* fix(tools): support stringified HTTP request tables
Accept stored header and query tables after they are reloaded from UI JSON so HTTP requests keep their query strings and URL-encoded body handling intact.
* test: mock AuthType in async execute route
* test(tools): cover invalid stringified HTTP inputs
---------
Co-authored-by: test <test@example.com>
* fix(cancel): report cancellation durability truthfully
Return explicit durability results for execution cancellation so success only reflects persisted cancellation state instead of best-effort Redis availability.
* fix: hoist cancellation test mocks
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(sim): harden execution cancel durability
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(sim): fallback manual cancel without redis
Abort active manual SSE executions locally when Redis cannot durably record the cancellation marker so the run still finalizes as cancelled instead of completing normally.
* test: mock AuthType in async execute route
Keep the rebased async execute route test aligned with the current hybrid auth module exports so it exercises the queueing path instead of failing at import time.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: test <test@example.com>
* fix(ashby): add secretToken to webhook creation and fix trigger UX
* fix(toast): restore useMemo for context value to prevent unnecessary re-renders
* fix(notifications): track exit animation timeout so pauseAll can cancel it
* fix(notifications): use isPausedRef to guard exit timeout instead of synthetic timer keys
* fix(notifications): clear pending timers when notification stack empties
* improvement(mothership): message queueing for home chat
* fix(mothership): address PR review — move FileAttachmentForApi to types, defer onEditValueConsumed to effect, await sendMessage in sendNow
* fix(mothership): replace updater side-effect with useEffect ref sync, move sendMessageRef to useLayoutEffect
* fix(mothership): clear message queue on chat switch while sending
* fix(mothership): remove stale isSending from handleKeyDown deps
* fix(mothership): guard sendNow against double-click duplicate sends
* fix(mothership): simplify queue callbacks — drop redundant deps and guard ref
- Remove `setMessageQueue` from useCallback deps (stable setter, never changes)
- Replace `sendNowProcessingRef` double-click guard with eager `messageQueueRef` update
- Simplify `editQueuedMessage` with same eager-ref pattern for consistency
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(mothership): clear edit value on nav, stop queue drain on send failure
- Reset editingInputValue when chatId changes so stale edit text
doesn't leak into the next chat
- Pass error flag to finalize so queue is cleared (not drained) when
sendMessage fails — prevents cascading failures on auth expiry or
rate limiting from silently consuming every queued message
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(mothership): eagerly update messageQueueRef in removeFromQueue
Match the pattern used by sendNow and editQueuedMessage — update the
ref synchronously so finalize's microtask cannot read a stale queue
and drain a message the user just removed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(mothership): mark onSendNow as explicit fire-and-forget
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(connectors): align connector scopes with oauth config and fix kb modal UX
* fix(connectors): restore onCheckedChange for keyboard accessibility
* feat(connectors): add dynamic selectors to knowledge base connector config
Replace manual ID text inputs with dynamic selector dropdowns that fetch
options from the existing selector registry. Users can toggle between
selector and manual input via canonical pairs (basic/advanced mode).
Adds selector support to 12 connectors: Airtable (cascading base→table),
Slack, Gmail, Google Calendar, Linear (cascading team→project), Jira,
Confluence, MS Teams (cascading team→channel), Notion, Asana, Webflow,
and Outlook. Dependency clearing propagates across canonical siblings to
prevent stale cross-mode data on submit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* updated animated blocks UI
* fix(connectors): clear canonical siblings of dependents and resolve active mode values
Fixes three issues from PR review:
- Dependency clearing now includes canonical siblings of dependent fields
(e.g., changing base clears both tableSelector AND tableIdOrName)
- Selector context and depsResolved now resolve dependency values through
the active canonical mode, not just the raw depFieldId
- Tooltip text changed from "Switch to manual ID" to "Switch to manual input"
to correctly describe dropdown fallbacks (e.g., Outlook folder)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: linter class ordering fixes and docs link update
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(connectors): reset apiKeyFocused on connector re-selection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix lint
* improvement(sidebar): loading
* fix(sidebar): use client-generated UUIDs for stable optimistic updates (#3439)
* fix(sidebar): use client-generated UUIDs for stable optimistic updates
* fix(folders): use zod schema validation for folder create API
Replace inline UUID regex with zod schema validation for consistency
with other API routes. Update test expectations accordingly.
* fix(sidebar): add client UUID to single workflow duplicate hook
The useDuplicateWorkflow hook was missing newId: crypto.randomUUID(),
causing the same temp-ID-swap issue for single workflow duplication
from the context menu.
* fix(folders): avoid unnecessary Set re-creation in replaceOptimisticEntry
Only create new expandedFolders/selectedFolders Sets when tempId
differs from data.id. In the common happy path (client-generated UUIDs),
this avoids unnecessary Zustand state reference changes and re-renders.
* Mothership block logs
* Fix mothership block logs
* improvement(knowledge): make connector-synced document chunks readonly (#3440)
* improvement(knowledge): make connector-synced document chunks readonly
* fix(knowledge): enforce connector chunk readonly on server side
* fix(knowledge): disable toggle and delete actions for connector-synced chunks
* Job exeuction logs
* Job logs
* fix(connectors): remove unverifiable requiredScopes for Linear connector
* fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors
Jira and Confluence OAuth tokens don't return legacy scope names like
read:jira-work or read:confluence-content.all, causing the 'Update access'
banner to always appear. Set requiredScopes to empty array like Linear.
* feat(tasks): add rename to task context menu (#3442)
* Revert "fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors"
This reverts commit a0be3ff414.
* fix(connectors): restore Linear connector requiredScopes
Linear OAuth does return scopes in the token response. The previous
fix of emptying requiredScopes was based on an incorrect assumption.
Restoring requiredScopes: ['read'] as it should work correctly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(knowledge): pass workspaceId to useOAuthCredentials in connector card
The ConnectorCard was calling useOAuthCredentials(providerId) without
a workspaceId, causing the credentials API to return an empty array.
This meant the credential lookup always failed, getMissingRequiredScopes
received undefined, and the "Update access" banner always appeared.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix oauth link callback from mothership task
* feat(connectors): add Fireflies connector and API key auth support (#3448)
* feat(connectors): add Fireflies connector and API key auth support
Extend the connector system to support both OAuth and API key authentication
via a discriminated union (`ConnectorAuthConfig`). Add Fireflies as the first
API key connector, syncing meeting transcripts via the Fireflies GraphQL API.
Schema changes:
- Make `credentialId` nullable (null for API key connectors)
- Add `encryptedApiKey` column (AES-256-GCM encrypted, null for OAuth)
This eliminates the `'_apikey_'` sentinel and inline `sourceConfig._encryptedApiKey`
patterns, giving each auth mode its own clean column.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(fireflies): allow 0 for maxTranscripts (means unlimited)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add context
* fix(fireflies): correct types from live API validation (#3450)
* fix(fireflies): correct types from live API validation
- speakers.id is number, not string (API returns 0, 1, 2...)
- summary.action_items is a single string, not string[]
- Update formatTranscriptContent to handle action_items as string
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(fireflies): correct tool types from live API validation
- FirefliesSpeaker.id: string -> number
- FirefliesSentence.speaker_id: string -> number
- FirefliesSpeakerAnalytics.speaker_id: string -> number
- FirefliesSummary.action_items: string[] -> string
- FirefliesSummary.outline: string[] -> string
- FirefliesSummary.shorthand_bullet: string[] -> string
- FirefliesSummary.bullet_gist: string[] -> string
- FirefliesSummary.topics_discussed: string[] -> string
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(knowledge): add connector tools and expand document metadata (#3452)
* feat(knowledge): add connector tools and expand document metadata
* fix(knowledge): address PR review feedback on new tools
* fix(knowledge): remove unused params from get_document transform
* refactor, improvement
* fix: correct knowledge block canonical pair pattern and subblock migration
- Rename manualDocumentId to documentId (advanced subblock ID should match
canonicalParamId, consistent with airtable/gmail patterns)
- Fix documentSelector.dependsOn to reference knowledgeBaseSelector (basic
depends on basic, not advanced)
- Remove unnecessary documentId migration (ID unchanged from main)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
* fix: resolve post-merge test and lint failures
- airtable: sync tableSelector condition with tableId (add getSchema)
- backfillCanonicalModes test: add documentId mode to prevent false backfill
- schedule PUT test: use invalid action string now that disable is valid
- schedule execute tests: add ne mock, sourceType field, use
mockReturnValueOnce for two db.update calls
- knowledge tools: fix biome formatting (single-line arrow functions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fixes
* Fixes
* Clean vfs
* Fix
* Fix lint
* fix(connectors): add rate limiting, concurrency controls, and bug fixes (#3457)
* fix(connectors): add rate limiting, concurrency controls, and bug fixes across knowledge connectors
- Add Retry-After header support to fetchWithRetry for all 18 connectors
- Batch concurrent API calls (concurrency 5) in Dropbox, Google Docs, Google Drive, OneDrive, SharePoint
- Batch concurrent API calls (concurrency 3) in Notion to match 3 req/s limit
- Cache GitHub tree in syncContext to avoid re-fetching on every pagination page
- Batch GitHub blob fetches with concurrency 5
- Fix GitHub base64 decoding: atob() → Buffer.from() for UTF-8 safety
- Fix HubSpot OAuth scope: 'tickets' → 'crm.objects.tickets.read' (v3 API)
- Fix HubSpot syncContext key: totalFetched → totalDocsFetched for consistency
- Add jitter to nextSyncAt (10% of interval, capped at 5min) to prevent thundering herd
- Fix Date consistency in connector DELETE route
* fix(connectors): address PR review feedback on retry and SharePoint batching
- Remove 120s cap on Retry-After — pass all values through to retry loop
- Add maxDelayMs guard: if Retry-After exceeds maxDelayMs, throw immediately
instead of hammering with shorter intervals (addresses validate timeout concern)
- Add early exit in SharePoint batch loop when maxFiles limit is reached
to avoid unnecessary API calls
* fix(connectors): cap Retry-After at maxDelayMs instead of aborting
Match Google Cloud SDK behavior: when Retry-After exceeds maxDelayMs,
cap the wait to maxDelayMs and log a warning, rather than throwing
immediately. This ensures retries are bounded in duration while still
respecting server guidance within the configured limit.
* fix(connectors): add early-exit guard to Dropbox, Google Docs, OneDrive batch loops
Match the SharePoint fix — skip remaining batches once maxFiles limit
is reached to avoid unnecessary API calls.
* improvement(turbo): align turborepo config with best practices (#3458)
* improvement(turbo): align turborepo config with best practices
* fix(turbo): address PR review feedback
* fix(turbo): add lint:check task for read-only lint+format CI checks
lint:check previously delegated to format:check which only checked
formatting. Now it runs biome check (no --write) which enforces both
lint rules and formatting without mutating files.
* upgrade turbo
* improvement(perf): apply react and js performance optimizations across codebase (#3459)
* improvement(perf): apply react and js performance optimizations across codebase
- Parallelize independent DB queries with Promise.all in API routes
- Defer PostHog and OneDollarStats via dynamic import() to reduce bundle size
- Use functional setState in countdown timers to prevent stale closures
- Replace O(n*m) .filter().find() with Set-based O(n) lookups in undo-redo
- Use .toSorted() instead of .sort() for immutable state operations
- Use lazy initializers for useState(new Set()) across 20 components
- Remove useMemo wrapping trivially cheap expressions (typeof, ternary, template strings)
- Add passive: true to scroll event listener
* fix(perf): address PR review feedback
- Extract IIFE Set patterns to named consts for readability in use-undo-redo
- Hoist Set construction above loops in BATCH_UPDATE_PARENT cases
- Add .catch() error handler to PostHog dynamic import
- Convert session-provider posthog import to dynamic import() to complete bundle split
* fix(analytics): add .catch() to onedollarstats dynamic import
* improvement(resource): tables, files
* improvement(resources): all outer page structure complete
* refactor(queries): comprehensive TanStack Query best practices audit (#3460)
* refactor: comprehensive TanStack Query best practices audit and migration
- Add AbortSignal forwarding to all 41 queryFn implementations for proper request cancellation
- Migrate manual fetch patterns to useMutation hooks (useResetPassword, useRedeemReferralCode, usePurchaseCredits, useImportWorkflow, useOpenBillingPortal, useAllowedMcpDomains)
- Migrate standalone hooks to TanStack Query (use-next-available-slot, use-mcp-server-test, use-webhook-management, use-referral-attribution)
- Fix query key factories: add missing `all` keys, replace inline keys with factory methods
- Fix optimistic mutations: use onSettled instead of onSuccess for cache reconciliation
- Replace overly broad cache invalidations with targeted key invalidation
- Remove keepPreviousData from static-key queries where it provides no benefit
- Add staleTime to queries missing explicit cache duration
- Fix `any` type in UpdateSettingParams with proper GeneralSettings typing
- Remove dead code: loadingWebhooks/checkedWebhooks from subblock store, unused helper functions
- Update settings components (general, debug, referral-code, credit-balance, subscription, mcp) to use mutation state instead of manual useState for loading/error/success
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unstable mutation object from useCallback deps
openBillingPortal mutation object is not referentially stable,
but .mutate() is stable in TanStack Query v5. Remove from deps
to prevent unnecessary handleBadgeClick recreations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add missing byWorkflows invalidation to useUpdateTemplate
The onSettled handler was missing the byWorkflows() invalidation
that was dropped during the onSuccess→onSettled migration. Without
this, the deploy modal (useTemplateByWorkflow) would show stale data
after a template update.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add TanStack Query best practices to CLAUDE.md and cursor rules
Add comprehensive React Query best practices covering:
- Hierarchical query key factories with intermediate plural keys
- AbortSignal forwarding in all queryFn implementations
- Targeted cache invalidation over broad .all invalidation
- onSettled for optimistic mutation cache reconciliation
- keepPreviousData only on variable-key queries
- No manual fetch in components rule
- Stable mutation references in useCallback deps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR review feedback
- Fix syncedRef regression in use-webhook-management: only set
syncedRef.current=true when webhook is found, so re-sync works
after webhook creation (e.g., post-deploy)
- Remove redundant detail(id) invalidation from useUpdateTemplate
onSettled since onSuccess already populates cache via setQueryData
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address second round of PR review feedback
- Reset syncedRef when blockId changes in use-webhook-management so
component reuse with a different block syncs the new webhook
- Add response.ok check in postAttribution so non-2xx responses
throw and trigger TanStack Query retry logic
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use lists() prefix invalidation in useCreateWorkspaceCredential
Use workspaceCredentialKeys.lists() instead of .list(workspaceId) so
filtered list queries are also invalidated on credential creation,
matching the pattern used by update and delete mutations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address third round of PR review feedback
- Add nullish coalescing fallback for bonusAmount in referral-code
to prevent rendering "undefined" when server omits the field
- Reset syncedRef when queryEnabled becomes false so webhook data
re-syncs when the query is re-enabled without component remount
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address fourth round of PR review feedback
- Add AbortSignal to testMcpServerConnection for consistency
- Wrap handleTestConnection in try/catch for mutateAsync error handling
- Replace broad subscriptionKeys.all with targeted users()/usage() invalidation
- Add intermediate users() key to subscription key factory for prefix matching
- Add comment documenting syncedRef null-webhook behavior
- Fix api-keys.ts silent error swallowing on non-ok responses
- Move deployments.ts cache invalidation from onSuccess to onSettled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: achieve full TanStack Query best practices compliance
- Add intermediate plural keys to api-keys, deployments, and schedules
key factories for prefix-based invalidation support
- Change copilot-keys from refetchQueries to invalidateQueries
- Add signal parameter to organization.ts fetch functions (better-auth
client does not support AbortSignal, documented accordingly)
- Move useCreateMcpServer invalidation from onSuccess to onSettled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* ran lint
* Fix tables row count
* Update mothership to match copilot in logs
* improvement(resource): layout
* fix(knowledge): compute KB tokenCount from documents instead of stale column (#3463)
The knowledge_base.token_count column was initialized to 0 and never
updated. Replace with COALESCE(SUM(document.token_count), 0) in all
read queries, which already JOIN on documents with GROUP BY.
* improvement(resources): layout and items
* feat(knowledge): add v1 knowledge base API, Obsidian/Evernote connectors, and docs (#3465)
* feat(knowledge): add v1 knowledge base API, Obsidian/Evernote connectors, and docs
- Add v1 REST API for knowledge bases (CRUD, document management, vector search)
- Add Obsidian and Evernote knowledge base connectors
- Add file type validation to v1 file and document upload endpoints
- Update OpenAPI spec with knowledge base endpoints and schemas
- Add connectors documentation page
- Apply query hook formatting improvements
* fix(knowledge): address PR review feedback
- Remove validateFileType from v1/files route (general file upload, not document-only)
- Reject tag filters when searching multiple KBs (tag defs are KB-specific)
- Cache tag definitions to avoid duplicate getDocumentTagDefinitions call
- Fix Obsidian connector silent empty results when syncContext is undefined
* improvement(connectors): add syncContext to getDocument, clean up caching
- Update docs to say 20+ connectors
- Add syncContext param to ConnectorConfig.getDocument interface
- Use syncContext in Evernote getDocument to cache tag/notebook maps
- Replace index-based cache check with Map keyed by KB ID in search route
* fix(knowledge): address second round of PR review feedback
- Fix Zod .default('text') overriding tag definition's actual fieldType
- Fix encodeURIComponent breaking multi-level folder paths in Obsidian
- Use 413 instead of 400 for file-too-large in document upload
- Add knowledge-bases to API reference docs navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(knowledge): prevent cross-workspace KB access in search
Filter accessible KBs by matching workspaceId from the request,
preventing users from querying KBs in other workspaces they have
access to but didn't specify.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(knowledge): audit resourceId, SSRF protection, recursion depth limit
- Fix recordAudit using knowledgeBaseId instead of newDocument.id
- Add SSRF validation to Obsidian connector (reject private/loopback URLs)
- Add max recursion depth (20) to listVaultFiles
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(obsidian): remove SSRF check that blocks localhost usage
The Obsidian connector is designed to connect to the Local REST API
plugin running on localhost (127.0.0.1:27124). The SSRF check was
incorrectly blocking this primary use case.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(resources): segmented API
* fix(execution): ensure background tasks await post-execution DB status updates (#3466)
The fire-and-forget IIFE in execution-core.ts for post-execution logging could be abandoned when trigger.dev tasks exit, leaving executions permanently stuck in "running" status. Store the promise on LoggingSession so background tasks can optionally await it before returning.
* improvement(resource): sorting and icons
* fix(resource): sorting
* improvement(settings): fix mcp modal, add option to edit JSON and add Sim as an MCP client (#3467)
* improvement(settings): fix mcp modal, add option to edit JSON and add Sim as an MCP client
* added docs link in sidebar
* ack comments
* ack comments
* fixed error msg
* feat(mothership): billing (#3464)
* Billing update
* more billing improvements
* credits UI
* credit purchase safety
* progress
* ui improvements
* fix cancel sub
* fix types
* fix daily refresh for teams
* make max features differentiated
* address bugbot comments
* address greptile comments
* revert isHosted
* address more comments
* fix org refresh bar
* fix ui rounding
* fix minor rounding
* fix upgrade issue for legacy plans
* fix formatPlanName
* fix email dispay names
* fix legacy team reference bugs
* referral bonus in credits
* fix org upgrade bug
* improve logs
* respect toggle for paid users
* fix landing page pro features and usage limit checks
* fixed query and usage
* add unit test
* address more comments
* enterprise guard
* fix limits bug
* pass period start/end for overage
* fix(sidebar): restore drag-and-drop for workflows and folders (#3470)
* fix(sidebar): restore drag-and-drop for workflows and folders
Made-with: Cursor
* update docs, unrelated
* improvement(tables): consolidation
* feat(schedules): add schedule creator modal for standalone jobs
Add modal to create standalone scheduled jobs from the Schedules page.
Includes POST API endpoint, useCreateSchedule mutation hook, and full
modal with schedule type selection, timezone, lifecycle, and live preview.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(schedules): add edit support with context menu for standalone jobs
* style(schedules): apply linter formatting
* improvement: tables, favicon
* feat(files): inline file viewer with text editing (#3475)
* feat(files): add inline file viewer with text editing and create file modal
Add file preview/edit functionality to the workspace files page. Text files
(md, json, txt, yaml, etc.) open in an editable textarea with Cmd/Ctrl+S save.
PDFs render in an iframe. New file button creates empty .md files via a modal.
Uses ResourceHeader breadcrumbs and ResourceOptionsBar for save/download/delete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(files): add UX polish, PR review fixes, and context menu
- Add unsaved changes guard modal (matching credentials manager pattern)
- Add delete confirmation modal for both viewer and context menu
- Add save status feedback (Save → Saving... → Saved)
- Add right-click context menu with Open, Download, Delete actions
- Add 50MB file size limit on content update API
- Add storage quota check before content updates
- Add response.ok guard on download to prevent corrupt files
- Add skeleton loading for pending file selection (prevents flicker)
- Fix updateContent in handleSave dependency array
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): propagate save errors and remove redundant sizeDiff
- Remove try/catch in TextEditor.handleSave so errors propagate to
parent, which correctly shows save failure status
- Remove redundant inner sizeDiff declaration that shadowed outer scope
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): remove unused textareaRef
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): move Cmd+S to parent, add save error feedback, hide save for non-text files
- Move Cmd+S keyboard handler from TextEditor to Files so it goes
through the parent handleSave with proper status management
- Add 'error' save status with red "Save failed" label that auto-resets
- Only show Save button for text-editable file types (md, txt, json, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(files): add save tooltip, deduplicate text-editable extensions
- Add Tooltip on Save button showing Cmd+S / Ctrl+S shortcut
- Export TEXT_EDITABLE_EXTENSIONS from file-viewer and reuse in files.tsx
instead of duplicating the list inline
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract isMacPlatform to shared utility
Move isMacPlatform() from global-commands-provider.tsx to
lib/core/utils/platform.ts so it can be reused by files.tsx tooltip
without duplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(files): deduplicate delete modal, use shared formatFileSize
- Extract DeleteConfirmModal component to eliminate duplicate modal
markup between viewer and list modes
- Replace local formatFileSize with shared utility from file-utils.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): fix a11y label lint error and remove mutation object from useCallback deps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): add isDirty guard on handleSave, return proper HTTP status codes
Prevents "Saving → Saved" flash when pressing Cmd+S with no changes.
Returns 404 for file-not-found and 402 for quota-exceeded instead of 500.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): reset isDirty/saveStatus on delete and discard, remove deprecated navigator.platform
- Clear isDirty and saveStatus when deleting the currently-viewed file to
prevent spurious beforeunload prompts
- Reset saveStatus on discard to prevent stale "Save failed" when opening
another file
- Remove deprecated navigator.platform, userAgent fallback covers all cases
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): prevent concurrent saves on rapid Cmd+S, add YAML MIME types
- Add saveStatus === 'saving' guard to handleSave to prevent duplicate
concurrent PUT requests from rapid keyboard shortcuts
- Add yaml/yml MIME type mappings to getMimeTypeFromExtension
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(files): reuse shared extension constants, parallelize cancelQueries
- Replace hand-rolled SUPPORTED_EXTENSIONS with composition from existing
SUPPORTED_DOCUMENT/AUDIO/VIDEO_EXTENSIONS in validation.ts
- Parallelize sequential cancelQueries calls in delete mutation onMutate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): guard handleCreate against duplicate calls while pending
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): show upload progress on the Upload button, not New file
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): use ref-based guard for create pending state to avoid stale closure
The uploadFile.isPending check was stale because the mutation object
is excluded from useCallback deps (per codebase convention). Using a
ref ensures the guard works correctly across rapid Enter key presses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* cleanup(files): use shared icon import, remove no-op props, wrap handler in useCallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement: tables, dropdown
* improvement(docs): align sidebar method badges and polish API reference styling (#3484)
* improvement(docs): align sidebar method badges and polish API reference styling
* fix(docs): revert className prop on DocsPage for CI compatibility
* fix(docs): restore oneOf schema for delete rows and use rem units in CSS
* fix(docs): replace :has() selectors with direct className for reliable prod layout
The API docs layout was intermittently narrow in production because CSS
:has(.api-page-header) selectors are unreliable in Tailwind v4 production
builds. Apply className="openapi-page" directly to DocsPage and replace
all 64 :has() selectors with .openapi-page class targeting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): bypass TypeScript check for className prop on DocsPage
Use spread with type assertion to pass className to DocsPage, working
around a CI type resolution issue where the prop exists at runtime but
is not recognized by TypeScript in the Vercel build environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): use inline style tag for grid layout, revert CSS to :has() selectors
The className prop on DocsPage doesn't exist in the fumadocs-ui version
resolved on Vercel, so .openapi-page was never applied and all 64 CSS
rules broke. Revert to :has(.api-page-header) selectors for styling and
use an inline <style> tag for the critical grid-column layout override,
which is SSR'd and doesn't depend on any CSS selector matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): add pill styling to footer navigation method badges
The footer nav badges (POST, GET, etc.) had color from data-method rules
but lacked the structural pill styling (padding, border-radius, font-size).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): use named grid lines instead of numeric column indices (#3487)
Root cause: the fumadocs grid template has 3 columns in production but
5 columns in local dev. Our CSS used `grid-column: 3 / span 2` which
targeted the wrong column in the 3-column grid, placing content in
the near-zero-width TOC column instead of the main content column.
Fix: use `grid-column: main-start / toc-end` which uses CSS named grid
lines from grid-template-areas, working regardless of column count.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(resource): layout
* improvement: icon, resource header options
* improvement: icons
* fix(files): icon
* feat(tables): column operations, row ordering, V1 API (#3488)
* feat(tables): add column operations, row ordering, V1 columns API, and OpenAPI spec
Adds column rename/delete/type change/constraint updates to the tables module,
row ordering via position column, UI metadata schema, V1 public API for column
operations with rate limiting and audit logging, and OpenAPI documentation.
Key changes:
- Service-layer column operations with validation (name pattern, type compatibility, unique/required constraints)
- Position column on user_table_rows with composite index for efficient ordering
- V1 /api/v1/tables/{tableId}/columns endpoint (POST/PATCH/DELETE) with rate limiting and audit
- Shared Zod schemas extracted to table/utils.ts using COLUMN_TYPES constant
- Targeted React Query invalidation (row vs schema mutations) with consistent onSettled usage
- OpenAPI 3.1.0 spec for columns endpoint with code samples
- Position field added to all row response mappings for consistency
- Sort fallback to position ordering when buildSortClause returns null
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): use specific error prefixes instead of broad "Cannot" match
Prevents internal TypeErrors (e.g. "Cannot read properties of undefined")
from leaking as 400 responses. Now matches only domain-specific errors:
"Cannot delete the last column" and "Cannot set column".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): reject Infinity and NaN in number type compatibility check
Number.isFinite rejects Infinity, -Infinity, and NaN, preventing
non-finite values from passing column type validation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): invalidate table list on row create/delete for stale rowCount
Row create and delete mutations now invalidate the table list cache since
it includes a computed rowCount. Row updates (which don't change count)
continue to only invalidate row queries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): add column name length check, deduplicate name gen, reset pagination on clear
- Add MAX_COLUMN_NAME_LENGTH validation to addTableColumn (was missing,
renameColumn already had it)
- Extract generateColumnName helper to eliminate triplicated logic across
handleAddColumn, handleInsertColumnLeft, handleInsertColumnRight
- Reset pagination to page 0 when clearing sort/filter to prevent showing
empty pages after narrowing filters are removed
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: hoist tableId above try block in V1 columns route, add detail invalidation to invalidateRowCount
- V1 columns route: `tableId` was declared inside `try` but referenced in
`catch` logger.error, causing undefined in error logs. Hoisted `await params`
above try in all three handlers (POST, PATCH, DELETE).
- invalidateRowCount: added `tableKeys.detail(tableId)` invalidation since the
single-table GET response includes `rowCount`, which becomes stale after
row create/delete without this.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add position to all row mutation responses, remove dead filter code
- Add `position` field to POST (single + batch) and PATCH row responses
across both internal and V1 routes, matching GET responses and OpenAPI spec.
- Remove unused `filterConfig`, `handleFilterToggle`, `handleFilterClear`,
and `activeFilters` — dead code left over from merge conflict resolution.
`handleFilterApply` (the one actually wired to JSX) is preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: invalidateTableSchema now also invalidates table list cache
Column add/rename/delete/update mutations now invalidate tableKeys.list()
since the list endpoint returns schema.columns for each table. Without this,
the sidebar table list would show stale column schemas until staleTime expires.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: replace window.prompt/confirm with emcn Modal dialogs
Replace non-standard browser dialogs with proper emcn Modal components
to match the existing codebase pattern (e.g. delete table confirmation).
- Column rename: Modal with Input field + Enter key support
- Column delete: Modal with destructive confirmation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* update schedule creation ui and run lint
* improvement: logs
* improvement(tables): multi-select and efficiencies
* Table tools
* improvement(folder-selection): folder deselection + selection order should match visual
* fix(selections): more nested folder inaccuracies
* Tool updates
* Store tool call results
* fix(landing): wire agent input to mothership
* feat(mothership): resource viewer
* fix tests
* fix(streaming): smoother streaming with throttled rendering, ResizeObserver scroll, and batched updates (#3471)
* fix(streaming): smoother streaming with throttled rendering, ResizeObserver scroll, and batched updates
- Add useThrottledValue hook (100ms trailing-edge throttle) to gate DOM re-renders during streaming across all chat surfaces
- Replace 100ms setInterval scroll polling with ResizeObserver-based auto-scroll, programmatic scroll timestamp tracking, and nested [data-scrollable] region handling
- Extract processContentBuffer from inline content handler for cleaner code organization in copilot SSE handlers
- Add RAF-based update batching (50ms max interval) to floating chat and home chat streaming paths
- Add useProgressiveList hook for progressive rendering of long conversation histories via requestAnimationFrame
Made-with: Cursor
* ack PR comments
* fix search modal
* more comments
* ack comments
* count
* ack comments
* ack comment
* improvement(mothership): worklfow resource
* Fix tool call persistence in chat
* Tool results
* Fix error status
* File uploads to mothership
* feat(templates): landing page templates workflow states
* improvement(mothership): chat stability
* improvement(mothership): chat history and stability
* improvement(tables): click-to-select navigation, inline rename, column resize (#3496)
* improvement(tables): click-to-select navigation, inline rename, column resize
* fix(tables): address PR review comments
- Add doneRef guard to useInlineRename preventing Enter+blur double-fire
- Fix PATCH error handler: return 500 for non-validation errors, fix unreachable logger.error
- Stop click propagation on breadcrumb rename input
* fix(tables): add rows-affected check in renameTable service
Prevents silent no-op when tableId doesn't match any record.
* fix(tables): useMemo deps + placeholder memo initialCharacter check
- Use primitive editingId/editValue in useMemo deps instead of whole
useInlineRename object (which creates a new ref every render)
- Add initialCharacter comparison to placeholderPropsAreEqual, matching
the existing pattern in dataRowPropsAreEqual
* fix(tables): address round 2 review comments
- Mirror name validation (regex + max length) in PatchTableSchema so
validateTableName failures return 400 instead of 500
- Add .returning() + rows-affected check to renameWorkspaceFile,
matching the renameTable pattern
- Check response.ok before parsing JSON in useRenameWorkspaceFile,
matching the useRenameTable pattern
* refactor(tables): reuse InlineRenameInput in BreadcrumbSegment
Replace duplicated inline input markup with the shared component.
Eliminates redundant useRef, useEffect, and input boilerplate.
* fix(tables): set doneRef in cancelRename to prevent blur-triggered save
Escape → cancelRename → input unmounts → blur → submitRename would
save instead of canceling. Now cancelRename sets doneRef like
submitRename does, blocking the subsequent blur handler.
* fix(tables): pointercancel cleanup + typed FileConflictError
- Add pointercancel handler to column resize to prevent listener leaks
when system interrupts the pointer (touch-action override, etc.)
- Replace stringly-typed error.message.includes('already exists') with
FileConflictError class for refactor-safe 409 status detection
* fix(tables): stable useCallback dep + rename shadowed variable
- Use listRename.startRename (stable ref) instead of whole listRename
object in handleContextMenuRename deps
- Rename inner 'target' to 'origin' in arrow-key handler to avoid
shadowing the outer HTMLElement 'target'
* fix(tables): move class below imports, stable submitRename, clear editingCell
- Move FileConflictError below import statements (import-first convention)
- Make submitRename a stable useCallback([]) by reading editingId and
editValue through refs (matches existing onSaveRef pattern)
- Add setEditingCell(null) to handleEmptyRowClick for symmetry with
handleCellClick
* feat(tables): persist column widths in table metadata
Column widths now survive navigation and page reloads. On resize-end,
widths are debounced (500ms) and saved to the table's metadata field
via a new PUT /api/table/[tableId]/metadata endpoint. On load, widths
are seeded from the server once via React Query.
* fix type checking for file viewer
* fix(tables): address review feedback — 4 fixes
1. headerRename.onSave now uses the fileId parameter directly instead
of the selectedFile closure, preventing rename-wrong-file race
2. updateMetadataMutation uses ref pattern matching mutateRef/createRef
3. Type-to-enter filters non-numeric chars for number columns, non-date
chars for date columns
4. renameValue only passed to actively-renaming ColumnHeaderMenu,
preserving React.memo for other columns
* fix(tables): position-based gap rows, insert above/below, consistency fixes
- Fix gap row insert shifting: only shift rows when target position is
occupied, preventing unnecessary displacement of rows below
- Switch to position-based indexing throughout (positionMap, maxPosition)
instead of array-index for correct sparse position handling
- Add insert row above/below to context menu
- Use CellContent for pending values in PositionGapRows (matching PlaceholderRows)
- Add belowHeader selection overlay logic to PositionGapRows
- Remove unnecessary 500ms debounce on column width persistence
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix cells nav w keyboard
* added preview panel for html, markdown rendering, completed table
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): one small tables ting (#3497)
* feat(exa-hosted-key): Restore exa hosted key (#3499)
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement(ui): consistent styling
* styling alignment
* improvements(tables): styling improvements
* improve resizer for file preview for html files
* updated document icon
* fix(credentials): exclude regular login methods from credential sync
* update docs
* upgrade turbo
* improvement: tables, chat
* Fix table column delete
* small table rename bug, files updates not persisting
* Table batch ops
* fix(credentials): block usage at execution layer without perms + fix invites
* feat(hosted-key-services) Add hosted key for multiple services (#3461)
* feat(hosted keys): Implement serper hosted key
* Handle required fields correctly for hosted keys
* Add rate limiting (3 tries, exponential backoff)
* Add custom pricing, switch to exa as first hosted key
* Add telemetry
* Consolidate byok type definitions
* Add warning comment if default calculation is used
* Record usage to user stats table
* Fix unit tests, use cost property
* Include more metadata in cost output
* Fix disabled tests
* Fix spacing
* Fix lint
* Move knowledge cost restructuring away from generic block handler
* Migrate knowledge unit tests
* Lint
* Fix broken tests
* Add user based hosted key throttling
* Refactor hosted key handling. Add optimistic handling of throttling for custom throttle rules.
* Remove research as hosted key. Recommend BYOK if throtttling occurs
* Make adding api keys adjustable via env vars
* Remove vestigial fields from research
* Make billing actor id required for throttling
* Switch to round robin for api key distribution
* Add helper method for adding hosted key cost
* Strip leading double underscores to avoid breaking change
* Lint fix
* Remove falsy check in favor for explicit null check
* Add more detailed metrics for different throttling types
* Fix _costDollars field
* Handle hosted agent tool calls
* Fail loudly if cost field isn't found
* Remove any type
* Fix type error
* Fix lint
* Fix usage log double logging data
* Fix test
* Add browseruse hosted key
* Add firecrawl and serper hosted keys
* feat(hosted key): Add exa hosted key (#3221)
* feat(hosted keys): Implement serper hosted key
* Handle required fields correctly for hosted keys
* Add rate limiting (3 tries, exponential backoff)
* Add custom pricing, switch to exa as first hosted key
* Add telemetry
* Consolidate byok type definitions
* Add warning comment if default calculation is used
* Record usage to user stats table
* Fix unit tests, use cost property
* Include more metadata in cost output
* Fix disabled tests
* Fix spacing
* Fix lint
* Move knowledge cost restructuring away from generic block handler
* Migrate knowledge unit tests
* Lint
* Fix broken tests
* Add user based hosted key throttling
* Refactor hosted key handling. Add optimistic handling of throttling for custom throttle rules.
* Remove research as hosted key. Recommend BYOK if throtttling occurs
* Make adding api keys adjustable via env vars
* Remove vestigial fields from research
* Make billing actor id required for throttling
* Switch to round robin for api key distribution
* Add helper method for adding hosted key cost
* Strip leading double underscores to avoid breaking change
* Lint fix
* Remove falsy check in favor for explicit null check
* Add more detailed metrics for different throttling types
* Fix _costDollars field
* Handle hosted agent tool calls
* Fail loudly if cost field isn't found
* Remove any type
* Fix type error
* Fix lint
* Fix usage log double logging data
* Fix test
---------
Co-authored-by: Theodore Li <teddy@zenobiapay.com>
* Fail fast on cost data not being found
* Add hosted key for google services
* Add hosting configuration and pricing logic for ElevenLabs TTS tools
* Add linkup hosted key
* Add jina hosted key
* Add hugging face hosted key
* Add perplexity hosting
* Add broader metrics for throttling
* Add skill for adding hosted key
* Lint, remove vestigial hosted keys not implemented
* Revert agent changes
* fail fast
* Fix build issue
* Fix build issues
* Fix type error
* Remove byok types that aren't implemented
* Address feedback
* Use default model when model id isn't provided
* Fix cost default issues
* Remove firecrawl error suppression
* Restore original behavior for hugging face
* Add mistral hosted key
* Remove hugging face hosted key
* Fix pricing mismatch is mistral and perplexity
* Add hosted keys for parallel and brand fetch
* Add brandfetch hosted key
* Update types
* Change byok name to parallel_ai
* Add telemetry on unknown models
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement(settings): SSR prefetch, code splitting, dedicated skeletons
* fix: bust browser cache for workspace file downloads
The downloadFile function was using a plain fetch() that honored the
aggressive cache headers, causing newly created files to download empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(settings): use emcn Skeleton in extracted skeleton files
* fix(settings): extract shared response mappers to prevent server/client shape drift
Addresses PR review feedback — prefetch.ts duplicated response mapping logic from client hooks. Extracted mapGeneralSettingsResponse and mapUserProfileResponse as shared functions used by both client fetch and server prefetch.
* update byok page
* fix(settings): include theme sync in client-side prefetch queryFn
Hover-based prefetchGeneralSettings now calls syncThemeToNextThemes, matching the useGeneralSettings hook behavior so theme updates aren't missed when prefetch refreshes stale cache.
* fix(byok): use EMCN Input for search field instead of ui Input
Replace @/components/ui Input with the already-imported EmcnInput for design-system consistency.
* fix(byok): use ui Input for search bar to match other settings pages
* fix(settings): use emcn Input for file input in general settings
* improvement(settings): add search bar to skeleton loading states
Skeletons now include the search bar (and action button where applicable) so the layout matches the final component 1:1. Eliminates layout shift when the dynamic chunk loads — search bar area is already reserved by the skeleton.
* fix(settings): align skeleton layouts with actual component structures
- Fix list item gap from 12px to 8px across all skeletons (API keys, custom tools, credentials, MCP)
- Add OAuth icon placeholder to credential skeleton
- Fix credential button group gap from 8px to 4px
- Remove incorrect gap-[4px] from credential-sets text column
- Rebuild debug skeleton to match real layout (description + input/button row)
- Add scrollable wrapper to BYOK skeleton with more representative item count
* chore: lint fixes
* improvement(sidebar): match workspace switcher popover width to sidebar
Use Radix UI's built-in --radix-popover-trigger-width CSS variable
instead of hardcoded 160px so the popover matches the trigger width
and responds to sidebar resizing.
* revert hardcoded ff
* fix: copilot, improvement: tables, mothership
* feat: inline chunk editor and table batch ops with undo/redo (#3504)
* feat: inline chunk editor and table batch operations with undo/redo
Replace modal-based chunk editing/creation with inline editor following
the files tab pattern (state-based view toggle with ResourceHeader).
Add batch update API endpoint, undo/redo support, and Popover-based
context menus for tables.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove icons from table context menu PopoverItems
Icons were incorrectly carried over from the DropdownMenu migration.
PopoverItems in this codebase use text-only labels.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: restore DropdownMenu for table context menu
The table-level context menu was incorrectly migrated to Popover during
conflict resolution. Only the row-level context menu uses Popover; the
table context menu should remain DropdownMenu with icons, matching the
base branch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: bound cross-page chunk navigation polling to max 50 retries
Prevent indefinite polling if page data never loads during
chunk navigation across page boundaries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: navigate to last page after chunk creation for multi-page documents
After creating a chunk, navigate to the last page (where new chunks
append) before selecting it. This prevents the editor from showing
"Loading chunk..." when the new chunk is not on the current page.
The loading state breadcrumb remains as an escape hatch for edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add duplicate rowId validation to BatchUpdateByIdsSchema
Adds a .refine() check to reject duplicate rowIds in batch update
requests, consistent with the positions uniqueness check on batch insert.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR review comments
- Fix disableEdit logic: use || instead of && so connector doc chunks
cannot be edited from context menu (row click still opens viewer)
- Add uniqueness validation for rowIds in BatchUpdateByIdsSchema
- Fix inconsistent bg token: bg-background → bg-[var(--bg)] in Pagination
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove duplicate rowId uniqueness refine on BatchUpdateByIdsSchema
The refine was applied both on the inner updates array and the outer
object. Keep only the inner array refine which is cleaner.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address additional PR review comments
- Fix stale rowId after create-row redo: patch undo stack with new row
ID using patchUndoRowId so subsequent undo targets the correct row
- Fix text color tokens in Pagination: use CSS variable references
(text-[var(--text-body)], text-[var(--text-secondary)]) instead of
Tailwind semantic tokens for consistency with the rest of the file
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove dead code and fix type errors in table context menu
Remove unused `onAddData` prop and `isEmptyCell` variable from row context
menu (introduced in PR but never wired to JSX). Fix type errors in
optimistic update spreads by removing unnecessary `as Record<string, unknown>`
casts that lost the RowData type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: prevent false "Saved" status on invalid content and mark fire-and-forget goToPage calls
ChunkEditor.handleSave now throws on empty/oversized content instead of
silently returning, so the parent's catch block correctly sets saveStatus
to 'error'. Also added explicit `void` to unawaited goToPage(1) calls
in filter handlers to signal intentional fire-and-forget.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: handle stale totalPages in handleChunkCreated for new-page edge case
When creating a chunk that spills onto a new page, totalPages in the
closure is stale. Now polls displayChunksRef for the new chunk, and if
not found, checks totalPagesRef for an updated page count and navigates
to the new last page before continuing to poll.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Streaming fix -- need to test more
* Make mothership block use long input instead of prompt input
* improvement(billing): isAnnual metadata + docs updates (#3506)
* improvement(billing): on demand toggling and infinite limits
* store stripe metadata to distinguish annual vs monthly
* udpate docs
* address bugbot
* Add piping
* feat(clean-hosted-keys) Remove eleven labs, browseruse. Tweak firecrawl and mistral key impl (#3503)
* Remove eleven labs, browseruse, and firecrawl
* Remove creditsUsed output
* Add back mistral hosting for mistral blocks
* Add back firecrawl since they queue up concurrent requests
* Fix price calculation, remove agent since its super long running and will clog up queue
* Define hosting per tool
* Remove redundant token finding
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* Update vfs to handle hosted keys
* improvement(tables): fix cell editing flash, batch API docs, and UI polish (#3507)
* fix: show text cursor in chunk editor and ensure textarea fills container
Add cursor-text to the editor wrapper so the whole area shows a text
cursor. Click on empty space focuses the textarea. Changed textarea from
h-full/w-full to flex-1/min-h-0 so it properly fills the flex container.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(tables): fix cell editing flash, add batch API docs, and UI polish
Fix stale-data flash when saving inline cell edits by using TanStack Query's
isPending+variables pattern instead of manual cache writes. Also adds OpenAPI
docs for batch table endpoints, DatePicker support in row modal, duplicate row
in context menu, and styling improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove dead resolveColumnFromEvent callback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: unify paste undo into single create-rows action
Batch-created rows from paste now push one `create-rows` undo entry
instead of N individual `create-row` entries, so a single Ctrl+Z
reverses the entire paste operation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: validate dates in inline editor and displayToStorage
InlineDateEditor now validates computed values via Date.parse before
saving, preventing invalid strings like "hello" from being sent to the
server. displayToStorage now rejects out-of-range month/day values
(e.g. 13/32) instead of producing invalid YYYY-MM-DD strings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: accept ISO date format in inline date editor
Fall back to raw draft input when displayToStorage returns null, so
valid ISO dates like "2024-03-15" pasted or typed directly are
accepted instead of silently discarded. Date.parse still validates
the final value.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add ISO date support to displayToStorage and fix picker Escape
displayToStorage now recognizes YYYY-MM-DD input directly, so ISO
dates typed or pasted work correctly for both saving and picker sync.
DatePicker Escape now refocuses the input instead of saving, so the
user can press Escape again to cancel or Enter to confirm — matching
the expected cancel behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove dead paste boundary check
The totalR guard in handlePaste could never trigger since totalR
included pasteRows.length, making targetRow always < totalR.
Remove the unused variable and simplify the selection focus calc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* update openapi
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix dysfunctional unique operation in tables
* feat(autosave): files and chunk editor autosave with debounce + refetch (#3508)
* feat(files): debounced autosave while editing
* address review comments
* more comments
* fix: unique constraint check crash and copilot table initial rows
- Fix TypeError in updateColumnConstraints: db.execute() returns a
plain array with postgres-js, not { rows: [...] }. The .rows.length
access always crashed, making "Set unique" completely broken.
- Add initialRowCount: 20 to copilot table creation so tables created
via chat have the same empty rows as tables created from the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix signaling
* revert: remove initialRowCount from copilot table creation
Copilot populates its own data after creating a table, so pre-creating
20 empty rows causes data to start at position 21 with empty rows above.
initialRowCount only makes sense for the manual UI creation flow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement: chat, workspace header
* chat metadata
* Fix schema mismatch (#3510)
Co-authored-by: Theodore Li <theo@sim.ai>
* Fixes
* fix: manual table creation starts with 1 row, 1 column
Manual tables now create with a single 'name' column and 1 row instead
of 2 columns and 20 rows. Copilot tables remain at 0 rows, 0 columns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: horizontal scroll in embedded table by replacing overflow-hidden with overflow-clip
Cell content spans used Tailwind's `truncate` (overflow: hidden), creating
scroll containers that consumed trackpad wheel events on macOS without
propagating to the actual scroll ancestor. Replaced with overflow-clip
which clips identically but doesn't create a scroll container. Also moved
focus target from outer container to the scroll div for correctness.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tool call ordering
* Fix tests
* feat: add task multi-select, context menu, and subscription UI updates
Add shift-click range selection, cmd/ctrl-click toggle, and right-click
context menu for tasks in sidebar matching workflow/folder patterns.
Update subscription settings tab UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(credentials): autosync behaviour cross workspace (#3511)
* fix(credentials): autosync behaviour cross workspace
* address comments
* fix(api-key-reminder) Add reminder on hosted keys that api key isnt needed (#3512)
* Add reminder on hosted keys that api key isnt needed
* Fix test case
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement: sidebar, chat
* Usage limit
* Plan prompt
* fix(sidebar): workspace header collapse
* fix(sidebar): task navigation
* Subagent tool call persistence
* Don't drop suabgent text
* improvement(ux): streaming
* improvement: thinking
* fix(random): optimized kb connector sync engine, rerenders in tables, files, editors, chat (#3513)
* optimized kb connector sync engine, rerenders in tables, files, editors, chat
* refactor(sidebar): rename onTaskClick to onMultiSelectClick for clarity
Made-with: Cursor
* ack comments, add docsFailed
* feat(email-footer) Add "sent with sim ai" for free users (#3515)
* Add "sent with sim ai" for free users
* Only add prompt injection on free tier
* Add try catch around billing info fetch
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement: modals
* ran migrations
* fix(mothership): fix hardcoded workflow color, tables drag line overflowing
* feat(mothership): file attachment indicators, persistence, and chat input improvements
- Show image thumbnails and file-icon cards above user messages in mothership chat
- Persist file attachment metadata (key, filename, media_type, size) in DB with user messages
- Restore attachments from history via /api/files/serve/ URLs so they survive refresh/navigation
- Unify all chat file inputs to use shared CHAT_ACCEPT_ATTRIBUTE constant
- Fix file thumbnail overflow: use flex-wrap instead of hidden horizontal scroll
- Compact attachment cards in floating workflow chat messages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement: search modal
* improvement(usage): free plan to 1000 credits (#3516)
* improvement(billing): free plan to five dollars
* fix comment
* remove per month terminology from marketing
* generate migration
* remove migration
* add migration back
* feat(workspace): add workspace color changing, consolidate update hooks, fix popover dismiss
- Add workspace color change via context menu, reusing workflow ColorGrid UI
- Consolidate useUpdateWorkspaceName + useUpdateWorkspaceColor into useUpdateWorkspace
- Fix popover hover submenu dismiss by using DismissableLayerBranch with pointerEvents
- Remove passthrough wrapper for export, reuse Workspace type for capturedWorkspaceRef
- Reorder log columns: workflow first, merge date+time into single column
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Update oauth cred tool
* fix(diff-controls): fixed positioning for copilot diff controls
* fix(font): added back old font for emcn code editor
* improvement: panel, special tags
* improvement: chat
* improvement: loading and file dropping
* feat(templates): create home templates
* fix(uploads): resolve .md file upload rejection and deduplicate file type utilities
Browsers report empty or application/octet-stream MIME types for .md files,
causing copilot uploads to be rejected. Added resolveFileType() utility that
falls back to extension-based MIME resolution at both client and server
boundaries. Consolidated duplicate MIME mappings into module-level constants,
removed duplicate isImageFileType from copilot module, and replaced hardcoded
ALLOWED_EXTENSIONS with composition from shared validation constants. Also
switched file attachment previews to use shared getDocumentIcon utility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(home): prevent initial view from being scrollable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* autofill fixes
* added back integrations page, reverted secrets page back to old UI
* Fix workspace dropdown getting cut off when sidebar is collapsed
* fix(mothership): lint (#3517)
* fix(mothership): lint
* fix typing
* fix tests
* fix stale query
* fix plan display name
* Feat/add mothership manual workflow runs (#3520)
* Add run and open workflow buttons in workflow preview
* Send log request message after manual workflow run
* Make edges in embedded workflow non-editable
* Change chat to pass in log as additional context
* Revert "Change chat to pass in log as additional context"
This reverts commit e957dffb2f.
* Revert "Send log request message after manual workflow run"
This reverts commit 0fb92751f0.
* Move run and workflow icons to tab bar
* Simplify boolean condition
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* feat(resource-tab-scroll): Allow vertical scrolling to scroll resource tab
* fix(remove-speed-hosted-key) Remove maps speed limit hosted key, it's deprecated (#3521)
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement: home, sidebar
* fix(download-file): render correct file download link for mothership (#3522)
* fix(download-file): render correct file download link for mothership
* Fix uunecessary call
* Use simple strip instead of db lookup and moving behavior
* Make regex strip more strict
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement: schedules, auto-scroll
* fix(settings): navigate back to origin page instead of always going home
Use sessionStorage to store the return URL when entering settings, and
use router.replace for tab switches so history doesn't accumulate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(schedules): release lastQueuedAt lock on all exit paths to prevent stuck schedules
Multiple error/early-return paths in executeScheduleJob and executeJobInline
were exiting without clearing lastQueuedAt, causing the dueFilter to permanently
skip those schedules — resulting in stale "X hours ago" display for nextRunAt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(mothership): inline rename for resource tabs + workspace_file rename tool
- Add double-click inline rename on file and table resource tabs
- Wire useInlineRename + useRenameWorkspaceFile/useRenameTable mutations
- Add rename operation to workspace_file copilot tool (schema, server, router)
- Add knowledge base resource support (type, extraction, rendering, actions)
- Accept optional className on InlineRenameInput for context-specific sizing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert: remove inline rename UI from resource tabs
Keep the workspace_file rename tool for the mothership agent.
Only the UI-side inline rename (double-click tabs) is removed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(mothership): knowledge base resource extraction + Resource/ResourceTable refactor
- Extract KB resources from knowledge subagent respond format (knowledge_bases array)
- Add knowledge_base tool to RESOURCE_TOOL_NAMES and TOOL_UI_METADATA
- Extract ResourceTable as independently composable memoized component
- Move contentOverride/overlay to Resource shell level (not table primitive)
- Remove redundant disableHeaderSort and loadingRows props
- Rename internal sort state for clarity (sort → internalSort, sortOverride → externalSort)
- Export ResourceTable and ResourceTableProps from barrel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(logs) Run workflows client side in mothership to transmit logs (#3529)
* Run workflows client side in mothership to transmit logs
* Initialize set as constant, prevent duplicate execution
* Fix lint
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* fix(import) fix missing file
* fix(resource): Hide resources that have been deleted (#3528)
* Hide resources that have been deleted
* Handle table, workflow not found
* Add animation to prevent flash when previous resource was deleted
* Fix animation playing on every switch
* Run workflows client side in mothership to transmit logs
* Fix race condition for animation
* Use shared workflow tool util file
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* fix: chat scrollbar on sidebar collapse/open
* edit existing workflow should bring up artifact
* fix(agent) subagent and main agent text being merged without spacing
* feat(mothership): remove resource-level delete tools from copilot
Remove delete operations for workflows, folders, tables, and files
from the mothership copilot to prevent destructive actions via AI.
Row-level and column-level deletes are preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: stop sidebar from auto-collapsing when resource panel appears (#3540)
The sidebar was forcibly collapsed whenever a resource (e.g. workflow)
first appeared in the resource panel during a task. This was disruptive
on larger screens where users want to keep both the sidebar and resource
panel visible simultaneously.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mothership): insert copilot-created workflows at top of list (#3537)
* feat(mothership): remove resource-level delete tools from copilot
Remove delete operations for workflows, folders, tables, and files
from the mothership copilot to prevent destructive actions via AI.
Row-level and column-level deletes are preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mothership): insert copilot-created workflows at top of list
* fix(mothership): server-side top-insertion sort order and deduplicate registry logic
* fix(mothership): include folder sort orders when computing top-insertion position
* fix(mothership): use getNextWorkflowColor instead of hardcoded color
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(stop) Add stop of motehership ran workflows, persist stop messages (#3538)
* Connect play stop workflow in embedded view to workflow
* Fix stop not actually stoping workflow
* Fix ui not showing stopped by user
* Lint fix
* Plumb cancellation through system
* Stopping mothership chat stops workflow
* Remove extra fluff
* Persist blocks on cancellation
* Add root level stopped by user
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* fix(autolayout): targetted autolayout heuristic restored (#3536)
* fix(autolayout): targetted autolayout heuristic restored
* fix autolayout boundary cases
* more fixes
* address comments
* on conflict updates
* address more comments
* fix relative position scope
* fix tye omission
* address bugbot comment
* Credential tags
* Credential id field
* feat(mothership): server-persisted unread task indicators via SSE (#3549)
* feat(mothership): server-persisted unread task indicators via SSE
Replace fragile client-side polling + timer-based green flash with
server-persisted lastSeenAt semantics, real-time SSE push via Redis
pub/sub, and dot overlay UI on the Blimp icon.
- Add lastSeenAt column to copilotChats for server-persisted read state
- Add Redis/local pub/sub singleton for task status events (started,
completed, created, deleted, renamed)
- Add SSE endpoint (GET /api/mothership/events) with heartbeat and
workspace-scoped filtering
- Add mark-read endpoint (POST /api/mothership/chats/read)
- Publish SSE events from chat, rename, delete, and auto-title handlers
- Add useTaskEvents hook for client-side SSE subscription
- Add useMarkTaskRead mutation with optimistic update
- Replace timer logic in sidebar with TaskStatus state machine
(running/unread/idle) and dot overlay using brand color variables
- Mark tasks read on mount and stream completion in home page
- Fix security: add userId check to delete WHERE clause
- Fix: bump updatedAt on stream completion
- Fix: set lastSeenAt on rename to prevent false-positive unread
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR review feedback
- Return 404 when delete finds no matching chat (was silent no-op)
- Move log after ownership check so it only fires on actual deletion
- Publish completed SSE event from stop route so sidebar dot clears on abort
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: backfill last_seen_at in migration to prevent false unread dots
Existing rows would have last_seen_at = NULL after migration, causing
all past completed tasks to show as unread. Backfill sets last_seen_at
to updated_at for all existing rows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: timestamp mismatch on task creation + wasSendingRef leak across navigation
- Pass updatedAt explicitly alongside lastSeenAt on chat creation so
both use the same JS timestamp (DB defaultNow() ran later, causing
updatedAt > lastSeenAt → false unread)
- Reset wasSendingRef when chatId changes to prevent a stale true
from task A triggering a redundant markRead on task B
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: mark-read fires for inline-created chats + encode workspaceId in SSE URL
Expose resolvedChatId from useChat so home.tsx can mark-read even when
chatId prop stays undefined after replaceState URL update. Also
URL-encode workspaceId in EventSource URL as a defensive measure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: auto-focus home input on initial view + fix sidebar task click handling
Auto-focus the textarea when the initial home view renders. Also fix
sidebar task click to always call onMultiSelectClick so selection state
stays consistent.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: auto-title sets lastSeenAt + move started event inside DB guard
Auto-title now sets both updatedAt and lastSeenAt (matching the rename
route pattern) to prevent false-positive unread dots. Also move the
'started' SSE event inside the if(updated) guard so it only fires when
the DB update actually matched a row.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* modified tasks multi select to be just like workflows
* fix
* refactor: extract generic pub/sub and SSE factories + fixes
- Extract createPubSubChannel factory (lib/events/pubsub.ts) to eliminate
duplicated Redis/EventEmitter boilerplate between task and MCP pub/sub
- Extract createWorkspaceSSE factory (lib/events/sse-endpoint.ts) to share
auth, heartbeat, and cleanup logic across SSE endpoints
- Fix auto-title race suppressing unread status by removing updatedAt/lastSeenAt
from title-only DB update
- Fix wheel event listener leak in ResourceTabs (RefCallback cleanup was silently
discarded)
- Fix getFullSelection() missing taskIds (inconsistent with hasAnySelection)
- Deduplicate SSE_RESPONSE_HEADERS to spread from shared SSE_HEADERS
- Hoist isSttAvailable to module-level constant to avoid per-render IIFE
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(logs): add workflow trigger type for sub-workflow executions (#3554)
* feat(logs): add workflow trigger type for sub-workflow executions
* fix(logs): align workflow filter color with blue-secondary badge variant
* feat(tab) allow user to control resource tabs
* Make resources persist to backend
* Use colored squares for workflows
* Add click and drag functionality to resource
* Fix expanding panel logic
* Reduce duplication, reading resource also opens up resource panel
* Move resource dropdown to own file
* Handle renamed resources
* Clicking already open tab should just switch to tab
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* Fix new resource tab button not appearing on tasks
* improvement(ui): dropdown menus, icons, globals
* improvement: notifications, terminal, globals
* reverted task logic
* feat(context) pass resource tab as context (#3555)
* feat(context) add currenttly open resource file to context for agent
* Simplify resource resolution
* Skip initialize vfs
* Restore ff
* Add back try catch
* Remove redundant code
* Remove json serialization/deserialization loop
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* Feat(references) add at to reference sim resources(#3560)
* feat(chat) add at sign
* Address bugbot issues
* Remove extra chatcontext defs
* Add table and file to schema
* Add icon to chip for files
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* improvement(refactor): move to soft deletion of resources + reliability improvements (#3561)
* improvement(deletion): migrate to soft deletion of resources
* progress
* scoping fixes
* round of fixes
* deduplicated name on workflow import
* fix tests
* add migration
* cleanup dead code
* address bugbot comments
* optimize query
* feat(sim-mailer): email inbox for mothership with chat history and plan gating (#3558)
* feat(sim-mailer): email inbox for mothership with chat history and plan gating
* revert hardcoded ff
* fix(inbox): address PR review comments - plan enforcement, idempotency, webhook auth
- Enforce Max plan at API layer: hasInboxAccess() now checks subscription tier (>= 25k credits or enterprise)
- Add idempotency guard to executeInboxTask() to prevent duplicate emails on Trigger.dev retries
- Add AGENTMAIL_WEBHOOK_SECRET env var for webhook signature verification (Bearer token)
* improvement(inbox): harden security and efficiency from code audit
- Use crypto.timingSafeEqual for webhook secret comparison (prevents timing attacks)
- Atomic claim in executor: WHERE status='received' prevents duplicate processing on retries
- Parallelize hasInboxAccess + getUserEntityPermissions in all API routes (reduces latency)
- Truncate email body at webhook insertion (50k char limit, prevents unbounded DB storage)
- Harden escapeAttr with angle bracket and single quote escaping
- Rename use-inbox.ts to inbox.ts (matches hooks/queries/ naming convention)
* fix(inbox): replace Bearer token auth with proper Svix HMAC-SHA256 webhook verification
- Use per-workspace webhook secret from DB instead of global env var
- Verify AgentMail/Svix signatures: HMAC-SHA256 over svix-id.timestamp.body
- Timing-safe comparison via crypto.timingSafeEqual
- Replay protection via timestamp tolerance (5 min window)
- Join mothershipInboxWebhook in workspace lookup (zero additional DB calls)
- Remove dead AGENTMAIL_WEBHOOK_SECRET env var
- Select only needed workspace columns in webhook handler
* fix(inbox): require webhook secret — reject requests when secret is missing
Previously, if the webhook secret was missing from the DB (corrupted state),
the handler would skip verification entirely and process the request
unauthenticated. Now all three conditions are hard requirements: secret must
exist in DB, Svix headers must be present, and signature must verify.
* fix(inbox): address second round of PR review comments
- Exclude rejected tasks from rate limit count to prevent DoS via spam
- Strip raw HTML from LLM output before marked.parse to prevent XSS in emails
- Track responseSent flag to prevent duplicate emails when DB update fails after send
* fix(inbox): address third round of PR review comments
- Use dynamic isHosted from feature-flags instead of hardcoded true
- Atomic JSON append for chat message persistence (eliminates read-modify-write race)
- Handle cutIndex === 0 in stripQuotedReply (body starts with quote)
- Clean up orphan mothershipInboxWebhook row on enableInbox rollback
- Validate status query parameter against enum in tasks API
* fix(inbox): validate cursor param, preserve code blocks in HTML stripping
- Validate cursor date before using in query (return 400 for invalid)
- Split on fenced code blocks before stripping HTML tags to preserve
code examples in email responses
* fix(inbox): return 500 on webhook server errors to enable Svix retries
* fix(inbox): remove isHosted guard from hasInboxAccess — feature flag is sufficient
* fix(inbox): prevent double-enable from deleting webhook secret row
* fix(inbox): null-safe stripThinkingTags, encode URL params, surface remove-sender errors
- Guard against null result.content in stripThinkingTags
- Use encodeURIComponent on all AgentMail API path parameters
- Surface handleRemoveSender errors to the user instead of swallowing
* improvement(inbox): remove unused types, narrow SELECT queries, fix optimistic ID collision
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(inbox): add keyboard accessibility to clickable task rows
* fix(inbox): use Svix library for webhook verification, fix responseSent flag, prevent inbox enumeration
- Replace manual HMAC-SHA256 verification with official Svix library per AgentMail docs
- Fix responseSent flag: only set true when email delivery actually succeeds
- Return consistent 401 for unknown inbox and bad signature to prevent enumeration
- Make AgentMailInbox.organization_id optional to match API docs
* chore(db): rebase inbox migration onto feat/mothership-copilot (0172 → 0173)
Sync schema with target branch and regenerate migration as 0173
to avoid conflicts with 0172_silky_magma on feat/mothership-copilot.
* fix(db): rebase inbox migration to 0173 after feat/mothership-copilot divergence
Target branch added 0172_silky_magma, so our inbox migration is now 0173_youthful_stryfe.
* fix(db): regenerate inbox migration after rebase on feat/mothership-copilot
* fix(inbox): case-insensitive email match and sanitize javascript: URIs in email HTML
- Use lower() in isSenderAllowed SQL to match workspace members regardless
of email case stored by auth provider
- Strip javascript:, vbscript:, and data: URIs from marked HTML output to
prevent XSS in outbound email responses
* fix(inbox): case-insensitive email match in resolveUserId
Consistent with the isSenderAllowed fix — uses lower() so mixed-case
stored emails match correctly, preventing silent fallback to workspace owner.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Kb args
* refactor(resource): remove logs-specific escape hatches from Resource abstraction
Logs now composes ResourceHeader + ResourceOptionsBar + ResourceTable directly
instead of using Resource with contentOverride/overlay escape hatches. Removes
contentOverride, onLoadMore, hasMore, isLoadingMore from ResourceProps. Adds
ColumnOption to barrel export and fixes table.tsx internal import.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(sim-mailer): download email attachments and pass to LLM as multimodal content
Attachments were only passed as metadata text in the email body. Now downloads
actual file bytes from AgentMail, converts via createFileContent (same path as
interactive chat), and sends as fileAttachments to the orchestrator. Also
parallelizes attachment fetching with workspace context loading, and downloads
multiple attachments concurrently via Promise.allSettled.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(connector): add Gmail knowledge base connector with thread-based sync and filtering
Syncs email threads from Gmail into knowledge bases with configurable filters:
label scoping, date range presets, promotions/social exclusion, Gmail search
syntax support, and max thread caps to keep KB size manageable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(connector): add Outlook knowledge base connector with conversation grouping and filtering
Syncs email conversations from Outlook/Office 365 via Microsoft Graph API.
Groups messages by conversationId into single documents. Configurable filters:
folder selection, date range presets, Focused Inbox, KQL search syntax, and
max conversation caps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* cleanup resource definition
* feat(connectors): add 8 knowledge base connectors — Zendesk, Intercom, ServiceNow, Google Sheets, Microsoft Teams, Discord, Google Calendar, Reddit
Each connector syncs documents into knowledge bases with configurable filtering:
- Zendesk: Help Center articles + support tickets with status/locale filters
- Intercom: Articles + conversations with state filtering
- ServiceNow: KB articles + incidents with state/priority/category filters
- Google Sheets: Spreadsheet tabs as LLM-friendly row-by-row documents
- Microsoft Teams: Channel messages (Slack-like pattern) via Graph API
- Discord: Channel messages with bot token auth
- Google Calendar: Events with date range presets and attendee metadata
- Reddit: Subreddit posts with top comments, sort/time filters
All connectors validated against official API docs with bug fixes applied.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(inbox): fetch real attachment binary from presigned URL and persist for chat display
The AgentMail attachment endpoint returns JSON metadata with a download_url,
not raw binary. We were base64-encoding the JSON text and sending it to the
LLM, causing provider rejection. Now we parse the metadata, fetch the actual
file from the presigned URL, upload it to copilot storage, and persist it on
the chat message so images render inline with previews.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* added agentmail domain for mailer
* added docs for sim mailer
* fix(resource) handle resource deletion deletion (#3568)
* Add handle dragging tab to input chat
* Add back delete tools
* Handle deletions properly with resources view
* Fix lint
* Add permisssions checking
* Skip resource_added event when resource is deleted
* Pass workflow id as context
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* update docs styling, add delete confirmation on inbox
* Fix fast edit route
* updated docs styling, added FAQs, updated content
* upgrade turbo
* fix(knowledge) use consistent empty state for documents page
Replace the centered "No documents yet" text with the standard Resource
table empty state (column headers + create row), matching all other
resource pages. Move "Upload documents" from header action to table
create row as "New documents".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(notifications): polish modal styling, credential display, and trigger filters (#3571)
* fix(notifications): polish modal styling, credential display, and trigger filters
- Show credential display name instead of raw account ID in Slack account selector
- Fix label styling to use default Label component (text-primary) for consistency
- Fix modal body spacing with proper top padding after tab bar
- Replace list-card skeleton with form-field skeleton matching actual layout
- Replace custom "Select a Slack account first" box with disabled Combobox (dependsOn pattern)
- Use proper Label component in WorkflowSelector with consistent gap spacing
- Add overflow badge pattern (slice + +N) to level and trigger filter badges
- Use dynamic trigger options from getTriggerOptions() instead of hardcoded CORE_TRIGGER_TYPES
- Relax API validation to accept integration trigger types (z.string instead of z.enum)
- Deduplicate account rows from credential leftJoin in accounts API
- Extract getTriggerOptions() to module-level constants to avoid per-render calls
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(notifications): address PR review feedback
- Restore accountId in displayName fallback chain (credentialDisplayName || accountId || providerId)
- Add .default([]) to triggerFilter in create schema to preserve backward compatibility
- Treat empty triggerFilter as "match all" in notification matching logic
- Remove unreachable overflow badge for levelFilter (only 2 possible values)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(settings): add spacing to Sim Keys toggle and replace Sim Mailer icon with Send
Add 24px top margin to the "Allow personal Sim keys" toggle so it doesn't
sit right below the empty state. Replace the Mail envelope icon for Sim
Mailer with a new Send (paper plane) icon matching the emcn icon style.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* standardize back buttons in settings
* feat(restore) Add restore endpoints and ui (#3570)
* Add restore endpoints and ui
* Derive toast from notification
* Auth user if workspaceid not found
* Fix recently deleted ui
* Add restore error toast
* Fix deleted at timestamp mismatch
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* fix type errors
* Lint
* improvements: ui/ux around mothership
* reactquery best practices, UI alignment in restore
* clamp logs panel
* subagent thinking text
* fix build, speedup tests by up to 40%
* Fix fast edit
* Add download file shortcut on mothership file view
* fix: SVG file support in mothership chat and file serving
- Send SVGs as document/text-xml to Claude instead of unsupported
image/svg+xml, so the mothership can actually read SVG content
- Serve SVGs inline with proper content type and CSP sandbox so
chat previews render correctly
- Add SVG preview support in file viewer (sandboxed iframe)
- Derive IMAGE_MIME_TYPES from MIME_TYPE_MAPPING to reduce duplication
- Add missing webp to contentTypeMap, SAFE_INLINE_TYPES, binaryExtensions
- Consolidate PREVIEWABLE_EXTENSIONS into preview-panel exports
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: replace image/* wildcard with explicit supported types in file picker
The image/* accept attribute allowed users to select BMP, TIFF, HEIC,
and other image types that are rejected server-side. Replace with the
exact set of supported image MIME types and extensions to match the
copilot upload validation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Context tags
* Fix lint
* improvement: chat and terminal
---------
Co-authored-by: Emir Karabeg <emirkarabeg@berkeley.edu>
Co-authored-by: Waleed <walif6@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Theodore Li <teddy@zenobiapay.com>
Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
Co-authored-by: Theodore Li <theodoreqili@gmail.com>
Co-authored-by: Theodore Li <theo@sim.ai>
* fix(execution): finalize runs before wrapper recovery
* fix(async): preserve execution correlation across queued runs
* fix(webhooks): pass correlation into preprocessing
* style(webhooks): normalize webhook executor formatting
* fix(async): avoid pre-starting queued execution logs
Let executeWorkflowCore own normal-path logging start so queued workflow and schedule executions persist the richer deployment and environment metadata instead of an earlier placeholder start record.
* fix(async): harden execution finalization guards
Prevent leaked core finalization markers from accumulating while keeping outer recovery paths idempotent. Preserve best-effort logging completion by reusing settled completion promises instead of reopening duplicate terminal writes.
* fix(async): preserve outcomes during cleanup
Keep execution finalization cleanup best-effort so cancellation cleanup failures do not overwrite successful or failed outcomes. Restore webhook processor formatting to the repository Biome style to avoid noisy formatter churn.
* fix(async): keep execution finalization state consistent
Retry minimal logging for early failures, only mark core finalization after a log row actually completes, and let paused completions fall back cleanly.
* fix(async): clean stale finalization guards
Scan all finalized execution ids during TTL cleanup so refreshed keys cannot keep expired guards alive, and cover the reused-id ordering regression.
* fix(async): retry failed error finalization
Allow error finalization to retry after a non-error completion and fallback both fail, and always persist failed/error semantics for completeWithError.
* fix(webhooks): reuse preprocessing execution ids
Thread preprocessing execution identity into queued webhook execution so both phases share the same correlation and logs.
---------
Co-authored-by: test <test@example.com>
* fix(grain): update to stable version of API
* fix prewebhook lookup
* update pending webhook verification infra
* add generic webhook test event verification subblock
* feat(google-ads): add google ads integration for campaign and ad performance queries
* fix(google-ads): add input validation for GAQL query parameters
* fix(google-ads): remove deprecated pageSize param, fix searchSettings nesting, add missing date ranges
* fix(google-ads): validate managerCustomerId before use in login-customer-id header
* chore(docs): regenerate docs after google ads integration
* fix(google-ads): use centralized scope utilities and add type re-export
- Replace hardcoded scopes in auth.ts with getCanonicalScopesForProvider('google-ads')
- Replace hardcoded requiredScopes in block with getScopesForService('google-ads')
- Add type re-export from index.ts barrel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(google-ads): add userinfo scopes to oauth provider config
Align google-ads with all other Google services by including
userinfo.email and userinfo.profile scopes in the centralized
OAUTH_PROVIDERS config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(executor): skip Response block formatting for internal JWT callers
The workflow executor tool received `{error: true}` despite successful child
workflow execution when the child had a Response block. This happened because
`createHttpResponseFromBlock()` hijacked the response with raw user-defined
data, and the executor's `transformResponse` expected the standard
`{success, executionId, output, metadata}` wrapper.
Fix: skip Response block formatting when `authType === INTERNAL_JWT` since
Response blocks are designed for external API consumers, not internal
workflow-to-workflow calls. Also extract `AuthType` constants from magic
strings across all auth type comparisons in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test(executor): add route-level tests for Response block auth gating
Verify that internal JWT callers receive standard format while external
callers (API key, session) get Response block formatting. Tests the
server-side condition directly using workflowHasResponseBlock and
createHttpResponseFromBlock with AuthType constants.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(testing): add AuthType to all hybrid auth test mocks
Route code now imports AuthType from @/lib/auth/hybrid, so test mocks
must export it too. Added AuthTypeMock to @sim/testing and included it
in all 15 test files that mock the hybrid auth module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Issue keys are self-sufficient identifiers in Jira (e.g., PROJ-123).
The manualIssueKey field is a text input where users type the key directly,
so it should not depend on projectId/manualProjectId. This dependency
caused the field to clear unnecessarily when the project selection changed.
* feat(slack): add email field to get user and list users tools
* fix(slack): use empty string fallback for email and make type non-optional
* fix(slack): comment out users:read.email scope pending app review
Use explicit hyphen separator instead of relying on slice offset to
implicitly include the hyphen in the suffix, making the intent clearer.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The GET /rest/api/3/search/jql endpoint requires an explicit `fields`
parameter to return issue data. Without it, only the issue `id` is
returned with all other fields empty. This adds `fields=*all` as the
default when the user doesn't specify custom fields.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(fathom): add Fathom AI Notetaker integration
* fix(fathom): address PR review feedback
- Add response.ok checks to all 5 tool transformResponse functions
- Fix include_summary default to respect explicit false (check undefined)
- Add externalId validation before URL interpolation in webhook deletion
* fix(fathom): address second round PR review feedback
- Remove redundant 204 status check in deleteFathomWebhook (204 is ok)
- Use consistent undefined-guard pattern for all include flags
- Add .catch() fallback on webhook creation JSON parse
- Change recording_id default from 0 to null to avoid misleading sentinel
* fix(fathom): add missing crm_matches to list_meetings transform and fix action_items type
- Add crm_matches pass-through in list_meetings transform (was silently dropped)
- Fix action_items type to match API schema (description, user_generated, completed, etc.)
- Add crm_matches type with contacts, companies, deals, error fields
* fix(fathom): guard against undefined webhook id on creation success
* fix(fathom): add type to nested trigger outputs and fix boolean coercion
- Add type: 'object' to recorded_by and default_summary trigger outputs
- Use val === true || val === 'true' pattern for include flag coercion
to safely handle both boolean and string values from providerConfig
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com>
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
* fix(traces): prevent condition blocks from rendering source agent's timeSegments
Condition blocks spread their source block's entire output into their own
output. When the source is an agent, this leaked providerTiming/timeSegments
into the condition's output, causing buildTraceSpans to create "Initial
response" as a child of the condition span instead of the agent span.
Two fixes:
- Skip timeSegment child creation for condition block types in buildTraceSpans
- Filter execution metadata (providerTiming, tokens, toolCalls, model, cost)
from condition handler's filterSourceOutput
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(traces): guard condition blocks from leaked metadata on old persisted logs
Extend isConditionBlockType guards to also skip setting span.providerTiming,
span.cost, span.tokens, and span.model for condition blocks. This ensures
old persisted logs (recorded before the filterSourceOutput fix) don't display
misleading execution metadata on condition spans.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(traces): guard toolCalls fallback path for condition blocks on old logs
The else branch that extracts toolCalls from log.output also needs a
condition block guard, otherwise old persisted logs with leaked toolCalls
from the source agent would render on the condition span.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(traces): extract isCondition to local variable for readability
Cache isConditionBlockType(log.blockType) in a local const at the top
of the forEach loop instead of calling it 6 times per iteration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(blocks): remap condition/router IDs when duplicating blocks
Condition and router blocks embed IDs in the format `{blockId}-{suffix}`
inside their subBlock values and edge sourceHandles. When blocks were
duplicated, these IDs were not updated to reference the new block ID,
causing duplicate handle IDs and broken edge routing.
Fixes all four duplication paths: single block duplicate, copy/paste,
workflow duplication (server-side), and workflow import.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(blocks): deep-clone subBlocks before mutating condition IDs
Shallow copy of subBlocks meant remapConditionIds could mutate the
source data (clipboard on repeated paste, or input workflowState on
import). Deep-clone subBlocks in both regenerateBlockIds and
regenerateWorkflowIds to prevent this.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(blocks): remap condition IDs in regenerateWorkflowStateIds (template use)
The template use code path was missing condition/router ID remapping,
causing broken condition blocks when creating workflows from templates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(gmail): RFC 2047 encode subject headers for non-ASCII characters
* Fix RFC 2047 encoded word length limit
Split long email subjects into multiple RFC 2047 encoded words to comply with the 75-character limit per RFC 2047 Section 2. Each encoded word now contains at most 45 bytes of UTF-8 content (producing max 60 chars of base64 + 12 chars overhead = 72 total). Multiple encoded words are separated by CRLF + space (folding whitespace).
Applied via @cursor push command
* fix(gmail): split RFC 2047 encoded words on character boundaries
* fix(gmail): simplify RFC 2047 encoding to match Google's own sample
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(webhooks): eliminate redundant DB queries from webhook execution path
* chore(webhooks): remove implementation-detail comments
* fix(webhooks): restore auth-first ordering and add credential resolution warning
- Revert parallel auth+preprocessing to sequential auth→preprocessing
to prevent rate-limit exhaustion via unauthenticated requests
- Add warning log when credential account resolution fails in background job
* fix(webhooks): restore auth-before-reachability ordering and remove dead credentialAccountUserId field
- Move reachability test back after auth to prevent path enumeration
- Remove dead credentialAccountUserId from WebhookExecutionPayload
- Simplify credential resolution condition in background job
* fix(security): add SSRF protection to database tools and webhook delivery
* fix(security): address review comments on SSRF PR
- Remove Promise.race timeout pattern to avoid unhandled rejections
(http.request timeout is sufficient for webhook delivery)
- Use safeCompare in verifyCronAuth instead of inline HMAC logic
- Strip IPv6 brackets before validateDatabaseHost in Redis route
* fix(security): allow HTTP webhooks and fix misleading MCP error docs
- Add allowHttp option to validateExternalUrl, validateUrlWithDNS,
and secureFetchWithValidation to support HTTP webhook URLs
- Pass allowHttp: true for webhook delivery and test endpoints
- Fix misleading JSDoc on createMcpErrorResponse (doesn't log errors)
- Mark unused error param with underscore prefix
* fix(security): forward allowHttp option through redirect validation
Pass allowHttp to validateUrlWithDNS in the redirect handler of
secureFetchWithPinnedIP so HTTP-to-HTTP redirects work when allowHttp
is enabled for webhook delivery.
* fix(security): block localhost when allowHttp is enabled
When allowHttp is true (user-supplied webhook URLs), explicitly block
localhost/loopback in both validateExternalUrl and validateUrlWithDNS
to prevent SSRF against internal services.
* fix(security): always strip multi-line content in sanitizeConnectionError
Take the first line of the error message regardless of length to
prevent leaking sensitive data from multi-line error messages.
* fix(parallel): align integration with Parallel AI API docs
* fix(parallel): keep processor subBlock ID for backwards compatibility
* fix(parallel): move error field to top level per ToolResponse interface
* fix(parallel): guard research_input and prevent domain leakage across operations
* fix(parallel): make url/title nullable in types to match transformResponse
* fix(parallel): revert search_queries param type to string for backwards compatibility
* feat(hosted keys): Implement serper hosted key
* Handle required fields correctly for hosted keys
* Add rate limiting (3 tries, exponential backoff)
* Add custom pricing, switch to exa as first hosted key
* Add telemetry
* Consolidate byok type definitions
* Add warning comment if default calculation is used
* Record usage to user stats table
* Fix unit tests, use cost property
* Include more metadata in cost output
* Fix disabled tests
* Fix spacing
* Fix lint
* Move knowledge cost restructuring away from generic block handler
* Migrate knowledge unit tests
* Lint
* Fix broken tests
* Add user based hosted key throttling
* Refactor hosted key handling. Add optimistic handling of throttling for custom throttle rules.
* Remove research as hosted key. Recommend BYOK if throtttling occurs
* Make adding api keys adjustable via env vars
* Remove vestigial fields from research
* Make billing actor id required for throttling
* Switch to round robin for api key distribution
* Add helper method for adding hosted key cost
* Strip leading double underscores to avoid breaking change
* Lint fix
* Remove falsy check in favor for explicit null check
* Add more detailed metrics for different throttling types
* Fix _costDollars field
* Handle hosted agent tool calls
* Fail loudly if cost field isn't found
* Remove any type
* Fix type error
* Fix lint
* Fix usage log double logging data
* Fix test
---------
Co-authored-by: Theodore Li <teddy@zenobiapay.com>
* feat(evernote): add Evernote integration with 11 tools
* fix(evernote): fix signed integer mismatch in Thrift version check
* fix(evernote): fix exception field mapping and add sandbox support
* fix(evernote): address PR review feedback
* fix(evernote): clamp maxNotes to Evernote's 250 limit
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(oauth): centralize scopes and remove dead scope evaluation code
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(oauth): fix stale scope-descriptions.ts references and add test coverage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): resolve env var references at design time for selector context
Selectors now resolve {{ENV_VAR}} references before building context and
returning dependency values to consumers, enabling env-var-based credentials
(e.g. {{SLACK_BOT_TOKEN}}) to work with selector dropdowns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): prevent unresolved env var templates from leaking into context
- Fall back to undefined instead of raw template string when env var is
missing from store, so the null-check in the context loop discards it
- Use resolvedDetailId in query cache key so React Query refetches when
the underlying env var value changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): use || for consistent empty-string env var handling
Align use-selector-setup.ts with use-selector-query.ts by using || instead
of ?? so empty-string env var values are treated as unset.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(selectors): add dropdown selectors for 14 integrations
* fix(selectors): secure OAuth tokens in JSM and Confluence selector routes
Convert JSM selector-servicedesks, selector-requesttypes, and Confluence
selector-spaces routes from GET (with access token in URL query params) to
POST with authorizeCredentialUse + refreshAccessTokenIfNeeded pattern. Also
adds missing ensureCredential guard to microsoft.planner.plans registry entry.
* fix(selectors): use sanitized serviceDeskId and encode SharePoint siteId
Use serviceDeskIdValidation.sanitized instead of raw serviceDeskId in JSM
request types URL. Add encodeURIComponent to SharePoint siteId to prevent
URL path injection.
* lint
* fix(selectors): revert encodeURIComponent on SharePoint siteId
SharePoint site IDs use the format "hostname,guid,guid" with commas that
must remain unencoded for the Microsoft Graph API. The encodeURIComponent
call would convert commas to %2C and break the API call.
* fix(selectors): use sanitized cloudId in Confluence and JSM route URLs
Use cloudIdValidation.sanitized instead of raw cloudId in URL construction
for consistency with the validation pattern, even though the current
validator returns the input unchanged.
* fix(selectors): add missing context fields to resolution, ensureCredential to sharepoint.lists, and siteId validation
- Add baseId, datasetId, serviceDeskId to SelectorResolutionArgs,
ExtendedSelectorContext, extractExtendedContext, useSelectorDisplayName,
and resolveSelectorForSubBlock so cascading selectors resolve correctly
through the resolution path.
- Add ensureCredential guard to sharepoint.lists registry entry.
- Add regex validation for SharePoint siteId format (hostname,GUID,GUID).
* fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes
Rename all advanced-mode subBlock IDs that matched their canonicalParamId
to use a `manual*` prefix, following the established convention
(e.g., manualSiteId, manualCredential). This prevents ambiguity between
subBlock IDs and canonical parameter names in the serialization layer.
25 renames across 14 blocks: baseId→manualBaseId, tableId→manualTableId,
workspace→manualWorkspace, objectType→manualObjectType, etc.
* Revert "fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes"
This reverts commit 4e30161c68.
* fix(selectors): rename canonicalParamIds to avoid subBlock ID clashes
Prefix all clashing canonicalParamId values with `selected_` so they
don't match any subBlock ID. Update each block's `inputs` section and
`tools.config.params` function to destructure the new canonical names
and remap them to the original tool param names. SubBlock IDs and tool
definitions remain unchanged for backwards compatibility.
Affected: 25 canonical params across 14 blocks (airtable, asana, attio,
calcom, confluence, google_bigquery, google_tasks, jsm, microsoft_planner,
notion, pipedrive, sharepoint, trello, zoom).
* fix(selectors): rename pre-existing driveId and files canonicalParamIds in SharePoint
Apply the same selected_ prefix convention to the pre-existing SharePoint
driveId and files canonical params that clashed with their subBlock IDs.
* style: format long lines in calcom, pipedrive, and sharepoint blocks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): resolve cascading context for selected_ canonical params and normalize Asana response
Strip `selected_` prefix from canonical param IDs when mapping to
SelectorContext fields so cascading selectors (Airtable base→table,
BigQuery dataset→table, JSM serviceDesk→requestType) correctly
propagate parent values.
Normalize Asana workspaces route to return `{ id, name }` instead of
`{ gid, name }` for consistency with all other selector routes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): replace hacky prefix stripping with explicit CANONICAL_TO_CONTEXT mapping
Replace CONTEXT_FIELD_SET (Record<string, true>) with CANONICAL_TO_CONTEXT
(Record<string, keyof SelectorContext>) that explicitly maps canonical
param IDs to their SelectorContext field names.
This properly handles the selected_ prefix aliases (e.g. selected_baseId
→ baseId) without string manipulation, and removes the unsafe
Record<string, unknown> cast.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): remove unnecessary selected_ prefix from canonicalParamIds
The selected_ prefix was added to avoid a perceived clash between
canonicalParamId and subBlock id values, but this clash does not
actually cause any issues — pre-existing blocks on main (Google Sheets,
Webflow, SharePoint) already use matching values successfully.
Remove the prefix from all 14 blocks, revert use-selector-setup.ts to
the simple CONTEXT_FIELD_SET pattern, and simplify tools.config.params
functions that were only remapping the prefix back.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add spaceId selector pair to Confluence V2 block
The V2 block was missing the spaceSelector basic-mode selector that the
V1 (Legacy) block already had.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): revert V1 block changes, add selectors to Notion V1 for V2 inheritance
Confluence V1: reverted to main state (V2 has its own subBlocks).
Notion V1: added selector pairs per-operation since V2 inherits
subBlocks, inputs, and params from V1.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): audit fixes for auth patterns, registry gaps, and display name resolution
- Convert Microsoft Planner plans/tasks routes from GET+getSession to POST+authorizeCredentialUse
- Add fetchById to microsoft.planner (tasks) and sharepoint.sites registry entries
- Add ensureCredential to sharepoint.sites and microsoft.planner registry fetchList
- Update microsoft.planner.plans registry to use POST method
- Add siteId, collectionId, spreadsheetId, fileId to SelectorDisplayNameArgs and caller
- Add fileId to SelectorResolutionArgs and resolution context
- Fix Zoom topicUpdate visibility in basic mode (remove mode:'advanced')
- Change Zoom meetings selector to fetch upcoming_meetings instead of only scheduled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: lint formatting fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): consolidate Notion canonical param pairs into array conditions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add missing selectorKey to Confluence V1 page selector
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): use sanitized IDs in URLs, convert SharePoint routes to POST+authorizeCredentialUse
- Use planIdValidation.sanitized in MS Planner tasks fetch URL
- Convert sharepoint/lists and sharepoint/sites from GET+getSession to POST+authorizeCredentialUse
- Update registry entries to match POST pattern
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): revert Zoom meetings type to scheduled for broader compatibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add SharePoint site ID validator, fix cascading selector display name fallbacks
- Add validateSharePointSiteId to input-validation.ts
- Use validation util in SharePoint lists route instead of inline regex
- Add || fallback to selector IDs in workflow-block.tsx so cascading
display names resolve in basic mode (baseSelector, planSelector, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): hoist requestId before try block in all selector routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): hoist requestId before try block in Trello boards route
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): guard selector queries against unresolved variable references
Skip fetchById and context population when values are design-time
placeholders (<Block.output> or {{ENV_VAR}}) rather than real IDs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): replace hardcoded display name fallbacks with canonical-aware resolution
Use resolveDependencyValue to resolve context values for
useSelectorDisplayName, eliminating manual || getStringValue('*Selector')
fallbacks that required updating for each new selector pair.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): tighten SharePoint site ID validation to exclude underscores
SharePoint composite site IDs use hostname,guid,guid format where only
alphanumerics, periods, hyphens, and commas are valid characters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): ensure string IDs in Pipedrive/Cal.com routes, fix Trello closed board filter
Pipedrive pipelines and Cal.com event-types/schedules routes now
consistently return string IDs via String() conversion.
Trello boards route no longer filters out closed boards, preserving
them for fetchById lookups. The closed filter is applied only in the
registry's fetchList so archived boards don't appear in dropdowns
but can still be resolved by ID for display names.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): convert Zoom meeting IDs to strings for consistency
Zoom API returns numeric meeting IDs. Convert with String() to match
the string ID convention used by all other selector routes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): align registry types with route string ID returns
Routes already convert numeric IDs to strings via String(), so update
the registry types (CalcomEventType, CalcomSchedule, PipedrivePipeline,
ZoomMeeting) from id: number to id: string and remove the now-redundant
String() coercions in fetchList/fetchById.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Theodore Li