* feat(tables): add column operations, row ordering, V1 columns API, and OpenAPI spec
Adds column rename/delete/type change/constraint updates to the tables module,
row ordering via position column, UI metadata schema, V1 public API for column
operations with rate limiting and audit logging, and OpenAPI documentation.
Key changes:
- Service-layer column operations with validation (name pattern, type compatibility, unique/required constraints)
- Position column on user_table_rows with composite index for efficient ordering
- V1 /api/v1/tables/{tableId}/columns endpoint (POST/PATCH/DELETE) with rate limiting and audit
- Shared Zod schemas extracted to table/utils.ts using COLUMN_TYPES constant
- Targeted React Query invalidation (row vs schema mutations) with consistent onSettled usage
- OpenAPI 3.1.0 spec for columns endpoint with code samples
- Position field added to all row response mappings for consistency
- Sort fallback to position ordering when buildSortClause returns null
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): use specific error prefixes instead of broad "Cannot" match
Prevents internal TypeErrors (e.g. "Cannot read properties of undefined")
from leaking as 400 responses. Now matches only domain-specific errors:
"Cannot delete the last column" and "Cannot set column".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): reject Infinity and NaN in number type compatibility check
Number.isFinite rejects Infinity, -Infinity, and NaN, preventing
non-finite values from passing column type validation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): invalidate table list on row create/delete for stale rowCount
Row create and delete mutations now invalidate the table list cache since
it includes a computed rowCount. Row updates (which don't change count)
continue to only invalidate row queries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(tables): add column name length check, deduplicate name gen, reset pagination on clear
- Add MAX_COLUMN_NAME_LENGTH validation to addTableColumn (was missing,
renameColumn already had it)
- Extract generateColumnName helper to eliminate triplicated logic across
handleAddColumn, handleInsertColumnLeft, handleInsertColumnRight
- Reset pagination to page 0 when clearing sort/filter to prevent showing
empty pages after narrowing filters are removed
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: hoist tableId above try block in V1 columns route, add detail invalidation to invalidateRowCount
- V1 columns route: `tableId` was declared inside `try` but referenced in
`catch` logger.error, causing undefined in error logs. Hoisted `await params`
above try in all three handlers (POST, PATCH, DELETE).
- invalidateRowCount: added `tableKeys.detail(tableId)` invalidation since the
single-table GET response includes `rowCount`, which becomes stale after
row create/delete without this.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add position to all row mutation responses, remove dead filter code
- Add `position` field to POST (single + batch) and PATCH row responses
across both internal and V1 routes, matching GET responses and OpenAPI spec.
- Remove unused `filterConfig`, `handleFilterToggle`, `handleFilterClear`,
and `activeFilters` — dead code left over from merge conflict resolution.
`handleFilterApply` (the one actually wired to JSX) is preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: invalidateTableSchema now also invalidates table list cache
Column add/rename/delete/update mutations now invalidate tableKeys.list()
since the list endpoint returns schema.columns for each table. Without this,
the sidebar table list would show stale column schemas until staleTime expires.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: replace window.prompt/confirm with emcn Modal dialogs
Replace non-standard browser dialogs with proper emcn Modal components
to match the existing codebase pattern (e.g. delete table confirmation).
- Column rename: Modal with Input field + Enter key support
- Column delete: Modal with destructive confirmation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Root cause: the fumadocs grid template has 3 columns in production but
5 columns in local dev. Our CSS used `grid-column: 3 / span 2` which
targeted the wrong column in the 3-column grid, placing content in
the near-zero-width TOC column instead of the main content column.
Fix: use `grid-column: main-start / toc-end` which uses CSS named grid
lines from grid-template-areas, working regardless of column count.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(docs): align sidebar method badges and polish API reference styling
* fix(docs): revert className prop on DocsPage for CI compatibility
* fix(docs): restore oneOf schema for delete rows and use rem units in CSS
* fix(docs): replace :has() selectors with direct className for reliable prod layout
The API docs layout was intermittently narrow in production because CSS
:has(.api-page-header) selectors are unreliable in Tailwind v4 production
builds. Apply className="openapi-page" directly to DocsPage and replace
all 64 :has() selectors with .openapi-page class targeting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): bypass TypeScript check for className prop on DocsPage
Use spread with type assertion to pass className to DocsPage, working
around a CI type resolution issue where the prop exists at runtime but
is not recognized by TypeScript in the Vercel build environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): use inline style tag for grid layout, revert CSS to :has() selectors
The className prop on DocsPage doesn't exist in the fumadocs-ui version
resolved on Vercel, so .openapi-page was never applied and all 64 CSS
rules broke. Revert to :has(.api-page-header) selectors for styling and
use an inline <style> tag for the critical grid-column layout override,
which is SSR'd and doesn't depend on any CSS selector matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(docs): add pill styling to footer navigation method badges
The footer nav badges (POST, GET, etc.) had color from data-method rules
but lacked the structural pill styling (padding, border-radius, font-size).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(files): add inline file viewer with text editing and create file modal
Add file preview/edit functionality to the workspace files page. Text files
(md, json, txt, yaml, etc.) open in an editable textarea with Cmd/Ctrl+S save.
PDFs render in an iframe. New file button creates empty .md files via a modal.
Uses ResourceHeader breadcrumbs and ResourceOptionsBar for save/download/delete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(files): add UX polish, PR review fixes, and context menu
- Add unsaved changes guard modal (matching credentials manager pattern)
- Add delete confirmation modal for both viewer and context menu
- Add save status feedback (Save → Saving... → Saved)
- Add right-click context menu with Open, Download, Delete actions
- Add 50MB file size limit on content update API
- Add storage quota check before content updates
- Add response.ok guard on download to prevent corrupt files
- Add skeleton loading for pending file selection (prevents flicker)
- Fix updateContent in handleSave dependency array
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): propagate save errors and remove redundant sizeDiff
- Remove try/catch in TextEditor.handleSave so errors propagate to
parent, which correctly shows save failure status
- Remove redundant inner sizeDiff declaration that shadowed outer scope
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): remove unused textareaRef
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): move Cmd+S to parent, add save error feedback, hide save for non-text files
- Move Cmd+S keyboard handler from TextEditor to Files so it goes
through the parent handleSave with proper status management
- Add 'error' save status with red "Save failed" label that auto-resets
- Only show Save button for text-editable file types (md, txt, json, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(files): add save tooltip, deduplicate text-editable extensions
- Add Tooltip on Save button showing Cmd+S / Ctrl+S shortcut
- Export TEXT_EDITABLE_EXTENSIONS from file-viewer and reuse in files.tsx
instead of duplicating the list inline
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract isMacPlatform to shared utility
Move isMacPlatform() from global-commands-provider.tsx to
lib/core/utils/platform.ts so it can be reused by files.tsx tooltip
without duplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(files): deduplicate delete modal, use shared formatFileSize
- Extract DeleteConfirmModal component to eliminate duplicate modal
markup between viewer and list modes
- Replace local formatFileSize with shared utility from file-utils.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): fix a11y label lint error and remove mutation object from useCallback deps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): add isDirty guard on handleSave, return proper HTTP status codes
Prevents "Saving → Saved" flash when pressing Cmd+S with no changes.
Returns 404 for file-not-found and 402 for quota-exceeded instead of 500.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): reset isDirty/saveStatus on delete and discard, remove deprecated navigator.platform
- Clear isDirty and saveStatus when deleting the currently-viewed file to
prevent spurious beforeunload prompts
- Reset saveStatus on discard to prevent stale "Save failed" when opening
another file
- Remove deprecated navigator.platform, userAgent fallback covers all cases
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): prevent concurrent saves on rapid Cmd+S, add YAML MIME types
- Add saveStatus === 'saving' guard to handleSave to prevent duplicate
concurrent PUT requests from rapid keyboard shortcuts
- Add yaml/yml MIME type mappings to getMimeTypeFromExtension
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(files): reuse shared extension constants, parallelize cancelQueries
- Replace hand-rolled SUPPORTED_EXTENSIONS with composition from existing
SUPPORTED_DOCUMENT/AUDIO/VIDEO_EXTENSIONS in validation.ts
- Parallelize sequential cancelQueries calls in delete mutation onMutate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): guard handleCreate against duplicate calls while pending
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): show upload progress on the Upload button, not New file
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(files): use ref-based guard for create pending state to avoid stale closure
The uploadFile.isPending check was stale because the mutation object
is excluded from useCallback deps (per codebase convention). Using a
ref ensures the guard works correctly across rapid Enter key presses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* cleanup(files): use shared icon import, remove no-op props, wrap handler in useCallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add modal to create standalone scheduled jobs from the Schedules page.
Includes POST API endpoint, useCreateSchedule mutation hook, and full
modal with schedule type selection, timezone, lifecycle, and live preview.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The fire-and-forget IIFE in execution-core.ts for post-execution logging could be abandoned when trigger.dev tasks exit, leaving executions permanently stuck in "running" status. Store the promise on LoggingSession so background tasks can optionally await it before returning.
* feat(knowledge): add v1 knowledge base API, Obsidian/Evernote connectors, and docs
- Add v1 REST API for knowledge bases (CRUD, document management, vector search)
- Add Obsidian and Evernote knowledge base connectors
- Add file type validation to v1 file and document upload endpoints
- Update OpenAPI spec with knowledge base endpoints and schemas
- Add connectors documentation page
- Apply query hook formatting improvements
* fix(knowledge): address PR review feedback
- Remove validateFileType from v1/files route (general file upload, not document-only)
- Reject tag filters when searching multiple KBs (tag defs are KB-specific)
- Cache tag definitions to avoid duplicate getDocumentTagDefinitions call
- Fix Obsidian connector silent empty results when syncContext is undefined
* improvement(connectors): add syncContext to getDocument, clean up caching
- Update docs to say 20+ connectors
- Add syncContext param to ConnectorConfig.getDocument interface
- Use syncContext in Evernote getDocument to cache tag/notebook maps
- Replace index-based cache check with Map keyed by KB ID in search route
* fix(knowledge): address second round of PR review feedback
- Fix Zod .default('text') overriding tag definition's actual fieldType
- Fix encodeURIComponent breaking multi-level folder paths in Obsidian
- Use 413 instead of 400 for file-too-large in document upload
- Add knowledge-bases to API reference docs navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(knowledge): prevent cross-workspace KB access in search
Filter accessible KBs by matching workspaceId from the request,
preventing users from querying KBs in other workspaces they have
access to but didn't specify.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(knowledge): audit resourceId, SSRF protection, recursion depth limit
- Fix recordAudit using knowledgeBaseId instead of newDocument.id
- Add SSRF validation to Obsidian connector (reject private/loopback URLs)
- Add max recursion depth (20) to listVaultFiles
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(obsidian): remove SSRF check that blocks localhost usage
The Obsidian connector is designed to connect to the Local REST API
plugin running on localhost (127.0.0.1:27124). The SSRF check was
incorrectly blocking this primary use case.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The knowledge_base.token_count column was initialized to 0 and never
updated. Replace with COALESCE(SUM(document.token_count), 0) in all
read queries, which already JOIN on documents with GROUP BY.
* refactor: comprehensive TanStack Query best practices audit and migration
- Add AbortSignal forwarding to all 41 queryFn implementations for proper request cancellation
- Migrate manual fetch patterns to useMutation hooks (useResetPassword, useRedeemReferralCode, usePurchaseCredits, useImportWorkflow, useOpenBillingPortal, useAllowedMcpDomains)
- Migrate standalone hooks to TanStack Query (use-next-available-slot, use-mcp-server-test, use-webhook-management, use-referral-attribution)
- Fix query key factories: add missing `all` keys, replace inline keys with factory methods
- Fix optimistic mutations: use onSettled instead of onSuccess for cache reconciliation
- Replace overly broad cache invalidations with targeted key invalidation
- Remove keepPreviousData from static-key queries where it provides no benefit
- Add staleTime to queries missing explicit cache duration
- Fix `any` type in UpdateSettingParams with proper GeneralSettings typing
- Remove dead code: loadingWebhooks/checkedWebhooks from subblock store, unused helper functions
- Update settings components (general, debug, referral-code, credit-balance, subscription, mcp) to use mutation state instead of manual useState for loading/error/success
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unstable mutation object from useCallback deps
openBillingPortal mutation object is not referentially stable,
but .mutate() is stable in TanStack Query v5. Remove from deps
to prevent unnecessary handleBadgeClick recreations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add missing byWorkflows invalidation to useUpdateTemplate
The onSettled handler was missing the byWorkflows() invalidation
that was dropped during the onSuccess→onSettled migration. Without
this, the deploy modal (useTemplateByWorkflow) would show stale data
after a template update.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add TanStack Query best practices to CLAUDE.md and cursor rules
Add comprehensive React Query best practices covering:
- Hierarchical query key factories with intermediate plural keys
- AbortSignal forwarding in all queryFn implementations
- Targeted cache invalidation over broad .all invalidation
- onSettled for optimistic mutation cache reconciliation
- keepPreviousData only on variable-key queries
- No manual fetch in components rule
- Stable mutation references in useCallback deps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR review feedback
- Fix syncedRef regression in use-webhook-management: only set
syncedRef.current=true when webhook is found, so re-sync works
after webhook creation (e.g., post-deploy)
- Remove redundant detail(id) invalidation from useUpdateTemplate
onSettled since onSuccess already populates cache via setQueryData
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address second round of PR review feedback
- Reset syncedRef when blockId changes in use-webhook-management so
component reuse with a different block syncs the new webhook
- Add response.ok check in postAttribution so non-2xx responses
throw and trigger TanStack Query retry logic
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use lists() prefix invalidation in useCreateWorkspaceCredential
Use workspaceCredentialKeys.lists() instead of .list(workspaceId) so
filtered list queries are also invalidated on credential creation,
matching the pattern used by update and delete mutations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address third round of PR review feedback
- Add nullish coalescing fallback for bonusAmount in referral-code
to prevent rendering "undefined" when server omits the field
- Reset syncedRef when queryEnabled becomes false so webhook data
re-syncs when the query is re-enabled without component remount
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address fourth round of PR review feedback
- Add AbortSignal to testMcpServerConnection for consistency
- Wrap handleTestConnection in try/catch for mutateAsync error handling
- Replace broad subscriptionKeys.all with targeted users()/usage() invalidation
- Add intermediate users() key to subscription key factory for prefix matching
- Add comment documenting syncedRef null-webhook behavior
- Fix api-keys.ts silent error swallowing on non-ok responses
- Move deployments.ts cache invalidation from onSuccess to onSettled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: achieve full TanStack Query best practices compliance
- Add intermediate plural keys to api-keys, deployments, and schedules
key factories for prefix-based invalidation support
- Change copilot-keys from refetchQueries to invalidateQueries
- Add signal parameter to organization.ts fetch functions (better-auth
client does not support AbortSignal, documented accordingly)
- Move useCreateMcpServer invalidation from onSuccess to onSettled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* improvement(perf): apply react and js performance optimizations across codebase
- Parallelize independent DB queries with Promise.all in API routes
- Defer PostHog and OneDollarStats via dynamic import() to reduce bundle size
- Use functional setState in countdown timers to prevent stale closures
- Replace O(n*m) .filter().find() with Set-based O(n) lookups in undo-redo
- Use .toSorted() instead of .sort() for immutable state operations
- Use lazy initializers for useState(new Set()) across 20 components
- Remove useMemo wrapping trivially cheap expressions (typeof, ternary, template strings)
- Add passive: true to scroll event listener
* fix(perf): address PR review feedback
- Extract IIFE Set patterns to named consts for readability in use-undo-redo
- Hoist Set construction above loops in BATCH_UPDATE_PARENT cases
- Add .catch() error handler to PostHog dynamic import
- Convert session-provider posthog import to dynamic import() to complete bundle split
* fix(analytics): add .catch() to onedollarstats dynamic import
* improvement(turbo): align turborepo config with best practices
* fix(turbo): address PR review feedback
* fix(turbo): add lint:check task for read-only lint+format CI checks
lint:check previously delegated to format:check which only checked
formatting. Now it runs biome check (no --write) which enforces both
lint rules and formatting without mutating files.
* upgrade turbo
* fix(connectors): add rate limiting, concurrency controls, and bug fixes across knowledge connectors
- Add Retry-After header support to fetchWithRetry for all 18 connectors
- Batch concurrent API calls (concurrency 5) in Dropbox, Google Docs, Google Drive, OneDrive, SharePoint
- Batch concurrent API calls (concurrency 3) in Notion to match 3 req/s limit
- Cache GitHub tree in syncContext to avoid re-fetching on every pagination page
- Batch GitHub blob fetches with concurrency 5
- Fix GitHub base64 decoding: atob() → Buffer.from() for UTF-8 safety
- Fix HubSpot OAuth scope: 'tickets' → 'crm.objects.tickets.read' (v3 API)
- Fix HubSpot syncContext key: totalFetched → totalDocsFetched for consistency
- Add jitter to nextSyncAt (10% of interval, capped at 5min) to prevent thundering herd
- Fix Date consistency in connector DELETE route
* fix(connectors): address PR review feedback on retry and SharePoint batching
- Remove 120s cap on Retry-After — pass all values through to retry loop
- Add maxDelayMs guard: if Retry-After exceeds maxDelayMs, throw immediately
instead of hammering with shorter intervals (addresses validate timeout concern)
- Add early exit in SharePoint batch loop when maxFiles limit is reached
to avoid unnecessary API calls
* fix(connectors): cap Retry-After at maxDelayMs instead of aborting
Match Google Cloud SDK behavior: when Retry-After exceeds maxDelayMs,
cap the wait to maxDelayMs and log a warning, rather than throwing
immediately. This ensures retries are bounded in duration while still
respecting server guidance within the configured limit.
* fix(connectors): add early-exit guard to Dropbox, Google Docs, OneDrive batch loops
Match the SharePoint fix — skip remaining batches once maxFiles limit
is reached to avoid unnecessary API calls.
