github/sim
1
0
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-02-12 07:24:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:feat/atlassian
Branches Tags
github:main github:fix/s3 github:sim-609-tool-input-refactor github:feat/creators github:feat/mult-credentials-rv github:staging github:feat/atlassian github:feat/smart-copilot github:fix/confl github:feat/blogbench github:feat/streamdown github:feat/landing github:cursor/development-environment-setup-aad3 github:cursor/development-environment-setup-becb github:feature/tiktok-integration github:feat/copilot-server-1 github:cursor/run-button-label-and-hover-fdc2 github:fix/tracespans github:sim-614 github:fix/kbtags github:feat/agent-media github:feat/copilot-server github:cleanup github:fix/hitl-outputs github:fix/copilot-credentials-validation github:dependabot/npm_and_yarn/npm_and_yarn-ae354da9f7 github:fix/s-tool github:lakees/db github:improvement/copilot-refactor github:feat/copilot-resume github:fix/start-inp github:feat/impersonation github:fix/refresh github:fix/copilot-thinking github:feat/groups github:fix/dups github:improvement/copilot-superagent-split github:improvement/respone-block github:SIM-514-useWebhookUrl-conditioning github:sim-499 github:fix/tool-output github:feat/figma github:feat/custom-oauth-adv-mdoe github:feat/zapier github:feat/snowflake github:feat/workflow-import-su github:feat/run-from-block github:improvement/debug-mode github:feat/while-subflow github:feat/aws-lambda
github:v0.5.88 github:v0.5.87 github:v0.5.86 github:v0.5.85 github:v0.5.84 github:v0.5.83 github:v0.5.82 github:v0.5.81 github:v0.5.80 github:v0.5.79 github:v0.5.78 github:v0.5.77 github:v0.5.76 github:v0.5.75 github:v0.5.74 github:v0.5.73 github:v0.5.72 github:v0.5.71 github:python-sdk-v0.1.2 github:typescript-sdk-v0.1.2 github:v0.5.70 github:v0.5.69 github:v0.5.68 github:v0.5.67 github:v0.5.66 github:v0.5.65 github:v0.5.64 github:v0.5.63 github:v0.5.62 github:v0.5.61 github:v0.5.60 github:v0.5.59 github:v0.5.58 github:v0.5.57 github:v0.5.56 github:v0.5.55 github:v0.5.54 github:v0.5.53 github:v0.5.52 github:v0.5.51 github:v0.5.50 github:v0.5.49 github:v0.5.48 github:v0.5.47 github:v0.5.46 github:v0.5.45 github:v0.5.44 github:v0.5.43 github:v0.5.42 github:v0.5.41 github:v0.5.40 github:v0.5.39 github:v0.5.38 github:v0.5.37 github:v0.5.36 github:v0.5.35 github:v0.5.34 github:v0.5.33 github:v0.5.32 github:v0.5.31 github:v0.5.30 github:v0.5.29 github:v0.5.28 github:v0.5.27 github:v0.5.26 github:v0.5.25 github:v0.5.24 github:v0.5.23 github:v0.5.22 github:v0.5.21 github:v0.5.20 github:v0.5.19 github:v0.5.18 github:v0.5.17 github:v0.5.16 github:v0.5.15 github:v0.5.14 github:python-sdk-v0.1.1 github:typescript-sdk-v0.1.1 github:v0.5.13 github:v0.5.12 github:v0.5.11 github:v0.5.8 github:v0.5.9 github:v0.5.7 github:v0.5.6 github:v0.5.5 github:v0.5.2 github:v0.5.1 github:v0.5 github:v0.4.25 github:v0.4.24 github:v0.4.23 github:v0.4.22 github:v0.4.21 github:v0.4.20 github:v0.4.19 github:v0.4.17 github:v0.4.16 github:v0.4.15 github:v0.4.14 github:v0.4.13 github:v0.4.12 github:v0.4.11 github:v0.4.10 github:v0.4.9 github:v0.4.8 github:v0.4.7 github:v0.4.6 github:v0.4.5 github:v0.4.4 github:v0.4.3 github:v0.4.2 github:v0.4.1 github:v0.4.0 github:v0.3.41 github:v0.3.42 github:v0.3.43 github:v0.3.44 github:v0.3.45 github:v0.3.46 github:v0.3.47 github:v0.3.50 github:v0.3.51 github:v0.3.52 github:v0.3.53 github:v0.3.54 github:v0.3.55 github:v0.3.56 github:v0.3.57 github:v0.3.58 github:v0.2.1 github:v0.2.2 github:v0.2.3 github:v0.2.4 github:v0.2.5 github:v0.2.6 github:v0.2.7 github:v0.2.8 github:v0.2.9 github:v0.2.11 github:v0.2.12 github:v0.2.13 github:v0.3.1 github:v0.3.2 github:v0.3.3 github:v0.3.4 github:v0.3.5 github:v0.3.6 github:v0.3.7 github:v0.3.8 github:v0.3.9 github:v0.3.10 github:v0.3.13 github:v0.3.14 github:v0.3.15 github:v0.3.16 github:v0.3.17 github:v0.3.19 github:v0.3.21 github:v0.3.22 github:v0.3.23 github:v0.3.24 github:v0.3.26 github:v0.3.27 github:v0.3.28 github:v0.3.30 github:v0.3.31 github:v0.3.32 github:v0.3.33 github:v0.3.34 github:v0.3.35 github:v0.3.36 github:v0.3.37 github:v0.3.38 github:v0.3.39 github:v0.3.40 github:v1.0.0
..
compare: github:feat/mult-credentials-rv
Branches Tags
github:fix/s3 github:sim-609-tool-input-refactor github:feat/creators github:feat/mult-credentials-rv github:staging github:feat/atlassian github:feat/smart-copilot github:main github:fix/confl github:feat/blogbench github:feat/streamdown github:feat/landing github:cursor/development-environment-setup-aad3 github:cursor/development-environment-setup-becb github:feature/tiktok-integration github:feat/copilot-server-1 github:cursor/run-button-label-and-hover-fdc2 github:fix/tracespans github:sim-614 github:fix/kbtags github:feat/agent-media github:feat/copilot-server github:cleanup github:fix/hitl-outputs github:fix/copilot-credentials-validation github:dependabot/npm_and_yarn/npm_and_yarn-ae354da9f7 github:fix/s-tool github:lakees/db github:improvement/copilot-refactor github:feat/copilot-resume github:fix/start-inp github:feat/impersonation github:fix/refresh github:fix/copilot-thinking github:feat/groups github:fix/dups github:improvement/copilot-superagent-split github:improvement/respone-block github:SIM-514-useWebhookUrl-conditioning github:sim-499 github:fix/tool-output github:feat/figma github:feat/custom-oauth-adv-mdoe github:feat/zapier github:feat/snowflake github:feat/workflow-import-su github:feat/run-from-block github:improvement/debug-mode github:feat/while-subflow github:feat/aws-lambda
github:v0.5.88 github:v0.5.87 github:v0.5.86 github:v0.5.85 github:v0.5.84 github:v0.5.83 github:v0.5.82 github:v0.5.81 github:v0.5.80 github:v0.5.79 github:v0.5.78 github:v0.5.77 github:v0.5.76 github:v0.5.75 github:v0.5.74 github:v0.5.73 github:v0.5.72 github:v0.5.71 github:python-sdk-v0.1.2 github:typescript-sdk-v0.1.2 github:v0.5.70 github:v0.5.69 github:v0.5.68 github:v0.5.67 github:v0.5.66 github:v0.5.65 github:v0.5.64 github:v0.5.63 github:v0.5.62 github:v0.5.61 github:v0.5.60 github:v0.5.59 github:v0.5.58 github:v0.5.57 github:v0.5.56 github:v0.5.55 github:v0.5.54 github:v0.5.53 github:v0.5.52 github:v0.5.51 github:v0.5.50 github:v0.5.49 github:v0.5.48 github:v0.5.47 github:v0.5.46 github:v0.5.45 github:v0.5.44 github:v0.5.43 github:v0.5.42 github:v0.5.41 github:v0.5.40 github:v0.5.39 github:v0.5.38 github:v0.5.37 github:v0.5.36 github:v0.5.35 github:v0.5.34 github:v0.5.33 github:v0.5.32 github:v0.5.31 github:v0.5.30 github:v0.5.29 github:v0.5.28 github:v0.5.27 github:v0.5.26 github:v0.5.25 github:v0.5.24 github:v0.5.23 github:v0.5.22 github:v0.5.21 github:v0.5.20 github:v0.5.19 github:v0.5.18 github:v0.5.17 github:v0.5.16 github:v0.5.15 github:v0.5.14 github:python-sdk-v0.1.1 github:typescript-sdk-v0.1.1 github:v0.5.13 github:v0.5.12 github:v0.5.11 github:v0.5.8 github:v0.5.9 github:v0.5.7 github:v0.5.6 github:v0.5.5 github:v0.5.2 github:v0.5.1 github:v0.5 github:v0.4.25 github:v0.4.24 github:v0.4.23 github:v0.4.22 github:v0.4.21 github:v0.4.20 github:v0.4.19 github:v0.4.17 github:v0.4.16 github:v0.4.15 github:v0.4.14 github:v0.4.13 github:v0.4.12 github:v0.4.11 github:v0.4.10 github:v0.4.9 github:v0.4.8 github:v0.4.7 github:v0.4.6 github:v0.4.5 github:v0.4.4 github:v0.4.3 github:v0.4.2 github:v0.4.1 github:v0.4.0 github:v0.3.41 github:v0.3.42 github:v0.3.43 github:v0.3.44 github:v0.3.45 github:v0.3.46 github:v0.3.47 github:v0.3.50 github:v0.3.51 github:v0.3.52 github:v0.3.53 github:v0.3.54 github:v0.3.55 github:v0.3.56 github:v0.3.57 github:v0.3.58 github:v0.2.1 github:v0.2.2 github:v0.2.3 github:v0.2.4 github:v0.2.5 github:v0.2.6 github:v0.2.7 github:v0.2.8 github:v0.2.9 github:v0.2.11 github:v0.2.12 github:v0.2.13 github:v0.3.1 github:v0.3.2 github:v0.3.3 github:v0.3.4 github:v0.3.5 github:v0.3.6 github:v0.3.7 github:v0.3.8 github:v0.3.9 github:v0.3.10 github:v0.3.13 github:v0.3.14 github:v0.3.15 github:v0.3.16 github:v0.3.17 github:v0.3.19 github:v0.3.21 github:v0.3.22 github:v0.3.23 github:v0.3.24 github:v0.3.26 github:v0.3.27 github:v0.3.28 github:v0.3.30 github:v0.3.31 github:v0.3.32 github:v0.3.33 github:v0.3.34 github:v0.3.35 github:v0.3.36 github:v0.3.37 github:v0.3.38 github:v0.3.39 github:v0.3.40 github:v1.0.0

3 Commits
feat/atlas ... feat/mult-

Author SHA1 Message Date
Vikhyath Mondreti
508772cf58 make it autoselect personal secret when create secret is clicked 2026-02-11 20:06:27 -08:00
Vikhyath Mondreti
7314675f50 checkpoint 2026-02-11 19:58:24 -08:00
Vikhyath Mondreti
253161afba feat(mult-credentials): progress 2026-02-11 15:18:31 -08:00
249 changed files with 16086 additions and 21947 deletions
Expand all files Collapse all files

3
apps/docs/content/docs/de/keyboard-shortcuts/index.mdx
View File

@@ -41,6 +41,9 @@ Diese Tastenkombinationen wechseln zwischen den Panel-Tabs auf der rechten Seite
| Tastenkombination | Aktion |
|----------|--------|
| `C` | Copilot-Tab fokussieren |
| `T` | Toolbar-Tab fokussieren |
| `E` | Editor-Tab fokussieren |
| `Mod` + `F` | Toolbar-Suche fokussieren |
## Globale Navigation

3
apps/docs/content/docs/en/keyboard-shortcuts/index.mdx
View File

@@ -43,6 +43,9 @@ These shortcuts switch between panel tabs on the right side of the canvas.
| Shortcut | Action |
|----------|--------|
| `C` | Focus Copilot tab |
| `T` | Focus Toolbar tab |
| `E` | Focus Editor tab |
| `Mod` + `F` | Focus Toolbar search |
## Global Navigation

311
apps/docs/content/docs/en/tools/confluence.mdx
View File

@@ -88,8 +88,7 @@ Update a Confluence page using the Confluence API.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `success` | boolean | Operation success status |
| `ts` | string | Timestamp of update |
| `pageId` | string | Confluence page ID |
| `title` | string | Updated page title |
| `status` | string | Page status |
@@ -111,6 +110,7 @@ Update a Confluence page using the Confluence API.
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `url` | string | URL to view the page in Confluence |
| `success` | boolean | Update operation success status |
### `confluence_create_page`
@@ -131,7 +131,7 @@ Create a new page in a Confluence space.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `ts` | string | Timestamp of creation |
| `pageId` | string | Created page ID |
| `title` | string | Page title |
| `status` | string | Page status |
@@ -172,9 +172,9 @@ Delete a Confluence page. By default moves to trash; use purge=true to permanent
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `deleted` | boolean | Deletion status |
| `ts` | string | Timestamp of deletion |
| `pageId` | string | Deleted page ID |
| `deleted` | boolean | Deletion status |
### `confluence_list_pages_in_space`
@@ -358,10 +358,10 @@ List all custom properties (metadata) attached to a Confluence page.
| `ts` | string | ISO 8601 timestamp of the operation |
| `pageId` | string | ID of the page |
| `properties` | array | Array of content properties |
| ↳ `id` | string | Unique property identifier |
| ↳ `key` | string | Property key/name |
| ↳ `id` | string | Property ID |
| ↳ `key` | string | Property key |
| ↳ `value` | json | Property value \(can be any JSON\) |
| ↳ `version` | object | Property version information |
| ↳ `version` | object | Version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
@@ -388,72 +388,16 @@ Create a new custom property (metadata) on a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `id` | string | Unique property identifier |
| `key` | string | Property key/name |
| `value` | json | Property value \(can be any JSON\) |
| `version` | object | Property version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `pageId` | string | ID of the page |
| `propertyId` | string | ID of the created property |
### `confluence_update_page_property`
Update an existing content property on a Confluence page.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `pageId` | string | Yes | The ID of the page containing the property |
| `propertyId` | string | Yes | The ID of the property to update |
| `key` | string | Yes | The key/name of the property |
| `value` | json | Yes | The new value for the property \(can be any JSON value\) |
| `versionNumber` | number | Yes | The current version number of the property \(for conflict prevention\) |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `id` | string | Unique property identifier |
| `key` | string | Property key/name |
| `value` | json | Property value \(can be any JSON\) |
| `version` | object | Property version information |
| `key` | string | Property key |
| `value` | json | Property value |
| `version` | object | Version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `pageId` | string | ID of the page |
| `propertyId` | string | ID of the updated property |
### `confluence_delete_page_property`
Delete a content property from a Confluence page by its property ID.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `pageId` | string | Yes | The ID of the page containing the property |
| `propertyId` | string | Yes | The ID of the property to delete |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `pageId` | string | ID of the page |
| `propertyId` | string | ID of the deleted property |
| `deleted` | boolean | Deletion status |
### `confluence_search`
@@ -472,7 +416,7 @@ Search for content across Confluence pages, blog posts, and other content.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `ts` | string | Timestamp of search |
| `results` | array | Array of search results |
| ↳ `id` | string | Unique content identifier |
| ↳ `title` | string | Content title |
@@ -546,29 +490,19 @@ List all blog posts across all accessible Confluence spaces.
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `blogPosts` | array | Array of blog posts |
| ↳ `id` | string | Unique blog post identifier |
| ↳ `id` | string | Blog post ID |
| ↳ `title` | string | Blog post title |
| ↳ `status` | string | Blog post status \(e.g., current, draft\) |
| ↳ `spaceId` | string | ID of the space containing the blog post |
| ↳ `authorId` | string | Account ID of the blog post author |
| ↳ `createdAt` | string | ISO 8601 timestamp when the blog post was created |
| ↳ `version` | object | Blog post version information |
| ↳ `status` | string | Blog post status |
| ↳ `spaceId` | string | Space ID |
| ↳ `authorId` | string | Author account ID |
| ↳ `createdAt` | string | Creation timestamp |
| ↳ `version` | object | Version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| ↳ `body` | object | Blog post body content |
| ↳ `storage` | object | Body in storage format \(Confluence markup\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `view` | object | Body in view format \(rendered HTML\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `webUrl` | string | URL to view the blog post in Confluence |
| ↳ `webUrl` | string | URL to view the blog post |
| `nextCursor` | string | Cursor for fetching the next page of results |
### `confluence_get_blogpost`
@@ -589,19 +523,19 @@ Get a specific Confluence blog post by ID, including its content.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `id` | string | Unique blog post identifier |
| `id` | string | Blog post ID |
| `title` | string | Blog post title |
| `status` | string | Blog post status \(e.g., current, draft\) |
| `spaceId` | string | ID of the space containing the blog post |
| `authorId` | string | Account ID of the blog post author |
| `createdAt` | string | ISO 8601 timestamp when the blog post was created |
| `version` | object | Blog post version information |
| `status` | string | Blog post status |
| `spaceId` | string | Space ID |
| `authorId` | string | Author account ID |
| `createdAt` | string | Creation timestamp |
| `version` | object | Version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `body` | object | Blog post body content |
| `body` | object | Blog post body content in requested format\(s\) |
| ↳ `storage` | object | Body in storage format \(Confluence markup\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
@@ -611,7 +545,7 @@ Get a specific Confluence blog post by ID, including its content.
| ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| `webUrl` | string | URL to view the blog post in Confluence |
| `webUrl` | string | URL to view the blog post |
### `confluence_create_blogpost`
@@ -633,18 +567,11 @@ Create a new blog post in a Confluence space.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `id` | string | Unique blog post identifier |
| `id` | string | Created blog post ID |
| `title` | string | Blog post title |
| `status` | string | Blog post status \(e.g., current, draft\) |
| `spaceId` | string | ID of the space containing the blog post |
| `authorId` | string | Account ID of the blog post author |
| `createdAt` | string | ISO 8601 timestamp when the blog post was created |
| `version` | object | Blog post version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `status` | string | Blog post status |
| `spaceId` | string | Space ID |
| `authorId` | string | Author account ID |
| `body` | object | Blog post body content |
| ↳ `storage` | object | Body in storage format \(Confluence markup\) |
| ↳ `value` | string | The content value in the specified format |
@@ -655,71 +582,13 @@ Create a new blog post in a Confluence space.
| ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| `webUrl` | string | URL to view the blog post in Confluence |
### `confluence_update_blogpost`
Update an existing Confluence blog post title, content, or status.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `blogPostId` | string | Yes | The ID of the blog post to update |
| `title` | string | No | New title for the blog post |
| `content` | string | No | New content for the blog post in Confluence storage format |
| `status` | string | No | Blog post status: current or draft |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `id` | string | Unique blog post identifier |
| `title` | string | Blog post title |
| `status` | string | Blog post status \(e.g., current, draft\) |
| `spaceId` | string | ID of the space containing the blog post |
| `authorId` | string | Account ID of the blog post author |
| `createdAt` | string | ISO 8601 timestamp when the blog post was created |
| `version` | object | Blog post version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `body` | object | Blog post body content |
| ↳ `storage` | object | Body in storage format \(Confluence markup\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `view` | object | Body in view format \(rendered HTML\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| `webUrl` | string | URL to view the blog post in Confluence |
### `confluence_delete_blogpost`
Delete a Confluence blog post.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `blogPostId` | string | Yes | The ID of the blog post to delete |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `deleted` | boolean | Deletion status |
| `blogPostId` | string | Deleted blog post ID |
| `webUrl` | string | URL to view the blog post |
### `confluence_list_blogposts_in_space`
@@ -743,13 +612,13 @@ List all blog posts within a specific Confluence space.
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `blogPosts` | array | Array of blog posts in the space |
| ↳ `id` | string | Unique blog post identifier |
| ↳ `id` | string | Blog post ID |
| ↳ `title` | string | Blog post title |
| ↳ `status` | string | Blog post status \(e.g., current, draft\) |
| ↳ `spaceId` | string | ID of the space containing the blog post |
| ↳ `authorId` | string | Account ID of the blog post author |
| ↳ `createdAt` | string | ISO 8601 timestamp when the blog post was created |
| ↳ `version` | object | Blog post version information |
| ↳ `status` | string | Blog post status |
| ↳ `spaceId` | string | Space ID |
| ↳ `authorId` | string | Author account ID |
| ↳ `createdAt` | string | Creation timestamp |
| ↳ `version` | object | Version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
@@ -765,7 +634,7 @@ List all blog posts within a specific Confluence space.
| ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
| ↳ `value` | string | The content value in the specified format |
| ↳ `representation` | string | Content representation type |
| ↳ `webUrl` | string | URL to view the blog post in Confluence |
| ↳ `webUrl` | string | URL to view the blog post |
| `nextCursor` | string | Cursor for fetching the next page of results |
### `confluence_create_comment`
@@ -785,7 +654,7 @@ Add a comment to a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `ts` | string | Timestamp of creation |
| `commentId` | string | Created comment ID |
| `pageId` | string | Page ID |
@@ -846,9 +715,9 @@ Update an existing comment on a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `updated` | boolean | Update status |
| `ts` | string | Timestamp of update |
| `commentId` | string | Updated comment ID |
| `updated` | boolean | Update status |
### `confluence_delete_comment`
@@ -866,9 +735,9 @@ Delete a comment from a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `deleted` | boolean | Deletion status |
| `ts` | string | Timestamp of deletion |
| `commentId` | string | Deleted comment ID |
| `deleted` | boolean | Deletion status |
### `confluence_upload_attachment`
@@ -889,7 +758,7 @@ Upload a file as an attachment to a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `ts` | string | Timestamp of upload |
| `attachmentId` | string | Uploaded attachment ID |
| `title` | string | Attachment file name |
| `fileSize` | number | File size in bytes |
@@ -951,9 +820,9 @@ Delete an attachment from a Confluence page (moves to trash).
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `deleted` | boolean | Deletion status |
| `ts` | string | Timestamp of deletion |
| `attachmentId` | string | Deleted attachment ID |
| `deleted` | boolean | Deletion status |
### `confluence_list_labels`
@@ -973,7 +842,7 @@ List all labels on a Confluence page.
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `ts` | string | Timestamp of retrieval |
| `labels` | array | Array of labels on the page |
| ↳ `id` | string | Unique label identifier |
| ↳ `name` | string | Label name |
@@ -1003,90 +872,6 @@ Add a label to a Confluence page for organization and categorization.
| `labelName` | string | Name of the added label |
| `labelId` | string | ID of the added label |
### `confluence_delete_label`
Remove a label from a Confluence page.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `pageId` | string | Yes | Confluence page ID to remove the label from |
| `labelName` | string | Yes | Name of the label to remove |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `pageId` | string | Page ID the label was removed from |
| `labelName` | string | Name of the removed label |
| `deleted` | boolean | Deletion status |
### `confluence_get_pages_by_label`
Retrieve all pages that have a specific label applied.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `labelId` | string | Yes | The ID of the label to get pages for |
| `limit` | number | No | Maximum number of pages to return \(default: 50, max: 250\) |
| `cursor` | string | No | Pagination cursor from previous response |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `labelId` | string | ID of the label |
| `pages` | array | Array of pages with this label |
| ↳ `id` | string | Unique page identifier |
| ↳ `title` | string | Page title |
| ↳ `status` | string | Page status \(e.g., current, archived, trashed, draft\) |
| ↳ `spaceId` | string | ID of the space containing the page |
| ↳ `parentId` | string | ID of the parent page \(null if top-level\) |
| ↳ `authorId` | string | Account ID of the page author |
| ↳ `createdAt` | string | ISO 8601 timestamp when the page was created |
| ↳ `version` | object | Page version information |
| ↳ `number` | number | Version number |
| ↳ `message` | string | Version message |
| ↳ `minorEdit` | boolean | Whether this is a minor edit |
| ↳ `authorId` | string | Account ID of the version author |
| ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
| `nextCursor` | string | Cursor for fetching the next page of results |
### `confluence_list_space_labels`
List all labels associated with a Confluence space.
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
| `spaceId` | string | Yes | The ID of the Confluence space to list labels from |
| `limit` | number | No | Maximum number of labels to return \(default: 25, max: 250\) |
| `cursor` | string | No | Pagination cursor from previous response |
| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | ISO 8601 timestamp of the operation |
| `spaceId` | string | ID of the space |
| `labels` | array | Array of labels on the space |
| ↳ `id` | string | Unique label identifier |
| ↳ `name` | string | Label name |
| ↳ `prefix` | string | Label prefix/type \(e.g., global, my, team\) |
| `nextCursor` | string | Cursor for fetching the next page of results |
### `confluence_get_space`
Get details about a specific Confluence space.

525
apps/docs/content/docs/en/tools/jira_service_management.mdx
View File

@@ -30,7 +30,7 @@ With Sims Jira Service Management integration, you can create, monitor, and u
## Usage Instructions
Integrate with Jira Service Management for IT service management. Create and manage service requests, handle customers and organizations, track SLAs, and manage queues. Can also trigger workflows based on Jira Service Management webhook events.
Integrate with Jira Service Management for IT service management. Create and manage service requests, handle customers and organizations, track SLAs, and manage queues.
@@ -66,31 +66,6 @@ Get all service desks from Jira Service Management
| `total` | number | Total number of service desks |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_service_desk`
Get a specific service desk by ID in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `id` | string | Service desk ID |
| `projectId` | string | Associated Jira project ID |
| `projectName` | string | Associated project name |
| `projectKey` | string | Associated project key |
| `name` | string | Service desk name |
| `description` | string | Service desk description |
| `leadDisplayName` | string | Project lead display name |
| `ts` | string | Timestamp of the operation |
### `jsm_get_request_types`
Get request types for a service desk in Jira Service Management
@@ -126,39 +101,6 @@ Get request types for a service desk in Jira Service Management
| `total` | number | Total number of request types |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_request_type_fields`
Get the fields required to create a request of a specific type in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
| `requestTypeId` | string | Yes | Request Type ID \(e.g., "10", "15"\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `serviceDeskId` | string | Service desk ID |
| `requestTypeId` | string | Request type ID |
| `canAddRequestParticipants` | boolean | Whether participants can be added to requests of this type |
| `canRaiseOnBehalfOf` | boolean | Whether requests can be raised on behalf of another user |
| `requestTypeFields` | array | List of fields for this request type |
| ↳ `fieldId` | string | Field identifier \(e.g., summary, description, customfield_10010\) |
| ↳ `name` | string | Human-readable field name |
| ↳ `description` | string | Help text for the field |
| ↳ `required` | boolean | Whether the field is required |
| ↳ `visible` | boolean | Whether the field is visible |
| ↳ `validValues` | json | Allowed values for select fields |
| ↳ `presetValues` | json | Pre-populated values |
| ↳ `defaultValues` | json | Default values for the field |
| ↳ `jiraSchema` | json | Jira field schema with type, system, custom, customId |
### `jsm_create_request`
Create a new service request in Jira Service Management
@@ -280,59 +222,6 @@ Get multiple service requests from Jira Service Management
| `total` | number | Total number of requests in current page |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_request_status`
Get status history for a service request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
| `start` | number | No | Start index for pagination \(e.g., 0, 50, 100\) |
| `limit` | number | No | Maximum results to return \(e.g., 10, 25, 50\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `statuses` | array | Status history entries |
| ↳ `status` | string | Status name |
| ↳ `statusCategory` | string | Status category \(NEW, INDETERMINATE, DONE\) |
| ↳ `statusDate` | json | Status change date with iso8601, friendly, epochMillis |
| `total` | number | Total number of status entries |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_request_attachments`
Get attachments for a service request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
| `includeAttachments` | boolean | No | Download attachment file contents and include them as files in the output |
| `start` | number | No | Start index for pagination \(e.g., 0, 50, 100\) |
| `limit` | number | No | Maximum results to return \(e.g., 10, 25, 50\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `attachments` | array | List of attachments |
| `total` | number | Total number of attachments |
| `isLastPage` | boolean | Whether this is the last page |
| `files` | file[] | Downloaded attachment files \(only when includeAttachments is true\) |
### `jsm_add_comment`
Add a comment (public or internal) to a service request in Jira Service Management
@@ -452,53 +341,6 @@ Add customers to a service desk in Jira Service Management
| `serviceDeskId` | string | Service desk ID |
| `success` | boolean | Whether customers were added successfully |
### `jsm_remove_customer`
Remove customers from a service desk in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
| `accountIds` | string | No | Comma-separated Atlassian account IDs to remove |
| `emails` | string | No | Comma-separated email addresses to remove |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `serviceDeskId` | string | Service desk ID |
| `success` | boolean | Whether customers were removed successfully |
### `jsm_create_customer`
Create a new customer in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `email` | string | Yes | Email address for the new customer |
| `displayName` | string | Yes | Display name for the new customer |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `accountId` | string | Account ID of the created customer |
| `displayName` | string | Display name of the created customer |
| `emailAddress` | string | Email address of the created customer |
| `active` | boolean | Whether the customer account is active |
| `timeZone` | string | Customer timezone |
| `success` | boolean | Whether the customer was created successfully |
### `jsm_get_organizations`
Get organizations for a service desk in Jira Service Management
@@ -524,26 +366,6 @@ Get organizations for a service desk in Jira Service Management
| `total` | number | Total number of organizations |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_organization`
Get a specific organization by ID in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `organizationId` | string | Yes | Organization ID to retrieve |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `id` | string | Organization ID |
| `name` | string | Organization name |
| `ts` | string | Timestamp of the operation |
### `jsm_create_organization`
Create a new organization in Jira Service Management
@@ -587,119 +409,6 @@ Add an organization to a service desk in Jira Service Management
| `organizationId` | string | Organization ID added |
| `success` | boolean | Whether the operation succeeded |
### `jsm_remove_organization`
Remove an organization from a service desk in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
| `organizationId` | string | Yes | Organization ID to remove from the service desk |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `serviceDeskId` | string | Service Desk ID |
| `organizationId` | string | Organization ID removed |
| `success` | boolean | Whether the operation succeeded |
### `jsm_delete_organization`
Delete an organization in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `organizationId` | string | Yes | Organization ID to delete |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `organizationId` | string | ID of the deleted organization |
| `success` | boolean | Whether the organization was deleted |
### `jsm_get_organization_users`
Get users in an organization in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `organizationId` | string | Yes | Organization ID to get users from |
| `start` | number | No | Start index for pagination \(e.g., 0, 50, 100\) |
| `limit` | number | No | Maximum results to return \(e.g., 10, 25, 50\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `organizationId` | string | Organization ID |
| `users` | array | List of users in the organization |
| ↳ `accountId` | string | Atlassian account ID |
| ↳ `displayName` | string | Display name |
| ↳ `emailAddress` | string | Email address |
| ↳ `active` | boolean | Whether the account is active |
| ↳ `timeZone` | string | User timezone |
| `total` | number | Total number of users |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_add_organization_users`
Add users to an organization in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `organizationId` | string | Yes | Organization ID to add users to |
| `accountIds` | string | Yes | Comma-separated account IDs to add to the organization |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `organizationId` | string | Organization ID |
| `success` | boolean | Whether users were added successfully |
### `jsm_remove_organization_users`
Remove users from an organization in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `organizationId` | string | Yes | Organization ID to remove users from |
| `accountIds` | string | Yes | Comma-separated account IDs to remove from the organization |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `organizationId` | string | Organization ID |
| `success` | boolean | Whether users were removed successfully |
### `jsm_get_queues`
Get queues for a service desk in Jira Service Management
@@ -729,51 +438,6 @@ Get queues for a service desk in Jira Service Management
| `total` | number | Total number of queues |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_queue_issues`
Get issues in a specific queue for a service desk in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
| `queueId` | string | Yes | Queue ID to get issues from |
| `start` | number | No | Start index for pagination \(e.g., 0, 50, 100\) |
| `limit` | number | No | Maximum results to return \(e.g., 10, 25, 50\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `serviceDeskId` | string | Service desk ID |
| `queueId` | string | Queue ID |
| `issues` | array | List of issues in the queue |
| ↳ `issueId` | string | Jira issue ID |
| ↳ `issueKey` | string | Issue key \(e.g., SD-123\) |
| ↳ `requestTypeId` | string | Request type ID |
| ↳ `serviceDeskId` | string | Service desk ID |
| ↳ `createdDate` | json | Creation date with iso8601, friendly, epochMillis |
| ↳ `currentStatus` | object | Current request status |
| ↳ `status` | string | Status name |
| ↳ `statusCategory` | string | Status category \(NEW, INDETERMINATE, DONE\) |
| ↳ `statusDate` | json | Status change date with iso8601, friendly, epochMillis |
| ↳ `reporter` | object | Reporter user details |
| ↳ `accountId` | string | Atlassian account ID |
| ↳ `displayName` | string | User display name |
| ↳ `emailAddress` | string | User email address |
| ↳ `active` | boolean | Whether the account is active |
| ↳ `requestFieldValues` | array | Request field values |
| ↳ `fieldId` | string | Field identifier |
| ↳ `label` | string | Human-readable field label |
| ↳ `value` | json | Field value |
| ↳ `renderedValue` | json | HTML-rendered field value |
| `total` | number | Total number of issues in the queue |
| `isLastPage` | boolean | Whether this is the last page |
### `jsm_get_sla`
Get SLA information for a service request in Jira Service Management
@@ -905,32 +569,6 @@ Add participants to a request in Jira Service Management
| ↳ `active` | boolean | Whether the account is active |
| `success` | boolean | Whether the operation succeeded |
### `jsm_remove_participants`
Remove participants from a request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
| `accountIds` | string | Yes | Comma-separated account IDs to remove as participants |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `participants` | array | Remaining participants after removal |
| ↳ `accountId` | string | Atlassian account ID |
| ↳ `displayName` | string | Display name |
| ↳ `emailAddress` | string | Email address |
| ↳ `active` | boolean | Whether the account is active |
| `success` | boolean | Whether the operation succeeded |
### `jsm_get_approvals`
Get approvals for a request in Jira Service Management
@@ -1006,9 +644,9 @@ Approve or decline an approval request in Jira Service Management
| `approval` | json | The approval object |
| `success` | boolean | Whether the operation succeeded |
### `jsm_get_feedback`
### `jsm_get_request_type_fields`
Get CSAT feedback for a service request in Jira Service Management
Get the fields required to create a request of a specific type in Jira Service Management
#### Input
@@ -1016,152 +654,27 @@ Get CSAT feedback for a service request in Jira Service Management
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
| `serviceDeskId` | string | Yes | Service Desk ID \(e.g., "1", "2"\) |
| `requestTypeId` | string | Yes | Request Type ID \(e.g., "10", "15"\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `rating` | number | CSAT rating \(1-5\) |
| `comment` | string | Feedback comment |
| `type` | string | Feedback type \(e.g., csat\) |
### `jsm_add_feedback`
Add CSAT feedback to a service request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
| `rating` | number | Yes | CSAT rating \(1-5\) |
| `comment` | string | No | Optional feedback comment |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `rating` | number | CSAT rating submitted |
| `comment` | string | Feedback comment |
| `type` | string | Feedback type |
| `success` | boolean | Whether feedback was submitted successfully |
### `jsm_delete_feedback`
Delete CSAT feedback from a service request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `success` | boolean | Whether feedback was deleted |
### `jsm_get_notification`
Get notification subscription status for a request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `subscribed` | boolean | Whether currently subscribed to notifications |
### `jsm_subscribe_notification`
Subscribe to notifications for a request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `success` | boolean | Whether subscription was successful |
### `jsm_unsubscribe_notification`
Unsubscribe from notifications for a request in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `issueIdOrKey` | string | Yes | Issue ID or key \(e.g., SD-123\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `issueIdOrKey` | string | Issue ID or key |
| `success` | boolean | Whether unsubscription was successful |
### `jsm_search_knowledge_base`
Search knowledge base articles in Jira Service Management
#### Input
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
| `cloudId` | string | No | Jira Cloud ID for the instance |
| `serviceDeskId` | string | No | Service Desk ID to search within \(optional, searches globally if omitted\) |
| `query` | string | Yes | Search query for knowledge base articles |
| `highlight` | boolean | No | Whether to highlight matching text in results |
| `start` | number | No | Start index for pagination \(e.g., 0, 50, 100\) |
| `limit` | number | No | Maximum results to return \(e.g., 10, 25, 50\) |
#### Output
| Parameter | Type | Description |
| --------- | ---- | ----------- |
| `ts` | string | Timestamp of the operation |
| `articles` | array | List of knowledge base articles |
| ↳ `title` | string | Article title |
| ↳ `excerpt` | string | Article excerpt/summary |
| ↳ `sourceType` | string | Source type \(e.g., confluence\) |
| ↳ `sourcePageId` | string | Source page ID |
| ↳ `sourceSpaceKey` | string | Source space key |
| ↳ `contentUrl` | string | URL to rendered content |
| `total` | number | Total number of articles found |
| `isLastPage` | boolean | Whether this is the last page |
| `serviceDeskId` | string | Service desk ID |
| `requestTypeId` | string | Request type ID |
| `canAddRequestParticipants` | boolean | Whether participants can be added to requests of this type |
| `canRaiseOnBehalfOf` | boolean | Whether requests can be raised on behalf of another user |
| `requestTypeFields` | array | List of fields for this request type |
| ↳ `fieldId` | string | Field identifier \(e.g., summary, description, customfield_10010\) |
| ↳ `name` | string | Human-readable field name |
| ↳ `description` | string | Help text for the field |
| ↳ `required` | boolean | Whether the field is required |
| ↳ `visible` | boolean | Whether the field is visible |
| ↳ `validValues` | json | Allowed values for select fields |
| ↳ `presetValues` | json | Pre-populated values |
| ↳ `defaultValues` | json | Default values for the field |
| ↳ `jiraSchema` | json | Jira field schema with type, system, custom, customId |

3
apps/docs/content/docs/es/keyboard-shortcuts/index.mdx
View File

@@ -42,6 +42,9 @@ Estos atajos cambian entre las pestañas del panel en el lado derecho del lienzo
| Atajo | Acción |
|----------|--------|
| `C` | Enfocar pestaña Copilot |
| `T` | Enfocar pestaña Barra de herramientas |
| `E` | Enfocar pestaña Editor |
| `Mod` + `F` | Enfocar búsqueda de Barra de herramientas |
## Navegación global

3
apps/docs/content/docs/fr/keyboard-shortcuts/index.mdx
View File

@@ -42,6 +42,9 @@ Ces raccourcis permettent de basculer entre les onglets du panneau sur le côté
| Raccourci | Action |
|----------|--------|
| `C` | Activer l'onglet Copilot |
| `T` | Activer l'onglet Barre d'outils |
| `E` | Activer l'onglet Éditeur |
| `Mod` + `F` | Activer la recherche dans la barre d'outils |
## Navigation globale

3
apps/docs/content/docs/ja/keyboard-shortcuts/index.mdx
View File

@@ -41,6 +41,9 @@ import { Callout } from 'fumadocs-ui/components/callout'
| ショートカット | 操作 |
|----------|--------|
| `C` | Copilotタブにフォーカス |
| `T` | Toolbarタブにフォーカス |
| `E` | Editorタブにフォーカス |
| `Mod` + `F` | Toolbar検索にフォーカス |
## グローバルナビゲーション

3
apps/docs/content/docs/zh/keyboard-shortcuts/index.mdx
View File

@@ -41,6 +41,9 @@ import { Callout } from 'fumadocs-ui/components/callout'
| 快捷键 | 操作 |
|----------|--------|
| `C` | 聚焦 Copilot 标签页 |
| `T` | 聚焦 Toolbar 标签页 |
| `E` | 聚焦 Editor 标签页 |
| `Mod` + `F` | 聚焦 Toolbar 搜索 |
## 全局导航

8
apps/sim/app/api/auth/accounts/route.ts
View File

@@ -1,7 +1,7 @@
import { db } from '@sim/db'
import { account } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { and, desc, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { getSession } from '@/lib/auth'
@@ -31,15 +31,13 @@ export async function GET(request: NextRequest) {
})
.from(account)
.where(and(...whereConditions))
// Use the user's email as the display name (consistent with credential selector)
const userEmail = session.user.email
.orderBy(desc(account.updatedAt))
const accountsWithDisplayName = accounts.map((acc) => ({
id: acc.id,
accountId: acc.accountId,
providerId: acc.providerId,
displayName: userEmail || acc.providerId,
displayName: acc.accountId || acc.providerId,
}))
return NextResponse.json({ accounts: accountsWithDisplayName })

277
apps/sim/app/api/auth/oauth/credentials/route.ts
View File

@@ -1,5 +1,5 @@
import { db } from '@sim/db'
import { account, user } from '@sim/db/schema'
import { account, credential, credentialMember, user } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { jwtDecode } from 'jwt-decode'
@@ -7,8 +7,10 @@ import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import { syncWorkspaceOAuthCredentialsForUser } from '@/lib/credentials/oauth'
import { evaluateScopeCoverage, type OAuthProvider, parseProvider } from '@/lib/oauth'
import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
export const dynamic = 'force-dynamic'
@@ -18,6 +20,7 @@ const credentialsQuerySchema = z
.object({
provider: z.string().nullish(),
workflowId: z.string().uuid('Workflow ID must be a valid UUID').nullish(),
workspaceId: z.string().uuid('Workspace ID must be a valid UUID').nullish(),
credentialId: z
.string()
.min(1, 'Credential ID must not be empty')
@@ -35,6 +38,79 @@ interface GoogleIdToken {
name?: string
}
function toCredentialResponse(
id: string,
displayName: string,
providerId: string,
updatedAt: Date,
scope: string | null
) {
const storedScope = scope?.trim()
const grantedScopes = storedScope ? storedScope.split(/[\s,]+/).filter(Boolean) : []
const scopeEvaluation = evaluateScopeCoverage(providerId, grantedScopes)
const [_, featureType = 'default'] = providerId.split('-')
return {
id,
name: displayName,
provider: providerId,
lastUsed: updatedAt.toISOString(),
isDefault: featureType === 'default',
scopes: scopeEvaluation.grantedScopes,
canonicalScopes: scopeEvaluation.canonicalScopes,
missingScopes: scopeEvaluation.missingScopes,
extraScopes: scopeEvaluation.extraScopes,
requiresReauthorization: scopeEvaluation.requiresReauthorization,
}
}
async function getFallbackDisplayName(
requestId: string,
providerParam: string | null | undefined,
accountRow: {
idToken: string | null
accountId: string
userId: string
}
) {
const providerForParse = (providerParam || 'google') as OAuthProvider
const { baseProvider } = parseProvider(providerForParse)
if (accountRow.idToken) {
try {
const decoded = jwtDecode<GoogleIdToken>(accountRow.idToken)
if (decoded.email) return decoded.email
if (decoded.name) return decoded.name
} catch (_error) {
logger.warn(`[${requestId}] Error decoding ID token`, {
accountId: accountRow.accountId,
})
}
}
if (baseProvider === 'github') {
return `${accountRow.accountId} (GitHub)`
}
try {
const userRecord = await db
.select({ email: user.email })
.from(user)
.where(eq(user.id, accountRow.userId))
.limit(1)
if (userRecord.length > 0) {
return userRecord[0].email
}
} catch (_error) {
logger.warn(`[${requestId}] Error fetching user email`, {
userId: accountRow.userId,
})
}
return `${accountRow.accountId} (${baseProvider})`
}
/**
* Get credentials for a specific provider
*/
@@ -46,6 +122,7 @@ export async function GET(request: NextRequest) {
const rawQuery = {
provider: searchParams.get('provider'),
workflowId: searchParams.get('workflowId'),
workspaceId: searchParams.get('workspaceId'),
credentialId: searchParams.get('credentialId'),
}
@@ -78,7 +155,7 @@ export async function GET(request: NextRequest) {
)
}
const { provider: providerParam, workflowId, credentialId } = parseResult.data
const { provider: providerParam, workflowId, workspaceId, credentialId } = parseResult.data
// Authenticate requester (supports session and internal JWT)
const authResult = await checkSessionOrInternalAuth(request)
@@ -88,7 +165,7 @@ export async function GET(request: NextRequest) {
}
const requesterUserId = authResult.userId
const effectiveUserId = requesterUserId
let effectiveWorkspaceId = workspaceId ?? undefined
if (workflowId) {
const workflowAuthorization = await authorizeWorkflowByWorkspacePermission({
workflowId,
@@ -106,101 +183,145 @@ export async function GET(request: NextRequest) {
{ status: workflowAuthorization.status }
)
}
effectiveWorkspaceId = workflowAuthorization.workflow?.workspaceId || undefined
}
// Parse the provider to get base provider and feature type (if provider is present)
const { baseProvider } = parseProvider((providerParam || 'google') as OAuthProvider)
if (effectiveWorkspaceId) {
const workspaceAccess = await checkWorkspaceAccess(effectiveWorkspaceId, requesterUserId)
if (!workspaceAccess.hasAccess) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
}
let accountsData
if (credentialId) {
const [platformCredential] = await db
.select({
id: credential.id,
workspaceId: credential.workspaceId,
type: credential.type,
displayName: credential.displayName,
providerId: credential.providerId,
accountId: credential.accountId,
accountProviderId: account.providerId,
accountScope: account.scope,
accountUpdatedAt: account.updatedAt,
})
.from(credential)
.leftJoin(account, eq(credential.accountId, account.id))
.where(eq(credential.id, credentialId))
.limit(1)
if (platformCredential) {
if (platformCredential.type !== 'oauth' || !platformCredential.accountId) {
return NextResponse.json({ credentials: [] }, { status: 200 })
}
if (workflowId) {
if (!effectiveWorkspaceId || platformCredential.workspaceId !== effectiveWorkspaceId) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
} else {
const [membership] = await db
.select({ id: credentialMember.id })
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, platformCredential.id),
eq(credentialMember.userId, requesterUserId),
eq(credentialMember.status, 'active')
)
)
.limit(1)
if (!membership) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
}
if (!platformCredential.accountProviderId || !platformCredential.accountUpdatedAt) {
return NextResponse.json({ credentials: [] }, { status: 200 })
}
return NextResponse.json(
{
credentials: [
toCredentialResponse(
platformCredential.id,
platformCredential.displayName,
platformCredential.accountProviderId,
platformCredential.accountUpdatedAt,
platformCredential.accountScope
),
],
},
{ status: 200 }
)
}
}
if (effectiveWorkspaceId && providerParam) {
await syncWorkspaceOAuthCredentialsForUser({
workspaceId: effectiveWorkspaceId,
userId: requesterUserId,
})
const credentialsData = await db
.select({
id: credential.id,
displayName: credential.displayName,
providerId: account.providerId,
scope: account.scope,
updatedAt: account.updatedAt,
})
.from(credential)
.innerJoin(account, eq(credential.accountId, account.id))
.innerJoin(
credentialMember,
and(
eq(credentialMember.credentialId, credential.id),
eq(credentialMember.userId, requesterUserId),
eq(credentialMember.status, 'active')
)
)
.where(
and(
eq(credential.workspaceId, effectiveWorkspaceId),
eq(credential.type, 'oauth'),
eq(account.providerId, providerParam)
)
)
return NextResponse.json(
{
credentials: credentialsData.map((row) =>
toCredentialResponse(row.id, row.displayName, row.providerId, row.updatedAt, row.scope)
),
},
{ status: 200 }
)
}
if (credentialId && workflowId) {
// When both workflowId and credentialId are provided, fetch by ID only.
// Workspace authorization above already proves access; the credential
// may belong to another workspace member (e.g. for display name resolution).
accountsData = await db.select().from(account).where(eq(account.id, credentialId))
} else if (credentialId) {
accountsData = await db
.select()
.from(account)
.where(and(eq(account.userId, effectiveUserId), eq(account.id, credentialId)))
.where(and(eq(account.userId, requesterUserId), eq(account.id, credentialId)))
} else {
// Fetch all credentials for provider and effective user
accountsData = await db
.select()
.from(account)
.where(and(eq(account.userId, effectiveUserId), eq(account.providerId, providerParam!)))
.where(and(eq(account.userId, requesterUserId), eq(account.providerId, providerParam!)))
}
// Transform accounts into credentials
const credentials = await Promise.all(
accountsData.map(async (acc) => {
// Extract the feature type from providerId (e.g., 'google-default' -> 'default')
const [_, featureType = 'default'] = acc.providerId.split('-')
// Try multiple methods to get a user-friendly display name
let displayName = ''
// Method 1: Try to extract email from ID token (works for Google, etc.)
if (acc.idToken) {
try {
const decoded = jwtDecode<GoogleIdToken>(acc.idToken)
if (decoded.email) {
displayName = decoded.email
} else if (decoded.name) {
displayName = decoded.name
}
} catch (_error) {
logger.warn(`[${requestId}] Error decoding ID token`, {
accountId: acc.id,
})
}
}
// Method 2: For GitHub, the accountId might be the username
if (!displayName && baseProvider === 'github') {
displayName = `${acc.accountId} (GitHub)`
}
// Method 3: Try to get the user's email from our database
if (!displayName) {
try {
const userRecord = await db
.select({ email: user.email })
.from(user)
.where(eq(user.id, acc.userId))
.limit(1)
if (userRecord.length > 0) {
displayName = userRecord[0].email
}
} catch (_error) {
logger.warn(`[${requestId}] Error fetching user email`, {
userId: acc.userId,
})
}
}
// Fallback: Use accountId with provider type as context
if (!displayName) {
displayName = `${acc.accountId} (${baseProvider})`
}
const storedScope = acc.scope?.trim()
const grantedScopes = storedScope ? storedScope.split(/[\s,]+/).filter(Boolean) : []
const scopeEvaluation = evaluateScopeCoverage(acc.providerId, grantedScopes)
return {
id: acc.id,
name: displayName,
provider: acc.providerId,
lastUsed: acc.updatedAt.toISOString(),
isDefault: featureType === 'default',
scopes: scopeEvaluation.grantedScopes,
canonicalScopes: scopeEvaluation.canonicalScopes,
missingScopes: scopeEvaluation.missingScopes,
extraScopes: scopeEvaluation.extraScopes,
requiresReauthorization: scopeEvaluation.requiresReauthorization,
}
const displayName = await getFallbackDisplayName(requestId, providerParam, acc)
return toCredentialResponse(acc.id, displayName, acc.providerId, acc.updatedAt, acc.scope)
})
)

12
apps/sim/app/api/auth/oauth/disconnect/route.ts
View File

@@ -15,6 +15,7 @@ const logger = createLogger('OAuthDisconnectAPI')
const disconnectSchema = z.object({
provider: z.string({ required_error: 'Provider is required' }).min(1, 'Provider is required'),
providerId: z.string().optional(),
accountId: z.string().optional(),
})
/**
@@ -50,15 +51,20 @@ export async function POST(request: NextRequest) {
)
}
const { provider, providerId } = parseResult.data
const { provider, providerId, accountId } = parseResult.data
logger.info(`[${requestId}] Processing OAuth disconnect request`, {
provider,
hasProviderId: !!providerId,
})
// If a specific providerId is provided, delete only that account
if (providerId) {
// If a specific account row ID is provided, delete that exact account
if (accountId) {
await db
.delete(account)
.where(and(eq(account.userId, session.user.id), eq(account.id, accountId)))
} else if (providerId) {
// If a specific providerId is provided, delete accounts for that provider ID
await db
.delete(account)
.where(and(eq(account.userId, session.user.id), eq(account.providerId, providerId)))

9
apps/sim/app/api/auth/oauth/microsoft/file/route.ts
View File

@@ -38,13 +38,18 @@ export async function GET(request: NextRequest) {
return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status })
}
const credential = await getCredential(requestId, credentialId, authz.credentialOwnerUserId)
const resolvedCredentialId = authz.resolvedCredentialId || credentialId
const credential = await getCredential(
requestId,
resolvedCredentialId,
authz.credentialOwnerUserId
)
if (!credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
const accessToken = await refreshAccessTokenIfNeeded(
credentialId,
resolvedCredentialId,
authz.credentialOwnerUserId,
requestId
)

9
apps/sim/app/api/auth/oauth/microsoft/files/route.ts
View File

@@ -37,14 +37,19 @@ export async function GET(request: NextRequest) {
return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status })
}
const credential = await getCredential(requestId, credentialId, authz.credentialOwnerUserId)
const resolvedCredentialId = authz.resolvedCredentialId || credentialId
const credential = await getCredential(
requestId,
resolvedCredentialId,
authz.credentialOwnerUserId
)
if (!credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
// Refresh access token if needed using the utility function
const accessToken = await refreshAccessTokenIfNeeded(
credentialId,
resolvedCredentialId,
authz.credentialOwnerUserId,
requestId
)

36
apps/sim/app/api/auth/oauth/token/route.ts
View File

@@ -119,14 +119,23 @@ export async function POST(request: NextRequest) {
return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
}
const credential = await getCredential(requestId, credentialId, authz.credentialOwnerUserId)
const resolvedCredentialId = authz.resolvedCredentialId || credentialId
const credential = await getCredential(
requestId,
resolvedCredentialId,
authz.credentialOwnerUserId
)
if (!credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
try {
const { accessToken } = await refreshTokenIfNeeded(requestId, credential, credentialId)
const { accessToken } = await refreshTokenIfNeeded(
requestId,
credential,
resolvedCredentialId
)
let instanceUrl: string | undefined
if (credential.providerId === 'salesforce' && credential.scope) {
@@ -186,13 +195,20 @@ export async function GET(request: NextRequest) {
const { credentialId } = parseResult.data
// For GET requests, we only support session-based authentication
const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!auth.success || auth.authType !== 'session' || !auth.userId) {
return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
const authz = await authorizeCredentialUse(request, {
credentialId,
requireWorkflowIdForInternal: false,
})
if (!authz.ok || authz.authType !== 'session' || !authz.credentialOwnerUserId) {
return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
}
const credential = await getCredential(requestId, credentialId, auth.userId)
const resolvedCredentialId = authz.resolvedCredentialId || credentialId
const credential = await getCredential(
requestId,
resolvedCredentialId,
authz.credentialOwnerUserId
)
if (!credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
@@ -204,7 +220,11 @@ export async function GET(request: NextRequest) {
}
try {
const { accessToken } = await refreshTokenIfNeeded(requestId, credential, credentialId)
const { accessToken } = await refreshTokenIfNeeded(
requestId,
credential,
resolvedCredentialId
)
// For Salesforce, extract instanceUrl from the scope field
let instanceUrl: string | undefined

11
apps/sim/app/api/auth/oauth/utils.test.ts
View File

@@ -50,7 +50,7 @@ describe('OAuth Utils', () => {
describe('getCredential', () => {
it('should return credential when found', async () => {
const mockCredential = { id: 'credential-id', userId: 'test-user-id' }
mockDbTyped.limit.mockReturnValueOnce([mockCredential])
mockDbTyped.limit.mockReturnValueOnce([]).mockReturnValueOnce([mockCredential])
const credential = await getCredential('request-id', 'credential-id', 'test-user-id')
@@ -59,7 +59,8 @@ describe('OAuth Utils', () => {
expect(mockDbTyped.where).toHaveBeenCalled()
expect(mockDbTyped.limit).toHaveBeenCalledWith(1)
expect(credential).toEqual(mockCredential)
expect(credential).toMatchObject(mockCredential)
expect(credential).toMatchObject({ resolvedCredentialId: 'credential-id' })
})
it('should return undefined when credential is not found', async () => {
@@ -152,7 +153,7 @@ describe('OAuth Utils', () => {
providerId: 'google',
userId: 'test-user-id',
}
mockDbTyped.limit.mockReturnValueOnce([mockCredential])
mockDbTyped.limit.mockReturnValueOnce([]).mockReturnValueOnce([mockCredential])
const token = await refreshAccessTokenIfNeeded('credential-id', 'test-user-id', 'request-id')
@@ -169,7 +170,7 @@ describe('OAuth Utils', () => {
providerId: 'google',
userId: 'test-user-id',
}
mockDbTyped.limit.mockReturnValueOnce([mockCredential])
mockDbTyped.limit.mockReturnValueOnce([]).mockReturnValueOnce([mockCredential])
mockRefreshOAuthToken.mockResolvedValueOnce({
accessToken: 'new-token',
@@ -202,7 +203,7 @@ describe('OAuth Utils', () => {
providerId: 'google',
userId: 'test-user-id',
}
mockDbTyped.limit.mockReturnValueOnce([mockCredential])
mockDbTyped.limit.mockReturnValueOnce([]).mockReturnValueOnce([mockCredential])
mockRefreshOAuthToken.mockResolvedValueOnce(null)

47
apps/sim/app/api/auth/oauth/utils.ts
View File

@@ -1,5 +1,5 @@
import { db } from '@sim/db'
import { account, credentialSetMember } from '@sim/db/schema'
import { account, credential, credentialSetMember } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, desc, eq, inArray } from 'drizzle-orm'
import { refreshOAuthToken } from '@/lib/oauth'
@@ -25,6 +25,28 @@ interface AccountInsertData {
accessTokenExpiresAt?: Date
}
async function resolveOAuthAccountId(
credentialId: string
): Promise<{ accountId: string; usedCredentialTable: boolean } | null> {
const [credentialRow] = await db
.select({
type: credential.type,
accountId: credential.accountId,
})
.from(credential)
.where(eq(credential.id, credentialId))
.limit(1)
if (credentialRow) {
if (credentialRow.type !== 'oauth' || !credentialRow.accountId) {
return null
}
return { accountId: credentialRow.accountId, usedCredentialTable: true }
}
return { accountId: credentialId, usedCredentialTable: false }
}
/**
* Safely inserts an account record, handling duplicate constraint violations gracefully.
* If a duplicate is detected (unique constraint violation), logs a warning and returns success.
@@ -52,10 +74,16 @@ export async function safeAccountInsert(
* Get a credential by ID and verify it belongs to the user
*/
export async function getCredential(requestId: string, credentialId: string, userId: string) {
const resolved = await resolveOAuthAccountId(credentialId)
if (!resolved) {
logger.warn(`[${requestId}] Credential is not an OAuth credential`)
return undefined
}
const credentials = await db
.select()
.from(account)
.where(and(eq(account.id, credentialId), eq(account.userId, userId)))
.where(and(eq(account.id, resolved.accountId), eq(account.userId, userId)))
.limit(1)
if (!credentials.length) {
@@ -63,7 +91,10 @@ export async function getCredential(requestId: string, credentialId: string, use
return undefined
}
return credentials[0]
return {
...credentials[0],
resolvedCredentialId: resolved.accountId,
}
}
export async function getOAuthToken(userId: string, providerId: string): Promise<string | null> {
@@ -238,7 +269,9 @@ export async function refreshAccessTokenIfNeeded(
}
// Update the token in the database
await db.update(account).set(updateData).where(eq(account.id, credentialId))
const resolvedCredentialId =
(credential as { resolvedCredentialId?: string }).resolvedCredentialId ?? credentialId
await db.update(account).set(updateData).where(eq(account.id, resolvedCredentialId))
logger.info(`[${requestId}] Successfully refreshed access token for credential`)
return refreshedToken.accessToken
@@ -274,6 +307,8 @@ export async function refreshTokenIfNeeded(
credential: any,
credentialId: string
): Promise<{ accessToken: string; refreshed: boolean }> {
const resolvedCredentialId = credential.resolvedCredentialId ?? credentialId
// Decide if we should refresh: token missing OR expired
const accessTokenExpiresAt = credential.accessTokenExpiresAt
const refreshTokenExpiresAt = credential.refreshTokenExpiresAt
@@ -334,7 +369,7 @@ export async function refreshTokenIfNeeded(
updateData.refreshTokenExpiresAt = getMicrosoftRefreshTokenExpiry()
}
await db.update(account).set(updateData).where(eq(account.id, credentialId))
await db.update(account).set(updateData).where(eq(account.id, resolvedCredentialId))
logger.info(`[${requestId}] Successfully refreshed access token`)
return { accessToken: refreshedToken, refreshed: true }
@@ -343,7 +378,7 @@ export async function refreshTokenIfNeeded(
`[${requestId}] Refresh attempt failed, checking if another concurrent request succeeded`
)
const freshCredential = await getCredential(requestId, credentialId, credential.userId)
const freshCredential = await getCredential(requestId, resolvedCredentialId, credential.userId)
if (freshCredential?.accessToken) {
const freshExpiresAt = freshCredential.accessTokenExpiresAt
const stillValid = !freshExpiresAt || freshExpiresAt > new Date()

9
apps/sim/app/api/auth/oauth2/shopify/store/route.ts
View File

@@ -48,16 +48,21 @@ export async function GET(request: NextRequest) {
const shopData = await shopResponse.json()
const shopInfo = shopData.shop
const stableAccountId = shopInfo.id?.toString() || shopDomain
const existing = await db.query.account.findFirst({
where: and(eq(account.userId, session.user.id), eq(account.providerId, 'shopify')),
where: and(
eq(account.userId, session.user.id),
eq(account.providerId, 'shopify'),
eq(account.accountId, stableAccountId)
),
})
const now = new Date()
const accountData = {
accessToken: accessToken,
accountId: shopInfo.id?.toString() || shopDomain,
accountId: stableAccountId,
scope: scope || '',
updatedAt: now,
idToken: shopDomain,

6
apps/sim/app/api/auth/trello/store/route.ts
View File

@@ -52,7 +52,11 @@ export async function POST(request: NextRequest) {
const trelloUser = await userResponse.json()
const existing = await db.query.account.findFirst({
where: and(eq(account.userId, session.user.id), eq(account.providerId, 'trello')),
where: and(
eq(account.userId, session.user.id),
eq(account.providerId, 'trello'),
eq(account.accountId, trelloUser.id)
),
})
const now = new Date()

52
apps/sim/app/api/copilot/chat/route.ts
View File

@@ -113,7 +113,6 @@ const ChatMessageSchema = z.object({
workflowId: z.string().optional(),
knowledgeId: z.string().optional(),
blockId: z.string().optional(),
blockIds: z.array(z.string()).optional(),
templateId: z.string().optional(),
executionId: z.string().optional(),
// For workflow_block, provide both workflowId and blockId
@@ -160,20 +159,6 @@ export async function POST(req: NextRequest) {
commands,
} = ChatMessageSchema.parse(body)
const normalizedContexts = Array.isArray(contexts)
? contexts.map((ctx) => {
if (ctx.kind !== 'blocks') return ctx
if (Array.isArray(ctx.blockIds) && ctx.blockIds.length > 0) return ctx
if (ctx.blockId) {
return {
...ctx,
blockIds: [ctx.blockId],
}
}
return ctx
})
: contexts
// Resolve workflowId - if not provided, use first workflow or find by name
const resolved = await resolveWorkflowIdForUser(
authenticatedUserId,
@@ -191,10 +176,10 @@ export async function POST(req: NextRequest) {
const userMessageIdToUse = userMessageId || crypto.randomUUID()
try {
logger.info(`[${tracker.requestId}] Received chat POST`, {
hasContexts: Array.isArray(normalizedContexts),
contextsCount: Array.isArray(normalizedContexts) ? normalizedContexts.length : 0,
contextsPreview: Array.isArray(normalizedContexts)
? normalizedContexts.map((c: any) => ({
hasContexts: Array.isArray(contexts),
contextsCount: Array.isArray(contexts) ? contexts.length : 0,
contextsPreview: Array.isArray(contexts)
? contexts.map((c: any) => ({
kind: c?.kind,
chatId: c?.chatId,
workflowId: c?.workflowId,
@@ -206,25 +191,17 @@ export async function POST(req: NextRequest) {
} catch {}
// Preprocess contexts server-side
let agentContexts: Array<{ type: string; content: string }> = []
if (Array.isArray(normalizedContexts) && normalizedContexts.length > 0) {
if (Array.isArray(contexts) && contexts.length > 0) {
try {
const { processContextsServer } = await import('@/lib/copilot/process-contents')
const processed = await processContextsServer(
normalizedContexts as any,
authenticatedUserId,
message
)
const processed = await processContextsServer(contexts as any, authenticatedUserId, message)
agentContexts = processed
logger.info(`[${tracker.requestId}] Contexts processed for request`, {
processedCount: agentContexts.length,
kinds: agentContexts.map((c) => c.type),
lengthPreview: agentContexts.map((c) => c.content?.length ?? 0),
})
if (
Array.isArray(normalizedContexts) &&
normalizedContexts.length > 0 &&
agentContexts.length === 0
) {
if (Array.isArray(contexts) && contexts.length > 0 && agentContexts.length === 0) {
logger.warn(
`[${tracker.requestId}] Contexts provided but none processed. Check executionId for logs contexts.`
)
@@ -269,13 +246,11 @@ export async function POST(req: NextRequest) {
mode,
model: selectedModel,
provider,
conversationId: effectiveConversationId,
conversationHistory,
contexts: agentContexts,
fileAttachments,
commands,
chatId: actualChatId,
prefetch,
implicitFeedback,
},
{
@@ -457,15 +432,10 @@ export async function POST(req: NextRequest) {
content: message,
timestamp: new Date().toISOString(),
...(fileAttachments && fileAttachments.length > 0 && { fileAttachments }),
...(Array.isArray(normalizedContexts) &&
normalizedContexts.length > 0 && {
contexts: normalizedContexts,
}),
...(Array.isArray(normalizedContexts) &&
normalizedContexts.length > 0 && {
contentBlocks: [
{ type: 'contexts', contexts: normalizedContexts as any, timestamp: Date.now() },
],
...(Array.isArray(contexts) && contexts.length > 0 && { contexts }),
...(Array.isArray(contexts) &&
contexts.length > 0 && {
contentBlocks: [{ type: 'contexts', contexts: contexts as any, timestamp: Date.now() }],
}),
}

194
apps/sim/app/api/credentials/[id]/members/route.ts Normal file
View File

@@ -0,0 +1,194 @@
import { db } from '@sim/db'
import { credential, credentialMember, user } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
const logger = createLogger('CredentialMembersAPI')
interface RouteContext {
params: Promise<{ id: string }>
}
async function requireAdminMembership(credentialId: string, userId: string) {
const [membership] = await db
.select({ role: credentialMember.role, status: credentialMember.status })
.from(credentialMember)
.where(
and(eq(credentialMember.credentialId, credentialId), eq(credentialMember.userId, userId))
)
.limit(1)
if (!membership || membership.status !== 'active' || membership.role !== 'admin') {
return null
}
return membership
}
export async function GET(_request: NextRequest, context: RouteContext) {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id: credentialId } = await context.params
const [cred] = await db
.select({ id: credential.id })
.from(credential)
.where(eq(credential.id, credentialId))
.limit(1)
if (!cred) {
return NextResponse.json({ members: [] }, { status: 200 })
}
const members = await db
.select({
id: credentialMember.id,
userId: credentialMember.userId,
role: credentialMember.role,
status: credentialMember.status,
joinedAt: credentialMember.joinedAt,
userName: user.name,
userEmail: user.email,
})
.from(credentialMember)
.innerJoin(user, eq(credentialMember.userId, user.id))
.where(eq(credentialMember.credentialId, credentialId))
return NextResponse.json({ members })
} catch (error) {
logger.error('Failed to fetch credential members', { error })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
const addMemberSchema = z.object({
userId: z.string().min(1),
role: z.enum(['admin', 'member']).default('member'),
})
export async function POST(request: NextRequest, context: RouteContext) {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id: credentialId } = await context.params
const admin = await requireAdminMembership(credentialId, session.user.id)
if (!admin) {
return NextResponse.json({ error: 'Admin access required' }, { status: 403 })
}
const body = await request.json()
const parsed = addMemberSchema.safeParse(body)
if (!parsed.success) {
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
}
const { userId, role } = parsed.data
const now = new Date()
const [existing] = await db
.select({ id: credentialMember.id, status: credentialMember.status })
.from(credentialMember)
.where(
and(eq(credentialMember.credentialId, credentialId), eq(credentialMember.userId, userId))
)
.limit(1)
if (existing) {
await db
.update(credentialMember)
.set({ role, status: 'active', updatedAt: now })
.where(eq(credentialMember.id, existing.id))
return NextResponse.json({ success: true })
}
await db.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId,
role,
status: 'active',
joinedAt: now,
invitedBy: session.user.id,
createdAt: now,
updatedAt: now,
})
return NextResponse.json({ success: true }, { status: 201 })
} catch (error) {
logger.error('Failed to add credential member', { error })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
export async function DELETE(request: NextRequest, context: RouteContext) {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id: credentialId } = await context.params
const targetUserId = new URL(request.url).searchParams.get('userId')
if (!targetUserId) {
return NextResponse.json({ error: 'userId query parameter required' }, { status: 400 })
}
const admin = await requireAdminMembership(credentialId, session.user.id)
if (!admin) {
return NextResponse.json({ error: 'Admin access required' }, { status: 403 })
}
const [target] = await db
.select({
id: credentialMember.id,
role: credentialMember.role,
status: credentialMember.status,
})
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
eq(credentialMember.userId, targetUserId)
)
)
.limit(1)
if (!target) {
return NextResponse.json({ error: 'Member not found' }, { status: 404 })
}
if (target.role === 'admin') {
const activeAdmins = await db
.select({ id: credentialMember.id })
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
eq(credentialMember.role, 'admin'),
eq(credentialMember.status, 'active')
)
)
if (activeAdmins.length <= 1) {
return NextResponse.json({ error: 'Cannot remove the last admin' }, { status: 400 })
}
}
await db.delete(credentialMember).where(eq(credentialMember.id, target.id))
return NextResponse.json({ success: true })
} catch (error) {
logger.error('Failed to remove credential member', { error })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

234
apps/sim/app/api/credentials/[id]/route.ts Normal file
View File

@@ -0,0 +1,234 @@
import { db } from '@sim/db'
import { credential, credentialMember, environment, workspaceEnvironment } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
import { getCredentialActorContext } from '@/lib/credentials/access'
import {
syncPersonalEnvCredentialsForUser,
syncWorkspaceEnvCredentials,
} from '@/lib/credentials/environment'
const logger = createLogger('CredentialByIdAPI')
const updateCredentialSchema = z
.object({
displayName: z.string().trim().min(1).max(255).optional(),
accountId: z.string().trim().min(1).optional(),
})
.strict()
.refine((data) => Boolean(data.displayName || data.accountId), {
message: 'At least one field must be provided',
path: ['displayName'],
})
async function getCredentialResponse(credentialId: string, userId: string) {
const [row] = await db
.select({
id: credential.id,
workspaceId: credential.workspaceId,
type: credential.type,
displayName: credential.displayName,
providerId: credential.providerId,
accountId: credential.accountId,
envKey: credential.envKey,
envOwnerUserId: credential.envOwnerUserId,
createdBy: credential.createdBy,
createdAt: credential.createdAt,
updatedAt: credential.updatedAt,
role: credentialMember.role,
status: credentialMember.status,
})
.from(credential)
.innerJoin(
credentialMember,
and(eq(credentialMember.credentialId, credential.id), eq(credentialMember.userId, userId))
)
.where(eq(credential.id, credentialId))
.limit(1)
return row ?? null
}
export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id } = await params
try {
const access = await getCredentialActorContext(id, session.user.id)
if (!access.credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
if (!access.hasWorkspaceAccess || !access.member) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
const row = await getCredentialResponse(id, session.user.id)
return NextResponse.json({ credential: row }, { status: 200 })
} catch (error) {
logger.error('Failed to fetch credential', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id } = await params
try {
const parseResult = updateCredentialSchema.safeParse(await request.json())
if (!parseResult.success) {
return NextResponse.json({ error: parseResult.error.errors[0]?.message }, { status: 400 })
}
const access = await getCredentialActorContext(id, session.user.id)
if (!access.credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
if (!access.hasWorkspaceAccess || !access.isAdmin) {
return NextResponse.json({ error: 'Credential admin permission required' }, { status: 403 })
}
if (access.credential.type === 'oauth') {
return NextResponse.json(
{
error:
'OAuth credential editing is disabled. Connect an account and create or use its linked credential.',
},
{ status: 400 }
)
}
return NextResponse.json(
{
error:
'Environment credentials cannot be updated via this endpoint. Use the environment value editor in credentials settings.',
},
{ status: 400 }
)
} catch (error) {
logger.error('Failed to update credential', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
export async function DELETE(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const { id } = await params
try {
const access = await getCredentialActorContext(id, session.user.id)
if (!access.credential) {
return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
}
if (!access.hasWorkspaceAccess || !access.isAdmin) {
return NextResponse.json({ error: 'Credential admin permission required' }, { status: 403 })
}
if (access.credential.type === 'env_personal' && access.credential.envKey) {
const ownerUserId = access.credential.envOwnerUserId
if (!ownerUserId) {
return NextResponse.json({ error: 'Invalid personal secret owner' }, { status: 400 })
}
const [personalRow] = await db
.select({ variables: environment.variables })
.from(environment)
.where(eq(environment.userId, ownerUserId))
.limit(1)
const current = ((personalRow?.variables as Record<string, string> | null) ?? {}) as Record<
string,
string
>
if (access.credential.envKey in current) {
delete current[access.credential.envKey]
}
await db
.insert(environment)
.values({
id: ownerUserId,
userId: ownerUserId,
variables: current,
updatedAt: new Date(),
})
.onConflictDoUpdate({
target: [environment.userId],
set: { variables: current, updatedAt: new Date() },
})
await syncPersonalEnvCredentialsForUser({
userId: ownerUserId,
envKeys: Object.keys(current),
})
return NextResponse.json({ success: true }, { status: 200 })
}
if (access.credential.type === 'env_workspace' && access.credential.envKey) {
const [workspaceRow] = await db
.select({
id: workspaceEnvironment.id,
createdAt: workspaceEnvironment.createdAt,
variables: workspaceEnvironment.variables,
})
.from(workspaceEnvironment)
.where(eq(workspaceEnvironment.workspaceId, access.credential.workspaceId))
.limit(1)
const current = ((workspaceRow?.variables as Record<string, string> | null) ?? {}) as Record<
string,
string
>
if (access.credential.envKey in current) {
delete current[access.credential.envKey]
}
await db
.insert(workspaceEnvironment)
.values({
id: workspaceRow?.id || crypto.randomUUID(),
workspaceId: access.credential.workspaceId,
variables: current,
createdAt: workspaceRow?.createdAt || new Date(),
updatedAt: new Date(),
})
.onConflictDoUpdate({
target: [workspaceEnvironment.workspaceId],
set: { variables: current, updatedAt: new Date() },
})
await syncWorkspaceEnvCredentials({
workspaceId: access.credential.workspaceId,
envKeys: Object.keys(current),
actingUserId: session.user.id,
})
return NextResponse.json({ success: true }, { status: 200 })
}
await db.delete(credential).where(eq(credential.id, id))
return NextResponse.json({ success: true }, { status: 200 })
} catch (error) {
logger.error('Failed to delete credential', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

81
apps/sim/app/api/credentials/bootstrap/route.ts Normal file
View File

@@ -0,0 +1,81 @@
import { db } from '@sim/db'
import { environment, workspaceEnvironment } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
import {
syncPersonalEnvCredentialsForUser,
syncWorkspaceEnvCredentials,
} from '@/lib/credentials/environment'
import { syncWorkspaceOAuthCredentialsForUser } from '@/lib/credentials/oauth'
import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
const logger = createLogger('CredentialsBootstrapAPI')
const bootstrapSchema = z.object({
workspaceId: z.string().uuid('Workspace ID must be a valid UUID'),
})
/**
* Ensures the current user's connected accounts and env vars are reflected as workspace credentials.
*/
export async function POST(request: NextRequest) {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
try {
const parseResult = bootstrapSchema.safeParse(await request.json())
if (!parseResult.success) {
return NextResponse.json({ error: parseResult.error.errors[0]?.message }, { status: 400 })
}
const { workspaceId } = parseResult.data
const workspaceAccess = await checkWorkspaceAccess(workspaceId, session.user.id)
if (!workspaceAccess.hasAccess) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
const [personalRow, workspaceRow] = await Promise.all([
db
.select({ variables: environment.variables })
.from(environment)
.where(eq(environment.userId, session.user.id))
.limit(1),
db
.select({ variables: workspaceEnvironment.variables })
.from(workspaceEnvironment)
.where(eq(workspaceEnvironment.workspaceId, workspaceId))
.limit(1),
])
const personalKeys = Object.keys((personalRow[0]?.variables as Record<string, string>) || {})
const workspaceKeys = Object.keys((workspaceRow[0]?.variables as Record<string, string>) || {})
const [oauthSyncResult] = await Promise.all([
syncWorkspaceOAuthCredentialsForUser({ workspaceId, userId: session.user.id }),
syncPersonalEnvCredentialsForUser({ userId: session.user.id, envKeys: personalKeys }),
syncWorkspaceEnvCredentials({
workspaceId,
envKeys: workspaceKeys,
actingUserId: session.user.id,
}),
])
return NextResponse.json({
success: true,
synced: {
oauthCreated: oauthSyncResult.createdCredentials,
oauthMembershipsUpdated: oauthSyncResult.updatedMemberships,
personalEnvKeys: personalKeys.length,
workspaceEnvKeys: workspaceKeys.length,
},
})
} catch (error) {
logger.error('Failed to bootstrap workspace credentials', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

73
apps/sim/app/api/credentials/draft/route.ts Normal file
View File

@@ -0,0 +1,73 @@
import { db } from '@sim/db'
import { pendingCredentialDraft } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq, lt } from 'drizzle-orm'
import { NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
const logger = createLogger('CredentialDraftAPI')
const DRAFT_TTL_MS = 15 * 60 * 1000
const createDraftSchema = z.object({
workspaceId: z.string().min(1),
providerId: z.string().min(1),
displayName: z.string().min(1),
})
export async function POST(request: Request) {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const body = await request.json()
const parsed = createDraftSchema.safeParse(body)
if (!parsed.success) {
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
}
const { workspaceId, providerId, displayName } = parsed.data
const userId = session.user.id
const now = new Date()
await db
.delete(pendingCredentialDraft)
.where(
and(eq(pendingCredentialDraft.userId, userId), lt(pendingCredentialDraft.expiresAt, now))
)
await db
.insert(pendingCredentialDraft)
.values({
id: crypto.randomUUID(),
userId,
workspaceId,
providerId,
displayName,
expiresAt: new Date(now.getTime() + DRAFT_TTL_MS),
createdAt: now,
})
.onConflictDoUpdate({
target: [
pendingCredentialDraft.userId,
pendingCredentialDraft.providerId,
pendingCredentialDraft.workspaceId,
],
set: {
displayName,
expiresAt: new Date(now.getTime() + DRAFT_TTL_MS),
createdAt: now,
},
})
logger.info('Credential draft saved', { userId, workspaceId, providerId, displayName })
return NextResponse.json({ success: true }, { status: 200 })
} catch (error) {
logger.error('Failed to save credential draft', { error })
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

112
apps/sim/app/api/credentials/memberships/route.ts Normal file
View File

@@ -0,0 +1,112 @@
import { db } from '@sim/db'
import { credential, credentialMember } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
const logger = createLogger('CredentialMembershipsAPI')
const leaveCredentialSchema = z.object({
credentialId: z.string().min(1),
})
export async function GET() {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
try {
const memberships = await db
.select({
membershipId: credentialMember.id,
credentialId: credential.id,
workspaceId: credential.workspaceId,
type: credential.type,
displayName: credential.displayName,
providerId: credential.providerId,
role: credentialMember.role,
status: credentialMember.status,
joinedAt: credentialMember.joinedAt,
})
.from(credentialMember)
.innerJoin(credential, eq(credentialMember.credentialId, credential.id))
.where(eq(credentialMember.userId, session.user.id))
return NextResponse.json({ memberships }, { status: 200 })
} catch (error) {
logger.error('Failed to list credential memberships', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
export async function DELETE(request: NextRequest) {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
try {
const parseResult = leaveCredentialSchema.safeParse({
credentialId: new URL(request.url).searchParams.get('credentialId'),
})
if (!parseResult.success) {
return NextResponse.json({ error: parseResult.error.errors[0]?.message }, { status: 400 })
}
const { credentialId } = parseResult.data
const [membership] = await db
.select()
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
eq(credentialMember.userId, session.user.id)
)
)
.limit(1)
if (!membership) {
return NextResponse.json({ error: 'Membership not found' }, { status: 404 })
}
if (membership.status !== 'active') {
return NextResponse.json({ success: true }, { status: 200 })
}
if (membership.role === 'admin') {
const activeAdmins = await db
.select({ id: credentialMember.id })
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
eq(credentialMember.role, 'admin'),
eq(credentialMember.status, 'active')
)
)
if (activeAdmins.length <= 1) {
return NextResponse.json(
{ error: 'Cannot leave credential as the last active admin' },
{ status: 400 }
)
}
}
await db
.update(credentialMember)
.set({
status: 'revoked',
updatedAt: new Date(),
})
.where(eq(credentialMember.id, membership.id))
return NextResponse.json({ success: true }, { status: 200 })
} catch (error) {
logger.error('Failed to leave credential', error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

468
apps/sim/app/api/credentials/route.ts Normal file
View File

@@ -0,0 +1,468 @@
import { db } from '@sim/db'
import { account, credential, credentialMember, workspace } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
import { generateRequestId } from '@/lib/core/utils/request'
import { getWorkspaceMemberUserIds } from '@/lib/credentials/environment'
import { syncWorkspaceOAuthCredentialsForUser } from '@/lib/credentials/oauth'
import { getServiceConfigByProviderId } from '@/lib/oauth'
import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
import { isValidEnvVarName } from '@/executor/constants'
const logger = createLogger('CredentialsAPI')
const credentialTypeSchema = z.enum(['oauth', 'env_workspace', 'env_personal'])
function normalizeEnvKeyInput(raw: string): string {
const trimmed = raw.trim()
const wrappedMatch = /^\{\{\s*([A-Za-z0-9_]+)\s*\}\}$/.exec(trimmed)
return wrappedMatch ? wrappedMatch[1] : trimmed
}
const listCredentialsSchema = z.object({
workspaceId: z.string().uuid('Workspace ID must be a valid UUID'),
type: credentialTypeSchema.optional(),
providerId: z.string().optional(),
})
const createCredentialSchema = z
.object({
workspaceId: z.string().uuid('Workspace ID must be a valid UUID'),
type: credentialTypeSchema,
displayName: z.string().trim().min(1).max(255).optional(),
providerId: z.string().trim().min(1).optional(),
accountId: z.string().trim().min(1).optional(),
envKey: z.string().trim().min(1).optional(),
envOwnerUserId: z.string().trim().min(1).optional(),
})
.superRefine((data, ctx) => {
if (data.type === 'oauth') {
if (!data.accountId) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: 'accountId is required for oauth credentials',
path: ['accountId'],
})
}
if (!data.providerId) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: 'providerId is required for oauth credentials',
path: ['providerId'],
})
}
if (!data.displayName) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: 'displayName is required for oauth credentials',
path: ['displayName'],
})
}
return
}
const normalizedEnvKey = data.envKey ? normalizeEnvKeyInput(data.envKey) : ''
if (!normalizedEnvKey) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: 'envKey is required for env credentials',
path: ['envKey'],
})
return
}
if (!isValidEnvVarName(normalizedEnvKey)) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: 'envKey must contain only letters, numbers, and underscores',
path: ['envKey'],
})
}
})
interface ExistingCredentialSourceParams {
workspaceId: string
type: 'oauth' | 'env_workspace' | 'env_personal'
accountId?: string | null
envKey?: string | null
envOwnerUserId?: string | null
}
async function findExistingCredentialBySource(params: ExistingCredentialSourceParams) {
const { workspaceId, type, accountId, envKey, envOwnerUserId } = params
if (type === 'oauth' && accountId) {
const [row] = await db
.select()
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'oauth'),
eq(credential.accountId, accountId)
)
)
.limit(1)
return row ?? null
}
if (type === 'env_workspace' && envKey) {
const [row] = await db
.select()
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_workspace'),
eq(credential.envKey, envKey)
)
)
.limit(1)
return row ?? null
}
if (type === 'env_personal' && envKey && envOwnerUserId) {
const [row] = await db
.select()
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_personal'),
eq(credential.envKey, envKey),
eq(credential.envOwnerUserId, envOwnerUserId)
)
)
.limit(1)
return row ?? null
}
return null
}
export async function GET(request: NextRequest) {
const requestId = generateRequestId()
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
try {
const { searchParams } = new URL(request.url)
const rawWorkspaceId = searchParams.get('workspaceId')
const rawType = searchParams.get('type')
const rawProviderId = searchParams.get('providerId')
const parseResult = listCredentialsSchema.safeParse({
workspaceId: rawWorkspaceId?.trim(),
type: rawType?.trim() || undefined,
providerId: rawProviderId?.trim() || undefined,
})
if (!parseResult.success) {
logger.warn(`[${requestId}] Invalid credential list request`, {
workspaceId: rawWorkspaceId,
type: rawType,
providerId: rawProviderId,
errors: parseResult.error.errors,
})
return NextResponse.json({ error: parseResult.error.errors[0]?.message }, { status: 400 })
}
const { workspaceId, type, providerId } = parseResult.data
const workspaceAccess = await checkWorkspaceAccess(workspaceId, session.user.id)
if (!workspaceAccess.hasAccess) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
if (!type || type === 'oauth') {
await syncWorkspaceOAuthCredentialsForUser({ workspaceId, userId: session.user.id })
}
const whereClauses = [
eq(credential.workspaceId, workspaceId),
eq(credentialMember.userId, session.user.id),
eq(credentialMember.status, 'active'),
]
if (type) {
whereClauses.push(eq(credential.type, type))
}
if (providerId) {
whereClauses.push(eq(credential.providerId, providerId))
}
const credentials = await db
.select({
id: credential.id,
workspaceId: credential.workspaceId,
type: credential.type,
displayName: credential.displayName,
providerId: credential.providerId,
accountId: credential.accountId,
envKey: credential.envKey,
envOwnerUserId: credential.envOwnerUserId,
createdBy: credential.createdBy,
createdAt: credential.createdAt,
updatedAt: credential.updatedAt,
role: credentialMember.role,
})
.from(credential)
.innerJoin(
credentialMember,
and(
eq(credentialMember.credentialId, credential.id),
eq(credentialMember.userId, session.user.id),
eq(credentialMember.status, 'active')
)
)
.where(and(...whereClauses))
return NextResponse.json({ credentials })
} catch (error) {
logger.error(`[${requestId}] Failed to list credentials`, error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}
export async function POST(request: NextRequest) {
const requestId = generateRequestId()
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const parseResult = createCredentialSchema.safeParse(body)
if (!parseResult.success) {
return NextResponse.json({ error: parseResult.error.errors[0]?.message }, { status: 400 })
}
const { workspaceId, type, displayName, providerId, accountId, envKey, envOwnerUserId } =
parseResult.data
const workspaceAccess = await checkWorkspaceAccess(workspaceId, session.user.id)
if (!workspaceAccess.canWrite) {
return NextResponse.json({ error: 'Write permission required' }, { status: 403 })
}
let resolvedDisplayName = displayName?.trim() ?? ''
let resolvedProviderId: string | null = providerId ?? null
let resolvedAccountId: string | null = accountId ?? null
const resolvedEnvKey: string | null = envKey ? normalizeEnvKeyInput(envKey) : null
let resolvedEnvOwnerUserId: string | null = null
if (type === 'oauth') {
const [accountRow] = await db
.select({
id: account.id,
userId: account.userId,
providerId: account.providerId,
accountId: account.accountId,
})
.from(account)
.where(eq(account.id, accountId!))
.limit(1)
if (!accountRow) {
return NextResponse.json({ error: 'OAuth account not found' }, { status: 404 })
}
if (accountRow.userId !== session.user.id) {
return NextResponse.json(
{ error: 'Only account owners can create oauth credentials for an account' },
{ status: 403 }
)
}
if (providerId !== accountRow.providerId) {
return NextResponse.json(
{ error: 'providerId does not match the selected OAuth account' },
{ status: 400 }
)
}
if (!resolvedDisplayName) {
resolvedDisplayName =
getServiceConfigByProviderId(accountRow.providerId)?.name || accountRow.providerId
}
} else if (type === 'env_personal') {
resolvedEnvOwnerUserId = envOwnerUserId ?? session.user.id
if (resolvedEnvOwnerUserId !== session.user.id) {
return NextResponse.json(
{ error: 'Only the current user can create personal env credentials for themselves' },
{ status: 403 }
)
}
resolvedProviderId = null
resolvedAccountId = null
resolvedDisplayName = resolvedEnvKey || ''
} else {
resolvedProviderId = null
resolvedAccountId = null
resolvedEnvOwnerUserId = null
resolvedDisplayName = resolvedEnvKey || ''
}
if (!resolvedDisplayName) {
return NextResponse.json({ error: 'Display name is required' }, { status: 400 })
}
const existingCredential = await findExistingCredentialBySource({
workspaceId,
type,
accountId: resolvedAccountId,
envKey: resolvedEnvKey,
envOwnerUserId: resolvedEnvOwnerUserId,
})
if (existingCredential) {
const [membership] = await db
.select({
id: credentialMember.id,
status: credentialMember.status,
role: credentialMember.role,
})
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, existingCredential.id),
eq(credentialMember.userId, session.user.id)
)
)
.limit(1)
if (!membership || membership.status !== 'active') {
return NextResponse.json(
{ error: 'A credential with this source already exists in this workspace' },
{ status: 409 }
)
}
if (
type === 'oauth' &&
membership.role === 'admin' &&
resolvedDisplayName &&
resolvedDisplayName !== existingCredential.displayName
) {
await db
.update(credential)
.set({
displayName: resolvedDisplayName,
updatedAt: new Date(),
})
.where(eq(credential.id, existingCredential.id))
const [updatedCredential] = await db
.select()
.from(credential)
.where(eq(credential.id, existingCredential.id))
.limit(1)
return NextResponse.json(
{ credential: updatedCredential ?? existingCredential },
{ status: 200 }
)
}
return NextResponse.json({ credential: existingCredential }, { status: 200 })
}
const now = new Date()
const credentialId = crypto.randomUUID()
const [workspaceRow] = await db
.select({ ownerId: workspace.ownerId })
.from(workspace)
.where(eq(workspace.id, workspaceId))
.limit(1)
await db.transaction(async (tx) => {
await tx.insert(credential).values({
id: credentialId,
workspaceId,
type,
displayName: resolvedDisplayName,
providerId: resolvedProviderId,
accountId: resolvedAccountId,
envKey: resolvedEnvKey,
envOwnerUserId: resolvedEnvOwnerUserId,
createdBy: session.user.id,
createdAt: now,
updatedAt: now,
})
if (type === 'env_workspace' && workspaceRow?.ownerId) {
const workspaceUserIds = await getWorkspaceMemberUserIds(workspaceId)
if (workspaceUserIds.length > 0) {
for (const memberUserId of workspaceUserIds) {
await tx.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId: memberUserId,
role: memberUserId === workspaceRow.ownerId ? 'admin' : 'member',
status: 'active',
joinedAt: now,
invitedBy: session.user.id,
createdAt: now,
updatedAt: now,
})
}
}
} else {
await tx.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId: session.user.id,
role: 'admin',
status: 'active',
joinedAt: now,
invitedBy: session.user.id,
createdAt: now,
updatedAt: now,
})
}
})
const [created] = await db
.select()
.from(credential)
.where(eq(credential.id, credentialId))
.limit(1)
return NextResponse.json({ credential: created }, { status: 201 })
} catch (error: any) {
if (error?.code === '23505') {
return NextResponse.json(
{ error: 'A credential with this source already exists' },
{ status: 409 }
)
}
if (error?.code === '23503') {
return NextResponse.json(
{ error: 'Invalid credential reference or membership target' },
{ status: 400 }
)
}
if (error?.code === '23514') {
return NextResponse.json(
{ error: 'Credential source data failed validation checks' },
{ status: 400 }
)
}
logger.error(`[${requestId}] Credential create failure details`, {
code: error?.code,
detail: error?.detail,
constraint: error?.constraint,
table: error?.table,
message: error?.message,
})
logger.error(`[${requestId}] Failed to create credential`, error)
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
}
}

6
apps/sim/app/api/environment/route.ts
View File

@@ -7,6 +7,7 @@ import { z } from 'zod'
import { getSession } from '@/lib/auth'
import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
import { generateRequestId } from '@/lib/core/utils/request'
import { syncPersonalEnvCredentialsForUser } from '@/lib/credentials/environment'
import type { EnvironmentVariable } from '@/stores/settings/environment'
const logger = createLogger('EnvironmentAPI')
@@ -53,6 +54,11 @@ export async function POST(req: NextRequest) {
},
})
await syncPersonalEnvCredentialsForUser({
userId: session.user.id,
envKeys: Object.keys(variables),
})
return NextResponse.json({ success: true })
} catch (validationError) {
if (validationError instanceof z.ZodError) {

210
apps/sim/app/api/tools/confluence/blogposts/route.ts
View File

@@ -38,45 +38,6 @@ const createBlogPostSchema = z.object({
status: z.enum(['current', 'draft']).optional(),
})
const updateBlogPostSchema = z
.object({
domain: z.string().min(1, 'Domain is required'),
accessToken: z.string().min(1, 'Access token is required'),
cloudId: z.string().optional(),
blogPostId: z.string().min(1, 'Blog post ID is required'),
title: z.string().optional(),
content: z.string().optional(),
status: z.enum(['current', 'draft']).optional(),
})
.refine(
(data) => {
const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
return validation.isValid
},
(data) => {
const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
return { message: validation.error || 'Invalid blog post ID', path: ['blogPostId'] }
}
)
const deleteBlogPostSchema = z
.object({
domain: z.string().min(1, 'Domain is required'),
accessToken: z.string().min(1, 'Access token is required'),
cloudId: z.string().optional(),
blogPostId: z.string().min(1, 'Blog post ID is required'),
})
.refine(
(data) => {
const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
return validation.isValid
},
(data) => {
const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
return { message: validation.error || 'Invalid blog post ID', path: ['blogPostId'] }
}
)
/**
* List all blog posts or get a specific blog post
*/
@@ -322,174 +283,3 @@ export async function POST(request: NextRequest) {
)
}
}
/**
* Update a blog post
*/
export async function PUT(request: NextRequest) {
try {
const auth = await checkSessionOrInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const body = await request.json()
const validation = updateBlogPostSchema.safeParse(body)
if (!validation.success) {
const firstError = validation.error.errors[0]
return NextResponse.json({ error: firstError.message }, { status: 400 })
}
const {
domain,
accessToken,
cloudId: providedCloudId,
blogPostId,
title,
content,
status,
} = validation.data
const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const blogPostUrl = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/blogposts/${blogPostId}`
const currentResponse = await fetch(blogPostUrl, {
headers: {
Accept: 'application/json',
Authorization: `Bearer ${accessToken}`,
},
})
if (!currentResponse.ok) {
const errorData = await currentResponse.json().catch(() => null)
const errorMessage =
errorData?.message || `Failed to fetch blog post for update (${currentResponse.status})`
return NextResponse.json({ error: errorMessage }, { status: currentResponse.status })
}
const currentPost = await currentResponse.json()
const currentVersion = currentPost.version.number
const updateBody: Record<string, unknown> = {
id: blogPostId,
version: {
number: currentVersion + 1,
message: 'Updated via Sim',
},
status: status || currentPost.status || 'current',
title: title || currentPost.title,
}
if (content) {
updateBody.body = {
representation: 'storage',
value: content,
}
}
const response = await fetch(blogPostUrl, {
method: 'PUT',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${accessToken}`,
},
body: JSON.stringify(updateBody),
})
if (!response.ok) {
const errorData = await response.json().catch(() => null)
logger.error('Confluence API error response:', {
status: response.status,
statusText: response.statusText,
error: JSON.stringify(errorData, null, 2),
})
const errorMessage = errorData?.message || `Failed to update blog post (${response.status})`
return NextResponse.json({ error: errorMessage }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
id: data.id,
title: data.title,
status: data.status ?? null,
spaceId: data.spaceId ?? null,
authorId: data.authorId ?? null,
createdAt: data.createdAt ?? null,
version: data.version ?? null,
body: data.body ?? null,
webUrl: data._links?.webui ?? null,
})
} catch (error) {
logger.error('Error updating blog post:', error)
return NextResponse.json(
{ error: (error as Error).message || 'Internal server error' },
{ status: 500 }
)
}
}
/**
* Delete a blog post
*/
export async function DELETE(request: NextRequest) {
try {
const auth = await checkSessionOrInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const body = await request.json()
const validation = deleteBlogPostSchema.safeParse(body)
if (!validation.success) {
const firstError = validation.error.errors[0]
return NextResponse.json({ error: firstError.message }, { status: 400 })
}
const { domain, accessToken, cloudId: providedCloudId, blogPostId } = validation.data
const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/blogposts/${blogPostId}`
const response = await fetch(url, {
method: 'DELETE',
headers: {
Accept: 'application/json',
Authorization: `Bearer ${accessToken}`,
},
})
if (!response.ok) {
const errorData = await response.json().catch(() => null)
logger.error('Confluence API error response:', {
status: response.status,
statusText: response.statusText,
error: JSON.stringify(errorData, null, 2),
})
const errorMessage = errorData?.message || `Failed to delete blog post (${response.status})`
return NextResponse.json({ error: errorMessage }, { status: response.status })
}
return NextResponse.json({ blogPostId, deleted: true })
} catch (error) {
logger.error('Error deleting blog post:', error)
return NextResponse.json(
{ error: (error as Error).message || 'Internal server error' },
{ status: 500 }
)
}
}

81
apps/sim/app/api/tools/confluence/labels/route.ts
View File

@@ -191,84 +191,3 @@ export async function GET(request: NextRequest) {
)
}
}
// Delete a label from a page
export async function DELETE(request: NextRequest) {
try {
const auth = await checkSessionOrInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const {
domain,
accessToken,
cloudId: providedCloudId,
pageId,
labelName,
} = await request.json()
if (!domain) {
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!pageId) {
return NextResponse.json({ error: 'Page ID is required' }, { status: 400 })
}
if (!labelName) {
return NextResponse.json({ error: 'Label name is required' }, { status: 400 })
}
const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
if (!pageIdValidation.isValid) {
return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
}
const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const encodedLabel = encodeURIComponent(labelName.trim())
const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/rest/api/content/${pageId}/label?name=${encodedLabel}`
const response = await fetch(url, {
method: 'DELETE',
headers: {
Accept: 'application/json',
Authorization: `Bearer ${accessToken}`,
},
})
if (!response.ok) {
const errorData = await response.json().catch(() => null)
logger.error('Confluence API error response:', {
status: response.status,
statusText: response.statusText,
error: JSON.stringify(errorData, null, 2),
})
const errorMessage =
errorData?.message || `Failed to delete Confluence label (${response.status})`
return NextResponse.json({ error: errorMessage }, { status: response.status })
}
return NextResponse.json({
pageId,
labelName,
deleted: true,
})
} catch (error) {
logger.error('Error deleting Confluence label:', error)
return NextResponse.json(
{ error: (error as Error).message || 'Internal server error' },
{ status: 500 }
)
}
}

103
apps/sim/app/api/tools/confluence/pages-by-label/route.ts
View File

@@ -1,103 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getConfluenceCloudId } from '@/tools/confluence/utils'
const logger = createLogger('ConfluencePagesByLabelAPI')
export const dynamic = 'force-dynamic'
export async function GET(request: NextRequest) {
try {
const auth = await checkSessionOrInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const { searchParams } = new URL(request.url)
const domain = searchParams.get('domain')
const accessToken = searchParams.get('accessToken')
const labelId = searchParams.get('labelId')
const providedCloudId = searchParams.get('cloudId')
const limit = searchParams.get('limit') || '50'
const cursor = searchParams.get('cursor')
if (!domain) {
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!labelId) {
return NextResponse.json({ error: 'Label ID is required' }, { status: 400 })
}
const labelIdValidation = validateAlphanumericId(labelId, 'labelId', 255)
if (!labelIdValidation.isValid) {
return NextResponse.json({ error: labelIdValidation.error }, { status: 400 })
}
const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const queryParams = new URLSearchParams()
queryParams.append('limit', String(Math.min(Number(limit), 250)))
if (cursor) {
queryParams.append('cursor', cursor)
}
const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/labels/${labelId}/pages?${queryParams.toString()}`
const response = await fetch(url, {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: `Bearer ${accessToken}`,
},
})
if (!response.ok) {
const errorData = await response.json().catch(() => null)
logger.error('Confluence API error response:', {
status: response.status,
statusText: response.statusText,
error: JSON.stringify(errorData, null, 2),
})
const errorMessage = errorData?.message || `Failed to get pages by label (${response.status})`
return NextResponse.json({ error: errorMessage }, { status: response.status })
}
const data = await response.json()
const pages = (data.results || []).map((page: any) => ({
id: page.id,
title: page.title,
status: page.status ?? null,
spaceId: page.spaceId ?? null,
parentId: page.parentId ?? null,
authorId: page.authorId ?? null,
createdAt: page.createdAt ?? null,
version: page.version ?? null,
}))
return NextResponse.json({
pages,
labelId,
nextCursor: data._links?.next
? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
: null,
})
} catch (error) {
logger.error('Error getting pages by label:', error)
return NextResponse.json(
{ error: (error as Error).message || 'Internal server error' },
{ status: 500 }
)
}
}

98
apps/sim/app/api/tools/confluence/space-labels/route.ts
View File

@@ -1,98 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getConfluenceCloudId } from '@/tools/confluence/utils'
const logger = createLogger('ConfluenceSpaceLabelsAPI')
export const dynamic = 'force-dynamic'
export async function GET(request: NextRequest) {
try {
const auth = await checkSessionOrInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const { searchParams } = new URL(request.url)
const domain = searchParams.get('domain')
const accessToken = searchParams.get('accessToken')
const spaceId = searchParams.get('spaceId')
const providedCloudId = searchParams.get('cloudId')
const limit = searchParams.get('limit') || '25'
const cursor = searchParams.get('cursor')
if (!domain) {
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!spaceId) {
return NextResponse.json({ error: 'Space ID is required' }, { status: 400 })
}
const spaceIdValidation = validateAlphanumericId(spaceId, 'spaceId', 255)
if (!spaceIdValidation.isValid) {
return NextResponse.json({ error: spaceIdValidation.error }, { status: 400 })
}
const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const queryParams = new URLSearchParams()
queryParams.append('limit', String(Math.min(Number(limit), 250)))
if (cursor) {
queryParams.append('cursor', cursor)
}
const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/spaces/${spaceId}/labels?${queryParams.toString()}`
const response = await fetch(url, {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: `Bearer ${accessToken}`,
},
})
if (!response.ok) {
const errorData = await response.json().catch(() => null)
logger.error('Confluence API error response:', {
status: response.status,
statusText: response.statusText,
error: JSON.stringify(errorData, null, 2),
})
const errorMessage = errorData?.message || `Failed to list space labels (${response.status})`
return NextResponse.json({ error: errorMessage }, { status: response.status })
}
const data = await response.json()
const labels = (data.results || []).map((label: any) => ({
id: label.id,
name: label.name,
prefix: label.prefix || 'global',
}))
return NextResponse.json({
labels,
spaceId,
nextCursor: data._links?.next
? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
: null,
})
} catch (error) {
logger.error('Error listing space labels:', error)
return NextResponse.json(
{ error: (error as Error).message || 'Internal server error' },
{ status: 500 }
)
}
}

152
apps/sim/app/api/tools/jsm/attachments/route.ts
View File

@@ -1,152 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateJiraCloudId, validateJiraIssueKey } from '@/lib/core/security/input-validation'
import {
downloadJsmAttachments,
getJiraCloudId,
getJsmApiBaseUrl,
getJsmHeaders,
} from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmAttachmentsAPI')
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
issueIdOrKey,
includeAttachments,
start,
limit,
} = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!issueIdOrKey) {
logger.error('Missing issueIdOrKey in request')
return NextResponse.json({ error: 'Issue ID or key is required' }, { status: 400 })
}
const issueIdOrKeyValidation = validateJiraIssueKey(issueIdOrKey, 'issueIdOrKey')
if (!issueIdOrKeyValidation.isValid) {
return NextResponse.json({ error: issueIdOrKeyValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const params = new URLSearchParams()
if (start) params.append('start', start)
if (limit) params.append('limit', limit)
const url = `${baseUrl}/request/${issueIdOrKey}/attachment${params.toString() ? `?${params.toString()}` : ''}`
logger.info('Fetching request attachments from:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
const rawAttachments = data.values || []
const attachments = rawAttachments.map((att: Record<string, unknown>) => ({
filename: att.filename ?? '',
author: att.author
? {
accountId: (att.author as Record<string, unknown>).accountId ?? '',
displayName: (att.author as Record<string, unknown>).displayName ?? '',
active: (att.author as Record<string, unknown>).active ?? true,
}
: null,
created: att.created ?? null,
size: att.size ?? 0,
mimeType: att.mimeType ?? '',
}))
let files: Array<{ name: string; mimeType: string; data: string; size: number }> | undefined
if (includeAttachments && rawAttachments.length > 0) {
const downloadable = rawAttachments
.filter((att: Record<string, unknown>) => {
const links = att._links as Record<string, string> | undefined
return links?.content
})
.map((att: Record<string, unknown>) => ({
contentUrl: (att._links as Record<string, string>).content as string,
filename: (att.filename as string) ?? '',
mimeType: (att.mimeType as string) ?? '',
size: (att.size as number) ?? 0,
}))
if (downloadable.length > 0) {
files = await downloadJsmAttachments(downloadable, accessToken)
}
}
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
attachments,
total: data.size || 0,
isLastPage: data.isLastPage ?? true,
...(files && files.length > 0 ? { files } : {}),
},
})
} catch (error) {
logger.error('Error fetching attachments:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

101
apps/sim/app/api/tools/jsm/customer/route.ts
View File

@@ -1,101 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmCustomerAPI')
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const { domain, accessToken, cloudId: cloudIdParam, email, displayName } = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!email) {
logger.error('Missing email in request')
return NextResponse.json({ error: 'Email is required' }, { status: 400 })
}
if (!displayName) {
logger.error('Missing displayName in request')
return NextResponse.json({ error: 'Display name is required' }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const url = `${baseUrl}/customer`
logger.info('Creating customer:', { email, displayName })
const response = await fetch(url, {
method: 'POST',
headers: getJsmHeaders(accessToken),
body: JSON.stringify({ email, displayName }),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
accountId: data.accountId ?? '',
displayName: data.displayName ?? '',
emailAddress: data.emailAddress ?? '',
active: data.active ?? true,
timeZone: data.timeZone ?? null,
success: true,
},
})
} catch (error) {
logger.error('Error creating customer:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

47
apps/sim/app/api/tools/jsm/customers/route.ts
View File

@@ -57,8 +57,6 @@ export async function POST(request: NextRequest) {
const baseUrl = getJsmApiBaseUrl(cloudId)
const { action: customerAction } = body
const rawIds = accountIds || emails
const parsedAccountIds = rawIds
? typeof rawIds === 'string'
@@ -71,50 +69,7 @@ export async function POST(request: NextRequest) {
: []
: []
const isRemoveOperation = customerAction === 'remove'
const isAddOperation = !isRemoveOperation && parsedAccountIds.length > 0
if (isRemoveOperation) {
if (parsedAccountIds.length === 0) {
return NextResponse.json(
{ error: 'Account IDs or emails are required for removal' },
{ status: 400 }
)
}
const url = `${baseUrl}/servicedesk/${serviceDeskId}/customer`
logger.info('Removing customers from:', url, { accountIds: parsedAccountIds })
const response = await fetch(url, {
method: 'DELETE',
headers: getJsmHeaders(accessToken),
body: JSON.stringify({ accountIds: parsedAccountIds }),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
serviceDeskId,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const isAddOperation = parsedAccountIds.length > 0
if (isAddOperation) {
const url = `${baseUrl}/servicedesk/${serviceDeskId}/customer`

219
apps/sim/app/api/tools/jsm/feedback/route.ts
View File

@@ -1,219 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import {
validateEnum,
validateJiraCloudId,
validateJiraIssueKey,
} from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmFeedbackAPI')
const VALID_ACTIONS = ['get', 'add', 'delete'] as const
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
action,
issueIdOrKey,
rating,
comment,
} = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!issueIdOrKey) {
logger.error('Missing issueIdOrKey in request')
return NextResponse.json({ error: 'Issue ID or key is required' }, { status: 400 })
}
if (!action) {
logger.error('Missing action in request')
return NextResponse.json({ error: 'Action is required' }, { status: 400 })
}
const actionValidation = validateEnum(action, VALID_ACTIONS, 'action')
if (!actionValidation.isValid) {
return NextResponse.json({ error: actionValidation.error }, { status: 400 })
}
const issueIdOrKeyValidation = validateJiraIssueKey(issueIdOrKey, 'issueIdOrKey')
if (!issueIdOrKeyValidation.isValid) {
return NextResponse.json({ error: issueIdOrKeyValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const url = `${baseUrl}/request/${issueIdOrKey}/feedback`
if (action === 'get') {
logger.info('Fetching feedback from:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
rating: data.rating ?? null,
comment: data.comment?.body ?? null,
type: data.type ?? null,
},
})
}
if (action === 'add') {
if (rating === undefined || rating === null) {
logger.error('Missing rating in request')
return NextResponse.json({ error: 'Rating is required (1-5)' }, { status: 400 })
}
logger.info('Adding feedback to:', url, { rating })
const feedbackBody: Record<string, unknown> = {
rating: Number(rating),
type: 'csat',
}
if (comment) {
feedbackBody.comment = { body: comment }
}
const response = await fetch(url, {
method: 'POST',
headers: getJsmHeaders(accessToken),
body: JSON.stringify(feedbackBody),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
rating: data.rating ?? Number(rating),
comment: data.comment?.body ?? comment ?? null,
type: data.type ?? 'csat',
success: true,
},
})
}
if (action === 'delete') {
logger.info('Deleting feedback from:', url)
const response = await fetch(url, {
method: 'DELETE',
headers: getJsmHeaders(accessToken),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
} catch (error) {
logger.error('Error in feedback operation:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

127
apps/sim/app/api/tools/jsm/knowledgebase/route.ts
View File

@@ -1,127 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmKnowledgeBaseAPI')
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
serviceDeskId,
query,
highlight,
start,
limit,
} = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!query) {
logger.error('Missing query in request')
return NextResponse.json({ error: 'Search query is required' }, { status: 400 })
}
if (serviceDeskId) {
const serviceDeskIdValidation = validateAlphanumericId(serviceDeskId, 'serviceDeskId')
if (!serviceDeskIdValidation.isValid) {
return NextResponse.json({ error: serviceDeskIdValidation.error }, { status: 400 })
}
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const params = new URLSearchParams()
params.append('query', query)
if (highlight !== undefined) params.append('highlight', String(highlight))
if (start) params.append('start', start)
if (limit) params.append('limit', limit)
const basePath = serviceDeskId
? `${baseUrl}/servicedesk/${serviceDeskId}/knowledgebase/article`
: `${baseUrl}/knowledgebase/article`
const url = `${basePath}?${params.toString()}`
logger.info('Searching knowledge base:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
const articles = (data.values || []).map((article: Record<string, unknown>) => ({
title: (article.title as string) ?? '',
excerpt: (article.excerpt as string) ?? '',
sourceType: (article.source as Record<string, unknown>)?.type ?? '',
sourcePageId: (article.source as Record<string, unknown>)?.pageId ?? null,
sourceSpaceKey: (article.source as Record<string, unknown>)?.spaceKey ?? null,
contentUrl: (article.content as Record<string, unknown>)?.iframeSrc ?? null,
}))
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
articles,
total: data.size || 0,
isLastPage: data.isLastPage ?? true,
},
})
} catch (error) {
logger.error('Error searching knowledge base:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

189
apps/sim/app/api/tools/jsm/notification/route.ts
View File

@@ -1,189 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import {
validateEnum,
validateJiraCloudId,
validateJiraIssueKey,
} from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmNotificationAPI')
const VALID_ACTIONS = ['get', 'subscribe', 'unsubscribe'] as const
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const { domain, accessToken, cloudId: cloudIdParam, action, issueIdOrKey } = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!issueIdOrKey) {
logger.error('Missing issueIdOrKey in request')
return NextResponse.json({ error: 'Issue ID or key is required' }, { status: 400 })
}
if (!action) {
logger.error('Missing action in request')
return NextResponse.json({ error: 'Action is required' }, { status: 400 })
}
const actionValidation = validateEnum(action, VALID_ACTIONS, 'action')
if (!actionValidation.isValid) {
return NextResponse.json({ error: actionValidation.error }, { status: 400 })
}
const issueIdOrKeyValidation = validateJiraIssueKey(issueIdOrKey, 'issueIdOrKey')
if (!issueIdOrKeyValidation.isValid) {
return NextResponse.json({ error: issueIdOrKeyValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const url = `${baseUrl}/request/${issueIdOrKey}/notification`
if (action === 'get') {
logger.info('Fetching notification status from:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
subscribed: data.subscribed ?? false,
},
})
}
if (action === 'subscribe') {
logger.info('Subscribing to notifications:', url)
const response = await fetch(url, {
method: 'PUT',
headers: getJsmHeaders(accessToken),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
if (action === 'unsubscribe') {
logger.info('Unsubscribing from notifications:', url)
const response = await fetch(url, {
method: 'DELETE',
headers: getJsmHeaders(accessToken),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
} catch (error) {
logger.error('Error in notification operation:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

154
apps/sim/app/api/tools/jsm/organization/route.ts
View File

@@ -12,13 +12,7 @@ export const dynamic = 'force-dynamic'
const logger = createLogger('JsmOrganizationAPI')
const VALID_ACTIONS = [
'create',
'add_to_service_desk',
'remove_from_service_desk',
'delete',
'get',
] as const
const VALID_ACTIONS = ['create', 'add_to_service_desk'] as const
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
@@ -165,152 +159,6 @@ export async function POST(request: NextRequest) {
)
}
if (action === 'remove_from_service_desk') {
if (!serviceDeskId) {
logger.error('Missing serviceDeskId in request')
return NextResponse.json({ error: 'Service Desk ID is required' }, { status: 400 })
}
if (!organizationId) {
logger.error('Missing organizationId in request')
return NextResponse.json({ error: 'Organization ID is required' }, { status: 400 })
}
const serviceDeskIdValidation = validateAlphanumericId(serviceDeskId, 'serviceDeskId')
if (!serviceDeskIdValidation.isValid) {
return NextResponse.json({ error: serviceDeskIdValidation.error }, { status: 400 })
}
const organizationIdValidation = validateAlphanumericId(organizationId, 'organizationId')
if (!organizationIdValidation.isValid) {
return NextResponse.json({ error: organizationIdValidation.error }, { status: 400 })
}
const url = `${baseUrl}/servicedesk/${serviceDeskId}/organization`
logger.info('Removing organization from service desk:', { serviceDeskId, organizationId })
const response = await fetch(url, {
method: 'DELETE',
headers: getJsmHeaders(accessToken),
body: JSON.stringify({ organizationId: Number.parseInt(organizationId, 10) }),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
serviceDeskId,
organizationId,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
if (action === 'delete') {
if (!organizationId) {
logger.error('Missing organizationId in request')
return NextResponse.json({ error: 'Organization ID is required' }, { status: 400 })
}
const organizationIdValidation = validateAlphanumericId(organizationId, 'organizationId')
if (!organizationIdValidation.isValid) {
return NextResponse.json({ error: organizationIdValidation.error }, { status: 400 })
}
const url = `${baseUrl}/organization/${organizationId}`
logger.info('Deleting organization:', { organizationId })
const response = await fetch(url, {
method: 'DELETE',
headers: getJsmHeaders(accessToken),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
organizationId,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
if (action === 'get') {
if (!organizationId) {
logger.error('Missing organizationId in request')
return NextResponse.json({ error: 'Organization ID is required' }, { status: 400 })
}
const organizationIdValidation = validateAlphanumericId(organizationId, 'organizationId')
if (!organizationIdValidation.isValid) {
return NextResponse.json({ error: organizationIdValidation.error }, { status: 400 })
}
const url = `${baseUrl}/organization/${organizationId}`
logger.info('Fetching organization:', { organizationId })
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
id: data.id ?? '',
name: data.name ?? '',
},
})
}
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
} catch (error) {
logger.error('Error in organization operation:', {

190
apps/sim/app/api/tools/jsm/organizationusers/route.ts
View File

@@ -1,190 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import {
validateAlphanumericId,
validateEnum,
validateJiraCloudId,
} from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmOrganizationUsersAPI')
const VALID_ACTIONS = ['get', 'add', 'remove'] as const
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
action,
organizationId,
accountIds,
start,
limit,
} = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!organizationId) {
logger.error('Missing organizationId in request')
return NextResponse.json({ error: 'Organization ID is required' }, { status: 400 })
}
if (!action) {
logger.error('Missing action in request')
return NextResponse.json({ error: 'Action is required' }, { status: 400 })
}
const actionValidation = validateEnum(action, VALID_ACTIONS, 'action')
if (!actionValidation.isValid) {
return NextResponse.json({ error: actionValidation.error }, { status: 400 })
}
const organizationIdValidation = validateAlphanumericId(organizationId, 'organizationId')
if (!organizationIdValidation.isValid) {
return NextResponse.json({ error: organizationIdValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const url = `${baseUrl}/organization/${organizationId}/user`
if (action === 'get') {
const params = new URLSearchParams()
if (start) params.append('start', start)
if (limit) params.append('limit', limit)
const getUrl = `${url}${params.toString() ? `?${params.toString()}` : ''}`
logger.info('Fetching organization users from:', getUrl)
const response = await fetch(getUrl, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
organizationId,
users: data.values || [],
total: data.size || 0,
isLastPage: data.isLastPage ?? true,
},
})
}
if (action === 'add' || action === 'remove') {
if (!accountIds) {
logger.error('Missing accountIds in request')
return NextResponse.json({ error: 'Account IDs are required' }, { status: 400 })
}
const parsedAccountIds =
typeof accountIds === 'string'
? accountIds
.split(',')
.map((id: string) => id.trim())
.filter((id: string) => id)
: accountIds
logger.info(`${action === 'add' ? 'Adding' : 'Removing'} organization users:`, {
organizationId,
accountIds: parsedAccountIds,
})
const method = action === 'add' ? 'POST' : 'DELETE'
const response = await fetch(url, {
method,
headers: getJsmHeaders(accessToken),
body: JSON.stringify({ accountIds: parsedAccountIds }),
})
if (response.status === 204 || response.ok) {
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
organizationId,
success: true,
},
})
}
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{
error: `JSM API error: ${response.status} ${response.statusText}`,
details: errorText,
},
{ status: response.status }
)
}
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
} catch (error) {
logger.error('Error in organization users operation:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

25
apps/sim/app/api/tools/jsm/participants/route.ts
View File

@@ -12,7 +12,7 @@ export const dynamic = 'force-dynamic'
const logger = createLogger('JsmParticipantsAPI')
const VALID_ACTIONS = ['get', 'add', 'remove'] as const
const VALID_ACTIONS = ['get', 'add'] as const
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
@@ -113,7 +113,7 @@ export async function POST(request: NextRequest) {
},
})
}
if (action === 'add' || action === 'remove') {
if (action === 'add') {
if (!accountIds) {
logger.error('Missing accountIds in request')
return NextResponse.json({ error: 'Account IDs are required' }, { status: 400 })
@@ -128,19 +128,16 @@ export async function POST(request: NextRequest) {
: accountIds
const url = `${baseUrl}/request/${issueIdOrKey}/participant`
const method = action === 'add' ? 'POST' : 'DELETE'
logger.info(`${action === 'add' ? 'Adding' : 'Removing'} participants:`, url, {
accountIds: parsedAccountIds,
})
logger.info('Adding participants to:', url, { accountIds: parsedAccountIds })
const response = await fetch(url, {
method,
method: 'POST',
headers: getJsmHeaders(accessToken),
body: JSON.stringify({ accountIds: parsedAccountIds }),
})
if (!response.ok && response.status !== 204) {
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
@@ -154,22 +151,14 @@ export async function POST(request: NextRequest) {
)
}
let participants: unknown[] = []
if (response.status !== 204) {
try {
const data = await response.json()
participants = data.values || []
} catch {
// DELETE may return empty body
}
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
participants,
participants: data.values || [],
success: true,
},
})

121
apps/sim/app/api/tools/jsm/queueissues/route.ts
View File

@@ -1,121 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmQueueIssuesAPI')
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
serviceDeskId,
queueId,
start,
limit,
} = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!serviceDeskId) {
logger.error('Missing serviceDeskId in request')
return NextResponse.json({ error: 'Service Desk ID is required' }, { status: 400 })
}
if (!queueId) {
logger.error('Missing queueId in request')
return NextResponse.json({ error: 'Queue ID is required' }, { status: 400 })
}
const serviceDeskIdValidation = validateAlphanumericId(serviceDeskId, 'serviceDeskId')
if (!serviceDeskIdValidation.isValid) {
return NextResponse.json({ error: serviceDeskIdValidation.error }, { status: 400 })
}
const queueIdValidation = validateAlphanumericId(queueId, 'queueId')
if (!queueIdValidation.isValid) {
return NextResponse.json({ error: queueIdValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const params = new URLSearchParams()
if (start) params.append('start', start)
if (limit) params.append('limit', limit)
const url = `${baseUrl}/servicedesk/${serviceDeskId}/queue/${queueId}/issue${params.toString() ? `?${params.toString()}` : ''}`
logger.info('Fetching queue issues from:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
serviceDeskId,
queueId,
issues: data.values || [],
total: data.size || 0,
isLastPage: data.isLastPage ?? true,
},
})
} catch (error) {
logger.error('Error fetching queue issues:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

102
apps/sim/app/api/tools/jsm/requeststatus/route.ts
View File

@@ -1,102 +0,0 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateJiraCloudId, validateJiraIssueKey } from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('JsmRequestStatusAPI')
export async function POST(request: NextRequest) {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
try {
const body = await request.json()
const { domain, accessToken, cloudId: cloudIdParam, issueIdOrKey, start, limit } = body
if (!domain) {
logger.error('Missing domain in request')
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
}
if (!accessToken) {
logger.error('Missing access token in request')
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
}
if (!issueIdOrKey) {
logger.error('Missing issueIdOrKey in request')
return NextResponse.json({ error: 'Issue ID or key is required' }, { status: 400 })
}
const issueIdOrKeyValidation = validateJiraIssueKey(issueIdOrKey, 'issueIdOrKey')
if (!issueIdOrKeyValidation.isValid) {
return NextResponse.json({ error: issueIdOrKeyValidation.error }, { status: 400 })
}
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
if (!cloudIdValidation.isValid) {
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
}
const baseUrl = getJsmApiBaseUrl(cloudId)
const params = new URLSearchParams()
if (start) params.append('start', start)
if (limit) params.append('limit', limit)
const url = `${baseUrl}/request/${issueIdOrKey}/status${params.toString() ? `?${params.toString()}` : ''}`
logger.info('Fetching request status history from:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
issueIdOrKey,
statuses: data.values || [],
total: data.size || 0,
isLastPage: data.isLastPage ?? true,
},
})
} catch (error) {
logger.error('Error fetching request status:', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined,
})
return NextResponse.json(
{
error: error instanceof Error ? error.message : 'Internal server error',
success: false,
},
{ status: 500 }
)
}
}

59
apps/sim/app/api/tools/jsm/servicedesks/route.ts
View File

@@ -1,7 +1,7 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
import { validateJiraCloudId } from '@/lib/core/security/input-validation'
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
export const dynamic = 'force-dynamic'
@@ -16,16 +16,7 @@ export async function POST(request: NextRequest) {
try {
const body = await request.json()
const {
domain,
accessToken,
cloudId: cloudIdParam,
expand,
start,
limit,
serviceDeskId,
action,
} = body
const { domain, accessToken, cloudId: cloudIdParam, expand, start, limit } = body
if (!domain) {
logger.error('Missing domain in request')
@@ -46,52 +37,6 @@ export async function POST(request: NextRequest) {
const baseUrl = getJsmApiBaseUrl(cloudId)
if (action === 'get' && serviceDeskId) {
const serviceDeskIdValidation = validateAlphanumericId(serviceDeskId, 'serviceDeskId')
if (!serviceDeskIdValidation.isValid) {
return NextResponse.json({ error: serviceDeskIdValidation.error }, { status: 400 })
}
const url = `${baseUrl}/servicedesk/${serviceDeskId}`
logger.info('Fetching service desk:', url)
const response = await fetch(url, {
method: 'GET',
headers: getJsmHeaders(accessToken),
})
if (!response.ok) {
const errorText = await response.text()
logger.error('JSM API error:', {
status: response.status,
statusText: response.statusText,
error: errorText,
})
return NextResponse.json(
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json({
success: true,
output: {
ts: new Date().toISOString(),
id: data.id ?? '',
projectId: data.projectId ?? '',
projectName: data.projectName ?? '',
projectKey: data.projectKey ?? '',
name: data.projectName ?? '',
description: data.description ?? null,
leadDisplayName: data.leadDisplayName ?? null,
},
})
}
const params = new URLSearchParams()
if (expand) params.append('expand', expand)
if (start) params.append('start', start)

60
apps/sim/app/api/workspaces/[id]/environment/route.ts
View File

@@ -1,12 +1,14 @@
import { db } from '@sim/db'
import { environment, workspaceEnvironment } from '@sim/db/schema'
import { workspaceEnvironment } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { getSession } from '@/lib/auth'
import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
import { encryptSecret } from '@/lib/core/security/encryption'
import { generateRequestId } from '@/lib/core/utils/request'
import { syncWorkspaceEnvCredentials } from '@/lib/credentials/environment'
import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
import { getUserEntityPermissions, getWorkspaceById } from '@/lib/workspaces/permissions/utils'
const logger = createLogger('WorkspaceEnvironmentAPI')
@@ -44,44 +46,10 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
// Workspace env (encrypted)
const wsEnvRow = await db
.select()
.from(workspaceEnvironment)
.where(eq(workspaceEnvironment.workspaceId, workspaceId))
.limit(1)
const wsEncrypted: Record<string, string> = (wsEnvRow[0]?.variables as any) || {}
// Personal env (encrypted)
const personalRow = await db
.select()
.from(environment)
.where(eq(environment.userId, userId))
.limit(1)
const personalEncrypted: Record<string, string> = (personalRow[0]?.variables as any) || {}
// Decrypt both for UI
const decryptAll = async (src: Record<string, string>) => {
const out: Record<string, string> = {}
for (const [k, v] of Object.entries(src)) {
try {
const { decrypted } = await decryptSecret(v)
out[k] = decrypted
} catch {
out[k] = ''
}
}
return out
}
const [workspaceDecrypted, personalDecrypted] = await Promise.all([
decryptAll(wsEncrypted),
decryptAll(personalEncrypted),
])
const conflicts = Object.keys(personalDecrypted).filter((k) => k in workspaceDecrypted)
const { workspaceDecrypted, personalDecrypted, conflicts } = await getPersonalAndWorkspaceEnv(
userId,
workspaceId
)
return NextResponse.json(
{
@@ -156,6 +124,12 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
set: { variables: merged, updatedAt: new Date() },
})
await syncWorkspaceEnvCredentials({
workspaceId,
envKeys: Object.keys(merged),
actingUserId: userId,
})
return NextResponse.json({ success: true })
} catch (error: any) {
logger.error(`[${requestId}] Workspace env PUT error`, error)
@@ -222,6 +196,12 @@ export async function DELETE(
set: { variables: current, updatedAt: new Date() },
})
await syncWorkspaceEnvCredentials({
workspaceId,
envKeys: Object.keys(current),
actingUserId: userId,
})
return NextResponse.json({ success: true })
} catch (error: any) {
logger.error(`[${requestId}] Workspace env DELETE error`, error)

18
apps/sim/app/workspace/[workspaceId]/utils/commands-utils.ts
View File

@@ -13,6 +13,9 @@ export type CommandId =
| 'goto-logs'
| 'open-search'
| 'run-workflow'
| 'focus-copilot-tab'
| 'focus-toolbar-tab'
| 'focus-editor-tab'
| 'clear-terminal-console'
| 'focus-toolbar-search'
| 'clear-notifications'
@@ -72,6 +75,21 @@ export const COMMAND_DEFINITIONS: Record<CommandId, CommandDefinition> = {
shortcut: 'Mod+Enter',
allowInEditable: false,
},
'focus-copilot-tab': {
id: 'focus-copilot-tab',
shortcut: 'C',
allowInEditable: false,
},
'focus-toolbar-tab': {
id: 'focus-toolbar-tab',
shortcut: 'T',
allowInEditable: false,
},
'focus-editor-tab': {
id: 'focus-editor-tab',
shortcut: 'E',
allowInEditable: false,
},
'clear-terminal-console': {
id: 'clear-terminal-console',
shortcut: 'Mod+D',

15
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/hooks/use-change-detection.ts
View File

@@ -57,21 +57,6 @@ export function useChangeDetection({
}
}
if (block.triggerMode) {
const triggerConfigValue = blockSubValues?.triggerConfig
if (
triggerConfigValue &&
typeof triggerConfigValue === 'object' &&
!subBlocks.triggerConfig
) {
subBlocks.triggerConfig = {
id: 'triggerConfig',
type: 'short-input',
value: triggerConfigValue,
}
}
}
blocksWithSubBlocks[blockId] = {
...block,
subBlocks,

48
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
View File

@@ -30,6 +30,7 @@ export interface OAuthRequiredModalProps {
requiredScopes?: string[]
serviceId: string
newScopes?: string[]
onConnect?: () => Promise<void> | void
}
const SCOPE_DESCRIPTIONS: Record<string, string> = {
@@ -139,46 +140,6 @@ const SCOPE_DESCRIPTIONS: Record<string, string> = {
'delete:issue-worklog:jira': 'Delete worklog entries from Jira issues',
'write:issue-link:jira': 'Create links between Jira issues',
'delete:issue-link:jira': 'Delete links between Jira issues',
'manage:jira-project': 'Manage Jira project components and versions',
'read:board-scope:jira-software': 'View Jira boards',
'write:board-scope:jira-software': 'Manage Jira boards and backlog',
'read:sprint:jira-software': 'View Jira sprints',
'write:sprint:jira-software': 'Create and manage Jira sprints',
'delete:sprint:jira-software': 'Delete Jira sprints',
'read:servicedesk:jira-service-management': 'View JSM service desks',
'read:requesttype:jira-service-management': 'View JSM request types',
'read:request:jira-service-management': 'View JSM service requests',
'write:request:jira-service-management': 'Create and update JSM service requests',
'read:request.comment:jira-service-management': 'View comments on JSM requests',
'write:request.comment:jira-service-management': 'Add comments to JSM requests',
'read:customer:jira-service-management': 'View JSM customers',
'write:customer:jira-service-management': 'Create and manage JSM customers',
'read:servicedesk.customer:jira-service-management': 'View service desk customers',
'write:servicedesk.customer:jira-service-management': 'Add customers to service desks',
'delete:servicedesk.customer:jira-service-management': 'Remove customers from service desks',
'read:organization:jira-service-management': 'View JSM organizations',
'write:organization:jira-service-management': 'Create and manage JSM organizations',
'delete:organization:jira-service-management': 'Delete JSM organizations',
'read:servicedesk.organization:jira-service-management': 'View service desk organizations',
'write:servicedesk.organization:jira-service-management': 'Add organizations to service desks',
'read:organization.user:jira-service-management': 'View organization users',
'write:organization.user:jira-service-management': 'Add users to organizations',
'read:queue:jira-service-management': 'View JSM queues and queue issues',
'read:request.sla:jira-service-management': 'View request SLA information',
'read:request.status:jira-service-management': 'View request status history',
'write:request.status:jira-service-management': 'Transition request status',
'read:request.participant:jira-service-management': 'View request participants',
'write:request.participant:jira-service-management': 'Add request participants',
'read:request.approval:jira-service-management': 'View request approvals',
'write:request.approval:jira-service-management': 'Respond to request approvals',
'read:request.feedback:jira-service-management': 'View request feedback',
'write:request.feedback:jira-service-management': 'Add request feedback',
'delete:request.feedback:jira-service-management': 'Delete request feedback',
'read:request.notification:jira-service-management': 'View request notification status',
'write:request.notification:jira-service-management': 'Subscribe to request notifications',
'delete:request.notification:jira-service-management': 'Unsubscribe from request notifications',
'read:request.attachment:jira-service-management': 'View request attachments',
'read:knowledgebase:jira-service-management': 'Search knowledge base articles',
'User.Read': 'Read Microsoft user',
'Chat.Read': 'Read Microsoft chats',
'Chat.ReadWrite': 'Write to Microsoft chats',
@@ -354,6 +315,7 @@ export function OAuthRequiredModal({
requiredScopes = [],
serviceId,
newScopes = [],
onConnect,
}: OAuthRequiredModalProps) {
const [error, setError] = useState<string | null>(null)
const { baseProvider } = parseProvider(provider)
@@ -399,6 +361,12 @@ export function OAuthRequiredModal({
setError(null)
try {
if (onConnect) {
await onConnect()
onClose()
return
}
const providerId = getProviderIdFromServiceId(serviceId)
logger.info('Linking OAuth2:', {

142
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
View File

@@ -3,10 +3,12 @@
import { createElement, useCallback, useEffect, useMemo, useState } from 'react'
import { createLogger } from '@sim/logger'
import { ExternalLink, Users } from 'lucide-react'
import { useParams } from 'next/navigation'
import { Button, Combobox } from '@/components/emcn/components'
import { getSubscriptionStatus } from '@/lib/billing/client'
import { getEnv, isTruthy } from '@/lib/core/config/env'
import { getPollingProviderFromOAuth } from '@/lib/credential-sets/providers'
import { writePendingCredentialCreateRequest } from '@/lib/credentials/client-state'
import {
getCanonicalScopesForProvider,
getProviderIdFromServiceId,
@@ -18,9 +20,9 @@ import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
import type { SubBlockConfig } from '@/blocks/types'
import { CREDENTIAL, CREDENTIAL_SET } from '@/executor/constants'
import { CREDENTIAL_SET } from '@/executor/constants'
import { useCredentialSets } from '@/hooks/queries/credential-sets'
import { useOAuthCredentialDetail, useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
import { useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
import { useOrganizations } from '@/hooks/queries/organization'
import { useSubscriptionData } from '@/hooks/queries/subscription'
import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
@@ -46,6 +48,8 @@ export function CredentialSelector({
previewValue,
previewContextValues,
}: CredentialSelectorProps) {
const params = useParams()
const workspaceId = (params?.workspaceId as string) || ''
const [showOAuthModal, setShowOAuthModal] = useState(false)
const [editingValue, setEditingValue] = useState('')
const [isEditing, setIsEditing] = useState(false)
@@ -96,53 +100,32 @@ export function CredentialSelector({
data: credentials = [],
isFetching: credentialsLoading,
refetch: refetchCredentials,
} = useOAuthCredentials(effectiveProviderId, Boolean(effectiveProviderId))
} = useOAuthCredentials(effectiveProviderId, {
enabled: Boolean(effectiveProviderId),
workspaceId,
workflowId: activeWorkflowId || undefined,
})
const selectedCredential = useMemo(
() => credentials.find((cred) => cred.id === selectedId),
[credentials, selectedId]
)
const shouldFetchForeignMeta =
Boolean(selectedId) &&
!selectedCredential &&
Boolean(activeWorkflowId) &&
Boolean(effectiveProviderId)
const { data: foreignCredentials = [], isFetching: foreignMetaLoading } =
useOAuthCredentialDetail(
shouldFetchForeignMeta ? selectedId : undefined,
activeWorkflowId || undefined,
shouldFetchForeignMeta
)
const hasForeignMeta = foreignCredentials.length > 0
const isForeign = Boolean(selectedId && !selectedCredential && hasForeignMeta)
const selectedCredentialSet = useMemo(
() => credentialSets.find((cs) => cs.id === selectedCredentialSetId),
[credentialSets, selectedCredentialSetId]
)
const isForeignCredentialSet = Boolean(isCredentialSetSelected && !selectedCredentialSet)
const resolvedLabel = useMemo(() => {
if (selectedCredentialSet) return selectedCredentialSet.name
if (isForeignCredentialSet) return CREDENTIAL.FOREIGN_LABEL
if (selectedCredential) return selectedCredential.name
if (isForeign) return CREDENTIAL.FOREIGN_LABEL
return ''
}, [selectedCredentialSet, isForeignCredentialSet, selectedCredential, isForeign])
}, [selectedCredentialSet, selectedCredential])
const displayValue = isEditing ? editingValue : resolvedLabel
const invalidSelection =
!isPreview &&
Boolean(selectedId) &&
!selectedCredential &&
!hasForeignMeta &&
!credentialsLoading &&
!foreignMetaLoading
!isPreview && Boolean(selectedId) && !selectedCredential && !credentialsLoading
useEffect(() => {
if (!invalidSelection) return
@@ -153,7 +136,7 @@ export function CredentialSelector({
setStoreValue('')
}, [invalidSelection, selectedId, effectiveProviderId, setStoreValue])
useCredentialRefreshTriggers(refetchCredentials)
useCredentialRefreshTriggers(refetchCredentials, effectiveProviderId, workspaceId)
const handleOpenChange = useCallback(
(isOpen: boolean) => {
@@ -195,8 +178,18 @@ export function CredentialSelector({
)
const handleAddCredential = useCallback(() => {
setShowOAuthModal(true)
}, [])
writePendingCredentialCreateRequest({
workspaceId,
type: 'oauth',
providerId: effectiveProviderId,
displayName: '',
serviceId,
requiredScopes: getCanonicalScopesForProvider(effectiveProviderId),
requestedAt: Date.now(),
})
window.dispatchEvent(new CustomEvent('open-settings', { detail: { tab: 'credentials' } }))
}, [workspaceId, effectiveProviderId, serviceId])
const getProviderIcon = useCallback((providerName: OAuthProvider) => {
const { baseProvider } = parseProvider(providerName)
@@ -251,23 +244,18 @@ export function CredentialSelector({
label: cred.name,
value: cred.id,
}))
credentialItems.push({
label:
credentials.length > 0
? `Connect another ${getProviderName(provider)} account`
: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
})
if (credentialItems.length > 0) {
groups.push({
section: 'Personal Credential',
items: credentialItems,
})
} else {
groups.push({
section: 'Personal Credential',
items: [
{
label: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
},
],
})
}
groups.push({
section: 'Personal Credential',
items: credentialItems,
})
return { comboboxOptions: [], comboboxGroups: groups }
}
@@ -277,12 +265,13 @@ export function CredentialSelector({
value: cred.id,
}))
if (credentials.length === 0) {
options.push({
label: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
})
}
options.push({
label:
credentials.length > 0
? `Connect another ${getProviderName(provider)} account`
: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
})
return { comboboxOptions: options, comboboxGroups: undefined }
}, [
@@ -368,7 +357,7 @@ export function CredentialSelector({
}
disabled={effectiveDisabled}
editable={true}
filterOptions={!isForeign && !isForeignCredentialSet}
filterOptions={true}
isLoading={credentialsLoading}
overlayContent={overlayContent}
className={selectedId || isCredentialSetSelected ? 'pl-[28px]' : ''}
@@ -380,15 +369,13 @@ export function CredentialSelector({
<span className='mr-[6px] inline-block h-[6px] w-[6px] rounded-[2px] bg-amber-500' />
Additional permissions required
</div>
{!isForeign && (
<Button
variant='active'
onClick={() => setShowOAuthModal(true)}
className='w-full px-[8px] py-[4px] font-medium text-[12px]'
>
Update access
</Button>
)}
<Button
variant='active'
onClick={() => setShowOAuthModal(true)}
className='w-full px-[8px] py-[4px] font-medium text-[12px]'
>
Update access
</Button>
</div>
)}
@@ -407,7 +394,11 @@ export function CredentialSelector({
)
}
function useCredentialRefreshTriggers(refetchCredentials: () => Promise<unknown>) {
function useCredentialRefreshTriggers(
refetchCredentials: () => Promise<unknown>,
providerId: string,
workspaceId: string
) {
useEffect(() => {
const refresh = () => {
void refetchCredentials()
@@ -425,12 +416,29 @@ function useCredentialRefreshTriggers(refetchCredentials: () => Promise<unknown>
}
}
const handleCredentialsUpdated = (
event: CustomEvent<{ providerId?: string; workspaceId?: string }>
) => {
if (event.detail?.providerId && event.detail.providerId !== providerId) {
return
}
if (event.detail?.workspaceId && workspaceId && event.detail.workspaceId !== workspaceId) {
return
}
refresh()
}
document.addEventListener('visibilitychange', handleVisibilityChange)
window.addEventListener('pageshow', handlePageShow)
window.addEventListener('oauth-credentials-updated', handleCredentialsUpdated as EventListener)
return () => {
document.removeEventListener('visibilitychange', handleVisibilityChange)
window.removeEventListener('pageshow', handlePageShow)
window.removeEventListener(
'oauth-credentials-updated',
handleCredentialsUpdated as EventListener
)
}
}, [refetchCredentials])
}, [providerId, workspaceId, refetchCredentials])
}

13
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/env-var-dropdown.tsx
View File

@@ -9,6 +9,7 @@ import {
PopoverSection,
} from '@/components/emcn'
import { cn } from '@/lib/core/utils/cn'
import { writePendingCredentialCreateRequest } from '@/lib/credentials/client-state'
import {
usePersonalEnvironment,
useWorkspaceEnvironment,
@@ -168,7 +169,15 @@ export const EnvVarDropdown: React.FC<EnvVarDropdownProps> = ({
}, [searchTerm])
const openEnvironmentSettings = () => {
window.dispatchEvent(new CustomEvent('open-settings', { detail: { tab: 'environment' } }))
if (workspaceId) {
writePendingCredentialCreateRequest({
workspaceId,
type: 'env_personal',
envKey: searchTerm.trim(),
requestedAt: Date.now(),
})
}
window.dispatchEvent(new CustomEvent('open-settings', { detail: { tab: 'credentials' } }))
onClose?.()
}
@@ -302,7 +311,7 @@ export const EnvVarDropdown: React.FC<EnvVarDropdownProps> = ({
}}
>
<Plus className='h-3 w-3' />
<span>Create environment variable</span>
<span>Create Secret</span>
</PopoverItem>
</PopoverScrollArea>
) : (

4
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx
View File

@@ -7,7 +7,6 @@ import { getProviderIdFromServiceId } from '@/lib/oauth'
import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/subblocks/visibility'
import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
import { getBlock } from '@/blocks/registry'
@@ -125,8 +124,6 @@ export function FileSelectorInput({
const serviceId = subBlock.serviceId || ''
const effectiveProviderId = useMemo(() => getProviderIdFromServiceId(serviceId), [serviceId])
const { isForeignCredential } = useForeignCredential(effectiveProviderId, normalizedCredentialId)
const selectorResolution = useMemo<SelectorResolution | null>(() => {
return resolveSelectorForSubBlock(subBlock, {
workflowId: workflowIdFromUrl,
@@ -168,7 +165,6 @@ export function FileSelectorInput({
const disabledReason =
finalDisabled ||
isForeignCredential ||
missingCredential ||
missingDomain ||
missingProject ||

9
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx
View File

@@ -4,7 +4,6 @@ import { useCallback, useEffect, useMemo, useState } from 'react'
import { getProviderIdFromServiceId } from '@/lib/oauth'
import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
import type { SubBlockConfig } from '@/blocks/types'
@@ -47,10 +46,6 @@ export function FolderSelectorInput({
subBlock.canonicalParamId === 'copyDestinationId' ||
subBlock.id === 'copyDestinationFolder' ||
subBlock.id === 'manualCopyDestinationFolder'
const { isForeignCredential } = useForeignCredential(
effectiveProviderId,
(connectedCredential as string) || ''
)
// Central dependsOn gating
const { finalDisabled } = useDependsOnGate(blockId, subBlock, {
@@ -119,9 +114,7 @@ export function FolderSelectorInput({
selectorContext={
selectorResolution?.context ?? { credentialId, workflowId: activeWorkflowId || '' }
}
disabled={
finalDisabled || isForeignCredential || missingCredential || !selectorResolution?.key
}
disabled={finalDisabled || missingCredential || !selectorResolution?.key}
isPreview={isPreview}
previewValue={previewValue ?? null}
placeholder={subBlock.placeholder || 'Select folder'}

8
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx
View File

@@ -7,7 +7,6 @@ import { getProviderIdFromServiceId } from '@/lib/oauth'
import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/subblocks/visibility'
import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
import { getBlock } from '@/blocks/registry'
@@ -73,11 +72,6 @@ export function ProjectSelectorInput({
const serviceId = subBlock.serviceId || ''
const effectiveProviderId = useMemo(() => getProviderIdFromServiceId(serviceId), [serviceId])
const { isForeignCredential } = useForeignCredential(
effectiveProviderId,
(connectedCredential as string) || ''
)
const workflowIdFromUrl = (params?.workflowId as string) || activeWorkflowId || ''
const { finalDisabled } = useDependsOnGate(blockId, subBlock, {
disabled,
@@ -123,7 +117,7 @@ export function ProjectSelectorInput({
subBlock={subBlock}
selectorKey={selectorResolution.key}
selectorContext={selectorResolution.context}
disabled={finalDisabled || isForeignCredential || missingCredential}
disabled={finalDisabled || missingCredential}
isPreview={isPreview}
previewValue={previewValue ?? null}
placeholder={subBlock.placeholder || 'Select project'}

9
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx
View File

@@ -7,7 +7,6 @@ import { getProviderIdFromServiceId } from '@/lib/oauth'
import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/subblocks/visibility'
import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
import { getBlock } from '@/blocks/registry'
import type { SubBlockConfig } from '@/blocks/types'
@@ -87,8 +86,6 @@ export function SheetSelectorInput({
const serviceId = subBlock.serviceId || ''
const effectiveProviderId = useMemo(() => getProviderIdFromServiceId(serviceId), [serviceId])
const { isForeignCredential } = useForeignCredential(effectiveProviderId, normalizedCredentialId)
const selectorResolution = useMemo<SelectorResolution | null>(() => {
return resolveSelectorForSubBlock(subBlock, {
workflowId: workflowIdFromUrl,
@@ -101,11 +98,7 @@ export function SheetSelectorInput({
const missingSpreadsheet = !normalizedSpreadsheetId
const disabledReason =
finalDisabled ||
isForeignCredential ||
missingCredential ||
missingSpreadsheet ||
!selectorResolution?.key
finalDisabled || missingCredential || missingSpreadsheet || !selectorResolution?.key
if (!selectorResolution?.key) {
return (

10
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx
View File

@@ -6,7 +6,6 @@ import { Tooltip } from '@/components/emcn'
import { getProviderIdFromServiceId } from '@/lib/oauth'
import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
import type { SubBlockConfig } from '@/blocks/types'
@@ -85,11 +84,6 @@ export function SlackSelectorInput({
? (effectiveBotToken as string) || ''
: (effectiveCredential as string) || ''
const { isForeignCredential } = useForeignCredential(
effectiveProviderId,
(effectiveAuthMethod as string) === 'bot_token' ? '' : (effectiveCredential as string) || ''
)
useEffect(() => {
const val = isPreview && previewValue !== undefined ? previewValue : storeValue
if (typeof val === 'string') {
@@ -99,7 +93,7 @@ export function SlackSelectorInput({
const requiresCredential = dependsOn.includes('credential')
const missingCredential = !credential || credential.trim().length === 0
const shouldForceDisable = requiresCredential && (missingCredential || isForeignCredential)
const shouldForceDisable = requiresCredential && missingCredential
const context: SelectorContext = useMemo(
() => ({
@@ -136,7 +130,7 @@ export function SlackSelectorInput({
subBlock={subBlock}
selectorKey={config.selectorKey}
selectorContext={context}
disabled={finalDisabled || shouldForceDisable || isForeignCredential}
disabled={finalDisabled || shouldForceDisable}
isPreview={isPreview}
previewValue={previewValue ?? null}
placeholder={subBlock.placeholder || config.placeholder}

113
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tool-credential-selector.tsx
View File

@@ -1,6 +1,8 @@
import { createElement, useCallback, useEffect, useMemo, useState } from 'react'
import { ExternalLink } from 'lucide-react'
import { useParams } from 'next/navigation'
import { Button, Combobox } from '@/components/emcn/components'
import { writePendingCredentialCreateRequest } from '@/lib/credentials/client-state'
import {
getCanonicalScopesForProvider,
getProviderIdFromServiceId,
@@ -10,8 +12,7 @@ import {
parseProvider,
} from '@/lib/oauth'
import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal'
import { CREDENTIAL } from '@/executor/constants'
import { useOAuthCredentialDetail, useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
import { useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
@@ -54,10 +55,12 @@ export function ToolCredentialSelector({
onChange,
provider,
requiredScopes = [],
label = 'Select account',
label = 'Select credential',
serviceId,
disabled = false,
}: ToolCredentialSelectorProps) {
const params = useParams()
const workspaceId = (params?.workspaceId as string) || ''
const [showOAuthModal, setShowOAuthModal] = useState(false)
const [editingInputValue, setEditingInputValue] = useState('')
const [isEditing, setIsEditing] = useState(false)
@@ -71,50 +74,32 @@ export function ToolCredentialSelector({
data: credentials = [],
isFetching: credentialsLoading,
refetch: refetchCredentials,
} = useOAuthCredentials(effectiveProviderId, Boolean(effectiveProviderId))
} = useOAuthCredentials(effectiveProviderId, {
enabled: Boolean(effectiveProviderId),
workspaceId,
workflowId: activeWorkflowId || undefined,
})
const selectedCredential = useMemo(
() => credentials.find((cred) => cred.id === selectedId),
[credentials, selectedId]
)
const shouldFetchForeignMeta =
Boolean(selectedId) &&
!selectedCredential &&
Boolean(activeWorkflowId) &&
Boolean(effectiveProviderId)
const { data: foreignCredentials = [], isFetching: foreignMetaLoading } =
useOAuthCredentialDetail(
shouldFetchForeignMeta ? selectedId : undefined,
activeWorkflowId || undefined,
shouldFetchForeignMeta
)
const hasForeignMeta = foreignCredentials.length > 0
const isForeign = Boolean(selectedId && !selectedCredential && hasForeignMeta)
const resolvedLabel = useMemo(() => {
if (selectedCredential) return selectedCredential.name
if (isForeign) return CREDENTIAL.FOREIGN_LABEL
return ''
}, [selectedCredential, isForeign])
}, [selectedCredential])
const inputValue = isEditing ? editingInputValue : resolvedLabel
const invalidSelection =
Boolean(selectedId) &&
!selectedCredential &&
!hasForeignMeta &&
!credentialsLoading &&
!foreignMetaLoading
const invalidSelection = Boolean(selectedId) && !selectedCredential && !credentialsLoading
useEffect(() => {
if (!invalidSelection) return
onChange('')
}, [invalidSelection, onChange])
useCredentialRefreshTriggers(refetchCredentials)
useCredentialRefreshTriggers(refetchCredentials, effectiveProviderId, workspaceId)
const handleOpenChange = useCallback(
(isOpen: boolean) => {
@@ -142,8 +127,18 @@ export function ToolCredentialSelector({
)
const handleAddCredential = useCallback(() => {
setShowOAuthModal(true)
}, [])
writePendingCredentialCreateRequest({
workspaceId,
type: 'oauth',
providerId: effectiveProviderId,
displayName: '',
serviceId,
requiredScopes: getCanonicalScopesForProvider(effectiveProviderId),
requestedAt: Date.now(),
})
window.dispatchEvent(new CustomEvent('open-settings', { detail: { tab: 'credentials' } }))
}, [workspaceId, effectiveProviderId, serviceId])
const comboboxOptions = useMemo(() => {
const options = credentials.map((cred) => ({
@@ -151,12 +146,13 @@ export function ToolCredentialSelector({
value: cred.id,
}))
if (credentials.length === 0) {
options.push({
label: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
})
}
options.push({
label:
credentials.length > 0
? `Connect another ${getProviderName(provider)} account`
: `Connect ${getProviderName(provider)} account`,
value: '__connect_account__',
})
return options
}, [credentials, provider])
@@ -206,7 +202,7 @@ export function ToolCredentialSelector({
placeholder={label}
disabled={disabled}
editable={true}
filterOptions={!isForeign}
filterOptions={true}
isLoading={credentialsLoading}
overlayContent={overlayContent}
className={selectedId ? 'pl-[28px]' : ''}
@@ -218,15 +214,13 @@ export function ToolCredentialSelector({
<span className='mr-[6px] inline-block h-[6px] w-[6px] rounded-[2px] bg-amber-500' />
Additional permissions required
</div>
{!isForeign && (
<Button
variant='active'
onClick={() => setShowOAuthModal(true)}
className='w-full px-[8px] py-[4px] font-medium text-[12px]'
>
Update access
</Button>
)}
<Button
variant='active'
onClick={() => setShowOAuthModal(true)}
className='w-full px-[8px] py-[4px] font-medium text-[12px]'
>
Update access
</Button>
</div>
)}
@@ -245,7 +239,11 @@ export function ToolCredentialSelector({
)
}
function useCredentialRefreshTriggers(refetchCredentials: () => Promise<unknown>) {
function useCredentialRefreshTriggers(
refetchCredentials: () => Promise<unknown>,
providerId: string,
workspaceId: string
) {
useEffect(() => {
const refresh = () => {
void refetchCredentials()
@@ -263,12 +261,29 @@ function useCredentialRefreshTriggers(refetchCredentials: () => Promise<unknown>
}
}
const handleCredentialsUpdated = (
event: CustomEvent<{ providerId?: string; workspaceId?: string }>
) => {
if (event.detail?.providerId && event.detail.providerId !== providerId) {
return
}
if (event.detail?.workspaceId && workspaceId && event.detail.workspaceId !== workspaceId) {
return
}
refresh()
}
document.addEventListener('visibilitychange', handleVisibilityChange)
window.addEventListener('pageshow', handlePageShow)
window.addEventListener('oauth-credentials-updated', handleCredentialsUpdated as EventListener)
return () => {
document.removeEventListener('visibilitychange', handleVisibilityChange)
window.removeEventListener('pageshow', handlePageShow)
window.removeEventListener(
'oauth-credentials-updated',
handleCredentialsUpdated as EventListener
)
}
}, [refetchCredentials])
}, [providerId, workspaceId, refetchCredentials])
}

50
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential.ts
View File

@@ -1,50 +0,0 @@
import { useEffect, useMemo, useState } from 'react'
export function useForeignCredential(
provider: string | undefined,
credentialId: string | undefined
) {
const [isForeign, setIsForeign] = useState<boolean>(false)
const [loading, setLoading] = useState<boolean>(false)
const [error, setError] = useState<string | null>(null)
const normalizedProvider = useMemo(() => (provider || '').toString(), [provider])
const normalizedCredentialId = useMemo(() => credentialId || '', [credentialId])
useEffect(() => {
let cancelled = false
async function check() {
setLoading(true)
setError(null)
try {
if (!normalizedProvider || !normalizedCredentialId) {
if (!cancelled) setIsForeign(false)
return
}
const res = await fetch(
`/api/auth/oauth/credentials?provider=${encodeURIComponent(normalizedProvider)}`
)
if (!res.ok) {
if (!cancelled) setIsForeign(true)
return
}
const data = await res.json()
const isOwn = (data.credentials || []).some((c: any) => c.id === normalizedCredentialId)
if (!cancelled) setIsForeign(!isOwn)
} catch (e) {
if (!cancelled) {
setIsForeign(true)
setError((e as Error).message)
}
} finally {
if (!cancelled) setLoading(false)
}
}
void check()
return () => {
cancelled = true
}
}, [normalizedProvider, normalizedCredentialId])
return { isForeignCredential: isForeign, loading, error }
}

33
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/panel.tsx
View File

@@ -340,7 +340,13 @@ export const Panel = memo(function Panel() {
* Register global keyboard shortcuts using the central commands registry.
*
* - Mod+Enter: Run / cancel workflow (matches the Run button behavior)
* - C: Focus Copilot tab
* - T: Focus Toolbar tab
* - E: Focus Editor tab
* - Mod+F: Focus Toolbar tab and search input
*
* The tab-switching commands are disabled inside editable elements so typing
* in inputs or textareas is not interrupted.
*/
useRegisterGlobalCommands(() =>
createCommands([
@@ -357,6 +363,33 @@ export const Panel = memo(function Panel() {
allowInEditable: false,
},
},
{
id: 'focus-copilot-tab',
handler: () => {
setActiveTab('copilot')
},
overrides: {
allowInEditable: false,
},
},
{
id: 'focus-toolbar-tab',
handler: () => {
setActiveTab('toolbar')
},
overrides: {
allowInEditable: false,
},
},
{
id: 'focus-editor-tab',
handler: () => {
setActiveTab('editor')
},
overrides: {
allowInEditable: false,
},
},
{
id: 'focus-toolbar-search',
handler: () => {

4
apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx
View File

@@ -473,7 +473,7 @@ function ConnectionsSection({
</div>
)}
{/* Environment Variables */}
{/* Secrets */}
{envVars.length > 0 && (
<div className='mb-[2px] last:mb-0'>
<div
@@ -489,7 +489,7 @@ function ConnectionsSection({
'text-[var(--text-secondary)] group-hover:text-[var(--text-primary)]'
)}
>
Environment Variables
Secrets
</span>
<ChevronDownIcon
className={cn(

1125
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credentials/credentials-manager.tsx Normal file
View File

File diff suppressed because it is too large Load Diff

17
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credentials/credentials.tsx Normal file
View File

@@ -0,0 +1,17 @@
'use client'
import { CredentialsManager } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credentials/credentials-manager'
interface CredentialsProps {
onOpenChange?: (open: boolean) => void
registerCloseHandler?: (handler: (open: boolean) => void) => void
registerBeforeLeaveHandler?: (handler: (onProceed: () => void) => void) => void
}
export function Credentials(_props: CredentialsProps) {
return (
<div className='h-full min-h-0'>
<CredentialsManager />
</div>
)
}

6
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/environment/environment.tsx
View File

@@ -134,7 +134,7 @@ function WorkspaceVariableRow({
<Trash />
</Button>
</Tooltip.Trigger>
<Tooltip.Content>Delete environment variable</Tooltip.Content>
<Tooltip.Content>Delete secret</Tooltip.Content>
</Tooltip.Root>
</div>
</div>
@@ -637,7 +637,7 @@ export function EnvironmentVariables({ registerBeforeLeaveHandler }: Environment
<Trash />
</Button>
</Tooltip.Trigger>
<Tooltip.Content>Delete environment variable</Tooltip.Content>
<Tooltip.Content>Delete secret</Tooltip.Content>
</Tooltip.Root>
</div>
</div>
@@ -811,7 +811,7 @@ export function EnvironmentVariables({ registerBeforeLeaveHandler }: Environment
filteredWorkspaceEntries.length === 0 &&
(envVars.length > 0 || Object.keys(workspaceVars).length > 0) && (
<div className='py-[16px] text-center text-[13px] text-[var(--text-muted)]'>
No environment variables found matching "{searchTerm}"
No secrets found matching "{searchTerm}"
</div>
)}
</>

1
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts
View File

@@ -2,6 +2,7 @@ export { ApiKeys } from './api-keys/api-keys'
export { BYOK } from './byok/byok'
export { Copilot } from './copilot/copilot'
export { CredentialSets } from './credential-sets/credential-sets'
export { Credentials } from './credentials/credentials'
export { CustomTools } from './custom-tools/custom-tools'
export { Debug } from './debug/debug'
export { EnvironmentVariables } from './environment/environment'

48
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
View File

@@ -20,7 +20,6 @@ import {
import {
Card,
Connections,
FolderCode,
HexSimple,
Key,
SModal,
@@ -45,12 +44,11 @@ import {
BYOK,
Copilot,
CredentialSets,
Credentials,
CustomTools,
Debug,
EnvironmentVariables,
FileUploads,
General,
Integrations,
MCP,
Skills,
Subscription,
@@ -80,6 +78,7 @@ interface SettingsModalProps {
type SettingsSection =
| 'general'
| 'credentials'
| 'environment'
| 'template-profile'
| 'integrations'
@@ -156,11 +155,10 @@ const allNavigationItems: NavigationItem[] = [
requiresHosted: true,
requiresTeam: true,
},
{ id: 'integrations', label: 'Integrations', icon: Connections, section: 'tools' },
{ id: 'credentials', label: 'Credentials', icon: Connections, section: 'tools' },
{ id: 'custom-tools', label: 'Custom Tools', icon: Wrench, section: 'tools' },
{ id: 'skills', label: 'Skills', icon: AgentSkillsIcon, section: 'tools' },
{ id: 'mcp', label: 'MCP Tools', icon: McpIcon, section: 'tools' },
{ id: 'environment', label: 'Environment', icon: FolderCode, section: 'system' },
{ id: 'apikeys', label: 'API Keys', icon: Key, section: 'system' },
{ id: 'workflow-mcp-servers', label: 'MCP Servers', icon: Server, section: 'system' },
{
@@ -256,9 +254,6 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
if (item.id === 'apikeys' && permissionConfig.hideApiKeysTab) {
return false
}
if (item.id === 'environment' && permissionConfig.hideEnvironmentTab) {
return false
}
if (item.id === 'files' && permissionConfig.hideFilesTab) {
return false
}
@@ -324,6 +319,9 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
if (!isBillingEnabled && (activeSection === 'subscription' || activeSection === 'team')) {
return 'general'
}
if (activeSection === 'environment' || activeSection === 'integrations') {
return 'credentials'
}
return activeSection
}, [activeSection])
@@ -342,7 +340,7 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
(sectionId: SettingsSection) => {
if (sectionId === effectiveActiveSection) return
if (effectiveActiveSection === 'environment' && environmentBeforeLeaveHandler.current) {
if (effectiveActiveSection === 'credentials' && environmentBeforeLeaveHandler.current) {
environmentBeforeLeaveHandler.current(() => setActiveSection(sectionId))
return
}
@@ -370,7 +368,11 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
useEffect(() => {
const handleOpenSettings = (event: CustomEvent<{ tab: SettingsSection }>) => {
setActiveSection(event.detail.tab)
if (event.detail.tab === 'environment' || event.detail.tab === 'integrations') {
setActiveSection('credentials')
} else {
setActiveSection(event.detail.tab)
}
onOpenChange(true)
}
@@ -479,13 +481,19 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
const handleDialogOpenChange = (newOpen: boolean) => {
if (
!newOpen &&
effectiveActiveSection === 'environment' &&
effectiveActiveSection === 'credentials' &&
environmentBeforeLeaveHandler.current
) {
environmentBeforeLeaveHandler.current(() => onOpenChange(false))
environmentBeforeLeaveHandler.current(() => {
if (integrationsCloseHandler.current) {
integrationsCloseHandler.current(newOpen)
} else {
onOpenChange(false)
}
})
} else if (
!newOpen &&
effectiveActiveSection === 'integrations' &&
effectiveActiveSection === 'credentials' &&
integrationsCloseHandler.current
) {
integrationsCloseHandler.current(newOpen)
@@ -502,7 +510,7 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
</VisuallyHidden.Root>
<VisuallyHidden.Root>
<DialogPrimitive.Description>
Configure your workspace settings, environment variables, integrations, and preferences
Configure your workspace settings, credentials, and preferences
</DialogPrimitive.Description>
</VisuallyHidden.Root>
@@ -539,18 +547,14 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
</SModalMainHeader>
<SModalMainBody>
{effectiveActiveSection === 'general' && <General onOpenChange={onOpenChange} />}
{effectiveActiveSection === 'environment' && (
<EnvironmentVariables
{effectiveActiveSection === 'credentials' && (
<Credentials
onOpenChange={onOpenChange}
registerCloseHandler={registerIntegrationsCloseHandler}
registerBeforeLeaveHandler={registerEnvironmentBeforeLeaveHandler}
/>
)}
{effectiveActiveSection === 'template-profile' && <TemplateProfile />}
{effectiveActiveSection === 'integrations' && (
<Integrations
onOpenChange={onOpenChange}
registerCloseHandler={registerIntegrationsCloseHandler}
/>
)}
{effectiveActiveSection === 'credential-sets' && <CredentialSets />}
{effectiveActiveSection === 'access-control' && <AccessControl />}
{effectiveActiveSection === 'apikeys' && <ApiKeys onOpenChange={onOpenChange} />}

1
apps/sim/background/schedule-execution.ts
View File

@@ -589,7 +589,6 @@ export async function executeScheduleJob(payload: ScheduleExecutionPayload) {
export const scheduleExecution = task({
id: 'schedule-execution',
machine: 'medium-1x',
retry: {
maxAttempts: 1,
},

1
apps/sim/background/webhook-execution.ts
View File

@@ -669,7 +669,6 @@ async function executeWebhookJobInternal(
export const webhookExecution = task({
id: 'webhook-execution',
machine: 'medium-1x',
retry: {
maxAttempts: 1,
},

1
apps/sim/background/workflow-execution.ts
View File

@@ -197,6 +197,5 @@ export async function executeWorkflowJob(payload: WorkflowExecutionPayload) {
export const workflowExecutionTask = task({
id: 'workflow-execution',
machine: 'medium-1x',
run: executeWorkflowJob,
})

219
apps/sim/blocks/blocks/confluence.ts
View File

@@ -3,7 +3,6 @@ import type { BlockConfig } from '@/blocks/types'
import { AuthMode } from '@/blocks/types'
import { normalizeFileInput } from '@/blocks/utils'
import type { ConfluenceResponse } from '@/tools/confluence/types'
import { getTrigger } from '@/triggers'
export const ConfluenceBlock: BlockConfig<ConfluenceResponse> = {
type: 'confluence',
@@ -395,8 +394,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
// Page Property Operations
{ label: 'List Page Properties', id: 'list_page_properties' },
{ label: 'Create Page Property', id: 'create_page_property' },
{ label: 'Update Page Property', id: 'update_page_property' },
{ label: 'Delete Page Property', id: 'delete_page_property' },
// Search Operations
{ label: 'Search Content', id: 'search' },
{ label: 'Search in Space', id: 'search_in_space' },
@@ -404,8 +401,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
{ label: 'List Blog Posts', id: 'list_blogposts' },
{ label: 'Get Blog Post', id: 'get_blogpost' },
{ label: 'Create Blog Post', id: 'create_blogpost' },
{ label: 'Update Blog Post', id: 'update_blogpost' },
{ label: 'Delete Blog Post', id: 'delete_blogpost' },
{ label: 'List Blog Posts in Space', id: 'list_blogposts_in_space' },
// Comment Operations
{ label: 'Create Comment', id: 'create_comment' },
@@ -419,9 +414,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
// Label Operations
{ label: 'List Labels', id: 'list_labels' },
{ label: 'Add Label', id: 'add_label' },
{ label: 'Delete Label', id: 'delete_label' },
{ label: 'Get Pages by Label', id: 'get_pages_by_label' },
{ label: 'List Space Labels', id: 'list_space_labels' },
// Space Operations
{ label: 'Get Space', id: 'get_space' },
{ label: 'List Spaces', id: 'list_spaces' },
@@ -488,16 +480,11 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_pages_in_space',
'list_blogposts',
'get_blogpost',
'create_blogpost',
'update_blogpost',
'delete_blogpost',
'list_blogposts_in_space',
'search',
'search_in_space',
'get_space',
'list_spaces',
'get_pages_by_label',
'list_space_labels',
],
not: true,
},
@@ -513,9 +500,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_labels',
'upload_attachment',
'add_label',
'delete_label',
'delete_page_property',
'update_page_property',
'get_page_children',
'get_page_ancestors',
'list_page_versions',
@@ -538,16 +522,11 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_pages_in_space',
'list_blogposts',
'get_blogpost',
'create_blogpost',
'update_blogpost',
'delete_blogpost',
'list_blogposts_in_space',
'search',
'search_in_space',
'get_space',
'list_spaces',
'get_pages_by_label',
'list_space_labels',
],
not: true,
},
@@ -563,9 +542,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_labels',
'upload_attachment',
'add_label',
'delete_label',
'delete_page_property',
'update_page_property',
'get_page_children',
'get_page_ancestors',
'list_page_versions',
@@ -590,7 +566,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'search_in_space',
'create_blogpost',
'list_blogposts_in_space',
'list_space_labels',
],
},
},
@@ -600,10 +575,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
type: 'short-input',
placeholder: 'Enter blog post ID',
required: true,
condition: {
field: 'operation',
value: ['get_blogpost', 'update_blogpost', 'delete_blogpost'],
},
condition: { field: 'operation', value: 'get_blogpost' },
},
{
id: 'versionNumber',
@@ -619,7 +591,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
type: 'short-input',
placeholder: 'Enter property key/name',
required: true,
condition: { field: 'operation', value: ['create_page_property', 'update_page_property'] },
condition: { field: 'operation', value: 'create_page_property' },
},
{
id: 'propertyValue',
@@ -627,46 +599,21 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
type: 'long-input',
placeholder: 'Enter property value (JSON supported)',
required: true,
condition: { field: 'operation', value: ['create_page_property', 'update_page_property'] },
},
{
id: 'propertyId',
title: 'Property ID',
type: 'short-input',
placeholder: 'Enter property ID',
required: true,
condition: {
field: 'operation',
value: ['delete_page_property', 'update_page_property'],
},
},
{
id: 'propertyVersionNumber',
title: 'Property Version Number',
type: 'short-input',
placeholder: 'Enter current version number of the property',
required: true,
condition: { field: 'operation', value: 'update_page_property' },
condition: { field: 'operation', value: 'create_page_property' },
},
{
id: 'title',
title: 'Title',
type: 'short-input',
placeholder: 'Enter title',
condition: {
field: 'operation',
value: ['create', 'update', 'create_blogpost', 'update_blogpost'],
},
condition: { field: 'operation', value: ['create', 'update', 'create_blogpost'] },
},
{
id: 'content',
title: 'Content',
type: 'long-input',
placeholder: 'Enter content',
condition: {
field: 'operation',
value: ['create', 'update', 'create_blogpost', 'update_blogpost'],
},
condition: { field: 'operation', value: ['create', 'update', 'create_blogpost'] },
},
{
id: 'parentId',
@@ -747,7 +694,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
type: 'short-input',
placeholder: 'Enter label name',
required: true,
condition: { field: 'operation', value: ['add_label', 'delete_label'] },
condition: { field: 'operation', value: 'add_label' },
},
{
id: 'labelPrefix',
@@ -762,14 +709,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
value: () => 'global',
condition: { field: 'operation', value: 'add_label' },
},
{
id: 'labelId',
title: 'Label ID',
type: 'short-input',
placeholder: 'Enter label ID',
required: true,
condition: { field: 'operation', value: 'get_pages_by_label' },
},
{
id: 'blogPostStatus',
title: 'Status',
@@ -779,7 +718,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
{ label: 'Draft', id: 'draft' },
],
value: () => 'current',
condition: { field: 'operation', value: ['create_blogpost', 'update_blogpost'] },
condition: { field: 'operation', value: 'create_blogpost' },
},
{
id: 'purge',
@@ -820,8 +759,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_page_versions',
'list_page_properties',
'list_labels',
'get_pages_by_label',
'list_space_labels',
],
},
},
@@ -843,51 +780,10 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'list_page_versions',
'list_page_properties',
'list_labels',
'get_pages_by_label',
'list_space_labels',
],
},
},
// Trigger subBlocks
...getTrigger('confluence_page_created').subBlocks,
...getTrigger('confluence_page_updated').subBlocks,
...getTrigger('confluence_page_removed').subBlocks,
...getTrigger('confluence_page_moved').subBlocks,
...getTrigger('confluence_comment_created').subBlocks,
...getTrigger('confluence_comment_removed').subBlocks,
...getTrigger('confluence_blog_created').subBlocks,
...getTrigger('confluence_blog_updated').subBlocks,
...getTrigger('confluence_blog_removed').subBlocks,
...getTrigger('confluence_attachment_created').subBlocks,
...getTrigger('confluence_attachment_removed').subBlocks,
...getTrigger('confluence_space_created').subBlocks,
...getTrigger('confluence_space_updated').subBlocks,
...getTrigger('confluence_label_added').subBlocks,
...getTrigger('confluence_label_removed').subBlocks,
...getTrigger('confluence_webhook').subBlocks,
],
triggers: {
enabled: true,
available: [
'confluence_page_created',
'confluence_page_updated',
'confluence_page_removed',
'confluence_page_moved',
'confluence_comment_created',
'confluence_comment_removed',
'confluence_blog_created',
'confluence_blog_updated',
'confluence_blog_removed',
'confluence_attachment_created',
'confluence_attachment_removed',
'confluence_space_created',
'confluence_space_updated',
'confluence_label_added',
'confluence_label_removed',
'confluence_webhook',
],
},
tools: {
access: [
// Page Tools
@@ -904,8 +800,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
// Property Tools
'confluence_list_page_properties',
'confluence_create_page_property',
'confluence_update_page_property',
'confluence_delete_page_property',
// Search Tools
'confluence_search',
'confluence_search_in_space',
@@ -913,8 +807,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
'confluence_list_blogposts',
'confluence_get_blogpost',
'confluence_create_blogpost',
'confluence_update_blogpost',
'confluence_delete_blogpost',
'confluence_list_blogposts_in_space',
// Comment Tools
'confluence_create_comment',
@@ -928,9 +820,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
// Label Tools
'confluence_list_labels',
'confluence_add_label',
'confluence_delete_label',
'confluence_get_pages_by_label',
'confluence_list_space_labels',
// Space Tools
'confluence_get_space',
'confluence_list_spaces',
@@ -963,10 +852,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
return 'confluence_list_page_properties'
case 'create_page_property':
return 'confluence_create_page_property'
case 'update_page_property':
return 'confluence_update_page_property'
case 'delete_page_property':
return 'confluence_delete_page_property'
// Search Operations
case 'search':
return 'confluence_search'
@@ -979,10 +864,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
return 'confluence_get_blogpost'
case 'create_blogpost':
return 'confluence_create_blogpost'
case 'update_blogpost':
return 'confluence_update_blogpost'
case 'delete_blogpost':
return 'confluence_delete_blogpost'
case 'list_blogposts_in_space':
return 'confluence_list_blogposts_in_space'
// Comment Operations
@@ -1006,12 +887,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
return 'confluence_list_labels'
case 'add_label':
return 'confluence_add_label'
case 'delete_label':
return 'confluence_delete_label'
case 'get_pages_by_label':
return 'confluence_get_pages_by_label'
case 'list_space_labels':
return 'confluence_list_space_labels'
// Space Operations
case 'get_space':
return 'confluence_get_space'
@@ -1033,10 +908,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
versionNumber,
propertyKey,
propertyValue,
propertyId,
propertyVersionNumber,
labelPrefix,
labelId,
blogPostStatus,
purge,
bodyFormat,
@@ -1066,25 +938,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
}
}
if (operation === 'update_blogpost') {
return {
credential,
operation,
blogPostId,
status: blogPostStatus || undefined,
...rest,
}
}
if (operation === 'delete_blogpost') {
return {
credential,
operation,
blogPostId,
...rest,
}
}
if (operation === 'delete') {
return {
credential,
@@ -1106,9 +959,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
}
}
// Operations that support generic cursor pagination.
// get_pages_by_label and list_space_labels have dedicated handlers
// below that pass cursor along with their required params (labelId, spaceId).
// Operations that support cursor pagination
const supportsCursor = [
'list_attachments',
'list_spaces',
@@ -1145,53 +996,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
}
}
if (operation === 'update_page_property') {
if (!propertyKey) {
throw new Error('Property key is required for this operation.')
}
return {
credential,
pageId: effectivePageId,
operation,
propertyId,
key: propertyKey,
value: propertyValue,
versionNumber: propertyVersionNumber
? Number.parseInt(String(propertyVersionNumber), 10)
: undefined,
...rest,
}
}
if (operation === 'delete_page_property') {
return {
credential,
pageId: effectivePageId,
operation,
propertyId,
...rest,
}
}
if (operation === 'get_pages_by_label') {
return {
credential,
operation,
labelId,
cursor: cursor || undefined,
...rest,
}
}
if (operation === 'list_space_labels') {
return {
credential,
operation,
cursor: cursor || undefined,
...rest,
}
}
if (operation === 'upload_attachment') {
const normalizedFile = normalizeFileInput(attachmentFile, { single: true })
if (!normalizedFile) {
@@ -1240,13 +1044,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
attachmentFileName: { type: 'string', description: 'Custom file name for attachment' },
attachmentComment: { type: 'string', description: 'Comment for the attachment' },
labelName: { type: 'string', description: 'Label name' },
labelId: { type: 'string', description: 'Label identifier' },
labelPrefix: { type: 'string', description: 'Label prefix (global, my, team, system)' },
propertyId: { type: 'string', description: 'Property identifier' },
propertyVersionNumber: {
type: 'number',
description: 'Current version number of the property',
},
blogPostStatus: { type: 'string', description: 'Blog post status (current or draft)' },
purge: { type: 'boolean', description: 'Permanently delete instead of moving to trash' },
bodyFormat: { type: 'string', description: 'Body format for comments' },
@@ -1282,7 +1080,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
// Label Results
labels: { type: 'array', description: 'List of labels' },
labelName: { type: 'string', description: 'Label name' },
labelId: { type: 'string', description: 'Label identifier' },
// Space Results
spaces: { type: 'array', description: 'List of spaces' },
spaceId: { type: 'string', description: 'Space identifier' },

56
apps/sim/blocks/blocks/jira.ts
View File

@@ -93,12 +93,6 @@ export const JiraBlock: BlockConfig<JiraResponse> = {
'delete:issue-worklog:jira',
'write:issue-link:jira',
'delete:issue-link:jira',
'manage:jira-project',
'read:board-scope:jira-software',
'write:board-scope:jira-software',
'read:sprint:jira-software',
'write:sprint:jira-software',
'delete:sprint:jira-software',
],
placeholder: 'Select Jira account',
},
@@ -701,32 +695,7 @@ Return ONLY the comment text - no explanations.`,
...getTrigger('jira_issue_updated').subBlocks,
...getTrigger('jira_issue_deleted').subBlocks,
...getTrigger('jira_issue_commented').subBlocks,
...getTrigger('jira_comment_updated').subBlocks,
...getTrigger('jira_comment_deleted').subBlocks,
...getTrigger('jira_worklog_created').subBlocks,
...getTrigger('jira_worklog_updated').subBlocks,
...getTrigger('jira_worklog_deleted').subBlocks,
...getTrigger('jira_sprint_created').subBlocks,
...getTrigger('jira_sprint_started').subBlocks,
...getTrigger('jira_sprint_closed').subBlocks,
...getTrigger('jira_sprint_updated').subBlocks,
...getTrigger('jira_sprint_deleted').subBlocks,
...getTrigger('jira_project_created').subBlocks,
...getTrigger('jira_project_updated').subBlocks,
...getTrigger('jira_project_deleted').subBlocks,
...getTrigger('jira_version_created').subBlocks,
...getTrigger('jira_version_released').subBlocks,
...getTrigger('jira_version_unreleased').subBlocks,
...getTrigger('jira_version_updated').subBlocks,
...getTrigger('jira_version_deleted').subBlocks,
...getTrigger('jira_board_created').subBlocks,
...getTrigger('jira_board_updated').subBlocks,
...getTrigger('jira_board_deleted').subBlocks,
...getTrigger('jira_board_config_changed').subBlocks,
...getTrigger('jira_attachment_created').subBlocks,
...getTrigger('jira_attachment_deleted').subBlocks,
...getTrigger('jira_issuelink_created').subBlocks,
...getTrigger('jira_issuelink_deleted').subBlocks,
...getTrigger('jira_webhook').subBlocks,
],
tools: {
@@ -1271,32 +1240,7 @@ Return ONLY the comment text - no explanations.`,
'jira_issue_updated',
'jira_issue_deleted',
'jira_issue_commented',
'jira_comment_updated',
'jira_comment_deleted',
'jira_worklog_created',
'jira_worklog_updated',
'jira_worklog_deleted',
'jira_sprint_created',
'jira_sprint_started',
'jira_sprint_closed',
'jira_sprint_updated',
'jira_sprint_deleted',
'jira_project_created',
'jira_project_updated',
'jira_project_deleted',
'jira_version_created',
'jira_version_released',
'jira_version_unreleased',
'jira_version_updated',
'jira_version_deleted',
'jira_board_created',
'jira_board_updated',
'jira_board_deleted',
'jira_board_config_changed',
'jira_attachment_created',
'jira_attachment_deleted',
'jira_issuelink_created',
'jira_issuelink_deleted',
'jira_webhook',
],
},

477
apps/sim/blocks/blocks/jira_service_management.ts
View File

@@ -2,16 +2,14 @@ import { JiraServiceManagementIcon } from '@/components/icons'
import type { BlockConfig } from '@/blocks/types'
import { AuthMode } from '@/blocks/types'
import type { JsmResponse } from '@/tools/jsm/types'
import { getTrigger } from '@/triggers'
export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
type: 'jira_service_management',
name: 'Jira Service Management',
description: 'Interact with Jira Service Management',
authMode: AuthMode.OAuth,
triggerAllowed: true,
longDescription:
'Integrate with Jira Service Management for IT service management. Create and manage service requests, handle customers and organizations, track SLAs, and manage queues. Can also trigger workflows based on Jira Service Management webhook events.',
'Integrate with Jira Service Management for IT service management. Create and manage service requests, handle customers and organizations, track SLAs, and manage queues.',
docsLink: 'https://docs.sim.ai/tools/jira-service-management',
category: 'tools',
bgColor: '#E0E0E0',
@@ -23,46 +21,26 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
type: 'dropdown',
options: [
{ label: 'Get Service Desks', id: 'get_service_desks' },
{ label: 'Get Service Desk', id: 'get_service_desk' },
{ label: 'Get Request Types', id: 'get_request_types' },
{ label: 'Get Request Type Fields', id: 'get_request_type_fields' },
{ label: 'Create Request', id: 'create_request' },
{ label: 'Get Request', id: 'get_request' },
{ label: 'Get Requests', id: 'get_requests' },
{ label: 'Get Request Status', id: 'get_request_status' },
{ label: 'Get Request Attachments', id: 'get_request_attachments' },
{ label: 'Add Comment', id: 'add_comment' },
{ label: 'Get Comments', id: 'get_comments' },
{ label: 'Get Customers', id: 'get_customers' },
{ label: 'Add Customer', id: 'add_customer' },
{ label: 'Remove Customer', id: 'remove_customer' },
{ label: 'Create Customer', id: 'create_customer' },
{ label: 'Get Organizations', id: 'get_organizations' },
{ label: 'Get Organization', id: 'get_organization' },
{ label: 'Create Organization', id: 'create_organization' },
{ label: 'Add Organization', id: 'add_organization' },
{ label: 'Remove Organization', id: 'remove_organization' },
{ label: 'Delete Organization', id: 'delete_organization' },
{ label: 'Get Organization Users', id: 'get_organization_users' },
{ label: 'Add Organization Users', id: 'add_organization_users' },
{ label: 'Remove Organization Users', id: 'remove_organization_users' },
{ label: 'Get Queues', id: 'get_queues' },
{ label: 'Get Queue Issues', id: 'get_queue_issues' },
{ label: 'Get SLA', id: 'get_sla' },
{ label: 'Get Transitions', id: 'get_transitions' },
{ label: 'Transition Request', id: 'transition_request' },
{ label: 'Get Participants', id: 'get_participants' },
{ label: 'Add Participants', id: 'add_participants' },
{ label: 'Remove Participants', id: 'remove_participants' },
{ label: 'Get Approvals', id: 'get_approvals' },
{ label: 'Answer Approval', id: 'answer_approval' },
{ label: 'Get Feedback', id: 'get_feedback' },
{ label: 'Add Feedback', id: 'add_feedback' },
{ label: 'Delete Feedback', id: 'delete_feedback' },
{ label: 'Get Notification', id: 'get_notification' },
{ label: 'Subscribe Notification', id: 'subscribe_notification' },
{ label: 'Unsubscribe Notification', id: 'unsubscribe_notification' },
{ label: 'Search Knowledge Base', id: 'search_knowledge_base' },
{ label: 'Get Request Type Fields', id: 'get_request_type_fields' },
],
value: () => 'get_service_desks',
},
@@ -114,18 +92,6 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
'write:request.participant:jira-service-management',
'read:request.approval:jira-service-management',
'write:request.approval:jira-service-management',
'read:request.feedback:jira-service-management',
'write:request.feedback:jira-service-management',
'delete:request.feedback:jira-service-management',
'read:request.notification:jira-service-management',
'write:request.notification:jira-service-management',
'delete:request.notification:jira-service-management',
'read:request.attachment:jira-service-management',
'read:knowledgebase:jira-service-management',
'read:organization.user:jira-service-management',
'write:organization.user:jira-service-management',
'delete:organization:jira-service-management',
'delete:servicedesk.customer:jira-service-management',
],
placeholder: 'Select Jira account',
},
@@ -137,20 +103,15 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
condition: {
field: 'operation',
value: [
'get_service_desk',
'get_request_types',
'create_request',
'get_customers',
'add_customer',
'remove_customer',
'get_organizations',
'add_organization',
'remove_organization',
'get_queues',
'get_queue_issues',
'get_requests',
'get_request_type_fields',
'search_knowledge_base',
],
},
},
@@ -172,8 +133,6 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
field: 'operation',
value: [
'get_request',
'get_request_status',
'get_request_attachments',
'add_comment',
'get_comments',
'get_sla',
@@ -181,15 +140,8 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
'transition_request',
'get_participants',
'add_participants',
'remove_participants',
'get_approvals',
'answer_approval',
'get_feedback',
'add_feedback',
'delete_feedback',
'get_notification',
'subscribe_notification',
'unsubscribe_notification',
],
},
},
@@ -321,15 +273,7 @@ Return ONLY the comment text - no explanations.`,
type: 'short-input',
required: true,
placeholder: 'Comma-separated Atlassian account IDs',
condition: {
field: 'operation',
value: [
'add_customer',
'remove_customer',
'add_organization_users',
'remove_organization_users',
],
},
condition: { field: 'operation', value: 'add_customer' },
},
{
id: 'customerQuery',
@@ -422,18 +366,7 @@ Return ONLY the comment text - no explanations.`,
type: 'short-input',
required: true,
placeholder: 'Enter organization ID',
condition: {
field: 'operation',
value: [
'add_organization',
'remove_organization',
'delete_organization',
'get_organization',
'get_organization_users',
'add_organization_users',
'remove_organization_users',
],
},
condition: { field: 'operation', value: 'add_organization' },
},
{
id: 'participantAccountIds',
@@ -441,7 +374,7 @@ Return ONLY the comment text - no explanations.`,
type: 'short-input',
required: true,
placeholder: 'Comma-separated account IDs',
condition: { field: 'operation', value: ['add_participants', 'remove_participants'] },
condition: { field: 'operation', value: 'add_participants' },
},
{
id: 'approvalId',
@@ -473,165 +406,55 @@ Return ONLY the comment text - no explanations.`,
'get_service_desks',
'get_request_types',
'get_requests',
'get_request_status',
'get_request_attachments',
'get_comments',
'get_customers',
'get_organizations',
'get_organization_users',
'get_queues',
'get_queue_issues',
'get_sla',
'get_transitions',
'get_participants',
'get_approvals',
'search_knowledge_base',
],
},
},
{
id: 'queueId',
title: 'Queue ID',
type: 'short-input',
required: true,
placeholder: 'Enter queue ID',
condition: { field: 'operation', value: 'get_queue_issues' },
},
{
id: 'customerEmail',
title: 'Customer Email',
type: 'short-input',
required: true,
placeholder: 'Enter customer email address',
condition: { field: 'operation', value: 'create_customer' },
},
{
id: 'customerDisplayName',
title: 'Display Name',
type: 'short-input',
required: true,
placeholder: 'Enter customer display name',
condition: { field: 'operation', value: 'create_customer' },
},
{
id: 'knowledgeBaseQuery',
title: 'Search Query',
type: 'short-input',
required: true,
placeholder: 'Search knowledge base articles',
condition: { field: 'operation', value: 'search_knowledge_base' },
},
{
id: 'feedbackRating',
title: 'Rating',
type: 'dropdown',
options: [
{ label: '1 - Very Unsatisfied', id: '1' },
{ label: '2 - Unsatisfied', id: '2' },
{ label: '3 - Neutral', id: '3' },
{ label: '4 - Satisfied', id: '4' },
{ label: '5 - Very Satisfied', id: '5' },
],
value: () => '5',
condition: { field: 'operation', value: 'add_feedback' },
},
{
id: 'feedbackComment',
title: 'Feedback Comment',
type: 'long-input',
placeholder: 'Optional feedback comment',
condition: { field: 'operation', value: 'add_feedback' },
},
{
id: 'includeAttachments',
title: 'Include File Content',
type: 'dropdown',
options: [
{ label: 'No', id: 'false' },
{ label: 'Yes', id: 'true' },
],
value: () => 'false',
condition: { field: 'operation', value: 'get_request_attachments' },
},
// Trigger SubBlocks
...getTrigger('jsm_request_created').subBlocks,
...getTrigger('jsm_request_updated').subBlocks,
...getTrigger('jsm_request_deleted').subBlocks,
...getTrigger('jsm_request_commented').subBlocks,
...getTrigger('jsm_comment_updated').subBlocks,
...getTrigger('jsm_comment_deleted').subBlocks,
...getTrigger('jsm_worklog_created').subBlocks,
...getTrigger('jsm_worklog_updated').subBlocks,
...getTrigger('jsm_worklog_deleted').subBlocks,
...getTrigger('jsm_attachment_created').subBlocks,
...getTrigger('jsm_attachment_deleted').subBlocks,
...getTrigger('jsm_webhook').subBlocks,
],
tools: {
access: [
'jsm_get_service_desks',
'jsm_get_service_desk',
'jsm_get_request_types',
'jsm_get_request_type_fields',
'jsm_create_request',
'jsm_get_request',
'jsm_get_requests',
'jsm_get_request_status',
'jsm_get_request_attachments',
'jsm_add_comment',
'jsm_get_comments',
'jsm_get_customers',
'jsm_add_customer',
'jsm_remove_customer',
'jsm_create_customer',
'jsm_get_organizations',
'jsm_get_organization',
'jsm_create_organization',
'jsm_add_organization',
'jsm_remove_organization',
'jsm_delete_organization',
'jsm_get_organization_users',
'jsm_add_organization_users',
'jsm_remove_organization_users',
'jsm_get_queues',
'jsm_get_queue_issues',
'jsm_get_sla',
'jsm_get_transitions',
'jsm_transition_request',
'jsm_get_participants',
'jsm_add_participants',
'jsm_remove_participants',
'jsm_get_approvals',
'jsm_answer_approval',
'jsm_get_feedback',
'jsm_add_feedback',
'jsm_delete_feedback',
'jsm_get_notification',
'jsm_subscribe_notification',
'jsm_unsubscribe_notification',
'jsm_search_knowledge_base',
'jsm_get_request_type_fields',
],
config: {
tool: (params) => {
switch (params.operation) {
case 'get_service_desks':
return 'jsm_get_service_desks'
case 'get_service_desk':
return 'jsm_get_service_desk'
case 'get_request_types':
return 'jsm_get_request_types'
case 'get_request_type_fields':
return 'jsm_get_request_type_fields'
case 'create_request':
return 'jsm_create_request'
case 'get_request':
return 'jsm_get_request'
case 'get_requests':
return 'jsm_get_requests'
case 'get_request_status':
return 'jsm_get_request_status'
case 'get_request_attachments':
return 'jsm_get_request_attachments'
case 'add_comment':
return 'jsm_add_comment'
case 'get_comments':
@@ -640,32 +463,14 @@ Return ONLY the comment text - no explanations.`,
return 'jsm_get_customers'
case 'add_customer':
return 'jsm_add_customer'
case 'remove_customer':
return 'jsm_remove_customer'
case 'create_customer':
return 'jsm_create_customer'
case 'get_organizations':
return 'jsm_get_organizations'
case 'get_organization':
return 'jsm_get_organization'
case 'create_organization':
return 'jsm_create_organization'
case 'add_organization':
return 'jsm_add_organization'
case 'remove_organization':
return 'jsm_remove_organization'
case 'delete_organization':
return 'jsm_delete_organization'
case 'get_organization_users':
return 'jsm_get_organization_users'
case 'add_organization_users':
return 'jsm_add_organization_users'
case 'remove_organization_users':
return 'jsm_remove_organization_users'
case 'get_queues':
return 'jsm_get_queues'
case 'get_queue_issues':
return 'jsm_get_queue_issues'
case 'get_sla':
return 'jsm_get_sla'
case 'get_transitions':
@@ -676,26 +481,12 @@ Return ONLY the comment text - no explanations.`,
return 'jsm_get_participants'
case 'add_participants':
return 'jsm_add_participants'
case 'remove_participants':
return 'jsm_remove_participants'
case 'get_approvals':
return 'jsm_get_approvals'
case 'answer_approval':
return 'jsm_answer_approval'
case 'get_feedback':
return 'jsm_get_feedback'
case 'add_feedback':
return 'jsm_add_feedback'
case 'delete_feedback':
return 'jsm_delete_feedback'
case 'get_notification':
return 'jsm_get_notification'
case 'subscribe_notification':
return 'jsm_subscribe_notification'
case 'unsubscribe_notification':
return 'jsm_unsubscribe_notification'
case 'search_knowledge_base':
return 'jsm_search_knowledge_base'
case 'get_request_type_fields':
return 'jsm_get_request_type_fields'
default:
return 'jsm_get_service_desks'
}
@@ -940,204 +731,6 @@ Return ONLY the comment text - no explanations.`,
serviceDeskId: params.serviceDeskId,
requestTypeId: params.requestTypeId,
}
case 'get_service_desk':
if (!params.serviceDeskId) {
throw new Error('Service Desk ID is required')
}
return {
...baseParams,
serviceDeskId: params.serviceDeskId,
}
case 'get_request_status':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
limit: params.maxResults ? Number.parseInt(params.maxResults) : undefined,
}
case 'get_request_attachments':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
includeAttachments: params.includeAttachments === 'true',
limit: params.maxResults ? Number.parseInt(params.maxResults) : undefined,
}
case 'remove_customer': {
if (!params.serviceDeskId) {
throw new Error('Service Desk ID is required')
}
if (!params.accountIds) {
throw new Error('Account IDs are required')
}
return {
...baseParams,
serviceDeskId: params.serviceDeskId,
accountIds: params.accountIds,
}
}
case 'create_customer':
if (!params.customerEmail) {
throw new Error('Customer email is required')
}
if (!params.customerDisplayName) {
throw new Error('Customer display name is required')
}
return {
...baseParams,
email: params.customerEmail,
displayName: params.customerDisplayName,
}
case 'get_organization':
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
return {
...baseParams,
organizationId: params.organizationId,
}
case 'remove_organization':
if (!params.serviceDeskId) {
throw new Error('Service Desk ID is required')
}
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
return {
...baseParams,
serviceDeskId: params.serviceDeskId,
organizationId: params.organizationId,
}
case 'delete_organization':
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
return {
...baseParams,
organizationId: params.organizationId,
}
case 'get_organization_users':
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
return {
...baseParams,
organizationId: params.organizationId,
limit: params.maxResults ? Number.parseInt(params.maxResults) : undefined,
}
case 'add_organization_users':
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
if (!params.accountIds) {
throw new Error('Account IDs are required')
}
return {
...baseParams,
organizationId: params.organizationId,
accountIds: params.accountIds,
}
case 'remove_organization_users':
if (!params.organizationId) {
throw new Error('Organization ID is required')
}
if (!params.accountIds) {
throw new Error('Account IDs are required')
}
return {
...baseParams,
organizationId: params.organizationId,
accountIds: params.accountIds,
}
case 'get_queue_issues':
if (!params.serviceDeskId) {
throw new Error('Service Desk ID is required')
}
if (!params.queueId) {
throw new Error('Queue ID is required')
}
return {
...baseParams,
serviceDeskId: params.serviceDeskId,
queueId: params.queueId,
limit: params.maxResults ? Number.parseInt(params.maxResults) : undefined,
}
case 'remove_participants':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
if (!params.participantAccountIds) {
throw new Error('Account IDs are required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
accountIds: params.participantAccountIds,
}
case 'get_feedback':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
}
case 'add_feedback':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
rating: Number.parseInt(params.feedbackRating || '5'),
comment: params.feedbackComment,
}
case 'delete_feedback':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
}
case 'get_notification':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
}
case 'subscribe_notification':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
}
case 'unsubscribe_notification':
if (!params.issueIdOrKey) {
throw new Error('Issue ID or key is required')
}
return {
...baseParams,
issueIdOrKey: params.issueIdOrKey,
}
case 'search_knowledge_base':
if (!params.knowledgeBaseQuery) {
throw new Error('Search query is required')
}
return {
...baseParams,
serviceDeskId: params.serviceDeskId,
query: params.knowledgeBaseQuery,
limit: params.maxResults ? Number.parseInt(params.maxResults) : undefined,
}
default:
return baseParams
}
@@ -1186,16 +779,6 @@ Return ONLY the comment text - no explanations.`,
searchQuery: { type: 'string', description: 'Filter request types by name' },
groupId: { type: 'string', description: 'Filter by request type group ID' },
expand: { type: 'string', description: 'Comma-separated fields to expand' },
queueId: { type: 'string', description: 'Queue ID' },
customerEmail: { type: 'string', description: 'Customer email address' },
customerDisplayName: { type: 'string', description: 'Customer display name' },
knowledgeBaseQuery: { type: 'string', description: 'Knowledge base search query' },
feedbackRating: { type: 'string', description: 'CSAT feedback rating (1-5)' },
feedbackComment: { type: 'string', description: 'CSAT feedback comment' },
includeAttachments: {
type: 'string',
description: 'Whether to download attachment file content',
},
},
outputs: {
ts: { type: 'string', description: 'Timestamp of the operation' },
@@ -1227,19 +810,6 @@ Return ONLY the comment text - no explanations.`,
total: { type: 'number', description: 'Total count' },
isLastPage: { type: 'boolean', description: 'Whether this is the last page' },
requestTypeFields: { type: 'json', description: 'Array of request type fields' },
rating: { type: 'number', description: 'CSAT feedback rating' },
subscribed: { type: 'boolean', description: 'Whether subscribed to notifications' },
articles: { type: 'json', description: 'Array of knowledge base articles' },
statuses: { type: 'json', description: 'Array of request status history entries' },
attachments: { type: 'json', description: 'Array of attachment metadata' },
issues: { type: 'json', description: 'Array of queue issues' },
users: { type: 'json', description: 'Array of organization users' },
id: { type: 'string', description: 'Resource ID' },
projectId: { type: 'string', description: 'Service desk project ID' },
projectName: { type: 'string', description: 'Service desk project name' },
projectKey: { type: 'string', description: 'Service desk project key' },
email: { type: 'string', description: 'Customer email address' },
displayName: { type: 'string', description: 'Customer display name' },
canAddRequestParticipants: {
type: 'boolean',
description: 'Whether participants can be added to this request type',
@@ -1248,36 +818,5 @@ Return ONLY the comment text - no explanations.`,
type: 'boolean',
description: 'Whether requests can be raised on behalf of another user',
},
// Trigger outputs (from webhook events)
webhookEvent: { type: 'string', description: 'Webhook event type' },
issue: { type: 'json', description: 'Complete issue object from webhook' },
changelog: { type: 'json', description: 'Changelog object (for update events)' },
comment: { type: 'json', description: 'Comment object (for comment events)' },
worklog: { type: 'json', description: 'Worklog object (for worklog events)' },
attachment: { type: 'json', description: 'Attachment metadata (for attachment events)' },
files: {
type: 'file[]',
description:
'Downloaded file attachments (if includeFiles is enabled and Jira credentials are provided)',
},
user: { type: 'json', description: 'User object who triggered the event' },
webhook: { type: 'json', description: 'Complete webhook payload' },
},
triggers: {
enabled: true,
available: [
'jsm_request_created',
'jsm_request_updated',
'jsm_request_deleted',
'jsm_request_commented',
'jsm_comment_updated',
'jsm_comment_deleted',
'jsm_worklog_created',
'jsm_worklog_updated',
'jsm_worklog_deleted',
'jsm_attachment_created',
'jsm_attachment_deleted',
'jsm_webhook',
],
},
}

4
apps/sim/executor/constants.ts
View File

@@ -205,10 +205,6 @@ export const CREDENTIAL_SET = {
PREFIX: 'credentialSet:',
} as const
export const CREDENTIAL = {
FOREIGN_LABEL: 'Saved by collaborator',
} as const
export function isCredentialSetValue(value: string | null | undefined): boolean {
return typeof value === 'string' && value.startsWith(CREDENTIAL_SET.PREFIX)
}

268
apps/sim/hooks/queries/credentials.ts Normal file
View File

@@ -0,0 +1,268 @@
'use client'
import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
import { environmentKeys } from '@/hooks/queries/environment'
import { fetchJson } from '@/hooks/selectors/helpers'
export type WorkspaceCredentialType = 'oauth' | 'env_workspace' | 'env_personal'
export type WorkspaceCredentialRole = 'admin' | 'member'
export type WorkspaceCredentialMemberStatus = 'active' | 'pending' | 'revoked'
export interface WorkspaceCredential {
id: string
workspaceId: string
type: WorkspaceCredentialType
displayName: string
providerId: string | null
accountId: string | null
envKey: string | null
envOwnerUserId: string | null
createdBy: string
createdAt: string
updatedAt: string
role?: WorkspaceCredentialRole
status?: WorkspaceCredentialMemberStatus
}
export interface WorkspaceCredentialMember {
id: string
userId: string
role: WorkspaceCredentialRole
status: WorkspaceCredentialMemberStatus
joinedAt: string | null
invitedBy: string | null
createdAt: string
updatedAt: string
userName: string | null
userEmail: string | null
userImage: string | null
}
interface CredentialListResponse {
credentials?: WorkspaceCredential[]
}
interface CredentialResponse {
credential?: WorkspaceCredential | null
}
interface MembersResponse {
members?: WorkspaceCredentialMember[]
}
export const workspaceCredentialKeys = {
all: ['workspaceCredentials'] as const,
list: (workspaceId?: string, type?: string, providerId?: string) =>
['workspaceCredentials', workspaceId ?? 'none', type ?? 'all', providerId ?? 'all'] as const,
detail: (credentialId?: string) =>
['workspaceCredentials', 'detail', credentialId ?? 'none'] as const,
members: (credentialId?: string) =>
['workspaceCredentials', 'detail', credentialId ?? 'none', 'members'] as const,
}
export function useWorkspaceCredentials(params: {
workspaceId?: string
type?: WorkspaceCredentialType
providerId?: string
enabled?: boolean
}) {
const { workspaceId, type, providerId, enabled = true } = params
return useQuery<WorkspaceCredential[]>({
queryKey: workspaceCredentialKeys.list(workspaceId, type, providerId),
queryFn: async () => {
if (!workspaceId) return []
const data = await fetchJson<CredentialListResponse>('/api/credentials', {
searchParams: {
workspaceId,
type,
providerId,
},
})
return data.credentials ?? []
},
enabled: Boolean(workspaceId) && enabled,
staleTime: 60 * 1000,
})
}
export function useWorkspaceCredential(credentialId?: string, enabled = true) {
return useQuery<WorkspaceCredential | null>({
queryKey: workspaceCredentialKeys.detail(credentialId),
queryFn: async () => {
if (!credentialId) return null
const data = await fetchJson<CredentialResponse>(`/api/credentials/${credentialId}`)
return data.credential ?? null
},
enabled: Boolean(credentialId) && enabled,
staleTime: 60 * 1000,
})
}
export function useCreateWorkspaceCredential() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async (payload: {
workspaceId: string
type: WorkspaceCredentialType
displayName?: string
providerId?: string
accountId?: string
envKey?: string
envOwnerUserId?: string
}) => {
const response = await fetch('/api/credentials', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(payload),
})
if (!response.ok) {
const data = await response.json()
throw new Error(data.error || 'Failed to create credential')
}
return response.json()
},
onSuccess: (_data, variables) => {
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.list(variables.workspaceId),
})
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.all,
})
},
})
}
export function useUpdateWorkspaceCredential() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async (payload: {
credentialId: string
displayName?: string
accountId?: string
}) => {
const response = await fetch(`/api/credentials/${payload.credentialId}`, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
displayName: payload.displayName,
accountId: payload.accountId,
}),
})
if (!response.ok) {
const data = await response.json()
throw new Error(data.error || 'Failed to update credential')
}
return response.json()
},
onSuccess: (_data, variables) => {
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.detail(variables.credentialId),
})
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.all,
})
},
})
}
export function useDeleteWorkspaceCredential() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async (credentialId: string) => {
const response = await fetch(`/api/credentials/${credentialId}`, {
method: 'DELETE',
})
if (!response.ok) {
const data = await response.json()
throw new Error(data.error || 'Failed to delete credential')
}
return response.json()
},
onSuccess: (_data, credentialId) => {
queryClient.invalidateQueries({ queryKey: workspaceCredentialKeys.detail(credentialId) })
queryClient.invalidateQueries({ queryKey: workspaceCredentialKeys.all })
queryClient.invalidateQueries({ queryKey: environmentKeys.all })
},
})
}
export function useWorkspaceCredentialMembers(credentialId?: string) {
return useQuery<WorkspaceCredentialMember[]>({
queryKey: workspaceCredentialKeys.members(credentialId),
queryFn: async () => {
if (!credentialId) return []
const data = await fetchJson<MembersResponse>(`/api/credentials/${credentialId}/members`)
return data.members ?? []
},
enabled: Boolean(credentialId),
staleTime: 30 * 1000,
})
}
export function useUpsertWorkspaceCredentialMember() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async (payload: {
credentialId: string
userId: string
role: WorkspaceCredentialRole
}) => {
const response = await fetch(`/api/credentials/${payload.credentialId}/members`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
userId: payload.userId,
role: payload.role,
}),
})
if (!response.ok) {
const data = await response.json()
throw new Error(data.error || 'Failed to update credential member')
}
return response.json()
},
onSuccess: (_data, variables) => {
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.members(variables.credentialId),
})
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.detail(variables.credentialId),
})
queryClient.invalidateQueries({ queryKey: workspaceCredentialKeys.all })
},
})
}
export function useRemoveWorkspaceCredentialMember() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async (payload: { credentialId: string; userId: string }) => {
const response = await fetch(
`/api/credentials/${payload.credentialId}/members?userId=${encodeURIComponent(payload.userId)}`,
{ method: 'DELETE' }
)
if (!response.ok) {
const data = await response.json()
throw new Error(data.error || 'Failed to remove credential member')
}
return response.json()
},
onSuccess: (_data, variables) => {
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.members(variables.credentialId),
})
queryClient.invalidateQueries({
queryKey: workspaceCredentialKeys.detail(variables.credentialId),
})
queryClient.invalidateQueries({ queryKey: workspaceCredentialKeys.all })
},
})
}

10
apps/sim/hooks/queries/oauth-connections.ts
View File

@@ -169,9 +169,9 @@ export function useConnectOAuthService() {
interface DisconnectServiceParams {
provider: string
providerId: string
providerId?: string
serviceId: string
accountId: string
accountId?: string
}
/**
@@ -182,7 +182,7 @@ export function useDisconnectOAuthService() {
const queryClient = useQueryClient()
return useMutation({
mutationFn: async ({ provider, providerId }: DisconnectServiceParams) => {
mutationFn: async ({ provider, providerId, accountId }: DisconnectServiceParams) => {
const response = await fetch('/api/auth/oauth/disconnect', {
method: 'POST',
headers: {
@@ -191,6 +191,7 @@ export function useDisconnectOAuthService() {
body: JSON.stringify({
provider,
providerId,
accountId,
}),
})
@@ -212,7 +213,8 @@ export function useDisconnectOAuthService() {
oauthConnectionsKeys.connections(),
previousServices.map((svc) => {
if (svc.id === serviceId) {
const updatedAccounts = svc.accounts?.filter((acc) => acc.id !== accountId) || []
const updatedAccounts =
accountId && svc.accounts ? svc.accounts.filter((acc) => acc.id !== accountId) : []
return {
...svc,
accounts: updatedAccounts,

92
apps/sim/hooks/queries/oauth-credentials.ts
View File

@@ -1,6 +1,6 @@
import { useQuery } from '@tanstack/react-query'
import type { Credential } from '@/lib/oauth'
import { CREDENTIAL, CREDENTIAL_SET } from '@/executor/constants'
import { CREDENTIAL_SET } from '@/executor/constants'
import { useCredentialSetDetail } from '@/hooks/queries/credential-sets'
import { fetchJson } from '@/hooks/selectors/helpers'
@@ -13,15 +13,34 @@ interface CredentialDetailResponse {
}
export const oauthCredentialKeys = {
list: (providerId?: string) => ['oauthCredentials', providerId ?? 'none'] as const,
list: (providerId?: string, workspaceId?: string, workflowId?: string) =>
[
'oauthCredentials',
providerId ?? 'none',
workspaceId ?? 'none',
workflowId ?? 'none',
] as const,
detail: (credentialId?: string, workflowId?: string) =>
['oauthCredentialDetail', credentialId ?? 'none', workflowId ?? 'none'] as const,
}
export async function fetchOAuthCredentials(providerId: string): Promise<Credential[]> {
interface FetchOAuthCredentialsParams {
providerId: string
workspaceId?: string
workflowId?: string
}
export async function fetchOAuthCredentials(
params: FetchOAuthCredentialsParams
): Promise<Credential[]> {
const { providerId, workspaceId, workflowId } = params
if (!providerId) return []
const data = await fetchJson<CredentialListResponse>('/api/auth/oauth/credentials', {
searchParams: { provider: providerId },
searchParams: {
provider: providerId,
workspaceId,
workflowId,
},
})
return data.credentials ?? []
}
@@ -40,10 +59,44 @@ export async function fetchOAuthCredentialDetail(
return data.credentials ?? []
}
export function useOAuthCredentials(providerId?: string, enabled = true) {
interface UseOAuthCredentialsOptions {
enabled?: boolean
workspaceId?: string
workflowId?: string
}
function resolveOptions(
enabledOrOptions?: boolean | UseOAuthCredentialsOptions
): Required<UseOAuthCredentialsOptions> {
if (typeof enabledOrOptions === 'boolean') {
return {
enabled: enabledOrOptions,
workspaceId: '',
workflowId: '',
}
}
return {
enabled: enabledOrOptions?.enabled ?? true,
workspaceId: enabledOrOptions?.workspaceId ?? '',
workflowId: enabledOrOptions?.workflowId ?? '',
}
}
export function useOAuthCredentials(
providerId?: string,
enabledOrOptions?: boolean | UseOAuthCredentialsOptions
) {
const { enabled, workspaceId, workflowId } = resolveOptions(enabledOrOptions)
return useQuery<Credential[]>({
queryKey: oauthCredentialKeys.list(providerId),
queryFn: () => fetchOAuthCredentials(providerId ?? ''),
queryKey: oauthCredentialKeys.list(providerId, workspaceId, workflowId),
queryFn: () =>
fetchOAuthCredentials({
providerId: providerId ?? '',
workspaceId: workspaceId || undefined,
workflowId: workflowId || undefined,
}),
enabled: Boolean(providerId) && enabled,
staleTime: 60 * 1000,
})
@@ -62,7 +115,12 @@ export function useOAuthCredentialDetail(
})
}
export function useCredentialName(credentialId?: string, providerId?: string, workflowId?: string) {
export function useCredentialName(
credentialId?: string,
providerId?: string,
workflowId?: string,
workspaceId?: string
) {
// Check if this is a credential set value
const isCredentialSet = credentialId?.startsWith(CREDENTIAL_SET.PREFIX) ?? false
const credentialSetId = isCredentialSet
@@ -77,7 +135,11 @@ export function useCredentialName(credentialId?: string, providerId?: string, wo
const { data: credentials = [], isFetching: credentialsLoading } = useOAuthCredentials(
providerId,
Boolean(providerId) && !isCredentialSet
{
enabled: Boolean(providerId) && !isCredentialSet,
workspaceId,
workflowId,
}
)
const selectedCredential = credentials.find((cred) => cred.id === credentialId)
@@ -92,18 +154,18 @@ export function useCredentialName(credentialId?: string, providerId?: string, wo
shouldFetchDetail
)
const detailCredential = foreignCredentials[0]
const hasForeignMeta = foreignCredentials.length > 0
const isForeignCredentialSet = isCredentialSet && !credentialSetData && !credentialSetLoading
const displayName =
credentialSetData?.name ??
selectedCredential?.name ??
(hasForeignMeta ? CREDENTIAL.FOREIGN_LABEL : null) ??
(isForeignCredentialSet ? CREDENTIAL.FOREIGN_LABEL : null)
credentialSetData?.name ?? selectedCredential?.name ?? detailCredential?.name ?? null
return {
displayName,
isLoading: credentialsLoading || foreignLoading || (isCredentialSet && credentialSetLoading),
isLoading:
credentialsLoading ||
foreignLoading ||
(isCredentialSet && credentialSetLoading && !credentialSetData),
hasForeignMeta,
}
}

192
apps/sim/lib/auth/auth.ts
View File

@@ -14,7 +14,7 @@ import {
oneTimeToken,
organization,
} from 'better-auth/plugins'
import { and, eq } from 'drizzle-orm'
import { and, eq, inArray, sql } from 'drizzle-orm'
import { headers } from 'next/headers'
import Stripe from 'stripe'
import {
@@ -150,16 +150,6 @@ export const auth = betterAuth({
account: {
create: {
before: async (account) => {
// Only one credential per (userId, providerId) is allowed
// If user reconnects (even with a different external account), delete the old one
// and let Better Auth create the new one (returning false breaks account linking flow)
const existing = await db.query.account.findFirst({
where: and(
eq(schema.account.userId, account.userId),
eq(schema.account.providerId, account.providerId)
),
})
const modifiedAccount = { ...account }
if (account.providerId === 'salesforce' && account.accessToken) {
@@ -189,32 +179,148 @@ export const auth = betterAuth({
}
}
// Handle Microsoft refresh token expiry
if (isMicrosoftProvider(account.providerId)) {
modifiedAccount.refreshTokenExpiresAt = getMicrosoftRefreshTokenExpiry()
}
if (existing) {
// Delete the existing account so Better Auth can create the new one
// This allows account linking/re-authorization to succeed
await db.delete(schema.account).where(eq(schema.account.id, existing.id))
// Preserve the existing account ID so references (like workspace notifications) continue to work
modifiedAccount.id = existing.id
logger.info('[account.create.before] Deleted existing account for re-authorization', {
userId: account.userId,
providerId: account.providerId,
existingAccountId: existing.id,
preservingId: true,
})
// Sync webhooks for credential sets after reconnecting (in after hook)
}
return { data: modifiedAccount }
},
after: async (account) => {
/**
* Migrate credentials from stale account rows to the newly created one.
*
* Each getUserInfo appends a random UUID to the stable external ID so
* that Better Auth never blocks cross-user connections. This means
* re-connecting the same external identity creates a new row. We detect
* the stale siblings here by comparing the stable prefix (everything
* before the trailing UUID), migrate any credential FKs to the new row,
* then delete the stale rows.
*/
try {
const UUID_SUFFIX_RE = /-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
const stablePrefix = account.accountId.replace(UUID_SUFFIX_RE, '')
if (stablePrefix && stablePrefix !== account.accountId) {
const siblings = await db
.select({ id: schema.account.id, accountId: schema.account.accountId })
.from(schema.account)
.where(
and(
eq(schema.account.userId, account.userId),
eq(schema.account.providerId, account.providerId),
sql`${schema.account.id} != ${account.id}`
)
)
const staleRows = siblings.filter(
(row) => row.accountId.replace(UUID_SUFFIX_RE, '') === stablePrefix
)
if (staleRows.length > 0) {
const staleIds = staleRows.map((row) => row.id)
await db
.update(schema.credential)
.set({ accountId: account.id })
.where(inArray(schema.credential.accountId, staleIds))
await db.delete(schema.account).where(inArray(schema.account.id, staleIds))
logger.info('[account.create.after] Migrated credentials from stale accounts', {
userId: account.userId,
providerId: account.providerId,
newAccountId: account.id,
migratedFrom: staleIds,
})
}
}
} catch (error) {
logger.error('[account.create.after] Failed to clean up stale accounts', {
userId: account.userId,
providerId: account.providerId,
error,
})
}
/**
* If a pending credential draft exists for this (userId, providerId),
* create the credential now with the user's chosen display name.
* This is deterministic — the account row is guaranteed to exist.
*/
try {
const [draft] = await db
.select()
.from(schema.pendingCredentialDraft)
.where(
and(
eq(schema.pendingCredentialDraft.userId, account.userId),
eq(schema.pendingCredentialDraft.providerId, account.providerId),
sql`${schema.pendingCredentialDraft.expiresAt} > NOW()`
)
)
.limit(1)
if (draft) {
const credentialId = crypto.randomUUID()
const now = new Date()
try {
await db.insert(schema.credential).values({
id: credentialId,
workspaceId: draft.workspaceId,
type: 'oauth',
displayName: draft.displayName,
providerId: account.providerId,
accountId: account.id,
createdBy: account.userId,
createdAt: now,
updatedAt: now,
})
await db.insert(schema.credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId: account.userId,
role: 'admin',
status: 'active',
joinedAt: now,
invitedBy: account.userId,
createdAt: now,
updatedAt: now,
})
logger.info('[account.create.after] Created credential from draft', {
credentialId,
displayName: draft.displayName,
providerId: account.providerId,
accountId: account.id,
})
} catch (insertError: unknown) {
const code =
insertError && typeof insertError === 'object' && 'code' in insertError
? (insertError as { code: string }).code
: undefined
if (code !== '23505') {
throw insertError
}
logger.info('[account.create.after] Credential already exists, skipping draft', {
providerId: account.providerId,
accountId: account.id,
})
}
await db
.delete(schema.pendingCredentialDraft)
.where(eq(schema.pendingCredentialDraft.id, draft.id))
}
} catch (error) {
logger.error('[account.create.after] Failed to create credential from draft', {
userId: account.userId,
providerId: account.providerId,
error,
})
}
try {
const { ensureUserStatsExists } = await import('@/lib/billing/core/usage')
await ensureUserStatsExists(account.userId)
@@ -1487,7 +1593,7 @@ export const auth = betterAuth({
})
return {
id: `${data.user_id || data.hub_id.toString()}-${crypto.randomUUID()}`,
id: `${(data.user_id || data.hub_id).toString()}-${crypto.randomUUID()}`,
name: data.user || 'HubSpot User',
email: data.user || `hubspot-${data.hub_id}@hubspot.com`,
emailVerified: true,
@@ -1541,7 +1647,7 @@ export const auth = betterAuth({
const data = await response.json()
return {
id: `${data.user_id || data.sub}-${crypto.randomUUID()}`,
id: `${(data.user_id || data.sub).toString()}-${crypto.randomUUID()}`,
name: data.name || 'Salesforce User',
email: data.email || `salesforce-${data.user_id}@salesforce.com`,
emailVerified: data.email_verified || true,
@@ -1600,7 +1706,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${profile.data.id}-${crypto.randomUUID()}`,
id: `${profile.data.id.toString()}-${crypto.randomUUID()}`,
name: profile.data.name || 'X User',
email: `${profile.data.username}@x.com`,
image: profile.data.profile_image_url,
@@ -1680,7 +1786,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${profile.account_id}-${crypto.randomUUID()}`,
id: `${profile.account_id.toString()}-${crypto.randomUUID()}`,
name: profile.name || profile.display_name || 'Confluence User',
email: profile.email || `${profile.account_id}@atlassian.com`,
image: profile.picture || undefined,
@@ -1791,7 +1897,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${profile.account_id}-${crypto.randomUUID()}`,
id: `${profile.account_id.toString()}-${crypto.randomUUID()}`,
name: profile.name || profile.display_name || 'Jira User',
email: profile.email || `${profile.account_id}@atlassian.com`,
image: profile.picture || undefined,
@@ -1841,7 +1947,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${data.id}-${crypto.randomUUID()}`,
id: `${data.id.toString()}-${crypto.randomUUID()}`,
name: data.email ? data.email.split('@')[0] : 'Airtable User',
email: data.email || `${data.id}@airtable.user`,
emailVerified: !!data.email,
@@ -1890,7 +1996,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${profile.bot?.owner?.user?.id || profile.id}-${crypto.randomUUID()}`,
id: `${(profile.bot?.owner?.user?.id || profile.id).toString()}-${crypto.randomUUID()}`,
name: profile.name || profile.bot?.owner?.user?.name || 'Notion User',
email: profile.person?.email || `${profile.id}@notion.user`,
emailVerified: !!profile.person?.email,
@@ -1957,7 +2063,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${data.id}-${crypto.randomUUID()}`,
id: `${data.id.toString()}-${crypto.randomUUID()}`,
name: data.name || 'Reddit User',
email: `${data.name}@reddit.user`,
image: data.icon_img || undefined,
@@ -2029,7 +2135,7 @@ export const auth = betterAuth({
const viewer = data.viewer
return {
id: `${viewer.id}-${crypto.randomUUID()}`,
id: `${viewer.id.toString()}-${crypto.randomUUID()}`,
email: viewer.email,
name: viewer.name,
emailVerified: true,
@@ -2092,7 +2198,7 @@ export const auth = betterAuth({
const data = await response.json()
return {
id: `${data.account_id}-${crypto.randomUUID()}`,
id: `${data.account_id.toString()}-${crypto.randomUUID()}`,
email: data.email,
name: data.name?.display_name || data.email,
emailVerified: data.email_verified || false,
@@ -2143,7 +2249,7 @@ export const auth = betterAuth({
const now = new Date()
return {
id: `${profile.gid}-${crypto.randomUUID()}`,
id: `${profile.gid.toString()}-${crypto.randomUUID()}`,
name: profile.name || 'Asana User',
email: profile.email || `${profile.gid}@asana.user`,
image: profile.photo?.image_128x128 || undefined,
@@ -2378,7 +2484,7 @@ export const auth = betterAuth({
const profile = await response.json()
return {
id: `${profile.id}-${crypto.randomUUID()}`,
id: `${profile.id.toString()}-${crypto.randomUUID()}`,
name:
`${profile.first_name || ''} ${profile.last_name || ''}`.trim() || 'Zoom User',
email: profile.email || `${profile.id}@zoom.user`,
@@ -2445,7 +2551,7 @@ export const auth = betterAuth({
const profile = await response.json()
return {
id: `${profile.id}-${crypto.randomUUID()}`,
id: `${profile.id.toString()}-${crypto.randomUUID()}`,
name: profile.display_name || 'Spotify User',
email: profile.email || `${profile.id}@spotify.user`,
emailVerified: true,

231
apps/sim/lib/auth/credential-access.ts
View File

@@ -1,6 +1,6 @@
import { db } from '@sim/db'
import { account, workflow as workflowTable } from '@sim/db/schema'
import { eq } from 'drizzle-orm'
import { account, credential, credentialMember, workflow as workflowTable } from '@sim/db/schema'
import { and, eq } from 'drizzle-orm'
import type { NextRequest } from 'next/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
@@ -12,17 +12,14 @@ export interface CredentialAccessResult {
requesterUserId?: string
credentialOwnerUserId?: string
workspaceId?: string
resolvedCredentialId?: string
}
/**
* Centralizes auth + collaboration rules for credential use.
* - Uses checkSessionOrInternalAuth to authenticate the caller
* - Fetches credential owner
* - Authorization rules:
* - session: allow if requester owns the credential; otherwise require workflowId and
* verify BOTH requester and owner have access to the workflow's workspace
* - internal_jwt: require workflowId (by default) and verify credential owner has access to the
* workflow's workspace (requester identity is the system/workflow)
* Centralizes auth + credential membership checks for OAuth usage.
* - Workspace-scoped credential IDs enforce active credential_member access.
* - Legacy account IDs are resolved to workspace-scoped credentials when workflowId is provided.
* - Direct legacy account-ID access without workflowId is restricted to account owners only.
*/
export async function authorizeCredentialUse(
request: NextRequest,
@@ -37,71 +34,173 @@ export async function authorizeCredentialUse(
return { ok: false, error: auth.error || 'Authentication required' }
}
// Lookup credential owner
const [credRow] = await db
const [workflowContext] = workflowId
? await db
.select({ workspaceId: workflowTable.workspaceId })
.from(workflowTable)
.where(eq(workflowTable.id, workflowId))
.limit(1)
: [null]
if (workflowId && (!workflowContext || !workflowContext.workspaceId)) {
return { ok: false, error: 'Workflow not found' }
}
const [platformCredential] = await db
.select({
id: credential.id,
workspaceId: credential.workspaceId,
type: credential.type,
accountId: credential.accountId,
})
.from(credential)
.where(eq(credential.id, credentialId))
.limit(1)
if (platformCredential) {
if (platformCredential.type !== 'oauth' || !platformCredential.accountId) {
return { ok: false, error: 'Unsupported credential type for OAuth access' }
}
if (workflowContext && workflowContext.workspaceId !== platformCredential.workspaceId) {
return { ok: false, error: 'Credential is not accessible from this workflow workspace' }
}
const [accountRow] = await db
.select({ userId: account.userId })
.from(account)
.where(eq(account.id, platformCredential.accountId))
.limit(1)
if (!accountRow) {
return { ok: false, error: 'Credential account not found' }
}
const requesterPerm =
auth.authType === 'internal_jwt'
? null
: await getUserEntityPermissions(auth.userId, 'workspace', platformCredential.workspaceId)
if (auth.authType !== 'internal_jwt') {
const [membership] = await db
.select({ id: credentialMember.id })
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, platformCredential.id),
eq(credentialMember.userId, auth.userId),
eq(credentialMember.status, 'active')
)
)
.limit(1)
if (!membership || requesterPerm === null) {
return { ok: false, error: 'Unauthorized' }
}
}
const ownerPerm = await getUserEntityPermissions(
accountRow.userId,
'workspace',
platformCredential.workspaceId
)
if (ownerPerm === null) {
return { ok: false, error: 'Unauthorized' }
}
return {
ok: true,
authType: auth.authType as CredentialAccessResult['authType'],
requesterUserId: auth.userId,
credentialOwnerUserId: accountRow.userId,
workspaceId: platformCredential.workspaceId,
resolvedCredentialId: platformCredential.accountId,
}
}
if (workflowContext?.workspaceId) {
const [workspaceCredential] = await db
.select({
id: credential.id,
workspaceId: credential.workspaceId,
accountId: credential.accountId,
})
.from(credential)
.where(
and(
eq(credential.type, 'oauth'),
eq(credential.workspaceId, workflowContext.workspaceId),
eq(credential.accountId, credentialId)
)
)
.limit(1)
if (!workspaceCredential?.accountId) {
return { ok: false, error: 'Credential not found' }
}
const [accountRow] = await db
.select({ userId: account.userId })
.from(account)
.where(eq(account.id, workspaceCredential.accountId))
.limit(1)
if (!accountRow) {
return { ok: false, error: 'Credential account not found' }
}
if (auth.authType !== 'internal_jwt') {
const [membership] = await db
.select({ id: credentialMember.id })
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, workspaceCredential.id),
eq(credentialMember.userId, auth.userId),
eq(credentialMember.status, 'active')
)
)
.limit(1)
if (!membership) {
return { ok: false, error: 'Unauthorized' }
}
}
const ownerPerm = await getUserEntityPermissions(
accountRow.userId,
'workspace',
workflowContext.workspaceId
)
if (ownerPerm === null) {
return { ok: false, error: 'Unauthorized' }
}
return {
ok: true,
authType: auth.authType as CredentialAccessResult['authType'],
requesterUserId: auth.userId,
credentialOwnerUserId: accountRow.userId,
workspaceId: workflowContext.workspaceId,
resolvedCredentialId: workspaceCredential.accountId,
}
}
const [legacyAccount] = await db
.select({ userId: account.userId })
.from(account)
.where(eq(account.id, credentialId))
.limit(1)
if (!credRow) {
if (!legacyAccount) {
return { ok: false, error: 'Credential not found' }
}
const credentialOwnerUserId = credRow.userId
// If requester owns the credential, allow immediately
if (auth.authType !== 'internal_jwt' && auth.userId === credentialOwnerUserId) {
return {
ok: true,
authType: auth.authType as CredentialAccessResult['authType'],
requesterUserId: auth.userId,
credentialOwnerUserId,
}
}
// For collaboration paths, workflowId is required to scope to a workspace
if (!workflowId) {
if (auth.authType === 'internal_jwt') {
return { ok: false, error: 'workflowId is required' }
}
const [wf] = await db
.select({ workspaceId: workflowTable.workspaceId })
.from(workflowTable)
.where(eq(workflowTable.id, workflowId))
.limit(1)
if (!wf || !wf.workspaceId) {
return { ok: false, error: 'Workflow not found' }
}
if (auth.authType === 'internal_jwt') {
// Internal calls: verify credential owner belongs to the workflow's workspace
const ownerPerm = await getUserEntityPermissions(
credentialOwnerUserId,
'workspace',
wf.workspaceId
)
if (ownerPerm === null) {
return { ok: false, error: 'Unauthorized' }
}
return {
ok: true,
authType: auth.authType as CredentialAccessResult['authType'],
requesterUserId: auth.userId,
credentialOwnerUserId,
workspaceId: wf.workspaceId,
}
}
// Session: verify BOTH requester and owner belong to the workflow's workspace
const requesterPerm = await getUserEntityPermissions(auth.userId, 'workspace', wf.workspaceId)
const ownerPerm = await getUserEntityPermissions(
credentialOwnerUserId,
'workspace',
wf.workspaceId
)
if (requesterPerm === null || ownerPerm === null) {
if (auth.userId !== legacyAccount.userId) {
return { ok: false, error: 'Unauthorized' }
}
@@ -109,7 +208,7 @@ export async function authorizeCredentialUse(
ok: true,
authType: auth.authType as CredentialAccessResult['authType'],
requesterUserId: auth.userId,
credentialOwnerUserId,
workspaceId: wf.workspaceId,
credentialOwnerUserId: legacyAccount.userId,
resolvedCredentialId: credentialId,
}
}

12
apps/sim/lib/copilot/chat-payload.ts
View File

@@ -20,8 +20,6 @@ export interface BuildPayloadParams {
fileAttachments?: Array<{ id: string; key: string; size: number; [key: string]: unknown }>
commands?: string[]
chatId?: string
conversationId?: string
prefetch?: boolean
implicitFeedback?: string
}
@@ -66,10 +64,6 @@ export async function buildCopilotRequestPayload(
fileAttachments,
commands,
chatId,
conversationId,
prefetch,
conversationHistory,
implicitFeedback,
} = params
const selectedModel = options.selectedModel
@@ -160,12 +154,6 @@ export async function buildCopilotRequestPayload(
version: SIM_AGENT_VERSION,
...(contexts && contexts.length > 0 ? { context: contexts } : {}),
...(chatId ? { chatId } : {}),
...(conversationId ? { conversationId } : {}),
...(Array.isArray(conversationHistory) && conversationHistory.length > 0
? { conversationHistory }
: {}),
...(typeof prefetch === 'boolean' ? { prefetch } : {}),
...(implicitFeedback ? { implicitFeedback } : {}),
...(processedFileContents.length > 0 ? { fileAttachments: processedFileContents } : {}),
...(integrationTools.length > 0 ? { integrationTools } : {}),
...(credentials ? { credentials } : {}),

259
apps/sim/lib/copilot/orchestrator/tool-executor/index.ts
View File

@@ -1,7 +1,7 @@
import { db } from '@sim/db'
import { customTools, workflow } from '@sim/db/schema'
import { workflow } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { and, desc, eq, isNull, or } from 'drizzle-orm'
import { eq } from 'drizzle-orm'
import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
import type {
ExecutionContext,
@@ -12,7 +12,6 @@ import { routeExecution } from '@/lib/copilot/tools/server/router'
import { env } from '@/lib/core/config/env'
import { getBaseUrl } from '@/lib/core/utils/urls'
import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
import { upsertCustomTools } from '@/lib/workflows/custom-tools/operations'
import { getTool, resolveToolId } from '@/tools/utils'
import {
executeCheckDeploymentStatus,
@@ -77,247 +76,6 @@ import {
const logger = createLogger('CopilotToolExecutor')
type ManageCustomToolOperation = 'add' | 'edit' | 'delete' | 'list'
interface ManageCustomToolSchema {
type: 'function'
function: {
name: string
description?: string
parameters: Record<string, unknown>
}
}
interface ManageCustomToolParams {
operation?: string
toolId?: string
schema?: ManageCustomToolSchema
code?: string
title?: string
workspaceId?: string
}
async function executeManageCustomTool(
rawParams: Record<string, unknown>,
context: ExecutionContext
): Promise<ToolCallResult> {
const params = rawParams as ManageCustomToolParams
const operation = String(params.operation || '').toLowerCase() as ManageCustomToolOperation
const workspaceId = params.workspaceId || context.workspaceId
if (!operation) {
return { success: false, error: "Missing required 'operation' argument" }
}
try {
if (operation === 'list') {
const toolsForUser = workspaceId
? await db
.select()
.from(customTools)
.where(
or(
eq(customTools.workspaceId, workspaceId),
and(isNull(customTools.workspaceId), eq(customTools.userId, context.userId))
)
)
.orderBy(desc(customTools.createdAt))
: await db
.select()
.from(customTools)
.where(and(isNull(customTools.workspaceId), eq(customTools.userId, context.userId)))
.orderBy(desc(customTools.createdAt))
return {
success: true,
output: {
success: true,
operation,
tools: toolsForUser,
count: toolsForUser.length,
},
}
}
if (operation === 'add') {
if (!workspaceId) {
return {
success: false,
error: "workspaceId is required for operation 'add'",
}
}
if (!params.schema || !params.code) {
return {
success: false,
error: "Both 'schema' and 'code' are required for operation 'add'",
}
}
const title = params.title || params.schema.function?.name
if (!title) {
return { success: false, error: "Missing tool title or schema.function.name for 'add'" }
}
const resultTools = await upsertCustomTools({
tools: [
{
title,
schema: params.schema,
code: params.code,
},
],
workspaceId,
userId: context.userId,
})
const created = resultTools.find((tool) => tool.title === title)
return {
success: true,
output: {
success: true,
operation,
toolId: created?.id,
title,
message: `Created custom tool "${title}"`,
},
}
}
if (operation === 'edit') {
if (!workspaceId) {
return {
success: false,
error: "workspaceId is required for operation 'edit'",
}
}
if (!params.toolId) {
return { success: false, error: "'toolId' is required for operation 'edit'" }
}
if (!params.schema && !params.code) {
return {
success: false,
error: "At least one of 'schema' or 'code' is required for operation 'edit'",
}
}
const workspaceTool = await db
.select()
.from(customTools)
.where(and(eq(customTools.id, params.toolId), eq(customTools.workspaceId, workspaceId)))
.limit(1)
const legacyTool =
workspaceTool.length === 0
? await db
.select()
.from(customTools)
.where(
and(
eq(customTools.id, params.toolId),
isNull(customTools.workspaceId),
eq(customTools.userId, context.userId)
)
)
.limit(1)
: []
const existing = workspaceTool[0] || legacyTool[0]
if (!existing) {
return { success: false, error: `Custom tool not found: ${params.toolId}` }
}
const mergedSchema = params.schema || (existing.schema as ManageCustomToolSchema)
const mergedCode = params.code || existing.code
const title = params.title || mergedSchema.function?.name || existing.title
await upsertCustomTools({
tools: [
{
id: params.toolId,
title,
schema: mergedSchema,
code: mergedCode,
},
],
workspaceId,
userId: context.userId,
})
return {
success: true,
output: {
success: true,
operation,
toolId: params.toolId,
title,
message: `Updated custom tool "${title}"`,
},
}
}
if (operation === 'delete') {
if (!params.toolId) {
return { success: false, error: "'toolId' is required for operation 'delete'" }
}
const workspaceDelete =
workspaceId != null
? await db
.delete(customTools)
.where(
and(eq(customTools.id, params.toolId), eq(customTools.workspaceId, workspaceId))
)
.returning({ id: customTools.id })
: []
const legacyDelete =
workspaceDelete.length === 0
? await db
.delete(customTools)
.where(
and(
eq(customTools.id, params.toolId),
isNull(customTools.workspaceId),
eq(customTools.userId, context.userId)
)
)
.returning({ id: customTools.id })
: []
const deleted = workspaceDelete[0] || legacyDelete[0]
if (!deleted) {
return { success: false, error: `Custom tool not found: ${params.toolId}` }
}
return {
success: true,
output: {
success: true,
operation,
toolId: params.toolId,
message: 'Deleted custom tool',
},
}
}
return {
success: false,
error: `Unsupported operation for manage_custom_tool: ${operation}`,
}
} catch (error) {
logger.error('manage_custom_tool execution failed', {
operation,
workspaceId,
userId: context.userId,
error: error instanceof Error ? error.message : String(error),
})
return {
success: false,
error: error instanceof Error ? error.message : 'Failed to manage custom tool',
}
}
}
const SERVER_TOOLS = new Set<string>([
'get_blocks_and_tools',
'get_blocks_metadata',
@@ -403,19 +161,6 @@ const SIM_WORKFLOW_TOOL_HANDLERS: Record<
}
}
},
oauth_request_access: async (p, _c) => {
const providerName = (p.providerName || p.provider_name || 'the provider') as string
return {
success: true,
output: {
success: true,
status: 'requested',
providerName,
message: `Requested ${providerName} OAuth connection. The user should complete the OAuth modal in the UI, then retry credential-dependent actions.`,
},
}
},
manage_custom_tool: (p, c) => executeManageCustomTool(p, c),
}
/**

62
apps/sim/lib/credentials/access.ts Normal file
View File

@@ -0,0 +1,62 @@
import { db } from '@sim/db'
import { credential, credentialMember } from '@sim/db/schema'
import { and, eq } from 'drizzle-orm'
import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
type ActiveCredentialMember = typeof credentialMember.$inferSelect
type CredentialRecord = typeof credential.$inferSelect
export interface CredentialActorContext {
credential: CredentialRecord | null
member: ActiveCredentialMember | null
hasWorkspaceAccess: boolean
canWriteWorkspace: boolean
isAdmin: boolean
}
/**
* Resolves user access context for a credential.
*/
export async function getCredentialActorContext(
credentialId: string,
userId: string
): Promise<CredentialActorContext> {
const [credentialRow] = await db
.select()
.from(credential)
.where(eq(credential.id, credentialId))
.limit(1)
if (!credentialRow) {
return {
credential: null,
member: null,
hasWorkspaceAccess: false,
canWriteWorkspace: false,
isAdmin: false,
}
}
const workspaceAccess = await checkWorkspaceAccess(credentialRow.workspaceId, userId)
const [memberRow] = await db
.select()
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
eq(credentialMember.userId, userId),
eq(credentialMember.status, 'active')
)
)
.limit(1)
const isAdmin = memberRow?.role === 'admin'
return {
credential: credentialRow,
member: memberRow ?? null,
hasWorkspaceAccess: workspaceAccess.hasAccess,
canWriteWorkspace: workspaceAccess.canWrite,
isAdmin,
}
}

77
apps/sim/lib/credentials/client-state.ts Normal file
View File

@@ -0,0 +1,77 @@
'use client'
export const PENDING_OAUTH_CREDENTIAL_DRAFT_KEY = 'sim.pending-oauth-credential-draft'
export const PENDING_CREDENTIAL_CREATE_REQUEST_KEY = 'sim.pending-credential-create-request'
export interface PendingOAuthCredentialDraft {
workspaceId: string
providerId: string
displayName: string
existingCredentialIds: string[]
existingAccountIds: string[]
requestedAt: number
}
interface PendingOAuthCredentialCreateRequest {
workspaceId: string
type: 'oauth'
providerId: string
displayName: string
serviceId: string
requiredScopes: string[]
requestedAt: number
}
interface PendingSecretCredentialCreateRequest {
workspaceId: string
type: 'env_personal' | 'env_workspace'
envKey?: string
requestedAt: number
}
export type PendingCredentialCreateRequest =
| PendingOAuthCredentialCreateRequest
| PendingSecretCredentialCreateRequest
function parseJson<T>(raw: string | null): T | null {
if (!raw) return null
try {
return JSON.parse(raw) as T
} catch {
return null
}
}
export function readPendingOAuthCredentialDraft(): PendingOAuthCredentialDraft | null {
if (typeof window === 'undefined') return null
return parseJson<PendingOAuthCredentialDraft>(
window.sessionStorage.getItem(PENDING_OAUTH_CREDENTIAL_DRAFT_KEY)
)
}
export function writePendingOAuthCredentialDraft(payload: PendingOAuthCredentialDraft) {
if (typeof window === 'undefined') return
window.sessionStorage.setItem(PENDING_OAUTH_CREDENTIAL_DRAFT_KEY, JSON.stringify(payload))
}
export function clearPendingOAuthCredentialDraft() {
if (typeof window === 'undefined') return
window.sessionStorage.removeItem(PENDING_OAUTH_CREDENTIAL_DRAFT_KEY)
}
export function readPendingCredentialCreateRequest(): PendingCredentialCreateRequest | null {
if (typeof window === 'undefined') return null
return parseJson<PendingCredentialCreateRequest>(
window.sessionStorage.getItem(PENDING_CREDENTIAL_CREATE_REQUEST_KEY)
)
}
export function writePendingCredentialCreateRequest(payload: PendingCredentialCreateRequest) {
if (typeof window === 'undefined') return
window.sessionStorage.setItem(PENDING_CREDENTIAL_CREATE_REQUEST_KEY, JSON.stringify(payload))
}
export function clearPendingCredentialCreateRequest() {
if (typeof window === 'undefined') return
window.sessionStorage.removeItem(PENDING_CREDENTIAL_CREATE_REQUEST_KEY)
}

356
apps/sim/lib/credentials/environment.ts Normal file
View File

@@ -0,0 +1,356 @@
import { db } from '@sim/db'
import { credential, credentialMember, permissions, workspace } from '@sim/db/schema'
import { and, eq, inArray, notInArray } from 'drizzle-orm'
interface AccessibleEnvCredential {
type: 'env_workspace' | 'env_personal'
envKey: string
envOwnerUserId: string | null
updatedAt: Date
}
function getPostgresErrorCode(error: unknown): string | undefined {
if (!error || typeof error !== 'object') return undefined
const err = error as { code?: string; cause?: { code?: string } }
return err.code || err.cause?.code
}
export async function getWorkspaceMemberUserIds(workspaceId: string): Promise<string[]> {
const [workspaceRows, permissionRows] = await Promise.all([
db
.select({ ownerId: workspace.ownerId })
.from(workspace)
.where(eq(workspace.id, workspaceId))
.limit(1),
db
.select({ userId: permissions.userId })
.from(permissions)
.where(and(eq(permissions.entityType, 'workspace'), eq(permissions.entityId, workspaceId))),
])
const workspaceRow = workspaceRows[0]
const memberIds = new Set<string>(permissionRows.map((row) => row.userId))
if (workspaceRow?.ownerId) {
memberIds.add(workspaceRow.ownerId)
}
return Array.from(memberIds)
}
export async function getUserWorkspaceIds(userId: string): Promise<string[]> {
const [permissionRows, ownedWorkspaceRows] = await Promise.all([
db
.select({ workspaceId: workspace.id })
.from(permissions)
.innerJoin(
workspace,
and(eq(permissions.entityType, 'workspace'), eq(permissions.entityId, workspace.id))
)
.where(eq(permissions.userId, userId)),
db.select({ workspaceId: workspace.id }).from(workspace).where(eq(workspace.ownerId, userId)),
])
const workspaceIds = new Set<string>(permissionRows.map((row) => row.workspaceId))
for (const row of ownedWorkspaceRows) {
workspaceIds.add(row.workspaceId)
}
return Array.from(workspaceIds)
}
async function upsertCredentialAdminMember(credentialId: string, adminUserId: string) {
const now = new Date()
const [existingMembership] = await db
.select({ id: credentialMember.id, joinedAt: credentialMember.joinedAt })
.from(credentialMember)
.where(
and(eq(credentialMember.credentialId, credentialId), eq(credentialMember.userId, adminUserId))
)
.limit(1)
if (existingMembership) {
await db
.update(credentialMember)
.set({
role: 'admin',
status: 'active',
joinedAt: existingMembership.joinedAt ?? now,
invitedBy: adminUserId,
updatedAt: now,
})
.where(eq(credentialMember.id, existingMembership.id))
return
}
await db.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId: adminUserId,
role: 'admin',
status: 'active',
joinedAt: now,
invitedBy: adminUserId,
createdAt: now,
updatedAt: now,
})
}
async function ensureWorkspaceCredentialMemberships(
credentialId: string,
workspaceId: string,
ownerUserId: string
) {
const workspaceMemberUserIds = await getWorkspaceMemberUserIds(workspaceId)
if (!workspaceMemberUserIds.length) return
const existingMemberships = await db
.select({
id: credentialMember.id,
userId: credentialMember.userId,
joinedAt: credentialMember.joinedAt,
})
.from(credentialMember)
.where(
and(
eq(credentialMember.credentialId, credentialId),
inArray(credentialMember.userId, workspaceMemberUserIds)
)
)
const byUserId = new Map(existingMemberships.map((row) => [row.userId, row]))
const now = new Date()
for (const memberUserId of workspaceMemberUserIds) {
const targetRole = memberUserId === ownerUserId ? 'admin' : 'member'
const existing = byUserId.get(memberUserId)
if (existing) {
await db
.update(credentialMember)
.set({
role: targetRole,
status: 'active',
joinedAt: existing.joinedAt ?? now,
invitedBy: ownerUserId,
updatedAt: now,
})
.where(eq(credentialMember.id, existing.id))
continue
}
await db.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId: memberUserId,
role: targetRole,
status: 'active',
joinedAt: now,
invitedBy: ownerUserId,
createdAt: now,
updatedAt: now,
})
}
}
export async function syncWorkspaceEnvCredentials(params: {
workspaceId: string
envKeys: string[]
actingUserId: string
}) {
const { workspaceId, envKeys, actingUserId } = params
const [workspaceRow] = await db
.select({ ownerId: workspace.ownerId })
.from(workspace)
.where(eq(workspace.id, workspaceId))
.limit(1)
if (!workspaceRow) return
const normalizedKeys = Array.from(new Set(envKeys.filter(Boolean)))
const existingCredentials = await db
.select({
id: credential.id,
envKey: credential.envKey,
})
.from(credential)
.where(and(eq(credential.workspaceId, workspaceId), eq(credential.type, 'env_workspace')))
const existingByKey = new Map(
existingCredentials
.filter((row): row is { id: string; envKey: string } => Boolean(row.envKey))
.map((row) => [row.envKey, row.id])
)
const credentialIdsToEnsureMembership = new Set<string>()
const now = new Date()
for (const envKey of normalizedKeys) {
const existingId = existingByKey.get(envKey)
if (existingId) {
credentialIdsToEnsureMembership.add(existingId)
continue
}
const createdId = crypto.randomUUID()
try {
await db.insert(credential).values({
id: createdId,
workspaceId,
type: 'env_workspace',
displayName: envKey,
envKey,
createdBy: actingUserId,
createdAt: now,
updatedAt: now,
})
credentialIdsToEnsureMembership.add(createdId)
} catch (error: unknown) {
const code = getPostgresErrorCode(error)
if (code !== '23505') throw error
}
}
for (const credentialId of credentialIdsToEnsureMembership) {
await ensureWorkspaceCredentialMemberships(credentialId, workspaceId, workspaceRow.ownerId)
}
if (normalizedKeys.length > 0) {
await db
.delete(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_workspace'),
notInArray(credential.envKey, normalizedKeys)
)
)
return
}
await db
.delete(credential)
.where(and(eq(credential.workspaceId, workspaceId), eq(credential.type, 'env_workspace')))
}
export async function syncPersonalEnvCredentialsForUser(params: {
userId: string
envKeys: string[]
}) {
const { userId, envKeys } = params
const workspaceIds = await getUserWorkspaceIds(userId)
if (!workspaceIds.length) return
const normalizedKeys = Array.from(new Set(envKeys.filter(Boolean)))
const now = new Date()
for (const workspaceId of workspaceIds) {
const existingCredentials = await db
.select({
id: credential.id,
envKey: credential.envKey,
})
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_personal'),
eq(credential.envOwnerUserId, userId)
)
)
const existingByKey = new Map(
existingCredentials
.filter((row): row is { id: string; envKey: string } => Boolean(row.envKey))
.map((row) => [row.envKey, row.id])
)
for (const envKey of normalizedKeys) {
const existingId = existingByKey.get(envKey)
if (existingId) {
await upsertCredentialAdminMember(existingId, userId)
continue
}
const createdId = crypto.randomUUID()
try {
await db.insert(credential).values({
id: createdId,
workspaceId,
type: 'env_personal',
displayName: envKey,
envKey,
envOwnerUserId: userId,
createdBy: userId,
createdAt: now,
updatedAt: now,
})
await upsertCredentialAdminMember(createdId, userId)
} catch (error: unknown) {
const code = getPostgresErrorCode(error)
if (code !== '23505') throw error
}
}
if (normalizedKeys.length > 0) {
await db
.delete(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_personal'),
eq(credential.envOwnerUserId, userId),
notInArray(credential.envKey, normalizedKeys)
)
)
continue
}
await db
.delete(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'env_personal'),
eq(credential.envOwnerUserId, userId)
)
)
}
}
export async function getAccessibleEnvCredentials(
workspaceId: string,
userId: string
): Promise<AccessibleEnvCredential[]> {
const rows = await db
.select({
type: credential.type,
envKey: credential.envKey,
envOwnerUserId: credential.envOwnerUserId,
updatedAt: credential.updatedAt,
})
.from(credential)
.innerJoin(
credentialMember,
and(
eq(credentialMember.credentialId, credential.id),
eq(credentialMember.userId, userId),
eq(credentialMember.status, 'active')
)
)
.where(
and(
eq(credential.workspaceId, workspaceId),
inArray(credential.type, ['env_workspace', 'env_personal'])
)
)
return rows
.filter(
(row): row is AccessibleEnvCredential =>
(row.type === 'env_workspace' || row.type === 'env_personal') && Boolean(row.envKey)
)
.map((row) => ({
type: row.type,
envKey: row.envKey!,
envOwnerUserId: row.envOwnerUserId,
updatedAt: row.updatedAt,
}))
}

195
apps/sim/lib/credentials/oauth.ts Normal file
View File

@@ -0,0 +1,195 @@
import { db } from '@sim/db'
import { account, credential, credentialMember } from '@sim/db/schema'
import { and, eq, inArray } from 'drizzle-orm'
import { getServiceConfigByProviderId } from '@/lib/oauth'
interface SyncWorkspaceOAuthCredentialsForUserParams {
workspaceId: string
userId: string
}
interface SyncWorkspaceOAuthCredentialsForUserResult {
createdCredentials: number
updatedMemberships: number
}
function getPostgresErrorCode(error: unknown): string | undefined {
if (!error || typeof error !== 'object') return undefined
const err = error as { code?: string; cause?: { code?: string } }
return err.code || err.cause?.code
}
/**
* Ensures connected OAuth accounts for a user exist as workspace-scoped credentials.
*/
export async function syncWorkspaceOAuthCredentialsForUser(
params: SyncWorkspaceOAuthCredentialsForUserParams
): Promise<SyncWorkspaceOAuthCredentialsForUserResult> {
const { workspaceId, userId } = params
const userAccounts = await db
.select({
id: account.id,
providerId: account.providerId,
accountId: account.accountId,
})
.from(account)
.where(eq(account.userId, userId))
if (userAccounts.length === 0) {
return { createdCredentials: 0, updatedMemberships: 0 }
}
const accountIds = userAccounts.map((row) => row.id)
const existingCredentials = await db
.select({
id: credential.id,
displayName: credential.displayName,
providerId: credential.providerId,
accountId: credential.accountId,
})
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'oauth'),
inArray(credential.accountId, accountIds)
)
)
const now = new Date()
const userAccountById = new Map(userAccounts.map((row) => [row.id, row]))
for (const existingCredential of existingCredentials) {
if (!existingCredential.accountId) continue
const linkedAccount = userAccountById.get(existingCredential.accountId)
if (!linkedAccount) continue
const normalizedLabel =
getServiceConfigByProviderId(linkedAccount.providerId)?.name || linkedAccount.providerId
const shouldNormalizeDisplayName =
existingCredential.displayName === linkedAccount.accountId ||
existingCredential.displayName === linkedAccount.providerId
if (!shouldNormalizeDisplayName || existingCredential.displayName === normalizedLabel) {
continue
}
await db
.update(credential)
.set({
displayName: normalizedLabel,
updatedAt: now,
})
.where(eq(credential.id, existingCredential.id))
}
const existingByAccountId = new Map(
existingCredentials
.filter((row) => Boolean(row.accountId))
.map((row) => [row.accountId!, row.id])
)
let createdCredentials = 0
for (const acc of userAccounts) {
if (existingByAccountId.has(acc.id)) {
continue
}
try {
await db.insert(credential).values({
id: crypto.randomUUID(),
workspaceId,
type: 'oauth',
displayName: getServiceConfigByProviderId(acc.providerId)?.name || acc.providerId,
providerId: acc.providerId,
accountId: acc.id,
createdBy: userId,
createdAt: now,
updatedAt: now,
})
createdCredentials += 1
} catch (error) {
if (getPostgresErrorCode(error) !== '23505') {
throw error
}
}
}
const credentialRows = await db
.select({ id: credential.id, accountId: credential.accountId })
.from(credential)
.where(
and(
eq(credential.workspaceId, workspaceId),
eq(credential.type, 'oauth'),
inArray(credential.accountId, accountIds)
)
)
const credentialIdByAccountId = new Map(
credentialRows.filter((row) => Boolean(row.accountId)).map((row) => [row.accountId!, row.id])
)
const allCredentialIds = Array.from(credentialIdByAccountId.values())
if (allCredentialIds.length === 0) {
return { createdCredentials, updatedMemberships: 0 }
}
const existingMemberships = await db
.select({
id: credentialMember.id,
credentialId: credentialMember.credentialId,
joinedAt: credentialMember.joinedAt,
})
.from(credentialMember)
.where(
and(
inArray(credentialMember.credentialId, allCredentialIds),
eq(credentialMember.userId, userId)
)
)
const membershipByCredentialId = new Map(
existingMemberships.map((row) => [row.credentialId, row])
)
let updatedMemberships = 0
for (const credentialId of allCredentialIds) {
const existingMembership = membershipByCredentialId.get(credentialId)
if (existingMembership) {
await db
.update(credentialMember)
.set({
role: 'admin',
status: 'active',
joinedAt: existingMembership.joinedAt ?? now,
invitedBy: userId,
updatedAt: now,
})
.where(eq(credentialMember.id, existingMembership.id))
updatedMemberships += 1
continue
}
try {
await db.insert(credentialMember).values({
id: crypto.randomUUID(),
credentialId,
userId,
role: 'admin',
status: 'active',
joinedAt: now,
invitedBy: userId,
createdAt: now,
updatedAt: now,
})
updatedMemberships += 1
} catch (error) {
if (getPostgresErrorCode(error) !== '23505') {
throw error
}
}
}
return { createdCredentials, updatedMemberships }
}

68
apps/sim/lib/environment/utils.ts
View File

@@ -1,8 +1,9 @@
import { db } from '@sim/db'
import { environment, workspaceEnvironment } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { eq } from 'drizzle-orm'
import { eq, inArray } from 'drizzle-orm'
import { decryptSecret } from '@/lib/core/security/encryption'
import { getAccessibleEnvCredentials } from '@/lib/credentials/environment'
const logger = createLogger('EnvironmentUtils')
@@ -53,7 +54,7 @@ export async function getPersonalAndWorkspaceEnv(
conflicts: string[]
decryptionFailures: string[]
}> {
const [personalRows, workspaceRows] = await Promise.all([
const [personalRows, workspaceRows, accessibleEnvCredentials] = await Promise.all([
db.select().from(environment).where(eq(environment.userId, userId)).limit(1),
workspaceId
? db
@@ -62,10 +63,69 @@ export async function getPersonalAndWorkspaceEnv(
.where(eq(workspaceEnvironment.workspaceId, workspaceId))
.limit(1)
: Promise.resolve([] as any[]),
workspaceId ? getAccessibleEnvCredentials(workspaceId, userId) : Promise.resolve([]),
])
const personalEncrypted: Record<string, string> = (personalRows[0]?.variables as any) || {}
const workspaceEncrypted: Record<string, string> = (workspaceRows[0]?.variables as any) || {}
const ownPersonalEncrypted: Record<string, string> = (personalRows[0]?.variables as any) || {}
const allWorkspaceEncrypted: Record<string, string> = (workspaceRows[0]?.variables as any) || {}
const hasCredentialFiltering = Boolean(workspaceId) && accessibleEnvCredentials.length > 0
const workspaceCredentialKeys = new Set(
accessibleEnvCredentials.filter((row) => row.type === 'env_workspace').map((row) => row.envKey)
)
const personalCredentialRows = accessibleEnvCredentials
.filter((row) => row.type === 'env_personal' && row.envOwnerUserId)
.sort((a, b) => {
const aIsRequester = a.envOwnerUserId === userId
const bIsRequester = b.envOwnerUserId === userId
if (aIsRequester && !bIsRequester) return -1
if (!aIsRequester && bIsRequester) return 1
return b.updatedAt.getTime() - a.updatedAt.getTime()
})
const selectedPersonalOwners = new Map<string, string>()
for (const row of personalCredentialRows) {
if (!selectedPersonalOwners.has(row.envKey) && row.envOwnerUserId) {
selectedPersonalOwners.set(row.envKey, row.envOwnerUserId)
}
}
const ownerUserIds = Array.from(new Set(selectedPersonalOwners.values()))
const ownerEnvironmentRows =
ownerUserIds.length > 0
? await db
.select({
userId: environment.userId,
variables: environment.variables,
})
.from(environment)
.where(inArray(environment.userId, ownerUserIds))
: []
const ownerVariablesByUserId = new Map<string, Record<string, string>>(
ownerEnvironmentRows.map((row) => [row.userId, (row.variables as Record<string, string>) || {}])
)
let personalEncrypted: Record<string, string> = ownPersonalEncrypted
let workspaceEncrypted: Record<string, string> = allWorkspaceEncrypted
if (hasCredentialFiltering) {
personalEncrypted = {}
for (const [envKey, ownerUserId] of selectedPersonalOwners.entries()) {
const ownerVariables = ownerVariablesByUserId.get(ownerUserId)
const encryptedValue = ownerVariables?.[envKey]
if (encryptedValue) {
personalEncrypted[envKey] = encryptedValue
}
}
workspaceEncrypted = Object.fromEntries(
Object.entries(allWorkspaceEncrypted).filter(([envKey]) =>
workspaceCredentialKeys.has(envKey)
)
)
}
const decryptionFailures: string[] = []

24
apps/sim/lib/oauth/oauth.ts
View File

@@ -312,12 +312,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
'read:attachment:confluence',
'write:attachment:confluence',
'search:confluence',
'read:blogpost:confluence',
'write:blogpost:confluence',
'read:content.property:confluence',
'write:content.property:confluence',
'read:hierarchical-content:confluence',
'read:content.metadata:confluence',
'read:me',
'offline_access',
],
@@ -374,14 +368,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
'read:comment.property:jira',
'read:jql:jira',
'read:field:jira',
// Project management (components, versions)
'manage:jira-project',
// Jira Software / Agile scopes (no classic equivalent)
'read:board-scope:jira-software',
'write:board-scope:jira-software',
'read:sprint:jira-software',
'write:sprint:jira-software',
'delete:sprint:jira-software',
// Jira Service Management scopes
'read:servicedesk:jira-service-management',
'read:requesttype:jira-service-management',
@@ -411,16 +397,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
'write:request.participant:jira-service-management',
'read:request.approval:jira-service-management',
'write:request.approval:jira-service-management',
'read:request.feedback:jira-service-management',
'write:request.feedback:jira-service-management',
'delete:request.feedback:jira-service-management',
'read:request.notification:jira-service-management',
'write:request.notification:jira-service-management',
'delete:request.notification:jira-service-management',
'read:request.attachment:jira-service-management',
'read:knowledgebase:jira-service-management',
'delete:organization:jira-service-management',
'delete:servicedesk.customer:jira-service-management',
],
},
},

83
apps/sim/lib/webhooks/processor.ts
View File

@@ -27,11 +27,9 @@ import {
import { getWorkspaceBilledAccountUserId } from '@/lib/workspaces/utils'
import { executeWebhookJob } from '@/background/webhook-execution'
import { resolveEnvVarReferences } from '@/executor/utils/reference-validation'
import { isConfluenceEventMatch } from '@/triggers/confluence/utils'
import { isGitHubEventMatch } from '@/triggers/github/utils'
import { isHubSpotContactEventMatch } from '@/triggers/hubspot/utils'
import { isJiraEventMatch } from '@/triggers/jira/utils'
import { isJsmEventMatch } from '@/triggers/jsm/utils'
const logger = createLogger('WebhookProcessor')
@@ -683,7 +681,7 @@ export async function verifyProviderAuth(
}
}
if (foundWebhook.provider === 'jira' || foundWebhook.provider === 'jira_service_management') {
if (foundWebhook.provider === 'jira') {
const secret = providerConfig.secret as string | undefined
if (secret) {
@@ -708,31 +706,6 @@ export async function verifyProviderAuth(
}
}
if (foundWebhook.provider === 'confluence') {
const secret = providerConfig.secret as string | undefined
if (secret) {
const signature = request.headers.get('X-Hub-Signature')
if (!signature) {
logger.warn(`[${requestId}] Confluence webhook missing signature header`)
return new NextResponse('Unauthorized - Missing Confluence signature', { status: 401 })
}
const isValidSignature = validateJiraSignature(secret, signature, rawBody)
if (!isValidSignature) {
logger.warn(`[${requestId}] Confluence signature verification failed`, {
signatureLength: signature.length,
secretLength: secret.length,
})
return new NextResponse('Unauthorized - Invalid Confluence signature', { status: 401 })
}
logger.debug(`[${requestId}] Confluence signature verified successfully`)
}
}
if (foundWebhook.provider === 'github') {
const secret = providerConfig.secret as string | undefined
@@ -956,60 +929,6 @@ export async function queueWebhookExecution(
}
}
// JSM event filtering for event-specific triggers
if (foundWebhook.provider === 'jira_service_management') {
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const triggerId = providerConfig.triggerId as string | undefined
if (triggerId && triggerId !== 'jsm_webhook') {
const webhookEvent = body.webhookEvent as string | undefined
if (!isJsmEventMatch(triggerId, webhookEvent || '', body)) {
logger.debug(
`[${options.requestId}] JSM event mismatch for trigger ${triggerId}. Event: ${webhookEvent}. Skipping execution.`,
{
webhookId: foundWebhook.id,
workflowId: foundWorkflow.id,
triggerId,
receivedEvent: webhookEvent,
}
)
// Return 200 OK to prevent Jira from retrying
return NextResponse.json({
message: 'Event type does not match trigger configuration. Ignoring.',
})
}
}
}
// Confluence event filtering for event-specific triggers
if (foundWebhook.provider === 'confluence') {
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const triggerId = providerConfig.triggerId as string | undefined
if (triggerId && triggerId !== 'confluence_webhook') {
const event = body.event as string | undefined
if (!isConfluenceEventMatch(triggerId, event || '')) {
logger.debug(
`[${options.requestId}] Confluence event mismatch for trigger ${triggerId}. Event: ${event}. Skipping execution.`,
{
webhookId: foundWebhook.id,
workflowId: foundWorkflow.id,
triggerId,
receivedEvent: event,
}
)
// Return 200 OK to prevent Confluence from retrying
return NextResponse.json({
message: 'Event type does not match trigger configuration. Ignoring.',
})
}
}
}
if (foundWebhook.provider === 'hubspot') {
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const triggerId = providerConfig.triggerId as string | undefined

1
apps/sim/lib/webhooks/provider-utils.ts
View File

@@ -78,7 +78,6 @@ const PROVIDER_EXTRACTORS: Record<string, (body: any) => string | null> = {
hubspot: extractHubSpotIdentifier,
linear: extractLinearIdentifier,
jira: extractJiraIdentifier,
jira_service_management: extractJiraIdentifier,
'microsoft-teams': extractMicrosoftTeamsIdentifier,
airtable: extractAirtableIdentifier,
grain: extractGrainIdentifier,

374
apps/sim/lib/webhooks/utils.server.ts
View File

@@ -530,9 +530,6 @@ export async function validateTwilioSignature(
const SLACK_MAX_FILE_SIZE = 50 * 1024 * 1024 // 50 MB
const SLACK_MAX_FILES = 15
const JIRA_MAX_FILE_SIZE = 50 * 1024 * 1024 // 50 MB
const CONFLUENCE_MAX_FILE_SIZE = 50 * 1024 * 1024 // 50 MB
/**
* Resolves the full file object from the Slack API when the event payload
* only contains a partial file (e.g. missing url_private due to file_access restrictions).
@@ -682,169 +679,6 @@ async function downloadSlackFiles(
return downloaded
}
/**
* Downloads a Jira attachment file using Basic auth (email + API token).
* Returns the file data in the format expected by WebhookAttachmentProcessor.
*/
async function downloadJiraAttachment(
attachment: { content?: string; filename?: string; mimeType?: string; size?: number },
apiEmail: string,
apiToken: string
): Promise<{ name: string; data: string; mimeType: string; size: number } | null> {
const contentUrl = attachment.content
if (!contentUrl) {
logger.warn('Jira attachment has no content URL, skipping download')
return null
}
const reportedSize = Number(attachment.size) || 0
if (reportedSize > JIRA_MAX_FILE_SIZE) {
logger.warn('Jira attachment exceeds size limit, skipping', {
filename: attachment.filename,
size: reportedSize,
limit: JIRA_MAX_FILE_SIZE,
})
return null
}
try {
const urlValidation = await validateUrlWithDNS(contentUrl, 'attachment_content')
if (!urlValidation.isValid) {
logger.warn('Jira attachment URL failed DNS validation, skipping', {
filename: attachment.filename,
error: urlValidation.error,
})
return null
}
const authHeader = Buffer.from(`${apiEmail}:${apiToken}`).toString('base64')
const response = await secureFetchWithPinnedIP(contentUrl, urlValidation.resolvedIP!, {
headers: {
Authorization: `Basic ${authHeader}`,
Accept: '*/*',
},
})
if (!response.ok) {
logger.warn('Failed to download Jira attachment', {
filename: attachment.filename,
status: response.status,
})
return null
}
const arrayBuffer = await response.arrayBuffer()
const buffer = Buffer.from(arrayBuffer)
if (buffer.length > JIRA_MAX_FILE_SIZE) {
logger.warn('Downloaded Jira attachment exceeds size limit, skipping', {
filename: attachment.filename,
actualSize: buffer.length,
limit: JIRA_MAX_FILE_SIZE,
})
return null
}
return {
name: attachment.filename || 'attachment',
data: buffer.toString('base64'),
mimeType: attachment.mimeType || 'application/octet-stream',
size: buffer.length,
}
} catch (error) {
logger.error('Error downloading Jira attachment', {
filename: attachment.filename,
error: error instanceof Error ? error.message : String(error),
})
return null
}
}
/**
* Downloads a Confluence attachment file using Atlassian Basic Auth.
* Constructs the download URL from the domain and attachment download path.
*/
async function downloadConfluenceAttachment(
attachment: Record<string, any>,
domain: string,
apiEmail: string,
apiToken: string
): Promise<{ name: string; data: string; mimeType: string; size: number } | null> {
// Confluence webhook payload includes _links.download for the attachment
const downloadPath = attachment?._links?.download || attachment?._expandable?.download || null
const attachmentId = attachment?.id
if (!downloadPath && !attachmentId) {
logger.warn('Confluence attachment has no download path or ID, skipping download')
return null
}
const reportedSize = Number(attachment?.extensions?.fileSize || attachment?.fileSize || 0)
if (reportedSize > CONFLUENCE_MAX_FILE_SIZE) {
logger.warn('Confluence attachment exceeds size limit, skipping', {
title: attachment?.title,
size: reportedSize,
limit: CONFLUENCE_MAX_FILE_SIZE,
})
return null
}
// Build the download URL
const cleanDomain = domain.replace(/\/+$/, '')
const baseUrl = cleanDomain.startsWith('http') ? cleanDomain : `https://${cleanDomain}`
const downloadUrl = downloadPath
? `${baseUrl}/wiki${downloadPath}`
: `${baseUrl}/wiki/rest/api/content/${attachmentId}/download`
try {
const authHeader = Buffer.from(`${apiEmail}:${apiToken}`).toString('base64')
const response = await fetch(downloadUrl, {
headers: {
Authorization: `Basic ${authHeader}`,
Accept: '*/*',
'X-Atlassian-Token': 'no-check',
},
})
if (!response.ok) {
logger.warn('Failed to download Confluence attachment', {
title: attachment?.title,
status: response.status,
url: sanitizeUrlForLog(downloadUrl),
})
return null
}
const arrayBuffer = await response.arrayBuffer()
const buffer = Buffer.from(arrayBuffer)
if (buffer.length > CONFLUENCE_MAX_FILE_SIZE) {
logger.warn('Downloaded Confluence attachment exceeds size limit, skipping', {
title: attachment?.title,
actualSize: buffer.length,
limit: CONFLUENCE_MAX_FILE_SIZE,
})
return null
}
return {
name: attachment?.title || 'attachment',
data: buffer.toString('base64'),
mimeType:
attachment?.extensions?.mediaType || attachment?.mediaType || 'application/octet-stream',
size: buffer.length,
}
} catch (error) {
logger.error('Error downloading Confluence attachment', {
title: attachment?.title,
error: error instanceof Error ? error.message : String(error),
})
return null
}
}
/**
* Format webhook input based on provider
*/
@@ -1269,156 +1103,22 @@ export async function formatWebhookInput(
}
if (foundWebhook.provider === 'jira') {
const {
extractIssueData,
extractCommentData,
extractWorklogData,
extractAttachmentData,
extractSprintData,
extractProjectData,
extractVersionData,
extractBoardData,
extractIssueLinkData,
} = await import('@/triggers/jira/utils')
const { extractIssueData, extractCommentData, extractWorklogData } = await import(
'@/triggers/jira/utils'
)
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const triggerId = providerConfig.triggerId as string | undefined
if (
triggerId === 'jira_issue_commented' ||
triggerId === 'jira_comment_updated' ||
triggerId === 'jira_comment_deleted'
) {
if (triggerId === 'jira_issue_commented') {
return extractCommentData(body)
}
if (
triggerId === 'jira_worklog_created' ||
triggerId === 'jira_worklog_updated' ||
triggerId === 'jira_worklog_deleted'
) {
if (triggerId === 'jira_worklog_created') {
return extractWorklogData(body)
}
if (triggerId === 'jira_attachment_created' || triggerId === 'jira_attachment_deleted') {
const result = extractAttachmentData(body)
// Download the attachment file if configured
if (triggerId === 'jira_attachment_created') {
const apiEmail = providerConfig.apiEmail as string | undefined
const apiToken = providerConfig.apiToken as string | undefined
const includeAttachments = Boolean(providerConfig.includeAttachments)
if (includeAttachments && apiEmail && apiToken && result.attachment?.content) {
const downloaded = await downloadJiraAttachment(result.attachment, apiEmail, apiToken)
if (downloaded) {
result.attachments = [downloaded]
}
} else if (includeAttachments && (!apiEmail || !apiToken)) {
logger.warn(
'Jira attachment trigger has includeAttachments enabled but missing API credentials'
)
}
}
return result
}
if (triggerId?.startsWith('jira_sprint_')) {
return extractSprintData(body)
}
if (triggerId?.startsWith('jira_project_')) {
return extractProjectData(body)
}
if (triggerId?.startsWith('jira_version_')) {
return extractVersionData(body)
}
if (triggerId?.startsWith('jira_board_')) {
return extractBoardData(body)
}
if (triggerId?.startsWith('jira_issuelink_')) {
return extractIssueLinkData(body)
}
return extractIssueData(body)
}
if (foundWebhook.provider === 'jira_service_management') {
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const triggerId = providerConfig.triggerId as string | undefined
const includeFiles = Boolean(providerConfig.includeFiles)
const jiraEmail = providerConfig.jiraEmail as string | undefined
const jiraApiToken = providerConfig.jiraApiToken as string | undefined
const webhookEvent = body.webhookEvent || ''
// Base data common to all JSM events
const baseData: Record<string, any> = {
webhookEvent,
timestamp: body.timestamp,
issue: body.issue || {},
}
// Handle attachment events
if (
triggerId === 'jsm_attachment_created' ||
triggerId === 'jsm_attachment_deleted' ||
webhookEvent.includes('attachment')
) {
const attachment = body.attachment || {}
baseData.attachment = attachment
let files: Array<{ name: string; data: string; mimeType: string; size: number }> = []
if (
webhookEvent.includes('attachment_created') &&
includeFiles &&
jiraEmail &&
jiraApiToken &&
attachment.content
) {
const downloaded = await downloadJiraAttachment(attachment, jiraEmail, jiraApiToken)
if (downloaded) {
files = [downloaded]
}
} else if (
webhookEvent.includes('attachment_created') &&
includeFiles &&
(!jiraEmail || !jiraApiToken)
) {
logger.warn(
'JSM attachment trigger has includeFiles enabled but missing Jira API credentials'
)
}
baseData.files = files
return baseData
}
// Handle comment events
if (
triggerId === 'jsm_request_commented' ||
triggerId === 'jsm_comment_updated' ||
triggerId === 'jsm_comment_deleted' ||
webhookEvent.includes('comment')
) {
baseData.comment = body.comment || {}
return baseData
}
// Handle worklog events
if (
triggerId === 'jsm_worklog_created' ||
triggerId === 'jsm_worklog_updated' ||
triggerId === 'jsm_worklog_deleted' ||
webhookEvent.includes('worklog')
) {
baseData.worklog = body.worklog || {}
return baseData
}
// Default: request events (created/updated/deleted) and generic webhook
baseData.issue_event_type_name = body.issue_event_type_name
baseData.changelog = body.changelog
return baseData
}
if (foundWebhook.provider === 'stripe') {
return body
}
@@ -1467,70 +1167,6 @@ export async function formatWebhookInput(
}
}
if (foundWebhook.provider === 'confluence') {
const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
const event = body.event as string | undefined
const result: Record<string, unknown> = {
event: event || '',
timestamp: body.timestamp,
userAccountId: body.userAccountId || '',
}
if (body.page) {
result.page = body.page
}
if (body.comment) {
result.comment = body.comment
}
if (body.blog || body.blogpost) {
result.blog = body.blog || body.blogpost
}
if (body.attachment) {
result.attachment = body.attachment
}
if (body.space) {
result.space = body.space
}
if (body.label) {
result.label = body.label
}
if (body.content) {
result.content = body.content
}
// Download attachment file content when configured
const includeFileContent = Boolean(providerConfig.includeFileContent)
const confluenceEmail = providerConfig.confluenceEmail as string | undefined
const confluenceApiToken = providerConfig.confluenceApiToken as string | undefined
const confluenceDomain = providerConfig.confluenceDomain as string | undefined
if (body.attachment && includeFileContent) {
if (confluenceEmail && confluenceApiToken && confluenceDomain) {
const downloaded = await downloadConfluenceAttachment(
body.attachment,
confluenceDomain,
confluenceEmail,
confluenceApiToken
)
if (downloaded) {
result.files = [downloaded]
}
} else {
logger.warn(
'Confluence attachment trigger has includeFileContent enabled but missing credentials (email, API token, or domain)'
)
}
}
return result
}
return body
}

255
apps/sim/lib/workflows/comparison/compare.test.ts
View File

@@ -2364,261 +2364,6 @@ describe('hasWorkflowChanged', () => {
})
})
describe('Trigger Config Normalization (False Positive Prevention)', () => {
it.concurrent(
'should not detect change when deployed has null fields but current has values from triggerConfig',
() => {
// Core scenario: deployed state has null individual fields, current state has
// values populated from triggerConfig at runtime by populateTriggerFieldsFromConfig
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
botToken: { id: 'botToken', type: 'short-input', value: null },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123', botToken: 'token456' },
},
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123', botToken: 'token456' },
},
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
}
)
it.concurrent(
'should detect change when user edits a trigger field to a different value',
() => {
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'old-secret' },
},
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'new-secret' },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'old-secret' },
},
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(true)
}
)
it.concurrent('should not detect change when both sides have no triggerConfig', () => {
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
})
it.concurrent(
'should not detect change when deployed has empty fields and triggerConfig populates them',
() => {
// Empty string is also treated as "empty" by normalizeTriggerConfigValues
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: '' },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
}
)
it.concurrent('should not detect change when triggerId differs', () => {
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
model: { value: 'gpt-4' },
triggerId: { value: null },
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
model: { value: 'gpt-4' },
triggerId: { value: 'slack_webhook' },
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
})
it.concurrent(
'should not detect change for namespaced system subBlock IDs like samplePayload_slack_webhook',
() => {
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
model: { value: 'gpt-4' },
samplePayload_slack_webhook: { value: 'old payload' },
triggerInstructions_slack_webhook: { value: 'old instructions' },
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
model: { value: 'gpt-4' },
samplePayload_slack_webhook: { value: 'new payload' },
triggerInstructions_slack_webhook: { value: 'new instructions' },
},
}),
},
})
expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
}
)
it.concurrent(
'should handle mixed scenario: some fields from triggerConfig, some user-edited',
() => {
const deployedState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
botToken: { id: 'botToken', type: 'short-input', value: null },
includeFiles: { id: 'includeFiles', type: 'switch', value: false },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123', botToken: 'token456' },
},
},
}),
},
})
const currentState = createWorkflowState({
blocks: {
block1: createBlock('block1', {
type: 'starter',
subBlocks: {
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
includeFiles: { id: 'includeFiles', type: 'switch', value: true },
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123', botToken: 'token456' },
},
},
}),
},
})
// includeFiles changed from false to true — this IS a real change
expect(hasWorkflowChanged(currentState, deployedState)).toBe(true)
}
)
})
describe('Trigger Runtime Metadata (Should Not Trigger Change)', () => {
it.concurrent('should not detect change when webhookId differs', () => {
const deployedState = createWorkflowState({

11
apps/sim/lib/workflows/comparison/compare.ts
View File

@@ -9,7 +9,6 @@ import {
normalizeLoop,
normalizeParallel,
normalizeSubBlockValue,
normalizeTriggerConfigValues,
normalizeValue,
normalizeVariables,
sanitizeVariable,
@@ -173,18 +172,14 @@ export function generateWorkflowDiffSummary(
}
}
// Normalize trigger config values for both states before comparison
const normalizedCurrentSubs = normalizeTriggerConfigValues(currentSubBlocks)
const normalizedPreviousSubs = normalizeTriggerConfigValues(previousSubBlocks)
// Compare subBlocks using shared helper for filtering (single source of truth)
const allSubBlockIds = filterSubBlockIds([
...new Set([...Object.keys(normalizedCurrentSubs), ...Object.keys(normalizedPreviousSubs)]),
...new Set([...Object.keys(currentSubBlocks), ...Object.keys(previousSubBlocks)]),
])
for (const subId of allSubBlockIds) {
const currentSub = normalizedCurrentSubs[subId] as Record<string, unknown> | undefined
const previousSub = normalizedPreviousSubs[subId] as Record<string, unknown> | undefined
const currentSub = currentSubBlocks[subId] as Record<string, unknown> | undefined
const previousSub = previousSubBlocks[subId] as Record<string, unknown> | undefined
if (!currentSub || !previousSub) {
changes.push({

212
apps/sim/lib/workflows/comparison/normalize.test.ts
View File

@@ -4,12 +4,10 @@
import { describe, expect, it } from 'vitest'
import type { Loop, Parallel } from '@/stores/workflows/workflow/types'
import {
filterSubBlockIds,
normalizedStringify,
normalizeEdge,
normalizeLoop,
normalizeParallel,
normalizeTriggerConfigValues,
normalizeValue,
sanitizeInputFormat,
sanitizeTools,
@@ -586,214 +584,4 @@ describe('Workflow Normalization Utilities', () => {
expect(result2).toBe(result3)
})
})
describe('filterSubBlockIds', () => {
it.concurrent('should exclude exact SYSTEM_SUBBLOCK_IDS', () => {
const ids = ['signingSecret', 'samplePayload', 'triggerInstructions', 'botToken']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['botToken', 'signingSecret'])
})
it.concurrent('should exclude namespaced SYSTEM_SUBBLOCK_IDS (prefix matching)', () => {
const ids = [
'signingSecret',
'samplePayload_slack_webhook',
'triggerInstructions_slack_webhook',
'webhookUrlDisplay_slack_webhook',
'botToken',
]
const result = filterSubBlockIds(ids)
expect(result).toEqual(['botToken', 'signingSecret'])
})
it.concurrent('should exclude exact TRIGGER_RUNTIME_SUBBLOCK_IDS', () => {
const ids = ['webhookId', 'triggerPath', 'triggerConfig', 'triggerId', 'signingSecret']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['signingSecret'])
})
it.concurrent('should not exclude IDs that merely contain a system ID substring', () => {
const ids = ['mySamplePayload', 'notSamplePayload']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['mySamplePayload', 'notSamplePayload'])
})
it.concurrent('should return sorted results', () => {
const ids = ['zebra', 'alpha', 'middle']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['alpha', 'middle', 'zebra'])
})
it.concurrent('should handle empty array', () => {
expect(filterSubBlockIds([])).toEqual([])
})
it.concurrent('should handle all IDs being excluded', () => {
const ids = ['webhookId', 'triggerPath', 'samplePayload', 'triggerConfig']
const result = filterSubBlockIds(ids)
expect(result).toEqual([])
})
it.concurrent('should exclude setupScript and scheduleInfo namespaced variants', () => {
const ids = ['setupScript_google_sheets_row', 'scheduleInfo_cron_trigger', 'realField']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['realField'])
})
it.concurrent('should exclude triggerCredentials namespaced variants', () => {
const ids = ['triggerCredentials_slack_webhook', 'signingSecret']
const result = filterSubBlockIds(ids)
expect(result).toEqual(['signingSecret'])
})
})
describe('normalizeTriggerConfigValues', () => {
it.concurrent('should return subBlocks unchanged when no triggerConfig exists', () => {
const subBlocks = {
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect(result).toEqual(subBlocks)
})
it.concurrent('should return subBlocks unchanged when triggerConfig value is null', () => {
const subBlocks = {
triggerConfig: { id: 'triggerConfig', type: 'short-input', value: null },
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect(result).toEqual(subBlocks)
})
it.concurrent(
'should return subBlocks unchanged when triggerConfig value is not an object',
() => {
const subBlocks = {
triggerConfig: { id: 'triggerConfig', type: 'short-input', value: 'string-value' },
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect(result).toEqual(subBlocks)
}
)
it.concurrent('should populate null individual fields from triggerConfig', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123', botToken: 'token456' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
botToken: { id: 'botToken', type: 'short-input', value: null },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
expect((result.botToken as Record<string, unknown>).value).toBe('token456')
})
it.concurrent('should populate undefined individual fields from triggerConfig', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: undefined },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
})
it.concurrent('should populate empty string individual fields from triggerConfig', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: '' },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
})
it.concurrent('should NOT overwrite existing non-empty individual field values', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'old-secret' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: 'user-edited-secret' },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect((result.signingSecret as Record<string, unknown>).value).toBe('user-edited-secret')
})
it.concurrent('should skip triggerConfig fields that are null/undefined', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: null, botToken: undefined },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
botToken: { id: 'botToken', type: 'short-input', value: null },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect((result.signingSecret as Record<string, unknown>).value).toBe(null)
expect((result.botToken as Record<string, unknown>).value).toBe(null)
})
it.concurrent('should skip fields from triggerConfig that have no matching subBlock', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { nonExistentField: 'value123' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
}
const result = normalizeTriggerConfigValues(subBlocks)
expect(result.nonExistentField).toBeUndefined()
expect((result.signingSecret as Record<string, unknown>).value).toBe(null)
})
it.concurrent('should not mutate the original subBlocks object', () => {
const original = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
}
normalizeTriggerConfigValues(original)
expect((original.signingSecret as Record<string, unknown>).value).toBe(null)
})
it.concurrent('should preserve other subBlock properties when populating value', () => {
const subBlocks = {
triggerConfig: {
id: 'triggerConfig',
type: 'short-input',
value: { signingSecret: 'secret123' },
},
signingSecret: {
id: 'signingSecret',
type: 'short-input',
value: null,
placeholder: 'Enter signing secret',
},
}
const result = normalizeTriggerConfigValues(subBlocks)
const normalized = result.signingSecret as Record<string, unknown>
expect(normalized.value).toBe('secret123')
expect(normalized.id).toBe('signingSecret')
expect(normalized.type).toBe('short-input')
expect(normalized.placeholder).toBe('Enter signing secret')
})
})
})

40
apps/sim/lib/workflows/comparison/normalize.ts
View File

@@ -418,48 +418,10 @@ export function extractBlockFieldsForComparison(block: BlockState): ExtractedBlo
*/
export function filterSubBlockIds(subBlockIds: string[]): string[] {
return subBlockIds
.filter((id) => {
if (TRIGGER_RUNTIME_SUBBLOCK_IDS.includes(id)) return false
if (SYSTEM_SUBBLOCK_IDS.some((sysId) => id === sysId || id.startsWith(`${sysId}_`)))
return false
return true
})
.filter((id) => !SYSTEM_SUBBLOCK_IDS.includes(id) && !TRIGGER_RUNTIME_SUBBLOCK_IDS.includes(id))
.sort()
}
/**
* Normalizes trigger block subBlocks by populating null/empty individual fields
* from the triggerConfig aggregate subBlock. This compensates for the runtime
* population done by populateTriggerFieldsFromConfig, ensuring consistent
* comparison between client state (with populated values) and deployed state
* (with null values from DB).
*/
export function normalizeTriggerConfigValues(
subBlocks: Record<string, unknown>
): Record<string, unknown> {
const triggerConfigSub = subBlocks.triggerConfig as Record<string, unknown> | undefined
const triggerConfigValue = triggerConfigSub?.value
if (!triggerConfigValue || typeof triggerConfigValue !== 'object') {
return subBlocks
}
const result = { ...subBlocks }
for (const [fieldId, configValue] of Object.entries(
triggerConfigValue as Record<string, unknown>
)) {
if (configValue === null || configValue === undefined) continue
const existingSub = result[fieldId] as Record<string, unknown> | undefined
if (
existingSub &&
(existingSub.value === null || existingSub.value === undefined || existingSub.value === '')
) {
result[fieldId] = { ...existingSub, value: configValue }
}
}
return result
}
/**
* Normalizes a subBlock value with sanitization for specific subBlock types.
* Sanitizes: tools (removes isExpanded), inputFormat (removes collapsed)

1
apps/sim/stores/modals/settings/types.ts
View File

@@ -1,5 +1,6 @@
export type SettingsSection =
| 'general'
| 'credentials'
| 'environment'
| 'template-profile'
| 'integrations'

81
apps/sim/stores/panel/copilot/store.ts
View File

@@ -310,50 +310,6 @@ function parseModelKey(compositeKey: string): { provider: string; modelId: strin
return { provider: compositeKey.slice(0, slashIdx), modelId: compositeKey.slice(slashIdx + 1) }
}
/**
* Convert legacy/variant Claude IDs into the canonical ID shape used by the model catalog.
*
* Examples:
* - claude-4.5-opus -> claude-opus-4-5
* - claude-opus-4.6 -> claude-opus-4-6
* - anthropic.claude-opus-4-5-20251101-v1:0 -> claude-opus-4-5 (match key only)
*/
function canonicalizeModelMatchKey(modelId: string): string {
if (!modelId) return modelId
const normalized = modelId.trim().toLowerCase()
const toCanonicalClaude = (tier: string, version: string): string => {
const normalizedVersion = version.replace(/\./g, '-')
return `claude-${tier}-${normalizedVersion}`
}
const tierFirstExact = normalized.match(/^claude-(opus|sonnet|haiku)-(\d+(?:[.-]\d+)?)$/)
if (tierFirstExact) {
const [, tier, version] = tierFirstExact
return toCanonicalClaude(tier, version)
}
const versionFirstExact = normalized.match(/^claude-(\d+(?:[.-]\d+)?)-(opus|sonnet|haiku)$/)
if (versionFirstExact) {
const [, version, tier] = versionFirstExact
return toCanonicalClaude(tier, version)
}
const tierFirstEmbedded = normalized.match(/claude-(opus|sonnet|haiku)-(\d+(?:[.-]\d+)?)/)
if (tierFirstEmbedded) {
const [, tier, version] = tierFirstEmbedded
return toCanonicalClaude(tier, version)
}
const versionFirstEmbedded = normalized.match(/claude-(\d+(?:[.-]\d+)?)-(opus|sonnet|haiku)/)
if (versionFirstEmbedded) {
const [, version, tier] = versionFirstEmbedded
return toCanonicalClaude(tier, version)
}
return normalized
}
const MODEL_PROVIDER_PRIORITY = [
'anthropic',
'bedrock',
@@ -394,23 +350,12 @@ function normalizeSelectedModelKey(selectedModel: string, models: AvailableModel
const { provider, modelId } = parseModelKey(selectedModel)
const targetModelId = modelId || selectedModel
const targetMatchKey = canonicalizeModelMatchKey(targetModelId)
const matches = models.filter((m) => {
const candidateModelId = parseModelKey(m.id).modelId || m.id
const candidateMatchKey = canonicalizeModelMatchKey(candidateModelId)
return (
candidateModelId === targetModelId ||
m.id.endsWith(`/${targetModelId}`) ||
candidateMatchKey === targetMatchKey
)
})
const matches = models.filter((m) => m.id.endsWith(`/${targetModelId}`))
if (matches.length === 0) return selectedModel
if (provider) {
const sameProvider = matches.find(
(m) => m.provider === provider || m.id.startsWith(`${provider}/`)
)
const sameProvider = matches.find((m) => m.provider === provider)
if (sameProvider) return sameProvider.id
}
@@ -1148,12 +1093,11 @@ export const useCopilotStore = create<CopilotStore>()(
const chatConfig = chat.config ?? {}
const chatMode = chatConfig.mode || get().mode
const chatModel = chatConfig.model || get().selectedModel
const normalizedChatModel = normalizeSelectedModelKey(chatModel, get().availableModels)
logger.debug('[Chat] Restoring chat config', {
chatId: chat.id,
mode: chatMode,
model: normalizedChatModel,
model: chatModel,
hasPlanArtifact: !!planArtifact,
})
@@ -1175,7 +1119,7 @@ export const useCopilotStore = create<CopilotStore>()(
showPlanTodos: false,
streamingPlanContent: planArtifact,
mode: chatMode,
selectedModel: normalizedChatModel as CopilotStore['selectedModel'],
selectedModel: chatModel as CopilotStore['selectedModel'],
suppressAutoSelect: false,
})
@@ -1348,10 +1292,6 @@ export const useCopilotStore = create<CopilotStore>()(
const refreshedConfig = updatedCurrentChat.config ?? {}
const refreshedMode = refreshedConfig.mode || get().mode
const refreshedModel = refreshedConfig.model || get().selectedModel
const normalizedRefreshedModel = normalizeSelectedModelKey(
refreshedModel,
get().availableModels
)
const toolCallsById = buildToolCallsById(normalizedMessages)
set({
@@ -1360,7 +1300,7 @@ export const useCopilotStore = create<CopilotStore>()(
toolCallsById,
streamingPlanContent: refreshedPlanArtifact,
mode: refreshedMode,
selectedModel: normalizedRefreshedModel as CopilotStore['selectedModel'],
selectedModel: refreshedModel as CopilotStore['selectedModel'],
})
}
try {
@@ -1380,15 +1320,11 @@ export const useCopilotStore = create<CopilotStore>()(
const chatConfig = mostRecentChat.config ?? {}
const chatMode = chatConfig.mode || get().mode
const chatModel = chatConfig.model || get().selectedModel
const normalizedChatModel = normalizeSelectedModelKey(
chatModel,
get().availableModels
)
logger.info('[Chat] Auto-selecting most recent chat with config', {
chatId: mostRecentChat.id,
mode: chatMode,
model: normalizedChatModel,
model: chatModel,
hasPlanArtifact: !!planArtifact,
})
@@ -1400,7 +1336,7 @@ export const useCopilotStore = create<CopilotStore>()(
toolCallsById,
streamingPlanContent: planArtifact,
mode: chatMode,
selectedModel: normalizedChatModel as CopilotStore['selectedModel'],
selectedModel: chatModel as CopilotStore['selectedModel'],
})
try {
await get().loadMessageCheckpoints(mostRecentChat.id)
@@ -2332,8 +2268,7 @@ export const useCopilotStore = create<CopilotStore>()(
},
setSelectedModel: async (model) => {
const normalizedModel = normalizeSelectedModelKey(model, get().availableModels)
set({ selectedModel: normalizedModel as CopilotStore['selectedModel'] })
set({ selectedModel: model })
},
setAgentPrefetch: (prefetch) => set({ agentPrefetch: prefetch }),
loadAvailableModels: async () => {

25
apps/sim/tools/confluence/create_blogpost.ts
View File

@@ -1,4 +1,8 @@
import { BLOGPOST_ITEM_PROPERTIES, TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import {
CONTENT_BODY_OUTPUT_PROPERTIES,
TIMESTAMP_OUTPUT,
VERSION_OUTPUT_PROPERTIES,
} from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreateBlogPostParams {
@@ -125,6 +129,23 @@ export const confluenceCreateBlogPostTool: ToolConfig<
outputs: {
ts: TIMESTAMP_OUTPUT,
...BLOGPOST_ITEM_PROPERTIES,
id: { type: 'string', description: 'Created blog post ID' },
title: { type: 'string', description: 'Blog post title' },
status: { type: 'string', description: 'Blog post status', optional: true },
spaceId: { type: 'string', description: 'Space ID' },
authorId: { type: 'string', description: 'Author account ID', optional: true },
body: {
type: 'object',
description: 'Blog post body content',
properties: CONTENT_BODY_OUTPUT_PROPERTIES,
optional: true,
},
version: {
type: 'object',
description: 'Blog post version information',
properties: VERSION_OUTPUT_PROPERTIES,
optional: true,
},
webUrl: { type: 'string', description: 'URL to view the blog post', optional: true },
},
}

3
apps/sim/tools/confluence/create_comment.ts
View File

@@ -1,4 +1,3 @@
import { TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreateCommentParams {
@@ -100,7 +99,7 @@ export const confluenceCreateCommentTool: ToolConfig<
},
outputs: {
ts: TIMESTAMP_OUTPUT,
ts: { type: 'string', description: 'Timestamp of creation' },
commentId: { type: 'string', description: 'Created comment ID' },
pageId: { type: 'string', description: 'Page ID' },
},

8
apps/sim/tools/confluence/create_page.ts
View File

@@ -1,8 +1,4 @@
import {
CONTENT_BODY_OUTPUT_PROPERTIES,
TIMESTAMP_OUTPUT,
VERSION_OUTPUT_PROPERTIES,
} from '@/tools/confluence/types'
import { CONTENT_BODY_OUTPUT_PROPERTIES, VERSION_OUTPUT_PROPERTIES } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreatePageParams {
@@ -132,7 +128,7 @@ export const confluenceCreatePageTool: ToolConfig<
},
outputs: {
ts: TIMESTAMP_OUTPUT,
ts: { type: 'string', description: 'Timestamp of creation' },
pageId: { type: 'string', description: 'Created page ID' },
title: { type: 'string', description: 'Page title' },
status: { type: 'string', description: 'Page status', optional: true },

11
apps/sim/tools/confluence/create_page_property.ts
View File

@@ -1,4 +1,4 @@
import { PAGE_PROPERTY_ITEM_PROPERTIES, TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import { TIMESTAMP_OUTPUT, VERSION_OUTPUT_PROPERTIES } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreatePagePropertyParams {
@@ -115,6 +115,13 @@ export const confluenceCreatePagePropertyTool: ToolConfig<
ts: TIMESTAMP_OUTPUT,
pageId: { type: 'string', description: 'ID of the page' },
propertyId: { type: 'string', description: 'ID of the created property' },
...PAGE_PROPERTY_ITEM_PROPERTIES,
key: { type: 'string', description: 'Property key' },
value: { type: 'json', description: 'Property value' },
version: {
type: 'object',
description: 'Version information',
properties: VERSION_OUTPUT_PROPERTIES,
optional: true,
},
},
}

123
apps/sim/tools/confluence/create_space.ts
View File

@@ -1,123 +0,0 @@
import { TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreateSpaceParams {
accessToken: string
domain: string
name: string
key: string
description?: string
cloudId?: string
}
export interface ConfluenceCreateSpaceResponse {
success: boolean
output: {
ts: string
id: string
key: string
name: string
type: string
status: string
homepageId: string | null
}
}
export const confluenceCreateSpaceTool: ToolConfig<
ConfluenceCreateSpaceParams,
ConfluenceCreateSpaceResponse
> = {
id: 'confluence_create_space',
name: 'Confluence Create Space',
description: 'Create a new Confluence space.',
version: '1.0.0',
oauth: {
required: true,
provider: 'confluence',
},
params: {
accessToken: {
type: 'string',
required: true,
visibility: 'hidden',
description: 'OAuth access token for Confluence',
},
domain: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'Your Confluence domain (e.g., yourcompany.atlassian.net)',
},
name: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name for the new space',
},
key: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Unique key for the space (short identifier used in URLs)',
},
description: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Description for the space',
},
cloudId: {
type: 'string',
required: false,
visibility: 'user-only',
description:
'Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain.',
},
},
request: {
url: () => '/api/tools/confluence/spaces',
method: 'POST',
headers: (params: ConfluenceCreateSpaceParams) => ({
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${params.accessToken}`,
}),
body: (params: ConfluenceCreateSpaceParams) => ({
domain: params.domain,
accessToken: params.accessToken,
name: params.name,
key: params.key,
description: params.description,
cloudId: params.cloudId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
return {
success: true,
output: {
ts: new Date().toISOString(),
id: data.id ?? '',
key: data.key ?? '',
name: data.name ?? '',
type: data.type ?? '',
status: data.status ?? '',
homepageId: data.homepageId ?? null,
},
}
},
outputs: {
ts: TIMESTAMP_OUTPUT,
id: { type: 'string', description: 'ID of the created space' },
key: { type: 'string', description: 'Key of the created space' },
name: { type: 'string', description: 'Name of the created space' },
type: { type: 'string', description: 'Type of the space' },
status: { type: 'string', description: 'Status of the space' },
homepageId: { type: 'string', description: 'ID of the space homepage', optional: true },
},
}

118
apps/sim/tools/confluence/create_space_property.ts
View File

@@ -1,118 +0,0 @@
import { SPACE_PROPERTY_ITEM_PROPERTIES, TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreateSpacePropertyParams {
accessToken: string
domain: string
spaceId: string
key: string
value: unknown
cloudId?: string
}
export interface ConfluenceCreateSpacePropertyResponse {
success: boolean
output: {
ts: string
spaceId: string
propertyId: string
key: string
value: unknown
version: { number: number } | null
}
}
export const confluenceCreateSpacePropertyTool: ToolConfig<
ConfluenceCreateSpacePropertyParams,
ConfluenceCreateSpacePropertyResponse
> = {
id: 'confluence_create_space_property',
name: 'Confluence Create Space Property',
description: 'Create a new content property on a Confluence space.',
version: '1.0.0',
oauth: {
required: true,
provider: 'confluence',
},
params: {
accessToken: {
type: 'string',
required: true,
visibility: 'hidden',
description: 'OAuth access token for Confluence',
},
domain: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'Your Confluence domain (e.g., yourcompany.atlassian.net)',
},
spaceId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ID of the space to add the property to',
},
key: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The key/name for the property',
},
value: {
type: 'json',
required: true,
visibility: 'user-or-llm',
description: 'The value for the property (can be any JSON value)',
},
cloudId: {
type: 'string',
required: false,
visibility: 'user-only',
description:
'Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain.',
},
},
request: {
url: () => '/api/tools/confluence/space-properties',
method: 'POST',
headers: (params: ConfluenceCreateSpacePropertyParams) => ({
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${params.accessToken}`,
}),
body: (params: ConfluenceCreateSpacePropertyParams) => ({
domain: params.domain,
accessToken: params.accessToken,
spaceId: params.spaceId?.trim(),
key: params.key,
value: params.value,
cloudId: params.cloudId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
return {
success: true,
output: {
ts: new Date().toISOString(),
spaceId: data.spaceId ?? '',
propertyId: data.id ?? '',
key: data.key ?? '',
value: data.value ?? null,
version: data.version ?? null,
},
}
},
outputs: {
ts: TIMESTAMP_OUTPUT,
spaceId: { type: 'string', description: 'ID of the space' },
propertyId: { type: 'string', description: 'ID of the created property' },
...SPACE_PROPERTY_ITEM_PROPERTIES,
},
}

127
apps/sim/tools/confluence/create_whiteboard.ts
View File

@@ -1,127 +0,0 @@
import { TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceCreateWhiteboardParams {
accessToken: string
domain: string
spaceId: string
title: string
parentId?: string
cloudId?: string
}
export interface ConfluenceCreateWhiteboardResponse {
success: boolean
output: {
ts: string
id: string
title: string
spaceId: string
parentId: string | null
parentType: string | null
authorId: string | null
createdAt: string | null
}
}
export const confluenceCreateWhiteboardTool: ToolConfig<
ConfluenceCreateWhiteboardParams,
ConfluenceCreateWhiteboardResponse
> = {
id: 'confluence_create_whiteboard',
name: 'Confluence Create Whiteboard',
description: 'Create a new whiteboard in a Confluence space.',
version: '1.0.0',
oauth: {
required: true,
provider: 'confluence',
},
params: {
accessToken: {
type: 'string',
required: true,
visibility: 'hidden',
description: 'OAuth access token for Confluence',
},
domain: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'Your Confluence domain (e.g., yourcompany.atlassian.net)',
},
spaceId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ID of the space to create the whiteboard in',
},
title: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Title for the whiteboard',
},
parentId: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'ID of the parent content (optional)',
},
cloudId: {
type: 'string',
required: false,
visibility: 'user-only',
description:
'Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain.',
},
},
request: {
url: () => '/api/tools/confluence/whiteboards',
method: 'POST',
headers: (params: ConfluenceCreateWhiteboardParams) => ({
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${params.accessToken}`,
}),
body: (params: ConfluenceCreateWhiteboardParams) => ({
action: 'create',
domain: params.domain,
accessToken: params.accessToken,
spaceId: params.spaceId?.trim(),
title: params.title,
parentId: params.parentId?.trim(),
cloudId: params.cloudId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
return {
success: true,
output: {
ts: new Date().toISOString(),
id: data.id ?? '',
title: data.title ?? '',
spaceId: data.spaceId ?? '',
parentId: data.parentId ?? null,
parentType: data.parentType ?? null,
authorId: data.authorId ?? null,
createdAt: data.createdAt ?? null,
},
}
},
outputs: {
ts: TIMESTAMP_OUTPUT,
id: { type: 'string', description: 'ID of the created whiteboard' },
title: { type: 'string', description: 'Title of the whiteboard' },
spaceId: { type: 'string', description: 'ID of the space' },
parentId: { type: 'string', description: 'ID of the parent content', optional: true },
parentType: { type: 'string', description: 'Type of the parent content', optional: true },
authorId: { type: 'string', description: 'Author account ID', optional: true },
createdAt: { type: 'string', description: 'Creation timestamp', optional: true },
},
}

5
apps/sim/tools/confluence/delete_attachment.ts
View File

@@ -1,4 +1,3 @@
import { DELETED_OUTPUT, TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export interface ConfluenceDeleteAttachmentParams {
@@ -91,8 +90,8 @@ export const confluenceDeleteAttachmentTool: ToolConfig<
},
outputs: {
ts: TIMESTAMP_OUTPUT,
ts: { type: 'string', description: 'Timestamp of deletion' },
attachmentId: { type: 'string', description: 'Deleted attachment ID' },
deleted: DELETED_OUTPUT,
deleted: { type: 'boolean', description: 'Deletion status' },
},
}

82
apps/sim/tools/confluence/delete_blogpost.ts
View File

@@ -1,82 +0,0 @@
import type {
ConfluenceDeleteBlogPostParams,
ConfluenceDeleteBlogPostResponse,
} from '@/tools/confluence/types'
import { DELETED_OUTPUT, TIMESTAMP_OUTPUT } from '@/tools/confluence/types'
import type { ToolConfig } from '@/tools/types'
export const confluenceDeleteBlogPostTool: ToolConfig<
ConfluenceDeleteBlogPostParams,
ConfluenceDeleteBlogPostResponse
> = {
id: 'confluence_delete_blogpost',
name: 'Confluence Delete Blog Post',
description: 'Delete a Confluence blog post.',
version: '1.0.0',
oauth: {
required: true,
provider: 'confluence',
},
params: {
accessToken: {
type: 'string',
required: true,
visibility: 'hidden',
description: 'OAuth access token for Confluence',
},
domain: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'Your Confluence domain (e.g., yourcompany.atlassian.net)',
},
blogPostId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ID of the blog post to delete',
},
cloudId: {
type: 'string',
required: false,
visibility: 'user-only',
description:
'Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain.',
},
},
request: {
url: () => '/api/tools/confluence/blogposts',
method: 'DELETE',
headers: (params: ConfluenceDeleteBlogPostParams) => ({
Accept: 'application/json',
Authorization: `Bearer ${params.accessToken}`,
}),
body: (params: ConfluenceDeleteBlogPostParams) => ({
domain: params.domain,
accessToken: params.accessToken,
blogPostId: params.blogPostId?.trim(),
cloudId: params.cloudId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
return {
success: true,
output: {
ts: new Date().toISOString(),
blogPostId: data.blogPostId ?? '',
deleted: true,
},
}
},
outputs: {
ts: TIMESTAMP_OUTPUT,
blogPostId: { type: 'string', description: 'Deleted blog post ID' },
deleted: DELETED_OUTPUT,
},
}

Some files were not shown because too many files have changed in this diff Show More