueprint descriptions with researched model specs from docs
Updates subgraph descriptions across all 51 blueprints with accurate
model details drawn from ComfyUI docs, including:
- Flux.1 Dev: 12B open-weights, Pro-level quality
- Flux.2 Klein 4B: fastest Flux, distilled architecture
- Qwen-Image: 20B MMDiT, multilingual text rendering
- Z-Image-Turbo: distilled 6B DiT, sub-second inference
- LTX-2/2.3: 19B DiT audio-video foundation model
- Wan2.2: open-source, 14B/1.3B variants
- ACE-Step 1.5: ~1s full-song generation
- GPU shader nodes consistently labeled as fragment shaders
* Strip marketing fluff and license info from descriptions
* Fix Canny to Video (LTX 2.0) description
* Remove 'local-' prefix from subgraph names
* Preserve UTF-8 encoding in JSON files (ensure_ascii=False)
* Apply review suggestions from alexisrolland
- Rename 'Image to Model (Hunyuan3d 2.1)' -> 'Image to 3D Model (Hunyuan3d 2.1)'
- Rename 'Image Upscale(Z-image-Turbo)' -> 'Image Upscale (Z-image-Turbo)'
- Rename 'Video Inpaint(Wan2.1 VACE)' -> 'Video Inpaint (Wan 2.1 VACE)'
- Use 'Black Forest Labs' branding in Flux descriptions
- Use 'Google's Gemini' with possessive in captioning nodes
- Normalize 'Wan 2.2' and 'Wan 2.1' spacing in descriptions
* fix: revert Color Adjustment.json to preserve original GLSL shader content
Only adds the 'description' field without modifying the shader code
(which contained Unicode escape \\u2192 that should be preserved).
* Apply CodeRabbit review suggestions
- Color Adjustment: include vibrance in description
- Image Blur: expand to Gaussian/Box/Radial modes
- Flux.2 Klein 4B: narrow to image edit only (no T2I)
- NetaYume Lumina: correct model base (Neta Lumina, not Lumina-Next)
---------
Co-authored-by: linmoumou <linmoumou@linmoumoudeMac-mini.local>
Co-authored-by: Daxiong (Lin) <contact@comfyui-wiki.com>
* Add cloud-runtime experiment node-schema endpoints to spec
Replace the GET operations at /api/experiment/nodes and
/api/experiment/nodes/{id} with getNodeInfoSchema and getNodeByID —
the optimized, ETag-tagged object_info schema endpoints the cloud
frontend depends on for the workflow editor.
Each operation is tagged x-runtime: [cloud] and uses the runtime-only
tag for cloud-side codegen exclusion. Response headers document the
ETag and Cache-Control validators; 304 Not Modified is declared for
RFC 7232 conditional GETs.
Remove the now-unused CloudNodeList schema to keep Spectral clean.
Co-authored-by: Matt Miller <MillerMedia@users.noreply.github.com>
* spec: document If-None-Match header on conditional GET endpoints
Both `getNodeInfoSchema` and `getNodeByID` advertise `ETag` response
headers and a `304 Not Modified` response, but the spec didn't declare
the `If-None-Match` request header that triggers conditional validation.
Adding it as an optional header parameter on both ops so client codegen
exposes the conditional-GET pattern.
- security: pass all inputs via env vars (no command injection)
- security: validate ref names against safe charset
- bug: use robust dry_run check (handle bool and 'true'/'false' string)
- robustness: combine branch+tag push into single atomic operation
- robustness: add set -euo pipefail to Configure git identity step
Amp-Thread-ID: https://ampcode.com/threads/T-019e042d-d972-7559-b462-6e838c2da164
Co-authored-by: Amp <amp@ampcode.com>
* Add cloud-runtime FE-facing operations to openapi.yaml
Add ~67 cloud-runtime FE-facing path operations to the core OpenAPI spec,
each tagged with x-runtime: [cloud] at the operation level. These operations
are served by the cloud runtime; the local runtime returns 404 for all of
these paths.
Domain groups added:
- Jobs / prompts: /api/job/*, /api/jobs/*/cancel, /api/prompt/*, etc.
- History v2: /api/history_v2, /api/history_v2/{prompt_id}
- Cloud logs: /api/logs
- Asset extensions: /api/assets/download, export, import, etc.
- Custom nodes: /api/experiment/nodes (cloud install/uninstall)
- Hub: /api/hub/profiles, /api/hub/workflows, /api/hub/labels, etc.
- Workflows: /api/workflows CRUD, versioning, fork, publish
- Auth/session: /api/auth/session, /api/auth/token, /.well-known/jwks.json
- Billing: /api/billing/balance, plans, subscribe, topup, etc.
- Workspace: /api/workspace/*, /api/workspaces/*
- User/settings/misc: /api/user, /api/secrets, /api/feedback, etc.
Also adds corresponding cloud-only component schemas (CloudJob, CloudWorkflow,
BillingPlan, Workspace, HubProfile, AuthSession, etc.), all tagged with
x-runtime: [cloud].
Spectral lint passes under the existing ruleset with zero new warnings.
* Add job_id field to Asset schema and deprecate prompt_id (#13736)
- Add job_id as a nullable UUID field to the Asset schema
- Mark prompt_id as deprecated with note pointing to job_id
- No x-runtime tag needed as both runtimes populate the field
* Add hash field to Asset schemas and deprecate asset_hash (#13738)
- Add 'hash' as a nullable string field to Asset and AssetUpdated schemas
- Mark 'asset_hash' as deprecated with a note pointing to 'hash'
- AssetCreated inherits 'hash' via allOf from Asset
- Spectral lint clean (no new warnings)
* Fix method drift on cloud-runtime endpoints
Three PUT operations were added that should be PATCH (cloud serves
PATCH for partial updates):
- /api/workflows/{workflow_id}
- /api/workspaces/{id}
- /api/workspace/members/{userId}
Two POST operations were added that should be GET (cloud serves GET
with query params):
- /api/assets/remote-metadata (url moves to query param)
- /api/files/mask-layers (response shape replaced — operation queries
related mask layer filenames, not file uploads)
* Add missing cloud-runtime operations and schemas
PR review surfaced operations the cloud runtime serves that weren't
covered by the initial spec push, plus one path family missed entirely.
New methods on existing paths:
- /api/auth/session: add POST (create session cookie) and DELETE (logout)
- /api/secrets/{id}: add GET (read metadata) and PATCH (update)
- /api/hub/profiles: add POST (create profile)
- /api/hub/workflows: add POST (publish to hub)
- /api/hub/workflows/{share_id}: add DELETE (unpublish)
- /api/workspaces/{id}: add DELETE (soft-delete workspace)
- /api/workspace/members/{user_id}/api-keys: add DELETE (bulk revoke)
- /api/workflows/{workflow_id}/versions: add POST (create new version)
- /api/userdata/{file}/publish: add GET (read publish info)
New path family:
- /api/tasks (GET list) and /api/tasks/{task_id} (GET detail) for the
background task framework
New component schemas (all tagged x-runtime: [cloud]):
CreateSessionResponse, DeleteSessionResponse, UpdateSecretRequest,
BulkRevokeAPIKeysResponse, CreateHubProfileRequest, PublishHubWorkflowRequest,
HubWorkflowDetail, AssetInfo, CreateWorkflowVersionRequest,
WorkflowVersionResponse, WorkflowPublishInfo, TaskEntry, TaskResponse,
TasksListResponse. Existing SecretMeta extended with provider and
last_used_at fields the cloud runtime actually returns.
New tag: task. Spectral lint passes with zero errors.
* Add job_id and prompt_id to AssetUpdated schema
Mirrors the Asset schema's deprecation pattern: prompt_id is marked
deprecated with a description pointing to job_id; job_id is the new
preferred field. PUT /api/assets/{id} responses can now carry both fields
consistent with the other Asset-returning endpoints.
* feat: add width and height fields to Asset schema (#13745)
Add nullable integer fields 'width' and 'height' to the Asset schema
in openapi.yaml. These expose original image dimensions in pixels for
clients that need pre-thumbnail size info. Both fields are null for
non-image assets or assets ingested before dimension extraction.
Co-authored-by: Matt Miller <MillerMedia@users.noreply.github.com>
* Remove /api/job/{job_id} and /api/job/{job_id}/outputs
These two paths are not actually served by the cloud runtime — they
return 404 with a redirect message pointing callers to the canonical
`/api/jobs/{job_id}` (plural). Declaring them with `x-runtime: [cloud]`
and a 200 response schema is incorrect.
`/api/job/{job_id}/status` stays — it is a real cloud-served endpoint.
Also drops the now-orphaned `CloudJob` and `CloudJobOutputs` component
schemas. `CloudJobStatus` is retained.
* feat(api-nodes): new NanoBanana2 node with DynamicCombo/Autogrow
Signed-off-by: bigcat88 <bigcat88@icloud.com>
* feat: improved status text on uploading
Signed-off-by: bigcat88 <bigcat88@icloud.com>
* feat: improved status text on uploading (2)
Signed-off-by: bigcat88 <bigcat88@icloud.com>
---------
Signed-off-by: bigcat88 <bigcat88@icloud.com>
* Update language options in nodes_ace.py
Modified it to include all 51 language options ace-step1.5 supports instead of the original 23 comfyui had.
* re-arrange list by popularity
changed order of the languages to be ordered by popularity
en is default
unknown is last
* Update comfy_extras/nodes_ace.py
get_save_image_path now properly supports filenames without
trailing underscores.
This will be the saving behavior when using a mix of save image nodes using the old and the new format.
ComfyUI_00001_.png
ComfyUI_00002.png
ComfyUI_00003.png
ComfyUI_00004_.png
* feat: add cloud-specific fields to OSS openapi.yaml as nullable
Add cross-runtime fields with x-runtime: [cloud] extension and [cloud-only]
description prefix per the convention established in BE-613. All new fields
are nullable and not in required arrays, so they are purely additive.
/api/features response:
- max_upload_size (integer, int64)
- free_tier_credits (integer, int32)
- posthog_api_host (string, uri)
- max_concurrent_jobs (integer, int32)
- workflow_templates_version (string)
- workflow_templates_source (string, enum)
PromptRequest schema:
- workflow_id (string, uuid)
- workflow_version_id (string, uuid)
POST /api/assets:
- id field (uuid) on multipart/form-data for idempotent creation
- application/json alternate content-type for URL-based uploads
POST /api/assets/from-hash:
- mime_type (string) to preserve type without re-inspection
PUT /api/assets/{id}:
- mime_type (string) for overriding auto-detection
GET /api/assets additional query parameters:
- job_ids (string) — filter by associated job UUIDs
- include_public (boolean) — include workspace-public assets
- asset_hash (string) — filter by exact content hash
Resolves: BE-613
Blocks: BE-364, BE-361, BE-363
Co-authored-by: Matt Miller <MillerMedia@users.noreply.github.com>
* fix(openapi): address CodeRabbit feedback (BE-613)
- max_upload_size is set in both runtimes via SERVER_FEATURE_FLAGS;
drop the cloud-only / nullable tagging.
- Require `url` on the application/json POST /api/assets body so the
contract is enforceable by validators and codegen.
---------
Co-authored-by: Matt Miller <MillerMedia@users.noreply.github.com>
* Add Spectral lint CI gate for openapi.yaml
Adds a blocking Spectral lint check that runs on PRs touching
openapi.yaml or the ruleset itself. The ruleset mirrors the one used
for other Comfy-Org service specs: spectral:oas plus conventions for
snake_case properties, camelCase operationIds, and response/schema
shape. Gate runs at --fail-severity=error, which the spec currently
passes with zero errors (a small number of non-blocking
warnings/hints remain for WebSocket 101 responses, the existing loose
error schema, and two snake_case wire fields).
* ci: set least-privilege contents:read permissions on openapi-lint workflow
Per CodeRabbit review on #13410. The job only checks out the repo and
runs Spectral, so contents:read is sufficient and avoids inheriting any
permissive repo/org default token scope.
---------
Co-authored-by: guill <jacob.e.segal@gmail.com>
Add missing 'attachment;' directive to Content-Disposition headers in
server.py to ensure browsers properly download files instead of
attempting to display them inline.
Fixes 4 instances in the file download endpoint.
Co-authored-by: guill <jacob.e.segal@gmail.com>
* chore: update workflow templates to v0.9.69
* Update comfyui-workflow-templates to version 0.9.70
* Downgrade comfyui-workflow-templates to 0.9.69
---------
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
