Skip to content

Releases: higress-group/himarket

v0.7.1

30 Mar 16:00
@lexburner lexburner
v0.7.1
582e149
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.7.1 Latest
Latest

概述

v0.7.1 是一个维护版本,主要包含 管理门户 UI 全面重设计Nacos 升级到 v3.2.1Skill 强制发布能力 以及 部署脚本升级模式改进

亮点

  • 管理门户 UI 重设计: 管理后台和开发者门户 UI 全面焕新,引入 Ant Design 主题定制、RESTful 路由、批量操作栏、产品详情统一布局等,提升整体交互体验。
  • Nacos 升级至 v3.2.1: 将 Nacos server/client/api 从 v3.2.0 升级到 v3.2.1,获取最新的稳定性和功能改进。
  • Skill 强制发布: 新增 force-publish 端点,支持绕过审核流水线直接发布被拒绝的 Skill 版本,方便管理员快速上架。
  • 部署升级模式增强: Docker 和 Helm 部署脚本的升级模式全面改进,支持自动拉取最新镜像、可配置数据目录、升级时跳过初始化钩子等。

新功能

  • 升级 Nacos 至 v3.2.1,新增 Skill 强制发布端点和广场页面标语 (#228)
  • 管理门户和开发者门户 UI 全面重设计,增强组件和路由 (#227)

缺陷修复

  • 改进 Skill/Worker 版本管理和 Nacos 状态处理 (#224)
  • 改进部署脚本升级模式和镜像管理 (#229)
  • 改进 Docker 安装脚本,支持可配置数据目录和升级模式 (#223)

所有贡献者

Contributors

lexburner
Assets 2
Loading

v0.7.0

27 Mar 16:23
@lexburner lexburner
v0.7.0
ef5b408
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.7.0

概述

v0.7.0 是一个重要的功能版本,带来了 Skill 市场Worker 模板市场HiCoding 智能体在线编程统一可观测性门户菜单管理能力。本版本还包含大量部署易用性改进、聊天增强和重要安全修复。

亮点

  • Skill 市场: 提供开箱即用的 Skill 全生命周期管理,底层由 Nacos v3.2.0 提供支撑。
  • Worker 模板市场: Worker 模板预置了开箱即用的 AGENTS.md / SOUL.md / MEMORY / SKILL 和 MCP 套件,让你的小龙虾不再是从零养起,直接"领养"别人精心培育好的小龙虾。
  • Skill & Worker 版本管理: 支持多版本切换,提供 2 种上架审核方式——安全审核(不依赖 AI)和 AI 审核(需提供 APIKEY)。
  • HiCoding 智能体在线编程: HiChat 的升级版。HiChat 定位为模型问答,HiCoding 定位为直接使用 HiMarket 市场中的模型、Skill、MCP,在 HiMarket 沙箱中进行在线 Coding & CoWork。支持 Qwen Code 和 Open Code 两种 CLI 进行调度。
  • 后台菜单开关管理: 支持对 HiChat / HiCoding / MCP / Model / API / Agent / Skill / Worker 进行选择性隐藏,适用于只想构建单一 Skill 市场、单一模型市场等场景。
  • 部署脚本易用性提升: 通过 bash install.sh 交互式一键拉起 K8s 和 Docker 两种部署架构下的 HiMarket 及其依赖组件,并自动完成模型、Skill、MCP、Worker 的初始化。拉起的 HiMarket 不再是从零开始构建,而是预置了大量开箱即用的通用数据。
  • 统一可观测性: 在原先支持 SLS 可观测的基础上,新增 DB 可观测组件(不建议生产使用),提供指标/日志监控看板。
  • 一系列安全加固: 修复文件上传任意文件漏洞、Token 撤销持久化,移除硬编码密钥等。

新功能

  • 支持 Nacos displayServerUrl 并改进 HiClaw 下载体验 (#222)
  • 新增 Nacos 同步钩子,支持 Skills/Workers 自动导入 (#216)
  • 支持按下载量和更新时间排序产品 (#215)
  • 前端功能优化与 Skill 配置增强 (#213)
  • 支持 HiClaw Worker 市场和 Nacos 导入 Skills/Workers (#208)
  • 在 Nacos MySQL schema 中新增 AI 资源表 (#205)
  • 新增统一可观测性端点,支持 SLS/DB 路由 (#193)
  • 增强门户菜单显隐管理和 Helm 部署安全性 (#189)
  • 新增菜单显隐管理和终端切换支持 (#188)
  • 为 ApsaraGatewayConfig 添加 @JsonProperty 注解并传递 regionId header (#185)
  • 集成 HiCoding 模块与 Skill 市场功能 (#178)
  • 完成 Apsara 网关前后端集成 (#176)
  • 指标服务代理 + 日志收集器监控看板(MCP / 模型)(#172)
  • 添加聊天工具调用支持、停止生成功能及多项优化 (#169)
  • 添加 Java 17 版本检测和多架构镜像构建推送脚本

缺陷修复

  • [安全] 修复文件上传任意文件漏洞与 Token 撤销持久化 (#209)
  • 在安装脚本中添加 NACOS_USERNAME 配置以对齐 Higress (#221)
  • 添加 init-data 重试命令,Nacos schema 幂等化及杂项修复 (#220)
  • 修复 PublicAccessPathScanner 中的 catch-all 路径变量处理 (#219)
  • 改进 Skill/Worker 版本轮询和发布工作流 (#218)
  • 处理公开页面上的过期 Token 并改进开发者门户体验 (#217)
  • 更新 Nacos SQL schema 和 Skill 服务兼容性 (#214)
  • 修复简单问答不返回 ASSISTANT 事件导致页面卡住的问题 (#207)
  • 修复 Web 搜索禁用后仍保持启用的问题 (#206)
  • 修正构建工作流中的镜像名称和命名空间 (#195)
  • 改进 MCP 工具参数处理并升级 agentscope (#192)
  • 解析 YAML front matter 前去除 SKILL.md 的 UTF-8 BOM (#190)
  • 升级 Nacos MySQL 字符集为 utf8mb4 以支持 emoji (#186)
  • 修复 Nacos 启动配置、API 响应解析和多架构构建支持 (#183)
  • 模型聊天测试前要求先订阅 (#181)
  • 重构部署脚本并改进 Docker/Helm 体验 (#180)
  • 修复 max_tokens 与 max_completion_tokens 不能同时设置的冲突 (#177)

改进

  • 增强匿名访问的 HTTP 方法精确匹配和代码一致性 (#184)
  • 重构 APIDefinition (#162)
  • 新增 Docker 镜像构建工作流并改进 MCP 工具处理 (#194)
  • 升级 Nacos 依赖到 3.2.0 并启用认证 (#212)
  • 移除部署脚本中的硬编码密钥和冗余初始化钩子 (#211)
  • 为所有 Docker Compose 服务添加 pull_policy: always (#191)

新贡献者

所有贡献者

Overview

Version 0.7.0 is a major feature release that brings the Skill Marketplace, Worker Template Marketplace, HiCoding agent-powered online programming, unified observability, and portal menu management capabilities. This release also includes significant deployment usability improvements, chat enhancements, and important security fixes.

Highlights

  • Skill Marketplace: Out-of-the-box Skill lifecycle management, powered by Nacos v3.2.0.
  • Worker Template Marketplace: Worker templates come pre-loaded with ready-to-use AGENTS.md / SOUL.md / MEMORY / SKILL and MCP suites — no more raising your lobster from scratch, just "adopt" one that's already been carefully nurtured.
  • Skill & Worker Version Management: Multi-version switching with 2 review modes for publishing — security review (no AI dependency) and AI review (requires APIKEY).
  • HiCoding Agent-Powered Online Programming: An upgrade from HiChat. While HiChat is positioned for model Q&A, HiCoding enables direct use of models, Skills, and MCPs from the HiMarket marketplace for online Coding & CoWork within HiMarket sandboxes. Supports scheduling via both Qwen Code and Open Code CLIs.
  • Backend Menu Toggle Management: Selective visibility control for HiChat / HiCoding / MCP / Model / API / Agent / Skill / Worker, ideal for building a dedicated Skill marketplace, a single model marketplace, etc.
  • Deployment Script Usability Improvements: One-click interactive deployment via bash install.sh for both K8s and Docker architectures, with automatic initialization of models, Skills, MCPs, and Workers. HiMarket now comes pre-loaded with ready-to-use common data out of the box.
  • Unified Observability: Added DB-based observability component on top of existing SLS support (not recommended for production), providing metrics and logging dashboards.
  • Security Hardening: Fixed file upload arbitrary file vulnerability, token revocation persistence, removed hardcoded secrets, and more.

New Features

  • Support Nacos displayServerUrl and improve HiClaw download UX (#222)
  • Add Nacos sync hooks for Skills/Workers auto-import (#216)
  • Support product sorting by download count and updated time (#215)
  • Frontend optimization and Skill configuration enhancements (#213)
  • Support HiClaw worker market and Nacos import for skills/workers (#208)
  • Add AI resource tables to Nacos MySQL schema (#205)
  • Add unified observability endpoint with SLS/DB routing (#193)
  • Enhance portal menu visibility management and Helm deployment security (#189)
  • Add menu visibility management and terminal switch support (#188)
  • Add @JsonProperty annotations for ApsaraGatewayConfig and pass regionId header (#185)
  • Integrate HiCoding module and Skill marketplace (#178)
  • Complete Apsara gateway integration (#176)
  • Metrics proxy + log collector dashboard for MCP/Model (#172)
  • Add chat tool calling support, stop generation, and multiple optimizations (#169)
  • Add Java 17 detection and multi-arch image build scripts

Bug Fixes

  • [SECURITY] Fix file upload arbitrary file vulnerability and token revocation persistence (#209)
  • Add NACOS_USERNAME config to install scripts for Higress parity (#221)
  • Add init-data retry command, idempotent Nacos schema, and misc fixes (#220)
  • Handle catch-all path variables in PublicAccessPathScanner (#219)
  • Improve skill/worker version polling and publish workflow (#218)
  • Handle expired tokens on public pages and improve developer portal UX (#217)
  • Update Nacos SQL schema and Skill service compatibility (#214)
  • Fix chat not sending ASSISTANT event for simple Q&A causing page freeze (#207)
  • Fix web search remaining enabled after being disabled (#206)
  • Correct image names and namespace in build workflow (#195)
  • Improve MCP tool parameter handling and upgrade agentscope (#192)
  • Strip UTF-8 BOM from SKILL.md before parsing YAML front matter (#190)
  • Upgrade Nacos MySQL charset to utf8mb4 for emoji support (#186)
  • Fix Nacos startup config, API response parsing, and multi-arch build support (#183)
  • Require subscription before starting model chat test (#181)
  • Refactor deployment scripts and enhance Docker/Helm experience (#180)
  • Fix max_tokens and max_completion_tokens conflict (#177)

Improvements

  • Enhance anonymous access with HTTP method precision and code consistency (#184)
  • Reconstruct APIDefinition (#162)
  • Add Docker image build workflow and improve MCP tool handling (#194)
  • Upgrade Nacos dependencies to 3.2.0 and enable auth (#212)
  • Remove hardcoded secrets and redundant initialization hooks from deployment scripts (#211)
  • Add pull_policy: always to all Docker Compose services (#191)

New Contributors

All Contributors

Full Changelog: v0.6.0...v0.7.0

Contributors

lexburner, JayLi52, and 5 other contributors
Loading

v0.6.0

03 Feb 12:07
@learnerjohn learnerjohn
v0.6.0
f44e8f6

Choose a tag to compare

View all tags
v0.6.0

Overview

Version 0.6.0 is a significant feature release that focuses on multimodal AI capabilities, enterprise-grade data integration, and user experience improvements. This release adds DashScope text-to-image model support, Nacos commercial MCP data import, and includes important security fixes.

Highlights

  • Multimodal AI Support: DashScope text-to-image and multimodal input capabilities
  • Enterprise Integration: Nacos commercial MCP data import support
  • Security Fix: Fixed authentication bypass vulnerability in developers endpoint

New Features

  • Add DashScope text-to-image model and multimodal input support (#160)
  • Support Nacos commercial MCP data import (#100)
  • Add OPENAI_COMPATIBLE protocol support (#152)
  • Add apiKeyLocationType request parameter for flexible authentication (#151)
  • Add user guide and Higress gateway IP configuration support (#112)
  • Rename Himarket to HiMarket and improve session management (#115)
  • Unify admin page UI style and add empty state illustrations (#124, #120)

Bug Fixes

  • [IMPORTANT] Fix authentication bypass vulnerability in developers endpoint (#150)
  • Resolve deployment command compatibility issues (#155)
  • Fix missing OIDC login functionality (#106)
  • Fix incorrect Higress MCP Server path (#111)
  • Resolve product icon rendering and domain URL port display issues (#135)
  • Fix MCP tools and Product configuration problems (#128)
  • Fix SSE path format (#143)
  • Fix style issues (#104)

Improvements

  • Update CI/CD workflow configuration (#136)
  • Add /mcp-servers prefix and lint rules (#149)
  • Bump vite from 7.2.0 to 6.4.1 for stability (#116)

New Contributors

Full Changelog: v0.5.0...v0.6.0

Contributors

SharlyCheung, luoxiner, and oneFiish
Loading

v0.5.0

04 Dec 12:27
@learnerjohn learnerjohn
v0.5.0
24d6491
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.0

新特性

构建专属 AI 能力市场

  1. MCP 市场:支持将 Higress/AI 网关、Nacos 上的 MCP Server 一键上架到市场,开发者可浏览、订阅各类 MCP 服务;
  2. Model 市场:以 Higress 作为模型服务的网关代理,提供统一的接入管理和安全防护;
  3. Agent 市场:支持对接 AgentScope 等 Agent 开发平台,构建的 Agent 可一键注册到 HiMarket。

AI 体验中心

  1. 模型对话调试:支持单模型对话测试和多模型效果对比,支持联网搜索能力;
  2. MCP 工具调试:结合 MCP 进行工具调用测试,可视化查看工具调用过程和返回结果。

完善的 AI 开放平台能力,提供管理后台和开发者门户

  1. 管理后台:
    a. 门户配置:自定义域名、安全策略、审批流程和第三方身份认证;
    b. 产品运营:API 产品管理、文档配置、权限控制和分类管理;
    c. 审批管理:开发者注册审批、产品订阅审批,支持自动/人工审批。
  2. 开发者门户:
    a. 自助服务:一站式完成注册、API 产品浏览、产品订阅和凭证管理;
    b. 身份集成:支持企业 SSO 单点登录,无缝对接现有身份认证体系。

可观测能力

  1. 查看模型调用的 Token 消耗、延迟、成功率等指标;
  2. 监控 MCP 工具调用成功率、响应时长等运行状态;
  3. 支持按时间、API 产品、开发者等维度筛选。

环境要求

  • JDK:17+
  • Spring Boot:3.x
  • Node.js:v20+
  • 数据库:MySQL 8.0+ / MariaDB

Contributors

Contributor teams

  1. 阿里云-云原生中间件
  2. 阿里云-专有云中间件
  3. 蚂蚁数科-智能中间件

Full Changelog: https://github.com/higress-group/himarket/commits/v0.5.0

Contributors

yofine, mengjian, and 18 other contributors
Loading
0 Join discussion