Merge branch 'main' into feature/sqlmodel-migration

Model load events are already emitted by the backend but were only
logged in the frontend. Track a loading counter via
model_load_started / model_load_complete and flip the existing
ProgressBar into indeterminate mode while any model is loading, so
users get visual feedback that something is happening.

.github/CODEOWNERS

@@ -11,17 +11,17 @@
 # installation and configuration
 /pyproject.toml  @lstein @blessedcoolant  
 /docker/  @lstein @blessedcoolant
-/scripts/  @lstein  
-/installer/ @lstein   
-/invokeai/assets @lstein   
-/invokeai/configs @lstein  
+/scripts/  @lstein  @blessedcoolant  
+/installer/ @lstein   @blessedcoolant  
+/invokeai/assets @lstein   @blessedcoolant  
+/invokeai/configs @lstein  @blessedcoolant  
 /invokeai/version @lstein @blessedcoolant  
 
 # web ui
 /invokeai/frontend @blessedcoolant  @lstein  @dunkeroni  
 
 # generation, model management, postprocessing
-/invokeai/backend  @lstein @blessedcoolant @dunkeroni @JPPhoto
+/invokeai/backend  @lstein @blessedcoolant @dunkeroni @JPPhoto  @Pfannkuchensack 
 
 # front ends
 /invokeai/frontend/CLI @lstein  

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Project-Documentation
-    url: https://invoke-ai.github.io/InvokeAI/
+    url: https://invoke.ai/
     about: Should be your first place to go when looking for manuals/FAQs regarding our InvokeAI Toolkit
   - name: Discord
     url: https://discord.gg/ZmtBAhwWhy

.github/workflows/deploy-docs.yml

@@ -0,0 +1,141 @@
+name: 'docs'
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+    types:
+      - 'ready_for_review'
+      - 'opened'
+      - 'synchronize'
+  workflow_dispatch:
+    inputs:
+      deploy_target:
+        description: 'Deploy target (custom = invoke.ai, ghpages = invoke-ai.github.io/InvokeAI)'
+        type: choice
+        options:
+          - custom
+          - ghpages
+        default: custom
+
+permissions:
+  contents: read
+  pull-requests: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      docs: ${{ steps.manual.outputs.docs || steps.filter.outputs.docs }}
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: mark manual run
+        if: github.event_name == 'workflow_dispatch'
+        id: manual
+        run: echo "docs=true" >> "$GITHUB_OUTPUT"
+
+      - name: detect docs-related changes
+        if: github.event_name != 'workflow_dispatch'
+        id: filter
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            docs:
+              - '.github/workflows/deploy-docs.yml'
+              - 'docs/**'
+              - 'scripts/generate_docs_json.py'
+              - 'invokeai/app/**'
+              - 'invokeai/backend/**'
+              - 'pyproject.toml'
+              - 'uv.lock'
+
+  check-and-build:
+    needs: changes
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request' &&
+        github.event.pull_request.draft == false &&
+        needs.changes.outputs.docs == 'true') ||
+      (github.event_name == 'push' && needs.changes.outputs.docs == 'true')
+    runs-on: ubuntu-22.04
+    timeout-minutes: 20
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      # Python (needed for generate-docs-data)
+      - name: setup uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: '0.6.10'
+          enable-cache: true
+          python-version: '3.11'
+
+      - name: setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      # generate_docs_json.py only needs the invokeai package importable
+      # (pydantic + invokeai.app/backend). Skip the [test] extra to keep CI fast.
+      - name: install python dependencies
+        run: uv pip install --editable .
+
+      # Node (needed for docs build)
+      - name: setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.12.0'
+
+      - name: setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+          run_install: false
+
+      - name: install docs dependencies
+        run: pnpm install --prefer-frozen-lockfile
+        working-directory: docs
+
+      # Checks
+      - name: verify generated docs data
+        run: pnpm run check-docs-data
+        working-directory: docs
+
+      - name: build docs
+        run: pnpm build
+        working-directory: docs
+        env:
+          DEPLOY_TARGET: ${{ github.event_name == 'workflow_dispatch' && inputs.deploy_target || github.ref == 'refs/heads/main' && 'ghpages' || 'custom' }}
+
+      # Upload artifact for deploy (main branch only)
+      - name: upload pages artifact
+        if: github.ref == 'refs/heads/main'
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/dist
+
+  deploy:
+    if: github.ref == 'refs/heads/main'
+    needs: check-and-build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/mkdocs-material.yml

@@ -1,49 +0,0 @@
-# This is a mostly a copy-paste from https://github.com/squidfunk/mkdocs-material/blob/master/docs/publishing-your-site.md
-
-name: mkdocs
-
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-permissions:
-  contents: write
-
-jobs:
-  deploy:
-    if: github.event.pull_request.draft == false
-    runs-on: ubuntu-latest
-    env:
-      REPO_URL: '${{ github.server_url }}/${{ github.repository }}'
-      REPO_NAME: '${{ github.repository }}'
-      SITE_URL: 'https://${{ github.repository_owner }}.github.io/InvokeAI'
-
-    steps:
-      - name: checkout
-        uses: actions/checkout@v5
-
-      - name: setup python
-        uses: actions/setup-python@v6
-        with:
-          python-version: '3.12'
-          cache: pip
-          cache-dependency-path: pyproject.toml
-
-      - name: set cache id
-        run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
-
-      - name: use cache
-        uses: actions/cache@v4
-        with:
-          key: mkdocs-material-${{ env.cache_id }}
-          path: .cache
-          restore-keys: |
-            mkdocs-material-
-
-      - name: install dependencies
-        run: python -m pip install ".[docs]"
-
-      - name: build & deploy
-        run: mkdocs gh-deploy --force

.github/workflows/translations.yml

@@ -0,0 +1,78 @@
+name: Crowdin Translations
+
+on:
+  # Allow manual runs from the Actions tab
+  workflow_dispatch:
+    inputs:
+      upload_sources:
+        description: 'Upload source strings to Crowdin'
+        type: boolean
+        default: true
+      download_translations:
+        description: 'Download translations from Crowdin'
+        type: boolean
+        default: true
+
+  # Upload sources & download translations when source files change on main
+  push:
+    branches:
+      - main
+    paths:
+      - 'invokeai/frontend/web/public/locales/en.json'
+      - 'docs/src/content/i18n/en.json'
+      - 'docs/src/content/docs/**/*.md'
+      - 'docs/src/content/docs/**/*.mdx'
+      - '!docs/src/content/docs/[a-z][a-z]/**'
+      - '!docs/src/content/docs/[a-z][a-z]-*/**'
+      - 'crowdin.yml'
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  crowdin-sync:
+    name: Sync with Crowdin
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Crowdin Sync
+        uses: crowdin/github-action@v2
+        with:
+          # Upload sources on push to main or when manually requested
+          upload_sources: ${{ github.event_name != 'workflow_dispatch' || inputs.upload_sources }}
+          upload_translations: false
+
+          # Download translations on push to main or when manually requested
+          download_translations: ${{ github.event_name != 'workflow_dispatch' || inputs.download_translations }}
+
+          # PR settings for downloaded translations
+          create_pull_request: true
+          pull_request_title: 'i18n: update translations from Crowdin'
+          pull_request_body: |
+            Automated pull request from [Crowdin](https://crowdin.com).
+
+            This PR updates translations for:
+            - **Web App UI** (`invokeai/frontend/web/public/locales/`)
+            - **Documentation UI Strings** (`docs/src/content/i18n/`)
+            - **Documentation Content** (`docs/src/content/docs/<locale>/`)
+          pull_request_base_branch_name: main
+          pull_request_labels: 'i18n'
+
+          # Commit settings
+          localization_branch_name: crowdin/translations
+          commit_message: 'i18n: update translations from Crowdin'
+
+          # Use the config file at the repo root
+          config: crowdin.yml
+
+          # Skip untranslated strings/files to keep partial translations clean
+          download_translations_args: '--skip-untranslated-strings'
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
+          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

.gitignore

@@ -179,6 +179,7 @@ cython_debug/
 
 # Scratch folder
 .scratch/
+worktrees/
 .vscode/
 .zed/
 

Makefile

@@ -12,24 +12,25 @@ help:
 	@echo "mypy-all                 Run mypy ignoring the config in pyproject.tom but still ignoring missing imports"
 	@echo "test                     Run the unit tests."
 	@echo "update-config-docstring  Update the app's config docstring so mkdocs can autogenerate it correctly."
-	@echo "frontend-install         Install the pnpm modules needed for the front end"
-	@echo "frontend-build           Build the frontend in order to run on localhost:9090"
+	@echo "frontend-install         Install the pnpm modules needed for the frontend"
+	@echo "frontend-build           Build the frontend for localhost:9090"
+	@echo "frontend-test            Run the frontend test suite once"
 	@echo "frontend-dev             Run the frontend in developer mode on localhost:5173"
 	@echo "frontend-typegen         Generate types for the frontend from the OpenAPI schema"
-	@echo "wheel            				Build the wheel for the current version"
+	@echo "frontend-lint            Run frontend checks and fixable lint/format steps"
+	@echo "wheel                    Build the wheel for the current version"
 	@echo "tag-release              Tag the GitHub repository with the current version (use at release time only!)"
 	@echo "openapi                  Generate the OpenAPI schema for the app, outputting to stdout"
 	@echo "docs                     Serve the mkdocs site with live reload"
 
 # Runs ruff, fixing any safely-fixable errors and formatting
 ruff:
-	ruff check . --fix
-	ruff format .
+	cd invokeai && uv tool run ruff@0.11.2 format
 
 # Runs ruff, fixing all errors it can fix and formatting
 ruff-unsafe:
 	ruff check . --fix --unsafe-fixes
-	ruff format .
+	ruff format
 
 # Runs mypy, using the config in pyproject.toml
 mypy:
@@ -57,6 +58,10 @@ frontend-install:
 frontend-build:
 	cd invokeai/frontend/web && pnpm build
 
+# Run the frontend test suite once
+frontend-test:
+	cd invokeai/frontend/web && pnpm run test:run
+
 # Run the frontend in dev mode
 frontend-dev:
 	cd invokeai/frontend/web && pnpm dev
@@ -64,6 +69,13 @@ frontend-dev:
 frontend-typegen:
 	cd invokeai/frontend/web && python ../../../scripts/generate_openapi_schema.py | pnpm typegen
 
+frontend-lint:
+	cd invokeai/frontend/web/src && \
+	pnpm lint:tsc && \
+	pnpm lint:dpdm && \
+	pnpm lint:eslint --fix && \
+	pnpm lint:prettier --write 
+
 # Tag the release
 wheel:
 	cd scripts && ./build_wheel.sh
@@ -79,4 +91,4 @@ openapi:
 # Serve the mkdocs site w/ live reload
 .PHONY: docs
 docs:
-	mkdocs serve
+	mkdocs serve

README.md

@@ -52,21 +52,45 @@ The Unified Canvas is a fully integrated canvas implementation with support for
 
 ### Workflows & Nodes
 
-Invoke offers a fully featured workflow management solution, enabling users to combine the power of node-based workflows with the easy of a UI. This allows for customizable generation pipelines to be developed and shared by users looking to create specific workflows to support their production use-cases.
+Invoke offers a fully featured workflow management solution, enabling users to combine the power of node-based workflows with the ease of a UI. This allows for customizable generation pipelines to be developed and shared by users looking to create specific workflows to support their production use-cases.
 
 ### Board & Gallery Management
 
 Invoke features an organized gallery system for easily storing, accessing, and remixing your content in the Invoke workspace. Images can be dragged/dropped onto any Image-base UI element in the application, and rich metadata within the Image allows for easy recall of key prompts or settings used in your workflow.
 
+### Model Support
+- SD 1.5
+- SD 2.0
+- SDXL
+- SD 3.5 Medium
+- SD 3.5 Large
+- CogView 4
+- Flux.1 Dev
+- Flux.1 Schnell
+- Flux.1 Kontext
+- Flux.1 Krea
+- Flux Redux
+- Flux Fill
+- Flux.2 Klein 4B
+- Flux.2 Klein 9B
+- Z-Image Turbo
+- Z-Image Base
+- Anima
+- Qwen Image
+- Qwen Image Edit
+- Nano Banana (API Only)
+- GPT Image (API Only)
+- Wan (API Only)
+
 ### Other features
 
-- Support for both ckpt and diffusers models
-- SD1.5, SD2.0, SDXL, and FLUX support
+- Support for ckpt, diffusers, and some gguf models
 - Upscaling Tools
 - Embedding Manager & Support
 - Model Manager & Support
 - Workflow creation & management
 - Node-Based Architecture
+- Object Segmentation & Selection Models (SAM / SAM2)
 
 ## Contributing
 
@@ -82,14 +106,14 @@ Invoke is a combined effort of [passionate and talented people from across the w
 
 Original portions of the software are Copyright © 2024 by respective contributors.
 
-[features docs]: https://invoke-ai.github.io/InvokeAI/features/database/
-[faq]: https://invoke-ai.github.io/InvokeAI/faq/
-[contributors]: https://invoke-ai.github.io/InvokeAI/contributing/contributors/
+[features docs]: https://invoke.ai/
+[faq]: https://invoke.ai/troubleshooting/faq/
+[contributors]: https://invoke.ai/contributing/contributors/
 [github issues]: https://github.com/invoke-ai/InvokeAI/issues
-[docs home]: https://invoke-ai.github.io/InvokeAI
-[installation docs]: https://invoke-ai.github.io/InvokeAI/installation/
+[docs home]: https://invoke.ai
+[installation docs]: https://invoke.ai/start-here/installation/
 [#dev-chat]: https://discord.com/channels/1020123559063990373/1049495067846524939
-[contributing docs]: https://invoke-ai.github.io/InvokeAI/contributing/
+[contributing docs]: https://invoke.ai/contributing/
 [CI checks on main badge]: https://flat.badgen.net/github/checks/invoke-ai/InvokeAI/main?label=CI%20status%20on%20main&cache=900&icon=github
 [CI checks on main link]: https://github.com/invoke-ai/InvokeAI/actions?query=branch%3Amain
 [discord badge]: https://flat.badgen.net/discord/members/ZmtBAhwWhy?icon=discord

USER_ISOLATION_IMPLEMENTATION.md

@@ -0,0 +1,169 @@
+# User Isolation Implementation Summary
+
+This document describes the implementation of user isolation features in the InvokeAI session queue and processing system to address issues identified in the enhancement request.
+
+## Issues Addressed
+
+### 1. Cross-User Image/Preview Visibility
+**Problem:** When two users are logged in simultaneously and one initiates a generation, the generation preview shows up in both users' browsers and the generated image gets saved to both users' image boards.
+
+**Solution:** Implemented socket-level event filtering based on user authentication:
+
+#### Backend Changes (`invokeai/app/api/sockets.py`):
+- Added socket authentication middleware in `_handle_connect()` method
+- Extracts JWT token from socket auth data or HTTP headers
+- Verifies token using existing `verify_token()` function
+- Stores `user_id` and `is_admin` in socket session for later use
+- Modified `_handle_queue_event()` to filter events by user:
+  - For `QueueItemEventBase` events, only emit to:
+    - The user who owns the queue item (`user_id` matches)
+    - Admin users (`is_admin` is True)
+  - For general queue events, emit to all subscribers
+
+#### Event System Changes (`invokeai/app/services/events/events_common.py`):
+- Added `user_id` field to `QueueItemEventBase` class
+- Updated all event builders to include `user_id` from queue items:
+  - `InvocationStartedEvent.build()`
+  - `InvocationProgressEvent.build()`
+  - `InvocationCompleteEvent.build()`
+  - `InvocationErrorEvent.build()`
+  - `QueueItemStatusChangedEvent.build()`
+
+### 2. Batch Field Values Privacy
+**Problem:** Users can see batch field values from generation processes launched by other users.
+
+**Solution:** Implemented field value sanitization at the API level:
+
+#### API Router Changes (`invokeai/app/api/routers/session_queue.py`):
+- Created `sanitize_queue_item_for_user()` helper function
+  - Clears `field_values` for non-admin users viewing other users' items
+  - Admins and item owners can see all field values
+- Updated endpoints to require authentication and sanitize responses:
+  - `list_all_queue_items()` - Added `CurrentUser` dependency
+  - `get_queue_items_by_item_ids()` - Added `CurrentUser` dependency
+  - `get_queue_item()` - Added `CurrentUser` dependency
+
+### 3. Queue Updates Across Browser Windows
+**Problem:** When the job queue tab is open in multiple browsers and a generation is begun in one browser window, the queue does not update in the other window.
+
+**Status:** This issue is likely resolved by the socket authentication and event filtering changes. The existing socket subscription mechanism (`subscribe_queue` event) already supports multiple connections per user. Testing is required to confirm this works correctly with the new authentication flow.
+
+### 4. User Information Display
+**Problem:** Queue table lacks user identification, making it difficult to know who launched which job.
+
+**Solution:** Added user information to queue items and UI:
+
+#### Database Layer (`invokeai/app/services/session_queue/session_queue_sqlite.py`):
+- Updated SQL queries to JOIN with `users` table
+- Modified methods to fetch user information:
+  - `get_queue_item()` - Now selects `display_name` and `email` from users table
+  - `dequeue()` - Includes user info
+  - `get_next()` - Includes user info
+  - `get_current()` - Includes user info
+  - `list_all_queue_items()` - Includes user info
+
+#### Data Model Changes (`invokeai/app/services/session_queue/session_queue_common.py`):
+- Added optional fields to `SessionQueueItem`:
+  - `user_display_name: Optional[str]` - Display name from users table
+  - `user_email: Optional[str]` - Email from users table
+  - Note: `user_id` field already existed from Migration 25
+
+#### Frontend UI Changes:
+- **Constants** (`constants.ts`): Added `user: '8rem'` column width
+- **Header** (`QueueListHeader.tsx`): Added "User" column header
+- **Item Component** (`QueueItemComponent.tsx`):
+  - Added logic to display user information (display_name → email → user_id)
+  - Added user column to queue item row
+  - Added tooltip with full username on hover
+  - Added "Hidden for privacy" message when field_values are null for non-owned items
+- **Localization** (`en.json`): Added translations:
+  - `"user": "User"`
+  - `"fieldValuesHidden": "Hidden for privacy"`
+
+## Security Considerations
+
+### Token Verification
+- Tokens are verified using the existing `verify_token()` function from `invokeai.app.services.auth.token_service`
+- Invalid or missing tokens default to "system" user with non-admin privileges
+- Socket connections without valid tokens are still accepted for backward compatibility but have limited access
+
+### Data Privacy
+- Field values are only visible to:
+  - The user who created the queue item
+  - Admin users
+- Non-admin users viewing other users' queue items see "Hidden for privacy" instead of field values
+
+### Admin Privileges
+- Admin users can see all queue events and field values across all users
+- Admin status is determined from the JWT token's `is_admin` field
+
+## Migration Notes
+
+No database migration is required. The changes leverage:
+- Existing `user_id` column in `session_queue` table (added in Migration 25)
+- Existing `users` table (added in Migration 25)
+- SQL LEFT JOINs to fetch user information (gracefully handles missing user records)
+
+## Testing Requirements
+
+### Backend Testing
+1. **Socket Authentication:**
+   - Verify valid tokens are accepted and user context is stored
+   - Verify invalid tokens default to system user
+   - Verify expired tokens are rejected
+
+2. **Event Filtering:**
+   - User A should only receive events for their own queue items
+   - Admin users should receive all events
+   - Non-admin users should not receive events from other users
+
+3. **Field Value Sanitization:**
+   - Non-admin users should see null field_values for other users' items
+   - Admins should see all field values
+   - Users should see their own field values
+
+### Frontend Testing
+1. **UI Display:**
+   - User column should display in queue list
+   - Display name should be shown when available
+   - Email should be shown as fallback when display name is missing
+   - User ID should be shown when both display name and email are missing
+   - Tooltip should show full username on hover
+
+2. **Field Values Display:**
+   - "Hidden for privacy" message should appear when viewing other users' items
+   - Own items should show field values normally
+
+3. **Multi-Browser Testing:**
+   - Open queue tab in two browsers with different users
+   - Start generation in one browser
+   - Verify other browser doesn't see the preview/progress
+   - Verify admin user can see all generations
+
+### Integration Testing
+1. Multi-user scenarios with simultaneous generations
+2. Queue updates across multiple browser windows
+3. Admin vs. non-admin privilege differentiation
+4. Socket reconnection handling
+
+## Known Limitations
+
+1. **TypeScript Types:**
+   - The OpenAPI schema needs to be regenerated to include new fields
+   - Run: `cd invokeai/frontend/web && python ../../../scripts/generate_openapi_schema.py | pnpm typegen`
+
+2. **Backward Compatibility:**
+   - System user ("system") entries will not have display name or email
+   - Existing queue items from before Migration 25 will have user_id="system"
+
+3. **Socket.IO Session Storage:**
+   - Socket.IO's in-memory session storage may not persist across server restarts
+   - Consider implementing persistent session storage if needed for production
+
+## Future Enhancements
+
+1. Add user filtering to queue list (show only my items vs. all items)
+2. Add permission system for queue management operations (cancel, retry, delete)
+3. Implement queue item ownership transfer for administrative purposes
+4. Add audit logging for queue operations with user attribution
+5. Consider implementing user-specific queue limits or quotas

docker/README.md

@@ -109,7 +109,7 @@ CONTAINER_UID=1000
 GPU_DRIVER=cuda
 ```
 
-Any environment variables supported by InvokeAI can be set here. See the [Configuration docs](https://invoke-ai.github.io/InvokeAI/features/CONFIGURATION/) for further detail.
+Any environment variables supported by InvokeAI can be set here. See the [Configuration docs](https://invoke.ai/configuration/invokeai-yaml/) for further detail.
 
 ---