feat: agent CLI — JSON envelopes, cloud run/jobs, fragments, projects, CQL, structured errors#470
Open
skishore23 wants to merge 104 commits into
Open
feat: agent CLI — JSON envelopes, cloud run/jobs, fragments, projects, CQL, structured errors#470skishore23 wants to merge 104 commits into
skishore23 wants to merge 104 commits into
Conversation
Add a caller-aware rendering system that auto-detects agents vs humans: - JSON envelope contract for every command (ok, data, error, hint) - Rich-panel branding with gradient wordmark for interactive use - Glyph system mapping cloud job statuses to user-facing icons - JSON schemas for every envelope shape (env, which, run, jobs, etc.) - Error-code registry with structured hints for agent recovery - File-lock helper for concurrent job-state access
Add cloud authentication and dual local/cloud routing: - OAuth 2.1 Authorization Code + PKCE flow with localhost callback - Credential store for OAuth sessions and third-party API keys - Unified ComfyClient that routes to local server or Comfy Cloud - `comfy cloud login/logout/whoami/set-base-url` commands - `comfy auth set/remove/list` for third-party tokens (HuggingFace, etc.) - Auto-detection of auth method (OAuth vs API key) with clear precedence - Constants aligned with cloud seed migration (client_id, scopes, paths)
Add a typed query language for exploring ComfyUI's 3400+ nodes: - CQL (ComfyUI Query Language) with boolean predicates and pipelines - WASM-based graph engine for validation and path-finding - `comfy nodes search/show/ls/upstream/downstream/path/types/categories` - Pre-submit workflow validation against the node catalog - Unified object_info loader for local server and cloud
Add a complete workflow lifecycle: - Async-by-default submit returning prompt_id + state file instantly - Background job watcher that polls and writes state transitions to disk - `comfy jobs ls/status/watch` for tracking and live-tailing - `comfy workflow slots/set-slot/vary` for in-place editing and sweeps - `comfy upload/download` for file transfer with auth handled internally - Pre-flight validation of class_type and partner-API nodes before submit
Add ten composable SKILL.md files that teach AI agents to drive comfy: - Core, cloud, debug, image, video, audio, edit, condition, pipeline, relay - `comfy skill install/uninstall/list/status` for managing agent configs - `comfy templates search/show/slots` for discovering workflow templates - Skills auto-install into Claude Code, Cursor, and AGENTS.md
- Add `comfy setup` interactive wizard with --non-interactive mode for CI - Wire all new subcommands into the CLI entry point - Add wasmtime dependency for WASM-based graph engine - Update .gitignore to use /projects/ for local creative work - Fix subcommand module re-exports for eager discovery Amp-Thread-ID: https://ampcode.com/threads/T-019e50f8-759d-745f-b20d-9330daba39d7 Co-authored-by: Amp <amp@ampcode.com>
- Block redirects on upload/download to prevent Bearer/API-Key replay to redirect targets (uses dedicated no-redirect opener) - Sanitize multipart filenames per RFC 7578 to prevent Content-Disposition header injection via crafted filenames - Validate download URLs are http/https before fetching to prevent SSRF via crafted state files or API responses Amp-Thread-ID: https://ampcode.com/threads/T-019e50f8-759d-745f-b20d-9330daba39d7 Co-authored-by: Amp <amp@ampcode.com>
…vents - Add PostHog provider alongside Mixpanel with atexit flush - Honor DO_NOT_TRACK and COMFY_NO_TELEMETRY env vars - Add execution_start/execution_success/execution_error lifecycle to `comfy run` - Add generate:start/success/error/submitted lifecycle to `comfy generate` - Add filter_command_kwargs() to redact sensitive args from analytics - Add posthog>=6,<8 dependency - Port tracking tests and lifecycle tests from main Amp-Thread-ID: https://ampcode.com/threads/T-019e50f8-759d-745f-b20d-9330daba39d7 Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019e50f8-759d-745f-b20d-9330daba39d7 Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019e50f8-759d-745f-b20d-9330daba39d7 Co-authored-by: Amp <amp@ampcode.com>
…de safety - _classify_api_workflow: scan all keys for class_type, not just first key. Workflows with metadata keys like _meta no longer rejected as invalid. - validate_workflow: emit non_node_key warnings for entries without class_type instead of silently skipping them. - Cloud prompt_rejected: parse node_errors into readable per-node hint lines (e.g. 'node 16 (ElevenLabsVoiceSelector): voice not in list') instead of dumping raw JSON. Guard against null errors arrays. - Preflight: suppress pretty-print warnings in JSON mode to prevent Rich-formatted text from corrupting the NDJSON stdout stream. - Tests: 6 new tests covering non-node keys, classify edge cases, and warning schema assertions. All 1771 tests pass. Amp-Thread-ID: https://ampcode.com/threads/T-019e58cf-de52-74b5-9c0e-0d2860fe5626 Co-authored-by: Amp <amp@ampcode.com>
…ewal Fragments/compose: - Split workflow_fragments into a pure domain core (comfy_cli/fragments.py) and a thin Typer shell; standardize "recipe" -> "blueprint" everywhere (error codes recipe_* -> blueprint_*, payload key, skill docs). - Support graph-typed sockets (MODEL/CONDITIONING/LATENT/VAE and any custom UPPER_SNAKE type) as fragment inputs so complex pipelines can be composed; path literals stay loader-injected for IMAGE/MASK/AUDIO/VIDEO only. - Clearer errors for malformed cross-step refs and invalid step aliases; carry output type on _StepOutput so the save node needs no fragment reload. Cloud poll resilience (comfy_client._request): - Retry 429 (any method) and transient 5xx (GET only) with Retry-After-aware exponential backoff + jitter; bump wait_for_completion poll interval to 2s. Fixes `comfy run --wait` aborting on a transient rate-limit mid-job. OAuth session longevity: - ensure_fresh_session() proactively refreshes an expired-but-refreshable session; wired into cloud_preflight (every cloud command auto-renews) and whoami. whoami `signed_in` now reflects token validity, not just presence. Tests: full suite green (1789 passed, 35 skipped); ruff clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Resolves 8 of the 9 open Dependabot alerts via lockfile upgrades: - gitpython 3.1.45 -> 3.1.50 (5 HIGH: RCE via core.hooksPath newline injection, command injection via git options, path traversal) - uv 0.11.6 -> 0.11.17 (MEDIUM: arbitrary file write via entry point names) - idna 3.10 -> 3.17 (MEDIUM: idna.encode bypass) - pygments 2.19.2 -> 2.20.0 (LOW: ReDoS in GUID regex) Pin floors in pyproject: gitpython>=3.1.50, uv>=0.11.15. The re-resolve also syncs previously-missing declared transitives (posthog 7.x + backoff/distro, term-image/pillow) that had drifted out of the lockfile. The 9th alert (comfy-cli < 3.39.2 / ComfyUI-Manager CRLF) is a self/advisory- mapping artifact against the repo's own 0.0.0 package, not a bumpable dep. Full suite green against upgraded versions (1789 passed, 35 skipped). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
CI installed ruff unpinned (`pip install ruff`) while pre-commit pinned v0.12.4, so the two drifted and the repo was no longer clean under either. Pin both to 0.15.15 (current latest) and run a one-time repo-wide `ruff check --fix` + `ruff format` so CI's lint/format checks pass deterministically. Also drops a dead local var and hoists a mid-file import (E402) flagged by the linter. No behavioral changes — formatting, import ordering, and version pins only. Co-authored-by: Cursor <cursoragent@cursor.com>
…ixes - skills: consolidate the bundled library from 10 skills to 4 via composition, prune retired skills on every install, and pluralize the canonical command to `comfy skills install` (singular kept as alias). - update: add a non-intrusive upgrade hint on the intro banner (daily cache, no background threads) and a `comfy update cli` self-update path. - feedback: add `comfy feedback` (inline one-shot for agents, interactive for TTY) and a hidden, fully consent-gated `comfy agent-review`; wire both into PostHog telemetry and register the new error code. - setup: add an explicit, branded telemetry-consent step to the wizard and suppress the global lazy prompt while in `setup`. - types: fix crash-class issues (possibly-unbound vars, Optional member access/subscript/iterable) and tighten signatures (`| None`, casts, fail-fast asserts) flagged by pyright. Adds command-level and unit tests plus a live telemetry verification script. Co-authored-by: Cursor <cursoragent@cursor.com>
…ck cache Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…again Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…lf-dedupe Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…stead of polling for 6h Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…lled jobs Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…cal and the help text Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…mit) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…instance isolation Two top-level instances of the same subgraph definition aliased each other: writing ``10/9.prompt`` mutated the shared definition, so instance 12's interior node changed too. Fix adds ``_count_instances`` + ``_isolate_shared_subgraph`` helpers that deep-copy the definition under a fresh UUID and repoint the instance's ``type`` before any interior mutation; a second write to the same instance sees count==1 and skips the fork. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…lue is legitimately null Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… correctly Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…nly inputs Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…orts out=null Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…rning in the envelope
When resilient_load_object_info falls back to a cached copy after a
failed live fetch, it now fires an on_stale(host_key, error_str) callback.
Both comfy nodes and comfy workflow._load_object_info_or_fail wire this
callback to inject stale=true and warnings=[{code, message}] into the
emitted payload so agents can branch on cache freshness instead of
silently consuming potentially months-old node schemas.
Also registers object_info_stale in the error-code registry (required by
the dict-literal scanner in test_error_code_registry.py even though this
is a warning code, not an error envelope).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…dentity for opted-out users Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…er + input key A literal (or $asset-resolved) VIDEO input injected LoadVideo with the invented input key "video". LoadVideo's only real input is "file" — the graph passed client-side validation, then burned a cloud run in 0.16s with ImageDownloadError during input staging (fennec friction #7). Replace the inline per-type branches with a PATH_LOADERS table mapping each path-loadable modality to its loader class and REAL input key: IMAGE -> LoadImage.image AUDIO -> LoadAudio.audio VIDEO -> LoadVideo.file (was: "video") Input names verified against the live-fetched cloud object_info cache (~/Library/Application Support/comfy-cli/cache/object_info-cloud.json): LoadVideo required = {file: COMBO}, LoadAudio required = {audio: COMBO}, LoadImage required = {image: COMBO}. AUDIO and IMAGE were already correct; VIDEO is the fix. MASK keeps its LoadImage -> ImageToMask ride. Tests: literal VIDEO/AUDIO inputs and $asset-resolved ones assert the exact injected loader inputs dict; IMAGE behavior pinned by existing tests. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
`comfy --json download <id>` surfaced a human "✓ downloaded …" progress line ahead of the JSON envelope in an agent production run, killing every `| jq` / json.load consumer of stdout (fennec friction #4/#5 — "Expecting value: line 1 column 1"). The documented pipe pattern requires stdout to be the envelope and nothing else. Gate the human progress lines on renderer.is_pretty() in both execute_download and execute_upload (the audit found the upload "✓ uploaded" line equally ungated): pretty mode keeps them byte-identical, machine modes emit nothing but JSON — the envelope already carries files[]/uploads[], so the line is pure duplication there, not even stderr noise. Inline previews fold under the same gate (already pretty-only). Tests pin the contract: with the renderer resolved from COMFY_OUTPUT=json (and in NDJSON mode), every stdout line parses as JSON, the envelope is the last line, and the human line appears on neither stream. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Piping a failed run into download (`comfy --json run --wait | comfy
download`) crashed with a raw AttributeError: an error envelope carries
`"data": null`, and `envelope.get("data", {})` returns that None — the
default only covers a MISSING key — so `.get("prompt_id")` exploded
with a full rich traceback (fennec friction #1, P1). This is the
SKILL.md-recommended pipe pattern, so it must be robust to upstream
failure.
Harden the stdin-pipe parse end to end: non-dict JSON (bare lists,
scalars) and non-dict `data` normalize to {}, and an `ok: false`
envelope short-circuits into a structured renderer.error with the
registered `download_no_prompt` code + exit 1 — surfacing the upstream
error block and its `prompt_id` (from data or error.details) in
details/hint so the caller can recover the still-running job instead of
guessing. Non-JSON and ok-without-prompt_id stdin keep falling through
to the same registered code.
Tests pipe the exact failure shapes: error envelope with data:null,
ok envelope without prompt_id, non-JSON garbage, and a bare JSON list —
all exit 1 with a proper error envelope, never a traceback.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…instead of aborting `comfy --json run --wait` aborted with cloud_http_error on a 429 storm mid-poll while the job itself was fine and later completed (fennec friction #2). The in-request layer retries quick blips (429 + 502/503/ 504 on GET, 4 attempts) but a sustained storm exhausted that budget — and a plain 500 on GET was never retried at all — so a single bad poll killed the whole wait. A failed poll says nothing about the job. wait_for_completion now owns a poll-level budget on top of the in-request retries: a 429 or any 5xx from get_history backs off exponentially (base 2s, doubling to a 60s cap, jittered, server Retry-After honored when present) and keeps polling; only _MAX_POLL_FAILURES (5) CONSECUTIVE failures re-raise into the caller's existing cloud_http_error path. The counter resets on any successful poll. Other 4xx still propagate immediately. Submit retries are untouched (extends the existing _retry_delay pattern; HTTPError now carries the parsed Retry-After so layers above _request can honor it). Tests: 429x2-then-success and 500x2-then-success complete the wait; permanent 500 raises after exactly 5 polls and surfaces the existing cloud_http_error envelope from execute_cloud; backoff sequence is 2/4/8/16 with jitter zeroed; Retry-After overrides; counter resets on a successful poll; 403 propagates immediately. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
A retry fan-out reusing the same foreach item ids re-downloads into the same outputs/ dir, and both naming schemes restart their counters per job — so attempt 2's s2_last_000.png silently clobbered attempt 1, irrecoverably losing the rejected frames (fennec friction #3, P1; same root cause as the P2 repeat-invocation note). Downloads now route through _collision_safe_path: when the destination exists, suffix deterministically into the first free slot — s2_last_000.png → s2_last_000.1.png → s2_last_000.2.png … — for both the item-named and legacy <prompt8>_<idx> schemes. Symlinks (including dangling ones) count as taken so the suffix walk can never be steered into writing through one; the explicit symlink refusal stays as defense in depth. files[] in the envelope already reports per-file paths, so consumers see the actual suffixed names. Tests: pre-created destination → suffixed write with the original's bytes untouched; suffix walks past prior retries (.1 → .2); legacy naming covered; envelope files[].path carries the suffixed path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…e/" prefix) One name per concept before this branch ships as a PR: - fragments KNOWN_PARAM_TYPES: BOOLEAN only. Node schemas (`nodes show`) print BOOLEAN; the BOOL alias was a second spelling of the same concept that the soccer-ad session showed agents never use — they copy types straight from the node schema (friction #8 was BOOLEAN being REJECTED). BOOL now fails fragment validation with the accepted set in the message. The comfy-fragments SKILL.md param-type table and comments speak BOOLEAN too. - run preflight PARTNER_NODE_CATEGORY_PREFIXES: ("partner/",) only. Current cloud/ComfyUI publishes partner/* categories plus the authoritative `api_node: true` flag (both still detected); the legacy "api node/" prefix matched nothing this CLI targets. Tests now pin that the legacy category is NOT detected. BREAKING: fragments using `type: "BOOL"` must say `"BOOLEAN"`; servers that only categorize partner nodes as `api node/*` without the api_node flag are no longer special-cased. The BOOLEAN acceptance test from e9d6c8a stays; the BOOL test flips to a rejection test. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
A truthful pushed:[] (everything already in the lock — e.g. a peer agent pushed moments earlier) read as failure to scripts keying on data.pushed: observed in production when twin phase agents raced and the second concluded its promotion failed. The envelope now carries current: [names] (lock-verified up-to-date on this target), so pushed ∪ current ⊇ my-files is a one-line success assertion. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Two real productions proved the shape: generated VIDEO flows between nodes as wires, so clips + score + assembly belong in a single graph with per-scene SaveVideo side-taps (one job emits reviewable clips AND the film). The job-boundary flow stays documented as the review-gate fallback, with its current cloud limit stated: pushed videos are not yet catalogued for LoadVideo, so cross-job video handoff means local assembly today. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…nto the run/ package + single-client architecture Upstream (dffa5c1..a392f55) carried five telemetry/tracking commits; most of #461/#463 was already on this branch, so the merge mainly ports #465 and #468 into our architecture: - PostHog dual-send + lifecycle events (#461): already present in our tracking.py (_dispatch fan-out) and cmdline.py run lifecycle; conflicts resolved to our superset (keeps _ensure_user_id(persist=), submit_feedback, submit_agent_review, _consent_enabled). - DO_NOT_TRACK / COMFY_NO_TELEMETRY (#463): already present; kept ours. - cli: event prefix (#465): took upstream's POSTHOG_EVENT_PREFIX in tracking.py PostHogProvider.capture + upstream's prefix tests in tests/comfy_cli/test_tracking_providers.py. - Comfy-Usage-Source header (#468): run.py was deleted here, so the header + extra_data.comfy_usage_source landed in comfy_cli/command/run/execution.py (WorkflowExecution.queue) and comfy_cli/comfy_client.py (Client._request header on every local/cloud request, submit_prompt extra_data); generate/client.py auto-merged upstream's header. Adapted tests/comfy_cli/cloud/test_client.py extra_data assertions accordingly. - SOC2 unreviewed-merge detector (#464) + pytest.yml codecov bump: taken from upstream as-is. - uv.lock: took upstream then regenerated with `uv lock` (posthog already a dependency here). - Upstream's non-TTY auto-consent assertion in test_tracking.py kept at our deliberate behavior (non-interactive sessions do NOT auto-enable tracking). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…th code
Field-tested across six agent-driven productions: the cloud API-node
session-token expiry ("Unauthorized: Please login first to use this
node") hit every session and was always fixed by plain resubmission,
but envelopes passed it through as a generic execution_error with a
null hint and a ~2KB double-encoded traceback duplicated in message
and details.
- new comfy_cli/execution_errors.py: parse the server failure payload
(JSON string, decoded dict, or plain text) and classify into an
envelope-ready verdict; transient_auth gets a resubmit hint
- envelopes now carry a one-line node-prefixed cause + 2-frame
traceback tail, never the full traceback (full record stays on
`jobs status`)
- wire into jobs watch terminal emission, background watcher,
run --wait cloud (also fixes execution failures miscoded as
cloud_http_error), and the local WS error path
- document transient_auth vs cloud_unauthorized in the comfy and
comfy-debug skills (re-login does not fix the former)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…sion Field incident: a batch production ran dozens of concurrent `jobs status` / `download` retry processes; one hit a fatal invalid_grant on token refresh and -- holding the default clear_session_on_auth_failure=True -- wiped the shared session mid-run, turning a transient server-side hiccup into a hard logout that needed a human to re-run `comfy cloud login`. Observer commands (jobs status/ls/watch snapshots, download's API fallback) now construct their Client with clear_session_on_auth_failure=False, the same protection the detached run watcher already had. Session lifecycle belongs to login/logout and the foreground submit path. jobs.py was committed with the previous change; this completes the policy for transfer.py and pins it with tests (one at AST level so a refactor cannot silently restore the default). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…uction Distilled from six field productions where a plain user prompt produced a template-consumer montage and every quality gain had to be hand-fed through briefs. Encodes the doctrine those briefs carried: screenplay before pipeline (causality + stranger tests), brand felt not name-checked, techniques as sparks not mandates, photoreal prompt hygiene, a ranked continuity toolkit, score as cues joined at pivots, and the production-ops recovery contract (append-only job_ids.txt, event-time LOG.md, frame-by-frame hallucination QC). Verified per writing-skills TDD: baseline failure documented from the field runs; a skill-loaded agent given the same casual prompt produced screenplay-first work passing every baseline failure point. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds pinned tooling and CI tweaks, a plaintext auth store and OAuth flows, caller and cancellation primitives, a unified HTTP Client, local WebSocket and cloud run paths with job-state persistence/watcher, fragment composition, a full CQL graph engine/loader, many new Typer subcommands, discovery/help JSON, and an error-code registry — auth to cloud, tools endowed (impish rhyme allowed). ChangesCLI expansion and runtime support
Possibly related PRs:
(An imp tipped the stack — please read layers in order for coherent review.) ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 39
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@comfy_cli/auth/store.py`:
- Around line 187-200: The function name set shadows Python's built-in set;
rename the function to a clearer name (e.g., store or upsert) by renaming the
definition def set(...) to def store(...) (or def upsert(...)) and update all
internal references and exports accordingly (any call sites in this module,
imports elsewhere, and __all__ if present) so callers use the new name; keep the
implementation logic and signature the same and add a short compatibility shim
(optional) that forwards the old name to the new function if you need
back-compatibility.
In `@comfy_cli/cancellation.py`:
- Around line 114-117: reset_for_testing currently clears _TOKEN and _INSTALLED
but leaves any installed SIGINT wrapper active; modify the code so
reset_for_testing also restores the prior SIGINT handler by calling
signal.signal(signal.SIGINT, _PREV_SIGINT_HANDLER) (and then clear
_PREV_SIGINT_HANDLER), and ensure the SIGINT install path (the function that
sets up the wrapper) saves the original handler into a module-level variable
named _PREV_SIGINT_HANDLER when _INSTALLED is set; finally set _INSTALLED =
False and _TOKEN = None as before.
- Around line 80-84: get_token currently does a check-then-set on the global
_TOKEN without synchronization, which can create multiple CancellationToken
instances under concurrency; fix by guarding initialization with a module-level
lock (e.g., create _TOKEN_LOCK = threading.Lock()) and perform the assignment
inside the lock in get_token (use double-checked locking: check _TOKEN before
acquiring and re-check inside the lock) so only one CancellationToken is ever
created and returned by get_token.
In `@comfy_cli/cloud/command.py`:
- Around line 261-262: Remove the redundant re-import of ConfigManager from the
lower import block and instead import CONFIG_KEY_BASE_URL alongside the other
top-level imports; specifically, delete the second "from
comfy_cli.config_manager import ConfigManager" and add "from comfy_cli.cloud
import CONFIG_KEY_BASE_URL" (or move that symbol into the existing top import
group) near the other module imports so ConfigManager remains imported only once
and CONFIG_KEY_BASE_URL is consistently placed with top-level imports.
In `@comfy_cli/cloud/oauth.py`:
- Around line 243-250: The response-writing block in the OAuth HTTP handler
currently sets capture.received_event only after self.wfile.write succeeds, so a
broken socket can leave waiters blocked; wrap the send_header/end_headers and
wfile.write sequence in try/finally and call capture.received_event.set() from
the finally block (while keeping the write inside try and preserving any error
logging/handling) so that capture.received_event is signalled regardless of
write failures; update the method that contains
payload/self.send_header/self.wfile.write to move capture.received_event.set()
into the finally.
- Around line 418-430: Instead of pre-picking a port with _pick_free_port(),
create the HTTPServer bound to port 0 to let the OS assign an available port
(i.e., server = HTTPServer((_LOOPBACK_HOST, 0), handler_cls)), then read the
actual port from server.server_address[1] and construct redirect_uri using that
port; remove the TOCTOU usage of _pick_free_port(), keep constructing capture
via _CallbackCapture() and handler_cls via _build_handler(expected_state=state,
...), and ensure server.socket.setsockopt(...) and server_thread =
threading.Thread(target=server.handle_request, daemon=True) remain after server
creation so the socket option and thread use the actual bound socket.
In `@comfy_cli/command/__init__.py`:
- Around line 16-31: The package __init__.py currently eagerly re-exports many
submodules but omits the newly added project subcommand, which can cause
import-time failures; update both import tuples in comfy_cli.command.__init__
(the existing from . import (...) blocks that list code_search, custom_nodes,
generate, … and the second similar block) to include project so the project
module is eagerly imported and the anti-flake contract is preserved (i.e., add
the symbol "project" to the module import lists alongside the other subcommands
like run_cli, templates, transfer, workflow).
In `@comfy_cli/command/generate/app.py`:
- Around line 234-243: emit.write_workflow can raise OSError which is currently
uncaught; update the try/except around emit.write_workflow (the block that
currently catches emit.EmitError) to also catch OSError, call
_track_error("emit", e), call renderer.error with an appropriate code (e.g.,
"emit_write_failed" or reuse "emit_workflow_failed"), message=str(e) and a hint
about filesystem issues (permissions, readonly FS, invalid path), and then raise
typer.Exit(code=1) from the exception so filesystem write failures are surfaced
to the user in the same structured way as emit.EmitError.
In `@comfy_cli/command/generate/emit.py`:
- Around line 178-190: The code writes list-valued image params directly into
the LoadImage node (raw -> str(raw)), producing invalid pseudo-paths; fix by
detecting list/tuple values from ns.image_params (raw), fail-fast or extract a
single Path: if raw is a sequence, if empty raise a ValueError mentioning the
flag/node_key, otherwise set raw = raw[0] (or convert to Path) before computing
path = str(raw) and creating the loader node; ensure the loader creation code
(loader_id, workflow[...] "class_type": "LoadImage", node_inputs[node_key]) uses
the sanitized single-path string so Path(path).name remains valid.
In `@comfy_cli/command/jobs.py`:
- Around line 267-271: sort_key currently returns the raw ISO updated_at so
terminal jobs end up oldest-first; change sort_key (and leave sorted(...,
reverse=False)) so terminal rows produce a value that sorts newest-first — e.g.
parse r.updated_at to a datetime/epoch and for terminal jobs return the negated
epoch (or otherwise invert the timestamp) as the second tuple element, while
non-terminal rows keep a value that preserves their relative order; update the
sort_key implementation in the sort_key function used by ls_cmd() to use parsed
timestamps (datetime.fromisoformat or similar) and negation for terminal jobs so
slicing returns the freshest completed jobs.
- Around line 76-84: The returned host from _resolve_host_port needs IPv6
bracketting to produce valid URLs; update _resolve_host_port to, after computing
h (and after calling _validate_host if kept), wrap h in [ ] when it contains a
':' and is not already enclosed (e.g. detect if h.startswith('[') and
h.endswith(']') before adding brackets) so callers formatting
"http://{host}:{port}" or "ws://{host}:{port}" get a valid literal; keep
DEFAULT_HOST and DEFAULT_PORT usage and return the validated/bracketed host
along with int(port).
- Around line 793-805: The code currently always posts to /interrupt after
deleting from /queue; change it so /interrupt is only called when the prompt
being canceled is actually the running one by first GETting from
f"{base}/queue_running", parsing the returned running prompt id(s), and
comparing to prompt_id; only construct/post interrupt_req if prompt_id is
present in the /queue_running response, otherwise skip the interrupt (leaving
the existing queue deletion logic intact). Use the existing symbols (prompt_id,
base, interrupt_req) and reuse the same error handling for the interrupt POST
when performed.
In `@comfy_cli/command/models/search.py`:
- Around line 533-556: The current search builds qs with "limit=50" and only
calls _http_get_json once, so the client-side exact-name check over candidates
can miss matches beyond the first page; modify the logic around
qs/url/_http_get_json to paginate (e.g., loop with an offset/page parameter or
repeatedly request next pages until no more assets) and perform the exact match
check (on a.get("name") and a.get("display_name")) across all returned pages
before concluding match is None, breaking early when an exact match is found and
keeping the existing error handling for HTTP/URL/JSON errors.
In `@comfy_cli/command/nodes.py`:
- Around line 37-47: The _resolved_where helper should use the same defensive
routing fallback as comfy_cli.target.resolve_target(): replace the direct call
to where_module.resolve with a call to comfy_cli.target.resolve_target (or wrap
the where_module.resolve call in the same try/except logic) so config-read
failures and invalid config values are caught and a safe default is returned;
keep references to where_module.CONFIG_KEY_WHERE_DEFAULT and ensure the function
still returns the final target string (the equivalent of decision.target.value)
after applying the safe fallback.
In `@comfy_cli/command/project.py`:
- Around line 208-213: The asset-walking loop currently only checks
path.is_file(), which allows symlinks to files outside assets/ to be treated as
assets; update the logic in the loop that iterates assets_dir.rglob("*") (and
the similar block at 305-310) to skip symlinks and to verify the resolved target
remains inside the assets directory: require path.is_file() and not
path.is_symlink(), then compute resolved = path.resolve() and ensure resolved is
under assets_dir.resolve() (e.g., by attempting
resolved.relative_to(assets_dir.resolve()) or checking string-prefix), and
continue (skip) if that check fails so no external file is hashed/uploaded/read.
- Line 215: The code currently computes file SHA-256 by calling
path.read_bytes() (seen where variable sha is assigned), which loads the entire
file into memory; change this to stream the file in fixed-size chunks: open path
in binary mode, create a hashlib.sha256() object, loop reading e.g. 64KB chunks
and call hasher.update(chunk) until EOF, then call hasher.hexdigest(); replace
both occurrences (the assignment at the sha variable around line 215 and the
similar use at line 312) so no large file is fully loaded into memory.
In `@comfy_cli/command/run_cli.py`:
- Line 246: The _fleet_step function currently accepts pause_seconds but never
uses it; update _fleet_step (or document intentional omission) so it honors the
pause like other step handlers: add a sleep using pause_seconds at an
appropriate point (e.g., between queue snapshots or before returning) and ensure
time.sleep is imported/available, or if the omission is intentional, add a brief
comment explaining why pause_seconds is ignored to avoid confusion. Include
references to the _fleet_step function name when making the change so reviewers
can find the modification easily.
In `@comfy_cli/command/run/__init__.py`:
- Line 485: The execute_cloud function currently accepts a verbose: bool
parameter that is unused; either remove this parameter from execute_cloud's
signature (and update any callers) or wire it into the cloud execution path by
passing it into the cloud runner/logging code (e.g., into start/dispatch
functions or a logger configuration) so it actually toggles extra logging;
locate the execute_cloud function and adjust the signature and its callsites OR
propagate verbose into the relevant cloud execution/logging helpers to enable
verbose output.
- Around line 117-119: The host validation currently checks characters in the
frozenset _unsafe but omits the colon, allowing hosts like
"evil:8080@attacker.com" to pass and break the f"http://{host}:{port}/..." URL
construction; update the validation in the host-checking logic to include ":"
(add ":" to _unsafe) or replace the check with a stricter validation that
rejects any scheme/authority separators (e.g., ensure host contains no ":", "@",
"/", "?", "#" characters) so the code paths using host and port (referencing the
host variable and _unsafe set in this module) cannot be mangled by userinfo
fragments or embedded ports.
In `@comfy_cli/command/run/execution.py`:
- Line 82: WorkflowExecution currently accepts a local_paths parameter that is
never used; either remove the parameter from WorkflowExecution (and from its
caller in __init__.py) or wire it into the output path logic so it affects
format_image_path behavior—specifically, update the WorkflowExecution
constructor to drop local_paths (and update any instantiation sites) or store
local_paths on the instance and modify format_image_path (and any code that
formats output images) to consult self.local_paths when computing paths. Ensure
the change is reflected in the caller in __init__.py to avoid mismatched
signatures.
In `@comfy_cli/command/run/preflight.py`:
- Line 77: The function _preflight_validate declares a unused kwarg
target_label; either remove the parameter from _preflight_validate's signature
or incorporate it into the function's error reporting. Update the function
signature and all callers if you remove the param, or if keeping it, modify the
validation error message (e.g., when reporting "Workflow has {len(errors)}
validation error(s)" include the {target_label} value) so the parameter is
actually referenced; ensure any tests or call sites that pass target_label still
match the new signature/behavior.
- Around line 114-121: The timeout parameter on _fetch_object_info is declared
but never forwarded to _load_from_target; update _fetch_object_info to pass
timeout through to _load_from_target (e.g., _load_from_target(...,
timeout=timeout)) if _load_from_target supports it, otherwise remove the unused
timeout parameter from _fetch_object_info's signature and all callers; locate
the function by name _fetch_object_info and the callee _load_from_target to make
the change.
In `@comfy_cli/command/transfer.py`:
- Around line 419-426: Update the except block to preserve traceback by binding
the caught Unauthenticated exception and chaining it into the new exception:
change "except Unauthenticated:" to "except Unauthenticated as e:" and then
after calling renderer.error(...), raise the typer.Exit using explicit chaining
(raise typer.Exit(code=1) from e) so the original Unauthenticated is included in
the traceback; adjust references to prompt_id and renderer as needed in the
existing block.
In `@comfy_cli/command/workflow_fragments.py`:
- Around line 72-76: Wrap file I/O operations that can raise OSError/TypeError
(e.g., blueprint.read_text(encoding="utf-8"), base_out.unlink(), and any
write_text(...) calls referenced around the blueprint parsing and the later
block at lines ~141-156) in try/except that catches OSError and TypeError, call
renderer.error(...) with an appropriate code (e.g., "blueprint_io_error") and a
clear message including the exception, then raise typer.Exit(code=1) from the
caught exception so the CLI exits via the structured error envelope; update the
exception handling adjacent to the existing yaml.YAMLError block (where
blueprint_data is created) and the later file-delete/write sections to follow
the same pattern using renderer.error and typer.Exit.
In `@comfy_cli/cql/engine.py`:
- Around line 1472-1475: The current use of _resolve_node_path only forks the
first-hop definition, so deeper nested paths (e.g., A/B/C.input) can still
mutate interior shared nodes and leak state; update _resolve_node_path to
perform recursive isolation during traversal: for each segment visited (each
intermediate node id resolved from segments), detect if the node is shared
(appears in multiple parents or defs_by_id references), clone/duplicate that
node instance, replace the parent's reference to the cloned node and update
defs_by_id accordingly, then continue traversal into the cloned node so that
every hop along the path is isolated before the final write; ensure the function
updates any parent/child links and preserves node identities where not shared.
- Around line 1077-1083: The current loopback guard in the block guarded by
target.is_cloud uses parsed_host.startswith("127.") which can be spoofed by DNS
names like "127.0.0.1.evil.tld"; update the check to treat only actual IP
loopback addresses as allowed by parsing parsed_host with the ipaddress module
(handle both IPv4 and IPv6) and only permit when
ipaddress.ip_address(parsed_host).is_loopback is True; if parsed_host is not a
valid IP (ValueError) treat it as non-loopback and raise the same LoadError
(keep the existing urllib.parse.urlsplit(url).hostname usage and the same
LoadError path so non-IP hostnames like "127.x.evil" are rejected).
- Around line 942-943: Graph.load currently calls cls.from_object_info(raw)
without ensuring raw is a dict, so if the JSON root is a list (or other type)
from_object_info crashes when using .items(); add an explicit shape check and
raise the module's LoadError when invalid: before calling from_object_info (or
inside from_object_info at its start) verify isinstance(raw, dict), and if not
raise LoadError("invalid object_info: expected mapping/dict, got
{type(raw).__name__}") so callers get a proper LoadError contract instead of an
AttributeError; update Graph.load() to use this validated path.
- Around line 627-631: The current verification in exact_paths() is always true
because available is seeded with from_type, so the predicate
"any(s['input_type'] == from_type or from_type in available for s in new_steps)"
will pass even when no step actually consumes from_type; change the check to
assert that at least one step in new_steps directly consumes the source by using
"any(s['input_type'] == from_type for s in new_steps)" or, if you meant to allow
indirect consumption, compute the set of consumed types from the steps (e.g.,
consumed = {s['input_type'] for s in new_steps}) and test "from_type in
consumed"; update the condition that appends paths to use that corrected
predicate (referencing exact_paths, from_type, available, new_steps).
In `@comfy_cli/cql/errors.py`:
- Around line 28-29: The current as_details method merges self.details after
setting "runtime_message", allowing details["runtime_message"] to override the
canonical message; modify as_details so the canonical runtime_message wins by
merging details first and then setting "runtime_message" (i.e., ensure
"runtime_message" is last in the dict), or alternatively filter out any
"runtime_message" key from self.details before merging; update the as_details
method accordingly (referencing as_details, self.runtime_message, and
self.details).
In `@comfy_cli/cql/loader.py`:
- Around line 150-159: The shape detector _looks_like_object_info currently
stops after examining the first mapping value (it contains a stray break), which
causes misclassification when later entries contain the expected metadata;
remove the break and change the loop to inspect every value so it returns True
if any value is a dict containing "input" or "category" and returns False only
after checking all values; apply the same fix to the other analogous detector in
this module that uses the same early-break pattern so both functions fully scan
all entries.
- Around line 248-257: The code marks any 2-item list as a reference (ref)
causing numeric pairs like [1024, 1024] to be misparsed; change the detection
logic used when building the dict in inputs.append so ref is true only when the
second element looks like a slot identifier (e.g. isinstance(value[1], str)) —
update the computation of ref and the subsequent use of
ref_node/ref_slot/is_reference in that block (the variables ref, ref_node,
ref_slot inside the inputs.append call) so only legitimate [node, slot] pairs
are treated as references.
- Around line 97-101: The current check using host.startswith("127.") is
bypassable (e.g., "127.0.0.1.evil.com"); replace this with a robust loopback
check by using parsed.hostname and Python's ipaddress module (or
socket/inet_aton) to determine if the hostname is a loopback IP: call
ipaddress.ip_address(parsed.hostname).is_loopback (after handling exceptions for
non-IP hostnames) and allow "localhost" / "::1" explicitly; if the hostname is
not a loopback according to this check, raise the same CQLRuntimeError with the
existing details. Ensure you reference parsed.hostname and remove the brittle
host.startswith("127.") check and handle ValueError when parsed.hostname is not
an IP.
In `@comfy_cli/fragments.py`:
- Around line 805-817: The foreach item keys produced by _item_key (and used by
_item_prefix and the item_map) can collide when different items share the same
id; add a validation step before building item_map and generating prefixes (the
code that iterates items to create item_map and call _item_prefix) that computes
keys via _item_key for all items, detects duplicates, and raises a clear
exception (e.g., ValueError) listing the duplicated key(s) and their item
indices so the caller can fix input; apply the same check in the other affected
block that constructs per-item mappings (the code around the alternative
implementation at lines 872–885) to prevent silent overwrites and prefix
collisions.
- Around line 215-220: The code currently converts port values with direct
int(...) calls (e.g., the line setting port.port = int(spec.get("port", 0)) and
occurrences of int(old)) which can raise ValueError outside the FragmentError
path; update the parse-stage logic in comfy_cli/fragments.py to validate and
normalize node IDs and numeric ports rather than letting compose handle them:
replace direct int() calls with a small try/except that catches ValueError and
raises FragmentError with a clear message referencing the fragment
name/port/node id, and ensure the same validation is added for the other
occurrences noted (around the blocks at ~267-276 and ~536-538) so malformed
numeric ports and node ids are converted or rejected during parse-time.
- Around line 314-320: resolve_fragment_name incorrectly appends ".json" even
when the provided name already ends with ".json", producing "<name>.json.json";
update the logic in resolve_fragment_name to check the raw input (or
candidate.name) for a ".json" suffix and only append ".json" when it's missing,
while preserving the existing early-return when candidate.is_file() succeeds and
keeping the final return as a Path under lib_dir with expanduser applied (use
the function name resolve_fragment_name and variables candidate and lib_dir to
locate the code to change).
- Around line 245-250: The code currently uses meta.get("inputs") or {} (and
same for "outputs"/"params"), which silently converts falsy non-dict values
(e.g. [] or "") into {} and hides schema errors; change the retrieval to only
provide an empty dict when the key is absent (use "if 'inputs' in meta then
meta.get('inputs') else {}" pattern for "inputs", "outputs", "params") and keep
the existing isinstance(...) checks so that non-dict but present values raise
FragmentError (reference: variables inputs_raw/outputs_raw/params_raw and the
FragmentError raised).
In `@comfy_cli/jobs_state.py`:
- Around line 141-155: The read function can raise TypeError when constructing
JobState from filtered data missing required fields; update the
JobState(**filtered) call in read(prompt_id: str) to be inside a try/except that
catches TypeError (and optionally ValueError) and returns None on failure so
malformed state files are treated as absent; keep the existing tolerant
filtering logic and only change the constructor call to handle and swallow
construction errors gracefully.
In `@comfy_cli/locking.py`:
- Around line 102-115: The _acquire function uses msvcrt.locking which locks
from the current file position; to mirror _release and avoid drift, seek the
file descriptor to offset 0 before calling msvcrt.locking — update the
_acquire(fd: int, *, timeout: float | None) implementation to perform an
explicit os.lseek(fd, 0, os.SEEK_SET) (or equivalent) prior to the locking
attempts so both _acquire and _release operate on byte 0 consistently.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6ba141f4-f960-4949-8955-776638a71c02
⛔ Files ignored due to path filters (1)
uv.lockis excluded by!**/*.lock
📒 Files selected for processing (175)
.github/workflows/ruff_check.yml.gitignore.pre-commit-config.yamlREADME.mdcomfy_cli/auth/__init__.pycomfy_cli/auth/command.pycomfy_cli/auth/store.pycomfy_cli/caller.pycomfy_cli/cancellation.pycomfy_cli/cloud/__init__.pycomfy_cli/cloud/command.pycomfy_cli/cloud/oauth.pycomfy_cli/cmdline.pycomfy_cli/comfy_client.pycomfy_cli/command/__init__.pycomfy_cli/command/custom_nodes/cm_cli_util.pycomfy_cli/command/custom_nodes/command.pycomfy_cli/command/generate/app.pycomfy_cli/command/generate/client.pycomfy_cli/command/generate/emit.pycomfy_cli/command/generate/output.pycomfy_cli/command/generate/schema.pycomfy_cli/command/generate/spec.pycomfy_cli/command/install.pycomfy_cli/command/job_watcher.pycomfy_cli/command/jobs.pycomfy_cli/command/launch.pycomfy_cli/command/models/models.pycomfy_cli/command/models/search.pycomfy_cli/command/nodes.pycomfy_cli/command/project.pycomfy_cli/command/run.pycomfy_cli/command/run/__init__.pycomfy_cli/command/run/credentials.pycomfy_cli/command/run/execution.pycomfy_cli/command/run/loader.pycomfy_cli/command/run/preflight.pycomfy_cli/command/run/watcher.pycomfy_cli/command/run_cli.pycomfy_cli/command/setup.pycomfy_cli/command/templates.pycomfy_cli/command/transfer.pycomfy_cli/command/workflow.pycomfy_cli/command/workflow_fragments.pycomfy_cli/config_manager.pycomfy_cli/constants.pycomfy_cli/cql/__init__.pycomfy_cli/cql/data/__init__.pycomfy_cli/cql/data/cloud_disable_config.yamlcomfy_cli/cql/data/no_gpu_nodes.jsoncomfy_cli/cql/data/supported_nodes.yamlcomfy_cli/cql/engine.pycomfy_cli/cql/errors.pycomfy_cli/cql/loader.pycomfy_cli/credentials.pycomfy_cli/discovery.pycomfy_cli/env_checker.pycomfy_cli/error_codes.pycomfy_cli/execution_errors.pycomfy_cli/fragments.pycomfy_cli/help_json.pycomfy_cli/jobs_state.pycomfy_cli/locking.pycomfy_cli/output/__init__.pycomfy_cli/output/branding.pycomfy_cli/output/glyphs.pycomfy_cli/output/panels.pycomfy_cli/output/preview.pycomfy_cli/output/renderer.pycomfy_cli/output/rich_compat.pycomfy_cli/project.pycomfy_cli/schemas/__init__.pycomfy_cli/schemas/assets.jsoncomfy_cli/schemas/auth.jsoncomfy_cli/schemas/discover.jsoncomfy_cli/schemas/env.jsoncomfy_cli/schemas/envelope.jsoncomfy_cli/schemas/error.jsoncomfy_cli/schemas/error_codes.mdcomfy_cli/schemas/help.jsoncomfy_cli/schemas/jobs.jsoncomfy_cli/schemas/models.jsoncomfy_cli/schemas/nodes.jsoncomfy_cli/schemas/project.jsoncomfy_cli/schemas/run.jsoncomfy_cli/schemas/run_event.jsoncomfy_cli/schemas/set_default.jsoncomfy_cli/schemas/skill.jsoncomfy_cli/schemas/templates.jsoncomfy_cli/schemas/transfer.jsoncomfy_cli/schemas/version.jsoncomfy_cli/schemas/which.jsoncomfy_cli/schemas/workflow.jsoncomfy_cli/skills/__init__.pycomfy_cli/skills/comfy-debug/SKILL.mdcomfy_cli/skills/comfy-director/SKILL.mdcomfy_cli/skills/comfy-fragments/SKILL.mdcomfy_cli/skills/comfy-relay/SKILL.mdcomfy_cli/skills/comfy/SKILL.mdcomfy_cli/skills/comfy/__init__.pycomfy_cli/skills/command.pycomfy_cli/target.pycomfy_cli/tracking.pycomfy_cli/update.pycomfy_cli/utils.pycomfy_cli/where.pycomfy_cli/workspace_manager.pydocs/json-output.mdpyproject.tomlscripts/verify_tracking_live.pytests/comfy_cli/auth/__init__.pytests/comfy_cli/auth/test_auth_command.pytests/comfy_cli/auth/test_oauth.pytests/comfy_cli/auth/test_store.pytests/comfy_cli/auth/test_where.pytests/comfy_cli/cloud/__init__.pytests/comfy_cli/cloud/test_client.pytests/comfy_cli/command/generate/test_app.pytests/comfy_cli/command/generate/test_client.pytests/comfy_cli/command/generate/test_emit.pytests/comfy_cli/command/github/test_pr.pytests/comfy_cli/command/models/test_search.pytests/comfy_cli/command/test_asset_refs.pytests/comfy_cli/command/test_assets_push.pytests/comfy_cli/command/test_command.pytests/comfy_cli/command/test_command_init.pytests/comfy_cli/command/test_manager_gui.pytests/comfy_cli/command/test_nodes_cli.pytests/comfy_cli/command/test_nodes_introspect.pytests/comfy_cli/command/test_observer_session_safety.pytests/comfy_cli/command/test_project_command.pytests/comfy_cli/command/test_run.pytests/comfy_cli/command/test_run_cli.pytests/comfy_cli/command/test_run_json.pytests/comfy_cli/command/test_setup_consent.pytests/comfy_cli/command/test_templates.pytests/comfy_cli/command/test_transfer_download.pytests/comfy_cli/command/test_transfer_redirect.pytests/comfy_cli/command/test_transfer_upload.pytests/comfy_cli/command/test_var_refs.pytests/comfy_cli/command/test_workflow_fragments.pytests/comfy_cli/command/test_workflow_saved.pytests/comfy_cli/command/test_workflow_slots.pytests/comfy_cli/conftest.pytests/comfy_cli/cql/__init__.pytests/comfy_cli/cql/test_engine.pytests/comfy_cli/cql/test_loader.pytests/comfy_cli/cql/test_loader_resilient.pytests/comfy_cli/fixtures/subgraph_object_info.jsontests/comfy_cli/fixtures/subgraph_template_ui.jsontests/comfy_cli/jobs/__init__.pytests/comfy_cli/jobs/test_jobs.pytests/comfy_cli/output/__init__.pytests/comfy_cli/output/test_branding.pytests/comfy_cli/output/test_caller.pytests/comfy_cli/output/test_cancellation.pytests/comfy_cli/output/test_discovery.pytests/comfy_cli/output/test_envelope_schemas.pytests/comfy_cli/output/test_error_code_registry.pytests/comfy_cli/output/test_glyphs.pytests/comfy_cli/output/test_help_json.pytests/comfy_cli/output/test_locking.pytests/comfy_cli/output/test_panels.pytests/comfy_cli/output/test_renderer.pytests/comfy_cli/skills/__init__.pytests/comfy_cli/skills/test_installer.pytests/comfy_cli/test_credentials.pytests/comfy_cli/test_execution_errors.pytests/comfy_cli/test_feedback_commands.pytests/comfy_cli/test_jobs_state.pytests/comfy_cli/test_launch_python_resolution.pytests/comfy_cli/test_project.pytests/comfy_cli/test_run_execution_lifecycle.pytests/comfy_cli/test_tracking.pytests/comfy_cli/test_update.py
💤 Files with no reviewable changes (1)
- comfy_cli/command/run.py
Comment on lines
+187
to
+200
| def set(provider: str, key: str) -> AuthRecord: | ||
| if not provider: | ||
| raise ValueError("provider name is required") | ||
| if not _SAFE_PROVIDER.match(provider): | ||
| raise ValueError(f"invalid provider name: {provider!r} (must be alphanumeric/dash/underscore, max 64 chars)") | ||
| if not key: | ||
| raise ValueError("key cannot be empty") | ||
| path = secrets_path() | ||
| now = datetime.now(timezone.utc).isoformat(timespec="seconds") | ||
| with locking.file_lock(lock_path()): | ||
| data = _read_all(path) | ||
| data["providers"][provider] = {"key": key, "updated_at": now} | ||
| _write_all(path, data) | ||
| return AuthRecord(provider=provider, key=key, updated_at=now) |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | 💤 Low value
Consider renaming set to avoid shadowing the built-in.
The function name set shadows Python's built-in set type. While this is a common pattern for store APIs, it can cause confusion if someone tries to use the built-in within this module. A name like store or upsert would be clearer and less prone to trip you up.
🧰 Tools
🪛 Pylint (4.0.5)
[warning] 187-187: Redefining built-in 'set'
(W0622)
[convention] 187-187: Missing function or method docstring
(C0116)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@comfy_cli/auth/store.py` around lines 187 - 200, The function name set
shadows Python's built-in set; rename the function to a clearer name (e.g.,
store or upsert) by renaming the definition def set(...) to def store(...) (or
def upsert(...)) and update all internal references and exports accordingly (any
call sites in this module, imports elsewhere, and __all__ if present) so callers
use the new name; keep the implementation logic and signature the same and add a
short compatibility shim (optional) that forwards the old name to the new
function if you need back-compatibility.
skishore23
changed the title
Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com> # Conflicts: # comfy_cli/tracking.py
dosubot
Bot
added
the
size:XXL
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
The pytest 'build' job installed only pytest/pytest-cov, but several test modules (output envelope/schema validation, project, assets-push, auth) import jsonschema, failing collection with ModuleNotFoundError. Declare jsonschema in the dev optional-dependencies and install it in the workflow. Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
comfy_cli/tracking.py (1)
194-204:⚠️ Potential issue | 🔴 Critical | ⚡ Quick winCritical:
disable()command enables tracking instead of disabling it, andenable()duplicates its initialization call.Line 203 invokes
init_tracking(True)but should invokeinit_tracking(False). This breaks thedisablecommand—users cannot opt out of tracking via the CLI. Line 198 inenable()redundantly callsinit_tracking(True)again.Additionally, the f-string literals in lines 197 and 204 use unnecessary f-string syntax without variable interpolation.
🔧 Proposed fix for both command functions
`@app.command`() def enable(): init_tracking(True) - typer.echo(f"Tracking is now {'enabled'}.") - init_tracking(True) + typer.echo("Tracking is now enabled.") `@app.command`() def disable(): - init_tracking(False) - typer.echo(f"Tracking is now {'disabled'}.") + init_tracking(False) + typer.echo("Tracking is now disabled.")🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@comfy_cli/tracking.py` around lines 194 - 204, The disable() command incorrectly calls init_tracking(True) and enable() calls init_tracking(True) twice and both echo strings use unnecessary f-strings; update enable() to call init_tracking(True) only once (remove the duplicate init_tracking(True)), update disable() to call init_tracking(False) instead of True, and simplify the echo messages in both enable() and disable() (use plain string literals rather than f-strings) while keeping the function names enable and disable and the init_tracking and typer.echo calls intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@comfy_cli/tracking.py`:
- Around line 194-204: The disable() command incorrectly calls
init_tracking(True) and enable() calls init_tracking(True) twice and both echo
strings use unnecessary f-strings; update enable() to call init_tracking(True)
only once (remove the duplicate init_tracking(True)), update disable() to call
init_tracking(False) instead of True, and simplify the echo messages in both
enable() and disable() (use plain string literals rather than f-strings) while
keeping the function names enable and disable and the init_tracking and
typer.echo calls intact.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: d096bb3d-4186-4bf9-aff6-61de38a575e8
📒 Files selected for processing (3)
comfy_cli/command/custom_nodes/command.pycomfy_cli/tracking.pytests/comfy_cli/test_tracking.py
The pytest job installs deps unpinned, so CI resolves click 8.4 / typer 0.26 / rich 15 while the uv.lock dev env stays on older pins. Three breakages surfaced only under the newer libs: - help_json: TyperGroup no longer subclasses click.Group (its MRO is now TyperGroup -> click.Command), so isinstance(cmd, click.Group) was false and the whole command tree came back empty. Duck-type list_commands/ get_command instead. Fixes help_json + discovery tests. - test_pr: click >= 8.2 keeps stderr out of CliRunner result.stdout; the --pr conflict error is on stderr. Assert against result.output (works on both old and new click). - test_manager_gui: two find_cm_cli tests didn't pin workspace_path=None, so they took the workspace-Python subprocess branch and skipped find_spec when a workspace was configured. Pin it like the sibling test. Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
tests/comfy_cli/command/test_manager_gui.py (2)
82-86: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winLoose assertion on captured output may mask behavior mismatches.
Line 86 asserts that the captured output contains either
"unknown-mode"(lowercased) or the literal string"Unknown manager mode". This disjunctive assertion is permissive and could hide cases where the actual output differs from both expectations—for example, if the implementation emits a warning with different wording or casing.Consider checking the actual implementation of
_get_manager_flags()and tightening the assertion to match exactly what the code produces.💡 Tighten the assertion (draft)
Once you've confirmed the exact output string from the implementation:
- assert "unknown-mode" in captured.out.lower() or "Unknown manager mode" in captured.out + assert "Unknown manager mode: unknown-mode" in captured.out(Adjust the expected string based on the actual implementation output.)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/comfy_cli/command/test_manager_gui.py` around lines 82 - 86, The test test_unknown_mode_returns_default_with_warning uses a loose disjunctive assertion on captured output which can mask mismatches; open the implementation of _get_manager_flags(), determine the exact warning string it emits for an unknown mode (exact text and casing), then replace the current or-check in the assertion with a precise check that matches that exact string (e.g., assert expected_msg in captured.out or assert captured.out.strip() == expected_msg) inside test_unknown_mode_returns_default_with_warning so the test fails if the wording or casing changes.
1091-1115: 🧹 Nitpick | 🔵 Trivial | 💤 Low valueTest structure is sound, but consider cache-clearing robustness.
The test
test_find_cm_cli_cache_behaviorat lines 1091–1115 correctly verifies thatfind_cm_cli()caches results after the first call. However, callingcache_clear()at line 1102 inside the test method (after already patching and importing the function) assumes thatcache_clear()is always available on the imported function. If the function implementation or import order changes, this could become fragile.A minor refinement: ensure
cache_clear()is explicitly verified to exist (or gracefully handle its absence) before relying on it in all tests that use it.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/comfy_cli/command/test_manager_gui.py` around lines 1091 - 1115, The test assumes find_cm_cli has a cache_clear attribute; make the test robust by checking for and calling it only if present: after importing find_cm_cli in test_find_cm_cli_cache_behavior, verify hasattr(find_cm_cli, "cache_clear") (or use getattr with default None) and call cache_clear() only when available, otherwise proceed without error; this ensures the test won't fail if find_cm_cli loses or changes its lru_cache decoration while preserving the rest of the assertions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@tests/comfy_cli/command/test_manager_gui.py`:
- Around line 82-86: The test test_unknown_mode_returns_default_with_warning
uses a loose disjunctive assertion on captured output which can mask mismatches;
open the implementation of _get_manager_flags(), determine the exact warning
string it emits for an unknown mode (exact text and casing), then replace the
current or-check in the assertion with a precise check that matches that exact
string (e.g., assert expected_msg in captured.out or assert captured.out.strip()
== expected_msg) inside test_unknown_mode_returns_default_with_warning so the
test fails if the wording or casing changes.
- Around line 1091-1115: The test assumes find_cm_cli has a cache_clear
attribute; make the test robust by checking for and calling it only if present:
after importing find_cm_cli in test_find_cm_cli_cache_behavior, verify
hasattr(find_cm_cli, "cache_clear") (or use getattr with default None) and call
cache_clear() only when available, otherwise proceed without error; this ensures
the test won't fail if find_cm_cli loses or changes its lru_cache decoration
while preserving the rest of the assertions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6a12dbbd-5940-48fc-94a6-f34181cdd37b
📒 Files selected for processing (3)
comfy_cli/help_json.pytests/comfy_cli/command/github/test_pr.pytests/comfy_cli/command/test_manager_gui.py
- help_json: TyperOption/TyperArgument no longer subclass click.Option/ Argument (MRO is -> click.Parameter), so isinstance(param, click.Option) dropped flags/envvar from every option in the --help-json contract. Duck-type via param.param_type_name == 'option' instead. - test_jobs: the two 'flag visible in help' tests scraped rich-rendered --help text, which wraps/styles differently under the CI terminal and intermittently hid the flag. Assert against the render-independent build_help_json contract (the surface agents actually consume). - test_project_command: pin 'project init --where cloud' so the marker default doesn't fall through to credential auto-detect (cloud on a dev box with creds, local on a clean CI runner). Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
Codecov Report❌ Patch coverage is
@@ Coverage Diff @@
## main #470 +/- ##
==========================================
- Coverage 83.36% 76.55% -6.82%
==========================================
Files 45 95 +50
Lines 6848 14793 +7945
==========================================
+ Hits 5709 11325 +5616
- Misses 1139 3468 +2329
🚀 New features to boost your workflow:
|
Concurrency/robustness: - cancellation: double-checked locking for singleton token; restore prior SIGINT handler on test reset - oauth: set callback event even if response write fails; bind callback server on port 0 to remove pick-then-bind race - jobs: bracket IPv6 hosts in URLs; sort terminal jobs newest-first; only POST /interrupt when the prompt is actually running; bound 'jobs watch' for an unknown prompt instead of hanging - jobs_state: malformed state files return None instead of raising TypeError - locking: Windows _acquire seeks to offset 0 before locking Security/correctness: - cql engine + loader: replace naive '127.' prefix loopback guard with ipaddress.is_loopback (SSRF bypass); validate object_info shape; scan all entries for shape detection; don't classify every 2-item list as an edge; isolate shared subgraph defs at every hop (deep-nest aliasing); drop a tautological exact_paths guard - cql errors: preserve canonical runtime_message in as_details() - project: skip symlinks/paths escaping assets/; chunked sha256 hashing - generate: guard emit FS write failures; reject list-valued image params - models show: paginate so exact matches beyond the first page are found Fragments: - validate ports/node IDs at parse; don't coerce invalid _fragment sections to empty dicts; avoid <name>.json.json; enforce unique foreach item keys - workflow_fragments: guard compose I/O with a registered compose_io_error Misc: - nodes: harden _resolved_where() against corrupt config - run/preflight: wire target_label into the error; drop dead timeout param - transfer: chain the exception with 'from' - cloud/command: drop redundant ConfigManager re-import - command package: export project Skipped (with rationale): rename auth store.set (public API churn); add ':' to run host blocklist (breaks IPv6/host:port); remove run verbose/local_paths & run_cli pause_seconds (part of stable signatures / demo handler). Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
enable() called init_tracking(True) twice — removed the redundant second call. Both messages used pointless f-strings with literal-only placeholders; simplified to plain strings. (disable() already correctly passed False, so CodeRabbit's 'disable enables tracking' claim was stale.) Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
The default project status fails on any total-coverage drop, which blocks landing large feature surfaces (thin, lightly-tested CLI command wrappers). Set an explicit 70% floor instead (current total ~77%) and disable the patch status. Still a real gate; raise as coverage backfills. Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
The CLI auto-selects JSON output when stdout isn't a TTY (rule 6 in the renderer), and subprocess pipes are never TTYs — so 'manager uv-compile-default' routed its human message to stderr, leaving stdout empty and failing test_uv_compile_default_config on all platforms. These e2e tests assert on the pretty/human surface, so force pretty mode in exec(); the JSON auto-selection path stays covered by tests/comfy_cli/output unit tests. Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
os.fchmod is POSIX-only; on Windows accessing it raises AttributeError, which the existing 'except OSError' didn't catch — crashing 'comfy run' (test_run) on windows-latest with 'module os has no attribute fchmod'. Guard with hasattr(os, 'fchmod'); Windows uses ACLs, not mode bits. Amp-Thread-ID: https://ampcode.com/threads/T-019ebe75-cced-75d2-a7ac-4cce7e22d0f4 Co-authored-by: Amp <amp@ampcode.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Turns
comfy-cliinto an agent-first CLI for ComfyUI — letting an agent (or a human) build, validate, run, and review workflows on a local server or Comfy Cloud entirely from the terminal.Three ideas hold it together:
What's in it
output/) — JSON/NDJSON envelopes, schema registry,comfy discover; auto-JSON on non-TTY.fragments.py,command/workflow_fragments.py) — fragments + blueprints,foreachfan-out,$asset/$item/$var/$aliasrefs.cql/) — pure-Python engine validates a graph against the live server'sobject_infobefore spending.command/jobs.py,jobs_state.py) — async run, detached watcher, resumable job state, item-named outputs.project.py) —project/1layout,assets push+ lock, run journal,--whererouting (OAuth-first credentials).skills/) — bundledSKILL.mdfiles that teach agents to drive the CLI.Notes for reviewers
Verification