The /comfy/{path} proxy route was generating duplicate operationIds
for each HTTP method, causing OpenAPI validation to fail.
Exclude all ComfyUI proxy/auth routes from schema - they're not meant
to be used by API clients.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add FastAPI routes for ComfyUI programmatic API:
Query endpoints:
- GET /api/comfyui/status - System stats (GPU, RAM, etc.)
- GET /api/comfyui/queue - Queue status (running/pending)
- DELETE /api/comfyui/queue - Clear the queue
- GET /api/comfyui/models - List available models
- GET /api/comfyui/history - List generation history
- GET /api/comfyui/history/{prompt_id} - Get specific result
Generation endpoints:
- POST /api/comfyui/generate - Text-to-image with full params
- POST /api/comfyui/workflow - Queue arbitrary API-format workflow
All endpoints protected with API key auth (X-API-Key header).
Pydantic models for request/response validation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add ComfyUI CLI subcommand group with:
- `tsr comfy status` - System stats (GPU, RAM, PyTorch, queue)
- `tsr comfy queue` - Show queue status (running/pending)
- `tsr comfy queue --clear` - Clear the queue
- `tsr comfy models` - List available checkpoints, LoRAs, VAE, etc.
- `tsr comfy history [ID]` - View generation history
- `tsr comfy generate` - Text-to-image with full parameter control
- prompt, negative, model, width, height, steps, cfg, seed
- sampler, scheduler selection
- optional --output to save locally
- `tsr comfy run workflow.json` - Run arbitrary API-format workflows
All commands support --json output and --url for custom server.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move deploy command to tensors namespace and replace bash script with
Ruby for better error handling. Adds API health check after restart.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add [paths] section to config.toml for custom model directories
- Add get_model_paths() function that merges config with defaults
- Update get_default_output_path() to check config first
- Add --set-path option to tsr config command
- Update download_routes.py to use centralized path function
- Add tests for path configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Break long SVG path lines in login pages (E501)
- Remove unused request parameter from callbacks (ARG001)
- Add noqa for too-many-returns in OAuth callbacks (PLR0911)
- Remove unused CORSMiddleware import
- Fix type narrowing in logout redirect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Support cross-domain auth for tensors-web with return_url parameter.
New endpoints: /auth/login, /auth/github, /auth/callback, /auth/verify
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add GitHub OAuth flow with /comfy/auth/github and /comfy/auth/callback
- User allowlist via GITHUB_ALLOWED_USERS environment variable
- CSRF protection with state parameter
- Keep same dark mode login page design (saved screenshot)
- Strip Origin header from proxied requests (fixes ComfyUI 403s)
- Add manual CORS headers to proxy responses
Env vars: GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, GITHUB_ALLOWED_USERS
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CORS spec doesn't allow credentials with wildcard origins.
This was causing 403 for all crossorigin module preloads.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CORS preflight requests don't send cookies, so they were failing auth.
Now OPTIONS requests are allowed through without authentication.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
modulepreload links use crossorigin attribute which doesn't send
cookies, so static assets (JS, CSS, fonts, images, JSON) are now
allowed without session authentication.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New /comfy/* routes that proxy to local ComfyUI instance
- Dark mode login page with session-based auth (HMAC-signed cookies)
- HTTP proxy for all ComfyUI requests
- WebSocket proxy for real-time features
- Environment variables: COMFYUI_URL, COMFYUI_USER, COMFYUI_PASS, SESSION_SECRET
- Added websockets and python-multipart to server dependencies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Unified search at /api/search handles both CivitAI and HuggingFace.
CivitAI routes now only provide:
- /api/civitai/model/{id} - get model by ID
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document unified search with --provider flag (civitai, hf, all)
- Add /api/search to server endpoints
- Add TypeScript client section (@saiden/tensors)
- Add public API info (tensors-api.saiden.dev)
- Update search options table with provider column
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Console is now optional for headless/server usage
- Progress spinner only shown when console is provided
- Error messages print only when console is provided
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add --provider flag to search command (civitai, hf, or all)
- Default to searching both providers simultaneously
- Add /api/search unified REST endpoint
- Map common parameters (sort, author, tag) across providers
- Remove separate `hf search` subcommand (use `search -P hf`)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adam Ladachowski