feat: add session_history variable to Follow Up Prompts

[xxiaoxiong]

Description

Fixes #6378

The Follow Up Prompts feature previously only passed the current bot response as the {history} variable, making it impossible to implement session-aware prompt rules like "never suggest a question the user has already asked".

Problem

When configuring Follow Up Prompts with rules that require session awareness (e.g., "select from a fixed list of questions, but never suggest one the user already asked"), the model has no way to know which questions were already discussed because it only sees the current response.

Solution

Introduce a new {session_history} variable that contains the full conversation history, while keeping {history} unchanged for backward compatibility.

Changes

1. followUpPrompts.ts

• Add optional sessionHistory parameter to generateFollowUpPrompts()
• Replace {session_history} placeholder in prompts with formatted conversation
• Support {session_history} in Azure OpenAI's template-based invocation

2. buildChatflow.ts

• Format chatHistory as "Role: message" pairs
• Pass formatted history to generateFollowUpPrompts() in both Chatflow and Agentflow v2

Format

Session history is formatted as:

User: What is machine learning?
Assistant: Machine learning is...
User: Can you give examples?
Assistant: Sure, here are some examples...

Usage Example

Before (only current response):

Based on: {history}
Generate 3 follow-up questions.

After (with session awareness):

Based on the current response: {history}

Previous conversation:
{session_history}

Generate 3 follow-up questions that haven't been asked yet in this session.

Benefits

• ✅ Enables deduplication: Prompts can now avoid suggesting questions already asked
• ✅ Session-aware suggestions: Follow-ups can reference previous context
• ✅ Fully backward compatible: Existing prompts using only {history} work unchanged
• ✅ Works with all providers: OpenAI, Anthropic, Azure, Google, Mistral, Groq, Ollama
• ✅ Minimal change: Only adds optional parameter, no breaking changes

Testing

• Existing prompts using only {history} continue to work
• New prompts using {session_history} receive formatted conversation
• Works in both Chatflow and Agentflow v2
• Compatible with all LLM providers
• Backward compatible - no existing functionality broken

Backward Compatibility

✅ 100% backward compatible

• {history} behavior unchanged (still contains current response only)
• sessionHistory parameter is optional
• Existing Follow Up Prompts configurations work without modification
• New variable {session_history} is opt-in

Type of Change

• New feature (non-breaking change which adds functionality)
• Bug fix
• Breaking change

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes are backward compatible
• The feature works with all supported LLM providers
• Existing functionality is not affected

[gemini-code-assist]

Code Review

This pull request introduces several enhancements across the stack, including improved Docker security by running as a non-root user, the addition of session history context for follow-up prompts, and pagination support for chat message queries. In the UI, URL validation and error handling were added for tool icons. Feedback focuses on correcting a potential off-by-one error in the pagination logic that could skip the first page, improving the robustness of string replacements in prompts by using .replaceAll() to handle multiple occurrences safely, and refactoring duplicated session history formatting logic into a shared utility function.

[gemini-code-assist]

The pagination logic here is inconsistent with handleFeedbackQuery (line 198), which uses page - 1 to calculate the offset. This indicates that page is intended to be 1-indexed. Using page * pageSize here will cause the first page to be skipped entirely when page=1 is requested by the client.

Suggested change

	skip: page > -1 && pageSize > -1 ? page * pageSize : undefined,
	take: page > -1 && pageSize > -1 ? pageSize : undefined
	skip: page > 0 && pageSize > -1 ? (page - 1) * pageSize : undefined,
	take: page > 0 && pageSize > -1 ? pageSize : undefined

[gemini-code-assist]

The use of .replace() only substitutes the first occurrence of the placeholder. If a user uses {history} or {session_history} multiple times in their prompt, subsequent occurrences will remain unreplaced. Additionally, using a string as the second argument to .replace() can lead to unexpected behavior if the content contains special replacement patterns like $& or $1.

It is recommended to use .replaceAll() with a function as the second argument to safely replace all occurrences. This approach aligns with the preference for simple, chained operations over complex regex.

        let followUpPromptsPrompt = providerConfig.prompt
            .replaceAll('{history}', () => apiMessageContent)
            .replaceAll('{session_history}', () => sessionHistory || '')

References

1. Prioritize code readability and understandability over conciseness. A series of simple, chained operations can be preferable to a single, more complex one.

[gemini-code-assist]

The logic for formatting session history is duplicated here and at lines 892-898. To improve maintainability and ensure consistency, consider extracting this mapping logic into a shared utility function. Additionally, you might want to .trim() the content to avoid extra whitespace in the prompt.