feat(agentflow): add field visibility engine with show/hide conditions#5890
feat(agentflow): add field visibility engine with show/hide conditions#5890jocelynlin-wd merged 5 commits intomainfrom
Conversation
Add InputParam show/hide condition support that controls field visibility based on current input values. Includes regex, array, boolean, and nested path matching with parity to upstream genericHelper.js. - Add fieldVisibility utility (evaluateFieldVisibility, stripHiddenFieldValues) - Add show/hide fields to InputParam type - Integrate visibility into EditNodeDialog (re-evaluate on change, preserve hidden values in state) - Update useOpenNodeEditor to fall back to node.data.inputs when API schema is unavailable - Move connectionValidation from utils/ to validation/ - Skip hidden params in validateNode required-input checks - Add CustomNodeExample demo with live visibility state panel - Update ARCHITECTURE.md and TESTS.md Co-Authored-By: Claude Opus 4.6 <[email protected]>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the Agentflow UI by introducing a robust field visibility engine. This allows for dynamic and conditional rendering of input parameters within node editors, improving the user experience by presenting only relevant fields. It also refines how node input schemas are handled, ensuring flexibility for custom nodes, and updates validation logic to respect field visibility, leading to more accurate flow validation. Highlights
Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a field visibility engine for input parameters. The review highlights a potential Regular Expression Denial of Service (ReDoS) vulnerability in the conditionMatches utility due to the use of untrusted input for RegExp construction. Additionally, a code review comment suggests refactoring duplicated logic and optimizing loops in the evaluateParamVisibility function to improve readability and maintainability.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a field visibility engine based on show/hide conditions in InputParam, which is a great enhancement for creating dynamic node property forms. However, a critical security vulnerability related to Regular Expression Denial of Service (ReDoS) was identified in the safeRegexTest utility. This function lacks a timeout mechanism when executing user-provided regex patterns, which could be exploited to cause a Denial of Service if the validation logic is executed on the server. It is recommended to implement a timeout or use a safer regex execution method. Additionally, there is a suggestion to improve the maintainability of the new visibility engine.
| initialFlow={allNodesFlow} | ||
| showDefaultHeader={false} | ||
| readOnly={true} | ||
| readOnly={false} |
There was a problem hiding this comment.
this is intentional, make it easier to view the edit dialog on all node types
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
… flag Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a field visibility engine, allowing input parameters to be shown or hidden based on other input values. However, the current regex validation logic for this engine is incomplete and can be bypassed by sophisticated ReDoS patterns, potentially leading to a Denial of Service (DoS) if a malicious flow is imported. It is recommended to use a more robust ReDoS detection library or a non-backtracking regex engine. Additionally, the required input validation logic needs improvement to correctly handle values like 0 and false.
…heck - Replace regex-based nested quantifier detection with a character-by-character parser that catches bypass patterns like (a|aa)+ and (a+ )+ - Fix required-input validation to use nullish check (== null || === '') instead of falsy check (!value), allowing 0 and false as valid inputs Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
/gemeni review |
| ...overrides | ||
| }) | ||
|
|
||
| describe('conditionMatches', () => { |
| if ( | ||
| !param.optional && | ||
| evaluateParamVisibility(param, inputValues) && | ||
| (inputValues[param.name] == null || inputValues[param.name] === '') |
There was a problem hiding this comment.
nb: can we just make this !inputValues[param.name]
There was a problem hiding this comment.
!inputValues[param.name] will treat all falsy values as missing: undefined, null, '', false, 0, NaN. But here we only treat undefined, null and '' as missing.
3 participants
FLOWISE-233
Add InputParam show/hide condition support that controls field visibility based on current input values. Includes regex, array, boolean, and nested path matching with parity to upstream genericHelper.js.
agentflow-field-visibility.mov