* fix(terminal): thread executionOrder through child workflow SSE events for loop support
* ran lint
* fix(terminal): render iteration children through EntryNodeRow for workflow block expansion
IterationNodeRow was rendering all children as flat BlockRow components,
ignoring nodeType. Workflow blocks inside loop iterations were never
rendered as WorkflowNodeRow, so they had no expand chevron or child tree.
* fix(terminal): add childWorkflowBlockId to matchesEntryForUpdate
Sub-executors reset executionOrderCounter, so child blocks across loop
iterations share the same blockId + executionOrder. Without checking
childWorkflowBlockId, updateConsole for iteration N overwrites entries
from iterations 0..N-1, causing all child blocks to be grouped under
the last iteration's workflow instance.
* feat(confluence): add get user by account ID tool
* feat(confluence): add missing tools for tasks, blog posts, spaces, descendants, permissions, and properties
Add 16 new Confluence operations: list/get/update tasks, update/delete blog posts,
create/update/delete spaces, get page descendants, list space permissions,
list/create/delete space properties. Includes API routes, tool definitions,
block config wiring, OAuth scopes, and generated docs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): add missing OAuth scopes to auth.ts provider config
The OAuth authorization flow uses scopes from auth.ts, not oauth.ts.
The 9 new scopes were only added to oauth.ts and the block config but
not to the actual provider config in auth.ts, causing re-auth to still
return tokens without the new scopes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
* fix(confluence): fix truncated get_user tool description in docs
Remove apostrophe from description that caused MDX generation to
truncate at the escape character.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): address PR review feedback
- Move get_user from GET to POST to avoid exposing access token in URL
- Add 400 validation for missing params in space-properties create/delete
- Add null check for blog post version before update to prevent TypeError
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(confluence): add missing response fields for descendants and tasks
- Add type and depth fields to page descendants (from Confluence API)
- Add body field (storage format) to task list/get/update responses
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* lint
* fix(confluence): use validatePathSegment for Atlassian account IDs
validateAlphanumericId rejects valid Atlassian account IDs that contain
colons (e.g. 557058:6b9c9931-4693-49c1-8b3a-931f1af98134). Use
validatePathSegment with a custom pattern allowing colons instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ran lint
* update mock
* upgrade turborepo
* fix(confluence): reject empty update body for space PUT
Return 400 when neither name nor description is provided for space
update, instead of sending an empty body to the Confluence API.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): remove spaceId requirement for create_space and fix list_tasks pagination
- Remove create_space from spaceId condition array since creating a space
doesn't require a space ID input
- Remove list_tasks from generic supportsCursor array so it uses its
dedicated handler that correctly passes assignedTo and status filters
during pagination
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ran lint
* fixed type errors
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(api): add configurable request retries
The API block docs described automatic retries, but the block didn't expose any retry controls and requests were executed only once.
This adds tool-level retry support with exponential backoff (including Retry-After support) for timeouts, 429s, and 5xx responses, exposes retry settings in the API block and http_request tool, and updates the docs to match.
Fixes#3225
* remove unnecessary helpers, cleanup
* update desc
* ack comments
* ack comment
* ack
* handle timeouts
---------
Co-authored-by: Jay Prajapati <79649559+jayy-77@users.noreply.github.com>
* improvement(creds): bulk paste functionality, save notification, error notif
* use effect anti patterns
* fix add to cursor button
* fix(attio): wrap webhook body in data object and include required filter field
* fixed and tested attio webhook lifecycle
* fix(attio): use code subblock type for JSON input fields
* fix(attio): correct people name attribute format in wand prompt example
* fix(attio): improve wand prompt with correct attribute formats for all field types
* fix(attio): use array format with full_name for personal-name attribute in wand prompt
* fix(attio): use loose null checks to prevent sending null params to API
* fix(attio): add offset param and make pagination fields advanced mode
* fix(attio): remove redundant (optional) from placeholders
* fix(attio): always send required workspace_access and workspace_member_access in create list
* fix(attio): always send api_slug in create list, auto-generate from name if not provided
* fix(attio): update api slug placeholder text
* fix(tools): manage lifecycle for attio tools
* updated docs
* fix(attio): remove incorrect save button reference from setup instructions
* fix(attio): log debug message when signature verification is skipped
* fix(providers): propagate abort signal to all LLM SDK calls
* fix(providers): propagate abort signal to deep research interactions API
* fix(providers): clean up abort listener when sleep timer resolves
* feat(attio): add Attio CRM integration with 40 tools and 18 webhook triggers
* update docs
* fix(attio): use timestamp generationType for date wandConfig fields
* improvement(processing): reduce redundant DB queries in execution preprocessing
* improvement(processing): add defensive ID check for prefetched workflow record
* improvement(processing): fix type safety in execution error logging
Replace `as any` cast in non-SSE error path with proper `buildTraceSpans()`
transformation, matching the SSE error path. Remove redundant `as any` cast
in preprocessing.ts where the types already align.
* improvement(processing): replace `as any` casts with proper types in logging
- logger.ts: cast JSONB cost column to `WorkflowExecutionLog['cost']` instead
of `any` in both `completeWorkflowExecution` and `getWorkflowExecution`
- logger.ts: replace `(orgUsageBefore as any)?.toString?.()` with `String()`
since COALESCE guarantees a non-null SQL aggregate value
- logging-session.ts: cast JSONB cost to `AccumulatedCost` (the local
interface) instead of `any` in `loadExistingCost`
* improvement(processing): use exported HighestPrioritySubscription type in usage.ts
Replace inline `Awaited<ReturnType<typeof getHighestPrioritySubscription>>`
with the already-exported `HighestPrioritySubscription` type alias.
* improvement(processing): replace remaining `as any` casts with proper types
- preprocessing.ts: use exported `HighestPrioritySubscription` type instead
of redeclaring via `Awaited<ReturnType<...>>`
- deploy/route.ts, status/route.ts: cast `hasWorkflowChanged` args to
`WorkflowState` instead of `any` (JSONB + object literal narrowing)
- state/route.ts: type block sanitization and save with `BlockState` and
`WorkflowState` instead of `any`
- search-suggestions.ts: remove 8 unnecessary `as any` casts on `'date'`
literal that already satisfies the `Suggestion['category']` union
* fix(processing): prevent double-billing race in LoggingSession completion
When executeWorkflowCore throws, its catch block fire-and-forgets
safeCompleteWithError, then re-throws. The caller's catch block also
fire-and-forgets safeCompleteWithError on the same LoggingSession. Both
check this.completed (still false) before either's async DB write resolves,
so both proceed to completeWorkflowExecution which uses additive SQL for
billing — doubling the charged cost on every failed execution.
Fix: add a synchronous `completing` flag set immediately before the async
work begins. This blocks concurrent callers at the guard check. On failure,
the flag is reset so the safe* fallback path (completeWithCostOnlyLog) can
still attempt recovery.
* fix(processing): unblock error responses and isolate run-count failures
Remove unnecessary `await waitForCompletion()` from non-SSE and SSE error
paths where no `markAsFailed()` follows — these were blocking error responses
on log persistence for no reason. Wrap `updateWorkflowRunCounts` in its own
try/catch so a run-count DB failure cannot prevent session completion, billing,
and trace span persistence.
* improvement(processing): remove dead setupExecutor method
The method body was just a debug log with an `any` parameter — logging
now works entirely through trace spans with no executor integration.
* remove logger.debug
* fix(processing): guard completionPromise as write-once (singleton promise)
Prevent concurrent safeComplete* calls from overwriting completionPromise
with a no-op. The guard now lives at the assignment site — if a completion
is already in-flight, return its promise instead of starting a new one.
This ensures waitForCompletion() always awaits the real work.
* improvement(processing): remove empty else/catch blocks left by debug log cleanup
* fix(processing): enforce waitForCompletion inside markAsFailed to prevent completion races
Move waitForCompletion() into markAsFailed() so every call site is
automatically safe against in-flight fire-and-forget completions.
Remove the now-redundant external waitForCompletion() calls in route.ts.
* fix(processing): reset completing flag on fallback failure, clean up empty catch
- completeWithCostOnlyLog now resets this.completing = false when
the fallback itself fails, preventing a permanently stuck session
- Use _disconnectError in MCP test-connection to signal intentional ignore
* fix(processing): restore disconnect error logging in MCP test-connection
Revert unrelated debug log removal — this file isn't part of the
processing improvements and the log aids connection leak detection.
* fix(processing): address audit findings across branch
- preprocessing.ts: use undefined (not null) for failed subscription
fetch so getUserUsageLimit does a fresh lookup instead of silently
falling back to free-tier limits
- deployed/route.ts: log warning on loadDeployedWorkflowState failure
instead of silently swallowing the error
- schedule-execution.ts: remove dead successLog parameter and all
call-site arguments left over from logger.debug cleanup
- mcp/middleware.ts: drop unused error binding in empty catch
- audit/log.ts, wand.ts: promote logger.debug to logger.warn in catch
blocks where these are the only failure signal
* revert: undo unnecessary subscription null→undefined change
getHighestPrioritySubscription never throws (it catches internally
and returns null), so the catch block in preprocessExecution is dead
code. The null vs undefined distinction doesn't matter and the
coercions added unnecessary complexity.
* improvement(processing): remove dead try/catch around getHighestPrioritySubscription
getHighestPrioritySubscription catches internally and returns null
on error, so the wrapping try/catch was unreachable dead code.
* improvement(processing): remove dead getSnapshotByHash method
No longer called after createSnapshotWithDeduplication was refactored
to use a single upsert instead of select-then-insert.
---------
Return an anonymous session using the same response envelope as Better Auth's get-session endpoint, and make the session provider tolerant to both wrapped and raw session payloads.
Fixes#2524
* feat(confluence): add webhook triggers for Confluence events
Adds 16 Confluence triggers: page CRUD, comments, blogs, attachments,
spaces, and labels — plus a generic webhook trigger.
* feat(confluence): wire triggers into block and webhook processor
Add trigger subBlocks and triggers config to ConfluenceV2Block so
triggers appear in the UI. Add Confluence signature verification and
event filtering to the webhook processor.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): align trigger outputs with actual webhook payloads
- Rewrite output builders to match real Confluence webhook payload
structure (flat spaceKey, numeric version, actual API fields)
- Remove fabricated fields (nested space/version objects, comment.body)
- Add missing fields (creatorAccountId, lastModifierAccountId, self,
creationDate, modificationDate, accountType)
- Add extractor functions (extractPageData, extractCommentData, etc.)
following the same pattern as Jira
- Add formatWebhookInput handler for Confluence in utils.server.ts
so payloads are properly destructured before reaching workflows
- Make event field matching resilient (check both event and webhookEvent)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): handle generic webhook in formatWebhookInput
The generic webhook (confluence_webhook) was falling through to
extractPageData, which only returns the page field. For a catch-all
trigger that accepts all event types, preserve all entity fields
(page, comment, blog, attachment, space, label, content).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(confluence): use payload-based filtering instead of nonexistent event field
Confluence Cloud webhooks don't include an event/webhookEvent field in the
body (unlike Jira). Replaced broken event string matching with structural
payload filtering that checks which entity key is present.
* lint
* fix(confluence): read webhookSecret instead of secret in signature verification
* fix(webhooks): read webhookSecret for jira, linear, and github signature verification
These providers define their secret subBlock with id: 'webhookSecret' but the
processor was reading providerConfig.secret which is always undefined, silently
skipping signature verification even when a secret is configured.
* fix(confluence): use event field for exact matching with entity-category fallback
Admin REST API webhooks (Settings > Webhooks) include an event field for
action-level filtering (page_created vs page_updated). Connect app webhooks
omit it, so we fall back to entity-category matching.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add DISABLE_PUBLIC_API / NEXT_PUBLIC_DISABLE_PUBLIC_API environment variables
and disablePublicApi permission group config option to allow self-hosted
deployments and enterprise admins to globally disable the public API toggle.
When disabled: the Access toggle is hidden in the Edit API Info modal,
the execute route blocks unauthenticated public access (401), and the
public-api PATCH route rejects enabling public API (403).
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(gong): add Gong integration with 18 API tools
* fix(gong): make toDateTime optional for list_calls, add list_trackers to workspaceId condition
* chore(gong): regenerate docs
* fix(hex): update icon color and block bgColor
* feat(execution): workflow cycle detection via X-Sim-Via header
* fix(execution): scope X-Sim-Via header to internal routes and add child workflow depth validation
- Move call chain header injection from HTTP tool layer (request.ts/utils.ts)
to tool execution layer (tools/index.ts) gated on isInternalRoute, preventing
internal workflow IDs from leaking to external third-party APIs
- Remove cycle detection from validateCallChain — depth limit alone prevents
infinite loops while allowing legitimate self-recursion (pagination, tree
processing, batch splitting)
- Add validateCallChain check in workflow-handler.ts before spawning child
executor, closing the gap where in-process child workflows skipped validation
- Remove unsafe `(params as any)._context` type bypass in request.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(execution): validate child call chain instead of parent chain
Validate childCallChain (after appending current workflow ID) rather
than ctx.callChain (parent). Prevents an off-by-one where a chain at
depth 10 could still spawn an 11th workflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(executor): resolve block ID for parallel subflow active state
* fix timing for parallel block
* refactor(parallel): extract shared updateActiveBlockRefCount helper
* fix(parallel): error-sticky block run status to prevent branch success masking failure
* Revert "fix(parallel): error-sticky block run status to prevent branch success masking failure"
This reverts commit 9c087cd466.
* fix(security): allow localhost HTTP without weakening SSRF protections
* fix(security): remove extraneous comments and fix failing SSRF test
* fix(security): derive isLocalhost from hostname not resolved IP in validateUrlWithDNS
* fix(security): verify resolved IP is loopback when hostname is localhost in validateUrlWithDNS
---------
Co-authored-by: aayush598 <aayushgid598@gmail.com>
* fix(trigger): handle Slack reaction_added/reaction_removed event payloads
* fix(trigger): use oldest param for conversations.history consistency
* fix oldest param
* fix(trigger): use reactions.get API to fetch message text for thread replies
