mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-28 03:00:29 -04:00
316bc8cdccba34d3b1cf58d2f52bcf7a2e275da0
519 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Waleed
|
64c6cd973f |
fix(webhooks): harden audited provider triggers (#3997)
* fix(triggers): apply webhook audit follow-ups Align the Greenhouse webhook matcher with provider conventions and clarify the Notion webhook secret setup text after the audit review. Made-with: Cursor * fix(webhooks): Salesforce provider handler, Zoom CRC and block wiring Add salesforce WebhookProviderHandler with required shared secret auth, matchEvent filtering, formatInput aligned to trigger outputs, and idempotency keys. Require webhook secret and document JSON-only Flow setup; enforce objectType when configured. Zoom: pass raw body into URL validation signature check, try all active webhooks on a path for secret match, add extractIdempotencyId, tighten event matching for specialized triggers. Wire Zoom triggers into the Zoom block. Extend handleChallenge with optional rawBody. Register Salesforce pending verification probes for pre-save URL checks. * fix(webhooks): harden Resend and Linear triggers (idempotency, auth, outputs) - Dedupe Resend deliveries via svix-id and Linear via Linear-Delivery in idempotency keys - Require Resend signing secret; validate createSubscription id and signing_secret - Single source for Resend event maps in triggers/utils; fail closed on unknown trigger IDs - Add raw event data to Resend trigger outputs and formatInput - Linear: remove body-based idempotency key; timestamp skew after HMAC verify; format url and actorType - Tighten isLinearEventMatch for unknown triggers; clarify generic webhook copy; fix header examples - Add focused tests for idempotency headers and Linear matchEvent * fix(webhooks): harden Vercel and Greenhouse trigger handlers Require Vercel signing secret and validate x-vercel-signature; add matchEvent with dynamic import, delivery idempotency, strict createSubscription trigger IDs, and formatInput aligned to string IDs. Greenhouse: dynamic import in matchEvent, strict unknown trigger IDs, Greenhouse-Event-ID idempotency header, body fallback keys, clearer optional secret copy. Update generic trigger wording and add tests. * fix(gong): JWT verification, trigger UX, alignment script - Optional RS256 verification when Gong JWT public key is configured (webhook_url + body_sha256 per Gong docs); URL secrecy when unset. - Document that Gong rules filter calls; payload has no event type; add eventType + callId outputs for discoverability. - Refactor Gong triggers to buildTriggerSubBlocks + shared JWT field; setup copy matches security model. - Add check-trigger-alignment.ts (Gong bundled; extend PROVIDER_CHECKS for others) and update add-trigger guidance paths. Made-with: Cursor * fix(notion): align webhook lifecycle and outputs Handle Notion verification requests safely, expose the documented webhook fields in the trigger contract, and update setup guidance so runtime data and user-facing configuration stay aligned. Made-with: Cursor * fix(webhooks): tighten remaining provider hardening Close the remaining pre-merge caveats by tightening Salesforce, Zoom, and Linear behavior, and follow through on the deferred provider and tooling cleanup for Vercel, Greenhouse, Gong, and Notion. Made-with: Cursor * refactor(webhooks): move subscription helpers out of providers Move provider subscription helpers alongside the subscription lifecycle module and add targeted TSDoc so the file placement matches the responsibility boundaries in the webhook architecture. Made-with: Cursor * fix(zoom): resolve env-backed secrets during validation Use the same env-aware secret resolution path for Zoom endpoint validation as regular delivery verification so URL validation works correctly when the secret token is stored via env references. Made-with: Cursor * fix build * consolidate tests * refactor(salesforce): share payload object type parsing Remove dead code in the Salesforce provider and move shared object-type extraction into a single helper so trigger matching and input shaping stay in sync. Made-with: Cursor * fix(webhooks): address remaining review follow-ups Loosen Linear's replay window to better tolerate delayed retries and make Notion event mismatches return false consistently with the rest of the hardened providers. Made-with: Cursor * test(webhooks): separate Zoom coverage and clean Notion output shape Move Zoom provider coverage into its own test file and strip undeclared Notion type fields from normalized output objects so the runtime shape better matches the trigger contract. Made-with: Cursor * feat(triggers): enrich Vercel and Greenhouse webhook output shapes Document and pass through Vercel links, regions, deployment.meta, and domain.delegated; add top-level Greenhouse applicationId, candidateId, and jobId aligned with webhook common attributes. Extend alignment checker for greenhouse, update provider docs, and add formatInput tests. Made-with: Cursor * feat(webhooks): enrich Resend trigger outputs; clarify Notion output docs - Resend: expose broadcast_id, template_id, tags, and data_created_at from payload data (per Resend webhook docs); keep alignment with formatInput. - Add resend entry to check-trigger-alignment and unit test for formatInput. - Notion: tighten output descriptions for authors, entity types, parent types, attempt_number, and accessible_by per Notion webhooks event reference. Made-with: Cursor * feat(webhooks): enrich Zoom and Gong trigger output schemas - Zoom: add formatInput passthrough, fix nested TriggerOutput shape (drop invalid `properties` wrappers), document host_email, join_url, agenda, status, meeting_type on recordings, participant duration, and alignment checker entry. - Gong: flatten topics/highlights from callData.content in formatInput, extend metaData and trigger outputs per API docs, tests and alignment keys updated. - Docs: add English webhook trigger sections for Zoom and Gong tools pages. * feat(triggers): enrich Salesforce and Linear webhook output schemas Salesforce: expose simEventType alongside eventType; pass OwnerId and SystemModstamp on record lifecycle inputs; add AccountId/OwnerId for Opportunity and AccountId/ContactId/OwnerId for Case. Align trigger output docs with Flow JSON payloads and formatInput. Linear: document actor email and profile url per official webhook payload; add Comment data.edited from Linear's sample payload. Tests: extend Salesforce formatInput coverage for new fields. * remove from mdx * chore(webhooks): expand trigger alignment coverage Extend the trigger alignment checker to cover additional webhook providers so output contracts are verified across more of the recently added trigger surface. Made-with: Cursor * updated skills * updated file naming semantics * rename file |
||
|
Waleed
|
58571fe73d |
fix(hitl): fix stream endpoint, pause persistence, and resume page (#3995)
* Fix hitl stream * fix hitl pause persistence * Fix /stream endpoint allowing api key usage * resume page cleanup * fix type * make resume sync * fix types * address bugbot comments --------- Co-authored-by: Siddharth Ganesan <siddharthganesan@gmail.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Theodore Li <teddy@zenobiapay.com> |
||
|
Waleed
|
62a7700eb9 |
feat(integrations): add Sixtyfour AI integration (#3981)
* feat(integrations): add Sixtyfour AI integration Add Sixtyfour AI integration with 4 tools: find_phone, find_email, enrich_lead, enrich_company. Includes block with operation dropdown, API key auth, conditional fields per operation, brand icon, and generated docs. * fix(integrations): add error handling to sixtyfour tools Wrap JSON.parse calls in try/catch for enrich_lead and enrich_company. Add response.ok checks to all 4 tools' transformResponse. * fix(integrations): use typed Record for leadStruct to fix spread type error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs * airweave docslink * turbo update * more inp/outputs --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Vikhyath Mondreti
|
33e6921954 |
improvement(execution): multiple response blocks (#3918)
* improvement(execution): multiple response blocks * address comments |
||
|
Waleed
|
adfcb67dc2 |
feat(cursor): add list artifacts and download artifact tools (#3970)
* feat(cursor): add list artifacts and download artifact tools * fix(cursor): resolve build errors in cursor block and download artifact types - Remove invalid wandConfig with unsupported generationType 'json-array' from promptImages subBlock - Remove invalid 'optional' property from summary output definition - Split DownloadArtifactResponse into v1 (content/metadata) and v2 (file) response types * fix(cursor): address PR review feedback - Remove redundant Array.isArray guards in list_artifacts.ts - Pass through actual HTTP status on presigned URL download failure instead of hardcoded 400 |
||
|
Waleed
|
d0baf5b1df |
feat(cloudformation): add AWS CloudFormation integration with 7 operations (#3964)
* feat(cloudformation): add AWS CloudFormation integration with 7 operations * fix(cloudformation): add pagination to list-stack-resources, describe-stacks, and describe-stack-events routes |
||
|
Waleed
|
74af452175 |
feat(blocks): add Credential block (#3907)
* feat(blocks): add Credential block * fix(blocks): explicit workspaceId guard in credential handler, clarify hasOAuthSelection * feat(credential): add list operation with type/provider filters * feat(credential): restrict to OAuth only, remove env vars and service accounts * docs(credential): update screenshots * fix(credential): remove stale isServiceAccount dep from overlayContent memo * fix(credential): filter to oauth-only in handleComboboxChange matchedCred lookup |
||
|
Waleed
|
f9d73db65c |
feat(rootly): expand Rootly integration from 14 to 27 tools (#3902)
* feat(rootly): expand Rootly integration from 14 to 27 tools Add 13 new tools: delete_incident, get_alert, update_alert, acknowledge_alert, resolve_alert, create_action_item, list_action_items, list_users, list_on_calls, list_schedules, list_escalation_policies, list_causes, list_playbooks. Includes tool files, types, registry, block definition with subBlocks/conditions/params, and docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): handle 204 No Content response for delete_incident DELETE /v1/incidents/{id} returns 204 with empty body. Avoid calling response.json() on success — return success/message instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): remove non-TSDoc comments, add empty body to acknowledge_alert Remove all inline section comments from block definition per CLAUDE.md guidelines. Add explicit empty JSON:API body to acknowledge_alert POST to prevent potential 400 from servers expecting a body with Content-Type. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): send empty body on resolve_alert, guard assignedToUserId parse resolve_alert now sends { data: {} } instead of undefined when no optional params are provided, matching the acknowledge_alert fix. create_action_item now validates assignedToUserId is numeric before parseInt to avoid silent NaN coercion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): extract on-call relationships from JSON:API relationships/included On-call user, schedule, and escalation policy are exposed as JSON:API relationships, not flat attributes. Now extracts IDs from item.relationships and looks up names from the included array. Adds ?include=user,schedule,escalation_policy to the request URL. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): remove last non-TSDoc comment from block definition Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
e2e53aba76 |
feat(agentmail): add AgentMail integration with 21 tools (#3901)
* feat(agentmail): add AgentMail integration with 21 tools * fix(agentmail): clear stale to field when switching to reply_message operation * fix(agentmail): guard messageId and label remappings with operation checks * fix(agentmail): clean up subBlock titles * fix(agentmail): guard replyTo and thread label remappings with operation checks * fix(agentmail): guard inboxIdParam remapping with operation check * fix(agentmail): guard permanent, replyAll, and draftInReplyTo with operation checks |
||
|
Waleed
|
45f053a383 |
feat(rootly): add Rootly incident management integration with 14 tools (#3899)
* feat(rootly): add Rootly incident management integration with 14 tools * fix(rootly): address PR review feedback - PATCH method, totalCount, environmentIds - Changed update_incident HTTP method from PUT to PATCH per Rootly API spec - Fixed totalCount in all 9 list tools to use data.meta?.total_count from API response - Added missing updateEnvironmentIds subBlock and params mapping for update_incident * fix(rootly): add id to PATCH body and unchanged option to update status dropdown - Include incident id in JSON:API PATCH body per spec requirement - Add 'Unchanged' empty option to updateStatus dropdown to avoid accidental overwrites * icon update * improvement(rootly): complete block-tool alignment and fix validation gaps - Add missing get_incident output fields (private, shortUrl, closedAt) - Add missing block subBlocks: createPrivate, alertStatus, alertExternalId, listAlertsServices - Add pageNumber subBlocks for all 9 list operations - Add teams/environments filter subBlocks for list_incidents and list_alerts - Add environmentIds subBlock for create_alert - Add empty default options to all optional dropdowns (createStatus, createKind, listIncidentsSort, eventVisibility) - Wire all new subBlocks in tools.config.params and inputs - Regenerate docs * fix(rootly): align tools with OpenAPI spec - list_incident_types: use filter[name] instead of unsupported filter[search] - list_severities: add missing search param (filter[search]) - create_incident: title is optional per API (auto-generated if null) - update_incident: add kind, private, labels, incidentTypeIds, functionalityIds, cancellationMessage params - create/update/list incidents: add scheduled, in_progress, completed status values - create_alert: fix status description (only open/triggered on create) - add_incident_event: add updatedAt to response - block: add matching subBlocks and params for all new tool fields Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rootly): final validation fixes from OpenAPI spec audit - update_incident: change PATCH to PUT per OpenAPI spec - index.ts: add types re-export - types.ts: fix id fields to string | null (matches ?? null runtime) - block: add value initializers to 4 dropdowns missing them - registry: fix alphabetical order (incident_types before incidents) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * reorg --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
080a0a6123 |
feat(rippling): expand Rippling integration from to 86 tools, landing updates (#3886)
* feat(rippling): expand Rippling integration from 16 to 86 tools * fix(rippling): add required constraints on name and data subBlocks for create operations * fix(rippling): add subblock ID migrations for removed legacy fields * fix(docs): add MANUAL-CONTENT markers to tailscale docs and regenerate * fix(rippling): add missing response fields to tool transforms Add fields found missing by validation agents: - list_companies: physical_address - list/get_supergroups: sub_group_type, read_only, parent, mutually_exclusive_key, cumulatively_exhaustive_default, include_terminated - list/get/create/update_custom_object: native_category_id, managed_package_install_id, owner_id - list/get/create/update_custom_app: icon, pages - list/get/create/update_custom_object_field: managed_package_install_id * fix(rippling): add missing block outputs and required data conditions - Add 17 missing collection output keys (titles, workLocations, supergroups, etc.) - Add delete/bulk/report output keys (deleted, results, report_id, etc.) - Mark data subBlock required for create_business_partner, create_custom_app, and create_custom_object_field (all have required params via data JSON spread) - Add optional: true to get_current_user work_email and company_id outputs * fix(rippling): add missing supergroup fields and fix validation issues - Add 5 missing supergroup fields (allow_non_employees, can_override_role_states, priority, is_invisible, ignore_prov_group_matching) to types, list, and get tools - Fix ok fallback from true to false in supergroup inclusion/exclusion member update tools - Fix truthy check to null check for description param in create_custom_object_field * fix(rippling): add missing custom page fields and structured custom setting responses - Add 5 missing CustomPage fields (components, actions, canvas_actions, variables, media) to types and all page tools - Replace opaque data blob with structured field mapping in create/update custom setting transforms - Fix secret_value type cast consistency in list_custom_settings * fix(rippling): add missing response fields, fix truthy checks, and improve UX - Add 9 missing Worker fields (location, gender, date_of_birth, race, ethnicity, citizenship, termination_details, custom_fields, country_fields) - Add 5 missing User fields (name, emails, phone_numbers, addresses, photos) - Add worker expandable field to GroupMember types and all 3 member list tools - Add 5 optional params to trigger_report_run (includeObjectIds, includeTotalRows, formatDateFields, formatCurrencyFields, outputType) - Fix truthy checks to null checks in create_department, create/update_work_location - Fix customObjectId subBlock label to say "API Name" instead of "ID" * update docs * fix(rippling): fix truthy checks, add missing fields, and regenerate docs - Replace all `if (params.x)` with `if (params.x != null)` across 30+ tool files to prevent empty string/false/zero suppression - Add expandable `parent` and `department_hierarchy` fields to department tools - Add expandable `parent` field to team tools - Add `company` expandable field to get_current_user - Add `addressType` param to create/update work location tools - Fix `secret_value` output type from 'json' to 'string' in list_custom_settings - Regenerate docs for all 86 tools from current definitions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): add all remaining spec fields and regenerate docs - Add 6 advanced params to create_custom_object_field: required, rqlDefinition, formulaAttrMetas, section, derivedFieldFormula, derivedAggregatedField - Add 6 advanced params to update_custom_object_field: required, rqlDefinition, formulaAttrMetas, section, derivedFieldFormula, nameFieldDetails - Add 4 record output fields to all custom object record tools: created_by, last_modified_by, owner_role, system_updated_at - Add cursor param to get_current_user - Add __meta response field to get_report_run - Regenerate docs for all 86 tools Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): align all tools with OpenAPI spec - Add __meta to 14 GET-by-ID tools (MetaResponse pattern) - Fix supergroup tools: add filter to list_supergroups, remove invalid cursor from 4 list endpoints, revert update members to PATCH with Operations body - Fix query_custom_object_records: use query/limit/cursor body params, return cursor instead of nextLink - Fix bulk_create: use rows_to_write per spec - Fix create/update record body wrappers with externalId support - Update types.ts param interfaces and block config mappings - Add limit param mapping with Number() conversion in block config - Regenerate docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): address PR review comments — add dedicated subBlocks, fix data duplication, expand externalId condition - Add dedicated apiName, businessPartnerGroupId, workerId, dataType subBlocks so required params are no longer hidden behind opaque data JSON - Narrow `data: item` in custom object record tools to only include dynamic fields, avoiding duplication of enumerated fields - Expand externalId subBlock condition to include create/update custom object record operations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): remove data JSON required for ops with dedicated subBlocks create_business_partner, create_custom_app, and create_custom_object_field now have dedicated subBlocks for their required params, so the data JSON field is supplementary (not required) for those operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): use rest-destructuring for all custom object record data output The spec uses additionalProperties for custom fields at the top level, not a nested `data` sub-object. Use the same rest-destructuring pattern across all 6 custom object record tools so `data` only contains dynamic fields, not duplicates of enumerated standard fields. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): make update_custom_object_record data param optional in type Matches the tool's `required: false` — users may update only external_id without changing data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): add dedicated streetAddress subBlock for create_work_location streetAddress is required by the tool but had no dedicated subBlock — users had to include it in the data JSON. Now has its own required subBlock matching the pattern used by all other required params. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): add allOrNothing subBlock for bulk operations The bulk create/update/delete tools accept an optional allOrNothing boolean param, but it had no subBlock and no way to be passed through the block UI. Added as an advanced-mode dropdown with boolean coercion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): derive spreadOps from DATA_OPS to prevent divergence Replace the hardcoded spreadOps array with a derivation from the file-level DATA_OPS constant minus non-spread operations. This ensures new create/update operations added to DATA_OPS automatically get spread behavior without needing a second manual update. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * updated * fix(rippling): replace generic JSON outputs with specific fields per API spec - Extract file_url, expires_at, output_type from report run result blob - Rename bulk create/update outputs to createdRecords/updatedRecords - Fix list_custom_settings output key mismatch (settings → customSettings) - Make data optional for update_custom_object_record in block - Update block outputs to match new tool output fields Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix landing * restore FF * fix(rippling): add wandConfig, clean titles, and migrate legacy operation values - Remove "(JSON)" suffix from all subBlock titles - Add wandConfig with AI prompts for filter, expand, orderBy, query, data, records, and dataType fields - Add OPERATION_VALUE_MIGRATIONS to migrate old operation values (list_employees → list_workers, etc.) preventing runtime errors on saved workflows Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(rippling): fix grammar typos and revert unnecessary migration - Fix "a object" → "an object" in update/delete object category descriptions - Revert OPERATION_VALUE_MIGRATIONS (unnecessary for low-usage integration) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(landing): add interactive workspace preview tabs Adds Tables, Files, Knowledge Base, Logs, and Scheduled Tasks preview components to the landing hero, with sidebar nav items that switch to each view. * test updates * refactor(landing): clean up code quality issues in preview components - Replace widthMultiplier with explicit width on PreviewColumn - Replace key={i} with key={Icon.name} in connectorIcons - Scope --c-active CSS variable to sidebar container, eliminating hardcoded #363636 duplication - Replace '- - -' fallback with em dash - Type onSelectNav as (id: SidebarView) removing the unsafe cast * fix(landing): use stable index key in connectorIcons to avoid minification breakage --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Theodore Li
|
bbc704fe05 |
feat(credentials) Add google service account support (#3828)
* feat(auth): allow google service account * Add gmail support for google services * Refresh creds on typing in impersonated email * Switch to adding subblock impersonateUserEmail conditionally * Directly pass subblock for impersonateUserEmail * Fix lint * Update documentation for google service accounts * Fix lint * Address comments * Remove hardcoded scopes, remove orphaned migration script * Simplify subblocks for google service account * Fix lint * Fix build error * Fix documentation scopes listed for google service accounts * Fix issue with credential selector, remove bigquery and ad support * create credentialCondition * Shift conditional render out of subblock * Simplify sublock values * Fix security message * Handle tool service accounts * Address bugbot * Fix lint * Fix manual credential input not showing impersonate * Fix tests * Allow watching param id and subblock ids * Fix bad test --------- Co-authored-by: Theodore Li <theo@sim.ai> |
||
|
Waleed
|
e45fbe0184 |
improvement(attio): validate integration, fix event bug, add missing tool and triggers (#3872)
* improvement(attio): validate integration, fix event bug, add missing tool and triggers * fix(attio): wire new trigger extractors into dispatcher, trim targetUrl Add extractAttioListData and extractAttioWorkspaceMemberData dispatch branches in utils.server.ts so the four new triggers return correct outputs instead of falling through to generic extraction. Also add missing .trim() on targetUrl in update_webhook. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
512558dcb3 |
feat(launchdarkly): add LaunchDarkly integration for feature flag management (#3870)
* feat(launchdarkly): add LaunchDarkly integration for feature flag management * fix(launchdarkly): guard empty instructions array, trim apiKey in auth header * lint |
||
|
Waleed
|
72e28baa07 |
feat(extend): add Extend AI document processing integration (#3869)
* feat(extend): add Extend AI document processing integration * fix(extend): cast json response to fix type error * fix(extend): correct API request body structure per Extend docs * fix(extend): address PR review comments * fix(extend): sync integrations.json bgColor to #000000 * lint |
||
|
Waleed
|
d99dd86bf2 |
feat(tailscale): add Tailscale integration with 20 API operations (#3868)
* feat(tailscale): add Tailscale integration with 20 API operations * fix(tailscale): fix transformResponse signatures and block output types * fix(tailscale): safe response.json() pattern, trim apiKey, guard expirySeconds |
||
|
Waleed
|
1a2aa6949e |
feat(secrets-manager): add AWS Secrets Manager integration (#3866)
* feat(secrets-manager): add AWS Secrets Manager integration * fix(secrets-manager): address PR review feedback - Conditional delete message based on forceDelete flag - Add binary secret detection in getSecretValue * fix(secrets-manager): handle boolean forceDelete and validate numeric inputs - Accept both string 'true' and boolean true for forceDelete - Guard parseInt results with isNaN check for maxResults and recoveryWindowInDays |
||
|
Vikhyath Mondreti
|
90f592797a |
fix(file): use file-upload subblock (#3862)
* fix(file): use file-upload subblock * fix preview + logs url for notifs * fix color for profound * remove canonical param from desc |
||
|
Waleed
|
e5aef6184a |
feat(profound): add Profound AI visibility and analytics integration (#3849)
* feat(profound): add Profound AI visibility and analytics integration * fix(profound): fix import ordering and JSON formatting for CI lint * fix(profound): gate metrics mapping on current operation to prevent stale overrides * fix(profound): guard JSON.parse on filters, fix offset=0 falsy check, remove duplicate prompt_answers in FILTER_OPS * lint * fix(docs): fix import ordering and trailing newline for docs lint * fix(scripts): sort generated imports to match Biome's organizeImports order * fix(profound): use != null checks for limit param across all tools * fix(profound): flatten block output type to 'json' to pass block validation test * fix(profound): remove invalid 'required' field from block inputs (not part of ParamConfig) * fix(profound): rename tool files from kebab-case to snake_case for docs generator compatibility * lint * fix(docs): let biome auto-fix import order, revert custom sort in generator * fix(landing): fix import order in sim icon-mapping via biome * fix(scripts): match Biome's exact import sort order in docs generator * fix(generate-docs): produce Biome-compatible JSON output The generator wrote multi-line arrays for short string arrays (like tags) and omitted trailing newlines, causing Biome format check failures in CI. Post-process integrations.json to collapse short arrays onto single lines and add trailing newlines to both integrations.json and meta.json. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
e2be99263c |
feat(academy): Sim Academy — interactive partner certification platform (#3824)
* fix(import): dedup workflow name (#3813) * feat(concurrency): bullmq based concurrency control system (#3605) * feat(concurrency): bullmq based queueing system * fix bun lock * remove manual execs off queues * address comments * fix legacy team limits * cleanup enterprise typing code * inline child triggers * fix status check * address more comments * optimize reconciler scan * remove dead code * add to landing page * Add load testing framework * update bullmq * fix * fix headless path --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com> * fix(linear): add default null for after cursor (#3814) * fix(knowledge): reject non-alphanumeric file extensions from document names (#3816) * fix(knowledge): reject non-alphanumeric file extensions from document names * fix(knowledge): improve error message when extension is non-alphanumeric * fix(security): SSRF, access control, and info disclosure (#3815) * fix(security): scope copilot feedback GET endpoint to authenticated user Add WHERE clause to filter feedback records by the authenticated user's ID, preventing any authenticated user from reading all users' copilot interactions, queries, and workflow YAML (IDOR / CWE-639). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(smtp): add SSRF validation and genericize network error messages Prevent SSRF via user-controlled smtpHost by validating with validateDatabaseHost before creating the nodemailer transporter. Collapse distinct network error messages (ECONNREFUSED, ECONNRESET, ETIMEDOUT) into a single generic message to prevent port-state leakage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): add SSRF validation to SFTP/SSH and access control to workspace invitations Add `validateDatabaseHost` checks to SFTP and SSH connection utilities to block connections to private/reserved IPs and localhost, matching the existing pattern used by all database tools. Add authorization check to the workspace invitation GET endpoint so only the invitee or a workspace admin can view invitation details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(smtp): restore SMTP response code handling for post-connection errors SMTP 4xx/5xx response codes are application-level errors (invalid recipient, mailbox full, server error) unrelated to the SSRF hardening goal. Restore response code differentiation and logging to preserve actionable user-facing error messages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): use session email directly instead of extra DB query Addresses PR review feedback — align with the workspace invitation route pattern by using session.user.email instead of re-fetching from the database. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(auth): revert lint autofix that broke hasExternalApiCredentials return type Biome auto-fixed `return auth !== null && auth.startsWith(...)` to `return auth?.startsWith(...)` which returns `boolean | undefined`, not `boolean`, causing a TypeScript build failure. * fix(smtp): pin resolved IP to prevent DNS rebinding (TOCTOU) Use the pre-resolved IP from validateDatabaseHost instead of the original hostname when creating the nodemailer transporter. Set servername to the original hostname to preserve TLS SNI validation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(security): extract createPinnedLookup helper for DNS rebinding prevention Extract reusable createPinnedLookup from secureFetchWithPinnedIP so non-HTTP transports (SSH, SFTP, IMAP) can pin resolved IPs at the socket level. SMTP route uses host+servername pinning instead since nodemailer doesn't reliably pass lookup to both secure/plaintext paths. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): pin IMAP connections to validated resolved IP Pass the resolved IP from validateDatabaseHost to ImapFlow as host, with the original hostname as servername for TLS SNI verification. Closes the DNS TOCTOU rebinding window. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(auth): revert lint autofix on hasExternalApiCredentials return type Also pin SFTP/SSH connections to validated resolved IP to prevent DNS rebinding. * fix(security): short-circuit admin check when caller is invitee Skip the hasWorkspaceAdminAccess DB query when the caller is already the invitee, avoiding an unnecessary round-trip. Aligns with the org invitation route pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(worker): dockerfile + helm updates (#3818) * fix(worker): dockerfile + helm updates * address comments * update dockerfile (#3819) * fix dockerfile * fix(security): pentest remediation — condition escaping, SSRF hardening, ReDoS protection (#3820) * fix(executor): escape newline characters in condition expression strings Unescaped newline/carriage-return characters in resolved string values cause unterminated string literals in generated JS, crashing condition evaluation with a SyntaxError. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): prevent ReDoS in guardrails regex validation Add safe-regex2 to reject catastrophic backtracking patterns before execution and cap input length at 10k characters. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): SSRF localhost hardening and regex DoS protection Block localhost/loopback URLs in hosted environments using isHosted flag instead of allowHttp. Add safe-regex2 validation and input length limits to regex guardrails to prevent catastrophic backtracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): validate regex syntax before safety check Move new RegExp() before safe() so invalid patterns get a proper syntax error instead of a misleading "catastrophic backtracking" message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): address PR review feedback - Hoist isLocalhost && isHosted guard to single early-return before protocol checks, removing redundant duplicate block - Move regex syntax validation (new RegExp) before safe-regex2 check so invalid patterns get proper syntax error instead of misleading "catastrophic backtracking" message * fix(security): remove input length cap from regex validation The 10k character cap would block legitimate guardrail checks on long LLM outputs. Input length doesn't affect ReDoS risk — the safe-regex2 pattern check already prevents catastrophic backtracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tests): mock isHosted in input-validation and function-execute tests Tests that assert self-hosted localhost behavior need isHosted=false, which is not guaranteed in CI where NEXT_PUBLIC_APP_URL is set to the hosted domain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * improvement(worker): configuration defaults (#3821) * improvement(worker): configuration defaults * update readmes * realtime curl import * improvement(tour): remove auto-start, only trigger on explicit user action (#3823) * fix(mcp): use correct modal for creating workflow MCP servers in deploy (#3822) * fix(mcp): use correct modal for creating workflow MCP servers in deploy * fix(mcp): show workflows field during loading and when empty * mock course * fix(db): use bigint for token counter columns in user_stats (#3755) * mock course * updates * updated X handle for emir * cleanup: audit and clean academy implementation * fix(academy): add label to ValidationRule, fix quiz gating, simplify getRuleMessage * cleanup: remove unnecessary comments across academy files * refactor(academy): simplify abstractions and fix perf issues * perf(academy): convert course detail page to server component with client island * fix(academy): null-safe canAdvance, render exercise instructions, remove stale comments * fix(academy): remove orphaned migration, fix getCourseById, clean up comments - Delete 0181_academy_certificate.sql (orphaned duplicate not in journal) - Add getCourseById() to content/index.ts; use it in certificates API (was using getCourse which searches by slug, not stable id) - Remove JSX comments from catalog page - Remove redundant `passed` recomputation in LessonQuiz * chore(db): regenerate academy_certificate migration with drizzle-kit * chore: include blog mdx and components changes * fix(blog): correct cn import path * fix(academy): constrain progress bar to max-w-3xl with proper padding * feat(academy): show back-to-course button on first lesson * fix(academy): force dark theme on all /academy routes * content(academy): rewrite sim-foundations course with full 6-module curriculum * fix(academy): correct edge handles, quiz explanation, and starter mock outputs - Fix Exercise 2 initial edge handles: 'starter-1-source'/'agent-1-target' → 'source'/'target' (React Flow actual IDs) - Fix M1-L4 Q4 quiz explanation: remove non-existent Ctrl/Cmd+D and Alt+drag shortcuts - Add starter mock output to all exercises so run animation shows feedback on the first block * refine(academy): fix inaccurate content and improve exercise clarity - Fix Exercise 3: replace hardcoded <agent-1.content> (invalid UUID-based ref) with reference picker instructions - Fix M4 Quiz Q5: Loop block (subflow container) is correct answer, not the Workflow block - Fix M4 Quiz Q4: clarify fan-out vs Parallel block distinction in explanation - Fix M4-L2 video description: accurately describe Loop and Parallel subflow blocks - Fix M2 Quiz Q3: make response format question conceptual rather than syntax-specific - Improve Exercise 4 branching instructions: clarify top=true / bottom=false output handles - Improve Final Project instructions: step-by-step numbered flow * fix(academy): remove double border on quiz question cards * fix(academy): single scroll container on lesson pages — remove nested flex scroll * fix(academy): remove min-h-screen from root layout — fixes double scrollbar on lesson pages * fix(academy): use fixed inset-0 on lesson page to eliminate document-level scrollbar * fix(academy): replace sr-only radio/checkbox inputs with buttons to prevent scroll-on-focus; restore layout min-h-screen * improvement(academy): polish, security hardening, and certificate claim UI - Replace raw localStorage with BrowserStorage utility in local-progress - Pre-compute slug/id Maps in content/index for O(1) course lookups - Move blockMap construction into edge_exists branch only in validation - Extract navBtnClass constant and MetaRow/formatDate helpers in UI - Add rate limiting, server-side completion verification, audit logging, and nanoid cert numbers to certificate issuance endpoint - Add useIssueCertificate mutation hook with completedLessonIds - Wire certificate claim UI into CourseProgress: sign-in prompt, claim button with loading state, and post-issuance view with link to certificate page - Fix lesson page scroll container and quiz scroll-on-focus bug * fix(academy): validate condition branch handles in edge_exists rules - Add sourceHandle field to edge_exists ValidationRule type - Check sourceHandle in validation.ts when specified - Require both condition-if and condition-else branches to be connected in the branching and final project exercises * fix(academy): address PR review — isHosted regression, stuck isExecuting, revoked cert 500, certificate SSR - Restore env-var-based isHosted check (was hardcoded true, breaking self-hosted deployments) - Fix isExecuting stuck at true when mock run fails validation — set isMockRunningRef immediately and reset both flags on early exit - Fix revoked/expired certificate causing 500 — any existing record (not just active) now returns 409 instead of falling through to INSERT - Convert certificate verification page from client component to server component — direct DB fetch, notFound() on missing cert, generateMetadata for SEO/social previews * fix(auth): restore hybrid.ts from staging to fix CI type error * fix(academy): mark video lessons complete on visit and fix sign-in path * fix(academy): replace useEffect+setState with lazy useState initializer in CourseProgress * fix(academy): reset exerciseComplete on lesson navigation, remove unused useAcademyCertificate hook * fix(academy): useState for slug-change reset, cache() for cert page, handleMockRunRef for stale closure * fix(academy): replace shadcn theme vars with explicit hex in LessonVideo fallback * fix(academy): reset completedRef on exercise change, conditional verified badge, multi-select empty guard * fix(academy): type safety fixes — null metadata fallbacks, returning() guard, exhaustive union, empty catch * fix(academy): reset ExerciseView completed banner on nav; fix CourseProgress hydration mismatch * fix(lightbox): guard effect body with isOpen to prevent spurious overflow reset * fix(academy): reset LessonQuiz state on lesson change to prevent stale answers persisting * fix(academy): course not-found metadata title; try-finally guard in mock run loop * fix(academy): type safety, cert persistence, regex guard, mixed-lesson video, shorts support - Derive AcademyCertificate from db $inferSelect to prevent schema drift - Add useCourseCertificate query hook; GET /api/academy/certificates now accepts courseId for authenticated lookup - Use useCourseCertificate in CourseProgress so certificate state survives page refresh - Guard new RegExp(valuePattern) in validation.ts with try/catch; log warn on invalid pattern - Add logger.warn for custom validation rules so content authors are alerted - Add YouTube Shorts URL support to LessonVideo (youtube.com/shorts/VIDEO_ID) - Fix mixed-lesson video gap: render videoUrl above quiz when mixed has quiz but no exercise - Add academy-scoped not-found.tsx with link back to /academy * fix(academy): reset hintIndex when exercise changes * chore: remove ban-spam-accounts script (wrong branch) * fix(academy): enforce availableBlocks in toolbar; fix mixed exercise+quiz rendering - Add useSandboxBlockConstraints context; SandboxCanvasProvider provides exerciseConfig.availableBlocks so the toolbar only shows permitted block types. Empty array hides all blocks (configure-only exercises); non-null array restricts to listed types; triggers always hidden in sandbox. - Fix mixed lesson with both exerciseConfig and quizConfig: exercise renders first, quiz reveals after exercise completes (sequential pedagogy). canAdvance now requires both exerciseComplete && quizComplete when both are present. * chore(academy): remove extraneous inline comments * fix(academy): blank mixed lesson, quiz canAdvance flag, empty-array valueNotEmpty * prep for merge * chore(db): regenerate academy certificate migration after staging merge * fix(academy): disable auto-connect in sandbox mode * fix(academy): render video in mixed lesson with no exercise or quiz * fix(academy): mark mixed video-only lessons complete; handle cert insert race * fix(canvas): add sandbox and embedded to nodes useMemo deps --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: Siddharth Ganesan <33737564+Sg312@users.noreply.github.com> Co-authored-by: Theodore Li <teddy@zenobiapay.com> |
||
|
Vikhyath Mondreti
|
dda012eae9 |
feat(concurrency): bullmq based concurrency control system (#3605)
* feat(concurrency): bullmq based queueing system * fix bun lock * remove manual execs off queues * address comments * fix legacy team limits * cleanup enterprise typing code * inline child triggers * fix status check * address more comments * optimize reconciler scan * remove dead code * add to landing page * Add load testing framework * update bullmq * fix * fix headless path --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com> |
||
|
Waleed
|
f37e4b67c7 |
feat(ketch): add Ketch privacy consent integration (#3794)
* feat(ketch): add Ketch privacy consent integration * fix(ketch): add response.ok guards and fix registry ordering * fix(ketch): include errorMessage in error response output for all tools * fix(ketch): wire optional purposes filter for get_consent operation |
||
|
Waleed
|
7a1a46067d |
feat(granola): add Granola meeting notes integration (#3790)
* feat(granola): add Granola meeting notes integration * fix(granola): use string comparison for includeTranscript to avoid truthy string bug * fix(granola): add missing get_note output fields to block definition * regen docs |
||
|
Adithya Krishna
|
5aa0b4d5d4 |
fix: emcn component library design engineering polish (#3672)
* chore: fix conflicts * chore: fix conflicts * chore: pause marquee * chore: fix conflicts * chore: fix conflicts * chore: address review comments * chore: fix conflicts * chore: other bug fixes * chore: fix conflicts * chore: fix radius * chore: fix review changes * chore: fix conflicts * chore: revert other * chore: fix conflicts * chore: fix review changes * chore: fix conflicts * chore: fix review changes * chore: fix button state * chore: fix button state * chore: fix review changes * chore: fix lint * chore: fix conflicts * chore: add metadata * chore: fix things * chore: fix overwritten states * chore: fix warnings * chore: fix button state * chore: fix review changes * chore: fix review changes * chore: fix hover state * chore: fix popover * chore: fix review changes * chore: fix review changes |
||
|
Theodore Li
|
be6b00d95f |
feat(ui): add request a demo modal (#3766)
* fix(ui): add request a demo modal * Remove dead code * Remove footer modal * Address greptile comments * Sanatize CRLF characters from emails * extract shared email header safety regex Co-authored-by: Theodore Li <TheodoreSpeaks@users.noreply.github.com> * Use pricing CTA action for demo modal Co-authored-by: Theodore Li <TheodoreSpeaks@users.noreply.github.com> * fix demo request import ordering Co-authored-by: Theodore Li <TheodoreSpeaks@users.noreply.github.com> * merge staging and fix hubspot list formatting Co-authored-by: Theodore Li <TheodoreSpeaks@users.noreply.github.com> * fix(generate-docs): fix tool description extraction and simplify script - Fix endsWith over-matching: basename === 'index.ts'/'types.ts' instead of endsWith(), which was silently skipping valid tool files like list_leave_types.ts, delete_index.ts, etc. - Add extractSwitchCaseToolMapping() to resolve op ID → tool ID mismatches where block switch statements map differently (e.g. HubSpot get_carts → hubspot_list_carts) - Fix double fs.readFileSync in writeIntegrationsJson — reuse existing fileContent variable instead of re-reading the file - Remove 5 dead functions superseded by *FromContent variants - Simplify extractToolsAccessFromContent to use matchAll - fix(upstash): replace template literal tool ID with explicit switch cases * fix(generate-docs): restore extractIconName by aliasing to extractIconNameFromContent * restore * fix(demo-modal): reset form on open to prevent stale success state on reopen * undo hardcoded ff * fix(upstash): throw on unknown operation instead of silently falling back to get --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Theodore Li <TheodoreSpeaks@users.noreply.github.com> Co-authored-by: waleed <walif6@gmail.com> |
||
|
Waleed
|
e0f2b8fe58 |
feat(hubspot): add 27 CRM tools and fix OAuth scope mismatch (#3765)
* feat(hubspot): add 27 CRM tools and fix OAuth scope mismatch * lint * fix(hubspot): switch marketing events to CRM Objects API and add HubSpotCrmObject base type * chore(docs): fix import ordering and formatting lint errors * feat(hubspot): wire all 27 new tools into block definition * fix(hubspot): address review comments - schema mismatch, pagination, trim, descriptions - Switch marketing event outputs to CRM envelope structure (id, properties, createdAt, updatedAt, archived) matching CRM Objects API - Fix list_lists pagination: add offset param, map offset-based response to paging structure - Add .trim() to contactId/companyId in pre-existing get/update tools - Fix default limit descriptions (100 → 10) in list_contacts/list_companies - Fix operator examples (CONTAINS → CONTAINS_TOKEN) in search_contacts/search_companies - Remove unused params arg in get_users transformResponse Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hubspot): revert to Marketing Events API and fix Lists pagination per API docs Marketing Events: - Revert from /crm/v3/objects/marketing_events back to /marketing/v3/marketing-events - The Marketing Events API does NOT require appId for GET /marketing-events/{objectId} - appId is only needed for the /events/{externalEventId} endpoint (which we don't use) - Restore flat response schema (objectId, eventName, etc. at top level, not CRM envelope) Lists: - POST /crm/v3/lists/search uses offset-based pagination (not cursor-based) - Response shape: { lists, hasMore, offset, total } — not { results, paging } - Map offset → paging.next.after for consistent block interface - Fix default count: 20 (not 25), max 500 - GET /crm/v3/lists/{listId} wraps response in { list: { ... } } Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hubspot): final audit fixes verified against API docs - Revert list_contacts/list_companies default limit back to 100 (confirmed by API docs) - Add idProperty param to get_appointment.ts (was missing, inconsistent with update_appointment) - Remove get_carts from idProperty block condition (carts don't support idProperty) - Add get_lists to after block condition (pagination was inaccessible from UI) - Add after pagination param to get_users.ts (was missing, users beyond first page unreachable) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hubspot): return paging in get_users and add to block after condition - Add paging output to get_users transformResponse and outputs - Add get_users to block after subBlock condition so cursor is accessible from UI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hubspot): align total fallback with type definitions in search tools Use `?? 0` instead of `?? null` for search tools where the type declares `total: number`. Also declare `total` in list_lists metadata output schema. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
2691c12747 |
feat(rippling): add Rippling HR integration with 19 tools (#3764)
* feat(rippling): add Rippling HR integration with 19 tools * fix(rippling): address PR review feedback - Fix lint:check import ordering in icon-mapping.ts - Build clean params object instead of spreading all UI fields to API - Add try/catch around JSON.parse for users field - Use != null guard for limit/offset to not drop 0 values - Add missing tags to block config and integrations.json * fix(rippling): guard startDate by operation and clarify totalCount descriptions - Guard startDate/endDate with operation check to prevent candidateStartDate from clobbering date filters on leave/activity operations - Update totalCount output descriptions on paginated tools to clarify it reflects page size, not total record count * fix(rippling): use null-safe guard for groupVersion param * fix(rippling): remove operation field from tool params payload * fix(rippling): add input validation for action param and empty group update body |
||
|
Waleed
|
8f793d9c42 |
feat(quiver): add QuiverAI integration for SVG generation and vectorization (#3728)
* feat(quiver): add QuiverAI integration for SVG generation and vectorization * fix(quiver): address review feedback — n>1 data loss, error handling, import consistency * fix(quiver): add files array to image-to-svg response, remove camelCase param leaks |
||
|
Waleed
|
4c8395928a |
feat(slack): add conversations.create and conversations.invite tools (#3720)
* feat(slack): add conversations.create and conversations.invite tools * fix(slack): address PR review comments on conversation tools * feat(slack): wire create/invite conversation tools into Slack block * lint * fix(slack): rename channel output to channelInfo to avoid type collision The block outputs already declare `channel` as type string (channel ID from send operation). Rename the object output to `channelInfo` to match the pattern used by get_channel_info and avoid [object Object] rendering. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(slack): update output key in docs to match channelInfo rename Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(docs): fix lint errors in auto-generated docs files Sort imports in icon-mapping.ts and add trailing newline to meta.json. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
91a0a49264 |
feat(sidebar): add right-click context menu to settings nav item (#3715)
* feat(sidebar): add right-click context menu to settings nav item * fix(sidebar): revert settings active highlight * fix(sidebar): allow modifier-key clicks to open in new tab, make InfisicalIcon black * update icons |
||
|
Adithya Krishna
|
d1310a0c19 | chore: optimize all the images (#3713) | ||
|
Waleed
|
fa181f0155 |
fix(landing): update broken links, change colors (#3687)
* fix(landing): update broken links, change colors * update integration pages * update icons * link to tag * fix(landing): resolve build errors and address PR review comments - Extract useEffect redirect into ExternalRedirect client component to fix fs/promises bundling error in privacy/terms server pages - Fix InfisicalIcon fill='black' → fill='currentColor' for theme compatibility - Add target="_blank" + rel="noopener noreferrer" to enterprise Typeform link - Install @types/micromatch to fix missing type declarations build error Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(icons): fix InfisicalIcon fill='black' → fill='currentColor' in docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * remove hardcoded ff * fix(generate-docs): fix tool description extraction for two-step and name-mismatch patterns Replace the fragile first-id/first-description heuristic with a per-id window search: for each id: 'tool_id' match, scan the next 600 chars (stopping before any params: block) for description: and name: fields. This correctly handles the two-step pattern used by Intercom and others where the ToolConfig export comes after a separate base object whose params: would have cut off the old approach. Add an exact-name fallback that checks tools.access for a tool whose name matches the operation label — handles cases where block op IDs are short aliases (e.g. Slack 'send') while the tool ID is more descriptive ('slack_message') but the tool name 'Slack Message' still differs. Remove the word-overlap scoring fallback which was producing incorrect descriptions (Intercom all saying 'Intercom API access token', Reddit Save/Unsave inverted, etc.). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
6326353f5c |
feat(okta): add complete Okta identity management integration (#3685)
* feat(okta): add complete Okta identity management integration Add 18 Okta Management API tools covering user lifecycle (list, get, create, update, activate, deactivate, suspend, unsuspend, reset password, delete) and group management (list, get, create, update, delete, add/remove members, list members). Includes block with conditional UI, icon, registry entries, and generated docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(okta): add manual description section to generated docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(okta): address PR review — SSRF prevention, safe response parsing, consistent sendEmail - Add validateOktaDomain() to prevent SSRF via user-supplied domain param - Fix 9 tools to check response.ok before calling response.json() - Make sendEmail query param explicit in deactivate_user and delete_user Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(okta): only forward boolean switches when explicitly true Switch subBlocks default to OFF (false), which was being forwarded to tools and overriding their default-true behavior for sendEmail and activate params. Now only forward these when explicitly toggled ON. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(okta): use nullish coalescing for boolean switch defaults Block now forwards sendEmail/activate values as-is (including false). Tools use ?? operator so: explicit true/false from switches are respected, undefined (programmatic calls) still defaults to true. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(okta): prevent silent data loss in update operations - update_group: always include description in PUT body (defaults to '') since PUT replaces the full profile object - update_user: use !== undefined checks so empty strings can clear fields via Okta's POST partial update - block: allow empty strings through passthrough loop and use !== undefined for groupDescription mapping Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(okta): move validateOktaDomain to centralized input-validation - Moved validateOktaDomain from tools/okta/types.ts to lib/core/security/input-validation.ts alongside other validation utils - Added .trim() to handle copy-paste whitespace in domain input - Updated all 18 tool files to import from the new location Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
d3daab743f |
feat(microsoft-ad): add Azure AD (Entra ID) integration (#3686)
* feat(microsoft-ad): add Azure AD (Entra ID) integration Add complete Azure AD integration with 13 tools for managing users and groups via Microsoft Graph API v1.0. Includes OAuth config with PKCE, block definition with conditional subBlocks, and generated docs. Tools: list/get/create/update/delete users, list/get/create/update/delete groups, list/add/remove group members. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(microsoft-ad): add $search/$filter guard, $count=true, and memberId validation - Prevent using $search and $filter together (Graph API rejects this) - Add $count=true when $search is used (required with ConsistencyLevel: eventual) - Validate and trim memberId in add_group_member body before use Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(microsoft-ad): fix docsLink underscore and accountEnabled update safety - Change docsLink from microsoft-ad to microsoft_ad to match docs routing - Split accountEnabled dropdown into separate create/update subBlocks - Update operation shows "No Change" default (empty string) to prevent silently re-enabling disabled accounts when updating other fields - Create operation keeps "Yes" default as before Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(microsoft-ad): prevent visibility from always being sent on group update Split visibility dropdown into separate create/update subBlocks with "No Change" default for update_group, preventing silent overwrite of group visibility when updating other fields like description. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(microsoft-ad): prevent empty values leaking into PATCH requests - Use operation-aware checks for accountEnabled and visibility in block params to prevent create defaults bleeding into update operations - Change tool body guards from `!== undefined` to truthy checks so empty-string inputs from unfilled subBlocks are omitted from PATCH Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
0d22cc3186 |
feat(infisical): add Infisical secrets management integration (#3684)
* feat(infisical): add Infisical secrets management integration * fix(infisical): rename tool files to underscores, add configurable baseUrl, fix error type casts * fix(infisical): make get_secret fallback consistent with other tools * fix(infisical): add type casts to fix TypeScript build error in tag/metadata mapping * fix(infisical): guard empty secretValue, validate version number, move DELETE params to query string * fix(infisical): use falsy check for secretComment to prevent clearing existing comments |
||
|
Waleed
|
cef321bda2 |
feat(box): add Box and Box Sign integrations (#3660)
* feat(box): add Box and Box Sign integrations Add complete Box integration with file management (upload, download, get info, list folders, create/delete folders, copy, search, update metadata) and Box Sign e-signature support (create/get/list/cancel/resend sign requests). Includes OAuth provider setup, internal upload API route following the Dropbox pattern, block configurations, icon, and generated docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): address PR review comments - Fix docsLink for Box Sign: use underscore (box_sign) to match docs URL - Move normalizeFileInput from tool() to params() in Box block config to match Dropbox pattern - Throw error on invalid additionalSigners JSON instead of silently dropping signers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): remove unsupported reason param from cancel sign request The Box Sign cancel endpoint (POST /sign_requests/{id}/cancel) does not accept a request body per the API specification. Remove the misleading reason parameter from the tool, types, block config, and docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): use canonical param ID for file normalization in params() The params function must reference canonical IDs (params.file), not raw subBlock IDs (uploadFile/fileRef) which are deleted after canonical transformation. Matches the Dropbox block pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): use generic output descriptions for shared file properties Rename "Uploaded file ID/name" to "File ID/name" in UPLOAD_FILE_OUTPUT_PROPERTIES since the constant is shared by both upload and copy operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): rename items output to entries for list_folder_items Rename the output field from "items" to "entries" to match Box API naming and avoid collision with JSON schema "items" keyword that prevented the docs generator from rendering the nested array structure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): filter empty file IDs from sourceFileIds input Add .filter(Boolean) after splitting sourceFileIds to prevent empty strings from trailing/double commas being sent as invalid file IDs to the Box Sign API. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(box): merge Box Sign into single Box block Combine Box and Box Sign into one unified block with all 15 operations accessible via a single dropdown, removing the separate box_sign block. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): filter empty strings from tags array in update_file Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(docs): apply lint formatting to icon-mapping and meta.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(box): format chained method calls per linter rules Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(box,docusign): set block bgColor to white and regenerate docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(docs): apply lint formatting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): populate OAuth scopes for Box since token response omits them Box's OAuth2 token endpoint does not return a scope field in the response, so Better Auth stores nothing in the DB. This causes the credential selector to always show "Additional permissions required". Fix by populating the scope from the requested scopes in the account.create.before hook. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(box): add sign_requests.readwrite scope for Box Sign operations Box Sign API requires the sign_requests.readwrite scope in addition to root_readwrite. Without it, sign requests fail with "The request requires higher privileges than provided by the access token." Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update docs --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
638063cac1 |
feat(docusign): add docusign integration (#3661)
* feat(docusign): add DocuSign e-signature integration * fix(docusign): add base_uri null check and move file normalization to params * fix(docusign): use canonical param documentFile instead of raw subBlock IDs * fix(docusign): validate document file is present before sending envelope * fix(docusign): rename tool files from kebab-case to snake_case for docs generation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Siddharth Ganesan
|
8fa4f3fdbb |
fix(mothership): thinking and subagent text (#3613)
* Thinking v0 * Change * Fix * improvement(ui/ux): mothership chat experience * user input animation * improvement(landing): desktop complete * auth and 404 * mobile friendliness and home templates * improvement(home): templates * fix: feature flags * address comments --------- Co-authored-by: Emir Karabeg <emirkarabeg@berkeley.edu> |
||
|
Waleed
|
b930ee311f | improvement(tables): tables multi-select, keyboard shortcuts, and docs (#3615) | ||
|
Waleed
|
8837f14194 |
feat(home): expand template examples with 83 categorized templates (#3592)
* feat(home): expand template examples with 83 categorized templates - Extract template data into consts.ts with rich categorization (category, modules, tags) - Expand from 6 to 83 templates across 7 categories: sales, support, engineering, marketing, productivity, operations - Add show more/collapse UI with category groupings for non-featured templates - Add connector-powered knowledge search templates (Gmail, Slack, Notion, Jira, Linear, Salesforce, etc.) - Add platform-native templates (document summarizer, bulk data classifier, knowledge assistant, etc.) - Optimize prompts for mothership execution with explicit resource creation and integration names - Add tags field for future cross-cutting filtering by persona, pattern, and domain - React 19.2.1 → 19.2.4 upgrade * fix(home): remove WhatsApp customer notifications template * fix(home): add aria-expanded to toggle button, skip popular in expanded view * fix(home): fix category display order, add aria-label to template cards |
||
|
Waleed
|
d06aa1de7e |
fix(connectors): align connector scopes with oauth config and fix kb modal UX (#3573)
* fix(connectors): align connector scopes with oauth config and fix kb modal UX * fix(connectors): restore onCheckedChange for keyboard accessibility * feat(connectors): add dynamic selectors to knowledge base connector config Replace manual ID text inputs with dynamic selector dropdowns that fetch options from the existing selector registry. Users can toggle between selector and manual input via canonical pairs (basic/advanced mode). Adds selector support to 12 connectors: Airtable (cascading base→table), Slack, Gmail, Google Calendar, Linear (cascading team→project), Jira, Confluence, MS Teams (cascading team→channel), Notion, Asana, Webflow, and Outlook. Dependency clearing propagates across canonical siblings to prevent stale cross-mode data on submit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * updated animated blocks UI * fix(connectors): clear canonical siblings of dependents and resolve active mode values Fixes three issues from PR review: - Dependency clearing now includes canonical siblings of dependent fields (e.g., changing base clears both tableSelector AND tableIdOrName) - Selector context and depsResolved now resolve dependency values through the active canonical mode, not just the raw depFieldId - Tooltip text changed from "Switch to manual ID" to "Switch to manual input" to correctly describe dropdown fallbacks (e.g., Outlook folder) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: linter class ordering fixes and docs link update Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(connectors): reset apiKeyFocused on connector re-selection Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|
Siddharth Ganesan
|
5b9f0d73c2 |
feat(mothership): mothership (#3411)
* Fix lint * improvement(sidebar): loading * fix(sidebar): use client-generated UUIDs for stable optimistic updates (#3439) * fix(sidebar): use client-generated UUIDs for stable optimistic updates * fix(folders): use zod schema validation for folder create API Replace inline UUID regex with zod schema validation for consistency with other API routes. Update test expectations accordingly. * fix(sidebar): add client UUID to single workflow duplicate hook The useDuplicateWorkflow hook was missing newId: crypto.randomUUID(), causing the same temp-ID-swap issue for single workflow duplication from the context menu. * fix(folders): avoid unnecessary Set re-creation in replaceOptimisticEntry Only create new expandedFolders/selectedFolders Sets when tempId differs from data.id. In the common happy path (client-generated UUIDs), this avoids unnecessary Zustand state reference changes and re-renders. * Mothership block logs * Fix mothership block logs * improvement(knowledge): make connector-synced document chunks readonly (#3440) * improvement(knowledge): make connector-synced document chunks readonly * fix(knowledge): enforce connector chunk readonly on server side * fix(knowledge): disable toggle and delete actions for connector-synced chunks * Job exeuction logs * Job logs * fix(connectors): remove unverifiable requiredScopes for Linear connector * fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors Jira and Confluence OAuth tokens don't return legacy scope names like read:jira-work or read:confluence-content.all, causing the 'Update access' banner to always appear. Set requiredScopes to empty array like Linear. * feat(tasks): add rename to task context menu (#3442) * Revert "fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors" This reverts commit |
||
|
Waleed
|
a8bbab2d21 |
feat(google-ads): add google ads integration for campaign and ad performance queries (#3360)
* feat(google-ads): add google ads integration for campaign and ad performance queries
* fix(google-ads): add input validation for GAQL query parameters
* fix(google-ads): remove deprecated pageSize param, fix searchSettings nesting, add missing date ranges
* fix(google-ads): validate managerCustomerId before use in login-customer-id header
* chore(docs): regenerate docs after google ads integration
* fix(google-ads): use centralized scope utilities and add type re-export
- Replace hardcoded scopes in auth.ts with getCanonicalScopesForProvider('google-ads')
- Replace hardcoded requiredScopes in block with getScopesForService('google-ads')
- Add type re-export from index.ts barrel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(google-ads): add userinfo scopes to oauth provider config
Align google-ads with all other Google services by including
userinfo.email and userinfo.profile scopes in the centralized
OAUTH_PROVIDERS config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
||
|
Waleed
|
4cb0f4a2b0 |
feat(ashby): add webhook triggers with automatic lifecycle management (#3548)
* feat(ashby): add webhook triggers with automatic lifecycle management * fix(ashby): address PR review comments - Restore mode: 'advanced' on updateName sub-block - Move action after spread in formatWebhookInput to prevent override - Remove generic webhook trigger (Ashby requires webhookType) * fix(ashby): throw on unknown triggerId, always include webhookType * fix(ashby): address PR review feedback - paramVisibility, stageType, json catch - Add paramVisibility: 'user-only' to apiKey extra field - Remove stageType from candidateStageChange/candidateHire outputs (TriggerOutput type conflict with 'type' field) - Add .catch() fallback to .json() parse in createAshbyWebhookSubscription - Fix candidateStageChange outputs to match actual Ashby application payload structure * fix(ashby): add missing applicationSubmit outputs, fix delete log branches - Add candidate, currentInterviewStage, job to applicationSubmit outputs - Split delete webhook log into ok/404/error branches for accurate logging * fix(ashby): drain response body on delete, clarify decidedAt description - Cancel unconsumed response body in ok/404 delete branches to free connections - Update decidedAt description to note it's typically null at offer creation * fix(ashby): eliminate double-logging, fix hiringTeam JSDoc - Remove pre-throw warn/error logs; catch block is single logging point - Remove hiringTeam from candidateHire JSDoc (TriggerOutput doesn't support arrays) |
||
|
Waleed
|
e7b4da2689 |
feat(slack): add email field to get user and list users tools (#3509)
* feat(slack): add email field to get user and list users tools * fix(slack): use empty string fallback for email and make type non-optional * fix(slack): comment out users:read.email scope pending app review |
||
|
Waleed
|
97f78c60b4 |
feat(tools): add Fathom AI Notetaker integration (#3531)
* feat(fathom): add Fathom AI Notetaker integration * fix(fathom): address PR review feedback - Add response.ok checks to all 5 tool transformResponse functions - Fix include_summary default to respect explicit false (check undefined) - Add externalId validation before URL interpolation in webhook deletion * fix(fathom): address second round PR review feedback - Remove redundant 204 status check in deleteFathomWebhook (204 is ok) - Use consistent undefined-guard pattern for all include flags - Add .catch() fallback on webhook creation JSON parse - Change recording_id default from 0 to null to avoid misleading sentinel * fix(fathom): add missing crm_matches to list_meetings transform and fix action_items type - Add crm_matches pass-through in list_meetings transform (was silently dropped) - Fix action_items type to match API schema (description, user_generated, completed, etc.) - Add crm_matches type with contacts, companies, deals, error fields * fix(fathom): guard against undefined webhook id on creation success * fix(fathom): add type to nested trigger outputs and fix boolean coercion - Add type: 'object' to recorded_by and default_summary trigger outputs - Use val === true || val === 'true' pattern for include flag coercion to safely handle both boolean and string values from providerConfig --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> |
||
|
Waleed
|
2e1c639a81 |
fix(parallel): align integration with Parallel AI API docs (#3501)
* fix(parallel): align integration with Parallel AI API docs * fix(parallel): keep processor subBlock ID for backwards compatibility * fix(parallel): move error field to top level per ToolResponse interface * fix(parallel): guard research_input and prevent domain leakage across operations * fix(parallel): make url/title nullable in types to match transformResponse * fix(parallel): revert search_queries param type to string for backwards compatibility |
||
|
Waleed
|
1ba1bc8edb |
feat(evernote): add Evernote integration with 11 tools (#3456)
* feat(evernote): add Evernote integration with 11 tools * fix(evernote): fix signed integer mismatch in Thrift version check * fix(evernote): fix exception field mapping and add sandbox support * fix(evernote): address PR review feedback * fix(evernote): clamp maxNotes to Evernote's 250 limit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
53fd92a30a |
feat(obsidian): add Obsidian integration with 15 tools (#3455)
* feat(obsidian): add Obsidian integration with 15 tools * fix(obsidian): encode path segments individually to preserve slashes * improvement(obsidian): add type re-exports and improve output descriptions * fix(obsidian): remove unreachable 404 handling from transformResponse |
||
|
Waleed
|
0a52b09deb |
feat(jira): add search_users tool for user lookup by email (#3451)
* feat(jira): add search_users tool for user lookup by email * improvement(jira): reuse shared transformUser utility in search_users * improvement(jira): add pagination fields to search_users response * update * fix(jira): filter falsy entries before transforming search_users results * fix(jira): add defensive fallback for nullable transformUser in search_users * fix(jira): align search_users response type with transformUser return type |