Team pricing was yearly-only (slider). Per PRD: GA Team Billing the team
plan has both cycles; monthly halves the yearly discount (0/2.5/5/7.5/10%
vs 0/5/10/15/20%). Ungate the cycle toggle for team, thread the cycle into
CreditSlider, and switch the CTA/billed line by cycle.
## What
Implements **B2 — Complete the billing facade** from the FE
billing-divergence survey. Adds the members missing from the shared
`BillingContext` so components stop bypassing `useBillingContext` with
raw `workspaceApi` calls.
Part of the billing convergence plan — **FE-904** (parent **FE-903**).
## Why this PR — an *enabling* refactor (near-zero standalone user
value)
On its own B2 changes no endpoint and is user-invisible (see
**Behavioral impact**). Its entire purpose is to be the **prerequisite**
that unblocks the rest of the convergence — it gives the facade a single
entry point and the missing capability/state surface that the next
levers depend on:
- **Unblocks B3 — repoint direct-bypass consumers (the next PR; a live
bug fix).** `SubscribeButton` (`current_tier`) and
`PostHogTelemetryProvider` (the `subscription_tier` person property)
currently read the **legacy** `useSubscription` tier, so the value is
**stale/empty for team users today** (telemetry + analytics are wrong
right now). They can only be repointed to a correct, workspace-aware
tier by sourcing it from the facade — which requires the **`tier`** (and
`renewalDate`, for `FreeTierDialog`) fields **this PR adds**. Without B2
there is literally no facade `tier` to read.
- **Unblocks B6 — orientation banners.** The 6 billing-state banners
need `billingStatus` / `subscriptionStatus`, exposed here.
- **Unblocks B1 — dispatcher flip (personal → workspace path).** B1 can
only collapse the personal/team fork once (a) every billing operation
flows through the facade — no raw `workspaceApi` bypass left — and (b)
the facade actually supports `resubscribe`/`topup`. This PR removes the
last bypasses and completes the action surface so the unified personal
path will work. (B1 itself stays gated on the BE-DATA unification.)
## Changes
- **Contract** (`composables/billing/types.ts`): `BillingActions` gains
`resubscribe()` and `topup(amountCents)`; `BillingState` gains
`billingStatus`, `subscriptionStatus`, `tier`, `renewalDate`. Exported
`BillingStatus`, `BillingSubscriptionStatus`, `CreateTopupResponse` from
`workspaceApi`.
- **Workspace adapter** (`useWorkspaceBilling`): real wiring —
`workspaceApi.resubscribe()` / `createTopup()`, surfaces
`statusData.billing_status` / `subscription_status` /
`subscription_tier` / `renewal_date`.
- **Legacy adapter** (`useLegacyBilling`): equivalents — `resubscribe` =
fresh checkout via `useSubscription`; `topup` converts **cents →
dollars** through `purchaseCredits`; `billingStatus` = `null` (no legacy
concept); `subscriptionStatus` synthesized from active/cancelled flags.
- **Dispatcher** (`useBillingContext`): proxies the new members.
- **Orphaned callers migrated** off raw `workspaceApi`:
- `SubscriptionPanelContentWorkspace.vue` → `resubscribe()`
- `useSubscriptionCheckout.ts` → `resubscribe()`
- `TopUpCreditsDialogContentWorkspace.vue` → `topup(amountCents)`
## Notes
- **Unit divergence absorbed:** the facade standardizes `topup` on
**cents**; the legacy adapter converts to dollars for
`/customers/credit`.
- **FE-only, no backend dependency** — safe to merge/deploy standalone;
independent of the B1 dispatcher flip (which is gated on the BE-DATA
unification).
## Behavioral impact (verified — safe to merge/deploy standalone)
This is a structural refactor: **endpoints, request payloads, and fetch
counts are unchanged**, and there is **no user-visible change** on
OSS/Desktop or Cloud-personal.
- **OSS / Desktop** (`teamWorkspacesEnabled` off): no change. The only
B2 code that runs is the eager `useAuthActions()` in `useLegacyBilling`
setup — side-effect-free, and already instantiated transitively via
`useSubscription` today. New computeds are lazy with zero readers; new
legacy `resubscribe`/`topup` are never invoked (their callers are
team-only surfaces).
- **Cloud personal**: no change. The migrated handlers are structurally
unreachable on the legacy path (dialog/panel variant gating,
`isCancelled` gated to `!isInPersonalWorkspace`).
- **Cloud team**: same endpoints/payloads/refresh counts. **One
intentional behavioral nuance:** routing `resubscribe`/`topup` through
the facade now toggles the shared `useBillingContext().isLoading` flag
during the call (the previous raw `workspaceApi` calls did not). This is
deliberate — it aligns these two with every other facade action
(`subscribe`, `cancelSubscription`, …). Net effect is at most a brief
loading-indicator flicker in the subscription panel; no change to
network, ordering, or state correctness.
> Follow-up (pre-existing, out of scope): **FE-932** — a completed
top-up refreshes balance but not status, so `subscription.hasFunds` can
be briefly stale. Predates B2 (`main` did balance-only too); to be fixed
with B6.
> Import-cycle note: this closes `useBillingContext → useLegacyBilling →
useAuthActions → useBillingContext`. It is module-eval safe — every
cross-cycle call is at composable-runtime, none at module top level.
## Verification
- `vue-tsc --noEmit`: clean.
- `oxlint --type-aware` on touched files: 0 errors / 0 warnings.
- Runtime no-op confirmed by an adversarial code-path review across the
3 build targets (OSS / Cloud-personal / Cloud-team).
- eslint + unit tests: deferred to CI.
Survey: **FE Billing API Divergence — Personal vs Team Workspace**
(Notion) — notes D4, P6, T1, E7, E9.
> Draft: opened for early review of the facade shape and the
legacy-equivalent semantics (esp. legacy `resubscribe` = fresh checkout,
and the cents/dollars conversion).
---------
Co-authored-by: Alexander Brown <drjkl@comfy.org>
## ELI-5
After you click Continue on the sign-in consent page, the page sends
your browser back to the app that asked. Our safety check only knew
about web-style addresses (`http://...`), so when the iOS app — whose
return address looks like `org.comfy.ios://...` — finished sign-in, the
page refused to deliver and showed "OAuth request failed." The fix:
instead of the page keeping a list of address styles it trusts, it now
asks the backend "what return address did this app register?" and goes
exactly there or nowhere. Truly dangerous addresses (ones that run code
in the page) stay banned outright.
## Problem
The consent success handler hard-allowlists `http(s)` for the
post-consent redirect (`oauthApi.ts`). That covers the loopback
redirects `comfy-desktop`/`comfy-cli` register, but rejects RFC 8252
reverse-DNS custom schemes — the callback shape native-app OAuth clients
use.
Live failure (prod, 2026-06-11, first `comfy-ios` sign-in test): user
approves consent → backend persists consent, consumes the auth request,
and mints an authorization code for `org.comfy.ios://oauth-callback` →
frontend throws `'unsafe scheme'` → user sees the generic **"OAuth
request failed"** → the code expires unused 60s later. Verified
end-to-end in the prod DB.
## Fix (final design — binding, not scheme lists)
Bind the post-consent navigation to the **challenge's registered
`redirect_uri`** (scheme + authority + path equality; the server only
appends `code`/`state` query params to the registered URI). The backend
supplies that field per-request — Comfy-Org/cloud#4230 — so the frontend
carries **zero per-client knowledge**: registering a future native
client is a backend-only change.
Layers:
1. **Executable-scheme denylist**
(`javascript:`/`data:`/`blob:`/`vbscript:`/`about:`) — unconditional;
the actual XSS line.
2. **Registration binding** when `challenge.redirect_uri` is present —
also rejects wrong-client redirects, which no scheme policy could.
3. **http(s)-only fallback** when the challenge doesn't surface
`redirect_uri` (older backend) — preserves today's behavior; the two PRs
can land in either order, but iOS sign-in needs both.
Also per the earlier review pass: navigation uses the parsed URL
(parser/sink consistency), malformed URLs throw structured errors,
single-navigation asserted.
## History
This PR went through three designs: dotted-scheme heuristic → four-lab
adversarial review (68 findings, Opus-judge consolidated) flagged the
heuristic as bypassable → exact scheme allowlist → product feedback
(hardcoding per-client schemes in shared frontend code doesn't scale and
shouldn't exist for non-product test apps) → registration binding, which
the review panel had independently flagged as the strongest option.
41/41 oauth tests passing.
## Tests
- Navigates: bound custom-scheme redirect
(`org.comfy.ios://oauth-callback?code=…` vs registered
`org.comfy.ios://oauth-callback`), http loopback (legacy fallback)
- Rejects: unbound custom scheme (fallback), wrong-client redirect
(`com.evil.app://…` vs registered iOS URI), path mutation, executable
schemes even when 'registered', malformed URLs
Related: BE-1341, BE-1350, Comfy-Org/cloud#4230.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
When performing mode toggle operations (like bypass or mute) with a
group (the colored rectangles) selected, nodes contained within the
group will be considered selected and will have their state toggled.
<img width="1024" height="1024" alt="AnimateDiff_00002"
src="https://github.com/user-attachments/assets/c4e9db17-3fe8-4fd8-9012-0e9a0bc59707"
/>
Team subscribe previously dead-ended in a 'coming soon' toast at the
pricing table. It now advances to the DES-197 confirm step, rendered
display-only from the selected slider stop ({usd, credits}) via a
teamPlan prop on SubscriptionAddPaymentPreviewWorkspace — team perks in
the expandable features list, credits/month under the price, total due
today from the stop. The final subscribe CTA stays stubbed until the BE
slider contract lands (doc Open Q#2).
The current-plan column was fixed at w-[250px], squeezing the new-plan
column against the right edge and wrapping its start date (the Creator
side misalignment). Both columns are now flex-1 around a fixed arrow,
matching the Figma two-column grid.
Also restructures the middle section to the DES-197 layout — 'Every
month starting {date}' header with 'Credits refill to' and 'You'll be
charged' rows — and extracts the terms-agreement note into
SubscriptionTermsNote, now shown on both confirm screens.
## Summary
Cleanup of the website download button: deduplicate the label lookup in
`DownloadLocalButton.vue`, and export a `Platform` domain type from
`useDownloadUrl` so the button spec, icon map, and analytics all consume
it instead of loose `string`s.
## Changes
- **What**:
- Hoist `t('download.hero.downloadLocal', locale)` into a single `label`
computed, reused by the fallback aria-labels and the button text
(previously evaluated in two places)
- Export `Platform` (`'windows' | 'mac'`) from `useDownloadUrl`;
`ButtonSpec.key`, the `ICONS` map (`Record<Platform, string>`), and
`captureDownloadClick` now consume it — adding a platform without an
icon becomes a compile error, and typo'd platform names can't reach
PostHog
- Drop the redundant `aria-hidden="true"` on the icon (`alt=""` already
marks it decorative)
## Review Focus
`ppformula-text-center` on the icon is intentionally kept — it is
positional (`position: relative; top: 0.19em`), not typographic, and
keeps the icon aligned with the optically-shifted PP Formula text.
No behavior change.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary
- Rebrand "Comfy Local" → "Comfy Desktop" across all user-facing copy on
`apps/website`. The nav already showed "Comfy Desktop"; this pulls the
rest of the site in line.
- Updates the homepage product card, the `/cloud` page FAQ + pricing
copy, the `/download` page SEO title/keywords, and matching Storybook
stories. Both `en` and `zh-CN`.
- Internal identifiers left untouched (i18n key names, the
`src/components/product/local/` folder, the `Product = 'local' | …` type
discriminator, and the `media.comfy.org/website/local/*` CDN paths).
## Test plan
- [ ] `pnpm --filter @comfyorg/website dev` and visually verify:
- [ ] `/` — product card section reads "Comfy Desktop" / "SEE DESKTOP
FEATURES"
- [ ] `/cloud` (en + zh-CN) — every FAQ "Local" reference now reads
"Comfy Desktop"
- [ ] `/download` — page `<title>` and meta keywords show new values
- [ ] Nav + footer still read "Comfy Desktop" / "DOWNLOAD DESKTOP"
(unchanged)
- [ ] `pnpm --filter @comfyorg/website test:e2e -- navigation.spec.ts`
passes
- [ ] Storybook: `Website/Common/ProductCard` and
`Website/Common/FooterLinkColumn` render with new labels
- [ ] Regenerate any screenshot baselines that snapshot the homepage
product cards or the `/cloud` FAQ section
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: github-actions <github-actions@github.com>
## Summary
Simplifies the Swap Nodes error card as the fourth slice of the
catalog/error-tab presentation refactor, aligning it with the newer
compact error-row patterns while preserving the existing replace and
locate behavior.
This follows the staged rollout plan from the earlier error-tab PRs:
1. #12683 refined execution-style errors: validation, runtime, and
prompt errors.
2. #12705 simplified missing media errors into flat, locatable rows.
3. #12735 simplified missing node pack errors and aligned grouped-row
behavior.
4. This PR applies the same simplification pass to Swap Nodes errors.
5. A later PR is expected to handle Missing Models, which is larger and
intentionally kept separate.
After the Missing Models slice lands, a follow-up consistency PR will
normalize the shared row/disclosure pattern across Missing Node Packs,
Swap Nodes, and Missing Models together. That follow-up will cover
parameterized i18n labels for disclosure controls, shared text-button
styling, and consistent disclosure semantics/accessibility across those
grouped rows.
## Changes
- **What**: Reworks the Swap Nodes card rows so each replacement group
is presented as a compact row with the source node type, replacement
target, replace action, and locate action.
- **What**: For a single affected node, the visible row label can be
clicked to locate the node, matching the interaction model used by the
newer missing-media and missing-node rows.
- **What**: For multiple affected nodes with the same replacement
target, the group renders a count badge and a disclosure row. Expanding
the group shows the affected node rows, each with its own locate action.
- **What**: Removes the old node-id badge path from Swap Nodes rows.
Node-id badges remain available to the other error cards that still own
that behavior.
- **What**: Keeps replacement behavior unchanged: per-group replacement
and replace-all still call through the existing node replacement store
flow.
- **What**: Adds regression coverage for the new grouped-row UI,
including same-type grouping in both Vue Nodes and LiteGraph render
modes.
- **Breaking**: None.
- **Dependencies**: None.
## Review Focus
Please focus on the Swap Nodes presentation and interaction symmetry
with the previous error-tab PRs:
- Single-node groups should remain directly locatable via the row label
and the locate icon.
- Multi-node groups should expose the count and expand/collapse behavior
without adding duplicate focusable disclosure controls.
- The visible row labels intentionally keep their own accessible names,
while the separate locate icon uses the generic `Locate node on canvas`
accessible name. This mirrors the established pattern from the previous
slices.
- The newly added Playwright fixture covers two same-type replaceable
nodes so duplicate group keys and grouped disclosure behavior are
exercised end-to-end.
## Validation
- `pnpm format`
- `pnpm test:unit
src/platform/nodeReplacement/components/SwapNodeGroupRow.test.ts`
- `pnpm test:browser:local browser_tests/tests/nodeReplacement.spec.ts
--project=chromium`
- Pre-commit hook: lint-staged, stylelint, oxfmt, oxlint, eslint, `pnpm
typecheck`, `pnpm typecheck:browser`
- Pre-push hook: `pnpm knip --cache`
- Additional parallel code review pass completed locally; no blocker or
major issues remained.
## Screenshots (if applicable)
This PR
<img width="561" height="362" alt="스크린샷 2026-06-11 오전 3 46 06"
src="https://github.com/user-attachments/assets/65395467-6c2f-4aa1-84c5-3d9614c00c80"
/>
old (Main)
<img width="611" height="798" alt="스크린샷 2026-06-11 오전 3 46 32"
src="https://github.com/user-attachments/assets/3862d5df-f839-40c0-9488-ce64b051378e"
/>
## Summary
Every `VirtualGrid` consumer (assets sidebar, manager dialog, widget
select dropdown) is blind to discrete mouse-wheel scrolling:
`useScroll`'s `throttle: 64` never reports scroll position, so the
virtualization window stays frozen — users see blank space below the
first viewport of items and `approach-end` (infinite scroll) never
fires. Trackpad scrolling masks the bug by emitting events faster than
the throttle window.
## Changes
- **What**: drop the `throttle` option from `useScroll` in `VirtualGrid`
and remove the `scrollThrottle` prop (no consumer passes it). Scroll
events are frame-aligned and the handler is cheap, so the throttle
bought nothing even when it worked.
- **Root cause**: VueUse ≥14 `throttleFilter` with `leading=false` (what
`useScroll` uses) marks spaced-out events as executed without executing
them — each event re-arms an `isLeading` restore timer that makes the
next event skip its invoke, and the trailing branch is unreachable when
`elapsed > duration`. Regression of vueuse#2390; still present on vueuse
`main`.
## Review Focus
- Verified live against staging: with the throttle, sidebar scrolled to
`scrollTop` 1250 while `scrollY` stayed 0 and the render window stayed
at `[0..3)` of 27 (blank viewport); with this fix, `scrollY` tracks 1:1
and the window advances. Bare-vs-throttled `useScroll` compared
side-by-side on the same element to isolate the cause.
- Unblocks wheel-scroll for #12780's dropdown infinite scroll with no
changes there.
- Fixes FE-990
🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary
The rebranded `favicon.ico` renders with **opaque white corners** in
browsers — the rounded mark shows white slivers around its corners on
any background. This is a decode bug, not a design issue: the ICO
contains **BMP-format frames** whose alpha channel Chrome (and other
consumers) mishandle. Verified by loading the raw `.ico` in headless
Chrome on a dark page: corners render white instead of transparent.
Every surface that consumes the `.ico` directly shows the artifact —
Google search results, connector icon scraping, raw image views — while
browser tabs look fine because they prefer the SVG favicon.
## Changes
- **What**: Re-encode `apps/website/public/favicon.ico` and
`public/assets/favicon.ico` with **PNG-format ICO frames** (16/32/48).
PNG frames carry unambiguous alpha and decode correctly in all modern
browsers.
- **No design change**: identical rounded artwork, same transparency,
same sizes and filenames. SVG, PNGs, apple-touch-icon, and manifest
icons are untouched.
- **Breaking**: none.
## Review Focus
- Headless-Chrome verified: the old ico renders white corners on a dark
page; the re-encoded one renders transparent corners. (Comparison in PR
comments.)
- PNG-in-ICO is supported by all modern browsers and Google's favicon
pipeline.
- After merge, please add `needs-backport` + `cloud/1.45` so
cloud.comfy.org's copy gets the same fix.
## Screenshots (if applicable)
---------
Co-authored-by: GitHub Action <action@github.com>
Adds `comfy_usage_source: 'comfyui-frontend'` to the prompt body's
`extra_data`. The backend forwards this to API nodes' upstream requests
via the `Comfy-Usage-Source` header, so partner node API usage can be
attributed to the frontend.
Used in https://github.com/Comfy-Org/ComfyUI/pull/14404
Reads `system.deploy_environment` from `/system_stats` (added in
Comfy-Org/ComfyUI#14402) and sends it as the `Comfy-Env` header when
fetching `/releases`, matching the header name the backend already uses
for outbound API node requests. The header is omitted when the backend
doesn't report the field, so older backends are unaffected.
Note: api.comfy.org must allow `Comfy-Env` in
`Access-Control-Allow-Headers` for the CORS preflight to pass.
## ELI-5
When the app needs *all* the assets for a tag (like every input image),
it asks the server for them one page at a time. Today it says "give me
page starting at item #500" (offset paging). If items get added or
removed while it's flipping through, pages shift and it can show the
same thing twice or skip something.
This switches to "give me the page *after this bookmark*" (cursor
paging). The server now hands back a `next_cursor` bookmark with each
page; we pass it to fetch the next one. Bookmarks don't slip when the
list changes underneath, so the walk is stable and drift-free.
## What
Migrates the full-walk asset pager (`getAllAssetsByTag`) from offset to
keyset (`after` / `next_cursor`) pagination, now that the list-assets
endpoint exposes a cursor contract in the generated types.
- `handleAssetRequest` accepts an `after` cursor and sends it instead of
`offset` when present (the server ignores `offset` alongside a cursor)
- `getAllAssetsByTag` resumes each page from the prior response's
`next_cursor`, and terminates when `has_more` is false or `next_cursor`
is omitted
- `next_cursor` is exposed on the asset response schema; `after` is
threaded through `getAssetsByTag` / `getAssetsPageByTag` for
cursor-aware callers
- offset remains supported for random-access callers; only the full-walk
path changes
## Why
Offset pagination double-counts or skips records when the underlying set
changes mid-walk. Keyset cursors are stable under concurrent
inserts/deletes and scale better than deep offsets.
## Stacking
Based on `update-ingest-types` because the `after`/`next_cursor` types
land there first; this targets that branch and will retarget to the
default branch once it merges. Changes here touch only the asset
service/schema, disjoint from the generated types.
## Follow-ups
The asset store's bespoke offset loops (model loader, flat-output
infinite scroll) and the missing-media resolver still walk by offset;
those migrate in separate PRs.
## Tests
`assetService.test.ts` updated to assert the cursor walk, that the first
page carries neither `after` nor `offset`, that subsequent pages resume
from `next_cursor`, and that the walk halts when `next_cursor` is absent
even if `has_more` is true. Full asset/service + missing-media + store
suites pass locally (193 tests).
---------
Co-authored-by: mattmillerai <7741082+mattmillerai@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Adds a `website:download_button_clicked` PostHog event (with `platform`
property) fired when a user clicks the desktop installer download button
on comfy.org. Previously we only had `/download` pageviews as a proxy —
autocapture is not active on the website project, so these clicks were
untracked. Includes unit tests for the new capture helper.
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
## Summary
Simplify the Missing Node Packs error card so it follows the new
error-tab item-row direction, with clearer pack rows, predictable locate
behavior, and focused E2E coverage.
This is the third PR in the staged error-tab simplification plan:
1. Merged: execution/prompt/validation error presentation and catalog
grouping in #12683.
2. Merged: missing media presentation simplification in #12705.
3. This PR: missing node pack presentation simplification.
4. Planned next: swap-node presentation simplification.
5. Planned later: missing model presentation and action-flow
simplification.
## Changes
- **What**: Refactors Missing Node Packs rows so pack-level and
node-level actions are easier to scan and more consistent with the rest
of the refreshed Errors tab.
- **What**: Removes the node-id badge from missing node pack rows,
matching the simplified item-row direction.
- **What**: Makes a single-node known pack row directly locatable from
the pack label, rather than rendering an extra child row.
- **What**: Keeps multi-node packs collapsed by default, with both the
chevron and pack title toggling the child node list.
- **What**: Keeps unknown packs expanded by default, including the
single-node unknown-pack case, so users can still see the unresolved
node type immediately.
- **What**: Keeps per-node child rows clickable for locate-on-canvas
behavior when a pack contains multiple affected nodes.
- **What**: Replaces missing-node-pack action labels with shared
`g.install` and `g.search` copy and removes now-unused English locale
keys.
- **What**: Adds targeted Playwright coverage for the simplified
missing-node-pack card, including unknown-pack default rows, row-label
locate behavior, and chevron/title expansion behavior.
- **Breaking**: None.
- **Dependencies**: None.
## Review Focus
Please focus on the missing-node-pack row behavior:
- Single known pack with one affected node should stay compact and
locate the node from the pack label or locate icon.
- Known packs with multiple affected nodes should show a count, start
collapsed, and expand/collapse from either the chevron or title.
- Unknown packs should expose the affected node rows immediately,
including when there is only one affected node.
- Locate actions should remain attached to the affected node rows, not
to the parent pack when there are multiple nodes.
- The E2E fixture intentionally uses two missing nodes with the same
`cnr_id` and node sizes of `[400, 200]` to follow browser-test asset
guidance.
## Validation
- `pnpm format:check`
- `pnpm lint`
- `pnpm typecheck`
- `pnpm knip --cache` via pre-push hook
- `pnpm test:unit
src/components/rightSidePanel/errors/MissingPackGroupRow.test.ts
src/components/rightSidePanel/errors/MissingNodeCard.test.ts --run`
- `pnpm test:browser:local
browser_tests/tests/propertiesPanel/errorsTabMissingNodes.spec.ts
--project=chromium`
- Pre-commit hook: staged formatting, linting, `pnpm typecheck`, and
`pnpm typecheck:browser`
## Screenshots
This PR
<img width="531" height="598" alt="스크린샷 2026-06-10 오전 1 54 31"
src="https://github.com/user-attachments/assets/9c0addeb-92d2-4cef-a4f3-35a87bbad308"
/>
old (Main)
<img width="509" height="807" alt="스크린샷 2026-06-10 오전 1 53 51"
src="https://github.com/user-attachments/assets/b8488f73-d8ed-4356-bd4c-fc678ea205f7"
/>
## What
https://a46f3266.comfy-storybook.pages.dev/?path=/docs/components-creditslider--docs&globals=theme:dark
<img width="560" height="288" alt="cs12644_dark"
src="https://github.com/user-attachments/assets/c06b5244-d178-4fa5-8bb9-61fd8595fe9b"
/>
<img width="560" height="288" alt="cs12644_light"
src="https://github.com/user-attachments/assets/16626333-43ba-4541-bd11-faaa8513b1e8"
/>
Adds **CreditSlider** — the team-plan credit-subscription slider from
Figma **DES-197** — as a standalone presentational component. **B4
standalone slice (FE-935)**; parent **FE-934**.
## Why it can ship now (no backend dependency)
The slider's 5 stops are **locked in DES-197**, so this component is
built and reviewable independently of the (still-TBD) backend slider
contract. Wiring it into the pricing table is deferred to FE-934.
## How it works
- 5 fixed stops — **200 / 400 / 700 / 1,400 / 2,500 USD** ↔ 42,200 /
84,400 / 147,700 / 295,400 / 527,500 credits; default **$700**.
- Snap-to-stop is guaranteed by driving the shared
`src/components/ui/slider/Slider.vue` (reka-ui) in **index space**
(`:min="0" :max="4" :step="1"`) — the thumb can only land on the 5
stops, with free keyboard-arrow support + ARIA from reka-ui.
- `v-model` carries the selected **USD** value; a `change` event also
emits `{ index, usd, credits }` for the future pricing-table wiring.
- Thresholds live in a typed constant `teamPlanCreditStops.ts` (sibling
to `tierPricing.ts`), **hardcoded per DES-197** with a `TODO(FE-934)` to
source from `GET /api/billing/plans` once the BE contract lands. The
credit figures equal `usdToCredits(usd)` (rate 211); a test guards
against rate drift.
## Files
- `src/platform/cloud/subscription/components/CreditSlider.vue` (+
`CreditSlider.stories.ts`, `CreditSlider.test.ts`)
- `src/platform/cloud/subscription/constants/teamPlanCreditStops.ts`
## Verification
- `vue-tsc --noEmit`: clean.
- `oxlint --type-aware`: 0 errors / 0 warnings.
- `vitest run`: **11/11 pass** — default stop, ArrowRight/ArrowLeft snap
to the adjacent stop (never in between), `change` payload, disabled
state, BE-sourced stops override, empty `stops` renders nothing, all 5
labels render, and the credit-rate-drift guard.
## Not in scope
- Wiring into `PricingTableWorkspace` / the team-plan card (FE-934,
blocked on the BE slider contract).
- The marketing caption and card layout around the slider (parent
component's concern).
Design source: Figma **DES-197** (Team Plan / Workspaces).
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
## Summary
Bumping the ranking of native nodes to improve their discoverability
## Changes
- **What**: Updated ranking of native nodes in
`public/assets/sorted-custom-node-map.json`
## Summary
Fixes a Vue node subgraph case where the missing-model refresh flow
clears the missing-model error, but the promoted combo widget remains in
an invalid visual state because its hosted options snapshot is stale.
## Changes
- **What**: After `reloadNodeDefs()` refreshes combo option lists and
extension `refreshComboInNodes` hooks run, resync hosted options
snapshots for promoted combo widgets so Vue-rendered subgraph nodes see
the newly available model option.
- **What**: Adds a focused E2E regression for the missing-model refresh
path on a subgraph with a promoted `ckpt_name` widget.
- **What**: Hardens the E2E by cleaning up its `/object_info` route
override and asserting the widget's `aria-invalid` state rather than a
Tailwind implementation class.
- **Breaking**: None.
- **Dependencies**: None.
## Review Focus
This PR is intentionally a minimal patch for the missing-model refresh
path, not a broader subgraph architecture change.
Root cause: `reloadNodeDefs()` updates the live LiteGraph combo widget
options, including widgets inside subgraphs. However, Vue nodes render
promoted widgets from a hosted `WidgetState.options` snapshot. When a
missing model is downloaded and the missing-model refresh button reloads
node definitions, the source combo receives the updated model list, but
the promoted host snapshot can still contain the old option list. The
missing-model error and node-level state are cleared, while the Vue
combo still computes itself as invalid from stale options.
The fix keeps the existing host snapshot model intact. It simply resyncs
promoted combo host options after the normal combo refresh pipeline
finishes. This avoids changing promoted-widget ownership,
`useProcessedWidgets` merge precedence, or broader subgraph internals
while addressing the reported stale invalid state.
Why the helper is in `app.ts`: this sync is currently a single-call-site
post-step of `reloadNodeDefs()`, and the ordering is load-bearing. It
must run after the core combo refresh loop and after extension
`refreshComboInNodes` hooks so it captures both built-in and
extension-provided option changes. Keeping the small private helper next
to the refresh orchestration makes that sequence explicit and avoids
adding a new public subgraph helper or introducing a more visible
dependency cycle through `promotionUtils` for a narrow patch.
This is stacked on
`jaeone/fe-942-bug-error-indicators-persist-after-resolving-missing-model`,
so it is opened as a draft until the base PR lands.
## Test Plan
- `pnpm knip`
- `pnpm exec oxfmt --check src/scripts/app.ts
browser_tests/tests/propertiesPanel/errorsTabModeAware.spec.ts`
- `pnpm exec eslint --cache --no-warn-ignored src/scripts/app.ts
browser_tests/tests/propertiesPanel/errorsTabModeAware.spec.ts`
- `pnpm typecheck`
- `pnpm test:browser:local --grep "Refreshing a resolved promoted
missing model clears the combo invalid state"`
- First local run hit a `beforeEach` timeout while the dev server was
still warming custom-node/conflict-detection output.
- Re-running against the warmed dev server passed.
## Screenshots (if applicable)
N/A. The behavioral E2E covers the visible invalid-state regression.
## Summary
`comfy-logo-single.svg` is still the old **yellow-on-blue** (`#172DD7`)
ComfyUI mark, while the favicon and the rest of the brand have moved to
**dark `#211927` + yellow `#F2FF59`**. This refreshes it to match.
## Changes
- **What**: Pure color swap on
`public/assets/images/comfy-logo-single.svg` (`#172DD7`→`#211927`,
yellows normalized to `#F2FF59`). Geometry/mask unchanged.
- **Breaking**: none.
## Review Focus
- This logo is the **in-app header mark** (`ComfyOrgHeader.vue`) and the
**PWA/cloud manifest icon**, so it's a visible brand change across OSS +
cloud + desktop — flagging for **brand/design sign-off** before merge.
- `comfy-logo-mono.svg` (black/white) is intentionally left as-is.
## Summary
- Thread `share_id` through shared workflow open/import, link creation,
auth completion, and run success telemetry
- Persist share attribution on loaded workflows and queued jobs so
shared runs can be joined back to the source link
- Add provider support for `share_link_opened` and `shared_workflow_run`
events across telemetry backends
## Behavior notes
- `execution_success` is now keyed off the success event's own
`prompt_id` (looked up in `queuedJobs`) instead of `activeJobId`. This
fixes successes for non-active jobs being reported with the wrong job
id, but may slightly shift `execution_success` event volume: successes
for jobs this client never queued or saw start are no longer tracked.
- Share auth attribution (`share_auth` preserved query) is cleared if
the user cancels the shared workflow dialog, so only users who proceed
past the dialog have signups attributed to the share link.
## Testing
- Added and updated unit tests for shared workflow loading, link
creation, auth attribution, workflow service loading, and execution
success
- Unit tests, `pnpm test:unit`, and repository checks for formatting,
linting, and type coverage passed
## Summary
Set `include_previews: true` on bulk asset export so exported zips
include preview files, using the new option added to the cloud export
API.
## Changes
- **What**: Added `include_previews` to `AssetExportOptions` and pass
`true` from the bulk export path in `useMediaAssetActions`.
## Review Focus
Field name matches the updated cloud `AssetExportOptions` contract.
## Summary
- Adds the Comfy affiliate program landing page at `/affiliates`,
composed from 8 reusable presentational blocks (`HeroSplit01`,
`ChecklistSplit01`, `StepsGrid01`, `BenefitsGrid01`, `DetailsTable01`,
`BrandAssetsGrid01`, `FAQSplit01`, `CtaCenter01`) and thin section
wrappers under `templates/affiliate/*`. The page funnels through: Hero →
Audience → How It Works → Why ComfyUI → Program Details → Brand Assets →
FAQ → closing "Ready to start earning?" CTA.
- Removes the older parallel implementation under
`components/affiliates/*` (7 Vue sections, 3 data files, the i18n
contract test) and the `affiliate-landing.*` translation keys — the page
now has a single canonical i18n surface under `affiliate.*`.
- Rewrites `e2e/affiliates.spec.ts` to target the new sections via
semantic queries (no testids were added to production), covering hero
indexability, the closing CTA's apply + terms links, FAQPage JSON-LD
entry count, and FAQ toggle behavior.
- Apply CTA links to the application form
(`forms.gle/RS8L2ttcuGap4Q1v6`, `target=_blank`); terms link goes to
`/affiliates/terms` (English-only by design, per the legal-reviewed
terms document).
## Test plan
- [ ] `pnpm --filter @comfyorg/website typecheck` passes (0 errors)
- [ ] `pnpm --filter @comfyorg/website test:unit` passes (96 tests
across 13 files)
- [ ] `pnpm --filter @comfyorg/website knip --cache` reports no new
orphans introduced by this branch
- [ ] Visit `/affiliates` — all 8 sections render in order on desktop
and mobile
- [ ] APPLY NOW (in closing CTA section) opens
`forms.gle/RS8L2ttcuGap4Q1v6` in a new tab
- [ ] "Read the affiliate program terms" link navigates to
`/affiliates/terms` in the same tab
- [ ] FAQ items expand/collapse on click; `<script
type="application/ld+json">` FAQPage entry contains all 8 Q/A pairs from
`src/data/affiliateFaq.ts`
- [ ] Run e2e: `pnpm --filter @comfyorg/website playwright test
e2e/affiliates.spec.ts`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: GitHub Action <action@github.com>
## Summary
Add a new `/models` landing page (EN + zh-CN) for the marketing site,
plus supporting tweaks: a generator-side mechanism for old→new
model-slug 301 redirects, spacing/CTA polish on shared sections, and a
per-item layout option on GalleryCard.
## Changes
- **What**:
- New `/models` and `/zh-CN/models` pages composed of a hero (autoplay
video, modelName + i18n CTA), a creations gallery, and the shared
`AIModelsSection`.
- New `ModelsHeroSection.vue` and `ModelCreationsSection.vue`
components; localised strings under `models.list.*` / `models.hero.*` in
`translations.ts`.
- Reused `AIModelsSection` on the models page (replaces the duplicated
showcase markup that previously lived under `models/`) so the same
component now powers both the cloud product page and the models page.
- `generate-models.ts`: renamed the `grok` provider to **Grok Imagine**
(`grok-imagine` slug) and added a `LEGACY_SLUG_REDIRECTS` constant that
emits stub entries so the existing `canonicalSlug` mechanism in
`[slug].astro` issues a 301 from old slugs (`grok-image` →
`grok-imagine`).
- `model-metadata.ts`: renamed the metadata key from `grok-image` to
`grok-imagine` (hub slug unchanged).
- `GalleryCard.vue`: added per-item `objectFit` / `objectPosition`
overrides so individual gallery entries can opt out of the default
`cover` crop.
- `ModelsHeroSection.vue`: dropped the empty-string default on
`videoAriaLabel` and omit `aria-label` (with `aria-hidden="true"`) when
no label is provided — addresses the CodeRabbit accessibility note.
- Minor vertical-spacing tightening on `ModelCreationsSection` and the
shared `AIModelsSection`.
- **Breaking**: None. Old `/p/supported-models/grok-image` URLs 301 to
the new slug.
- **Dependencies**: None.
## Review Focus
- The `LEGACY_SLUG_REDIRECTS` constant in
`apps/website/scripts/generate-models.ts` is the new source of truth for
renamed slugs — future slug renames should follow the same pattern so
the redirect survives regeneration of `generated-models.json`.
- The shared `AIModelsSection` is now used in two places; confirm the
spacing tweak (`py-24 → py-16`, `mt-24 → mt-16 lg:mt-24`) still looks
correct on the cloud product page.
- `generated-models.json` is fully regenerated by `pnpm generate:models`
— diff size is large but mechanical.
## Screenshots (if applicable)
<!-- Add screenshots or video recording to help explain your changes -->
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Alexander Brown <drjkl@comfy.org>
## ELI-5
When an image on the page fails to load — a broken thumbnail, an expired
share
link, a flaky in-app browser — the app already handles it and shows a
fallback.
But under the hood, the image helper was *also* shouting "uncaught
error!" to the
browser's global error channel every time. Our monitoring hears that
shout and
logs it as a crash. With enough broken images (some in-app browsers
retry in a
loop), it became the single loudest "error" in our telemetry — for
something
that isn't actually broken. This tells the helper to handle the failure
quietly
instead of shouting.
## What
`useImage()` (from `@vueuse/core`) exposes load failures via its `error`
ref,
which every call site here already uses to render a fallback. But
vueuse's
default `onError` forwards the error to `globalThis.reportError`, so
each failed
`<img>` load also surfaces as an **unhandled** error to global error
monitoring.
This makes failed image loads — 404'd thumbnails, expired share links,
in-app
webviews that re-fetch on a loop — the highest-volume unhandled frontend
error
in our production telemetry, despite being expected and already handled
in the UI.
## Fix
Pass an explicit `onError` (a documented no-op) as the `useAsyncState`
options
argument at all four `useImage()` call sites:
- `components/common/ComfyImage.vue`
- `platform/workflow/sharing/components/ShareAssetThumbnail.vue`
- `platform/assets/components/MediaImageTop.vue`
- `platform/assets/components/AssetCard.vue`
The `error` ref is still set by `useAsyncState` before `onError` runs,
so the
fallback-UI behaviour is unchanged — the only difference is we stop
re-reporting
handled failures to the global error handler.
## Test plan
- [x] No behavioural change to the `error` ref / fallback rendering
(verified
against vueuse `useImage`/`useAsyncState` semantics: `error.value` is
assigned
independently of `onError`).
- [ ] CI lint/format/type checks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: GitHub Action <action@github.com>
## ELI-5
Some custom nodes have a `getCustomWidgets()` function that's *supposed*
to hand
us a list of widgets. A few of them hand us back nothing
(null/undefined)
instead. We were trying to read that "nothing" like a list, which
crashes with
*"Cannot convert undefined or null to object"* — and because it happens
while
the app is still starting up, it can break the whole page. This PR just
says
"if there's nothing to register, skip it."
## What
`registerCustomWidgets` called `Object.entries(newWidgets)` directly.
When an
extension's `getCustomWidgets()` resolves to `null`/`undefined` (it's
typed
non-null, but extensions are untrusted and routinely violate the type),
this
throws `TypeError: Cannot convert undefined or null to object`.
The call site in `extensionService.ts` runs this inside a bare async
IIFE,
*outside* the `wrapWithErrorHandling` wrappers used for
keybindings/settings, so
the throw is unhandled and surfaces during app initialization.
## Why it matters
In production this is one of the highest-volume unhandled frontend
errors —
~2.6k events across **~1,160 distinct sessions/day**, all funneling
through this
one `Object.entries` call. Guarding the choke point silences it for
every
caller.
## Fix
- Keep `registerCustomWidgets` typed `Record<string,
ComfyWidgetConstructor>`
(the correct internal contract) and early-return on nullish input. The
runtime
guard defends against untrusted extensions that violate the type at the
boundary, without weakening the signature for legitimate callers.
- Add a regression test asserting
`registerCustomWidgets(null!/undefined!)` does
not throw (the `!` casts simulate the boundary violation).
## Test plan
- [x] `npx vitest run src/stores/widgetStore.test.ts` — 8 passing,
including the
new null/undefined case.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary
Client-side execution events (`execution_start` / `execution_success` /
`execution_error`) are now emitted only by the GTM provider, removing
the redundant Mixpanel and PostHog emissions that duplicated the
server-side PostHog execution pipeline.
## Changes
- **Removed** `trackWorkflowExecution`, `trackExecutionError`, and
`trackExecutionSuccess` from `MixpanelTelemetryProvider` and
`PostHogTelemetryProvider`, along with the now-unused
`lastTriggerSource` field and related type imports.
- **Kept** these methods on `GtmTelemetryProvider`. The
`TelemetryProvider` interface declares them optional and
`TelemetryRegistry` dispatches via optional chaining, so callers are
unchanged and Mixpanel/PostHog simply receive nothing for these events.
- **Added** GTM unit tests for `execution_start` and `execution_success`
(alongside the existing `execution_error` test) to pin the remaining
client-side path.
## Review Focus
- Execution telemetry on the client now flows exclusively to GTM;
PostHog execution data is expected to come solely from the server side,
so there should be no double-counting.
- The server-side PostHog execution pipeline is out of scope for this
frontend change — this PR only stops the client from emitting duplicate
execution events.
Reference: MAR-282
Prior context: Comfy-Org PR #3423.
Co-authored-by: Steven Tran <steventran@Stevens-MacBook-Air.local>
## Summary
Fixes the Desktop2 missing-model download path so the frontend calls the
Desktop2 download bridge directly when it is available, instead of
relying on the browser `<a download>` fallback that Desktop2 currently
has to intercept indirectly.
This addresses Linear FE-956, where missing-model downloads on Windows
could open the OS Save As dialog. The issue was reproducible when the
frontend language was not English: switching the UI language back to
English made the download succeed again.
## Root Cause
Desktop2 currently has compatibility logic that watches/intercepts the
frontend missing-model download flow from outside the FE code. That
interception depends on FE-rendered DOM details, including localized
accessible labels such as the missing-model download button
`aria-label`.
In English, Desktop2 could find the expected download controls and cache
the missing-model metadata before the FE-created `<a>` download was
clicked. In non-English locales, the localized label no longer matched
Desktop2's selector, so the Desktop2 interception path missed the
download. The FE then continued down the browser download path, which
Electron surfaced as a native Save As dialog on Windows.
## Changes
- Adds a narrow Desktop2 runtime bridge check in
`missingModelDownload.ts`:
- if `window.__comfyDesktop2.downloadModel` exists
- and `window.__comfyDesktop2Remote` is not set
- then FE calls `window.__comfyDesktop2.downloadModel(model.url,
model.name, model.directory)` directly and returns early.
- Keeps remote Desktop2 sessions on the existing browser fallback path
by preserving the `__comfyDesktop2Remote` guard.
- Leaves the existing OSS browser fallback and legacy desktop
`isDesktop` download-store path intact.
- Logs Desktop2 bridge failures so rejected promises or synchronous
bridge throws do not become unhandled errors.
- Adds regression coverage for:
- Desktop2 bridge path taking priority over browser and legacy desktop
fallbacks.
- rejected Desktop2 bridge calls being logged without falling back to
browser download.
- synchronously thrown Desktop2 bridge failures being logged without
crashing or falling back to browser download.
- remote Desktop2 sessions continuing to use browser fallback.
## User Impact
Desktop2 users should no longer depend on localized FE DOM text for
missing-model downloads. In particular, non-English UI locales should
route missing-model downloads through Desktop2's managed downloader
instead of opening the OS Save As dialog.
## Validation
- Manually verified the issue is fixed in Desktop2 using a locally built
FE dist served through ComfyUI with `--front-end-root`.
- Verified Korean locale no longer triggers the Save As dialog and the
missing-model download succeeds through Desktop2.
- Verified the new regression test fails when the production bridge fix
is reverted.
- Covered the FE-side contract with unit tests because a true end-to-end
assertion of the Windows native Save As dialog is not currently
practical in the FE browser-test infrastructure. The FE tests can verify
that clicking missing-model download routes into
`window.__comfyDesktop2.downloadModel`; they cannot directly prove
Electron/Windows native dialog behavior. That full native-dialog
regression belongs in Desktop2/Electron integration coverage.
- Ran:
- `pnpm exec oxfmt --check
src/platform/missingModel/missingModelDownload.ts
src/platform/missingModel/missingModelDownload.test.ts`
- `pnpm lint:unstaged`
- `pnpm exec vitest run
src/platform/missingModel/missingModelDownload.test.ts`
- `pnpm typecheck`
- `pnpm build`
- Pre-commit hook passed: `oxfmt`, `oxlint`, `eslint`, `typecheck`.
- Pre-push hook passed: `knip --cache` completed with existing tag hints
only.
- Ran a 3-round local Claude review loop; final verdict was approve with
no Blocker/Major findings.
## Follow-up Work
- Define and document the FE/Desktop2 bridge contract explicitly,
including the expected semantics of `downloadModel` resolving `false`
versus rejecting.
- Add a shared or canonical TypeScript declaration for
`window.__comfyDesktop2` and `window.__comfyDesktop2Remote` if more FE
code starts depending on these globals.
- Remove Desktop2's DOM/aria/class-based missing-model download
interception after a sufficient FE compatibility window, so Desktop2 no
longer depends on FE DOM structure or localized labels.
- Add Desktop2 integration/e2e coverage for missing-model downloads in
non-English locales, ideally including Windows where the Save As dialog
was observed. This is the right layer for a true native Save As
regression test.
- Optionally add a lighter FE browser E2E that injects a fake
`window.__comfyDesktop2.downloadModel` and verifies the missing-model UI
calls that bridge. This would validate the FE contract, but it would
still not replace Desktop2/Electron coverage for native dialog behavior.
- Decide on user-facing failure UX for Desktop2 bridge download failures
once Desktop2 defines whether failures, cancellations, and
already-queued downloads are represented by rejection or by `false`.
## Notes
This intentionally does not fall back to browser download when the
Desktop2 bridge resolves `false`. Falling back there could reintroduce
the exact Save As dialog behavior this PR fixes, and the meaning of
`false` should be clarified in the Desktop2 bridge contract before FE
invents user-facing behavior for it.
A true E2E test for this bug would need to exercise Desktop2/Electron on
Windows and assert that the native Save As dialog is not opened. The
current FE browser-test infrastructure cannot observe that native
Desktop2 behavior directly, so this PR uses focused unit regression
coverage for the FE routing contract plus manual Desktop2 verification.
- pricing dialog shell uses secondary-background (elevated) so the
base-background cover panel + cards read as the darker well per DES-197;
drop the translucent base/60 + backdrop-blur
- cover panel gets solid bg-base-background
- personal tier price unit "USD / mo / member" -> "USD / mo" (matches DES-197
and the team slider; fixes awkward wrap on mobile)
- personal cards: replace uniform attribute matrix with progressive
"What's included:" / "Everything in {prev}, plus:" bullets + credit block
(monthly credits + "Generates ~N 5s videos*"); drop dead per-card popover
- unify monthly-credits / video-estimate / "Everything in {plan}" into shared
subscription.* i18n keys reused by both personal and team
- team Details checks use foreground color, "Invite team members" copy
- billing-cycle badge "-20%" -> "Save 20%"
- Creator CTA to inverted (white) to match DES-197 and legacy PricingTable
## Summary
This is the second PR in the planned Workflow Overview error-tab
modernization stack. It follows the merged execution-error slice in
#12683 and focuses only on Missing Media / Missing Inputs.
The intent is to simplify missing-media errors from
media-type/file-resolution cards into compact node-level guidance.
Missing media is now presented as a flat list of affected node inputs,
matching the new catalog-driven item-row direction introduced by the
first PR while intentionally avoiding the larger missing-node,
swap-node, and missing-model redesigns.
This PR also removes the upload/library selection workflow from the
error tab. Missing media rows now help the user locate the affected
node/input directly, rather than attempting to resolve the missing file
inside the error card.
## Changes
- **What**: Simplifies the Missing Inputs card into a flat list of
affected node/widget rows.
- **What**: Displays each missing media row with a catalog-resolved item
label in the form `{nodeName} - {inputName}`.
- **What**: Makes both the row label and right-aligned locate icon
navigate to the affected node on canvas.
- **What**: Adds item-specific accessible labels for locate icon buttons
and an explicit focus-visible state for clickable row labels.
- **What**: Uses the existing `list-scale` transition pattern so missing
media rows animate consistently when they enter or leave.
- **What**: Removes the old image/video/audio sub-sections from the
missing-media card.
- **What**: Removes missing-media
upload/dropzone/library-selection/status/confirm/cancel UI, because
resolution is no longer handled inside this card.
- **What**: Removes stale E2E selectors and tests tied to the deleted
upload/library controls.
- **What**: Removes stale English missing-media locale keys for the
deleted controls; translated locale files are intentionally left to the
localization sync process.
- **What**: Removes stale missing-media store interaction state
(`expandState`, `uploadState`, `pendingSelection`) and the now-unused
name-based removal API that only supported the deleted upload/library
flow.
- **What**: Keeps the remaining widget/node/prefix candidate-removal
APIs used by the missing-media lifecycle.
- **What**: Carries `nodeType` through missing-media referencing nodes
so fallback labels remain correct when the same missing filename is
referenced by multiple node types.
- **Breaking**: None expected. This changes the missing-media error-tab
UX, but does not change the workflow schema or backend APIs.
- **Dependencies**: None.
## Planned stack
This PR is part of the same staged redesign plan described in #12683.
The goal is to keep each error category reviewable and stable before
moving to the next slice.
1. Execution errors, merged in #12683: validation, runtime, and prompt
error grouping/presentation.
2. Missing media, this PR: simplify image/video/audio missing-media
cards into node-level catalog item rows with locate actions.
3. Missing node and swap node: align missing-pack rows, nested node
references, install/replace actions, and locate behavior.
4. Missing model: unify OSS and Cloud presentation, simplify
download/import actions, and improve import/download progress behavior.
This PR intentionally does not change missing node packs, swap nodes,
missing models, runtime errors, validation errors, or prompt errors.
## Review Focus
- Missing media rows should now be node-level rows, not file-level rows
and not image/video/audio sections.
- If the same missing media filename is referenced by multiple nodes,
each affected node/input should render as its own row.
- Clicking either the row label or locate icon should focus the
corresponding affected node.
- Removed upload/library controls are intentional and should not be
restored in this PR.
- The missing-media store cleanup should not remove any state or API
still used by the remaining missing-media lifecycle.
- Only `rightSidePanel.missingMedia.missingMediaTitle` should remain in
the English locale for the old missing-media UI namespace; new row copy
lives in the error catalog.
- This PR should stay scoped to Missing Media / Missing Inputs and
should not include the larger missing model/node/swap redesign work.
## Screenshots (if applicable)
This PR
<img width="483" height="339" alt="스크린샷 2026-06-08 오후 8 26 43"
src="https://github.com/user-attachments/assets/e029411e-b1db-41cd-aa6e-2bd5d86762f6"
/>
Before (Main)
<img width="484" height="802" alt="스크린샷 2026-06-08 오후 8 32 19"
src="https://github.com/user-attachments/assets/c183c18d-babe-4f4e-b4e0-706ce41298de"
/>
## Validation
- `pnpm format`
- `pnpm test:unit src/platform/missingMedia/missingMediaStore.test.ts
src/components/rightSidePanel/errors/TabErrors.test.ts
src/platform/errorCatalog/errorMessageResolver.test.ts
src/platform/missingMedia/missingMediaScan.test.ts
src/platform/missingMedia/missingMediaAssetResolver.test.ts`
- `pnpm typecheck`
- `pnpm knip --cache`
- `pnpm test:browser:local
browser_tests/tests/propertiesPanel/errorsTabMissingMedia.spec.ts
--project=chromium`
- Pre-push hook: `pnpm knip --cache`
## Review notes
Claude review was run after the main implementation and again after
cleanup. No blocker or major issues remained. The only final minor
finding was stale inline i18n fixture data in `TabErrors.test.ts`, which
was removed in the final commit.
## What
The /download hero now surfaces both Windows AND macOS download buttons
when the post-mount UA sniff comes back empty (Linux desktop, mobile,
privacy-stripped UAs). Today those users see only the GitHub-install
button — no actual download link.
## Why
Field complaint: \"I can't find a download link at all on this page.\"
Reproduced on Chrome with a Linux UA — \`useDownloadUrl\` returns
\`platform: null\`, and \`<DownloadLocalButton v-show=\"platform\">\`
collapses to \`display: none\`. The user only sees \"INSTALL FROM
GITHUB\" next to it, with no obvious way to grab the Windows or Mac dmg.
Showing both is the better fallback — they're the two artifacts we
actually ship today (\`downloadUrls.windows\`, \`downloadUrls.macArm\`),
the UA path already encodes them, and the buttons exist as fragment
siblings so they slot into the parent's flex container next to the
existing GitHub button without extra layout wrapping.
## How
- \`useDownloadUrl\` now exposes a \`detected\` ref that flips to
\`true\` post-mount regardless of whether UA matched. Lets the component
distinguish three states:
- **\`!detected\`** → pre-hydration, render nothing (avoids SSR flicker)
- **\`detected && platform\`** → single matched CTA, current behaviour
- **\`detected && !platform\`** → NEW: render both Windows AND Mac
- \`DownloadLocalButton\` adds the fallback branch as a \`<template
v-else-if>\` fragment so the two buttons slot directly into the parent's
existing \`flex-col lg:flex-row\` layout next to the GitHub button. Each
carries its OS icon and an \`aria-label\` combining the existing
\"DOWNLOAD DESKTOP\" copy with the OS name so screen readers get equal
context to the detected-OS path.
- \`downloadUrls\` is now re-exported from the composable so the
fallback path uses the same source of truth instead of duplicating the
URLs.
## Tests
- [x] New \`@smoke\` e2e test (\`HeroSection falls back to both Windows
+ Mac when UA is unrecognized\`) — uses Linux UA, asserts both fallback
buttons appear with the right hrefs / target=\"_blank\", and confirms
the auto-detected single CTA is NOT also present
- [x] Existing Windows-UA test (\`HeroSection has download and GitHub
buttons\`) still passes — single CTA branch unchanged
- [ ] Manual: load /download on Linux Chrome → both buttons visible
- [ ] Manual: load /download on Windows → still single \"DOWNLOAD
DESKTOP\" button (no regression)
- [ ] Manual: load /download on macOS → still single \"DOWNLOAD
DESKTOP\" button with Apple icon
- [ ] Manual: load /download on mobile (which detection treats as null)
→ both fallback buttons visible
## Automated Ingest API Type Update
This PR updates the Ingest API TypeScript types and Zod schemas from the
latest cloud OpenAPI specification.
- Cloud commit: ca12913
- Generated using @hey-api/openapi-ts with Zod plugin
These types cover cloud-only endpoints (workspaces, billing, secrets,
assets, tasks, etc.).
Overlapping endpoints shared with the local ComfyUI Python backend are
excluded.
---------
Co-authored-by: mattmillerai <7741082+mattmillerai@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
## Summary
https://us.posthog.com/project/204330/feature_flags/706651
Register the `unified_cloud_auth` server feature flag (default **off**)
so the upcoming single Cloud-JWT auth provider (FE-950/FE-951) can be
gated behind it. Pure plumbing — no behavior change.
## Changes
- **What**: Adds `ServerFeatureFlag.UNIFIED_CLOUD_AUTH`, the
`unifiedCloudAuthEnabled` getter in `useFeatureFlags` (via
`resolveFlag`, precedence: dev override > `remoteConfig` > server
feature), and the `unified_cloud_auth?: boolean` field on the
`RemoteConfig` type. Unit tests cover the server-feature wiring and the
dev-override toggle.
- This is PR 1 of 3 for FE-950. Nothing reads the flag yet; it resolves
`false` by default, so this is inert in every environment until a later
PR wires consumers.
## Review Focus
- Mirrors the existing `resolveFlag`-based flags (e.g.
`userSecretsEnabled`, `workflowSharingEnabled`) — deliberately the plain
shape, **not** the cloud-gated `teamWorkspacesEnabled` shape, since the
flag is only read from paths already `isCloud`-gated.
- Local toggle for development:
`localStorage.setItem('ff:unified_cloud_auth', 'true')` (DEV-only dev
override).
- Production delivery of the flag value (and staged % rollout) is
backend work — Comfy-Org/cloud#4139 (BE-1258), already adds
`unified_cloud_auth` to `/api/features`. This FE PR is independent of
it; with no server value the flag stays `false`.
Linear: FE-950
## Screenshots (if applicable)
N/A — no user-facing change (flag registration only).
## Automated Ingest API Type Update
This PR updates the Ingest API TypeScript types and Zod schemas from the
latest cloud OpenAPI specification.
- Cloud commit: 1dc7e7e
- Generated using @hey-api/openapi-ts with Zod plugin
These types cover cloud-only endpoints (workspaces, billing, secrets,
assets, tasks, etc.).
Overlapping endpoints shared with the local ComfyUI Python backend are
excluded.
---------
Co-authored-by: mattmillerai <7741082+mattmillerai@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
## Summary
- Progressive container-query truncation for the **Keybinding** column
in the Settings → Keybinding panel so the **actions column stops getting
clipped** at narrow widths.
- Tiers (all driven by `@container/keybindings` on the cell content — no
JS resize listeners):
- `>= 16rem`: `Ctrl S , Ctrl Shift S + 1 more` (2 combos + `N-2 more`)
- `>= 12rem`: `Ctrl S + 2 more` (1 combo + `N-1 more`)
- `>= 8rem`: `Ctrl S + 2` (1 combo + compact `+N`)
- smallest: first combo only
- Actions column pinned with `whitespace-nowrap` so it always stays
fully visible — the keybindings column compresses first, not the icons.
- New `KeybindingList.vue` extracted from `KeybindingPanel.vue`; the
prior inline rendering was inlined twice (column body + we'd need it
elsewhere if expansion logic changes).
- Adds `g.nMoreKeybindingsCompact` and `g.keybindingListAriaLabel` i18n
keys (en only; other locales fall back to en).
## Before / after
### before
https://github.com/user-attachments/assets/227cdd6a-fd5d-41ba-8af2-2a49e2d9cf15
### after
<img width="936" height="812" alt="Screenshot 2026-05-13 at 11 05 12 AM"
src="https://github.com/user-attachments/assets/f750efd8-7d14-4a46-a92d-fa67e57c7909"
/>
<!-- Drag the PNGs from ~/Desktop/fe-523-screenshots/ into this section.
Recommended order: wide → 16rem → 12rem → 8rem, before then after at
each tier.
Captured by temp/scripts/capture-fe523-screenshots.ts at 4 dialog
widths. -->
_screenshots pending — drag/drop from `~/Desktop/fe-523-screenshots/`_
The narrow tier shows the original FE-523 bug clearly: on `main` the
Source and Actions columns are clipped without a scrollbar; with this PR
the keybinding column compresses first, keeping at least the edit icon
visible. Some action icons still get clipped at the absolute narrowest
tier — full sticky-actions behavior is a follow-up.
## Why draft
Manual visual verification of the four container-query tiers on a real
backend still needs to happen — the snapshot script runs against a
stubbed-out backend, so the dataset is sparse (the multi-combo rows
aren't injected). Moving out of draft after that pass.
## References
- Fixes
[FE-523](https://linear.app/comfyorg/issue/FE-523/update-keybinding-panel-responsiveness)
- Figma proposal:
https://www.figma.com/design/ZNLRans6JLM3hvCz5LlCQA/Keyboard-Shortcut?node-id=625-17286
- Slack thread:
https://comfy-organization.slack.com/archives/C075ANWQ8KS/p1776818615078629?thread_ts=1776808927.654249&cid=C075ANWQ8KS
## Test plan
- [x] `pnpm test:unit` — new `KeybindingList.test.ts` covers all 4 tiers
(0/1/2/3+ keybindings, count math `N-2` vs `N-1`, container class
present, aria-label assembled).
- [x] `pnpm typecheck`
- [x] `pnpm lint`
- [x] Snapshot diff at 4 widths (see Before / after section above once
images are attached).
- [ ] Manual on a real backend: command with 1 / 2 / 3 / 5 keybindings
each renders the correct `+N more` / `+N` value at each tier.
- [ ] Manual: confirm whether residual actions-column clipping at the
absolute narrowest tier warrants a follow-up.
## Summary
Publishes the Comfy Desktop privacy policy (currently bundled in-app
only) as a public page at \`/privacy/desktop\`, so users can read what
they consented to without re-opening the app and so the document is
verifiable / link-shareable. Also adds a single-sentence link from the
existing \`/privacy-policy\` page so people who land on the org-wide
policy can find the surface-specific one.
## Changes
- **What**: New marketing-site page at \`/privacy/desktop\` (en) and
\`/zh-CN/privacy/desktop\` (zh), backed by ~50 new \`desktop_privacy.*\`
i18n keys mirroring the in-app document. One-sentence addition to
\`privacy.intro.block.3\` linking to the new page.
- **Breaking**: None.
- **Dependencies**: None.
## Why now
Recent Discord audit by a user (cited Civitai as precedent) identified
six legitimate gaps between our website privacy policy and what GDPR /
UK GDPR Art 13 requires (named processors, lawful basis mapping,
retention specifics, international transfer mechanism, etc.). The
**in-app Desktop policy already addresses all of them**, but it isn't
publicly visible. This PR makes it visible at a URL.
A separate, counsel-reviewed PR will be needed to bring the org-wide
\`/privacy-policy\` page up to the same standard — that's deliberately
not in scope here.
## Content the new page covers
Mirrors the Desktop in-app document (effective 2026-05-19):
- Named processors: PostHog, Datadog, ToDesktop, Comfy Org analytics
warehouse
- Article 6 mapping: 6(1)(a) consent for analytics + crash reports;
6(1)(f) legitimate interests for update server
- Retention: 24 months analytics / 15 days crash / 36 months aggregate /
90 days update logs / removed on uninstall
- International transfers: Standard Contractual Clauses where required
- Data subject rights + \`privacy@comfy.org\` as contact
- Right to lodge complaint with ICO / EU supervisory authority / CPPA
## Review Focus
1. **i18n zh-CN placeholders.** Following the existing convention in
this file (see e.g. \`affiliate-landing.footerCta\`), zh-CN values use
the English text as placeholders. A follow-up PR will land Chinese
translations. Flag if there's a different preferred convention.
2. **Source-of-truth coupling.** This page is a publish of the bundled
in-app policy at \`src/renderer/src/lib/legalDocs.ts\`
(\`PRIVACY_POLICY\` constant) in the \`Comfy-Desktop\` repo. There's no
automated sync — the two need to stay aligned manually when the in-app
policy is revised. Worth a quarterly review reminder.
3. **\`privacy@comfy.org\` mailbox.** The policy directs all data
subject rights requests there. Confirm this inbox exists and is
monitored before merge.
4. **No \`noindex\` on the new page.** Unlike the existing
\`/privacy-policy\` page, this one is intentionally indexable — the
point is that it should be discoverable.
## Test plan
- [x] \`pnpm typecheck\` clean (0 errors, 0 warnings)
- [x] \`pnpm build\` succeeds; both \`/privacy/desktop/index.html\` and
\`/zh-CN/privacy/desktop/index.html\` are emitted
- [x] All 385 site pages still build
- [ ] After preview deploy: verify the link from \`/privacy-policy\` to
\`/privacy/desktop\` renders correctly, and the page table-of-contents
nav works (\`ContentSection\` infers sections from i18n keys)
## Companion items (not in this PR)
- Update \`comfy.org/privacy-policy\` (the org-wide policy) with named
processors, Art 6 mapping, retention specifics, and SCC language —
requires privacy counsel review
- Confirm Comfy Org Inc ICO registration status
- One-page determination from privacy counsel on whether Art 37 requires
a formal DPO (pseudonymous product telemetry is likely below threshold,
but the question deserves a documented answer)