ops

Hide pagination, sort order, and filter fields behind the advanced
toggle for a cleaner default UX across all YouTube operations.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/docs/components/icons.tsx

@@ -4407,6 +4407,161 @@ export function DatadogIcon(props: SVGProps<SVGSVGElement>) {
   )
 }
 
+export function MicrosoftDataverseIcon(props: SVGProps<SVGSVGElement>) {
+  const id = useId()
+  const clip0 = `dataverse_clip0_${id}`
+  const clip1 = `dataverse_clip1_${id}`
+  const clip2 = `dataverse_clip2_${id}`
+  const paint0 = `dataverse_paint0_${id}`
+  const paint1 = `dataverse_paint1_${id}`
+  const paint2 = `dataverse_paint2_${id}`
+  const paint3 = `dataverse_paint3_${id}`
+  const paint4 = `dataverse_paint4_${id}`
+  const paint5 = `dataverse_paint5_${id}`
+  const paint6 = `dataverse_paint6_${id}`
+  return (
+    <svg
+      {...props}
+      width='96'
+      height='96'
+      viewBox='0 0 96 96'
+      fill='none'
+      xmlns='http://www.w3.org/2000/svg'
+    >
+      <g clipPath={`url(#${clip0})`}>
+        <g clipPath={`url(#${clip1})`}>
+          <g clipPath={`url(#${clip2})`}>
+            <path
+              d='M13.8776 21.8242C29.1033 8.13791 49.7501 8.1861 62.955 18.9134C74.9816 28.6836 77.4697 44.3159 70.851 55.7801C64.2321 67.2443 52.5277 70.1455 39.5011 62.6247L31.7286 76.087L31.7234 76.0862C27.4181 83.5324 17.8937 86.0828 10.4437 81.7817C7.45394 80.0556 5.25322 77.4879 3.96665 74.551L3.96096 74.5511C-4.07832 55.7804 0.200745 34.1184 13.8776 21.8242Z'
+              fill={`url(#${paint0})`}
+            />
+            <path
+              d='M13.8776 21.8242C29.1033 8.13791 49.7501 8.1861 62.955 18.9134C74.9816 28.6836 77.4697 44.3159 70.851 55.7801C64.2321 67.2443 52.5277 70.1455 39.5011 62.6247L31.7286 76.087L31.7234 76.0862C27.4181 83.5324 17.8937 86.0828 10.4437 81.7817C7.45394 80.0556 5.25322 77.4879 3.96665 74.551L3.96096 74.5511C-4.07832 55.7804 0.200745 34.1184 13.8776 21.8242Z'
+              fill={`url(#${paint1})`}
+              fillOpacity='0.8'
+            />
+            <path
+              d='M85.4327 14.2231C88.4528 15.9668 90.6686 18.569 91.9494 21.5433L91.9533 21.5444C99.9406 40.2943 95.6533 61.9068 81.9983 74.1814C66.7726 87.8677 46.1257 87.8196 32.9209 77.0923C20.8945 67.3221 18.4062 51.6897 25.0249 40.2256C31.6438 28.7614 43.3482 25.8601 56.3748 33.381L64.1434 19.9255L64.1482 19.9249C68.4516 12.4736 77.9805 9.92084 85.4327 14.2231Z'
+              fill={`url(#${paint2})`}
+            />
+            <path
+              d='M85.4327 14.2231C88.4528 15.9668 90.6686 18.569 91.9494 21.5433L91.9533 21.5444C99.9406 40.2943 95.6533 61.9068 81.9983 74.1814C66.7726 87.8677 46.1257 87.8196 32.9209 77.0923C20.8945 67.3221 18.4062 51.6897 25.0249 40.2256C31.6438 28.7614 43.3482 25.8601 56.3748 33.381L64.1434 19.9255L64.1482 19.9249C68.4516 12.4736 77.9805 9.92084 85.4327 14.2231Z'
+              fill={`url(#${paint3})`}
+              fillOpacity='0.9'
+            />
+            <path
+              d='M39.5041 62.6261C52.5307 70.1469 64.2352 67.2456 70.8541 55.7814C77.2488 44.7055 75.1426 29.7389 64.147 19.9271L56.3791 33.3814L39.5041 62.6261Z'
+              fill={`url(#${paint4})`}
+            />
+            <path
+              d='M56.3794 33.3815C43.3528 25.8607 31.6482 28.762 25.0294 40.2262C18.6347 51.3021 20.7409 66.2687 31.7364 76.0806L39.5043 62.6262L56.3794 33.3815Z'
+              fill={`url(#${paint5})`}
+            />
+            <path
+              d='M33.3215 56.4453C37.9837 64.5204 48.3094 67.2872 56.3846 62.625C64.4598 57.9628 67.2266 47.6371 62.5643 39.5619C57.9021 31.4867 47.5764 28.72 39.5013 33.3822C31.4261 38.0444 28.6593 48.3701 33.3215 56.4453Z'
+              fill={`url(#${paint6})`}
+            />
+          </g>
+        </g>
+      </g>
+      <defs>
+        <radialGradient
+          id={paint0}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(46.0001 49.4996) rotate(-148.717) scale(46.2195 47.5359)'
+        >
+          <stop offset='0.465088' stopColor='#09442A' />
+          <stop offset='0.70088' stopColor='#136C6C' />
+          <stop offset='1' stopColor='#22918B' />
+        </radialGradient>
+        <radialGradient
+          id={paint1}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(50.0001 32.4996) rotate(123.57) scale(66.0095 46.5498)'
+        >
+          <stop offset='0.718705' stopColor='#1A7F7C' stopOpacity='0' />
+          <stop offset='1' stopColor='#16BBDA' />
+        </radialGradient>
+        <radialGradient
+          id={paint2}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(50.4999 44.5001) rotate(30.75) scale(45.9618 44.5095)'
+        >
+          <stop offset='0.358097' stopColor='#136C6C' />
+          <stop offset='0.789474' stopColor='#42B870' />
+          <stop offset='1' stopColor='#76D45E' />
+        </radialGradient>
+        <radialGradient
+          id={paint3}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientTransform='matrix(42.5 -36.0002 31.1824 36.8127 49.4998 55.5001)'
+          gradientUnits='userSpaceOnUse'
+        >
+          <stop offset='0.583166' stopColor='#76D45E' stopOpacity='0' />
+          <stop offset='1' stopColor='#C8F5B7' />
+        </radialGradient>
+        <radialGradient
+          id={paint4}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(47.5 48) rotate(-58.9042) scale(32.6898)'
+        >
+          <stop offset='0.486266' stopColor='#22918B' />
+          <stop offset='0.729599' stopColor='#42B870' />
+          <stop offset='1' stopColor='#43E5CA' />
+        </radialGradient>
+        <radialGradient
+          id={paint5}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(47.3833 49.0077) rotate(119.859) scale(31.1328 29.4032)'
+        >
+          <stop offset='0.459553' stopColor='#08494E' />
+          <stop offset='0.742242' stopColor='#1A7F7C' />
+          <stop offset='1' stopColor='#309C61' />
+        </radialGradient>
+        <radialGradient
+          id={paint6}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(52.5 40) rotate(120.784) scale(27.3542)'
+        >
+          <stop stopColor='#C8F5B7' />
+          <stop offset='0.24583' stopColor='#98F0B0' />
+          <stop offset='0.643961' stopColor='#52D17C' />
+          <stop offset='1' stopColor='#119FC5' />
+        </radialGradient>
+        <clipPath id={clip0}>
+          <rect width='96' height='96' fill='white' />
+        </clipPath>
+        <clipPath id={clip1}>
+          <rect width='96' height='96' fill='white' />
+        </clipPath>
+        <clipPath id={clip2}>
+          <rect width='95.9998' height='96' fill='white' />
+        </clipPath>
+      </defs>
+    </svg>
+  )
+}
+
 export function KalshiIcon(props: SVGProps<SVGSVGElement>) {
   return (
     <svg {...props} viewBox='0 0 78 20' fill='currentColor' xmlns='http://www.w3.org/2000/svg'>
@@ -5532,3 +5687,33 @@ export function OnePasswordIcon(props: SVGProps<SVGSVGElement>) {
     </svg>
   )
 }
+
+export function VercelIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      {...props}
+      viewBox='0 0 256 222'
+      xmlns='http://www.w3.org/2000/svg'
+      preserveAspectRatio='xMidYMid'
+    >
+      <g transform='translate(19.2 16.63) scale(0.85)'>
+        <polygon fill='#fafafa' points='128 0 256 221.705007 0 221.705007' />
+      </g>
+    </svg>
+  )
+}
+
+export function CloudflareIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg {...props} xmlns='http://www.w3.org/2000/svg' viewBox='0 0 512 512'>
+      <path
+        fill='#f38020'
+        d='M331 326c11-26-4-38-19-38l-148-2c-4 0-4-6 1-7l150-2c17-1 37-15 43-33 0 0 10-21 9-24a97 97 0 0 0-187-11c-38-25-78 9-69 46-48 3-65 46-60 72 0 1 1 2 3 2h274c1 0 3-1 3-3z'
+      />
+      <path
+        fill='#faae40'
+        d='M381 224c-4 0-6-1-7 1l-5 21c-5 16 3 30 20 31l32 2c4 0 4 6-1 7l-33 1c-36 4-46 39-46 39 0 2 0 3 2 3h113l3-2a81 81 0 0 0-78-103'
+      />
+    </svg>
+  )
+}

apps/docs/components/ui/icon-mapping.ts

@@ -19,6 +19,7 @@ import {
   CirclebackIcon,
   ClayIcon,
   ClerkIcon,
+  CloudflareIcon,
   ConfluenceIcon,
   CursorIcon,
   DatadogIcon,
@@ -71,6 +72,7 @@ import {
   MailgunIcon,
   MailServerIcon,
   Mem0Icon,
+  MicrosoftDataverseIcon,
   MicrosoftExcelIcon,
   MicrosoftOneDriveIcon,
   MicrosoftPlannerIcon,
@@ -125,6 +127,7 @@ import {
   TTSIcon,
   TwilioIcon,
   TypeformIcon,
+  VercelIcon,
   VideoIcon,
   WealthboxIcon,
   WebflowIcon,
@@ -155,6 +158,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   circleback: CirclebackIcon,
   clay: ClayIcon,
   clerk: ClerkIcon,
+  cloudflare: CloudflareIcon,
   confluence_v2: ConfluenceIcon,
   cursor_v2: CursorIcon,
   datadog: DatadogIcon,
@@ -208,6 +212,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   mailgun: MailgunIcon,
   mem0: Mem0Icon,
   memory: BrainIcon,
+  microsoft_dataverse: MicrosoftDataverseIcon,
   microsoft_excel_v2: MicrosoftExcelIcon,
   microsoft_planner: MicrosoftPlannerIcon,
   microsoft_teams: MicrosoftTeamsIcon,
@@ -262,6 +267,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   twilio_sms: TwilioIcon,
   twilio_voice: TwilioIcon,
   typeform: TypeformIcon,
+  vercel: VercelIcon,
   video_generator_v2: VideoIcon,
   vision_v2: EyeIcon,
   wealthbox: WealthboxIcon,

apps/docs/content/docs/en/tools/cloudflare.mdx

@@ -0,0 +1,569 @@
+---
+title: Cloudflare
+description: Manage DNS, domains, certificates, and cache
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="cloudflare"
+  color="#F5F6FA"
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+[Cloudflare](https://cloudflare.com/) is a global cloud platform that provides content delivery, domain management, cybersecurity, and performance services for websites and applications.
+
+In Sim, the Cloudflare integration empowers your agents to automate the management of DNS records, SSL/TLS certificates, domains (zones), cache, zone settings, and more through easy-to-use API tools. Agents can securely list and edit domains, update DNS records, monitor analytics, and manage security and performance—all as part of your automated workflows.
+
+With Cloudflare, you can:
+
+- **Manage DNS and Domains**: List all your domains (zones), view zone details, and fully control DNS records from your automated agent workflows.
+- **Handle SSL/TLS Certificates and Settings**: Issue, renew, or list certificates and adjust security and performance settings for your sites.
+- **Purge Cache and Analyze Traffic**: Instantly purge edge cache and review real-time DNS analytics directly within your Sim agent processes.
+- **Automate Security and Operations**: Use agents to programmatically manage zones, update settings, and streamline repetitive Cloudflare tasks.
+
+This integration enables streamlined, secure management of your site's infrastructure from within Sim. Your agents can integrate Cloudflare operations directly into processes—keeping DNS records up-to-date, responding to security events, improving site performance, and automating large-scale site and account administration.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Integrate Cloudflare into the workflow. Manage zones (domains), DNS records, SSL/TLS certificates, zone settings, DNS analytics, and cache purging via the Cloudflare API.
+
+
+
+## Tools
+
+### `cloudflare_list_zones`
+
+Lists all zones (domains) in the Cloudflare account.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `name` | string | No | Filter zones by domain name \(e.g., "example.com"\) |
+| `status` | string | No | Filter by zone status: "initializing", "pending", "active", or "moved" |
+| `page` | number | No | Page number for pagination \(default: 1\) |
+| `per_page` | number | No | Number of zones per page \(default: 20, max: 50\) |
+| `accountId` | string | No | Filter zones by account ID |
+| `order` | string | No | Sort field \(name, status, account.id, account.name\) |
+| `direction` | string | No | Sort direction \(asc, desc\) |
+| `match` | string | No | Match logic for filters \(any, all\). Default: all |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `zones` | array | List of zones/domains |
+|   ↳ `id` | string | Zone ID |
+|   ↳ `name` | string | Domain name |
+|   ↳ `status` | string | Zone status \(initializing, pending, active, moved\) |
+|   ↳ `paused` | boolean | Whether the zone is paused |
+|   ↳ `type` | string | Zone type \(full, partial, or secondary\) |
+|   ↳ `name_servers` | array | Assigned Cloudflare name servers |
+|   ↳ `original_name_servers` | array | Original name servers before moving to Cloudflare |
+|   ↳ `created_on` | string | ISO 8601 date when the zone was created |
+|   ↳ `modified_on` | string | ISO 8601 date when the zone was last modified |
+|   ↳ `activated_on` | string | ISO 8601 date when the zone was activated |
+|   ↳ `development_mode` | number | Seconds remaining in development mode \(0 = off\) |
+|   ↳ `plan` | object | Zone plan information |
+|     ↳ `id` | string | Plan identifier |
+|     ↳ `name` | string | Plan name |
+|     ↳ `price` | number | Plan price |
+|     ↳ `is_subscribed` | boolean | Whether the zone is subscribed to the plan |
+|     ↳ `frequency` | string | Plan billing frequency |
+|     ↳ `currency` | string | Plan currency |
+|     ↳ `legacy_id` | string | Legacy plan identifier |
+|   ↳ `account` | object | Account the zone belongs to |
+|     ↳ `id` | string | Account identifier |
+|     ↳ `name` | string | Account name |
+|   ↳ `owner` | object | Zone owner information |
+|     ↳ `id` | string | Owner identifier |
+|     ↳ `name` | string | Owner name |
+|     ↳ `type` | string | Owner type |
+|   ↳ `meta` | object | Zone metadata |
+|     ↳ `cdn_only` | boolean | Whether the zone is CDN only |
+|     ↳ `custom_certificate_quota` | number | Custom certificate quota |
+|     ↳ `dns_only` | boolean | Whether the zone is DNS only |
+|     ↳ `foundation_dns` | boolean | Whether foundation DNS is enabled |
+|     ↳ `page_rule_quota` | number | Page rule quota |
+|     ↳ `phishing_detected` | boolean | Whether phishing was detected |
+|     ↳ `step` | number | Current setup step |
+|   ↳ `vanity_name_servers` | array | Custom vanity name servers |
+|   ↳ `permissions` | array | User permissions for the zone |
+| `total_count` | number | Total number of zones matching the query |
+
+### `cloudflare_get_zone`
+
+Gets details for a specific zone (domain) by its ID.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to retrieve details for |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Zone ID |
+| `name` | string | Domain name |
+| `status` | string | Zone status \(initializing, pending, active, moved\) |
+| `paused` | boolean | Whether the zone is paused |
+| `type` | string | Zone type \(full, partial, or secondary\) |
+| `name_servers` | array | Assigned Cloudflare name servers |
+| `original_name_servers` | array | Original name servers before moving to Cloudflare |
+| `created_on` | string | ISO 8601 date when the zone was created |
+| `modified_on` | string | ISO 8601 date when the zone was last modified |
+| `activated_on` | string | ISO 8601 date when the zone was activated |
+| `development_mode` | number | Seconds remaining in development mode \(0 = off\) |
+| `plan` | object | Zone plan information |
+|   ↳ `id` | string | Plan identifier |
+|   ↳ `name` | string | Plan name |
+|   ↳ `price` | number | Plan price |
+|   ↳ `is_subscribed` | boolean | Whether the zone is subscribed to the plan |
+|   ↳ `frequency` | string | Plan billing frequency |
+|   ↳ `currency` | string | Plan currency |
+|   ↳ `legacy_id` | string | Legacy plan identifier |
+| `account` | object | Account the zone belongs to |
+|   ↳ `id` | string | Account identifier |
+|   ↳ `name` | string | Account name |
+| `owner` | object | Zone owner information |
+|   ↳ `id` | string | Owner identifier |
+|   ↳ `name` | string | Owner name |
+|   ↳ `type` | string | Owner type |
+| `meta` | object | Zone metadata |
+|   ↳ `cdn_only` | boolean | Whether the zone is CDN only |
+|   ↳ `custom_certificate_quota` | number | Custom certificate quota |
+|   ↳ `dns_only` | boolean | Whether the zone is DNS only |
+|   ↳ `foundation_dns` | boolean | Whether foundation DNS is enabled |
+|   ↳ `page_rule_quota` | number | Page rule quota |
+|   ↳ `phishing_detected` | boolean | Whether phishing was detected |
+|   ↳ `step` | number | Current setup step |
+| `vanity_name_servers` | array | Custom vanity name servers |
+| `permissions` | array | User permissions for the zone |
+
+### `cloudflare_create_zone`
+
+Adds a new zone (domain) to the Cloudflare account.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `name` | string | Yes | The domain name to add \(e.g., "example.com"\) |
+| `accountId` | string | Yes | The Cloudflare account ID |
+| `type` | string | No | Zone type: "full" \(Cloudflare manages DNS\), "partial" \(CNAME setup\), or "secondary" \(secondary DNS\) |
+| `jump_start` | boolean | No | Automatically attempt to fetch existing DNS records when creating the zone |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Created zone ID |
+| `name` | string | Domain name |
+| `status` | string | Zone status \(initializing, pending, active, moved\) |
+| `paused` | boolean | Whether the zone is paused |
+| `type` | string | Zone type \(full, partial, or secondary\) |
+| `name_servers` | array | Assigned Cloudflare name servers |
+| `original_name_servers` | array | Original name servers before moving to Cloudflare |
+| `created_on` | string | ISO 8601 date when the zone was created |
+| `modified_on` | string | ISO 8601 date when the zone was last modified |
+| `activated_on` | string | ISO 8601 date when the zone was activated |
+| `development_mode` | number | Seconds remaining in development mode \(0 = off\) |
+| `plan` | object | Zone plan information |
+|   ↳ `id` | string | Plan identifier |
+|   ↳ `name` | string | Plan name |
+|   ↳ `price` | number | Plan price |
+|   ↳ `is_subscribed` | boolean | Whether the zone is subscribed to the plan |
+|   ↳ `frequency` | string | Plan billing frequency |
+|   ↳ `currency` | string | Plan currency |
+|   ↳ `legacy_id` | string | Legacy plan identifier |
+| `account` | object | Account the zone belongs to |
+|   ↳ `id` | string | Account identifier |
+|   ↳ `name` | string | Account name |
+| `owner` | object | Zone owner information |
+|   ↳ `id` | string | Owner identifier |
+|   ↳ `name` | string | Owner name |
+|   ↳ `type` | string | Owner type |
+| `meta` | object | Zone metadata |
+|   ↳ `cdn_only` | boolean | Whether the zone is CDN only |
+|   ↳ `custom_certificate_quota` | number | Custom certificate quota |
+|   ↳ `dns_only` | boolean | Whether the zone is DNS only |
+|   ↳ `foundation_dns` | boolean | Whether foundation DNS is enabled |
+|   ↳ `page_rule_quota` | number | Page rule quota |
+|   ↳ `phishing_detected` | boolean | Whether phishing was detected |
+|   ↳ `step` | number | Current setup step |
+| `vanity_name_servers` | array | Custom vanity name servers |
+| `permissions` | array | User permissions for the zone |
+
+### `cloudflare_delete_zone`
+
+Deletes a zone (domain) from the Cloudflare account.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to delete |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Deleted zone ID |
+
+### `cloudflare_list_dns_records`
+
+Lists DNS records for a specific zone.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to list DNS records for |
+| `type` | string | No | Filter by record type \(e.g., "A", "AAAA", "CNAME", "MX", "TXT"\) |
+| `name` | string | No | Filter by record name \(exact match\) |
+| `content` | string | No | Filter by record content \(exact match\) |
+| `page` | number | No | Page number for pagination \(default: 1\) |
+| `per_page` | number | No | Number of records per page \(default: 100, max: 5000000\) |
+| `direction` | string | No | Sort direction \(asc or desc\) |
+| `match` | string | No | Match logic for filters: any or all \(default: all\) |
+| `order` | string | No | Sort field \(type, name, content, ttl, proxied\) |
+| `proxied` | boolean | No | Filter by proxy status |
+| `search` | string | No | Free-text search across record name, content, and value |
+| `tag` | string | No | Filter by tags \(comma-separated\) |
+| `tag_match` | string | No | Tag filter match logic: any or all |
+| `commentFilter` | string | No | Filter records by comment content \(substring match\) |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `records` | array | List of DNS records |
+|   ↳ `id` | string | Unique identifier for the DNS record |
+|   ↳ `zone_id` | string | The ID of the zone the record belongs to |
+|   ↳ `zone_name` | string | The name of the zone |
+|   ↳ `type` | string | Record type \(A, AAAA, CNAME, MX, TXT, etc.\) |
+|   ↳ `name` | string | Record name \(e.g., example.com\) |
+|   ↳ `content` | string | Record content \(e.g., IP address\) |
+|   ↳ `proxiable` | boolean | Whether the record can be proxied |
+|   ↳ `proxied` | boolean | Whether Cloudflare proxy is enabled |
+|   ↳ `ttl` | number | TTL in seconds \(1 = automatic\) |
+|   ↳ `locked` | boolean | Whether the record is locked |
+|   ↳ `priority` | number | MX/SRV record priority |
+|   ↳ `comment` | string | Comment associated with the record |
+|   ↳ `tags` | array | Tags associated with the record |
+|   ↳ `comment_modified_on` | string | ISO 8601 timestamp when the comment was last modified |
+|   ↳ `tags_modified_on` | string | ISO 8601 timestamp when tags were last modified |
+|   ↳ `meta` | object | Record metadata |
+|     ↳ `source` | string | Source of the DNS record |
+|   ↳ `created_on` | string | ISO 8601 timestamp when the record was created |
+|   ↳ `modified_on` | string | ISO 8601 timestamp when the record was last modified |
+| `total_count` | number | Total number of DNS records matching the query |
+
+### `cloudflare_create_dns_record`
+
+Creates a new DNS record for a zone.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to create the DNS record in |
+| `type` | string | Yes | DNS record type \(e.g., "A", "AAAA", "CNAME", "MX", "TXT", "NS", "SRV"\) |
+| `name` | string | Yes | DNS record name \(e.g., "example.com" or "subdomain.example.com"\) |
+| `content` | string | Yes | DNS record content \(e.g., IP address for A records, target for CNAME\) |
+| `ttl` | number | No | Time to live in seconds \(1 = automatic, default: 1\) |
+| `proxied` | boolean | No | Whether to enable Cloudflare proxy \(default: false\) |
+| `priority` | number | No | Priority for MX and SRV records |
+| `comment` | string | No | Comment for the DNS record |
+| `tags` | string | No | Comma-separated tags for the DNS record |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Unique identifier for the created DNS record |
+| `zone_id` | string | The ID of the zone the record belongs to |
+| `zone_name` | string | The name of the zone |
+| `type` | string | DNS record type \(A, AAAA, CNAME, MX, TXT, etc.\) |
+| `name` | string | DNS record hostname |
+| `content` | string | DNS record value \(e.g., IP address, target hostname\) |
+| `proxiable` | boolean | Whether the record can be proxied through Cloudflare |
+| `proxied` | boolean | Whether Cloudflare proxy is enabled |
+| `ttl` | number | Time to live in seconds \(1 = automatic\) |
+| `locked` | boolean | Whether the record is locked |
+| `priority` | number | Priority for MX and SRV records |
+| `comment` | string | Comment associated with the record |
+| `tags` | array | Tags associated with the record |
+| `comment_modified_on` | string | ISO 8601 timestamp when the comment was last modified |
+| `tags_modified_on` | string | ISO 8601 timestamp when tags were last modified |
+| `meta` | object | Record metadata |
+|   ↳ `source` | string | Source of the DNS record |
+| `created_on` | string | ISO 8601 timestamp when the record was created |
+| `modified_on` | string | ISO 8601 timestamp when the record was last modified |
+
+### `cloudflare_update_dns_record`
+
+Updates an existing DNS record for a zone.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID containing the DNS record |
+| `recordId` | string | Yes | The DNS record ID to update |
+| `type` | string | No | DNS record type \(e.g., "A", "AAAA", "CNAME", "MX", "TXT"\) |
+| `name` | string | No | DNS record name |
+| `content` | string | No | DNS record content \(e.g., IP address\) |
+| `ttl` | number | No | Time to live in seconds \(1 = automatic\) |
+| `proxied` | boolean | No | Whether to enable Cloudflare proxy |
+| `priority` | number | No | Priority for MX and SRV records |
+| `comment` | string | No | Comment for the DNS record |
+| `tags` | string | No | Comma-separated tags for the DNS record |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Unique identifier for the updated DNS record |
+| `zone_id` | string | The ID of the zone the record belongs to |
+| `zone_name` | string | The name of the zone |
+| `type` | string | DNS record type \(A, AAAA, CNAME, MX, TXT, etc.\) |
+| `name` | string | DNS record hostname |
+| `content` | string | DNS record value \(e.g., IP address, target hostname\) |
+| `proxiable` | boolean | Whether the record can be proxied through Cloudflare |
+| `proxied` | boolean | Whether Cloudflare proxy is enabled |
+| `ttl` | number | Time to live in seconds \(1 = automatic\) |
+| `locked` | boolean | Whether the record is locked |
+| `priority` | number | Priority for MX and SRV records |
+| `comment` | string | Comment associated with the record |
+| `tags` | array | Tags associated with the record |
+| `comment_modified_on` | string | ISO 8601 timestamp when the comment was last modified |
+| `tags_modified_on` | string | ISO 8601 timestamp when tags were last modified |
+| `meta` | object | Record metadata |
+|   ↳ `source` | string | Source of the DNS record |
+| `created_on` | string | ISO 8601 timestamp when the record was created |
+| `modified_on` | string | ISO 8601 timestamp when the record was last modified |
+
+### `cloudflare_delete_dns_record`
+
+Deletes a DNS record from a zone.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID containing the DNS record |
+| `recordId` | string | Yes | The DNS record ID to delete |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Deleted record ID |
+
+### `cloudflare_list_certificates`
+
+Lists SSL/TLS certificate packs for a zone.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to list certificates for |
+| `status` | string | No | Filter certificate packs by status \(e.g., "all", "active", "pending"\) |
+| `page` | number | No | Page number of paginated results \(default: 1\) |
+| `per_page` | number | No | Number of certificate packs per page \(default: 20, min: 5, max: 50\) |
+| `deploy` | string | No | Filter by deployment environment: "staging" or "production" |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `certificates` | array | List of SSL/TLS certificate packs |
+|   ↳ `id` | string | Certificate pack ID |
+|   ↳ `type` | string | Certificate type \(e.g., "universal", "advanced"\) |
+|   ↳ `hosts` | array | Hostnames covered by this certificate pack |
+|   ↳ `primary_certificate` | string | ID of the primary certificate in the pack |
+|   ↳ `status` | string | Certificate pack status \(e.g., "active", "pending"\) |
+|   ↳ `certificates` | array | Individual certificates within the pack |
+|     ↳ `id` | string | Certificate ID |
+|     ↳ `hosts` | array | Hostnames covered by this certificate |
+|     ↳ `issuer` | string | Certificate issuer |
+|     ↳ `signature` | string | Signature algorithm \(e.g., "ECDSAWithSHA256"\) |
+|     ↳ `status` | string | Certificate status |
+|     ↳ `bundle_method` | string | Bundle method \(e.g., "ubiquitous"\) |
+|     ↳ `zone_id` | string | Zone ID the certificate belongs to |
+|     ↳ `uploaded_on` | string | Upload date \(ISO 8601\) |
+|     ↳ `modified_on` | string | Last modified date \(ISO 8601\) |
+|     ↳ `expires_on` | string | Expiration date \(ISO 8601\) |
+|     ↳ `priority` | number | Certificate priority order |
+|     ↳ `geo_restrictions` | object | Geographic restrictions for the certificate |
+|       ↳ `label` | string | Geographic restriction label |
+|   ↳ `cloudflare_branding` | boolean | Whether Cloudflare branding is enabled on the certificate |
+|   ↳ `validation_method` | string | Validation method \(e.g., "txt", "http", "cname"\) |
+|   ↳ `validity_days` | number | Validity period in days |
+|   ↳ `certificate_authority` | string | Certificate authority \(e.g., "lets_encrypt", "google"\) |
+|   ↳ `validation_errors` | array | Validation issues for the certificate pack |
+|     ↳ `message` | string | Validation error message |
+|   ↳ `validation_records` | array | Validation records for the certificate pack |
+|     ↳ `cname` | string | CNAME record name |
+|     ↳ `cname_target` | string | CNAME record target |
+|     ↳ `emails` | array | Email addresses for validation |
+|     ↳ `http_body` | string | HTTP validation body content |
+|     ↳ `http_url` | string | HTTP validation URL |
+|     ↳ `status` | string | Validation record status |
+|     ↳ `txt_name` | string | TXT record name |
+|     ↳ `txt_value` | string | TXT record value |
+|   ↳ `dcv_delegation_records` | array | Domain control validation delegation records |
+|     ↳ `cname` | string | CNAME record name |
+|     ↳ `cname_target` | string | CNAME record target |
+|     ↳ `emails` | array | Email addresses for validation |
+|     ↳ `http_body` | string | HTTP validation body content |
+|     ↳ `http_url` | string | HTTP validation URL |
+|     ↳ `status` | string | Delegation record status |
+|     ↳ `txt_name` | string | TXT record name |
+|     ↳ `txt_value` | string | TXT record value |
+| `total_count` | number | Total number of certificate packs |
+
+### `cloudflare_get_zone_settings`
+
+Gets all settings for a zone including SSL mode, minification, caching level, and security settings.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to get settings for |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `settings` | array | List of zone settings |
+|   ↳ `id` | string | Setting identifier \(e.g., ssl, minify, cache_level, security_level, always_use_https\) |
+|   ↳ `value` | string | Setting value as a string. Simple values returned as-is \(e.g., "full", "on"\). Complex values are JSON-stringified \(e.g., \ |
+|   ↳ `editable` | boolean | Whether the setting can be modified for the current zone plan |
+|   ↳ `modified_on` | string | ISO 8601 timestamp when the setting was last modified |
+|   ↳ `time_remaining` | number | Seconds remaining until the setting can be modified again \(only present for rate-limited settings\) |
+
+### `cloudflare_update_zone_setting`
+
+Updates a specific zone setting such as SSL mode, security level, cache level, minification, or other configuration.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to update settings for |
+| `settingId` | string | Yes | Setting to update \(e.g., "ssl", "security_level", "cache_level", "minify", "always_use_https", "browser_cache_ttl", "http3", "min_tls_version", "ciphers"\) |
+| `value` | string | Yes | New value for the setting as a string or JSON string for complex values \(e.g., "full" for SSL, "medium" for security_level, "aggressive" for cache_level, \'\{"css":"on","html":"on","js":"on"\}\' for minify, \'\["ECDHE-RSA-AES128-GCM-SHA256"\]\' for ciphers\) |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Setting identifier \(e.g., ssl, minify, cache_level\) |
+| `value` | string | Updated setting value as a string. Simple values returned as-is \(e.g., "full", "on"\). Complex values are JSON-stringified. |
+| `editable` | boolean | Whether the setting can be modified for the current zone plan |
+| `modified_on` | string | ISO 8601 timestamp when the setting was last modified |
+| `time_remaining` | number | Seconds remaining until the setting can be modified again \(only present for rate-limited settings\) |
+
+### `cloudflare_dns_analytics`
+
+Gets DNS analytics report for a zone including query counts and trends.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to get DNS analytics for |
+| `since` | string | No | Start date for analytics \(ISO 8601, e.g., "2024-01-01T00:00:00Z"\) or relative \(e.g., "-6h"\) |
+| `until` | string | No | End date for analytics \(ISO 8601, e.g., "2024-01-31T23:59:59Z"\) or relative \(e.g., "now"\) |
+| `metrics` | string | Yes | Comma-separated metrics to retrieve \(e.g., "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedian,responseTime90th,responseTime99th"\) |
+| `dimensions` | string | No | Comma-separated dimensions to group by \(e.g., "queryName,queryType,responseCode,responseCached,coloName,origin,dayOfWeek,tcp,ipVersion,querySizeBucket,responseSizeBucket"\) |
+| `filters` | string | No | Filters to apply to the data \(e.g., "queryType==A"\) |
+| `sort` | string | No | Sort order for the result set. Fields must be included in metrics or dimensions \(e.g., "+queryCount" or "-responseTimeAvg"\) |
+| `limit` | number | No | Maximum number of results to return |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `totals` | object | Aggregate DNS analytics totals for the entire queried period |
+|   ↳ `queryCount` | number | Total number of DNS queries |
+|   ↳ `uncachedCount` | number | Number of uncached DNS queries |
+|   ↳ `staleCount` | number | Number of stale DNS queries |
+|   ↳ `responseTimeAvg` | number | Average response time in milliseconds |
+|   ↳ `responseTimeMedian` | number | Median response time in milliseconds |
+|   ↳ `responseTime90th` | number | 90th percentile response time in milliseconds |
+|   ↳ `responseTime99th` | number | 99th percentile response time in milliseconds |
+| `min` | object | Minimum values across the analytics period |
+|   ↳ `queryCount` | number | Minimum number of DNS queries |
+|   ↳ `uncachedCount` | number | Minimum number of uncached DNS queries |
+|   ↳ `staleCount` | number | Minimum number of stale DNS queries |
+|   ↳ `responseTimeAvg` | number | Minimum average response time in milliseconds |
+|   ↳ `responseTimeMedian` | number | Minimum median response time in milliseconds |
+|   ↳ `responseTime90th` | number | Minimum 90th percentile response time in milliseconds |
+|   ↳ `responseTime99th` | number | Minimum 99th percentile response time in milliseconds |
+| `max` | object | Maximum values across the analytics period |
+|   ↳ `queryCount` | number | Maximum number of DNS queries |
+|   ↳ `uncachedCount` | number | Maximum number of uncached DNS queries |
+|   ↳ `staleCount` | number | Maximum number of stale DNS queries |
+|   ↳ `responseTimeAvg` | number | Maximum average response time in milliseconds |
+|   ↳ `responseTimeMedian` | number | Maximum median response time in milliseconds |
+|   ↳ `responseTime90th` | number | Maximum 90th percentile response time in milliseconds |
+|   ↳ `responseTime99th` | number | Maximum 99th percentile response time in milliseconds |
+| `data` | array | Raw analytics data rows returned by the Cloudflare DNS analytics report |
+|   ↳ `dimensions` | array | Dimension values for this data row, parallel to the requested dimensions list |
+|   ↳ `metrics` | array | Metric values for this data row, parallel to the requested metrics list |
+| `data_lag` | number | Processing lag in seconds before analytics data becomes available |
+| `rows` | number | Total number of rows in the result set |
+| `query` | object | Echo of the query parameters sent to the API |
+|   ↳ `since` | string | Start date of the analytics query |
+|   ↳ `until` | string | End date of the analytics query |
+|   ↳ `metrics` | array | Metrics requested in the query |
+|   ↳ `dimensions` | array | Dimensions requested in the query |
+|   ↳ `filters` | string | Filters applied to the query |
+|   ↳ `sort` | array | Sort order applied to the query |
+|   ↳ `limit` | number | Maximum number of results requested |
+
+### `cloudflare_purge_cache`
+
+Purges cached content for a zone. Can purge everything or specific files/tags/hosts/prefixes.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `zoneId` | string | Yes | The zone ID to purge cache for |
+| `purge_everything` | boolean | No | Set to true to purge all cached content. Mutually exclusive with files, tags, hosts, and prefixes |
+| `files` | string | No | Comma-separated list of URLs to purge from cache |
+| `tags` | string | No | Comma-separated list of cache tags to purge \(Enterprise only\) |
+| `hosts` | string | No | Comma-separated list of hostnames to purge \(Enterprise only\) |
+| `prefixes` | string | No | Comma-separated list of URL prefixes to purge \(Enterprise only\) |
+| `apiKey` | string | Yes | Cloudflare API Token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Purge request identifier returned by Cloudflare |
+
+

apps/docs/content/docs/en/tools/meta.json

@@ -15,6 +15,7 @@
     "circleback",
     "clay",
     "clerk",
+    "cloudflare",
     "confluence",
     "cursor",
     "datadog",
@@ -68,6 +69,7 @@
     "mailgun",
     "mem0",
     "memory",
+    "microsoft_dataverse",
     "microsoft_excel",
     "microsoft_planner",
     "microsoft_teams",
@@ -122,6 +124,7 @@
     "twilio_sms",
     "twilio_voice",
     "typeform",
+    "vercel",
     "video_generator",
     "vision",
     "wealthbox",

apps/docs/content/docs/en/tools/microsoft_dataverse.mdx

@@ -0,0 +1,426 @@
+---
+title: Microsoft Dataverse
+description: Manage records in Microsoft Dataverse tables
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="microsoft_dataverse"
+  color="#E0E0E0"
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+[Microsoft Dataverse](https://learn.microsoft.com/en-us/power-apps/maker/data-platform/data-platform-intro) is a powerful cloud data platform for securely storing, managing, and interacting with structured business data. The Microsoft Dataverse integration enables you to programmatically create, read, update, delete, and link records in Dataverse tables as part of your workflow and automation needs.
+
+With Microsoft Dataverse integration, you can:
+
+- **List and query records:** Access lists of records or query with advanced filters to find the data you need from any Dataverse table.
+- **Create and update records:** Add new records or update existing ones in any table for use across Power Platform, Dynamics 365, and custom apps.
+- **Delete and manage records:** Remove records as part of data lifecycle management directly from your automation flows.
+- **Associate and disassociate records:** Link related items together or remove associations using entity relationships and navigation properties—essential for reflecting complex business processes.
+- **Work with any Dataverse environment:** Connect to your organization’s environments, including production, sandbox, or Dynamics 365 tenants, for maximum flexibility.
+- **Integrate with Power Platform and Dynamics 365:** Automate tasks ranging from sales and marketing data updates to custom app workflows—all powered by Dataverse's security and governance.
+
+The Dataverse integration empowers solution builders and business users to automate business processes, maintain accurate and up-to-date information, create system integrations, trigger actions, and drive insights—all with robust security and governance.
+
+Connect Microsoft Dataverse to your automations to unlock sophisticated data management, orchestration, and business logic across your apps, teams, and cloud services.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Integrate Microsoft Dataverse into your workflow. Create, read, update, delete, upsert, associate, query, search, and execute actions and functions against Dataverse tables using the Web API. Supports bulk operations, FetchXML, file uploads, and relevance search. Works with Dynamics 365, Power Platform, and custom Dataverse environments.
+
+
+
+## Tools
+
+### `microsoft_dataverse_associate`
+
+Associate two records in Microsoft Dataverse via a navigation property. Creates a relationship between a source record and a target record. Supports both collection-valued (POST) and single-valued (PUT) navigation properties.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Source entity set name \(e.g., accounts\) |
+| `recordId` | string | Yes | Source record GUID |
+| `navigationProperty` | string | Yes | Navigation property name \(e.g., contact_customer_accounts for collection-valued, or parentcustomerid_account for single-valued\) |
+| `targetEntitySetName` | string | Yes | Target entity set name \(e.g., contacts\) |
+| `targetRecordId` | string | Yes | Target record GUID to associate |
+| `navigationType` | string | No | Type of navigation property: "collection" \(default, uses POST\) or "single" \(uses PUT for lookup fields\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `success` | boolean | Whether the association was created successfully |
+| `entitySetName` | string | Source entity set name used in the association |
+| `recordId` | string | Source record GUID that was associated |
+| `navigationProperty` | string | Navigation property used for the association |
+| `targetEntitySetName` | string | Target entity set name used in the association |
+| `targetRecordId` | string | Target record GUID that was associated |
+
+### `microsoft_dataverse_create_multiple`
+
+Create multiple records of the same table type in a single request. Each record in the Targets array must include an @odata.type annotation. Recommended batch size: 100-1000 records for standard tables.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `entityLogicalName` | string | Yes | Table logical name for @odata.type annotation \(e.g., account, contact\). Used to set Microsoft.Dynamics.CRM.\{entityLogicalName\} on each record. |
+| `records` | object | Yes | Array of record objects to create. Each record should contain column logical names as keys. The @odata.type annotation is added automatically. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ids` | array | Array of GUIDs for the created records |
+| `count` | number | Number of records created |
+| `success` | boolean | Whether all records were created successfully |
+
+### `microsoft_dataverse_create_record`
+
+Create a new record in a Microsoft Dataverse table. Requires the entity set name (plural table name) and record data as a JSON object.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `data` | object | Yes | Record data as a JSON object with column names as keys |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `recordId` | string | The ID of the created record |
+| `record` | object | Dataverse record object. Contains dynamic columns based on the queried table, plus OData metadata fields. |
+| `success` | boolean | Whether the record was created successfully |
+
+### `microsoft_dataverse_delete_record`
+
+Delete a record from a Microsoft Dataverse table by its ID.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | The unique identifier \(GUID\) of the record to delete |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `recordId` | string | The ID of the deleted record |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_disassociate`
+
+Remove an association between two records in Microsoft Dataverse. For collection-valued navigation properties, provide the target record ID. For single-valued navigation properties, only the navigation property name is needed.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Source entity set name \(e.g., accounts\) |
+| `recordId` | string | Yes | Source record GUID |
+| `navigationProperty` | string | Yes | Navigation property name \(e.g., contact_customer_accounts for collection-valued, or parentcustomerid_account for single-valued\) |
+| `targetRecordId` | string | No | Target record GUID \(required for collection-valued navigation properties, omit for single-valued\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `success` | boolean | Whether the disassociation was completed successfully |
+| `entitySetName` | string | Source entity set name used in the disassociation |
+| `recordId` | string | Source record GUID that was disassociated |
+| `navigationProperty` | string | Navigation property used for the disassociation |
+| `targetRecordId` | string | Target record GUID that was disassociated |
+
+### `microsoft_dataverse_download_file`
+
+Download a file from a file or image column on a Dataverse record. Returns the file content as a base64-encoded string along with file metadata from response headers.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | Record GUID to download the file from |
+| `fileColumn` | string | Yes | File or image column logical name \(e.g., entityimage, cr_document\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `fileContent` | string | Base64-encoded file content |
+| `fileName` | string | Name of the downloaded file |
+| `fileSize` | number | File size in bytes |
+| `mimeType` | string | MIME type of the file |
+| `success` | boolean | Whether the file was downloaded successfully |
+
+### `microsoft_dataverse_execute_action`
+
+Execute a bound or unbound Dataverse action. Actions perform operations with side effects (e.g., Merge, GrantAccess, SendEmail, QualifyLead). For bound actions, provide the entity set name and record ID.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `actionName` | string | Yes | Action name \(e.g., Merge, GrantAccess, SendEmail\). Do not include the Microsoft.Dynamics.CRM. namespace prefix for unbound actions. |
+| `entitySetName` | string | No | Entity set name for bound actions \(e.g., accounts\). Leave empty for unbound actions. |
+| `recordId` | string | No | Record GUID for bound actions. Leave empty for unbound or collection-bound actions. |
+| `parameters` | object | No | Action parameters as a JSON object. For entity references, include @odata.type annotation \(e.g., \{"Target": \{"@odata.type": "Microsoft.Dynamics.CRM.account", "accountid": "..."\}\}\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `result` | object | Action response data. Structure varies by action. Null for actions that return 204 No Content. |
+| `success` | boolean | Whether the action executed successfully |
+
+### `microsoft_dataverse_execute_function`
+
+Execute a bound or unbound Dataverse function. Functions are read-only operations (e.g., RetrievePrincipalAccess, RetrieveTotalRecordCount, InitializeFrom). For bound functions, provide the entity set name and record ID.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `functionName` | string | Yes | Function name \(e.g., RetrievePrincipalAccess, RetrieveTotalRecordCount\). Do not include the Microsoft.Dynamics.CRM. namespace prefix for unbound functions. |
+| `entitySetName` | string | No | Entity set name for bound functions \(e.g., systemusers\). Leave empty for unbound functions. |
+| `recordId` | string | No | Record GUID for bound functions. Leave empty for unbound functions. |
+| `parameters` | string | No | Function parameters as a comma-separated list of name=value pairs for the URL \(e.g., "LocalizedStandardName=\'Pacific Standard Time\ |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `result` | object | Function response data. Structure varies by function. |
+| `success` | boolean | Whether the function executed successfully |
+
+### `microsoft_dataverse_fetchxml_query`
+
+Execute a FetchXML query against a Microsoft Dataverse table. FetchXML supports aggregation, grouping, linked-entity joins, and complex filtering beyond OData capabilities.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `fetchXml` | string | Yes | FetchXML query string. Must include &lt;fetch&gt; root element and &lt;entity&gt; child element matching the table logical name. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `records` | array | Array of Dataverse records. Each record has dynamic columns based on the table schema. |
+| `count` | number | Number of records returned in the current page |
+| `fetchXmlPagingCookie` | string | Paging cookie for retrieving the next page of results |
+| `moreRecords` | boolean | Whether more records are available beyond the current page |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_get_record`
+
+Retrieve a single record from a Microsoft Dataverse table by its ID. Supports $select and $expand OData query options.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | The unique identifier \(GUID\) of the record to retrieve |
+| `select` | string | No | Comma-separated list of columns to return \(OData $select\) |
+| `expand` | string | No | Navigation properties to expand \(OData $expand\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `record` | object | Dataverse record object. Contains dynamic columns based on the queried table, plus OData metadata fields. |
+| `recordId` | string | The record primary key ID \(auto-detected from response\) |
+| `success` | boolean | Whether the record was retrieved successfully |
+
+### `microsoft_dataverse_list_records`
+
+Query and list records from a Microsoft Dataverse table. Supports OData query options for filtering, selecting columns, ordering, and pagination.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `select` | string | No | Comma-separated list of columns to return \(OData $select\) |
+| `filter` | string | No | OData $filter expression \(e.g., statecode eq 0\) |
+| `orderBy` | string | No | OData $orderby expression \(e.g., name asc, createdon desc\) |
+| `top` | number | No | Maximum number of records to return \(OData $top\) |
+| `expand` | string | No | Navigation properties to expand \(OData $expand\) |
+| `count` | string | No | Set to "true" to include total record count in response \(OData $count\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `records` | array | Array of Dataverse records. Each record has dynamic columns based on the table schema. |
+| `count` | number | Number of records returned in the current page |
+| `totalCount` | number | Total number of matching records server-side \(requires $count=true\) |
+| `nextLink` | string | URL for the next page of results |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_search`
+
+Perform a full-text relevance search across Microsoft Dataverse tables. Requires Dataverse Search to be enabled on the environment. Supports simple and Lucene query syntax.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `searchTerm` | string | Yes | Search text \(1-100 chars\). Supports simple syntax: + \(AND\), \| \(OR\), - \(NOT\), * \(wildcard\), "exact phrase" |
+| `entities` | string | No | JSON array of search entity configs. Each object: \{"Name":"account","SelectColumns":\["name"\],"SearchColumns":\["name"\],"Filter":"statecode eq 0"\} |
+| `filter` | string | No | Global OData filter applied across all entities \(e.g., "createdon gt 2024-01-01"\) |
+| `facets` | string | No | JSON array of facet specifications \(e.g., \["entityname,count:100","ownerid,count:100"\]\) |
+| `top` | number | No | Maximum number of results \(default: 50, max: 100\) |
+| `skip` | number | No | Number of results to skip for pagination |
+| `orderBy` | string | No | JSON array of sort expressions \(e.g., \["createdon desc"\]\) |
+| `searchMode` | string | No | Search mode: "any" \(default, match any term\) or "all" \(match all terms\) |
+| `searchType` | string | No | Query type: "simple" \(default\) or "lucene" \(enables regex, fuzzy, proximity, boosting\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `results` | array | Array of search result objects |
+|   ↳ `Id` | string | Record GUID |
+|   ↳ `EntityName` | string | Table logical name \(e.g., account, contact\) |
+|   ↳ `ObjectTypeCode` | number | Entity type code |
+|   ↳ `Attributes` | object | Record attributes matching the search. Keys are column logical names. |
+|   ↳ `Highlights` | object | Highlighted search matches. Keys are column names, values are arrays of strings with \{crmhit\}/\{/crmhit\} markers. |
+|   ↳ `Score` | number | Relevance score for this result |
+| `totalCount` | number | Total number of matching records across all tables |
+| `count` | number | Number of results returned in this page |
+| `facets` | object | Facet results when facets were requested. Keys are facet names, values are arrays of facet value objects with count and value properties. |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_update_multiple`
+
+Update multiple records of the same table type in a single request. Each record must include its primary key. Only include columns that need to be changed. Recommended batch size: 100-1000 records.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `entityLogicalName` | string | Yes | Table logical name for @odata.type annotation \(e.g., account, contact\). Used to set Microsoft.Dynamics.CRM.\{entityLogicalName\} on each record. |
+| `records` | object | Yes | Array of record objects to update. Each record must include its primary key \(e.g., accountid\) and only the columns being changed. The @odata.type annotation is added automatically. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `success` | boolean | Whether all records were updated successfully |
+
+### `microsoft_dataverse_update_record`
+
+Update an existing record in a Microsoft Dataverse table. Only send the columns you want to change.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | The unique identifier \(GUID\) of the record to update |
+| `data` | object | Yes | Record data to update as a JSON object with column names as keys |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `recordId` | string | The ID of the updated record |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_upload_file`
+
+Upload a file to a file or image column on a Dataverse record. Supports single-request upload for files up to 128 MB. The file content must be provided as a base64-encoded string.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | Record GUID to upload the file to |
+| `fileColumn` | string | Yes | File or image column logical name \(e.g., entityimage, cr_document\) |
+| `fileName` | string | Yes | Name of the file being uploaded \(e.g., document.pdf\) |
+| `file` | file | No | File to upload \(UserFile object\) |
+| `fileContent` | string | No | Base64-encoded file content \(legacy\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `recordId` | string | Record GUID the file was uploaded to |
+| `fileColumn` | string | File column the file was uploaded to |
+| `fileName` | string | Name of the uploaded file |
+| `success` | boolean | Whether the file was uploaded successfully |
+
+### `microsoft_dataverse_upsert_record`
+
+Create or update a record in a Microsoft Dataverse table. If a record with the given ID exists, it is updated; otherwise, a new record is created.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+| `entitySetName` | string | Yes | Entity set name \(plural table name, e.g., accounts, contacts\) |
+| `recordId` | string | Yes | The unique identifier \(GUID\) of the record to upsert |
+| `data` | object | Yes | Record data as a JSON object with column names as keys |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `recordId` | string | The ID of the upserted record |
+| `created` | boolean | True if the record was created, false if updated |
+| `record` | object | Dataverse record object. Contains dynamic columns based on the queried table, plus OData metadata fields. |
+| `success` | boolean | Operation success status |
+
+### `microsoft_dataverse_whoami`
+
+Retrieve the current authenticated user information from Microsoft Dataverse. Useful for testing connectivity and getting the user ID, business unit ID, and organization ID.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `environmentUrl` | string | Yes | Dataverse environment URL \(e.g., https://myorg.crm.dynamics.com\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `userId` | string | The authenticated user ID |
+| `businessUnitId` | string | The business unit ID |
+| `organizationId` | string | The organization ID |
+| `success` | boolean | Operation success status |
+
+

apps/docs/package.json

@@ -21,7 +21,7 @@
     "fumadocs-mdx": "14.1.0",
     "fumadocs-ui": "16.2.3",
     "lucide-react": "^0.511.0",
-    "next": "16.1.0-canary.21",
+    "next": "16.1.6",
     "next-themes": "^0.4.6",
     "postgres": "^3.4.5",
     "react": "19.2.1",

apps/sim/app/api/billing/credits/route.ts

@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { getCreditBalance } from '@/lib/billing/credits/balance'
 import { purchaseCredits } from '@/lib/billing/credits/purchase'
@@ -57,6 +58,17 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: result.error }, { status: 400 })
     }
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.CREDIT_PURCHASED,
+      resourceType: AuditResourceType.BILLING,
+      description: `Purchased $${validation.data.amount} in credits`,
+      metadata: { amount: validation.data.amount, requestId: validation.data.requestId },
+      request,
+    })
+
     return NextResponse.json({ success: true })
   } catch (error) {
     logger.error('Failed to purchase credits', { error, userId: session.user.id })

apps/sim/app/api/credential-sets/[id]/invite/[invitationId]/route.ts

@@ -4,6 +4,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getEmailSubject, renderPollingGroupInvitationEmail } from '@/components/emails'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { hasCredentialSetsAccess } from '@/lib/billing'
 import { getBaseUrl } from '@/lib/core/utils/urls'
@@ -148,6 +149,19 @@ export async function POST(
       userId: session.user.id,
     })
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.CREDENTIAL_SET_INVITATION_RESENT,
+      resourceType: AuditResourceType.CREDENTIAL_SET,
+      resourceId: id,
+      resourceName: result.set.name,
+      description: `Resent credential set invitation to ${invitation.email}`,
+      metadata: { invitationId, email: invitation.email },
+      request: req,
+    })
+
     return NextResponse.json({ success: true })
   } catch (error) {
     logger.error('Error resending invitation', error)

apps/sim/app/api/credential-sets/invite/[token]/route.ts

@@ -8,6 +8,7 @@ import {
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 
@@ -78,6 +79,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ tok
         status: credentialSetInvitation.status,
         expiresAt: credentialSetInvitation.expiresAt,
         invitedBy: credentialSetInvitation.invitedBy,
+        credentialSetName: credentialSet.name,
         providerId: credentialSet.providerId,
       })
       .from(credentialSetInvitation)
@@ -125,7 +127,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ tok
     const now = new Date()
     const requestId = crypto.randomUUID().slice(0, 8)
 
-    // Use transaction to ensure membership + invitation update + webhook sync are atomic
     await db.transaction(async (tx) => {
       await tx.insert(credentialSetMember).values({
         id: crypto.randomUUID(),
@@ -147,8 +148,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ tok
         })
         .where(eq(credentialSetInvitation.id, invitation.id))
 
-      // Clean up all other pending invitations for the same credential set and email
-      // This prevents duplicate invites from showing up after accepting one
       if (invitation.email) {
         await tx
           .update(credentialSetInvitation)
@@ -166,7 +165,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ tok
           )
       }
 
-      // Sync webhooks within the transaction
       const syncResult = await syncAllWebhooksForCredentialSet(
         invitation.credentialSetId,
         requestId,
@@ -184,6 +182,19 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ tok
       userId: session.user.id,
     })
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.CREDENTIAL_SET_INVITATION_ACCEPTED,
+      resourceType: AuditResourceType.CREDENTIAL_SET,
+      resourceId: invitation.credentialSetId,
+      resourceName: invitation.credentialSetName,
+      description: `Accepted credential set invitation`,
+      metadata: { invitationId: invitation.id },
+      request: req,
+    })
+
     return NextResponse.json({
       success: true,
       credentialSetId: invitation.credentialSetId,

apps/sim/app/api/credential-sets/memberships/route.ts

@@ -3,6 +3,7 @@ import { credentialSet, credentialSetMember, organization } from '@sim/db/schema
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 
@@ -106,6 +107,17 @@ export async function DELETE(req: NextRequest) {
       userId: session.user.id,
     })
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.CREDENTIAL_SET_MEMBER_LEFT,
+      resourceType: AuditResourceType.CREDENTIAL_SET,
+      resourceId: credentialSetId,
+      description: `Left credential set`,
+      request: req,
+    })
+
     return NextResponse.json({ success: true })
   } catch (error) {
     const message = error instanceof Error ? error.message : 'Failed to leave credential set'

apps/sim/app/api/environment/route.ts

@@ -4,6 +4,7 @@ import { createLogger } from '@sim/logger'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
 import { generateRequestId } from '@/lib/core/utils/request'
@@ -53,6 +54,17 @@ export async function POST(req: NextRequest) {
           },
         })
 
+      recordAudit({
+        actorId: session.user.id,
+        actorName: session.user.name,
+        actorEmail: session.user.email,
+        action: AuditAction.ENVIRONMENT_UPDATED,
+        resourceType: AuditResourceType.ENVIRONMENT,
+        description: 'Updated global environment variables',
+        metadata: { variableCount: Object.keys(variables).length },
+        request: req,
+      })
+
       return NextResponse.json({ success: true })
     } catch (validationError) {
       if (validationError instanceof z.ZodError) {

apps/sim/app/api/folders/[id]/duplicate/route.ts

@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
 import { workflow, workflowFolder } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
+import { and, eq, isNull, min } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
@@ -37,7 +37,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
 
     logger.info(`[${requestId}] Duplicating folder ${sourceFolderId} for user ${session.user.id}`)
 
-    // Verify the source folder exists
     const sourceFolder = await db
       .select()
       .from(workflowFolder)
@@ -48,7 +47,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       throw new Error('Source folder not found')
     }
 
-    // Check if user has permission to access the source folder
     const userPermission = await getUserEntityPermissions(
       session.user.id,
       'workspace',
@@ -61,26 +59,51 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
 
     const targetWorkspaceId = workspaceId || sourceFolder.workspaceId
 
-    // Step 1: Duplicate folder structure
     const { newFolderId, folderMapping } = await db.transaction(async (tx) => {
       const newFolderId = crypto.randomUUID()
       const now = new Date()
+      const targetParentId = parentId ?? sourceFolder.parentId
+
+      const folderParentCondition = targetParentId
+        ? eq(workflowFolder.parentId, targetParentId)
+        : isNull(workflowFolder.parentId)
+      const workflowParentCondition = targetParentId
+        ? eq(workflow.folderId, targetParentId)
+        : isNull(workflow.folderId)
+
+      const [[folderResult], [workflowResult]] = await Promise.all([
+        tx
+          .select({ minSortOrder: min(workflowFolder.sortOrder) })
+          .from(workflowFolder)
+          .where(and(eq(workflowFolder.workspaceId, targetWorkspaceId), folderParentCondition)),
+        tx
+          .select({ minSortOrder: min(workflow.sortOrder) })
+          .from(workflow)
+          .where(and(eq(workflow.workspaceId, targetWorkspaceId), workflowParentCondition)),
+      ])
+
+      const minSortOrder = [folderResult?.minSortOrder, workflowResult?.minSortOrder].reduce<
+        number | null
+      >((currentMin, candidate) => {
+        if (candidate == null) return currentMin
+        if (currentMin == null) return candidate
+        return Math.min(currentMin, candidate)
+      }, null)
+      const sortOrder = minSortOrder != null ? minSortOrder - 1 : 0
 
-      // Create the new root folder
       await tx.insert(workflowFolder).values({
         id: newFolderId,
         userId: session.user.id,
         workspaceId: targetWorkspaceId,
         name,
         color: color || sourceFolder.color,
-        parentId: parentId || sourceFolder.parentId,
+        parentId: targetParentId,
-        sortOrder: sourceFolder.sortOrder,
+        sortOrder,
         isExpanded: false,
         createdAt: now,
         updatedAt: now,
       })
 
-      // Recursively duplicate child folders
       const folderMapping = new Map<string, string>([[sourceFolderId, newFolderId]])
       await duplicateFolderStructure(
         tx,
@@ -96,7 +119,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       return { newFolderId, folderMapping }
     })
 
-    // Step 2: Duplicate workflows
     const workflowStats = await duplicateWorkflowsInFolderTree(
       sourceFolder.workspaceId,
       targetWorkspaceId,
@@ -173,7 +195,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
   }
 }
 
-// Helper to recursively duplicate folder structure
 async function duplicateFolderStructure(
   tx: any,
   sourceFolderId: string,
@@ -184,7 +205,6 @@ async function duplicateFolderStructure(
   timestamp: Date,
   folderMapping: Map<string, string>
 ): Promise<void> {
-  // Get all child folders
   const childFolders = await tx
     .select()
     .from(workflowFolder)
@@ -195,7 +215,6 @@ async function duplicateFolderStructure(
       )
     )
 
-  // Create each child folder and recurse
   for (const childFolder of childFolders) {
     const newChildFolderId = crypto.randomUUID()
     folderMapping.set(childFolder.id, newChildFolderId)
@@ -213,7 +232,6 @@ async function duplicateFolderStructure(
       updatedAt: timestamp,
     })
 
-    // Recurse for this child's children
     await duplicateFolderStructure(
       tx,
       childFolder.id,
@@ -227,7 +245,6 @@ async function duplicateFolderStructure(
   }
 }
 
-// Helper to duplicate all workflows in a folder tree
 async function duplicateWorkflowsInFolderTree(
   sourceWorkspaceId: string,
   targetWorkspaceId: string,
@@ -237,9 +254,7 @@ async function duplicateWorkflowsInFolderTree(
 ): Promise<{ total: number; succeeded: number; failed: number }> {
   const stats = { total: 0, succeeded: 0, failed: 0 }
 
-  // Process each folder in the mapping
   for (const [oldFolderId, newFolderId] of folderMapping.entries()) {
-    // Get workflows in this folder
     const workflowsInFolder = await db
       .select()
       .from(workflow)
@@ -247,7 +262,6 @@ async function duplicateWorkflowsInFolderTree(
 
     stats.total += workflowsInFolder.length
 
-    // Duplicate each workflow
     for (const sourceWorkflow of workflowsInFolder) {
       try {
         await duplicateWorkflow({

apps/sim/app/api/folders/route.test.ts

@@ -10,9 +10,14 @@ import {
   mockConsoleLogger,
   setupCommonApiMocks,
 } from '@sim/testing'
+import { drizzleOrmMock } from '@sim/testing/mocks'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
 vi.mock('@/lib/audit/log', () => auditMock)
+vi.mock('drizzle-orm', () => ({
+  ...drizzleOrmMock,
+  min: vi.fn((field) => ({ type: 'min', field })),
+}))
 
 interface CapturedFolderValues {
   name?: string
@@ -24,29 +29,35 @@ interface CapturedFolderValues {
 }
 
 function createMockTransaction(mockData: {
-  selectData?: Array<{ id: string; [key: string]: unknown }>
+  selectResults?: Array<Array<{ [key: string]: unknown }>>
   insertResult?: Array<{ id: string; [key: string]: unknown }>
+  onInsertValues?: (values: CapturedFolderValues) => void
 }) {
-  const { selectData = [], insertResult = [] } = mockData
+  const { selectResults = [[], []], insertResult = [], onInsertValues } = mockData
-  return vi.fn().mockImplementation(async (callback: (tx: unknown) => Promise<unknown>) => {
+  return async (callback: (tx: unknown) => Promise<unknown>) => {
+    const where = vi.fn()
+    for (const result of selectResults) {
+      where.mockReturnValueOnce(result)
+    }
+    where.mockReturnValue([])
+
     const tx = {
       select: vi.fn().mockReturnValue({
         from: vi.fn().mockReturnValue({
-          where: vi.fn().mockReturnValue({
+          where,
-            orderBy: vi.fn().mockReturnValue({
-              limit: vi.fn().mockReturnValue(selectData),
-            }),
-          }),
         }),
       }),
       insert: vi.fn().mockReturnValue({
-        values: vi.fn().mockReturnValue({
+        values: vi.fn().mockImplementation((values: CapturedFolderValues) => {
-          returning: vi.fn().mockReturnValue(insertResult),
+          onInsertValues?.(values)
+          return {
+            returning: vi.fn().mockReturnValue(insertResult),
+          }
         }),
       }),
     }
     return await callback(tx)
-  })
+  }
 }
 
 describe('Folders API Route', () => {
@@ -257,25 +268,12 @@ describe('Folders API Route', () => {
     it('should create a new folder successfully', async () => {
       mockAuthenticatedUser()
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[], []],
-            from: vi.fn().mockReturnValue({
+          insertResult: [mockFolders[0]],
-              where: vi.fn().mockReturnValue({
+        })
-                orderBy: vi.fn().mockReturnValue({
+      )
-                  limit: vi.fn().mockReturnValue([]), // No existing folders
-                }),
-              }),
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockReturnValue({
-              returning: vi.fn().mockReturnValue([mockFolders[0]]),
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: 'New Test Folder',
@@ -285,12 +283,11 @@ describe('Folders API Route', () => {
 
       const { POST } = await import('@/app/api/folders/route')
       const response = await POST(req)
+      const responseBody = await response.json()
 
       expect(response.status).toBe(200)
-
+      expect(responseBody).toHaveProperty('folder')
-      const data = await response.json()
+      expect(responseBody.folder).toMatchObject({
-      expect(data).toHaveProperty('folder')
-      expect(data.folder).toMatchObject({
         id: 'folder-1',
         name: 'Test Folder 1',
         workspaceId: 'workspace-123',
@@ -299,26 +296,17 @@ describe('Folders API Route', () => {
 
     it('should create folder with correct sort order', async () => {
       mockAuthenticatedUser()
+      let capturedValues: CapturedFolderValues | null = null
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[{ minSortOrder: 5 }], [{ minSortOrder: 2 }]],
-            from: vi.fn().mockReturnValue({
+          insertResult: [{ ...mockFolders[0], sortOrder: 1 }],
-              where: vi.fn().mockReturnValue({
+          onInsertValues: (values) => {
-                orderBy: vi.fn().mockReturnValue({
+            capturedValues = values
-                  limit: vi.fn().mockReturnValue([{ sortOrder: 5 }]), // Existing folder with sort order 5
+          },
-                }),
+        })
-              }),
+      )
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockReturnValue({
-              returning: vi.fn().mockReturnValue([{ ...mockFolders[0], sortOrder: 6 }]),
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: 'New Test Folder',
@@ -332,8 +320,10 @@ describe('Folders API Route', () => {
 
       const data = await response.json()
       expect(data.folder).toMatchObject({
-        sortOrder: 6,
+        sortOrder: 1,
       })
+      expect(capturedValues).not.toBeNull()
+      expect(capturedValues!.sortOrder).toBe(1)
     })
 
     it('should create subfolder with parent reference', async () => {
@@ -341,7 +331,7 @@ describe('Folders API Route', () => {
 
       mockTransaction.mockImplementationOnce(
         createMockTransaction({
-          selectData: [], // No existing folders
+          selectResults: [[], []],
           insertResult: [{ ...mockFolders[1] }],
         })
       )
@@ -402,25 +392,12 @@ describe('Folders API Route', () => {
       mockAuthenticatedUser()
       mockGetUserEntityPermissions.mockResolvedValue('write') // Write permissions
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[], []],
-            from: vi.fn().mockReturnValue({
+          insertResult: [mockFolders[0]],
-              where: vi.fn().mockReturnValue({
+        })
-                orderBy: vi.fn().mockReturnValue({
+      )
-                  limit: vi.fn().mockReturnValue([]), // No existing folders
-                }),
-              }),
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockReturnValue({
-              returning: vi.fn().mockReturnValue([mockFolders[0]]),
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: 'Test Folder',
@@ -440,25 +417,12 @@ describe('Folders API Route', () => {
       mockAuthenticatedUser()
       mockGetUserEntityPermissions.mockResolvedValue('admin') // Admin permissions
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[], []],
-            from: vi.fn().mockReturnValue({
+          insertResult: [mockFolders[0]],
-              where: vi.fn().mockReturnValue({
+        })
-                orderBy: vi.fn().mockReturnValue({
+      )
-                  limit: vi.fn().mockReturnValue([]), // No existing folders
-                }),
-              }),
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockReturnValue({
-              returning: vi.fn().mockReturnValue([mockFolders[0]]),
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: 'Test Folder',
@@ -527,28 +491,15 @@ describe('Folders API Route', () => {
 
       let capturedValues: CapturedFolderValues | null = null
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[], []],
-            from: vi.fn().mockReturnValue({
+          insertResult: [mockFolders[0]],
-              where: vi.fn().mockReturnValue({
+          onInsertValues: (values) => {
-                orderBy: vi.fn().mockReturnValue({
+            capturedValues = values
-                  limit: vi.fn().mockReturnValue([]),
+          },
-                }),
+        })
-              }),
+      )
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockImplementation((values) => {
-              capturedValues = values
-              return {
-                returning: vi.fn().mockReturnValue([mockFolders[0]]),
-              }
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: '  Test Folder With Spaces  ',
@@ -567,28 +518,15 @@ describe('Folders API Route', () => {
 
       let capturedValues: CapturedFolderValues | null = null
 
-      mockTransaction.mockImplementationOnce(async (callback: any) => {
+      mockTransaction.mockImplementationOnce(
-        const tx = {
+        createMockTransaction({
-          select: vi.fn().mockReturnValue({
+          selectResults: [[], []],
-            from: vi.fn().mockReturnValue({
+          insertResult: [mockFolders[0]],
-              where: vi.fn().mockReturnValue({
+          onInsertValues: (values) => {
-                orderBy: vi.fn().mockReturnValue({
+            capturedValues = values
-                  limit: vi.fn().mockReturnValue([]),
+          },
-                }),
+        })
-              }),
+      )
-            }),
-          }),
-          insert: vi.fn().mockReturnValue({
-            values: vi.fn().mockImplementation((values) => {
-              capturedValues = values
-              return {
-                returning: vi.fn().mockReturnValue([mockFolders[0]]),
-              }
-            }),
-          }),
-        }
-        return await callback(tx)
-      })
 
       const req = createMockRequest('POST', {
         name: 'Test Folder',

apps/sim/app/api/folders/route.ts

@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
-import { workflowFolder } from '@sim/db/schema'
+import { workflow, workflowFolder } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, asc, desc, eq, isNull } from 'drizzle-orm'
+import { and, asc, eq, isNull, min } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
@@ -87,19 +87,33 @@ export async function POST(request: NextRequest) {
       if (providedSortOrder !== undefined) {
         sortOrder = providedSortOrder
       } else {
-        const existingFolders = await tx
+        const folderParentCondition = parentId
-          .select({ sortOrder: workflowFolder.sortOrder })
+          ? eq(workflowFolder.parentId, parentId)
-          .from(workflowFolder)
+          : isNull(workflowFolder.parentId)
-          .where(
+        const workflowParentCondition = parentId
-            and(
+          ? eq(workflow.folderId, parentId)
-              eq(workflowFolder.workspaceId, workspaceId),
+          : isNull(workflow.folderId)
-              parentId ? eq(workflowFolder.parentId, parentId) : isNull(workflowFolder.parentId)
-            )
-          )
-          .orderBy(desc(workflowFolder.sortOrder))
-          .limit(1)
 
-        sortOrder = existingFolders.length > 0 ? existingFolders[0].sortOrder + 1 : 0
+        const [[folderResult], [workflowResult]] = await Promise.all([
+          tx
+            .select({ minSortOrder: min(workflowFolder.sortOrder) })
+            .from(workflowFolder)
+            .where(and(eq(workflowFolder.workspaceId, workspaceId), folderParentCondition)),
+          tx
+            .select({ minSortOrder: min(workflow.sortOrder) })
+            .from(workflow)
+            .where(and(eq(workflow.workspaceId, workspaceId), workflowParentCondition)),
+        ])
+
+        const minSortOrder = [folderResult?.minSortOrder, workflowResult?.minSortOrder].reduce<
+          number | null
+        >((currentMin, candidate) => {
+          if (candidate == null) return currentMin
+          if (currentMin == null) return candidate
+          return Math.min(currentMin, candidate)
+        }, null)
+
+        sortOrder = minSortOrder != null ? minSortOrder - 1 : 0
       }
 
       const [folder] = await tx

apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts

@@ -201,6 +201,8 @@ export async function PUT(
         recordAudit({
           workspaceId: accessCheck.knowledgeBase?.workspaceId ?? null,
           actorId: userId,
+          actorName: auth.userName,
+          actorEmail: auth.userEmail,
           action: AuditAction.DOCUMENT_UPDATED,
           resourceType: AuditResourceType.DOCUMENT,
           resourceId: documentId,
@@ -272,6 +274,8 @@ export async function DELETE(
     recordAudit({
       workspaceId: accessCheck.knowledgeBase?.workspaceId ?? null,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.DOCUMENT_DELETED,
       resourceType: AuditResourceType.DOCUMENT,
       resourceId: documentId,

apps/sim/app/api/knowledge/[id]/documents/route.ts

@@ -248,6 +248,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
         recordAudit({
           workspaceId: accessCheck.knowledgeBase?.workspaceId ?? null,
           actorId: userId,
+          actorName: auth.userName,
+          actorEmail: auth.userEmail,
           action: AuditAction.DOCUMENT_UPLOADED,
           resourceType: AuditResourceType.DOCUMENT,
           resourceId: knowledgeBaseId,
@@ -307,6 +309,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
         recordAudit({
           workspaceId: accessCheck.knowledgeBase?.workspaceId ?? null,
           actorId: userId,
+          actorName: auth.userName,
+          actorEmail: auth.userEmail,
           action: AuditAction.DOCUMENT_UPLOADED,
           resourceType: AuditResourceType.DOCUMENT,
           resourceId: knowledgeBaseId,

apps/sim/app/api/knowledge/[id]/route.ts

@@ -139,6 +139,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
       recordAudit({
         workspaceId: accessCheck.knowledgeBase.workspaceId ?? null,
         actorId: userId,
+        actorName: auth.userName,
+        actorEmail: auth.userEmail,
         action: AuditAction.KNOWLEDGE_BASE_UPDATED,
         resourceType: AuditResourceType.KNOWLEDGE_BASE,
         resourceId: id,
@@ -212,6 +214,8 @@ export async function DELETE(
     recordAudit({
       workspaceId: accessCheck.knowledgeBase.workspaceId ?? null,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.KNOWLEDGE_BASE_DELETED,
       resourceType: AuditResourceType.KNOWLEDGE_BASE,
       resourceId: id,

apps/sim/app/api/mcp/servers/[id]/route.ts

@@ -17,7 +17,11 @@ export const dynamic = 'force-dynamic'
  * PATCH - Update an MCP server in the workspace (requires write or admin permission)
  */
 export const PATCH = withMcpAuth<{ id: string }>('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     const { id: serverId } = await params
 
     try {
@@ -90,6 +94,8 @@ export const PATCH = withMcpAuth<{ id: string }>('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_UPDATED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,

apps/sim/app/api/mcp/servers/route.ts

@@ -56,7 +56,7 @@ export const GET = withMcpAuth('read')(
  * it will be updated instead of creating a duplicate.
  */
 export const POST = withMcpAuth('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+  async (request: NextRequest, { userId, userName, userEmail, workspaceId, requestId }) => {
     try {
       const body = getParsedBody(request) || (await request.json())
 
@@ -165,6 +165,8 @@ export const POST = withMcpAuth('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_ADDED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,
@@ -190,7 +192,7 @@ export const POST = withMcpAuth('write')(
  * DELETE - Delete an MCP server from the workspace (requires admin permission)
  */
 export const DELETE = withMcpAuth('admin')(
-  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+  async (request: NextRequest, { userId, userName, userEmail, workspaceId, requestId }) => {
     try {
       const { searchParams } = new URL(request.url)
       const serverId = searchParams.get('serverId')
@@ -225,6 +227,8 @@ export const DELETE = withMcpAuth('admin')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_REMOVED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId!,

apps/sim/app/api/mcp/workflow-servers/[id]/route.ts

@@ -72,7 +72,11 @@ export const GET = withMcpAuth<RouteParams>('read')(
  * PATCH - Update a workflow MCP server
  */
 export const PATCH = withMcpAuth<RouteParams>('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     try {
       const { id: serverId } = await params
       const body = getParsedBody(request) || (await request.json())
@@ -116,6 +120,8 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_UPDATED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,
@@ -140,7 +146,11 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
  * DELETE - Delete a workflow MCP server and all its tools
  */
 export const DELETE = withMcpAuth<RouteParams>('admin')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     try {
       const { id: serverId } = await params
 
@@ -164,6 +174,8 @@ export const DELETE = withMcpAuth<RouteParams>('admin')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_REMOVED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,

apps/sim/app/api/mcp/workflow-servers/[id]/tools/[toolId]/route.ts

@@ -66,7 +66,11 @@ export const GET = withMcpAuth<RouteParams>('read')(
  * PATCH - Update a tool's configuration
  */
 export const PATCH = withMcpAuth<RouteParams>('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     try {
       const { id: serverId, toolId } = await params
       const body = getParsedBody(request) || (await request.json())
@@ -122,6 +126,8 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_UPDATED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,
@@ -146,7 +152,11 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
  * DELETE - Remove a tool from an MCP server
  */
 export const DELETE = withMcpAuth<RouteParams>('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     try {
       const { id: serverId, toolId } = await params
 
@@ -180,6 +190,8 @@ export const DELETE = withMcpAuth<RouteParams>('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_UPDATED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,

apps/sim/app/api/mcp/workflow-servers/[id]/tools/route.ts

@@ -77,7 +77,11 @@ export const GET = withMcpAuth<RouteParams>('read')(
  * POST - Add a workflow as a tool to an MCP server
  */
 export const POST = withMcpAuth<RouteParams>('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }, { params }) => {
+  async (
+    request: NextRequest,
+    { userId, userName, userEmail, workspaceId, requestId },
+    { params }
+  ) => {
     try {
       const { id: serverId } = await params
       const body = getParsedBody(request) || (await request.json())
@@ -201,6 +205,8 @@ export const POST = withMcpAuth<RouteParams>('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_UPDATED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,

apps/sim/app/api/mcp/workflow-servers/route.ts

@@ -86,7 +86,7 @@ export const GET = withMcpAuth('read')(
  * POST - Create a new workflow MCP server
  */
 export const POST = withMcpAuth('write')(
-  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+  async (request: NextRequest, { userId, userName, userEmail, workspaceId, requestId }) => {
     try {
       const body = getParsedBody(request) || (await request.json())
 
@@ -192,6 +192,8 @@ export const POST = withMcpAuth('write')(
       recordAudit({
         workspaceId,
         actorId: userId,
+        actorName: userName,
+        actorEmail: userEmail,
         action: AuditAction.MCP_SERVER_ADDED,
         resourceType: AuditResourceType.MCP_SERVER,
         resourceId: serverId,

apps/sim/app/api/templates/[id]/route.ts

@@ -4,6 +4,7 @@ import { createLogger } from '@sim/logger'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
 import {
@@ -247,6 +248,18 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
 
     logger.info(`[${requestId}] Successfully updated template: ${id}`)
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.TEMPLATE_UPDATED,
+      resourceType: AuditResourceType.TEMPLATE,
+      resourceId: id,
+      resourceName: name ?? template.name,
+      description: `Updated template "${name ?? template.name}"`,
+      request,
+    })
+
     return NextResponse.json({
       data: updatedTemplate[0],
       message: 'Template updated successfully',
@@ -300,6 +313,19 @@ export async function DELETE(
     await db.delete(templates).where(eq(templates.id, id))
 
     logger.info(`[${requestId}] Deleted template: ${id}`)
+
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.TEMPLATE_DELETED,
+      resourceType: AuditResourceType.TEMPLATE,
+      resourceId: id,
+      resourceName: template.name,
+      description: `Deleted template "${template.name}"`,
+      request,
+    })
+
     return NextResponse.json({ success: true })
   } catch (error: any) {
     logger.error(`[${requestId}] Error deleting template: ${id}`, error)

apps/sim/app/api/templates/route.ts

@@ -11,6 +11,7 @@ import { and, desc, eq, ilike, or, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
@@ -285,6 +286,18 @@ export async function POST(request: NextRequest) {
 
     logger.info(`[${requestId}] Successfully created template: ${templateId}`)
 
+    recordAudit({
+      actorId: session.user.id,
+      actorName: session.user.name,
+      actorEmail: session.user.email,
+      action: AuditAction.TEMPLATE_CREATED,
+      resourceType: AuditResourceType.TEMPLATE,
+      resourceId: templateId,
+      resourceName: data.name,
+      description: `Created template "${data.name}"`,
+      request,
+    })
+
     return NextResponse.json(
       {
         id: templateId,

apps/sim/app/api/tools/microsoft-dataverse/upload-file/route.ts

@@ -0,0 +1,145 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { RawFileInputSchema } from '@/lib/uploads/utils/file-schemas'
+import { processSingleFileToUserFile } from '@/lib/uploads/utils/file-utils'
+import { downloadFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('DataverseUploadFileAPI')
+
+const DataverseUploadFileSchema = z.object({
+  accessToken: z.string().min(1, 'Access token is required'),
+  environmentUrl: z.string().min(1, 'Environment URL is required'),
+  entitySetName: z.string().min(1, 'Entity set name is required'),
+  recordId: z.string().min(1, 'Record ID is required'),
+  fileColumn: z.string().min(1, 'File column is required'),
+  fileName: z.string().min(1, 'File name is required'),
+  file: RawFileInputSchema.optional().nullable(),
+  fileContent: z.string().optional().nullable(),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+
+    if (!authResult.success) {
+      logger.warn(`[${requestId}] Unauthorized Dataverse upload attempt: ${authResult.error}`)
+      return NextResponse.json(
+        { success: false, error: authResult.error || 'Authentication required' },
+        { status: 401 }
+      )
+    }
+
+    logger.info(
+      `[${requestId}] Authenticated Dataverse upload request via ${authResult.authType}`,
+      {
+        userId: authResult.userId,
+      }
+    )
+
+    const body = await request.json()
+    const validatedData = DataverseUploadFileSchema.parse(body)
+
+    logger.info(`[${requestId}] Uploading file to Dataverse`, {
+      entitySetName: validatedData.entitySetName,
+      recordId: validatedData.recordId,
+      fileColumn: validatedData.fileColumn,
+      fileName: validatedData.fileName,
+      hasFile: !!validatedData.file,
+      hasFileContent: !!validatedData.fileContent,
+    })
+
+    let fileBuffer: Buffer
+
+    if (validatedData.file) {
+      const rawFile = validatedData.file
+      logger.info(`[${requestId}] Processing UserFile upload: ${rawFile.name}`)
+
+      let userFile
+      try {
+        userFile = processSingleFileToUserFile(rawFile, requestId, logger)
+      } catch (error) {
+        return NextResponse.json(
+          {
+            success: false,
+            error: error instanceof Error ? error.message : 'Failed to process file',
+          },
+          { status: 400 }
+        )
+      }
+
+      fileBuffer = await downloadFileFromStorage(userFile, requestId, logger)
+    } else if (validatedData.fileContent) {
+      fileBuffer = Buffer.from(validatedData.fileContent, 'base64')
+    } else {
+      return NextResponse.json(
+        { success: false, error: 'Either file or fileContent must be provided' },
+        { status: 400 }
+      )
+    }
+
+    const baseUrl = validatedData.environmentUrl.replace(/\/$/, '')
+    const uploadUrl = `${baseUrl}/api/data/v9.2/${validatedData.entitySetName}(${validatedData.recordId})/${validatedData.fileColumn}`
+
+    const response = await fetch(uploadUrl, {
+      method: 'PATCH',
+      headers: {
+        Authorization: `Bearer ${validatedData.accessToken}`,
+        'Content-Type': 'application/octet-stream',
+        'OData-MaxVersion': '4.0',
+        'OData-Version': '4.0',
+        'x-ms-file-name': validatedData.fileName,
+      },
+      body: new Uint8Array(fileBuffer),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error(`[${requestId}] Dataverse upload file failed`, {
+        errorData,
+        status: response.status,
+      })
+      return NextResponse.json({ success: false, error: errorMessage }, { status: response.status })
+    }
+
+    logger.info(`[${requestId}] File uploaded to Dataverse successfully`, {
+      entitySetName: validatedData.entitySetName,
+      recordId: validatedData.recordId,
+      fileColumn: validatedData.fileColumn,
+    })
+
+    return NextResponse.json({
+      success: true,
+      output: {
+        recordId: validatedData.recordId,
+        fileColumn: validatedData.fileColumn,
+        fileName: validatedData.fileName,
+        success: true,
+      },
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { success: false, error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    logger.error(`[${requestId}] Error uploading file to Dataverse:`, error)
+
+    return NextResponse.json(
+      { success: false, error: error instanceof Error ? error.message : 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/webhooks/[id]/route.ts

@@ -265,6 +265,8 @@ export async function DELETE(
     recordAudit({
       workspaceId: webhookData.workflow.workspaceId || null,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.WEBHOOK_DELETED,
       resourceType: AuditResourceType.WEBHOOK,
       resourceId: id,

apps/sim/app/api/webhooks/route.ts

@@ -146,7 +146,8 @@ export async function GET(request: NextRequest) {
 // Create or Update a webhook
 export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
-  const userId = (await getSession())?.user?.id
+  const session = await getSession()
+  const userId = session?.user?.id
 
   if (!userId) {
     logger.warn(`[${requestId}] Unauthorized webhook creation attempt`)
@@ -683,6 +684,8 @@ export async function POST(request: NextRequest) {
       recordAudit({
         workspaceId: workflowRecord.workspaceId || null,
         actorId: userId,
+        actorName: session?.user?.name ?? undefined,
+        actorEmail: session?.user?.email ?? undefined,
         action: AuditAction.WEBHOOK_CREATED,
         resourceType: AuditResourceType.WEBHOOK,
         resourceId: savedWebhook.id,

apps/sim/app/api/workflows/[id]/deployments/[version]/route.ts

@@ -3,6 +3,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import type { NextRequest } from 'next/server'
 import { z } from 'zod'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { syncMcpToolsForWorkflow } from '@/lib/mcp/workflow-mcp-sync'
 import { restorePreviousVersionWebhooks, saveTriggerWebhooksForDeploy } from '@/lib/webhooks/deploy'
@@ -297,6 +298,19 @@ export async function PATCH(
         }
       }
 
+      recordAudit({
+        workspaceId: workflowData?.workspaceId,
+        actorId: actorUserId,
+        actorName: session?.user?.name,
+        actorEmail: session?.user?.email,
+        action: AuditAction.WORKFLOW_DEPLOYMENT_ACTIVATED,
+        resourceType: AuditResourceType.WORKFLOW,
+        resourceId: id,
+        description: `Activated deployment version ${versionNum}`,
+        metadata: { version: versionNum },
+        request,
+      })
+
       return createSuccessResponse({
         success: true,
         deployedAt: result.deployedAt,

apps/sim/app/api/workflows/[id]/duplicate/route.ts

@@ -65,6 +65,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
     recordAudit({
       workspaceId: workspaceId || null,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.WORKFLOW_DUPLICATED,
       resourceType: AuditResourceType.WORKFLOW,
       resourceId: result.id,

apps/sim/app/api/workflows/[id]/route.ts

@@ -340,6 +340,8 @@ export async function DELETE(
     recordAudit({
       workspaceId: workflowData.workspaceId || null,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.WORKFLOW_DELETED,
       resourceType: AuditResourceType.WORKFLOW,
       resourceId: workflowId,

apps/sim/app/api/workflows/[id]/variables/route.ts

@@ -83,6 +83,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       recordAudit({
         workspaceId: workflowData.workspaceId ?? null,
         actorId: userId,
+        actorName: auth.userName,
+        actorEmail: auth.userEmail,
         action: AuditAction.WORKFLOW_VARIABLES_UPDATED,
         resourceType: AuditResourceType.WORKFLOW,
         resourceId: workflowId,

apps/sim/app/api/workflows/route.test.ts

@@ -0,0 +1,137 @@
+/**
+ * @vitest-environment node
+ */
+import { auditMock, createMockRequest, mockConsoleLogger, setupCommonApiMocks } from '@sim/testing'
+import { drizzleOrmMock } from '@sim/testing/mocks'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockCheckSessionOrInternalAuth = vi.fn()
+const mockGetUserEntityPermissions = vi.fn()
+const mockDbSelect = vi.fn()
+const mockDbInsert = vi.fn()
+const mockWorkflowCreated = vi.fn()
+
+vi.mock('drizzle-orm', () => ({
+  ...drizzleOrmMock,
+  min: vi.fn((field) => ({ type: 'min', field })),
+}))
+
+vi.mock('@/lib/audit/log', () => auditMock)
+
+describe('Workflows API Route - POST ordering', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    vi.clearAllMocks()
+
+    setupCommonApiMocks()
+    mockConsoleLogger()
+
+    vi.stubGlobal('crypto', {
+      randomUUID: vi.fn().mockReturnValue('workflow-new-id'),
+    })
+
+    mockCheckSessionOrInternalAuth.mockResolvedValue({
+      success: true,
+      userId: 'user-123',
+      userName: 'Test User',
+      userEmail: 'test@example.com',
+    })
+    mockGetUserEntityPermissions.mockResolvedValue('write')
+
+    vi.doMock('@sim/db', () => ({
+      db: {
+        select: (...args: unknown[]) => mockDbSelect(...args),
+        insert: (...args: unknown[]) => mockDbInsert(...args),
+      },
+    }))
+
+    vi.doMock('@/lib/auth/hybrid', () => ({
+      checkSessionOrInternalAuth: (...args: unknown[]) => mockCheckSessionOrInternalAuth(...args),
+    }))
+
+    vi.doMock('@/lib/workspaces/permissions/utils', () => ({
+      getUserEntityPermissions: (...args: unknown[]) => mockGetUserEntityPermissions(...args),
+      workspaceExists: vi.fn(),
+    }))
+
+    vi.doMock('@/app/api/workflows/utils', () => ({
+      verifyWorkspaceMembership: vi.fn(),
+    }))
+
+    vi.doMock('@/lib/core/telemetry', () => ({
+      PlatformEvents: {
+        workflowCreated: (...args: unknown[]) => mockWorkflowCreated(...args),
+      },
+    }))
+  })
+
+  it('uses top insertion against mixed siblings (folders + workflows)', async () => {
+    const minResultsQueue: Array<Array<{ minOrder: number }>> = [
+      [{ minOrder: 5 }],
+      [{ minOrder: 2 }],
+    ]
+
+    mockDbSelect.mockImplementation(() => ({
+      from: vi.fn().mockReturnValue({
+        where: vi.fn().mockImplementation(() => Promise.resolve(minResultsQueue.shift() ?? [])),
+      }),
+    }))
+
+    let insertedValues: Record<string, unknown> | null = null
+    mockDbInsert.mockReturnValue({
+      values: vi.fn().mockImplementation((values: Record<string, unknown>) => {
+        insertedValues = values
+        return Promise.resolve(undefined)
+      }),
+    })
+
+    const req = createMockRequest('POST', {
+      name: 'New Workflow',
+      description: 'desc',
+      color: '#3972F6',
+      workspaceId: 'workspace-123',
+      folderId: null,
+    })
+
+    const { POST } = await import('@/app/api/workflows/route')
+    const response = await POST(req)
+    const data = await response.json()
+    expect(response.status).toBe(200)
+    expect(data.sortOrder).toBe(1)
+    expect(insertedValues).not.toBeNull()
+    expect(insertedValues?.sortOrder).toBe(1)
+  })
+
+  it('defaults to sortOrder 0 when there are no siblings', async () => {
+    const minResultsQueue: Array<Array<{ minOrder: number }>> = [[], []]
+
+    mockDbSelect.mockImplementation(() => ({
+      from: vi.fn().mockReturnValue({
+        where: vi.fn().mockImplementation(() => Promise.resolve(minResultsQueue.shift() ?? [])),
+      }),
+    }))
+
+    let insertedValues: Record<string, unknown> | null = null
+    mockDbInsert.mockReturnValue({
+      values: vi.fn().mockImplementation((values: Record<string, unknown>) => {
+        insertedValues = values
+        return Promise.resolve(undefined)
+      }),
+    })
+
+    const req = createMockRequest('POST', {
+      name: 'New Workflow',
+      description: 'desc',
+      color: '#3972F6',
+      workspaceId: 'workspace-123',
+      folderId: null,
+    })
+
+    const { POST } = await import('@/app/api/workflows/route')
+    const response = await POST(req)
+    const data = await response.json()
+    expect(response.status).toBe(200)
+    expect(data.sortOrder).toBe(0)
+    expect(insertedValues?.sortOrder).toBe(0)
+  })
+})

apps/sim/app/api/workflows/route.ts

@@ -1,5 +1,5 @@
 import { db } from '@sim/db'
-import { permissions, workflow } from '@sim/db/schema'
+import { permissions, workflow, workflowFolder } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, asc, eq, inArray, isNull, min } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
@@ -162,12 +162,33 @@ export async function POST(req: NextRequest) {
     if (providedSortOrder !== undefined) {
       sortOrder = providedSortOrder
     } else {
-      const folderCondition = folderId ? eq(workflow.folderId, folderId) : isNull(workflow.folderId)
+      const workflowParentCondition = folderId
-      const [minResult] = await db
+        ? eq(workflow.folderId, folderId)
-        .select({ minOrder: min(workflow.sortOrder) })
+        : isNull(workflow.folderId)
-        .from(workflow)
+      const folderParentCondition = folderId
-        .where(and(eq(workflow.workspaceId, workspaceId), folderCondition))
+        ? eq(workflowFolder.parentId, folderId)
-      sortOrder = (minResult?.minOrder ?? 1) - 1
+        : isNull(workflowFolder.parentId)
+
+      const [[workflowMinResult], [folderMinResult]] = await Promise.all([
+        db
+          .select({ minOrder: min(workflow.sortOrder) })
+          .from(workflow)
+          .where(and(eq(workflow.workspaceId, workspaceId), workflowParentCondition)),
+        db
+          .select({ minOrder: min(workflowFolder.sortOrder) })
+          .from(workflowFolder)
+          .where(and(eq(workflowFolder.workspaceId, workspaceId), folderParentCondition)),
+      ])
+
+      const minSortOrder = [workflowMinResult?.minOrder, folderMinResult?.minOrder].reduce<
+        number | null
+      >((currentMin, candidate) => {
+        if (candidate == null) return currentMin
+        if (currentMin == null) return candidate
+        return Math.min(currentMin, candidate)
+      }, null)
+
+      sortOrder = minSortOrder != null ? minSortOrder - 1 : 0
     }
 
     await db.insert(workflow).values({
@@ -192,6 +213,8 @@ export async function POST(req: NextRequest) {
     recordAudit({
       workspaceId,
       actorId: userId,
+      actorName: auth.userName,
+      actorEmail: auth.userEmail,
       action: AuditAction.WORKFLOW_CREATED,
       resourceType: AuditResourceType.WORKFLOW,
       resourceId: workflowId,

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/integrations/integrations.tsx

@@ -227,7 +227,7 @@ export function Integrations({ onOpenChange, registerCloseHandler }: Integration
     (acc, service) => {
       if (
         permissionConfig.allowedIntegrations !== null &&
-        !permissionConfig.allowedIntegrations.includes(service.id.replace(/-/g, '_'))
+        !permissionConfig.allowedIntegrations.includes(service.id.replace(/-/g, '_').toLowerCase())
       ) {
         return acc
       }

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/subscription-permissions.ts

@@ -7,6 +7,8 @@ export interface SubscriptionPermissions {
   canCancelSubscription: boolean
   showTeamMemberView: boolean
   showUpgradePlans: boolean
+  isEnterpriseMember: boolean
+  canViewUsageInfo: boolean
 }
 
 export interface SubscriptionState {
@@ -31,6 +33,9 @@ export function getSubscriptionPermissions(
   const { isFree, isPro, isTeam, isEnterprise, isPaid } = subscription
   const { isTeamAdmin } = userRole
 
+  const isEnterpriseMember = isEnterprise && !isTeamAdmin
+  const canViewUsageInfo = !isEnterpriseMember
+
   return {
     canUpgradeToPro: isFree,
     canUpgradeToTeam: isFree || (isPro && !isTeam),
@@ -40,6 +45,8 @@ export function getSubscriptionPermissions(
     canCancelSubscription: isPaid && !isEnterprise && !(isTeam && !isTeamAdmin), // Team members can't cancel
     showTeamMemberView: isTeam && !isTeamAdmin,
     showUpgradePlans: isFree || (isPro && !isTeam) || (isTeam && isTeamAdmin), // Free users, Pro users, Team owners see plans
+    isEnterpriseMember,
+    canViewUsageInfo,
   }
 }
 

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/subscription.tsx

@@ -300,12 +300,16 @@ export function Subscription() {
   )
 
   const showBadge =
-    (permissions.canEditUsageLimit && !permissions.showTeamMemberView) ||
+    !permissions.isEnterpriseMember &&
-    permissions.showTeamMemberView ||
+    ((permissions.canEditUsageLimit && !permissions.showTeamMemberView) ||
-    subscription.isEnterprise ||
+      permissions.showTeamMemberView ||
-    isBlocked
+      subscription.isEnterprise ||
+      isBlocked)
 
   const getBadgeConfig = (): { text: string; variant: 'blue-secondary' | 'red' } => {
+    if (permissions.isEnterpriseMember) {
+      return { text: '', variant: 'blue-secondary' }
+    }
     if (permissions.showTeamMemberView || subscription.isEnterprise) {
       return { text: `${subscription.seats} seats`, variant: 'blue-secondary' }
     }
@@ -443,67 +447,75 @@ export function Subscription() {
 
   return (
     <div className='flex h-full flex-col gap-[20px]'>
-      {/* Current Plan & Usage Overview */}
+      {/* Current Plan & Usage Overview - hidden from enterprise members (non-admin) */}
-      <UsageHeader
+      {permissions.canViewUsageInfo ? (
-        title={formatPlanName(subscription.plan)}
+        <UsageHeader
-        showBadge={showBadge}
+          title={formatPlanName(subscription.plan)}
-        badgeText={badgeConfig.text}
+          showBadge={showBadge}
-        badgeVariant={badgeConfig.variant}
+          badgeText={badgeConfig.text}
-        onBadgeClick={permissions.showTeamMemberView ? undefined : handleBadgeClick}
+          badgeVariant={badgeConfig.variant}
-        seatsText={
+          onBadgeClick={permissions.showTeamMemberView ? undefined : handleBadgeClick}
-          permissions.canManageTeam || subscription.isEnterprise
+          seatsText={
-            ? `${subscription.seats} seats`
+            permissions.canManageTeam || subscription.isEnterprise
-            : undefined
+              ? `${subscription.seats} seats`
-        }
+              : undefined
-        current={usage.current}
+          }
-        limit={
+          current={usage.current}
-          subscription.isEnterprise || subscription.isTeam
+          limit={
-            ? organizationBillingData?.data?.totalUsageLimit
+            subscription.isEnterprise || subscription.isTeam
-            : !subscription.isFree &&
+              ? organizationBillingData?.data?.totalUsageLimit
-                (permissions.canEditUsageLimit || permissions.showTeamMemberView)
+              : !subscription.isFree &&
-              ? usage.current // placeholder; rightContent will render UsageLimit
+                  (permissions.canEditUsageLimit || permissions.showTeamMemberView)
-              : usage.limit
+                ? usage.current // placeholder; rightContent will render UsageLimit
-        }
+                : usage.limit
-        isBlocked={isBlocked}
+          }
-        progressValue={Math.min(usage.percentUsed, 100)}
+          isBlocked={isBlocked}
-        rightContent={
+          progressValue={Math.min(usage.percentUsed, 100)}
-          !subscription.isFree &&
+          rightContent={
-          (permissions.canEditUsageLimit || permissions.showTeamMemberView) ? (
+            !subscription.isFree &&
-            <UsageLimit
+            (permissions.canEditUsageLimit || permissions.showTeamMemberView) ? (
-              ref={usageLimitRef}
+              <UsageLimit
-              currentLimit={
+                ref={usageLimitRef}
-                (subscription.isTeam || subscription.isEnterprise) &&
+                currentLimit={
-                isTeamAdmin &&
+                  (subscription.isTeam || subscription.isEnterprise) &&
-                organizationBillingData?.data
+                  isTeamAdmin &&
-                  ? organizationBillingData.data.totalUsageLimit
+                  organizationBillingData?.data
-                  : usageLimitData.currentLimit || usage.limit
+                    ? organizationBillingData.data.totalUsageLimit
-              }
+                    : usageLimitData.currentLimit || usage.limit
-              currentUsage={usage.current}
+                }
-              canEdit={permissions.canEditUsageLimit}
+                currentUsage={usage.current}
-              minimumLimit={
+                canEdit={permissions.canEditUsageLimit}
-                (subscription.isTeam || subscription.isEnterprise) &&
+                minimumLimit={
-                isTeamAdmin &&
+                  (subscription.isTeam || subscription.isEnterprise) &&
-                organizationBillingData?.data
+                  isTeamAdmin &&
-                  ? organizationBillingData.data.minimumBillingAmount
+                  organizationBillingData?.data
-                  : usageLimitData.minimumLimit || (subscription.isPro ? 20 : 40)
+                    ? organizationBillingData.data.minimumBillingAmount
-              }
+                    : usageLimitData.minimumLimit || (subscription.isPro ? 20 : 40)
-              context={
+                }
-                (subscription.isTeam || subscription.isEnterprise) && isTeamAdmin
+                context={
-                  ? 'organization'
+                  (subscription.isTeam || subscription.isEnterprise) && isTeamAdmin
-                  : 'user'
+                    ? 'organization'
-              }
+                    : 'user'
-              organizationId={
+                }
-                (subscription.isTeam || subscription.isEnterprise) && isTeamAdmin
+                organizationId={
-                  ? activeOrgId
+                  (subscription.isTeam || subscription.isEnterprise) && isTeamAdmin
-                  : undefined
+                    ? activeOrgId
-              }
+                    : undefined
-              onLimitUpdated={() => {
+                }
-                logger.info('Usage limit updated')
+                onLimitUpdated={() => {
-              }}
+                  logger.info('Usage limit updated')
-            />
+                }}
-          ) : undefined
+              />
-        }
+            ) : undefined
-      />
+          }
+        />
+      ) : (
+        <div className='flex items-center'>
+          <span className='font-medium text-[14px] text-[var(--text-primary)]'>
+            {formatPlanName(subscription.plan)}
+          </span>
+        </div>
+      )}
 
       {/* Upgrade Plans */}
       {permissions.showUpgradePlans && (
@@ -539,8 +551,8 @@ export function Subscription() {
         </div>
       )}
 
-      {/* Credit Balance */}
+      {/* Credit Balance - hidden from enterprise members (non-admin) */}
-      {subscription.isPaid && (
+      {subscription.isPaid && permissions.canViewUsageInfo && (
         <CreditBalance
           balance={subscriptionData?.data?.creditBalance ?? 0}
           canPurchase={permissions.canEditUsageLimit}
@@ -554,10 +566,11 @@ export function Subscription() {
         <ReferralCode onRedeemComplete={() => refetchSubscription()} />
       )}
 
-      {/* Next Billing Date - hidden from team members */}
+      {/* Next Billing Date - hidden from team members and enterprise members (non-admin) */}
       {subscription.isPaid &&
         subscriptionData?.data?.periodEnd &&
-        !permissions.showTeamMemberView && (
+        !permissions.showTeamMemberView &&
+        !permissions.isEnterpriseMember && (
           <div className='flex items-center justify-between'>
             <Label>Next Billing Date</Label>
             <span className='text-[12px] text-[var(--text-secondary)]'>
@@ -566,8 +579,8 @@ export function Subscription() {
           </div>
         )}
 
-      {/* Usage notifications */}
+      {/* Usage notifications - hidden from enterprise members (non-admin) */}
-      {subscription.isPaid && <BillingUsageNotificationsToggle />}
+      {subscription.isPaid && permissions.canViewUsageInfo && <BillingUsageNotificationsToggle />}
 
       {/* Cancel Subscription */}
       {permissions.canCancelSubscription && (

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/usage-indicator/usage-indicator.tsx

@@ -285,6 +285,7 @@ export function UsageIndicator({ onClick }: UsageIndicatorProps) {
   const isPro = planType === 'pro'
   const isTeam = planType === 'team'
   const isEnterprise = planType === 'enterprise'
+  const isEnterpriseMember = isEnterprise && !userCanManageBilling
 
   const handleUpgradeToPro = useCallback(async () => {
     try {
@@ -463,6 +464,18 @@ export function UsageIndicator({ onClick }: UsageIndicatorProps) {
     }
   }
 
+  if (isEnterpriseMember) {
+    return (
+      <div className='flex flex-shrink-0 flex-col border-t px-[13.5px] pt-[8px] pb-[10px]'>
+        <div className='flex h-[18px] items-center'>
+          <span className='font-medium text-[12px] text-[var(--text-primary)]'>
+            {PLAN_NAMES[planType]}
+          </span>
+        </div>
+      </div>
+    )
+  }
+
   return (
     <>
       <div

apps/sim/blocks/blocks/microsoft_dataverse.ts

@@ -0,0 +1,597 @@
+import { MicrosoftDataverseIcon } from '@/components/icons'
+import type { BlockConfig } from '@/blocks/types'
+import { AuthMode } from '@/blocks/types'
+import { normalizeFileInput } from '@/blocks/utils'
+import type { DataverseResponse } from '@/tools/microsoft_dataverse/types'
+
+export const MicrosoftDataverseBlock: BlockConfig<DataverseResponse> = {
+  type: 'microsoft_dataverse',
+  name: 'Microsoft Dataverse',
+  description: 'Manage records in Microsoft Dataverse tables',
+  authMode: AuthMode.OAuth,
+  longDescription:
+    'Integrate Microsoft Dataverse into your workflow. Create, read, update, delete, upsert, associate, query, search, and execute actions and functions against Dataverse tables using the Web API. Supports bulk operations, FetchXML, file uploads, and relevance search. Works with Dynamics 365, Power Platform, and custom Dataverse environments.',
+  docsLink: 'https://docs.sim.ai/tools/microsoft_dataverse',
+  category: 'tools',
+  bgColor: '#E0E0E0',
+  icon: MicrosoftDataverseIcon,
+  subBlocks: [
+    {
+      id: 'operation',
+      title: 'Operation',
+      type: 'dropdown',
+      options: [
+        { label: 'List Records', id: 'list_records' },
+        { label: 'Get Record', id: 'get_record' },
+        { label: 'Create Record', id: 'create_record' },
+        { label: 'Update Record', id: 'update_record' },
+        { label: 'Upsert Record', id: 'upsert_record' },
+        { label: 'Delete Record', id: 'delete_record' },
+        { label: 'Create Multiple', id: 'create_multiple' },
+        { label: 'Update Multiple', id: 'update_multiple' },
+        { label: 'FetchXML Query', id: 'fetchxml_query' },
+        { label: 'Search', id: 'search' },
+        { label: 'Execute Action', id: 'execute_action' },
+        { label: 'Execute Function', id: 'execute_function' },
+        { label: 'Upload File', id: 'upload_file' },
+        { label: 'Download File', id: 'download_file' },
+        { label: 'Associate Records', id: 'associate' },
+        { label: 'Disassociate Records', id: 'disassociate' },
+        { label: 'WhoAmI', id: 'whoami' },
+      ],
+      value: () => 'list_records',
+    },
+    {
+      id: 'credential',
+      title: 'Microsoft Account',
+      type: 'oauth-input',
+      serviceId: 'microsoft-dataverse',
+      requiredScopes: [
+        'openid',
+        'profile',
+        'email',
+        'https://dynamics.microsoft.com/user_impersonation',
+        'offline_access',
+      ],
+      placeholder: 'Select Microsoft account',
+      required: true,
+    },
+    {
+      id: 'environmentUrl',
+      title: 'Environment URL',
+      type: 'short-input',
+      placeholder: 'https://myorg.crm.dynamics.com',
+      required: true,
+    },
+    {
+      id: 'entitySetName',
+      title: 'Entity Set Name',
+      type: 'short-input',
+      placeholder: 'Plural table name (e.g., accounts, contacts)',
+      condition: {
+        field: 'operation',
+        value: ['whoami', 'search'],
+        not: true,
+      },
+      required: {
+        field: 'operation',
+        value: ['whoami', 'search', 'execute_action', 'execute_function'],
+        not: true,
+      },
+    },
+    {
+      id: 'recordId',
+      title: 'Record ID',
+      type: 'short-input',
+      placeholder: 'Record GUID (e.g., 00000000-0000-0000-0000-000000000000)',
+      condition: {
+        field: 'operation',
+        value: [
+          'get_record',
+          'update_record',
+          'upsert_record',
+          'delete_record',
+          'associate',
+          'disassociate',
+          'upload_file',
+          'download_file',
+          'execute_action',
+          'execute_function',
+        ],
+      },
+      required: {
+        field: 'operation',
+        value: [
+          'get_record',
+          'update_record',
+          'upsert_record',
+          'delete_record',
+          'associate',
+          'disassociate',
+          'upload_file',
+          'download_file',
+        ],
+      },
+    },
+    {
+      id: 'data',
+      title: 'Record Data',
+      type: 'long-input',
+      placeholder:
+        'JSON object with column values (e.g., {"name": "Contoso", "telephone1": "555-0100"})',
+      condition: { field: 'operation', value: ['create_record', 'update_record', 'upsert_record'] },
+      required: { field: 'operation', value: ['create_record', 'update_record', 'upsert_record'] },
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate a Dataverse record JSON object based on the user's description.
+The JSON should contain column logical names as keys and appropriate values.
+Common Dataverse column naming conventions:
+- Text: "name", "description", "emailaddress1", "telephone1"
+- Lookup: "_primarycontactid_value" (read-only), use "primarycontactid@odata.bind": "/contacts(guid)" for setting
+- Choice/OptionSet: integer values (e.g., "statecode": 0, "statuscode": 1)
+- Date: ISO 8601 format (e.g., "createdon": "2024-01-15T00:00:00Z")
+- Currency: decimal numbers (e.g., "revenue": 1000000.00)
+
+Return ONLY valid JSON - no explanations, no markdown code blocks.`,
+        placeholder: 'Describe the record data you want to create or update...',
+        generationType: 'json-object',
+      },
+    },
+    // FetchXML Query
+    {
+      id: 'fetchXml',
+      title: 'FetchXML',
+      type: 'long-input',
+      placeholder:
+        '<fetch top="50"><entity name="account"><attribute name="name"/><filter><condition attribute="statecode" operator="eq" value="0"/></filter></entity></fetch>',
+      condition: { field: 'operation', value: 'fetchxml_query' },
+      required: { field: 'operation', value: 'fetchxml_query' },
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate a FetchXML query for the Microsoft Dataverse Web API based on the user's description.
+FetchXML structure:
+- Root: <fetch top="N" aggregate="true|false" distinct="true|false">
+- Entity: <entity name="logical_name"> (singular table name, e.g., "account")
+- Attributes: <attribute name="column"/> or <all-attributes/>
+- Filter: <filter type="and|or"><condition attribute="name" operator="eq" value="val"/></filter>
+- Order: <order attribute="name" descending="true|false"/>
+- Link-entity: <link-entity name="contact" from="parentcustomerid" to="accountid" alias="c">
+- Aggregation: <attribute name="revenue" aggregate="sum" alias="total"/>
+
+Operators: eq, ne, gt, ge, lt, le, like, not-like, in, not-in, null, not-null, between, not-between, contains, not-contain
+
+Return ONLY valid FetchXML - no explanations, no markdown code blocks.`,
+        placeholder: 'Describe the query you want to run...',
+        generationType: 'json-object',
+      },
+    },
+    // Search
+    {
+      id: 'searchTerm',
+      title: 'Search Term',
+      type: 'short-input',
+      placeholder: 'Search text (e.g., Contoso)',
+      condition: { field: 'operation', value: 'search' },
+      required: { field: 'operation', value: 'search' },
+    },
+    {
+      id: 'searchEntities',
+      title: 'Search Entities',
+      type: 'long-input',
+      placeholder:
+        'JSON array of entity configs (e.g., [{"Name":"account","SelectColumns":["name"],"SearchColumns":["name"]}])',
+      condition: { field: 'operation', value: 'search' },
+      mode: 'advanced',
+    },
+    {
+      id: 'searchMode',
+      title: 'Search Mode',
+      type: 'dropdown',
+      options: [
+        { label: 'Any (match any term)', id: 'any' },
+        { label: 'All (match all terms)', id: 'all' },
+      ],
+      value: () => 'any',
+      condition: { field: 'operation', value: 'search' },
+      mode: 'advanced',
+    },
+    {
+      id: 'searchType',
+      title: 'Query Type',
+      type: 'dropdown',
+      options: [
+        { label: 'Simple (default)', id: 'simple' },
+        { label: 'Lucene (regex, fuzzy, proximity)', id: 'lucene' },
+      ],
+      value: () => 'simple',
+      condition: { field: 'operation', value: 'search' },
+      mode: 'advanced',
+    },
+    // Execute Action
+    {
+      id: 'actionName',
+      title: 'Action Name',
+      type: 'short-input',
+      placeholder: 'e.g., Merge, GrantAccess, SendEmail',
+      condition: { field: 'operation', value: 'execute_action' },
+      required: { field: 'operation', value: 'execute_action' },
+    },
+    // Execute Function
+    {
+      id: 'functionName',
+      title: 'Function Name',
+      type: 'short-input',
+      placeholder: 'e.g., RetrievePrincipalAccess, RetrieveTotalRecordCount',
+      condition: { field: 'operation', value: 'execute_function' },
+      required: { field: 'operation', value: 'execute_function' },
+    },
+    {
+      id: 'functionParameters',
+      title: 'Function Parameters',
+      type: 'short-input',
+      placeholder: "e.g., LocalizedStandardName='Pacific Standard Time',LocaleId=1033",
+      condition: { field: 'operation', value: 'execute_function' },
+      mode: 'advanced',
+    },
+    // Action/Function parameters (shared JSON body for actions)
+    {
+      id: 'parameters',
+      title: 'Action Parameters',
+      type: 'long-input',
+      placeholder:
+        'JSON object with action parameters (e.g., {"Target": {"@odata.type": "Microsoft.Dynamics.CRM.account", "accountid": "..."}})',
+      condition: { field: 'operation', value: 'execute_action' },
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate a JSON object containing parameters for a Microsoft Dataverse action based on the user's description.
+For entity references, include @odata.type annotations:
+- {"Target": {"@odata.type": "Microsoft.Dynamics.CRM.account", "accountid": "guid"}}
+- {"EntityMoniker": {"@odata.type": "Microsoft.Dynamics.CRM.contact", "contactid": "guid"}}
+For simple values, just use the parameter name and value.
+
+Return ONLY valid JSON - no explanations, no markdown code blocks.`,
+        placeholder: 'Describe the action parameters...',
+        generationType: 'json-object',
+      },
+    },
+    // Bulk operations
+    {
+      id: 'entityLogicalName',
+      title: 'Table Logical Name',
+      type: 'short-input',
+      placeholder: 'Singular table name (e.g., account, contact)',
+      condition: { field: 'operation', value: ['create_multiple', 'update_multiple'] },
+      required: { field: 'operation', value: ['create_multiple', 'update_multiple'] },
+    },
+    {
+      id: 'records',
+      title: 'Records',
+      type: 'long-input',
+      placeholder: 'JSON array of records (e.g., [{"name": "Contoso"}, {"name": "Fabrikam"}])',
+      condition: { field: 'operation', value: ['create_multiple', 'update_multiple'] },
+      required: { field: 'operation', value: ['create_multiple', 'update_multiple'] },
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate a JSON array of Dataverse records based on the user's description.
+Each record should be an object with column logical names as keys.
+For UpdateMultiple, each record must include its primary key (e.g., accountid).
+Common column naming conventions:
+- Text: "name", "description", "emailaddress1", "telephone1"
+- Choice/OptionSet: integer values (e.g., "statecode": 0)
+- Date: ISO 8601 format (e.g., "2024-01-15T00:00:00Z")
+
+Return ONLY a valid JSON array - no explanations, no markdown code blocks.`,
+        placeholder: 'Describe the records you want to create or update...',
+        generationType: 'json-object',
+      },
+    },
+    // File operations
+    {
+      id: 'fileColumn',
+      title: 'File Column',
+      type: 'short-input',
+      placeholder: 'File column logical name (e.g., entityimage, cr_document)',
+      condition: { field: 'operation', value: ['upload_file', 'download_file'] },
+      required: { field: 'operation', value: ['upload_file', 'download_file'] },
+    },
+    {
+      id: 'fileName',
+      title: 'File Name',
+      type: 'short-input',
+      placeholder: 'e.g., document.pdf',
+      condition: { field: 'operation', value: 'upload_file' },
+      required: { field: 'operation', value: 'upload_file' },
+    },
+    {
+      id: 'uploadFile',
+      title: 'File',
+      type: 'file-upload',
+      canonicalParamId: 'file',
+      placeholder: 'Upload a file',
+      condition: { field: 'operation', value: 'upload_file' },
+      mode: 'basic',
+      multiple: false,
+      required: { field: 'operation', value: 'upload_file' },
+    },
+    {
+      id: 'fileReference',
+      title: 'File',
+      type: 'short-input',
+      canonicalParamId: 'file',
+      placeholder: 'Reference a file from previous blocks (e.g., {{block_1.output.file}})',
+      condition: { field: 'operation', value: 'upload_file' },
+      mode: 'advanced',
+      required: { field: 'operation', value: 'upload_file' },
+    },
+    // OData query options (list_records)
+    {
+      id: 'select',
+      title: 'Select Columns',
+      type: 'short-input',
+      placeholder: 'Comma-separated columns (e.g., name,telephone1,emailaddress1)',
+      condition: { field: 'operation', value: ['list_records', 'get_record'] },
+      mode: 'advanced',
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate a comma-separated list of Dataverse column logical names based on the user's description.
+Use lowercase logical names without spaces.
+Common columns by table:
+- Accounts: name, accountnumber, telephone1, emailaddress1, address1_city, revenue, industrycode
+- Contacts: firstname, lastname, fullname, emailaddress1, telephone1, jobtitle, birthdate
+- General: statecode, statuscode, createdon, modifiedon, ownerid, createdby
+
+Return ONLY the comma-separated column names - no explanations.`,
+        placeholder: 'Describe which columns you want to retrieve...',
+        generationType: 'odata-expression',
+      },
+    },
+    {
+      id: 'filter',
+      title: 'Filter',
+      type: 'short-input',
+      placeholder: "OData filter (e.g., statecode eq 0 and contains(name,'Contoso'))",
+      condition: { field: 'operation', value: ['list_records', 'search'] },
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate an OData $filter expression for the Dataverse Web API based on the user's description.
+OData filter syntax:
+- Comparison: eq, ne, gt, ge, lt, le (e.g., "revenue gt 1000000")
+- Logical: and, or, not (e.g., "statecode eq 0 and revenue gt 1000000")
+- String functions: contains(name,'value'), startswith(name,'value'), endswith(name,'value')
+- Date functions: year(createdon) eq 2024, month(createdon) eq 1
+- Null check: fieldname eq null, fieldname ne null
+- Status: statecode eq 0 (active), statecode eq 1 (inactive)
+
+Return ONLY the filter expression - no $filter= prefix, no explanations.`,
+        placeholder: 'Describe which records you want to filter for...',
+        generationType: 'odata-expression',
+      },
+    },
+    {
+      id: 'orderBy',
+      title: 'Order By',
+      type: 'short-input',
+      placeholder: 'e.g., name asc, createdon desc',
+      condition: { field: 'operation', value: ['list_records', 'search'] },
+      mode: 'advanced',
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate an OData $orderby expression for sorting Dataverse records based on the user's description.
+Format: column_name asc|desc, separated by commas for multi-column sort.
+Examples:
+- "name asc" - Sort by name alphabetically
+- "createdon desc" - Sort by creation date, newest first
+- "name asc, createdon desc" - Sort by name, then by date
+
+Return ONLY the orderby expression - no $orderby= prefix, no explanations.`,
+        placeholder: 'Describe how you want to sort the results...',
+        generationType: 'odata-expression',
+      },
+    },
+    {
+      id: 'top',
+      title: 'Max Results',
+      type: 'short-input',
+      placeholder: 'Maximum number of records (default: 5000)',
+      condition: { field: 'operation', value: ['list_records', 'search'] },
+      mode: 'advanced',
+    },
+    {
+      id: 'expand',
+      title: 'Expand',
+      type: 'short-input',
+      placeholder: 'Navigation properties to expand (e.g., primarycontactid)',
+      condition: { field: 'operation', value: ['list_records', 'get_record'] },
+      mode: 'advanced',
+      wandConfig: {
+        enabled: true,
+        prompt: `Generate an OData $expand expression for the Dataverse Web API based on the user's description.
+$expand retrieves related records through navigation properties.
+Examples:
+- "primarycontactid" - Expand the primary contact lookup
+- "contact_customer_accounts" - Expand related contacts for an account
+- "primarycontactid($select=fullname,emailaddress1)" - Expand with selected columns
+- "contact_customer_accounts($select=fullname;$top=5;$orderby=fullname asc)" - Expand with query options
+
+Return ONLY the expand expression - no $expand= prefix, no explanations.`,
+        placeholder: 'Describe which related records you want to include...',
+        generationType: 'odata-expression',
+      },
+    },
+    // Associate/Disassociate
+    {
+      id: 'navigationProperty',
+      title: 'Navigation Property',
+      type: 'short-input',
+      placeholder: 'e.g., contact_customer_accounts',
+      condition: { field: 'operation', value: ['associate', 'disassociate'] },
+      required: { field: 'operation', value: ['associate', 'disassociate'] },
+    },
+    {
+      id: 'navigationType',
+      title: 'Navigation Type',
+      type: 'dropdown',
+      options: [
+        { label: 'Collection-valued (default)', id: 'collection' },
+        { label: 'Single-valued (lookup)', id: 'single' },
+      ],
+      value: () => 'collection',
+      condition: { field: 'operation', value: 'associate' },
+      mode: 'advanced',
+    },
+    {
+      id: 'targetEntitySetName',
+      title: 'Target Entity Set',
+      type: 'short-input',
+      placeholder: 'Target table name (e.g., contacts)',
+      condition: { field: 'operation', value: 'associate' },
+      required: { field: 'operation', value: 'associate' },
+    },
+    {
+      id: 'targetRecordId',
+      title: 'Target Record ID',
+      type: 'short-input',
+      placeholder: 'Target record GUID',
+      condition: { field: 'operation', value: ['associate', 'disassociate'] },
+      required: { field: 'operation', value: 'associate' },
+    },
+  ],
+  tools: {
+    access: [
+      'microsoft_dataverse_associate',
+      'microsoft_dataverse_create_multiple',
+      'microsoft_dataverse_create_record',
+      'microsoft_dataverse_delete_record',
+      'microsoft_dataverse_disassociate',
+      'microsoft_dataverse_download_file',
+      'microsoft_dataverse_execute_action',
+      'microsoft_dataverse_execute_function',
+      'microsoft_dataverse_fetchxml_query',
+      'microsoft_dataverse_get_record',
+      'microsoft_dataverse_list_records',
+      'microsoft_dataverse_search',
+      'microsoft_dataverse_update_multiple',
+      'microsoft_dataverse_update_record',
+      'microsoft_dataverse_upload_file',
+      'microsoft_dataverse_upsert_record',
+      'microsoft_dataverse_whoami',
+    ],
+    config: {
+      tool: (params) => `microsoft_dataverse_${params.operation}`,
+      params: (params) => {
+        const { credential, operation, file, ...rest } = params
+
+        const cleanParams: Record<string, unknown> = {
+          credential,
+        }
+
+        // Normalize file input from basic (uploadFile) or advanced (fileReference) mode
+        const normalizedFile = normalizeFileInput(file, { single: true })
+        if (normalizedFile) {
+          cleanParams.file = normalizedFile
+        }
+
+        // Map block subBlock IDs to tool param names where they differ
+        if (operation === 'search' && rest.searchEntities) {
+          cleanParams.entities = rest.searchEntities
+          rest.searchEntities = undefined
+        }
+        if (operation === 'execute_function' && rest.functionParameters) {
+          cleanParams.parameters = rest.functionParameters
+          rest.functionParameters = undefined
+          // Prevent stale action parameters from overwriting mapped function parameters
+          rest.parameters = undefined
+        }
+        // Always clean up mapped subBlock IDs so they don't leak through the loop below
+        rest.searchEntities = undefined
+        rest.functionParameters = undefined
+
+        Object.entries(rest).forEach(([key, value]) => {
+          if (value !== undefined && value !== null && value !== '') {
+            cleanParams[key] = value
+          }
+        })
+
+        return cleanParams
+      },
+    },
+  },
+  inputs: {
+    operation: { type: 'string', description: 'Operation to perform' },
+    credential: { type: 'string', description: 'Microsoft Dataverse OAuth credential' },
+    environmentUrl: { type: 'string', description: 'Dataverse environment URL' },
+    entitySetName: { type: 'string', description: 'Entity set name (plural table name)' },
+    recordId: { type: 'string', description: 'Record GUID' },
+    data: { type: 'json', description: 'Record data as JSON object' },
+    select: { type: 'string', description: 'Columns to return (comma-separated)' },
+    filter: { type: 'string', description: 'OData $filter expression' },
+    orderBy: { type: 'string', description: 'OData $orderby expression' },
+    top: { type: 'string', description: 'Maximum number of records' },
+    expand: { type: 'string', description: 'Navigation properties to expand' },
+    navigationProperty: {
+      type: 'string',
+      description: 'Navigation property name for associations',
+    },
+    navigationType: {
+      type: 'string',
+      description:
+        'Navigation property type: "collection" (default) or "single" (for lookup fields)',
+    },
+    targetEntitySetName: { type: 'string', description: 'Target entity set for association' },
+    targetRecordId: { type: 'string', description: 'Target record GUID for association' },
+    fetchXml: { type: 'string', description: 'FetchXML query string' },
+    searchTerm: { type: 'string', description: 'Search text for relevance search' },
+    searchEntities: { type: 'string', description: 'JSON array of search entity configurations' },
+    searchMode: { type: 'string', description: 'Search mode: "any" or "all"' },
+    searchType: { type: 'string', description: 'Query type: "simple" or "lucene"' },
+    actionName: { type: 'string', description: 'Dataverse action name to execute' },
+    functionName: { type: 'string', description: 'Dataverse function name to execute' },
+    functionParameters: {
+      type: 'string',
+      description: 'Function parameters as URL-encoded string',
+    },
+    parameters: { type: 'json', description: 'Action parameters as JSON object' },
+    entityLogicalName: { type: 'string', description: 'Table logical name for @odata.type' },
+    records: { type: 'json', description: 'Array of record objects for bulk operations' },
+    fileColumn: { type: 'string', description: 'File or image column logical name' },
+    fileName: { type: 'string', description: 'Name of the file to upload' },
+    file: { type: 'json', description: 'File to upload (canonical param)' },
+  },
+  outputs: {
+    records: { type: 'json', description: 'Array of records (list/fetchxml/search)' },
+    record: { type: 'json', description: 'Single record data' },
+    recordId: { type: 'string', description: 'Record ID' },
+    count: { type: 'number', description: 'Number of records returned in the current page' },
+    totalCount: {
+      type: 'number',
+      description: 'Total matching records server-side',
+    },
+    nextLink: { type: 'string', description: 'URL for next page of results' },
+    created: { type: 'boolean', description: 'Whether a new record was created (upsert)' },
+    userId: { type: 'string', description: 'Authenticated user ID (WhoAmI)' },
+    businessUnitId: { type: 'string', description: 'Business unit ID (WhoAmI)' },
+    organizationId: { type: 'string', description: 'Organization ID (WhoAmI)' },
+    entitySetName: {
+      type: 'string',
+      description: 'Source entity set name (associate/disassociate)',
+    },
+    navigationProperty: {
+      type: 'string',
+      description: 'Navigation property used (associate/disassociate)',
+    },
+    targetEntitySetName: { type: 'string', description: 'Target entity set name (associate)' },
+    targetRecordId: { type: 'string', description: 'Target record GUID (associate/disassociate)' },
+    success: { type: 'boolean', description: 'Operation success status' },
+    result: { type: 'json', description: 'Action/function result data' },
+    ids: { type: 'json', description: 'Array of created record IDs (create multiple)' },
+    fetchXmlPagingCookie: { type: 'string', description: 'Paging cookie for FetchXML pagination' },
+    moreRecords: { type: 'boolean', description: 'Whether more records are available (FetchXML)' },
+    results: { type: 'json', description: 'Search results array' },
+    facets: { type: 'json', description: 'Facet results for search (when facets requested)' },
+    fileContent: { type: 'string', description: 'Base64-encoded downloaded file content' },
+    fileName: { type: 'string', description: 'Downloaded file name' },
+    fileSize: { type: 'number', description: 'File size in bytes' },
+    mimeType: { type: 'string', description: 'File MIME type' },
+    fileColumn: { type: 'string', description: 'File column name' },
+  },
+}

apps/sim/blocks/blocks/youtube.ts

@@ -50,6 +50,7 @@ export const YouTubeBlock: BlockConfig<YouTubeResponse> = {
       step: 1,
       integer: true,
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'pageToken',
@@ -57,6 +58,7 @@ export const YouTubeBlock: BlockConfig<YouTubeResponse> = {
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'channelId',
@@ -64,6 +66,7 @@ export const YouTubeBlock: BlockConfig<YouTubeResponse> = {
       type: 'short-input',
       placeholder: 'Filter results to a specific channel',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'eventType',
@@ -77,6 +80,7 @@ export const YouTubeBlock: BlockConfig<YouTubeResponse> = {
       ],
       value: () => '',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'publishedAfter',
@@ -84,6 +88,7 @@ export const YouTubeBlock: BlockConfig<YouTubeResponse> = {
       type: 'short-input',
       placeholder: '2024-01-01T00:00:00Z',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
       wandConfig: {
         enabled: true,
         prompt: `Generate an ISO 8601 timestamp based on the user's description.
@@ -106,6 +111,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: '2024-12-31T23:59:59Z',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
       wandConfig: {
         enabled: true,
         prompt: `Generate an ISO 8601 timestamp based on the user's description.
@@ -134,6 +140,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'any',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'order',
@@ -148,6 +155,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'relevance',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'videoCategoryId',
@@ -155,6 +163,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Use Get Video Categories to find IDs',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'videoDefinition',
@@ -167,6 +176,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'any',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'videoCaption',
@@ -179,6 +189,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'any',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'regionCode',
@@ -189,6 +200,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
         field: 'operation',
         value: ['youtube_search', 'youtube_trending', 'youtube_video_categories'],
       },
+      mode: 'advanced',
     },
     {
       id: 'relevanceLanguage',
@@ -196,6 +208,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'en, es, fr',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     {
       id: 'safeSearch',
@@ -208,6 +221,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'moderate',
       condition: { field: 'operation', value: 'youtube_search' },
+      mode: 'advanced',
     },
     // Get Trending Videos operation inputs
     {
@@ -226,6 +240,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Use Get Video Categories to find IDs',
       condition: { field: 'operation', value: 'youtube_trending' },
+      mode: 'advanced',
     },
     {
       id: 'pageToken',
@@ -233,6 +248,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_trending' },
+      mode: 'advanced',
     },
     // Get Video Details operation inputs
     {
@@ -250,6 +266,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'en, es, fr (for category names)',
       condition: { field: 'operation', value: 'youtube_video_categories' },
+      mode: 'advanced',
     },
     // Get Channel Info operation inputs
     {
@@ -298,6 +315,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'date',
       condition: { field: 'operation', value: 'youtube_channel_videos' },
+      mode: 'advanced',
     },
     {
       id: 'pageToken',
@@ -305,6 +323,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_channel_videos' },
+      mode: 'advanced',
     },
     // Get Channel Playlists operation inputs
     {
@@ -331,6 +350,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_channel_playlists' },
+      mode: 'advanced',
     },
     // Get Playlist Items operation inputs
     {
@@ -357,6 +377,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_playlist_items' },
+      mode: 'advanced',
     },
     // Get Video Comments operation inputs
     {
@@ -387,6 +408,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       ],
       value: () => 'relevance',
       condition: { field: 'operation', value: 'youtube_comments' },
+      mode: 'advanced',
     },
     {
       id: 'pageToken',
@@ -394,6 +416,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       placeholder: 'Token for pagination (from nextPageToken)',
       condition: { field: 'operation', value: 'youtube_comments' },
+      mode: 'advanced',
     },
     // API Key (common to all operations)
     {

apps/sim/blocks/registry.ts

@@ -16,6 +16,7 @@ import { ChatTriggerBlock } from '@/blocks/blocks/chat_trigger'
 import { CirclebackBlock } from '@/blocks/blocks/circleback'
 import { ClayBlock } from '@/blocks/blocks/clay'
 import { ClerkBlock } from '@/blocks/blocks/clerk'
+import { CloudflareBlock } from '@/blocks/blocks/cloudflare'
 import { ConditionBlock } from '@/blocks/blocks/condition'
 import { ConfluenceBlock, ConfluenceV2Block } from '@/blocks/blocks/confluence'
 import { CursorBlock, CursorV2Block } from '@/blocks/blocks/cursor'
@@ -78,6 +79,7 @@ import { ManualTriggerBlock } from '@/blocks/blocks/manual_trigger'
 import { McpBlock } from '@/blocks/blocks/mcp'
 import { Mem0Block } from '@/blocks/blocks/mem0'
 import { MemoryBlock } from '@/blocks/blocks/memory'
+import { MicrosoftDataverseBlock } from '@/blocks/blocks/microsoft_dataverse'
 import { MicrosoftExcelBlock, MicrosoftExcelV2Block } from '@/blocks/blocks/microsoft_excel'
 import { MicrosoftPlannerBlock } from '@/blocks/blocks/microsoft_planner'
 import { MicrosoftTeamsBlock } from '@/blocks/blocks/microsoft_teams'
@@ -146,6 +148,7 @@ import { TwilioSMSBlock } from '@/blocks/blocks/twilio'
 import { TwilioVoiceBlock } from '@/blocks/blocks/twilio_voice'
 import { TypeformBlock } from '@/blocks/blocks/typeform'
 import { VariablesBlock } from '@/blocks/blocks/variables'
+import { VercelBlock } from '@/blocks/blocks/vercel'
 import { VideoGeneratorBlock, VideoGeneratorV2Block } from '@/blocks/blocks/video_generator'
 import { VisionBlock, VisionV2Block } from '@/blocks/blocks/vision'
 import { WaitBlock } from '@/blocks/blocks/wait'
@@ -182,6 +185,7 @@ export const registry: Record<string, BlockConfig> = {
   calendly: CalendlyBlock,
   chat_trigger: ChatTriggerBlock,
   circleback: CirclebackBlock,
+  cloudflare: CloudflareBlock,
   clay: ClayBlock,
   clerk: ClerkBlock,
   condition: ConditionBlock,
@@ -258,6 +262,7 @@ export const registry: Record<string, BlockConfig> = {
   mcp: McpBlock,
   mem0: Mem0Block,
   memory: MemoryBlock,
+  microsoft_dataverse: MicrosoftDataverseBlock,
   microsoft_excel: MicrosoftExcelBlock,
   microsoft_excel_v2: MicrosoftExcelV2Block,
   microsoft_planner: MicrosoftPlannerBlock,
@@ -330,6 +335,7 @@ export const registry: Record<string, BlockConfig> = {
   twilio_sms: TwilioSMSBlock,
   twilio_voice: TwilioVoiceBlock,
   typeform: TypeformBlock,
+  vercel: VercelBlock,
   variables: VariablesBlock,
   video_generator: VideoGeneratorBlock,
   video_generator_v2: VideoGeneratorV2Block,

apps/sim/blocks/types.ts

@@ -41,6 +41,7 @@ export type GenerationType =
   | 'timestamp'
   | 'timezone'
   | 'cron-expression'
+  | 'odata-expression'
 
 export type SubBlockType =
   | 'short-input' // Single line input

apps/sim/components/icons.tsx

@@ -4407,6 +4407,161 @@ export function DatadogIcon(props: SVGProps<SVGSVGElement>) {
   )
 }
 
+export function MicrosoftDataverseIcon(props: SVGProps<SVGSVGElement>) {
+  const id = useId()
+  const clip0 = `dataverse_clip0_${id}`
+  const clip1 = `dataverse_clip1_${id}`
+  const clip2 = `dataverse_clip2_${id}`
+  const paint0 = `dataverse_paint0_${id}`
+  const paint1 = `dataverse_paint1_${id}`
+  const paint2 = `dataverse_paint2_${id}`
+  const paint3 = `dataverse_paint3_${id}`
+  const paint4 = `dataverse_paint4_${id}`
+  const paint5 = `dataverse_paint5_${id}`
+  const paint6 = `dataverse_paint6_${id}`
+  return (
+    <svg
+      {...props}
+      width='96'
+      height='96'
+      viewBox='0 0 96 96'
+      fill='none'
+      xmlns='http://www.w3.org/2000/svg'
+    >
+      <g clipPath={`url(#${clip0})`}>
+        <g clipPath={`url(#${clip1})`}>
+          <g clipPath={`url(#${clip2})`}>
+            <path
+              d='M13.8776 21.8242C29.1033 8.13791 49.7501 8.1861 62.955 18.9134C74.9816 28.6836 77.4697 44.3159 70.851 55.7801C64.2321 67.2443 52.5277 70.1455 39.5011 62.6247L31.7286 76.087L31.7234 76.0862C27.4181 83.5324 17.8937 86.0828 10.4437 81.7817C7.45394 80.0556 5.25322 77.4879 3.96665 74.551L3.96096 74.5511C-4.07832 55.7804 0.200745 34.1184 13.8776 21.8242Z'
+              fill={`url(#${paint0})`}
+            />
+            <path
+              d='M13.8776 21.8242C29.1033 8.13791 49.7501 8.1861 62.955 18.9134C74.9816 28.6836 77.4697 44.3159 70.851 55.7801C64.2321 67.2443 52.5277 70.1455 39.5011 62.6247L31.7286 76.087L31.7234 76.0862C27.4181 83.5324 17.8937 86.0828 10.4437 81.7817C7.45394 80.0556 5.25322 77.4879 3.96665 74.551L3.96096 74.5511C-4.07832 55.7804 0.200745 34.1184 13.8776 21.8242Z'
+              fill={`url(#${paint1})`}
+              fillOpacity='0.8'
+            />
+            <path
+              d='M85.4327 14.2231C88.4528 15.9668 90.6686 18.569 91.9494 21.5433L91.9533 21.5444C99.9406 40.2943 95.6533 61.9068 81.9983 74.1814C66.7726 87.8677 46.1257 87.8196 32.9209 77.0923C20.8945 67.3221 18.4062 51.6897 25.0249 40.2256C31.6438 28.7614 43.3482 25.8601 56.3748 33.381L64.1434 19.9255L64.1482 19.9249C68.4516 12.4736 77.9805 9.92084 85.4327 14.2231Z'
+              fill={`url(#${paint2})`}
+            />
+            <path
+              d='M85.4327 14.2231C88.4528 15.9668 90.6686 18.569 91.9494 21.5433L91.9533 21.5444C99.9406 40.2943 95.6533 61.9068 81.9983 74.1814C66.7726 87.8677 46.1257 87.8196 32.9209 77.0923C20.8945 67.3221 18.4062 51.6897 25.0249 40.2256C31.6438 28.7614 43.3482 25.8601 56.3748 33.381L64.1434 19.9255L64.1482 19.9249C68.4516 12.4736 77.9805 9.92084 85.4327 14.2231Z'
+              fill={`url(#${paint3})`}
+              fillOpacity='0.9'
+            />
+            <path
+              d='M39.5041 62.6261C52.5307 70.1469 64.2352 67.2456 70.8541 55.7814C77.2488 44.7055 75.1426 29.7389 64.147 19.9271L56.3791 33.3814L39.5041 62.6261Z'
+              fill={`url(#${paint4})`}
+            />
+            <path
+              d='M56.3794 33.3815C43.3528 25.8607 31.6482 28.762 25.0294 40.2262C18.6347 51.3021 20.7409 66.2687 31.7364 76.0806L39.5043 62.6262L56.3794 33.3815Z'
+              fill={`url(#${paint5})`}
+            />
+            <path
+              d='M33.3215 56.4453C37.9837 64.5204 48.3094 67.2872 56.3846 62.625C64.4598 57.9628 67.2266 47.6371 62.5643 39.5619C57.9021 31.4867 47.5764 28.72 39.5013 33.3822C31.4261 38.0444 28.6593 48.3701 33.3215 56.4453Z'
+              fill={`url(#${paint6})`}
+            />
+          </g>
+        </g>
+      </g>
+      <defs>
+        <radialGradient
+          id={paint0}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(46.0001 49.4996) rotate(-148.717) scale(46.2195 47.5359)'
+        >
+          <stop offset='0.465088' stopColor='#09442A' />
+          <stop offset='0.70088' stopColor='#136C6C' />
+          <stop offset='1' stopColor='#22918B' />
+        </radialGradient>
+        <radialGradient
+          id={paint1}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(50.0001 32.4996) rotate(123.57) scale(66.0095 46.5498)'
+        >
+          <stop offset='0.718705' stopColor='#1A7F7C' stopOpacity='0' />
+          <stop offset='1' stopColor='#16BBDA' />
+        </radialGradient>
+        <radialGradient
+          id={paint2}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(50.4999 44.5001) rotate(30.75) scale(45.9618 44.5095)'
+        >
+          <stop offset='0.358097' stopColor='#136C6C' />
+          <stop offset='0.789474' stopColor='#42B870' />
+          <stop offset='1' stopColor='#76D45E' />
+        </radialGradient>
+        <radialGradient
+          id={paint3}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientTransform='matrix(42.5 -36.0002 31.1824 36.8127 49.4998 55.5001)'
+          gradientUnits='userSpaceOnUse'
+        >
+          <stop offset='0.583166' stopColor='#76D45E' stopOpacity='0' />
+          <stop offset='1' stopColor='#C8F5B7' />
+        </radialGradient>
+        <radialGradient
+          id={paint4}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(47.5 48) rotate(-58.9042) scale(32.6898)'
+        >
+          <stop offset='0.486266' stopColor='#22918B' />
+          <stop offset='0.729599' stopColor='#42B870' />
+          <stop offset='1' stopColor='#43E5CA' />
+        </radialGradient>
+        <radialGradient
+          id={paint5}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(47.3833 49.0077) rotate(119.859) scale(31.1328 29.4032)'
+        >
+          <stop offset='0.459553' stopColor='#08494E' />
+          <stop offset='0.742242' stopColor='#1A7F7C' />
+          <stop offset='1' stopColor='#309C61' />
+        </radialGradient>
+        <radialGradient
+          id={paint6}
+          cx='0'
+          cy='0'
+          r='1'
+          gradientUnits='userSpaceOnUse'
+          gradientTransform='translate(52.5 40) rotate(120.784) scale(27.3542)'
+        >
+          <stop stopColor='#C8F5B7' />
+          <stop offset='0.24583' stopColor='#98F0B0' />
+          <stop offset='0.643961' stopColor='#52D17C' />
+          <stop offset='1' stopColor='#119FC5' />
+        </radialGradient>
+        <clipPath id={clip0}>
+          <rect width='96' height='96' fill='white' />
+        </clipPath>
+        <clipPath id={clip1}>
+          <rect width='96' height='96' fill='white' />
+        </clipPath>
+        <clipPath id={clip2}>
+          <rect width='95.9998' height='96' fill='white' />
+        </clipPath>
+      </defs>
+    </svg>
+  )
+}
+
 export function KalshiIcon(props: SVGProps<SVGSVGElement>) {
   return (
     <svg {...props} viewBox='0 0 78 20' fill='currentColor' xmlns='http://www.w3.org/2000/svg'>
@@ -5532,3 +5687,33 @@ export function OnePasswordIcon(props: SVGProps<SVGSVGElement>) {
     </svg>
   )
 }
+
+export function VercelIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      {...props}
+      viewBox='0 0 256 222'
+      xmlns='http://www.w3.org/2000/svg'
+      preserveAspectRatio='xMidYMid'
+    >
+      <g transform='translate(19.2 16.63) scale(0.85)'>
+        <polygon fill='#fafafa' points='128 0 256 221.705007 0 221.705007' />
+      </g>
+    </svg>
+  )
+}
+
+export function CloudflareIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg {...props} xmlns='http://www.w3.org/2000/svg' viewBox='0 0 512 512'>
+      <path
+        fill='#f38020'
+        d='M331 326c11-26-4-38-19-38l-148-2c-4 0-4-6 1-7l150-2c17-1 37-15 43-33 0 0 10-21 9-24a97 97 0 0 0-187-11c-38-25-78 9-69 46-48 3-65 46-60 72 0 1 1 2 3 2h274c1 0 3-1 3-3z'
+      />
+      <path
+        fill='#faae40'
+        d='M381 224c-4 0-6-1-7 1l-5 21c-5 16 3 30 20 31l32 2c4 0 4 6-1 7l-33 1c-36 4-46 39-46 39 0 2 0 3 2 3h113l3-2a81 81 0 0 0-78-103'
+      />
+    </svg>
+  )
+}

apps/sim/hooks/queries/folders.test.ts

@@ -0,0 +1,177 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockLogger, queryClient, useFolderStoreMock, useWorkflowRegistryMock } = vi.hoisted(() => ({
+  mockLogger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+  queryClient: {
+    cancelQueries: vi.fn().mockResolvedValue(undefined),
+    invalidateQueries: vi.fn().mockResolvedValue(undefined),
+  },
+  useFolderStoreMock: Object.assign(vi.fn(), {
+    getState: vi.fn(),
+    setState: vi.fn(),
+  }),
+  useWorkflowRegistryMock: Object.assign(vi.fn(), {
+    getState: vi.fn(),
+    setState: vi.fn(),
+  }),
+}))
+
+let folderState: {
+  folders: Record<string, any>
+}
+
+let workflowRegistryState: {
+  workflows: Record<string, any>
+}
+
+vi.mock('@sim/logger', () => ({
+  createLogger: vi.fn(() => mockLogger),
+}))
+
+vi.mock('@tanstack/react-query', () => ({
+  keepPreviousData: {},
+  useQuery: vi.fn(),
+  useQueryClient: vi.fn(() => queryClient),
+  useMutation: vi.fn((options) => options),
+}))
+
+vi.mock('@/stores/folders/store', () => ({
+  useFolderStore: useFolderStoreMock,
+}))
+
+vi.mock('@/stores/workflows/registry/store', () => ({
+  useWorkflowRegistry: useWorkflowRegistryMock,
+}))
+
+vi.mock('@/hooks/queries/workflows', () => ({
+  workflowKeys: {
+    list: (workspaceId: string | undefined) => ['workflows', 'list', workspaceId ?? ''],
+  },
+}))
+
+import { useCreateFolder, useDuplicateFolderMutation } from '@/hooks/queries/folders'
+
+function getOptimisticFolderByName(name: string) {
+  return Object.values(folderState.folders).find((folder: any) => folder.name === name) as
+    | { sortOrder: number }
+    | undefined
+}
+
+describe('folder optimistic top insertion ordering', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    useFolderStoreMock.getState.mockImplementation(() => folderState)
+    useFolderStoreMock.setState.mockImplementation((updater: any) => {
+      if (typeof updater === 'function') {
+        const next = updater(folderState)
+        if (next) {
+          folderState = { ...folderState, ...next }
+        }
+        return
+      }
+
+      folderState = { ...folderState, ...updater }
+    })
+    useWorkflowRegistryMock.getState.mockImplementation(() => workflowRegistryState)
+
+    folderState = {
+      folders: {
+        'folder-parent-match': {
+          id: 'folder-parent-match',
+          name: 'Existing sibling folder',
+          userId: 'user-1',
+          workspaceId: 'ws-1',
+          parentId: 'parent-1',
+          color: '#808080',
+          isExpanded: false,
+          sortOrder: 5,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+        'folder-other-parent': {
+          id: 'folder-other-parent',
+          name: 'Other parent folder',
+          userId: 'user-1',
+          workspaceId: 'ws-1',
+          parentId: 'parent-2',
+          color: '#808080',
+          isExpanded: false,
+          sortOrder: -100,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+      },
+    }
+
+    workflowRegistryState = {
+      workflows: {
+        'workflow-parent-match': {
+          id: 'workflow-parent-match',
+          name: 'Existing sibling workflow',
+          workspaceId: 'ws-1',
+          folderId: 'parent-1',
+          sortOrder: 2,
+        },
+        'workflow-other-parent': {
+          id: 'workflow-other-parent',
+          name: 'Other parent workflow',
+          workspaceId: 'ws-1',
+          folderId: 'parent-2',
+          sortOrder: -50,
+        },
+      },
+    }
+  })
+
+  it('creates folders at top of mixed non-root siblings', async () => {
+    const mutation = useCreateFolder()
+
+    await mutation.onMutate({
+      workspaceId: 'ws-1',
+      name: 'New child folder',
+      parentId: 'parent-1',
+    })
+
+    const optimisticFolder = getOptimisticFolderByName('New child folder')
+    expect(optimisticFolder).toBeDefined()
+    expect(optimisticFolder?.sortOrder).toBe(1)
+  })
+
+  it('duplicates folders at top of mixed non-root siblings', async () => {
+    const mutation = useDuplicateFolderMutation()
+
+    await mutation.onMutate({
+      workspaceId: 'ws-1',
+      id: 'folder-parent-match',
+      name: 'Duplicated child folder',
+      parentId: 'parent-1',
+    })
+
+    const optimisticFolder = getOptimisticFolderByName('Duplicated child folder')
+    expect(optimisticFolder).toBeDefined()
+    expect(optimisticFolder?.sortOrder).toBe(1)
+  })
+
+  it('uses source parent scope when duplicate parentId is undefined', async () => {
+    const mutation = useDuplicateFolderMutation()
+
+    await mutation.onMutate({
+      workspaceId: 'ws-1',
+      id: 'folder-parent-match',
+      name: 'Duplicated with inherited parent',
+      // parentId intentionally omitted to mirror duplicate fallback behavior
+    })
+
+    const optimisticFolder = getOptimisticFolderByName('Duplicated with inherited parent') as
+      | { parentId: string | null; sortOrder: number }
+      | undefined
+    expect(optimisticFolder).toBeDefined()
+    expect(optimisticFolder?.parentId).toBe('parent-1')
+    expect(optimisticFolder?.sortOrder).toBe(1)
+  })
+})

apps/sim/hooks/queries/folders.ts

@@ -5,9 +5,11 @@ import {
   createOptimisticMutationHandlers,
   generateTempId,
 } from '@/hooks/queries/utils/optimistic-mutation'
+import { getTopInsertionSortOrder } from '@/hooks/queries/utils/top-insertion-sort-order'
 import { workflowKeys } from '@/hooks/queries/workflows'
 import { useFolderStore } from '@/stores/folders/store'
 import type { WorkflowFolder } from '@/stores/folders/types'
+import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 
 const logger = createLogger('FolderQueries')
 
@@ -133,40 +135,35 @@ function createFolderMutationHandlers<TVariables extends { workspaceId: string }
   })
 }
 
-/**
- * Calculates the next sort order for a folder in a given parent
- */
-function getNextSortOrder(
-  folders: Record<string, WorkflowFolder>,
-  workspaceId: string,
-  parentId: string | null | undefined
-): number {
-  const siblingFolders = Object.values(folders).filter(
-    (f) => f.workspaceId === workspaceId && f.parentId === (parentId || null)
-  )
-  return siblingFolders.reduce((max, f) => Math.max(max, f.sortOrder), -1) + 1
-}
-
 export function useCreateFolder() {
   const queryClient = useQueryClient()
 
   const handlers = createFolderMutationHandlers<CreateFolderVariables>(
     queryClient,
     'CreateFolder',
-    (variables, tempId, previousFolders) => ({
+    (variables, tempId, previousFolders) => {
-      id: tempId,
+      const currentWorkflows = useWorkflowRegistry.getState().workflows
-      name: variables.name,
+
-      userId: '',
+      return {
-      workspaceId: variables.workspaceId,
+        id: tempId,
-      parentId: variables.parentId || null,
+        name: variables.name,
-      color: variables.color || '#808080',
+        userId: '',
-      isExpanded: false,
+        workspaceId: variables.workspaceId,
-      sortOrder:
+        parentId: variables.parentId || null,
-        variables.sortOrder ??
+        color: variables.color || '#808080',
-        getNextSortOrder(previousFolders, variables.workspaceId, variables.parentId),
+        isExpanded: false,
-      createdAt: new Date(),
+        sortOrder:
-      updatedAt: new Date(),
+          variables.sortOrder ??
-    })
+          getTopInsertionSortOrder(
+            currentWorkflows,
+            previousFolders,
+            variables.workspaceId,
+            variables.parentId
+          ),
+        createdAt: new Date(),
+        updatedAt: new Date(),
+      }
+    }
   )
 
   return useMutation({
@@ -242,17 +239,25 @@ export function useDuplicateFolderMutation() {
     queryClient,
     'DuplicateFolder',
     (variables, tempId, previousFolders) => {
+      const currentWorkflows = useWorkflowRegistry.getState().workflows
+
       // Get source folder info if available
       const sourceFolder = previousFolders[variables.id]
+      const targetParentId = variables.parentId ?? sourceFolder?.parentId ?? null
       return {
         id: tempId,
         name: variables.name,
         userId: sourceFolder?.userId || '',
         workspaceId: variables.workspaceId,
-        parentId: variables.parentId ?? sourceFolder?.parentId ?? null,
+        parentId: targetParentId,
         color: variables.color || sourceFolder?.color || '#808080',
         isExpanded: false,
-        sortOrder: getNextSortOrder(previousFolders, variables.workspaceId, variables.parentId),
+        sortOrder: getTopInsertionSortOrder(
+          currentWorkflows,
+          previousFolders,
+          variables.workspaceId,
+          targetParentId
+        ),
         createdAt: new Date(),
         updatedAt: new Date(),
       }

apps/sim/hooks/queries/utils/top-insertion-sort-order.ts

@@ -0,0 +1,44 @@
+interface SortableWorkflow {
+  workspaceId?: string
+  folderId?: string | null
+  sortOrder?: number
+}
+
+interface SortableFolder {
+  workspaceId?: string
+  parentId?: string | null
+  sortOrder: number
+}
+
+/**
+ * Calculates the insertion sort order that places a new item at the top of a
+ * mixed list of folders and workflows within the same parent scope.
+ */
+export function getTopInsertionSortOrder(
+  workflows: Record<string, SortableWorkflow>,
+  folders: Record<string, SortableFolder>,
+  workspaceId: string,
+  parentId: string | null | undefined
+): number {
+  const normalizedParentId = parentId ?? null
+
+  const siblingWorkflows = Object.values(workflows).filter(
+    (workflow) =>
+      workflow.workspaceId === workspaceId && (workflow.folderId ?? null) === normalizedParentId
+  )
+  const siblingFolders = Object.values(folders).filter(
+    (folder) =>
+      folder.workspaceId === workspaceId && (folder.parentId ?? null) === normalizedParentId
+  )
+
+  const siblingOrders = [
+    ...siblingWorkflows.map((workflow) => workflow.sortOrder ?? 0),
+    ...siblingFolders.map((folder) => folder.sortOrder),
+  ]
+
+  if (siblingOrders.length === 0) {
+    return 0
+  }
+
+  return Math.min(...siblingOrders) - 1
+}

apps/sim/hooks/queries/workflows.ts

@@ -8,6 +8,8 @@ import {
   createOptimisticMutationHandlers,
   generateTempId,
 } from '@/hooks/queries/utils/optimistic-mutation'
+import { getTopInsertionSortOrder } from '@/hooks/queries/utils/top-insertion-sort-order'
+import { useFolderStore } from '@/stores/folders/store'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 import type { WorkflowMetadata } from '@/stores/workflows/registry/types'
 import { generateCreativeWorkflowName } from '@/stores/workflows/registry/utils'
@@ -223,11 +225,13 @@ export function useCreateWorkflow() {
         sortOrder = variables.sortOrder
       } else {
         const currentWorkflows = useWorkflowRegistry.getState().workflows
-        const targetFolderId = variables.folderId || null
+        const currentFolders = useFolderStore.getState().folders
-        const workflowsInFolder = Object.values(currentWorkflows).filter(
+        sortOrder = getTopInsertionSortOrder(
-          (w) => w.folderId === targetFolderId
+          currentWorkflows,
+          currentFolders,
+          variables.workspaceId,
+          variables.folderId
         )
-        sortOrder = workflowsInFolder.reduce((min, w) => Math.min(min, w.sortOrder ?? 0), 1) - 1
       }
 
       return {
@@ -323,11 +327,8 @@ export function useDuplicateWorkflowMutation() {
     'DuplicateWorkflow',
     (variables, tempId) => {
       const currentWorkflows = useWorkflowRegistry.getState().workflows
-      const targetFolderId = variables.folderId || null
+      const currentFolders = useFolderStore.getState().folders
-      const workflowsInFolder = Object.values(currentWorkflows).filter(
+      const targetFolderId = variables.folderId ?? null
-        (w) => w.folderId === targetFolderId
-      )
-      const minSortOrder = workflowsInFolder.reduce((min, w) => Math.min(min, w.sortOrder ?? 0), 1)
 
       return {
         id: tempId,
@@ -338,7 +339,12 @@ export function useDuplicateWorkflowMutation() {
         color: variables.color,
         workspaceId: variables.workspaceId,
         folderId: targetFolderId,
-        sortOrder: minSortOrder - 1,
+        sortOrder: getTopInsertionSortOrder(
+          currentWorkflows,
+          currentFolders,
+          variables.workspaceId,
+          targetFolderId
+        ),
       }
     }
   )

apps/sim/hooks/use-permission-config.ts

@@ -44,7 +44,7 @@ function useAllowedIntegrationsFromEnv() {
  */
 function intersectAllowlists(a: string[] | null, b: string[] | null): string[] | null {
   if (a === null) return b
-  if (b === null) return a
+  if (b === null) return a.map((i) => i.toLowerCase())
   return a.map((i) => i.toLowerCase()).filter((i) => b.includes(i))
 }
 

apps/sim/lib/audit/log.ts

@@ -24,12 +24,18 @@ export const AuditAction = {
   CHAT_UPDATED: 'chat.updated',
   CHAT_DELETED: 'chat.deleted',
 
+  // Billing
+  CREDIT_PURCHASED: 'credit.purchased',
+
   // Credential Sets
   CREDENTIAL_SET_CREATED: 'credential_set.created',
   CREDENTIAL_SET_UPDATED: 'credential_set.updated',
   CREDENTIAL_SET_DELETED: 'credential_set.deleted',
   CREDENTIAL_SET_MEMBER_REMOVED: 'credential_set_member.removed',
+  CREDENTIAL_SET_MEMBER_LEFT: 'credential_set_member.left',
   CREDENTIAL_SET_INVITATION_CREATED: 'credential_set_invitation.created',
+  CREDENTIAL_SET_INVITATION_ACCEPTED: 'credential_set_invitation.accepted',
+  CREDENTIAL_SET_INVITATION_RESENT: 'credential_set_invitation.resent',
   CREDENTIAL_SET_INVITATION_REVOKED: 'credential_set_invitation.revoked',
 
   // Documents
@@ -81,6 +87,9 @@ export const AuditAction = {
   // OAuth
   OAUTH_DISCONNECTED: 'oauth.disconnected',
 
+  // Password
+  PASSWORD_RESET: 'password.reset',
+
   // Organizations
   ORGANIZATION_CREATED: 'organization.created',
   ORGANIZATION_UPDATED: 'organization.updated',
@@ -103,6 +112,11 @@ export const AuditAction = {
   // Schedules
   SCHEDULE_UPDATED: 'schedule.updated',
 
+  // Templates
+  TEMPLATE_CREATED: 'template.created',
+  TEMPLATE_UPDATED: 'template.updated',
+  TEMPLATE_DELETED: 'template.deleted',
+
   // Webhooks
   WEBHOOK_CREATED: 'webhook.created',
   WEBHOOK_DELETED: 'webhook.deleted',
@@ -113,6 +127,7 @@ export const AuditAction = {
   WORKFLOW_DEPLOYED: 'workflow.deployed',
   WORKFLOW_UNDEPLOYED: 'workflow.undeployed',
   WORKFLOW_DUPLICATED: 'workflow.duplicated',
+  WORKFLOW_DEPLOYMENT_ACTIVATED: 'workflow.deployment_activated',
   WORKFLOW_DEPLOYMENT_REVERTED: 'workflow.deployment_reverted',
   WORKFLOW_VARIABLES_UPDATED: 'workflow.variables_updated',
 
@@ -129,6 +144,7 @@ export type AuditActionType = (typeof AuditAction)[keyof typeof AuditAction]
  */
 export const AuditResourceType = {
   API_KEY: 'api_key',
+  BILLING: 'billing',
   BYOK_KEY: 'byok_key',
   CHAT: 'chat',
   CREDENTIAL_SET: 'credential_set',
@@ -142,8 +158,10 @@ export const AuditResourceType = {
   NOTIFICATION: 'notification',
   OAUTH: 'oauth',
   ORGANIZATION: 'organization',
+  PASSWORD: 'password',
   PERMISSION_GROUP: 'permission_group',
   SCHEDULE: 'schedule',
+  TEMPLATE: 'template',
   WEBHOOK: 'webhook',
   WORKFLOW: 'workflow',
   WORKSPACE: 'workspace',

apps/sim/lib/auth/auth.ts

@@ -395,6 +395,7 @@ export const auth = betterAuth({
         'google-groups',
         'vertex-ai',
         'github-repo',
+        'microsoft-dataverse',
         'microsoft-teams',
         'microsoft-excel',
         'microsoft-planner',
@@ -483,6 +484,17 @@ export const auth = betterAuth({
         throw new Error(`Failed to send reset password email: ${result.message}`)
       }
     },
+    onPasswordReset: async ({ user: resetUser }) => {
+      const { AuditAction, AuditResourceType, recordAudit } = await import('@/lib/audit/log')
+      recordAudit({
+        actorId: resetUser.id,
+        actorName: resetUser.name,
+        actorEmail: resetUser.email,
+        action: AuditAction.PASSWORD_RESET,
+        resourceType: AuditResourceType.PASSWORD,
+        description: 'Password reset completed',
+      })
+    },
   },
   hooks: {
     before: createAuthMiddleware(async (ctx) => {
@@ -1142,6 +1154,54 @@ export const auth = betterAuth({
             }
           },
         },
+        {
+          providerId: 'microsoft-dataverse',
+          clientId: env.MICROSOFT_CLIENT_ID as string,
+          clientSecret: env.MICROSOFT_CLIENT_SECRET as string,
+          authorizationUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
+          tokenUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
+          userInfoUrl: 'https://graph.microsoft.com/v1.0/me',
+          scopes: [
+            'openid',
+            'profile',
+            'email',
+            'https://dynamics.microsoft.com/user_impersonation',
+            'offline_access',
+          ],
+          responseType: 'code',
+          accessType: 'offline',
+          authentication: 'basic',
+          pkce: true,
+          redirectURI: `${getBaseUrl()}/api/auth/oauth2/callback/microsoft-dataverse`,
+          getUserInfo: async (tokens) => {
+            // Dataverse access tokens target dynamics.microsoft.com, not graph.microsoft.com,
+            // so we cannot call the Graph API /me endpoint. Instead, we decode the ID token JWT
+            // which is always returned when the openid scope is requested.
+            const idToken = (tokens as Record<string, unknown>).idToken as string | undefined
+            if (!idToken) {
+              logger.error(
+                'Microsoft Dataverse OAuth: no ID token received. Ensure openid scope is requested.'
+              )
+              throw new Error('Microsoft Dataverse OAuth requires an ID token (openid scope)')
+            }
+
+            const parts = idToken.split('.')
+            if (parts.length !== 3) {
+              throw new Error('Microsoft Dataverse OAuth: malformed ID token')
+            }
+
+            const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'))
+            const now = new Date()
+            return {
+              id: `${payload.oid || payload.sub}-${crypto.randomUUID()}`,
+              name: payload.name || 'Microsoft User',
+              email: payload.preferred_username || payload.email || payload.upn,
+              emailVerified: true,
+              createdAt: now,
+              updatedAt: now,
+            }
+          },
+        },
         {
           providerId: 'microsoft-planner',
           clientId: env.MICROSOFT_CLIENT_ID as string,

apps/sim/lib/auth/hybrid.ts

@@ -9,6 +9,8 @@ const logger = createLogger('HybridAuth')
 export interface AuthResult {
   success: boolean
   userId?: string
+  userName?: string | null
+  userEmail?: string | null
   authType?: 'session' | 'api_key' | 'internal_jwt'
   apiKeyType?: 'personal' | 'workspace'
   error?: string
@@ -142,6 +144,8 @@ export async function checkSessionOrInternalAuth(
       return {
         success: true,
         userId: session.user.id,
+        userName: session.user.name,
+        userEmail: session.user.email,
         authType: 'session',
       }
     }
@@ -189,6 +193,8 @@ export async function checkHybridAuth(
       return {
         success: true,
         userId: session.user.id,
+        userName: session.user.name,
+        userEmail: session.user.email,
         authType: 'session',
       }
     }

apps/sim/lib/mcp/middleware.ts

@@ -11,6 +11,8 @@ export type McpPermissionLevel = 'read' | 'write' | 'admin'
 
 export interface McpAuthContext {
   userId: string
+  userName?: string | null
+  userEmail?: string | null
   workspaceId: string
   requestId: string
 }
@@ -114,6 +116,8 @@ async function validateMcpAuth(
       success: true,
       context: {
         userId: auth.userId,
+        userName: auth.userName,
+        userEmail: auth.userEmail,
         workspaceId,
         requestId,
       },

apps/sim/lib/oauth/microsoft.ts

@@ -2,6 +2,7 @@ export const MICROSOFT_REFRESH_TOKEN_LIFETIME_DAYS = 90
 export const PROACTIVE_REFRESH_THRESHOLD_DAYS = 7
 
 export const MICROSOFT_PROVIDERS = new Set([
+  'microsoft-dataverse',
   'microsoft-excel',
   'microsoft-planner',
   'microsoft-teams',

apps/sim/lib/oauth/oauth.ts

@@ -18,6 +18,7 @@ import {
   JiraIcon,
   LinearIcon,
   LinkedInIcon,
+  MicrosoftDataverseIcon,
   MicrosoftExcelIcon,
   MicrosoftIcon,
   MicrosoftOneDriveIcon,
@@ -154,6 +155,20 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
     name: 'Microsoft',
     icon: MicrosoftIcon,
     services: {
+      'microsoft-dataverse': {
+        name: 'Microsoft Dataverse',
+        description: 'Connect to Microsoft Dataverse and manage records.',
+        providerId: 'microsoft-dataverse',
+        icon: MicrosoftDataverseIcon,
+        baseProviderIcon: MicrosoftIcon,
+        scopes: [
+          'openid',
+          'profile',
+          'email',
+          'https://dynamics.microsoft.com/user_impersonation',
+          'offline_access',
+        ],
+      },
       'microsoft-excel': {
         name: 'Microsoft Excel',
         description: 'Connect to Microsoft Excel and manage spreadsheets.',

apps/sim/lib/oauth/types.ts

@@ -20,6 +20,7 @@ export type OAuthProvider =
   | 'jira'
   | 'dropbox'
   | 'microsoft'
+  | 'microsoft-dataverse'
   | 'microsoft-excel'
   | 'microsoft-planner'
   | 'microsoft-teams'
@@ -61,6 +62,7 @@ export type OAuthService =
   | 'notion'
   | 'jira'
   | 'dropbox'
+  | 'microsoft-dataverse'
   | 'microsoft-excel'
   | 'microsoft-teams'
   | 'microsoft-planner'

apps/sim/lib/workflows/persistence/duplicate.test.ts

@@ -0,0 +1,197 @@
+/**
+ * @vitest-environment node
+ */
+import { mockConsoleLogger, setupCommonApiMocks } from '@sim/testing'
+import { drizzleOrmMock } from '@sim/testing/mocks'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockAuthorizeWorkflowByWorkspacePermission = vi.fn()
+const mockGetUserEntityPermissions = vi.fn()
+
+const { mockDb } = vi.hoisted(() => ({
+  mockDb: {
+    transaction: vi.fn(),
+  },
+}))
+
+vi.mock('drizzle-orm', () => ({
+  ...drizzleOrmMock,
+  min: vi.fn((field) => ({ type: 'min', field })),
+}))
+vi.mock('@/lib/workflows/utils', () => ({
+  authorizeWorkflowByWorkspacePermission: (...args: unknown[]) =>
+    mockAuthorizeWorkflowByWorkspacePermission(...args),
+}))
+
+vi.mock('@/lib/workspaces/permissions/utils', () => ({
+  getUserEntityPermissions: (...args: unknown[]) => mockGetUserEntityPermissions(...args),
+}))
+
+vi.mock('@sim/db/schema', () => ({
+  workflow: {
+    id: 'id',
+    workspaceId: 'workspaceId',
+    folderId: 'folderId',
+    sortOrder: 'sortOrder',
+    variables: 'variables',
+  },
+  workflowFolder: {
+    workspaceId: 'workspaceId',
+    parentId: 'parentId',
+    sortOrder: 'sortOrder',
+  },
+  workflowBlocks: {
+    workflowId: 'workflowId',
+  },
+  workflowEdges: {
+    workflowId: 'workflowId',
+  },
+  workflowSubflows: {
+    workflowId: 'workflowId',
+  },
+}))
+
+vi.mock('@sim/db', () => ({
+  db: mockDb,
+}))
+
+import { duplicateWorkflow } from './duplicate'
+
+function createMockTx(
+  selectResults: unknown[],
+  onWorkflowInsert?: (values: Record<string, unknown>) => void
+) {
+  let selectCallCount = 0
+
+  const select = vi.fn().mockImplementation(() => ({
+    from: vi.fn().mockReturnValue({
+      where: vi.fn().mockImplementation(() => {
+        const result = selectResults[selectCallCount++] ?? []
+        if (selectCallCount === 1) {
+          return {
+            limit: vi.fn().mockResolvedValue(result),
+          }
+        }
+        return Promise.resolve(result)
+      }),
+    }),
+  }))
+
+  const insert = vi.fn().mockReturnValue({
+    values: vi.fn().mockImplementation((values: Record<string, unknown>) => {
+      onWorkflowInsert?.(values)
+      return Promise.resolve(undefined)
+    }),
+  })
+
+  const update = vi.fn().mockReturnValue({
+    set: vi.fn().mockReturnValue({
+      where: vi.fn().mockResolvedValue(undefined),
+    }),
+  })
+
+  return {
+    select,
+    insert,
+    update,
+  }
+}
+
+describe('duplicateWorkflow ordering', () => {
+  beforeEach(() => {
+    setupCommonApiMocks()
+    mockConsoleLogger()
+    vi.clearAllMocks()
+
+    vi.stubGlobal('crypto', {
+      randomUUID: vi.fn().mockReturnValue('new-workflow-id'),
+    })
+
+    mockAuthorizeWorkflowByWorkspacePermission.mockResolvedValue({ allowed: true })
+    mockGetUserEntityPermissions.mockResolvedValue('write')
+  })
+
+  it('uses mixed-sibling top insertion sort order', async () => {
+    let insertedWorkflowValues: Record<string, unknown> | null = null
+    const tx = createMockTx(
+      [
+        [
+          {
+            id: 'source-workflow-id',
+            workspaceId: 'workspace-123',
+            folderId: null,
+            description: 'source',
+            color: '#000000',
+            variables: {},
+          },
+        ],
+        [{ minOrder: 5 }],
+        [{ minOrder: 2 }],
+        [],
+        [],
+        [],
+      ],
+      (values) => {
+        insertedWorkflowValues = values
+      }
+    )
+
+    mockDb.transaction.mockImplementation(async (callback: (txArg: unknown) => Promise<unknown>) =>
+      callback(tx)
+    )
+
+    const result = await duplicateWorkflow({
+      sourceWorkflowId: 'source-workflow-id',
+      userId: 'user-123',
+      name: 'Duplicated',
+      workspaceId: 'workspace-123',
+      folderId: null,
+      requestId: 'req-1',
+    })
+
+    expect(result.sortOrder).toBe(1)
+    expect(insertedWorkflowValues?.sortOrder).toBe(1)
+  })
+
+  it('defaults to sortOrder 0 when target has no siblings', async () => {
+    let insertedWorkflowValues: Record<string, unknown> | null = null
+    const tx = createMockTx(
+      [
+        [
+          {
+            id: 'source-workflow-id',
+            workspaceId: 'workspace-123',
+            folderId: null,
+            description: 'source',
+            color: '#000000',
+            variables: {},
+          },
+        ],
+        [],
+        [],
+        [],
+        [],
+        [],
+      ],
+      (values) => {
+        insertedWorkflowValues = values
+      }
+    )
+
+    mockDb.transaction.mockImplementation(async (callback: (txArg: unknown) => Promise<unknown>) =>
+      callback(tx)
+    )
+
+    const result = await duplicateWorkflow({
+      sourceWorkflowId: 'source-workflow-id',
+      userId: 'user-123',
+      name: 'Duplicated',
+      workspaceId: 'workspace-123',
+      folderId: null,
+      requestId: 'req-2',
+    })
+
+    expect(result.sortOrder).toBe(0)
+    expect(insertedWorkflowValues?.sortOrder).toBe(0)
+  })
+})

apps/sim/lib/workflows/persistence/duplicate.ts

@@ -1,5 +1,11 @@
 import { db } from '@sim/db'
-import { workflow, workflowBlocks, workflowEdges, workflowSubflows } from '@sim/db/schema'
+import {
+  workflow,
+  workflowBlocks,
+  workflowEdges,
+  workflowFolder,
+  workflowSubflows,
+} from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, isNull, min } from 'drizzle-orm'
 import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
@@ -132,15 +138,31 @@ export async function duplicateWorkflow(
       throw new Error('Write or admin access required for target workspace')
     }
     const targetFolderId = folderId !== undefined ? folderId : source.folderId
-    const folderCondition = targetFolderId
+    const workflowParentCondition = targetFolderId
       ? eq(workflow.folderId, targetFolderId)
       : isNull(workflow.folderId)
+    const folderParentCondition = targetFolderId
+      ? eq(workflowFolder.parentId, targetFolderId)
+      : isNull(workflowFolder.parentId)
 
-    const [minResult] = await tx
+    const [[workflowMinResult], [folderMinResult]] = await Promise.all([
-      .select({ minOrder: min(workflow.sortOrder) })
+      tx
-      .from(workflow)
+        .select({ minOrder: min(workflow.sortOrder) })
-      .where(and(eq(workflow.workspaceId, targetWorkspaceId), folderCondition))
+        .from(workflow)
-    const sortOrder = (minResult?.minOrder ?? 1) - 1
+        .where(and(eq(workflow.workspaceId, targetWorkspaceId), workflowParentCondition)),
+      tx
+        .select({ minOrder: min(workflowFolder.sortOrder) })
+        .from(workflowFolder)
+        .where(and(eq(workflowFolder.workspaceId, targetWorkspaceId), folderParentCondition)),
+    ])
+    const minSortOrder = [workflowMinResult?.minOrder, folderMinResult?.minOrder].reduce<
+      number | null
+    >((currentMin, candidate) => {
+      if (candidate == null) return currentMin
+      if (currentMin == null) return candidate
+      return Math.min(currentMin, candidate)
+    }, null)
+    const sortOrder = minSortOrder != null ? minSortOrder - 1 : 0
 
     // Mapping from old variable IDs to new variable IDs (populated during variable duplication)
     const varIdMapping = new Map<string, string>()

apps/sim/next.config.ts

@@ -1,6 +1,6 @@
 import type { NextConfig } from 'next'
 import { env, getEnv, isTruthy } from './lib/core/config/env'
-import { isDev, isHosted } from './lib/core/config/feature-flags'
+import { isDev } from './lib/core/config/feature-flags'
 import {
   getFormEmbedCSPPolicy,
   getMainCSPPolicy,
@@ -306,34 +306,15 @@ const nextConfig: NextConfig = {
       }
     )
 
-    // Only enable domain redirects for the hosted version
+    return redirects
-    if (isHosted) {
+  },
-      redirects.push(
+  async rewrites() {
-        {
+    return [
-          source: '/((?!api|_next|_vercel|favicon|static|ingest|.*\\..*).*)',
+      {
-          destination: 'https://www.sim.ai/$1',
-          permanent: true,
-          has: [{ type: 'host' as const, value: 'simstudio.ai' }],
-        },
-        {
-          source: '/((?!api|_next|_vercel|favicon|static|ingest|.*\\..*).*)',
-          destination: 'https://www.sim.ai/$1',
-          permanent: true,
-          has: [{ type: 'host' as const, value: 'www.simstudio.ai' }],
-        }
-      )
-    }
-
-    // Beluga campaign short link tracking
-    if (isHosted) {
-      redirects.push({
         source: '/r/:shortCode',
         destination: 'https://go.trybeluga.ai/:shortCode',
-        permanent: false,
+      },
-      })
+    ]
-    }
-
-    return redirects
   },
 }
 

apps/sim/package.json

@@ -125,7 +125,7 @@
     "mysql2": "3.14.3",
     "nanoid": "^3.3.7",
     "neo4j-driver": "6.0.1",
-    "next": "16.1.0-canary.21",
+    "next": "16.1.6",
     "next-mdx-remote": "^5.0.0",
     "next-runtime-env": "3.3.0",
     "next-themes": "^0.4.6",
@@ -208,8 +208,8 @@
     "sharp"
   ],
   "overrides": {
-    "next": "16.1.0-canary.21",
+    "next": "16.1.6",
-    "@next/env": "16.1.0-canary.21",
+    "@next/env": "16.1.6",
     "drizzle-orm": "^0.44.5",
     "postgres": "^3.4.5"
   }

apps/sim/tools/cloudflare/create_dns_record.ts

@@ -0,0 +1,211 @@
+import type {
+  CloudflareCreateDnsRecordParams,
+  CloudflareCreateDnsRecordResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const createDnsRecordTool: ToolConfig<
+  CloudflareCreateDnsRecordParams,
+  CloudflareCreateDnsRecordResponse
+> = {
+  id: 'cloudflare_create_dns_record',
+  name: 'Cloudflare Create DNS Record',
+  description: 'Creates a new DNS record for a zone.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to create the DNS record in',
+    },
+    type: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'DNS record type (e.g., "A", "AAAA", "CNAME", "MX", "TXT", "NS", "SRV")',
+    },
+    name: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'DNS record name (e.g., "example.com" or "subdomain.example.com")',
+    },
+    content: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'DNS record content (e.g., IP address for A records, target for CNAME)',
+    },
+    ttl: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Time to live in seconds (1 = automatic, default: 1)',
+    },
+    proxied: {
+      type: 'boolean',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Whether to enable Cloudflare proxy (default: false)',
+    },
+    priority: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Priority for MX and SRV records',
+    },
+    comment: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comment for the DNS record',
+    },
+    tags: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comma-separated tags for the DNS record',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/dns_records`,
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+    body: (params) => {
+      const body: Record<string, any> = {
+        type: params.type,
+        name: params.name,
+        content: params.content,
+      }
+      if (params.ttl !== undefined) body.ttl = Number(params.ttl)
+      if (params.proxied !== undefined) body.proxied = params.proxied
+      if (params.priority !== undefined) body.priority = Number(params.priority)
+      if (params.comment) body.comment = params.comment
+      if (params.tags) {
+        const tagList = String(params.tags)
+          .split(',')
+          .map((t) => t.trim())
+          .filter(Boolean)
+        if (tagList.length > 0) body.tags = tagList
+      }
+      return body
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: {
+          id: '',
+          zone_id: '',
+          zone_name: '',
+          type: '',
+          name: '',
+          content: '',
+          proxiable: false,
+          proxied: false,
+          ttl: 0,
+          locked: false,
+          priority: undefined,
+          comment: null,
+          tags: [],
+          comment_modified_on: null,
+          tags_modified_on: null,
+          meta: null,
+          created_on: '',
+          modified_on: '',
+        },
+        error: data.errors?.[0]?.message ?? 'Failed to create DNS record',
+      }
+    }
+
+    const record = data.result
+    return {
+      success: true,
+      output: {
+        id: record?.id ?? '',
+        zone_id: record?.zone_id ?? '',
+        zone_name: record?.zone_name ?? '',
+        type: record?.type ?? '',
+        name: record?.name ?? '',
+        content: record?.content ?? '',
+        proxiable: record?.proxiable ?? false,
+        proxied: record?.proxied ?? false,
+        ttl: record?.ttl ?? 0,
+        locked: record?.locked ?? false,
+        priority: record?.priority ?? null,
+        comment: record?.comment ?? null,
+        tags: record?.tags ?? [],
+        comment_modified_on: record?.comment_modified_on ?? null,
+        tags_modified_on: record?.tags_modified_on ?? null,
+        meta: record?.meta ?? null,
+        created_on: record?.created_on ?? '',
+        modified_on: record?.modified_on ?? '',
+      },
+    }
+  },
+
+  outputs: {
+    id: { type: 'string', description: 'Unique identifier for the created DNS record' },
+    zone_id: { type: 'string', description: 'The ID of the zone the record belongs to' },
+    zone_name: { type: 'string', description: 'The name of the zone' },
+    type: { type: 'string', description: 'DNS record type (A, AAAA, CNAME, MX, TXT, etc.)' },
+    name: { type: 'string', description: 'DNS record hostname' },
+    content: {
+      type: 'string',
+      description: 'DNS record value (e.g., IP address, target hostname)',
+    },
+    proxiable: {
+      type: 'boolean',
+      description: 'Whether the record can be proxied through Cloudflare',
+    },
+    proxied: { type: 'boolean', description: 'Whether Cloudflare proxy is enabled' },
+    ttl: { type: 'number', description: 'Time to live in seconds (1 = automatic)' },
+    locked: { type: 'boolean', description: 'Whether the record is locked' },
+    priority: { type: 'number', description: 'Priority for MX and SRV records', optional: true },
+    comment: { type: 'string', description: 'Comment associated with the record', optional: true },
+    tags: {
+      type: 'array',
+      description: 'Tags associated with the record',
+      items: { type: 'string', description: 'Tag value' },
+    },
+    comment_modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when the comment was last modified',
+      optional: true,
+    },
+    tags_modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when tags were last modified',
+      optional: true,
+    },
+    meta: {
+      type: 'object',
+      description: 'Record metadata',
+      optional: true,
+      properties: {
+        source: { type: 'string', description: 'Source of the DNS record' },
+      },
+    },
+    created_on: { type: 'string', description: 'ISO 8601 timestamp when the record was created' },
+    modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when the record was last modified',
+    },
+  },
+}

apps/sim/tools/cloudflare/create_zone.ts

@@ -0,0 +1,253 @@
+import type {
+  CloudflareCreateZoneParams,
+  CloudflareCreateZoneResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const createZoneTool: ToolConfig<CloudflareCreateZoneParams, CloudflareCreateZoneResponse> =
+  {
+    id: 'cloudflare_create_zone',
+    name: 'Cloudflare Create Zone',
+    description: 'Adds a new zone (domain) to the Cloudflare account.',
+    version: '1.0.0',
+
+    params: {
+      name: {
+        type: 'string',
+        required: true,
+        visibility: 'user-or-llm',
+        description: 'The domain name to add (e.g., "example.com")',
+      },
+      accountId: {
+        type: 'string',
+        required: true,
+        visibility: 'user-or-llm',
+        description: 'The Cloudflare account ID',
+      },
+      type: {
+        type: 'string',
+        required: false,
+        visibility: 'user-or-llm',
+        description:
+          'Zone type: "full" (Cloudflare manages DNS), "partial" (CNAME setup), or "secondary" (secondary DNS)',
+      },
+      jump_start: {
+        type: 'boolean',
+        required: false,
+        visibility: 'user-or-llm',
+        description: 'Automatically attempt to fetch existing DNS records when creating the zone',
+      },
+      apiKey: {
+        type: 'string',
+        required: true,
+        visibility: 'user-only',
+        description: 'Cloudflare API Token',
+      },
+    },
+
+    request: {
+      url: 'https://api.cloudflare.com/client/v4/zones',
+      method: 'POST',
+      headers: (params) => ({
+        Authorization: `Bearer ${params.apiKey}`,
+        'Content-Type': 'application/json',
+      }),
+      body: (params) => {
+        const body: Record<string, any> = {
+          name: params.name,
+          account: { id: params.accountId },
+        }
+        if (params.type) body.type = params.type
+        if (params.jump_start !== undefined) body.jump_start = params.jump_start
+        return body
+      },
+    },
+
+    transformResponse: async (response: Response) => {
+      const data = await response.json()
+
+      if (!data.success) {
+        return {
+          success: false,
+          output: {
+            id: '',
+            name: '',
+            status: '',
+            paused: false,
+            type: '',
+            name_servers: [],
+            original_name_servers: [],
+            created_on: '',
+            modified_on: '',
+            activated_on: '',
+            development_mode: 0,
+            plan: {
+              id: '',
+              name: '',
+              price: 0,
+              is_subscribed: false,
+              frequency: '',
+              currency: '',
+              legacy_id: '',
+            },
+            account: { id: '', name: '' },
+            owner: { id: '', name: '', type: '' },
+            meta: {
+              cdn_only: false,
+              custom_certificate_quota: 0,
+              dns_only: false,
+              foundation_dns: false,
+              page_rule_quota: 0,
+              phishing_detected: false,
+              step: 0,
+            },
+            vanity_name_servers: [],
+            permissions: [],
+          },
+          error: data.errors?.[0]?.message ?? 'Failed to create zone',
+        }
+      }
+
+      const zone = data.result
+      return {
+        success: true,
+        output: {
+          id: zone?.id ?? '',
+          name: zone?.name ?? '',
+          status: zone?.status ?? '',
+          paused: zone?.paused ?? false,
+          type: zone?.type ?? '',
+          name_servers: zone?.name_servers ?? [],
+          original_name_servers: zone?.original_name_servers ?? [],
+          created_on: zone?.created_on ?? '',
+          modified_on: zone?.modified_on ?? '',
+          activated_on: zone?.activated_on ?? '',
+          development_mode: zone?.development_mode ?? 0,
+          plan: {
+            id: zone?.plan?.id ?? '',
+            name: zone?.plan?.name ?? '',
+            price: zone?.plan?.price ?? 0,
+            is_subscribed: zone?.plan?.is_subscribed ?? false,
+            frequency: zone?.plan?.frequency ?? '',
+            currency: zone?.plan?.currency ?? '',
+            legacy_id: zone?.plan?.legacy_id ?? '',
+          },
+          account: {
+            id: zone?.account?.id ?? '',
+            name: zone?.account?.name ?? '',
+          },
+          owner: {
+            id: zone?.owner?.id ?? '',
+            name: zone?.owner?.name ?? '',
+            type: zone?.owner?.type ?? '',
+          },
+          meta: {
+            cdn_only: zone?.meta?.cdn_only ?? false,
+            custom_certificate_quota: zone?.meta?.custom_certificate_quota ?? 0,
+            dns_only: zone?.meta?.dns_only ?? false,
+            foundation_dns: zone?.meta?.foundation_dns ?? false,
+            page_rule_quota: zone?.meta?.page_rule_quota ?? 0,
+            phishing_detected: zone?.meta?.phishing_detected ?? false,
+            step: zone?.meta?.step ?? 0,
+          },
+          vanity_name_servers: zone?.vanity_name_servers ?? [],
+          permissions: zone?.permissions ?? [],
+        },
+      }
+    },
+
+    outputs: {
+      id: { type: 'string', description: 'Created zone ID' },
+      name: { type: 'string', description: 'Domain name' },
+      status: {
+        type: 'string',
+        description: 'Zone status (initializing, pending, active, moved)',
+      },
+      paused: { type: 'boolean', description: 'Whether the zone is paused' },
+      type: { type: 'string', description: 'Zone type (full, partial, or secondary)' },
+      name_servers: {
+        type: 'array',
+        description: 'Assigned Cloudflare name servers',
+        items: { type: 'string', description: 'Name server hostname' },
+      },
+      original_name_servers: {
+        type: 'array',
+        description: 'Original name servers before moving to Cloudflare',
+        items: { type: 'string', description: 'Name server hostname' },
+        optional: true,
+      },
+      created_on: { type: 'string', description: 'ISO 8601 date when the zone was created' },
+      modified_on: {
+        type: 'string',
+        description: 'ISO 8601 date when the zone was last modified',
+      },
+      activated_on: {
+        type: 'string',
+        description: 'ISO 8601 date when the zone was activated',
+        optional: true,
+      },
+      development_mode: {
+        type: 'number',
+        description: 'Seconds remaining in development mode (0 = off)',
+      },
+      plan: {
+        type: 'object',
+        description: 'Zone plan information',
+        properties: {
+          id: { type: 'string', description: 'Plan identifier' },
+          name: { type: 'string', description: 'Plan name' },
+          price: { type: 'number', description: 'Plan price' },
+          is_subscribed: {
+            type: 'boolean',
+            description: 'Whether the zone is subscribed to the plan',
+          },
+          frequency: { type: 'string', description: 'Plan billing frequency' },
+          currency: { type: 'string', description: 'Plan currency' },
+          legacy_id: { type: 'string', description: 'Legacy plan identifier' },
+        },
+      },
+      account: {
+        type: 'object',
+        description: 'Account the zone belongs to',
+        properties: {
+          id: { type: 'string', description: 'Account identifier' },
+          name: { type: 'string', description: 'Account name' },
+        },
+      },
+      owner: {
+        type: 'object',
+        description: 'Zone owner information',
+        properties: {
+          id: { type: 'string', description: 'Owner identifier' },
+          name: { type: 'string', description: 'Owner name' },
+          type: { type: 'string', description: 'Owner type' },
+        },
+      },
+      meta: {
+        type: 'object',
+        description: 'Zone metadata',
+        properties: {
+          cdn_only: { type: 'boolean', description: 'Whether the zone is CDN only' },
+          custom_certificate_quota: { type: 'number', description: 'Custom certificate quota' },
+          dns_only: { type: 'boolean', description: 'Whether the zone is DNS only' },
+          foundation_dns: { type: 'boolean', description: 'Whether foundation DNS is enabled' },
+          page_rule_quota: { type: 'number', description: 'Page rule quota' },
+          phishing_detected: { type: 'boolean', description: 'Whether phishing was detected' },
+          step: { type: 'number', description: 'Current setup step' },
+        },
+        optional: true,
+      },
+      vanity_name_servers: {
+        type: 'array',
+        description: 'Custom vanity name servers',
+        items: { type: 'string', description: 'Vanity name server hostname' },
+        optional: true,
+      },
+      permissions: {
+        type: 'array',
+        description: 'User permissions for the zone',
+        items: { type: 'string', description: 'Permission string' },
+        optional: true,
+      },
+    },
+  }

apps/sim/tools/cloudflare/delete_dns_record.ts

@@ -0,0 +1,69 @@
+import type {
+  CloudflareDeleteDnsRecordParams,
+  CloudflareDeleteDnsRecordResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const deleteDnsRecordTool: ToolConfig<
+  CloudflareDeleteDnsRecordParams,
+  CloudflareDeleteDnsRecordResponse
+> = {
+  id: 'cloudflare_delete_dns_record',
+  name: 'Cloudflare Delete DNS Record',
+  description: 'Deletes a DNS record from a zone.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID containing the DNS record',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The DNS record ID to delete',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) =>
+      `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/dns_records/${params.recordId}`,
+    method: 'DELETE',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { id: '' },
+        error: data.errors?.[0]?.message ?? 'Failed to delete DNS record',
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        id: data.result?.id ?? '',
+      },
+    }
+  },
+
+  outputs: {
+    id: { type: 'string', description: 'Deleted record ID' },
+  },
+}

apps/sim/tools/cloudflare/delete_zone.ts

@@ -0,0 +1,60 @@
+import type {
+  CloudflareDeleteZoneParams,
+  CloudflareDeleteZoneResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const deleteZoneTool: ToolConfig<CloudflareDeleteZoneParams, CloudflareDeleteZoneResponse> =
+  {
+    id: 'cloudflare_delete_zone',
+    name: 'Cloudflare Delete Zone',
+    description: 'Deletes a zone (domain) from the Cloudflare account.',
+    version: '1.0.0',
+
+    params: {
+      zoneId: {
+        type: 'string',
+        required: true,
+        visibility: 'user-or-llm',
+        description: 'The zone ID to delete',
+      },
+      apiKey: {
+        type: 'string',
+        required: true,
+        visibility: 'user-only',
+        description: 'Cloudflare API Token',
+      },
+    },
+
+    request: {
+      url: (params) => `https://api.cloudflare.com/client/v4/zones/${params.zoneId}`,
+      method: 'DELETE',
+      headers: (params) => ({
+        Authorization: `Bearer ${params.apiKey}`,
+        'Content-Type': 'application/json',
+      }),
+    },
+
+    transformResponse: async (response: Response) => {
+      const data = await response.json()
+
+      if (!data.success) {
+        return {
+          success: false,
+          output: { id: '' },
+          error: data.errors?.[0]?.message ?? 'Failed to delete zone',
+        }
+      }
+
+      return {
+        success: true,
+        output: {
+          id: data.result?.id ?? '',
+        },
+      }
+    },
+
+    outputs: {
+      id: { type: 'string', description: 'Deleted zone ID' },
+    },
+  }

apps/sim/tools/cloudflare/dns_analytics.ts

@@ -0,0 +1,346 @@
+import type {
+  CloudflareDnsAnalyticsParams,
+  CloudflareDnsAnalyticsResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const dnsAnalyticsTool: ToolConfig<
+  CloudflareDnsAnalyticsParams,
+  CloudflareDnsAnalyticsResponse
+> = {
+  id: 'cloudflare_dns_analytics',
+  name: 'Cloudflare DNS Analytics',
+  description: 'Gets DNS analytics report for a zone including query counts and trends.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to get DNS analytics for',
+    },
+    since: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Start date for analytics (ISO 8601, e.g., "2024-01-01T00:00:00Z") or relative (e.g., "-6h")',
+    },
+    until: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'End date for analytics (ISO 8601, e.g., "2024-01-31T23:59:59Z") or relative (e.g., "now")',
+    },
+    metrics: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Comma-separated metrics to retrieve (e.g., "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedian,responseTime90th,responseTime99th")',
+    },
+    dimensions: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Comma-separated dimensions to group by (e.g., "queryName,queryType,responseCode,responseCached,coloName,origin,dayOfWeek,tcp,ipVersion,querySizeBucket,responseSizeBucket")',
+    },
+    filters: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filters to apply to the data (e.g., "queryType==A")',
+    },
+    sort: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Sort order for the result set. Fields must be included in metrics or dimensions (e.g., "+queryCount" or "-responseTimeAvg")',
+    },
+    limit: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Maximum number of results to return',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const url = new URL(
+        `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/dns_analytics/report`
+      )
+      if (params.since) url.searchParams.append('since', params.since)
+      if (params.until) url.searchParams.append('until', params.until)
+      if (params.metrics) url.searchParams.append('metrics', params.metrics)
+      if (params.dimensions) url.searchParams.append('dimensions', params.dimensions)
+      if (params.filters) url.searchParams.append('filters', params.filters)
+      if (params.sort) url.searchParams.append('sort', params.sort)
+      if (params.limit) url.searchParams.append('limit', String(params.limit))
+      return url.toString()
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: {
+          totals: {
+            queryCount: 0,
+            uncachedCount: 0,
+            staleCount: 0,
+            responseTimeAvg: 0,
+            responseTimeMedian: 0,
+            responseTime90th: 0,
+            responseTime99th: 0,
+          },
+          min: {
+            queryCount: 0,
+            uncachedCount: 0,
+            staleCount: 0,
+            responseTimeAvg: 0,
+            responseTimeMedian: 0,
+            responseTime90th: 0,
+            responseTime99th: 0,
+          },
+          max: {
+            queryCount: 0,
+            uncachedCount: 0,
+            staleCount: 0,
+            responseTimeAvg: 0,
+            responseTimeMedian: 0,
+            responseTime90th: 0,
+            responseTime99th: 0,
+          },
+          data: [],
+          data_lag: 0,
+          rows: 0,
+          query: {
+            since: '',
+            until: '',
+            metrics: [],
+            dimensions: [],
+            filters: '',
+            sort: [],
+            limit: 0,
+          },
+        },
+        error: data.errors?.[0]?.message ?? 'Failed to get DNS analytics',
+      }
+    }
+
+    const result = data.result
+    return {
+      success: true,
+      output: {
+        totals: {
+          queryCount: result?.totals?.queryCount ?? 0,
+          uncachedCount: result?.totals?.uncachedCount ?? 0,
+          staleCount: result?.totals?.staleCount ?? 0,
+          responseTimeAvg: result?.totals?.responseTimeAvg ?? 0,
+          responseTimeMedian: result?.totals?.responseTimeMedian ?? 0,
+          responseTime90th: result?.totals?.responseTime90th ?? 0,
+          responseTime99th: result?.totals?.responseTime99th ?? 0,
+        },
+        min: {
+          queryCount: result?.min?.queryCount ?? 0,
+          uncachedCount: result?.min?.uncachedCount ?? 0,
+          staleCount: result?.min?.staleCount ?? 0,
+          responseTimeAvg: result?.min?.responseTimeAvg ?? 0,
+          responseTimeMedian: result?.min?.responseTimeMedian ?? 0,
+          responseTime90th: result?.min?.responseTime90th ?? 0,
+          responseTime99th: result?.min?.responseTime99th ?? 0,
+        },
+        max: {
+          queryCount: result?.max?.queryCount ?? 0,
+          uncachedCount: result?.max?.uncachedCount ?? 0,
+          staleCount: result?.max?.staleCount ?? 0,
+          responseTimeAvg: result?.max?.responseTimeAvg ?? 0,
+          responseTimeMedian: result?.max?.responseTimeMedian ?? 0,
+          responseTime90th: result?.max?.responseTime90th ?? 0,
+          responseTime99th: result?.max?.responseTime99th ?? 0,
+        },
+        data:
+          result?.data?.map((entry: any) => ({
+            dimensions: entry.dimensions ?? [],
+            metrics: entry.metrics ?? [],
+          })) ?? [],
+        data_lag: result?.data_lag ?? 0,
+        rows: result?.rows ?? 0,
+        query: {
+          since: result?.query?.since ?? '',
+          until: result?.query?.until ?? '',
+          metrics: result?.query?.metrics ?? [],
+          dimensions: result?.query?.dimensions ?? [],
+          filters: result?.query?.filters ?? '',
+          sort: result?.query?.sort ?? [],
+          limit: result?.query?.limit ?? 0,
+        },
+      },
+    }
+  },
+
+  outputs: {
+    totals: {
+      type: 'object',
+      description: 'Aggregate DNS analytics totals for the entire queried period',
+      properties: {
+        queryCount: { type: 'number', description: 'Total number of DNS queries' },
+        uncachedCount: { type: 'number', description: 'Number of uncached DNS queries' },
+        staleCount: { type: 'number', description: 'Number of stale DNS queries' },
+        responseTimeAvg: {
+          type: 'number',
+          description: 'Average response time in milliseconds',
+          optional: true,
+        },
+        responseTimeMedian: {
+          type: 'number',
+          description: 'Median response time in milliseconds',
+          optional: true,
+        },
+        responseTime90th: {
+          type: 'number',
+          description: '90th percentile response time in milliseconds',
+          optional: true,
+        },
+        responseTime99th: {
+          type: 'number',
+          description: '99th percentile response time in milliseconds',
+          optional: true,
+        },
+      },
+    },
+    min: {
+      type: 'object',
+      description: 'Minimum values across the analytics period',
+      optional: true,
+      properties: {
+        queryCount: { type: 'number', description: 'Minimum number of DNS queries' },
+        uncachedCount: { type: 'number', description: 'Minimum number of uncached DNS queries' },
+        staleCount: { type: 'number', description: 'Minimum number of stale DNS queries' },
+        responseTimeAvg: {
+          type: 'number',
+          description: 'Minimum average response time in milliseconds',
+          optional: true,
+        },
+        responseTimeMedian: {
+          type: 'number',
+          description: 'Minimum median response time in milliseconds',
+          optional: true,
+        },
+        responseTime90th: {
+          type: 'number',
+          description: 'Minimum 90th percentile response time in milliseconds',
+          optional: true,
+        },
+        responseTime99th: {
+          type: 'number',
+          description: 'Minimum 99th percentile response time in milliseconds',
+          optional: true,
+        },
+      },
+    },
+    max: {
+      type: 'object',
+      description: 'Maximum values across the analytics period',
+      optional: true,
+      properties: {
+        queryCount: { type: 'number', description: 'Maximum number of DNS queries' },
+        uncachedCount: { type: 'number', description: 'Maximum number of uncached DNS queries' },
+        staleCount: { type: 'number', description: 'Maximum number of stale DNS queries' },
+        responseTimeAvg: {
+          type: 'number',
+          description: 'Maximum average response time in milliseconds',
+          optional: true,
+        },
+        responseTimeMedian: {
+          type: 'number',
+          description: 'Maximum median response time in milliseconds',
+          optional: true,
+        },
+        responseTime90th: {
+          type: 'number',
+          description: 'Maximum 90th percentile response time in milliseconds',
+          optional: true,
+        },
+        responseTime99th: {
+          type: 'number',
+          description: 'Maximum 99th percentile response time in milliseconds',
+          optional: true,
+        },
+      },
+    },
+    data: {
+      type: 'array',
+      description: 'Raw analytics data rows returned by the Cloudflare DNS analytics report',
+      items: {
+        type: 'object',
+        properties: {
+          dimensions: {
+            type: 'array',
+            description:
+              'Dimension values for this data row, parallel to the requested dimensions list',
+            items: { type: 'string', description: 'Dimension value' },
+          },
+          metrics: {
+            type: 'array',
+            description: 'Metric values for this data row, parallel to the requested metrics list',
+            items: { type: 'number', description: 'Metric value' },
+          },
+        },
+      },
+    },
+    data_lag: {
+      type: 'number',
+      description: 'Processing lag in seconds before analytics data becomes available',
+    },
+    rows: {
+      type: 'number',
+      description: 'Total number of rows in the result set',
+    },
+    query: {
+      type: 'object',
+      description: 'Echo of the query parameters sent to the API',
+      optional: true,
+      properties: {
+        since: { type: 'string', description: 'Start date of the analytics query' },
+        until: { type: 'string', description: 'End date of the analytics query' },
+        metrics: {
+          type: 'array',
+          description: 'Metrics requested in the query',
+          items: { type: 'string', description: 'Metric name' },
+        },
+        dimensions: {
+          type: 'array',
+          description: 'Dimensions requested in the query',
+          items: { type: 'string', description: 'Dimension name' },
+        },
+        filters: { type: 'string', description: 'Filters applied to the query' },
+        sort: {
+          type: 'array',
+          description: 'Sort order applied to the query',
+          items: { type: 'string', description: 'Sort field with direction prefix' },
+        },
+        limit: { type: 'number', description: 'Maximum number of results requested' },
+      },
+    },
+  },
+}

apps/sim/tools/cloudflare/get_zone.ts

@@ -0,0 +1,218 @@
+import type { CloudflareGetZoneParams, CloudflareGetZoneResponse } from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const getZoneTool: ToolConfig<CloudflareGetZoneParams, CloudflareGetZoneResponse> = {
+  id: 'cloudflare_get_zone',
+  name: 'Cloudflare Get Zone',
+  description: 'Gets details for a specific zone (domain) by its ID.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to retrieve details for',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => `https://api.cloudflare.com/client/v4/zones/${params.zoneId}`,
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: {
+          id: '',
+          name: '',
+          status: '',
+          paused: false,
+          type: '',
+          name_servers: [],
+          original_name_servers: [],
+          created_on: '',
+          modified_on: '',
+          activated_on: '',
+          development_mode: 0,
+          plan: {
+            id: '',
+            name: '',
+            price: 0,
+            is_subscribed: false,
+            frequency: '',
+            currency: '',
+            legacy_id: '',
+          },
+          account: { id: '', name: '' },
+          owner: { id: '', name: '', type: '' },
+          meta: {
+            cdn_only: false,
+            custom_certificate_quota: 0,
+            dns_only: false,
+            foundation_dns: false,
+            page_rule_quota: 0,
+            phishing_detected: false,
+            step: 0,
+          },
+          vanity_name_servers: [],
+          permissions: [],
+        },
+        error: data.errors?.[0]?.message ?? 'Failed to get zone',
+      }
+    }
+
+    const zone = data.result
+    return {
+      success: true,
+      output: {
+        id: zone?.id ?? '',
+        name: zone?.name ?? '',
+        status: zone?.status ?? '',
+        paused: zone?.paused ?? false,
+        type: zone?.type ?? '',
+        name_servers: zone?.name_servers ?? [],
+        original_name_servers: zone?.original_name_servers ?? [],
+        created_on: zone?.created_on ?? '',
+        modified_on: zone?.modified_on ?? '',
+        activated_on: zone?.activated_on ?? '',
+        development_mode: zone?.development_mode ?? 0,
+        plan: {
+          id: zone?.plan?.id ?? '',
+          name: zone?.plan?.name ?? '',
+          price: zone?.plan?.price ?? 0,
+          is_subscribed: zone?.plan?.is_subscribed ?? false,
+          frequency: zone?.plan?.frequency ?? '',
+          currency: zone?.plan?.currency ?? '',
+          legacy_id: zone?.plan?.legacy_id ?? '',
+        },
+        account: {
+          id: zone?.account?.id ?? '',
+          name: zone?.account?.name ?? '',
+        },
+        owner: {
+          id: zone?.owner?.id ?? '',
+          name: zone?.owner?.name ?? '',
+          type: zone?.owner?.type ?? '',
+        },
+        meta: {
+          cdn_only: zone?.meta?.cdn_only ?? false,
+          custom_certificate_quota: zone?.meta?.custom_certificate_quota ?? 0,
+          dns_only: zone?.meta?.dns_only ?? false,
+          foundation_dns: zone?.meta?.foundation_dns ?? false,
+          page_rule_quota: zone?.meta?.page_rule_quota ?? 0,
+          phishing_detected: zone?.meta?.phishing_detected ?? false,
+          step: zone?.meta?.step ?? 0,
+        },
+        vanity_name_servers: zone?.vanity_name_servers ?? [],
+        permissions: zone?.permissions ?? [],
+      },
+    }
+  },
+
+  outputs: {
+    id: { type: 'string', description: 'Zone ID' },
+    name: { type: 'string', description: 'Domain name' },
+    status: {
+      type: 'string',
+      description: 'Zone status (initializing, pending, active, moved)',
+    },
+    paused: { type: 'boolean', description: 'Whether the zone is paused' },
+    type: { type: 'string', description: 'Zone type (full, partial, or secondary)' },
+    name_servers: {
+      type: 'array',
+      description: 'Assigned Cloudflare name servers',
+      items: { type: 'string', description: 'Name server hostname' },
+    },
+    original_name_servers: {
+      type: 'array',
+      description: 'Original name servers before moving to Cloudflare',
+      items: { type: 'string', description: 'Name server hostname' },
+      optional: true,
+    },
+    created_on: { type: 'string', description: 'ISO 8601 date when the zone was created' },
+    modified_on: { type: 'string', description: 'ISO 8601 date when the zone was last modified' },
+    activated_on: {
+      type: 'string',
+      description: 'ISO 8601 date when the zone was activated',
+      optional: true,
+    },
+    development_mode: {
+      type: 'number',
+      description: 'Seconds remaining in development mode (0 = off)',
+    },
+    plan: {
+      type: 'object',
+      description: 'Zone plan information',
+      properties: {
+        id: { type: 'string', description: 'Plan identifier' },
+        name: { type: 'string', description: 'Plan name' },
+        price: { type: 'number', description: 'Plan price' },
+        is_subscribed: {
+          type: 'boolean',
+          description: 'Whether the zone is subscribed to the plan',
+        },
+        frequency: { type: 'string', description: 'Plan billing frequency' },
+        currency: { type: 'string', description: 'Plan currency' },
+        legacy_id: { type: 'string', description: 'Legacy plan identifier' },
+      },
+    },
+    account: {
+      type: 'object',
+      description: 'Account the zone belongs to',
+      properties: {
+        id: { type: 'string', description: 'Account identifier' },
+        name: { type: 'string', description: 'Account name' },
+      },
+    },
+    owner: {
+      type: 'object',
+      description: 'Zone owner information',
+      properties: {
+        id: { type: 'string', description: 'Owner identifier' },
+        name: { type: 'string', description: 'Owner name' },
+        type: { type: 'string', description: 'Owner type' },
+      },
+    },
+    meta: {
+      type: 'object',
+      description: 'Zone metadata',
+      properties: {
+        cdn_only: { type: 'boolean', description: 'Whether the zone is CDN only' },
+        custom_certificate_quota: { type: 'number', description: 'Custom certificate quota' },
+        dns_only: { type: 'boolean', description: 'Whether the zone is DNS only' },
+        foundation_dns: { type: 'boolean', description: 'Whether foundation DNS is enabled' },
+        page_rule_quota: { type: 'number', description: 'Page rule quota' },
+        phishing_detected: { type: 'boolean', description: 'Whether phishing was detected' },
+        step: { type: 'number', description: 'Current setup step' },
+      },
+      optional: true,
+    },
+    vanity_name_servers: {
+      type: 'array',
+      description: 'Custom vanity name servers',
+      items: { type: 'string', description: 'Vanity name server hostname' },
+      optional: true,
+    },
+    permissions: {
+      type: 'array',
+      description: 'User permissions for the zone',
+      items: { type: 'string', description: 'Permission string' },
+      optional: true,
+    },
+  },
+}

apps/sim/tools/cloudflare/get_zone_settings.ts

@@ -0,0 +1,107 @@
+import type {
+  CloudflareGetZoneSettingsParams,
+  CloudflareGetZoneSettingsResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const getZoneSettingsTool: ToolConfig<
+  CloudflareGetZoneSettingsParams,
+  CloudflareGetZoneSettingsResponse
+> = {
+  id: 'cloudflare_get_zone_settings',
+  name: 'Cloudflare Get Zone Settings',
+  description:
+    'Gets all settings for a zone including SSL mode, minification, caching level, and security settings.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to get settings for',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/settings`,
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { settings: [] },
+        error: data.errors?.[0]?.message ?? 'Failed to get zone settings',
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        settings:
+          data.result?.map((setting: Record<string, unknown>) => ({
+            id: (setting.id as string) ?? '',
+            value:
+              typeof setting.value === 'object' && setting.value !== null
+                ? JSON.stringify(setting.value)
+                : String(setting.value ?? ''),
+            editable: (setting.editable as boolean) ?? false,
+            modified_on: (setting.modified_on as string) ?? '',
+            ...(setting.time_remaining != null
+              ? { time_remaining: setting.time_remaining as number }
+              : {}),
+          })) ?? [],
+      },
+    }
+  },
+
+  outputs: {
+    settings: {
+      type: 'array',
+      description: 'List of zone settings',
+      items: {
+        type: 'object',
+        properties: {
+          id: {
+            type: 'string',
+            description:
+              'Setting identifier (e.g., ssl, minify, cache_level, security_level, always_use_https)',
+          },
+          value: {
+            type: 'string',
+            description:
+              'Setting value as a string. Simple values returned as-is (e.g., "full", "on"). Complex values are JSON-stringified (e.g., \'{"css":"on","html":"on","js":"on"}\').',
+          },
+          editable: {
+            type: 'boolean',
+            description: 'Whether the setting can be modified for the current zone plan',
+          },
+          modified_on: {
+            type: 'string',
+            description: 'ISO 8601 timestamp when the setting was last modified',
+          },
+          time_remaining: {
+            type: 'number',
+            description:
+              'Seconds remaining until the setting can be modified again (only present for rate-limited settings)',
+            optional: true,
+          },
+        },
+      },
+    },
+  },
+}

apps/sim/tools/cloudflare/index.ts

@@ -0,0 +1,27 @@
+import { createDnsRecordTool } from '@/tools/cloudflare/create_dns_record'
+import { createZoneTool } from '@/tools/cloudflare/create_zone'
+import { deleteDnsRecordTool } from '@/tools/cloudflare/delete_dns_record'
+import { deleteZoneTool } from '@/tools/cloudflare/delete_zone'
+import { dnsAnalyticsTool } from '@/tools/cloudflare/dns_analytics'
+import { getZoneTool } from '@/tools/cloudflare/get_zone'
+import { getZoneSettingsTool } from '@/tools/cloudflare/get_zone_settings'
+import { listCertificatesTool } from '@/tools/cloudflare/list_certificates'
+import { listDnsRecordsTool } from '@/tools/cloudflare/list_dns_records'
+import { listZonesTool } from '@/tools/cloudflare/list_zones'
+import { purgeCacheTool } from '@/tools/cloudflare/purge_cache'
+import { updateDnsRecordTool } from '@/tools/cloudflare/update_dns_record'
+import { updateZoneSettingTool } from '@/tools/cloudflare/update_zone_setting'
+
+export const cloudflareCreateDnsRecordTool = createDnsRecordTool
+export const cloudflareCreateZoneTool = createZoneTool
+export const cloudflareDeleteDnsRecordTool = deleteDnsRecordTool
+export const cloudflareDeleteZoneTool = deleteZoneTool
+export const cloudflareDnsAnalyticsTool = dnsAnalyticsTool
+export const cloudflareGetZoneTool = getZoneTool
+export const cloudflareGetZoneSettingsTool = getZoneSettingsTool
+export const cloudflareListCertificatesTool = listCertificatesTool
+export const cloudflareListDnsRecordsTool = listDnsRecordsTool
+export const cloudflareListZonesTool = listZonesTool
+export const cloudflarePurgeCacheTool = purgeCacheTool
+export const cloudflareUpdateDnsRecordTool = updateDnsRecordTool
+export const cloudflareUpdateZoneSettingTool = updateZoneSettingTool

apps/sim/tools/cloudflare/list_certificates.ts

@@ -0,0 +1,302 @@
+import type {
+  CloudflareListCertificatesParams,
+  CloudflareListCertificatesResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const listCertificatesTool: ToolConfig<
+  CloudflareListCertificatesParams,
+  CloudflareListCertificatesResponse
+> = {
+  id: 'cloudflare_list_certificates',
+  name: 'Cloudflare List Certificates',
+  description: 'Lists SSL/TLS certificate packs for a zone.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to list certificates for',
+    },
+    status: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter certificate packs by status (e.g., "all", "active", "pending")',
+    },
+    page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Page number of paginated results (default: 1)',
+    },
+    per_page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Number of certificate packs per page (default: 20, min: 5, max: 50)',
+    },
+    deploy: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by deployment environment: "staging" or "production"',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const url = new URL(
+        `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/ssl/certificate_packs`
+      )
+      if (params.status) url.searchParams.append('status', params.status)
+      if (params.page) url.searchParams.append('page', String(params.page))
+      if (params.per_page) url.searchParams.append('per_page', String(params.per_page))
+      if (params.deploy) url.searchParams.append('deploy', params.deploy)
+      return url.toString()
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { certificates: [], total_count: 0 },
+        error: data.errors?.[0]?.message ?? 'Failed to list certificates',
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        certificates:
+          data.result?.map((cert: any) => ({
+            id: cert.id ?? '',
+            type: cert.type ?? '',
+            hosts: cert.hosts ?? [],
+            primary_certificate: cert.primary_certificate ?? '',
+            status: cert.status ?? '',
+            certificates:
+              cert.certificates?.map((c: any) => ({
+                id: c.id ?? '',
+                hosts: c.hosts ?? [],
+                issuer: c.issuer ?? '',
+                signature: c.signature ?? '',
+                status: c.status ?? '',
+                bundle_method: c.bundle_method ?? '',
+                zone_id: c.zone_id ?? '',
+                uploaded_on: c.uploaded_on ?? '',
+                modified_on: c.modified_on ?? '',
+                expires_on: c.expires_on ?? '',
+                priority: c.priority ?? 0,
+                geo_restrictions: c.geo_restrictions ?? undefined,
+              })) ?? [],
+            cloudflare_branding: cert.cloudflare_branding ?? false,
+            validation_method: cert.validation_method ?? '',
+            validity_days: cert.validity_days ?? 0,
+            certificate_authority: cert.certificate_authority ?? '',
+            validation_errors:
+              cert.validation_errors?.map((e: any) => ({
+                message: e.message ?? '',
+              })) ?? [],
+            validation_records:
+              cert.validation_records?.map((r: any) => ({
+                cname: r.cname ?? '',
+                cname_target: r.cname_target ?? '',
+                emails: r.emails ?? [],
+                http_body: r.http_body ?? '',
+                http_url: r.http_url ?? '',
+                status: r.status ?? '',
+                txt_name: r.txt_name ?? '',
+                txt_value: r.txt_value ?? '',
+              })) ?? [],
+            dcv_delegation_records:
+              cert.dcv_delegation_records?.map((r: any) => ({
+                cname: r.cname ?? '',
+                cname_target: r.cname_target ?? '',
+                emails: r.emails ?? [],
+                http_body: r.http_body ?? '',
+                http_url: r.http_url ?? '',
+                status: r.status ?? '',
+                txt_name: r.txt_name ?? '',
+                txt_value: r.txt_value ?? '',
+              })) ?? [],
+          })) ?? [],
+        total_count: data.result_info?.total_count ?? data.result?.length ?? 0,
+      },
+    }
+  },
+
+  outputs: {
+    certificates: {
+      type: 'array',
+      description: 'List of SSL/TLS certificate packs',
+      items: {
+        type: 'object',
+        properties: {
+          id: { type: 'string', description: 'Certificate pack ID' },
+          type: { type: 'string', description: 'Certificate type (e.g., "universal", "advanced")' },
+          hosts: {
+            type: 'array',
+            description: 'Hostnames covered by this certificate pack',
+            items: {
+              type: 'string',
+              description: 'Hostname',
+            },
+          },
+          primary_certificate: {
+            type: 'string',
+            description: 'ID of the primary certificate in the pack',
+            optional: true,
+          },
+          status: {
+            type: 'string',
+            description: 'Certificate pack status (e.g., "active", "pending")',
+          },
+          certificates: {
+            type: 'array',
+            description: 'Individual certificates within the pack',
+            items: {
+              type: 'object',
+              properties: {
+                id: { type: 'string', description: 'Certificate ID' },
+                hosts: {
+                  type: 'array',
+                  description: 'Hostnames covered by this certificate',
+                  items: { type: 'string', description: 'Hostname' },
+                },
+                issuer: { type: 'string', description: 'Certificate issuer' },
+                signature: {
+                  type: 'string',
+                  description: 'Signature algorithm (e.g., "ECDSAWithSHA256")',
+                },
+                status: { type: 'string', description: 'Certificate status' },
+                bundle_method: {
+                  type: 'string',
+                  description: 'Bundle method (e.g., "ubiquitous")',
+                },
+                zone_id: { type: 'string', description: 'Zone ID the certificate belongs to' },
+                uploaded_on: { type: 'string', description: 'Upload date (ISO 8601)' },
+                modified_on: { type: 'string', description: 'Last modified date (ISO 8601)' },
+                expires_on: { type: 'string', description: 'Expiration date (ISO 8601)' },
+                priority: {
+                  type: 'number',
+                  description: 'Certificate priority order',
+                  optional: true,
+                },
+                geo_restrictions: {
+                  type: 'object',
+                  description: 'Geographic restrictions for the certificate',
+                  optional: true,
+                  properties: {
+                    label: {
+                      type: 'string',
+                      description: 'Geographic restriction label',
+                    },
+                  },
+                },
+              },
+            },
+          },
+          cloudflare_branding: {
+            type: 'boolean',
+            description: 'Whether Cloudflare branding is enabled on the certificate',
+            optional: true,
+          },
+          validation_method: {
+            type: 'string',
+            description: 'Validation method (e.g., "txt", "http", "cname")',
+            optional: true,
+          },
+          validity_days: {
+            type: 'number',
+            description: 'Validity period in days',
+            optional: true,
+          },
+          certificate_authority: {
+            type: 'string',
+            description: 'Certificate authority (e.g., "lets_encrypt", "google")',
+            optional: true,
+          },
+          validation_errors: {
+            type: 'array',
+            description: 'Validation issues for the certificate pack',
+            optional: true,
+            items: {
+              type: 'object',
+              properties: {
+                message: {
+                  type: 'string',
+                  description: 'Validation error message',
+                },
+              },
+            },
+          },
+          validation_records: {
+            type: 'array',
+            description: 'Validation records for the certificate pack',
+            optional: true,
+            items: {
+              type: 'object',
+              properties: {
+                cname: { type: 'string', description: 'CNAME record name' },
+                cname_target: { type: 'string', description: 'CNAME record target' },
+                emails: {
+                  type: 'array',
+                  description: 'Email addresses for validation',
+                  items: { type: 'string', description: 'Email address' },
+                },
+                http_body: { type: 'string', description: 'HTTP validation body content' },
+                http_url: { type: 'string', description: 'HTTP validation URL' },
+                status: { type: 'string', description: 'Validation record status' },
+                txt_name: { type: 'string', description: 'TXT record name' },
+                txt_value: { type: 'string', description: 'TXT record value' },
+              },
+            },
+          },
+          dcv_delegation_records: {
+            type: 'array',
+            description: 'Domain control validation delegation records',
+            optional: true,
+            items: {
+              type: 'object',
+              properties: {
+                cname: { type: 'string', description: 'CNAME record name' },
+                cname_target: { type: 'string', description: 'CNAME record target' },
+                emails: {
+                  type: 'array',
+                  description: 'Email addresses for validation',
+                  items: { type: 'string', description: 'Email address' },
+                },
+                http_body: { type: 'string', description: 'HTTP validation body content' },
+                http_url: { type: 'string', description: 'HTTP validation URL' },
+                status: { type: 'string', description: 'Delegation record status' },
+                txt_name: { type: 'string', description: 'TXT record name' },
+                txt_value: { type: 'string', description: 'TXT record value' },
+              },
+            },
+          },
+        },
+      },
+    },
+    total_count: {
+      type: 'number',
+      description: 'Total number of certificate packs',
+    },
+  },
+}

apps/sim/tools/cloudflare/list_dns_records.ts

@@ -0,0 +1,236 @@
+import type {
+  CloudflareListDnsRecordsParams,
+  CloudflareListDnsRecordsResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const listDnsRecordsTool: ToolConfig<
+  CloudflareListDnsRecordsParams,
+  CloudflareListDnsRecordsResponse
+> = {
+  id: 'cloudflare_list_dns_records',
+  name: 'Cloudflare List DNS Records',
+  description: 'Lists DNS records for a specific zone.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to list DNS records for',
+    },
+    type: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by record type (e.g., "A", "AAAA", "CNAME", "MX", "TXT")',
+    },
+    name: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by record name (exact match)',
+    },
+    content: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by record content (exact match)',
+    },
+    page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Page number for pagination (default: 1)',
+    },
+    per_page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Number of records per page (default: 100, max: 5000000)',
+    },
+    direction: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Sort direction (asc or desc)',
+    },
+    match: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Match logic for filters: any or all (default: all)',
+    },
+    order: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Sort field (type, name, content, ttl, proxied)',
+    },
+    proxied: {
+      type: 'boolean',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by proxy status',
+    },
+    search: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Free-text search across record name, content, and value',
+    },
+    tag: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by tags (comma-separated)',
+    },
+    tag_match: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Tag filter match logic: any or all',
+    },
+    commentFilter: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter records by comment content (substring match)',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const url = new URL(`https://api.cloudflare.com/client/v4/zones/${params.zoneId}/dns_records`)
+      if (params.type) url.searchParams.append('type', params.type)
+      if (params.name) url.searchParams.append('name', params.name)
+      if (params.content) url.searchParams.append('content', params.content)
+      if (params.page) url.searchParams.append('page', String(params.page))
+      if (params.per_page) url.searchParams.append('per_page', String(params.per_page))
+      if (params.direction) url.searchParams.append('direction', params.direction)
+      if (params.match) url.searchParams.append('match', params.match)
+      if (params.order) url.searchParams.append('order', params.order)
+      if (params.proxied !== undefined) url.searchParams.append('proxied', String(params.proxied))
+      if (params.search) url.searchParams.append('search', params.search)
+      if (params.tag) url.searchParams.append('tag', params.tag)
+      if (params.tag_match) url.searchParams.append('tag_match', params.tag_match)
+      if (params.commentFilter) url.searchParams.append('comment.contains', params.commentFilter)
+      return url.toString()
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { records: [], total_count: 0 },
+        error: data.errors?.[0]?.message ?? 'Failed to list DNS records',
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        records:
+          data.result?.map((record: any) => ({
+            id: record.id ?? '',
+            zone_id: record.zone_id ?? '',
+            zone_name: record.zone_name ?? '',
+            type: record.type ?? '',
+            name: record.name ?? '',
+            content: record.content ?? '',
+            proxiable: record.proxiable ?? false,
+            proxied: record.proxied ?? false,
+            ttl: record.ttl ?? 0,
+            locked: record.locked ?? false,
+            priority: record.priority ?? null,
+            comment: record.comment ?? null,
+            tags: record.tags ?? [],
+            comment_modified_on: record.comment_modified_on ?? null,
+            tags_modified_on: record.tags_modified_on ?? null,
+            meta: record.meta ?? null,
+            created_on: record.created_on ?? '',
+            modified_on: record.modified_on ?? '',
+          })) ?? [],
+        total_count: data.result_info?.total_count ?? data.result?.length ?? 0,
+      },
+    }
+  },
+
+  outputs: {
+    records: {
+      type: 'array',
+      description: 'List of DNS records',
+      items: {
+        type: 'object',
+        properties: {
+          id: { type: 'string', description: 'Unique identifier for the DNS record' },
+          zone_id: { type: 'string', description: 'The ID of the zone the record belongs to' },
+          zone_name: { type: 'string', description: 'The name of the zone' },
+          type: { type: 'string', description: 'Record type (A, AAAA, CNAME, MX, TXT, etc.)' },
+          name: { type: 'string', description: 'Record name (e.g., example.com)' },
+          content: { type: 'string', description: 'Record content (e.g., IP address)' },
+          proxiable: { type: 'boolean', description: 'Whether the record can be proxied' },
+          proxied: { type: 'boolean', description: 'Whether Cloudflare proxy is enabled' },
+          ttl: { type: 'number', description: 'TTL in seconds (1 = automatic)' },
+          locked: { type: 'boolean', description: 'Whether the record is locked' },
+          priority: { type: 'number', description: 'MX/SRV record priority', optional: true },
+          comment: {
+            type: 'string',
+            description: 'Comment associated with the record',
+            optional: true,
+          },
+          tags: {
+            type: 'array',
+            description: 'Tags associated with the record',
+            items: { type: 'string', description: 'Tag value' },
+          },
+          comment_modified_on: {
+            type: 'string',
+            description: 'ISO 8601 timestamp when the comment was last modified',
+            optional: true,
+          },
+          tags_modified_on: {
+            type: 'string',
+            description: 'ISO 8601 timestamp when tags were last modified',
+            optional: true,
+          },
+          meta: {
+            type: 'object',
+            description: 'Record metadata',
+            optional: true,
+            properties: {
+              source: { type: 'string', description: 'Source of the DNS record' },
+            },
+          },
+          created_on: {
+            type: 'string',
+            description: 'ISO 8601 timestamp when the record was created',
+          },
+          modified_on: {
+            type: 'string',
+            description: 'ISO 8601 timestamp when the record was last modified',
+          },
+        },
+      },
+    },
+    total_count: {
+      type: 'number',
+      description: 'Total number of DNS records matching the query',
+    },
+  },
+}

apps/sim/tools/cloudflare/list_zones.ts

@@ -0,0 +1,259 @@
+import type {
+  CloudflareListZonesParams,
+  CloudflareListZonesResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const listZonesTool: ToolConfig<CloudflareListZonesParams, CloudflareListZonesResponse> = {
+  id: 'cloudflare_list_zones',
+  name: 'Cloudflare List Zones',
+  description: 'Lists all zones (domains) in the Cloudflare account.',
+  version: '1.0.0',
+
+  params: {
+    name: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter zones by domain name (e.g., "example.com")',
+    },
+    status: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter by zone status: "initializing", "pending", "active", or "moved"',
+    },
+    page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Page number for pagination (default: 1)',
+    },
+    per_page: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Number of zones per page (default: 20, max: 50)',
+    },
+    accountId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Filter zones by account ID',
+    },
+    order: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Sort field (name, status, account.id, account.name)',
+    },
+    direction: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Sort direction (asc, desc)',
+    },
+    match: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Match logic for filters (any, all). Default: all',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const url = new URL('https://api.cloudflare.com/client/v4/zones')
+      if (params.name) url.searchParams.append('name', params.name)
+      if (params.status) url.searchParams.append('status', params.status)
+      if (params.page) url.searchParams.append('page', String(params.page))
+      if (params.per_page) url.searchParams.append('per_page', String(params.per_page))
+      if (params.accountId) url.searchParams.append('account.id', params.accountId)
+      if (params.order) url.searchParams.append('order', params.order)
+      if (params.direction) url.searchParams.append('direction', params.direction)
+      if (params.match) url.searchParams.append('match', params.match)
+      return url.toString()
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { zones: [], total_count: 0 },
+        error: data.errors?.[0]?.message ?? 'Failed to list zones',
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        zones:
+          data.result?.map((zone: any) => ({
+            id: zone.id ?? '',
+            name: zone.name ?? '',
+            status: zone.status ?? '',
+            paused: zone.paused ?? false,
+            type: zone.type ?? '',
+            name_servers: zone.name_servers ?? [],
+            original_name_servers: zone.original_name_servers ?? [],
+            created_on: zone.created_on ?? '',
+            modified_on: zone.modified_on ?? '',
+            activated_on: zone.activated_on ?? '',
+            development_mode: zone.development_mode ?? 0,
+            plan: {
+              id: zone.plan?.id ?? '',
+              name: zone.plan?.name ?? '',
+              price: zone.plan?.price ?? 0,
+              is_subscribed: zone.plan?.is_subscribed ?? false,
+              frequency: zone.plan?.frequency ?? '',
+              currency: zone.plan?.currency ?? '',
+              legacy_id: zone.plan?.legacy_id ?? '',
+            },
+            account: {
+              id: zone.account?.id ?? '',
+              name: zone.account?.name ?? '',
+            },
+            owner: {
+              id: zone.owner?.id ?? '',
+              name: zone.owner?.name ?? '',
+              type: zone.owner?.type ?? '',
+            },
+            meta: {
+              cdn_only: zone.meta?.cdn_only ?? false,
+              custom_certificate_quota: zone.meta?.custom_certificate_quota ?? 0,
+              dns_only: zone.meta?.dns_only ?? false,
+              foundation_dns: zone.meta?.foundation_dns ?? false,
+              page_rule_quota: zone.meta?.page_rule_quota ?? 0,
+              phishing_detected: zone.meta?.phishing_detected ?? false,
+              step: zone.meta?.step ?? 0,
+            },
+            vanity_name_servers: zone.vanity_name_servers ?? [],
+            permissions: zone.permissions ?? [],
+          })) ?? [],
+        total_count: data.result_info?.total_count ?? data.result?.length ?? 0,
+      },
+    }
+  },
+
+  outputs: {
+    zones: {
+      type: 'array',
+      description: 'List of zones/domains',
+      items: {
+        type: 'object',
+        properties: {
+          id: { type: 'string', description: 'Zone ID' },
+          name: { type: 'string', description: 'Domain name' },
+          status: {
+            type: 'string',
+            description: 'Zone status (initializing, pending, active, moved)',
+          },
+          paused: { type: 'boolean', description: 'Whether the zone is paused' },
+          type: { type: 'string', description: 'Zone type (full, partial, or secondary)' },
+          name_servers: {
+            type: 'array',
+            description: 'Assigned Cloudflare name servers',
+            items: { type: 'string', description: 'Name server hostname' },
+          },
+          original_name_servers: {
+            type: 'array',
+            description: 'Original name servers before moving to Cloudflare',
+            items: { type: 'string', description: 'Name server hostname' },
+            optional: true,
+          },
+          created_on: { type: 'string', description: 'ISO 8601 date when the zone was created' },
+          modified_on: {
+            type: 'string',
+            description: 'ISO 8601 date when the zone was last modified',
+          },
+          activated_on: {
+            type: 'string',
+            description: 'ISO 8601 date when the zone was activated',
+            optional: true,
+          },
+          development_mode: {
+            type: 'number',
+            description: 'Seconds remaining in development mode (0 = off)',
+          },
+          plan: {
+            type: 'object',
+            description: 'Zone plan information',
+            properties: {
+              id: { type: 'string', description: 'Plan identifier' },
+              name: { type: 'string', description: 'Plan name' },
+              price: { type: 'number', description: 'Plan price' },
+              is_subscribed: {
+                type: 'boolean',
+                description: 'Whether the zone is subscribed to the plan',
+              },
+              frequency: { type: 'string', description: 'Plan billing frequency' },
+              currency: { type: 'string', description: 'Plan currency' },
+              legacy_id: { type: 'string', description: 'Legacy plan identifier' },
+            },
+          },
+          account: {
+            type: 'object',
+            description: 'Account the zone belongs to',
+            properties: {
+              id: { type: 'string', description: 'Account identifier' },
+              name: { type: 'string', description: 'Account name' },
+            },
+          },
+          owner: {
+            type: 'object',
+            description: 'Zone owner information',
+            properties: {
+              id: { type: 'string', description: 'Owner identifier' },
+              name: { type: 'string', description: 'Owner name' },
+              type: { type: 'string', description: 'Owner type' },
+            },
+          },
+          meta: {
+            type: 'object',
+            description: 'Zone metadata',
+            properties: {
+              cdn_only: { type: 'boolean', description: 'Whether the zone is CDN only' },
+              custom_certificate_quota: { type: 'number', description: 'Custom certificate quota' },
+              dns_only: { type: 'boolean', description: 'Whether the zone is DNS only' },
+              foundation_dns: { type: 'boolean', description: 'Whether foundation DNS is enabled' },
+              page_rule_quota: { type: 'number', description: 'Page rule quota' },
+              phishing_detected: { type: 'boolean', description: 'Whether phishing was detected' },
+              step: { type: 'number', description: 'Current setup step' },
+            },
+            optional: true,
+          },
+          vanity_name_servers: {
+            type: 'array',
+            description: 'Custom vanity name servers',
+            items: { type: 'string', description: 'Vanity name server hostname' },
+            optional: true,
+          },
+          permissions: {
+            type: 'array',
+            description: 'User permissions for the zone',
+            items: { type: 'string', description: 'Permission string' },
+            optional: true,
+          },
+        },
+      },
+    },
+    total_count: {
+      type: 'number',
+      description: 'Total number of zones matching the query',
+    },
+  },
+}

apps/sim/tools/cloudflare/purge_cache.ts

@@ -0,0 +1,135 @@
+import type {
+  CloudflarePurgeCacheParams,
+  CloudflarePurgeCacheResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const purgeCacheTool: ToolConfig<CloudflarePurgeCacheParams, CloudflarePurgeCacheResponse> =
+  {
+    id: 'cloudflare_purge_cache',
+    name: 'Cloudflare Purge Cache',
+    description:
+      'Purges cached content for a zone. Can purge everything or specific files/tags/hosts/prefixes.',
+    version: '1.0.0',
+
+    params: {
+      zoneId: {
+        type: 'string',
+        required: true,
+        visibility: 'user-or-llm',
+        description: 'The zone ID to purge cache for',
+      },
+      purge_everything: {
+        type: 'boolean',
+        required: false,
+        visibility: 'user-or-llm',
+        description:
+          'Set to true to purge all cached content. Mutually exclusive with files, tags, hosts, and prefixes',
+      },
+      files: {
+        type: 'string',
+        required: false,
+        visibility: 'user-or-llm',
+        description: 'Comma-separated list of URLs to purge from cache',
+      },
+      tags: {
+        type: 'string',
+        required: false,
+        visibility: 'user-or-llm',
+        description: 'Comma-separated list of cache tags to purge (Enterprise only)',
+      },
+      hosts: {
+        type: 'string',
+        required: false,
+        visibility: 'user-or-llm',
+        description: 'Comma-separated list of hostnames to purge (Enterprise only)',
+      },
+      prefixes: {
+        type: 'string',
+        required: false,
+        visibility: 'user-or-llm',
+        description: 'Comma-separated list of URL prefixes to purge (Enterprise only)',
+      },
+      apiKey: {
+        type: 'string',
+        required: true,
+        visibility: 'user-only',
+        description: 'Cloudflare API Token',
+      },
+    },
+
+    request: {
+      url: (params) => `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/purge_cache`,
+      method: 'POST',
+      headers: (params) => ({
+        Authorization: `Bearer ${params.apiKey}`,
+        'Content-Type': 'application/json',
+      }),
+      body: (params) => {
+        if (params.purge_everything) {
+          return { purge_everything: true }
+        }
+
+        const body: Record<string, string[]> = {}
+        if (params.files) {
+          const fileList = String(params.files)
+            .split(',')
+            .map((f) => f.trim())
+            .filter(Boolean)
+          if (fileList.length > 0) body.files = fileList
+        }
+        if (params.tags) {
+          const tagList = String(params.tags)
+            .split(',')
+            .map((t) => t.trim())
+            .filter(Boolean)
+          if (tagList.length > 0) body.tags = tagList
+        }
+        if (params.hosts) {
+          const hostList = String(params.hosts)
+            .split(',')
+            .map((h) => h.trim())
+            .filter(Boolean)
+          if (hostList.length > 0) body.hosts = hostList
+        }
+        if (params.prefixes) {
+          const prefixList = String(params.prefixes)
+            .split(',')
+            .map((p) => p.trim())
+            .filter(Boolean)
+          if (prefixList.length > 0) body.prefixes = prefixList
+        }
+
+        if (Object.keys(body).length === 0) {
+          throw new Error(
+            'No purge targets specified. Provide at least one of: files, tags, hosts, or prefixes, or set purge_everything to true.'
+          )
+        }
+
+        return body
+      },
+    },
+
+    transformResponse: async (response: Response) => {
+      const data = await response.json()
+
+      if (!data.success) {
+        return {
+          success: false,
+          output: { id: '' },
+          error: data.errors?.[0]?.message ?? 'Failed to purge cache',
+        }
+      }
+
+      return {
+        success: true,
+        output: {
+          id: data.result?.id ?? '',
+        },
+      }
+    },
+
+    outputs: {
+      id: { type: 'string', description: 'Purge request identifier returned by Cloudflare' },
+    },
+  }

apps/sim/tools/cloudflare/types.ts

@@ -0,0 +1,455 @@
+import type { ToolResponse } from '@/tools/types'
+
+export interface CloudflareBaseParams {
+  apiKey: string
+}
+
+export interface CloudflareListZonesParams extends CloudflareBaseParams {
+  name?: string
+  status?: string
+  page?: number
+  per_page?: number
+  accountId?: string
+  order?: string
+  direction?: string
+  match?: string
+}
+
+export interface CloudflareZonePlan {
+  id: string
+  name: string
+  price: number
+  is_subscribed: boolean
+  frequency: string
+  currency: string
+  legacy_id: string
+}
+
+export interface CloudflareZoneMeta {
+  cdn_only: boolean
+  custom_certificate_quota: number
+  dns_only: boolean
+  foundation_dns: boolean
+  page_rule_quota: number
+  phishing_detected: boolean
+  step: number
+}
+
+export interface CloudflareZone {
+  id: string
+  name: string
+  status: string
+  paused: boolean
+  type: string
+  name_servers: string[]
+  original_name_servers?: string[]
+  created_on: string
+  modified_on: string
+  activated_on?: string
+  development_mode?: number
+  plan?: CloudflareZonePlan
+  account?: {
+    id: string
+    name: string
+  }
+  owner?: {
+    id: string
+    name: string
+    type: string
+  }
+  meta?: CloudflareZoneMeta
+  vanity_name_servers?: string[]
+  permissions?: string[]
+}
+
+export interface CloudflareListZonesResponse extends ToolResponse {
+  output: {
+    zones: CloudflareZone[]
+    total_count: number
+  }
+}
+
+export interface CloudflareGetZoneParams extends CloudflareBaseParams {
+  zoneId: string
+}
+
+export interface CloudflareGetZoneResponse extends ToolResponse {
+  output: {
+    id: string
+    name: string
+    status: string
+    paused: boolean
+    type: string
+    name_servers: string[]
+    original_name_servers: string[]
+    created_on: string
+    modified_on: string
+    activated_on: string
+    development_mode: number
+    plan: CloudflareZonePlan
+    account: {
+      id: string
+      name: string
+    }
+    owner: {
+      id: string
+      name: string
+      type: string
+    }
+    meta: CloudflareZoneMeta
+    vanity_name_servers: string[]
+    permissions: string[]
+  }
+}
+
+export interface CloudflareCreateZoneParams extends CloudflareBaseParams {
+  name: string
+  accountId: string
+  type?: string
+  jump_start?: boolean
+}
+
+export interface CloudflareCreateZoneResponse extends ToolResponse {
+  output: {
+    id: string
+    name: string
+    status: string
+    paused: boolean
+    type: string
+    name_servers: string[]
+    original_name_servers: string[]
+    created_on: string
+    modified_on: string
+    activated_on: string
+    development_mode: number
+    plan: CloudflareZonePlan
+    account: {
+      id: string
+      name: string
+    }
+    owner: {
+      id: string
+      name: string
+      type: string
+    }
+    meta: CloudflareZoneMeta
+    vanity_name_servers: string[]
+    permissions: string[]
+  }
+}
+
+export interface CloudflareDeleteZoneParams extends CloudflareBaseParams {
+  zoneId: string
+}
+
+export interface CloudflareDeleteZoneResponse extends ToolResponse {
+  output: {
+    id: string
+  }
+}
+
+export interface CloudflareListDnsRecordsParams extends CloudflareBaseParams {
+  zoneId: string
+  type?: string
+  name?: string
+  content?: string
+  page?: number
+  per_page?: number
+  direction?: string
+  match?: string
+  order?: string
+  proxied?: boolean
+  search?: string
+  tag?: string
+  tag_match?: string
+  commentFilter?: string
+}
+
+export interface CloudflareDnsRecordMeta {
+  source: string
+}
+
+export interface CloudflareDnsRecord {
+  id: string
+  zone_id: string
+  zone_name: string
+  type: string
+  name: string
+  content: string
+  proxiable: boolean
+  proxied: boolean
+  ttl: number
+  locked: boolean
+  priority?: number
+  comment?: string | null
+  tags: string[]
+  comment_modified_on?: string | null
+  tags_modified_on?: string | null
+  meta?: CloudflareDnsRecordMeta | null
+  created_on: string
+  modified_on: string
+}
+
+export interface CloudflareListDnsRecordsResponse extends ToolResponse {
+  output: {
+    records: CloudflareDnsRecord[]
+    total_count: number
+  }
+}
+
+export interface CloudflareCreateDnsRecordParams extends CloudflareBaseParams {
+  zoneId: string
+  type: string
+  name: string
+  content: string
+  ttl?: number
+  proxied?: boolean
+  priority?: number
+  comment?: string
+  tags?: string
+}
+
+export interface CloudflareCreateDnsRecordResponse extends ToolResponse {
+  output: {
+    id: string
+    zone_id: string
+    zone_name: string
+    type: string
+    name: string
+    content: string
+    proxiable: boolean
+    proxied: boolean
+    ttl: number
+    locked: boolean
+    priority?: number
+    comment?: string | null
+    tags: string[]
+    comment_modified_on?: string | null
+    tags_modified_on?: string | null
+    meta?: CloudflareDnsRecordMeta | null
+    created_on: string
+    modified_on: string
+  }
+}
+
+export interface CloudflareUpdateDnsRecordParams extends CloudflareBaseParams {
+  zoneId: string
+  recordId: string
+  type?: string
+  name?: string
+  content?: string
+  ttl?: number
+  proxied?: boolean
+  priority?: number
+  comment?: string
+  tags?: string
+}
+
+export interface CloudflareUpdateDnsRecordResponse extends ToolResponse {
+  output: {
+    id: string
+    zone_id: string
+    zone_name: string
+    type: string
+    name: string
+    content: string
+    proxiable: boolean
+    proxied: boolean
+    ttl: number
+    locked: boolean
+    priority?: number
+    comment?: string | null
+    tags: string[]
+    comment_modified_on?: string | null
+    tags_modified_on?: string | null
+    meta?: CloudflareDnsRecordMeta | null
+    created_on: string
+    modified_on: string
+  }
+}
+
+export interface CloudflareDeleteDnsRecordParams extends CloudflareBaseParams {
+  zoneId: string
+  recordId: string
+}
+
+export interface CloudflareDeleteDnsRecordResponse extends ToolResponse {
+  output: {
+    id: string
+  }
+}
+
+export interface CloudflareListCertificatesParams extends CloudflareBaseParams {
+  zoneId: string
+  status?: string
+  page?: number
+  per_page?: number
+  deploy?: string
+}
+
+export interface CloudflareCertificateGeoRestrictions {
+  label: string
+}
+
+export interface CloudflareCertificate {
+  id: string
+  hosts: string[]
+  issuer: string
+  signature: string
+  status: string
+  bundle_method: string
+  zone_id: string
+  uploaded_on: string
+  modified_on: string
+  expires_on: string
+  priority?: number
+  geo_restrictions?: CloudflareCertificateGeoRestrictions
+}
+
+export interface CloudflareCertificateValidationError {
+  message: string
+}
+
+export interface CloudflareDcvDelegationRecord {
+  cname: string
+  cname_target: string
+  emails: string[]
+  http_body: string
+  http_url: string
+  status: string
+  txt_name: string
+  txt_value: string
+}
+
+export interface CloudflareCertificatePack {
+  id: string
+  type: string
+  hosts: string[]
+  primary_certificate: string
+  status: string
+  certificates: CloudflareCertificate[]
+  cloudflare_branding?: boolean
+  validation_method?: string
+  validity_days?: number
+  certificate_authority?: string
+  validation_errors?: CloudflareCertificateValidationError[]
+  validation_records?: CloudflareDcvDelegationRecord[]
+  dcv_delegation_records?: CloudflareDcvDelegationRecord[]
+}
+
+export interface CloudflareListCertificatesResponse extends ToolResponse {
+  output: {
+    certificates: CloudflareCertificatePack[]
+    total_count: number
+  }
+}
+
+export interface CloudflarePurgeCacheParams extends CloudflareBaseParams {
+  zoneId: string
+  purge_everything?: boolean
+  files?: string
+  tags?: string
+  hosts?: string
+  prefixes?: string
+}
+
+export interface CloudflarePurgeCacheResponse extends ToolResponse {
+  output: {
+    id: string
+  }
+}
+
+export interface CloudflareDnsAnalyticsParams extends CloudflareBaseParams {
+  zoneId: string
+  since?: string
+  until?: string
+  metrics: string
+  dimensions?: string
+  filters?: string
+  sort?: string
+  limit?: number
+}
+
+export interface CloudflareDnsAnalyticsTotals {
+  queryCount: number
+  uncachedCount: number
+  staleCount: number
+  responseTimeAvg?: number
+  responseTimeMedian?: number
+  responseTime90th?: number
+  responseTime99th?: number
+}
+
+export interface CloudflareDnsAnalyticsQuery {
+  since: string
+  until: string
+  metrics: string[]
+  dimensions: string[]
+  filters: string
+  sort: string[]
+  limit: number
+}
+
+export interface CloudflareDnsAnalyticsResponse extends ToolResponse {
+  output: {
+    totals: CloudflareDnsAnalyticsTotals
+    min: CloudflareDnsAnalyticsTotals
+    max: CloudflareDnsAnalyticsTotals
+    data: Array<{
+      dimensions: string[]
+      metrics: number[]
+    }>
+    data_lag: number
+    rows: number
+    query: CloudflareDnsAnalyticsQuery
+  }
+}
+
+export interface CloudflareGetZoneSettingsParams extends CloudflareBaseParams {
+  zoneId: string
+}
+
+export interface CloudflareZoneSetting {
+  id: string
+  value: string
+  editable: boolean
+  modified_on: string
+  time_remaining?: number
+}
+
+export interface CloudflareGetZoneSettingsResponse extends ToolResponse {
+  output: {
+    settings: CloudflareZoneSetting[]
+  }
+}
+
+export interface CloudflareUpdateZoneSettingParams extends CloudflareBaseParams {
+  zoneId: string
+  settingId: string
+  value: string
+}
+
+export interface CloudflareUpdateZoneSettingResponse extends ToolResponse {
+  output: {
+    id: string
+    value: string
+    editable: boolean
+    modified_on: string
+    time_remaining?: number
+  }
+}
+
+export type CloudflareResponse =
+  | CloudflareListZonesResponse
+  | CloudflareGetZoneResponse
+  | CloudflareCreateZoneResponse
+  | CloudflareDeleteZoneResponse
+  | CloudflareListDnsRecordsResponse
+  | CloudflareCreateDnsRecordResponse
+  | CloudflareUpdateDnsRecordResponse
+  | CloudflareDeleteDnsRecordResponse
+  | CloudflareListCertificatesResponse
+  | CloudflarePurgeCacheResponse
+  | CloudflareDnsAnalyticsResponse
+  | CloudflareGetZoneSettingsResponse
+  | CloudflareUpdateZoneSettingResponse

apps/sim/tools/cloudflare/update_dns_record.ts

@@ -0,0 +1,217 @@
+import type {
+  CloudflareUpdateDnsRecordParams,
+  CloudflareUpdateDnsRecordResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const updateDnsRecordTool: ToolConfig<
+  CloudflareUpdateDnsRecordParams,
+  CloudflareUpdateDnsRecordResponse
+> = {
+  id: 'cloudflare_update_dns_record',
+  name: 'Cloudflare Update DNS Record',
+  description: 'Updates an existing DNS record for a zone.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID containing the DNS record',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The DNS record ID to update',
+    },
+    type: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'DNS record type (e.g., "A", "AAAA", "CNAME", "MX", "TXT")',
+    },
+    name: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'DNS record name',
+    },
+    content: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'DNS record content (e.g., IP address)',
+    },
+    ttl: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Time to live in seconds (1 = automatic)',
+    },
+    proxied: {
+      type: 'boolean',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Whether to enable Cloudflare proxy',
+    },
+    priority: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Priority for MX and SRV records',
+    },
+    comment: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comment for the DNS record',
+    },
+    tags: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comma-separated tags for the DNS record',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) =>
+      `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/dns_records/${params.recordId}`,
+    method: 'PATCH',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+    body: (params) => {
+      const body: Record<string, any> = {}
+      if (params.type !== undefined) body.type = params.type
+      if (params.name !== undefined) body.name = params.name
+      if (params.content !== undefined) body.content = params.content
+      if (params.ttl !== undefined) body.ttl = Number(params.ttl)
+      if (params.proxied !== undefined) body.proxied = params.proxied
+      if (params.priority !== undefined) body.priority = Number(params.priority)
+      if (params.comment !== undefined) body.comment = params.comment
+      if (params.tags) {
+        const tagList = String(params.tags)
+          .split(',')
+          .map((t) => t.trim())
+          .filter(Boolean)
+        if (tagList.length > 0) body.tags = tagList
+      }
+      return body
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: {
+          id: '',
+          zone_id: '',
+          zone_name: '',
+          type: '',
+          name: '',
+          content: '',
+          proxiable: false,
+          proxied: false,
+          ttl: 0,
+          locked: false,
+          priority: undefined,
+          comment: null,
+          tags: [],
+          comment_modified_on: null,
+          tags_modified_on: null,
+          meta: null,
+          created_on: '',
+          modified_on: '',
+        },
+        error: data.errors?.[0]?.message ?? 'Failed to update DNS record',
+      }
+    }
+
+    const record = data.result
+    return {
+      success: true,
+      output: {
+        id: record?.id ?? '',
+        zone_id: record?.zone_id ?? '',
+        zone_name: record?.zone_name ?? '',
+        type: record?.type ?? '',
+        name: record?.name ?? '',
+        content: record?.content ?? '',
+        proxiable: record?.proxiable ?? false,
+        proxied: record?.proxied ?? false,
+        ttl: record?.ttl ?? 0,
+        locked: record?.locked ?? false,
+        priority: record?.priority ?? null,
+        comment: record?.comment ?? null,
+        tags: record?.tags ?? [],
+        comment_modified_on: record?.comment_modified_on ?? null,
+        tags_modified_on: record?.tags_modified_on ?? null,
+        meta: record?.meta ?? null,
+        created_on: record?.created_on ?? '',
+        modified_on: record?.modified_on ?? '',
+      },
+    }
+  },
+
+  outputs: {
+    id: { type: 'string', description: 'Unique identifier for the updated DNS record' },
+    zone_id: { type: 'string', description: 'The ID of the zone the record belongs to' },
+    zone_name: { type: 'string', description: 'The name of the zone' },
+    type: { type: 'string', description: 'DNS record type (A, AAAA, CNAME, MX, TXT, etc.)' },
+    name: { type: 'string', description: 'DNS record hostname' },
+    content: {
+      type: 'string',
+      description: 'DNS record value (e.g., IP address, target hostname)',
+    },
+    proxiable: {
+      type: 'boolean',
+      description: 'Whether the record can be proxied through Cloudflare',
+    },
+    proxied: { type: 'boolean', description: 'Whether Cloudflare proxy is enabled' },
+    ttl: { type: 'number', description: 'Time to live in seconds (1 = automatic)' },
+    locked: { type: 'boolean', description: 'Whether the record is locked' },
+    priority: { type: 'number', description: 'Priority for MX and SRV records', optional: true },
+    comment: { type: 'string', description: 'Comment associated with the record', optional: true },
+    tags: {
+      type: 'array',
+      description: 'Tags associated with the record',
+      items: { type: 'string', description: 'Tag value' },
+    },
+    comment_modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when the comment was last modified',
+      optional: true,
+    },
+    tags_modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when tags were last modified',
+      optional: true,
+    },
+    meta: {
+      type: 'object',
+      description: 'Record metadata',
+      optional: true,
+      properties: {
+        source: { type: 'string', description: 'Source of the DNS record' },
+      },
+    },
+    created_on: { type: 'string', description: 'ISO 8601 timestamp when the record was created' },
+    modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when the record was last modified',
+    },
+  },
+}

apps/sim/tools/cloudflare/update_zone_setting.ts

@@ -0,0 +1,117 @@
+import type {
+  CloudflareUpdateZoneSettingParams,
+  CloudflareUpdateZoneSettingResponse,
+} from '@/tools/cloudflare/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const updateZoneSettingTool: ToolConfig<
+  CloudflareUpdateZoneSettingParams,
+  CloudflareUpdateZoneSettingResponse
+> = {
+  id: 'cloudflare_update_zone_setting',
+  name: 'Cloudflare Update Zone Setting',
+  description:
+    'Updates a specific zone setting such as SSL mode, security level, cache level, minification, or other configuration.',
+  version: '1.0.0',
+
+  params: {
+    zoneId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The zone ID to update settings for',
+    },
+    settingId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Setting to update (e.g., "ssl", "security_level", "cache_level", "minify", "always_use_https", "browser_cache_ttl", "http3", "min_tls_version", "ciphers")',
+    },
+    value: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'New value for the setting as a string or JSON string for complex values (e.g., "full" for SSL, "medium" for security_level, "aggressive" for cache_level, \'{"css":"on","html":"on","js":"on"}\' for minify, \'["ECDHE-RSA-AES128-GCM-SHA256"]\' for ciphers)',
+    },
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Cloudflare API Token',
+    },
+  },
+
+  request: {
+    url: (params) =>
+      `https://api.cloudflare.com/client/v4/zones/${params.zoneId}/settings/${params.settingId}`,
+    method: 'PATCH',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+    body: (params) => {
+      try {
+        return { value: JSON.parse(params.value) }
+      } catch {
+        return { value: params.value }
+      }
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      return {
+        success: false,
+        output: { id: '', value: '', editable: false, modified_on: '' },
+        error: data.errors?.[0]?.message ?? 'Failed to update zone setting',
+      }
+    }
+
+    const setting = data.result
+    return {
+      success: true,
+      output: {
+        id: setting?.id ?? '',
+        value:
+          typeof setting?.value === 'object' && setting?.value !== null
+            ? JSON.stringify(setting.value)
+            : String(setting?.value ?? ''),
+        editable: setting?.editable ?? false,
+        modified_on: setting?.modified_on ?? '',
+        ...(setting?.time_remaining != null
+          ? { time_remaining: setting.time_remaining as number }
+          : {}),
+      },
+    }
+  },
+
+  outputs: {
+    id: {
+      type: 'string',
+      description: 'Setting identifier (e.g., ssl, minify, cache_level)',
+    },
+    value: {
+      type: 'string',
+      description:
+        'Updated setting value as a string. Simple values returned as-is (e.g., "full", "on"). Complex values are JSON-stringified.',
+    },
+    editable: {
+      type: 'boolean',
+      description: 'Whether the setting can be modified for the current zone plan',
+    },
+    modified_on: {
+      type: 'string',
+      description: 'ISO 8601 timestamp when the setting was last modified',
+    },
+    time_remaining: {
+      type: 'number',
+      description:
+        'Seconds remaining until the setting can be modified again (only present for rate-limited settings)',
+      optional: true,
+    },
+  },
+}

apps/sim/tools/microsoft_dataverse/associate.ts

@@ -0,0 +1,137 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseAssociateParams,
+  DataverseAssociateResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseAssociate')
+
+export const dataverseAssociateTool: ToolConfig<
+  DataverseAssociateParams,
+  DataverseAssociateResponse
+> = {
+  id: 'microsoft_dataverse_associate',
+  name: 'Associate Microsoft Dataverse Records',
+  description:
+    'Associate two records in Microsoft Dataverse via a navigation property. Creates a relationship between a source record and a target record. Supports both collection-valued (POST) and single-valued (PUT) navigation properties.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Source entity set name (e.g., accounts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Source record GUID',
+    },
+    navigationProperty: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Navigation property name (e.g., contact_customer_accounts for collection-valued, or parentcustomerid_account for single-valued)',
+    },
+    targetEntitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Target entity set name (e.g., contacts)',
+    },
+    targetRecordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Target record GUID to associate',
+    },
+    navigationType: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Type of navigation property: "collection" (default, uses POST) or "single" (uses PUT for lookup fields)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/${params.navigationProperty}/$ref`
+    },
+    method: (params) => (params.navigationType === 'single' ? 'PUT' : 'POST'),
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+    body: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return {
+        '@odata.id': `${baseUrl}/api/data/v9.2/${params.targetEntitySetName}(${params.targetRecordId})`,
+      }
+    },
+  },
+
+  transformResponse: async (response: Response, params?: DataverseAssociateParams) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse associate failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    return {
+      success: true,
+      output: {
+        success: true,
+        entitySetName: params?.entitySetName ?? '',
+        recordId: params?.recordId ?? '',
+        navigationProperty: params?.navigationProperty ?? '',
+        targetEntitySetName: params?.targetEntitySetName ?? '',
+        targetRecordId: params?.targetRecordId ?? '',
+      },
+    }
+  },
+
+  outputs: {
+    success: { type: 'boolean', description: 'Whether the association was created successfully' },
+    entitySetName: {
+      type: 'string',
+      description: 'Source entity set name used in the association',
+    },
+    recordId: { type: 'string', description: 'Source record GUID that was associated' },
+    navigationProperty: {
+      type: 'string',
+      description: 'Navigation property used for the association',
+    },
+    targetEntitySetName: {
+      type: 'string',
+      description: 'Target entity set name used in the association',
+    },
+    targetRecordId: { type: 'string', description: 'Target record GUID that was associated' },
+  },
+}

apps/sim/tools/microsoft_dataverse/create_multiple.ts

@@ -0,0 +1,126 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseCreateMultipleParams,
+  DataverseCreateMultipleResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseCreateMultiple')
+
+export const dataverseCreateMultipleTool: ToolConfig<
+  DataverseCreateMultipleParams,
+  DataverseCreateMultipleResponse
+> = {
+  id: 'microsoft_dataverse_create_multiple',
+  name: 'Create Multiple Microsoft Dataverse Records',
+  description:
+    'Create multiple records of the same table type in a single request. Each record in the Targets array must include an @odata.type annotation. Recommended batch size: 100-1000 records for standard tables.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    entityLogicalName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Table logical name for @odata.type annotation (e.g., account, contact). Used to set Microsoft.Dynamics.CRM.{entityLogicalName} on each record.',
+    },
+    records: {
+      type: 'object',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Array of record objects to create. Each record should contain column logical names as keys. The @odata.type annotation is added automatically.',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}/Microsoft.Dynamics.CRM.CreateMultiple`
+    },
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+    body: (params) => {
+      let records = params.records
+      if (typeof records === 'string') {
+        try {
+          records = JSON.parse(records)
+        } catch {
+          throw new Error('Invalid JSON format for records array')
+        }
+      }
+      if (!Array.isArray(records)) {
+        throw new Error('Records must be an array of objects')
+      }
+      const targets = records.map((record: Record<string, unknown>) => ({
+        ...record,
+        '@odata.type': `Microsoft.Dynamics.CRM.${params.entityLogicalName}`,
+      }))
+      return { Targets: targets }
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse create multiple failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json().catch(() => null)
+    const ids = data?.Ids ?? []
+
+    return {
+      success: true,
+      output: {
+        ids,
+        count: ids.length,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    ids: {
+      type: 'array',
+      description: 'Array of GUIDs for the created records',
+      items: {
+        type: 'string',
+        description: 'GUID of a created record',
+      },
+    },
+    count: { type: 'number', description: 'Number of records created' },
+    success: { type: 'boolean', description: 'Whether all records were created successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/create_record.ts

@@ -0,0 +1,121 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseCreateRecordParams,
+  DataverseCreateRecordResponse,
+} from '@/tools/microsoft_dataverse/types'
+import { DATAVERSE_RECORD_OUTPUT } from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseCreateRecord')
+
+export const dataverseCreateRecordTool: ToolConfig<
+  DataverseCreateRecordParams,
+  DataverseCreateRecordResponse
+> = {
+  id: 'microsoft_dataverse_create_record',
+  name: 'Create Microsoft Dataverse Record',
+  description:
+    'Create a new record in a Microsoft Dataverse table. Requires the entity set name (plural table name) and record data as a JSON object.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    data: {
+      type: 'object',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Record data as a JSON object with column names as keys',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}`
+    },
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      Prefer: 'return=representation',
+    }),
+    body: (params) => {
+      let data = params.data
+      if (typeof data === 'string') {
+        try {
+          data = JSON.parse(data)
+        } catch {
+          throw new Error('Invalid JSON format for record data')
+        }
+      }
+      return data
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse create record failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json().catch(() => null)
+
+    let recordId = ''
+    if (data) {
+      const idKey = Object.keys(data).find((k) => k.endsWith('id') && !k.startsWith('@'))
+      recordId = idKey ? String(data[idKey]) : ''
+    }
+
+    if (!recordId) {
+      const entityIdHeader = response.headers.get('OData-EntityId')
+      if (entityIdHeader) {
+        const match = entityIdHeader.match(/\(([^)]+)\)/)
+        if (match) {
+          recordId = match[1]
+        }
+      }
+    }
+
+    return {
+      success: true,
+      output: {
+        recordId,
+        record: data ?? {},
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    recordId: { type: 'string', description: 'The ID of the created record', optional: true },
+    record: { ...DATAVERSE_RECORD_OUTPUT, optional: true },
+    success: { type: 'boolean', description: 'Whether the record was created successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/delete_record.ts

@@ -0,0 +1,86 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseDeleteRecordParams,
+  DataverseDeleteRecordResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseDeleteRecord')
+
+export const dataverseDeleteRecordTool: ToolConfig<
+  DataverseDeleteRecordParams,
+  DataverseDeleteRecordResponse
+> = {
+  id: 'microsoft_dataverse_delete_record',
+  name: 'Delete Microsoft Dataverse Record',
+  description: 'Delete a record from a Microsoft Dataverse table by its ID.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The unique identifier (GUID) of the record to delete',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})`
+    },
+    method: 'DELETE',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response, params?: DataverseDeleteRecordParams) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse delete record failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    return {
+      success: true,
+      output: {
+        recordId: params?.recordId ?? '',
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    recordId: { type: 'string', description: 'The ID of the deleted record' },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/disassociate.ts

@@ -0,0 +1,123 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseDisassociateParams,
+  DataverseDisassociateResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseDisassociate')
+
+export const dataverseDisassociateTool: ToolConfig<
+  DataverseDisassociateParams,
+  DataverseDisassociateResponse
+> = {
+  id: 'microsoft_dataverse_disassociate',
+  name: 'Disassociate Microsoft Dataverse Records',
+  description:
+    'Remove an association between two records in Microsoft Dataverse. For collection-valued navigation properties, provide the target record ID. For single-valued navigation properties, only the navigation property name is needed.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Source entity set name (e.g., accounts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Source record GUID',
+    },
+    navigationProperty: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Navigation property name (e.g., contact_customer_accounts for collection-valued, or parentcustomerid_account for single-valued)',
+    },
+    targetRecordId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Target record GUID (required for collection-valued navigation properties, omit for single-valued)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      if (params.targetRecordId) {
+        return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/${params.navigationProperty}(${params.targetRecordId})/$ref`
+      }
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/${params.navigationProperty}/$ref`
+    },
+    method: 'DELETE',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response, params?: DataverseDisassociateParams) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse disassociate failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    return {
+      success: true,
+      output: {
+        success: true,
+        entitySetName: params?.entitySetName ?? '',
+        recordId: params?.recordId ?? '',
+        navigationProperty: params?.navigationProperty ?? '',
+        ...(params?.targetRecordId ? { targetRecordId: params.targetRecordId } : {}),
+      },
+    }
+  },
+
+  outputs: {
+    success: {
+      type: 'boolean',
+      description: 'Whether the disassociation was completed successfully',
+    },
+    entitySetName: {
+      type: 'string',
+      description: 'Source entity set name used in the disassociation',
+    },
+    recordId: { type: 'string', description: 'Source record GUID that was disassociated' },
+    navigationProperty: {
+      type: 'string',
+      description: 'Navigation property used for the disassociation',
+    },
+    targetRecordId: {
+      type: 'string',
+      description: 'Target record GUID that was disassociated',
+      optional: true,
+    },
+  },
+}

apps/sim/tools/microsoft_dataverse/download_file.ts

@@ -0,0 +1,105 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseDownloadFileParams,
+  DataverseDownloadFileResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseDownloadFile')
+
+export const dataverseDownloadFileTool: ToolConfig<
+  DataverseDownloadFileParams,
+  DataverseDownloadFileResponse
+> = {
+  id: 'microsoft_dataverse_download_file',
+  name: 'Download File from Microsoft Dataverse',
+  description:
+    'Download a file from a file or image column on a Dataverse record. Returns the file content as a base64-encoded string along with file metadata from response headers.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Record GUID to download the file from',
+    },
+    fileColumn: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'File or image column logical name (e.g., entityimage, cr_document)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/${params.fileColumn}/$value`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse download file failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const fileName = response.headers.get('x-ms-file-name') ?? ''
+    const fileSize = response.headers.get('x-ms-file-size') ?? ''
+    const mimeType = response.headers.get('mimetype') ?? response.headers.get('content-type') ?? ''
+
+    const buffer = await response.arrayBuffer()
+    const base64Content = Buffer.from(buffer).toString('base64')
+
+    return {
+      success: true,
+      output: {
+        fileContent: base64Content,
+        fileName,
+        fileSize: fileSize ? Number.parseInt(fileSize, 10) : buffer.byteLength,
+        mimeType,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    fileContent: { type: 'string', description: 'Base64-encoded file content' },
+    fileName: { type: 'string', description: 'Name of the downloaded file', optional: true },
+    fileSize: { type: 'number', description: 'File size in bytes' },
+    mimeType: { type: 'string', description: 'MIME type of the file', optional: true },
+    success: { type: 'boolean', description: 'Whether the file was downloaded successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/execute_action.ts

@@ -0,0 +1,129 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseExecuteActionParams,
+  DataverseExecuteActionResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseExecuteAction')
+
+export const dataverseExecuteActionTool: ToolConfig<
+  DataverseExecuteActionParams,
+  DataverseExecuteActionResponse
+> = {
+  id: 'microsoft_dataverse_execute_action',
+  name: 'Execute Microsoft Dataverse Action',
+  description:
+    'Execute a bound or unbound Dataverse action. Actions perform operations with side effects (e.g., Merge, GrantAccess, SendEmail, QualifyLead). For bound actions, provide the entity set name and record ID.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    actionName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Action name (e.g., Merge, GrantAccess, SendEmail). Do not include the Microsoft.Dynamics.CRM. namespace prefix for unbound actions.',
+    },
+    entitySetName: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Entity set name for bound actions (e.g., accounts). Leave empty for unbound actions.',
+    },
+    recordId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Record GUID for bound actions. Leave empty for unbound or collection-bound actions.',
+    },
+    parameters: {
+      type: 'object',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Action parameters as a JSON object. For entity references, include @odata.type annotation (e.g., {"Target": {"@odata.type": "Microsoft.Dynamics.CRM.account", "accountid": "..."}})',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      if (params.entitySetName) {
+        if (params.recordId) {
+          return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/Microsoft.Dynamics.CRM.${params.actionName}`
+        }
+        return `${baseUrl}/api/data/v9.2/${params.entitySetName}/Microsoft.Dynamics.CRM.${params.actionName}`
+      }
+      return `${baseUrl}/api/data/v9.2/${params.actionName}`
+    },
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+    body: (params) => {
+      if (!params.parameters) return {}
+      let data = params.parameters
+      if (typeof data === 'string') {
+        try {
+          data = JSON.parse(data)
+        } catch {
+          throw new Error('Invalid JSON format for action parameters')
+        }
+      }
+      return data
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse execute action failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = response.status === 204 ? null : await response.json().catch(() => null)
+
+    return {
+      success: true,
+      output: {
+        result: data,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    result: {
+      type: 'object',
+      description:
+        'Action response data. Structure varies by action. Null for actions that return 204 No Content.',
+      optional: true,
+    },
+    success: { type: 'boolean', description: 'Whether the action executed successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/execute_function.ts

@@ -0,0 +1,115 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseExecuteFunctionParams,
+  DataverseExecuteFunctionResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseExecuteFunction')
+
+export const dataverseExecuteFunctionTool: ToolConfig<
+  DataverseExecuteFunctionParams,
+  DataverseExecuteFunctionResponse
+> = {
+  id: 'microsoft_dataverse_execute_function',
+  name: 'Execute Microsoft Dataverse Function',
+  description:
+    'Execute a bound or unbound Dataverse function. Functions are read-only operations (e.g., RetrievePrincipalAccess, RetrieveTotalRecordCount, InitializeFrom). For bound functions, provide the entity set name and record ID.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    functionName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Function name (e.g., RetrievePrincipalAccess, RetrieveTotalRecordCount). Do not include the Microsoft.Dynamics.CRM. namespace prefix for unbound functions.',
+    },
+    entitySetName: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Entity set name for bound functions (e.g., systemusers). Leave empty for unbound functions.',
+    },
+    recordId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Record GUID for bound functions. Leave empty for unbound functions.',
+    },
+    parameters: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Function parameters as a comma-separated list of name=value pairs for the URL (e.g., "LocalizedStandardName=\'Pacific Standard Time\',LocaleId=1033"). Use @p1,@p2 aliases for complex values.',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      const paramStr = params.parameters ? `(${params.parameters})` : '()'
+      if (params.entitySetName) {
+        if (params.recordId) {
+          return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})/Microsoft.Dynamics.CRM.${params.functionName}${paramStr}`
+        }
+        return `${baseUrl}/api/data/v9.2/${params.entitySetName}/Microsoft.Dynamics.CRM.${params.functionName}${paramStr}`
+      }
+      return `${baseUrl}/api/data/v9.2/${params.functionName}${paramStr}`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse execute function failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json().catch(() => null)
+
+    return {
+      success: true,
+      output: {
+        result: data,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    result: {
+      type: 'object',
+      description: 'Function response data. Structure varies by function.',
+      optional: true,
+    },
+    success: { type: 'boolean', description: 'Whether the function executed successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/fetchxml_query.ts

@@ -0,0 +1,109 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseFetchXmlQueryParams,
+  DataverseFetchXmlQueryResponse,
+} from '@/tools/microsoft_dataverse/types'
+import { DATAVERSE_RECORDS_ARRAY_OUTPUT } from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseFetchXmlQuery')
+
+export const dataverseFetchXmlQueryTool: ToolConfig<
+  DataverseFetchXmlQueryParams,
+  DataverseFetchXmlQueryResponse
+> = {
+  id: 'microsoft_dataverse_fetchxml_query',
+  name: 'FetchXML Query Microsoft Dataverse',
+  description:
+    'Execute a FetchXML query against a Microsoft Dataverse table. FetchXML supports aggregation, grouping, linked-entity joins, and complex filtering beyond OData capabilities.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    fetchXml: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'FetchXML query string. Must include <fetch> root element and <entity> child element matching the table logical name.',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      const encodedFetchXml = encodeURIComponent(params.fetchXml)
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}?fetchXml=${encodedFetchXml}`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      Prefer: 'odata.include-annotations="*"',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse FetchXML query failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json()
+    const records = data.value ?? []
+    const fetchXmlPagingCookie = data['@Microsoft.Dynamics.CRM.fetchxmlpagingcookie'] ?? null
+    const moreRecords = data['@Microsoft.Dynamics.CRM.morerecords'] ?? false
+
+    return {
+      success: true,
+      output: {
+        records,
+        count: records.length,
+        fetchXmlPagingCookie,
+        moreRecords,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    records: DATAVERSE_RECORDS_ARRAY_OUTPUT,
+    count: { type: 'number', description: 'Number of records returned in the current page' },
+    fetchXmlPagingCookie: {
+      type: 'string',
+      description: 'Paging cookie for retrieving the next page of results',
+      optional: true,
+    },
+    moreRecords: {
+      type: 'boolean',
+      description: 'Whether more records are available beyond the current page',
+    },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/get_record.ts

@@ -0,0 +1,115 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseGetRecordParams,
+  DataverseGetRecordResponse,
+} from '@/tools/microsoft_dataverse/types'
+import { DATAVERSE_RECORD_OUTPUT } from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseGetRecord')
+
+export const dataverseGetRecordTool: ToolConfig<
+  DataverseGetRecordParams,
+  DataverseGetRecordResponse
+> = {
+  id: 'microsoft_dataverse_get_record',
+  name: 'Get Microsoft Dataverse Record',
+  description:
+    'Retrieve a single record from a Microsoft Dataverse table by its ID. Supports $select and $expand OData query options.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The unique identifier (GUID) of the record to retrieve',
+    },
+    select: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comma-separated list of columns to return (OData $select)',
+    },
+    expand: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Navigation properties to expand (OData $expand)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      const queryParts: string[] = []
+      if (params.select) queryParts.push(`$select=${params.select}`)
+      if (params.expand) queryParts.push(`$expand=${params.expand}`)
+      const query = queryParts.length > 0 ? `?${queryParts.join('&')}` : ''
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})${query}`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      Prefer: 'odata.include-annotations="*"',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse get record failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json()
+    const idKey = Object.keys(data).find((k) => k.endsWith('id') && !k.startsWith('@'))
+    const recordId = idKey ? String(data[idKey]) : ''
+
+    return {
+      success: true,
+      output: {
+        record: data,
+        recordId,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    record: DATAVERSE_RECORD_OUTPUT,
+    recordId: {
+      type: 'string',
+      description: 'The record primary key ID (auto-detected from response)',
+      optional: true,
+    },
+    success: { type: 'boolean', description: 'Whether the record was retrieved successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/index.ts

@@ -0,0 +1,17 @@
+export { dataverseAssociateTool } from './associate'
+export { dataverseCreateMultipleTool } from './create_multiple'
+export { dataverseCreateRecordTool } from './create_record'
+export { dataverseDeleteRecordTool } from './delete_record'
+export { dataverseDisassociateTool } from './disassociate'
+export { dataverseDownloadFileTool } from './download_file'
+export { dataverseExecuteActionTool } from './execute_action'
+export { dataverseExecuteFunctionTool } from './execute_function'
+export { dataverseFetchXmlQueryTool } from './fetchxml_query'
+export { dataverseGetRecordTool } from './get_record'
+export { dataverseListRecordsTool } from './list_records'
+export { dataverseSearchTool } from './search'
+export { dataverseUpdateMultipleTool } from './update_multiple'
+export { dataverseUpdateRecordTool } from './update_record'
+export { dataverseUploadFileTool } from './upload_file'
+export { dataverseUpsertRecordTool } from './upsert_record'
+export { dataverseWhoAmITool } from './whoami'

apps/sim/tools/microsoft_dataverse/list_records.ts

@@ -0,0 +1,146 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseListRecordsParams,
+  DataverseListRecordsResponse,
+} from '@/tools/microsoft_dataverse/types'
+import { DATAVERSE_RECORDS_ARRAY_OUTPUT } from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseListRecords')
+
+export const dataverseListRecordsTool: ToolConfig<
+  DataverseListRecordsParams,
+  DataverseListRecordsResponse
+> = {
+  id: 'microsoft_dataverse_list_records',
+  name: 'List Microsoft Dataverse Records',
+  description:
+    'Query and list records from a Microsoft Dataverse table. Supports OData query options for filtering, selecting columns, ordering, and pagination.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    select: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Comma-separated list of columns to return (OData $select)',
+    },
+    filter: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'OData $filter expression (e.g., statecode eq 0)',
+    },
+    orderBy: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'OData $orderby expression (e.g., name asc, createdon desc)',
+    },
+    top: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Maximum number of records to return (OData $top)',
+    },
+    expand: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Navigation properties to expand (OData $expand)',
+    },
+    count: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Set to "true" to include total record count in response (OData $count)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      const queryParts: string[] = []
+      if (params.select) queryParts.push(`$select=${params.select}`)
+      if (params.filter) queryParts.push(`$filter=${params.filter}`)
+      if (params.orderBy) queryParts.push(`$orderby=${params.orderBy}`)
+      if (params.top) queryParts.push(`$top=${params.top}`)
+      if (params.expand) queryParts.push(`$expand=${params.expand}`)
+      if (params.count) queryParts.push(`$count=${params.count}`)
+      const query = queryParts.length > 0 ? `?${queryParts.join('&')}` : ''
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}${query}`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      Prefer: 'odata.include-annotations="*",odata.maxpagesize=100',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse list records failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json()
+    const records = data.value ?? []
+    const nextLink = data['@odata.nextLink'] ?? null
+    const totalCount = data['@odata.count'] ?? null
+
+    return {
+      success: true,
+      output: {
+        records,
+        count: records.length,
+        totalCount,
+        nextLink,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    records: DATAVERSE_RECORDS_ARRAY_OUTPUT,
+    count: { type: 'number', description: 'Number of records returned in the current page' },
+    totalCount: {
+      type: 'number',
+      description: 'Total number of matching records server-side (requires $count=true)',
+      optional: true,
+    },
+    nextLink: {
+      type: 'string',
+      description: 'URL for the next page of results',
+      optional: true,
+    },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/search.ts

@@ -0,0 +1,206 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseSearchParams,
+  DataverseSearchResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseSearch')
+
+export const dataverseSearchTool: ToolConfig<DataverseSearchParams, DataverseSearchResponse> = {
+  id: 'microsoft_dataverse_search',
+  name: 'Search Microsoft Dataverse',
+  description:
+    'Perform a full-text relevance search across Microsoft Dataverse tables. Requires Dataverse Search to be enabled on the environment. Supports simple and Lucene query syntax.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    searchTerm: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Search text (1-100 chars). Supports simple syntax: + (AND), | (OR), - (NOT), * (wildcard), "exact phrase"',
+    },
+    entities: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'JSON array of search entity configs. Each object: {"Name":"account","SelectColumns":["name"],"SearchColumns":["name"],"Filter":"statecode eq 0"}',
+    },
+    filter: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Global OData filter applied across all entities (e.g., "createdon gt 2024-01-01")',
+    },
+    facets: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'JSON array of facet specifications (e.g., ["entityname,count:100","ownerid,count:100"])',
+    },
+    top: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Maximum number of results (default: 50, max: 100)',
+    },
+    skip: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Number of results to skip for pagination',
+    },
+    orderBy: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'JSON array of sort expressions (e.g., ["createdon desc"])',
+    },
+    searchMode: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Search mode: "any" (default, match any term) or "all" (match all terms)',
+    },
+    searchType: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description:
+        'Query type: "simple" (default) or "lucene" (enables regex, fuzzy, proximity, boosting)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/searchquery`
+    },
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+    body: (params) => {
+      const body: Record<string, unknown> = {
+        search: params.searchTerm,
+        count: true,
+      }
+      if (params.entities) body.entities = params.entities
+      if (params.filter) body.filter = params.filter
+      if (params.facets) body.facets = params.facets
+      if (params.top) body.top = params.top
+      if (params.skip) body.skip = params.skip
+      if (params.orderBy) body.orderby = params.orderBy
+
+      const options: Record<string, string> = {}
+      if (params.searchMode) options.searchmode = params.searchMode
+      if (params.searchType) options.querytype = params.searchType
+      if (Object.keys(options).length > 0) {
+        body.options = JSON.stringify(options).replace(/"/g, "'")
+      }
+
+      return body
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse search failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json()
+    let parsedResponse = data.response
+    if (typeof parsedResponse === 'string') {
+      try {
+        parsedResponse = JSON.parse(parsedResponse)
+      } catch {
+        parsedResponse = {}
+      }
+    }
+
+    const results = parsedResponse?.Value ?? []
+    const totalCount = parsedResponse?.Count ?? 0
+    const facets = parsedResponse?.Facets ?? null
+
+    return {
+      success: true,
+      output: {
+        results,
+        totalCount,
+        count: results.length,
+        facets,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    results: {
+      type: 'array',
+      description: 'Array of search result objects',
+      items: {
+        type: 'object',
+        properties: {
+          Id: { type: 'string', description: 'Record GUID' },
+          EntityName: {
+            type: 'string',
+            description: 'Table logical name (e.g., account, contact)',
+          },
+          ObjectTypeCode: { type: 'number', description: 'Entity type code' },
+          Attributes: {
+            type: 'object',
+            description: 'Record attributes matching the search. Keys are column logical names.',
+          },
+          Highlights: {
+            type: 'object',
+            description:
+              'Highlighted search matches. Keys are column names, values are arrays of strings with {crmhit}/{/crmhit} markers.',
+            optional: true,
+          },
+          Score: { type: 'number', description: 'Relevance score for this result' },
+        },
+      },
+    },
+    totalCount: {
+      type: 'number',
+      description: 'Total number of matching records across all tables',
+    },
+    count: { type: 'number', description: 'Number of results returned in this page' },
+    facets: {
+      type: 'object',
+      description:
+        'Facet results when facets were requested. Keys are facet names, values are arrays of facet value objects with count and value properties.',
+      optional: true,
+    },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/types.ts

@@ -0,0 +1,367 @@
+import type { OutputProperty, ToolResponse } from '@/tools/types'
+
+/**
+ * Microsoft Dataverse Web API types.
+ * @see https://learn.microsoft.com/en-us/power-apps/developer/data-platform/webapi/overview
+ */
+
+/**
+ * Dataverse record output definition.
+ * Dataverse records are dynamic (user-defined tables), so columns vary by table.
+ * Every record includes OData metadata fields such as `@odata.etag`.
+ * @see https://learn.microsoft.com/en-us/power-apps/developer/data-platform/webapi/retrieve-entity-using-web-api
+ */
+export const DATAVERSE_RECORD_OUTPUT: OutputProperty = {
+  type: 'object',
+  description:
+    'Dataverse record object. Contains dynamic columns based on the queried table, plus OData metadata fields.',
+  properties: {
+    '@odata.context': {
+      type: 'string',
+      description: 'OData context URL describing the entity type and properties returned',
+      optional: true,
+    },
+    '@odata.etag': {
+      type: 'string',
+      description: 'OData entity tag for concurrency control (e.g., W/"12345")',
+      optional: true,
+    },
+  },
+}
+
+/**
+ * Array of Dataverse records output definition for list endpoints.
+ * Each item mirrors `DATAVERSE_RECORD_OUTPUT`.
+ * @see https://learn.microsoft.com/en-us/power-apps/developer/data-platform/webapi/query-data-web-api
+ */
+export const DATAVERSE_RECORDS_ARRAY_OUTPUT: OutputProperty = {
+  type: 'array',
+  description:
+    'Array of Dataverse records. Each record has dynamic columns based on the table schema.',
+  items: {
+    type: 'object',
+    description: 'A single Dataverse record with dynamic columns based on the table schema',
+    properties: {
+      '@odata.etag': {
+        type: 'string',
+        description: 'OData entity tag for concurrency control (e.g., W/"12345")',
+        optional: true,
+      },
+    },
+  },
+}
+
+export interface DataverseCreateRecordParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  data: Record<string, unknown>
+}
+
+export interface DataverseGetRecordParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  select?: string
+  expand?: string
+}
+
+export interface DataverseUpdateRecordParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  data: Record<string, unknown>
+}
+
+export interface DataverseDeleteRecordParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+}
+
+export interface DataverseListRecordsParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  select?: string
+  filter?: string
+  orderBy?: string
+  top?: number
+  expand?: string
+  count?: string
+}
+
+export interface DataverseCreateRecordResponse extends ToolResponse {
+  output: {
+    recordId: string
+    record: Record<string, unknown>
+    success: boolean
+  }
+}
+
+export interface DataverseGetRecordResponse extends ToolResponse {
+  output: {
+    record: Record<string, unknown>
+    recordId: string
+    success: boolean
+  }
+}
+
+export interface DataverseUpdateRecordResponse extends ToolResponse {
+  output: {
+    recordId: string
+    success: boolean
+  }
+}
+
+export interface DataverseDeleteRecordResponse extends ToolResponse {
+  output: {
+    recordId: string
+    success: boolean
+  }
+}
+
+export interface DataverseListRecordsResponse extends ToolResponse {
+  output: {
+    records: Record<string, unknown>[]
+    count: number
+    totalCount: number | null
+    nextLink: string | null
+    success: boolean
+  }
+}
+
+export interface DataverseUpsertRecordParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  data: Record<string, unknown>
+}
+
+export interface DataverseUpsertRecordResponse extends ToolResponse {
+  output: {
+    recordId: string
+    created: boolean
+    record: Record<string, unknown> | null
+    success: boolean
+  }
+}
+
+export interface DataverseWhoAmIParams {
+  accessToken: string
+  environmentUrl: string
+}
+
+export interface DataverseWhoAmIResponse extends ToolResponse {
+  output: {
+    userId: string
+    businessUnitId: string
+    organizationId: string
+    success: boolean
+  }
+}
+
+export interface DataverseAssociateParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  navigationProperty: string
+  targetEntitySetName: string
+  targetRecordId: string
+  navigationType?: 'collection' | 'single'
+}
+
+export interface DataverseAssociateResponse extends ToolResponse {
+  output: {
+    success: boolean
+    entitySetName: string
+    recordId: string
+    navigationProperty: string
+    targetEntitySetName: string
+    targetRecordId: string
+  }
+}
+
+export interface DataverseDisassociateParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  navigationProperty: string
+  targetRecordId?: string
+}
+
+export interface DataverseDisassociateResponse extends ToolResponse {
+  output: {
+    success: boolean
+    entitySetName: string
+    recordId: string
+    navigationProperty: string
+    targetRecordId?: string
+  }
+}
+
+export interface DataverseFetchXmlQueryParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  fetchXml: string
+}
+
+export interface DataverseFetchXmlQueryResponse extends ToolResponse {
+  output: {
+    records: Record<string, unknown>[]
+    count: number
+    fetchXmlPagingCookie: string | null
+    moreRecords: boolean
+    success: boolean
+  }
+}
+
+export interface DataverseExecuteActionParams {
+  accessToken: string
+  environmentUrl: string
+  actionName: string
+  entitySetName?: string
+  recordId?: string
+  parameters?: Record<string, unknown>
+}
+
+export interface DataverseExecuteActionResponse extends ToolResponse {
+  output: {
+    result: Record<string, unknown> | null
+    success: boolean
+  }
+}
+
+export interface DataverseExecuteFunctionParams {
+  accessToken: string
+  environmentUrl: string
+  functionName: string
+  entitySetName?: string
+  recordId?: string
+  parameters?: string
+}
+
+export interface DataverseExecuteFunctionResponse extends ToolResponse {
+  output: {
+    result: Record<string, unknown> | null
+    success: boolean
+  }
+}
+
+export interface DataverseCreateMultipleParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  entityLogicalName: string
+  records: Record<string, unknown>[]
+}
+
+export interface DataverseCreateMultipleResponse extends ToolResponse {
+  output: {
+    ids: string[]
+    count: number
+    success: boolean
+  }
+}
+
+export interface DataverseUpdateMultipleParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  entityLogicalName: string
+  records: Record<string, unknown>[]
+}
+
+export interface DataverseUpdateMultipleResponse extends ToolResponse {
+  output: {
+    success: boolean
+  }
+}
+
+export interface DataverseUploadFileParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  fileColumn: string
+  fileName: string
+  file?: unknown
+  fileContent?: string
+}
+
+export interface DataverseUploadFileResponse extends ToolResponse {
+  output: {
+    recordId: string
+    fileColumn: string
+    fileName: string
+    success: boolean
+  }
+}
+
+export interface DataverseDownloadFileParams {
+  accessToken: string
+  environmentUrl: string
+  entitySetName: string
+  recordId: string
+  fileColumn: string
+}
+
+export interface DataverseDownloadFileResponse extends ToolResponse {
+  output: {
+    fileContent: string
+    fileName: string
+    fileSize: number
+    mimeType: string
+    success: boolean
+  }
+}
+
+export interface DataverseSearchParams {
+  accessToken: string
+  environmentUrl: string
+  searchTerm: string
+  entities?: string
+  filter?: string
+  facets?: string
+  top?: number
+  skip?: number
+  orderBy?: string
+  searchMode?: string
+  searchType?: string
+}
+
+export interface DataverseSearchResponse extends ToolResponse {
+  output: {
+    results: Record<string, unknown>[]
+    totalCount: number
+    count: number
+    facets: Record<string, unknown> | null
+    success: boolean
+  }
+}
+
+export type DataverseResponse =
+  | DataverseCreateRecordResponse
+  | DataverseGetRecordResponse
+  | DataverseUpdateRecordResponse
+  | DataverseDeleteRecordResponse
+  | DataverseListRecordsResponse
+  | DataverseUpsertRecordResponse
+  | DataverseWhoAmIResponse
+  | DataverseAssociateResponse
+  | DataverseDisassociateResponse
+  | DataverseFetchXmlQueryResponse
+  | DataverseExecuteActionResponse
+  | DataverseExecuteFunctionResponse
+  | DataverseCreateMultipleResponse
+  | DataverseUpdateMultipleResponse
+  | DataverseUploadFileResponse
+  | DataverseDownloadFileResponse
+  | DataverseSearchResponse

apps/sim/tools/microsoft_dataverse/update_multiple.ts

@@ -0,0 +1,112 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseUpdateMultipleParams,
+  DataverseUpdateMultipleResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseUpdateMultiple')
+
+export const dataverseUpdateMultipleTool: ToolConfig<
+  DataverseUpdateMultipleParams,
+  DataverseUpdateMultipleResponse
+> = {
+  id: 'microsoft_dataverse_update_multiple',
+  name: 'Update Multiple Microsoft Dataverse Records',
+  description:
+    'Update multiple records of the same table type in a single request. Each record must include its primary key. Only include columns that need to be changed. Recommended batch size: 100-1000 records.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    entityLogicalName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Table logical name for @odata.type annotation (e.g., account, contact). Used to set Microsoft.Dynamics.CRM.{entityLogicalName} on each record.',
+    },
+    records: {
+      type: 'object',
+      required: true,
+      visibility: 'user-or-llm',
+      description:
+        'Array of record objects to update. Each record must include its primary key (e.g., accountid) and only the columns being changed. The @odata.type annotation is added automatically.',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}/Microsoft.Dynamics.CRM.UpdateMultiple`
+    },
+    method: 'POST',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+    body: (params) => {
+      let records = params.records
+      if (typeof records === 'string') {
+        try {
+          records = JSON.parse(records)
+        } catch {
+          throw new Error('Invalid JSON format for records array')
+        }
+      }
+      if (!Array.isArray(records)) {
+        throw new Error('Records must be an array of objects')
+      }
+      const targets = records.map((record: Record<string, unknown>) => ({
+        ...record,
+        '@odata.type': `Microsoft.Dynamics.CRM.${params.entityLogicalName}`,
+      }))
+      return { Targets: targets }
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse update multiple failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    return {
+      success: true,
+      output: {
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    success: { type: 'boolean', description: 'Whether all records were updated successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/update_record.ts

@@ -0,0 +1,106 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseUpdateRecordParams,
+  DataverseUpdateRecordResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseUpdateRecord')
+
+export const dataverseUpdateRecordTool: ToolConfig<
+  DataverseUpdateRecordParams,
+  DataverseUpdateRecordResponse
+> = {
+  id: 'microsoft_dataverse_update_record',
+  name: 'Update Microsoft Dataverse Record',
+  description:
+    'Update an existing record in a Microsoft Dataverse table. Only send the columns you want to change.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The unique identifier (GUID) of the record to update',
+    },
+    data: {
+      type: 'object',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Record data to update as a JSON object with column names as keys',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})`
+    },
+    method: 'PATCH',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      'If-Match': '*',
+    }),
+    body: (params) => {
+      let data = params.data
+      if (typeof data === 'string') {
+        try {
+          data = JSON.parse(data)
+        } catch {
+          throw new Error('Invalid JSON format for record data')
+        }
+      }
+      return data
+    },
+  },
+
+  transformResponse: async (response: Response, params?: DataverseUpdateRecordParams) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse update record failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    return {
+      success: true,
+      output: {
+        recordId: params?.recordId ?? '',
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    recordId: { type: 'string', description: 'The ID of the updated record' },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/upload_file.ts

@@ -0,0 +1,107 @@
+import type {
+  DataverseUploadFileParams,
+  DataverseUploadFileResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+export const dataverseUploadFileTool: ToolConfig<
+  DataverseUploadFileParams,
+  DataverseUploadFileResponse
+> = {
+  id: 'microsoft_dataverse_upload_file',
+  name: 'Upload File to Microsoft Dataverse',
+  description:
+    'Upload a file to a file or image column on a Dataverse record. Supports single-request upload for files up to 128 MB. The file content must be provided as a base64-encoded string.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Record GUID to upload the file to',
+    },
+    fileColumn: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'File or image column logical name (e.g., entityimage, cr_document)',
+    },
+    fileName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Name of the file being uploaded (e.g., document.pdf)',
+    },
+    file: {
+      type: 'file',
+      required: false,
+      visibility: 'user-only',
+      description: 'File to upload (UserFile object)',
+    },
+    fileContent: {
+      type: 'string',
+      required: false,
+      visibility: 'hidden',
+      description: 'Base64-encoded file content (legacy)',
+    },
+  },
+
+  request: {
+    url: '/api/tools/microsoft-dataverse/upload-file',
+    method: 'POST',
+    headers: () => ({
+      'Content-Type': 'application/json',
+    }),
+    body: (params) => ({
+      accessToken: params.accessToken,
+      environmentUrl: params.environmentUrl,
+      entitySetName: params.entitySetName,
+      recordId: params.recordId,
+      fileColumn: params.fileColumn,
+      fileName: params.fileName,
+      file: params.file,
+      fileContent: params.fileContent,
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    if (!data.success) {
+      throw new Error(data.error || 'Dataverse upload file failed')
+    }
+
+    return {
+      success: true,
+      output: data.output,
+    }
+  },
+
+  outputs: {
+    recordId: { type: 'string', description: 'Record GUID the file was uploaded to' },
+    fileColumn: { type: 'string', description: 'File column the file was uploaded to' },
+    fileName: { type: 'string', description: 'Name of the uploaded file' },
+    success: { type: 'boolean', description: 'Whether the file was uploaded successfully' },
+  },
+}

apps/sim/tools/microsoft_dataverse/upsert_record.ts

@@ -0,0 +1,114 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseUpsertRecordParams,
+  DataverseUpsertRecordResponse,
+} from '@/tools/microsoft_dataverse/types'
+import { DATAVERSE_RECORD_OUTPUT } from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseUpsertRecord')
+
+export const dataverseUpsertRecordTool: ToolConfig<
+  DataverseUpsertRecordParams,
+  DataverseUpsertRecordResponse
+> = {
+  id: 'microsoft_dataverse_upsert_record',
+  name: 'Upsert Microsoft Dataverse Record',
+  description:
+    'Create or update a record in a Microsoft Dataverse table. If a record with the given ID exists, it is updated; otherwise, a new record is created.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+    entitySetName: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Entity set name (plural table name, e.g., accounts, contacts)',
+    },
+    recordId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The unique identifier (GUID) of the record to upsert',
+    },
+    data: {
+      type: 'object',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Record data as a JSON object with column names as keys',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/${params.entitySetName}(${params.recordId})`
+    },
+    method: 'PATCH',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'Content-Type': 'application/json',
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+      Prefer: 'return=representation',
+    }),
+    body: (params) => {
+      let data = params.data
+      if (typeof data === 'string') {
+        try {
+          data = JSON.parse(data)
+        } catch {
+          throw new Error('Invalid JSON format for record data')
+        }
+      }
+      return data
+    },
+  },
+
+  transformResponse: async (response: Response, params?: DataverseUpsertRecordParams) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse upsert record failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const created = response.status === 201
+    const data = await response.json().catch(() => null)
+
+    return {
+      success: true,
+      output: {
+        recordId: params?.recordId ?? '',
+        created,
+        record: data,
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    recordId: { type: 'string', description: 'The ID of the upserted record' },
+    created: { type: 'boolean', description: 'True if the record was created, false if updated' },
+    record: { ...DATAVERSE_RECORD_OUTPUT, optional: true },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/microsoft_dataverse/whoami.ts

@@ -0,0 +1,78 @@
+import { createLogger } from '@sim/logger'
+import type {
+  DataverseWhoAmIParams,
+  DataverseWhoAmIResponse,
+} from '@/tools/microsoft_dataverse/types'
+import type { ToolConfig } from '@/tools/types'
+
+const logger = createLogger('DataverseWhoAmI')
+
+export const dataverseWhoAmITool: ToolConfig<DataverseWhoAmIParams, DataverseWhoAmIResponse> = {
+  id: 'microsoft_dataverse_whoami',
+  name: 'Microsoft Dataverse WhoAmI',
+  description:
+    'Retrieve the current authenticated user information from Microsoft Dataverse. Useful for testing connectivity and getting the user ID, business unit ID, and organization ID.',
+  version: '1.0.0',
+
+  oauth: { required: true, provider: 'microsoft-dataverse' },
+  errorExtractor: 'nested-error-object',
+
+  params: {
+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',
+      description: 'OAuth access token for Microsoft Dataverse API',
+    },
+    environmentUrl: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Dataverse environment URL (e.g., https://myorg.crm.dynamics.com)',
+    },
+  },
+
+  request: {
+    url: (params) => {
+      const baseUrl = params.environmentUrl.replace(/\/$/, '')
+      return `${baseUrl}/api/data/v9.2/WhoAmI()`
+    },
+    method: 'GET',
+    headers: (params) => ({
+      Authorization: `Bearer ${params.accessToken}`,
+      'OData-MaxVersion': '4.0',
+      'OData-Version': '4.0',
+      Accept: 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      const errorMessage =
+        errorData?.error?.message ??
+        `Dataverse API error: ${response.status} ${response.statusText}`
+      logger.error('Dataverse WhoAmI failed', { errorData, status: response.status })
+      throw new Error(errorMessage)
+    }
+
+    const data = await response.json()
+
+    return {
+      success: true,
+      output: {
+        userId: data.UserId ?? '',
+        businessUnitId: data.BusinessUnitId ?? '',
+        organizationId: data.OrganizationId ?? '',
+        success: true,
+      },
+    }
+  },
+
+  outputs: {
+    userId: { type: 'string', description: 'The authenticated user ID' },
+    businessUnitId: { type: 'string', description: 'The business unit ID' },
+    organizationId: { type: 'string', description: 'The organization ID' },
+    success: { type: 'boolean', description: 'Operation success status' },
+  },
+}

apps/sim/tools/registry.ts

@@ -110,6 +110,21 @@ import {
   clerkRevokeSessionTool,
   clerkUpdateUserTool,
 } from '@/tools/clerk'
+import {
+  cloudflareCreateDnsRecordTool,
+  cloudflareCreateZoneTool,
+  cloudflareDeleteDnsRecordTool,
+  cloudflareDeleteZoneTool,
+  cloudflareDnsAnalyticsTool,
+  cloudflareGetZoneSettingsTool,
+  cloudflareGetZoneTool,
+  cloudflareListCertificatesTool,
+  cloudflareListDnsRecordsTool,
+  cloudflareListZonesTool,
+  cloudflarePurgeCacheTool,
+  cloudflareUpdateDnsRecordTool,
+  cloudflareUpdateZoneSettingTool,
+} from '@/tools/cloudflare'
 import {
   confluenceAddLabelTool,
   confluenceCreateBlogPostTool,
@@ -1074,6 +1089,25 @@ import {
 } from '@/tools/mailgun'
 import { mem0AddMemoriesTool, mem0GetMemoriesTool, mem0SearchMemoriesTool } from '@/tools/mem0'
 import { memoryAddTool, memoryDeleteTool, memoryGetAllTool, memoryGetTool } from '@/tools/memory'
+import {
+  dataverseAssociateTool,
+  dataverseCreateMultipleTool,
+  dataverseCreateRecordTool,
+  dataverseDeleteRecordTool,
+  dataverseDisassociateTool,
+  dataverseDownloadFileTool,
+  dataverseExecuteActionTool,
+  dataverseExecuteFunctionTool,
+  dataverseFetchXmlQueryTool,
+  dataverseGetRecordTool,
+  dataverseListRecordsTool,
+  dataverseSearchTool,
+  dataverseUpdateMultipleTool,
+  dataverseUpdateRecordTool,
+  dataverseUploadFileTool,
+  dataverseUpsertRecordTool,
+  dataverseWhoAmITool,
+} from '@/tools/microsoft_dataverse'
 import {
   microsoftExcelReadTool,
   microsoftExcelReadV2Tool,
@@ -1693,6 +1727,58 @@ import {
   typeformUpdateFormTool,
 } from '@/tools/typeform'
 import type { ToolConfig } from '@/tools/types'
+import {
+  vercelAddDomainTool,
+  vercelAddProjectDomainTool,
+  vercelCancelDeploymentTool,
+  vercelCreateAliasTool,
+  vercelCreateCheckTool,
+  vercelCreateDeploymentTool,
+  vercelCreateDnsRecordTool,
+  vercelCreateEdgeConfigTool,
+  vercelCreateEnvVarTool,
+  vercelCreateProjectTool,
+  vercelCreateWebhookTool,
+  vercelDeleteAliasTool,
+  vercelDeleteDeploymentTool,
+  vercelDeleteDnsRecordTool,
+  vercelDeleteDomainTool,
+  vercelDeleteEnvVarTool,
+  vercelDeleteProjectTool,
+  vercelDeleteWebhookTool,
+  vercelGetAliasTool,
+  vercelGetCheckTool,
+  vercelGetDeploymentEventsTool,
+  vercelGetDeploymentTool,
+  vercelGetDomainConfigTool,
+  vercelGetDomainTool,
+  vercelGetEdgeConfigItemsTool,
+  vercelGetEdgeConfigTool,
+  vercelGetEnvVarsTool,
+  vercelGetProjectTool,
+  vercelGetTeamTool,
+  vercelGetUserTool,
+  vercelListAliasesTool,
+  vercelListChecksTool,
+  vercelListDeploymentFilesTool,
+  vercelListDeploymentsTool,
+  vercelListDnsRecordsTool,
+  vercelListDomainsTool,
+  vercelListEdgeConfigsTool,
+  vercelListProjectDomainsTool,
+  vercelListProjectsTool,
+  vercelListTeamMembersTool,
+  vercelListTeamsTool,
+  vercelListWebhooksTool,
+  vercelPauseProjectTool,
+  vercelRemoveProjectDomainTool,
+  vercelRerequestCheckTool,
+  vercelUnpauseProjectTool,
+  vercelUpdateCheckTool,
+  vercelUpdateEdgeConfigItemsTool,
+  vercelUpdateEnvVarTool,
+  vercelUpdateProjectTool,
+} from '@/tools/vercel'
 import {
   falaiVideoTool,
   lumaVideoTool,
@@ -2700,6 +2786,66 @@ export const tools: Record<string, ToolConfig> = {
   trello_update_card: trelloUpdateCardTool,
   trello_get_actions: trelloGetActionsTool,
   trello_add_comment: trelloAddCommentTool,
+  // Vercel - Deployments
+  vercel_list_deployments: vercelListDeploymentsTool,
+  vercel_get_deployment: vercelGetDeploymentTool,
+  vercel_create_deployment: vercelCreateDeploymentTool,
+  vercel_cancel_deployment: vercelCancelDeploymentTool,
+  vercel_delete_deployment: vercelDeleteDeploymentTool,
+  vercel_get_deployment_events: vercelGetDeploymentEventsTool,
+  vercel_list_deployment_files: vercelListDeploymentFilesTool,
+  // Vercel - Projects
+  vercel_list_projects: vercelListProjectsTool,
+  vercel_get_project: vercelGetProjectTool,
+  vercel_create_project: vercelCreateProjectTool,
+  vercel_update_project: vercelUpdateProjectTool,
+  vercel_delete_project: vercelDeleteProjectTool,
+  vercel_pause_project: vercelPauseProjectTool,
+  vercel_unpause_project: vercelUnpauseProjectTool,
+  vercel_list_project_domains: vercelListProjectDomainsTool,
+  vercel_add_project_domain: vercelAddProjectDomainTool,
+  vercel_remove_project_domain: vercelRemoveProjectDomainTool,
+  // Vercel - Environment Variables
+  vercel_get_env_vars: vercelGetEnvVarsTool,
+  vercel_create_env_var: vercelCreateEnvVarTool,
+  vercel_update_env_var: vercelUpdateEnvVarTool,
+  vercel_delete_env_var: vercelDeleteEnvVarTool,
+  // Vercel - Domains
+  vercel_list_domains: vercelListDomainsTool,
+  vercel_get_domain: vercelGetDomainTool,
+  vercel_add_domain: vercelAddDomainTool,
+  vercel_delete_domain: vercelDeleteDomainTool,
+  vercel_get_domain_config: vercelGetDomainConfigTool,
+  // Vercel - DNS
+  vercel_list_dns_records: vercelListDnsRecordsTool,
+  vercel_create_dns_record: vercelCreateDnsRecordTool,
+  vercel_delete_dns_record: vercelDeleteDnsRecordTool,
+  // Vercel - Aliases
+  vercel_list_aliases: vercelListAliasesTool,
+  vercel_get_alias: vercelGetAliasTool,
+  vercel_create_alias: vercelCreateAliasTool,
+  vercel_delete_alias: vercelDeleteAliasTool,
+  // Vercel - Edge Config
+  vercel_list_edge_configs: vercelListEdgeConfigsTool,
+  vercel_get_edge_config: vercelGetEdgeConfigTool,
+  vercel_create_edge_config: vercelCreateEdgeConfigTool,
+  vercel_get_edge_config_items: vercelGetEdgeConfigItemsTool,
+  vercel_update_edge_config_items: vercelUpdateEdgeConfigItemsTool,
+  // Vercel - Teams & User
+  vercel_list_teams: vercelListTeamsTool,
+  vercel_get_team: vercelGetTeamTool,
+  vercel_list_team_members: vercelListTeamMembersTool,
+  vercel_get_user: vercelGetUserTool,
+  // Webhooks
+  vercel_list_webhooks: vercelListWebhooksTool,
+  vercel_create_webhook: vercelCreateWebhookTool,
+  vercel_delete_webhook: vercelDeleteWebhookTool,
+  // Checks
+  vercel_create_check: vercelCreateCheckTool,
+  vercel_get_check: vercelGetCheckTool,
+  vercel_list_checks: vercelListChecksTool,
+  vercel_update_check: vercelUpdateCheckTool,
+  vercel_rerequest_check: vercelRerequestCheckTool,
   twilio_send_sms: sendSMSTool,
   twilio_voice_make_call: makeCallTool,
   twilio_voice_list_calls: listCallsTool,
@@ -2822,6 +2968,19 @@ export const tools: Record<string, ToolConfig> = {
   clerk_list_sessions: clerkListSessionsTool,
   clerk_get_session: clerkGetSessionTool,
   clerk_revoke_session: clerkRevokeSessionTool,
+  cloudflare_list_zones: cloudflareListZonesTool,
+  cloudflare_get_zone: cloudflareGetZoneTool,
+  cloudflare_create_zone: cloudflareCreateZoneTool,
+  cloudflare_delete_zone: cloudflareDeleteZoneTool,
+  cloudflare_list_dns_records: cloudflareListDnsRecordsTool,
+  cloudflare_create_dns_record: cloudflareCreateDnsRecordTool,
+  cloudflare_update_dns_record: cloudflareUpdateDnsRecordTool,
+  cloudflare_delete_dns_record: cloudflareDeleteDnsRecordTool,
+  cloudflare_list_certificates: cloudflareListCertificatesTool,
+  cloudflare_get_zone_settings: cloudflareGetZoneSettingsTool,
+  cloudflare_update_zone_setting: cloudflareUpdateZoneSettingTool,
+  cloudflare_dns_analytics: cloudflareDnsAnalyticsTool,
+  cloudflare_purge_cache: cloudflarePurgeCacheTool,
   discord_send_message: discordSendMessageTool,
   discord_get_messages: discordGetMessagesTool,
   discord_get_server: discordGetServerTool,
@@ -3002,6 +3161,23 @@ export const tools: Record<string, ToolConfig> = {
   onedrive_download: onedriveDownloadTool,
   onedrive_list: onedriveListTool,
   onedrive_upload: onedriveUploadTool,
+  microsoft_dataverse_associate: dataverseAssociateTool,
+  microsoft_dataverse_create_multiple: dataverseCreateMultipleTool,
+  microsoft_dataverse_create_record: dataverseCreateRecordTool,
+  microsoft_dataverse_delete_record: dataverseDeleteRecordTool,
+  microsoft_dataverse_disassociate: dataverseDisassociateTool,
+  microsoft_dataverse_download_file: dataverseDownloadFileTool,
+  microsoft_dataverse_execute_action: dataverseExecuteActionTool,
+  microsoft_dataverse_execute_function: dataverseExecuteFunctionTool,
+  microsoft_dataverse_fetchxml_query: dataverseFetchXmlQueryTool,
+  microsoft_dataverse_get_record: dataverseGetRecordTool,
+  microsoft_dataverse_list_records: dataverseListRecordsTool,
+  microsoft_dataverse_search: dataverseSearchTool,
+  microsoft_dataverse_update_multiple: dataverseUpdateMultipleTool,
+  microsoft_dataverse_update_record: dataverseUpdateRecordTool,
+  microsoft_dataverse_upload_file: dataverseUploadFileTool,
+  microsoft_dataverse_upsert_record: dataverseUpsertRecordTool,
+  microsoft_dataverse_whoami: dataverseWhoAmITool,
   microsoft_excel_read: microsoftExcelReadTool,
   microsoft_excel_write: microsoftExcelWriteTool,
   microsoft_excel_table_add: microsoftExcelTableAddTool,

apps/sim/tools/vercel/add_domain.ts

@@ -0,0 +1,84 @@
+import type { ToolConfig } from '@/tools/types'
+import type { VercelAddDomainParams, VercelAddDomainResponse } from '@/tools/vercel/types'
+
+export const vercelAddDomainTool: ToolConfig<VercelAddDomainParams, VercelAddDomainResponse> = {
+  id: 'vercel_add_domain',
+  name: 'Vercel Add Domain',
+  description: 'Add a new domain to a Vercel account or team',
+  version: '1.0.0',
+
+  params: {
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Vercel Access Token',
+    },
+    name: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The domain name to add',
+    },
+    teamId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Team ID to scope the request',
+    },
+  },
+
+  request: {
+    url: (params: VercelAddDomainParams) => {
+      const query = new URLSearchParams()
+      if (params.teamId) query.set('teamId', params.teamId.trim())
+      const qs = query.toString()
+      return `https://api.vercel.com/v7/domains${qs ? `?${qs}` : ''}`
+    },
+    method: 'POST',
+    headers: (params: VercelAddDomainParams) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+    body: (params: VercelAddDomainParams) => ({
+      method: 'add',
+      name: params.name.trim(),
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+    const d = data.domain ?? data
+
+    return {
+      success: true,
+      output: {
+        id: d.id ?? null,
+        name: d.name ?? null,
+        verified: d.verified ?? false,
+        createdAt: d.createdAt ?? null,
+        serviceType: d.serviceType ?? null,
+        nameservers: d.nameservers ?? [],
+        intendedNameservers: d.intendedNameservers ?? [],
+      },
+    }
+  },
+
+  outputs: {
+    id: { type: 'string', description: 'Domain ID' },
+    name: { type: 'string', description: 'Domain name' },
+    verified: { type: 'boolean', description: 'Whether domain is verified' },
+    createdAt: { type: 'number', description: 'Creation timestamp' },
+    serviceType: { type: 'string', description: 'Service type (zeit.world, external, na)' },
+    nameservers: {
+      type: 'array',
+      description: 'Current nameservers',
+      items: { type: 'string' },
+    },
+    intendedNameservers: {
+      type: 'array',
+      description: 'Intended nameservers',
+      items: { type: 'string' },
+    },
+  },
+}

apps/sim/tools/vercel/add_project_domain.ts

@@ -0,0 +1,113 @@
+import type { ToolConfig } from '@/tools/types'
+import type {
+  VercelAddProjectDomainParams,
+  VercelAddProjectDomainResponse,
+} from '@/tools/vercel/types'
+
+export const vercelAddProjectDomainTool: ToolConfig<
+  VercelAddProjectDomainParams,
+  VercelAddProjectDomainResponse
+> = {
+  id: 'vercel_add_project_domain',
+  name: 'Vercel Add Project Domain',
+  description: 'Add a domain to a Vercel project',
+  version: '1.0.0',
+
+  params: {
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Vercel Access Token',
+    },
+    projectId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Project ID or name',
+    },
+    domain: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Domain name to add',
+    },
+    redirect: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Target domain for redirect',
+    },
+    redirectStatusCode: {
+      type: 'number',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'HTTP status code for redirect (301, 302, 307, 308)',
+    },
+    gitBranch: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Git branch to link the domain to',
+    },
+    teamId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Team ID to scope the request',
+    },
+  },
+
+  request: {
+    url: (params: VercelAddProjectDomainParams) => {
+      const query = new URLSearchParams()
+      if (params.teamId) query.set('teamId', params.teamId.trim())
+      const qs = query.toString()
+      return `https://api.vercel.com/v10/projects/${params.projectId.trim()}/domains${qs ? `?${qs}` : ''}`
+    },
+    method: 'POST',
+    headers: (params: VercelAddProjectDomainParams) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+    body: (params: VercelAddProjectDomainParams) => {
+      const body: Record<string, unknown> = { name: params.domain.trim() }
+      if (params.redirect) body.redirect = params.redirect.trim()
+      if (params.redirectStatusCode) body.redirectStatusCode = params.redirectStatusCode
+      if (params.gitBranch) body.gitBranch = params.gitBranch.trim()
+      return body
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+    return {
+      success: true,
+      output: {
+        name: data.name,
+        apexName: data.apexName,
+        verified: data.verified,
+        gitBranch: data.gitBranch ?? null,
+        redirect: data.redirect ?? null,
+        redirectStatusCode: data.redirectStatusCode ?? null,
+        createdAt: data.createdAt,
+        updatedAt: data.updatedAt,
+      },
+    }
+  },
+
+  outputs: {
+    name: { type: 'string', description: 'Domain name' },
+    apexName: { type: 'string', description: 'Apex domain name' },
+    verified: { type: 'boolean', description: 'Whether the domain is verified' },
+    gitBranch: { type: 'string', description: 'Git branch for the domain', optional: true },
+    redirect: { type: 'string', description: 'Redirect target domain', optional: true },
+    redirectStatusCode: {
+      type: 'number',
+      description: 'HTTP status code for redirect (301, 302, 307, 308)',
+      optional: true,
+    },
+    createdAt: { type: 'number', description: 'Creation timestamp' },
+    updatedAt: { type: 'number', description: 'Last updated timestamp' },
+  },
+}

apps/sim/tools/vercel/cancel_deployment.ts

@@ -0,0 +1,83 @@
+import type { ToolConfig } from '@/tools/types'
+import type {
+  VercelCancelDeploymentParams,
+  VercelCancelDeploymentResponse,
+} from '@/tools/vercel/types'
+
+export const vercelCancelDeploymentTool: ToolConfig<
+  VercelCancelDeploymentParams,
+  VercelCancelDeploymentResponse
+> = {
+  id: 'vercel_cancel_deployment',
+  name: 'Vercel Cancel Deployment',
+  description: 'Cancel a running Vercel deployment',
+  version: '1.0.0',
+
+  params: {
+    apiKey: {
+      type: 'string',
+      required: true,
+      visibility: 'user-only',
+      description: 'Vercel Access Token',
+    },
+    deploymentId: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'The deployment ID to cancel',
+    },
+    teamId: {
+      type: 'string',
+      required: false,
+      visibility: 'user-or-llm',
+      description: 'Team ID to scope the request',
+    },
+  },
+
+  request: {
+    url: (params: VercelCancelDeploymentParams) => {
+      const query = new URLSearchParams()
+      if (params.teamId) query.set('teamId', params.teamId.trim())
+      const qs = query.toString()
+      return `https://api.vercel.com/v12/deployments/${params.deploymentId.trim()}/cancel${qs ? `?${qs}` : ''}`
+    },
+    method: 'PATCH',
+    headers: (params: VercelCancelDeploymentParams) => ({
+      Authorization: `Bearer ${params.apiKey}`,
+      'Content-Type': 'application/json',
+    }),
+  },
+
+  transformResponse: async (response: Response) => {
+    const data = await response.json()
+
+    return {
+      success: true,
+      output: {
+        id: data.id ?? data.uid,
+        name: data.name ?? null,
+        state: data.readyState ?? data.state ?? 'CANCELED',
+        url: data.url ?? null,
+      },
+    }
+  },
+
+  outputs: {
+    id: {
+      type: 'string',
+      description: 'Deployment ID',
+    },
+    name: {
+      type: 'string',
+      description: 'Deployment name',
+    },
+    state: {
+      type: 'string',
+      description: 'Deployment state after cancellation',
+    },
+    url: {
+      type: 'string',
+      description: 'Deployment URL',
+    },
+  },
+}