Fix

apps/sim/app/api/auth/oauth/utils.test.ts

@@ -4,10 +4,20 @@
  * @vitest-environment node
  */
 
-import { databaseMock, loggerMock } from '@sim/testing'
+import { loggerMock } from '@sim/testing'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
-vi.mock('@sim/db', () => databaseMock)
+vi.mock('@sim/db', () => ({
+  db: {
+    select: vi.fn().mockReturnThis(),
+    from: vi.fn().mockReturnThis(),
+    where: vi.fn().mockReturnThis(),
+    limit: vi.fn().mockReturnValue([]),
+    update: vi.fn().mockReturnThis(),
+    set: vi.fn().mockReturnThis(),
+    orderBy: vi.fn().mockReturnThis(),
+  },
+}))
 
 vi.mock('@/lib/oauth/oauth', () => ({
   refreshOAuthToken: vi.fn(),
@@ -24,36 +34,13 @@ import {
   refreshTokenIfNeeded,
 } from '@/app/api/auth/oauth/utils'
 
-const mockDb = db as any
+const mockDbTyped = db as any
 const mockRefreshOAuthToken = refreshOAuthToken as any
 
-/**
- * Creates a chainable mock for db.select() calls.
- * Returns a nested chain: select() -> from() -> where() -> limit() / orderBy()
- */
-function mockSelectChain(limitResult: unknown[]) {
-  const mockLimit = vi.fn().mockReturnValue(limitResult)
-  const mockOrderBy = vi.fn().mockReturnValue(limitResult)
-  const mockWhere = vi.fn().mockReturnValue({ limit: mockLimit, orderBy: mockOrderBy })
-  const mockFrom = vi.fn().mockReturnValue({ where: mockWhere })
-  mockDb.select.mockReturnValueOnce({ from: mockFrom })
-  return { mockFrom, mockWhere, mockLimit }
-}
-
-/**
- * Creates a chainable mock for db.update() calls.
- * Returns a nested chain: update() -> set() -> where()
- */
-function mockUpdateChain() {
-  const mockWhere = vi.fn().mockResolvedValue({})
-  const mockSet = vi.fn().mockReturnValue({ where: mockWhere })
-  mockDb.update.mockReturnValueOnce({ set: mockSet })
-  return { mockSet, mockWhere }
-}
-
 describe('OAuth Utils', () => {
   beforeEach(() => {
     vi.clearAllMocks()
+    mockDbTyped.limit.mockReturnValue([])
   })
 
   afterEach(() => {
@@ -63,20 +50,20 @@ describe('OAuth Utils', () => {
   describe('getCredential', () => {
     it('should return credential when found', async () => {
       const mockCredential = { id: 'credential-id', userId: 'test-user-id' }
-      const { mockFrom, mockWhere, mockLimit } = mockSelectChain([mockCredential])
+      mockDbTyped.limit.mockReturnValueOnce([mockCredential])
 
       const credential = await getCredential('request-id', 'credential-id', 'test-user-id')
 
-      expect(mockDb.select).toHaveBeenCalled()
+      expect(mockDbTyped.select).toHaveBeenCalled()
-      expect(mockFrom).toHaveBeenCalled()
+      expect(mockDbTyped.from).toHaveBeenCalled()
-      expect(mockWhere).toHaveBeenCalled()
+      expect(mockDbTyped.where).toHaveBeenCalled()
-      expect(mockLimit).toHaveBeenCalledWith(1)
+      expect(mockDbTyped.limit).toHaveBeenCalledWith(1)
 
       expect(credential).toEqual(mockCredential)
     })
 
     it('should return undefined when credential is not found', async () => {
-      mockSelectChain([])
+      mockDbTyped.limit.mockReturnValueOnce([])
 
       const credential = await getCredential('request-id', 'nonexistent-id', 'test-user-id')
 
@@ -115,12 +102,11 @@ describe('OAuth Utils', () => {
         refreshToken: 'new-refresh-token',
       })
 
-      mockUpdateChain()
-
       const result = await refreshTokenIfNeeded('request-id', mockCredential, 'credential-id')
 
       expect(mockRefreshOAuthToken).toHaveBeenCalledWith('google', 'refresh-token')
-      expect(mockDb.update).toHaveBeenCalled()
+      expect(mockDbTyped.update).toHaveBeenCalled()
+      expect(mockDbTyped.set).toHaveBeenCalled()
       expect(result).toEqual({ accessToken: 'new-token', refreshed: true })
     })
 
@@ -166,7 +152,7 @@ describe('OAuth Utils', () => {
         providerId: 'google',
         userId: 'test-user-id',
       }
-      mockSelectChain([mockCredential])
+      mockDbTyped.limit.mockReturnValueOnce([mockCredential])
 
       const token = await refreshAccessTokenIfNeeded('credential-id', 'test-user-id', 'request-id')
 
@@ -183,8 +169,7 @@ describe('OAuth Utils', () => {
         providerId: 'google',
         userId: 'test-user-id',
       }
-      mockSelectChain([mockCredential])
+      mockDbTyped.limit.mockReturnValueOnce([mockCredential])
-      mockUpdateChain()
 
       mockRefreshOAuthToken.mockResolvedValueOnce({
         accessToken: 'new-token',
@@ -195,12 +180,13 @@ describe('OAuth Utils', () => {
       const token = await refreshAccessTokenIfNeeded('credential-id', 'test-user-id', 'request-id')
 
       expect(mockRefreshOAuthToken).toHaveBeenCalledWith('google', 'refresh-token')
-      expect(mockDb.update).toHaveBeenCalled()
+      expect(mockDbTyped.update).toHaveBeenCalled()
+      expect(mockDbTyped.set).toHaveBeenCalled()
       expect(token).toBe('new-token')
     })
 
     it('should return null if credential not found', async () => {
-      mockSelectChain([])
+      mockDbTyped.limit.mockReturnValueOnce([])
 
       const token = await refreshAccessTokenIfNeeded('nonexistent-id', 'test-user-id', 'request-id')
 
@@ -216,7 +202,7 @@ describe('OAuth Utils', () => {
         providerId: 'google',
         userId: 'test-user-id',
       }
-      mockSelectChain([mockCredential])
+      mockDbTyped.limit.mockReturnValueOnce([mockCredential])
 
       mockRefreshOAuthToken.mockResolvedValueOnce(null)
 

apps/sim/app/api/knowledge/search/utils.test.ts

@@ -4,12 +4,16 @@
  *
  * @vitest-environment node
  */
-import { createEnvMock, databaseMock, loggerMock } from '@sim/testing'
+import { createEnvMock, createMockLogger } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
+const loggerMock = vi.hoisted(() => ({
+  createLogger: () => createMockLogger(),
+}))
+
 vi.mock('drizzle-orm')
 vi.mock('@sim/logger', () => loggerMock)
-vi.mock('@sim/db', () => databaseMock)
+vi.mock('@sim/db')
 vi.mock('@/lib/knowledge/documents/utils', () => ({
   retryWithExponentialBackoff: (fn: any) => fn(),
 }))

apps/sim/app/api/schedules/[id]/route.test.ts

@@ -3,14 +3,17 @@
  *
  * @vitest-environment node
  */
-import { databaseMock, loggerMock } from '@sim/testing'
+import { loggerMock } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
-const { mockGetSession, mockAuthorizeWorkflowByWorkspacePermission } = vi.hoisted(() => ({
+const { mockGetSession, mockAuthorizeWorkflowByWorkspacePermission, mockDbSelect, mockDbUpdate } =
-  mockGetSession: vi.fn(),
+  vi.hoisted(() => ({
-  mockAuthorizeWorkflowByWorkspacePermission: vi.fn(),
+    mockGetSession: vi.fn(),
-}))
+    mockAuthorizeWorkflowByWorkspacePermission: vi.fn(),
+    mockDbSelect: vi.fn(),
+    mockDbUpdate: vi.fn(),
+  }))
 
 vi.mock('@/lib/auth', () => ({
   getSession: mockGetSession,
@@ -20,7 +23,12 @@ vi.mock('@/lib/workflows/utils', () => ({
   authorizeWorkflowByWorkspacePermission: mockAuthorizeWorkflowByWorkspacePermission,
 }))
 
-vi.mock('@sim/db', () => databaseMock)
+vi.mock('@sim/db', () => ({
+  db: {
+    select: mockDbSelect,
+    update: mockDbUpdate,
+  },
+}))
 
 vi.mock('@sim/db/schema', () => ({
   workflow: { id: 'id', userId: 'userId', workspaceId: 'workspaceId' },
@@ -51,9 +59,6 @@ function createParams(id: string): { params: Promise<{ id: string }> } {
   return { params: Promise.resolve({ id }) }
 }
 
-const mockDbSelect = databaseMock.db.select as ReturnType<typeof vi.fn>
-const mockDbUpdate = databaseMock.db.update as ReturnType<typeof vi.fn>
-
 function mockDbChain(selectResults: unknown[][]) {
   let selectCallIndex = 0
   mockDbSelect.mockImplementation(() => ({

apps/sim/app/api/schedules/route.test.ts

@@ -3,14 +3,17 @@
  *
  * @vitest-environment node
  */
-import { databaseMock, loggerMock } from '@sim/testing'
+import { loggerMock } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
-const { mockGetSession, mockAuthorizeWorkflowByWorkspacePermission } = vi.hoisted(() => ({
+const { mockGetSession, mockAuthorizeWorkflowByWorkspacePermission, mockDbSelect } = vi.hoisted(
-  mockGetSession: vi.fn(),
+  () => ({
-  mockAuthorizeWorkflowByWorkspacePermission: vi.fn(),
+    mockGetSession: vi.fn(),
-}))
+    mockAuthorizeWorkflowByWorkspacePermission: vi.fn(),
+    mockDbSelect: vi.fn(),
+  })
+)
 
 vi.mock('@/lib/auth', () => ({
   getSession: mockGetSession,
@@ -20,7 +23,11 @@ vi.mock('@/lib/workflows/utils', () => ({
   authorizeWorkflowByWorkspacePermission: mockAuthorizeWorkflowByWorkspacePermission,
 }))
 
-vi.mock('@sim/db', () => databaseMock)
+vi.mock('@sim/db', () => ({
+  db: {
+    select: mockDbSelect,
+  },
+}))
 
 vi.mock('@sim/db/schema', () => ({
   workflow: { id: 'id', userId: 'userId', workspaceId: 'workspaceId' },
@@ -55,8 +62,6 @@ function createRequest(url: string): NextRequest {
   return new NextRequest(new URL(url), { method: 'GET' })
 }
 
-const mockDbSelect = databaseMock.db.select as ReturnType<typeof vi.fn>
-
 function mockDbChain(results: any[]) {
   let callIndex = 0
   mockDbSelect.mockImplementation(() => ({

apps/sim/app/api/workflows/[id]/route.test.ts

@@ -5,7 +5,7 @@
  * @vitest-environment node
  */
 
-import { loggerMock, setupGlobalFetchMock } from '@sim/testing'
+import { loggerMock } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
@@ -284,7 +284,9 @@ describe('Workflow By ID API Route', () => {
         where: vi.fn().mockResolvedValue([{ id: 'workflow-123' }]),
       })
 
-      setupGlobalFetchMock({ ok: true })
+      global.fetch = vi.fn().mockResolvedValue({
+        ok: true,
+      })
 
       const req = new NextRequest('http://localhost:3000/api/workflows/workflow-123', {
         method: 'DELETE',
@@ -329,7 +331,9 @@ describe('Workflow By ID API Route', () => {
         where: vi.fn().mockResolvedValue([{ id: 'workflow-123' }]),
       })
 
-      setupGlobalFetchMock({ ok: true })
+      global.fetch = vi.fn().mockResolvedValue({
+        ok: true,
+      })
 
       const req = new NextRequest('http://localhost:3000/api/workflows/workflow-123', {
         method: 'DELETE',

apps/sim/app/api/workspaces/[id]/byok-keys/route.ts

@@ -12,7 +12,7 @@ import { getUserEntityPermissions, getWorkspaceById } from '@/lib/workspaces/per
 
 const logger = createLogger('WorkspaceBYOKKeysAPI')
 
-const VALID_PROVIDERS = ['openai', 'anthropic', 'google', 'mistral', 'exa'] as const
+const VALID_PROVIDERS = ['openai', 'anthropic', 'google', 'mistral'] as const
 
 const UpsertKeySchema = z.object({
   providerId: z.enum(VALID_PROVIDERS),

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts

@@ -3,7 +3,6 @@ import {
   buildCanonicalIndex,
   evaluateSubBlockCondition,
   isSubBlockFeatureEnabled,
-  isSubBlockHiddenByHostedKey,
   isSubBlockVisibleForMode,
 } from '@/lib/workflows/subblocks/visibility'
 import type { BlockConfig, SubBlockConfig, SubBlockType } from '@/blocks/types'
@@ -109,9 +108,6 @@ export function useEditorSubblockLayout(
       // Check required feature if specified - declarative feature gating
       if (!isSubBlockFeatureEnabled(block)) return false
 
-      // Hide tool API key fields when hosted key is available
-      if (isSubBlockHiddenByHostedKey(block)) return false
-
       // Special handling for trigger-config type (legacy trigger configuration UI)
       if (block.type === ('trigger-config' as SubBlockType)) {
         const isPureTriggerBlock = config?.triggers?.enabled && config.category === 'triggers'

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx

@@ -15,7 +15,6 @@ import {
   evaluateSubBlockCondition,
   hasAdvancedValues,
   isSubBlockFeatureEnabled,
-  isSubBlockHiddenByHostedKey,
   isSubBlockVisibleForMode,
   resolveDependencyValue,
 } from '@/lib/workflows/subblocks/visibility'
@@ -829,7 +828,6 @@ export const WorkflowBlock = memo(function WorkflowBlock({
       if (block.hidden) return false
       if (block.hideFromPreview) return false
       if (!isSubBlockFeatureEnabled(block)) return false
-      if (isSubBlockHiddenByHostedKey(block)) return false
 
       const isPureTriggerBlock = config?.triggers?.enabled && config.category === 'triggers'
 

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx

@@ -13,15 +13,15 @@ import {
   ModalFooter,
   ModalHeader,
 } from '@/components/emcn'
-import { AnthropicIcon, ExaAIIcon, GeminiIcon, MistralIcon, OpenAIIcon } from '@/components/icons'
+import { AnthropicIcon, GeminiIcon, MistralIcon, OpenAIIcon } from '@/components/icons'
 import { Skeleton } from '@/components/ui'
 import {
   type BYOKKey,
+  type BYOKProviderId,
   useBYOKKeys,
   useDeleteBYOKKey,
   useUpsertBYOKKey,
 } from '@/hooks/queries/byok-keys'
-import type { BYOKProviderId } from '@/tools/types'
 
 const logger = createLogger('BYOKSettings')
 
@@ -60,13 +60,6 @@ const PROVIDERS: {
     description: 'LLM calls and Knowledge Base OCR',
     placeholder: 'Enter your API key',
   },
-  {
-    id: 'exa',
-    name: 'Exa',
-    icon: ExaAIIcon,
-    description: 'AI-powered search and research',
-    placeholder: 'Enter your Exa API key',
-  },
 ]
 
 function BYOKKeySkeleton() {

apps/sim/blocks/blocks/exa.ts

@@ -297,7 +297,6 @@ export const ExaBlock: BlockConfig<ExaResponse> = {
       placeholder: 'Enter your Exa API key',
       password: true,
       required: true,
-      hideWhenHosted: true,
     },
   ],
   tools: {

apps/sim/blocks/blocks/s3.ts

@@ -58,16 +58,6 @@ export const S3Block: BlockConfig<S3Response> = {
       },
       required: true,
     },
-    {
-      id: 'getObjectRegion',
-      title: 'AWS Region',
-      type: 'short-input',
-      placeholder: 'Used when S3 URL does not include region',
-      condition: {
-        field: 'operation',
-        value: ['get_object'],
-      },
-    },
     {
       id: 'bucketName',
       title: 'Bucket Name',
@@ -301,11 +291,34 @@ export const S3Block: BlockConfig<S3Response> = {
             if (!params.s3Uri) {
               throw new Error('S3 Object URL is required')
             }
-            return {
+
-              accessKeyId: params.accessKeyId,
+            // Parse S3 URI for get_object
-              secretAccessKey: params.secretAccessKey,
+            try {
-              region: params.getObjectRegion || params.region,
+              const url = new URL(params.s3Uri)
-              s3Uri: params.s3Uri,
+              const hostname = url.hostname
+              const bucketName = hostname.split('.')[0]
+              const regionMatch = hostname.match(/s3[.-]([^.]+)\.amazonaws\.com/)
+              const region = regionMatch ? regionMatch[1] : params.region
+              const objectKey = url.pathname.startsWith('/')
+                ? url.pathname.substring(1)
+                : url.pathname
+
+              if (!bucketName || !objectKey) {
+                throw new Error('Could not parse S3 URL')
+              }
+
+              return {
+                accessKeyId: params.accessKeyId,
+                secretAccessKey: params.secretAccessKey,
+                region,
+                bucketName,
+                objectKey,
+                s3Uri: params.s3Uri,
+              }
+            } catch (_error) {
+              throw new Error(
+                'Invalid S3 Object URL format. Expected: https://bucket-name.s3.region.amazonaws.com/path/to/file'
+              )
             }
           }
 
@@ -388,7 +401,6 @@ export const S3Block: BlockConfig<S3Response> = {
     acl: { type: 'string', description: 'Access control list' },
     // Download inputs
     s3Uri: { type: 'string', description: 'S3 object URL' },
-    getObjectRegion: { type: 'string', description: 'Optional AWS region override for downloads' },
     // List inputs
     prefix: { type: 'string', description: 'Prefix filter' },
     maxKeys: { type: 'number', description: 'Maximum results' },

apps/sim/blocks/types.ts

@@ -243,7 +243,6 @@ export interface SubBlockConfig {
   hidden?: boolean
   hideFromPreview?: boolean // Hide this subblock from the workflow block preview
   requiresFeature?: string // Environment variable name that must be truthy for this subblock to be visible
-  hideWhenHosted?: boolean // Hide this subblock when running on hosted sim
   description?: string
   tooltip?: string // Tooltip text displayed via info icon next to the title
   value?: (params: Record<string, any>) => string

apps/sim/executor/handlers/agent/agent-handler.test.ts

@@ -1,4 +1,3 @@
-import { setupGlobalFetchMock } from '@sim/testing'
 import { afterEach, beforeEach, describe, expect, it, type Mock, vi } from 'vitest'
 import { getAllBlocks } from '@/blocks'
 import { BlockType, isMcpTool } from '@/executor/constants'
@@ -62,30 +61,6 @@ vi.mock('@/providers', () => ({
   }),
 }))
 
-vi.mock('@/executor/utils/http', () => ({
-  buildAuthHeaders: vi.fn().mockResolvedValue({ 'Content-Type': 'application/json' }),
-  buildAPIUrl: vi.fn((path: string, params?: Record<string, string>) => {
-    const url = new URL(path, 'http://localhost:3000')
-    if (params) {
-      for (const [key, value] of Object.entries(params)) {
-        if (value !== undefined && value !== null) {
-          url.searchParams.set(key, value)
-        }
-      }
-    }
-    return url
-  }),
-  extractAPIErrorMessage: vi.fn(async (response: Response) => {
-    const defaultMessage = `API request failed with status ${response.status}`
-    try {
-      const errorData = await response.json()
-      return errorData.error || defaultMessage
-    } catch {
-      return defaultMessage
-    }
-  }),
-}))
-
 vi.mock('@sim/db', () => ({
   db: {
     select: vi.fn().mockReturnValue({
@@ -109,7 +84,7 @@ vi.mock('@sim/db/schema', () => ({
   },
 }))
 
-setupGlobalFetchMock()
+global.fetch = Object.assign(vi.fn(), { preconnect: vi.fn() }) as typeof fetch
 
 const mockGetAllBlocks = getAllBlocks as Mock
 const mockExecuteTool = executeTool as Mock
@@ -1926,301 +1901,5 @@ describe('AgentBlockHandler', () => {
 
       expect(discoveryCalls[0].url).toContain('serverId=mcp-legacy-server')
     })
-
-    describe('customToolId resolution - DB as source of truth', () => {
-      const staleInlineSchema = {
-        function: {
-          name: 'formatReport',
-          description: 'Formats a report',
-          parameters: {
-            type: 'object',
-            properties: {
-              title: { type: 'string', description: 'Report title' },
-              content: { type: 'string', description: 'Report content' },
-            },
-            required: ['title', 'content'],
-          },
-        },
-      }
-
-      const dbSchema = {
-        function: {
-          name: 'formatReport',
-          description: 'Formats a report',
-          parameters: {
-            type: 'object',
-            properties: {
-              title: { type: 'string', description: 'Report title' },
-              content: { type: 'string', description: 'Report content' },
-              format: { type: 'string', description: 'Output format' },
-            },
-            required: ['title', 'content', 'format'],
-          },
-        },
-      }
-
-      const staleInlineCode = 'return { title, content };'
-      const dbCode = 'return { title, content, format };'
-
-      function mockFetchForCustomTool(toolId: string) {
-        mockFetch.mockImplementation((url: string) => {
-          if (typeof url === 'string' && url.includes('/api/tools/custom')) {
-            return Promise.resolve({
-              ok: true,
-              headers: { get: () => null },
-              json: () =>
-                Promise.resolve({
-                  data: [
-                    {
-                      id: toolId,
-                      title: 'formatReport',
-                      schema: dbSchema,
-                      code: dbCode,
-                    },
-                  ],
-                }),
-            })
-          }
-          return Promise.resolve({
-            ok: true,
-            headers: { get: () => null },
-            json: () => Promise.resolve({}),
-          })
-        })
-      }
-
-      function mockFetchFailure() {
-        mockFetch.mockImplementation((url: string) => {
-          if (typeof url === 'string' && url.includes('/api/tools/custom')) {
-            return Promise.resolve({
-              ok: false,
-              status: 500,
-              headers: { get: () => null },
-              json: () => Promise.resolve({}),
-            })
-          }
-          return Promise.resolve({
-            ok: true,
-            headers: { get: () => null },
-            json: () => Promise.resolve({}),
-          })
-        })
-      }
-
-      beforeEach(() => {
-        Object.defineProperty(global, 'window', {
-          value: undefined,
-          writable: true,
-          configurable: true,
-        })
-      })
-
-      it('should always fetch latest schema from DB when customToolId is present', async () => {
-        const toolId = 'custom-tool-123'
-        mockFetchForCustomTool(toolId)
-
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Format a report',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              customToolId: toolId,
-              title: 'formatReport',
-              schema: staleInlineSchema,
-              code: staleInlineCode,
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        expect(mockExecuteProviderRequest).toHaveBeenCalled()
-        const providerCall = mockExecuteProviderRequest.mock.calls[0]
-        const tools = providerCall[1].tools
-
-        expect(tools.length).toBe(1)
-        // DB schema wins over stale inline — includes format param
-        expect(tools[0].parameters.required).toContain('format')
-        expect(tools[0].parameters.properties).toHaveProperty('format')
-      })
-
-      it('should fetch from DB when customToolId has no inline schema', async () => {
-        const toolId = 'custom-tool-123'
-        mockFetchForCustomTool(toolId)
-
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Format a report',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              customToolId: toolId,
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        expect(mockExecuteProviderRequest).toHaveBeenCalled()
-        const providerCall = mockExecuteProviderRequest.mock.calls[0]
-        const tools = providerCall[1].tools
-
-        expect(tools.length).toBe(1)
-        expect(tools[0].name).toBe('formatReport')
-        expect(tools[0].parameters.required).toContain('format')
-      })
-
-      it('should fall back to inline schema when DB fetch fails and inline exists', async () => {
-        mockFetchFailure()
-
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Format a report',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              customToolId: 'custom-tool-123',
-              title: 'formatReport',
-              schema: staleInlineSchema,
-              code: staleInlineCode,
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        expect(mockExecuteProviderRequest).toHaveBeenCalled()
-        const providerCall = mockExecuteProviderRequest.mock.calls[0]
-        const tools = providerCall[1].tools
-
-        expect(tools.length).toBe(1)
-        expect(tools[0].name).toBe('formatReport')
-        expect(tools[0].parameters.required).not.toContain('format')
-      })
-
-      it('should return null when DB fetch fails and no inline schema exists', async () => {
-        mockFetchFailure()
-
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Format a report',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              customToolId: 'custom-tool-123',
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        expect(mockExecuteProviderRequest).toHaveBeenCalled()
-        const providerCall = mockExecuteProviderRequest.mock.calls[0]
-        const tools = providerCall[1].tools
-
-        expect(tools.length).toBe(0)
-      })
-
-      it('should use DB code for executeFunction when customToolId resolves', async () => {
-        const toolId = 'custom-tool-123'
-        mockFetchForCustomTool(toolId)
-
-        let capturedTools: any[] = []
-        Promise.all = vi.fn().mockImplementation((promises: Promise<any>[]) => {
-          const result = originalPromiseAll.call(Promise, promises)
-          result.then((tools: any[]) => {
-            if (tools?.length) {
-              capturedTools = tools.filter((t) => t !== null)
-            }
-          })
-          return result
-        })
-
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Format a report',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              customToolId: toolId,
-              title: 'formatReport',
-              schema: staleInlineSchema,
-              code: staleInlineCode,
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        expect(capturedTools.length).toBe(1)
-        expect(typeof capturedTools[0].executeFunction).toBe('function')
-
-        await capturedTools[0].executeFunction({ title: 'Q1', format: 'pdf' })
-
-        expect(mockExecuteTool).toHaveBeenCalledWith(
-          'function_execute',
-          expect.objectContaining({
-            code: dbCode,
-          }),
-          false,
-          expect.any(Object)
-        )
-      })
-
-      it('should not fetch from DB when no customToolId is present', async () => {
-        const inputs = {
-          model: 'gpt-4o',
-          userPrompt: 'Use the tool',
-          apiKey: 'test-api-key',
-          tools: [
-            {
-              type: 'custom-tool',
-              title: 'formatReport',
-              schema: staleInlineSchema,
-              code: staleInlineCode,
-              usageControl: 'auto' as const,
-            },
-          ],
-        }
-
-        mockGetProviderFromModel.mockReturnValue('openai')
-
-        await handler.execute(mockContext, mockBlock, inputs)
-
-        const customToolFetches = mockFetch.mock.calls.filter(
-          (call: any[]) => typeof call[0] === 'string' && call[0].includes('/api/tools/custom')
-        )
-        expect(customToolFetches.length).toBe(0)
-
-        expect(mockExecuteProviderRequest).toHaveBeenCalled()
-        const providerCall = mockExecuteProviderRequest.mock.calls[0]
-        const tools = providerCall[1].tools
-
-        expect(tools.length).toBe(1)
-        expect(tools[0].name).toBe('formatReport')
-        expect(tools[0].parameters.required).not.toContain('format')
-      })
-    })
   })
 })

apps/sim/executor/handlers/agent/agent-handler.ts

@@ -272,16 +272,15 @@ export class AgentBlockHandler implements BlockHandler {
     let code = tool.code
     let title = tool.title
 
-    if (tool.customToolId) {
+    if (tool.customToolId && !schema) {
       const resolved = await this.fetchCustomToolById(ctx, tool.customToolId)
-      if (resolved) {
+      if (!resolved) {
-        schema = resolved.schema
-        code = resolved.code
-        title = resolved.title
-      } else if (!schema) {
         logger.error(`Custom tool not found: ${tool.customToolId}`)
         return null
       }
+      schema = resolved.schema
+      code = resolved.code
+      title = resolved.title
     }
 
     if (!schema?.function) {

apps/sim/executor/handlers/generic/generic-handler.ts

@@ -97,7 +97,27 @@ export class GenericBlockHandler implements BlockHandler {
         throw error
       }
 
-      return result.output
+      const output = result.output
+      let cost = null
+
+      if (output?.cost) {
+        cost = output.cost
+      }
+
+      if (cost) {
+        return {
+          ...output,
+          cost: {
+            input: cost.input,
+            output: cost.output,
+            total: cost.total,
+          },
+          tokens: cost.tokens,
+          model: cost.model,
+        }
+      }
+
+      return output
     } catch (error: any) {
       if (!error.message || error.message === 'undefined (undefined)') {
         let errorMessage = `Block execution of ${tool?.name || block.config.tool} failed`

apps/sim/executor/handlers/workflow/workflow-handler.test.ts

@@ -1,4 +1,3 @@
-import { setupGlobalFetchMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, type Mock, vi } from 'vitest'
 import { BlockType } from '@/executor/constants'
 import { WorkflowBlockHandler } from '@/executor/handlers/workflow/workflow-handler'
@@ -10,7 +9,7 @@ vi.mock('@/lib/auth/internal', () => ({
 }))
 
 // Mock fetch globally
-setupGlobalFetchMock()
+global.fetch = vi.fn()
 
 describe('WorkflowBlockHandler', () => {
   let handler: WorkflowBlockHandler

apps/sim/hooks/queries/byok-keys.ts

@@ -1,10 +1,11 @@
 import { createLogger } from '@sim/logger'
 import { keepPreviousData, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { API_ENDPOINTS } from '@/stores/constants'
-import type { BYOKProviderId } from '@/tools/types'
 
 const logger = createLogger('BYOKKeysQueries')
 
+export type BYOKProviderId = 'openai' | 'anthropic' | 'google' | 'mistral'
+
 export interface BYOKKey {
   id: string
   providerId: BYOKProviderId

apps/sim/lib/api-key/byok.ts

@@ -7,10 +7,11 @@ import { isHosted } from '@/lib/core/config/feature-flags'
 import { decryptSecret } from '@/lib/core/security/encryption'
 import { getHostedModels } from '@/providers/models'
 import { useProvidersStore } from '@/stores/providers/store'
-import type { BYOKProviderId } from '@/tools/types'
 
 const logger = createLogger('BYOKKeys')
 
+export type BYOKProviderId = 'openai' | 'anthropic' | 'google' | 'mistral'
+
 export interface BYOKKeyResult {
   apiKey: string
   isBYOK: true

apps/sim/lib/billing/core/usage-log.ts

@@ -25,9 +25,9 @@ export interface ModelUsageMetadata {
 }
 
 /**
- * Metadata for 'fixed' category charges (e.g., tool cost breakdown)
+ * Metadata for 'fixed' category charges (currently empty, extensible)
  */
-export type FixedUsageMetadata = Record<string, unknown>
+export type FixedUsageMetadata = Record<string, never>
 
 /**
  * Union type for all metadata types
@@ -60,8 +60,6 @@ export interface LogFixedUsageParams {
   workspaceId?: string
   workflowId?: string
   executionId?: string
-  /** Optional metadata (e.g., tool cost breakdown from API) */
-  metadata?: FixedUsageMetadata
 }
 
 /**
@@ -121,7 +119,7 @@ export async function logFixedUsage(params: LogFixedUsageParams): Promise<void>
       category: 'fixed',
       source: params.source,
       description: params.description,
-      metadata: params.metadata ?? null,
+      metadata: null,
       cost: params.cost.toString(),
       workspaceId: params.workspaceId ?? null,
       workflowId: params.workflowId ?? null,

apps/sim/lib/core/telemetry.ts

@@ -934,31 +934,6 @@ export const PlatformEvents = {
     })
   },
 
-  /**
-   * Track hosted key throttled (rate limited)
-   */
-  hostedKeyThrottled: (attrs: {
-    toolId: string
-    envVarName: string
-    attempt: number
-    maxRetries: number
-    delayMs: number
-    userId?: string
-    workspaceId?: string
-    workflowId?: string
-  }) => {
-    trackPlatformEvent('platform.hosted_key.throttled', {
-      'tool.id': attrs.toolId,
-      'hosted_key.env_var': attrs.envVarName,
-      'throttle.attempt': attrs.attempt,
-      'throttle.max_retries': attrs.maxRetries,
-      'throttle.delay_ms': attrs.delayMs,
-      ...(attrs.userId && { 'user.id': attrs.userId }),
-      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
-      ...(attrs.workflowId && { 'workflow.id': attrs.workflowId }),
-    })
-  },
-
   /**
    * Track chat deployed (workflow deployed as chat interface)
    */

apps/sim/lib/messaging/email/mailer.test.ts

@@ -1,4 +1,4 @@
-import { createEnvMock, loggerMock } from '@sim/testing'
+import { createEnvMock, createMockLogger } from '@sim/testing'
 import { beforeEach, describe, expect, it, type Mock, vi } from 'vitest'
 
 /**
@@ -10,6 +10,10 @@ import { beforeEach, describe, expect, it, type Mock, vi } from 'vitest'
  * mock functions can intercept.
  */
 
+const loggerMock = vi.hoisted(() => ({
+  createLogger: () => createMockLogger(),
+}))
+
 const mockSend = vi.fn()
 const mockBatchSend = vi.fn()
 const mockAzureBeginSend = vi.fn()

apps/sim/lib/messaging/email/unsubscribe.test.ts

@@ -1,8 +1,20 @@
-import { createEnvMock, databaseMock, loggerMock } from '@sim/testing'
+import { createEnvMock, createMockLogger } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 import type { EmailType } from '@/lib/messaging/email/mailer'
 
-vi.mock('@sim/db', () => databaseMock)
+const loggerMock = vi.hoisted(() => ({
+  createLogger: () => createMockLogger(),
+}))
+
+const mockDb = vi.hoisted(() => ({
+  select: vi.fn(),
+  insert: vi.fn(),
+  update: vi.fn(),
+}))
+
+vi.mock('@sim/db', () => ({
+  db: mockDb,
+}))
 
 vi.mock('@sim/db/schema', () => ({
   user: { id: 'id', email: 'email' },
@@ -18,8 +30,6 @@ vi.mock('drizzle-orm', () => ({
   eq: vi.fn((a, b) => ({ type: 'eq', left: a, right: b })),
 }))
 
-const mockDb = databaseMock.db as Record<string, ReturnType<typeof vi.fn>>
-
 vi.mock('@/lib/core/config/env', () => createEnvMock({ BETTER_AUTH_SECRET: 'test-secret-key' }))
 
 vi.mock('@sim/logger', () => loggerMock)

apps/sim/lib/workflows/diff/diff-engine.test.ts

@@ -1,11 +1,18 @@
 /**
  * @vitest-environment node
  */
-import { loggerMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 import type { BlockState, WorkflowState } from '@/stores/workflows/workflow/types'
 
-vi.mock('@sim/logger', () => loggerMock)
+// Mock all external dependencies before imports
+vi.mock('@sim/logger', () => ({
+  createLogger: () => ({
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  }),
+}))
 
 vi.mock('@/stores/workflows/workflow/store', () => ({
   useWorkflowStore: {

apps/sim/lib/workflows/subblocks/visibility.ts

@@ -1,5 +1,4 @@
 import { getEnv, isTruthy } from '@/lib/core/config/env'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import type { SubBlockConfig } from '@/blocks/types'
 
 export type CanonicalMode = 'basic' | 'advanced'
@@ -271,12 +270,3 @@ export function isSubBlockFeatureEnabled(subBlock: SubBlockConfig): boolean {
   if (!subBlock.requiresFeature) return true
   return isTruthy(getEnv(subBlock.requiresFeature))
 }
-
-/**
- * Check if a subblock should be hidden because we're running on hosted Sim.
- * Used for tool API key fields that should be hidden when Sim provides hosted keys.
- */
-export function isSubBlockHiddenByHostedKey(subBlock: SubBlockConfig): boolean {
-  if (!subBlock.hideWhenHosted) return false
-  return isHosted
-}

apps/sim/lib/workflows/utils.test.ts

@@ -14,15 +14,22 @@ import {
   databaseMock,
   expectWorkflowAccessDenied,
   expectWorkflowAccessGranted,
-  mockAuth,
 } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
-const mockDb = databaseMock.db
+vi.mock('@sim/db', () => databaseMock)
+
+// Mock the auth module
+vi.mock('@/lib/auth', () => ({
+  getSession: vi.fn(),
+}))
+
+import { db } from '@sim/db'
+import { getSession } from '@/lib/auth'
+// Import after mocks are set up
+import { validateWorkflowPermissions } from '@/lib/workflows/utils'
 
 describe('validateWorkflowPermissions', () => {
-  const auth = mockAuth()
-
   const mockSession = createSession({ userId: 'user-1', email: 'user1@test.com' })
   const mockWorkflow = createWorkflowRecord({
     id: 'wf-1',
@@ -35,17 +42,13 @@ describe('validateWorkflowPermissions', () => {
   })
 
   beforeEach(() => {
-    vi.resetModules()
     vi.clearAllMocks()
-
-    vi.doMock('@sim/db', () => databaseMock)
   })
 
   describe('authentication', () => {
     it('should return 401 when no session exists', async () => {
-      auth.setUnauthenticated()
+      vi.mocked(getSession).mockResolvedValue(null)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 401)
@@ -53,9 +56,8 @@ describe('validateWorkflowPermissions', () => {
     })
 
     it('should return 401 when session has no user id', async () => {
-      auth.mockGetSession.mockResolvedValue({ user: {} } as any)
+      vi.mocked(getSession).mockResolvedValue({ user: {} } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 401)
@@ -64,14 +66,14 @@ describe('validateWorkflowPermissions', () => {
 
   describe('workflow not found', () => {
     it('should return 404 when workflow does not exist', async () => {
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
 
+      // Mock workflow query to return empty
       const mockLimit = vi.fn().mockResolvedValue([])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('non-existent', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 404)
@@ -81,42 +83,43 @@ describe('validateWorkflowPermissions', () => {
 
   describe('owner access', () => {
     it('should deny access to workflow owner without workspace permissions for read action', async () => {
-      auth.setAuthenticated({ id: 'owner-1', email: 'owner-1@test.com' })
+      const ownerSession = createSession({ userId: 'owner-1' })
+      vi.mocked(getSession).mockResolvedValue(ownerSession as any)
 
+      // Mock workflow query
       const mockLimit = vi.fn().mockResolvedValue([mockWorkflow])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 403)
     })
 
     it('should deny access to workflow owner without workspace permissions for write action', async () => {
-      auth.setAuthenticated({ id: 'owner-1', email: 'owner-1@test.com' })
+      const ownerSession = createSession({ userId: 'owner-1' })
+      vi.mocked(getSession).mockResolvedValue(ownerSession as any)
 
       const mockLimit = vi.fn().mockResolvedValue([mockWorkflow])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'write')
 
       expectWorkflowAccessDenied(result, 403)
     })
 
     it('should deny access to workflow owner without workspace permissions for admin action', async () => {
-      auth.setAuthenticated({ id: 'owner-1', email: 'owner-1@test.com' })
+      const ownerSession = createSession({ userId: 'owner-1' })
+      vi.mocked(getSession).mockResolvedValue(ownerSession as any)
 
       const mockLimit = vi.fn().mockResolvedValue([mockWorkflow])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'admin')
 
       expectWorkflowAccessDenied(result, 403)
@@ -125,10 +128,11 @@ describe('validateWorkflowPermissions', () => {
 
   describe('workspace member access with permissions', () => {
     beforeEach(() => {
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
     })
 
     it('should grant read access to user with read permission', async () => {
+      // First call: workflow query, second call: workspace owner, third call: permission
       let callCount = 0
       const mockLimit = vi.fn().mockImplementation(() => {
         callCount++
@@ -137,9 +141,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'read')
 
       expectWorkflowAccessGranted(result)
@@ -154,9 +157,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'write')
 
       expectWorkflowAccessDenied(result, 403)
@@ -172,9 +174,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'write')
 
       expectWorkflowAccessGranted(result)
@@ -189,9 +190,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'write')
 
       expectWorkflowAccessGranted(result)
@@ -206,9 +206,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'admin')
 
       expectWorkflowAccessDenied(result, 403)
@@ -224,9 +223,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'admin')
 
       expectWorkflowAccessGranted(result)
@@ -235,19 +233,18 @@ describe('validateWorkflowPermissions', () => {
 
   describe('no workspace permission', () => {
     it('should deny access to user without any workspace permission', async () => {
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
 
       let callCount = 0
       const mockLimit = vi.fn().mockImplementation(() => {
         callCount++
         if (callCount === 1) return Promise.resolve([mockWorkflow])
-        return Promise.resolve([])
+        return Promise.resolve([]) // No permission record
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 403)
@@ -262,14 +259,13 @@ describe('validateWorkflowPermissions', () => {
         workspaceId: null,
       })
 
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
 
       const mockLimit = vi.fn().mockResolvedValue([workflowWithoutWorkspace])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-2', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 403)
@@ -282,14 +278,13 @@ describe('validateWorkflowPermissions', () => {
         workspaceId: null,
       })
 
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
 
       const mockLimit = vi.fn().mockResolvedValue([workflowWithoutWorkspace])
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-2', 'req-1', 'read')
 
       expectWorkflowAccessDenied(result, 403)
@@ -298,7 +293,7 @@ describe('validateWorkflowPermissions', () => {
 
   describe('default action', () => {
     it('should default to read action when not specified', async () => {
-      auth.mockGetSession.mockResolvedValue(mockSession as any)
+      vi.mocked(getSession).mockResolvedValue(mockSession as any)
 
       let callCount = 0
       const mockLimit = vi.fn().mockImplementation(() => {
@@ -308,9 +303,8 @@ describe('validateWorkflowPermissions', () => {
       })
       const mockWhere = vi.fn(() => ({ limit: mockLimit }))
       const mockFrom = vi.fn(() => ({ where: mockWhere }))
-      vi.mocked(mockDb.select).mockReturnValue({ from: mockFrom } as any)
+      vi.mocked(db.select).mockReturnValue({ from: mockFrom } as any)
 
-      const { validateWorkflowPermissions } = await import('@/lib/workflows/utils')
       const result = await validateWorkflowPermissions('wf-1', 'req-1')
 
       expectWorkflowAccessGranted(result)

apps/sim/lib/workspaces/permissions/utils.test.ts

@@ -1,7 +1,17 @@
-import { databaseMock, drizzleOrmMock } from '@sim/testing'
+import { drizzleOrmMock } from '@sim/testing/mocks'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
-vi.mock('@sim/db', () => databaseMock)
+vi.mock('@sim/db', () => ({
+  db: {
+    select: vi.fn(),
+    from: vi.fn(),
+    where: vi.fn(),
+    limit: vi.fn(),
+    innerJoin: vi.fn(),
+    leftJoin: vi.fn(),
+    orderBy: vi.fn(),
+  },
+}))
 
 vi.mock('@sim/db/schema', () => ({
   permissions: {

apps/sim/serializer/index.ts

@@ -10,7 +10,6 @@ import {
   isCanonicalPair,
   isNonEmptyValue,
   isSubBlockFeatureEnabled,
-  isSubBlockHiddenByHostedKey,
   resolveCanonicalMode,
 } from '@/lib/workflows/subblocks/visibility'
 import { getBlock } from '@/blocks'
@@ -50,7 +49,6 @@ function shouldSerializeSubBlock(
   canonicalModeOverrides?: CanonicalModeOverrides
 ): boolean {
   if (!isSubBlockFeatureEnabled(subBlockConfig)) return false
-  if (isSubBlockHiddenByHostedKey(subBlockConfig)) return false
 
   if (subBlockConfig.mode === 'trigger') {
     if (!isTriggerContext && !isTriggerCategory) return false

apps/sim/tools/exa/answer.ts

@@ -1,9 +1,6 @@
-import { createLogger } from '@sim/logger'
 import type { ExaAnswerParams, ExaAnswerResponse } from '@/tools/exa/types'
 import type { ToolConfig } from '@/tools/types'
 
-const logger = createLogger('ExaAnswerTool')
-
 export const answerTool: ToolConfig<ExaAnswerParams, ExaAnswerResponse> = {
   id: 'exa_answer',
   name: 'Exa Answer',
@@ -30,23 +27,6 @@ export const answerTool: ToolConfig<ExaAnswerParams, ExaAnswerResponse> = {
       description: 'Exa AI API Key',
     },
   },
-  hosting: {
-    envKeys: ['EXA_API_KEY_1', 'EXA_API_KEY_2', 'EXA_API_KEY_3'],
-    apiKeyParam: 'apiKey',
-    byokProviderId: 'exa',
-    pricing: {
-      type: 'custom',
-      getCost: (_params, output) => {
-        // Use _costDollars from Exa API response (internal field, stripped from final output)
-        if (output._costDollars?.total) {
-          return { cost: output._costDollars.total, metadata: { costDollars: output._costDollars } }
-        }
-        // Fallback: $5/1000 requests
-        logger.warn('Exa answer response missing costDollars, using fallback pricing')
-        return 0.005
-      },
-    },
-  },
 
   request: {
     url: 'https://api.exa.ai/answer',
@@ -81,7 +61,6 @@ export const answerTool: ToolConfig<ExaAnswerParams, ExaAnswerResponse> = {
             url: citation.url,
             text: citation.text || '',
           })) || [],
-        _costDollars: data.costDollars,
       },
     }
   },

apps/sim/tools/exa/find_similar_links.ts

@@ -1,9 +1,6 @@
-import { createLogger } from '@sim/logger'
 import type { ExaFindSimilarLinksParams, ExaFindSimilarLinksResponse } from '@/tools/exa/types'
 import type { ToolConfig } from '@/tools/types'
 
-const logger = createLogger('ExaFindSimilarLinksTool')
-
 export const findSimilarLinksTool: ToolConfig<
   ExaFindSimilarLinksParams,
   ExaFindSimilarLinksResponse
@@ -79,24 +76,6 @@ export const findSimilarLinksTool: ToolConfig<
       description: 'Exa AI API Key',
     },
   },
-  hosting: {
-    envKeys: ['EXA_API_KEY_1', 'EXA_API_KEY_2', 'EXA_API_KEY_3'],
-    apiKeyParam: 'apiKey',
-    byokProviderId: 'exa',
-    pricing: {
-      type: 'custom',
-      getCost: (_params, output) => {
-        // Use _costDollars from Exa API response (internal field, stripped from final output)
-        if (output._costDollars?.total) {
-          return { cost: output._costDollars.total, metadata: { costDollars: output._costDollars } }
-        }
-        // Fallback: $5/1000 (1-25 results) or $25/1000 (26-100 results)
-        logger.warn('Exa find_similar_links response missing costDollars, using fallback pricing')
-        const resultCount = output.similarLinks?.length || 0
-        return resultCount <= 25 ? 0.005 : 0.025
-      },
-    },
-  },
 
   request: {
     url: 'https://api.exa.ai/findSimilar',
@@ -161,7 +140,6 @@ export const findSimilarLinksTool: ToolConfig<
           highlights: result.highlights,
           score: result.score || 0,
         })),
-        _costDollars: data.costDollars,
       },
     }
   },

apps/sim/tools/exa/get_contents.ts

@@ -1,9 +1,6 @@
-import { createLogger } from '@sim/logger'
 import type { ExaGetContentsParams, ExaGetContentsResponse } from '@/tools/exa/types'
 import type { ToolConfig } from '@/tools/types'
 
-const logger = createLogger('ExaGetContentsTool')
-
 export const getContentsTool: ToolConfig<ExaGetContentsParams, ExaGetContentsResponse> = {
   id: 'exa_get_contents',
   name: 'Exa Get Contents',
@@ -64,23 +61,6 @@ export const getContentsTool: ToolConfig<ExaGetContentsParams, ExaGetContentsRes
       description: 'Exa AI API Key',
     },
   },
-  hosting: {
-    envKeys: ['EXA_API_KEY_1', 'EXA_API_KEY_2', 'EXA_API_KEY_3'],
-    apiKeyParam: 'apiKey',
-    byokProviderId: 'exa',
-    pricing: {
-      type: 'custom',
-      getCost: (_params, output) => {
-        // Use _costDollars from Exa API response (internal field, stripped from final output)
-        if (output._costDollars?.total) {
-          return { cost: output._costDollars.total, metadata: { costDollars: output._costDollars } }
-        }
-        // Fallback: $1/1000 pages
-        logger.warn('Exa get_contents response missing costDollars, using fallback pricing')
-        return (output.results?.length || 0) * 0.001
-      },
-    },
-  },
 
   request: {
     url: 'https://api.exa.ai/contents',
@@ -152,7 +132,6 @@ export const getContentsTool: ToolConfig<ExaGetContentsParams, ExaGetContentsRes
           summary: result.summary || '',
           highlights: result.highlights,
         })),
-        _costDollars: data.costDollars,
       },
     }
   },

apps/sim/tools/exa/research.ts

@@ -34,25 +34,6 @@ export const researchTool: ToolConfig<ExaResearchParams, ExaResearchResponse> =
       description: 'Exa AI API Key',
     },
   },
-  hosting: {
-    envKeys: ['EXA_API_KEY_1', 'EXA_API_KEY_2', 'EXA_API_KEY_3'],
-    apiKeyParam: 'apiKey',
-    byokProviderId: 'exa',
-    pricing: {
-      type: 'custom',
-      getCost: (params, output) => {
-        // Use _costDollars from Exa API response (internal field, stripped from final output)
-        if (output._costDollars?.total) {
-          return { cost: output._costDollars.total, metadata: { costDollars: output._costDollars } }
-        }
-
-        // Fallback to estimate if cost not available
-        logger.warn('Exa research response missing costDollars, using fallback pricing')
-        const model = params.model || 'exa-research'
-        return model === 'exa-research-pro' ? 0.055 : 0.03
-      },
-    },
-  },
 
   request: {
     url: 'https://api.exa.ai/research/v1',
@@ -130,8 +111,6 @@ export const researchTool: ToolConfig<ExaResearchParams, ExaResearchResponse> =
                 score: 1.0,
               },
             ],
-            // Include cost breakdown for pricing calculation (internal field, stripped from final output)
-            _costDollars: taskData.costDollars,
           }
           return result
         }

apps/sim/tools/exa/search.ts

@@ -1,9 +1,6 @@
-import { createLogger } from '@sim/logger'
 import type { ExaSearchParams, ExaSearchResponse } from '@/tools/exa/types'
 import type { ToolConfig } from '@/tools/types'
 
-const logger = createLogger('ExaSearchTool')
-
 export const searchTool: ToolConfig<ExaSearchParams, ExaSearchResponse> = {
   id: 'exa_search',
   name: 'Exa Search',
@@ -89,29 +86,6 @@ export const searchTool: ToolConfig<ExaSearchParams, ExaSearchResponse> = {
       description: 'Exa AI API Key',
     },
   },
-  hosting: {
-    envKeys: ['EXA_API_KEY_1', 'EXA_API_KEY_2', 'EXA_API_KEY_3'],
-    apiKeyParam: 'apiKey',
-    byokProviderId: 'exa',
-    pricing: {
-      type: 'custom',
-      getCost: (params, output) => {
-        // Use _costDollars from Exa API response (internal field, stripped from final output)
-        if (output._costDollars?.total) {
-          return { cost: output._costDollars.total, metadata: { costDollars: output._costDollars } }
-        }
-
-        // Fallback: estimate based on search type and result count
-        logger.warn('Exa search response missing costDollars, using fallback pricing')
-        const isDeepSearch = params.type === 'neural'
-        if (isDeepSearch) {
-          return 0.015
-        }
-        const resultCount = output.results?.length || 0
-        return resultCount <= 25 ? 0.005 : 0.025
-      },
-    },
-  },
 
   request: {
     url: 'https://api.exa.ai/search',
@@ -193,7 +167,6 @@ export const searchTool: ToolConfig<ExaSearchParams, ExaSearchResponse> = {
           highlights: result.highlights,
           score: result.score,
         })),
-        _costDollars: data.costDollars,
       },
     }
   },

apps/sim/tools/exa/types.ts

@@ -6,11 +6,6 @@ export interface ExaBaseParams {
   apiKey: string
 }
 
-/** Cost breakdown returned by Exa API responses */
-export interface ExaCostDollars {
-  total: number
-}
-
 // Search tool types
 export interface ExaSearchParams extends ExaBaseParams {
   query: string
@@ -55,7 +50,6 @@ export interface ExaSearchResult {
 export interface ExaSearchResponse extends ToolResponse {
   output: {
     results: ExaSearchResult[]
-    costDollars?: ExaCostDollars
   }
 }
 
@@ -84,7 +78,6 @@ export interface ExaGetContentsResult {
 export interface ExaGetContentsResponse extends ToolResponse {
   output: {
     results: ExaGetContentsResult[]
-    costDollars?: ExaCostDollars
   }
 }
 
@@ -127,7 +120,6 @@ export interface ExaSimilarLink {
 export interface ExaFindSimilarLinksResponse extends ToolResponse {
   output: {
     similarLinks: ExaSimilarLink[]
-    costDollars?: ExaCostDollars
   }
 }
 
@@ -145,7 +137,6 @@ export interface ExaAnswerResponse extends ToolResponse {
       url: string
       text: string
     }[]
-    costDollars?: ExaCostDollars
   }
 }
 
@@ -167,7 +158,6 @@ export interface ExaResearchResponse extends ToolResponse {
       author?: string
       score: number
     }[]
-    costDollars?: ExaCostDollars
   }
 }
 

apps/sim/tools/index.test.ts

@@ -15,74 +15,52 @@ import {
 } from '@sim/testing'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
-// Hoisted mock state - these are available to vi.mock factories
+// Mock custom tools query - must be hoisted before imports
-const { mockIsHosted, mockEnv, mockGetBYOKKey, mockLogFixedUsage } = vi.hoisted(() => ({
+vi.mock('@/hooks/queries/custom-tools', () => ({
-  mockIsHosted: { value: false },
+  getCustomTool: (toolId: string) => {
-  mockEnv: { NEXT_PUBLIC_APP_URL: 'http://localhost:3000' } as Record<string, string | undefined>,
+    if (toolId === 'custom-tool-123') {
-  mockGetBYOKKey: vi.fn(),
+      return {
-  mockLogFixedUsage: vi.fn(),
+        id: 'custom-tool-123',
-}))
+        title: 'Custom Weather Tool',
-
+        code: 'return { result: "Weather data" }',
-// Mock feature flags
+        schema: {
-vi.mock('@/lib/core/config/feature-flags', () => ({
+          function: {
-  get isHosted() {
+            description: 'Get weather information',
-    return mockIsHosted.value
+            parameters: {
-  },
+              type: 'object',
-  isProd: false,
+              properties: {
-  isDev: true,
+                location: { type: 'string', description: 'City name' },
-  isTest: true,
+                unit: { type: 'string', description: 'Unit (metric/imperial)' },
-}))
+              },
-
+              required: ['location'],
-// Mock env config to control hosted key availability
+            },
-vi.mock('@/lib/core/config/env', () => ({
+          },
-  env: new Proxy({} as Record<string, string | undefined>, {
+        },
-    get: (_target, prop: string) => mockEnv[prop],
+      }
-  }),
+    }
-  getEnv: (key: string) => mockEnv[key],
+    return undefined
-  isTruthy: (val: unknown) => val === true || val === 'true' || val === '1',
+  },
-  isFalsy: (val: unknown) => val === false || val === 'false' || val === '0',
+  getCustomTools: () => [
-}))
+    {
-
+      id: 'custom-tool-123',
-// Mock getBYOKKey
+      title: 'Custom Weather Tool',
-vi.mock('@/lib/api-key/byok', () => ({
+      code: 'return { result: "Weather data" }',
-  getBYOKKey: (...args: unknown[]) => mockGetBYOKKey(...args),
+      schema: {
-}))
+        function: {
-
+          description: 'Get weather information',
-// Mock logFixedUsage for billing
+          parameters: {
-vi.mock('@/lib/billing/core/usage-log', () => ({
+            type: 'object',
-  logFixedUsage: (...args: unknown[]) => mockLogFixedUsage(...args),
+            properties: {
-}))
+              location: { type: 'string', description: 'City name' },
-
+              unit: { type: 'string', description: 'Unit (metric/imperial)' },
-// Mock custom tools - define mock data inside factory function
+            },
-vi.mock('@/hooks/queries/custom-tools', () => {
+            required: ['location'],
-  const mockCustomTool = {
-    id: 'custom-tool-123',
-    title: 'Custom Weather Tool',
-    code: 'return { result: "Weather data" }',
-    schema: {
-      function: {
-        description: 'Get weather information',
-        parameters: {
-          type: 'object',
-          properties: {
-            location: { type: 'string', description: 'City name' },
-            unit: { type: 'string', description: 'Unit (metric/imperial)' },
           },
-          required: ['location'],
         },
       },
     },
-  }
+  ],
-  return {
+}))
-    getCustomTool: (toolId: string) => {
-      if (toolId === 'custom-tool-123') {
-        return mockCustomTool
-      }
-      return undefined
-    },
-    getCustomTools: () => [mockCustomTool],
-  }
-})
 
 import { executeTool } from '@/tools/index'
 import { tools } from '@/tools/registry'
@@ -981,654 +959,3 @@ describe('MCP Tool Execution', () => {
     expect(result.timing).toBeDefined()
   })
 })
-
-describe('Hosted Key Injection', () => {
-  let cleanupEnvVars: () => void
-
-  beforeEach(() => {
-    process.env.NEXT_PUBLIC_APP_URL = 'http://localhost:3000'
-    cleanupEnvVars = setupEnvVars({ NEXT_PUBLIC_APP_URL: 'http://localhost:3000' })
-    vi.clearAllMocks()
-    mockGetBYOKKey.mockReset()
-    mockLogFixedUsage.mockReset()
-  })
-
-  afterEach(() => {
-    vi.resetAllMocks()
-    cleanupEnvVars()
-  })
-
-  it('should not inject hosted key when tool has no hosting config', async () => {
-    const mockTool = {
-      id: 'test_no_hosting',
-      name: 'Test No Hosting',
-      description: 'A test tool without hosting config',
-      version: '1.0.0',
-      params: {},
-      request: {
-        url: '/api/test/endpoint',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_no_hosting = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => ({
-        ok: true,
-        status: 200,
-        headers: new Headers(),
-        json: () => Promise.resolve({ success: true }),
-      })),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    await executeTool('test_no_hosting', {}, false, mockContext)
-
-    // BYOK should not be called since there's no hosting config
-    expect(mockGetBYOKKey).not.toHaveBeenCalled()
-
-    Object.assign(tools, originalTools)
-  })
-
-  it('should check BYOK key first when tool has hosting config', async () => {
-    // Note: isHosted is mocked to false by default, so hosted key injection won't happen
-    // This test verifies the flow when isHosted would be true
-    const mockTool = {
-      id: 'test_with_hosting',
-      name: 'Test With Hosting',
-      description: 'A test tool with hosting config',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: true },
-      },
-      hosting: {
-        envKeys: ['TEST_API_KEY'],
-        apiKeyParam: 'apiKey',
-        byokProviderId: 'exa',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.005,
-        },
-      },
-      request: {
-        url: '/api/test/endpoint',
-        method: 'POST' as const,
-        headers: (params: any) => ({
-          'Content-Type': 'application/json',
-          'x-api-key': params.apiKey,
-        }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_with_hosting = mockTool
-
-    // Mock BYOK returning a key
-    mockGetBYOKKey.mockResolvedValue({ apiKey: 'byok-test-key', isBYOK: true })
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => ({
-        ok: true,
-        status: 200,
-        headers: new Headers(),
-        json: () => Promise.resolve({ success: true }),
-      })),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    await executeTool('test_with_hosting', {}, false, mockContext)
-
-    // With isHosted=false, BYOK won't be called - this is expected behavior
-    // The test documents the current behavior
-    Object.assign(tools, originalTools)
-  })
-
-  it('should use per_request pricing model correctly', async () => {
-    const mockTool = {
-      id: 'test_per_request_pricing',
-      name: 'Test Per Request Pricing',
-      description: 'A test tool with per_request pricing',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: true },
-      },
-      hosting: {
-        envKeys: ['TEST_API_KEY'],
-        apiKeyParam: 'apiKey',
-        byokProviderId: 'exa',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.005,
-        },
-      },
-      request: {
-        url: '/api/test/endpoint',
-        method: 'POST' as const,
-        headers: (params: any) => ({
-          'Content-Type': 'application/json',
-          'x-api-key': params.apiKey,
-        }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    // Verify pricing config structure
-    expect(mockTool.hosting.pricing.type).toBe('per_request')
-    expect(mockTool.hosting.pricing.cost).toBe(0.005)
-  })
-
-  it('should use custom pricing model correctly', async () => {
-    const mockGetCost = vi.fn().mockReturnValue({ cost: 0.01, metadata: { breakdown: 'test' } })
-
-    const mockTool = {
-      id: 'test_custom_pricing',
-      name: 'Test Custom Pricing',
-      description: 'A test tool with custom pricing',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: true },
-      },
-      hosting: {
-        envKeys: ['TEST_API_KEY'],
-        apiKeyParam: 'apiKey',
-        byokProviderId: 'exa',
-        pricing: {
-          type: 'custom' as const,
-          getCost: mockGetCost,
-        },
-      },
-      request: {
-        url: '/api/test/endpoint',
-        method: 'POST' as const,
-        headers: (params: any) => ({
-          'Content-Type': 'application/json',
-          'x-api-key': params.apiKey,
-        }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success', costDollars: { total: 0.01 } },
-      }),
-    }
-
-    // Verify pricing config structure
-    expect(mockTool.hosting.pricing.type).toBe('custom')
-    expect(typeof mockTool.hosting.pricing.getCost).toBe('function')
-
-    // Test getCost returns expected value
-    const result = mockTool.hosting.pricing.getCost({}, { costDollars: { total: 0.01 } })
-    expect(result).toEqual({ cost: 0.01, metadata: { breakdown: 'test' } })
-  })
-
-  it('should handle custom pricing returning a number', async () => {
-    const mockGetCost = vi.fn().mockReturnValue(0.005)
-
-    const mockTool = {
-      id: 'test_custom_pricing_number',
-      name: 'Test Custom Pricing Number',
-      description: 'A test tool with custom pricing returning number',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: true },
-      },
-      hosting: {
-        envKeys: ['TEST_API_KEY'],
-        apiKeyParam: 'apiKey',
-        byokProviderId: 'exa',
-        pricing: {
-          type: 'custom' as const,
-          getCost: mockGetCost,
-        },
-      },
-      request: {
-        url: '/api/test/endpoint',
-        method: 'POST' as const,
-        headers: (params: any) => ({
-          'Content-Type': 'application/json',
-          'x-api-key': params.apiKey,
-        }),
-      },
-    }
-
-    // Test getCost returns a number
-    const result = mockTool.hosting.pricing.getCost({}, {})
-    expect(result).toBe(0.005)
-  })
-})
-
-describe('Rate Limiting and Retry Logic', () => {
-  let cleanupEnvVars: () => void
-
-  beforeEach(() => {
-    process.env.NEXT_PUBLIC_APP_URL = 'http://localhost:3000'
-    cleanupEnvVars = setupEnvVars({
-      NEXT_PUBLIC_APP_URL: 'http://localhost:3000',
-    })
-    vi.clearAllMocks()
-    mockIsHosted.value = true
-    mockEnv.TEST_HOSTED_KEY = 'test-hosted-api-key'
-    mockGetBYOKKey.mockResolvedValue(null)
-  })
-
-  afterEach(() => {
-    vi.resetAllMocks()
-    cleanupEnvVars()
-    mockIsHosted.value = false
-    mockEnv.TEST_HOSTED_KEY = undefined
-  })
-
-  it('should retry on 429 rate limit errors with exponential backoff', async () => {
-    let attemptCount = 0
-
-    const mockTool = {
-      id: 'test_rate_limit',
-      name: 'Test Rate Limit',
-      description: 'A test tool for rate limiting',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: false },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.001,
-        },
-      },
-      request: {
-        url: '/api/test/rate-limit',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_rate_limit = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => {
-        attemptCount++
-        if (attemptCount < 3) {
-          // Return a proper 429 response - the code extracts error, attaches status, and throws
-          return {
-            ok: false,
-            status: 429,
-            statusText: 'Too Many Requests',
-            headers: new Headers(),
-            json: () => Promise.resolve({ error: 'Rate limited' }),
-            text: () => Promise.resolve('Rate limited'),
-          }
-        }
-        return {
-          ok: true,
-          status: 200,
-          headers: new Headers(),
-          json: () => Promise.resolve({ success: true }),
-        }
-      }),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    const result = await executeTool('test_rate_limit', {}, false, mockContext)
-
-    // Should succeed after retries
-    expect(result.success).toBe(true)
-    // Should have made 3 attempts (2 failures + 1 success)
-    expect(attemptCount).toBe(3)
-
-    Object.assign(tools, originalTools)
-  })
-
-  it('should fail after max retries on persistent rate limiting', async () => {
-    const mockTool = {
-      id: 'test_persistent_rate_limit',
-      name: 'Test Persistent Rate Limit',
-      description: 'A test tool for persistent rate limiting',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: false },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.001,
-        },
-      },
-      request: {
-        url: '/api/test/persistent-rate-limit',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_persistent_rate_limit = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => {
-        // Always return 429 to test max retries exhaustion
-        return {
-          ok: false,
-          status: 429,
-          statusText: 'Too Many Requests',
-          headers: new Headers(),
-          json: () => Promise.resolve({ error: 'Rate limited' }),
-          text: () => Promise.resolve('Rate limited'),
-        }
-      }),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    const result = await executeTool('test_persistent_rate_limit', {}, false, mockContext)
-
-    // Should fail after all retries exhausted
-    expect(result.success).toBe(false)
-    expect(result.error).toContain('Rate limited')
-
-    Object.assign(tools, originalTools)
-  })
-
-  it('should not retry on non-rate-limit errors', async () => {
-    let attemptCount = 0
-
-    const mockTool = {
-      id: 'test_no_retry',
-      name: 'Test No Retry',
-      description: 'A test tool that should not retry',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: false },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.001,
-        },
-      },
-      request: {
-        url: '/api/test/no-retry',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_no_retry = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => {
-        attemptCount++
-        // Return a 400 response - should not trigger retry logic
-        return {
-          ok: false,
-          status: 400,
-          statusText: 'Bad Request',
-          headers: new Headers(),
-          json: () => Promise.resolve({ error: 'Bad request' }),
-          text: () => Promise.resolve('Bad request'),
-        }
-      }),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    const result = await executeTool('test_no_retry', {}, false, mockContext)
-
-    // Should fail immediately without retries
-    expect(result.success).toBe(false)
-    expect(attemptCount).toBe(1)
-
-    Object.assign(tools, originalTools)
-  })
-})
-
-describe('Cost Field Handling', () => {
-  let cleanupEnvVars: () => void
-
-  beforeEach(() => {
-    process.env.NEXT_PUBLIC_APP_URL = 'http://localhost:3000'
-    cleanupEnvVars = setupEnvVars({
-      NEXT_PUBLIC_APP_URL: 'http://localhost:3000',
-    })
-    vi.clearAllMocks()
-    mockIsHosted.value = true
-    mockEnv.TEST_HOSTED_KEY = 'test-hosted-api-key'
-    mockGetBYOKKey.mockResolvedValue(null)
-    mockLogFixedUsage.mockResolvedValue(undefined)
-  })
-
-  afterEach(() => {
-    vi.resetAllMocks()
-    cleanupEnvVars()
-    mockIsHosted.value = false
-    mockEnv.TEST_HOSTED_KEY = undefined
-  })
-
-  it('should add cost to output when using hosted key with per_request pricing', async () => {
-    const mockTool = {
-      id: 'test_cost_per_request',
-      name: 'Test Cost Per Request',
-      description: 'A test tool with per_request pricing',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: false },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.005,
-        },
-      },
-      request: {
-        url: '/api/test/cost',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_cost_per_request = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => ({
-        ok: true,
-        status: 200,
-        headers: new Headers(),
-        json: () => Promise.resolve({ success: true }),
-      })),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext({
-      userId: 'user-123',
-    } as any)
-    const result = await executeTool('test_cost_per_request', {}, false, mockContext)
-
-    expect(result.success).toBe(true)
-    // Note: In test environment, hosted key injection may not work due to env mocking complexity.
-    // The cost calculation logic is tested via the pricing model tests above.
-    // This test verifies the tool execution flow when hosted key IS available (by checking output structure).
-    if (result.output.cost) {
-      expect(result.output.cost.total).toBe(0.005)
-      // Should have logged usage
-      expect(mockLogFixedUsage).toHaveBeenCalledWith(
-        expect.objectContaining({
-          userId: 'user-123',
-          cost: 0.005,
-          description: 'tool:test_cost_per_request',
-        })
-      )
-    }
-
-    Object.assign(tools, originalTools)
-  })
-
-  it('should not add cost when not using hosted key', async () => {
-    mockIsHosted.value = false
-
-    const mockTool = {
-      id: 'test_no_hosted_cost',
-      name: 'Test No Hosted Cost',
-      description: 'A test tool without hosted key',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: true },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'per_request' as const,
-          cost: 0.005,
-        },
-      },
-      request: {
-        url: '/api/test/no-hosted',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success' },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_no_hosted_cost = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => ({
-        ok: true,
-        status: 200,
-        headers: new Headers(),
-        json: () => Promise.resolve({ success: true }),
-      })),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext()
-    // Pass user's own API key
-    const result = await executeTool(
-      'test_no_hosted_cost',
-      { apiKey: 'user-api-key' },
-      false,
-      mockContext
-    )
-
-    expect(result.success).toBe(true)
-    // Should not have cost since user provided their own key
-    expect(result.output.cost).toBeUndefined()
-    // Should not have logged usage
-    expect(mockLogFixedUsage).not.toHaveBeenCalled()
-
-    Object.assign(tools, originalTools)
-  })
-
-  it('should use custom pricing getCost function', async () => {
-    const mockGetCost = vi.fn().mockReturnValue({
-      cost: 0.015,
-      metadata: { mode: 'advanced', results: 10 },
-    })
-
-    const mockTool = {
-      id: 'test_custom_pricing_cost',
-      name: 'Test Custom Pricing Cost',
-      description: 'A test tool with custom pricing',
-      version: '1.0.0',
-      params: {
-        apiKey: { type: 'string', required: false },
-        mode: { type: 'string', required: false },
-      },
-      hosting: {
-        envKeys: ['TEST_HOSTED_KEY'],
-        apiKeyParam: 'apiKey',
-        pricing: {
-          type: 'custom' as const,
-          getCost: mockGetCost,
-        },
-      },
-      request: {
-        url: '/api/test/custom-pricing',
-        method: 'POST' as const,
-        headers: () => ({ 'Content-Type': 'application/json' }),
-      },
-      transformResponse: vi.fn().mockResolvedValue({
-        success: true,
-        output: { result: 'success', results: 10 },
-      }),
-    }
-
-    const originalTools = { ...tools }
-    ;(tools as any).test_custom_pricing_cost = mockTool
-
-    global.fetch = Object.assign(
-      vi.fn().mockImplementation(async () => ({
-        ok: true,
-        status: 200,
-        headers: new Headers(),
-        json: () => Promise.resolve({ success: true }),
-      })),
-      { preconnect: vi.fn() }
-    ) as typeof fetch
-
-    const mockContext = createToolExecutionContext({
-      userId: 'user-123',
-    } as any)
-    const result = await executeTool(
-      'test_custom_pricing_cost',
-      { mode: 'advanced' },
-      false,
-      mockContext
-    )
-
-    expect(result.success).toBe(true)
-    expect(result.output.cost).toBeDefined()
-    expect(result.output.cost.total).toBe(0.015)
-
-    // getCost should have been called with params and output
-    expect(mockGetCost).toHaveBeenCalled()
-
-    // Should have logged usage with metadata
-    expect(mockLogFixedUsage).toHaveBeenCalledWith(
-      expect.objectContaining({
-        cost: 0.015,
-        metadata: { mode: 'advanced', results: 10 },
-      })
-    )
-
-    Object.assign(tools, originalTools)
-  })
-})

apps/sim/tools/index.ts

@@ -1,15 +1,10 @@
 import { createLogger } from '@sim/logger'
-import { getBYOKKey } from '@/lib/api-key/byok'
 import { generateInternalToken } from '@/lib/auth/internal'
-import { logFixedUsage } from '@/lib/billing/core/usage-log'
-import { env } from '@/lib/core/config/env'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import { DEFAULT_EXECUTION_TIMEOUT_MS } from '@/lib/core/execution-limits'
 import {
   secureFetchWithPinnedIP,
   validateUrlWithDNS,
 } from '@/lib/core/security/input-validation.server'
-import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { parseMcpToolId } from '@/lib/mcp/utils'
@@ -18,13 +13,7 @@ import { resolveSkillContent } from '@/executor/handlers/agent/skills-resolver'
 import type { ExecutionContext } from '@/executor/types'
 import type { ErrorInfo } from '@/tools/error-extractors'
 import { extractErrorMessage } from '@/tools/error-extractors'
-import type {
+import type { OAuthTokenPayload, ToolConfig, ToolResponse } from '@/tools/types'
-  BYOKProviderId,
-  OAuthTokenPayload,
-  ToolConfig,
-  ToolHostingPricing,
-  ToolResponse,
-} from '@/tools/types'
 import {
   formatRequestParams,
   getTool,
@@ -34,246 +23,6 @@ import {
 
 const logger = createLogger('Tools')
 
-/** Result from hosted key lookup */
-interface HostedKeyResult {
-  key: string
-  envVarName: string
-}
-
-/**
- * Get a hosted API key from environment variables
- * Supports rotation when multiple keys are configured
- * Returns both the key and which env var it came from
- */
-function getHostedKeyFromEnv(envKeys: string[]): HostedKeyResult | null {
-  const keysWithNames = envKeys
-    .map((envVarName) => ({ envVarName, key: env[envVarName as keyof typeof env] }))
-    .filter((item): item is { envVarName: string; key: string } => Boolean(item.key))
-
-  if (keysWithNames.length === 0) return null
-
-  // Round-robin rotation based on current minute
-  const currentMinute = Math.floor(Date.now() / 60000)
-  const keyIndex = currentMinute % keysWithNames.length
-
-  return keysWithNames[keyIndex]
-}
-
-/** Result from hosted key injection */
-interface HostedKeyInjectionResult {
-  isUsingHostedKey: boolean
-  envVarName?: string
-}
-
-/**
- * Inject hosted API key if tool supports it and user didn't provide one.
- * Checks BYOK workspace keys first, then falls back to hosted env keys.
- * Returns whether a hosted (billable) key was injected and which env var it came from.
- */
-async function injectHostedKeyIfNeeded(
-  tool: ToolConfig,
-  params: Record<string, unknown>,
-  executionContext: ExecutionContext | undefined,
-  requestId: string
-): Promise<HostedKeyInjectionResult> {
-  if (!tool.hosting) return { isUsingHostedKey: false }
-  if (!isHosted) return { isUsingHostedKey: false }
-
-  const { envKeys, apiKeyParam, byokProviderId } = tool.hosting
-
-  // Check BYOK workspace key first
-  if (byokProviderId && executionContext?.workspaceId) {
-    try {
-      const byokResult = await getBYOKKey(
-        executionContext.workspaceId,
-        byokProviderId as BYOKProviderId
-      )
-      if (byokResult) {
-        params[apiKeyParam] = byokResult.apiKey
-        logger.info(`[${requestId}] Using BYOK key for ${tool.id}`)
-        return { isUsingHostedKey: false } // Don't bill - user's own key
-      }
-    } catch (error) {
-      logger.error(`[${requestId}] Failed to get BYOK key for ${tool.id}:`, error)
-      // Fall through to hosted key
-    }
-  }
-
-  // Fall back to hosted env key
-  const hostedKeyResult = getHostedKeyFromEnv(envKeys)
-  if (!hostedKeyResult) {
-    logger.debug(`[${requestId}] No hosted key available for ${tool.id}`)
-    return { isUsingHostedKey: false }
-  }
-
-  params[apiKeyParam] = hostedKeyResult.key
-  logger.info(`[${requestId}] Using hosted key for ${tool.id} (${hostedKeyResult.envVarName})`)
-  return { isUsingHostedKey: true, envVarName: hostedKeyResult.envVarName }
-}
-
-/**
- * Check if an error is a rate limit (throttling) error
- */
-function isRateLimitError(error: unknown): boolean {
-  if (error && typeof error === 'object') {
-    const status = (error as { status?: number }).status
-    // 429 = Too Many Requests, 503 = Service Unavailable (sometimes used for rate limiting)
-    if (status === 429 || status === 503) return true
-  }
-  return false
-}
-
-/** Context for retry with throttle tracking */
-interface RetryContext {
-  requestId: string
-  toolId: string
-  envVarName: string
-  executionContext?: ExecutionContext
-}
-
-/**
- * Execute a function with exponential backoff retry for rate limiting errors.
- * Only used for hosted key requests. Tracks throttling events via telemetry.
- */
-async function executeWithRetry<T>(
-  fn: () => Promise<T>,
-  context: RetryContext,
-  maxRetries = 3,
-  baseDelayMs = 1000
-): Promise<T> {
-  const { requestId, toolId, envVarName, executionContext } = context
-  let lastError: unknown
-
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn()
-    } catch (error) {
-      lastError = error
-
-      if (!isRateLimitError(error) || attempt === maxRetries) {
-        throw error
-      }
-
-      const delayMs = baseDelayMs * 2 ** attempt
-
-      // Track throttling event via telemetry
-      PlatformEvents.hostedKeyThrottled({
-        toolId,
-        envVarName,
-        attempt: attempt + 1,
-        maxRetries,
-        delayMs,
-        userId: executionContext?.userId,
-        workspaceId: executionContext?.workspaceId,
-        workflowId: executionContext?.workflowId,
-      })
-
-      logger.warn(
-        `[${requestId}] Rate limited for ${toolId} (${envVarName}), retrying in ${delayMs}ms (attempt ${attempt + 1}/${maxRetries})`
-      )
-      await new Promise((resolve) => setTimeout(resolve, delayMs))
-    }
-  }
-
-  throw lastError
-}
-
-/** Result from cost calculation */
-interface ToolCostResult {
-  cost: number
-  metadata?: Record<string, unknown>
-}
-
-/**
- * Calculate cost based on pricing model
- */
-function calculateToolCost(
-  pricing: ToolHostingPricing,
-  params: Record<string, unknown>,
-  response: Record<string, unknown>
-): ToolCostResult {
-  switch (pricing.type) {
-    case 'per_request':
-      return { cost: pricing.cost }
-
-    case 'custom': {
-      const result = pricing.getCost(params, response)
-      if (typeof result === 'number') {
-        return { cost: result }
-      }
-      return result
-    }
-
-    default: {
-      const exhaustiveCheck: never = pricing
-      throw new Error(`Unknown pricing type: ${(exhaustiveCheck as ToolHostingPricing).type}`)
-    }
-  }
-}
-
-interface HostedKeyCostResult {
-  cost: number
-  metadata?: Record<string, unknown>
-}
-
-/**
- * Calculate and log hosted key cost for a tool execution.
- * Logs to usageLog for audit trail and returns cost + metadata for output.
- */
-async function processHostedKeyCost(
-  tool: ToolConfig,
-  params: Record<string, unknown>,
-  response: Record<string, unknown>,
-  executionContext: ExecutionContext | undefined,
-  requestId: string
-): Promise<HostedKeyCostResult> {
-  if (!tool.hosting?.pricing) {
-    return { cost: 0 }
-  }
-
-  const { cost, metadata } = calculateToolCost(tool.hosting.pricing, params, response)
-
-  if (cost <= 0) return { cost: 0 }
-
-  // Log to usageLog table for audit trail
-  if (executionContext?.userId) {
-    try {
-      await logFixedUsage({
-        userId: executionContext.userId,
-        source: 'workflow',
-        description: `tool:${tool.id}`,
-        cost,
-        workspaceId: executionContext.workspaceId,
-        workflowId: executionContext.workflowId,
-        executionId: executionContext.executionId,
-        metadata,
-      })
-      logger.debug(
-        `[${requestId}] Logged hosted key cost for ${tool.id}: $${cost}`,
-        metadata ? { metadata } : {}
-      )
-    } catch (error) {
-      logger.error(`[${requestId}] Failed to log hosted key usage for ${tool.id}:`, error)
-    }
-  }
-
-  return { cost, metadata }
-}
-
-/**
- * Strips internal fields (keys starting with underscore) from output.
- * Used to hide internal data (e.g., _costDollars) from end users.
- */
-function stripInternalFields(output: Record<string, unknown>): Record<string, unknown> {
-  const result: Record<string, unknown> = {}
-  for (const [key, value] of Object.entries(output)) {
-    if (!key.startsWith('_')) {
-      result[key] = value
-    }
-  }
-  return result
-}
-
 /**
  * Normalizes a tool ID by stripping resource ID suffix (UUID).
  * Workflow tools: 'workflow_executor_<uuid>' -> 'workflow_executor'
@@ -530,14 +279,6 @@ export async function executeTool(
       throw new Error(`Tool not found: ${toolId}`)
     }
 
-    // Inject hosted API key if tool supports it and user didn't provide one
-    const hostedKeyInfo = await injectHostedKeyIfNeeded(
-      tool,
-      contextParams,
-      executionContext,
-      requestId
-    )
-
     // If we have a credential parameter, fetch the access token
     if (contextParams.credential) {
       logger.info(
@@ -650,33 +391,8 @@ export async function executeTool(
       const endTime = new Date()
       const endTimeISO = endTime.toISOString()
       const duration = endTime.getTime() - startTime.getTime()
-
-      // Calculate hosted key cost and merge into output.cost
-      if (hostedKeyInfo.isUsingHostedKey && finalResult.success) {
-        const { cost: hostedKeyCost, metadata } = await processHostedKeyCost(
-          tool,
-          contextParams,
-          finalResult.output,
-          executionContext,
-          requestId
-        )
-        if (hostedKeyCost > 0) {
-          finalResult.output = {
-            ...finalResult.output,
-            cost: {
-              total: hostedKeyCost,
-              ...metadata,
-            },
-          }
-        }
-      }
-
-      // Strip internal fields (keys starting with _) from output before returning
-      const strippedOutput = stripInternalFields(finalResult.output || {})
-
       return {
         ...finalResult,
-        output: strippedOutput,
         timing: {
           startTime: startTimeISO,
           endTime: endTimeISO,
@@ -686,15 +402,7 @@ export async function executeTool(
     }
 
     // Execute the tool request directly (internal routes use regular fetch, external use SSRF-protected fetch)
-    // Wrap with retry logic for hosted keys to handle rate limiting due to higher usage
+    const result = await executeToolRequest(toolId, tool, contextParams)
-    const result = hostedKeyInfo.isUsingHostedKey
-      ? await executeWithRetry(() => executeToolRequest(toolId, tool, contextParams), {
-          requestId,
-          toolId,
-          envVarName: hostedKeyInfo.envVarName!,
-          executionContext,
-        })
-      : await executeToolRequest(toolId, tool, contextParams)
 
     // Apply post-processing if available and not skipped
     let finalResult = result
@@ -716,33 +424,8 @@ export async function executeTool(
     const endTime = new Date()
     const endTimeISO = endTime.toISOString()
     const duration = endTime.getTime() - startTime.getTime()
-
-    // Calculate hosted key cost and merge into output.cost
-    if (hostedKeyInfo.isUsingHostedKey && finalResult.success) {
-      const { cost: hostedKeyCost, metadata } = await processHostedKeyCost(
-        tool,
-        contextParams,
-        finalResult.output,
-        executionContext,
-        requestId
-      )
-      if (hostedKeyCost > 0) {
-        finalResult.output = {
-          ...finalResult.output,
-          cost: {
-            total: hostedKeyCost,
-            ...metadata,
-          },
-        }
-      }
-    }
-
-    // Strip internal fields (keys starting with _) from output before returning
-    const strippedOutput = stripInternalFields(finalResult.output || {})
-
     return {
       ...finalResult,
-      output: strippedOutput,
       timing: {
         startTime: startTimeISO,
         endTime: endTimeISO,

apps/sim/tools/s3/get_object.ts

@@ -26,13 +26,6 @@ export const s3GetObjectTool: ToolConfig = {
       visibility: 'user-only',
       description: 'Your AWS Secret Access Key',
     },
-    region: {
-      type: 'string',
-      required: false,
-      visibility: 'user-only',
-      description:
-        'Optional region override when URL does not include region (e.g., us-east-1, eu-west-1)',
-    },
     s3Uri: {
       type: 'string',
       required: true,
@@ -44,7 +37,7 @@ export const s3GetObjectTool: ToolConfig = {
   request: {
     url: (params) => {
       try {
-        const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri, params.region)
+        const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri)
 
         params.bucketName = bucketName
         params.region = region
@@ -53,7 +46,7 @@ export const s3GetObjectTool: ToolConfig = {
         return `https://${bucketName}.s3.${region}.amazonaws.com/${encodeS3PathComponent(objectKey)}`
       } catch (_error) {
         throw new Error(
-          'Invalid S3 Object URL. Use a valid S3 URL and optionally provide region if the URL omits it.'
+          'Invalid S3 Object URL format. Expected format: https://bucket-name.s3.region.amazonaws.com/path/to/file'
         )
       }
     },
@@ -62,7 +55,7 @@ export const s3GetObjectTool: ToolConfig = {
       try {
         // Parse S3 URI if not already parsed
         if (!params.bucketName || !params.region || !params.objectKey) {
-          const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri, params.region)
+          const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri)
           params.bucketName = bucketName
           params.region = region
           params.objectKey = objectKey
@@ -109,7 +102,7 @@ export const s3GetObjectTool: ToolConfig = {
   transformResponse: async (response: Response, params) => {
     // Parse S3 URI if not already parsed
     if (!params.bucketName || !params.region || !params.objectKey) {
-      const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri, params.region)
+      const { bucketName, region, objectKey } = parseS3Uri(params.s3Uri)
       params.bucketName = bucketName
       params.region = region
       params.objectKey = objectKey

apps/sim/tools/s3/utils.ts

@@ -20,10 +20,7 @@ export function getSignatureKey(
   return kSigning
 }
 
-export function parseS3Uri(
+export function parseS3Uri(s3Uri: string): {
-  s3Uri: string,
-  fallbackRegion?: string
-): {
   bucketName: string
   region: string
   objectKey: string
@@ -31,55 +28,10 @@ export function parseS3Uri(
   try {
     const url = new URL(s3Uri)
     const hostname = url.hostname
-    const normalizedPath = url.pathname.startsWith('/') ? url.pathname.slice(1) : url.pathname
+    const bucketName = hostname.split('.')[0]
-
+    const regionMatch = hostname.match(/s3[.-]([^.]+)\.amazonaws\.com/)
-    const virtualHostedDualstackMatch = hostname.match(
+    const region = regionMatch ? regionMatch[1] : 'us-east-1'
-      /^(.+)\.s3\.dualstack\.([^.]+)\.amazonaws\.com(?:\.cn)?$/
+    const objectKey = url.pathname.startsWith('/') ? url.pathname.substring(1) : url.pathname
-    )
-    const virtualHostedRegionalMatch = hostname.match(
-      /^(.+)\.s3[.-]([^.]+)\.amazonaws\.com(?:\.cn)?$/
-    )
-    const virtualHostedGlobalMatch = hostname.match(/^(.+)\.s3\.amazonaws\.com(?:\.cn)?$/)
-
-    const pathStyleDualstackMatch = hostname.match(
-      /^s3\.dualstack\.([^.]+)\.amazonaws\.com(?:\.cn)?$/
-    )
-    const pathStyleRegionalMatch = hostname.match(/^s3[.-]([^.]+)\.amazonaws\.com(?:\.cn)?$/)
-    const pathStyleGlobalMatch = hostname.match(/^s3\.amazonaws\.com(?:\.cn)?$/)
-
-    const isPathStyleHost = Boolean(
-      pathStyleDualstackMatch || pathStyleRegionalMatch || pathStyleGlobalMatch
-    )
-
-    const firstSlashIndex = normalizedPath.indexOf('/')
-    const pathStyleBucketName =
-      firstSlashIndex === -1 ? normalizedPath : normalizedPath.slice(0, firstSlashIndex)
-    const pathStyleObjectKey =
-      firstSlashIndex === -1 ? '' : normalizedPath.slice(firstSlashIndex + 1)
-
-    const bucketName = isPathStyleHost
-      ? pathStyleBucketName
-      : (virtualHostedDualstackMatch?.[1] ??
-        virtualHostedRegionalMatch?.[1] ??
-        virtualHostedGlobalMatch?.[1] ??
-        '')
-
-    const rawObjectKey = isPathStyleHost ? pathStyleObjectKey : normalizedPath
-    const objectKey = (() => {
-      try {
-        return decodeURIComponent(rawObjectKey)
-      } catch {
-        return rawObjectKey
-      }
-    })()
-
-    const normalizedFallbackRegion = fallbackRegion?.trim()
-    const regionFromHost =
-      virtualHostedDualstackMatch?.[2] ??
-      virtualHostedRegionalMatch?.[2] ??
-      pathStyleDualstackMatch?.[1] ??
-      pathStyleRegionalMatch?.[1]
-    const region = regionFromHost || normalizedFallbackRegion || 'us-east-1'
 
     if (!bucketName || !objectKey) {
       throw new Error('Invalid S3 URI format')
@@ -88,7 +40,7 @@ export function parseS3Uri(
     return { bucketName, region, objectKey }
   } catch (_error) {
     throw new Error(
-      'Invalid S3 Object URL format. Expected S3 virtual-hosted or path-style URL with object key.'
+      'Invalid S3 Object URL format. Expected format: https://bucket-name.s3.region.amazonaws.com/path/to/file'
     )
   }
 }

apps/sim/tools/types.ts

@@ -1,7 +1,5 @@
 import type { OAuthService } from '@/lib/oauth'
 
-export type BYOKProviderId = 'openai' | 'anthropic' | 'google' | 'mistral' | 'exa'
-
 export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD'
 
 export type OutputType =
@@ -129,13 +127,6 @@ export interface ToolConfig<P = any, R = any> {
    * Maps param IDs to their enrichment configuration.
    */
   schemaEnrichment?: Record<string, SchemaEnrichmentConfig>
-
-  /**
-   * Hosted API key configuration for this tool.
-   * When configured, the tool can use Sim's hosted API keys if user doesn't provide their own.
-   * Usage is billed according to the pricing config.
-   */
-  hosting?: ToolHostingConfig<P>
 }
 
 export interface TableRow {
@@ -179,46 +170,3 @@ export interface SchemaEnrichmentConfig {
     required?: string[]
   } | null>
 }
-
-/**
- * Pricing models for hosted API key usage
- */
-/** Flat fee per API call (e.g., Serper search) */
-export interface PerRequestPricing {
-  type: 'per_request'
-  /** Cost per request in dollars */
-  cost: number
-}
-
-/** Result from custom pricing calculation */
-export interface CustomPricingResult {
-  /** Cost in dollars */
-  cost: number
-  /** Optional metadata about the cost calculation (e.g., breakdown from API) */
-  metadata?: Record<string, unknown>
-}
-
-/** Custom pricing calculated from params and response (e.g., Exa with different modes/result counts) */
-export interface CustomPricing<P = Record<string, unknown>> {
-  type: 'custom'
-  /** Calculate cost based on request params and response output. Fields starting with _ are internal. */
-  getCost: (params: P, output: Record<string, unknown>) => number | CustomPricingResult
-}
-
-/** Union of all pricing models */
-export type ToolHostingPricing<P = Record<string, unknown>> = PerRequestPricing | CustomPricing<P>
-
-/**
- * Configuration for hosted API key support
- * When configured, the tool can use Sim's hosted API keys if user doesn't provide their own
- */
-export interface ToolHostingConfig<P = Record<string, unknown>> {
-  /** Environment variable names to check for hosted keys (supports rotation with multiple keys) */
-  envKeys: string[]
-  /** The parameter name that receives the API key */
-  apiKeyParam: string
-  /** BYOK provider ID for workspace key lookup */
-  byokProviderId?: BYOKProviderId
-  /** Pricing when using hosted key */
-  pricing: ToolHostingPricing<P>
-}