mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-28 03:00:29 -04:00
v0.6.37
219 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Waleed
|
85f1d96859 |
feat(ee): enterprise feature flags, permission group platform controls, audit logs ui, delete account (#4115)
* feat(ee): enterprise feature flags, permission group platform controls, audit logs ui, delete account * fix(settings): improve sidebar skeleton fidelity and fix credit purchase org cache invalidation - Bump skeleton icon and text from 16/14px to 24px to better match real nav item visual weight - Add orgId support to usePurchaseCredits so org billing/subscription caches are invalidated on credit purchase, matching the pattern used by useUpgradeSubscription - Polish ColorInput in whitelabeling settings with auto-prefix and select-on-focus UX * revert(settings): remove delete account feature * fix(settings): address pr review — atomic autoAddNewMembers, extract query hook, fix types and signal forwarding * chore(helm): add CREDENTIAL_SETS_ENABLED to values.yaml * fix(access-control): dynamic platform category columns, atomic permission group delete * fix(access-control): restore triggers section in blocks tab * fix(access-control): merge triggers into tools section in blocks tab * upgrade tubro * fix(access-control): fix Select All state when config has stale blacklisted provider IDs * fix(access-control): derive platform Select All from features list; revert turbo schema version * fix(access-control): fix blocks Select All check, filter empty platform columns * revert(settings): restore original skeleton icon and text sizes |
||
|
Waleed
|
c8525852d4 |
chore(triggers): deprecate trigger-save subblock (#4107)
* chore(triggers): deprecate trigger-save subblock Remove the defunct triggerSave subblock from all 102 trigger definitions, the SubBlockType union, SYSTEM_SUBBLOCK_IDS, tool params, and command templates. Retain the backwards-compat filter in getTrigger() for any legacy stored data. * fix(triggers): remove leftover no-op blocks.push() in linear utils * chore(triggers): remove orphaned triggerId property and stale comments |
||
|
Vikhyath Mondreti
|
bad78ccb59 |
improvement(sockets): workflow switching state machine (#4104)
* improvement(sockets): workflow switching state machine * address comments |
||
|
Waleed
|
b67c068817 |
improvement(deploy): improve auto-generated version descriptions (#4075)
* improvement(deploy): improve auto-generated version descriptions * fix(deploy): address PR review - log dropdown errors, populate first-deploy details * lint |
||
|
Vikhyath Mondreti
|
3e85218142 |
improvement(hitl): streaming, async support + update docs (#4058)
* improvement(hitl): support streaming, async, update docs * update docs * fix tests * fix abort signal passthrough * module level const * fix form route * address comments * fix build |
||
|
Waleed
|
2504bfbaf8 |
feat(athena): add AWS Athena integration (#4034)
* feat(athena): add AWS Athena integration * fix(athena): address PR review comments - Fix variable shadowing: rename inner `data` to `rowData` in row mapper - Fix first-page maxResults off-by-one: request maxResults+1 to compensate for header row - Add missing runtime guard for queryString in create_named_query - Move athena registry entries to correct alphabetical position * fix(athena): alphabetize registry keys and add type re-exports - Reorder athena_* registry keys to strict alphabetical order - Add type re-exports from index.ts barrel * fix(athena): cap maxResults at 999 to prevent overflow with header row adjustment The +1 adjustment for the header row on first-page requests could produce MaxResults=1001 when user requests 1000, exceeding the AWS API hard cap of 1000. |
||
|
Waleed
|
a680cec78f |
fix(core): consolidate ID generation to prevent HTTP self-hosted crashes (#3977)
* fix(core): consolidate ID generation to prevent HTTP self-hosted crashes crypto.randomUUID() requires a secure context (HTTPS) in browsers, causing white-screen crashes on self-hosted HTTP deployments. This replaces all direct usage of crypto.randomUUID(), nanoid, and the uuid package with a central utility that falls back to crypto.getRandomValues() which works in all contexts. - Add generateId(), generateShortId(), isValidUuid() in @/lib/core/utils/uuid - Replace crypto.randomUUID() imports across ~220 server + client files - Replace nanoid imports with generateShortId() - Replace uuid package validate with isValidUuid() - Remove nanoid dependency from apps/sim and packages/testing - Remove browser polyfill script from layout.tsx - Update test mocks to target @/lib/core/utils/uuid - Update CLAUDE.md, AGENTS.md, cursor rules, claude rules Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update bunlock * fix(core): remove UUID_REGEX shim, use isValidUuid directly * fix(core): remove deprecated uuid mock helpers that use vi.doMock --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
d0baf5b1df |
feat(cloudformation): add AWS CloudFormation integration with 7 operations (#3964)
* feat(cloudformation): add AWS CloudFormation integration with 7 operations * fix(cloudformation): add pagination to list-stack-resources, describe-stacks, and describe-stack-events routes |
||
|
Theodore Li
|
855c892f55 |
feat(block): Add cloudwatch block (#3953)
* feat(block): Add cloudwatch block (#3911) * feat(block): add cloudwatch integration * Fix bun lock * Add logger, use execution timeout * Switch metric dimensions to map style input * Fix attribute names for dimension map * Fix import styling --------- Co-authored-by: Theodore Li <theo@sim.ai> * Fix import ordering --------- Co-authored-by: Theodore Li <theo@sim.ai> |
||
|
Waleed
|
0ba8ab1ec7 |
fix(posthog): upgrade SDKs and fix serverless event flushing (#3951)
* fix(posthog): upgrade SDKs and fix serverless event flushing * fix(posthog): revert flushAt to 20 for long-running ECS container |
||
|
Waleed
|
ac831b85b2 |
chore(bun): update bunfig.toml (#3889)
* chore(bun): update bunfig.toml * outdated bun lock * chore(deps): downgrade @aws-sdk/client-secrets-manager to 3.940.0 |
||
|
Waleed
|
8527ae5d3b |
feat(providers): server-side credential hiding for Azure and Bedrock (#3884)
* fix: allow Bedrock provider to use AWS SDK default credential chain Remove hard requirement for explicit AWS credentials in Bedrock provider. When access key and secret key are not provided, the AWS SDK automatically falls back to its default credential chain (env vars, instance profile, ECS task role, EKS IRSA, SSO). Closes #3694 Signed-off-by: majiayu000 <1835304752@qq.com> * fix: add partial credential guard for Bedrock provider Reject configurations where only one of bedrockAccessKeyId or bedrockSecretKey is provided, preventing silent fallback to the default credential chain with a potentially different identity. Add tests covering all credential configuration scenarios. Signed-off-by: majiayu000 <1835304752@qq.com> * fix: clean up bedrock test lint and dead code Remove unused config parameter and dead _lastConfig assignment from mock factory. Break long mockReturnValue chain to satisfy biome line-length rule. Signed-off-by: majiayu000 <1835304752@qq.com> * fix: address greptile review feedback on PR #3708 Use BedrockRuntimeClientConfig from SDK instead of inline type. Add default return value for prepareToolsWithUsageControl mock. Signed-off-by: majiayu000 <1835304752@qq.com> * feat(providers): server-side credential hiding for Azure and Bedrock * fix(providers): revert Bedrock credential fields to required with original placeholders * fix(blocks): add hideWhenEnvSet to getProviderCredentialSubBlocks for Azure and Bedrock * fix(agent): use getProviderCredentialSubBlocks() instead of duplicating credential subblocks * fix(blocks): consolidate Vertex credential into shared factory with basic/advanced mode * fix(types): resolve pre-existing TypeScript errors across auth, secrets, and copilot * lint * improvement(blocks): make Vertex AI project ID a password field * fix(blocks): preserve vertexCredential subblock ID for backwards compatibility * fix(blocks): follow canonicalParamId pattern correctly for vertex credential subblocks * fix(blocks): keep vertexCredential subblock ID stable to preserve saved workflow state * fix(blocks): add canonicalParamId to vertexCredential basic subblock to complete the swap pair * fix types * more types --------- Signed-off-by: majiayu000 <1835304752@qq.com> Co-authored-by: majiayu000 <1835304752@qq.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> |
||
|
Waleed
|
42fb434354 |
fix(encryption): specify authTagLength on all AES-GCM cipher/decipher calls (#3883)
* fix: specify authTagLength in AES-GCM decipheriv calls Fixes missing authTagLength parameter in createDecipheriv calls using AES-256-GCM mode. Without explicit tag length specification, the application may be tricked into accepting shorter authentication tags, potentially allowing ciphertext spoofing. CWE-310: Cryptographic Issues (gcm-no-tag-length) * fix: specify authTagLength on createCipheriv calls for AES-GCM consistency Complements #3881 by adding explicit authTagLength: 16 to the encrypt side as well, ensuring both cipher and decipher specify the tag length. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: clean up crypto modules - Fix error: any → error: unknown with proper type guard in encryption.ts - Eliminate duplicate iv.toString('hex') calls in both encrypt functions - Remove redundant string split in decryptApiKey (was splitting twice) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * new turborepo version --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: Siddharth Ganesan <33737564+Sg312@users.noreply.github.com> Co-authored-by: NLmejiro <kuroda.k1021@gmail.com> |
||
|
Waleed
|
1a2aa6949e |
feat(secrets-manager): add AWS Secrets Manager integration (#3866)
* feat(secrets-manager): add AWS Secrets Manager integration * fix(secrets-manager): address PR review feedback - Conditional delete message based on forceDelete flag - Add binary secret detection in getSecretValue * fix(secrets-manager): handle boolean forceDelete and validate numeric inputs - Accept both string 'true' and boolean true for forceDelete - Guard parseInt results with isNaN check for maxResults and recoveryWindowInDays |
||
|
Waleed
|
7d4dd26760 |
fix(knowledge): fix document processing stuck in processing state (#3857)
* fix(knowledge): fix document processing stuck in processing state * fix(knowledge): use Promise.allSettled for document dispatch and fix Copilot OAuth context - Change Promise.all to Promise.allSettled in processDocumentsWithQueue so one failed dispatch doesn't abort the entire batch - Add writeOAuthReturnContext before showing LazyOAuthRequiredModal from Copilot tools so useOAuthReturnForWorkflow can handle the return - Add consumeOAuthReturnContext on modal close to clean up stale context * fix(knowledge): fix type error in useCredentialRefreshTriggers call Pass empty string instead of undefined for connectorProviderId fallback to match the hook's string parameter type. * upgrade turbo * fix(knowledge): fix type error in connectors-section useCredentialRefreshTriggers call Same string narrowing fix as add-connector-modal — pass empty string fallback for providerId. |
||
|
Waleed
|
5c47ea58f8 |
chore(trigger): update @trigger.dev/sdk and @trigger.dev/build to 4.4.3 (#3843)
* chore(trigger): update @trigger.dev/sdk and @trigger.dev/build to 4.4.3 * fix(webhooks): execute non-polling webhooks inline when BullMQ is disabled |
||
|
Waleed
|
8f3e864751 |
fix(security): pentest remediation — condition escaping, SSRF hardening, ReDoS protection (#3820)
* fix(executor): escape newline characters in condition expression strings Unescaped newline/carriage-return characters in resolved string values cause unterminated string literals in generated JS, crashing condition evaluation with a SyntaxError. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): prevent ReDoS in guardrails regex validation Add safe-regex2 to reject catastrophic backtracking patterns before execution and cap input length at 10k characters. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): SSRF localhost hardening and regex DoS protection Block localhost/loopback URLs in hosted environments using isHosted flag instead of allowHttp. Add safe-regex2 validation and input length limits to regex guardrails to prevent catastrophic backtracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): validate regex syntax before safety check Move new RegExp() before safe() so invalid patterns get a proper syntax error instead of a misleading "catastrophic backtracking" message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): address PR review feedback - Hoist isLocalhost && isHosted guard to single early-return before protocol checks, removing redundant duplicate block - Move regex syntax validation (new RegExp) before safe-regex2 check so invalid patterns get proper syntax error instead of misleading "catastrophic backtracking" message * fix(security): remove input length cap from regex validation The 10k character cap would block legitimate guardrail checks on long LLM outputs. Input length doesn't affect ReDoS risk — the safe-regex2 pattern check already prevents catastrophic backtracking. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tests): mock isHosted in input-validation and function-execute tests Tests that assert self-hosted localhost behavior need isHosted=false, which is not guaranteed in CI where NEXT_PUBLIC_APP_URL is set to the hosted domain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
c05e2e0fc8 |
fix(security): SSRF, access control, and info disclosure (#3815)
* fix(security): scope copilot feedback GET endpoint to authenticated user Add WHERE clause to filter feedback records by the authenticated user's ID, preventing any authenticated user from reading all users' copilot interactions, queries, and workflow YAML (IDOR / CWE-639). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(smtp): add SSRF validation and genericize network error messages Prevent SSRF via user-controlled smtpHost by validating with validateDatabaseHost before creating the nodemailer transporter. Collapse distinct network error messages (ECONNREFUSED, ECONNRESET, ETIMEDOUT) into a single generic message to prevent port-state leakage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): add SSRF validation to SFTP/SSH and access control to workspace invitations Add `validateDatabaseHost` checks to SFTP and SSH connection utilities to block connections to private/reserved IPs and localhost, matching the existing pattern used by all database tools. Add authorization check to the workspace invitation GET endpoint so only the invitee or a workspace admin can view invitation details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(smtp): restore SMTP response code handling for post-connection errors SMTP 4xx/5xx response codes are application-level errors (invalid recipient, mailbox full, server error) unrelated to the SSRF hardening goal. Restore response code differentiation and logging to preserve actionable user-facing error messages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): use session email directly instead of extra DB query Addresses PR review feedback — align with the workspace invitation route pattern by using session.user.email instead of re-fetching from the database. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(auth): revert lint autofix that broke hasExternalApiCredentials return type Biome auto-fixed `return auth !== null && auth.startsWith(...)` to `return auth?.startsWith(...)` which returns `boolean | undefined`, not `boolean`, causing a TypeScript build failure. * fix(smtp): pin resolved IP to prevent DNS rebinding (TOCTOU) Use the pre-resolved IP from validateDatabaseHost instead of the original hostname when creating the nodemailer transporter. Set servername to the original hostname to preserve TLS SNI validation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(security): extract createPinnedLookup helper for DNS rebinding prevention Extract reusable createPinnedLookup from secureFetchWithPinnedIP so non-HTTP transports (SSH, SFTP, IMAP) can pin resolved IPs at the socket level. SMTP route uses host+servername pinning instead since nodemailer doesn't reliably pass lookup to both secure/plaintext paths. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): pin IMAP connections to validated resolved IP Pass the resolved IP from validateDatabaseHost to ImapFlow as host, with the original hostname as servername for TLS SNI verification. Closes the DNS TOCTOU rebinding window. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(auth): revert lint autofix on hasExternalApiCredentials return type Also pin SFTP/SSH connections to validated resolved IP to prevent DNS rebinding. * fix(security): short-circuit admin check when caller is invitee Skip the hasWorkspaceAdminAccess DB query when the caller is already the invitee, avoiding an unnecessary round-trip. Aligns with the org invitation route pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Vikhyath Mondreti
|
dda012eae9 |
feat(concurrency): bullmq based concurrency control system (#3605)
* feat(concurrency): bullmq based queueing system * fix bun lock * remove manual execs off queues * address comments * fix legacy team limits * cleanup enterprise typing code * inline child triggers * fix status check * address more comments * optimize reconciler scan * remove dead code * add to landing page * Add load testing framework * update bullmq * fix * fix headless path --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com> |
||
|
Waleed
|
3597eacdb7 | feat(demo-request): block personal email domains (#3786) | ||
|
Vikhyath Mondreti
|
b497033795 |
Revert "improvement(mothership): show continue options on abort (#3746)" (#3756)
This reverts commit
|
||
|
Siddharth Ganesan
|
b9926df8e0 |
improvement(mothership): show continue options on abort (#3746)
* Show continue options on abort * Fix lint * Fix |
||
|
Waleed
|
a7f344bca1 |
feat(tour): added product tour (#3703)
* feat: add product tour * chore: updated modals * chore: fix the tour * chore: Tour Updates * chore: fix review changes * chore: fix review changes * chore: fix review changes * chore: fix review changes * chore: fix review changes * minor improvements * chore(tour): address PR review comments - Extract shared TourState, TourStateContext, mapPlacement, and TourTooltipAdapter into tour-shared.tsx, eliminating ~100 lines of duplication between product-tour.tsx and workflow-tour.tsx - Fix stale closure in handleStartTour — add isOnWorkflowPage to useCallback deps so Take a tour dispatches the correct event after navigation * chore(tour): address remaining PR review comments - Remove unused logger import and instance in product-tour.tsx - Remove unused tour-tooltip-fade animation from tailwind config - Remove unnecessary overflow-hidden wrapper around WorkflowTour - Add border stroke to arrow SVG in tour-tooltip for visual consistency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(tour): address second round of PR review comments - Remove unnecessary 'use client' from workflow layout (children are already client components) - Fix ref guard timing issue in TourTooltipAdapter that could prevent Joyride from tracking tooltip on subsequent steps Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(tour): extract shared Joyride config, fix popover arrow overflow - Extract duplicated Joyride floaterProps/styles into getSharedJoyrideProps() in tour-shared.tsx, parameterized by spotlightBorderRadius - Fix showArrow disabling content scrolling in PopoverContent by wrapping children in a scrollable div when arrow is visible Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(tour): stop running tour when disabled becomes true Prevents nav and workflow tours from overlapping. When a user navigates to a workflow page while the nav tour is running, the disabled flag now stops the nav tour instead of just suppressing auto-start. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tour): move auto-start flag into timer, fix truncate selector conflict - Move hasAutoStarted flag inside setTimeout callback so it's only set when the timer fires, allowing retry if disabled changes during delay - Add data-popover-scroll attribute to showArrow scroll wrapper and exclude it from the flex-1 truncate selector to prevent overflow conflict Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tour): remove duplicate overlay on center-placed tour steps Joyride's spotlight already renders a full-screen overlay via boxShadow. The centered TourTooltip was adding its own bg-black/55 overlay on top, causing double-darkened backgrounds. Removed the redundant overlay div. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: move docs link from settings to help dropdown The Docs link (https://docs.sim.ai) was buried in settings navigation. Moved it to the Help dropdown in the sidebar for better discoverability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Adithya Krishna <aadithya794@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Adithya Krishna
|
8d93c850ba | chore: remove lodash (#3741) | ||
|
Siddharth Ganesan
|
44ceed4c85 |
improvement(mothership): add file patch tool (#3712)
* v0 * Fix ppt load * Fixes * Fixes * Fix lint * Fix wid * Download image * Update tools * Fix lint * Fix error msg * Tool fixes * Reenable subagent stream * Subagent stream * Fix edit workflow hydration * Throw func execute error on error * Sandbox PPTX generation in subprocess with vm.createContext AI-generated PptxGenJS code was executed via new Function() in both the server (full Node.js access) and browser (XSS risk). Replace with a dedicated Node.js subprocess (pptx-worker.cjs) that runs user code inside vm.createContext with a null-prototype sandbox — no access to process, require, Buffer, or any Node.js globals. Process-level isolation ensures a vm escape cannot reach the main process or DB. File access is brokered via IPC so the subprocess never touches the database directly, mirroring the isolated-vm worker pattern. Compilation happens lazily at serve time (compilePptxIfNeeded) rather than on write, matching industry practice for source-stored PPTX pipelines. - Add pptx-worker.cjs: sandboxed subprocess worker - Add pptx-vm.ts: orchestration, IPC bridge, file brokering - Add /api/workspaces/[id]/pptx/preview: REST-correct preview endpoint - Update serve route: compile pptxgenjs source to binary on demand - Update workspace-file.ts: remove unsafe new Function(), store source only - Update next.config.ts: include pptxgenjs in outputFileTracingIncludes - Update trigger.config.ts: add pptx-worker.cjs and pptxgenjs to build * upgrade deps, file viewer * Fix auth bypass, SSRF, and wrong size limit comment - Add 'patch' to workspace_file WRITE_ACTIONS — patch operation was missing, letting read-only users modify file content - Add download_to_workspace_file to WRITE_ACTIONS with '*' wildcard — tool was completely ungated, letting read-only users write workspace files - Update isActionAllowed to handle '*' (always-write tools) and undefined action (tools with no operation/action field) - Block private/internal URLs in download_to_workspace_file to prevent SSRF against RFC 1918 ranges, loopback, and cloud metadata endpoints - Fix file-reader.ts image size limit comment and error message (was 20MB, actual constant is 5MB) * Fix Buffer not assignable to BodyInit in preview route Wrap Buffer in Uint8Array for NextResponse body — Buffer is not directly assignable to BodyInit in strict TypeScript mode. * Fix SSRF bypass, IPv6 coverage, download size cap, and missing deps - Validate post-redirect URL to block SSRF via open redirectors - Expand IPv6 private range blocking: fe80::/10, fc00::/7, ::ffff: mapped - Add 50 MB download cap (Content-Length pre-check + post-buffer check) - Add refetchOnWindowFocus: 'always' to useWorkspaceFileBinary - Add workspaceId to PptxPreview useEffect dependency array * Replace hand-rolled SSRF guard with secureFetchWithValidation The previous implementation hand-rolled private-IP detection with regex, missing edge cases (octal IPs, hex IPs, full IPv6 coverage). The codebase already has secureFetchWithValidation which uses ipaddr.js, handles DNS rebinding via IP pinning, validates each redirect target, and enforces a streaming size cap — removing the need for isPrivateUrl, isPrivateIPv4, the manual pre/post-redirect checks, and the Content-Length + post-buffer size checks. * Fix streaming preview cache ordering and patch ambiguity - PptxPreview: move streaming content check before cache check so live AI-generated previews are never blocked by a warm cache from a prior file view - workspace_file patch: reject edits where the search string matches more than one location, preventing silent wrong-location patches - workspace_file patch: remove redundant Record<string, unknown> cast; args is already Zod-validated with the correct field types * Fix subprocess env leak, unbounded preview spawning, and dead code - pptx-vm: pass minimal env to worker subprocess so it cannot inherit DB URLs, API keys, or other secrets from the Next.js process on a vm.createContext escape - PptxPreview: add AbortController so in-flight preview fetch is cancelled when the effect re-runs (e.g. next SSE update), preventing unbounded concurrent subprocesses; add 500ms debounce on streaming renders to reduce subprocess churn during rapid AI generation - file-reader: remove dead code — the `if (!isReadableType)` guard on line 110 was always true (all readable types returned earlier at line 76), making the subsequent `return null` unreachable * Wire abort signal through to subprocess and correct security comment - generatePptxFromCode now accepts an optional AbortSignal; when the signal fires (e.g. client disconnects mid-stream), done() is called which clears timers and kills the subprocess immediately rather than waiting for the 60s timeout - preview route passes req.signal so client-side AbortController.abort() (from the streaming debounce cleanup) propagates all the way to the worker process - Correct misleading comment in pptx-worker.cjs and pptx-vm.ts: vm.createContext is NOT a sandbox when non-primitives are in scope; the real security boundary is the subprocess + minimal env * Remove implementation-specific comments from pptx worker files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix pre-aborted signal, pptx-worker tracing, and binary fetch cache * Lazy worker path resolution, code size cap, unused param prefix * Add cache-busting timestamp to binary file fetch * Fix PPTX cache key stability and attribute-order-independent dimension parsing * ran lint --------- Co-authored-by: waleed <walif6@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
Siddharth Ganesan
|
d6bf12da24 |
improvement(mothership): copilot, files, compaction, tools, persistence, duplication constraints (#3682)
* Improve * Hide is hosted * Remove hardcoded * fix * Fixes * v0 * Fix bugs * Restore settings * Handle compaction event type * Add keepalive * File streaming * Error tags * Abort defense * Edit hashes * DB backed tools * Fixes * progress on autolayout improvements * Abort fixes * vertical insertion improvement * Consolidate file attachments * Fix lint * Manage agent result card fix * Remove hardcoded ff * Fix file streaming * Fix persisted writing file tab * Fix lint * Fix streaming file flash * Always set url to /file on file view * Edit perms for tables * Fix file edit perms * remove inline tool call json dump * Enforce name uniqueness (#3679) * Enforce name uniqueness * Use established pattern for error handling * Fix lint * Fix lint * Add kb name uniqueness to db * Fix lint * Handle name getting taken before restore * Enforce duplicate file name * Fix lint --------- Co-authored-by: Theodore Li <theo@sim.ai> * fix temp file creation * fix types * Streaming fixes * type xml tag structures + return invalid id linter errors back to LLM * Add image gen and viz tools * Tags * Workflow tags * Fix lint * Fix subagent abort * Fix subagent persistence * Fix subagent aborts * Nuke db migs * Re add db migrations * Fix lint --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Theodore Li <theodoreqili@gmail.com> Co-authored-by: Theodore Li <theo@sim.ai> |
||
|
Waleed
|
951c8fd5e9 |
feat(integrations): add integrationType and tags classification to all blocks (#3702)
* feat(integrations): add integrationType and tags classification to all blocks * improvement(integrations): replace generic api/oauth tags with use-case-oriented tags * lint * upgrade turbo |
||
|
Waleed
|
4a34ac3015 |
feat(auth): add Turnstile captcha + harmony disposable email blocking (#3699)
* feat(turnstile): conditionally added CF turnstile to signup * feat(auth): add execute-on-submit Turnstile, conditional harmony, and feature flag - Switch Turnstile to execution: 'execute' mode so challenge runs on form submit (fresh token every time, no expiry issues) - Make emailHarmony conditional via SIGNUP_EMAIL_VALIDATION_ENABLED feature flag so self-hosted users can opt out - Add isSignupEmailValidationEnabled to feature-flags.ts following existing pattern - Add better-auth-harmony to Next.js transpilePackages (required for validator.js ESM compatibility) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(validation): remove dead validateEmail and checkMXRecord Server-side disposable email blocking is now handled by better-auth-harmony. The async validateEmail (with MX check) had no remaining callers. Only quickValidateEmail remains for client-side form feedback. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(auth): add 15s timeout to Turnstile captcha promise Prevents form from hanging indefinitely if Turnstile never fires onSuccess/onError (e.g. script fails to load, network drop). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(helm): add Turnstile and harmony env vars to values.yaml Adds TURNSTILE_SECRET_KEY, NEXT_PUBLIC_TURNSTILE_SITE_KEY, and SIGNUP_EMAIL_VALIDATION_ENABLED to the helm chart so self-hosted deployments can configure captcha and disposable email blocking. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(auth): reject captcha promise on token expiry onExpire now rejects the pending promise so the form doesn't hang if the Turnstile token expires mid-challenge. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(login): replace useEffect keydown listener with form onSubmit The forgot-password modal used a global window keydown listener in a useEffect to handle Enter key — a "you might not need an effect" anti-pattern with a stale closure risk. Replaced with a native <form onSubmit> wrapper which handles Enter natively, eliminating the useEffect, the global listener, and the stale closure. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(auth): clear dangling timeout after captcha promise settles Use .finally(() => clearTimeout(timeoutId)) to clean up the 15s timeout timer when the captcha resolves before the deadline. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(auth): use getResponsePromise() for Turnstile token retrieval Replace the manual Promise + refs + timeout pattern with the documented getResponsePromise(timeout) API from @marsidev/react-turnstile. This eliminates captchaToken state, captchaResolveRef, captchaRejectRef, and all callback wiring on the Turnstile component. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(auth): show captcha errors as form-level message, not password error Captcha failures were misleadingly displayed under the password field. Added a dedicated formError state that renders above the submit button, making it clear the issue is with verification, not the password. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
Vikhyath Mondreti
|
30b7192e75 |
improvement(vfs): update custom glob impl to use micromatch, fix vfs filename regex (#3680)
* improvement(vfs): update custom glob impl to use micromatch, fix vfs filename regex * add tests * file caps * address comments * fix open resource * consolidate files |
||
|
Waleed
|
17bdc80eb9 |
improvement(platform): added more email validation utils, added integrations page, improved enterprise section, update docs generation script (#3667)
* improvement(platform): added more email validation utils, added integrations page, improved enterprise section, update docs generation script * remove unused route * restore hardcoded ff * updated * chore: install soap package types for workday integration * fix(integrations): strip version suffix for template matching, add MX DNS cache * change ff * remove extraneous comments * fix(email): cache timeout results in MX check to prevent repeated 5s waits |
||
|
Vikhyath Mondreti
|
bc111a6d5c |
feat(workday): block + tools (#3663)
* checkpoint workday block * add icon svg * fix workday to use soap api * fix SOAP API * address comments * fix * more type fixes * address more comments * fix files * fix file editor useEffect * fix build issue * fix typing * fix test |
||
|
Waleed
|
8837f14194 |
feat(home): expand template examples with 83 categorized templates (#3592)
* feat(home): expand template examples with 83 categorized templates - Extract template data into consts.ts with rich categorization (category, modules, tags) - Expand from 6 to 83 templates across 7 categories: sales, support, engineering, marketing, productivity, operations - Add show more/collapse UI with category groupings for non-featured templates - Add connector-powered knowledge search templates (Gmail, Slack, Notion, Jira, Linear, Salesforce, etc.) - Add platform-native templates (document summarizer, bulk data classifier, knowledge assistant, etc.) - Optimize prompts for mothership execution with explicit resource creation and integration names - Add tags field for future cross-cutting filtering by persona, pattern, and domain - React 19.2.1 → 19.2.4 upgrade * fix(home): remove WhatsApp customer notifications template * fix(home): add aria-expanded to toggle button, skip popular in expanded view * fix(home): fix category display order, add aria-label to template cards |
||
|
Siddharth Ganesan
|
5b9f0d73c2 |
feat(mothership): mothership (#3411)
* Fix lint * improvement(sidebar): loading * fix(sidebar): use client-generated UUIDs for stable optimistic updates (#3439) * fix(sidebar): use client-generated UUIDs for stable optimistic updates * fix(folders): use zod schema validation for folder create API Replace inline UUID regex with zod schema validation for consistency with other API routes. Update test expectations accordingly. * fix(sidebar): add client UUID to single workflow duplicate hook The useDuplicateWorkflow hook was missing newId: crypto.randomUUID(), causing the same temp-ID-swap issue for single workflow duplication from the context menu. * fix(folders): avoid unnecessary Set re-creation in replaceOptimisticEntry Only create new expandedFolders/selectedFolders Sets when tempId differs from data.id. In the common happy path (client-generated UUIDs), this avoids unnecessary Zustand state reference changes and re-renders. * Mothership block logs * Fix mothership block logs * improvement(knowledge): make connector-synced document chunks readonly (#3440) * improvement(knowledge): make connector-synced document chunks readonly * fix(knowledge): enforce connector chunk readonly on server side * fix(knowledge): disable toggle and delete actions for connector-synced chunks * Job exeuction logs * Job logs * fix(connectors): remove unverifiable requiredScopes for Linear connector * fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors Jira and Confluence OAuth tokens don't return legacy scope names like read:jira-work or read:confluence-content.all, causing the 'Update access' banner to always appear. Set requiredScopes to empty array like Linear. * feat(tasks): add rename to task context menu (#3442) * Revert "fix(connectors): remove legacy requiredScopes from Jira and Confluence connectors" This reverts commit |
||
|
Waleed
|
fcdcaed00d |
fix(memory): add Bun.gc, stream cancellation, and unconsumed fetch drains (#3416)
* fix(memory): add Bun.gc, stream cancellation, and unconsumed fetch drains * fix(memory): await reader.cancel() and use non-blocking Bun.gc * fix(memory): update Bun.gc comment to match non-blocking call * fix(memory): use response.body.cancel() instead of response.text() for drains * fix(executor): flush TextDecoder after streaming loop for multi-byte chars * fix(memory): use text() drain for SecureFetchResponse which lacks body property * fix(chat): prevent premature isExecuting=false from killing chat stream The onExecutionCompleted/Error/Cancelled callbacks were setting isExecuting=false as soon as the server-side SSE stream completed. For chat executions, this triggered a useEffect in chat.tsx that cancelled the client-side stream reader before it finished consuming buffered data — causing empty or partial chat responses. Skip the isExecuting=false in these callbacks for chat executions since the chat's own finally block handles cleanup after the stream is fully consumed. * fix(chat): remove useEffect anti-pattern that killed chat stream on state change The effect reacted to isExecuting becoming false to clean up streams, but this is an anti-pattern per React guidelines — using state changes as a proxy for events. All cleanup cases are already handled by proper event paths: stream done (processStreamingResponse), user cancel (handleStopStreaming), component unmount (cleanup effect), and abort/error (catch block). * fix(servicenow): remove invalid string comparison on numeric offset param * upgrade turborepo |
||
|
Waleed
|
2c79d0249f |
improvement(executor): support nested loops/parallels (#3398)
* feat(executor): support nested loop DAG construction and edge wiring Wire inner loop sentinel nodes into outer loop sentinel chains so that nested loops execute correctly. Resolves boundary-node detection to use effective sentinel IDs for nested loops, handles loop-exit edges from inner sentinel-end to outer sentinel-end, and recursively clears execution state for all nested loop scopes between iterations. NOTE: loop-in-loop nesting only; parallel nesting is not yet supported. Made-with: Cursor * feat(executor): add nested loop iteration context and named loop variable resolution Introduce ParentIteration to track ancestor loop state, build a loopParentMap during DAG construction, and propagate parent iterations through block execution and child workflow contexts. Extend LoopResolver to support named loop references (e.g. <loop1.index>) and add output property resolution (<loop1.result>). Named references use the block's display name normalized to a tag-safe identifier, enabling blocks inside nested loops to reference any ancestor loop's iteration state. NOTE: loop-in-loop nesting only; parallel nesting is not yet supported. Made-with: Cursor * feat(terminal): propagate parent iteration context through SSE events and terminal display Thread parentIterations through SSE block-started, block-completed, and block-error events so the terminal can reconstruct nested loop hierarchies. Update the entry tree builder to recursively nest inner loop subflow nodes inside their parent iteration rows, using parentIterations depth-stripping to support arbitrary nesting depth. Display the block's store name for subflow container rows instead of the generic "Loop" / "Parallel" label. Made-with: Cursor * feat(canvas): allow nesting subflow containers and prevent cycles Remove the restriction that prevented subflow nodes from being dragged into other subflow containers, enabling loop-in-loop nesting on the canvas. Add cycle detection (isDescendantOf) to prevent a container from being placed inside one of its own descendants. Resize all ancestor containers when a nested child moves, collect descendant blocks when removing from a subflow so boundary edges are attributed correctly, and surface all ancestor loop tags in the tag dropdown for blocks inside nested loops. Made-with: Cursor * feat(agent): add MCP server discovery mode for agent tool input (#3353) * feat(agent): add MCP server discovery mode for agent tool input * fix(tool-input): use type variant for MCP server tool count badge * fix(mcp-dynamic-args): align label styling with standard subblock labels * standardized inp format UI * feat(tool-input): replace MCP server inline expand with drill-down navigation * feat(tool-input): add chevron affordance and keyboard nav for MCP server drill-down * fix(tool-input): handle mcp-server type in refresh, validation, badges, and usage control * refactor(tool-validation): extract getMcpServerIssue, remove fake tool hack * lint * reorder dropdown * perf(agent): parallelize MCP server tool creation with Promise.all * fix(combobox): preserve cursor movement in search input, reset query on drilldown * fix(combobox): route ArrowRight through handleSelect, remove redundant type guards * fix(agent): rename mcpServers to mcpServerSelections to avoid shadowing DB import, route ArrowRight through handleSelect * docs: update google integration docs * fix(tool-input): reset drilldown state on tool selection to prevent stale view * perf(agent): parallelize MCP server discovery across multiple servers * improvement(tests): speed up unit tests by eliminating vi.resetModules anti-pattern (#3357) * improvement(tests): speed up unit tests by eliminating vi.resetModules anti-pattern - convert 51 test files from vi.resetModules/vi.doMock/dynamic import to vi.hoisted/vi.mock/static import - add global @sim/db mock to vitest.setup.ts - switch 4 test files from jsdom to node environment - remove all vi.importActual calls that loaded heavy modules (200+ block files) - remove slow mockConsoleLogger/mockAuth/setupCommonApiMocks helpers - reduce real setTimeout delays in engine tests - mock heavy transitive deps in diff-engine test test execution time: 34s -> 9s (3.9x faster) environment time: 2.5s -> 0.6s (4x faster) * docs(testing): update testing best practices with performance rules - document vi.hoisted + vi.mock + static import as the standard pattern - explicitly ban vi.resetModules, vi.doMock, vi.importActual, mockAuth, setupCommonApiMocks - document global mocks from vitest.setup.ts - add mock pattern reference for auth, hybrid auth, and database chains - add performance rules section covering heavy deps, jsdom vs node, real timers * fix(tests): fix 4 failing test files with missing mocks - socket/middleware/permissions: add vi.mock for @/lib/auth to prevent transitive getBaseUrl() call - workflow-handler: add vi.mock for @/executor/utils/http matching executor mock pattern - evaluator-handler: add db.query.account mock structure before vi.spyOn - router-handler: same db.query.account fix as evaluator * fix(tests): replace banned Function type with explicit callback signature * feat(databricks): add Databricks integration with 8 tools (#3361) * feat(databricks): add Databricks integration with 8 tools Add complete Databricks integration supporting SQL execution, job management, run monitoring, and cluster listing via Personal Access Token authentication. Tools: execute_sql, list_jobs, run_job, get_run, list_runs, cancel_run, get_run_output, list_clusters Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(databricks): throw on invalid JSON params, fix boolean coercion, add expandTasks field - Throw errors on invalid JSON in jobParameters/notebookParams instead of silently defaulting to {} - Always set boolean params explicitly to prevent string 'false' being truthy - Add missing expandTasks dropdown UI field for list_jobs operation * fix(databricks): align tool inputs/outputs with official API spec - execute_sql: fix wait_timeout default description (50s, not 10s) - get_run: add queueDuration field, update lifecycle/result state enums - get_run_output: fix notebook output size (5 MB not 1 MB), add logsTruncated field - list_runs: add userCancelledOrTimedout to state, fix limit range (1-24), update state enums - list_jobs: fix name filter description to "exact case-insensitive" - list_clusters: add PIPELINE_MAINTENANCE to ClusterSource enum * fix(databricks): regenerate docs to reflect API spec fixes --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(luma): add Luma integration for event and guest management (#3364) * feat(luma): add Luma integration for event and guest management Add complete Luma (lu.ma) integration with 6 tools: get event, create event, update event, list calendar events, get guests, and add guests. Includes block configuration with wandConfig for timestamps/timezones/durations, advanced mode for optional fields, and generated documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(luma): address PR review feedback - Remove hosts field from list_events transformResponse (not in LumaEventEntry type) - Fix truncated add_guests description by removing quotes that broke docs generator Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(luma): fix update_event field name and add_guests response parsing - Use 'id' instead of 'event_id' in update_event request body per API spec - Fix add_guests to parse entries[].guest response structure instead of flat guests array Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(gamma): add gamma integration for AI-powered content generation (#3358) * feat(gamma): add gamma integration for AI-powered content generation * fix(gamma): address PR review comments - Make credits/error conditionally included in check_status response to avoid always-truthy objects - Replace full wordmark SVG with square "G" letterform for proper rendering in icon slots * fix(gamma): remove imageSource from generate_from_template endpoint The from-template API only accepts imageOptions.model and imageOptions.style, not imageOptions.source (image source is inherited from the template). * fix(gamma): use typed output in check_status transformResponse * regen docs * feat(greenhouse): add greenhouse integration for managing candidates, jobs, and applications (#3363) * feat(ashby): add ashby integration for candidate, job, and application management (#3362) * feat(ashby): add ashby integration for candidate, job, and application management * fix(ashby): auto-fix lint formatting in docs files * improvement(oauth): reordered oauth modal (#3368) * feat(loops): add Loops email platform integration (#3359) * feat(loops): add Loops email platform integration Add complete Loops integration with 10 tools covering all API endpoints: - Contact management: create, update, find, delete - Email: send transactional emails with attachments - Events: trigger automated email sequences - Lists: list mailing lists and transactional email templates - Properties: create and list contact properties Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ran litn --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(resend): expand integration with contacts, domains, and enhanced email ops (#3366) * improvement(blocks): update luma styling and linkup field modes (#3370) * improvement(blocks): update luma styling and linkup field modes * improvement(fireflies): move optional fields to advanced mode * improvement(blocks): move optional fields to advanced mode for 10 integrations * improvement(blocks): move optional fields to advanced mode for 6 more integrations * feat(x): add 28 new X API v2 tool integrations and expand OAuth scopes (#3365) * feat(x): add 28 new X API v2 tool integrations and expand OAuth scopes * fix(x): add missing nextToken param to search tweets and fix XCreateTweetParams type * fix(x): correct API spec issues in retweeted_by, quote_tweets, personalized_trends, and usage tools * fix(x): add missing newestId and oldestId to error meta in get_liked_tweets and get_quote_tweets * fix(x): add missing newestId/oldestId to get_liked_tweets success branch and includes to XTweetListResponse * fix(x): add error handling to create_tweet and delete_tweet transformResponse * fix(x): add error handling and logger to all X tools * fix(x): revert block requiredScopes to match current operations * feat(x): update block to support all 28 new X API v2 tools * fix(x): add missing text output and fix hiddenResult output key mismatch * docs(x): regenerate docs for all 28 new X API v2 tools * improvement(docs): audit and standardize tool description sections, update developer count to 70k (#3371) * improvement(x): align OAuth scopes, add scope descriptions, and set optional fields to advanced mode (#3372) * improvement(x): align OAuth scopes, add scope descriptions, and set optional fields to advanced mode * improvement(skills): add typed JSON outputs guidance to add-tools, add-block, and add-integration skills * improvement(skills): add final validation steps to add-tools, add-block, and add-integration skills * fix(skills): correct misleading JSON array comment in wandConfig example * feat(skills): add validate-integration skill for auditing tools, blocks, and registry against API docs * improvement(skills): expand validate-integration with full block-tool alignment, OAuth scopes, pagination, and error handling checks * improvement(ci): add sticky disk caches and bump runner for faster builds (#3373) * improvement(selectors): make selectorKeys declarative (#3374) * fix(webflow): resolution for selectors * remove unecessary fallback' * fix teams selector resolution * make selector keys declarative * selectors fixes * improvement(selectors): consolidate selector input logic (#3375) * feat(google-contacts): add google contacts integration (#3340) * feat(google-contacts): add google contacts integration * fix(google-contacts): throw error when no update fields provided * lint * update icon * improvement(google-contacts): add advanced mode, error handling, and input trimming - Set mode: 'advanced' on optional fields (emailType, phoneType, notes, pageSize, pageToken, sortOrder) - Add createLogger and response.ok error handling to all 6 tools - Add .trim() on resourceName in get, update, delete URL builders * improvement(mcp): add all MCP server tools individually instead of as single server entry (#3376) * improvement(mcp): add all MCP server tools individually instead of as single server entry * fix(mcp): prevent remove popover from opening inadvertently * fix(sse): fix memory leaks in SSE stream cleanup and add memory telemetry (#3378) * fix(sse): fix memory leaks in SSE stream cleanup and add memory telemetry * improvement(monitoring): add SSE metering to wand, execution-stream, and a2a-message endpoints * fix(workflow-execute): remove abort from cancel() to preserve run-on-leave behavior * improvement(monitoring): use stable process.getActiveResourcesInfo() API * refactor(a2a): hoist resubscribe cleanup to eliminate duplication between start() and cancel() * style(a2a): format import line Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(wand): set guard flag on early-return decrement for consistency --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * improvement(ashby): validate ashby integration and update skill files (#3381) * improvement(luma): expand host response fields and harden event ID inputs (#3383) * improvement(resend): add error handling, authMode, and naming consistency (#3382) * fix(chat-deploy): fix launch chat popup and auth persistence, clean up React anti-patterns (#3380) * fix(chat-deploy): fix launch chat popup and auth persistence, clean up React anti-patterns * lint * fix(greenhouse): fix email_address query param, add .trim() to ID paths, revert onValidationChange to useEffect * fix(chat-deploy): fix stale AuthSelector state, stabilize refetch ref, clean up copy timeout * fix(chat-deploy): reset chatSuccess on modal open to prevent stuck state * improvement(loops): validate loops integration and update skill files (#3384) * improvement(loops): validate loops integration and update skill files * loops icon color * update databricks icon * fix(monitoring): set MemoryTelemetry logger to INFO level for production visibility (#3386) Production defaults to ERROR-only logging. Without this override, memory snapshots would be silently suppressed. * feat(integrations): add amplitude, google pagespeed insights, and pagerduty integrations (#3385) * feat(integrations): add amplitude and google pagespeed insights integrations * verified and regen docs * fix icons * fix(integrations): add pagerduty to tool and block registries Re-add registry entries that were reverted after initial commit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * more updates * ack comemnts --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(docs): add API reference with OpenAPI spec and auto-generated endpoint pages (#3388) * feat(docs): add API reference with OpenAPI spec and auto-generated endpoint pages * multiline curl * random improvements * cleanup * update docs copy * fix build * cast * fix builg --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> * fix(icons): fix pagerduty icon (#3392) * improvement(executor): audit and harden nested loop/parallel implementation * improvement(executor): audit and harden nested loop/parallel implementation - Replace unsafe _childWorkflowInstanceId cast with typeof type guard - Reuse WorkflowNodeMetadata interface instead of inline type duplication - Rename _executeCore to executeCore (private, no underscore needed) - Add log warning when SSE callbacks are dropped beyond MAX_SSE_CHILD_DEPTH - Remove unnecessary onStream type assertion, use StreamingExecution type - Convert OUTPUT_PROPERTIES/KNOWN_PROPERTIES from arrays to Sets for O(1) lookup - Add type guard in loop resolver resolveOutput before casting - Add TSDoc to edgeCrossesLoopBoundary explaining original-ID usage - Add TSDoc to MAX_SSE_CHILD_DEPTH constant - Update ParentIteration TSDoc to reflect parallel nesting support - Type usageControl as union 'auto'|'force'|'none' in buildMcpTool - Replace (t: any) casts with typed objects in agent-handler tests - Add type guard in builder-data convertArrayItem - Make ctx required in clearLoopExecutionState (only caller always passes it) - Replace Math.random() with deterministic counter in terminal tests - Fix isWorkflowBlockType mock to actually check block types - Add loop-in-loop and workflow block tree tests * improvement(executor): audit fixes for nested subflow implementation - Fix findInnermostLoopForBlock/ParallelForBlock to return deepest nested container instead of first Object.keys() match - Fix isBlockInLoopOrDescendant returning false when directLoopId equals target (should return true) - Add isBlockInParallelOrDescendant with recursive nested parallel checking to match loop resolver behavior - Extract duplicated ~20-line iteration context building from loop/parallel orchestrators into shared buildContainerIterationContext utility - Remove inline import() type references in orchestrators - Remove dead executionOrder field from WorkflowNodeMetadata - Remove redundant double-normalization in findParallelBoundaryNodes - Consolidate 3 identical tree-walk helpers into generic hasMatchInTree - Add empty-array guards for Math.min/Math.max in terminal utils - Make KNOWN_PROPERTIES a Set in parallel resolver for consistency - Remove no-op handleDragEnd callback from toolbar - Remove dead result/results entries from KNOWN_PROPERTIES in loop resolver - Add tests for buildContainerIterationContext Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * finished * improvement(airtable): added more tools (#3396) * fix(layout): polyfill crypto.randomUUID for non-secure HTTP contexts (#3397) * feat(integrations): add dub.co integration (#3400) * feat(integrations): add dub.co integration * improvement(dub): add manual docs description and lint formatting fixes * lint * fix(dub): remove unsupported optional property from block outputs * fix(memory): fix O(n²) string concatenation and unconsumed fetch response leaks (#3399) * fix(monitoring): set MemoryTelemetry logger to INFO level for production visibility Production defaults to ERROR-only logging. Without this override, memory snapshots would be silently suppressed. * fix(memory): fix O(n²) string concatenation and unconsumed fetch response leaks * fix(tests): add text() mock to workflow-handler test fetch responses * fix(memory): remove unused O(n²) join in onStreamChunk callback * chore(careers): remove careers page, redirect to Ashby jobs portal (#3401) * chore(careers): remove careers page, redirect to Ashby jobs portal * lint * feat(integrations): add google meet integration (#3403) * feat(integrations): add google meet integration * lint * ack comments * ack comments * fix(terminal): deduplicate nested container entries in buildEntryTree Filter out container-typed block rows when matching nested subflow nodes exist, preventing nested loops/parallels from appearing twice (once as a flat block and once as an expandable subflow). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * improvement(executor): clean up nested subflow implementation - Fix wireSentinelEdges to use LOOP_EXIT handle for nested loop terminals - Extract buildExecutionPipeline to deduplicate orchestrator wiring - Replace two-phase init with constructor injection for Loop/ParallelOrchestrator - Remove dead code: shouldExecuteLoopNode, resolveForEachItems, isLoopNode, isParallelNode, isSubflowBlockType - Deduplicate currentItem resolution in ParallelResolver via resolveCurrentItem - Type getDistributionItems param as SerializedParallel instead of any - Demote verbose per-reference logger.info to logger.debug in evaluateWhileCondition - Add loop-in-parallel wiring test in edges.test.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(test): update parallel resolver test to use distribution instead of distributionItems The distributionItems fallback was never part of SerializedParallel — it only worked through any typing. Updated the test to use the real distribution property. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(executor): skip loop back-edges in parallel boundary detection and update test findParallelBoundaryNodes now skips LOOP_CONTINUE back-edges when detecting terminal nodes, matching findLoopBoundaryNodes behavior. Without this, a nested loop's back-edge was incorrectly counted as a forward edge within the parallel, preventing terminal detection. Also updated parallel resolver test to use the real distribution property instead of the non-existent distributionItems fallback. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(executor): clean up cloned loop scopes in deleteParallelScopeAndClones When a parallel contains a nested loop, cloned loop scopes (__obranch-N) created by expandParallel were not being deleted, causing stale scopes to persist across outer loop iterations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(executor): remove dead fallbacks, fix nested loop boundary detection, restore executionOrder - Remove unreachable `?? candidateIds[0]` fallbacks in loop/parallel resolvers - Remove arbitrary first-match fallback scan in findEffectiveContainerId - Fix edgeCrossesLoopBoundary to use innermost loop detection for nested loops - Add warning log for missing branch outputs in parallel aggregation - Restore executionOrder on WorkflowNodeMetadata and pipe through child workflow notification - Remove dead sim-drag-subflow classList.remove call - Clean up cloned loop subflowParentMap entries in deleteParallelScopeAndClones Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * leftover * upgrade turborepo * update stagehand icon * fix(tag-dropdown): show contextual loop/parallel tags for deeply nested blocks findAncestorLoops only checked direct loop membership, missing blocks nested inside parallels within loops (and vice versa). Refactored to walk through both loop and parallel containers recursively, so a block inside a parallel inside a loop correctly sees the loop's contextual tags (index, currentItem) instead of the loop's output tags (results). Also fixed parallel ancestor detection to handle nested parallel-in-loop and loop-in-parallel scenarios, collecting all ancestor parallels instead of just the immediate containing one. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * testing * fixed dedicated logs * fix * fix(subflows): enable nested subflow interaction and execution highlighting Remove !important z-index overrides that prevented nested subflows from being grabbed/dragged independently. Z-index is now managed by ReactFlow's elevateNodesOnSelect and per-node zIndex: depth props. Also adds execution status highlighting for nested subflows in both canvas and snapshot preview. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(preview): add cycle guard to recursive subflow status derivation Prevents infinite recursion if subflowChildrenMap contains circular references by tracking visited nodes during traversal. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: Vasyl Abramovych <vasyl.abramovych@gmail.com> |
||
|
Waleed
|
79bb4e5ad8 |
feat(docs): add API reference with OpenAPI spec and auto-generated endpoint pages (#3388)
* feat(docs): add API reference with OpenAPI spec and auto-generated endpoint pages * multiline curl * random improvements * cleanup * update docs copy * fix build * cast * fix builg --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Lakee Sivaraya <71339072+lakeesiv@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> |
||
|
Waleed
|
fadbad4085 |
feat(confluence): add get user by account ID tool (#3345)
* feat(confluence): add get user by account ID tool * feat(confluence): add missing tools for tasks, blog posts, spaces, descendants, permissions, and properties Add 16 new Confluence operations: list/get/update tasks, update/delete blog posts, create/update/delete spaces, get page descendants, list space permissions, list/create/delete space properties. Includes API routes, tool definitions, block config wiring, OAuth scopes, and generated docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): add missing OAuth scopes to auth.ts provider config The OAuth authorization flow uses scopes from auth.ts, not oauth.ts. The 9 new scopes were only added to oauth.ts and the block config but not to the actual provider config in auth.ts, causing re-auth to still return tokens without the new scopes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(confluence): fix truncated get_user tool description in docs Remove apostrophe from description that caused MDX generation to truncate at the escape character. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): address PR review feedback - Move get_user from GET to POST to avoid exposing access token in URL - Add 400 validation for missing params in space-properties create/delete - Add null check for blog post version before update to prevent TypeError Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(confluence): add missing response fields for descendants and tasks - Add type and depth fields to page descendants (from Confluence API) - Add body field (storage format) to task list/get/update responses Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(confluence): use validatePathSegment for Atlassian account IDs validateAlphanumericId rejects valid Atlassian account IDs that contain colons (e.g. 557058:6b9c9931-4693-49c1-8b3a-931f1af98134). Use validatePathSegment with a custom pattern allowing colons instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ran lint * update mock * upgrade turborepo * fix(confluence): reject empty update body for space PUT Return 400 when neither name nor description is provided for space update, instead of sending an empty body to the Confluence API. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): remove spaceId requirement for create_space and fix list_tasks pagination - Remove create_space from spaceId condition array since creating a space doesn't require a space ID input - Remove list_tasks from generic supportsCursor array so it uses its dedicated handler that correctly passes assignedTo and status filters during pagination Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ran lint * fixed type errors --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Waleed
|
ab48787422 | chore(deps): upgrade next.js from 16.1.0-canary.21 to 16.1.6 (#3254) | ||
|
Waleed
|
2979269ac3 |
fix(sidebar): unify workflow and folder insertion ordering (#3250)
* fix(sidebar): unify workflow and folder insertion ordering * ack comments * ack comments * ack * ack comment * upgrade turbo * fix build |
||
|
Waleed
|
a0afb5d03e |
feat(pipedrive): added sort order to endpoints that support it, upgraded turborepo (#3237)
* feat(pipedrive): added sort order to endpoints that support it * upgraded turborepo * fix |
||
|
Waleed
|
f5dc180d9f | fix(memory): upgrade bun from 1.3.3 to 1.3.9 (#3186) | ||
|
Siddharth Ganesan
|
190f12fd77 |
feat(copilot): copilot mcp + server side copilot execution (#3173)
* v0 * v1 * Basic ss tes * Ss tests * Stuff * Add mcp * mcp v1 * Improvement * Fix * BROKEN * Checkpoint * Streaming * Fix abort * Things are broken * Streaming seems to work but copilot is dumb * Fix edge issue * LUAAAA * Fix stream buffer * Fix lint * Checkpoint * Initial temp state, in the middle of a refactor * Initial test shows diff store still working * Tool refactor * First cleanup pass complete - untested * Continued cleanup * Refactor * Refactor complete - no testing yet * Fix - cursor makes me sad * Fix mcp * Clean up mcp * Updated mcp * Add respond to subagents * Fix definitions * Add tools * Add tools * Add copilot mcp tracking * Fix lint * Fix mcp * Fix * Updates * Clean up mcp * Fix copilot mcp tool names to be sim prefixed * Add opus 4.6 * Fix discovery tool * Fix * Remove logs * Fix go side tool rendering * Update docs * Fix hydration * Fix tool call resolution * Fix * Fix lint * Fix superagent and autoallow integrations * Fix always allow * Update block * Remove plan docs * Fix hardcoded ff * Fix dropped provider * Fix lint * Fix tests * Fix dead messages array * Fix discovery * Fix run workflow * Fix run block * Fix run from block in copilot * Fix lint * Fix skip and mtb * Fix typing * Fix tool call * Bump api version * Fix bun lock * Nuke bad files |
||
|
Waleed
|
b3dbb4487f |
improvement(jsm): destructured outputs for jsm, jira, and added 1password integration (#3174)
* improvement(jsm): destructured outputs for jsm, jira, and added 1password integration * update 1password to support cloud & locally hosted * updated & tested 1pass * added an additional wandConfig for OnePassword & jira search issues * finished jira * removed unused route * updated types * restore old outputs * updated types |
||
|
Waleed
|
793adda986 |
fix(limits): updated rate limiter to match execution timeouts, adjusted timeouts fallback to be free plan (#3136)
* fix(limits): updated rate limiter to match execution timeouts, adjusted timeouts fallback to be free plan * upgrade turborepo |
||
|
Vikhyath Mondreti
|
a627faabe7 |
feat(timeouts): execution timeout limits (#3120)
* feat(timeouts): execution timeout limits * fix type issues * add to docs * update stale exec cleanup route * update more callsites * update tests * address bugbot comments * remove import expression * support streaming and async paths' * fix streaming path * add hitl and workflow handler * make sync path match * consolidate * timeout errors * validation errors typed * import order * Merge staging into feat/timeout-lims Resolved conflicts: - stt/route.ts: Keep both execution timeout and security imports - textract/parse/route.ts: Keep both execution timeout and validation imports - use-workflow-execution.ts: Keep cancellation console entry from feature branch - input-validation.ts: Remove server functions (moved to .server.ts in staging) - tools/index.ts: Keep execution timeout, use .server import for security * make run from block consistent * revert console update change * fix subflow errors * clean up base 64 cache correctly * update docs * consolidate workflow execution and run from block hook code * remove unused constant * fix cleanup base64 sse * fix run from block tracespan |
||
|
Emir Karabeg
|
0bc245b7a9 |
feat(note-block): note block preview newlines (#3127)
* feat(note-block): add single newline support in preview
Add remark-breaks plugin to the note block markdown renderer to convert
single newlines into line breaks. This fixes the issue where users had
to use double newlines (\n\n) to create visible line breaks in the
note block preview.
Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com>
* Revert "feat(note-block): add single newline support in preview"
This reverts commit
|
||
|
Waleed
|
f7c3de0591 | fix(streaming): handle multi-byte UTF-8 chars split across chunks (#3083) | ||
|
Vikhyath Mondreti
|
b0fbf3648d |
improvment(sockets): migrate to redis (#3072)
* improvment(sockets): migrate to redis * remove random error code * improve typing * use native api * fix bugbot comments * bugbot comment * fix more bugbot cleanup comments * null cursor * fix * cleanup code * fix bugbot comments |
||
|
Waleed
|
f99518b837 |
feat(calcom): added calcom (#3070)
* feat(tools): added calcom * added more triggers, tested * updated regex in script for release to be more lenient * fix(tag-dropdown): performance improvements and scroll bug fixes - Add flatTagIndexMap for O(1) tag lookups (replaces O(n²) findIndex calls) - Memoize caret position calculation to avoid DOM manipulation on every render - Use refs for inputValue/cursorPosition to keep handleTagSelect callback stable - Change itemRefs from index-based to tag-based keys to prevent stale refs - Fix scroll jump in nested folders by removing scroll reset from registerFolder - Add onFolderEnter callback for scroll reset when entering folder via keyboard - Disable keyboard navigation wrap-around at boundaries - Simplify selection reset to single effect on flatTagList.length change Also: - Add safeCompare utility for timing-safe string comparison - Refactor webhook signature validation to use safeCompare Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * updated types * fix(calcom): simplify required field constraints for booking attendee The condition field already restricts these to calcom_create_booking, so simplified to required: true. Per Cal.com API docs, email is optional while name and timeZone are required. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * added tests * updated folder multi select, updated calcom and github tools and docs generator script * updated drag, updated outputs for tools, regen docs with nested docs script * updated setup instructions links, destructure trigger outputs, fix text subblock styling * updated docs gen script * updated docs script * updated docs script * updated script * remove destructuring of stripe webhook * expanded wand textarea, updated calcom tools --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Emir Karabeg
|
9cba8eee48 |
improvement(preview): error paths, loops, workflow (#3010)
* improvement(switch): dark styling * improvement(settings): change deployed MCPs to MCPs servers * improvement(preview): added error paths, loop logic * improvement(preview): nested workflows preview * feat(preview): lightweight param * improvement(preview): staging changes integrated |