Skip to content

v1.9.0

Latest
Latest

Choose a tag to compare

View all tags
@rookiestar28 rookiestar28 released this 31 May 08:19
· 9 commits to main since this release
v1.9.0
d724292

ComfyUI-Doctor v1.9.0 Release Notes

Highlights

  • Added public architecture, API, contribution, and security-audit
    documentation.
  • Added a machine-readable OpenAPI contract for the Doctor HTTP API.
  • Refreshed ComfyUI host compatibility coverage for current ComfyUI,
    frontend, and Desktop behavior.
  • Improved frontend maintainability with extracted panel rendering,
    data-driven i18n, and a provider quick switch.
  • Expanded validation with deterministic integration E2E, opt-in stress
    tests, focused regression gates, and quarterly security-audit automation.
  • Strengthened supply-chain and CI security posture.

New Features

Provider Quick Switch

  • Added a chat-side provider quick switch.
  • Kept provider selection synchronized with the Settings tab.
  • Preserved the existing provider configuration flow.

OpenAPI Contract

  • Added docs/openapi.json as the machine-readable API contract.
  • Added public API documentation for:
    • debugger endpoints
    • LLM/chat endpoints
    • credential-store endpoints
    • statistics, feedback, and health endpoints
    • telemetry endpoints
    • resumable job endpoints
    • diagnostics endpoints
  • Added route/spec drift validation.

Architecture Documentation

  • Added docs/ARCHITECTURE.md.
  • Documented host startup, backend service boundaries, API surface,
    frontend layout, data flows, security/storage boundaries, telemetry,
    diagnostics, and validation lanes.

Contributor Guide

  • Added root CONTRIBUTING.md.
  • Documented setup, repository orientation, development workflow,
    test expectations, documentation expectations, security/privacy
    boundaries, and pull-request readiness.
  • Linked the contributor guide from the README.

Quarterly Security Audit

  • Added docs/SECURITY_AUDIT.md.
  • Added scripts/security_audit.py to generate sanitized quarterly
    audit report templates.
  • Added .github/workflows/security-audit.yml.
  • The audit workflow includes required local checks and optional
    Semgrep, Snyk, and OWASP ZAP lanes.

Host Compatibility

  • Refreshed host compatibility smoke checks.
  • Expanded compatibility coverage for current ComfyUI, ComfyUI frontend,
    and Desktop host surfaces.
  • Aligned frontend sidebar registration with the current ComfyUI sidebar
    API while preserving legacy fallback behavior.
  • Improved locate-node behavior for root graphs, grouped execution IDs,
    and nested subgraph execution IDs.
  • Updated model-asset diagnostics for current ComfyUI model folder names,
    including geometry_estimation and detection.

Frontend Improvements

  • Extracted the right-side diagnosis panel renderer from the main UI
    shell.
  • Moved frontend translation text into data files.
  • Improved host validation error surfacing in the UI.
  • Kept current and legacy frontend host compatibility paths isolated.

Backend and Architecture Improvements

  • Decomposed route registration and route handling.
  • Added stable service-domain entry points for:
    • LLM services
    • security services
    • infrastructure services
    • community services
  • Reduced coupling between startup, routes, service modules, and tests.

Testing and Validation

  • Renamed the supplemental security/contract/E2E gate to focused-gate
    entrypoints.
  • Kept old phase-gate entrypoints as compatibility wrappers.
  • Added deterministic telemetry integration E2E behavior through the
    Playwright harness backend.
  • Added opt-in telemetry stress tests.
  • Updated E2E documentation to reflect the current default suite size.
  • Added public-doc contract tests for architecture, contribution, and
    security-audit docs.
  • Updated validation docs for:
    • full local gate
    • focused regression gate
    • integration E2E lane
    • stress E2E lane
    • host compatibility lane
    • coverage baseline lane
    • quarterly security audit lane

Security and Supply Chain

  • Added a repo-local supply-chain IOC scanner.
  • Added dependency-install gating for supply-chain checks.
  • Hardened GitHub Actions workflow permissions.
  • Added a sanitized supply-chain triage checklist.
  • Refreshed test tooling dependencies.
  • Added recurring security-audit workflow support.
  • Documented audit evidence handling to avoid publishing secrets,
    private URLs, local host data, or raw scanner output.

Documentation Updates

  • Refreshed the README Latest Updates section.
  • Added public links for:
    • architecture guide
    • OpenAPI contract
    • API reference
    • contributor guide
    • security audit guide
  • Updated localized README documentation links.
  • Updated validation and security docs to match the current tooling.
  • Updated script documentation for the security-audit generator.

Dependency and Tooling Updates

  • Updated Vite, Vitest, esbuild, and PostCSS-related dev tooling.
  • Guarded coverage baseline dependency handling.
  • Synchronized package/version metadata for the release.

Compatibility Notes

  • No intentional breaking changes are listed in this release.
  • Legacy compatibility wrappers remain for old focused-gate command names.
  • Older host fallback paths remain where current ComfyUI APIs are not
    available.
  • Live backend telemetry integration tests remain opt-in through
    COMFYUI_URL.

Upgrade Notes

  • Update normally through ComfyUI-Manager or by pulling the latest Git
    revision.
  • Restart ComfyUI after updating.
  • For shared or remote deployments, continue to use:
    • DOCTOR_ADMIN_TOKEN
    • DOCTOR_REQUIRE_ADMIN_TOKEN=1
  • For validation, prefer:
    • scripts/run_full_tests_windows.ps1 on Windows
    • scripts/run_full_tests_linux.sh on Linux or WSL
Assets 2
Loading