feat: add Hugging Face model source support

[DrJKL]

Add support for Hugging Face as a model source in the Model Info Panel.

• Display HF logo for Hugging Face sources
• Extract source URL from repo_url metadata field

┆Issue is synchronized with this Notion page by Unito

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request adds support for Hugging Face as an asset source. The UI component now displays a Hugging Face logo when the source is identified as Hugging Face, and the metadata utility function prioritizes the repo_url field as the source URL, falling back to existing source_arn parsing when unavailable.

Changes

Cohort / File(s)	Summary
UI Component Updates src/platform/assets/components/modelInfo/ModelInfoPanel.vue	Added conditional rendering for Hugging Face logo. New v-else-if branch renders /assets/images/hf-logo.svg when sourceName === 'Hugging Face', alongside existing Civitai image support.
Utility Function Enhancement src/platform/assets/utils/assetMetadataUtils.ts	Modified getAssetSourceUrl to check asset.metadata.repo_url first and return immediately if present. Falls back to existing source_arn parsing logic when repo_url is absent, maintaining backward compatibility.

Suggested reviewers

• snomiao
• PabloWiedemann
• KarryCharon

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎭 Playwright Tests: ⚠️ Passed with flaky tests

Results: 501 passed, 0 failed, 3 flaky, 8 skipped (Total: 512)

❌ Failed Tests

📊 Browser Reports

• chromium: View Report (✅ 491 / ❌ 0 / ⚠️ 2 / ⏭️ 8)
• chromium-2x: View Report (✅ 2 / ❌ 0 / ⚠️ 0 / ⏭️ 0)
• chromium-0.5x: View Report (✅ 1 / ❌ 0 / ⚠️ 0 / ⏭️ 0)
• mobile-chrome: View Report (✅ 7 / ❌ 0 / ⚠️ 1 / ⏭️ 0)

[github-actions]

🎨 Storybook Build Status

✅ Build completed successfully!

⏰ Completed at: 01/27/2026, 03:30:57 AM UTC

🔗 Links

• 📊 View Workflow Run
• 🎨 View Storybook

---

🎉 Your Storybook is ready for review!

[github-actions]

Bundle Size Report

Summary

• Raw size: 22 MB baseline 22 MB — 🔴 +250 B
• Gzip: 4.57 MB baseline 4.57 MB — 🔴 +194 B
• Brotli: 3.39 MB baseline 3.39 MB — 🟢 -6 B
• Bundles: 170 current • 170 baseline • 82 added / 82 removed

Category Glance
Data & Services 🔴 +450 B (3.19 MB) · Other 🟢 -192 B (6.49 MB) · Panels & Settings 🟢 -8 B (466 kB) · Vendor & Third-Party ⚪ 0 B (10.7 MB) · Graph Workspace ⚪ 0 B (960 kB) · Views & Navigation ⚪ 0 B (80.7 kB) · + 5 more

Per-category breakdown

App Entry Points — 22.8 kB (baseline 22.8 kB) • ⚪ 0 B

Main entry bundles and manifests

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/index-D_h8I_5Y.js (removed)	22.8 kB	—	🟢 -22.8 kB	🟢 -6.84 kB	🟢 -6.02 kB
assets/index-DJUXAcE4.js (new)	—	22.8 kB	🔴 +22.8 kB	🔴 +6.84 kB	🔴 +6.02 kB

Status: 1 added / 1 removed

Graph Workspace — 960 kB (baseline 960 kB) • ⚪ 0 B

Graph editor runtime, canvas, workflow orchestration

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/GraphView-3AizpOMl.js (new)	—	960 kB	🔴 +960 kB	🔴 +194 kB	🔴 +147 kB
assets/GraphView-Dl_R6-B8.js (removed)	960 kB	—	🟢 -960 kB	🟢 -194 kB	🟢 -147 kB

Status: 1 added / 1 removed

Views & Navigation — 80.7 kB (baseline 80.7 kB) • ⚪ 0 B

Top-level views, pages, and routed surfaces

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/CloudSurveyView-AP2dN_3z.js (removed)	17.1 kB	—	🟢 -17.1 kB	🟢 -3.6 kB	🟢 -3.05 kB
assets/CloudSurveyView-CUtkr69b.js (new)	—	17.1 kB	🔴 +17.1 kB	🔴 +3.6 kB	🔴 +3.06 kB
assets/CloudLoginView-DBkvJoeY.js (removed)	11.8 kB	—	🟢 -11.8 kB	🟢 -3.09 kB	🟢 -2.71 kB
assets/CloudLoginView-I5KSm1ev.js (new)	—	11.8 kB	🔴 +11.8 kB	🔴 +3.09 kB	🔴 +2.72 kB
assets/UserCheckView-C25H3Mrr.js (new)	—	10.5 kB	🔴 +10.5 kB	🔴 +2.44 kB	🔴 +2.13 kB
assets/UserCheckView-DBrTx9jR.js (removed)	10.5 kB	—	🟢 -10.5 kB	🟢 -2.45 kB	🟢 -2.13 kB
assets/CloudLayoutView-DlMwPh67.js (new)	—	8.54 kB	🔴 +8.54 kB	🔴 +2.24 kB	🔴 +1.95 kB
assets/CloudLayoutView-qFSs3Oym.js (removed)	8.54 kB	—	🟢 -8.54 kB	🟢 -2.24 kB	🟢 -1.96 kB
assets/CloudSignupView-BvgKHQ4C.js (new)	—	8.18 kB	🔴 +8.18 kB	🔴 +2.33 kB	🔴 +2.03 kB
assets/CloudSignupView-CABXL6yy.js (removed)	8.18 kB	—	🟢 -8.18 kB	🟢 -2.33 kB	🟢 -2.02 kB
assets/CloudForgotPasswordView-Be_CCksP.js (new)	—	6.26 kB	🔴 +6.26 kB	🔴 +1.92 kB	🔴 +1.69 kB
assets/CloudForgotPasswordView-ikvw7ZZX.js (removed)	6.26 kB	—	🟢 -6.26 kB	🟢 -1.92 kB	🟢 -1.69 kB
assets/UserSelectView-BnUDJeTs.js (new)	—	5.28 kB	🔴 +5.28 kB	🔴 +1.76 kB	🔴 +1.57 kB
assets/UserSelectView-CybVB3eh.js (removed)	5.28 kB	—	🟢 -5.28 kB	🟢 -1.76 kB	🟢 -1.57 kB
assets/CloudSubscriptionRedirectView-BbcgHK61.js (new)	—	5.27 kB	🔴 +5.27 kB	🔴 +1.73 kB	🔴 +1.53 kB
assets/CloudSubscriptionRedirectView-DkJvJVkV.js (removed)	5.27 kB	—	🟢 -5.27 kB	🟢 -1.73 kB	🟢 -1.53 kB
assets/CloudAuthTimeoutView-BqeP-RHw.js (removed)	5.24 kB	—	🟢 -5.24 kB	🟢 -1.7 kB	🟢 -1.48 kB
assets/CloudAuthTimeoutView-DE7SYP7Y.js (new)	—	5.24 kB	🔴 +5.24 kB	🔴 +1.71 kB	🔴 +1.49 kB
assets/CloudSorryContactSupportView-B5gYo5Lv.js	1.97 kB	1.97 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/layout-MvRmLoAK.js	500 B	500 B	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 9 added / 9 removed

Panels & Settings — 466 kB (baseline 466 kB) • 🟢 -8 B

Configuration panels, inspectors, and settings screens

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/WorkspacePanel-DeCdQgCw.js (removed)	29.8 kB	—	🟢 -29.8 kB	🟢 -5.89 kB	🟢 -5.14 kB
assets/WorkspacePanel-DySiB-MT.js (new)	—	29.8 kB	🔴 +29.8 kB	🔴 +5.89 kB	🔴 +5.15 kB
assets/LegacyCreditsPanel-B5Pe6AD6.js (new)	—	23.8 kB	🔴 +23.8 kB	🔴 +5.95 kB	🔴 +5.22 kB
assets/LegacyCreditsPanel-DS1sVxzu.js (removed)	23.8 kB	—	🟢 -23.8 kB	🟢 -5.94 kB	🟢 -5.22 kB
assets/SubscriptionPanel-Cjr0qmXS.js (removed)	20.9 kB	—	🟢 -20.9 kB	🟢 -5.01 kB	🟢 -4.43 kB
assets/SubscriptionPanel-CnPNcaLJ.js (new)	—	20.9 kB	🔴 +20.9 kB	🔴 +5.01 kB	🔴 +4.42 kB
assets/KeybindingPanel-CMSozIvg.js (removed)	14.2 kB	—	🟢 -14.2 kB	🟢 -3.74 kB	🟢 -3.31 kB
assets/KeybindingPanel-I9MnC8hv.js (new)	—	14.2 kB	🔴 +14.2 kB	🔴 +3.74 kB	🔴 +3.31 kB
assets/AboutPanel-ApnJ4csL.js (new)	—	10.8 kB	🔴 +10.8 kB	🔴 +2.68 kB	🔴 +2.44 kB
assets/AboutPanel-D5LAnM2K.js (removed)	10.8 kB	—	🟢 -10.8 kB	🟢 -2.68 kB	🟢 -2.44 kB
assets/ExtensionPanel-CSeJJnxh.js (new)	—	10.2 kB	🔴 +10.2 kB	🔴 +2.71 kB	🔴 +2.4 kB
assets/ExtensionPanel-OIIP5lJO.js (removed)	10.2 kB	—	🟢 -10.2 kB	🟢 -2.71 kB	🟢 -2.4 kB
assets/ServerConfigPanel-CGpkSY57.js (new)	—	7.23 kB	🔴 +7.23 kB	🔴 +2.17 kB	🔴 +1.94 kB
assets/ServerConfigPanel-Dyb79OBm.js (removed)	7.23 kB	—	🟢 -7.23 kB	🟢 -2.17 kB	🟢 -1.94 kB
assets/UserPanel-Bbwu7MND.js (new)	—	6.58 kB	🔴 +6.58 kB	🔴 +1.9 kB	🔴 +1.67 kB
assets/UserPanel-BlW8SSao.js (removed)	6.58 kB	—	🟢 -6.58 kB	🟢 -1.9 kB	🟢 -1.67 kB
assets/config-B8D5yUnh.js (removed)	1.16 kB	—	🟢 -1.16 kB	🟢 -608 B	🟢 -533 B
assets/config-2f6C5l4a.js (new)	—	1.15 kB	🔴 +1.15 kB	🔴 +605 B	🔴 +541 B
assets/refreshRemoteConfig-Dmz33SLR.js (removed)	1.14 kB	—	🟢 -1.14 kB	🟢 -521 B	🟢 -452 B
assets/refreshRemoteConfig-REgRmx0D.js (new)	—	1.14 kB	🔴 +1.14 kB	🔴 +522 B	🔴 +452 B
assets/cloudRemoteConfig-CqUYgqos.js (new)	—	1.11 kB	🔴 +1.11 kB	🔴 +507 B	🔴 +438 B
assets/cloudRemoteConfig-fc02IDc5.js (removed)	1.11 kB	—	🟢 -1.11 kB	🟢 -506 B	🟢 -443 B
assets/refreshRemoteConfig-BJ8UE3Sd.js (new)	—	169 B	🔴 +169 B	🔴 +108 B	🔴 +108 B
assets/refreshRemoteConfig-CfHbBMAR.js (removed)	169 B	—	🟢 -169 B	🟢 -108 B	🟢 -111 B
assets/remoteConfig-w1E3DdAQ.js	536 B	536 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-2qMok0ac.js	29 kB	29 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-BcDLsbiI.js	29.2 kB	29.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-BCMsrMhl.js	29.9 kB	29.9 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-BQM5iiEY.js	25.5 kB	25.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-C5JeSK4j.js	26.2 kB	26.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-CcVqrXbK.js	38.8 kB	38.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-Ckoj43MZ.js	30 kB	30 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DFBj0AYW.js	32.5 kB	32.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-Dh5pVx6O.js	34.8 kB	34.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DJRV_PVY.js	30.8 kB	30.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-jbT3QFC8.js	31.6 kB	31.6 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 12 added / 12 removed

User & Accounts — 3.94 kB (baseline 3.94 kB) • ⚪ 0 B

Authentication, profile, and account management bundles

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/auth-BnZ6hPE_.js (removed)	3.54 kB	—	🟢 -3.54 kB	🟢 -1.24 kB	🟢 -1.06 kB
assets/auth-DGsEZjyl.js (new)	—	3.54 kB	🔴 +3.54 kB	🔴 +1.24 kB	🔴 +1.08 kB
assets/firebaseAuthStore-0vn7pbvf.js (removed)	217 B	—	🟢 -217 B	🟢 -136 B	🟢 -116 B
assets/firebaseAuthStore-CP_ItjpH.js (new)	—	217 B	🔴 +217 B	🔴 +136 B	🔴 +119 B
assets/auth-DlBTtfK3.js (new)	—	178 B	🔴 +178 B	🔴 +142 B	🔴 +131 B
assets/auth-dNMFAzDl.js (removed)	178 B	—	🟢 -178 B	🟢 -142 B	🟢 -137 B

Status: 3 added / 3 removed

Editors & Dialogs — 2.83 kB (baseline 2.83 kB) • ⚪ 0 B

Modals, dialogs, drawers, and in-app editors

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/useSubscriptionDialog-DcbLbhpa.js (new)	—	2.65 kB	🔴 +2.65 kB	🔴 +1.25 kB	🔴 +1.11 kB
assets/useSubscriptionDialog-DOL3157I.js (removed)	2.65 kB	—	🟢 -2.65 kB	🟢 -1.25 kB	🟢 -1.11 kB
assets/useSubscriptionDialog-D8OFCSNo.js (removed)	179 B	—	🟢 -179 B	🟢 -110 B	🟢 -95 B
assets/useSubscriptionDialog-TWwUL2bR.js (new)	—	179 B	🔴 +179 B	🔴 +110 B	🔴 +98 B

Status: 2 added / 2 removed

UI Components — 33.7 kB (baseline 33.7 kB) • ⚪ 0 B

Reusable component library chunks

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/ComfyQueueButton-CAnN3HRm.js (new)	—	9.52 kB	🔴 +9.52 kB	🔴 +2.69 kB	🔴 +2.42 kB
assets/ComfyQueueButton-DlzdUTlL.js (removed)	9.52 kB	—	🟢 -9.52 kB	🟢 -2.69 kB	🟢 -2.42 kB
assets/SubscribeButton-DMa6Wfdv.js (removed)	4.63 kB	—	🟢 -4.63 kB	🟢 -1.57 kB	🟢 -1.39 kB
assets/SubscribeButton-eLiGj-v-.js (new)	—	4.63 kB	🔴 +4.63 kB	🔴 +1.57 kB	🔴 +1.39 kB
assets/CloudBadge-BP2I8jMj.js (new)	—	1.85 kB	🔴 +1.85 kB	🔴 +724 B	🔴 +645 B
assets/CloudBadge-WdGZjvrk.js (removed)	1.85 kB	—	🟢 -1.85 kB	🟢 -723 B	🟢 -646 B
assets/cloudFeedbackTopbarButton-B8_Mf29Z.js (new)	—	1.24 kB	🔴 +1.24 kB	🔴 +677 B	🔴 +576 B
assets/cloudFeedbackTopbarButton-Dy4oYkR0.js (removed)	1.24 kB	—	🟢 -1.24 kB	🟢 -676 B	🟢 -582 B
assets/ComfyQueueButton-CvxRHVpv.js (removed)	181 B	—	🟢 -181 B	🟢 -118 B	🟢 -121 B
assets/ComfyQueueButton-ws98KwQR.js (new)	—	181 B	🔴 +181 B	🔴 +118 B	🔴 +120 B
assets/Button-B9mYP1x0.js	3.82 kB	3.82 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/TopbarBadge-DHZYSmi1.js	8.36 kB	8.36 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/UserAvatar-CIuPULbC.js	1.73 kB	1.73 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetButton-BFtcBv-z.js	2.41 kB	2.41 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 5 added / 5 removed

Data & Services — 3.19 MB (baseline 3.19 MB) • 🔴 +450 B

Stores, services, APIs, and repositories

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/dialogService-C0zjRcuq.js (new)	—	2 MB	🔴 +2 MB	🔴 +423 kB	🔴 +323 kB
assets/dialogService-Bim4nAti.js (removed)	2 MB	—	🟢 -2 MB	🟢 -423 kB	🟢 -323 kB
assets/api-j4zaI83-.js (new)	—	1.16 MB	🔴 +1.16 MB	🔴 +243 kB	🔴 +188 kB
assets/api-CTyf0syr.js (removed)	1.16 MB	—	🟢 -1.16 MB	🟢 -243 kB	🟢 -188 kB
assets/releaseStore-Beq_e2b1.js (removed)	8.91 kB	—	🟢 -8.91 kB	🟢 -2.4 kB	🟢 -2.12 kB
assets/releaseStore-Cm8ruHqm.js (new)	—	8.91 kB	🔴 +8.91 kB	🔴 +2.4 kB	🔴 +2.12 kB
assets/keybindingService-8cNO7nIn.js (new)	—	6.78 kB	🔴 +6.78 kB	🔴 +1.74 kB	🔴 +1.52 kB
assets/keybindingService-DPWzmdVc.js (removed)	6.78 kB	—	🟢 -6.78 kB	🟢 -1.74 kB	🟢 -1.51 kB
assets/userStore-BL7Wz1g2.js (removed)	2.16 kB	—	🟢 -2.16 kB	🟢 -812 B	🟢 -722 B
assets/userStore-CFvOm0vB.js (new)	—	2.16 kB	🔴 +2.16 kB	🔴 +812 B	🔴 +722 B
assets/audioService-B-FPTBx8.js (removed)	2.03 kB	—	🟢 -2.03 kB	🟢 -930 B	🟢 -821 B
assets/audioService-CZOTeBBU.js (new)	—	2.03 kB	🔴 +2.03 kB	🔴 +933 B	🔴 +820 B
assets/teamWorkspaceStore-Bnk9tbCT.js (new)	—	165 B	🔴 +165 B	🔴 +123 B	🔴 +110 B
assets/teamWorkspaceStore-DhZLvrbo.js (removed)	165 B	—	🟢 -165 B	🟢 -123 B	🟢 -112 B
assets/releaseStore-4gB11Dly.js (new)	—	140 B	🔴 +140 B	🔴 +106 B	🔴 +105 B
assets/releaseStore-BZWRqhyO.js (removed)	140 B	—	🟢 -140 B	🟢 -106 B	🟢 -107 B
assets/serverConfigStore-B2LzN8g1.js	2.64 kB	2.64 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 8 added / 8 removed

Utilities & Hooks — 25.2 kB (baseline 25.2 kB) • ⚪ 0 B

Helpers, composables, and utility bundles

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/useErrorHandling-DyH5_-tx.js (new)	—	5.08 kB	🔴 +5.08 kB	🔴 +1.5 kB	🔴 +1.31 kB
assets/useErrorHandling-Zn7yPNmH.js (removed)	5.08 kB	—	🟢 -5.08 kB	🟢 -1.5 kB	🟢 -1.31 kB
assets/useWorkspaceUI-AHiT4D3v.js (removed)	3.42 kB	—	🟢 -3.42 kB	🟢 -973 B	🟢 -842 B
assets/useWorkspaceUI-SAQMoj56.js (new)	—	3.42 kB	🔴 +3.42 kB	🔴 +975 B	🔴 +835 B
assets/useSubscriptionActions-2EAWmCOc.js (removed)	2.22 kB	—	🟢 -2.22 kB	🟢 -867 B	🟢 -762 B
assets/useSubscriptionActions-crvEOlrM.js (new)	—	2.22 kB	🔴 +2.22 kB	🔴 +871 B	🔴 +759 B
assets/subscriptionCheckoutUtil-CAvocoLH.js (removed)	2 kB	—	🟢 -2 kB	🟢 -858 B	🟢 -755 B
assets/subscriptionCheckoutUtil-De8zWRNc.js (new)	—	2 kB	🔴 +2 kB	🔴 +863 B	🔴 +749 B
assets/useSubscriptionCredits-Bqpk5yqy.js (removed)	1.39 kB	—	🟢 -1.39 kB	🟢 -595 B	🟢 -530 B
assets/useSubscriptionCredits-yl8Jb9E4.js (new)	—	1.39 kB	🔴 +1.39 kB	🔴 +599 B	🔴 +530 B
assets/audioUtils-CZmlJgY9.js (new)	—	970 B	🔴 +970 B	🔴 +548 B	🔴 +483 B
assets/audioUtils-DWlTUqyt.js (removed)	970 B	—	🟢 -970 B	🟢 -546 B	🟢 -460 B
assets/useCurrentUser-DRwMHf74.js (new)	—	145 B	🔴 +145 B	🔴 +114 B	🔴 +102 B
assets/useCurrentUser-DukodGMM.js (removed)	145 B	—	🟢 -145 B	🟢 -114 B	🟢 -98 B
assets/_plugin-vue_export-helper-DLRTaeJK.js	467 B	467 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/colorUtil-8brfHtOx.js	7.2 kB	7.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/markdownRendererUtil-DBMaRy6q.js	1.78 kB	1.78 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/tailwindUtil-Hy0jY5OA.js	488 B	488 B	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 7 added / 7 removed

Vendor & Third-Party — 10.7 MB (baseline 10.7 MB) • ⚪ 0 B

External libraries and shared vendor chunks

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/vendor-chart-DdBDBwvF.js	408 kB	408 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-other-Dk4vQph5.js	4.1 MB	4.1 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-primevue-BK91gQps.js	3.04 MB	3.04 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-reka-ui-Bh_PdEOO.js	256 kB	256 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-three-BKpliY5_.js	1.83 MB	1.83 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-tiptap-BFRBT3RT.js	650 kB	650 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-vue-DMjbEcx7.js	13.6 kB	13.6 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-xterm-PDw3y6Aq.js	398 kB	398 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Other — 6.49 MB (baseline 6.49 MB) • 🟢 -192 B

Bundles that do not match a named category

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/core-BKvmmZRd.js (removed)	180 kB	—	🟢 -180 kB	🟢 -43.3 kB	🟢 -36.2 kB
assets/core-CLlYo2Tw.js (new)	—	180 kB	🔴 +180 kB	🔴 +43.3 kB	🔴 +36.2 kB
assets/WidgetSelect-Bd-oVzti.js (removed)	51 kB	—	🟢 -51 kB	🟢 -11.2 kB	🟢 -9.82 kB
assets/WidgetSelect-nerrMJHM.js (new)	—	51 kB	🔴 +51 kB	🔴 +11.2 kB	🔴 +9.79 kB
assets/Load3DControls-DeRKXKP6.js (new)	—	35.9 kB	🔴 +35.9 kB	🔴 +5.87 kB	🔴 +5.09 kB
assets/Load3DControls-DinVKlxr.js (removed)	35.9 kB	—	🟢 -35.9 kB	🟢 -5.87 kB	🟢 -5.08 kB
assets/SubscriptionRequiredDialogContent-DJzA07kE.js (removed)	28.7 kB	—	🟢 -28.7 kB	🟢 -6.78 kB	🟢 -5.9 kB
assets/SubscriptionRequiredDialogContent-Dpg-Aia9.js (new)	—	28.7 kB	🔴 +28.7 kB	🔴 +6.78 kB	🔴 +5.89 kB
assets/CurrentUserPopoverWorkspace-CI96Pcce.js (removed)	22.2 kB	—	🟢 -22.2 kB	🟢 -4.99 kB	🟢 -4.43 kB
assets/CurrentUserPopoverWorkspace-D4yXXivj.js (new)	—	22.2 kB	🔴 +22.2 kB	🔴 +4.99 kB	🔴 +4.43 kB
assets/Load3D-4WSfAnvs.js (removed)	20.9 kB	—	🟢 -20.9 kB	🟢 -4.58 kB	🟢 -4.01 kB
assets/Load3D-Br8fVu_I.js (new)	—	20.9 kB	🔴 +20.9 kB	🔴 +4.59 kB	🔴 +4.02 kB
assets/WidgetInputNumber-C8EYG00A.js (removed)	18.3 kB	—	🟢 -18.3 kB	🟢 -4.51 kB	🟢 -4.02 kB
assets/WidgetInputNumber-DJf8GS49.js (new)	—	18.3 kB	🔴 +18.3 kB	🔴 +4.51 kB	🔴 +4.02 kB
assets/WidgetRecordAudio-C79gHhNJ.js (new)	—	18.2 kB	🔴 +18.2 kB	🔴 +4.96 kB	🔴 +4.43 kB
assets/WidgetRecordAudio-DSg2Wq2K.js (removed)	18.2 kB	—	🟢 -18.2 kB	🟢 -4.96 kB	🟢 -4.43 kB
assets/SubscriptionPanelContentWorkspace-BTRDI_0T.js (removed)	18.2 kB	—	🟢 -18.2 kB	🟢 -4.47 kB	🟢 -3.89 kB
assets/SubscriptionPanelContentWorkspace-Bw4pOnbp.js (new)	—	18.2 kB	🔴 +18.2 kB	🔴 +4.47 kB	🔴 +3.9 kB
assets/WidgetImageCrop-DEJeQ7s2.js (new)	—	17.1 kB	🔴 +17.1 kB	🔴 +4.14 kB	🔴 +3.62 kB
assets/WidgetImageCrop-DRtdcKWM.js (removed)	17.1 kB	—	🟢 -17.1 kB	🟢 -4.14 kB	🟢 -3.63 kB
assets/PanelTemplate-BbJw8U3P.js (new)	—	16.2 kB	🔴 +16.2 kB	🔴 +5.45 kB	🔴 +4.79 kB
assets/PanelTemplate-Bt_XvBgi.js (removed)	16.2 kB	—	🟢 -16.2 kB	🟢 -5.45 kB	🟢 -4.79 kB
assets/AudioPreviewPlayer-BPSTRWSA.js (new)	—	10.8 kB	🔴 +10.8 kB	🔴 +2.97 kB	🔴 +2.65 kB
assets/AudioPreviewPlayer-Dj9kuzL7.js (removed)	10.8 kB	—	🟢 -10.8 kB	🟢 -2.97 kB	🟢 -2.65 kB
assets/InviteMemberDialogContent-BNouOtlD.js (removed)	8.36 kB	—	🟢 -8.36 kB	🟢 -2.5 kB	🟢 -2.16 kB
assets/InviteMemberDialogContent-DBUizXoF.js (new)	—	8.36 kB	🔴 +8.36 kB	🔴 +2.51 kB	🔴 +2.16 kB
assets/WidgetWithControl-BQslwzNk.js (new)	—	8.02 kB	🔴 +8.02 kB	🔴 +2.65 kB	🔴 +2.38 kB
assets/WidgetWithControl-ByaGhGdf.js (removed)	8.02 kB	—	🟢 -8.02 kB	🟢 -2.64 kB	🟢 -2.38 kB
assets/CreateWorkspaceDialogContent-CJFZgbhs.js (removed)	5.93 kB	—	🟢 -5.93 kB	🟢 -1.93 kB	🟢 -1.68 kB
assets/CreateWorkspaceDialogContent-Dh2QVYyt.js (new)	—	5.93 kB	🔴 +5.93 kB	🔴 +1.93 kB	🔴 +1.68 kB
assets/EditWorkspaceDialogContent-B_UHiDJb.js (new)	—	5.7 kB	🔴 +5.7 kB	🔴 +1.88 kB	🔴 +1.64 kB
assets/EditWorkspaceDialogContent-r23i9VeL.js (removed)	5.7 kB	—	🟢 -5.7 kB	🟢 -1.88 kB	🟢 -1.64 kB
assets/ValueControlPopover-B2--xCHa.js (new)	—	4.86 kB	🔴 +4.86 kB	🔴 +1.55 kB	🔴 +1.37 kB
assets/ValueControlPopover-B26zOgBY.js (removed)	4.86 kB	—	🟢 -4.86 kB	🟢 -1.55 kB	🟢 -1.37 kB
assets/DeleteWorkspaceDialogContent-BYs42rkj.js (new)	—	4.59 kB	🔴 +4.59 kB	🔴 +1.56 kB	🔴 +1.35 kB
assets/DeleteWorkspaceDialogContent-xQY47pds.js (removed)	4.59 kB	—	🟢 -4.59 kB	🟢 -1.56 kB	🟢 -1.35 kB
assets/LeaveWorkspaceDialogContent-DWem8mii.js (removed)	4.41 kB	—	🟢 -4.41 kB	🟢 -1.5 kB	🟢 -1.3 kB
assets/LeaveWorkspaceDialogContent-nMUah4jn.js (new)	—	4.41 kB	🔴 +4.41 kB	🔴 +1.5 kB	🔴 +1.31 kB
assets/RemoveMemberDialogContent-C4UI45N4.js (removed)	4.38 kB	—	🟢 -4.38 kB	🟢 -1.45 kB	🟢 -1.27 kB
assets/RemoveMemberDialogContent-u7TtMi5w.js (new)	—	4.38 kB	🔴 +4.38 kB	🔴 +1.45 kB	🔴 +1.26 kB
assets/RevokeInviteDialogContent-Cc6cD25G.js (removed)	4.29 kB	—	🟢 -4.29 kB	🟢 -1.47 kB	🟢 -1.29 kB
assets/RevokeInviteDialogContent-fDIAOiQB.js (new)	—	4.29 kB	🔴 +4.29 kB	🔴 +1.47 kB	🔴 +1.29 kB
assets/GlobalToast-C7dv8_C0.js (new)	—	3.05 kB	🔴 +3.05 kB	🔴 +1.1 kB	🔴 +939 B
assets/GlobalToast-D74Rc_Mv.js (removed)	3.05 kB	—	🟢 -3.05 kB	🟢 -1.1 kB	🟢 -941 B
assets/SubscribeToRun-5U-f6p_B.js (new)	—	2.96 kB	🔴 +2.96 kB	🔴 +1.16 kB	🔴 +1.01 kB
assets/SubscribeToRun-vhvHpMGP.js (removed)	2.96 kB	—	🟢 -2.96 kB	🟢 -1.15 kB	🟢 -1.01 kB
assets/cloudSessionCookie-Bvkmf37X.js (removed)	2.94 kB	—	🟢 -2.94 kB	🟢 -933 B	🟢 -802 B
assets/cloudSessionCookie-CiyszMFp.js (new)	—	2.94 kB	🔴 +2.94 kB	🔴 +933 B	🔴 +801 B
assets/BaseViewTemplate-D33rRrcU.js (new)	—	2.42 kB	🔴 +2.42 kB	🔴 +1.04 kB	🔴 +939 B
assets/BaseViewTemplate-wtHeK0af.js (removed)	2.42 kB	—	🟢 -2.42 kB	🟢 -1.04 kB	🟢 -941 B
assets/CloudRunButtonWrapper-B9lWDJQt.js (removed)	1.79 kB	—	🟢 -1.79 kB	🟢 -642 B	🟢 -562 B
assets/CloudRunButtonWrapper-x4B_Zi-X.js (new)	—	1.79 kB	🔴 +1.79 kB	🔴 +643 B	🔴 +566 B
assets/cloudBadges-BOamkIWw.js (removed)	1.08 kB	—	🟢 -1.08 kB	🟢 -538 B	🟢 -502 B
assets/cloudBadges-CpGSHxu8.js (new)	—	1.08 kB	🔴 +1.08 kB	🔴 +540 B	🔴 +486 B
assets/graphHasMissingNodes-Dv7UCI6j.js (removed)	1.06 kB	—	🟢 -1.06 kB	🟢 -460 B	🟢 -423 B
assets/graphHasMissingNodes-QQYPOMC9.js (new)	—	1.06 kB	🔴 +1.06 kB	🔴 +463 B	🔴 +424 B
assets/cloudSubscription-C-sunN6e.js (new)	—	976 B	🔴 +976 B	🔴 +459 B	🔴 +398 B
assets/cloudSubscription-DKRJboQV.js (removed)	976 B	—	🟢 -976 B	🟢 -459 B	🟢 -396 B
assets/nightlyBadges-B_XVIEJK.js (new)	—	594 B	🔴 +594 B	🔴 +358 B	🔴 +312 B
assets/nightlyBadges-DeH6Ndsi.js (removed)	594 B	—	🟢 -594 B	🟢 -353 B	🟢 -313 B
assets/SubscriptionPanelContentWorkspace-CbQaLzp6.js (new)	—	266 B	🔴 +266 B	🔴 +136 B	🔴 +117 B
assets/SubscriptionPanelContentWorkspace-D2p042Kg.js (removed)	266 B	—	🟢 -266 B	🟢 -136 B	🟢 -126 B
assets/WidgetInputNumber-Cec-zofU.js (removed)	186 B	—	🟢 -186 B	🟢 -119 B	🟢 -121 B
assets/WidgetInputNumber-CINjeBy5.js (new)	—	186 B	🔴 +186 B	🔴 +119 B	🔴 +111 B
assets/WidgetLegacy-B2U9VRtz.js (new)	—	164 B	🔴 +164 B	🔴 +125 B	🔴 +111 B
assets/WidgetLegacy-Zeio4elT.js (removed)	164 B	—	🟢 -164 B	🟢 -125 B	🟢 -110 B
assets/Load3D-DW4FO9wh.js (new)	—	131 B	🔴 +131 B	🔴 +107 B	🔴 +123 B
assets/Load3D-Wspaqu_t.js (removed)	131 B	—	🟢 -131 B	🟢 -107 B	🟢 -100 B
assets/auto-BmypP-XQ.js	1.73 kB	1.73 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-27PChCGl.js	17 kB	17 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-B52_zgXW.js	18.8 kB	18.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-BC_Q8we6.js	19.3 kB	19.3 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-BZlNQPg2.js	17.8 kB	17.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-CgVf6wUK.js	17.9 kB	17.9 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-CuidUnsD.js	19.3 kB	19.3 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-D5OfZ3bv.js	18.5 kB	18.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-Dmj47WTl.js	20.6 kB	20.6 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-DUK2nLuH.js	17.2 kB	17.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-K3soE7da.js	18 kB	18 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-MVcGSIbM.js	18 kB	18 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/LazyImage-rWQpxwnM.js	14.1 kB	14.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-3-ad-MUk.js	127 kB	127 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-BBLNw8xJ.js	129 kB	129 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-BHVFfeo5.js	125 kB	125 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-BICThk_R.js	132 kB	132 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-C0B5rjtK.js	112 kB	112 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-CBm-XJ4H.js	172 kB	172 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-CiYkb6QV.js	111 kB	111 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-DNur9seF.js	154 kB	154 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-DtCmAq24.js	150 kB	150 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-kSNuyyLo.js	143 kB	143 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-WfrQSHBO.js	125 kB	125 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/Media3DTop-8_T22Isd.js	2.38 kB	2.38 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/MediaAudioTop-CBP8th-j.js	2 kB	2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/MediaImageTop-1THG_DJM.js	2.34 kB	2.34 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/MediaVideoTop-yhq80asg.js	2.82 kB	2.82 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/mixpanel.module-BiPjOPVW.js	143 B	143 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-AWEAv70v.js	442 kB	442 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-BbERBXTz.js	335 kB	335 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-Bg0VvRsL.js	338 kB	338 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-Bou_oU4e.js	364 kB	364 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-BwPth-go.js	407 kB	407 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-BWX3iBBy.js	407 kB	407 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-Dfh39t4u.js	361 kB	361 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-DqfOW2sF.js	378 kB	378 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-DyDPn66V.js	364 kB	364 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-MJExKdEs.js	368 kB	368 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-x4cF477r.js	358 kB	358 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/OBJLoader2WorkerModule-DTMpvldF.js	109 kB	109 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/previousFullPath-B-XG7lU7.js	838 B	838 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/rolldown-runtime-cVp-94Rc.js	1.96 kB	1.96 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/Slider-BAEfKuro.js	4.21 kB	4.21 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/widget-CD3JnB1i.js	518 B	518 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetBoundingBox-Bp7B7z1s.js	186 B	186 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetBoundingBox-CgNPbPqq.js	4.71 kB	4.71 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetChart-3mC7A_va.js	2.79 kB	2.79 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetColorPicker-x8L_rIAb.js	3.71 kB	3.71 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetGalleria-f72WaoQY.js	4.57 kB	4.57 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetImageCompare-Dd0p7l7V.js	3.79 kB	3.79 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetInputText-DOFSeOZG.js	2.58 kB	2.58 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetLayoutField-CZXFB71F.js	2.61 kB	2.61 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetMarkdown-bP5F2-qx.js	3.22 kB	3.22 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/widgetPropFilter-DOe9Bb1I.js	1.31 kB	1.31 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetTextarea-DwdEJ3mA.js	3.52 kB	3.52 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/WidgetToggleSwitch-BIK7gguT.js	3.08 kB	3.08 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Status: 34 added / 34 removed

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/platform/assets/utils/assetMetadataUtils.ts`:
- Around line 75-77: The current early return of asset.metadata.repo_url in
assetMetadataUtils.ts is unsafe; validate the repo_url before returning by
parsing it and ensuring its scheme is http or https (and optionally enforce an
allowlist of hosts), and only then return it from the function; if validation
fails, fall back to the existing source_arn parsing logic (the same code path
used when repo_url is absent) so that no javascript: or other unsafe schemes are
ever returned for rendering in an <a href>.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Validate repo_url before returning to avoid unsafe schemes.
repo_url can be user-controlled and is rendered as an <a href>. Without protocol validation, javascript: or other unsafe schemes can slip through and execute on click. Please enforce http/https (and optionally allowlist hosts) before returning; otherwise fall back to source_arn parsing.

🔒️ Proposed fix (validate and safely fall through)

 export function getAssetSourceUrl(asset: AssetItem): string | null {
-  if (typeof asset.metadata?.repo_url === 'string') {
-    return asset.metadata.repo_url
-  }
+  const repoUrl = asset.metadata?.repo_url
+  if (typeof repoUrl === 'string') {
+    const trimmed = repoUrl.trim()
+    if (trimmed) {
+      try {
+        const parsed = new URL(trimmed)
+        if (parsed.protocol === 'http:' || parsed.protocol === 'https:') {
+          return trimmed
+        }
+      } catch {
+        // fall through to source_arn
+      }
+    }
+  }
   // Note: Reversed priority for backwards compatibility
   const sourceArn =
     asset.metadata?.source_arn ?? asset.user_metadata?.source_arn

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (typeof asset.metadata?.repo_url === 'string') {
	return asset.metadata.repo_url
	}
	export function getAssetSourceUrl(asset: AssetItem): string | null {
	const repoUrl = asset.metadata?.repo_url
	if (typeof repoUrl === 'string') {
	const trimmed = repoUrl.trim()
	if (trimmed) {
	try {
	const parsed = new URL(trimmed)
	if (parsed.protocol === 'http:' || parsed.protocol === 'https:') {
	return trimmed
	}
	} catch {
	// fall through to source_arn
	}
	}
	}
	// Note: Reversed priority for backwards compatibility
	const sourceArn =
	asset.metadata?.source_arn ?? asset.user_metadata?.source_arn

🤖 Prompt for AI Agents

In `@src/platform/assets/utils/assetMetadataUtils.ts` around lines 75 - 77, The
current early return of asset.metadata.repo_url in assetMetadataUtils.ts is
unsafe; validate the repo_url before returning by parsing it and ensuring its
scheme is http or https (and optionally enforce an allowlist of hosts), and only
then return it from the function; if validation fails, fall back to the existing
source_arn parsing logic (the same code path used when repo_url is absent) so
that no javascript: or other unsafe schemes are ever returned for rendering in
an <a href>.

[luke-mino-altherr]

consider using a enum here

[DrJKL]

Once we add a third source, definitely 🫡

[viva-jinyi]

If this comes up again, it might be nice to extract the img src into a computed using switch/case

[viva-jinyi]

If this comes up again, it might be nice to extract the img src into a computed using switch/case

[comfy-pr-bot]

@DrJKL Successfully backported to #8331