* fix(security): restrict API key access on internal-only routes
* test(security): update function execute tests for checkInternalAuth
* updated agent handler
* move session check higher in checkSessionOrInternalAuth
* extracted duplicate code into helper for resolving user from jwt
* fix(verbiage): more explicit verbiage on some dialog menus, google drive updates, advanved to additional fields, remove general settings store sync in favor of tanstack
* updated docs
* nested tag dropdown, more well-defined nested outputs, keyboard nav for context menus, etc
* cleanup
* allow cannonical toggle even if depends on not satisfied
* remove smooth scroll in tag drop
* fix selection
* fix
---------
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
* fix(webflow): fix collection & site dropdown in webflow triggers
* added form submission trigger to webflow
* fix(webflow): added form submission trigger and scope
* fixed function signatures
* added back trace spans to notifications
* fixed double verification code
* fix dashboard
* updated welcome email
* added link to cal for team
* update dashboard stats route
* added react grab URL to CSP if FF is enabled, removed dead db hook
* fix failing test
* ensure MCP add server tool is centered
* updated A2A copy button and MCP location, and default description matching
* updated button on chat page
* added vite version override
* fix
* feat(permission-groups): integration/model access controls for enterprise
* feat: enterprise gating for BYOK, SSO, credential sets with org admin/owner checks
* execution time enforcement of mcp and custom tools
* add admin routes to cleanup permission group data
* fix not being on enterprise checks
* separate out orgs from billing system
* update the docs
* add custom tool blockers based on perm configs
* add migrations
* fix
* address greptile comments
* regen migrations
* fix default model picking based on user config
* cleaned up UI
* improvement(billng): team upgrade + session management
* remove comments
* session updates should be atomic
* make consistent for onSubscritionUpdate
* plan upgrade to refresh session
* fix var name
* remove dead code
* preserve params
* progress on cred sets
* fix credential set system
* return data to render credential set in block preview
* progress
* invite flow
* simplify code
* fix ui
* fix tests
* fix types
* fix
* fix icon for outlook
* fix cred set name not showing up for owner
* fix rendering of credential set name
* fix outlook well known folder id resolution
* fix perms for creating cred set
* add to docs and simplify ui
* consolidate webhook code better
* fix tests
* fix credential collab logic issue
* fix ui
* fix lint
* fix(search): removed full text param from built-in search, anthropic provider streaming fix
* rewrite gemini provider with official sdk + add thinking capability
* vertex gemini consolidation
* never silently use different model
* pass oauth client through the googleAuthOptions param directly
* make server side provider registry
* remove comments
* take oauth selector below model selector
---------
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
* fix(oauth): updated oauth providers that had unstable reference IDs leading to duplicate oauth records (#2441)
* fix(oauth): updated oauth providers that had unstable reference IDs leading to duplicate oauth records
* ack PR comments
* ack PR comments
* cleanup salesforce refresh logic
* ack more PR comments
* fix(kb): fix mistral parse and kb uploads, include userId in internal auth
* update updated_at for kb when adding a new doc via knowledge block
* update tests
* feat(chat-stream): updated workflow id execute route to support streaming via API
* enable streaming via api
* added only text stream option
* cleanup deployed preview componnet
* updated selectedOutputIds to selectedOutput
* updated TS and Python SDKs with async, rate limits, usage, and streaming API routes
* stream non-streaming blocks when streaming is specified
* fix(chat-panel): add onBlockComplete handler to chat panel to stream back blocks as they complete
* update docs
* cleanup
* ack PR comments
* updated next config
* removed getAssetUrl in favor of local assets
* resolve merge conflicts
* remove extra logic to create sensitive result
* simplify internal auth
* remove vercel blob from CSP + next config
* improvement(code-structure): move db into separate package
* make db separate package
* remake bun lock
* update imports to not maintain two separate ones
* fix CI for tests by adding dummy url
* vercel build fix attempt
* update bun lock
* regenerate bun lock
* fix mocks
* remove db commands from apps/sim package json
* update infra and remove railway
* feat(api-keys): add workspace-level api keys
* encrypt api keys
* Revert "update infra and remove railway"
This reverts commit b23258a5a1.
* reran migrations
* tested workspace keys
* consolidated code
* more consolidation
* cleanup
* consolidate, remove unused code
* add dummy key for ci
* continue with regular path for self-hosted folks that don't have key set
* fix tests
* fix test
* remove tests
* removed ci additions
* improvement(credentials-sharing-security): cleanup and reuse helper to determine credential access
* few more routes
* fix google sheets block
* fix test mocks
* fix calendar route
