* feat(triggers): add Resend webhook triggers with auto-registration
* fix(triggers): capture Resend signing secret and add Svix webhook verification
* fix(triggers): add paramVisibility, event-type filtering for Resend triggers
* fix(triggers): add Svix timestamp staleness check to prevent replay attacks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(triggers): use Number.parseInt and Number.isNaN for lint compliance
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(integrations): add Sixtyfour AI integration
Add Sixtyfour AI integration with 4 tools: find_phone, find_email, enrich_lead, enrich_company. Includes block with operation dropdown, API key auth, conditional fields per operation, brand icon, and generated docs.
* fix(integrations): add error handling to sixtyfour tools
Wrap JSON.parse calls in try/catch for enrich_lead and enrich_company.
Add response.ok checks to all 4 tools' transformResponse.
* fix(integrations): use typed Record for leadStruct to fix spread type error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs
* airweave docslink
* turbo update
* more inp/outputs
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(webhooks): extract provider-specific logic into handler registry
* fix(webhooks): address PR review feedback
- Restore original fall-through behavior for generic requireAuth with no token
- Replace `any` params with proper types in processor helper functions
- Restore array-aware initializer in processTriggerFileOutputs
* fix(webhooks): fix build error from union type indexing in processTriggerFileOutputs
Cast array initializer to Record<string, unknown> to allow string indexing
while preserving array runtime semantics for the return value.
* fix(webhooks): return 401 when requireAuth is true but no token configured
If a user explicitly sets requireAuth: true, they expect auth to be enforced.
Returning 401 when no token is configured is the correct behavior — this is
an intentional improvement over the original code which silently allowed
unauthenticated access in this case.
* refactor(webhooks): move signature validators into provider handler files
Co-locate each validate*Signature function with its provider handler,
eliminating the circular dependency where handlers imported back from
utils.server.ts. validateJiraSignature is exported from jira.ts for
shared use by confluence.ts.
* refactor(webhooks): move challenge handlers into provider files
Move handleWhatsAppVerification to providers/whatsapp.ts and
handleSlackChallenge to providers/slack.ts. Update processor.ts
imports to point to provider files.
* refactor(webhooks): move fetchAndProcessAirtablePayloads into airtable handler
Co-locate the ~400-line Airtable payload processing function with its
provider handler. Remove AirtableChange interface from utils.server.ts.
* refactor(webhooks): extract polling config functions into polling-config.ts
Move configureGmailPolling, configureOutlookPolling, configureRssPolling,
and configureImapPolling out of utils.server.ts into a dedicated module.
Update imports in deploy.ts and webhooks/route.ts.
* refactor(webhooks): decompose formatWebhookInput into per-provider formatInput methods
Move all provider-specific input formatting from the monolithic formatWebhookInput
switch statement into each provider's handler file. Delete formatWebhookInput and
all its helper functions (fetchWithDNSPinning, formatTeamsGraphNotification, Slack
file helpers, convertSquareBracketsToTwiML) from utils.server.ts. Create new handler
files for gmail, outlook, rss, imap, and calendly providers. Update webhook-execution.ts
to use handler.formatInput as the primary path with raw body passthrough as fallback.
utils.server.ts reduced from ~1600 lines to ~370 lines containing only credential-sync
functions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(webhooks): decompose provider-subscriptions into handler registry pattern
Move all provider-specific subscription create/delete logic from the monolithic
provider-subscriptions.ts into individual provider handler files via new
createSubscription/deleteSubscription methods on WebhookProviderHandler.
Replace the two massive if-else dispatch chains (11 branches each) with simple
registry lookups via getProviderHandler(). provider-subscriptions.ts reduced
from 2,337 lines to 128 lines (orchestration only).
Also migrate polling configuration (gmail, outlook, rss, imap) into provider
handlers via configurePolling() method, and challenge/verification handling
(slack, whatsapp, teams) via handleChallenge() method. Delete polling-config.ts.
Create new handler files for fathom and lemlist providers. Extract shared
subscription utilities into subscription-utils.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): fix attio build error, restore imap field, remove demarcation comments
- Cast `body` to `Record<string, unknown>` in attio formatInput to fix
type error with extractor functions
- Restore `rejectUnauthorized` field in imap configurePolling for parity
- Remove `// ---` section demarcation comments from route.ts and airtable.ts
- Update add-trigger skill to reflect handler-based architecture
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): remove unused imports from utils.server.ts after rebase
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): remove duplicate generic file processing from webhook-execution
The generic provider's processInputFiles handler already handles file[] field
processing via the handler.processInputFiles call. The hardcoded block from
staging was incorrectly preserved during rebase, causing double processing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): validate auth token is set when requireAuth is enabled at deploy time
Rejects deployment with a clear error message if a generic webhook trigger
has requireAuth enabled but no authentication token configured, rather than
letting requests fail with 401 at runtime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): remove unintended rejectUnauthorized field from IMAP polling config
The refactored IMAP handler added a rejectUnauthorized field that was not
present in the original configureImapPolling function. This would default
to true for all existing IMAP webhooks, potentially breaking connections
to servers with self-signed certificates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webhooks): replace crypto.randomUUID() with generateId() in ashby handler
Per project coding standards, use generateId() from @/lib/core/utils/uuid
instead of crypto.randomUUID() directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(webhooks): standardize logger names and remove any types from providers
- Standardize logger names to WebhookProvider:X pattern across 6 providers
(fathom, gmail, imap, lemlist, outlook, rss)
- Replace all `any` types in airtable handler with proper types:
- Add AirtableTableChanges interface for API response typing
- Change function params from `any` to `Record<string, unknown>`
- Change AirtableChange fields from Record<string, any> to Record<string, unknown>
- Change all catch blocks from `error: any` to `error: unknown`
- Change input object from `any` to `Record<string, unknown>`
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(webhooks): remove remaining any types from deploy.ts
Replace 3 `catch (error: any)` with `catch (error: unknown)` and
1 `Record<string, any>` with `Record<string, unknown>`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(blocks): resolve Ollama models incorrectly requiring API key in Docker
Server-side validation failed for Ollama models like mistral:latest because
the Zustand providers store is empty on the server and getProviderFromModel
misidentified them via regex pattern matching (e.g. mistral:latest matched
Mistral AI's /^mistral/ pattern).
Replace the hardcoded CLOUD_PROVIDER_PREFIXES list with existing data sources:
- Provider store (definitive on client, checks all provider buckets)
- getBaseModelProviders() from PROVIDER_DEFINITIONS (server-side static cloud model lookup)
- Slash convention for dynamic cloud providers (fireworks/, openrouter/, etc.)
- isOllamaConfigured feature flag using existing OLLAMA_URL env var
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: remove getProviderFromModel regex fallback from API key validation
The fallback was the last piece of regex-based matching in the function and
only ran for self-hosted without OLLAMA_URL on the server — a path where
Ollama models cannot appear in the dropdown anyway.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
* fix: handle vLLM models in store provider check
vLLM is a local model server like Ollama and should not require an API key.
Add vllm to the store provider check as a safety net for models that may
not have the vllm/ prefix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(core): consolidate ID generation to prevent HTTP self-hosted crashes
crypto.randomUUID() requires a secure context (HTTPS) in browsers,
causing white-screen crashes on self-hosted HTTP deployments. This
replaces all direct usage of crypto.randomUUID(), nanoid, and the uuid
package with a central utility that falls back to crypto.getRandomValues()
which works in all contexts.
- Add generateId(), generateShortId(), isValidUuid() in @/lib/core/utils/uuid
- Replace crypto.randomUUID() imports across ~220 server + client files
- Replace nanoid imports with generateShortId()
- Replace uuid package validate with isValidUuid()
- Remove nanoid dependency from apps/sim and packages/testing
- Remove browser polyfill script from layout.tsx
- Update test mocks to target @/lib/core/utils/uuid
- Update CLAUDE.md, AGENTS.md, cursor rules, claude rules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* update bunlock
* fix(core): remove UUID_REGEX shim, use isValidUuid directly
* fix(core): remove deprecated uuid mock helpers that use vi.doMock
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(files): expand file editor to support more formats, add docx/xlsx preview
* lint
* fix(files): narrow fileData type for closure in docx/xlsx preview effects
* fix(files): address PR review — fix xlsx type, simplify error helper, tighten iframe sandbox
* add mothership read externsions
* fix(files): update upload test — js is now a supported extension
* fix(files): deduplicate code extensions, handle dotless filenames
* fix(files): lower xlsx preview row cap to 1k and type workbookRef properly
Reduces XLSX_MAX_ROWS from 10,000 to 1,000 to prevent browser sluggishness
on large spreadsheets. Types workbookRef with the proper xlsx.WorkBook
interface instead of unknown, removing the unsafe cast.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(files): extract shared DataTable, isolate client-safe constants
- Move SUPPORTED_CODE_EXTENSIONS to validation-constants.ts so client
components no longer transitively import Node's `path` module
- Extract shared DataTable component used by both CsvPreview and
XlsxPreview, eliminating duplicated table markup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(validation): remove Node path import, use plain string extraction
Replace `import path from 'path'` with a simple `extractExtension` helper
that does `fileName.slice(fileName.lastIndexOf('.') + 1)`. This removes
the only Node module dependency from validation.ts, making it safe to
import from client components without pulling in a Node polyfill.
Deletes the unnecessary validation-constants.ts that was introduced as
a workaround — the constants now live back in validation.ts where they
belong.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(kb): fix Linear connector GraphQL type errors and tag slot reuse
* fix(kb): simplify tag slot reuse, revert Linear GraphQL types to String
Clean up newTagSlotMapping into direct assignment, remove unnecessary
comment, and revert ID! back to String! to match Linear SDK types.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(kb): use ID! type for Linear GraphQL filter variables
* fix(kb): verify field type when reusing existing tag slots
Add fieldType check to the tag slot reuse logic so a connector with
a matching displayName but different fieldType falls through to fresh
slot allocation instead of silently reusing an incompatible slot.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(kb): enable search on connector selector dropdowns
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(analytics): posthog audit — remove noise, add 10 new events
Remove task_marked_read (fires automatically on every task view).
Add workspace_id to task_message_sent for group analytics.
New events:
- search_result_selected: block/tool/trigger/workflow/table/file/
knowledge_base/workspace/task/page/docs with query_length
- workflow_imported: count + format (json/zip)
- workflow_exported: count + format (json/zip)
- folder_created / folder_deleted
- logs_filter_applied: status/workflow/folder/trigger/time
- knowledge_base_document_deleted
- scheduled_task_created / scheduled_task_deleted
* fix(analytics): use usePostHog + captureEvent in hooks, track custom date range
* fix(analytics): always fire scheduled_task_deleted regardless of workspaceId
* fix(analytics): correct format field logic and add missing useCallback deps
* feat(knowledge): add Live sync option to KB connector modal for Max/Enterprise users
Adds a "Live" (every 5 min) sync frequency option gated to Max and Enterprise plan users.
Includes client-side badge + disabled state, shared sync intervals constant, and server-side
plan validation on both POST and PATCH connector routes.
* fix(knowledge): record embedding usage cost for KB document processing
Adds billing tracking to the KB embedding pipeline, which was previously
generating OpenAI API calls with no cost recorded. Token counts are now
captured from the actual API response and recorded via recordUsage after
successful embedding insertion. BYOK workspaces are excluded from billing.
Applies to all execution paths: direct, BullMQ, and Trigger.dev.
* fix(knowledge): simplify embedding billing — use calculateCost, return modelName
- Use calculateCost() from @/providers/utils instead of inline formula, consistent
with how LLM billing works throughout the platform
- Return modelName from GenerateEmbeddingsResult so billing uses the actual model
(handles custom Azure deployments) instead of a hardcoded fallback string
- Fix docs-chunker.ts empty-path fallback to satisfy full GenerateEmbeddingsResult type
* fix(knowledge): remove dev bypass from hasLiveSyncAccess
* chore(knowledge): rename sync-intervals to consts, fix stale TSDoc comment
* improvement(knowledge): extract MaxBadge component, capture billing config once per document
* fix(knowledge): add knowledge-base to usage_log_source enum, fix docs-chunker type
* fix(knowledge): generate migration for knowledge-base usage_log_source enum value
* fix(knowledge): add knowledge-base to usage_log_source enum via drizzle-kit
* fix(knowledge): fix search embedding test mocks, parallelize billing lookups
* fix(knowledge): warn when embedding model has no pricing entry
* fix(knowledge): call checkAndBillOverageThreshold after embedding usage
* fix(envvars): restore workflowUserId fallback for scheduled execution env var resolution
* test(envvars): add coverage for env var user resolution branches
* fix(modals): center modals in visible content area accounting for sidebar and panel
* fix(modals): address pr feedback — comment clarity and document panel assumption
* fix(modals): remove open/close animation from modal content
* fix(modals): center modals in visible content area accounting for sidebar and panel
* fix(modals): address pr feedback — comment clarity and document panel assumption
* refactor(stores): consolidate variables stores into stores/variables/
Move variable data store from stores/panel/variables/ to stores/variables/
since the panel variables tab no longer exists. Rename the modal UI store
to useVariablesModalStore to eliminate naming collision with the data store.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unused workflowId variable in deleteVariable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(blocks): add Credential block
* fix(blocks): explicit workspaceId guard in credential handler, clarify hasOAuthSelection
* feat(credential): add list operation with type/provider filters
* feat(credential): restrict to OAuth only, remove env vars and service accounts
* docs(credential): update screenshots
* fix(credential): remove stale isServiceAccount dep from overlayContent memo
* fix(credential): filter to oauth-only in handleComboboxChange matchedCred lookup
* feat(email): send plain personal email on abandoned checkout
* feat(email): lower free tier warning to 80% and add credits exhausted email
* feat(email): use wordmark in email header instead of icon-only logo
* fix(email): restore accidentally deleted social icons in email footer
* fix(email): prevent double email for free users at 80%, fix subject line
* improvement(emails): extract shared plain email styles and proFeatures constant, fix double email on 100% usage
* fix(email): filter subscription-mode checkout, skip already-subscribed users, fix preview text
* fix(email): use notifications type for onboarding followup to respect unsubscribe preferences
* fix(email): use limit instead of currentUsage in credits exhausted email body
* fix(email): use notifications type for abandoned checkout, clarify crosses80 comment
* chore(email): rename _constants.ts to constants.ts
* fix(email): use isProPlan to catch org-level subscriptions in abandoned checkout guard
* fix(email): align onboarding followup delay to 5 days for email/password users
* Directly query db for custom tool id
* Switch back to inline imports
* Fix lint
* Fix test
* Fix greptile comments
* Fix lint
* Make userId and workspaceId required
* Add back nullable userId and workspaceId fields
---------
Co-authored-by: Theodore Li <theo@sim.ai>
* feat(email): send onboarding followup email 3 days after signup
* fix(email): add trigger guard, idempotency key, and shared task ID constant
* fix(email): increase onboarding followup delay from 3 to 5 days
* feat(rootly): expand Rootly integration from 14 to 27 tools
Add 13 new tools: delete_incident, get_alert, update_alert,
acknowledge_alert, resolve_alert, create_action_item, list_action_items,
list_users, list_on_calls, list_schedules, list_escalation_policies,
list_causes, list_playbooks. Includes tool files, types, registry,
block definition with subBlocks/conditions/params, and docs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(rootly): handle 204 No Content response for delete_incident
DELETE /v1/incidents/{id} returns 204 with empty body. Avoid calling
response.json() on success — return success/message instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(rootly): remove non-TSDoc comments, add empty body to acknowledge_alert
Remove all inline section comments from block definition per CLAUDE.md
guidelines. Add explicit empty JSON:API body to acknowledge_alert POST
to prevent potential 400 from servers expecting a body with Content-Type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(rootly): send empty body on resolve_alert, guard assignedToUserId parse
resolve_alert now sends { data: {} } instead of undefined when no
optional params are provided, matching the acknowledge_alert fix.
create_action_item now validates assignedToUserId is numeric before
parseInt to avoid silent NaN coercion.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(rootly): extract on-call relationships from JSON:API relationships/included
On-call user, schedule, and escalation policy are exposed as JSON:API
relationships, not flat attributes. Now extracts IDs from
item.relationships and looks up names from the included array.
Adds ?include=user,schedule,escalation_policy to the request URL.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(rootly): remove last non-TSDoc comment from block definition
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(agentmail): add AgentMail integration with 21 tools
* fix(agentmail): clear stale to field when switching to reply_message operation
* fix(agentmail): guard messageId and label remappings with operation checks
* fix(agentmail): clean up subBlock titles
* fix(agentmail): guard replyTo and thread label remappings with operation checks
* fix(agentmail): guard inboxIdParam remapping with operation check
* fix(agentmail): guard permanent, replyAll, and draftInReplyTo with operation checks
