1.17.1 security fixes

• resolves #131
• resolves #135
• resolves #136
• Updates ComfyUI to 0.12.0
• Improves support for newer versions of hf cli

1.17.0 download improvements

• Adds support for installing custom nodes from specific commits or refs. resolves #128
• Adds support for using a remote warmup url instead of a local file, allowing runtime configuration of the functionality instead of just build-time. resolves #129

1.16.1 bug fixes

• Incorporates several bug fixes, along with test coverage
• Improves debugging for custom workflows. fixes #120
• Upgrades default ComfyUI to 0.7.0

1.16.0 - add per-request authentication for download endpoint

Summary

Extends the download endpoint to accept optional per-request authentication for downloading gated or protected models. This enables downloading from sources that require authentication without needing server-wide environment variable configuration.

Auth Types Supported

• Bearer: Token-based authentication (e.g., Hugging Face)
• Basic: Username/password authentication
• Header: Custom HTTP header (e.g., X-Api-Key)
• Query: Query parameter authentication (e.g., Azure SAS tokens)
• S3: Per-request AWS credentials with optional custom endpoint/region

Changes

• Added DownloadAuth discriminated union schema for type-safe auth handling
• Added DownloadOptions schema with optional auth field
• Updated StorageProvider interface to accept download options
• HTTPStorageProvider: Supports bearer, basic, header, and query auth
• S3StorageProvider: Supports per-request AWS credentials
• RemoteStorageManager: Bypasses cache for authenticated requests
• Download endpoint accepts optional auth field in request body

Security Considerations

• Auth credentials are never logged - only auth type and presence are logged
• Per-request S3 clients are not cached to ensure credential isolation
• Cache is bypassed for authenticated requests to prevent serving cached files to different credentials

Example Usage

{
 "url": "https://huggingface.co/gated-model/model.safetensors",
 "model_type": "checkpoints",
 "auth": {
 "type": "bearer",
 "token": "hf_xxx"
 }
}

Backward Compatibility

The auth field is optional, so existing requests continue to work unchanged.

1.15.0 - Download model endpoint

• Adds POST /download endpoint, allows direct control of model download behavior outside of the /prompt endpoint. Accepts all of the same url types as any other file. resolves #84
• Updates default comfyui to 0.3.76
• resolves #116

1.14.0 - Add support for /interrupt endpoint

• Forwards requests to ComfyUI's /interrupt endpoint, mapping between api ids and comfy ids.
• Updates default ComfyUI to 0.3.75

1.13.5 - Add `progress_state` event

• Adds the progress_state event to system event webhooks.
• resolves #106, resolves #107, resolves #110
• Thanks @choovin for the original contribution

1.13.4: Add proxy support with EnvHttpProxyAgent

• When HTTP_PROXY/HTTPS_PROXY are set, outbound HTTP/HTTPS requests will go through the proxy unless the target matches NO_PROXY.
• NO_PROXY entries such as localhost, .svc, .svc.cluster.local, and 169.254.169.254 will bypass the proxy to avoid breaking internal access.
• If both lowercase and uppercase proxy environment variables are set, lowercase take precedence and uppercase are ignored. To avoid ambiguity, set only one set of variables.

1.13.3 - More Webhook Fixes

• Fixes nonstandard webhook implementation
• Fixes invalid system webhook filtering logic. resolves #101
• Updates dependency. resolves #100
• Fixes tests to catch above issues

1.13.2 - Fix Critical Bug in Webhooks

• includes @jendruschR's bug fix to the new webhooks