* feat(execution): workflow cycle detection via X-Sim-Via header
* fix(execution): scope X-Sim-Via header to internal routes and add child workflow depth validation
- Move call chain header injection from HTTP tool layer (request.ts/utils.ts)
to tool execution layer (tools/index.ts) gated on isInternalRoute, preventing
internal workflow IDs from leaking to external third-party APIs
- Remove cycle detection from validateCallChain — depth limit alone prevents
infinite loops while allowing legitimate self-recursion (pagination, tree
processing, batch splitting)
- Add validateCallChain check in workflow-handler.ts before spawning child
executor, closing the gap where in-process child workflows skipped validation
- Remove unsafe `(params as any)._context` type bypass in request.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(execution): validate child call chain instead of parent chain
Validate childCallChain (after appending current workflow ID) rather
than ctx.callChain (parent). Prevents an off-by-one where a chain at
depth 10 could still spawn an 11th workflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(executor): resolve block ID for parallel subflow active state
* fix timing for parallel block
* refactor(parallel): extract shared updateActiveBlockRefCount helper
* fix(parallel): error-sticky block run status to prevent branch success masking failure
* Revert "fix(parallel): error-sticky block run status to prevent branch success masking failure"
This reverts commit 9c087cd466.
* fix(security): allow localhost HTTP without weakening SSRF protections
* fix(security): remove extraneous comments and fix failing SSRF test
* fix(security): derive isLocalhost from hostname not resolved IP in validateUrlWithDNS
* fix(security): verify resolved IP is loopback when hostname is localhost in validateUrlWithDNS
---------
Co-authored-by: aayush598 <aayushgid598@gmail.com>
* fix(trigger): handle Slack reaction_added/reaction_removed event payloads
* fix(trigger): use oldest param for conversations.history consistency
* fix oldest param
* fix(trigger): use reactions.get API to fetch message text for thread replies
* fix(tables): hide tables from sidebar and block registry
* fix(trigger): add isolated-vm support to trigger.dev container builds (#3269)
Scheduled workflow executions running in trigger.dev containers were
failing to spawn isolated-vm workers because the native module wasn't
available in the container. This caused loop condition evaluation to
silently fail and exit after one iteration.
- Add isolated-vm to build.external and additionalPackages in trigger config
- Include isolated-vm-worker.cjs via additionalFiles for child process spawning
- Add fallback path resolution for worker file in trigger.dev environment
* lint
Scheduled workflow executions running in trigger.dev containers were
failing to spawn isolated-vm workers because the native module wasn't
available in the container. This caused loop condition evaluation to
silently fail and exit after one iteration.
- Add isolated-vm to build.external and additionalPackages in trigger config
- Include isolated-vm-worker.cjs via additionalFiles for child process spawning
- Add fallback path resolution for worker file in trigger.dev environment
* fix(blocks): add required constraint for serviceDeskId in JSM block
* fix(blocks): rename custom field values to request field values in JSM create request
* fix(blocks): move type coercions from tools.config.tool to tools.config.params
Number() coercions in tools.config.tool ran at serialization time before
variable resolution, destroying dynamic references like <block.result.count>
by converting them to NaN/null. Moved all coercions to tools.config.params
which runs at execution time after variables are resolved.
Fixed in 15 blocks: exa, arxiv, sentry, incidentio, wikipedia, ahrefs,
posthog, elasticsearch, dropbox, hunter, lemlist, spotify, youtube, grafana,
parallel. Also added mode: 'advanced' to optional exa fields.
Closes#3258
* fix(blocks): address PR review — move remaining param mutations from tool() to params()
- Moved field mappings from tool() to params() in grafana, posthog,
lemlist, spotify, dropbox (same dynamic reference bug)
- Fixed parallel.ts excerpts/full_content boolean logic
- Fixed parallel.ts search_queries empty case (must set undefined)
- Fixed elasticsearch.ts timeout not included when already ends with 's'
- Restored dropbox.ts tool() switch for proper default fallback
* fix(blocks): restore field renames to tool() for serialization-time validation
Field renames (e.g. personalApiKey→apiKey) must be in tool() because
validateRequiredFieldsBeforeExecution calls selectToolId()→tool() then
checks renamed field names on params. Only type coercions (Number(),
boolean) stay in params() to avoid destroying dynamic variable references.
* refactor(vercel): mark optional fields as advanced mode
Move optional/power-user fields behind the advanced toggle:
- List Deployments: project filter, target, state
- Create Deployment: project ID override, redeploy from, target
- List Projects: search
- Create/Update Project: framework, build/output/install commands
- Env Vars: variable type
- Webhooks: project IDs filter
- Checks: path, details URL
- Team Members: role filter
- All operations: team ID scope
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style(youtube): mark optional params as advanced mode
Hide pagination, sort order, and filter fields behind the advanced
toggle for a cleaner default UX across all YouTube operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* added advanced fields for vercel and youtube, added cloudflare and dataverse block
* addded desc for dataverse
* add more tools
* ack comment
* more
* ops
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(vercel): add complete Vercel integration with 42 API tools
Add Vercel platform management integration covering deployments, projects,
environment variables, domains, DNS records, aliases, edge configs, and
team/user management. All tools use API key authentication with Bearer tokens.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(vercel): add webhook and deployment check tools
Add 8 new Vercel API tools:
- Webhooks: list, create, delete
- Deployment Checks: create, get, list, update, rerequest
Brings total Vercel tools to 50.
* fix(vercel): expand all object and array output definitions
Expand unexpanded output types:
- get_deployment: meta and gitSource objects now have properties
- list_deployment_files: children array now has items definition
- get_team: teamRoles and teamPermissions arrays now have items
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* update icon size, update docs
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(shortlink): remove isHosted guard from redirects, not available at build time on ECS
* fix(shortlink): use rewrite instead of redirect for Beluga tracking
- Add isEnterpriseMember and canViewUsageInfo flags to subscription permissions
- Hide UsageHeader, CreditBalance, billing date, and usage notifications from enterprise members
- Show only plan name in subscription tab for enterprise members (non-admin)
- Hide usage indicator details (amount, progress pills) from enterprise members
- Team tab already hidden via requiresTeam check in settings modal
Closes#6882
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com>
* feat(audit-log): add persistent audit log system with comprehensive route instrumentation
* fix(audit-log): address PR review — nullable workspaceId, enum usage, remove redundant queries
- Make audit_log.workspace_id nullable with ON DELETE SET NULL (logs survive workspace/user deletion)
- Make audit_log.actor_id nullable with ON DELETE SET NULL
- Replace all 53 routes' string literal action/resourceType with AuditAction.X and AuditResourceType.X enums
- Fix empty workspaceId ('') → null for OAuth, form, and org routes to avoid FK violations
- Remove redundant DB queries in chat manage route (use checkChatAccess return data)
- Fix organization routes to pass workspaceId: null instead of organizationId
* fix(audit-log): replace remaining workspaceId '' fallbacks with null
* fix(audit-log): credential-set org IDs, workspace deletion FK, actorId fallback, string literal action
* reran migrations
* fix(mcp,audit): tighten env var domain bypass, add post-resolution check, form workspaceId
- Only bypass MCP domain check when env var is in hostname/authority, not path/query
- Add post-resolution validateMcpDomain call in test-connection endpoint
- Match client-side isDomainAllowed to same hostname-only bypass logic
- Return workspaceId from checkFormAccess, use in form audit logs
- Add 49 comprehensive domain-check tests covering all edge cases
* fix(mcp): stateful regex lastIndex bug, RFC 3986 authority parsing
- Remove /g flag from module-level ENV_VAR_PATTERN to avoid lastIndex state
- Create fresh regex instances per call in server-side hasEnvVarInHostname
- Fix authority extraction to terminate at /, ?, or # per RFC 3986
- Prevents bypass via https://evil.com?token={{SECRET}} (no path)
- Add test cases for query-only and fragment-only env var URLs (53 total)
* fix(audit-log): try/catch for never-throw contract, accept null actorName/Email, fix misleading action
- Wrap recordAudit body in try/catch so nanoid() or header extraction can't throw
- Accept string | null for actorName and actorEmail (session.user.name can be null)
- Normalize null -> undefined before insert to match DB column types
- Fix org members route: ORG_MEMBER_ADDED -> ORG_INVITATION_CREATED (sends invite, not adds member)
* improvement(audit-log): add resource names and specific invitation actions
* fix(audit-log): use validated chat record, add mock sync tests
* fix: prevent copilot keyboard shortcuts from triggering when panel is inactive
The OptionsSelector component was capturing keyboard events (1-9 number keys and Enter)
globally on the document, causing accidental option selections when users were
interacting with other parts of the application.
This fix adds a check to only handle keyboard shortcuts when the copilot panel
is the active tab, preventing the shortcuts from interfering with other workflows.
Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com>
* lint
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com>
Co-authored-by: Waleed Latif <walif6@gmail.com>
* feat(access-control): add ALLOWED_INTEGRATIONS env var for self-hosted block restrictions
* fix(tests): add getAllowedIntegrationsFromEnv mock to agent-handler tests
* fix(access-control): add auth to allowlist endpoint, fix loading state race, use accurate error message
* fix(access-control): remove auth from allowed-integrations endpoint to match models endpoint pattern
* fix(access-control): normalize blockType to lowercase before env allowlist check
* fix(access-control): expose merged allowedIntegrations on config to prevent bypass via direct access
* consolidate merging of allowed blocks so all callers have it by default
* normalize to lower case
* added tests
* added tests, normalize to lower case
* added safety incase userId is missing
* fix failing tests
