Description
Cherry-picks the Higgsfield app onto production. Two commits land together because production has nothing for Higgsfield yet, and PR #24473's actions aren't coherent without PR #24407's config.ts:
| Commit | Source PR | What it adds |
|---|
a5490caa20 | #24407 | apps/higgsfield/config.ts + tool.py stub. API_KEY auth with custom Authorization: Key {api_key}:{api_key_secret} header (two-field credential). |
66eb9d746a | #24473 | Three Option-B actions: HIGGSFIELD_GENERATE (generic, model_id is a free-form string path param), HIGGSFIELD_GET_REQUEST_STATUS, HIGGSFIELD_CANCEL_REQUEST. Tool registers all three. |
End state on this branch: 6 files under apps/higgsfield/:
apps/higgsfield/
├── actions/
│ ├── __init__.py
│ ├── higgsfield_cancel_request.py
│ ├── higgsfield_generate.py
│ └── higgsfield_get_request_status.py
├── config.ts
└── tool.py
This is a byte-for-byte cherry-pick — no code changes beyond what landed in PR #24407 and PR #24473 on master.
How did I test this PR
- Cherry-picks applied cleanly with no conflicts.
nox -s chk_app -- apps/higgsfield: ruff format ✓, ruff lint ✓, mypy ✓ (5 source files, 0 issues)./build-checks --include-tests: make fmt ✓ (restored fmt changes to unrelated files), MYPY_DIFF_ONLY=1 nox -s chk ✓, pytest -q tests/test_apps/test_googledrive/test_upload_from_url.py ✓ (11 passed).- Credentials verified end-to-end against the real Higgsfield API earlier this session (
POST /higgsfield-ai/soul/standard returns 200 with request_id).
- Source PR #24473 shipped to master with 16/16 CI checks green.
Known CI issues (NOT introduced by this PR)
Checks workflow — Check preamble backward compatibility: This step hardcodes --base origin/master in .github/workflows/common.yaml:133. Since production lags master, master can gain or modify preamble exports that production hasn't picked up yet, and the check flags them as "removed" from this PR. In our case it flags bounded_unique_ids in mercury/tools/_base/trigger.py — a file we did not touch and that was added to master after the last Release: master → production PR. This will affect every cherry-pick-to-production PR until the workflow is fixed to use $GITHUB_BASE_REF instead of hardcoded master. Recommend a follow-up to .github/workflows/common.yaml to make the preamble base dynamic..github/workflows/secrets-detection.yml: Pre-existing failure on every PR per /workspace/CLAUDE.md memory. Workflow-file issue, unrelated to code.
Codex review findings (for follow-up master PR — not this cherry-pick)
Codex flagged 3 P2 issues that exist identically on master. Since this is a pure cherry-pick, the fixes belong in a follow-up master PR that flows through the normal release cycle, NOT in this PR:
config.ts:44 — get_current_user_endpoint uses a hard-coded test-connection request id. Verified against docs.higgsfield.ai: the API has no /me, /account, or /health endpoint. The 4xx-with-creds pattern is the only available probe; Composio's auth-probe treats credentialed 4xx as success. Defensible as-is; alternatively omit get_current_user_endpoint entirely if Composio supports that for API_KEY toolkits.higgsfield_generate.py:124-125 — hf_webhook sent in JSON body. Codex claimed docs say query string; docs.higgsfield.ai/docs/how-to/introduction does not mention hf_webhook at all. Direction needs Higgsfield-team confirmation before flipping body↔query.higgsfield_cancel_request.py:77-78 — 400/404 accepted as success. Legitimate behavioral bug: callers can't distinguish "cancelled" from "already-completed/nonexistent". Recommend follow-up master PR that restricts success to 200/202 and raises ExecutionFailed on 4xx with a status-distinguishing message.
@zen-agent