diff --git a/apps/docs/components/icons.tsx b/apps/docs/components/icons.tsx index 2e1e48778..d62410d7f 100644 --- a/apps/docs/components/icons.tsx +++ b/apps/docs/components/icons.tsx @@ -1131,6 +1131,32 @@ export function AirtableIcon(props: SVGProps) { ) } +export function AirweaveIcon(props: SVGProps) { + return ( + + + + + + ) +} + export function GoogleDocsIcon(props: SVGProps) { return ( ) { ) } + +export function AgentSkillsIcon(props: SVGProps) { + return ( + + + + + ) +} diff --git a/apps/docs/components/ui/icon-mapping.ts b/apps/docs/components/ui/icon-mapping.ts index c7a766f6c..490292c09 100644 --- a/apps/docs/components/ui/icon-mapping.ts +++ b/apps/docs/components/ui/icon-mapping.ts @@ -7,6 +7,7 @@ import { A2AIcon, AhrefsIcon, AirtableIcon, + AirweaveIcon, ApifyIcon, ApolloIcon, ArxivIcon, @@ -141,6 +142,7 @@ export const blockTypeToIconMap: Record = { a2a: A2AIcon, ahrefs: AhrefsIcon, airtable: AirtableIcon, + airweave: AirweaveIcon, apify: ApifyIcon, apollo: ApolloIcon, arxiv: ArxivIcon, diff --git a/apps/docs/content/docs/en/meta.json b/apps/docs/content/docs/en/meta.json index b934947a3..2f3899857 100644 --- a/apps/docs/content/docs/en/meta.json +++ b/apps/docs/content/docs/en/meta.json @@ -10,6 +10,7 @@ "connections", "mcp", "copilot", + "skills", "knowledgebase", "variables", "execution", diff --git a/apps/docs/content/docs/en/skills/index.mdx b/apps/docs/content/docs/en/skills/index.mdx new file mode 100644 index 000000000..6f5a95d3f --- /dev/null +++ b/apps/docs/content/docs/en/skills/index.mdx @@ -0,0 +1,134 @@ +--- +title: Agent Skills +--- + +import { Callout } from 'fumadocs-ui/components/callout' + +Agent Skills are reusable packages of instructions that give your AI agents specialized capabilities. Based on the open [Agent Skills](https://agentskills.io) format, skills let you capture domain expertise, workflows, and best practices that agents can load on demand. + +## How Skills Work + +Skills use **progressive disclosure** to keep agent context lean: + +1. **Discovery** — Only skill names and descriptions are included in the agent's system prompt (~50-100 tokens each) +2. **Activation** — When the agent decides a skill is relevant, it calls the `load_skill` tool to load the full instructions into context +3. **Execution** — The agent follows the loaded instructions to complete the task + +This means you can attach many skills to an agent without bloating its context window. The agent only loads what it needs. + +## Creating Skills + +Go to **Settings** and select **Skills** under the Tools section. + +![Manage Skills](/static/skills/manage-skills.png) + +Click **Add** to create a new skill with three fields: + +| Field | Description | +|-------|-------------| +| **Name** | A kebab-case identifier (e.g. `sql-expert`, `code-reviewer`). Max 64 characters. | +| **Description** | A short explanation of what the skill does and when to use it. This is what the agent reads to decide whether to activate the skill. Max 1024 characters. | +| **Content** | The full skill instructions in markdown. This is loaded when the agent activates the skill. | + + + The description is critical — it's the only thing the agent sees before deciding to load a skill. Be specific about when and why the skill should be used. + + +### Writing Good Skill Content + +Skill content follows the same conventions as [SKILL.md files](https://agentskills.io/specification): + +```markdown +# SQL Expert + +## When to use this skill +Use when the user asks you to write, optimize, or debug SQL queries. + +## Instructions +1. Always ask which database engine (PostgreSQL, MySQL, SQLite) +2. Use CTEs over subqueries for readability +3. Add index recommendations when relevant +4. Explain query plans for optimization requests + +## Common Patterns +... +``` + +**Recommended structure:** +- **When to use** — Specific triggers and scenarios +- **Instructions** — Step-by-step guidance with numbered lists +- **Examples** — Input/output samples showing expected behavior +- **Common Patterns** — Reusable approaches for frequent tasks +- **Edge Cases** — Gotchas and special considerations + +Keep skills focused and under 500 lines. If a skill grows too large, split it into multiple specialized skills. + +## Adding Skills to an Agent + +Open any **Agent** block and find the **Skills** dropdown below the tools section. Select the skills you want the agent to have access to. + +![Add Skill](/static/skills/add-skill.png) + +Selected skills appear as cards that you can click to edit or remove. + +### What Happens at Runtime + +When the workflow runs: + +1. The agent's system prompt includes an `` section listing each skill's name and description +2. A `load_skill` tool is automatically added to the agent's available tools +3. When the agent determines a skill is relevant to the current task, it calls `load_skill` with the skill name +4. The full skill content is returned as a tool response, giving the agent detailed instructions + +This works across all supported LLM providers — the `load_skill` tool uses standard tool-calling, so no provider-specific configuration is needed. + +## Common Use Cases + +Skills are most valuable when agents need specialized knowledge or multi-step workflows: + +**Domain Expertise** +- `api-integration-expert` — Best practices for calling specific APIs (authentication, rate limiting, error handling) +- `data-transformation` — ETL patterns, data cleaning, and validation rules +- `code-reviewer` — Code review guidelines specific to your team's standards + +**Workflow Templates** +- `bug-investigation` — Step-by-step debugging methodology (reproduce → isolate → test → fix) +- `feature-implementation` — Development workflow from requirements to deployment +- `document-generator` — Templates and formatting rules for technical documentation + +**Company-Specific Knowledge** +- `our-architecture` — System architecture diagrams, service dependencies, and deployment processes +- `style-guide` — Brand guidelines, writing tone, UI/UX patterns +- `customer-onboarding` — Standard procedures and common customer questions + +**When to use skills vs. agent instructions:** +- Use **skills** for knowledge that applies across multiple workflows or changes frequently +- Use **agent instructions** for task-specific context that's unique to a single agent + +## Best Practices + +**Writing Effective Descriptions** +- **Be specific and keyword-rich** — Instead of "Helps with SQL", write "Write optimized SQL queries for PostgreSQL, MySQL, and SQLite, including index recommendations and query plan analysis" +- **Include activation triggers** — Mention specific words or phrases that should prompt the skill (e.g., "Use when the user mentions PDFs, forms, or document extraction") +- **Keep it under 200 words** — Agents scan descriptions quickly; make every word count + +**Skill Scope and Organization** +- **One skill per domain** — A focused `sql-expert` skill works better than a broad `database-everything` skill +- **Limit to 5-10 skills per agent** — More skills = more decision overhead; start small and add as needed +- **Split large skills** — If a skill exceeds 500 lines, break it into focused sub-skills + +**Content Structure** +- **Use markdown formatting** — Headers, lists, and code blocks help agents parse and follow instructions +- **Provide examples** — Show input/output pairs so agents understand expected behavior +- **Be explicit about edge cases** — Don't assume agents will infer special handling + +**Testing and Iteration** +- **Test activation** — Run your workflow and verify the agent loads the skill when expected +- **Check for false positives** — Make sure skills aren't activating when they shouldn't +- **Refine descriptions** — If a skill isn't loading when needed, add more keywords to the description + +## Learn More + +- [Agent Skills specification](https://agentskills.io) — The open format for portable agent skills +- [Example skills](https://github.com/anthropics/skills) — Browse community skill examples +- [Best practices](https://agentskills.io/what-are-skills) — Writing effective skills diff --git a/apps/docs/content/docs/en/tools/airweave.mdx b/apps/docs/content/docs/en/tools/airweave.mdx new file mode 100644 index 000000000..59764a4c0 --- /dev/null +++ b/apps/docs/content/docs/en/tools/airweave.mdx @@ -0,0 +1,67 @@ +--- +title: Airweave +description: Search your synced data collections +--- + +import { BlockInfoCard } from "@/components/ui/block-info-card" + + + +{/* MANUAL-CONTENT-START:intro */} +[Airweave](https://airweave.ai/) is an AI-powered semantic search platform that helps you discover and retrieve knowledge across all your synced data sources. Built for modern teams, Airweave enables fast, relevant search results using neural, hybrid, or keyword-based strategies tailored to your needs. + +With Airweave, you can: + +- **Search smarter**: Use natural language queries to uncover information stored across your connected tools and databases +- **Unify your data**: Seamlessly access content from sources like code, docs, chat, emails, cloud files, and more +- **Customize retrieval**: Select between hybrid (semantic + keyword), neural, or keyword search strategies for optimal results +- **Boost recall**: Expand search queries with AI to find more comprehensive answers +- **Rerank results using AI**: Prioritize the most relevant answers with powerful language models +- **Get instant answers**: Generate clear, AI-powered responses synthesized from your data + +In Sim, the Airweave integration empowers your agents to search, summarize, and extract insights from all your organization’s data via a single tool. Use Airweave to drive rich, contextual knowledge retrieval within your workflows—whether answering questions, generating summaries, or supporting dynamic decision-making. +{/* MANUAL-CONTENT-END */} + +## Usage Instructions + +Search across your synced data sources using Airweave. Supports semantic search with hybrid, neural, or keyword retrieval strategies. Optionally generate AI-powered answers from search results. + + + +## Tools + +### `airweave_search` + +Search your synced data collections using Airweave. Supports semantic search with hybrid, neural, or keyword retrieval strategies. Optionally generate AI-powered answers from search results. + +#### Input + +| Parameter | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `apiKey` | string | Yes | Airweave API Key for authentication | +| `collectionId` | string | Yes | The readable ID of the collection to search | +| `query` | string | Yes | The search query text | +| `limit` | number | No | Maximum number of results to return \(default: 100\) | +| `retrievalStrategy` | string | No | Retrieval strategy: hybrid \(default\), neural, or keyword | +| `expandQuery` | boolean | No | Generate query variations to improve recall | +| `rerank` | boolean | No | Reorder results for improved relevance using LLM | +| `generateAnswer` | boolean | No | Generate a natural-language answer to the query | + +#### Output + +| Parameter | Type | Description | +| --------- | ---- | ----------- | +| `results` | array | Search results with content, scores, and metadata from your synced data | +| ↳ `entity_id` | string | Unique identifier for the search result entity | +| ↳ `source_name` | string | Name of the data source \(e.g., "GitHub", "Slack"\) | +| ↳ `md_content` | string | Markdown-formatted content of the result | +| ↳ `score` | number | Relevance score from the search | +| ↳ `metadata` | object | Additional metadata associated with the result | +| ↳ `breadcrumbs` | array | Navigation path to the result within its source | +| ↳ `url` | string | URL to the original content | +| `completion` | string | AI-generated answer to the query \(when generateAnswer is enabled\) | + + diff --git a/apps/docs/content/docs/en/tools/meta.json b/apps/docs/content/docs/en/tools/meta.json index 61b20cfa9..419957f7e 100644 --- a/apps/docs/content/docs/en/tools/meta.json +++ b/apps/docs/content/docs/en/tools/meta.json @@ -4,6 +4,7 @@ "a2a", "ahrefs", "airtable", + "airweave", "apify", "apollo", "arxiv", diff --git a/apps/docs/public/static/skills/add-skill.png b/apps/docs/public/static/skills/add-skill.png new file mode 100644 index 000000000..80428e88a Binary files /dev/null and b/apps/docs/public/static/skills/add-skill.png differ diff --git a/apps/docs/public/static/skills/manage-skills.png b/apps/docs/public/static/skills/manage-skills.png new file mode 100644 index 000000000..67f7ccd20 Binary files /dev/null and b/apps/docs/public/static/skills/manage-skills.png differ diff --git a/apps/sim/app/api/a2a/agents/[agentId]/route.ts b/apps/sim/app/api/a2a/agents/[agentId]/route.ts index 65f22e5b6..1c8eea273 100644 --- a/apps/sim/app/api/a2a/agents/[agentId]/route.ts +++ b/apps/sim/app/api/a2a/agents/[agentId]/route.ts @@ -5,7 +5,7 @@ import { eq } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' import { generateAgentCard, generateSkillsFromWorkflow } from '@/lib/a2a/agent-card' import type { AgentCapabilities, AgentSkill } from '@/lib/a2a/types' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { getRedisClient } from '@/lib/core/config/redis' import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -40,7 +40,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise { const mockRefreshTokenIfNeeded = vi.fn() const mockGetOAuthToken = vi.fn() const mockAuthorizeCredentialUse = vi.fn() - const mockCheckHybridAuth = vi.fn() + const mockCheckSessionOrInternalAuth = vi.fn() const mockLogger = createMockLogger() @@ -42,7 +42,7 @@ describe('OAuth Token API Routes', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: mockCheckHybridAuth, + checkSessionOrInternalAuth: mockCheckSessionOrInternalAuth, })) }) @@ -235,7 +235,7 @@ describe('OAuth Token API Routes', () => { describe('credentialAccountUserId + providerId path', () => { it('should reject unauthenticated requests', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: false, error: 'Authentication required', }) @@ -255,30 +255,8 @@ describe('OAuth Token API Routes', () => { expect(mockGetOAuthToken).not.toHaveBeenCalled() }) - it('should reject API key authentication', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ - success: true, - authType: 'api_key', - userId: 'test-user-id', - }) - - const req = createMockRequest('POST', { - credentialAccountUserId: 'test-user-id', - providerId: 'google', - }) - - const { POST } = await import('@/app/api/auth/oauth/token/route') - - const response = await POST(req) - const data = await response.json() - - expect(response.status).toBe(401) - expect(data).toHaveProperty('error', 'User not authenticated') - expect(mockGetOAuthToken).not.toHaveBeenCalled() - }) - it('should reject internal JWT authentication', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'internal_jwt', userId: 'test-user-id', @@ -300,7 +278,7 @@ describe('OAuth Token API Routes', () => { }) it('should reject requests for other users credentials', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'attacker-user-id', @@ -322,7 +300,7 @@ describe('OAuth Token API Routes', () => { }) it('should allow session-authenticated users to access their own credentials', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -345,7 +323,7 @@ describe('OAuth Token API Routes', () => { }) it('should return 404 when credential not found for user', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -373,7 +351,7 @@ describe('OAuth Token API Routes', () => { */ describe('GET handler', () => { it('should return access token successfully', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -402,7 +380,7 @@ describe('OAuth Token API Routes', () => { expect(response.status).toBe(200) expect(data).toHaveProperty('accessToken', 'fresh-token') - expect(mockCheckHybridAuth).toHaveBeenCalled() + expect(mockCheckSessionOrInternalAuth).toHaveBeenCalled() expect(mockGetCredential).toHaveBeenCalledWith(mockRequestId, 'credential-id', 'test-user-id') expect(mockRefreshTokenIfNeeded).toHaveBeenCalled() }) @@ -421,7 +399,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle authentication failure', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: false, error: 'Authentication required', }) @@ -440,7 +418,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle credential not found', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -461,7 +439,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle missing access token', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -487,7 +465,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle token refresh failure', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', diff --git a/apps/sim/app/api/auth/oauth/token/route.ts b/apps/sim/app/api/auth/oauth/token/route.ts index 7c7d1f463..f6728fe69 100644 --- a/apps/sim/app/api/auth/oauth/token/route.ts +++ b/apps/sim/app/api/auth/oauth/token/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { authorizeCredentialUse } from '@/lib/auth/credential-access' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { getCredential, getOAuthToken, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils' @@ -71,7 +71,7 @@ export async function POST(request: NextRequest) { providerId, }) - const auth = await checkHybridAuth(request, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!auth.success || auth.authType !== 'session' || !auth.userId) { logger.warn(`[${requestId}] Unauthorized request for credentialAccountUserId path`, { success: auth.success, @@ -187,7 +187,7 @@ export async function GET(request: NextRequest) { const { credentialId } = parseResult.data // For GET requests, we only support session-based authentication - const auth = await checkHybridAuth(request, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!auth.success || auth.authType !== 'session' || !auth.userId) { return NextResponse.json({ error: 'User not authenticated' }, { status: 401 }) } diff --git a/apps/sim/app/api/copilot/chat/route.ts b/apps/sim/app/api/copilot/chat/route.ts index 9d31bf5c3..72c959d9a 100644 --- a/apps/sim/app/api/copilot/chat/route.ts +++ b/apps/sim/app/api/copilot/chat/route.ts @@ -285,6 +285,14 @@ export async function POST(req: NextRequest) { apiVersion: 'preview', endpoint: env.AZURE_OPENAI_ENDPOINT, } + } else if (providerEnv === 'azure-anthropic') { + providerConfig = { + provider: 'azure-anthropic', + model: envModel, + apiKey: env.AZURE_ANTHROPIC_API_KEY, + apiVersion: env.AZURE_ANTHROPIC_API_VERSION, + endpoint: env.AZURE_ANTHROPIC_ENDPOINT, + } } else if (providerEnv === 'vertex') { providerConfig = { provider: 'vertex', diff --git a/apps/sim/app/api/files/delete/route.test.ts b/apps/sim/app/api/files/delete/route.test.ts index 669ea86ad..0cc9824f7 100644 --- a/apps/sim/app/api/files/delete/route.test.ts +++ b/apps/sim/app/api/files/delete/route.test.ts @@ -29,7 +29,7 @@ function setupFileApiMocks( } vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: authenticated, userId: authenticated ? 'test-user-id' : undefined, error: authenticated ? undefined : 'Unauthorized', diff --git a/apps/sim/app/api/files/delete/route.ts b/apps/sim/app/api/files/delete/route.ts index 1a5f49138..273500461 100644 --- a/apps/sim/app/api/files/delete/route.ts +++ b/apps/sim/app/api/files/delete/route.ts @@ -1,7 +1,7 @@ import { createLogger } from '@sim/logger' import type { NextRequest } from 'next/server' import { NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import type { StorageContext } from '@/lib/uploads/config' import { deleteFile, hasCloudStorage } from '@/lib/uploads/core/storage-service' import { extractStorageKey, inferContextFromKey } from '@/lib/uploads/utils/file-utils' @@ -24,7 +24,7 @@ const logger = createLogger('FilesDeleteAPI') */ export async function POST(request: NextRequest) { try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized file delete request', { diff --git a/apps/sim/app/api/files/download/route.ts b/apps/sim/app/api/files/download/route.ts index bd718ed8f..45f9ebb24 100644 --- a/apps/sim/app/api/files/download/route.ts +++ b/apps/sim/app/api/files/download/route.ts @@ -1,6 +1,6 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import type { StorageContext } from '@/lib/uploads/config' import { hasCloudStorage } from '@/lib/uploads/core/storage-service' import { verifyFileAccess } from '@/app/api/files/authorization' @@ -12,7 +12,7 @@ export const dynamic = 'force-dynamic' export async function POST(request: NextRequest) { try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized download URL request', { diff --git a/apps/sim/app/api/files/parse/route.test.ts b/apps/sim/app/api/files/parse/route.test.ts index 801795570..bfdc3bbe7 100644 --- a/apps/sim/app/api/files/parse/route.test.ts +++ b/apps/sim/app/api/files/parse/route.test.ts @@ -35,7 +35,7 @@ function setupFileApiMocks( } vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkInternalAuth: vi.fn().mockResolvedValue({ success: authenticated, userId: authenticated ? 'test-user-id' : undefined, error: authenticated ? undefined : 'Unauthorized', diff --git a/apps/sim/app/api/files/parse/route.ts b/apps/sim/app/api/files/parse/route.ts index 25112133f..4b1882f86 100644 --- a/apps/sim/app/api/files/parse/route.ts +++ b/apps/sim/app/api/files/parse/route.ts @@ -5,7 +5,7 @@ import path from 'path' import { createLogger } from '@sim/logger' import binaryExtensionsList from 'binary-extensions' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { secureFetchWithPinnedIP, validateUrlWithDNS, @@ -66,7 +66,7 @@ export async function POST(request: NextRequest) { const startTime = Date.now() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: true }) + const authResult = await checkInternalAuth(request, { requireWorkflowId: true }) if (!authResult.success) { logger.warn('Unauthorized file parse request', { diff --git a/apps/sim/app/api/files/serve/[...path]/route.test.ts b/apps/sim/app/api/files/serve/[...path]/route.test.ts index fe833f3aa..d09adf048 100644 --- a/apps/sim/app/api/files/serve/[...path]/route.test.ts +++ b/apps/sim/app/api/files/serve/[...path]/route.test.ts @@ -55,7 +55,7 @@ describe('File Serve API Route', () => { }) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -165,7 +165,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -226,7 +226,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -291,7 +291,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -350,7 +350,7 @@ describe('File Serve API Route', () => { for (const test of contentTypeTests) { it(`should serve ${test.ext} file with correct content type`, async () => { vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), diff --git a/apps/sim/app/api/files/serve/[...path]/route.ts b/apps/sim/app/api/files/serve/[...path]/route.ts index e339615f8..9c562fb26 100644 --- a/apps/sim/app/api/files/serve/[...path]/route.ts +++ b/apps/sim/app/api/files/serve/[...path]/route.ts @@ -2,7 +2,7 @@ import { readFile } from 'fs/promises' import { createLogger } from '@sim/logger' import type { NextRequest } from 'next/server' import { NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { CopilotFiles, isUsingCloudStorage } from '@/lib/uploads' import type { StorageContext } from '@/lib/uploads/config' import { downloadFile } from '@/lib/uploads/core/storage-service' @@ -49,7 +49,7 @@ export async function GET( return await handleLocalFilePublic(fullPath) } - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized file access attempt', { diff --git a/apps/sim/app/api/function/execute/route.ts b/apps/sim/app/api/function/execute/route.ts index 4ccbd8d7c..441bf788d 100644 --- a/apps/sim/app/api/function/execute/route.ts +++ b/apps/sim/app/api/function/execute/route.ts @@ -845,6 +845,8 @@ export async function POST(req: NextRequest) { contextVariables, timeoutMs: timeout, requestId, + ownerKey: `user:${auth.userId}`, + ownerWeight: 1, }) const executionTime = Date.now() - startTime diff --git a/apps/sim/app/api/guardrails/validate/route.ts b/apps/sim/app/api/guardrails/validate/route.ts index 5f4738339..6e1b65750 100644 --- a/apps/sim/app/api/guardrails/validate/route.ts +++ b/apps/sim/app/api/guardrails/validate/route.ts @@ -23,7 +23,16 @@ export async function POST(request: NextRequest) { topK, model, apiKey, + azureEndpoint, + azureApiVersion, + vertexProject, + vertexLocation, + vertexCredential, + bedrockAccessKeyId, + bedrockSecretKey, + bedrockRegion, workflowId, + workspaceId, piiEntityTypes, piiMode, piiLanguage, @@ -110,7 +119,18 @@ export async function POST(request: NextRequest) { topK, model, apiKey, + { + azureEndpoint, + azureApiVersion, + vertexProject, + vertexLocation, + vertexCredential, + bedrockAccessKeyId, + bedrockSecretKey, + bedrockRegion, + }, workflowId, + workspaceId, piiEntityTypes, piiMode, piiLanguage, @@ -178,7 +198,18 @@ async function executeValidation( topK: string | undefined, model: string, apiKey: string | undefined, + providerCredentials: { + azureEndpoint?: string + azureApiVersion?: string + vertexProject?: string + vertexLocation?: string + vertexCredential?: string + bedrockAccessKeyId?: string + bedrockSecretKey?: string + bedrockRegion?: string + }, workflowId: string | undefined, + workspaceId: string | undefined, piiEntityTypes: string[] | undefined, piiMode: string | undefined, piiLanguage: string | undefined, @@ -219,7 +250,9 @@ async function executeValidation( topK: topK ? Number.parseInt(topK) : 10, // Default topK is 10 model: model, apiKey, + providerCredentials, workflowId, + workspaceId, requestId, }) } diff --git a/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts b/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts index ba52994c8..cbc5ac90e 100644 --- a/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts +++ b/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts @@ -2,7 +2,7 @@ import { randomUUID } from 'crypto' import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { SUPPORTED_FIELD_TYPES } from '@/lib/knowledge/constants' import { createTagDefinition, getTagDefinitions } from '@/lib/knowledge/tags/service' import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils' @@ -19,19 +19,11 @@ export async function GET(req: NextRequest, { params }: { params: Promise<{ id: try { logger.info(`[${requestId}] Getting tag definitions for knowledge base ${knowledgeBaseId}`) - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success) { return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 }) } - // Only allow session and internal JWT auth (not API key) - if (auth.authType === 'api_key') { - return NextResponse.json( - { error: 'API key auth not supported for this endpoint' }, - { status: 401 } - ) - } - // For session auth, verify KB access. Internal JWT is trusted. if (auth.authType === 'session' && auth.userId) { const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId) @@ -64,19 +56,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: try { logger.info(`[${requestId}] Creating tag definition for knowledge base ${knowledgeBaseId}`) - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success) { return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 }) } - // Only allow session and internal JWT auth (not API key) - if (auth.authType === 'api_key') { - return NextResponse.json( - { error: 'API key auth not supported for this endpoint' }, - { status: 401 } - ) - } - // For session auth, verify KB access. Internal JWT is trusted. if (auth.authType === 'session' && auth.userId) { const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId) diff --git a/apps/sim/app/api/logs/execution/[executionId]/route.ts b/apps/sim/app/api/logs/execution/[executionId]/route.ts index 8d7004ef5..27a75298d 100644 --- a/apps/sim/app/api/logs/execution/[executionId]/route.ts +++ b/apps/sim/app/api/logs/execution/[executionId]/route.ts @@ -8,7 +8,7 @@ import { import { createLogger } from '@sim/logger' import { and, eq, inArray } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import type { TraceSpan, WorkflowExecutionLog } from '@/lib/logs/types' @@ -23,7 +23,7 @@ export async function GET( try { const { executionId } = await params - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized execution data access attempt for: ${executionId}`) return NextResponse.json( diff --git a/apps/sim/app/api/memory/[id]/route.ts b/apps/sim/app/api/memory/[id]/route.ts index 2f5b5ae1c..4a4c96b11 100644 --- a/apps/sim/app/api/memory/[id]/route.ts +++ b/apps/sim/app/api/memory/[id]/route.ts @@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger' import { and, eq } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -36,7 +36,7 @@ async function validateMemoryAccess( requestId: string, action: 'read' | 'write' ): Promise<{ userId: string } | { error: NextResponse }> { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory ${action} attempt`) return { diff --git a/apps/sim/app/api/memory/route.ts b/apps/sim/app/api/memory/route.ts index 072756c7a..c5a4638d7 100644 --- a/apps/sim/app/api/memory/route.ts +++ b/apps/sim/app/api/memory/route.ts @@ -3,7 +3,7 @@ import { memory } from '@sim/db/schema' import { createLogger } from '@sim/logger' import { and, eq, isNull, like } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -16,7 +16,7 @@ export async function GET(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory access attempt`) return NextResponse.json( @@ -89,7 +89,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory creation attempt`) return NextResponse.json( @@ -228,7 +228,7 @@ export async function DELETE(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory deletion attempt`) return NextResponse.json( diff --git a/apps/sim/app/api/permission-groups/[id]/route.ts b/apps/sim/app/api/permission-groups/[id]/route.ts index 977cb1bbf..bdad32bdb 100644 --- a/apps/sim/app/api/permission-groups/[id]/route.ts +++ b/apps/sim/app/api/permission-groups/[id]/route.ts @@ -24,6 +24,7 @@ const configSchema = z.object({ hideFilesTab: z.boolean().optional(), disableMcpTools: z.boolean().optional(), disableCustomTools: z.boolean().optional(), + disableSkills: z.boolean().optional(), hideTemplates: z.boolean().optional(), disableInvitations: z.boolean().optional(), hideDeployApi: z.boolean().optional(), diff --git a/apps/sim/app/api/permission-groups/route.ts b/apps/sim/app/api/permission-groups/route.ts index a72726c5a..003c3131b 100644 --- a/apps/sim/app/api/permission-groups/route.ts +++ b/apps/sim/app/api/permission-groups/route.ts @@ -25,6 +25,7 @@ const configSchema = z.object({ hideFilesTab: z.boolean().optional(), disableMcpTools: z.boolean().optional(), disableCustomTools: z.boolean().optional(), + disableSkills: z.boolean().optional(), hideTemplates: z.boolean().optional(), disableInvitations: z.boolean().optional(), hideDeployApi: z.boolean().optional(), diff --git a/apps/sim/app/api/skills/route.ts b/apps/sim/app/api/skills/route.ts new file mode 100644 index 000000000..cf0b76c84 --- /dev/null +++ b/apps/sim/app/api/skills/route.ts @@ -0,0 +1,182 @@ +import { db } from '@sim/db' +import { skill } from '@sim/db/schema' +import { createLogger } from '@sim/logger' +import { and, desc, eq } from 'drizzle-orm' +import { type NextRequest, NextResponse } from 'next/server' +import { z } from 'zod' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' +import { generateRequestId } from '@/lib/core/utils/request' +import { upsertSkills } from '@/lib/workflows/skills/operations' +import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils' + +const logger = createLogger('SkillsAPI') + +const SkillSchema = z.object({ + skills: z.array( + z.object({ + id: z.string().optional(), + name: z + .string() + .min(1, 'Skill name is required') + .max(64) + .regex(/^[a-z0-9]+(-[a-z0-9]+)*$/, 'Name must be kebab-case (e.g. my-skill)'), + description: z.string().min(1, 'Description is required').max(1024), + content: z.string().min(1, 'Content is required').max(50000, 'Content is too large'), + }) + ), + workspaceId: z.string().optional(), +}) + +/** GET - Fetch all skills for a workspace */ +export async function GET(request: NextRequest) { + const requestId = generateRequestId() + const searchParams = request.nextUrl.searchParams + const workspaceId = searchParams.get('workspaceId') + + try { + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skills access attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission) { + logger.warn(`[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`) + return NextResponse.json({ error: 'Access denied' }, { status: 403 }) + } + + const result = await db + .select() + .from(skill) + .where(eq(skill.workspaceId, workspaceId)) + .orderBy(desc(skill.createdAt)) + + return NextResponse.json({ data: result }, { status: 200 }) + } catch (error) { + logger.error(`[${requestId}] Error fetching skills:`, error) + return NextResponse.json({ error: 'Failed to fetch skills' }, { status: 500 }) + } +} + +/** POST - Create or update skills */ +export async function POST(req: NextRequest) { + const requestId = generateRequestId() + + try { + const authResult = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skills update attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + const body = await req.json() + + try { + const { skills, workspaceId } = SkillSchema.parse(body) + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId in request body`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) { + logger.warn( + `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}` + ) + return NextResponse.json({ error: 'Write permission required' }, { status: 403 }) + } + + const resultSkills = await upsertSkills({ + skills, + workspaceId, + userId, + requestId, + }) + + return NextResponse.json({ success: true, data: resultSkills }) + } catch (validationError) { + if (validationError instanceof z.ZodError) { + logger.warn(`[${requestId}] Invalid skills data`, { + errors: validationError.errors, + }) + return NextResponse.json( + { error: 'Invalid request data', details: validationError.errors }, + { status: 400 } + ) + } + if (validationError instanceof Error && validationError.message.includes('already exists')) { + return NextResponse.json({ error: validationError.message }, { status: 409 }) + } + throw validationError + } + } catch (error) { + logger.error(`[${requestId}] Error updating skills`, error) + return NextResponse.json({ error: 'Failed to update skills' }, { status: 500 }) + } +} + +/** DELETE - Delete a skill by ID */ +export async function DELETE(request: NextRequest) { + const requestId = generateRequestId() + const searchParams = request.nextUrl.searchParams + const skillId = searchParams.get('id') + const workspaceId = searchParams.get('workspaceId') + + try { + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skill deletion attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + + if (!skillId) { + logger.warn(`[${requestId}] Missing skill ID for deletion`) + return NextResponse.json({ error: 'Skill ID is required' }, { status: 400 }) + } + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId for deletion`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) { + logger.warn( + `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}` + ) + return NextResponse.json({ error: 'Write permission required' }, { status: 403 }) + } + + const existingSkill = await db.select().from(skill).where(eq(skill.id, skillId)).limit(1) + + if (existingSkill.length === 0) { + logger.warn(`[${requestId}] Skill not found: ${skillId}`) + return NextResponse.json({ error: 'Skill not found' }, { status: 404 }) + } + + if (existingSkill[0].workspaceId !== workspaceId) { + logger.warn(`[${requestId}] Skill ${skillId} does not belong to workspace ${workspaceId}`) + return NextResponse.json({ error: 'Skill not found' }, { status: 404 }) + } + + await db.delete(skill).where(and(eq(skill.id, skillId), eq(skill.workspaceId, workspaceId))) + + logger.info(`[${requestId}] Deleted skill: ${skillId}`) + return NextResponse.json({ success: true }) + } catch (error) { + logger.error(`[${requestId}] Error deleting skill:`, error) + return NextResponse.json({ error: 'Failed to delete skill' }, { status: 500 }) + } +} diff --git a/apps/sim/app/api/tools/a2a/cancel-task/route.ts b/apps/sim/app/api/tools/a2a/cancel-task/route.ts index 9298273ce..d36b63e6b 100644 --- a/apps/sim/app/api/tools/a2a/cancel-task/route.ts +++ b/apps/sim/app/api/tools/a2a/cancel-task/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' const logger = createLogger('A2ACancelTaskAPI') @@ -20,7 +20,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A cancel task attempt`) diff --git a/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts b/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts index f222ef883..e2ed939c5 100644 --- a/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -20,7 +20,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn( diff --git a/apps/sim/app/api/tools/a2a/get-agent-card/route.ts b/apps/sim/app/api/tools/a2a/get-agent-card/route.ts index c26ed764b..8562b651b 100644 --- a/apps/sim/app/api/tools/a2a/get-agent-card/route.ts +++ b/apps/sim/app/api/tools/a2a/get-agent-card/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -18,7 +18,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A get agent card attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/get-push-notification/route.ts b/apps/sim/app/api/tools/a2a/get-push-notification/route.ts index 5feedf4de..337e79a9d 100644 --- a/apps/sim/app/api/tools/a2a/get-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/get-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -19,7 +19,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn( diff --git a/apps/sim/app/api/tools/a2a/get-task/route.ts b/apps/sim/app/api/tools/a2a/get-task/route.ts index 35aa5e278..eda09dfd0 100644 --- a/apps/sim/app/api/tools/a2a/get-task/route.ts +++ b/apps/sim/app/api/tools/a2a/get-task/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -21,7 +21,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A get task attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/resubscribe/route.ts b/apps/sim/app/api/tools/a2a/resubscribe/route.ts index 75c0d24ae..38ac95a3c 100644 --- a/apps/sim/app/api/tools/a2a/resubscribe/route.ts +++ b/apps/sim/app/api/tools/a2a/resubscribe/route.ts @@ -10,7 +10,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' const logger = createLogger('A2AResubscribeAPI') @@ -27,7 +27,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A resubscribe attempt`) diff --git a/apps/sim/app/api/tools/a2a/send-message/route.ts b/apps/sim/app/api/tools/a2a/send-message/route.ts index 4c98dc67a..1cf7f966e 100644 --- a/apps/sim/app/api/tools/a2a/send-message/route.ts +++ b/apps/sim/app/api/tools/a2a/send-message/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server' import { generateRequestId } from '@/lib/core/utils/request' @@ -32,7 +32,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A send message attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/set-push-notification/route.ts b/apps/sim/app/api/tools/a2a/set-push-notification/route.ts index 132bb6be2..e12fbd6d9 100644 --- a/apps/sim/app/api/tools/a2a/set-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/set-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server' import { generateRequestId } from '@/lib/core/utils/request' @@ -22,7 +22,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A set push notification attempt`, { diff --git a/apps/sim/app/api/users/me/usage-logs/route.ts b/apps/sim/app/api/users/me/usage-logs/route.ts index 3c4f1229f..038cf2ece 100644 --- a/apps/sim/app/api/users/me/usage-logs/route.ts +++ b/apps/sim/app/api/users/me/usage-logs/route.ts @@ -1,7 +1,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { getUserUsageLogs, type UsageLogSource } from '@/lib/billing/core/usage-log' const logger = createLogger('UsageLogsAPI') @@ -20,7 +20,7 @@ const QuerySchema = z.object({ */ export async function GET(req: NextRequest) { try { - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success || !auth.userId) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) diff --git a/apps/sim/app/api/workflows/[id]/execute/route.ts b/apps/sim/app/api/workflows/[id]/execute/route.ts index 7c4cdc9db..06984a3e2 100644 --- a/apps/sim/app/api/workflows/[id]/execute/route.ts +++ b/apps/sim/app/api/workflows/[id]/execute/route.ts @@ -325,6 +325,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: requestId ) + // Client-side sessions and personal API keys bill/permission-check the + // authenticated user, not the workspace billed account. + const useAuthenticatedUserAsActor = + isClientSession || (auth.authType === 'api_key' && auth.apiKeyType === 'personal') + const preprocessResult = await preprocessExecution({ workflowId, userId, @@ -334,6 +339,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: checkDeployment: !shouldUseDraftState, loggingSession, useDraftState: shouldUseDraftState, + useAuthenticatedUserAsActor, }) if (!preprocessResult.success) { diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx index 3dd05f8d8..5985a00c0 100644 --- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx +++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx @@ -74,8 +74,7 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps) } if (isExecutionFile) { - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` window.open(serveUrl, '_blank') logger.info(`Opened execution file serve URL: ${serveUrl}`) } else { @@ -88,16 +87,12 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps) logger.warn( `Could not construct viewer URL for file: ${file.name}, falling back to serve URL` ) - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` window.open(serveUrl, '_blank') } } } catch (error) { logger.error(`Failed to download file ${file.name}:`, error) - if (file.url) { - window.open(file.url, '_blank') - } } finally { setIsDownloading(false) } @@ -198,8 +193,7 @@ export function FileDownload({ } if (isExecutionFile) { - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` window.open(serveUrl, '_blank') logger.info(`Opened execution file serve URL: ${serveUrl}`) } else { @@ -212,16 +206,12 @@ export function FileDownload({ logger.warn( `Could not construct viewer URL for file: ${file.name}, falling back to serve URL` ) - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` window.open(serveUrl, '_blank') } } } catch (error) { logger.error(`Failed to download file ${file.name}:`, error) - if (file.url) { - window.open(file.url, '_blank') - } } finally { setIsDownloading(false) } diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx index fe8b66356..35f40657e 100644 --- a/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx @@ -89,7 +89,7 @@ export function WorkflowSelector({ onMouseDown={(e) => handleRemove(e, w.id)} > {w.name} - + ))} {selectedWorkflows.length > 2 && ( diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx index 79087c7c4..378a9baed 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx @@ -35,6 +35,7 @@ interface CredentialSelectorProps { disabled?: boolean isPreview?: boolean previewValue?: any | null + previewContextValues?: Record } export function CredentialSelector({ @@ -43,6 +44,7 @@ export function CredentialSelector({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: CredentialSelectorProps) { const [showOAuthModal, setShowOAuthModal] = useState(false) const [editingValue, setEditingValue] = useState('') @@ -67,7 +69,11 @@ export function CredentialSelector({ canUseCredentialSets ) - const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { disabled, isPreview }) + const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { + disabled, + isPreview, + previewContextValues, + }) const hasDependencies = dependsOn.length > 0 const effectiveDisabled = disabled || (hasDependencies && !depsSatisfied) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx index 012c78338..f1e47ab71 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx @@ -5,6 +5,7 @@ import { Tooltip } from '@/components/emcn' import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox' import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import type { SelectorContext } from '@/hooks/selectors/types' @@ -33,7 +34,9 @@ export function DocumentSelector({ previewContextValues, }) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const normalizedKnowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx index ffb5122db..b21c6f9d4 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx @@ -17,6 +17,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/ import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import type { SubBlockConfig } from '@/blocks/types' import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions' @@ -77,7 +78,9 @@ export function DocumentTagEntry({ }) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const knowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx index 6805e2ec4..730f01b24 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx @@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { isDependency } from '@/blocks/utils' @@ -62,42 +63,56 @@ export function FileSelectorInput({ const [domainValueFromStore] = useSubBlockValue(blockId, 'domain') - const connectedCredential = previewContextValues?.credential ?? blockValues.credential - const domainValue = previewContextValues?.domain ?? domainValueFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : blockValues.credential + const domainValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.domain) + : domainValueFromStore const teamIdValue = useMemo( () => - previewContextValues?.teamId ?? - resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.teamId) + : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const siteIdValue = useMemo( () => - previewContextValues?.siteId ?? - resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.siteId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.siteId) + : resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const collectionIdValue = useMemo( () => - previewContextValues?.collectionId ?? - resolveDependencyValue('collectionId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.collectionId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.collectionId) + : resolveDependencyValue( + 'collectionId', + blockValues, + canonicalIndex, + canonicalModeOverrides + ), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const projectIdValue = useMemo( () => - previewContextValues?.projectId ?? - resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.projectId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.projectId) + : resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const planIdValue = useMemo( () => - previewContextValues?.planId ?? - resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.planId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.planId) + : resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const normalizedCredentialId = diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx index fa9a48bb4..4be4a8da3 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx @@ -6,6 +6,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution' import { useCollaborativeWorkflow } from '@/hooks/use-collaborative-workflow' @@ -17,6 +18,7 @@ interface FolderSelectorInputProps { disabled?: boolean isPreview?: boolean previewValue?: any | null + previewContextValues?: Record } export function FolderSelectorInput({ @@ -25,9 +27,13 @@ export function FolderSelectorInput({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: FolderSelectorInputProps) { const [storeValue] = useSubBlockValue(blockId, subBlock.id) - const [connectedCredential] = useSubBlockValue(blockId, 'credential') + const [credentialFromStore] = useSubBlockValue(blockId, 'credential') + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : credentialFromStore const { collaborativeSetSubblockValue } = useCollaborativeWorkflow() const { activeWorkflowId } = useWorkflowRegistry() const [selectedFolderId, setSelectedFolderId] = useState('') @@ -47,7 +53,11 @@ export function FolderSelectorInput({ ) // Central dependsOn gating - const { finalDisabled } = useDependsOnGate(blockId, subBlock, { disabled, isPreview }) + const { finalDisabled } = useDependsOnGate(blockId, subBlock, { + disabled, + isPreview, + previewContextValues, + }) // Get the current value from the store or prop value if in preview mode useEffect(() => { diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts index 0cfc45369..a66b4ac04 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts @@ -24,6 +24,7 @@ export { ResponseFormat } from './response/response-format' export { ScheduleInfo } from './schedule-info/schedule-info' export { SheetSelectorInput } from './sheet-selector/sheet-selector-input' export { ShortInput } from './short-input/short-input' +export { SkillInput } from './skill-input/skill-input' export { SlackSelectorInput } from './slack-selector/slack-selector-input' export { SliderInput } from './slider-input/slider-input' export { InputFormat } from './starter/input-format' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx index 55c37277b..69189c762 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx @@ -7,6 +7,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/ import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import { useWorkflowState } from '@/hooks/queries/workflows' @@ -37,6 +38,8 @@ interface InputMappingProps { isPreview?: boolean previewValue?: Record disabled?: boolean + /** Sub-block values from the preview context for resolving sibling sub-block values */ + previewContextValues?: Record } /** @@ -50,9 +53,13 @@ export function InputMapping({ isPreview = false, previewValue, disabled = false, + previewContextValues, }: InputMappingProps) { const [mapping, setMapping] = useSubBlockValue(blockId, subBlockId) - const [selectedWorkflowId] = useSubBlockValue(blockId, 'workflowId') + const [storeWorkflowId] = useSubBlockValue(blockId, 'workflowId') + const selectedWorkflowId = previewContextValues + ? resolvePreviewContextValue(previewContextValues.workflowId) + : storeWorkflowId const inputController = useSubBlockInput({ blockId, diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx index 2198555fc..d297252ab 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx @@ -17,6 +17,7 @@ import { type FilterFieldType, getOperatorsForFieldType } from '@/lib/knowledge/ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/formatted-text' import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import type { SubBlockConfig } from '@/blocks/types' import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions' @@ -69,7 +70,9 @@ export function KnowledgeTagFilters({ const overlayRefs = useRef>({}) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const knowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx index 41527a516..5271ecb33 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx @@ -6,6 +6,7 @@ import { cn } from '@/lib/core/utils/cn' import { LongInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input' import { ShortInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { useMcpTools } from '@/hooks/mcp/use-mcp-tools' import { formatParameterLabel } from '@/tools/params' @@ -18,6 +19,7 @@ interface McpDynamicArgsProps { disabled?: boolean isPreview?: boolean previewValue?: any + previewContextValues?: Record } /** @@ -47,12 +49,19 @@ export function McpDynamicArgs({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: McpDynamicArgsProps) { const params = useParams() const workspaceId = params.workspaceId as string const { mcpTools, isLoading } = useMcpTools(workspaceId) - const [selectedTool] = useSubBlockValue(blockId, 'tool') - const [cachedSchema] = useSubBlockValue(blockId, '_toolSchema') + const [toolFromStore] = useSubBlockValue(blockId, 'tool') + const selectedTool = previewContextValues + ? resolvePreviewContextValue(previewContextValues.tool) + : toolFromStore + const [schemaFromStore] = useSubBlockValue(blockId, '_toolSchema') + const cachedSchema = previewContextValues + ? resolvePreviewContextValue(previewContextValues._toolSchema) + : schemaFromStore const [toolArgs, setToolArgs] = useSubBlockValue(blockId, subBlockId) const selectedToolConfig = mcpTools.find((tool) => tool.id === selectedTool) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx index fa5fcd496..ca4ff45b1 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx @@ -4,6 +4,7 @@ import { useEffect, useMemo, useState } from 'react' import { useParams } from 'next/navigation' import { Combobox } from '@/components/emcn/components' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { useMcpTools } from '@/hooks/mcp/use-mcp-tools' @@ -13,6 +14,7 @@ interface McpToolSelectorProps { disabled?: boolean isPreview?: boolean previewValue?: string | null + previewContextValues?: Record } export function McpToolSelector({ @@ -21,6 +23,7 @@ export function McpToolSelector({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: McpToolSelectorProps) { const params = useParams() const workspaceId = params.workspaceId as string @@ -31,7 +34,10 @@ export function McpToolSelector({ const [storeValue, setStoreValue] = useSubBlockValue(blockId, subBlock.id) const [, setSchemaCache] = useSubBlockValue(blockId, '_toolSchema') - const [serverValue] = useSubBlockValue(blockId, 'server') + const [serverFromStore] = useSubBlockValue(blockId, 'server') + const serverValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.server) + : serverFromStore const label = subBlock.placeholder || 'Select tool' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx index 9d5e35320..e5b7c5d93 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx @@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution' @@ -55,14 +56,19 @@ export function ProjectSelectorInput({ return (workflowValues as Record>)[blockId] || {} }) - const connectedCredential = previewContextValues?.credential ?? blockValues.credential - const jiraDomain = previewContextValues?.domain ?? jiraDomainFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : blockValues.credential + const jiraDomain = previewContextValues + ? resolvePreviewContextValue(previewContextValues.domain) + : jiraDomainFromStore const linearTeamId = useMemo( () => - previewContextValues?.teamId ?? - resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.teamId) + : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const serviceId = subBlock.serviceId || '' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx index cd2a5adf5..bfb9dbe4f 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx @@ -8,6 +8,7 @@ import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/sub import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox' import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock, type SelectorResolution } from '@/hooks/selectors/resolution' @@ -66,9 +67,12 @@ export function SheetSelectorInput({ [blockValues, canonicalIndex, canonicalModeOverrides] ) - const connectedCredential = previewContextValues?.credential ?? connectedCredentialFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : connectedCredentialFromStore const spreadsheetId = previewContextValues - ? (previewContextValues.spreadsheetId ?? previewContextValues.manualSpreadsheetId) + ? (resolvePreviewContextValue(previewContextValues.spreadsheetId) ?? + resolvePreviewContextValue(previewContextValues.manualSpreadsheetId)) : spreadsheetIdFromStore const normalizedCredentialId = diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx new file mode 100644 index 000000000..713cbf183 --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx @@ -0,0 +1,194 @@ +'use client' + +import { useCallback, useMemo, useState } from 'react' +import { Plus, XIcon } from 'lucide-react' +import { useParams } from 'next/navigation' +import { Combobox, type ComboboxOptionGroup } from '@/components/emcn' +import { AgentSkillsIcon } from '@/components/icons' +import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { SkillModal } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal' +import type { SkillDefinition } from '@/hooks/queries/skills' +import { useSkills } from '@/hooks/queries/skills' +import { usePermissionConfig } from '@/hooks/use-permission-config' + +interface StoredSkill { + skillId: string + name?: string +} + +interface SkillInputProps { + blockId: string + subBlockId: string + isPreview?: boolean + previewValue?: unknown + disabled?: boolean +} + +export function SkillInput({ + blockId, + subBlockId, + isPreview, + previewValue, + disabled, +}: SkillInputProps) { + const params = useParams() + const workspaceId = params.workspaceId as string + + const { config: permissionConfig } = usePermissionConfig() + const { data: workspaceSkills = [] } = useSkills(workspaceId) + const [value, setValue] = useSubBlockValue(blockId, subBlockId) + const [showCreateModal, setShowCreateModal] = useState(false) + const [editingSkill, setEditingSkill] = useState(null) + const [open, setOpen] = useState(false) + + const selectedSkills: StoredSkill[] = useMemo(() => { + if (isPreview && previewValue) { + return Array.isArray(previewValue) ? previewValue : [] + } + return Array.isArray(value) ? value : [] + }, [isPreview, previewValue, value]) + + const selectedIds = useMemo(() => new Set(selectedSkills.map((s) => s.skillId)), [selectedSkills]) + + const skillsDisabled = permissionConfig.disableSkills + + const skillGroups = useMemo((): ComboboxOptionGroup[] => { + const groups: ComboboxOptionGroup[] = [] + + if (!skillsDisabled) { + groups.push({ + items: [ + { + label: 'Create Skill', + value: 'action-create-skill', + icon: Plus, + onSelect: () => { + setShowCreateModal(true) + setOpen(false) + }, + disabled: isPreview, + }, + ], + }) + } + + const availableSkills = workspaceSkills.filter((s) => !selectedIds.has(s.id)) + if (!skillsDisabled && availableSkills.length > 0) { + groups.push({ + section: 'Skills', + items: availableSkills.map((s) => { + return { + label: s.name, + value: `skill-${s.id}`, + icon: AgentSkillsIcon, + onSelect: () => { + const newSkills: StoredSkill[] = [...selectedSkills, { skillId: s.id, name: s.name }] + setValue(newSkills) + setOpen(false) + }, + } + }), + }) + } + + return groups + }, [workspaceSkills, selectedIds, selectedSkills, setValue, isPreview, skillsDisabled]) + + const handleRemove = useCallback( + (skillId: string) => { + const newSkills = selectedSkills.filter((s) => s.skillId !== skillId) + setValue(newSkills) + }, + [selectedSkills, setValue] + ) + + const handleSkillSaved = useCallback(() => { + setShowCreateModal(false) + setEditingSkill(null) + }, []) + + const resolveSkillName = useCallback( + (stored: StoredSkill): string => { + const found = workspaceSkills.find((s) => s.id === stored.skillId) + return found?.name ?? stored.name ?? stored.skillId + }, + [workspaceSkills] + ) + + return ( + <> +
+ + + {selectedSkills.length > 0 && + selectedSkills.map((stored) => { + const fullSkill = workspaceSkills.find((s) => s.id === stored.skillId) + return ( +
+
{ + if (fullSkill && !disabled && !isPreview) { + setEditingSkill(fullSkill) + } + }} + > +
+
+ +
+ + {resolveSkillName(stored)} + +
+
+ {!disabled && !isPreview && ( + + )} +
+
+
+ ) + })} +
+ + { + if (!isOpen) { + setShowCreateModal(false) + setEditingSkill(null) + } + }} + onSave={handleSkillSaved} + initialValues={editingSkill ?? undefined} + /> + + ) +} diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx index 9a7e4ebfa..b99c26bff 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx @@ -8,6 +8,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import type { SelectorContext, SelectorKey } from '@/hooks/selectors/types' @@ -58,9 +59,15 @@ export function SlackSelectorInput({ const [botToken] = useSubBlockValue(blockId, 'botToken') const [connectedCredential] = useSubBlockValue(blockId, 'credential') - const effectiveAuthMethod = previewContextValues?.authMethod ?? authMethod - const effectiveBotToken = previewContextValues?.botToken ?? botToken - const effectiveCredential = previewContextValues?.credential ?? connectedCredential + const effectiveAuthMethod = previewContextValues + ? resolvePreviewContextValue(previewContextValues.authMethod) + : authMethod + const effectiveBotToken = previewContextValues + ? resolvePreviewContextValue(previewContextValues.botToken) + : botToken + const effectiveCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : connectedCredential const [_selectedValue, setSelectedValue] = useState(null) const serviceId = subBlock.serviceId || '' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx index cd2f342a3..8f03f4b2e 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx @@ -332,6 +332,7 @@ function FolderSelectorSyncWrapper({ dependsOn: uiComponent.dependsOn, }} disabled={disabled} + previewContextValues={previewContextValues} /> ) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx index cd1e9168e..c8422f0e7 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx @@ -32,6 +32,7 @@ import { ScheduleInfo, SheetSelectorInput, ShortInput, + SkillInput, SlackSelectorInput, SliderInput, Switch, @@ -687,6 +688,17 @@ function SubBlockComponent({ /> ) + case 'skill-input': + return ( + + ) + case 'checkbox-list': return ( ) @@ -820,6 +833,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -831,6 +845,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -853,6 +868,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -864,6 +880,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -875,6 +892,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -899,6 +917,7 @@ function SubBlockComponent({ isPreview={isPreview} previewValue={previewValue as any} disabled={isDisabled} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -934,6 +953,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -967,6 +987,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -978,6 +999,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts new file mode 100644 index 000000000..181299221 --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts @@ -0,0 +1,18 @@ +/** + * Extracts the raw value from a preview context entry. + * + * @remarks + * In the sub-block preview context, values are wrapped as `{ value: T }` objects + * (the full sub-block state). In the tool-input preview context, values are already + * raw. This function normalizes both cases to return the underlying value. + * + * @param raw - The preview context entry, which may be a raw value or a `{ value: T }` wrapper + * @returns The unwrapped value, or `null` if the input is nullish + */ +export function resolvePreviewContextValue(raw: unknown): unknown { + if (raw === null || raw === undefined) return null + if (typeof raw === 'object' && !Array.isArray(raw) && 'value' in raw) { + return (raw as Record).value ?? null + } + return raw +} diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts index 23137d26e..50d3f416e 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts @@ -6,6 +6,7 @@ import { isSubBlockVisibleForMode, } from '@/lib/workflows/subblocks/visibility' import type { BlockConfig, SubBlockConfig, SubBlockType } from '@/blocks/types' +import { usePermissionConfig } from '@/hooks/use-permission-config' import { useWorkflowDiffStore } from '@/stores/workflow-diff' import { mergeSubblockState } from '@/stores/workflows/utils' import { useWorkflowStore } from '@/stores/workflows/workflow/store' @@ -35,6 +36,7 @@ export function useEditorSubblockLayout( const blockDataFromStore = useWorkflowStore( useCallback((state) => state.blocks?.[blockId]?.data, [blockId]) ) + const { config: permissionConfig } = usePermissionConfig() return useMemo(() => { // Guard against missing config or block selection @@ -100,6 +102,9 @@ export function useEditorSubblockLayout( const visibleSubBlocks = (config.subBlocks || []).filter((block) => { if (block.hidden) return false + // Hide skill-input subblock when skills are disabled via permissions + if (block.type === 'skill-input' && permissionConfig.disableSkills) return false + // Check required feature if specified - declarative feature gating if (!isSubBlockFeatureEnabled(block)) return false @@ -149,5 +154,6 @@ export function useEditorSubblockLayout( activeWorkflowId, isSnapshotView, blockDataFromStore, + permissionConfig.disableSkills, ]) } diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx index 636fd559d..c0f89e2b3 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx @@ -40,6 +40,7 @@ import { useCustomTools } from '@/hooks/queries/custom-tools' import { useMcpServers, useMcpToolsQuery } from '@/hooks/queries/mcp' import { useCredentialName } from '@/hooks/queries/oauth-credentials' import { useReactivateSchedule, useScheduleInfo } from '@/hooks/queries/schedules' +import { useSkills } from '@/hooks/queries/skills' import { useDeployChildWorkflow } from '@/hooks/queries/workflows' import { useSelectorDisplayName } from '@/hooks/use-selector-display-name' import { useVariablesStore } from '@/stores/panel' @@ -618,6 +619,48 @@ const SubBlockRow = memo(function SubBlockRow({ return `${toolNames[0]}, ${toolNames[1]} +${toolNames.length - 2}` }, [subBlock?.type, rawValue, customTools, workspaceId]) + /** + * Hydrates skill references to display names. + * Resolves skill IDs to their current names from the skills query. + */ + const { data: workspaceSkills = [] } = useSkills(workspaceId || '') + + const skillsDisplayValue = useMemo(() => { + if (subBlock?.type !== 'skill-input' || !Array.isArray(rawValue) || rawValue.length === 0) { + return null + } + + interface StoredSkill { + skillId: string + name?: string + } + + const skillNames = rawValue + .map((skill: StoredSkill) => { + if (!skill || typeof skill !== 'object') return null + + // Priority 1: Resolve skill name from the skills query (fresh data) + if (skill.skillId) { + const foundSkill = workspaceSkills.find((s) => s.id === skill.skillId) + if (foundSkill?.name) return foundSkill.name + } + + // Priority 2: Fall back to stored name (for deleted skills) + if (skill.name && typeof skill.name === 'string') return skill.name + + // Priority 3: Use skillId as last resort + if (skill.skillId) return skill.skillId + + return null + }) + .filter((name): name is string => !!name) + + if (skillNames.length === 0) return null + if (skillNames.length === 1) return skillNames[0] + if (skillNames.length === 2) return `${skillNames[0]}, ${skillNames[1]}` + return `${skillNames[0]}, ${skillNames[1]} +${skillNames.length - 2}` + }, [subBlock?.type, rawValue, workspaceSkills]) + const isPasswordField = subBlock?.password === true const maskedValue = isPasswordField && value && value !== '-' ? '•••' : null @@ -627,6 +670,7 @@ const SubBlockRow = memo(function SubBlockRow({ dropdownLabel || variablesDisplayValue || toolsDisplayValue || + skillsDisplayValue || knowledgeBaseDisplayName || workflowSelectionName || mcpServerDisplayName || diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx index 90831de45..bfc86ec20 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx @@ -784,8 +784,12 @@ function PreviewEditorContent({ ? childWorkflowSnapshotState : childWorkflowState const resolvedIsLoadingChildWorkflow = isExecutionMode ? false : isLoadingChildWorkflow + const isBlockNotExecuted = isExecutionMode && !executionData const isMissingChildWorkflow = - Boolean(childWorkflowId) && !resolvedIsLoadingChildWorkflow && !resolvedChildWorkflowState + Boolean(childWorkflowId) && + !isBlockNotExecuted && + !resolvedIsLoadingChildWorkflow && + !resolvedChildWorkflowState /** Drills down into the child workflow or opens it in a new tab */ const handleExpandChildWorkflow = useCallback(() => { @@ -1192,7 +1196,7 @@ function PreviewEditorContent({
{/* Not Executed Banner - shown when in execution mode but block wasn't executed */} - {isExecutionMode && !executionData && ( + {isBlockNotExecuted && (
@@ -1419,9 +1423,11 @@ function PreviewEditorContent({ ) : (
- {isMissingChildWorkflow - ? DELETED_WORKFLOW_LABEL - : 'Unable to load preview'} + {isBlockNotExecuted + ? 'Not Executed' + : isMissingChildWorkflow + ? DELETED_WORKFLOW_LABEL + : 'Unable to load preview'}
)} diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts index db87eaf39..744e1be4e 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts @@ -9,6 +9,7 @@ export { Files as FileUploads } from './files/files' export { General } from './general/general' export { Integrations } from './integrations/integrations' export { MCP } from './mcp/mcp' +export { Skills } from './skills/skills' export { Subscription } from './subscription/subscription' export { TeamManagement } from './team-management/team-management' export { WorkflowMcpServers } from './workflow-mcp-servers/workflow-mcp-servers' diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx new file mode 100644 index 000000000..99a473fd2 --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx @@ -0,0 +1,225 @@ +'use client' + +import type { ChangeEvent } from 'react' +import { useEffect, useMemo, useState } from 'react' +import { useParams } from 'next/navigation' +import { + Button, + Input, + Label, + Modal, + ModalBody, + ModalContent, + ModalFooter, + ModalHeader, + Textarea, +} from '@/components/emcn' +import type { SkillDefinition } from '@/hooks/queries/skills' +import { useCreateSkill, useUpdateSkill } from '@/hooks/queries/skills' + +interface SkillModalProps { + open: boolean + onOpenChange: (open: boolean) => void + onSave: () => void + onDelete?: (skillId: string) => void + initialValues?: SkillDefinition +} + +const KEBAB_CASE_REGEX = /^[a-z0-9]+(-[a-z0-9]+)*$/ + +interface FieldErrors { + name?: string + description?: string + content?: string + general?: string +} + +export function SkillModal({ + open, + onOpenChange, + onSave, + onDelete, + initialValues, +}: SkillModalProps) { + const params = useParams() + const workspaceId = params.workspaceId as string + + const createSkill = useCreateSkill() + const updateSkill = useUpdateSkill() + + const [name, setName] = useState('') + const [description, setDescription] = useState('') + const [content, setContent] = useState('') + const [errors, setErrors] = useState({}) + const [saving, setSaving] = useState(false) + + useEffect(() => { + if (open) { + if (initialValues) { + setName(initialValues.name) + setDescription(initialValues.description) + setContent(initialValues.content) + } else { + setName('') + setDescription('') + setContent('') + } + setErrors({}) + } + }, [open, initialValues]) + + const hasChanges = useMemo(() => { + if (!initialValues) return true + return ( + name !== initialValues.name || + description !== initialValues.description || + content !== initialValues.content + ) + }, [name, description, content, initialValues]) + + const handleSave = async () => { + const newErrors: FieldErrors = {} + + if (!name.trim()) { + newErrors.name = 'Name is required' + } else if (name.length > 64) { + newErrors.name = 'Name must be 64 characters or less' + } else if (!KEBAB_CASE_REGEX.test(name)) { + newErrors.name = 'Name must be kebab-case (e.g. my-skill)' + } + + if (!description.trim()) { + newErrors.description = 'Description is required' + } + + if (!content.trim()) { + newErrors.content = 'Content is required' + } + + if (Object.keys(newErrors).length > 0) { + setErrors(newErrors) + return + } + + setSaving(true) + + try { + if (initialValues) { + await updateSkill.mutateAsync({ + workspaceId, + skillId: initialValues.id, + updates: { name, description, content }, + }) + } else { + await createSkill.mutateAsync({ + workspaceId, + skill: { name, description, content }, + }) + } + onSave() + } catch (error) { + const message = + error instanceof Error && error.message.includes('already exists') + ? error.message + : 'Failed to save skill. Please try again.' + setErrors({ general: message }) + } finally { + setSaving(false) + } + } + + return ( + + + {initialValues ? 'Edit Skill' : 'Create Skill'} + +
+
+ + { + setName(e.target.value) + if (errors.name || errors.general) + setErrors((prev) => ({ ...prev, name: undefined, general: undefined })) + }} + /> + {errors.name ? ( +

{errors.name}

+ ) : ( + + Lowercase letters, numbers, and hyphens (e.g. my-skill) + + )} +
+ +
+ + { + setDescription(e.target.value) + if (errors.description || errors.general) + setErrors((prev) => ({ ...prev, description: undefined, general: undefined })) + }} + maxLength={1024} + /> + {errors.description && ( +

{errors.description}

+ )} +
+ +
+ +