lfx-nightly 0.2.1.dev7__py3-none-any.whl → 0.3.0.dev3__py3-none-any.whl

lfx/schema/message.py

@@ -12,10 +12,11 @@ from uuid import UUID
 from fastapi.encoders import jsonable_encoder
 from langchain_core.load import load
 from langchain_core.messages import AIMessage, BaseMessage, HumanMessage, SystemMessage, ToolMessage
-from langchain_core.prompts.chat import BaseChatPromptTemplate, ChatPromptTemplate
-from langchain_core.prompts.prompt import PromptTemplate
 from pydantic import BaseModel, ConfigDict, Field, ValidationError, field_serializer, field_validator
 
+if TYPE_CHECKING:
+    from langchain_core.prompts.chat import BaseChatPromptTemplate
+
 from lfx.base.prompts.utils import dict_values_to_string
 from lfx.log.logger import logger
 from lfx.schema.content_block import ContentBlock
@@ -26,12 +27,33 @@ from lfx.schema.properties import Properties, Source
 from lfx.schema.validators import timestamp_to_str, timestamp_to_str_validator
 from lfx.utils.constants import MESSAGE_SENDER_AI, MESSAGE_SENDER_NAME_AI, MESSAGE_SENDER_NAME_USER, MESSAGE_SENDER_USER
 from lfx.utils.image import create_image_content_dict
+from lfx.utils.mustache_security import safe_mustache_render
 
 if TYPE_CHECKING:
     from lfx.schema.dataframe import DataFrame
 
 
 class Message(Data):
+    """Message schema for Langflow.
+
+    Message ID Semantics:
+    - Messages only have an ID after being stored in the database
+    - Messages that are skipped (via Component._should_skip_message) will NOT have an ID
+    - Always use get_id(), has_id(), or require_id() methods to safely access the ID
+    - Never access message.id directly without checking if it exists first
+
+    Safe ID Access Patterns:
+    - Use get_id() when ID may or may not exist (returns None if missing)
+    - Use has_id() to check if ID exists before operations that require it
+    - Use require_id() when ID is required (raises ValueError if missing)
+
+    Example:
+        message_id = message.get_id()  # Safe: returns None if no ID
+        if message.has_id():
+            # Safe to use message_id
+            do_something_with_id(message_id)
+    """
+
     model_config = ConfigDict(arbitrary_types_allowed=True)
     # Helper class to deal with image data
     text_key: str = "text"
@@ -266,24 +288,35 @@ class Message(Data):
         prompt_json = prompt.to_json()
         return cls(prompt=prompt_json)
 
-    def format_text(self):
-        prompt_template = PromptTemplate.from_template(self.template)
+    def format_text(self, template_format="f-string"):
+        if template_format == "mustache":
+            # Use our secure mustache renderer
+            variables_with_str_values = dict_values_to_string(self.variables)
+            formatted_prompt = safe_mustache_render(self.template, variables_with_str_values)
+            self.text = formatted_prompt
+            return formatted_prompt
+        # Use langchain's template for other formats
+        from langchain_core.prompts.prompt import PromptTemplate
+
+        prompt_template = PromptTemplate.from_template(self.template, template_format=template_format)
         variables_with_str_values = dict_values_to_string(self.variables)
         formatted_prompt = prompt_template.format(**variables_with_str_values)
         self.text = formatted_prompt
         return formatted_prompt
 
     @classmethod
-    async def from_template_and_variables(cls, template: str, **variables):
+    async def from_template_and_variables(cls, template: str, template_format: str = "f-string", **variables):
         # This method has to be async for backwards compatibility with versions
         # >1.0.15, <1.1
-        return cls.from_template(template, **variables)
+        return cls.from_template(template, template_format=template_format, **variables)
 
     # Define a sync version for backwards compatibility with versions >1.0.15, <1.1
     @classmethod
-    def from_template(cls, template: str, **variables):
+    def from_template(cls, template: str, template_format: str = "f-string", **variables):
+        from langchain_core.prompts.chat import ChatPromptTemplate
+
         instance = cls(template=template, variables=variables)
-        text = instance.format_text()
+        text = instance.format_text(template_format=template_format)
         message = HumanMessage(content=text)
         contents = []
         for value in variables.values():
@@ -314,6 +347,50 @@ class Message(Data):
 
         return DataFrame(data=[self])
 
+    def get_id(self) -> str | UUID | None:
+        """Safely get the message ID.
+
+        Returns:
+            The message ID if it exists, None otherwise.
+
+        Note:
+            A message only has an ID if it has been stored in the database.
+            Messages that are skipped (via _should_skip_message) will not have an ID.
+        """
+        return getattr(self, "id", None)
+
+    def has_id(self) -> bool:
+        """Check if the message has an ID.
+
+        Returns:
+            True if the message has an ID, False otherwise.
+
+        Note:
+            A message only has an ID if it has been stored in the database.
+            Messages that are skipped (via _should_skip_message) will not have an ID.
+        """
+        message_id = getattr(self, "id", None)
+        return message_id is not None
+
+    def require_id(self) -> str | UUID:
+        """Get the message ID, raising an error if it doesn't exist.
+
+        Returns:
+            The message ID.
+
+        Raises:
+            ValueError: If the message does not have an ID.
+
+        Note:
+            Use this method when an ID is required for the operation.
+            For optional ID access, use get_id() instead.
+        """
+        message_id = getattr(self, "id", None)
+        if message_id is None:
+            msg = "Message does not have an ID. Messages only have IDs after being stored in the database."
+            raise ValueError(msg)
+        return message_id
+
 
 class DefaultModel(BaseModel):
     model_config = ConfigDict(

lfx/schema/workflow.py

@@ -0,0 +1,171 @@
+"""Workflow execution schemas for V2 API."""
+
+from __future__ import annotations
+
+from enum import Enum
+from typing import Any, Literal
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class JobStatus(str, Enum):
+    """Job execution status."""
+
+    QUEUED = "queued"
+    IN_PROGRESS = "in_progress"
+    COMPLETED = "completed"
+    FAILED = "failed"
+    ERROR = "error"
+
+
+class ErrorDetail(BaseModel):
+    """Error detail schema."""
+
+    error: str
+    code: str | None = None
+    details: dict[str, Any] | None = None
+
+
+class ComponentOutput(BaseModel):
+    """Component output schema."""
+
+    type: str = Field(..., description="Type of the component output (e.g., 'message', 'data', 'tool', 'text')")
+    component_id: str
+    status: JobStatus
+    content: Any | None = None
+    metadata: dict[str, Any] | None = None
+
+
+class GlobalInputs(BaseModel):
+    """Global inputs that apply to all input components in the workflow."""
+
+    input_value: str | None = Field(None, description="The input value to send to input components")
+    input_type: str = Field("chat", description="The type of input (chat, text, etc.)")
+    session_id: str | None = Field(None, description="Session ID for conversation continuity")
+
+
+class WorkflowExecutionRequest(BaseModel):
+    """Request schema for workflow execution."""
+
+    background: bool = False
+    stream: bool = False
+    flow_id: str
+    inputs: dict[str, Any] | None = Field(
+        None, description="Inputs with 'global' key for global inputs and component IDs for component-specific tweaks"
+    )
+
+    model_config = ConfigDict(
+        json_schema_extra={
+            "examples": [
+                {
+                    "background": False,
+                    "stream": False,
+                    "flow_id": "flow_67ccd2be17f0819081ff3bb2cf6508e60bb6a6b452d3795b",
+                    "inputs": {
+                        "global": {
+                            "input_value": "Hello, how can you help me today?",
+                            "input_type": "chat",
+                            "session_id": "session-123",
+                        },
+                        "llm_component": {"temperature": 0.7, "max_tokens": 100},
+                        "opensearch_component": {"opensearch_url": "https://opensearch:9200"},
+                    },
+                },
+                {
+                    "background": True,
+                    "stream": False,
+                    "flow_id": "flow_67ccd2be17f0819081ff3bb2cf6508e60bb6a6b452d3795b",
+                    "inputs": {"global": {"input_value": "Process this in the background", "input_type": "text"}},
+                },
+                {
+                    "background": False,
+                    "stream": True,
+                    "flow_id": "flow_67ccd2be17f0819081ff3bb2cf6508e60bb6a6b452d3795b",
+                    "inputs": {"chat_component": {"text": "Stream this conversation"}},
+                },
+            ]
+        },
+        extra="forbid",
+    )
+
+
+class WorkflowExecutionResponse(BaseModel):
+    """Synchronous workflow execution response."""
+
+    flow_id: str
+    job_id: str
+    object: Literal["response"] = "response"
+    created_timestamp: str
+    status: JobStatus
+    errors: list[ErrorDetail] = []
+    inputs: dict[str, Any] = {}
+    outputs: dict[str, ComponentOutput] = {}
+    metadata: dict[str, Any] = {}
+
+
+class WorkflowJobResponse(BaseModel):
+    """Background job response."""
+
+    job_id: str
+    created_timestamp: str
+    status: JobStatus
+    errors: list[ErrorDetail] = []
+
+
+class WorkflowStreamEvent(BaseModel):
+    """Streaming event response."""
+
+    type: str
+    run_id: str
+    timestamp: int
+    raw_event: dict[str, Any]
+
+
+class WorkflowStopRequest(BaseModel):
+    """Request schema for stopping workflow."""
+
+    job_id: str
+    force: bool = Field(default=False, description="Force stop the workflow")
+
+
+class WorkflowStopResponse(BaseModel):
+    """Response schema for stopping workflow."""
+
+    job_id: str
+    status: Literal["stopped", "stopping", "not_found", "error"]
+    message: str
+
+
+# OpenAPI response definitions
+WORKFLOW_EXECUTION_RESPONSES = {
+    200: {
+        "description": "Workflow execution response",
+        "content": {
+            "application/json": {
+                "schema": {
+                    "oneOf": [
+                        WorkflowExecutionResponse.model_json_schema(),
+                        WorkflowJobResponse.model_json_schema(),
+                    ]
+                }
+            },
+            "text/event-stream": {
+                "schema": WorkflowStreamEvent.model_json_schema(),
+                "description": "Server-sent events for streaming execution",
+            },
+        },
+    }
+}
+
+WORKFLOW_STATUS_RESPONSES = {
+    200: {
+        "description": "Workflow status response",
+        "content": {
+            "application/json": {"schema": WorkflowExecutionResponse.model_json_schema()},
+            "text/event-stream": {
+                "schema": WorkflowStreamEvent.model_json_schema(),
+                "description": "Server-sent events for streaming status",
+            },
+        },
+    }
+}

lfx/services/deps.py

@@ -24,6 +24,7 @@ if TYPE_CHECKING:
         SettingsServiceProtocol,
         StorageServiceProtocol,
         TracingServiceProtocol,
+        TransactionServiceProtocol,
         VariableServiceProtocol,
     )
 
@@ -118,6 +119,17 @@ def get_tracing_service() -> TracingServiceProtocol | None:
     return get_service(ServiceType.TRACING_SERVICE)
 
 
+def get_transaction_service() -> TransactionServiceProtocol | None:
+    """Retrieves the transaction service instance.
+
+    Returns the transaction service for logging component executions.
+    Returns None if no transaction service is registered.
+    """
+    from lfx.services.schema import ServiceType
+
+    return get_service(ServiceType.TRANSACTION_SERVICE)
+
+
 async def get_session():
     msg = "get_session is deprecated, use session_scope instead"
     logger.warning(msg)

lfx/services/interfaces.py

@@ -3,7 +3,7 @@
 from __future__ import annotations
 
 from abc import abstractmethod
-from typing import TYPE_CHECKING, Any, Protocol
+from typing import TYPE_CHECKING, Any, Protocol, runtime_checkable
 
 if TYPE_CHECKING:
     import asyncio
@@ -106,3 +106,45 @@ class TracingServiceProtocol(Protocol):
     def log(self, message: str, **kwargs) -> None:
         """Log tracing information."""
         ...
+
+
+@runtime_checkable
+class TransactionServiceProtocol(Protocol):
+    """Protocol for transaction logging service.
+
+    This service handles logging of component execution transactions,
+    tracking inputs, outputs, and status of each vertex build.
+    """
+
+    @abstractmethod
+    async def log_transaction(
+        self,
+        flow_id: str,
+        vertex_id: str,
+        inputs: dict[str, Any] | None,
+        outputs: dict[str, Any] | None,
+        status: str,
+        target_id: str | None = None,
+        error: str | None = None,
+    ) -> None:
+        """Log a transaction record for a vertex execution.
+
+        Args:
+            flow_id: The flow ID (as string)
+            vertex_id: The vertex/component ID
+            inputs: Input parameters for the component
+            outputs: Output results from the component
+            status: Execution status (success/error)
+            target_id: Optional target vertex ID
+            error: Optional error message
+        """
+        ...
+
+    @abstractmethod
+    def is_enabled(self) -> bool:
+        """Check if transaction logging is enabled.
+
+        Returns:
+            True if transaction logging is enabled, False otherwise.
+        """
+        ...

lfx/services/schema.py

@@ -19,3 +19,4 @@ class ServiceType(str, Enum):
     JOB_QUEUE_SERVICE = "job_queue_service"
     SHARED_COMPONENT_CACHE_SERVICE = "shared_component_cache_service"
     MCP_COMPOSER_SERVICE = "mcp_composer_service"
+    TRANSACTION_SERVICE = "transaction_service"

lfx/services/settings/auth.py

@@ -1,14 +1,33 @@
 import secrets
+from enum import Enum
 from pathlib import Path
 from typing import Literal
 
 from passlib.context import CryptContext
-from pydantic import Field, SecretStr, field_validator
+from pydantic import Field, SecretStr, field_validator, model_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
 from lfx.log.logger import logger
 from lfx.services.settings.constants import DEFAULT_SUPERUSER, DEFAULT_SUPERUSER_PASSWORD
-from lfx.services.settings.utils import read_secret_from_file, write_secret_to_file
+from lfx.services.settings.utils import (
+    derive_public_key_from_private,
+    generate_rsa_key_pair,
+    read_secret_from_file,
+    write_public_key_to_file,
+    write_secret_to_file,
+)
+
+
+class JWTAlgorithm(str, Enum):
+    """JWT signing algorithm options."""
+
+    HS256 = "HS256"
+    RS256 = "RS256"
+    RS512 = "RS512"
+
+    def is_asymmetric(self) -> bool:
+        """Return True if this algorithm uses asymmetric (public/private key) cryptography."""
+        return self in (JWTAlgorithm.RS256, JWTAlgorithm.RS512)
 
 
 class AuthSettings(BaseSettings):
@@ -16,10 +35,22 @@ class AuthSettings(BaseSettings):
     CONFIG_DIR: str
     SECRET_KEY: SecretStr = Field(
         default=SecretStr(""),
-        description="Secret key for JWT. If not provided, a random one will be generated.",
+        description="Secret key for JWT (used with HS256). If not provided, a random one will be generated.",
+        frozen=False,
+    )
+    PRIVATE_KEY: SecretStr = Field(
+        default=SecretStr(""),
+        description="RSA private key for JWT signing (RS256/RS512). Auto-generated if not provided.",
         frozen=False,
     )
-    ALGORITHM: str = "HS256"
+    PUBLIC_KEY: str = Field(
+        default="",
+        description="RSA public key for JWT verification (RS256/RS512). Derived from private key if not provided.",
+    )
+    ALGORITHM: JWTAlgorithm = Field(
+        default=JWTAlgorithm.HS256,
+        description="JWT signing algorithm. Use RS256 or RS512 for asymmetric signing (recommended for production).",
+    )
     ACCESS_TOKEN_EXPIRE_SECONDS: int = 60 * 60  # 1 hour
     REFRESH_TOKEN_EXPIRE_SECONDS: int = 60 * 60 * 24 * 7  # 7 days
 
@@ -138,3 +169,63 @@ class AuthSettings(BaseSettings):
             logger.debug("Saved secret key")
 
         return value if isinstance(value, SecretStr) else SecretStr(value).get_secret_value()
+
+    @model_validator(mode="after")
+    def setup_rsa_keys(self):
+        """Generate or load RSA keys when using RS256/RS512 algorithm."""
+        if not self.ALGORITHM.is_asymmetric():
+            return self
+
+        config_dir = self.CONFIG_DIR
+        private_key_value = self.PRIVATE_KEY.get_secret_value() if self.PRIVATE_KEY else ""
+
+        if not config_dir:
+            # No config dir - generate keys in memory if not provided
+            if not private_key_value:
+                logger.debug("No CONFIG_DIR provided, generating RSA keys in memory")
+                private_key_pem, public_key_pem = generate_rsa_key_pair()
+                object.__setattr__(self, "PRIVATE_KEY", SecretStr(private_key_pem))
+                object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+            elif not self.PUBLIC_KEY:
+                # Derive public key from private key
+                public_key_pem = derive_public_key_from_private(private_key_value)
+                object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+            return self
+
+        private_key_path = Path(config_dir) / "private_key.pem"
+        public_key_path = Path(config_dir) / "public_key.pem"
+
+        if private_key_value:
+            # Private key provided via env var - save it and derive public key
+            logger.debug("RSA private key provided")
+            write_secret_to_file(private_key_path, private_key_value)
+
+            if not self.PUBLIC_KEY:
+                public_key_pem = derive_public_key_from_private(private_key_value)
+                object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+                write_public_key_to_file(public_key_path, public_key_pem)
+        # No private key provided - load from file or generate
+        elif private_key_path.exists():
+            logger.debug("Loading RSA keys from files")
+            private_key_pem = read_secret_from_file(private_key_path)
+            object.__setattr__(self, "PRIVATE_KEY", SecretStr(private_key_pem))
+
+            if public_key_path.exists():
+                public_key_pem = public_key_path.read_text(encoding="utf-8")
+                object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+            else:
+                # Derive public key from private key
+                public_key_pem = derive_public_key_from_private(private_key_pem)
+                object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+                write_public_key_to_file(public_key_path, public_key_pem)
+        else:
+            # Generate new RSA key pair
+            logger.debug("Generating new RSA key pair")
+            private_key_pem, public_key_pem = generate_rsa_key_pair()
+            write_secret_to_file(private_key_path, private_key_pem)
+            write_public_key_to_file(public_key_path, public_key_pem)
+            object.__setattr__(self, "PRIVATE_KEY", SecretStr(private_key_pem))
+            object.__setattr__(self, "PUBLIC_KEY", public_key_pem)
+            logger.debug("RSA key pair generated and saved")
+
+        return self

lfx/services/settings/base.py

@@ -313,6 +313,10 @@ class Settings(BaseSettings):
     """If set to True, Langflow will start the agentic MCP server that provides tools for
     flow/component operations, template search, and graph visualization."""
 
+    # Developer API
+    developer_api_enabled: bool = False
+    """If set to True, Langflow will enable developer API endpoints for advanced debugging and introspection."""
+
     # Public Flow Settings
     public_flow_cleanup_interval: int = Field(default=3600, gt=600)
     """The interval in seconds at which public temporary flows will be cleaned up.

lfx/services/settings/utils.py

@@ -1,9 +1,74 @@
 import platform
 from pathlib import Path
 
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
+
 from lfx.log.logger import logger
 
 
+class RSAKeyError(Exception):
+    """Exception raised when RSA key operations fail."""
+
+
+def derive_public_key_from_private(private_key_pem: str) -> str:
+    """Derive a public key from a private key PEM string.
+
+    Args:
+        private_key_pem: The private key in PEM format.
+
+    Returns:
+        str: The public key in PEM format.
+
+    Raises:
+        RSAKeyError: If the private key is invalid or cannot be processed.
+    """
+    try:
+        private_key = load_pem_private_key(private_key_pem.encode(), password=None)
+        return (
+            private_key.public_key()
+            .public_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PublicFormat.SubjectPublicKeyInfo,
+            )
+            .decode("utf-8")
+        )
+    except Exception as e:
+        msg = f"Failed to derive public key from private key: {e}"
+        logger.error(msg)
+        raise RSAKeyError(msg) from e
+
+
+def generate_rsa_key_pair() -> tuple[str, str]:
+    """Generate an RSA key pair for RS256 JWT signing.
+
+    Returns:
+        tuple[str, str]: A tuple of (private_key_pem, public_key_pem) as strings.
+    """
+    private_key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=2048,
+    )
+
+    private_key_pem = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption(),
+    ).decode("utf-8")
+
+    public_key_pem = (
+        private_key.public_key()
+        .public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        )
+        .decode("utf-8")
+    )
+
+    return private_key_pem, public_key_pem
+
+
 def set_secure_permissions(file_path: Path) -> None:
     if platform.system() in {"Linux", "Darwin"}:  # Unix/Linux/Mac
         file_path.chmod(0o600)
@@ -38,3 +103,20 @@ def write_secret_to_file(path: Path, value: str) -> None:
 
 def read_secret_from_file(path: Path) -> str:
     return path.read_text(encoding="utf-8")
+
+
+def write_public_key_to_file(path: Path, value: str) -> None:
+    """Write a public key to file with appropriate permissions (0o644).
+
+    Public keys can be readable by others but should only be writable by owner.
+
+    Args:
+        path: The file path to write to.
+        value: The public key content.
+    """
+    path.write_text(value, encoding="utf-8")
+    try:
+        if platform.system() in {"Linux", "Darwin"}:
+            path.chmod(0o644)
+    except Exception:  # noqa: BLE001
+        logger.exception("Failed to set permissions on public key file")

lfx/services/transaction/__init__.py

@@ -0,0 +1,5 @@
+"""Transaction service module for lfx."""
+
+from lfx.services.transaction.service import NoopTransactionService
+
+__all__ = ["NoopTransactionService"]

lfx/services/transaction/service.py

@@ -0,0 +1,35 @@
+"""Transaction service implementations for lfx."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from lfx.services.interfaces import TransactionServiceProtocol
+
+
+class NoopTransactionService(TransactionServiceProtocol):
+    """No-operation transaction service for standalone lfx mode.
+
+    This service is used when lfx runs without a concrete transaction
+    service implementation (e.g., without langflow). All operations
+    are no-ops and transaction logging is disabled.
+    """
+
+    async def log_transaction(
+        self,
+        flow_id: str,
+        vertex_id: str,
+        inputs: dict[str, Any] | None,
+        outputs: dict[str, Any] | None,
+        status: str,
+        target_id: str | None = None,
+        error: str | None = None,
+    ) -> None:
+        """No-op implementation of transaction logging.
+
+        In standalone mode, transactions are not persisted.
+        """
+
+    def is_enabled(self) -> bool:
+        """Transaction logging is disabled in noop mode."""
+        return False

lfx/utils/constants.py

@@ -71,6 +71,7 @@ DIRECT_TYPES = [
     "float",
     "Any",
     "prompt",
+    "mustache",
     "code",
     "NestedDict",
     "table",