reran migrations

* fix(terminal): reconnect to running executions after page refresh

* fix(terminal): use ExecutionEvent type instead of any in reconnection stream

* fix(execution): type event buffer with ExecutionEvent instead of Record<string, unknown>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(execution): validate fromEventId query param in reconnection endpoint

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix some bugs

* fix(variables): fix tag dropdown and cursor alignment in variables block (#3199)

* feat(confluence): added list space labels, delete label, delete page prop (#3201)

* updated route

* ack comments

* fix(execution): reset execution state in reconnection cleanup to unblock re-entry

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(execution): restore running entries when reconnection is interrupted by navigation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* done

* remove cast in ioredis types

* ack PR comments

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Siddharth Ganesan <siddharthganesan@gmail.com>

apps/sim/app/api/attribution/route.ts

@@ -0,0 +1,215 @@
+/**
+ * POST /api/attribution
+ *
+ * Automatic UTM-based referral attribution for new signups.
+ *
+ * Reads the `sim_utm` cookie (set by proxy on auth pages), verifies the user
+ * account was created after the cookie was set, matches a campaign by UTM
+ * specificity, and atomically inserts an attribution record + applies bonus credits.
+ *
+ * Idempotent — the unique constraint on `userId` prevents double-attribution.
+ */
+
+import { db } from '@sim/db'
+import { referralAttribution, referralCampaigns, user, userStats } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
+import { nanoid } from 'nanoid'
+import { cookies } from 'next/headers'
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import { applyBonusCredits } from '@/lib/billing/credits/bonus'
+
+const logger = createLogger('AttributionAPI')
+
+const COOKIE_NAME = 'sim_utm'
+const CLOCK_DRIFT_TOLERANCE_MS = 60 * 1000
+
+const UtmCookieSchema = z.object({
+  utm_source: z.string().optional(),
+  utm_medium: z.string().optional(),
+  utm_campaign: z.string().optional(),
+  utm_content: z.string().optional(),
+  referrer_url: z.string().optional(),
+  landing_page: z.string().optional(),
+  created_at: z.string().min(1),
+})
+
+/**
+ * Finds the most specific active campaign matching the given UTM params.
+ * Null fields on a campaign act as wildcards. Ties broken by newest campaign.
+ */
+async function findMatchingCampaign(utmData: z.infer<typeof UtmCookieSchema>) {
+  const campaigns = await db
+    .select()
+    .from(referralCampaigns)
+    .where(eq(referralCampaigns.isActive, true))
+
+  let bestMatch: (typeof campaigns)[number] | null = null
+  let bestScore = -1
+
+  for (const campaign of campaigns) {
+    let score = 0
+    let mismatch = false
+
+    const fields = [
+      { campaignVal: campaign.utmSource, utmVal: utmData.utm_source },
+      { campaignVal: campaign.utmMedium, utmVal: utmData.utm_medium },
+      { campaignVal: campaign.utmCampaign, utmVal: utmData.utm_campaign },
+      { campaignVal: campaign.utmContent, utmVal: utmData.utm_content },
+    ] as const
+
+    for (const { campaignVal, utmVal } of fields) {
+      if (campaignVal === null) continue
+      if (campaignVal === utmVal) {
+        score++
+      } else {
+        mismatch = true
+        break
+      }
+    }
+
+    if (!mismatch && score > 0) {
+      if (
+        score > bestScore ||
+        (score === bestScore &&
+          bestMatch &&
+          campaign.createdAt.getTime() > bestMatch.createdAt.getTime())
+      ) {
+        bestScore = score
+        bestMatch = campaign
+      }
+    }
+  }
+
+  return bestMatch
+}
+
+export async function POST() {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const cookieStore = await cookies()
+    const utmCookie = cookieStore.get(COOKIE_NAME)
+    if (!utmCookie?.value) {
+      return NextResponse.json({ attributed: false, reason: 'no_utm_cookie' })
+    }
+
+    let utmData: z.infer<typeof UtmCookieSchema>
+    try {
+      let decoded: string
+      try {
+        decoded = decodeURIComponent(utmCookie.value)
+      } catch {
+        decoded = utmCookie.value
+      }
+      utmData = UtmCookieSchema.parse(JSON.parse(decoded))
+    } catch {
+      logger.warn('Failed to parse UTM cookie', { userId: session.user.id })
+      cookieStore.delete(COOKIE_NAME)
+      return NextResponse.json({ attributed: false, reason: 'invalid_cookie' })
+    }
+
+    const cookieCreatedAt = Number(utmData.created_at)
+    if (!Number.isFinite(cookieCreatedAt)) {
+      logger.warn('UTM cookie has invalid created_at timestamp', { userId: session.user.id })
+      cookieStore.delete(COOKIE_NAME)
+      return NextResponse.json({ attributed: false, reason: 'invalid_cookie' })
+    }
+
+    const userRows = await db
+      .select({ createdAt: user.createdAt })
+      .from(user)
+      .where(eq(user.id, session.user.id))
+      .limit(1)
+
+    if (userRows.length === 0) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 })
+    }
+
+    const userCreatedAt = userRows[0].createdAt.getTime()
+    if (userCreatedAt < cookieCreatedAt - CLOCK_DRIFT_TOLERANCE_MS) {
+      logger.info('User account predates UTM cookie, skipping attribution', {
+        userId: session.user.id,
+        userCreatedAt: new Date(userCreatedAt).toISOString(),
+        cookieCreatedAt: new Date(cookieCreatedAt).toISOString(),
+      })
+      cookieStore.delete(COOKIE_NAME)
+      return NextResponse.json({ attributed: false, reason: 'account_predates_cookie' })
+    }
+
+    const [existingStats] = await db
+      .select({ id: userStats.id })
+      .from(userStats)
+      .where(eq(userStats.userId, session.user.id))
+      .limit(1)
+
+    if (!existingStats) {
+      await db.insert(userStats).values({
+        id: nanoid(),
+        userId: session.user.id,
+      })
+    }
+
+    const matchedCampaign = await findMatchingCampaign(utmData)
+    if (!matchedCampaign) {
+      cookieStore.delete(COOKIE_NAME)
+      return NextResponse.json({ attributed: false, reason: 'no_matching_campaign' })
+    }
+
+    const bonusAmount = Number(matchedCampaign.bonusCreditAmount)
+
+    let attributed = false
+    await db.transaction(async (tx) => {
+      const result = await tx
+        .insert(referralAttribution)
+        .values({
+          id: nanoid(),
+          userId: session.user.id,
+          campaignId: matchedCampaign.id,
+          utmSource: utmData.utm_source || null,
+          utmMedium: utmData.utm_medium || null,
+          utmCampaign: utmData.utm_campaign || null,
+          utmContent: utmData.utm_content || null,
+          referrerUrl: utmData.referrer_url || null,
+          landingPage: utmData.landing_page || null,
+          bonusCreditAmount: bonusAmount.toString(),
+        })
+        .onConflictDoNothing({ target: referralAttribution.userId })
+        .returning({ id: referralAttribution.id })
+
+      if (result.length > 0) {
+        await applyBonusCredits(session.user.id, bonusAmount, tx)
+        attributed = true
+      }
+    })
+
+    if (attributed) {
+      logger.info('Referral attribution created and bonus credits applied', {
+        userId: session.user.id,
+        campaignId: matchedCampaign.id,
+        campaignName: matchedCampaign.name,
+        utmSource: utmData.utm_source,
+        utmCampaign: utmData.utm_campaign,
+        utmContent: utmData.utm_content,
+        bonusAmount,
+      })
+    } else {
+      logger.info('User already attributed, skipping', { userId: session.user.id })
+    }
+
+    cookieStore.delete(COOKIE_NAME)
+
+    return NextResponse.json({
+      attributed,
+      bonusAmount: attributed ? bonusAmount : undefined,
+    })
+  } catch (error) {
+    logger.error('Attribution error', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/copilot/auto-allowed-tools/route.ts

@@ -1,81 +1,145 @@
+import { db } from '@sim/db'
+import { settings } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
-import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
-import { env } from '@/lib/core/config/env'
+import { getSession } from '@/lib/auth'
 
 const logger = createLogger('CopilotAutoAllowedToolsAPI')
 
-function copilotHeaders(): HeadersInit {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  }
-  if (env.COPILOT_API_KEY) {
-    headers['x-api-key'] = env.COPILOT_API_KEY
-  }
-  return headers
-}
-
-export async function DELETE(request: NextRequest) {
-  const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
-  if (!isAuthenticated || !userId) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  const toolIdFromQuery = new URL(request.url).searchParams.get('toolId') || undefined
-  const toolIdFromBody = await request
-    .json()
-    .then((body) => (typeof body?.toolId === 'string' ? body.toolId : undefined))
-    .catch(() => undefined)
-  const toolId = toolIdFromBody || toolIdFromQuery
-  if (!toolId) {
-    return NextResponse.json({ error: 'toolId is required' }, { status: 400 })
-  }
-
+/**
+ * GET - Fetch user's auto-allowed integration tools
+ */
+export async function GET() {
   try {
-    const res = await fetch(`${SIM_AGENT_API_URL}/api/tool-preferences/auto-allowed`, {
-      method: 'DELETE',
-      headers: copilotHeaders(),
-      body: JSON.stringify({
-        userId,
-        toolId,
-      }),
-    })
+    const session = await getSession()
 
-    const payload = await res.json().catch(() => ({}))
-    if (!res.ok) {
-      logger.warn('Failed to remove auto-allowed tool via copilot backend', {
-        status: res.status,
-        userId,
-        toolId,
-      })
-      return NextResponse.json(
-        {
-          success: false,
-          error: payload?.error || 'Failed to remove auto-allowed tool',
-          autoAllowedTools: [],
-        },
-        { status: res.status }
-      )
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    return NextResponse.json({
-      success: true,
-      autoAllowedTools: Array.isArray(payload?.autoAllowedTools) ? payload.autoAllowedTools : [],
-    })
-  } catch (error) {
-    logger.error('Error removing auto-allowed tool', {
+    const userId = session.user.id
+
+    const [userSettings] = await db
+      .select()
+      .from(settings)
+      .where(eq(settings.userId, userId))
+      .limit(1)
+
+    if (userSettings) {
+      const autoAllowedTools = (userSettings.copilotAutoAllowedTools as string[]) || []
+      return NextResponse.json({ autoAllowedTools })
+    }
+
+    await db.insert(settings).values({
+      id: userId,
       userId,
-      toolId,
-      error: error instanceof Error ? error.message : String(error),
+      copilotAutoAllowedTools: [],
     })
-    return NextResponse.json(
-      {
-        success: false,
-        error: 'Failed to remove auto-allowed tool',
-        autoAllowedTools: [],
-      },
-      { status: 500 }
-    )
+
+    return NextResponse.json({ autoAllowedTools: [] })
+  } catch (error) {
+    logger.error('Failed to fetch auto-allowed tools', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * POST - Add a tool to the auto-allowed list
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const body = await request.json()
+
+    if (!body.toolId || typeof body.toolId !== 'string') {
+      return NextResponse.json({ error: 'toolId must be a string' }, { status: 400 })
+    }
+
+    const toolId = body.toolId
+
+    const [existing] = await db.select().from(settings).where(eq(settings.userId, userId)).limit(1)
+
+    if (existing) {
+      const currentTools = (existing.copilotAutoAllowedTools as string[]) || []
+
+      if (!currentTools.includes(toolId)) {
+        const updatedTools = [...currentTools, toolId]
+        await db
+          .update(settings)
+          .set({
+            copilotAutoAllowedTools: updatedTools,
+            updatedAt: new Date(),
+          })
+          .where(eq(settings.userId, userId))
+
+        logger.info('Added tool to auto-allowed list', { userId, toolId })
+        return NextResponse.json({ success: true, autoAllowedTools: updatedTools })
+      }
+
+      return NextResponse.json({ success: true, autoAllowedTools: currentTools })
+    }
+
+    await db.insert(settings).values({
+      id: userId,
+      userId,
+      copilotAutoAllowedTools: [toolId],
+    })
+
+    logger.info('Created settings and added tool to auto-allowed list', { userId, toolId })
+    return NextResponse.json({ success: true, autoAllowedTools: [toolId] })
+  } catch (error) {
+    logger.error('Failed to add auto-allowed tool', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE - Remove a tool from the auto-allowed list
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const { searchParams } = new URL(request.url)
+    const toolId = searchParams.get('toolId')
+
+    if (!toolId) {
+      return NextResponse.json({ error: 'toolId query parameter is required' }, { status: 400 })
+    }
+
+    const [existing] = await db.select().from(settings).where(eq(settings.userId, userId)).limit(1)
+
+    if (existing) {
+      const currentTools = (existing.copilotAutoAllowedTools as string[]) || []
+      const updatedTools = currentTools.filter((t) => t !== toolId)
+
+      await db
+        .update(settings)
+        .set({
+          copilotAutoAllowedTools: updatedTools,
+          updatedAt: new Date(),
+        })
+        .where(eq(settings.userId, userId))
+
+      logger.info('Removed tool from auto-allowed list', { userId, toolId })
+      return NextResponse.json({ success: true, autoAllowedTools: updatedTools })
+    }
+
+    return NextResponse.json({ success: true, autoAllowedTools: [] })
+  } catch (error) {
+    logger.error('Failed to remove auto-allowed tool', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }

apps/sim/app/api/copilot/confirm/route.ts

@@ -1,11 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import {
-  REDIS_TOOL_CALL_PREFIX,
-  REDIS_TOOL_CALL_TTL_SECONDS,
-  SIM_AGENT_API_URL,
-} from '@/lib/copilot/constants'
+import { REDIS_TOOL_CALL_PREFIX, REDIS_TOOL_CALL_TTL_SECONDS } from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -14,7 +10,6 @@ import {
   createUnauthorizedResponse,
   type NotificationStatus,
 } from '@/lib/copilot/request-helpers'
-import { env } from '@/lib/core/config/env'
 import { getRedisClient } from '@/lib/core/config/redis'
 
 const logger = createLogger('CopilotConfirmAPI')
@@ -26,8 +21,6 @@ const ConfirmationSchema = z.object({
     errorMap: () => ({ message: 'Invalid notification status' }),
   }),
   message: z.string().optional(), // Optional message for background moves or additional context
-  toolName: z.string().optional(),
-  remember: z.boolean().optional(),
 })
 
 /**
@@ -64,44 +57,6 @@ async function updateToolCallStatus(
   }
 }
 
-async function saveAutoAllowedToolPreference(userId: string, toolName: string): Promise<boolean> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  }
-  if (env.COPILOT_API_KEY) {
-    headers['x-api-key'] = env.COPILOT_API_KEY
-  }
-
-  try {
-    const response = await fetch(`${SIM_AGENT_API_URL}/api/tool-preferences/auto-allowed`, {
-      method: 'POST',
-      headers,
-      body: JSON.stringify({
-        userId,
-        toolId: toolName,
-      }),
-    })
-
-    if (!response.ok) {
-      logger.warn('Failed to persist auto-allowed tool preference', {
-        userId,
-        toolName,
-        status: response.status,
-      })
-      return false
-    }
-
-    return true
-  } catch (error) {
-    logger.error('Error persisting auto-allowed tool preference', {
-      userId,
-      toolName,
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return false
-  }
-}
-
 /**
  * POST /api/copilot/confirm
  * Update tool call status (Accept/Reject)
@@ -119,7 +74,7 @@ export async function POST(req: NextRequest) {
     }
 
     const body = await req.json()
-    const { toolCallId, status, message, toolName, remember } = ConfirmationSchema.parse(body)
+    const { toolCallId, status, message } = ConfirmationSchema.parse(body)
 
     // Update the tool call status in Redis
     const updated = await updateToolCallStatus(toolCallId, status, message)
@@ -135,22 +90,14 @@ export async function POST(req: NextRequest) {
       return createBadRequestResponse('Failed to update tool call status or tool call not found')
     }
 
-    let rememberSaved = false
-    if (status === 'accepted' && remember === true && toolName && authenticatedUserId) {
-      rememberSaved = await saveAutoAllowedToolPreference(authenticatedUserId, toolName)
-    }
+    const duration = tracker.getDuration()
 
-    const response: Record<string, unknown> = {
+    return NextResponse.json({
       success: true,
       message: message || `Tool call ${toolCallId} has been ${status.toLowerCase()}`,
       toolCallId,
       status,
-    }
-    if (remember === true) {
-      response.rememberSaved = rememberSaved
-    }
-
-    return NextResponse.json(response)
+    })
   } catch (error) {
     const duration = tracker.getDuration()
 

apps/sim/app/api/referral-code/redeem/route.ts

@@ -0,0 +1,170 @@
+/**
+ * POST /api/referral-code/redeem
+ *
+ * Redeem a referral/promo code to receive bonus credits.
+ *
+ * Body:
+ *   - code: string — The referral code to redeem
+ *
+ * Response: { redeemed: boolean, bonusAmount?: number, error?: string }
+ *
+ * Constraints:
+ *   - Enterprise users cannot redeem codes
+ *   - One redemption per user, ever (unique constraint on userId)
+ *   - One redemption per organization for team users (partial unique on organizationId)
+ */
+
+import { db } from '@sim/db'
+import { referralAttribution, referralCampaigns, userStats } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { nanoid } from 'nanoid'
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
+import { applyBonusCredits } from '@/lib/billing/credits/bonus'
+
+const logger = createLogger('ReferralCodeRedemption')
+
+const RedeemCodeSchema = z.object({
+  code: z.string().min(1, 'Code is required'),
+})
+
+export async function POST(request: Request) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const { code } = RedeemCodeSchema.parse(body)
+
+    const subscription = await getHighestPrioritySubscription(session.user.id)
+
+    if (subscription?.plan === 'enterprise') {
+      return NextResponse.json({
+        redeemed: false,
+        error: 'Enterprise accounts cannot redeem referral codes',
+      })
+    }
+
+    const isTeam = subscription?.plan === 'team'
+    const orgId = isTeam ? subscription.referenceId : null
+
+    const normalizedCode = code.trim().toUpperCase()
+
+    const [campaign] = await db
+      .select()
+      .from(referralCampaigns)
+      .where(and(eq(referralCampaigns.code, normalizedCode), eq(referralCampaigns.isActive, true)))
+      .limit(1)
+
+    if (!campaign) {
+      logger.info('Invalid code redemption attempt', {
+        userId: session.user.id,
+        code: normalizedCode,
+      })
+      return NextResponse.json({ error: 'Invalid or expired code' }, { status: 404 })
+    }
+
+    const [existingUserAttribution] = await db
+      .select({ id: referralAttribution.id })
+      .from(referralAttribution)
+      .where(eq(referralAttribution.userId, session.user.id))
+      .limit(1)
+
+    if (existingUserAttribution) {
+      return NextResponse.json({
+        redeemed: false,
+        error: 'You have already redeemed a code',
+      })
+    }
+
+    if (orgId) {
+      const [existingOrgAttribution] = await db
+        .select({ id: referralAttribution.id })
+        .from(referralAttribution)
+        .where(eq(referralAttribution.organizationId, orgId))
+        .limit(1)
+
+      if (existingOrgAttribution) {
+        return NextResponse.json({
+          redeemed: false,
+          error: 'A code has already been redeemed for your organization',
+        })
+      }
+    }
+
+    const [existingStats] = await db
+      .select({ id: userStats.id })
+      .from(userStats)
+      .where(eq(userStats.userId, session.user.id))
+      .limit(1)
+
+    if (!existingStats) {
+      await db.insert(userStats).values({
+        id: nanoid(),
+        userId: session.user.id,
+      })
+    }
+
+    const bonusAmount = Number(campaign.bonusCreditAmount)
+
+    let redeemed = false
+    await db.transaction(async (tx) => {
+      const result = await tx
+        .insert(referralAttribution)
+        .values({
+          id: nanoid(),
+          userId: session.user.id,
+          organizationId: orgId,
+          campaignId: campaign.id,
+          utmSource: null,
+          utmMedium: null,
+          utmCampaign: null,
+          utmContent: null,
+          referrerUrl: null,
+          landingPage: null,
+          bonusCreditAmount: bonusAmount.toString(),
+        })
+        .onConflictDoNothing()
+        .returning({ id: referralAttribution.id })
+
+      if (result.length > 0) {
+        await applyBonusCredits(session.user.id, bonusAmount, tx)
+        redeemed = true
+      }
+    })
+
+    if (redeemed) {
+      logger.info('Referral code redeemed', {
+        userId: session.user.id,
+        organizationId: orgId,
+        code: normalizedCode,
+        campaignId: campaign.id,
+        campaignName: campaign.name,
+        bonusAmount,
+      })
+    }
+
+    if (!redeemed) {
+      return NextResponse.json({
+        redeemed: false,
+        error: 'You have already redeemed a code',
+      })
+    }
+
+    return NextResponse.json({
+      redeemed: true,
+      bonusAmount,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
+    }
+    logger.error('Referral code redemption error', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/v1/admin/index.ts

@@ -66,6 +66,12 @@
  *   Credits:
  *   POST   /api/v1/admin/credits                            - Issue credits to user (by userId or email)
  *
+ *   Referral Campaigns:
+ *   GET    /api/v1/admin/referral-campaigns                 - List campaigns (?active=true/false)
+ *   POST   /api/v1/admin/referral-campaigns                 - Create campaign
+ *   GET    /api/v1/admin/referral-campaigns/:id             - Get campaign details
+ *   PATCH  /api/v1/admin/referral-campaigns/:id             - Update campaign fields
+ *
  *   Access Control (Permission Groups):
  *   GET    /api/v1/admin/access-control                     - List permission groups (?organizationId=X)
  *   DELETE /api/v1/admin/access-control                     - Delete permission groups for org (?organizationId=X)
@@ -97,6 +103,7 @@ export type {
   AdminOrganization,
   AdminOrganizationBillingSummary,
   AdminOrganizationDetail,
+  AdminReferralCampaign,
   AdminSeatAnalytics,
   AdminSingleResponse,
   AdminSubscription,
@@ -111,6 +118,7 @@ export type {
   AdminWorkspaceMember,
   DbMember,
   DbOrganization,
+  DbReferralCampaign,
   DbSubscription,
   DbUser,
   DbUserStats,
@@ -139,6 +147,7 @@ export {
   parseWorkflowVariables,
   toAdminFolder,
   toAdminOrganization,
+  toAdminReferralCampaign,
   toAdminSubscription,
   toAdminUser,
   toAdminWorkflow,

apps/sim/app/api/v1/admin/referral-campaigns/[id]/route.ts

@@ -0,0 +1,142 @@
+/**
+ * GET   /api/v1/admin/referral-campaigns/:id
+ *
+ * Get a single referral campaign by ID.
+ *
+ * PATCH /api/v1/admin/referral-campaigns/:id
+ *
+ * Update campaign fields. All fields are optional.
+ *
+ * Body:
+ *   - name: string (non-empty) - Campaign name
+ *   - bonusCreditAmount: number (> 0) - Bonus credits in dollars
+ *   - isActive: boolean - Enable/disable the campaign
+ *   - code: string | null (min 6 chars, auto-uppercased, null to remove) - Redeemable code
+ *   - utmSource: string | null - UTM source match (null = wildcard)
+ *   - utmMedium: string | null - UTM medium match (null = wildcard)
+ *   - utmCampaign: string | null - UTM campaign match (null = wildcard)
+ *   - utmContent: string | null - UTM content match (null = wildcard)
+ */
+
+import { db } from '@sim/db'
+import { referralCampaigns } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { withAdminAuthParams } from '@/app/api/v1/admin/middleware'
+import {
+  badRequestResponse,
+  internalErrorResponse,
+  notFoundResponse,
+  singleResponse,
+} from '@/app/api/v1/admin/responses'
+import { toAdminReferralCampaign } from '@/app/api/v1/admin/types'
+
+const logger = createLogger('AdminReferralCampaignDetailAPI')
+
+interface RouteParams {
+  id: string
+}
+
+export const GET = withAdminAuthParams<RouteParams>(async (_, context) => {
+  try {
+    const { id: campaignId } = await context.params
+
+    const [campaign] = await db
+      .select()
+      .from(referralCampaigns)
+      .where(eq(referralCampaigns.id, campaignId))
+      .limit(1)
+
+    if (!campaign) {
+      return notFoundResponse('Campaign')
+    }
+
+    logger.info(`Admin API: Retrieved referral campaign ${campaignId}`)
+
+    return singleResponse(toAdminReferralCampaign(campaign, getBaseUrl()))
+  } catch (error) {
+    logger.error('Admin API: Failed to get referral campaign', { error })
+    return internalErrorResponse('Failed to get referral campaign')
+  }
+})
+
+export const PATCH = withAdminAuthParams<RouteParams>(async (request, context) => {
+  try {
+    const { id: campaignId } = await context.params
+    const body = await request.json()
+
+    const [existing] = await db
+      .select()
+      .from(referralCampaigns)
+      .where(eq(referralCampaigns.id, campaignId))
+      .limit(1)
+
+    if (!existing) {
+      return notFoundResponse('Campaign')
+    }
+
+    const updateData: Record<string, unknown> = { updatedAt: new Date() }
+
+    if (body.name !== undefined) {
+      if (typeof body.name !== 'string' || body.name.trim().length === 0) {
+        return badRequestResponse('name must be a non-empty string')
+      }
+      updateData.name = body.name.trim()
+    }
+
+    if (body.bonusCreditAmount !== undefined) {
+      if (
+        typeof body.bonusCreditAmount !== 'number' ||
+        !Number.isFinite(body.bonusCreditAmount) ||
+        body.bonusCreditAmount <= 0
+      ) {
+        return badRequestResponse('bonusCreditAmount must be a positive number')
+      }
+      updateData.bonusCreditAmount = body.bonusCreditAmount.toString()
+    }
+
+    if (body.isActive !== undefined) {
+      if (typeof body.isActive !== 'boolean') {
+        return badRequestResponse('isActive must be a boolean')
+      }
+      updateData.isActive = body.isActive
+    }
+
+    if (body.code !== undefined) {
+      if (body.code !== null) {
+        if (typeof body.code !== 'string') {
+          return badRequestResponse('code must be a string or null')
+        }
+        if (body.code.trim().length < 6) {
+          return badRequestResponse('code must be at least 6 characters')
+        }
+      }
+      updateData.code = body.code ? body.code.trim().toUpperCase() : null
+    }
+
+    for (const field of ['utmSource', 'utmMedium', 'utmCampaign', 'utmContent'] as const) {
+      if (body[field] !== undefined) {
+        if (body[field] !== null && typeof body[field] !== 'string') {
+          return badRequestResponse(`${field} must be a string or null`)
+        }
+        updateData[field] = body[field] || null
+      }
+    }
+
+    const [updated] = await db
+      .update(referralCampaigns)
+      .set(updateData)
+      .where(eq(referralCampaigns.id, campaignId))
+      .returning()
+
+    logger.info(`Admin API: Updated referral campaign ${campaignId}`, {
+      fields: Object.keys(updateData).filter((k) => k !== 'updatedAt'),
+    })
+
+    return singleResponse(toAdminReferralCampaign(updated, getBaseUrl()))
+  } catch (error) {
+    logger.error('Admin API: Failed to update referral campaign', { error })
+    return internalErrorResponse('Failed to update referral campaign')
+  }
+})

apps/sim/app/api/v1/admin/referral-campaigns/route.ts

@@ -0,0 +1,140 @@
+/**
+ * GET  /api/v1/admin/referral-campaigns
+ *
+ * List referral campaigns with optional filtering and pagination.
+ *
+ * Query Parameters:
+ *   - active: string (optional) - Filter by active status ('true' or 'false')
+ *   - limit: number (default: 50, max: 250)
+ *   - offset: number (default: 0)
+ *
+ * POST /api/v1/admin/referral-campaigns
+ *
+ * Create a new referral campaign.
+ *
+ * Body:
+ *   - name: string (required) - Campaign name
+ *   - bonusCreditAmount: number (required, > 0) - Bonus credits in dollars
+ *   - code: string | null (optional, min 6 chars, auto-uppercased) - Redeemable code
+ *   - utmSource: string | null (optional) - UTM source match (null = wildcard)
+ *   - utmMedium: string | null (optional) - UTM medium match (null = wildcard)
+ *   - utmCampaign: string | null (optional) - UTM campaign match (null = wildcard)
+ *   - utmContent: string | null (optional) - UTM content match (null = wildcard)
+ */
+
+import { db } from '@sim/db'
+import { referralCampaigns } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { count, eq, type SQL } from 'drizzle-orm'
+import { nanoid } from 'nanoid'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { withAdminAuth } from '@/app/api/v1/admin/middleware'
+import {
+  badRequestResponse,
+  internalErrorResponse,
+  listResponse,
+  singleResponse,
+} from '@/app/api/v1/admin/responses'
+import {
+  type AdminReferralCampaign,
+  createPaginationMeta,
+  parsePaginationParams,
+  toAdminReferralCampaign,
+} from '@/app/api/v1/admin/types'
+
+const logger = createLogger('AdminReferralCampaignsAPI')
+
+export const GET = withAdminAuth(async (request) => {
+  const url = new URL(request.url)
+  const { limit, offset } = parsePaginationParams(url)
+  const activeFilter = url.searchParams.get('active')
+
+  try {
+    const conditions: SQL<unknown>[] = []
+    if (activeFilter === 'true') {
+      conditions.push(eq(referralCampaigns.isActive, true))
+    } else if (activeFilter === 'false') {
+      conditions.push(eq(referralCampaigns.isActive, false))
+    }
+
+    const whereClause = conditions.length > 0 ? conditions[0] : undefined
+    const baseUrl = getBaseUrl()
+
+    const [countResult, campaigns] = await Promise.all([
+      db.select({ total: count() }).from(referralCampaigns).where(whereClause),
+      db
+        .select()
+        .from(referralCampaigns)
+        .where(whereClause)
+        .orderBy(referralCampaigns.createdAt)
+        .limit(limit)
+        .offset(offset),
+    ])
+
+    const total = countResult[0].total
+    const data: AdminReferralCampaign[] = campaigns.map((c) => toAdminReferralCampaign(c, baseUrl))
+    const pagination = createPaginationMeta(total, limit, offset)
+
+    logger.info(`Admin API: Listed ${data.length} referral campaigns (total: ${total})`)
+
+    return listResponse(data, pagination)
+  } catch (error) {
+    logger.error('Admin API: Failed to list referral campaigns', { error })
+    return internalErrorResponse('Failed to list referral campaigns')
+  }
+})
+
+export const POST = withAdminAuth(async (request) => {
+  try {
+    const body = await request.json()
+    const { name, code, utmSource, utmMedium, utmCampaign, utmContent, bonusCreditAmount } = body
+
+    if (!name || typeof name !== 'string') {
+      return badRequestResponse('name is required and must be a string')
+    }
+
+    if (
+      typeof bonusCreditAmount !== 'number' ||
+      !Number.isFinite(bonusCreditAmount) ||
+      bonusCreditAmount <= 0
+    ) {
+      return badRequestResponse('bonusCreditAmount must be a positive number')
+    }
+
+    if (code !== undefined && code !== null) {
+      if (typeof code !== 'string') {
+        return badRequestResponse('code must be a string or null')
+      }
+      if (code.trim().length < 6) {
+        return badRequestResponse('code must be at least 6 characters')
+      }
+    }
+
+    const id = nanoid()
+
+    const [campaign] = await db
+      .insert(referralCampaigns)
+      .values({
+        id,
+        name,
+        code: code ? code.trim().toUpperCase() : null,
+        utmSource: utmSource || null,
+        utmMedium: utmMedium || null,
+        utmCampaign: utmCampaign || null,
+        utmContent: utmContent || null,
+        bonusCreditAmount: bonusCreditAmount.toString(),
+      })
+      .returning()
+
+    logger.info(`Admin API: Created referral campaign ${id}`, {
+      name,
+      code: campaign.code,
+      bonusCreditAmount,
+    })
+
+    return singleResponse(toAdminReferralCampaign(campaign, getBaseUrl()))
+  } catch (error) {
+    logger.error('Admin API: Failed to create referral campaign', { error })
+    return internalErrorResponse('Failed to create referral campaign')
+  }
+})

apps/sim/app/api/v1/admin/types.ts

@@ -8,6 +8,7 @@
 import type {
   member,
   organization,
+  referralCampaigns,
   subscription,
   user,
   userStats,
@@ -31,6 +32,7 @@ export type DbOrganization = InferSelectModel<typeof organization>
 export type DbSubscription = InferSelectModel<typeof subscription>
 export type DbMember = InferSelectModel<typeof member>
 export type DbUserStats = InferSelectModel<typeof userStats>
+export type DbReferralCampaign = InferSelectModel<typeof referralCampaigns>
 
 // =============================================================================
 // Pagination
@@ -646,3 +648,49 @@ export interface AdminDeployResult {
 export interface AdminUndeployResult {
   isDeployed: boolean
 }
+
+// =============================================================================
+// Referral Campaign Types
+// =============================================================================
+
+export interface AdminReferralCampaign {
+  id: string
+  name: string
+  code: string | null
+  utmSource: string | null
+  utmMedium: string | null
+  utmCampaign: string | null
+  utmContent: string | null
+  bonusCreditAmount: string
+  isActive: boolean
+  signupUrl: string | null
+  createdAt: string
+  updatedAt: string
+}
+
+export function toAdminReferralCampaign(
+  dbCampaign: DbReferralCampaign,
+  baseUrl: string
+): AdminReferralCampaign {
+  const utmParams = new URLSearchParams()
+  if (dbCampaign.utmSource) utmParams.set('utm_source', dbCampaign.utmSource)
+  if (dbCampaign.utmMedium) utmParams.set('utm_medium', dbCampaign.utmMedium)
+  if (dbCampaign.utmCampaign) utmParams.set('utm_campaign', dbCampaign.utmCampaign)
+  if (dbCampaign.utmContent) utmParams.set('utm_content', dbCampaign.utmContent)
+  const query = utmParams.toString()
+
+  return {
+    id: dbCampaign.id,
+    name: dbCampaign.name,
+    code: dbCampaign.code,
+    utmSource: dbCampaign.utmSource,
+    utmMedium: dbCampaign.utmMedium,
+    utmCampaign: dbCampaign.utmCampaign,
+    utmContent: dbCampaign.utmContent,
+    bonusCreditAmount: dbCampaign.bonusCreditAmount,
+    isActive: dbCampaign.isActive,
+    signupUrl: query ? `${baseUrl}/signup?${query}` : null,
+    createdAt: dbCampaign.createdAt.toISOString(),
+    updatedAt: dbCampaign.updatedAt.toISOString(),
+  }
+}

apps/sim/app/api/workflows/[id]/deployments/[version]/route.ts

@@ -29,7 +29,7 @@ const patchBodySchema = z
     description: z
       .string()
       .trim()
-      .max(500, 'Description must be 500 characters or less')
+      .max(2000, 'Description must be 2000 characters or less')
       .nullable()
       .optional(),
     isActive: z.literal(true).optional(), // Set to true to activate this version

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -12,7 +12,7 @@ import {
 import { generateRequestId } from '@/lib/core/utils/request'
 import { SSE_HEADERS } from '@/lib/core/utils/sse'
 import { getBaseUrl } from '@/lib/core/utils/urls'
-import { markExecutionCancelled } from '@/lib/execution/cancellation'
+import { createExecutionEventWriter, setExecutionMeta } from '@/lib/execution/event-buffer'
 import { processInputFileFields } from '@/lib/execution/files'
 import { preprocessExecution } from '@/lib/execution/preprocessing'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
@@ -700,15 +700,27 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
     const timeoutController = createTimeoutAbortController(preprocessResult.executionTimeout?.sync)
     let isStreamClosed = false
 
+    const eventWriter = createExecutionEventWriter(executionId)
+    setExecutionMeta(executionId, {
+      status: 'active',
+      userId: actorUserId,
+      workflowId,
+    }).catch(() => {})
+
     const stream = new ReadableStream<Uint8Array>({
       async start(controller) {
-        const sendEvent = (event: ExecutionEvent) => {
-          if (isStreamClosed) return
+        let finalMetaStatus: 'complete' | 'error' | 'cancelled' | null = null
 
-          try {
-            controller.enqueue(encodeSSEEvent(event))
-          } catch {
-            isStreamClosed = true
+        const sendEvent = (event: ExecutionEvent) => {
+          if (!isStreamClosed) {
+            try {
+              controller.enqueue(encodeSSEEvent(event))
+            } catch {
+              isStreamClosed = true
+            }
+          }
+          if (event.type !== 'stream:chunk' && event.type !== 'stream:done') {
+            eventWriter.write(event).catch(() => {})
           }
         }
 
@@ -829,14 +841,12 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
 
             const reader = streamingExec.stream.getReader()
             const decoder = new TextDecoder()
-            let chunkCount = 0
 
             try {
               while (true) {
                 const { done, value } = await reader.read()
                 if (done) break
 
-                chunkCount++
                 const chunk = decoder.decode(value, { stream: true })
                 sendEvent({
                   type: 'stream:chunk',
@@ -951,6 +961,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
                   duration: result.metadata?.duration || 0,
                 },
               })
+              finalMetaStatus = 'error'
             } else {
               logger.info(`[${requestId}] Workflow execution was cancelled`)
 
@@ -963,6 +974,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
                   duration: result.metadata?.duration || 0,
                 },
               })
+              finalMetaStatus = 'cancelled'
             }
             return
           }
@@ -986,6 +998,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
               endTime: result.metadata?.endTime || new Date().toISOString(),
             },
           })
+          finalMetaStatus = 'complete'
         } catch (error: unknown) {
           const isTimeout = isTimeoutError(error) || timeoutController.isTimedOut()
           const errorMessage = isTimeout
@@ -1017,7 +1030,18 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
               duration: executionResult?.metadata?.duration || 0,
             },
           })
+          finalMetaStatus = 'error'
         } finally {
+          try {
+            await eventWriter.close()
+          } catch (closeError) {
+            logger.warn(`[${requestId}] Failed to close event writer`, {
+              error: closeError instanceof Error ? closeError.message : String(closeError),
+            })
+          }
+          if (finalMetaStatus) {
+            setExecutionMeta(executionId, { status: finalMetaStatus }).catch(() => {})
+          }
           timeoutController.cleanup()
           if (executionId) {
             await cleanupExecutionBase64Cache(executionId)
@@ -1032,10 +1056,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       },
       cancel() {
         isStreamClosed = true
-        timeoutController.cleanup()
-        logger.info(`[${requestId}] Client aborted SSE stream, signalling cancellation`)
-        timeoutController.abort()
-        markExecutionCancelled(executionId).catch(() => {})
+        logger.info(`[${requestId}] Client disconnected from SSE stream`)
       },
     })
 

apps/sim/app/api/workflows/[id]/executions/[executionId]/stream/route.ts

@@ -0,0 +1,170 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { SSE_HEADERS } from '@/lib/core/utils/sse'
+import {
+  type ExecutionStreamStatus,
+  getExecutionMeta,
+  readExecutionEvents,
+} from '@/lib/execution/event-buffer'
+import { formatSSEEvent } from '@/lib/workflows/executor/execution-events'
+import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
+
+const logger = createLogger('ExecutionStreamReconnectAPI')
+
+const POLL_INTERVAL_MS = 500
+const MAX_POLL_DURATION_MS = 10 * 60 * 1000 // 10 minutes
+
+function isTerminalStatus(status: ExecutionStreamStatus): boolean {
+  return status === 'complete' || status === 'error' || status === 'cancelled'
+}
+
+export const runtime = 'nodejs'
+export const dynamic = 'force-dynamic'
+
+export async function GET(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string; executionId: string }> }
+) {
+  const { id: workflowId, executionId } = await params
+
+  try {
+    const auth = await checkHybridAuth(req, { requireWorkflowId: false })
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const workflowAuthorization = await authorizeWorkflowByWorkspacePermission({
+      workflowId,
+      userId: auth.userId,
+      action: 'read',
+    })
+    if (!workflowAuthorization.allowed) {
+      return NextResponse.json(
+        { error: workflowAuthorization.message || 'Access denied' },
+        { status: workflowAuthorization.status }
+      )
+    }
+
+    const meta = await getExecutionMeta(executionId)
+    if (!meta) {
+      return NextResponse.json({ error: 'Execution buffer not found or expired' }, { status: 404 })
+    }
+
+    if (meta.workflowId && meta.workflowId !== workflowId) {
+      return NextResponse.json(
+        { error: 'Execution does not belong to this workflow' },
+        { status: 403 }
+      )
+    }
+
+    const fromParam = req.nextUrl.searchParams.get('from')
+    const parsed = fromParam ? Number.parseInt(fromParam, 10) : 0
+    const fromEventId = Number.isFinite(parsed) && parsed >= 0 ? parsed : 0
+
+    logger.info('Reconnection stream requested', {
+      workflowId,
+      executionId,
+      fromEventId,
+      metaStatus: meta.status,
+    })
+
+    const encoder = new TextEncoder()
+
+    let closed = false
+
+    const stream = new ReadableStream<Uint8Array>({
+      async start(controller) {
+        let lastEventId = fromEventId
+        const pollDeadline = Date.now() + MAX_POLL_DURATION_MS
+
+        const enqueue = (text: string) => {
+          if (closed) return
+          try {
+            controller.enqueue(encoder.encode(text))
+          } catch {
+            closed = true
+          }
+        }
+
+        try {
+          const events = await readExecutionEvents(executionId, lastEventId)
+          for (const entry of events) {
+            if (closed) return
+            enqueue(formatSSEEvent(entry.event))
+            lastEventId = entry.eventId
+          }
+
+          const currentMeta = await getExecutionMeta(executionId)
+          if (!currentMeta || isTerminalStatus(currentMeta.status)) {
+            enqueue('data: [DONE]\n\n')
+            if (!closed) controller.close()
+            return
+          }
+
+          while (!closed && Date.now() < pollDeadline) {
+            await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS))
+            if (closed) return
+
+            const newEvents = await readExecutionEvents(executionId, lastEventId)
+            for (const entry of newEvents) {
+              if (closed) return
+              enqueue(formatSSEEvent(entry.event))
+              lastEventId = entry.eventId
+            }
+
+            const polledMeta = await getExecutionMeta(executionId)
+            if (!polledMeta || isTerminalStatus(polledMeta.status)) {
+              const finalEvents = await readExecutionEvents(executionId, lastEventId)
+              for (const entry of finalEvents) {
+                if (closed) return
+                enqueue(formatSSEEvent(entry.event))
+                lastEventId = entry.eventId
+              }
+              enqueue('data: [DONE]\n\n')
+              if (!closed) controller.close()
+              return
+            }
+          }
+
+          if (!closed) {
+            logger.warn('Reconnection stream poll deadline reached', { executionId })
+            enqueue('data: [DONE]\n\n')
+            controller.close()
+          }
+        } catch (error) {
+          logger.error('Error in reconnection stream', {
+            executionId,
+            error: error instanceof Error ? error.message : String(error),
+          })
+          if (!closed) {
+            try {
+              controller.close()
+            } catch {}
+          }
+        }
+      },
+      cancel() {
+        closed = true
+        logger.info('Client disconnected from reconnection stream', { executionId })
+      },
+    })
+
+    return new NextResponse(stream, {
+      headers: {
+        ...SSE_HEADERS,
+        'X-Execution-Id': executionId,
+      },
+    })
+  } catch (error: any) {
+    logger.error('Failed to start reconnection stream', {
+      workflowId,
+      executionId,
+      error: error.message,
+    })
+    return NextResponse.json(
+      { error: error.message || 'Failed to start reconnection stream' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/diff-controls/diff-controls.tsx

@@ -14,15 +14,6 @@ const logger = createLogger('DiffControls')
 const NOTIFICATION_WIDTH = 240
 const NOTIFICATION_GAP = 16
 
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
 export const DiffControls = memo(function DiffControls() {
   const isTerminalResizing = useTerminalStore((state) => state.isResizing)
   const isPanelResizing = usePanelStore((state) => state.isResizing)
@@ -73,7 +64,7 @@ export const DiffControls = memo(function DiffControls() {
           const b = blocks[bi]
           if (b?.type === 'tool_call') {
             const tn = b.toolCall?.name
-            if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+            if (tn === 'edit_workflow') {
               id = b.toolCall?.id
               break outer
             }
@@ -81,9 +72,7 @@ export const DiffControls = memo(function DiffControls() {
         }
       }
       if (!id) {
-        const candidates = Object.values(toolCallsById).filter((t) =>
-          isWorkflowEditToolCall(t.name, t.params)
-        )
+        const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
         id = candidates.length ? candidates[candidates.length - 1].id : undefined
       }
       if (id) updatePreviewToolCallState('accepted', id)
@@ -113,7 +102,7 @@ export const DiffControls = memo(function DiffControls() {
           const b = blocks[bi]
           if (b?.type === 'tool_call') {
             const tn = b.toolCall?.name
-            if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+            if (tn === 'edit_workflow') {
               id = b.toolCall?.id
               break outer
             }
@@ -121,9 +110,7 @@ export const DiffControls = memo(function DiffControls() {
         }
       }
       if (!id) {
-        const candidates = Object.values(toolCallsById).filter((t) =>
-          isWorkflowEditToolCall(t.name, t.params)
-        )
+        const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
         id = candidates.length ? candidates[candidates.length - 1].id : undefined
       }
       if (id) updatePreviewToolCallState('rejected', id)

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/tool-call/tool-call.tsx

@@ -47,28 +47,6 @@ interface ParsedTags {
   cleanContent: string
 }
 
-function getToolCallParams(toolCall?: CopilotToolCall): Record<string, unknown> {
-  const candidate = ((toolCall as any)?.parameters ||
-    (toolCall as any)?.input ||
-    (toolCall as any)?.params ||
-    {}) as Record<string, unknown>
-  return candidate && typeof candidate === 'object' ? candidate : {}
-}
-
-function isWorkflowChangeApplyMode(toolCall?: CopilotToolCall): boolean {
-  if (!toolCall || toolCall.name !== 'workflow_change') return false
-  const params = getToolCallParams(toolCall)
-  const mode = typeof params.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function isWorkflowEditSummaryTool(toolCall?: CopilotToolCall): boolean {
-  if (!toolCall) return false
-  if (toolCall.name === 'edit_workflow') return true
-  return isWorkflowChangeApplyMode(toolCall)
-}
-
 /**
  * Extracts plan steps from plan_respond tool calls in subagent blocks.
  * @param blocks - The subagent content blocks to search
@@ -893,10 +871,7 @@ const SubagentContentRenderer = memo(function SubagentContentRenderer({
           )
         }
         if (segment.type === 'tool' && segment.block.toolCall) {
-          if (
-            (toolCall.name === 'edit' || toolCall.name === 'build') &&
-            isWorkflowEditSummaryTool(segment.block.toolCall)
-          ) {
+          if (toolCall.name === 'edit' && segment.block.toolCall.name === 'edit_workflow') {
             return (
               <div key={`tool-${segment.block.toolCall.id || index}`}>
                 <WorkflowEditSummary toolCall={segment.block.toolCall} />
@@ -993,11 +968,12 @@ const WorkflowEditSummary = memo(function WorkflowEditSummary({
     }
   }, [blocks])
 
-  if (!isWorkflowEditSummaryTool(toolCall)) {
+  if (toolCall.name !== 'edit_workflow') {
     return null
   }
 
-  const params = getToolCallParams(toolCall)
+  const params =
+    (toolCall as any).parameters || (toolCall as any).input || (toolCall as any).params || {}
   let operations = Array.isArray(params.operations) ? params.operations : []
 
   if (operations.length === 0 && Array.isArray((toolCall as any).operations)) {
@@ -1243,6 +1219,11 @@ const WorkflowEditSummary = memo(function WorkflowEditSummary({
   )
 })
 
+/** Checks if a tool is server-side executed (not a client tool) */
+function isIntegrationTool(toolName: string): boolean {
+  return !TOOL_DISPLAY_REGISTRY[toolName]
+}
+
 function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
   if (!toolCall.name || toolCall.name === 'unknown_tool') {
     return false
@@ -1252,96 +1233,59 @@ function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
     return false
   }
 
-  if (toolCall.ui?.showInterrupt !== true) {
+  // Never show buttons for tools the user has marked as always-allowed
+  if (useCopilotStore.getState().isToolAutoAllowed(toolCall.name)) {
     return false
   }
 
-  return true
+  const hasInterrupt = !!TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.interrupt
+  if (hasInterrupt) {
+    return true
+  }
+
+  // Integration tools (user-installed) always require approval
+  if (isIntegrationTool(toolCall.name)) {
+    return true
+  }
+
+  return false
 }
 
 const toolCallLogger = createLogger('CopilotToolCall')
 
 async function sendToolDecision(
   toolCallId: string,
-  status: 'accepted' | 'rejected' | 'background',
-  options?: {
-    toolName?: string
-    remember?: boolean
-  }
+  status: 'accepted' | 'rejected' | 'background'
 ) {
   try {
     await fetch('/api/copilot/confirm', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        toolCallId,
-        status,
-        ...(options?.toolName ? { toolName: options.toolName } : {}),
-        ...(options?.remember ? { remember: true } : {}),
-      }),
+      body: JSON.stringify({ toolCallId, status }),
     })
   } catch (error) {
     toolCallLogger.warn('Failed to send tool decision', {
       toolCallId,
       status,
-      remember: options?.remember === true,
-      toolName: options?.toolName,
       error: error instanceof Error ? error.message : String(error),
     })
   }
 }
 
-async function removeAutoAllowedToolPreference(toolName: string): Promise<boolean> {
-  try {
-    const response = await fetch(`/api/copilot/auto-allowed-tools?toolId=${encodeURIComponent(toolName)}`, {
-      method: 'DELETE',
-    })
-    return response.ok
-  } catch (error) {
-    toolCallLogger.warn('Failed to remove auto-allowed tool preference', {
-      toolName,
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return false
-  }
-}
-
-type ToolUiAction = NonNullable<NonNullable<CopilotToolCall['ui']>['actions']>[number]
-
-function actionDecision(action: ToolUiAction): 'accepted' | 'rejected' | 'background' {
-  const id = action.id.toLowerCase()
-  if (id.includes('background')) return 'background'
-  if (action.kind === 'reject') return 'rejected'
-  return 'accepted'
-}
-
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
-  if (toolCall.execution?.target === 'sim_client_capability') {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
-  }
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
-}
-
 async function handleRun(
   toolCall: CopilotToolCall,
   setToolCallState: any,
   onStateChange?: any,
-  editedParams?: any,
-  options?: {
-    remember?: boolean
-  }
+  editedParams?: any
 ) {
   setToolCallState(toolCall, 'executing', editedParams ? { params: editedParams } : undefined)
   onStateChange?.('executing')
-  await sendToolDecision(toolCall.id, 'accepted', {
-    toolName: toolCall.name,
-    remember: options?.remember === true,
-  })
+  await sendToolDecision(toolCall.id, 'accepted')
 
   // Client-executable run tools: execute on the client for real-time feedback
   // (block pulsing, console logs, stop button). The server defers execution
   // for these tools; the client reports back via mark-complete.
-  if (isClientRunCapability(toolCall)) {
+  if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)) {
     const params = editedParams || toolCall.params || {}
     executeRunToolOnClient(toolCall.id, toolCall.name, params)
   }
@@ -1354,9 +1298,6 @@ async function handleSkip(toolCall: CopilotToolCall, setToolCallState: any, onSt
 }
 
 function getDisplayName(toolCall: CopilotToolCall): string {
-  if (toolCall.ui?.phaseLabel) return toolCall.ui.phaseLabel
-  if (toolCall.ui?.title) return `${getStateVerb(toolCall.state)} ${toolCall.ui.title}`
-
   const fromStore = (toolCall as any).display?.text
   if (fromStore) return fromStore
   const registryEntry = TOOL_DISPLAY_REGISTRY[toolCall.name]
@@ -1401,37 +1342,53 @@ function RunSkipButtons({
   toolCall,
   onStateChange,
   editedParams,
-  actions,
 }: {
   toolCall: CopilotToolCall
   onStateChange?: (state: any) => void
   editedParams?: any
-  actions: ToolUiAction[]
 }) {
   const [isProcessing, setIsProcessing] = useState(false)
   const [buttonsHidden, setButtonsHidden] = useState(false)
   const actionInProgressRef = useRef(false)
-  const { setToolCallState } = useCopilotStore()
+  const { setToolCallState, addAutoAllowedTool } = useCopilotStore()
 
-  const onAction = async (action: ToolUiAction) => {
+  const onRun = async () => {
     // Prevent race condition - check ref synchronously
     if (actionInProgressRef.current) return
     actionInProgressRef.current = true
     setIsProcessing(true)
     setButtonsHidden(true)
     try {
-      const decision = actionDecision(action)
-      if (decision === 'accepted') {
-        await handleRun(toolCall, setToolCallState, onStateChange, editedParams, {
-          remember: action.remember === true,
-        })
-      } else if (decision === 'rejected') {
-        await handleSkip(toolCall, setToolCallState, onStateChange)
-      } else {
-        setToolCallState(toolCall, ClientToolCallState.background)
-        onStateChange?.('background')
-        await sendToolDecision(toolCall.id, 'background')
-      }
+      await handleRun(toolCall, setToolCallState, onStateChange, editedParams)
+    } finally {
+      setIsProcessing(false)
+      actionInProgressRef.current = false
+    }
+  }
+
+  const onAlwaysAllow = async () => {
+    // Prevent race condition - check ref synchronously
+    if (actionInProgressRef.current) return
+    actionInProgressRef.current = true
+    setIsProcessing(true)
+    setButtonsHidden(true)
+    try {
+      await addAutoAllowedTool(toolCall.name)
+      await handleRun(toolCall, setToolCallState, onStateChange, editedParams)
+    } finally {
+      setIsProcessing(false)
+      actionInProgressRef.current = false
+    }
+  }
+
+  const onSkip = async () => {
+    // Prevent race condition - check ref synchronously
+    if (actionInProgressRef.current) return
+    actionInProgressRef.current = true
+    setIsProcessing(true)
+    setButtonsHidden(true)
+    try {
+      await handleSkip(toolCall, setToolCallState, onStateChange)
     } finally {
       setIsProcessing(false)
       actionInProgressRef.current = false
@@ -1440,22 +1397,23 @@ function RunSkipButtons({
 
   if (buttonsHidden) return null
 
+  // Show "Always Allow" for all tools that require confirmation
+  const showAlwaysAllow = true
+
+  // Standardized buttons for all interrupt tools: Allow, Always Allow, Skip
   return (
     <div className='mt-[10px] flex gap-[6px]'>
-      {actions.map((action, index) => {
-        const variant =
-          action.kind === 'reject' ? 'default' : action.remember ? 'default' : 'tertiary'
-        return (
-          <Button
-            key={action.id}
-            onClick={() => onAction(action)}
-            disabled={isProcessing}
-            variant={variant}
-          >
-            {isProcessing && index === 0 ? 'Working...' : action.label}
-          </Button>
-        )
-      })}
+      <Button onClick={onRun} disabled={isProcessing} variant='tertiary'>
+        {isProcessing ? 'Allowing...' : 'Allow'}
+      </Button>
+      {showAlwaysAllow && (
+        <Button onClick={onAlwaysAllow} disabled={isProcessing} variant='default'>
+          {isProcessing ? 'Allowing...' : 'Always Allow'}
+        </Button>
+      )}
+      <Button onClick={onSkip} disabled={isProcessing} variant='default'>
+        Skip
+      </Button>
     </div>
   )
 }
@@ -1472,16 +1430,10 @@ export function ToolCall({
   const liveToolCall = useCopilotStore((s) =>
     effectiveId ? s.toolCallsById[effectiveId] : undefined
   )
-  const rawToolCall = liveToolCall || toolCallProp
-  const hasRealToolCall = !!rawToolCall
-  const toolCall: CopilotToolCall =
-    rawToolCall ||
-    ({
-      id: effectiveId || '',
-      name: '',
-      state: ClientToolCallState.generating,
-      params: {},
-    } as CopilotToolCall)
+  const toolCall = liveToolCall || toolCallProp
+
+  // Guard: nothing to render without a toolCall
+  if (!toolCall) return null
 
   const isExpandablePending =
     toolCall?.state === 'pending' &&
@@ -1489,15 +1441,17 @@ export function ToolCall({
 
   const [expanded, setExpanded] = useState(isExpandablePending)
   const [showRemoveAutoAllow, setShowRemoveAutoAllow] = useState(false)
-  const [autoAllowRemovedForCall, setAutoAllowRemovedForCall] = useState(false)
 
   // State for editable parameters
   const params = (toolCall as any).parameters || (toolCall as any).input || toolCall.params || {}
   const [editedParams, setEditedParams] = useState(params)
   const paramsRef = useRef(params)
 
-  const { setToolCallState } = useCopilotStore()
-  const isAutoAllowed = toolCall.ui?.autoAllowed === true && !autoAllowRemovedForCall
+  // Check if this integration tool is auto-allowed
+  const { removeAutoAllowedTool, setToolCallState } = useCopilotStore()
+  const isAutoAllowed = useCopilotStore(
+    (s) => isIntegrationTool(toolCall.name) && s.isToolAutoAllowed(toolCall.name)
+  )
 
   // Update edited params when toolCall params change (deep comparison to avoid resetting user edits on ref change)
   useEffect(() => {
@@ -1507,14 +1461,6 @@ export function ToolCall({
     }
   }, [params])
 
-  useEffect(() => {
-    setAutoAllowRemovedForCall(false)
-    setShowRemoveAutoAllow(false)
-  }, [toolCall.id])
-
-  // Guard: nothing to render without a toolCall
-  if (!hasRealToolCall) return null
-
   // Skip rendering some internal tools
   if (
     toolCall.name === 'checkoff_todo' ||
@@ -1526,9 +1472,7 @@ export function ToolCall({
     return null
 
   // Special rendering for subagent tools - show as thinking text with tool calls at top level
-  const isSubagentTool =
-    toolCall.execution?.target === 'go_subagent' ||
-    TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.subagent === true
+  const isSubagentTool = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.subagent === true
 
   // For ALL subagent tools, don't show anything until we have blocks with content
   if (isSubagentTool) {
@@ -1555,6 +1499,28 @@ export function ToolCall({
     )
   }
 
+  // Get current mode from store to determine if we should render integration tools
+  const mode = useCopilotStore.getState().mode
+
+  // Check if this is a completed/historical tool call (not pending/executing)
+  // Use string comparison to handle both enum values and string values from DB
+  const stateStr = String(toolCall.state)
+  const isCompletedToolCall =
+    stateStr === 'success' ||
+    stateStr === 'error' ||
+    stateStr === 'rejected' ||
+    stateStr === 'aborted'
+
+  // Allow rendering if:
+  // 1. Tool is in TOOL_DISPLAY_REGISTRY (client tools), OR
+  // 2. We're in build mode (integration tools are executed server-side), OR
+  // 3. Tool call is already completed (historical - should always render)
+  const isClientTool = !!TOOL_DISPLAY_REGISTRY[toolCall.name]
+  const isIntegrationToolInBuildMode = mode === 'build' && !isClientTool
+
+  if (!isClientTool && !isIntegrationToolInBuildMode && !isCompletedToolCall) {
+    return null
+  }
   const toolUIConfig = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig
   // Check if tool has params table config (meaning it's expandable)
   const hasParamsTable = !!toolUIConfig?.paramsTable
@@ -1564,14 +1530,6 @@ export function ToolCall({
     toolCall.name === 'make_api_request' ||
     toolCall.name === 'set_global_workflow_variables'
 
-  const interruptActions =
-    (toolCall.ui?.actions && toolCall.ui.actions.length > 0
-      ? toolCall.ui.actions
-      : [
-          { id: 'allow_once', label: 'Allow', kind: 'accept' as const },
-          { id: 'allow_always', label: 'Always Allow', kind: 'accept' as const, remember: true },
-          { id: 'reject', label: 'Skip', kind: 'reject' as const },
-        ]) as ToolUiAction[]
   const showButtons = isCurrentMessage && shouldShowRunSkipButtons(toolCall)
 
   // Check UI config for secondary action - only show for current message tool calls
@@ -2029,12 +1987,9 @@ export function ToolCall({
           <div className='mt-[10px]'>
             <Button
               onClick={async () => {
-                const removed = await removeAutoAllowedToolPreference(toolCall.name)
-                if (removed) {
-                  setAutoAllowRemovedForCall(true)
-                  setShowRemoveAutoAllow(false)
-                  forceUpdate({})
-                }
+                await removeAutoAllowedTool(toolCall.name)
+                setShowRemoveAutoAllow(false)
+                forceUpdate({})
               }}
               variant='default'
               className='text-xs'
@@ -2048,7 +2003,6 @@ export function ToolCall({
             toolCall={toolCall}
             onStateChange={handleStateChange}
             editedParams={editedParams}
-            actions={interruptActions}
           />
         )}
         {/* Render subagent content as thinking text */}
@@ -2094,12 +2048,9 @@ export function ToolCall({
           <div className='mt-[10px]'>
             <Button
               onClick={async () => {
-                const removed = await removeAutoAllowedToolPreference(toolCall.name)
-                if (removed) {
-                  setAutoAllowRemovedForCall(true)
-                  setShowRemoveAutoAllow(false)
-                  forceUpdate({})
-                }
+                await removeAutoAllowedTool(toolCall.name)
+                setShowRemoveAutoAllow(false)
+                forceUpdate({})
               }}
               variant='default'
               className='text-xs'
@@ -2113,7 +2064,6 @@ export function ToolCall({
             toolCall={toolCall}
             onStateChange={handleStateChange}
             editedParams={editedParams}
-            actions={interruptActions}
           />
         )}
         {/* Render subagent content as thinking text */}
@@ -2137,7 +2087,7 @@ export function ToolCall({
     }
   }
 
-  const isEditWorkflow = isWorkflowEditSummaryTool(toolCall)
+  const isEditWorkflow = toolCall.name === 'edit_workflow'
   const shouldShowDetails = isRunWorkflow || (isExpandableTool && expanded)
   const hasOperations = Array.isArray(params.operations) && params.operations.length > 0
   const hideTextForEditWorkflow = isEditWorkflow && hasOperations
@@ -2159,12 +2109,9 @@ export function ToolCall({
         <div className='mt-[10px]'>
           <Button
             onClick={async () => {
-              const removed = await removeAutoAllowedToolPreference(toolCall.name)
-              if (removed) {
-                setAutoAllowRemovedForCall(true)
-                setShowRemoveAutoAllow(false)
-                forceUpdate({})
-              }
+              await removeAutoAllowedTool(toolCall.name)
+              setShowRemoveAutoAllow(false)
+              forceUpdate({})
             }}
             variant='default'
             className='text-xs'
@@ -2178,7 +2125,6 @@ export function ToolCall({
           toolCall={toolCall}
           onStateChange={handleStateChange}
           editedParams={editedParams}
-          actions={interruptActions}
         />
       ) : showMoveToBackground ? (
         <div className='mt-[10px]'>
@@ -2209,7 +2155,7 @@ export function ToolCall({
           </Button>
         </div>
       ) : null}
-      {/* Workflow edit summary - shows block changes after edit_workflow/workflow_change(apply) */}
+      {/* Workflow edit summary - shows block changes after edit_workflow completes */}
       <WorkflowEditSummary toolCall={toolCall} />
 
       {/* Render subagent content as thinking text */}

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/copilot.tsx

@@ -113,6 +113,7 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     clearPlanArtifact,
     savePlanArtifact,
     loadAvailableModels,
+    loadAutoAllowedTools,
     resumeActiveStream,
   } = useCopilotStore()
 
@@ -124,6 +125,8 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     setCopilotWorkflowId,
     loadChats,
     loadAvailableModels,
+    loadAutoAllowedTools,
+    currentChat,
     isSendingMessage,
     resumeActiveStream,
   })

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/hooks/use-copilot-initialization.ts

@@ -12,6 +12,8 @@ interface UseCopilotInitializationProps {
   setCopilotWorkflowId: (workflowId: string | null) => Promise<void>
   loadChats: (forceRefresh?: boolean) => Promise<void>
   loadAvailableModels: () => Promise<void>
+  loadAutoAllowedTools: () => Promise<void>
+  currentChat: any
   isSendingMessage: boolean
   resumeActiveStream: () => Promise<boolean>
 }
@@ -30,6 +32,8 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     setCopilotWorkflowId,
     loadChats,
     loadAvailableModels,
+    loadAutoAllowedTools,
+    currentChat,
     isSendingMessage,
     resumeActiveStream,
   } = props
@@ -116,6 +120,17 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     })
   }, [isSendingMessage, resumeActiveStream])
 
+  /** Load auto-allowed tools once on mount - runs immediately, independent of workflow */
+  const hasLoadedAutoAllowedToolsRef = useRef(false)
+  useEffect(() => {
+    if (!hasLoadedAutoAllowedToolsRef.current) {
+      hasLoadedAutoAllowedToolsRef.current = true
+      loadAutoAllowedTools().catch((err) => {
+        logger.warn('[Copilot] Failed to load auto-allowed tools', err)
+      })
+    }
+  }, [loadAutoAllowedTools])
+
   /** Load available models once on mount */
   const hasLoadedModelsRef = useRef(false)
   useEffect(() => {

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/general/components/version-description-modal.tsx

@@ -113,7 +113,7 @@ export function VersionDescriptionModal({
               className='min-h-[120px] resize-none'
               value={description}
               onChange={(e) => setDescription(e.target.value)}
-              maxLength={500}
+              maxLength={2000}
               disabled={isGenerating}
             />
             <div className='flex items-center justify-between'>
@@ -123,7 +123,7 @@ export function VersionDescriptionModal({
                 </p>
               )}
               {!updateMutation.error && !generateMutation.error && <div />}
-              <p className='text-[11px] text-[var(--text-tertiary)]'>{description.length}/500</p>
+              <p className='text-[11px] text-[var(--text-tertiary)]'>{description.length}/2000</p>
             </div>
           </ModalBody>
           <ModalFooter>

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/hooks/use-change-detection.ts

@@ -57,6 +57,21 @@ export function useChangeDetection({
         }
       }
 
+      if (block.triggerMode) {
+        const triggerConfigValue = blockSubValues?.triggerConfig
+        if (
+          triggerConfigValue &&
+          typeof triggerConfigValue === 'object' &&
+          !subBlocks.triggerConfig
+        ) {
+          subBlocks.triggerConfig = {
+            id: 'triggerConfig',
+            type: 'short-input',
+            value: triggerConfigValue,
+          }
+        }
+      }
+
       blocksWithSubBlocks[blockId] = {
         ...block,
         subBlocks,

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-workflow-execution.ts

@@ -1,4 +1,4 @@
-import { useCallback, useRef, useState } from 'react'
+import { useCallback, useEffect, useRef, useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { useQueryClient } from '@tanstack/react-query'
 import { v4 as uuidv4 } from 'uuid'
@@ -46,7 +46,13 @@ import { useWorkflowStore } from '@/stores/workflows/workflow/store'
 
 const logger = createLogger('useWorkflowExecution')
 
-// Debug state validation result
+/**
+ * Module-level Set tracking which workflows have an active reconnection effect.
+ * Prevents multiple hook instances (from different components) from starting
+ * concurrent reconnection streams for the same workflow during the same mount cycle.
+ */
+const activeReconnections = new Set<string>()
+
 interface DebugValidationResult {
   isValid: boolean
   error?: string
@@ -54,7 +60,7 @@ interface DebugValidationResult {
 
 interface BlockEventHandlerConfig {
   workflowId?: string
-  executionId?: string
+  executionIdRef: { current: string }
   workflowEdges: Array<{ id: string; target: string; sourceHandle?: string | null }>
   activeBlocksSet: Set<string>
   accumulatedBlockLogs: BlockLog[]
@@ -108,12 +114,15 @@ export function useWorkflowExecution() {
   const queryClient = useQueryClient()
   const currentWorkflow = useCurrentWorkflow()
   const { activeWorkflowId, workflows } = useWorkflowRegistry()
-  const { toggleConsole, addConsole, updateConsole, cancelRunningEntries } =
+  const { toggleConsole, addConsole, updateConsole, cancelRunningEntries, clearExecutionEntries } =
     useTerminalConsoleStore()
+  const hasHydrated = useTerminalConsoleStore((s) => s._hasHydrated)
   const { getAllVariables } = useEnvironmentStore()
   const { getVariablesByWorkflowId, variables } = useVariablesStore()
   const { isExecuting, isDebugging, pendingBlocks, executor, debugContext } =
     useCurrentWorkflowExecution()
+  const setCurrentExecutionId = useExecutionStore((s) => s.setCurrentExecutionId)
+  const getCurrentExecutionId = useExecutionStore((s) => s.getCurrentExecutionId)
   const setIsExecuting = useExecutionStore((s) => s.setIsExecuting)
   const setIsDebugging = useExecutionStore((s) => s.setIsDebugging)
   const setPendingBlocks = useExecutionStore((s) => s.setPendingBlocks)
@@ -297,7 +306,7 @@ export function useWorkflowExecution() {
     (config: BlockEventHandlerConfig) => {
       const {
         workflowId,
-        executionId,
+        executionIdRef,
         workflowEdges,
         activeBlocksSet,
         accumulatedBlockLogs,
@@ -308,6 +317,14 @@ export function useWorkflowExecution() {
         onBlockCompleteCallback,
       } = config
 
+      /** Returns true if this execution was cancelled or superseded by another run. */
+      const isStaleExecution = () =>
+        !!(
+          workflowId &&
+          executionIdRef.current &&
+          useExecutionStore.getState().getCurrentExecutionId(workflowId) !== executionIdRef.current
+        )
+
       const updateActiveBlocks = (blockId: string, isActive: boolean) => {
         if (!workflowId) return
         if (isActive) {
@@ -360,7 +377,7 @@ export function useWorkflowExecution() {
           endedAt: data.endedAt,
           workflowId,
           blockId: data.blockId,
-          executionId,
+          executionId: executionIdRef.current,
           blockName: data.blockName || 'Unknown Block',
           blockType: data.blockType || 'unknown',
           iterationCurrent: data.iterationCurrent,
@@ -383,7 +400,7 @@ export function useWorkflowExecution() {
           endedAt: data.endedAt,
           workflowId,
           blockId: data.blockId,
-          executionId,
+          executionId: executionIdRef.current,
           blockName: data.blockName || 'Unknown Block',
           blockType: data.blockType || 'unknown',
           iterationCurrent: data.iterationCurrent,
@@ -410,7 +427,7 @@ export function useWorkflowExecution() {
             iterationType: data.iterationType,
             iterationContainerId: data.iterationContainerId,
           },
-          executionId
+          executionIdRef.current
         )
       }
 
@@ -432,11 +449,12 @@ export function useWorkflowExecution() {
             iterationType: data.iterationType,
             iterationContainerId: data.iterationContainerId,
           },
-          executionId
+          executionIdRef.current
         )
       }
 
       const onBlockStarted = (data: BlockStartedData) => {
+        if (isStaleExecution()) return
         updateActiveBlocks(data.blockId, true)
         markIncomingEdges(data.blockId)
 
@@ -453,7 +471,7 @@ export function useWorkflowExecution() {
           endedAt: undefined,
           workflowId,
           blockId: data.blockId,
-          executionId,
+          executionId: executionIdRef.current,
           blockName: data.blockName || 'Unknown Block',
           blockType: data.blockType || 'unknown',
           isRunning: true,
@@ -465,6 +483,7 @@ export function useWorkflowExecution() {
       }
 
       const onBlockCompleted = (data: BlockCompletedData) => {
+        if (isStaleExecution()) return
         updateActiveBlocks(data.blockId, false)
         if (workflowId) setBlockRunStatus(workflowId, data.blockId, 'success')
 
@@ -495,6 +514,7 @@ export function useWorkflowExecution() {
       }
 
       const onBlockError = (data: BlockErrorData) => {
+        if (isStaleExecution()) return
         updateActiveBlocks(data.blockId, false)
         if (workflowId) setBlockRunStatus(workflowId, data.blockId, 'error')
 
@@ -902,10 +922,6 @@ export function useWorkflowExecution() {
 
                 // Update block logs with actual stream completion times
                 if (result.logs && streamCompletionTimes.size > 0) {
-                  const streamCompletionEndTime = new Date(
-                    Math.max(...Array.from(streamCompletionTimes.values()))
-                  ).toISOString()
-
                   result.logs.forEach((log: BlockLog) => {
                     if (streamCompletionTimes.has(log.blockId)) {
                       const completionTime = streamCompletionTimes.get(log.blockId)!
@@ -987,7 +1003,6 @@ export function useWorkflowExecution() {
         return { success: true, stream }
       }
 
-      // For manual (non-chat) execution
       const manualExecutionId = uuidv4()
       try {
         const result = await executeWorkflow(
@@ -1002,29 +1017,10 @@ export function useWorkflowExecution() {
           if (result.metadata.pendingBlocks) {
             setPendingBlocks(activeWorkflowId, result.metadata.pendingBlocks)
           }
-        } else if (result && 'success' in result) {
-          setExecutionResult(result)
-          // Reset execution state after successful non-debug execution
-          setIsExecuting(activeWorkflowId, false)
-          setIsDebugging(activeWorkflowId, false)
-          setActiveBlocks(activeWorkflowId, new Set())
-
-          if (isChatExecution) {
-            if (!result.metadata) {
-              result.metadata = { duration: 0, startTime: new Date().toISOString() }
-            }
-            ;(result.metadata as any).source = 'chat'
-          }
-
-          // Invalidate subscription queries to update usage
-          setTimeout(() => {
-            queryClient.invalidateQueries({ queryKey: subscriptionKeys.all })
-          }, 1000)
         }
         return result
       } catch (error: any) {
         const errorResult = handleExecutionError(error, { executionId: manualExecutionId })
-        // Note: Error logs are already persisted server-side via execution-core.ts
         return errorResult
       }
     },
@@ -1275,7 +1271,7 @@ export function useWorkflowExecution() {
     if (activeWorkflowId) {
       logger.info('Using server-side executor')
 
-      const executionId = uuidv4()
+      const executionIdRef = { current: '' }
 
       let executionResult: ExecutionResult = {
         success: false,
@@ -1293,7 +1289,7 @@ export function useWorkflowExecution() {
       try {
         const blockHandlers = buildBlockEventHandlers({
           workflowId: activeWorkflowId,
-          executionId,
+          executionIdRef,
           workflowEdges,
           activeBlocksSet,
           accumulatedBlockLogs,
@@ -1326,6 +1322,10 @@ export function useWorkflowExecution() {
             loops: clientWorkflowState.loops,
             parallels: clientWorkflowState.parallels,
           },
+          onExecutionId: (id) => {
+            executionIdRef.current = id
+            setCurrentExecutionId(activeWorkflowId, id)
+          },
           callbacks: {
             onExecutionStarted: (data) => {
               logger.info('Server execution started:', data)
@@ -1368,6 +1368,18 @@ export function useWorkflowExecution() {
             },
 
             onExecutionCompleted: (data) => {
+              if (
+                activeWorkflowId &&
+                executionIdRef.current &&
+                useExecutionStore.getState().getCurrentExecutionId(activeWorkflowId) !==
+                  executionIdRef.current
+              )
+                return
+
+              if (activeWorkflowId) {
+                setCurrentExecutionId(activeWorkflowId, null)
+              }
+
               executionResult = {
                 success: data.success,
                 output: data.output,
@@ -1425,9 +1437,33 @@ export function useWorkflowExecution() {
                   })
                 }
               }
+
+              const workflowExecState = activeWorkflowId
+                ? useExecutionStore.getState().getWorkflowExecution(activeWorkflowId)
+                : null
+              if (activeWorkflowId && !workflowExecState?.isDebugging) {
+                setExecutionResult(executionResult)
+                setIsExecuting(activeWorkflowId, false)
+                setActiveBlocks(activeWorkflowId, new Set())
+                setTimeout(() => {
+                  queryClient.invalidateQueries({ queryKey: subscriptionKeys.all })
+                }, 1000)
+              }
             },
 
             onExecutionError: (data) => {
+              if (
+                activeWorkflowId &&
+                executionIdRef.current &&
+                useExecutionStore.getState().getCurrentExecutionId(activeWorkflowId) !==
+                  executionIdRef.current
+              )
+                return
+
+              if (activeWorkflowId) {
+                setCurrentExecutionId(activeWorkflowId, null)
+              }
+
               executionResult = {
                 success: false,
                 output: {},
@@ -1441,43 +1477,53 @@ export function useWorkflowExecution() {
               const isPreExecutionError = accumulatedBlockLogs.length === 0
               handleExecutionErrorConsole({
                 workflowId: activeWorkflowId,
-                executionId,
+                executionId: executionIdRef.current,
                 error: data.error,
                 durationMs: data.duration,
                 blockLogs: accumulatedBlockLogs,
                 isPreExecutionError,
               })
+
+              if (activeWorkflowId) {
+                setIsExecuting(activeWorkflowId, false)
+                setIsDebugging(activeWorkflowId, false)
+                setActiveBlocks(activeWorkflowId, new Set())
+              }
             },
 
             onExecutionCancelled: (data) => {
+              if (
+                activeWorkflowId &&
+                executionIdRef.current &&
+                useExecutionStore.getState().getCurrentExecutionId(activeWorkflowId) !==
+                  executionIdRef.current
+              )
+                return
+
+              if (activeWorkflowId) {
+                setCurrentExecutionId(activeWorkflowId, null)
+              }
+
               handleExecutionCancelledConsole({
                 workflowId: activeWorkflowId,
-                executionId,
+                executionId: executionIdRef.current,
                 durationMs: data?.duration,
               })
+
+              if (activeWorkflowId) {
+                setIsExecuting(activeWorkflowId, false)
+                setIsDebugging(activeWorkflowId, false)
+                setActiveBlocks(activeWorkflowId, new Set())
+              }
             },
           },
         })
 
         return executionResult
       } catch (error: any) {
-        // Don't log abort errors - they're intentional user actions
         if (error.name === 'AbortError' || error.message?.includes('aborted')) {
           logger.info('Execution aborted by user')
-
-          // Reset execution state
-          if (activeWorkflowId) {
-            setIsExecuting(activeWorkflowId, false)
-            setActiveBlocks(activeWorkflowId, new Set())
-          }
-
-          // Return gracefully without error
-          return {
-            success: false,
-            output: {},
-            metadata: { duration: 0 },
-            logs: [],
-          }
+          return executionResult
         }
 
         logger.error('Server-side execution failed:', error)
@@ -1485,7 +1531,6 @@ export function useWorkflowExecution() {
       }
     }
 
-    // Fallback: should never reach here
     throw new Error('Server-side execution is required')
   }
 
@@ -1717,25 +1762,28 @@ export function useWorkflowExecution() {
    * Handles cancelling the current workflow execution
    */
   const handleCancelExecution = useCallback(() => {
+    if (!activeWorkflowId) return
     logger.info('Workflow execution cancellation requested')
 
-    // Cancel the execution stream for this workflow (server-side)
-    executionStream.cancel(activeWorkflowId ?? undefined)
+    const storedExecutionId = getCurrentExecutionId(activeWorkflowId)
 
-    // Mark current chat execution as superseded so its cleanup won't affect new executions
-    currentChatExecutionIdRef.current = null
-
-    // Mark all running entries as canceled in the terminal
-    if (activeWorkflowId) {
-      cancelRunningEntries(activeWorkflowId)
-
-      // Reset execution state - this triggers chat stream cleanup via useEffect in chat.tsx
-      setIsExecuting(activeWorkflowId, false)
-      setIsDebugging(activeWorkflowId, false)
-      setActiveBlocks(activeWorkflowId, new Set())
+    if (storedExecutionId) {
+      setCurrentExecutionId(activeWorkflowId, null)
+      fetch(`/api/workflows/${activeWorkflowId}/executions/${storedExecutionId}/cancel`, {
+        method: 'POST',
+      }).catch(() => {})
+      handleExecutionCancelledConsole({
+        workflowId: activeWorkflowId,
+        executionId: storedExecutionId,
+      })
     }
 
-    // If in debug mode, also reset debug state
+    executionStream.cancel(activeWorkflowId)
+    currentChatExecutionIdRef.current = null
+    setIsExecuting(activeWorkflowId, false)
+    setIsDebugging(activeWorkflowId, false)
+    setActiveBlocks(activeWorkflowId, new Set())
+
     if (isDebugging) {
       resetDebugState()
     }
@@ -1747,7 +1795,9 @@ export function useWorkflowExecution() {
     setIsDebugging,
     setActiveBlocks,
     activeWorkflowId,
-    cancelRunningEntries,
+    getCurrentExecutionId,
+    setCurrentExecutionId,
+    handleExecutionCancelledConsole,
   ])
 
   /**
@@ -1847,7 +1897,7 @@ export function useWorkflowExecution() {
       }
 
       setIsExecuting(workflowId, true)
-      const executionId = uuidv4()
+      const executionIdRef = { current: '' }
       const accumulatedBlockLogs: BlockLog[] = []
       const accumulatedBlockStates = new Map<string, BlockState>()
       const executedBlockIds = new Set<string>()
@@ -1856,7 +1906,7 @@ export function useWorkflowExecution() {
       try {
         const blockHandlers = buildBlockEventHandlers({
           workflowId,
-          executionId,
+          executionIdRef,
           workflowEdges,
           activeBlocksSet,
           accumulatedBlockLogs,
@@ -1871,6 +1921,10 @@ export function useWorkflowExecution() {
           startBlockId: blockId,
           sourceSnapshot: effectiveSnapshot,
           input: workflowInput,
+          onExecutionId: (id) => {
+            executionIdRef.current = id
+            setCurrentExecutionId(workflowId, id)
+          },
           callbacks: {
             onBlockStarted: blockHandlers.onBlockStarted,
             onBlockCompleted: blockHandlers.onBlockCompleted,
@@ -1878,7 +1932,6 @@ export function useWorkflowExecution() {
 
             onExecutionCompleted: (data) => {
               if (data.success) {
-                // Add the start block (trigger) to executed blocks
                 executedBlockIds.add(blockId)
 
                 const mergedBlockStates: Record<string, BlockState> = {
@@ -1902,6 +1955,10 @@ export function useWorkflowExecution() {
                 }
                 setLastExecutionSnapshot(workflowId, updatedSnapshot)
               }
+
+              setCurrentExecutionId(workflowId, null)
+              setIsExecuting(workflowId, false)
+              setActiveBlocks(workflowId, new Set())
             },
 
             onExecutionError: (data) => {
@@ -1921,19 +1978,27 @@ export function useWorkflowExecution() {
 
               handleExecutionErrorConsole({
                 workflowId,
-                executionId,
+                executionId: executionIdRef.current,
                 error: data.error,
                 durationMs: data.duration,
                 blockLogs: accumulatedBlockLogs,
               })
+
+              setCurrentExecutionId(workflowId, null)
+              setIsExecuting(workflowId, false)
+              setActiveBlocks(workflowId, new Set())
             },
 
             onExecutionCancelled: (data) => {
               handleExecutionCancelledConsole({
                 workflowId,
-                executionId,
+                executionId: executionIdRef.current,
                 durationMs: data?.duration,
               })
+
+              setCurrentExecutionId(workflowId, null)
+              setIsExecuting(workflowId, false)
+              setActiveBlocks(workflowId, new Set())
             },
           },
         })
@@ -1942,14 +2007,20 @@ export function useWorkflowExecution() {
           logger.error('Run-from-block failed:', error)
         }
       } finally {
-        setIsExecuting(workflowId, false)
-        setActiveBlocks(workflowId, new Set())
+        const currentId = getCurrentExecutionId(workflowId)
+        if (currentId === null || currentId === executionIdRef.current) {
+          setCurrentExecutionId(workflowId, null)
+          setIsExecuting(workflowId, false)
+          setActiveBlocks(workflowId, new Set())
+        }
       }
     },
     [
       getLastExecutionSnapshot,
       setLastExecutionSnapshot,
       clearLastExecutionSnapshot,
+      getCurrentExecutionId,
+      setCurrentExecutionId,
       setIsExecuting,
       setActiveBlocks,
       setBlockRunStatus,
@@ -1979,29 +2050,213 @@ export function useWorkflowExecution() {
 
       const executionId = uuidv4()
       try {
-        const result = await executeWorkflow(
-          undefined,
-          undefined,
-          executionId,
-          undefined,
-          'manual',
-          blockId
-        )
-        if (result && 'success' in result) {
-          setExecutionResult(result)
-        }
+        await executeWorkflow(undefined, undefined, executionId, undefined, 'manual', blockId)
       } catch (error) {
         const errorResult = handleExecutionError(error, { executionId })
         return errorResult
       } finally {
+        setCurrentExecutionId(workflowId, null)
         setIsExecuting(workflowId, false)
         setIsDebugging(workflowId, false)
         setActiveBlocks(workflowId, new Set())
       }
     },
-    [activeWorkflowId, setExecutionResult, setIsExecuting, setIsDebugging, setActiveBlocks]
+    [
+      activeWorkflowId,
+      setCurrentExecutionId,
+      setExecutionResult,
+      setIsExecuting,
+      setIsDebugging,
+      setActiveBlocks,
+    ]
   )
 
+  useEffect(() => {
+    if (!activeWorkflowId || !hasHydrated) return
+
+    const entries = useTerminalConsoleStore.getState().entries
+    const runningEntries = entries.filter(
+      (e) => e.isRunning && e.workflowId === activeWorkflowId && e.executionId
+    )
+    if (runningEntries.length === 0) return
+
+    if (activeReconnections.has(activeWorkflowId)) return
+    activeReconnections.add(activeWorkflowId)
+
+    executionStream.cancel(activeWorkflowId)
+
+    const sorted = [...runningEntries].sort((a, b) => {
+      const aTime = a.startedAt ? new Date(a.startedAt).getTime() : 0
+      const bTime = b.startedAt ? new Date(b.startedAt).getTime() : 0
+      return bTime - aTime
+    })
+    const executionId = sorted[0].executionId!
+
+    const otherExecutionIds = new Set(
+      sorted.filter((e) => e.executionId !== executionId).map((e) => e.executionId!)
+    )
+    if (otherExecutionIds.size > 0) {
+      cancelRunningEntries(activeWorkflowId)
+    }
+
+    setCurrentExecutionId(activeWorkflowId, executionId)
+    setIsExecuting(activeWorkflowId, true)
+
+    const workflowEdges = useWorkflowStore.getState().edges
+    const activeBlocksSet = new Set<string>()
+    const accumulatedBlockLogs: BlockLog[] = []
+    const accumulatedBlockStates = new Map<string, BlockState>()
+    const executedBlockIds = new Set<string>()
+
+    const executionIdRef = { current: executionId }
+
+    const handlers = buildBlockEventHandlers({
+      workflowId: activeWorkflowId,
+      executionIdRef,
+      workflowEdges,
+      activeBlocksSet,
+      accumulatedBlockLogs,
+      accumulatedBlockStates,
+      executedBlockIds,
+      consoleMode: 'update',
+      includeStartConsoleEntry: true,
+    })
+
+    const originalEntries = entries
+      .filter((e) => e.executionId === executionId)
+      .map((e) => ({ ...e }))
+
+    let cleared = false
+    let reconnectionComplete = false
+    let cleanupRan = false
+    const clearOnce = () => {
+      if (!cleared) {
+        cleared = true
+        clearExecutionEntries(executionId)
+      }
+    }
+
+    const reconnectWorkflowId = activeWorkflowId
+
+    executionStream
+      .reconnect({
+        workflowId: reconnectWorkflowId,
+        executionId,
+        callbacks: {
+          onBlockStarted: (data) => {
+            clearOnce()
+            handlers.onBlockStarted(data)
+          },
+          onBlockCompleted: (data) => {
+            clearOnce()
+            handlers.onBlockCompleted(data)
+          },
+          onBlockError: (data) => {
+            clearOnce()
+            handlers.onBlockError(data)
+          },
+          onExecutionCompleted: () => {
+            const currentId = useExecutionStore
+              .getState()
+              .getCurrentExecutionId(reconnectWorkflowId)
+            if (currentId !== executionId) {
+              reconnectionComplete = true
+              activeReconnections.delete(reconnectWorkflowId)
+              return
+            }
+            clearOnce()
+            reconnectionComplete = true
+            activeReconnections.delete(reconnectWorkflowId)
+            setCurrentExecutionId(reconnectWorkflowId, null)
+            setIsExecuting(reconnectWorkflowId, false)
+            setActiveBlocks(reconnectWorkflowId, new Set())
+          },
+          onExecutionError: (data) => {
+            const currentId = useExecutionStore
+              .getState()
+              .getCurrentExecutionId(reconnectWorkflowId)
+            if (currentId !== executionId) {
+              reconnectionComplete = true
+              activeReconnections.delete(reconnectWorkflowId)
+              return
+            }
+            clearOnce()
+            reconnectionComplete = true
+            activeReconnections.delete(reconnectWorkflowId)
+            setCurrentExecutionId(reconnectWorkflowId, null)
+            setIsExecuting(reconnectWorkflowId, false)
+            setActiveBlocks(reconnectWorkflowId, new Set())
+            handleExecutionErrorConsole({
+              workflowId: reconnectWorkflowId,
+              executionId,
+              error: data.error,
+              blockLogs: accumulatedBlockLogs,
+            })
+          },
+          onExecutionCancelled: () => {
+            const currentId = useExecutionStore
+              .getState()
+              .getCurrentExecutionId(reconnectWorkflowId)
+            if (currentId !== executionId) {
+              reconnectionComplete = true
+              activeReconnections.delete(reconnectWorkflowId)
+              return
+            }
+            clearOnce()
+            reconnectionComplete = true
+            activeReconnections.delete(reconnectWorkflowId)
+            setCurrentExecutionId(reconnectWorkflowId, null)
+            setIsExecuting(reconnectWorkflowId, false)
+            setActiveBlocks(reconnectWorkflowId, new Set())
+            handleExecutionCancelledConsole({
+              workflowId: reconnectWorkflowId,
+              executionId,
+            })
+          },
+        },
+      })
+      .catch((error) => {
+        logger.warn('Execution reconnection failed', { executionId, error })
+      })
+      .finally(() => {
+        if (reconnectionComplete || cleanupRan) return
+        const currentId = useExecutionStore.getState().getCurrentExecutionId(reconnectWorkflowId)
+        if (currentId !== executionId) return
+        reconnectionComplete = true
+        activeReconnections.delete(reconnectWorkflowId)
+        clearExecutionEntries(executionId)
+        for (const entry of originalEntries) {
+          addConsole({
+            workflowId: entry.workflowId,
+            blockId: entry.blockId,
+            blockName: entry.blockName,
+            blockType: entry.blockType,
+            executionId: entry.executionId,
+            executionOrder: entry.executionOrder,
+            isRunning: false,
+            warning: 'Execution result unavailable — check the logs page',
+          })
+        }
+        setCurrentExecutionId(reconnectWorkflowId, null)
+        setIsExecuting(reconnectWorkflowId, false)
+        setActiveBlocks(reconnectWorkflowId, new Set())
+      })
+
+    return () => {
+      cleanupRan = true
+      executionStream.cancel(reconnectWorkflowId)
+      activeReconnections.delete(reconnectWorkflowId)
+
+      if (cleared && !reconnectionComplete) {
+        clearExecutionEntries(executionId)
+        for (const entry of originalEntries) {
+          addConsole(entry)
+        }
+      }
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [activeWorkflowId, hasHydrated])
+
   return {
     isExecuting,
     isDebugging,

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/components/index.ts

@@ -1,3 +1,4 @@
 export { CancelSubscription } from './cancel-subscription'
 export { CreditBalance } from './credit-balance'
 export { PlanCard, type PlanCardProps, type PlanFeature } from './plan-card'
+export { ReferralCode } from './referral-code'

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/components/referral-code/index.ts

@@ -0,0 +1 @@
+export { ReferralCode } from './referral-code'

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/components/referral-code/referral-code.tsx

@@ -0,0 +1,101 @@
+'use client'
+
+import { useState } from 'react'
+import { createLogger } from '@sim/logger'
+import { Button, Input, Label } from '@/components/emcn'
+
+const logger = createLogger('ReferralCode')
+
+interface ReferralCodeProps {
+  onRedeemComplete?: () => void
+}
+
+/**
+ * Inline referral/promo code entry field with redeem button.
+ * One-time use per account — shows success or "already redeemed" state.
+ */
+export function ReferralCode({ onRedeemComplete }: ReferralCodeProps) {
+  const [code, setCode] = useState('')
+  const [isRedeeming, setIsRedeeming] = useState(false)
+  const [error, setError] = useState<string | null>(null)
+  const [success, setSuccess] = useState<{ bonusAmount: number } | null>(null)
+
+  const handleRedeem = async () => {
+    const trimmed = code.trim()
+    if (!trimmed || isRedeeming) return
+
+    setIsRedeeming(true)
+    setError(null)
+
+    try {
+      const response = await fetch('/api/referral-code/redeem', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ code: trimmed }),
+      })
+
+      const data = await response.json()
+
+      if (!response.ok) {
+        throw new Error(data.error || 'Failed to redeem code')
+      }
+
+      if (data.redeemed) {
+        setSuccess({ bonusAmount: data.bonusAmount })
+        setCode('')
+        onRedeemComplete?.()
+      } else {
+        setError(data.error || 'Code could not be redeemed')
+      }
+    } catch (err) {
+      logger.error('Referral code redemption failed', { error: err })
+      setError(err instanceof Error ? err.message : 'Failed to redeem code')
+    } finally {
+      setIsRedeeming(false)
+    }
+  }
+
+  if (success) {
+    return (
+      <div className='flex items-center justify-between'>
+        <Label>Referral Code</Label>
+        <span className='text-[12px] text-[var(--text-secondary)]'>
+          +${success.bonusAmount} credits applied
+        </span>
+      </div>
+    )
+  }
+
+  return (
+    <div className='flex items-center justify-between gap-[12px]'>
+      <Label className='shrink-0'>Referral Code</Label>
+      <div className='flex items-center gap-[8px]'>
+        <div className='flex flex-col'>
+          <Input
+            type='text'
+            value={code}
+            onChange={(e) => {
+              setCode(e.target.value)
+              setError(null)
+            }}
+            onKeyDown={(e) => {
+              if (e.key === 'Enter') handleRedeem()
+            }}
+            placeholder='Enter code'
+            className='h-[32px] w-[140px] text-[12px]'
+            disabled={isRedeeming}
+          />
+          {error && <span className='mt-[4px] text-[11px] text-[var(--text-error)]'>{error}</span>}
+        </div>
+        <Button
+          variant='active'
+          className='h-[32px] shrink-0 rounded-[6px] text-[12px]'
+          onClick={handleRedeem}
+          disabled={isRedeeming || !code.trim()}
+        >
+          {isRedeeming ? 'Redeeming...' : 'Redeem'}
+        </Button>
+      </div>
+    </div>
+  )
+}

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/subscription.tsx

@@ -17,6 +17,7 @@ import {
   CancelSubscription,
   CreditBalance,
   PlanCard,
+  ReferralCode,
 } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/subscription/components'
 import {
   ENTERPRISE_PLAN_FEATURES,
@@ -549,6 +550,10 @@ export function Subscription() {
         />
       )}
 
+      {!subscription.isEnterprise && (
+        <ReferralCode onRedeemComplete={() => refetchSubscription()} />
+      )}
+
       {/* Next Billing Date - hidden from team members */}
       {subscription.isPaid &&
         subscriptionData?.data?.periodEnd &&

apps/sim/app/workspace/page.tsx

@@ -4,12 +4,14 @@ import { useEffect } from 'react'
 import { createLogger } from '@sim/logger'
 import { useRouter } from 'next/navigation'
 import { useSession } from '@/lib/auth/auth-client'
+import { useReferralAttribution } from '@/hooks/use-referral-attribution'
 
 const logger = createLogger('WorkspacePage')
 
 export default function WorkspacePage() {
   const router = useRouter()
   const { data: session, isPending } = useSession()
+  useReferralAttribution()
 
   useEffect(() => {
     const redirectToFirstWorkspace = async () => {

apps/sim/hooks/queries/deployments.ts

@@ -423,7 +423,7 @@ interface GenerateVersionDescriptionVariables {
 
 const VERSION_DESCRIPTION_SYSTEM_PROMPT = `You are writing deployment version descriptions for a workflow automation platform.
 
-Write a brief, factual description (1-3 sentences, under 400 characters) that states what changed between versions.
+Write a brief, factual description (1-3 sentences, under 2000 characters) that states what changed between versions.
 
 Guidelines:
 - Use the specific values provided (credential names, channel names, model names)

apps/sim/hooks/use-execution-stream.ts

@@ -1,4 +1,4 @@
-import { useCallback, useRef } from 'react'
+import { useCallback } from 'react'
 import { createLogger } from '@sim/logger'
 import type {
   BlockCompletedData,
@@ -16,6 +16,18 @@ import type { SerializableExecutionState } from '@/executor/execution/types'
 
 const logger = createLogger('useExecutionStream')
 
+/**
+ * Detects errors caused by the browser killing a fetch (page refresh, navigation, tab close).
+ * These should be treated as clean disconnects, not execution errors.
+ */
+function isClientDisconnectError(error: any): boolean {
+  if (error.name === 'AbortError') return true
+  const msg = (error.message ?? '').toLowerCase()
+  return (
+    msg.includes('network error') || msg.includes('failed to fetch') || msg.includes('load failed')
+  )
+}
+
 /**
  * Processes SSE events from a response body and invokes appropriate callbacks.
  */
@@ -121,6 +133,7 @@ export interface ExecuteStreamOptions {
     parallels?: Record<string, any>
   }
   stopAfterBlockId?: string
+  onExecutionId?: (executionId: string) => void
   callbacks?: ExecutionStreamCallbacks
 }
 
@@ -129,30 +142,40 @@ export interface ExecuteFromBlockOptions {
   startBlockId: string
   sourceSnapshot: SerializableExecutionState
   input?: any
+  onExecutionId?: (executionId: string) => void
   callbacks?: ExecutionStreamCallbacks
 }
 
+export interface ReconnectStreamOptions {
+  workflowId: string
+  executionId: string
+  fromEventId?: number
+  callbacks?: ExecutionStreamCallbacks
+}
+
+/**
+ * Module-level map shared across all hook instances.
+ * Ensures ANY instance can cancel streams started by ANY other instance,
+ * which is critical for SPA navigation where the original hook instance unmounts
+ * but the SSE stream must be cancellable from the new instance.
+ */
+const sharedAbortControllers = new Map<string, AbortController>()
+
 /**
  * Hook for executing workflows via server-side SSE streaming.
  * Supports concurrent executions via per-workflow AbortController maps.
  */
 export function useExecutionStream() {
-  const abortControllersRef = useRef<Map<string, AbortController>>(new Map())
-  const currentExecutionsRef = useRef<Map<string, { workflowId: string; executionId: string }>>(
-    new Map()
-  )
-
   const execute = useCallback(async (options: ExecuteStreamOptions) => {
-    const { workflowId, callbacks = {}, ...payload } = options
+    const { workflowId, callbacks = {}, onExecutionId, ...payload } = options
 
-    const existing = abortControllersRef.current.get(workflowId)
+    const existing = sharedAbortControllers.get(workflowId)
     if (existing) {
       existing.abort()
     }
 
     const abortController = new AbortController()
-    abortControllersRef.current.set(workflowId, abortController)
-    currentExecutionsRef.current.delete(workflowId)
+    sharedAbortControllers.set(workflowId, abortController)
 
     try {
       const response = await fetch(`/api/workflows/${workflowId}/execute`, {
@@ -177,42 +200,48 @@ export function useExecutionStream() {
         throw new Error('No response body')
       }
 
-      const executionId = response.headers.get('X-Execution-Id')
-      if (executionId) {
-        currentExecutionsRef.current.set(workflowId, { workflowId, executionId })
+      const serverExecutionId = response.headers.get('X-Execution-Id')
+      if (serverExecutionId) {
+        onExecutionId?.(serverExecutionId)
       }
 
       const reader = response.body.getReader()
       await processSSEStream(reader, callbacks, 'Execution')
     } catch (error: any) {
-      if (error.name === 'AbortError') {
-        logger.info('Execution stream cancelled')
-        callbacks.onExecutionCancelled?.({ duration: 0 })
-      } else {
-        logger.error('Execution stream error:', error)
-        callbacks.onExecutionError?.({
-          error: error.message || 'Unknown error',
-          duration: 0,
-        })
+      if (isClientDisconnectError(error)) {
+        logger.info('Execution stream disconnected (page unload or abort)')
+        return
       }
+      logger.error('Execution stream error:', error)
+      callbacks.onExecutionError?.({
+        error: error.message || 'Unknown error',
+        duration: 0,
+      })
       throw error
     } finally {
-      abortControllersRef.current.delete(workflowId)
-      currentExecutionsRef.current.delete(workflowId)
+      if (sharedAbortControllers.get(workflowId) === abortController) {
+        sharedAbortControllers.delete(workflowId)
+      }
     }
   }, [])
 
   const executeFromBlock = useCallback(async (options: ExecuteFromBlockOptions) => {
-    const { workflowId, startBlockId, sourceSnapshot, input, callbacks = {} } = options
+    const {
+      workflowId,
+      startBlockId,
+      sourceSnapshot,
+      input,
+      onExecutionId,
+      callbacks = {},
+    } = options
 
-    const existing = abortControllersRef.current.get(workflowId)
+    const existing = sharedAbortControllers.get(workflowId)
     if (existing) {
       existing.abort()
     }
 
     const abortController = new AbortController()
-    abortControllersRef.current.set(workflowId, abortController)
-    currentExecutionsRef.current.delete(workflowId)
+    sharedAbortControllers.set(workflowId, abortController)
 
     try {
       const response = await fetch(`/api/workflows/${workflowId}/execute`, {
@@ -246,64 +275,80 @@ export function useExecutionStream() {
         throw new Error('No response body')
       }
 
-      const executionId = response.headers.get('X-Execution-Id')
-      if (executionId) {
-        currentExecutionsRef.current.set(workflowId, { workflowId, executionId })
+      const serverExecutionId = response.headers.get('X-Execution-Id')
+      if (serverExecutionId) {
+        onExecutionId?.(serverExecutionId)
       }
 
       const reader = response.body.getReader()
       await processSSEStream(reader, callbacks, 'Run-from-block')
     } catch (error: any) {
-      if (error.name === 'AbortError') {
-        logger.info('Run-from-block execution cancelled')
-        callbacks.onExecutionCancelled?.({ duration: 0 })
-      } else {
-        logger.error('Run-from-block execution error:', error)
-        callbacks.onExecutionError?.({
-          error: error.message || 'Unknown error',
-          duration: 0,
-        })
+      if (isClientDisconnectError(error)) {
+        logger.info('Run-from-block stream disconnected (page unload or abort)')
+        return
       }
+      logger.error('Run-from-block execution error:', error)
+      callbacks.onExecutionError?.({
+        error: error.message || 'Unknown error',
+        duration: 0,
+      })
       throw error
     } finally {
-      abortControllersRef.current.delete(workflowId)
-      currentExecutionsRef.current.delete(workflowId)
+      if (sharedAbortControllers.get(workflowId) === abortController) {
+        sharedAbortControllers.delete(workflowId)
+      }
+    }
+  }, [])
+
+  const reconnect = useCallback(async (options: ReconnectStreamOptions) => {
+    const { workflowId, executionId, fromEventId = 0, callbacks = {} } = options
+
+    const existing = sharedAbortControllers.get(workflowId)
+    if (existing) {
+      existing.abort()
+    }
+
+    const abortController = new AbortController()
+    sharedAbortControllers.set(workflowId, abortController)
+    try {
+      const response = await fetch(
+        `/api/workflows/${workflowId}/executions/${executionId}/stream?from=${fromEventId}`,
+        { signal: abortController.signal }
+      )
+      if (!response.ok) throw new Error(`Reconnect failed (${response.status})`)
+      if (!response.body) throw new Error('No response body')
+
+      await processSSEStream(response.body.getReader(), callbacks, 'Reconnect')
+    } catch (error: any) {
+      if (isClientDisconnectError(error)) return
+      logger.error('Reconnection stream error:', error)
+      throw error
+    } finally {
+      if (sharedAbortControllers.get(workflowId) === abortController) {
+        sharedAbortControllers.delete(workflowId)
+      }
     }
   }, [])
 
   const cancel = useCallback((workflowId?: string) => {
     if (workflowId) {
-      const execution = currentExecutionsRef.current.get(workflowId)
-      if (execution) {
-        fetch(`/api/workflows/${execution.workflowId}/executions/${execution.executionId}/cancel`, {
-          method: 'POST',
-        }).catch(() => {})
-      }
-
-      const controller = abortControllersRef.current.get(workflowId)
+      const controller = sharedAbortControllers.get(workflowId)
       if (controller) {
         controller.abort()
-        abortControllersRef.current.delete(workflowId)
+        sharedAbortControllers.delete(workflowId)
       }
-      currentExecutionsRef.current.delete(workflowId)
     } else {
-      for (const [, execution] of currentExecutionsRef.current) {
-        fetch(`/api/workflows/${execution.workflowId}/executions/${execution.executionId}/cancel`, {
-          method: 'POST',
-        }).catch(() => {})
-      }
-
-      for (const [, controller] of abortControllersRef.current) {
+      for (const [, controller] of sharedAbortControllers) {
         controller.abort()
       }
-      abortControllersRef.current.clear()
-      currentExecutionsRef.current.clear()
+      sharedAbortControllers.clear()
     }
   }, [])
 
   return {
     execute,
     executeFromBlock,
+    reconnect,
     cancel,
   }
 }

apps/sim/hooks/use-referral-attribution.ts

@@ -0,0 +1,46 @@
+'use client'
+
+import { useEffect, useRef } from 'react'
+import { createLogger } from '@sim/logger'
+
+const logger = createLogger('ReferralAttribution')
+
+const COOKIE_NAME = 'sim_utm'
+
+const TERMINAL_REASONS = new Set([
+  'account_predates_cookie',
+  'invalid_cookie',
+  'no_utm_cookie',
+  'no_matching_campaign',
+])
+
+/**
+ * Fires a one-shot `POST /api/attribution` when a `sim_utm` cookie is present.
+ * Retries on transient failures; stops on terminal outcomes.
+ */
+export function useReferralAttribution() {
+  const calledRef = useRef(false)
+
+  useEffect(() => {
+    if (calledRef.current) return
+    if (!document.cookie.includes(COOKIE_NAME)) return
+
+    calledRef.current = true
+
+    fetch('/api/attribution', { method: 'POST' })
+      .then((res) => res.json())
+      .then((data) => {
+        if (data.attributed) {
+          logger.info('Referral attribution successful', { bonusAmount: data.bonusAmount })
+        } else if (data.error || TERMINAL_REASONS.has(data.reason)) {
+          logger.info('Referral attribution skipped', { reason: data.reason || data.error })
+        } else {
+          calledRef.current = false
+        }
+      })
+      .catch((err) => {
+        logger.warn('Referral attribution failed, will retry', { error: err })
+        calledRef.current = false
+      })
+  }, [])
+}

apps/sim/lib/billing/credits/bonus.ts

@@ -0,0 +1,64 @@
+import { db } from '@sim/db'
+import { organization, userStats } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { eq, sql } from 'drizzle-orm'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
+import type { DbOrTx } from '@/lib/db/types'
+
+const logger = createLogger('BonusCredits')
+
+/**
+ * Apply bonus credits to a user (e.g. referral bonuses, promotional codes).
+ *
+ * Detects the user's current plan and routes credits accordingly:
+ * - Free/Pro: adds to `userStats.creditBalance` and increments `currentUsageLimit`
+ * - Team/Enterprise: adds to `organization.creditBalance` and increments `orgUsageLimit`
+ *
+ * Uses direct increment (not recalculation) so it works correctly for free-tier
+ * users where `setUsageLimitForCredits` would compute planBase=0 and skip the update.
+ *
+ * @param tx - Optional Drizzle transaction context. When provided, all DB writes
+ *             participate in the caller's transaction for atomicity.
+ */
+export async function applyBonusCredits(
+  userId: string,
+  amount: number,
+  tx?: DbOrTx
+): Promise<void> {
+  const dbCtx = tx ?? db
+  const subscription = await getHighestPrioritySubscription(userId)
+  const isTeamOrEnterprise = subscription?.plan === 'team' || subscription?.plan === 'enterprise'
+
+  if (isTeamOrEnterprise && subscription?.referenceId) {
+    const orgId = subscription.referenceId
+
+    await dbCtx
+      .update(organization)
+      .set({
+        creditBalance: sql`${organization.creditBalance} + ${amount}`,
+        orgUsageLimit: sql`COALESCE(${organization.orgUsageLimit}, '0')::decimal + ${amount}`,
+      })
+      .where(eq(organization.id, orgId))
+
+    logger.info('Applied bonus credits to organization', {
+      userId,
+      organizationId: orgId,
+      plan: subscription.plan,
+      amount,
+    })
+  } else {
+    await dbCtx
+      .update(userStats)
+      .set({
+        creditBalance: sql`${userStats.creditBalance} + ${amount}`,
+        currentUsageLimit: sql`COALESCE(${userStats.currentUsageLimit}, '0')::decimal + ${amount}`,
+      })
+      .where(eq(userStats.userId, userId))
+
+    logger.info('Applied bonus credits to user', {
+      userId,
+      plan: subscription?.plan || 'free',
+      amount,
+    })
+  }
+}

apps/sim/lib/copilot/client-sse/handlers.ts

@@ -1,5 +1,5 @@
 import { createLogger } from '@sim/logger'
-import { STREAM_STORAGE_KEY } from '@/lib/copilot/constants'
+import { COPILOT_CONFIRM_API_PATH, STREAM_STORAGE_KEY } from '@/lib/copilot/constants'
 import { asRecord } from '@/lib/copilot/orchestrator/sse-utils'
 import type { SSEEvent } from '@/lib/copilot/orchestrator/types'
 import {
@@ -26,119 +26,21 @@ const MAX_BATCH_INTERVAL = 50
 const MIN_BATCH_INTERVAL = 16
 const MAX_QUEUE_SIZE = 5
 
-function isWorkflowEditToolCall(toolName?: string, params?: Record<string, unknown>): boolean {
-  if (toolName === 'edit_workflow') return true
-  if (toolName !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
-  if (toolCall.execution?.target === 'sim_client_capability') {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
-  }
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
-}
-
-function mapServerStateToClientState(state: unknown): ClientToolCallState {
-  switch (String(state || '')) {
-    case 'generating':
-      return ClientToolCallState.generating
-    case 'pending':
-    case 'awaiting_approval':
-      return ClientToolCallState.pending
-    case 'executing':
-      return ClientToolCallState.executing
-    case 'success':
-      return ClientToolCallState.success
-    case 'rejected':
-    case 'skipped':
-      return ClientToolCallState.rejected
-    case 'aborted':
-      return ClientToolCallState.aborted
-    case 'error':
-    case 'failed':
-      return ClientToolCallState.error
-    default:
-      return ClientToolCallState.pending
-  }
-}
-
-function extractToolUiMetadata(data: Record<string, unknown>): CopilotToolCall['ui'] | undefined {
-  const ui = asRecord(data.ui)
-  if (!ui || Object.keys(ui).length === 0) return undefined
-  const autoAllowedFromUi = ui.autoAllowed === true
-  const autoAllowedFromData = data.autoAllowed === true
-  return {
-    title: typeof ui.title === 'string' ? ui.title : undefined,
-    phaseLabel: typeof ui.phaseLabel === 'string' ? ui.phaseLabel : undefined,
-    icon: typeof ui.icon === 'string' ? ui.icon : undefined,
-    showInterrupt: ui.showInterrupt === true,
-    showRemember: ui.showRemember === true,
-    autoAllowed: autoAllowedFromUi || autoAllowedFromData,
-    actions: Array.isArray(ui.actions)
-      ? ui.actions
-          .map((action) => {
-            const a = asRecord(action)
-            const id = typeof a.id === 'string' ? a.id : undefined
-            const label = typeof a.label === 'string' ? a.label : undefined
-            const kind: 'accept' | 'reject' = a.kind === 'reject' ? 'reject' : 'accept'
-            if (!id || !label) return null
-            return {
-              id,
-              label,
-              kind,
-              remember: a.remember === true,
-            }
-          })
-          .filter((a): a is NonNullable<typeof a> => !!a)
-      : undefined,
-  }
-}
-
-function extractToolExecutionMetadata(
-  data: Record<string, unknown>
-): CopilotToolCall['execution'] | undefined {
-  const execution = asRecord(data.execution)
-  if (!execution || Object.keys(execution).length === 0) return undefined
-  return {
-    target: typeof execution.target === 'string' ? execution.target : undefined,
-    capabilityId: typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-  }
-}
-
-function isWorkflowChangeApplyCall(toolName?: string, params?: Record<string, unknown>): boolean {
-  if (toolName !== 'workflow_change') return false
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function extractWorkflowStateFromResultPayload(
-  resultPayload: Record<string, unknown>
-): WorkflowState | null {
-  const directState = asRecord(resultPayload.workflowState)
-  if (directState) return directState as unknown as WorkflowState
-
-  const editResult = asRecord(resultPayload.editResult)
-  const nestedState = asRecord(editResult?.workflowState)
-  if (nestedState) return nestedState as unknown as WorkflowState
-
-  return null
-}
-
-function extractOperationListFromResultPayload(
-  resultPayload: Record<string, unknown>
-): Array<Record<string, unknown>> | undefined {
-  const operations = resultPayload.operations
-  if (Array.isArray(operations)) return operations as Array<Record<string, unknown>>
-
-  const compiled = resultPayload.compiledOperations
-  if (Array.isArray(compiled)) return compiled as Array<Record<string, unknown>>
-
-  return undefined
+/**
+ * Send an auto-accept confirmation to the server for auto-allowed tools.
+ * The server-side orchestrator polls Redis for this decision.
+ */
+export function sendAutoAcceptConfirmation(toolCallId: string): void {
+  fetch(COPILOT_CONFIRM_API_PATH, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ toolCallId, status: 'accepted' }),
+  }).catch((error) => {
+    logger.warn('Failed to send auto-accept confirmation', {
+      toolCallId,
+      error: error instanceof Error ? error.message : String(error),
+    })
+  })
 }
 
 function writeActiveStreamToStorage(info: CopilotStreamInfo | null): void {
@@ -342,28 +244,14 @@ export const sseHandlers: Record<string, SSEHandler> = {
     try {
       const eventData = asRecord(data?.data)
       const toolCallId: string | undefined =
-        data?.toolCallId ||
-        (eventData.id as string | undefined) ||
-        (eventData.callId as string | undefined)
+        data?.toolCallId || (eventData.id as string | undefined)
       const success: boolean | undefined = data?.success
       const failedDependency: boolean = data?.failedDependency === true
       const resultObj = asRecord(data?.result)
       const skipped: boolean = resultObj.skipped === true
       if (!toolCallId) return
-      const uiMetadata = extractToolUiMetadata(eventData)
-      const executionMetadata = extractToolExecutionMetadata(eventData)
-      const serverState = (eventData.state as string | undefined) || undefined
-      const targetState = serverState
-        ? mapServerStateToClientState(serverState)
-        : success
-          ? ClientToolCallState.success
-          : failedDependency || skipped
-            ? ClientToolCallState.rejected
-            : ClientToolCallState.error
-      const resultPayload = asRecord(data?.result || eventData.result || eventData.data || data?.data)
       const { toolCallsById } = get()
       const current = toolCallsById[toolCallId]
-      let paramsForCurrentToolCall: Record<string, unknown> | undefined = current?.params
       if (current) {
         if (
           isRejectedState(current.state) ||
@@ -372,32 +260,16 @@ export const sseHandlers: Record<string, SSEHandler> = {
         ) {
           return
         }
-        if (
-          targetState === ClientToolCallState.success &&
-          isWorkflowChangeApplyCall(current.name, paramsForCurrentToolCall)
-        ) {
-          const operations = extractOperationListFromResultPayload(resultPayload || {})
-          if (operations && operations.length > 0) {
-            paramsForCurrentToolCall = {
-              ...(current.params || {}),
-              operations,
-            }
-          }
-        }
-
+        const targetState = success
+          ? ClientToolCallState.success
+          : failedDependency || skipped
+            ? ClientToolCallState.rejected
+            : ClientToolCallState.error
         const updatedMap = { ...toolCallsById }
         updatedMap[toolCallId] = {
           ...current,
-          ui: uiMetadata || current.ui,
-          execution: executionMetadata || current.execution,
-          params: paramsForCurrentToolCall,
           state: targetState,
-          display: resolveToolDisplay(
-            current.name,
-            targetState,
-            current.id,
-            paramsForCurrentToolCall
-          ),
+          display: resolveToolDisplay(current.name, targetState, current.id, current.params),
         }
         set({ toolCallsById: updatedMap })
 
@@ -440,39 +312,31 @@ export const sseHandlers: Record<string, SSEHandler> = {
           }
         }
 
-        if (
-          targetState === ClientToolCallState.success &&
-          isWorkflowEditToolCall(current.name, paramsForCurrentToolCall)
-        ) {
+        if (current.name === 'edit_workflow') {
           try {
-            const workflowState = resultPayload
-              ? extractWorkflowStateFromResultPayload(resultPayload)
-              : null
-            const hasWorkflowState = !!workflowState
-            logger.info('[SSE] workflow edit result received', {
-              toolName: current.name,
+            const resultPayload = asRecord(
+              data?.result || eventData.result || eventData.data || data?.data
+            )
+            const workflowState = asRecord(resultPayload?.workflowState)
+            const hasWorkflowState = !!resultPayload?.workflowState
+            logger.info('[SSE] edit_workflow result received', {
               hasWorkflowState,
-              blockCount: hasWorkflowState
-                ? Object.keys((workflowState as any).blocks ?? {}).length
-                : 0,
-              edgeCount:
-                hasWorkflowState && Array.isArray((workflowState as any).edges)
-                  ? (workflowState as any).edges.length
-                  : 0,
+              blockCount: hasWorkflowState ? Object.keys(workflowState.blocks ?? {}).length : 0,
+              edgeCount: Array.isArray(workflowState.edges) ? workflowState.edges.length : 0,
             })
-            if (workflowState) {
+            if (hasWorkflowState) {
               const diffStore = useWorkflowDiffStore.getState()
-              diffStore.setProposedChanges(workflowState).catch((err) => {
-                logger.error('[SSE] Failed to apply workflow edit diff', {
-                  error: err instanceof Error ? err.message : String(err),
-                  toolName: current.name,
+              diffStore
+                .setProposedChanges(resultPayload.workflowState as WorkflowState)
+                .catch((err) => {
+                  logger.error('[SSE] Failed to apply edit_workflow diff', {
+                    error: err instanceof Error ? err.message : String(err),
+                  })
                 })
-              })
             }
           } catch (err) {
-            logger.error('[SSE] workflow edit result handling failed', {
+            logger.error('[SSE] edit_workflow result handling failed', {
               error: err instanceof Error ? err.message : String(err),
-              toolName: current.name,
             })
           }
         }
@@ -596,23 +460,16 @@ export const sseHandlers: Record<string, SSEHandler> = {
             : failedDependency || skipped
               ? ClientToolCallState.rejected
               : ClientToolCallState.error
-          const paramsForBlock =
-            b.toolCall?.id === toolCallId
-              ? paramsForCurrentToolCall || b.toolCall?.params
-              : b.toolCall?.params
           context.contentBlocks[i] = {
             ...b,
             toolCall: {
               ...b.toolCall,
-              params: paramsForBlock,
-              ui: uiMetadata || b.toolCall?.ui,
-              execution: executionMetadata || b.toolCall?.execution,
               state: targetState,
               display: resolveToolDisplay(
                 b.toolCall?.name,
                 targetState,
                 toolCallId,
-                paramsForBlock
+                b.toolCall?.params
               ),
             },
           }
@@ -630,9 +487,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
     try {
       const errorData = asRecord(data?.data)
       const toolCallId: string | undefined =
-        data?.toolCallId ||
-        (errorData.id as string | undefined) ||
-        (errorData.callId as string | undefined)
+        data?.toolCallId || (errorData.id as string | undefined)
       const failedDependency: boolean = data?.failedDependency === true
       if (!toolCallId) return
       const { toolCallsById } = get()
@@ -645,18 +500,12 @@ export const sseHandlers: Record<string, SSEHandler> = {
         ) {
           return
         }
-        const targetState = errorData.state
-          ? mapServerStateToClientState(errorData.state)
-          : failedDependency
-            ? ClientToolCallState.rejected
-            : ClientToolCallState.error
-        const uiMetadata = extractToolUiMetadata(errorData)
-        const executionMetadata = extractToolExecutionMetadata(errorData)
+        const targetState = failedDependency
+          ? ClientToolCallState.rejected
+          : ClientToolCallState.error
         const updatedMap = { ...toolCallsById }
         updatedMap[toolCallId] = {
           ...current,
-          ui: uiMetadata || current.ui,
-          execution: executionMetadata || current.execution,
           state: targetState,
           display: resolveToolDisplay(current.name, targetState, current.id, current.params),
         }
@@ -671,19 +520,13 @@ export const sseHandlers: Record<string, SSEHandler> = {
             isBackgroundState(b.toolCall?.state)
           )
             break
-          const targetState = errorData.state
-            ? mapServerStateToClientState(errorData.state)
-            : failedDependency
-              ? ClientToolCallState.rejected
-              : ClientToolCallState.error
-          const uiMetadata = extractToolUiMetadata(errorData)
-          const executionMetadata = extractToolExecutionMetadata(errorData)
+          const targetState = failedDependency
+            ? ClientToolCallState.rejected
+            : ClientToolCallState.error
           context.contentBlocks[i] = {
             ...b,
             toolCall: {
               ...b.toolCall,
-              ui: uiMetadata || b.toolCall?.ui,
-              execution: executionMetadata || b.toolCall?.execution,
               state: targetState,
               display: resolveToolDisplay(
                 b.toolCall?.name,
@@ -704,26 +547,19 @@ export const sseHandlers: Record<string, SSEHandler> = {
     }
   },
   tool_generating: (data, context, get, set) => {
-    const eventData = asRecord(data?.data)
-    const toolCallId =
-      data?.toolCallId ||
-      (eventData.id as string | undefined) ||
-      (eventData.callId as string | undefined)
-    const toolName =
-      data?.toolName ||
-      (eventData.name as string | undefined) ||
-      (eventData.toolName as string | undefined)
+    const { toolCallId, toolName } = data
     if (!toolCallId || !toolName) return
     const { toolCallsById } = get()
 
     if (!toolCallsById[toolCallId]) {
-      const initialState = ClientToolCallState.generating
+      const isAutoAllowed = get().isToolAutoAllowed(toolName)
+      const initialState = isAutoAllowed
+        ? ClientToolCallState.executing
+        : ClientToolCallState.pending
       const tc: CopilotToolCall = {
         id: toolCallId,
         name: toolName,
         state: initialState,
-        ui: extractToolUiMetadata(eventData),
-        execution: extractToolExecutionMetadata(eventData),
         display: resolveToolDisplay(toolName, initialState, toolCallId),
       }
       const updated = { ...toolCallsById, [toolCallId]: tc }
@@ -736,27 +572,17 @@ export const sseHandlers: Record<string, SSEHandler> = {
   },
   tool_call: (data, context, get, set) => {
     const toolData = asRecord(data?.data)
-    const id: string | undefined =
-      (toolData.id as string | undefined) ||
-      (toolData.callId as string | undefined) ||
-      data?.toolCallId
-    const name: string | undefined =
-      (toolData.name as string | undefined) ||
-      (toolData.toolName as string | undefined) ||
-      data?.toolName
+    const id: string | undefined = (toolData.id as string | undefined) || data?.toolCallId
+    const name: string | undefined = (toolData.name as string | undefined) || data?.toolName
     if (!id) return
     const args = toolData.arguments as Record<string, unknown> | undefined
     const isPartial = toolData.partial === true
-    const uiMetadata = extractToolUiMetadata(toolData)
-    const executionMetadata = extractToolExecutionMetadata(toolData)
-    const serverState = toolData.state
     const { toolCallsById } = get()
 
     const existing = toolCallsById[id]
     const toolName = name || existing?.name || 'unknown_tool'
-    let initialState = serverState
-      ? mapServerStateToClientState(serverState)
-      : ClientToolCallState.pending
+    const isAutoAllowed = get().isToolAutoAllowed(toolName)
+    let initialState = isAutoAllowed ? ClientToolCallState.executing : ClientToolCallState.pending
 
     // Avoid flickering back to pending on partial/duplicate events once a tool is executing.
     if (
@@ -771,8 +597,6 @@ export const sseHandlers: Record<string, SSEHandler> = {
           ...existing,
           name: toolName,
           state: initialState,
-          ui: uiMetadata || existing.ui,
-          execution: executionMetadata || existing.execution,
           ...(args ? { params: args } : {}),
           display: resolveToolDisplay(toolName, initialState, id, args || existing.params),
         }
@@ -780,8 +604,6 @@ export const sseHandlers: Record<string, SSEHandler> = {
           id,
           name: toolName,
           state: initialState,
-          ui: uiMetadata,
-          execution: executionMetadata,
           ...(args ? { params: args } : {}),
           display: resolveToolDisplay(toolName, initialState, id, args),
         }
@@ -796,12 +618,20 @@ export const sseHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    const shouldInterrupt = next.ui?.showInterrupt === true
+    // Auto-allowed tools: send confirmation to the server so it can proceed
+    // without waiting for the user to click "Allow".
+    if (isAutoAllowed) {
+      sendAutoAcceptConfirmation(id)
+    }
 
-    // Client-run capability: execution is delegated to the browser.
-    // We run immediately only when no interrupt is required.
-    if (isClientRunCapability(next) && !shouldInterrupt) {
-      executeRunToolOnClient(id, toolName, args || next.params || {})
+    // Client-executable run tools: execute on the client for real-time feedback
+    // (block pulsing, console logs, stop button). The server defers execution
+    // for these tools in interactive mode; the client reports back via mark-complete.
+    if (
+      CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName) &&
+      initialState === ClientToolCallState.executing
+    ) {
+      executeRunToolOnClient(id, toolName, args || existing?.params || {})
     }
 
     // OAuth: dispatch event to open the OAuth connect modal

apps/sim/lib/copilot/client-sse/subagent-handlers.ts

@@ -9,10 +9,9 @@ import type { SSEEvent } from '@/lib/copilot/orchestrator/types'
 import { resolveToolDisplay } from '@/lib/copilot/store-utils'
 import { ClientToolCallState } from '@/lib/copilot/tools/client/tool-display-registry'
 import type { CopilotStore, CopilotToolCall } from '@/stores/panel/copilot/types'
-import { useWorkflowDiffStore } from '@/stores/workflow-diff/store'
-import type { WorkflowState } from '@/stores/workflows/workflow/types'
 import {
   type SSEHandler,
+  sendAutoAcceptConfirmation,
   sseHandlers,
   updateStreamingMessage,
 } from './handlers'
@@ -25,113 +24,6 @@ type StoreSet = (
   partial: Partial<CopilotStore> | ((state: CopilotStore) => Partial<CopilotStore>)
 ) => void
 
-function mapServerStateToClientState(state: unknown): ClientToolCallState {
-  switch (String(state || '')) {
-    case 'generating':
-      return ClientToolCallState.generating
-    case 'pending':
-    case 'awaiting_approval':
-      return ClientToolCallState.pending
-    case 'executing':
-      return ClientToolCallState.executing
-    case 'success':
-      return ClientToolCallState.success
-    case 'rejected':
-    case 'skipped':
-      return ClientToolCallState.rejected
-    case 'aborted':
-      return ClientToolCallState.aborted
-    case 'error':
-    case 'failed':
-      return ClientToolCallState.error
-    default:
-      return ClientToolCallState.pending
-  }
-}
-
-function extractToolUiMetadata(data: Record<string, unknown>): CopilotToolCall['ui'] | undefined {
-  const ui = asRecord(data.ui)
-  if (!ui || Object.keys(ui).length === 0) return undefined
-  const autoAllowedFromUi = ui.autoAllowed === true
-  const autoAllowedFromData = data.autoAllowed === true
-  return {
-    title: typeof ui.title === 'string' ? ui.title : undefined,
-    phaseLabel: typeof ui.phaseLabel === 'string' ? ui.phaseLabel : undefined,
-    icon: typeof ui.icon === 'string' ? ui.icon : undefined,
-    showInterrupt: ui.showInterrupt === true,
-    showRemember: ui.showRemember === true,
-    autoAllowed: autoAllowedFromUi || autoAllowedFromData,
-    actions: Array.isArray(ui.actions)
-      ? ui.actions
-          .map((action) => {
-            const a = asRecord(action)
-            const id = typeof a.id === 'string' ? a.id : undefined
-            const label = typeof a.label === 'string' ? a.label : undefined
-            const kind: 'accept' | 'reject' = a.kind === 'reject' ? 'reject' : 'accept'
-            if (!id || !label) return null
-            return {
-              id,
-              label,
-              kind,
-              remember: a.remember === true,
-            }
-          })
-          .filter((a): a is NonNullable<typeof a> => !!a)
-      : undefined,
-  }
-}
-
-function extractToolExecutionMetadata(
-  data: Record<string, unknown>
-): CopilotToolCall['execution'] | undefined {
-  const execution = asRecord(data.execution)
-  if (!execution || Object.keys(execution).length === 0) return undefined
-  return {
-    target: typeof execution.target === 'string' ? execution.target : undefined,
-    capabilityId: typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-  }
-}
-
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
-  if (toolCall.execution?.target === 'sim_client_capability') {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
-  }
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
-}
-
-function isWorkflowChangeApplyCall(toolCall: CopilotToolCall): boolean {
-  if (toolCall.name !== 'workflow_change') return false
-  const params = (toolCall.params || {}) as Record<string, unknown>
-  const mode = typeof params.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function extractWorkflowStateFromResultPayload(
-  resultPayload: Record<string, unknown>
-): WorkflowState | null {
-  const directState = asRecord(resultPayload.workflowState)
-  if (directState) return directState as unknown as WorkflowState
-
-  const editResult = asRecord(resultPayload.editResult)
-  const nestedState = asRecord(editResult?.workflowState)
-  if (nestedState) return nestedState as unknown as WorkflowState
-
-  return null
-}
-
-function extractOperationListFromResultPayload(
-  resultPayload: Record<string, unknown>
-): Array<Record<string, unknown>> | undefined {
-  const operations = resultPayload.operations
-  if (Array.isArray(operations)) return operations as Array<Record<string, unknown>>
-
-  const compiled = resultPayload.compiledOperations
-  if (Array.isArray(compiled)) return compiled as Array<Record<string, unknown>>
-
-  return undefined
-}
-
 export function appendSubAgentContent(
   context: ClientStreamingContext,
   parentToolCallId: string,
@@ -272,8 +164,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     const name: string | undefined = (toolData.name as string | undefined) || data?.toolName
     if (!id || !name) return
     const isPartial = toolData.partial === true
-    const uiMetadata = extractToolUiMetadata(toolData)
-    const executionMetadata = extractToolExecutionMetadata(toolData)
 
     let args: Record<string, unknown> | undefined = (toolData.arguments || toolData.input) as
       | Record<string, unknown>
@@ -309,10 +199,9 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     const existingToolCall =
       existingIndex >= 0 ? context.subAgentToolCalls[parentToolCallId][existingIndex] : undefined
 
-    const serverState = toolData.state
-    let initialState = serverState
-      ? mapServerStateToClientState(serverState)
-      : ClientToolCallState.pending
+    // Auto-allowed tools skip pending state to avoid flashing interrupt buttons
+    const isAutoAllowed = get().isToolAutoAllowed(name)
+    let initialState = isAutoAllowed ? ClientToolCallState.executing : ClientToolCallState.pending
 
     // Avoid flickering back to pending on partial/duplicate events once a tool is executing.
     if (
@@ -326,8 +215,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
       id,
       name,
       state: initialState,
-      ui: uiMetadata,
-      execution: executionMetadata,
       ...(args ? { params: args } : {}),
       display: resolveToolDisplay(name, initialState, id, args),
     }
@@ -354,11 +241,16 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    const shouldInterrupt = subAgentToolCall.ui?.showInterrupt === true
+    // Auto-allowed tools: send confirmation to the server so it can proceed
+    // without waiting for the user to click "Allow".
+    if (isAutoAllowed) {
+      sendAutoAcceptConfirmation(id)
+    }
 
-    // Client-run capability: execution is delegated to the browser.
-    // Execute immediately only for non-interrupting calls.
-    if (isClientRunCapability(subAgentToolCall) && !shouldInterrupt) {
+    // Client-executable run tools: if auto-allowed, execute immediately for
+    // real-time feedback. For non-auto-allowed, the user must click "Allow"
+    // first — handleRun in tool-call.tsx triggers executeRunToolOnClient.
+    if (CLIENT_EXECUTABLE_RUN_TOOLS.has(name) && isAutoAllowed) {
       executeRunToolOnClient(id, name, args || {})
     }
   },
@@ -383,45 +275,17 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     if (!context.subAgentToolCalls[parentToolCallId]) return
     if (!context.subAgentBlocks[parentToolCallId]) return
 
-    const serverState = resultData.state
-    const targetState = serverState
-      ? mapServerStateToClientState(serverState)
-      : success
-        ? ClientToolCallState.success
-        : ClientToolCallState.error
-    const uiMetadata = extractToolUiMetadata(resultData)
-    const executionMetadata = extractToolExecutionMetadata(resultData)
+    const targetState = success ? ClientToolCallState.success : ClientToolCallState.error
     const existingIndex = context.subAgentToolCalls[parentToolCallId].findIndex(
       (tc: CopilotToolCall) => tc.id === toolCallId
     )
 
     if (existingIndex >= 0) {
       const existing = context.subAgentToolCalls[parentToolCallId][existingIndex]
-      let nextParams = existing.params
-      const resultPayload = asRecord(
-        data?.result || resultData.result || resultData.data || data?.data
-      )
-      if (
-        targetState === ClientToolCallState.success &&
-        isWorkflowChangeApplyCall(existing) &&
-        resultPayload
-      ) {
-        const operations = extractOperationListFromResultPayload(resultPayload)
-        if (operations && operations.length > 0) {
-          nextParams = {
-            ...(existing.params || {}),
-            operations,
-          }
-        }
-      }
-
       const updatedSubAgentToolCall = {
         ...existing,
-        params: nextParams,
-        ui: uiMetadata || existing.ui,
-        execution: executionMetadata || existing.execution,
         state: targetState,
-        display: resolveToolDisplay(existing.name, targetState, toolCallId, nextParams),
+        display: resolveToolDisplay(existing.name, targetState, toolCallId, existing.params),
       }
       context.subAgentToolCalls[parentToolCallId][existingIndex] = updatedSubAgentToolCall
 
@@ -445,23 +309,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
           state: targetState,
         })
       }
-
-      if (
-        targetState === ClientToolCallState.success &&
-        resultPayload &&
-        isWorkflowChangeApplyCall(updatedSubAgentToolCall)
-      ) {
-        const workflowState = extractWorkflowStateFromResultPayload(resultPayload)
-        if (workflowState) {
-          const diffStore = useWorkflowDiffStore.getState()
-          diffStore.setProposedChanges(workflowState).catch((error) => {
-            logger.error('[SubAgent] Failed to apply workflow_change diff', {
-              error: error instanceof Error ? error.message : String(error),
-              toolCallId,
-            })
-          })
-        }
-      }
     }
 
     updateToolCallWithSubAgentData(context, get, set, parentToolCallId)

apps/sim/lib/copilot/constants.ts

@@ -101,6 +101,9 @@ export const COPILOT_CHECKPOINTS_API_PATH = '/api/copilot/checkpoints'
 /** POST — revert to a checkpoint. */
 export const COPILOT_CHECKPOINTS_REVERT_API_PATH = '/api/copilot/checkpoints/revert'
 
+/** GET/POST/DELETE — manage auto-allowed tools. */
+export const COPILOT_AUTO_ALLOWED_TOOLS_API_PATH = '/api/copilot/auto-allowed-tools'
+
 /** GET — fetch dynamically available copilot models. */
 export const COPILOT_MODELS_API_PATH = '/api/copilot/models'
 

apps/sim/lib/copilot/orchestrator/config.ts

@@ -0,0 +1,67 @@
+export const INTERRUPT_TOOL_NAMES = [
+  'set_global_workflow_variables',
+  'run_workflow',
+  'run_workflow_until_block',
+  'run_from_block',
+  'run_block',
+  'manage_mcp_tool',
+  'manage_custom_tool',
+  'deploy_mcp',
+  'deploy_chat',
+  'deploy_api',
+  'create_workspace_mcp_server',
+  'set_environment_variables',
+  'make_api_request',
+  'oauth_request_access',
+  'navigate_ui',
+  'knowledge_base',
+  'generate_api_key',
+] as const
+
+export const INTERRUPT_TOOL_SET = new Set<string>(INTERRUPT_TOOL_NAMES)
+
+export const SUBAGENT_TOOL_NAMES = [
+  'debug',
+  'edit',
+  'build',
+  'plan',
+  'test',
+  'deploy',
+  'auth',
+  'research',
+  'knowledge',
+  'custom_tool',
+  'tour',
+  'info',
+  'workflow',
+  'evaluate',
+  'superagent',
+  'discovery',
+] as const
+
+export const SUBAGENT_TOOL_SET = new Set<string>(SUBAGENT_TOOL_NAMES)
+
+/**
+ * Respond tools are internal to the copilot's subagent system.
+ * They're used by subagents to signal completion and should NOT be executed by the sim side.
+ * The copilot backend handles these internally.
+ */
+export const RESPOND_TOOL_NAMES = [
+  'plan_respond',
+  'edit_respond',
+  'build_respond',
+  'debug_respond',
+  'info_respond',
+  'research_respond',
+  'deploy_respond',
+  'superagent_respond',
+  'discovery_respond',
+  'tour_respond',
+  'auth_respond',
+  'workflow_respond',
+  'knowledge_respond',
+  'custom_tool_respond',
+  'test_respond',
+] as const
+
+export const RESPOND_TOOL_SET = new Set<string>(RESPOND_TOOL_NAMES)

apps/sim/lib/copilot/orchestrator/sse-handlers/handlers.ts

@@ -1,12 +1,17 @@
 import { createLogger } from '@sim/logger'
 import { STREAM_TIMEOUT_MS } from '@/lib/copilot/constants'
+import { RESPOND_TOOL_SET, SUBAGENT_TOOL_SET } from '@/lib/copilot/orchestrator/config'
 import {
   asRecord,
   getEventData,
   markToolResultSeen,
   wasToolResultSeen,
 } from '@/lib/copilot/orchestrator/sse-utils'
-import { markToolComplete } from '@/lib/copilot/orchestrator/tool-executor'
+import {
+  isIntegrationTool,
+  isToolAvailableOnSimSide,
+  markToolComplete,
+} from '@/lib/copilot/orchestrator/tool-executor'
 import type {
   ContentBlock,
   ExecutionContext,
@@ -17,6 +22,7 @@ import type {
 } from '@/lib/copilot/orchestrator/types'
 import {
   executeToolAndReport,
+  isInterruptToolName,
   waitForToolCompletion,
   waitForToolDecision,
 } from './tool-execution'
@@ -35,113 +41,6 @@ const CLIENT_EXECUTABLE_RUN_TOOLS = new Set([
   'run_block',
 ])
 
-function mapServerStateToToolStatus(state: unknown): ToolCallState['status'] {
-  switch (String(state || '')) {
-    case 'generating':
-    case 'pending':
-    case 'awaiting_approval':
-      return 'pending'
-    case 'executing':
-      return 'executing'
-    case 'success':
-      return 'success'
-    case 'rejected':
-    case 'skipped':
-      return 'rejected'
-    case 'aborted':
-      return 'skipped'
-    case 'error':
-    case 'failed':
-      return 'error'
-    default:
-      return 'pending'
-  }
-}
-
-function getExecutionTarget(
-  toolData: Record<string, unknown>,
-  toolName: string
-): { target: string; capabilityId?: string } {
-  const execution = asRecord(toolData.execution)
-  if (typeof execution.target === 'string' && execution.target.length > 0) {
-    return {
-      target: execution.target,
-      capabilityId:
-        typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-    }
-  }
-
-  // Fallback only when metadata is missing.
-  if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
-    return { target: 'sim_client_capability', capabilityId: 'workflow.run' }
-  }
-  return { target: 'sim_server' }
-}
-
-function needsApproval(toolData: Record<string, unknown>): boolean {
-  const ui = asRecord(toolData.ui)
-  return ui.showInterrupt === true
-}
-
-async function waitForClientCapabilityAndReport(
-  toolCall: ToolCallState,
-  options: OrchestratorOptions,
-  logScope: string
-): Promise<void> {
-  toolCall.status = 'executing'
-  const completion = await waitForToolCompletion(
-    toolCall.id,
-    options.timeout || STREAM_TIMEOUT_MS,
-    options.abortSignal
-  )
-
-  if (completion?.status === 'background') {
-    toolCall.status = 'skipped'
-    toolCall.endTime = Date.now()
-    markToolComplete(
-      toolCall.id,
-      toolCall.name,
-      202,
-      completion.message || 'Tool execution moved to background',
-      { background: true }
-    ).catch((err) => {
-      logger.error(`markToolComplete fire-and-forget failed (${logScope} background)`, {
-        toolCallId: toolCall.id,
-        error: err instanceof Error ? err.message : String(err),
-      })
-    })
-    markToolResultSeen(toolCall.id)
-    return
-  }
-
-  if (completion?.status === 'rejected') {
-    toolCall.status = 'rejected'
-    toolCall.endTime = Date.now()
-    markToolComplete(toolCall.id, toolCall.name, 400, completion.message || 'Tool execution rejected')
-      .catch((err) => {
-        logger.error(`markToolComplete fire-and-forget failed (${logScope} rejected)`, {
-          toolCallId: toolCall.id,
-          error: err instanceof Error ? err.message : String(err),
-        })
-      })
-    markToolResultSeen(toolCall.id)
-    return
-  }
-
-  const success = completion?.status === 'success'
-  toolCall.status = success ? 'success' : 'error'
-  toolCall.endTime = Date.now()
-  const msg = completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
-  markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
-    logger.error(`markToolComplete fire-and-forget failed (${logScope})`, {
-      toolCallId: toolCall.id,
-      toolName: toolCall.name,
-      error: err instanceof Error ? err.message : String(err),
-    })
-  })
-  markToolResultSeen(toolCall.id)
-}
-
 // Normalization + dedupe helpers live in sse-utils to keep server/client in sync.
 
 function inferToolSuccess(data: Record<string, unknown> | undefined): {
@@ -186,11 +85,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
 
     const { success, hasResultData, hasError } = inferToolSuccess(data)
 
-    current.status = data?.state
-      ? mapServerStateToToolStatus(data.state)
-      : success
-        ? 'success'
-        : 'error'
+    current.status = success ? 'success' : 'error'
     current.endTime = Date.now()
     if (hasResultData) {
       current.result = {
@@ -209,7 +104,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
     if (!toolCallId) return
     const current = context.toolCalls.get(toolCallId)
     if (!current) return
-    current.status = data?.state ? mapServerStateToToolStatus(data.state) : 'error'
+    current.status = 'error'
     current.error = (data?.error as string | undefined) || 'Tool execution failed'
     current.endTime = Date.now()
   },
@@ -226,7 +121,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       context.toolCalls.set(toolCallId, {
         id: toolCallId,
         name: toolName,
-        status: data?.state ? mapServerStateToToolStatus(data.state) : 'pending',
+        status: 'pending',
         startTime: Date.now(),
       })
     }
@@ -261,7 +156,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       context.toolCalls.set(toolCallId, {
         id: toolCallId,
         name: toolName,
-        status: toolData.state ? mapServerStateToToolStatus(toolData.state) : 'pending',
+        status: 'pending',
         params: args,
         startTime: Date.now(),
       })
@@ -275,29 +170,83 @@ export const sseHandlers: Record<string, SSEHandler> = {
     const toolCall = context.toolCalls.get(toolCallId)
     if (!toolCall) return
 
-    const execution = getExecutionTarget(toolData, toolName)
-    const isInteractive = options.interactive === true
-    const requiresApproval = isInteractive && needsApproval(toolData)
-    if (toolData.state) {
-      toolCall.status = mapServerStateToToolStatus(toolData.state)
+    // Subagent tools are executed by the copilot backend, not sim side.
+    if (SUBAGENT_TOOL_SET.has(toolName)) {
+      return
     }
 
-    if (requiresApproval) {
+    // Respond tools are internal to copilot's subagent system - skip execution.
+    // The copilot backend handles these internally to signal subagent completion.
+    if (RESPOND_TOOL_SET.has(toolName)) {
+      toolCall.status = 'success'
+      toolCall.endTime = Date.now()
+      toolCall.result = {
+        success: true,
+        output: 'Internal respond tool - handled by copilot backend',
+      }
+      return
+    }
+
+    const isInterruptTool = isInterruptToolName(toolName)
+    const isInteractive = options.interactive === true
+    // Integration tools (user-installed) also require approval in interactive mode
+    const needsApproval = isInterruptTool || isIntegrationTool(toolName)
+
+    if (needsApproval && isInteractive) {
       const decision = await waitForToolDecision(
         toolCallId,
         options.timeout || STREAM_TIMEOUT_MS,
         options.abortSignal
       )
       if (decision?.status === 'accepted' || decision?.status === 'success') {
-        if (execution.target === 'sim_client_capability' && isInteractive) {
-          await waitForClientCapabilityAndReport(toolCall, options, 'run tool')
+        // Client-executable run tools: defer execution to the browser client.
+        // The client calls executeWorkflowWithFullLogging for real-time feedback
+        // (block pulsing, logs, stop button) and reports completion via
+        // /api/copilot/confirm with status success/error. We poll Redis for
+        // that completion signal, then fire-and-forget markToolComplete to Go.
+        if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
+          toolCall.status = 'executing'
+          const completion = await waitForToolCompletion(
+            toolCallId,
+            options.timeout || STREAM_TIMEOUT_MS,
+            options.abortSignal
+          )
+          if (completion?.status === 'background') {
+            toolCall.status = 'skipped'
+            toolCall.endTime = Date.now()
+            markToolComplete(
+              toolCall.id,
+              toolCall.name,
+              202,
+              completion.message || 'Tool execution moved to background',
+              { background: true }
+            ).catch((err) => {
+              logger.error('markToolComplete fire-and-forget failed (run tool background)', {
+                toolCallId: toolCall.id,
+                error: err instanceof Error ? err.message : String(err),
+              })
+            })
+            markToolResultSeen(toolCallId)
+            return
+          }
+          const success = completion?.status === 'success'
+          toolCall.status = success ? 'success' : 'error'
+          toolCall.endTime = Date.now()
+          const msg =
+            completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
+          // Fire-and-forget: tell Go backend the tool is done
+          // (must NOT await — see deadlock note in executeToolAndReport)
+          markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
+            logger.error('markToolComplete fire-and-forget failed (run tool)', {
+              toolCallId: toolCall.id,
+              toolName: toolCall.name,
+              error: err instanceof Error ? err.message : String(err),
+            })
+          })
+          markToolResultSeen(toolCallId)
           return
         }
-        if (execution.target === 'sim_server' || execution.target === 'sim_client_capability') {
-          if (options.autoExecuteTools !== false) {
-            await executeToolAndReport(toolCallId, context, execContext, options)
-          }
-        }
+        await executeToolAndReport(toolCallId, context, execContext, options)
         return
       }
 
@@ -359,15 +308,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    if (execution.target === 'sim_client_capability' && isInteractive) {
-      await waitForClientCapabilityAndReport(toolCall, options, 'run tool')
-      return
-    }
-
-    if (
-      (execution.target === 'sim_server' || execution.target === 'sim_client_capability') &&
-      options.autoExecuteTools !== false
-    ) {
+    if (options.autoExecuteTools !== false) {
       await executeToolAndReport(toolCallId, context, execContext, options)
     }
   },
@@ -469,7 +410,7 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
     const toolCall: ToolCallState = {
       id: toolCallId,
       name: toolName,
-      status: toolData.state ? mapServerStateToToolStatus(toolData.state) : 'pending',
+      status: 'pending',
       params: args,
       startTime: Date.now(),
     }
@@ -487,26 +428,37 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
 
     if (isPartial) return
 
-    const execution = getExecutionTarget(toolData, toolName)
-    const isInteractive = options.interactive === true
-    const requiresApproval = isInteractive && needsApproval(toolData)
+    // Respond tools are internal to copilot's subagent system - skip execution.
+    if (RESPOND_TOOL_SET.has(toolName)) {
+      toolCall.status = 'success'
+      toolCall.endTime = Date.now()
+      toolCall.result = {
+        success: true,
+        output: 'Internal respond tool - handled by copilot backend',
+      }
+      return
+    }
 
-    if (requiresApproval) {
+    // Tools that only exist on the Go backend (e.g. search_patterns,
+    // search_errors, remember_debug) should NOT be re-executed on the Sim side.
+    // The Go backend already executed them and will send its own tool_result
+    // SSE event with the real outcome.  Trying to execute them here would fail
+    // with "Tool not found" and incorrectly mark the tool as failed.
+    if (!isToolAvailableOnSimSide(toolName)) {
+      return
+    }
+
+    // Interrupt tools and integration tools (user-installed) require approval
+    // in interactive mode, same as top-level handler.
+    const needsSubagentApproval = isInterruptToolName(toolName) || isIntegrationTool(toolName)
+    if (options.interactive === true && needsSubagentApproval) {
       const decision = await waitForToolDecision(
         toolCallId,
         options.timeout || STREAM_TIMEOUT_MS,
         options.abortSignal
       )
       if (decision?.status === 'accepted' || decision?.status === 'success') {
-        if (execution.target === 'sim_client_capability' && isInteractive) {
-          await waitForClientCapabilityAndReport(toolCall, options, 'subagent run tool')
-          return
-        }
-        if (execution.target === 'sim_server' || execution.target === 'sim_client_capability') {
-          if (options.autoExecuteTools !== false) {
-            await executeToolAndReport(toolCallId, context, execContext, options)
-          }
-        }
+        await executeToolAndReport(toolCallId, context, execContext, options)
         return
       }
       if (decision?.status === 'rejected' || decision?.status === 'error') {
@@ -565,15 +517,66 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    if (execution.target === 'sim_client_capability' && isInteractive) {
-      await waitForClientCapabilityAndReport(toolCall, options, 'subagent run tool')
+    // Client-executable run tools in interactive mode: defer to client.
+    // Same pattern as main handler: wait for client completion, then tell Go.
+    if (options.interactive === true && CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
+      toolCall.status = 'executing'
+      const completion = await waitForToolCompletion(
+        toolCallId,
+        options.timeout || STREAM_TIMEOUT_MS,
+        options.abortSignal
+      )
+      if (completion?.status === 'rejected') {
+        toolCall.status = 'rejected'
+        toolCall.endTime = Date.now()
+        markToolComplete(
+          toolCall.id,
+          toolCall.name,
+          400,
+          completion.message || 'Tool execution rejected'
+        ).catch((err) => {
+          logger.error('markToolComplete fire-and-forget failed (subagent run tool rejected)', {
+            toolCallId: toolCall.id,
+            error: err instanceof Error ? err.message : String(err),
+          })
+        })
+        markToolResultSeen(toolCallId)
+        return
+      }
+      if (completion?.status === 'background') {
+        toolCall.status = 'skipped'
+        toolCall.endTime = Date.now()
+        markToolComplete(
+          toolCall.id,
+          toolCall.name,
+          202,
+          completion.message || 'Tool execution moved to background',
+          { background: true }
+        ).catch((err) => {
+          logger.error('markToolComplete fire-and-forget failed (subagent run tool background)', {
+            toolCallId: toolCall.id,
+            error: err instanceof Error ? err.message : String(err),
+          })
+        })
+        markToolResultSeen(toolCallId)
+        return
+      }
+      const success = completion?.status === 'success'
+      toolCall.status = success ? 'success' : 'error'
+      toolCall.endTime = Date.now()
+      const msg = completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
+      markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
+        logger.error('markToolComplete fire-and-forget failed (subagent run tool)', {
+          toolCallId: toolCall.id,
+          toolName: toolCall.name,
+          error: err instanceof Error ? err.message : String(err),
+        })
+      })
+      markToolResultSeen(toolCallId)
       return
     }
 
-    if (
-      (execution.target === 'sim_server' || execution.target === 'sim_client_capability') &&
-      options.autoExecuteTools !== false
-    ) {
+    if (options.autoExecuteTools !== false) {
       await executeToolAndReport(toolCallId, context, execContext, options)
     }
   },
@@ -593,7 +596,7 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
 
     const { success, hasResultData, hasError } = inferToolSuccess(data)
 
-    const status = data?.state ? mapServerStateToToolStatus(data.state) : success ? 'success' : 'error'
+    const status = success ? 'success' : 'error'
     const endTime = Date.now()
     const result = hasResultData ? { success, output: data?.result || data?.data } : undefined
 

apps/sim/lib/copilot/orchestrator/sse-handlers/tool-execution.ts

@@ -4,6 +4,7 @@ import {
   TOOL_DECISION_MAX_POLL_MS,
   TOOL_DECISION_POLL_BACKOFF,
 } from '@/lib/copilot/constants'
+import { INTERRUPT_TOOL_SET } from '@/lib/copilot/orchestrator/config'
 import { getToolConfirmation } from '@/lib/copilot/orchestrator/persistence'
 import {
   asRecord,
@@ -20,6 +21,10 @@ import type {
 
 const logger = createLogger('CopilotSseToolExecution')
 
+export function isInterruptToolName(toolName: string): boolean {
+  return INTERRUPT_TOOL_SET.has(toolName)
+}
+
 export async function executeToolAndReport(
   toolCallId: string,
   context: StreamingContext,
@@ -29,11 +34,9 @@ export async function executeToolAndReport(
   const toolCall = context.toolCalls.get(toolCallId)
   if (!toolCall) return
 
-  const lockable = toolCall as typeof toolCall & { __simExecuting?: boolean }
-  if (lockable.__simExecuting) return
+  if (toolCall.status === 'executing') return
   if (wasToolResultSeen(toolCall.id)) return
 
-  lockable.__simExecuting = true
   toolCall.status = 'executing'
   try {
     const result = await executeToolServerSide(toolCall, execContext)
@@ -119,8 +122,6 @@ export async function executeToolAndReport(
       },
     }
     await options?.onEvent?.(errorEvent)
-  } finally {
-    delete lockable.__simExecuting
   }
 }
 

apps/sim/lib/copilot/orchestrator/tool-executor/index.ts

@@ -325,10 +325,6 @@ const SERVER_TOOLS = new Set<string>([
   'get_block_config',
   'get_trigger_blocks',
   'edit_workflow',
-  'workflow_context_get',
-  'workflow_context_expand',
-  'workflow_change',
-  'workflow_verify',
   'get_workflow_console',
   'search_documentation',
   'search_online',

apps/sim/lib/copilot/tools/client/tool-display-registry.ts

@@ -609,83 +609,6 @@ const META_edit_workflow: ToolMetadata = {
   },
 }
 
-const META_workflow_change: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Planning workflow changes', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Applying workflow changes', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Updated your workflow', icon: Grid2x2Check },
-    [ClientToolCallState.error]: { text: 'Failed to update your workflow', icon: XCircle },
-    [ClientToolCallState.review]: { text: 'Review your workflow changes', icon: Grid2x2 },
-    [ClientToolCallState.rejected]: { text: 'Rejected workflow changes', icon: Grid2x2X },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow changes', icon: MinusCircle },
-    [ClientToolCallState.pending]: { text: 'Planning workflow changes', icon: Loader2 },
-  },
-  getDynamicText: (params, state) => {
-    const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-    if (mode === 'dry_run') {
-      switch (state) {
-        case ClientToolCallState.success:
-          return 'Planned workflow changes'
-        case ClientToolCallState.executing:
-        case ClientToolCallState.generating:
-        case ClientToolCallState.pending:
-          return 'Planning workflow changes'
-      }
-    }
-    if (mode === 'apply' || typeof params?.proposalId === 'string') {
-      switch (state) {
-        case ClientToolCallState.success:
-          return 'Applied workflow changes'
-        case ClientToolCallState.executing:
-        case ClientToolCallState.generating:
-        case ClientToolCallState.pending:
-          return 'Applying workflow changes'
-      }
-    }
-    return undefined
-  },
-  uiConfig: {
-    isSpecial: true,
-    customRenderer: 'edit_summary',
-  },
-}
-
-const META_workflow_context_get: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Gathered workflow context', icon: FileText },
-    [ClientToolCallState.error]: { text: 'Failed to gather workflow context', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped workflow context', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow context', icon: MinusCircle },
-  },
-}
-
-const META_workflow_context_expand: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Expanded workflow schemas', icon: FileText },
-    [ClientToolCallState.error]: { text: 'Failed to expand workflow schemas', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped schema expansion', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted schema expansion', icon: MinusCircle },
-  },
-}
-
-const META_workflow_verify: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Verified workflow', icon: CheckCircle2 },
-    [ClientToolCallState.error]: { text: 'Workflow verification failed', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped workflow verification', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow verification', icon: MinusCircle },
-  },
-}
-
 const META_evaluate: ToolMetadata = {
   displayNames: {
     [ClientToolCallState.generating]: { text: 'Evaluating', icon: Loader2 },
@@ -2619,10 +2542,6 @@ const TOOL_METADATA_BY_ID: Record<string, ToolMetadata> = {
   deploy_mcp: META_deploy_mcp,
   edit: META_edit,
   edit_workflow: META_edit_workflow,
-  workflow_context_get: META_workflow_context_get,
-  workflow_context_expand: META_workflow_context_expand,
-  workflow_change: META_workflow_change,
-  workflow_verify: META_workflow_verify,
   evaluate: META_evaluate,
   get_block_config: META_get_block_config,
   get_block_options: META_get_block_options,

apps/sim/lib/copilot/tools/server/router.ts

@@ -13,12 +13,6 @@ import { getCredentialsServerTool } from '@/lib/copilot/tools/server/user/get-cr
 import { setEnvironmentVariablesServerTool } from '@/lib/copilot/tools/server/user/set-environment-variables'
 import { editWorkflowServerTool } from '@/lib/copilot/tools/server/workflow/edit-workflow'
 import { getWorkflowConsoleServerTool } from '@/lib/copilot/tools/server/workflow/get-workflow-console'
-import { workflowChangeServerTool } from '@/lib/copilot/tools/server/workflow/workflow-change'
-import {
-  workflowContextExpandServerTool,
-  workflowContextGetServerTool,
-} from '@/lib/copilot/tools/server/workflow/workflow-context'
-import { workflowVerifyServerTool } from '@/lib/copilot/tools/server/workflow/workflow-verify'
 import { ExecuteResponseSuccessSchema } from '@/lib/copilot/tools/shared/schemas'
 
 export { ExecuteResponseSuccessSchema }
@@ -41,10 +35,6 @@ const serverToolRegistry: Record<string, BaseServerTool> = {
   [getCredentialsServerTool.name]: getCredentialsServerTool,
   [makeApiRequestServerTool.name]: makeApiRequestServerTool,
   [knowledgeBaseServerTool.name]: knowledgeBaseServerTool,
-  [workflowContextGetServerTool.name]: workflowContextGetServerTool,
-  [workflowContextExpandServerTool.name]: workflowContextExpandServerTool,
-  [workflowChangeServerTool.name]: workflowChangeServerTool,
-  [workflowVerifyServerTool.name]: workflowVerifyServerTool,
 }
 
 /**

apps/sim/lib/copilot/tools/server/workflow/change-store.ts

@@ -1,93 +0,0 @@
-import crypto from 'crypto'
-
-type StoreEntry<T> = {
-  value: T
-  expiresAt: number
-}
-
-const DEFAULT_TTL_MS = 30 * 60 * 1000
-const MAX_ENTRIES = 500
-
-class TTLStore<T> {
-  private readonly data = new Map<string, StoreEntry<T>>()
-
-  constructor(private readonly ttlMs = DEFAULT_TTL_MS) {}
-
-  set(value: T): string {
-    this.gc()
-    if (this.data.size >= MAX_ENTRIES) {
-      const firstKey = this.data.keys().next().value as string | undefined
-      if (firstKey) {
-        this.data.delete(firstKey)
-      }
-    }
-    const id = crypto.randomUUID()
-    this.data.set(id, {
-      value,
-      expiresAt: Date.now() + this.ttlMs,
-    })
-    return id
-  }
-
-  get(id: string): T | null {
-    const entry = this.data.get(id)
-    if (!entry) return null
-    if (entry.expiresAt <= Date.now()) {
-      this.data.delete(id)
-      return null
-    }
-    return entry.value
-  }
-
-  private gc(): void {
-    const now = Date.now()
-    for (const [key, entry] of this.data.entries()) {
-      if (entry.expiresAt <= now) {
-        this.data.delete(key)
-      }
-    }
-  }
-}
-
-export type WorkflowContextPack = {
-  workflowId: string
-  snapshotHash: string
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  schemasByType: Record<string, any>
-  schemaRefsByType: Record<string, string>
-  summary: Record<string, any>
-}
-
-export type WorkflowChangeProposal = {
-  workflowId: string
-  baseSnapshotHash: string
-  compiledOperations: Array<Record<string, any>>
-  diffSummary: Record<string, any>
-  warnings: string[]
-  diagnostics: string[]
-  touchedBlocks: string[]
-}
-
-const contextPackStore = new TTLStore<WorkflowContextPack>()
-const proposalStore = new TTLStore<WorkflowChangeProposal>()
-
-export function saveContextPack(pack: WorkflowContextPack): string {
-  return contextPackStore.set(pack)
-}
-
-export function getContextPack(id: string): WorkflowContextPack | null {
-  return contextPackStore.get(id)
-}
-
-export function saveProposal(proposal: WorkflowChangeProposal): string {
-  return proposalStore.set(proposal)
-}
-
-export function getProposal(id: string): WorkflowChangeProposal | null {
-  return proposalStore.get(id)
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-change.ts

@@ -1,987 +0,0 @@
-import crypto from 'crypto'
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { getCredentialsServerTool } from '@/lib/copilot/tools/server/user/get-credentials'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { getBlock } from '@/blocks/registry'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
-import {
-  getContextPack,
-  getProposal,
-  saveProposal,
-  type WorkflowChangeProposal,
-} from './change-store'
-import { editWorkflowServerTool } from './edit-workflow'
-import { applyOperationsToWorkflowState } from './edit-workflow/engine'
-import { preValidateCredentialInputs } from './edit-workflow/validation'
-import { hashWorkflowState, loadWorkflowStateFromDb } from './workflow-state'
-
-const logger = createLogger('WorkflowChangeServerTool')
-
-const TargetSchema = z
-  .object({
-    blockId: z.string().optional(),
-    alias: z.string().optional(),
-    match: z
-      .object({
-        type: z.string().optional(),
-        name: z.string().optional(),
-      })
-      .optional(),
-  })
-  .strict()
-
-const CredentialSelectionSchema = z
-  .object({
-    strategy: z.enum(['first_connected', 'by_id', 'by_name']).optional(),
-    id: z.string().optional(),
-    name: z.string().optional(),
-  })
-  .strict()
-
-const ChangeOperationSchema = z
-  .object({
-    op: z.enum(['set', 'unset', 'merge', 'append', 'remove', 'attach_credential']),
-    path: z.string().optional(),
-    value: z.any().optional(),
-    provider: z.string().optional(),
-    selection: CredentialSelectionSchema.optional(),
-    required: z.boolean().optional(),
-  })
-  .strict()
-
-const MutationSchema = z
-  .object({
-    action: z.enum([
-      'ensure_block',
-      'patch_block',
-      'remove_block',
-      'connect',
-      'disconnect',
-      'ensure_variable',
-      'set_variable',
-    ]),
-    target: TargetSchema.optional(),
-    type: z.string().optional(),
-    name: z.string().optional(),
-    inputs: z.record(z.any()).optional(),
-    triggerMode: z.boolean().optional(),
-    advancedMode: z.boolean().optional(),
-    enabled: z.boolean().optional(),
-    changes: z.array(ChangeOperationSchema).optional(),
-    from: TargetSchema.optional(),
-    to: TargetSchema.optional(),
-    handle: z.string().optional(),
-    toHandle: z.string().optional(),
-    mode: z.enum(['set', 'append', 'remove']).optional(),
-  })
-  .strict()
-
-const LinkEndpointSchema = z
-  .object({
-    blockId: z.string().optional(),
-    alias: z.string().optional(),
-    match: z
-      .object({
-        type: z.string().optional(),
-        name: z.string().optional(),
-      })
-      .optional(),
-    handle: z.string().optional(),
-  })
-  .strict()
-
-const LinkSchema = z
-  .object({
-    from: LinkEndpointSchema,
-    to: LinkEndpointSchema,
-    mode: z.enum(['set', 'append', 'remove']).optional(),
-  })
-  .strict()
-
-const ChangeSpecSchema = z
-  .object({
-    objective: z.string().optional(),
-    constraints: z.record(z.any()).optional(),
-    resources: z.record(z.any()).optional(),
-    mutations: z.array(MutationSchema).optional(),
-    links: z.array(LinkSchema).optional(),
-    acceptance: z.array(z.any()).optional(),
-  })
-  .strict()
-
-const WorkflowChangeInputSchema = z
-  .object({
-    mode: z.enum(['dry_run', 'apply']),
-    workflowId: z.string().optional(),
-    contextPackId: z.string().optional(),
-    proposalId: z.string().optional(),
-    baseSnapshotHash: z.string().optional(),
-    expectedSnapshotHash: z.string().optional(),
-    changeSpec: ChangeSpecSchema.optional(),
-  })
-  .strict()
-
-type WorkflowChangeParams = z.input<typeof WorkflowChangeInputSchema>
-type ChangeSpec = z.input<typeof ChangeSpecSchema>
-type TargetRef = z.input<typeof TargetSchema>
-type ChangeOperation = z.input<typeof ChangeOperationSchema>
-
-type CredentialRecord = {
-  id: string
-  name: string
-  provider: string
-  isDefault?: boolean
-}
-
-type ConnectionTarget = {
-  block: string
-  handle?: string
-}
-
-type ConnectionState = Map<string, Map<string, ConnectionTarget[]>>
-
-function createDraftBlockId(seed?: string): string {
-  const suffix = crypto.randomUUID().slice(0, 8)
-  const base = seed ? seed.replace(/[^a-zA-Z0-9]/g, '').slice(0, 24) : 'draft'
-  return `${base || 'draft'}_${suffix}`
-}
-
-function normalizeHandle(handle?: string): string {
-  if (!handle) return 'source'
-  if (handle === 'success') return 'source'
-  return handle
-}
-
-function deepClone<T>(value: T): T {
-  return JSON.parse(JSON.stringify(value))
-}
-
-function stableUnique(values: string[]): string[] {
-  return [...new Set(values.filter(Boolean))]
-}
-
-function buildConnectionState(workflowState: {
-  edges: Array<Record<string, any>>
-}): ConnectionState {
-  const state: ConnectionState = new Map()
-  for (const edge of workflowState.edges || []) {
-    const source = String(edge.source || '')
-    const target = String(edge.target || '')
-    if (!source || !target) continue
-    const sourceHandle = normalizeHandle(String(edge.sourceHandle || 'source'))
-    const targetHandle = edge.targetHandle ? String(edge.targetHandle) : undefined
-
-    let handleMap = state.get(source)
-    if (!handleMap) {
-      handleMap = new Map()
-      state.set(source, handleMap)
-    }
-    const existing = handleMap.get(sourceHandle) || []
-    existing.push({ block: target, handle: targetHandle })
-    handleMap.set(sourceHandle, existing)
-  }
-  return state
-}
-
-function connectionStateToPayload(state: Map<string, ConnectionTarget[]>): Record<string, any> {
-  const payload: Record<string, any> = {}
-  for (const [handle, targets] of state.entries()) {
-    if (!targets || targets.length === 0) continue
-    const normalizedTargets = targets.map((target) => {
-      if (!target.handle || target.handle === 'target') {
-        return target.block
-      }
-      return { block: target.block, handle: target.handle }
-    })
-    payload[handle] = normalizedTargets.length === 1 ? normalizedTargets[0] : normalizedTargets
-  }
-  return payload
-}
-
-function findMatchingBlockId(
-  workflowState: { blocks: Record<string, any> },
-  target: TargetRef
-): string | null {
-  if (target.blockId && workflowState.blocks[target.blockId]) {
-    return target.blockId
-  }
-
-  if (target.match) {
-    const type = target.match.type
-    const name = target.match.name?.toLowerCase()
-    const matches = Object.entries(workflowState.blocks || {}).filter(([_, block]) => {
-      const blockType = String((block as Record<string, unknown>).type || '')
-      const blockName = String((block as Record<string, unknown>).name || '').toLowerCase()
-      const typeOk = type ? blockType === type : true
-      const nameOk = name ? blockName === name : true
-      return typeOk && nameOk
-    })
-    if (matches.length === 1) {
-      return matches[0][0]
-    }
-    if (matches.length > 1) {
-      throw new Error(
-        `ambiguous_target: target match resolved to ${matches.length} blocks (${matches.map(([id]) => id).join(', ')})`
-      )
-    }
-  }
-
-  return null
-}
-
-function getNestedValue(value: any, path: string[]): any {
-  let cursor = value
-  for (const segment of path) {
-    if (cursor == null || typeof cursor !== 'object') return undefined
-    cursor = cursor[segment]
-  }
-  return cursor
-}
-
-function setNestedValue(base: any, path: string[], nextValue: any): any {
-  if (path.length === 0) return nextValue
-  const out = Array.isArray(base) ? [...base] : { ...(base || {}) }
-  let cursor: any = out
-  for (let i = 0; i < path.length - 1; i++) {
-    const key = path[i]
-    const current = cursor[key]
-    cursor[key] =
-      current && typeof current === 'object'
-        ? Array.isArray(current)
-          ? [...current]
-          : { ...current }
-        : {}
-    cursor = cursor[key]
-  }
-  cursor[path[path.length - 1]] = nextValue
-  return out
-}
-
-function removeArrayItem(arr: unknown[], value: unknown): unknown[] {
-  return arr.filter((item) => JSON.stringify(item) !== JSON.stringify(value))
-}
-
-function selectCredentialId(
-  availableCredentials: CredentialRecord[],
-  provider: string,
-  selection: z.infer<typeof CredentialSelectionSchema> | undefined
-): string | null {
-  const providerLower = provider.toLowerCase()
-  const providerMatches = availableCredentials.filter((credential) => {
-    const credentialProvider = credential.provider.toLowerCase()
-    return (
-      credentialProvider === providerLower || credentialProvider.startsWith(`${providerLower}-`)
-    )
-  })
-
-  const pool = providerMatches.length > 0 ? providerMatches : availableCredentials
-  const strategy = selection?.strategy || 'first_connected'
-
-  if (strategy === 'by_id') {
-    const id = selection?.id
-    if (!id) return null
-    return pool.find((credential) => credential.id === id)?.id || null
-  }
-
-  if (strategy === 'by_name') {
-    const name = selection?.name?.toLowerCase()
-    if (!name) return null
-    const exact = pool.find((credential) => credential.name.toLowerCase() === name)
-    if (exact) return exact.id
-    const partial = pool.find((credential) => credential.name.toLowerCase().includes(name))
-    return partial?.id || null
-  }
-
-  const defaultCredential = pool.find((credential) => credential.isDefault)
-  if (defaultCredential) return defaultCredential.id
-  return pool[0]?.id || null
-}
-
-function selectCredentialFieldId(blockType: string, provider: string): string | null {
-  const blockConfig = getBlock(blockType)
-  if (!blockConfig) return null
-
-  const oauthFields = (blockConfig.subBlocks || []).filter(
-    (subBlock) => subBlock.type === 'oauth-input'
-  )
-  if (oauthFields.length === 0) return null
-
-  const providerKey = provider.replace(/[^a-zA-Z0-9]/g, '').toLowerCase()
-  const fieldMatch = oauthFields.find((subBlock) =>
-    subBlock.id
-      .replace(/[^a-zA-Z0-9]/g, '')
-      .toLowerCase()
-      .includes(providerKey)
-  )
-  if (fieldMatch) return fieldMatch.id
-  return oauthFields[0].id
-}
-
-function ensureConnectionTarget(
-  existing: ConnectionTarget[],
-  target: ConnectionTarget,
-  mode: 'set' | 'append' | 'remove'
-): ConnectionTarget[] {
-  if (mode === 'set') {
-    return [target]
-  }
-
-  if (mode === 'remove') {
-    return existing.filter(
-      (item) =>
-        !(item.block === target.block && (item.handle || 'target') === (target.handle || 'target'))
-    )
-  }
-
-  const duplicate = existing.some(
-    (item) =>
-      item.block === target.block && (item.handle || 'target') === (target.handle || 'target')
-  )
-  if (duplicate) return existing
-  return [...existing, target]
-}
-
-async function compileChangeSpec(params: {
-  changeSpec: ChangeSpec
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  userId: string
-  workflowId: string
-}): Promise<{
-  operations: Array<Record<string, any>>
-  warnings: string[]
-  diagnostics: string[]
-  touchedBlocks: string[]
-}> {
-  const { changeSpec, workflowState, userId, workflowId } = params
-  const operations: Array<Record<string, any>> = []
-  const diagnostics: string[] = []
-  const warnings: string[] = []
-  const touchedBlocks = new Set<string>()
-
-  const aliasMap = new Map<string, string>()
-  const workingState = deepClone(workflowState)
-  const connectionState = buildConnectionState(workingState)
-  const connectionTouchedSources = new Set<string>()
-  const plannedBlockTypes = new Map<string, string>()
-
-  // Seed aliases from existing block names.
-  for (const [blockId, block] of Object.entries(workingState.blocks || {})) {
-    const blockName = String((block as Record<string, unknown>).name || '')
-    if (!blockName) continue
-    const normalizedAlias = blockName.replace(/[^a-zA-Z0-9]/g, '')
-    if (normalizedAlias && !aliasMap.has(normalizedAlias)) {
-      aliasMap.set(normalizedAlias, blockId)
-    }
-  }
-
-  const credentialsResponse = await getCredentialsServerTool.execute({ workflowId }, { userId })
-  const availableCredentials: CredentialRecord[] =
-    credentialsResponse?.oauth?.connected?.credentials?.map((credential: any) => ({
-      id: String(credential.id || ''),
-      name: String(credential.name || ''),
-      provider: String(credential.provider || ''),
-      isDefault: Boolean(credential.isDefault),
-    })) || []
-
-  const resolveTarget = (
-    target: TargetRef | undefined,
-    allowCreateAlias = false
-  ): string | null => {
-    if (!target) return null
-    if (target.blockId) {
-      if (workingState.blocks[target.blockId] || plannedBlockTypes.has(target.blockId)) {
-        return target.blockId
-      }
-      return allowCreateAlias ? target.blockId : null
-    }
-
-    if (target.alias) {
-      if (aliasMap.has(target.alias)) return aliasMap.get(target.alias) || null
-      const byMatch = findMatchingBlockId(workingState, { alias: target.alias })
-      if (byMatch) {
-        aliasMap.set(target.alias, byMatch)
-        return byMatch
-      }
-      return allowCreateAlias ? target.alias : null
-    }
-
-    const matched = findMatchingBlockId(workingState, target)
-    if (matched) return matched
-    return null
-  }
-
-  const applyPatchChange = (
-    targetId: string,
-    blockType: string | null,
-    change: ChangeOperation,
-    paramsOut: Record<string, any>
-  ): void => {
-    if (change.op === 'attach_credential') {
-      const provider = change.provider
-      if (!provider) {
-        diagnostics.push(`attach_credential on ${targetId} is missing provider`)
-        return
-      }
-      if (!blockType) {
-        diagnostics.push(`attach_credential on ${targetId} failed: unknown block type`)
-        return
-      }
-      const credentialFieldId = selectCredentialFieldId(blockType, provider)
-      if (!credentialFieldId) {
-        const msg = `No oauth input field found for block type "${blockType}" on ${targetId}`
-        if (change.required) diagnostics.push(msg)
-        else warnings.push(msg)
-        return
-      }
-
-      const credentialId = selectCredentialId(availableCredentials, provider, change.selection)
-      if (!credentialId) {
-        const msg = `No credential found for provider "${provider}" on ${targetId}`
-        if (change.required) diagnostics.push(msg)
-        else warnings.push(msg)
-        return
-      }
-
-      paramsOut.inputs = paramsOut.inputs || {}
-      paramsOut.inputs[credentialFieldId] = credentialId
-      return
-    }
-
-    if (!change.path) {
-      diagnostics.push(`${change.op} on ${targetId} requires a path`)
-      return
-    }
-
-    const pathSegments = change.path.split('.').filter(Boolean)
-    if (pathSegments.length === 0) {
-      diagnostics.push(`${change.op} on ${targetId} has an invalid path "${change.path}"`)
-      return
-    }
-
-    if (pathSegments[0] === 'inputs') {
-      const inputKey = pathSegments[1]
-      if (!inputKey) {
-        diagnostics.push(`${change.op} on ${targetId} has invalid input path "${change.path}"`)
-        return
-      }
-
-      const currentInputValue =
-        paramsOut.inputs?.[inputKey] ??
-        workingState.blocks[targetId]?.subBlocks?.[inputKey]?.value ??
-        null
-
-      let nextInputValue = currentInputValue
-      const nestedPath = pathSegments.slice(2)
-
-      if (change.op === 'set') {
-        nextInputValue =
-          nestedPath.length > 0
-            ? setNestedValue(currentInputValue ?? {}, nestedPath, change.value)
-            : change.value
-      } else if (change.op === 'unset') {
-        nextInputValue =
-          nestedPath.length > 0 ? setNestedValue(currentInputValue ?? {}, nestedPath, null) : null
-      } else if (change.op === 'merge') {
-        if (nestedPath.length > 0) {
-          const baseObject = getNestedValue(currentInputValue ?? {}, nestedPath) || {}
-          if (
-            baseObject &&
-            typeof baseObject === 'object' &&
-            change.value &&
-            typeof change.value === 'object'
-          ) {
-            nextInputValue = setNestedValue(currentInputValue ?? {}, nestedPath, {
-              ...baseObject,
-              ...(change.value as Record<string, unknown>),
-            })
-          } else {
-            diagnostics.push(`merge on ${targetId} at "${change.path}" requires object values`)
-            return
-          }
-        } else if (
-          currentInputValue &&
-          typeof currentInputValue === 'object' &&
-          !Array.isArray(currentInputValue) &&
-          change.value &&
-          typeof change.value === 'object' &&
-          !Array.isArray(change.value)
-        ) {
-          nextInputValue = { ...currentInputValue, ...(change.value as Record<string, unknown>) }
-        } else if (currentInputValue == null && change.value && typeof change.value === 'object') {
-          nextInputValue = change.value
-        } else {
-          diagnostics.push(`merge on ${targetId} at "${change.path}" requires object values`)
-          return
-        }
-      } else if (change.op === 'append') {
-        const arr = Array.isArray(currentInputValue) ? [...currentInputValue] : []
-        arr.push(change.value)
-        nextInputValue = arr
-      } else if (change.op === 'remove') {
-        if (!Array.isArray(currentInputValue)) {
-          diagnostics.push(`remove on ${targetId} at "${change.path}" requires an array value`)
-          return
-        }
-        nextInputValue = removeArrayItem(currentInputValue, change.value)
-      }
-
-      paramsOut.inputs = paramsOut.inputs || {}
-      paramsOut.inputs[inputKey] = nextInputValue
-      return
-    }
-
-    if (pathSegments.length !== 1) {
-      diagnostics.push(
-        `Unsupported path "${change.path}" on ${targetId}. Use inputs.* or top-level field names.`
-      )
-      return
-    }
-    const topLevelField = pathSegments[0]
-    if (!['name', 'type', 'triggerMode', 'advancedMode', 'enabled'].includes(topLevelField)) {
-      diagnostics.push(`Unsupported top-level path "${change.path}" on ${targetId}`)
-      return
-    }
-    paramsOut[topLevelField] = change.op === 'unset' ? null : change.value
-  }
-
-  for (const mutation of changeSpec.mutations || []) {
-    if (mutation.action === 'ensure_block') {
-      const targetId = resolveTarget(mutation.target, true)
-      if (!targetId) {
-        diagnostics.push('ensure_block is missing a resolvable target')
-        continue
-      }
-
-      const existingBlock = workingState.blocks[targetId]
-      if (existingBlock) {
-        const editParams: Record<string, any> = {}
-        if (mutation.name) editParams.name = mutation.name
-        if (mutation.type) editParams.type = mutation.type
-        if (mutation.inputs) editParams.inputs = mutation.inputs
-        if (mutation.triggerMode !== undefined) editParams.triggerMode = mutation.triggerMode
-        if (mutation.advancedMode !== undefined) editParams.advancedMode = mutation.advancedMode
-        if (mutation.enabled !== undefined) editParams.enabled = mutation.enabled
-        operations.push({
-          operation_type: 'edit',
-          block_id: targetId,
-          params: editParams,
-        })
-        touchedBlocks.add(targetId)
-      } else {
-        if (!mutation.type || !mutation.name) {
-          diagnostics.push(`ensure_block for "${targetId}" requires type and name when creating`)
-          continue
-        }
-        const blockId =
-          mutation.target?.blockId || mutation.target?.alias || createDraftBlockId(mutation.name)
-        const addParams: Record<string, any> = {
-          type: mutation.type,
-          name: mutation.name,
-        }
-        if (mutation.inputs) addParams.inputs = mutation.inputs
-        if (mutation.triggerMode !== undefined) addParams.triggerMode = mutation.triggerMode
-        if (mutation.advancedMode !== undefined) addParams.advancedMode = mutation.advancedMode
-        if (mutation.enabled !== undefined) addParams.enabled = mutation.enabled
-        operations.push({
-          operation_type: 'add',
-          block_id: blockId,
-          params: addParams,
-        })
-        workingState.blocks[blockId] = {
-          id: blockId,
-          type: mutation.type,
-          name: mutation.name,
-          subBlocks: Object.fromEntries(
-            Object.entries(mutation.inputs || {}).map(([key, value]) => [
-              key,
-              { id: key, value, type: 'short-input' },
-            ])
-          ),
-          triggerMode: mutation.triggerMode || false,
-          advancedMode: mutation.advancedMode || false,
-          enabled: mutation.enabled !== undefined ? mutation.enabled : true,
-        }
-        plannedBlockTypes.set(blockId, mutation.type)
-        touchedBlocks.add(blockId)
-        if (mutation.target?.alias) aliasMap.set(mutation.target.alias, blockId)
-      }
-      continue
-    }
-
-    if (mutation.action === 'patch_block') {
-      const targetId = resolveTarget(mutation.target)
-      if (!targetId) {
-        diagnostics.push('patch_block target could not be resolved')
-        continue
-      }
-      const blockType =
-        String(workingState.blocks[targetId]?.type || '') || plannedBlockTypes.get(targetId) || null
-
-      const editParams: Record<string, any> = {}
-      for (const change of mutation.changes || []) {
-        applyPatchChange(targetId, blockType, change, editParams)
-      }
-      if (Object.keys(editParams).length === 0) {
-        warnings.push(`patch_block for ${targetId} had no effective changes`)
-        continue
-      }
-      operations.push({
-        operation_type: 'edit',
-        block_id: targetId,
-        params: editParams,
-      })
-      touchedBlocks.add(targetId)
-      continue
-    }
-
-    if (mutation.action === 'remove_block') {
-      const targetId = resolveTarget(mutation.target)
-      if (!targetId) {
-        diagnostics.push('remove_block target could not be resolved')
-        continue
-      }
-      operations.push({
-        operation_type: 'delete',
-        block_id: targetId,
-        params: {},
-      })
-      touchedBlocks.add(targetId)
-      connectionState.delete(targetId)
-      for (const [source, handles] of connectionState.entries()) {
-        for (const [handle, targets] of handles.entries()) {
-          const nextTargets = targets.filter((target) => target.block !== targetId)
-          handles.set(handle, nextTargets)
-        }
-        connectionTouchedSources.add(source)
-      }
-      continue
-    }
-
-    if (mutation.action === 'connect' || mutation.action === 'disconnect') {
-      const from = resolveTarget(mutation.from)
-      const to = resolveTarget(mutation.to)
-      if (!from || !to) {
-        diagnostics.push(`${mutation.action} requires resolvable from/to targets`)
-        continue
-      }
-      const sourceHandle = normalizeHandle(mutation.handle)
-      const targetHandle = mutation.toHandle || 'target'
-      let sourceMap = connectionState.get(from)
-      if (!sourceMap) {
-        sourceMap = new Map()
-        connectionState.set(from, sourceMap)
-      }
-      const existingTargets = sourceMap.get(sourceHandle) || []
-      const mode = mutation.action === 'disconnect' ? 'remove' : mutation.mode || 'set'
-      const nextTargets = ensureConnectionTarget(
-        existingTargets,
-        { block: to, handle: targetHandle },
-        mode
-      )
-      sourceMap.set(sourceHandle, nextTargets)
-      connectionTouchedSources.add(from)
-      touchedBlocks.add(from)
-    }
-  }
-
-  for (const link of changeSpec.links || []) {
-    const from = resolveTarget(
-      {
-        blockId: link.from.blockId,
-        alias: link.from.alias,
-        match: link.from.match,
-      },
-      true
-    )
-    const to = resolveTarget(
-      {
-        blockId: link.to.blockId,
-        alias: link.to.alias,
-        match: link.to.match,
-      },
-      true
-    )
-    if (!from || !to) {
-      diagnostics.push('link contains unresolved from/to target')
-      continue
-    }
-
-    const sourceHandle = normalizeHandle(link.from.handle)
-    const targetHandle = link.to.handle || 'target'
-    let sourceMap = connectionState.get(from)
-    if (!sourceMap) {
-      sourceMap = new Map()
-      connectionState.set(from, sourceMap)
-    }
-    const existingTargets = sourceMap.get(sourceHandle) || []
-    const nextTargets = ensureConnectionTarget(
-      existingTargets,
-      { block: to, handle: targetHandle },
-      link.mode || 'set'
-    )
-    sourceMap.set(sourceHandle, nextTargets)
-    connectionTouchedSources.add(from)
-    touchedBlocks.add(from)
-  }
-
-  for (const sourceBlockId of stableUnique([...connectionTouchedSources])) {
-    if (!connectionState.has(sourceBlockId)) continue
-    const sourceConnections = connectionState.get(sourceBlockId)!
-    operations.push({
-      operation_type: 'edit',
-      block_id: sourceBlockId,
-      params: {
-        connections: connectionStateToPayload(sourceConnections),
-      },
-    })
-  }
-
-  return {
-    operations,
-    warnings,
-    diagnostics,
-    touchedBlocks: [...touchedBlocks],
-  }
-}
-
-function summarizeDiff(
-  beforeState: { blocks: Record<string, any>; edges: Array<Record<string, any>> },
-  afterState: { blocks: Record<string, any>; edges: Array<Record<string, any>> },
-  operations: Array<Record<string, any>>
-): Record<string, any> {
-  const beforeBlocks = Object.keys(beforeState.blocks || {}).length
-  const afterBlocks = Object.keys(afterState.blocks || {}).length
-  const beforeEdges = (beforeState.edges || []).length
-  const afterEdges = (afterState.edges || []).length
-
-  const counts = operations.reduce<Record<string, number>>((acc, operation) => {
-    const opType = String(operation.operation_type || 'unknown')
-    acc[opType] = (acc[opType] || 0) + 1
-    return acc
-  }, {})
-
-  return {
-    operationCounts: counts,
-    blocks: {
-      before: beforeBlocks,
-      after: afterBlocks,
-      delta: afterBlocks - beforeBlocks,
-    },
-    edges: {
-      before: beforeEdges,
-      after: afterEdges,
-      delta: afterEdges - beforeEdges,
-    },
-  }
-}
-
-async function validateAndSimulateOperations(params: {
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  operations: Array<Record<string, any>>
-  userId: string
-}): Promise<{
-  operationsForApply: Array<Record<string, any>>
-  simulatedState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  warnings: string[]
-  diagnostics: string[]
-}> {
-  const diagnostics: string[] = []
-  const warnings: string[] = []
-
-  const permissionConfig = await getUserPermissionConfig(params.userId)
-  const { filteredOperations, errors: preValidationErrors } = await preValidateCredentialInputs(
-    params.operations as any,
-    { userId: params.userId },
-    params.workflowState
-  )
-  for (const error of preValidationErrors) {
-    warnings.push(error.error)
-  }
-
-  const { state, validationErrors, skippedItems } = applyOperationsToWorkflowState(
-    params.workflowState,
-    filteredOperations as any,
-    permissionConfig
-  )
-
-  for (const validationError of validationErrors) {
-    warnings.push(validationError.error)
-  }
-  for (const skippedItem of skippedItems) {
-    warnings.push(skippedItem.reason)
-  }
-
-  if (Object.keys(state.blocks || {}).length === 0) {
-    diagnostics.push('Simulation produced an empty workflow state')
-  }
-
-  return {
-    operationsForApply: filteredOperations as Array<Record<string, any>>,
-    simulatedState: state,
-    warnings,
-    diagnostics,
-  }
-}
-
-export const workflowChangeServerTool: BaseServerTool<WorkflowChangeParams, any> = {
-  name: 'workflow_change',
-  inputSchema: WorkflowChangeInputSchema,
-  async execute(params: WorkflowChangeParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    if (params.mode === 'dry_run') {
-      const workflowId = params.workflowId || getContextPack(params.contextPackId || '')?.workflowId
-      if (!workflowId) {
-        throw new Error('workflowId is required for dry_run')
-      }
-      if (!params.changeSpec) {
-        throw new Error('changeSpec is required for dry_run')
-      }
-
-      const authorization = await authorizeWorkflowByWorkspacePermission({
-        workflowId,
-        userId: context.userId,
-        action: 'write',
-      })
-      if (!authorization.allowed) {
-        throw new Error(authorization.message || 'Unauthorized workflow access')
-      }
-
-      const { workflowState } = await loadWorkflowStateFromDb(workflowId)
-      const currentHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-      const requestedHash = params.baseSnapshotHash
-      if (requestedHash && requestedHash !== currentHash) {
-        throw new Error(
-          `snapshot_mismatch: expected ${requestedHash} but current state is ${currentHash}`
-        )
-      }
-
-      const compileResult = await compileChangeSpec({
-        changeSpec: params.changeSpec,
-        workflowState,
-        userId: context.userId,
-        workflowId,
-      })
-
-      const simulation = await validateAndSimulateOperations({
-        workflowState,
-        operations: compileResult.operations,
-        userId: context.userId,
-      })
-
-      const diffSummary = summarizeDiff(
-        workflowState,
-        simulation.simulatedState,
-        simulation.operationsForApply
-      )
-      const diagnostics = [...compileResult.diagnostics, ...simulation.diagnostics]
-      const warnings = [...compileResult.warnings, ...simulation.warnings]
-
-      const proposal: WorkflowChangeProposal = {
-        workflowId,
-        baseSnapshotHash: currentHash,
-        compiledOperations: simulation.operationsForApply,
-        diffSummary,
-        warnings,
-        diagnostics,
-        touchedBlocks: compileResult.touchedBlocks,
-      }
-      const proposalId = saveProposal(proposal)
-
-      logger.info('Compiled workflow_change dry run', {
-        workflowId,
-        proposalId,
-        operationCount: proposal.compiledOperations.length,
-        warningCount: warnings.length,
-        diagnosticsCount: diagnostics.length,
-      })
-
-      return {
-        success: diagnostics.length === 0,
-        mode: 'dry_run',
-        workflowId,
-        proposalId,
-        baseSnapshotHash: currentHash,
-        compiledOperations: proposal.compiledOperations,
-        diffSummary,
-        warnings,
-        diagnostics,
-        touchedBlocks: proposal.touchedBlocks,
-      }
-    }
-
-    // apply mode
-    const proposalId = params.proposalId
-    if (!proposalId) {
-      throw new Error('proposalId is required for apply')
-    }
-
-    const proposal = getProposal(proposalId)
-    if (!proposal) {
-      throw new Error(`Proposal not found or expired: ${proposalId}`)
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: proposal.workflowId,
-      userId: context.userId,
-      action: 'write',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(proposal.workflowId)
-    const currentHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-    const expectedHash = params.expectedSnapshotHash || proposal.baseSnapshotHash
-    if (expectedHash && expectedHash !== currentHash) {
-      throw new Error(`snapshot_mismatch: expected ${expectedHash} but current is ${currentHash}`)
-    }
-
-    const applyResult = await editWorkflowServerTool.execute(
-      {
-        workflowId: proposal.workflowId,
-        operations: proposal.compiledOperations as any,
-      },
-      { userId: context.userId }
-    )
-
-    const appliedWorkflowState = (applyResult as any)?.workflowState
-    const newSnapshotHash = appliedWorkflowState
-      ? hashWorkflowState(appliedWorkflowState as Record<string, unknown>)
-      : null
-
-    return {
-      success: true,
-      mode: 'apply',
-      workflowId: proposal.workflowId,
-      proposalId,
-      baseSnapshotHash: proposal.baseSnapshotHash,
-      newSnapshotHash,
-      operations: proposal.compiledOperations,
-      workflowState: appliedWorkflowState || null,
-      appliedDiff: proposal.diffSummary,
-      warnings: proposal.warnings,
-      diagnostics: proposal.diagnostics,
-      editResult: applyResult,
-    }
-  },
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-context.ts

@@ -1,158 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { getContextPack, saveContextPack } from './change-store'
-import {
-  buildSchemasByType,
-  getAllKnownBlockTypes,
-  hashWorkflowState,
-  loadWorkflowStateFromDb,
-  summarizeWorkflowState,
-} from './workflow-state'
-
-const logger = createLogger('WorkflowContextServerTool')
-
-const WorkflowContextGetInputSchema = z.object({
-  workflowId: z.string(),
-  objective: z.string().optional(),
-  includeBlockTypes: z.array(z.string()).optional(),
-  includeAllSchemas: z.boolean().optional(),
-})
-
-type WorkflowContextGetParams = z.infer<typeof WorkflowContextGetInputSchema>
-
-const WorkflowContextExpandInputSchema = z.object({
-  contextPackId: z.string(),
-  blockTypes: z.array(z.string()).optional(),
-  schemaRefs: z.array(z.string()).optional(),
-})
-
-type WorkflowContextExpandParams = z.infer<typeof WorkflowContextExpandInputSchema>
-
-function parseSchemaRefToBlockType(schemaRef: string): string | null {
-  if (!schemaRef) return null
-  const [blockType] = schemaRef.split('@')
-  return blockType || null
-}
-
-function buildAvailableBlockCatalog(
-  schemaRefsByType: Record<string, string>
-): Array<Record<string, any>> {
-  return Object.entries(schemaRefsByType)
-    .sort((a, b) => a[0].localeCompare(b[0]))
-    .map(([blockType, schemaRef]) => ({
-      blockType,
-      schemaRef,
-    }))
-}
-
-export const workflowContextGetServerTool: BaseServerTool<WorkflowContextGetParams, any> = {
-  name: 'workflow_context_get',
-  inputSchema: WorkflowContextGetInputSchema,
-  async execute(params: WorkflowContextGetParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: params.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(params.workflowId)
-    const snapshotHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-
-    const blockTypesInWorkflow = Object.values(workflowState.blocks || {}).map((block: any) =>
-      String(block?.type || '')
-    )
-    const requestedTypes = params.includeBlockTypes || []
-    const includeAllSchemas = params.includeAllSchemas === true
-    const candidateTypes = includeAllSchemas
-      ? getAllKnownBlockTypes()
-      : [...blockTypesInWorkflow, ...requestedTypes]
-    const { schemasByType, schemaRefsByType } = buildSchemasByType(candidateTypes)
-
-    const summary = summarizeWorkflowState(workflowState)
-    const packId = saveContextPack({
-      workflowId: params.workflowId,
-      snapshotHash,
-      workflowState,
-      schemasByType,
-      schemaRefsByType,
-      summary: {
-        ...summary,
-        objective: params.objective || null,
-      },
-    })
-
-    logger.info('Generated workflow context pack', {
-      workflowId: params.workflowId,
-      contextPackId: packId,
-      schemaCount: Object.keys(schemaRefsByType).length,
-    })
-
-    return {
-      success: true,
-      contextPackId: packId,
-      workflowId: params.workflowId,
-      snapshotHash,
-      summary: {
-        ...summary,
-        objective: params.objective || null,
-      },
-      schemaRefsByType,
-      availableBlockCatalog: buildAvailableBlockCatalog(schemaRefsByType),
-      inScopeSchemas: schemasByType,
-    }
-  },
-}
-
-export const workflowContextExpandServerTool: BaseServerTool<WorkflowContextExpandParams, any> = {
-  name: 'workflow_context_expand',
-  inputSchema: WorkflowContextExpandInputSchema,
-  async execute(params: WorkflowContextExpandParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const contextPack = getContextPack(params.contextPackId)
-    if (!contextPack) {
-      throw new Error(`Context pack not found or expired: ${params.contextPackId}`)
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: contextPack.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const requestedBlockTypes = new Set<string>()
-    for (const blockType of params.blockTypes || []) {
-      if (blockType) requestedBlockTypes.add(blockType)
-    }
-    for (const schemaRef of params.schemaRefs || []) {
-      const blockType = parseSchemaRefToBlockType(schemaRef)
-      if (blockType) requestedBlockTypes.add(blockType)
-    }
-
-    const typesToExpand = [...requestedBlockTypes]
-    const { schemasByType, schemaRefsByType } = buildSchemasByType(typesToExpand)
-
-    return {
-      success: true,
-      contextPackId: params.contextPackId,
-      workflowId: contextPack.workflowId,
-      snapshotHash: contextPack.snapshotHash,
-      schemasByType,
-      schemaRefsByType,
-    }
-  },
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-state.ts

@@ -1,226 +0,0 @@
-import crypto from 'crypto'
-import { db } from '@sim/db'
-import { workflow as workflowTable } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
-import { getAllBlockTypes, getBlock } from '@/blocks/registry'
-import type { SubBlockConfig } from '@/blocks/types'
-
-const logger = createLogger('WorkflowContextState')
-
-function stableSortValue(value: any): any {
-  if (Array.isArray(value)) {
-    return value.map(stableSortValue)
-  }
-  if (value && typeof value === 'object') {
-    const sorted: Record<string, any> = {}
-    for (const key of Object.keys(value).sort()) {
-      sorted[key] = stableSortValue(value[key])
-    }
-    return sorted
-  }
-  return value
-}
-
-export function hashWorkflowState(state: Record<string, unknown>): string {
-  const stable = stableSortValue(state)
-  const payload = JSON.stringify(stable)
-  return `sha256:${crypto.createHash('sha256').update(payload).digest('hex')}`
-}
-
-function normalizeOptions(options: unknown): string[] | null {
-  if (!Array.isArray(options)) return null
-  const normalized = options
-    .map((option) => {
-      if (option == null) return null
-      if (typeof option === 'object') {
-        const optionRecord = option as Record<string, unknown>
-        const id = optionRecord.id
-        if (typeof id === 'string') return id
-        const label = optionRecord.label
-        if (typeof label === 'string') return label
-        return null
-      }
-      return String(option)
-    })
-    .filter((value): value is string => Boolean(value))
-  return normalized.length > 0 ? normalized : null
-}
-
-function serializeRequired(required: SubBlockConfig['required']): boolean | Record<string, any> {
-  if (typeof required === 'boolean') return required
-  if (!required) return false
-  if (typeof required === 'object') {
-    const out: Record<string, any> = {}
-    const record = required as Record<string, unknown>
-    for (const key of ['field', 'operator', 'value']) {
-      if (record[key] !== undefined) {
-        out[key] = record[key]
-      }
-    }
-    return out
-  }
-  return false
-}
-
-function serializeSubBlock(subBlock: SubBlockConfig): Record<string, unknown> {
-  const staticOptions =
-    typeof subBlock.options === 'function' ? null : normalizeOptions(subBlock.options)
-  return {
-    id: subBlock.id,
-    type: subBlock.type,
-    title: subBlock.title,
-    description: subBlock.description || null,
-    mode: subBlock.mode || null,
-    placeholder: subBlock.placeholder || null,
-    hidden: Boolean(subBlock.hidden),
-    multiSelect: Boolean(subBlock.multiSelect),
-    required: serializeRequired(subBlock.required),
-    hasDynamicOptions: typeof subBlock.options === 'function',
-    options: staticOptions,
-    defaultValue: subBlock.defaultValue ?? null,
-    min: subBlock.min ?? null,
-    max: subBlock.max ?? null,
-  }
-}
-
-function serializeBlockSchema(blockType: string): Record<string, unknown> | null {
-  const blockConfig = getBlock(blockType)
-  if (!blockConfig) return null
-
-  const subBlocks = Array.isArray(blockConfig.subBlocks)
-    ? blockConfig.subBlocks.map(serializeSubBlock)
-    : []
-  const outputs = blockConfig.outputs || {}
-  const outputKeys = Object.keys(outputs)
-
-  return {
-    blockType,
-    blockName: blockConfig.name || blockType,
-    category: blockConfig.category,
-    triggerAllowed: Boolean(blockConfig.triggerAllowed || blockConfig.triggers?.enabled),
-    hasTriggersConfig: Boolean(blockConfig.triggers?.enabled),
-    subBlocks,
-    outputKeys,
-    longDescription: blockConfig.longDescription || null,
-  }
-}
-
-export function buildSchemasByType(blockTypes: string[]): {
-  schemasByType: Record<string, any>
-  schemaRefsByType: Record<string, string>
-} {
-  const schemasByType: Record<string, any> = {}
-  const schemaRefsByType: Record<string, string> = {}
-
-  const uniqueTypes = [...new Set(blockTypes.filter(Boolean))]
-  for (const blockType of uniqueTypes) {
-    const schema = serializeBlockSchema(blockType)
-    if (!schema) continue
-    const stableSchema = stableSortValue(schema)
-    const schemaHash = crypto
-      .createHash('sha256')
-      .update(JSON.stringify(stableSchema))
-      .digest('hex')
-    schemasByType[blockType] = stableSchema
-    schemaRefsByType[blockType] = `${blockType}@sha256:${schemaHash}`
-  }
-
-  return { schemasByType, schemaRefsByType }
-}
-
-export async function loadWorkflowStateFromDb(workflowId: string): Promise<{
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  workspaceId?: string
-}> {
-  const [workflowRecord] = await db
-    .select({ workspaceId: workflowTable.workspaceId })
-    .from(workflowTable)
-    .where(eq(workflowTable.id, workflowId))
-    .limit(1)
-  if (!workflowRecord) {
-    throw new Error(`Workflow ${workflowId} not found`)
-  }
-
-  const normalized = await loadWorkflowFromNormalizedTables(workflowId)
-  if (!normalized) {
-    throw new Error(`Workflow ${workflowId} has no normalized data`)
-  }
-
-  const blocks = { ...normalized.blocks }
-  const invalidBlockIds: string[] = []
-  for (const [blockId, block] of Object.entries(blocks)) {
-    if (!(block as { type?: unknown })?.type) {
-      invalidBlockIds.push(blockId)
-    }
-  }
-
-  for (const blockId of invalidBlockIds) {
-    delete blocks[blockId]
-  }
-
-  const invalidSet = new Set(invalidBlockIds)
-  const edges = (normalized.edges || []).filter(
-    (edge: any) => !invalidSet.has(edge.source) && !invalidSet.has(edge.target)
-  )
-
-  if (invalidBlockIds.length > 0) {
-    logger.warn('Dropped blocks without type while loading workflow state', {
-      workflowId,
-      dropped: invalidBlockIds,
-    })
-  }
-
-  return {
-    workflowState: {
-      blocks,
-      edges,
-      loops: normalized.loops || {},
-      parallels: normalized.parallels || {},
-    },
-    workspaceId: workflowRecord.workspaceId || undefined,
-  }
-}
-
-export function summarizeWorkflowState(workflowState: {
-  blocks: Record<string, any>
-  edges: Array<Record<string, any>>
-  loops: Record<string, any>
-  parallels: Record<string, any>
-}): Record<string, unknown> {
-  const blocks = workflowState.blocks || {}
-  const edges = workflowState.edges || []
-  const blockTypes: Record<string, number> = {}
-  const triggerBlocks: Array<{ id: string; name: string; type: string }> = []
-
-  for (const [blockId, block] of Object.entries(blocks)) {
-    const blockType = String((block as Record<string, unknown>).type || 'unknown')
-    blockTypes[blockType] = (blockTypes[blockType] || 0) + 1
-    if ((block as Record<string, unknown>).triggerMode === true) {
-      triggerBlocks.push({
-        id: blockId,
-        name: String((block as Record<string, unknown>).name || blockType),
-        type: blockType,
-      })
-    }
-  }
-
-  return {
-    blockCount: Object.keys(blocks).length,
-    edgeCount: edges.length,
-    loopCount: Object.keys(workflowState.loops || {}).length,
-    parallelCount: Object.keys(workflowState.parallels || {}).length,
-    blockTypes,
-    triggerBlocks,
-  }
-}
-
-export function getAllKnownBlockTypes(): string[] {
-  return getAllBlockTypes()
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-verify.ts

@@ -1,194 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { validateWorkflowState } from '@/lib/workflows/sanitization/validation'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { hashWorkflowState, loadWorkflowStateFromDb } from './workflow-state'
-
-const logger = createLogger('WorkflowVerifyServerTool')
-
-const AcceptanceItemSchema = z.union([
-  z.string(),
-  z.object({
-    kind: z.string().optional(),
-    assert: z.string(),
-  }),
-])
-
-const WorkflowVerifyInputSchema = z
-  .object({
-    workflowId: z.string(),
-    acceptance: z.array(AcceptanceItemSchema).optional(),
-    baseSnapshotHash: z.string().optional(),
-  })
-  .strict()
-
-type WorkflowVerifyParams = z.infer<typeof WorkflowVerifyInputSchema>
-
-function normalizeName(value: string): string {
-  return value.trim().toLowerCase()
-}
-
-function resolveBlockToken(
-  workflowState: { blocks: Record<string, any> },
-  token: string
-): string | null {
-  if (!token) return null
-  if (workflowState.blocks[token]) return token
-  const normalized = normalizeName(token)
-  for (const [blockId, block] of Object.entries(workflowState.blocks || {})) {
-    const blockName = normalizeName(String((block as Record<string, unknown>).name || ''))
-    if (blockName === normalized) return blockId
-  }
-  return null
-}
-
-function hasPath(
-  workflowState: { edges: Array<Record<string, any>> },
-  blockPath: string[]
-): boolean {
-  if (blockPath.length < 2) return true
-  const adjacency = new Map<string, string[]>()
-  for (const edge of workflowState.edges || []) {
-    const source = String(edge.source || '')
-    const target = String(edge.target || '')
-    if (!source || !target) continue
-    const existing = adjacency.get(source) || []
-    existing.push(target)
-    adjacency.set(source, existing)
-  }
-
-  for (let i = 0; i < blockPath.length - 1; i++) {
-    const from = blockPath[i]
-    const to = blockPath[i + 1]
-    const next = adjacency.get(from) || []
-    if (!next.includes(to)) return false
-  }
-  return true
-}
-
-function evaluateAssertions(params: {
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-  }
-  assertions: string[]
-}): { failures: string[]; checks: Array<Record<string, any>> } {
-  const failures: string[] = []
-  const checks: Array<Record<string, any>> = []
-
-  for (const assertion of params.assertions) {
-    if (assertion.startsWith('block_exists:')) {
-      const token = assertion.slice('block_exists:'.length).trim()
-      const blockId = resolveBlockToken(params.workflowState, token)
-      const passed = Boolean(blockId)
-      checks.push({ assert: assertion, passed, resolvedBlockId: blockId || null })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    if (assertion.startsWith('trigger_exists:')) {
-      const triggerType = normalizeName(assertion.slice('trigger_exists:'.length))
-      const triggerBlock = Object.values(params.workflowState.blocks || {}).find((block: any) => {
-        if (block?.triggerMode !== true) return false
-        return normalizeName(String(block?.type || '')) === triggerType
-      })
-      const passed = Boolean(triggerBlock)
-      checks.push({ assert: assertion, passed })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    if (assertion.startsWith('path_exists:')) {
-      const rawPath = assertion.slice('path_exists:'.length).trim()
-      const tokens = rawPath
-        .split('->')
-        .map((token) => token.trim())
-        .filter(Boolean)
-      const resolvedPath = tokens
-        .map((token) => resolveBlockToken(params.workflowState, token))
-        .filter((value): value is string => Boolean(value))
-
-      const resolvedAll = resolvedPath.length === tokens.length
-      const passed = resolvedAll && hasPath(params.workflowState, resolvedPath)
-      checks.push({
-        assert: assertion,
-        passed,
-        resolvedPath,
-      })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    // Unknown assertion format - mark as warning failure for explicit visibility.
-    checks.push({ assert: assertion, passed: false, reason: 'unknown_assertion_type' })
-    failures.push(`Unknown assertion format: ${assertion}`)
-  }
-
-  return { failures, checks }
-}
-
-export const workflowVerifyServerTool: BaseServerTool<WorkflowVerifyParams, any> = {
-  name: 'workflow_verify',
-  inputSchema: WorkflowVerifyInputSchema,
-  async execute(params: WorkflowVerifyParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: params.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(params.workflowId)
-    const snapshotHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-    if (params.baseSnapshotHash && params.baseSnapshotHash !== snapshotHash) {
-      return {
-        success: false,
-        verified: false,
-        reason: 'snapshot_mismatch',
-        expected: params.baseSnapshotHash,
-        current: snapshotHash,
-      }
-    }
-
-    const validation = validateWorkflowState(workflowState as any, { sanitize: false })
-
-    const assertions = (params.acceptance || []).map((item) =>
-      typeof item === 'string' ? item : item.assert
-    )
-    const assertionResults = evaluateAssertions({
-      workflowState,
-      assertions,
-    })
-
-    const verified =
-      validation.valid && assertionResults.failures.length === 0 && validation.errors.length === 0
-
-    logger.info('Workflow verification complete', {
-      workflowId: params.workflowId,
-      verified,
-      errorCount: validation.errors.length,
-      warningCount: validation.warnings.length,
-      assertionFailures: assertionResults.failures.length,
-    })
-
-    return {
-      success: true,
-      verified,
-      snapshotHash,
-      validation: {
-        valid: validation.valid,
-        errors: validation.errors,
-        warnings: validation.warnings,
-      },
-      assertions: assertionResults.checks,
-      failures: assertionResults.failures,
-    }
-  },
-}

apps/sim/lib/execution/event-buffer.ts

@@ -0,0 +1,246 @@
+import { createLogger } from '@sim/logger'
+import { getRedisClient } from '@/lib/core/config/redis'
+import type { ExecutionEvent } from '@/lib/workflows/executor/execution-events'
+
+const logger = createLogger('ExecutionEventBuffer')
+
+const REDIS_PREFIX = 'execution:stream:'
+const TTL_SECONDS = 60 * 60 // 1 hour
+const EVENT_LIMIT = 1000
+const RESERVE_BATCH = 100
+const FLUSH_INTERVAL_MS = 15
+const FLUSH_MAX_BATCH = 200
+
+function getEventsKey(executionId: string) {
+  return `${REDIS_PREFIX}${executionId}:events`
+}
+
+function getSeqKey(executionId: string) {
+  return `${REDIS_PREFIX}${executionId}:seq`
+}
+
+function getMetaKey(executionId: string) {
+  return `${REDIS_PREFIX}${executionId}:meta`
+}
+
+export type ExecutionStreamStatus = 'active' | 'complete' | 'error' | 'cancelled'
+
+export interface ExecutionStreamMeta {
+  status: ExecutionStreamStatus
+  userId?: string
+  workflowId?: string
+  updatedAt?: string
+}
+
+export interface ExecutionEventEntry {
+  eventId: number
+  executionId: string
+  event: ExecutionEvent
+}
+
+export interface ExecutionEventWriter {
+  write: (event: ExecutionEvent) => Promise<ExecutionEventEntry>
+  flush: () => Promise<void>
+  close: () => Promise<void>
+}
+
+export async function setExecutionMeta(
+  executionId: string,
+  meta: Partial<ExecutionStreamMeta>
+): Promise<void> {
+  const redis = getRedisClient()
+  if (!redis) {
+    logger.warn('setExecutionMeta: Redis client unavailable', { executionId })
+    return
+  }
+  try {
+    const key = getMetaKey(executionId)
+    const payload: Record<string, string> = {
+      updatedAt: new Date().toISOString(),
+    }
+    if (meta.status) payload.status = meta.status
+    if (meta.userId) payload.userId = meta.userId
+    if (meta.workflowId) payload.workflowId = meta.workflowId
+    await redis.hset(key, payload)
+    await redis.expire(key, TTL_SECONDS)
+  } catch (error) {
+    logger.warn('Failed to update execution meta', {
+      executionId,
+      error: error instanceof Error ? error.message : String(error),
+    })
+  }
+}
+
+export async function getExecutionMeta(executionId: string): Promise<ExecutionStreamMeta | null> {
+  const redis = getRedisClient()
+  if (!redis) {
+    logger.warn('getExecutionMeta: Redis client unavailable', { executionId })
+    return null
+  }
+  try {
+    const key = getMetaKey(executionId)
+    const meta = await redis.hgetall(key)
+    if (!meta || Object.keys(meta).length === 0) return null
+    return meta as unknown as ExecutionStreamMeta
+  } catch (error) {
+    logger.warn('Failed to read execution meta', {
+      executionId,
+      error: error instanceof Error ? error.message : String(error),
+    })
+    return null
+  }
+}
+
+export async function readExecutionEvents(
+  executionId: string,
+  afterEventId: number
+): Promise<ExecutionEventEntry[]> {
+  const redis = getRedisClient()
+  if (!redis) return []
+  try {
+    const raw = await redis.zrangebyscore(getEventsKey(executionId), afterEventId + 1, '+inf')
+    return raw
+      .map((entry) => {
+        try {
+          return JSON.parse(entry) as ExecutionEventEntry
+        } catch {
+          return null
+        }
+      })
+      .filter((entry): entry is ExecutionEventEntry => Boolean(entry))
+  } catch (error) {
+    logger.warn('Failed to read execution events', {
+      executionId,
+      error: error instanceof Error ? error.message : String(error),
+    })
+    return []
+  }
+}
+
+export function createExecutionEventWriter(executionId: string): ExecutionEventWriter {
+  const redis = getRedisClient()
+  if (!redis) {
+    logger.warn(
+      'createExecutionEventWriter: Redis client unavailable, events will not be buffered',
+      {
+        executionId,
+      }
+    )
+    return {
+      write: async (event) => ({ eventId: 0, executionId, event }),
+      flush: async () => {},
+      close: async () => {},
+    }
+  }
+
+  let pending: ExecutionEventEntry[] = []
+  let nextEventId = 0
+  let maxReservedId = 0
+  let flushTimer: ReturnType<typeof setTimeout> | null = null
+
+  const scheduleFlush = () => {
+    if (flushTimer) return
+    flushTimer = setTimeout(() => {
+      flushTimer = null
+      void flush()
+    }, FLUSH_INTERVAL_MS)
+  }
+
+  const reserveIds = async (minCount: number) => {
+    const reserveCount = Math.max(RESERVE_BATCH, minCount)
+    const newMax = await redis.incrby(getSeqKey(executionId), reserveCount)
+    const startId = newMax - reserveCount + 1
+    if (nextEventId === 0 || nextEventId > maxReservedId) {
+      nextEventId = startId
+      maxReservedId = newMax
+    }
+  }
+
+  let flushPromise: Promise<void> | null = null
+  let closed = false
+  const inflightWrites = new Set<Promise<ExecutionEventEntry>>()
+
+  const doFlush = async () => {
+    if (pending.length === 0) return
+    const batch = pending
+    pending = []
+    try {
+      const key = getEventsKey(executionId)
+      const zaddArgs: (string | number)[] = []
+      for (const entry of batch) {
+        zaddArgs.push(entry.eventId, JSON.stringify(entry))
+      }
+      const pipeline = redis.pipeline()
+      pipeline.zadd(key, ...zaddArgs)
+      pipeline.expire(key, TTL_SECONDS)
+      pipeline.expire(getSeqKey(executionId), TTL_SECONDS)
+      pipeline.zremrangebyrank(key, 0, -EVENT_LIMIT - 1)
+      await pipeline.exec()
+    } catch (error) {
+      logger.warn('Failed to flush execution events', {
+        executionId,
+        batchSize: batch.length,
+        error: error instanceof Error ? error.message : String(error),
+        stack: error instanceof Error ? error.stack : undefined,
+      })
+      pending = batch.concat(pending)
+    }
+  }
+
+  const flush = async () => {
+    if (flushPromise) {
+      await flushPromise
+      return
+    }
+    flushPromise = doFlush()
+    try {
+      await flushPromise
+    } finally {
+      flushPromise = null
+      if (pending.length > 0) scheduleFlush()
+    }
+  }
+
+  const writeCore = async (event: ExecutionEvent): Promise<ExecutionEventEntry> => {
+    if (closed) return { eventId: 0, executionId, event }
+    if (nextEventId === 0 || nextEventId > maxReservedId) {
+      await reserveIds(1)
+    }
+    const eventId = nextEventId++
+    const entry: ExecutionEventEntry = { eventId, executionId, event }
+    pending.push(entry)
+    if (pending.length >= FLUSH_MAX_BATCH) {
+      await flush()
+    } else {
+      scheduleFlush()
+    }
+    return entry
+  }
+
+  const write = (event: ExecutionEvent): Promise<ExecutionEventEntry> => {
+    const p = writeCore(event)
+    inflightWrites.add(p)
+    const remove = () => inflightWrites.delete(p)
+    p.then(remove, remove)
+    return p
+  }
+
+  const close = async () => {
+    closed = true
+    if (flushTimer) {
+      clearTimeout(flushTimer)
+      flushTimer = null
+    }
+    if (inflightWrites.size > 0) {
+      await Promise.allSettled(inflightWrites)
+    }
+    if (flushPromise) {
+      await flushPromise
+    }
+    if (pending.length > 0) {
+      await doFlush()
+    }
+  }
+
+  return { write, flush, close }
+}

apps/sim/lib/workflows/comparison/compare.test.ts

@@ -2364,6 +2364,261 @@ describe('hasWorkflowChanged', () => {
     })
   })
 
+  describe('Trigger Config Normalization (False Positive Prevention)', () => {
+    it.concurrent(
+      'should not detect change when deployed has null fields but current has values from triggerConfig',
+      () => {
+        // Core scenario: deployed state has null individual fields, current state has
+        // values populated from triggerConfig at runtime by populateTriggerFieldsFromConfig
+        const deployedState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+                botToken: { id: 'botToken', type: 'short-input', value: null },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123', botToken: 'token456' },
+                },
+              },
+            }),
+          },
+        })
+
+        const currentState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
+                botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123', botToken: 'token456' },
+                },
+              },
+            }),
+          },
+        })
+
+        expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
+      }
+    )
+
+    it.concurrent(
+      'should detect change when user edits a trigger field to a different value',
+      () => {
+        const deployedState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'old-secret' },
+                },
+              },
+            }),
+          },
+        })
+
+        const currentState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: 'new-secret' },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'old-secret' },
+                },
+              },
+            }),
+          },
+        })
+
+        expect(hasWorkflowChanged(currentState, deployedState)).toBe(true)
+      }
+    )
+
+    it.concurrent('should not detect change when both sides have no triggerConfig', () => {
+      const deployedState = createWorkflowState({
+        blocks: {
+          block1: createBlock('block1', {
+            type: 'starter',
+            subBlocks: {
+              signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+            },
+          }),
+        },
+      })
+
+      const currentState = createWorkflowState({
+        blocks: {
+          block1: createBlock('block1', {
+            type: 'starter',
+            subBlocks: {
+              signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+            },
+          }),
+        },
+      })
+
+      expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
+    })
+
+    it.concurrent(
+      'should not detect change when deployed has empty fields and triggerConfig populates them',
+      () => {
+        // Empty string is also treated as "empty" by normalizeTriggerConfigValues
+        const deployedState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: '' },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123' },
+                },
+              },
+            }),
+          },
+        })
+
+        const currentState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123' },
+                },
+              },
+            }),
+          },
+        })
+
+        expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
+      }
+    )
+
+    it.concurrent('should not detect change when triggerId differs', () => {
+      const deployedState = createWorkflowState({
+        blocks: {
+          block1: createBlock('block1', {
+            type: 'starter',
+            subBlocks: {
+              model: { value: 'gpt-4' },
+              triggerId: { value: null },
+            },
+          }),
+        },
+      })
+
+      const currentState = createWorkflowState({
+        blocks: {
+          block1: createBlock('block1', {
+            type: 'starter',
+            subBlocks: {
+              model: { value: 'gpt-4' },
+              triggerId: { value: 'slack_webhook' },
+            },
+          }),
+        },
+      })
+
+      expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
+    })
+
+    it.concurrent(
+      'should not detect change for namespaced system subBlock IDs like samplePayload_slack_webhook',
+      () => {
+        const deployedState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                model: { value: 'gpt-4' },
+                samplePayload_slack_webhook: { value: 'old payload' },
+                triggerInstructions_slack_webhook: { value: 'old instructions' },
+              },
+            }),
+          },
+        })
+
+        const currentState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                model: { value: 'gpt-4' },
+                samplePayload_slack_webhook: { value: 'new payload' },
+                triggerInstructions_slack_webhook: { value: 'new instructions' },
+              },
+            }),
+          },
+        })
+
+        expect(hasWorkflowChanged(currentState, deployedState)).toBe(false)
+      }
+    )
+
+    it.concurrent(
+      'should handle mixed scenario: some fields from triggerConfig, some user-edited',
+      () => {
+        const deployedState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+                botToken: { id: 'botToken', type: 'short-input', value: null },
+                includeFiles: { id: 'includeFiles', type: 'switch', value: false },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123', botToken: 'token456' },
+                },
+              },
+            }),
+          },
+        })
+
+        const currentState = createWorkflowState({
+          blocks: {
+            block1: createBlock('block1', {
+              type: 'starter',
+              subBlocks: {
+                signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
+                botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
+                includeFiles: { id: 'includeFiles', type: 'switch', value: true },
+                triggerConfig: {
+                  id: 'triggerConfig',
+                  type: 'short-input',
+                  value: { signingSecret: 'secret123', botToken: 'token456' },
+                },
+              },
+            }),
+          },
+        })
+
+        // includeFiles changed from false to true — this IS a real change
+        expect(hasWorkflowChanged(currentState, deployedState)).toBe(true)
+      }
+    )
+  })
+
   describe('Trigger Runtime Metadata (Should Not Trigger Change)', () => {
     it.concurrent('should not detect change when webhookId differs', () => {
       const deployedState = createWorkflowState({

apps/sim/lib/workflows/comparison/compare.ts

@@ -9,6 +9,7 @@ import {
   normalizeLoop,
   normalizeParallel,
   normalizeSubBlockValue,
+  normalizeTriggerConfigValues,
   normalizeValue,
   normalizeVariables,
   sanitizeVariable,
@@ -172,14 +173,18 @@ export function generateWorkflowDiffSummary(
       }
     }
 
+    // Normalize trigger config values for both states before comparison
+    const normalizedCurrentSubs = normalizeTriggerConfigValues(currentSubBlocks)
+    const normalizedPreviousSubs = normalizeTriggerConfigValues(previousSubBlocks)
+
     // Compare subBlocks using shared helper for filtering (single source of truth)
     const allSubBlockIds = filterSubBlockIds([
-      ...new Set([...Object.keys(currentSubBlocks), ...Object.keys(previousSubBlocks)]),
+      ...new Set([...Object.keys(normalizedCurrentSubs), ...Object.keys(normalizedPreviousSubs)]),
     ])
 
     for (const subId of allSubBlockIds) {
-      const currentSub = currentSubBlocks[subId] as Record<string, unknown> | undefined
-      const previousSub = previousSubBlocks[subId] as Record<string, unknown> | undefined
+      const currentSub = normalizedCurrentSubs[subId] as Record<string, unknown> | undefined
+      const previousSub = normalizedPreviousSubs[subId] as Record<string, unknown> | undefined
 
       if (!currentSub || !previousSub) {
         changes.push({

apps/sim/lib/workflows/comparison/normalize.test.ts

@@ -4,10 +4,12 @@
 import { describe, expect, it } from 'vitest'
 import type { Loop, Parallel } from '@/stores/workflows/workflow/types'
 import {
+  filterSubBlockIds,
   normalizedStringify,
   normalizeEdge,
   normalizeLoop,
   normalizeParallel,
+  normalizeTriggerConfigValues,
   normalizeValue,
   sanitizeInputFormat,
   sanitizeTools,
@@ -584,4 +586,214 @@ describe('Workflow Normalization Utilities', () => {
       expect(result2).toBe(result3)
     })
   })
+
+  describe('filterSubBlockIds', () => {
+    it.concurrent('should exclude exact SYSTEM_SUBBLOCK_IDS', () => {
+      const ids = ['signingSecret', 'samplePayload', 'triggerInstructions', 'botToken']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['botToken', 'signingSecret'])
+    })
+
+    it.concurrent('should exclude namespaced SYSTEM_SUBBLOCK_IDS (prefix matching)', () => {
+      const ids = [
+        'signingSecret',
+        'samplePayload_slack_webhook',
+        'triggerInstructions_slack_webhook',
+        'webhookUrlDisplay_slack_webhook',
+        'botToken',
+      ]
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['botToken', 'signingSecret'])
+    })
+
+    it.concurrent('should exclude exact TRIGGER_RUNTIME_SUBBLOCK_IDS', () => {
+      const ids = ['webhookId', 'triggerPath', 'triggerConfig', 'triggerId', 'signingSecret']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['signingSecret'])
+    })
+
+    it.concurrent('should not exclude IDs that merely contain a system ID substring', () => {
+      const ids = ['mySamplePayload', 'notSamplePayload']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['mySamplePayload', 'notSamplePayload'])
+    })
+
+    it.concurrent('should return sorted results', () => {
+      const ids = ['zebra', 'alpha', 'middle']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['alpha', 'middle', 'zebra'])
+    })
+
+    it.concurrent('should handle empty array', () => {
+      expect(filterSubBlockIds([])).toEqual([])
+    })
+
+    it.concurrent('should handle all IDs being excluded', () => {
+      const ids = ['webhookId', 'triggerPath', 'samplePayload', 'triggerConfig']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual([])
+    })
+
+    it.concurrent('should exclude setupScript and scheduleInfo namespaced variants', () => {
+      const ids = ['setupScript_google_sheets_row', 'scheduleInfo_cron_trigger', 'realField']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['realField'])
+    })
+
+    it.concurrent('should exclude triggerCredentials namespaced variants', () => {
+      const ids = ['triggerCredentials_slack_webhook', 'signingSecret']
+      const result = filterSubBlockIds(ids)
+      expect(result).toEqual(['signingSecret'])
+    })
+  })
+
+  describe('normalizeTriggerConfigValues', () => {
+    it.concurrent('should return subBlocks unchanged when no triggerConfig exists', () => {
+      const subBlocks = {
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: 'secret123' },
+        botToken: { id: 'botToken', type: 'short-input', value: 'token456' },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect(result).toEqual(subBlocks)
+    })
+
+    it.concurrent('should return subBlocks unchanged when triggerConfig value is null', () => {
+      const subBlocks = {
+        triggerConfig: { id: 'triggerConfig', type: 'short-input', value: null },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect(result).toEqual(subBlocks)
+    })
+
+    it.concurrent(
+      'should return subBlocks unchanged when triggerConfig value is not an object',
+      () => {
+        const subBlocks = {
+          triggerConfig: { id: 'triggerConfig', type: 'short-input', value: 'string-value' },
+          signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+        }
+        const result = normalizeTriggerConfigValues(subBlocks)
+        expect(result).toEqual(subBlocks)
+      }
+    )
+
+    it.concurrent('should populate null individual fields from triggerConfig', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'secret123', botToken: 'token456' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+        botToken: { id: 'botToken', type: 'short-input', value: null },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
+      expect((result.botToken as Record<string, unknown>).value).toBe('token456')
+    })
+
+    it.concurrent('should populate undefined individual fields from triggerConfig', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'secret123' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: undefined },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
+    })
+
+    it.concurrent('should populate empty string individual fields from triggerConfig', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'secret123' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: '' },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect((result.signingSecret as Record<string, unknown>).value).toBe('secret123')
+    })
+
+    it.concurrent('should NOT overwrite existing non-empty individual field values', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'old-secret' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: 'user-edited-secret' },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect((result.signingSecret as Record<string, unknown>).value).toBe('user-edited-secret')
+    })
+
+    it.concurrent('should skip triggerConfig fields that are null/undefined', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: null, botToken: undefined },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+        botToken: { id: 'botToken', type: 'short-input', value: null },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect((result.signingSecret as Record<string, unknown>).value).toBe(null)
+      expect((result.botToken as Record<string, unknown>).value).toBe(null)
+    })
+
+    it.concurrent('should skip fields from triggerConfig that have no matching subBlock', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { nonExistentField: 'value123' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      expect(result.nonExistentField).toBeUndefined()
+      expect((result.signingSecret as Record<string, unknown>).value).toBe(null)
+    })
+
+    it.concurrent('should not mutate the original subBlocks object', () => {
+      const original = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'secret123' },
+        },
+        signingSecret: { id: 'signingSecret', type: 'short-input', value: null },
+      }
+      normalizeTriggerConfigValues(original)
+      expect((original.signingSecret as Record<string, unknown>).value).toBe(null)
+    })
+
+    it.concurrent('should preserve other subBlock properties when populating value', () => {
+      const subBlocks = {
+        triggerConfig: {
+          id: 'triggerConfig',
+          type: 'short-input',
+          value: { signingSecret: 'secret123' },
+        },
+        signingSecret: {
+          id: 'signingSecret',
+          type: 'short-input',
+          value: null,
+          placeholder: 'Enter signing secret',
+        },
+      }
+      const result = normalizeTriggerConfigValues(subBlocks)
+      const normalized = result.signingSecret as Record<string, unknown>
+      expect(normalized.value).toBe('secret123')
+      expect(normalized.id).toBe('signingSecret')
+      expect(normalized.type).toBe('short-input')
+      expect(normalized.placeholder).toBe('Enter signing secret')
+    })
+  })
 })

apps/sim/lib/workflows/comparison/normalize.ts

@@ -418,10 +418,48 @@ export function extractBlockFieldsForComparison(block: BlockState): ExtractedBlo
  */
 export function filterSubBlockIds(subBlockIds: string[]): string[] {
   return subBlockIds
-    .filter((id) => !SYSTEM_SUBBLOCK_IDS.includes(id) && !TRIGGER_RUNTIME_SUBBLOCK_IDS.includes(id))
+    .filter((id) => {
+      if (TRIGGER_RUNTIME_SUBBLOCK_IDS.includes(id)) return false
+      if (SYSTEM_SUBBLOCK_IDS.some((sysId) => id === sysId || id.startsWith(`${sysId}_`)))
+        return false
+      return true
+    })
     .sort()
 }
 
+/**
+ * Normalizes trigger block subBlocks by populating null/empty individual fields
+ * from the triggerConfig aggregate subBlock. This compensates for the runtime
+ * population done by populateTriggerFieldsFromConfig, ensuring consistent
+ * comparison between client state (with populated values) and deployed state
+ * (with null values from DB).
+ */
+export function normalizeTriggerConfigValues(
+  subBlocks: Record<string, unknown>
+): Record<string, unknown> {
+  const triggerConfigSub = subBlocks.triggerConfig as Record<string, unknown> | undefined
+  const triggerConfigValue = triggerConfigSub?.value
+  if (!triggerConfigValue || typeof triggerConfigValue !== 'object') {
+    return subBlocks
+  }
+
+  const result = { ...subBlocks }
+  for (const [fieldId, configValue] of Object.entries(
+    triggerConfigValue as Record<string, unknown>
+  )) {
+    if (configValue === null || configValue === undefined) continue
+    const existingSub = result[fieldId] as Record<string, unknown> | undefined
+    if (
+      existingSub &&
+      (existingSub.value === null || existingSub.value === undefined || existingSub.value === '')
+    ) {
+      result[fieldId] = { ...existingSub, value: configValue }
+    }
+  }
+
+  return result
+}
+
 /**
  * Normalizes a subBlock value with sanitization for specific subBlock types.
  * Sanitizes: tools (removes isExpanded), inputFormat (removes collapsed)

apps/sim/proxy.ts

@@ -137,6 +137,37 @@ function handleSecurityFiltering(request: NextRequest): NextResponse | null {
   return null
 }
 
+const UTM_KEYS = ['utm_source', 'utm_medium', 'utm_campaign', 'utm_content'] as const
+const UTM_COOKIE_NAME = 'sim_utm'
+const UTM_COOKIE_MAX_AGE = 3600
+
+/**
+ * Sets a `sim_utm` cookie when UTM params are present on auth pages.
+ * Captures UTM values, the HTTP Referer, landing page, and a timestamp
+ * used by the attribution API to verify the user signed up after visiting the link.
+ */
+function setUtmCookie(request: NextRequest, response: NextResponse): void {
+  const { searchParams, pathname } = request.nextUrl
+  const hasUtm = UTM_KEYS.some((key) => searchParams.get(key))
+  if (!hasUtm) return
+
+  const utmData: Record<string, string> = {}
+  for (const key of UTM_KEYS) {
+    const value = searchParams.get(key)
+    if (value) utmData[key] = value
+  }
+  utmData.referrer_url = request.headers.get('referer') || ''
+  utmData.landing_page = pathname
+  utmData.created_at = Date.now().toString()
+
+  response.cookies.set(UTM_COOKIE_NAME, JSON.stringify(utmData), {
+    path: '/',
+    maxAge: UTM_COOKIE_MAX_AGE,
+    sameSite: 'lax',
+    httpOnly: false, // Client-side hook needs to detect cookie presence
+  })
+}
+
 export async function proxy(request: NextRequest) {
   const url = request.nextUrl
 
@@ -152,6 +183,7 @@ export async function proxy(request: NextRequest) {
     }
     const response = NextResponse.next()
     response.headers.set('Content-Security-Policy', generateRuntimeCSP())
+    setUtmCookie(request, response)
     return response
   }
 

apps/sim/stores/execution/store.ts

@@ -129,6 +129,18 @@ export const useExecutionStore = create<ExecutionState & ExecutionActions>()((se
     })
   },
 
+  setCurrentExecutionId: (workflowId, executionId) => {
+    set({
+      workflowExecutions: updatedMap(get().workflowExecutions, workflowId, {
+        currentExecutionId: executionId,
+      }),
+    })
+  },
+
+  getCurrentExecutionId: (workflowId) => {
+    return getOrCreate(get().workflowExecutions, workflowId).currentExecutionId
+  },
+
   clearRunPath: (workflowId) => {
     set({
       workflowExecutions: updatedMap(get().workflowExecutions, workflowId, {

apps/sim/stores/execution/types.ts

@@ -35,6 +35,8 @@ export interface WorkflowExecutionState {
   lastRunPath: Map<string, BlockRunStatus>
   /** Maps edge IDs to their run result from the last execution */
   lastRunEdges: Map<string, EdgeRunStatus>
+  /** The execution ID of the currently running execution */
+  currentExecutionId: string | null
 }
 
 /**
@@ -54,6 +56,7 @@ export const defaultWorkflowExecutionState: WorkflowExecutionState = {
   debugContext: null,
   lastRunPath: new Map(),
   lastRunEdges: new Map(),
+  currentExecutionId: null,
 }
 
 /**
@@ -96,6 +99,10 @@ export interface ExecutionActions {
   setEdgeRunStatus: (workflowId: string, edgeId: string, status: EdgeRunStatus) => void
   /** Clears the run path and run edges for a workflow */
   clearRunPath: (workflowId: string) => void
+  /** Stores the current execution ID for a workflow */
+  setCurrentExecutionId: (workflowId: string, executionId: string | null) => void
+  /** Returns the current execution ID for a workflow */
+  getCurrentExecutionId: (workflowId: string) => string | null
   /** Resets the entire store to its initial empty state */
   reset: () => void
   /** Stores a serializable execution snapshot for a workflow */

apps/sim/stores/panel/copilot/store.ts

@@ -18,6 +18,7 @@ import {
 import { flushStreamingUpdates, stopStreamingUpdates } from '@/lib/copilot/client-sse/handlers'
 import type { ClientContentBlock, ClientStreamingContext } from '@/lib/copilot/client-sse/types'
 import {
+  COPILOT_AUTO_ALLOWED_TOOLS_API_PATH,
   COPILOT_CHAT_API_PATH,
   COPILOT_CHAT_STREAM_API_PATH,
   COPILOT_CHECKPOINTS_API_PATH,
@@ -83,15 +84,6 @@ function isPageUnloading(): boolean {
   return _isPageUnloading
 }
 
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
 function readActiveStreamFromStorage(): CopilotStreamInfo | null {
   if (typeof window === 'undefined') return null
   try {
@@ -148,6 +140,41 @@ function updateActiveStreamEventId(
   writeActiveStreamToStorage(next)
 }
 
+const AUTO_ALLOWED_TOOLS_STORAGE_KEY = 'copilot_auto_allowed_tools'
+
+function readAutoAllowedToolsFromStorage(): string[] | null {
+  if (typeof window === 'undefined') return null
+  try {
+    const raw = window.localStorage.getItem(AUTO_ALLOWED_TOOLS_STORAGE_KEY)
+    if (!raw) return null
+    const parsed = JSON.parse(raw)
+    if (!Array.isArray(parsed)) return null
+    return parsed.filter((item): item is string => typeof item === 'string')
+  } catch (error) {
+    logger.warn('[AutoAllowedTools] Failed to read local cache', {
+      error: error instanceof Error ? error.message : String(error),
+    })
+    return null
+  }
+}
+
+function writeAutoAllowedToolsToStorage(tools: string[]): void {
+  if (typeof window === 'undefined') return
+  try {
+    window.localStorage.setItem(AUTO_ALLOWED_TOOLS_STORAGE_KEY, JSON.stringify(tools))
+  } catch (error) {
+    logger.warn('[AutoAllowedTools] Failed to write local cache', {
+      error: error instanceof Error ? error.message : String(error),
+    })
+  }
+}
+
+function isToolAutoAllowedByList(toolId: string, autoAllowedTools: string[]): boolean {
+  if (!toolId) return false
+  const normalizedTarget = toolId.trim()
+  return autoAllowedTools.some((allowed) => allowed?.trim() === normalizedTarget)
+}
+
 /**
  * Clear any lingering diff preview from a previous session.
  * Called lazily when the store is first activated (setWorkflowId).
@@ -453,6 +480,11 @@ function prepareSendContext(
     .catch((err) => {
       logger.warn('[Copilot] Failed to load sensitive credential IDs', err)
     })
+  get()
+    .loadAutoAllowedTools()
+    .catch((err) => {
+      logger.warn('[Copilot] Failed to load auto-allowed tools', err)
+    })
 
   let newMessages: CopilotMessage[]
   if (revertState) {
@@ -1005,6 +1037,8 @@ async function resumeFromLiveStream(
   return false
 }
 
+const cachedAutoAllowedTools = readAutoAllowedToolsFromStorage()
+
 // Initial state (subset required for UI/streaming)
 const initialState = {
   mode: 'build' as const,
@@ -1039,6 +1073,8 @@ const initialState = {
   streamingPlanContent: '',
   toolCallsById: {} as Record<string, CopilotToolCall>,
   suppressAutoSelect: false,
+  autoAllowedTools: cachedAutoAllowedTools ?? ([] as string[]),
+  autoAllowedToolsLoaded: cachedAutoAllowedTools !== null,
   activeStream: null as CopilotStreamInfo | null,
   messageQueue: [] as import('./types').QueuedMessage[],
   suppressAbortContinueOption: false,
@@ -1077,6 +1113,8 @@ export const useCopilotStore = create<CopilotStore>()(
         agentPrefetch: get().agentPrefetch,
         availableModels: get().availableModels,
         isLoadingModels: get().isLoadingModels,
+        autoAllowedTools: get().autoAllowedTools,
+        autoAllowedToolsLoaded: get().autoAllowedToolsLoaded,
       })
     },
 
@@ -1391,6 +1429,16 @@ export const useCopilotStore = create<CopilotStore>()(
 
     // Send a message (streaming only)
     sendMessage: async (message: string, options = {}) => {
+      if (!get().autoAllowedToolsLoaded) {
+        try {
+          await get().loadAutoAllowedTools()
+        } catch (error) {
+          logger.warn('[Copilot] Failed to preload auto-allowed tools before send', {
+            error: error instanceof Error ? error.message : String(error),
+          })
+        }
+      }
+
       const prepared = prepareSendContext(get, set, message, options as SendMessageOptionsInput)
       if (!prepared) return
 
@@ -1657,7 +1705,7 @@ export const useCopilotStore = create<CopilotStore>()(
             const b = blocks[bi]
             if (b?.type === 'tool_call') {
               const tn = b.toolCall?.name
-              if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+              if (tn === 'edit_workflow') {
                 id = b.toolCall?.id
                 break outer
               }
@@ -1666,9 +1714,7 @@ export const useCopilotStore = create<CopilotStore>()(
         }
         // Fallback to map if not found in messages
         if (!id) {
-          const candidates = Object.values(toolCallsById).filter((t) =>
-            isWorkflowEditToolCall(t.name, t.params)
-          )
+          const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
           id = candidates.length ? candidates[candidates.length - 1].id : undefined
         }
       }
@@ -2361,6 +2407,74 @@ export const useCopilotStore = create<CopilotStore>()(
       }
     },
 
+    loadAutoAllowedTools: async () => {
+      try {
+        logger.debug('[AutoAllowedTools] Loading from API...')
+        const res = await fetch(COPILOT_AUTO_ALLOWED_TOOLS_API_PATH)
+        logger.debug('[AutoAllowedTools] Load response', { status: res.status, ok: res.ok })
+        if (res.ok) {
+          const data = await res.json()
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Loaded successfully', { count: tools.length, tools })
+        } else {
+          set({ autoAllowedToolsLoaded: true })
+          logger.warn('[AutoAllowedTools] Load failed with status', { status: res.status })
+        }
+      } catch (err) {
+        set({ autoAllowedToolsLoaded: true })
+        logger.error('[AutoAllowedTools] Failed to load', { error: err })
+      }
+    },
+
+    addAutoAllowedTool: async (toolId: string) => {
+      try {
+        logger.debug('[AutoAllowedTools] Adding tool...', { toolId })
+        const res = await fetch(COPILOT_AUTO_ALLOWED_TOOLS_API_PATH, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ toolId }),
+        })
+        logger.debug('[AutoAllowedTools] API response', { toolId, status: res.status, ok: res.ok })
+        if (res.ok) {
+          const data = await res.json()
+          logger.debug('[AutoAllowedTools] API returned', { toolId, tools: data.autoAllowedTools })
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Added tool to store', { toolId })
+        }
+      } catch (err) {
+        logger.error('[AutoAllowedTools] Failed to add tool', { toolId, error: err })
+      }
+    },
+
+    removeAutoAllowedTool: async (toolId: string) => {
+      try {
+        const res = await fetch(
+          `${COPILOT_AUTO_ALLOWED_TOOLS_API_PATH}?toolId=${encodeURIComponent(toolId)}`,
+          {
+            method: 'DELETE',
+          }
+        )
+        if (res.ok) {
+          const data = await res.json()
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Removed tool', { toolId })
+        }
+      } catch (err) {
+        logger.error('[AutoAllowedTools] Failed to remove tool', { toolId, error: err })
+      }
+    },
+
+    isToolAutoAllowed: (toolId: string) => {
+      const { autoAllowedTools } = get()
+      return isToolAutoAllowedByList(toolId, autoAllowedTools)
+    },
+
     // Credential masking
     loadSensitiveCredentialIds: async () => {
       try {

apps/sim/stores/panel/copilot/types.ts

@@ -26,26 +26,6 @@ export interface CopilotToolCall {
   params?: Record<string, unknown>
   input?: Record<string, unknown>
   display?: ClientToolDisplay
-  /** Server-provided UI contract for this tool call phase */
-  ui?: {
-    title?: string
-    phaseLabel?: string
-    icon?: string
-    showInterrupt?: boolean
-    showRemember?: boolean
-    autoAllowed?: boolean
-    actions?: Array<{
-      id: string
-      label: string
-      kind: 'accept' | 'reject'
-      remember?: boolean
-    }>
-  }
-  /** Server-provided execution routing contract */
-  execution?: {
-    target?: 'go' | 'go_subagent' | 'sim_server' | 'sim_client_capability' | string
-    capabilityId?: string
-  }
   /** Content streamed from a subagent (e.g., debug agent) */
   subAgentContent?: string
   /** Tool calls made by the subagent */
@@ -187,6 +167,10 @@ export interface CopilotState {
 
   // Per-message metadata captured at send-time for reliable stats
 
+  // Auto-allowed integration tools (tools that can run without confirmation)
+  autoAllowedTools: string[]
+  autoAllowedToolsLoaded: boolean
+
   // Active stream metadata for reconnect/replay
   activeStream: CopilotStreamInfo | null
 
@@ -263,6 +247,11 @@ export interface CopilotActions {
     abortSignal?: AbortSignal
   ) => Promise<void>
   handleNewChatCreation: (newChatId: string) => Promise<void>
+  loadAutoAllowedTools: () => Promise<void>
+  addAutoAllowedTool: (toolId: string) => Promise<void>
+  removeAutoAllowedTool: (toolId: string) => Promise<void>
+  isToolAutoAllowed: (toolId: string) => boolean
+
   // Credential masking
   loadSensitiveCredentialIds: () => Promise<void>
   maskCredentialValue: (value: string) => string

apps/sim/stores/terminal/console/store.ts

@@ -224,7 +224,7 @@ export const useTerminalConsoleStore = create<ConsoleStore>()(
 
           const newEntry = get().entries[0]
 
-          if (newEntry?.error) {
+          if (newEntry?.error && newEntry.blockType !== 'cancelled') {
             notifyBlockError({
               error: newEntry.error,
               blockName: newEntry.blockName || 'Unknown Block',
@@ -243,6 +243,11 @@ export const useTerminalConsoleStore = create<ConsoleStore>()(
           useExecutionStore.getState().clearRunPath(workflowId)
         },
 
+        clearExecutionEntries: (executionId: string) =>
+          set((state) => ({
+            entries: state.entries.filter((e) => e.executionId !== executionId),
+          })),
+
         exportConsoleCSV: (workflowId: string) => {
           const entries = get().entries.filter((entry) => entry.workflowId === workflowId)
 
@@ -470,12 +475,24 @@ export const useTerminalConsoleStore = create<ConsoleStore>()(
         },
         merge: (persistedState, currentState) => {
           const persisted = persistedState as Partial<ConsoleStore> | undefined
-          const entries = (persisted?.entries ?? currentState.entries).map((entry, index) => {
+          const rawEntries = persisted?.entries ?? currentState.entries
+          const oneHourAgo = Date.now() - 60 * 60 * 1000
+
+          const entries = rawEntries.map((entry, index) => {
+            let updated = entry
             if (entry.executionOrder === undefined) {
-              return { ...entry, executionOrder: index + 1 }
+              updated = { ...updated, executionOrder: index + 1 }
             }
-            return entry
+            if (
+              entry.isRunning &&
+              entry.startedAt &&
+              new Date(entry.startedAt).getTime() < oneHourAgo
+            ) {
+              updated = { ...updated, isRunning: false }
+            }
+            return updated
           })
+
           return {
             ...currentState,
             entries,

apps/sim/stores/terminal/console/types.ts

@@ -51,6 +51,7 @@ export interface ConsoleStore {
   isOpen: boolean
   addConsole: (entry: Omit<ConsoleEntry, 'id' | 'timestamp'>) => ConsoleEntry
   clearWorkflowConsole: (workflowId: string) => void
+  clearExecutionEntries: (executionId: string) => void
   exportConsoleCSV: (workflowId: string) => void
   getWorkflowEntries: (workflowId: string) => ConsoleEntry[]
   toggleConsole: () => void

apps/sim/stores/workflow-diff/store.ts

@@ -15,7 +15,7 @@ import {
   captureBaselineSnapshot,
   cloneWorkflowState,
   createBatchedUpdater,
-  findLatestWorkflowEditToolCallId,
+  findLatestEditWorkflowToolCallId,
   getLatestUserMessageId,
   persistWorkflowStateToServer,
 } from './utils'
@@ -334,7 +334,7 @@ export const useWorkflowDiffStore = create<WorkflowDiffState & WorkflowDiffActio
             })
           }
 
-          findLatestWorkflowEditToolCallId().then((toolCallId) => {
+          findLatestEditWorkflowToolCallId().then((toolCallId) => {
             if (toolCallId) {
               import('@/stores/panel/copilot/store')
                 .then(({ useCopilotStore }) => {
@@ -439,7 +439,7 @@ export const useWorkflowDiffStore = create<WorkflowDiffState & WorkflowDiffActio
             })
           }
 
-          findLatestWorkflowEditToolCallId().then((toolCallId) => {
+          findLatestEditWorkflowToolCallId().then((toolCallId) => {
             if (toolCallId) {
               import('@/stores/panel/copilot/store')
                 .then(({ useCopilotStore }) => {

apps/sim/stores/workflow-diff/utils.ts

@@ -126,21 +126,6 @@ export async function getLatestUserMessageId(): Promise<string | null> {
 }
 
 export async function findLatestEditWorkflowToolCallId(): Promise<string | undefined> {
-  return findLatestWorkflowEditToolCallId()
-}
-
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-
-  // Be permissive for legacy/incomplete events: apply calls always include proposalId.
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
-export async function findLatestWorkflowEditToolCallId(): Promise<string | undefined> {
   try {
     const { useCopilotStore } = await import('@/stores/panel/copilot/store')
     const { messages, toolCallsById } = useCopilotStore.getState()
@@ -149,22 +134,17 @@ export async function findLatestWorkflowEditToolCallId(): Promise<string | undef
       const message = messages[mi]
       if (message.role !== 'assistant' || !message.contentBlocks) continue
       for (const block of message.contentBlocks) {
-        if (
-          block?.type === 'tool_call' &&
-          isWorkflowEditToolCall(block.toolCall?.name, block.toolCall?.params)
-        ) {
+        if (block?.type === 'tool_call' && block.toolCall?.name === 'edit_workflow') {
           return block.toolCall?.id
         }
       }
     }
 
-    const fallback = Object.values(toolCallsById).filter((call) =>
-      isWorkflowEditToolCall(call.name, call.params)
-    )
+    const fallback = Object.values(toolCallsById).filter((call) => call.name === 'edit_workflow')
 
     return fallback.length ? fallback[fallback.length - 1].id : undefined
   } catch (error) {
-    logger.warn('Failed to resolve workflow edit tool call id', { error })
+    logger.warn('Failed to resolve edit_workflow tool call id', { error })
     return undefined
   }
 }

apps/sim/triggers/constants.ts

@@ -23,7 +23,12 @@ export const SYSTEM_SUBBLOCK_IDS: string[] = [
  * with default values from the trigger definition on load, which aren't present in
  * the deployed state, causing false positive change detection.
  */
-export const TRIGGER_RUNTIME_SUBBLOCK_IDS: string[] = ['webhookId', 'triggerPath', 'triggerConfig']
+export const TRIGGER_RUNTIME_SUBBLOCK_IDS: string[] = [
+  'webhookId',
+  'triggerPath',
+  'triggerConfig',
+  'triggerId',
+]
 
 /**
  * Maximum number of consecutive failures before a trigger (schedule/webhook) is auto-disabled.

packages/db/migrations/0154_bumpy_living_mummy.sql

@@ -0,0 +1,41 @@
+CREATE TABLE "referral_attribution" (
+	"id" text PRIMARY KEY NOT NULL,
+	"user_id" text NOT NULL,
+	"organization_id" text,
+	"campaign_id" text,
+	"utm_source" text,
+	"utm_medium" text,
+	"utm_campaign" text,
+	"utm_content" text,
+	"referrer_url" text,
+	"landing_page" text,
+	"bonus_credit_amount" numeric DEFAULT '0' NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "referral_attribution_user_id_unique" UNIQUE("user_id")
+);
+--> statement-breakpoint
+CREATE TABLE "referral_campaigns" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"code" text,
+	"utm_source" text,
+	"utm_medium" text,
+	"utm_campaign" text,
+	"utm_content" text,
+	"bonus_credit_amount" numeric NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "referral_campaigns_code_unique" UNIQUE("code")
+);
+--> statement-breakpoint
+ALTER TABLE "referral_attribution" ADD CONSTRAINT "referral_attribution_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "referral_attribution" ADD CONSTRAINT "referral_attribution_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "referral_attribution" ADD CONSTRAINT "referral_attribution_campaign_id_referral_campaigns_id_fk" FOREIGN KEY ("campaign_id") REFERENCES "public"."referral_campaigns"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "referral_attribution_user_id_idx" ON "referral_attribution" USING btree ("user_id");--> statement-breakpoint
+CREATE UNIQUE INDEX "referral_attribution_org_unique_idx" ON "referral_attribution" USING btree ("organization_id") WHERE "referral_attribution"."organization_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "referral_attribution_campaign_id_idx" ON "referral_attribution" USING btree ("campaign_id");--> statement-breakpoint
+CREATE INDEX "referral_attribution_utm_campaign_idx" ON "referral_attribution" USING btree ("utm_campaign");--> statement-breakpoint
+CREATE INDEX "referral_attribution_utm_content_idx" ON "referral_attribution" USING btree ("utm_content");--> statement-breakpoint
+CREATE INDEX "referral_attribution_created_at_idx" ON "referral_attribution" USING btree ("created_at");--> statement-breakpoint
+CREATE INDEX "referral_campaigns_active_idx" ON "referral_campaigns" USING btree ("is_active");

packages/db/migrations/meta/_journal.json

@@ -1072,6 +1072,13 @@
       "when": 1770410282842,
       "tag": "0153_complete_arclight",
       "breakpoints": true
+    },
+    {
+      "idx": 154,
+      "version": "7",
+      "when": 1770869658697,
+      "tag": "0154_bumpy_living_mummy",
+      "breakpoints": true
     }
   ]
 }

packages/db/schema.ts

@@ -726,6 +726,61 @@ export const userStats = pgTable('user_stats', {
   billingBlockedReason: billingBlockedReasonEnum('billing_blocked_reason'),
 })
 
+export const referralCampaigns = pgTable(
+  'referral_campaigns',
+  {
+    id: text('id').primaryKey(),
+    name: text('name').notNull(),
+    code: text('code').unique(),
+    utmSource: text('utm_source'),
+    utmMedium: text('utm_medium'),
+    utmCampaign: text('utm_campaign'),
+    utmContent: text('utm_content'),
+    bonusCreditAmount: decimal('bonus_credit_amount').notNull(),
+    isActive: boolean('is_active').notNull().default(true),
+    createdAt: timestamp('created_at').notNull().defaultNow(),
+    updatedAt: timestamp('updated_at').notNull().defaultNow(),
+  },
+  (table) => ({
+    activeIdx: index('referral_campaigns_active_idx').on(table.isActive),
+  })
+)
+
+export const referralAttribution = pgTable(
+  'referral_attribution',
+  {
+    id: text('id').primaryKey(),
+    userId: text('user_id')
+      .notNull()
+      .references(() => user.id, { onDelete: 'cascade' })
+      .unique(),
+    organizationId: text('organization_id').references(() => organization.id, {
+      onDelete: 'set null',
+    }),
+    campaignId: text('campaign_id').references(() => referralCampaigns.id, {
+      onDelete: 'set null',
+    }),
+    utmSource: text('utm_source'),
+    utmMedium: text('utm_medium'),
+    utmCampaign: text('utm_campaign'),
+    utmContent: text('utm_content'),
+    referrerUrl: text('referrer_url'),
+    landingPage: text('landing_page'),
+    bonusCreditAmount: decimal('bonus_credit_amount').notNull().default('0'),
+    createdAt: timestamp('created_at').notNull().defaultNow(),
+  },
+  (table) => ({
+    userIdIdx: index('referral_attribution_user_id_idx').on(table.userId),
+    orgUniqueIdx: uniqueIndex('referral_attribution_org_unique_idx')
+      .on(table.organizationId)
+      .where(sql`${table.organizationId} IS NOT NULL`),
+    campaignIdIdx: index('referral_attribution_campaign_id_idx').on(table.campaignId),
+    utmCampaignIdx: index('referral_attribution_utm_campaign_idx').on(table.utmCampaign),
+    utmContentIdx: index('referral_attribution_utm_content_idx').on(table.utmContent),
+    createdAtIdx: index('referral_attribution_created_at_idx').on(table.createdAt),
+  })
+)
+
 export const customTools = pgTable(
   'custom_tools',
   {