v0.5.88: interactions api for gemini, trigger machine size increase, confluence ops

* fix(subflows): tag dropdown + resolution logic (#2949)

* fix(subflows): tag dropdown + resolution logic

* fixes;

* revert parallel change

* chore(deps): bump posthog-js to 1.334.1 (#2948)

* fix(idempotency): add conflict target to atomicallyClaimDb query + remove redundant db namespace tracking (#2950)

* fix(idempotency): add conflict target to atomicallyClaimDb query

* delete needs to account for namespace

* simplify namespace filtering logic

* fix cleanup

* consistent target

* improvement(kb): add document filtering, select all, and React Query migration (#2951)

* improvement(kb): add document filtering, select all, and React Query migration

* test(kb): update tests for enabledFilter and removed userId params

* fix(kb): remove non-null assertion, add explicit guard

* improvement(logs): trace span, details (#2952)

* improvement(action-bar): ordering

* improvement(logs): details, trace span

* feat(blog): v0.5 release post (#2953)

* feat(blog): v0.5 post

* improvement(blog): simplify title and remove code block header

- Simplified blog title from Introducing Sim Studio v0.5 to Introducing Sim v0.5
- Removed language label header and copy button from code blocks for cleaner appearance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ack PR comments

* small styling improvements

* created system to create post-specific components

* updated componnet

* cache invalidation

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat(admin): add credits endpoint to issue credits to users (#2954)

* feat(admin): add credits endpoint to issue credits to users

* fix(admin): use existing credit functions and handle enterprise seats

* fix(admin): reject NaN and Infinity in amount validation

* styling

* fix(admin): validate userId and email are strings

* improvement(copilot): fast mode, subagent tool responses and allow preferences (#2955)

* Improvements

* Fix actions mapping

* Remove console logs

* fix(billing): handle missing userStats and prevent crashes (#2956)

* fix(billing): handle missing userStats and prevent crashes

* fix(billing): correct import path for getFilledPillColor

* fix(billing): add Number.isFinite check to lastPeriodCost

* fix(logs): refresh logic to refresh logs details (#2958)

* fix(security): add authentication and input validation to API routes (#2959)

* fix(security): add authentication and input validation to API routes

* moved utils

* remove extraneous commetns

* removed unused dep

* improvement(helm): add internal ingress support and same-host path consolidation (#2960)

* improvement(helm): add internal ingress support and same-host path consolidation

* improvement(helm): clean up ingress template comments

Simplify verbose inline Helm comments and section dividers to match the
minimal style used in services.yaml.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(helm): add missing copilot path consolidation for realtime host

When copilot.host equals realtime.host but differs from app.host,
copilot paths were not being routed. Added logic to consolidate
copilot paths into the realtime rule for this scenario.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* improvement(helm): follow ingress best practices

- Remove orphan comments that appeared when services were disabled
- Add documentation about path ordering requirements
- Paths rendered in order: realtime, copilot, app (specific before catch-all)
- Clean template output matching industry Helm chart standards

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat(blog): enterprise post (#2961)

* feat(blog): enterprise post

* added more images, styling

* more content

* updated v0-5 post

* remove unused transition

---------

Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>

* fix(envvars): resolution standardized (#2957)

* fix(envvars): resolution standardized

* remove comments

* address bugbot

* fix highlighting for env vars

* remove comments

* address greptile

* address bugbot

* fix(copilot): mask credentials fix (#2963)

* Fix copilot masking

* Clean up

* Lint

* improvement(webhooks): remove dead code (#2965)

* fix(webhooks): subscription recreation path

* improvement(webhooks): remove dead code

* fix tests

* address bugbot comments

* fix restoration edge case

* fix more edge cases

* address bugbot comments

* fix gmail polling

* add warnings for UI indication for credential sets

* fix(preview): subblock values (#2969)

* fix(child-workflow): nested spans handoff (#2966)

* fix(child-workflow): nested spans handoff

* remove overly defensive programming

* update type check

* type more code

* remove more dead code

* address bugbot comments

* fix(security): restrict API key access on internal-only routes (#2964)

* fix(security): restrict API key access on internal-only routes

* test(security): update function execute tests for checkInternalAuth

* updated agent handler

* move session check higher in checkSessionOrInternalAuth

* extracted duplicate code into helper for resolving user from jwt

* fix(copilot): update copilot chat title (#2968)

* fix(hitl): fix condition blocks after hitl (#2967)

* fix(notes): ghost edges (#2970)

* fix(notes): ghost edges

* fix deployed state fallback

* fallback

* remove UI level checks

* annotation missing from autoconnect source check

* improvement(docs): loop and parallel var reference syntax (#2975)

* fix(blog): slash actions description (#2976)

* improvement(docs): loop and parallel var reference syntax

* fix(blog): slash actions description

* fix(auth): copilot routes (#2977)

* Fix copilot auth

* Fix

* Fix

* Fix

* fix(copilot): fix edit summary for loops/parallels (#2978)

* fix(integrations): hide from tool bar (#2544)

* fix(landing): ui (#2979)

* fix(edge-validation): race condition on collaborative add (#2980)

* fix(variables): boolean type support and input improvements (#2981)

* fix(variables): boolean type support and input improvements

* fix formatting

---------

Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
Co-authored-by: Emir Karabeg <78010029+emir-karabeg@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Siddharth Ganesan <33737564+Sg312@users.noreply.github.com>
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>

apps/sim/app/api/copilot/auto-allowed-tools/route.ts

@@ -1,81 +1,145 @@
+import { db } from '@sim/db'
+import { settings } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
+import { getSession } from '@/lib/auth'
-import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
-import { env } from '@/lib/core/config/env'
 
 const logger = createLogger('CopilotAutoAllowedToolsAPI')
 
-function copilotHeaders(): HeadersInit {
+/**
-  const headers: Record<string, string> = {
+ * GET - Fetch user's auto-allowed integration tools
-    'Content-Type': 'application/json',
+ */
-  }
+export async function GET() {
-  if (env.COPILOT_API_KEY) {
-    headers['x-api-key'] = env.COPILOT_API_KEY
-  }
-  return headers
-}
-
-export async function DELETE(request: NextRequest) {
-  const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
-  if (!isAuthenticated || !userId) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  const toolIdFromQuery = new URL(request.url).searchParams.get('toolId') || undefined
-  const toolIdFromBody = await request
-    .json()
-    .then((body) => (typeof body?.toolId === 'string' ? body.toolId : undefined))
-    .catch(() => undefined)
-  const toolId = toolIdFromBody || toolIdFromQuery
-  if (!toolId) {
-    return NextResponse.json({ error: 'toolId is required' }, { status: 400 })
-  }
-
   try {
-    const res = await fetch(`${SIM_AGENT_API_URL}/api/tool-preferences/auto-allowed`, {
+    const session = await getSession()
-      method: 'DELETE',
-      headers: copilotHeaders(),
-      body: JSON.stringify({
-        userId,
-        toolId,
-      }),
-    })
 
-    const payload = await res.json().catch(() => ({}))
+    if (!session?.user?.id) {
-    if (!res.ok) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-      logger.warn('Failed to remove auto-allowed tool via copilot backend', {
-        status: res.status,
-        userId,
-        toolId,
-      })
-      return NextResponse.json(
-        {
-          success: false,
-          error: payload?.error || 'Failed to remove auto-allowed tool',
-          autoAllowedTools: [],
-        },
-        { status: res.status }
-      )
     }
 
-    return NextResponse.json({
+    const userId = session.user.id
-      success: true,
+
-      autoAllowedTools: Array.isArray(payload?.autoAllowedTools) ? payload.autoAllowedTools : [],
+    const [userSettings] = await db
-    })
+      .select()
-  } catch (error) {
+      .from(settings)
-    logger.error('Error removing auto-allowed tool', {
+      .where(eq(settings.userId, userId))
+      .limit(1)
+
+    if (userSettings) {
+      const autoAllowedTools = (userSettings.copilotAutoAllowedTools as string[]) || []
+      return NextResponse.json({ autoAllowedTools })
+    }
+
+    await db.insert(settings).values({
+      id: userId,
       userId,
-      toolId,
+      copilotAutoAllowedTools: [],
-      error: error instanceof Error ? error.message : String(error),
     })
-    return NextResponse.json(
+
-      {
+    return NextResponse.json({ autoAllowedTools: [] })
-        success: false,
+  } catch (error) {
-        error: 'Failed to remove auto-allowed tool',
+    logger.error('Failed to fetch auto-allowed tools', { error })
-        autoAllowedTools: [],
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-      },
+  }
-      { status: 500 }
+}
-    )
+
+/**
+ * POST - Add a tool to the auto-allowed list
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const body = await request.json()
+
+    if (!body.toolId || typeof body.toolId !== 'string') {
+      return NextResponse.json({ error: 'toolId must be a string' }, { status: 400 })
+    }
+
+    const toolId = body.toolId
+
+    const [existing] = await db.select().from(settings).where(eq(settings.userId, userId)).limit(1)
+
+    if (existing) {
+      const currentTools = (existing.copilotAutoAllowedTools as string[]) || []
+
+      if (!currentTools.includes(toolId)) {
+        const updatedTools = [...currentTools, toolId]
+        await db
+          .update(settings)
+          .set({
+            copilotAutoAllowedTools: updatedTools,
+            updatedAt: new Date(),
+          })
+          .where(eq(settings.userId, userId))
+
+        logger.info('Added tool to auto-allowed list', { userId, toolId })
+        return NextResponse.json({ success: true, autoAllowedTools: updatedTools })
+      }
+
+      return NextResponse.json({ success: true, autoAllowedTools: currentTools })
+    }
+
+    await db.insert(settings).values({
+      id: userId,
+      userId,
+      copilotAutoAllowedTools: [toolId],
+    })
+
+    logger.info('Created settings and added tool to auto-allowed list', { userId, toolId })
+    return NextResponse.json({ success: true, autoAllowedTools: [toolId] })
+  } catch (error) {
+    logger.error('Failed to add auto-allowed tool', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE - Remove a tool from the auto-allowed list
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const { searchParams } = new URL(request.url)
+    const toolId = searchParams.get('toolId')
+
+    if (!toolId) {
+      return NextResponse.json({ error: 'toolId query parameter is required' }, { status: 400 })
+    }
+
+    const [existing] = await db.select().from(settings).where(eq(settings.userId, userId)).limit(1)
+
+    if (existing) {
+      const currentTools = (existing.copilotAutoAllowedTools as string[]) || []
+      const updatedTools = currentTools.filter((t) => t !== toolId)
+
+      await db
+        .update(settings)
+        .set({
+          copilotAutoAllowedTools: updatedTools,
+          updatedAt: new Date(),
+        })
+        .where(eq(settings.userId, userId))
+
+      logger.info('Removed tool from auto-allowed list', { userId, toolId })
+      return NextResponse.json({ success: true, autoAllowedTools: updatedTools })
+    }
+
+    return NextResponse.json({ success: true, autoAllowedTools: [] })
+  } catch (error) {
+    logger.error('Failed to remove auto-allowed tool', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }

apps/sim/app/api/copilot/confirm/route.ts

@@ -1,11 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import {
+import { REDIS_TOOL_CALL_PREFIX, REDIS_TOOL_CALL_TTL_SECONDS } from '@/lib/copilot/constants'
-  REDIS_TOOL_CALL_PREFIX,
-  REDIS_TOOL_CALL_TTL_SECONDS,
-  SIM_AGENT_API_URL,
-} from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -14,7 +10,6 @@ import {
   createUnauthorizedResponse,
   type NotificationStatus,
 } from '@/lib/copilot/request-helpers'
-import { env } from '@/lib/core/config/env'
 import { getRedisClient } from '@/lib/core/config/redis'
 
 const logger = createLogger('CopilotConfirmAPI')
@@ -26,8 +21,6 @@ const ConfirmationSchema = z.object({
     errorMap: () => ({ message: 'Invalid notification status' }),
   }),
   message: z.string().optional(), // Optional message for background moves or additional context
-  toolName: z.string().optional(),
-  remember: z.boolean().optional(),
 })
 
 /**
@@ -64,44 +57,6 @@ async function updateToolCallStatus(
   }
 }
 
-async function saveAutoAllowedToolPreference(userId: string, toolName: string): Promise<boolean> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  }
-  if (env.COPILOT_API_KEY) {
-    headers['x-api-key'] = env.COPILOT_API_KEY
-  }
-
-  try {
-    const response = await fetch(`${SIM_AGENT_API_URL}/api/tool-preferences/auto-allowed`, {
-      method: 'POST',
-      headers,
-      body: JSON.stringify({
-        userId,
-        toolId: toolName,
-      }),
-    })
-
-    if (!response.ok) {
-      logger.warn('Failed to persist auto-allowed tool preference', {
-        userId,
-        toolName,
-        status: response.status,
-      })
-      return false
-    }
-
-    return true
-  } catch (error) {
-    logger.error('Error persisting auto-allowed tool preference', {
-      userId,
-      toolName,
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return false
-  }
-}
-
 /**
  * POST /api/copilot/confirm
  * Update tool call status (Accept/Reject)
@@ -119,7 +74,7 @@ export async function POST(req: NextRequest) {
     }
 
     const body = await req.json()
-    const { toolCallId, status, message, toolName, remember } = ConfirmationSchema.parse(body)
+    const { toolCallId, status, message } = ConfirmationSchema.parse(body)
 
     // Update the tool call status in Redis
     const updated = await updateToolCallStatus(toolCallId, status, message)
@@ -135,22 +90,14 @@ export async function POST(req: NextRequest) {
       return createBadRequestResponse('Failed to update tool call status or tool call not found')
     }
 
-    let rememberSaved = false
+    const duration = tracker.getDuration()
-    if (status === 'accepted' && remember === true && toolName && authenticatedUserId) {
-      rememberSaved = await saveAutoAllowedToolPreference(authenticatedUserId, toolName)
-    }
 
-    const response: Record<string, unknown> = {
+    return NextResponse.json({
       success: true,
       message: message || `Tool call ${toolCallId} has been ${status.toLowerCase()}`,
       toolCallId,
       status,
-    }
+    })
-    if (remember === true) {
-      response.rememberSaved = rememberSaved
-    }
-
-    return NextResponse.json(response)
   } catch (error) {
     const duration = tracker.getDuration()
 

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/diff-controls/diff-controls.tsx

@@ -14,15 +14,6 @@ const logger = createLogger('DiffControls')
 const NOTIFICATION_WIDTH = 240
 const NOTIFICATION_GAP = 16
 
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
 export const DiffControls = memo(function DiffControls() {
   const isTerminalResizing = useTerminalStore((state) => state.isResizing)
   const isPanelResizing = usePanelStore((state) => state.isResizing)
@@ -73,7 +64,7 @@ export const DiffControls = memo(function DiffControls() {
           const b = blocks[bi]
           if (b?.type === 'tool_call') {
             const tn = b.toolCall?.name
-            if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+            if (tn === 'edit_workflow') {
               id = b.toolCall?.id
               break outer
             }
@@ -81,9 +72,7 @@ export const DiffControls = memo(function DiffControls() {
         }
       }
       if (!id) {
-        const candidates = Object.values(toolCallsById).filter((t) =>
+        const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
-          isWorkflowEditToolCall(t.name, t.params)
-        )
         id = candidates.length ? candidates[candidates.length - 1].id : undefined
       }
       if (id) updatePreviewToolCallState('accepted', id)
@@ -113,7 +102,7 @@ export const DiffControls = memo(function DiffControls() {
           const b = blocks[bi]
           if (b?.type === 'tool_call') {
             const tn = b.toolCall?.name
-            if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+            if (tn === 'edit_workflow') {
               id = b.toolCall?.id
               break outer
             }
@@ -121,9 +110,7 @@ export const DiffControls = memo(function DiffControls() {
         }
       }
       if (!id) {
-        const candidates = Object.values(toolCallsById).filter((t) =>
+        const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
-          isWorkflowEditToolCall(t.name, t.params)
-        )
         id = candidates.length ? candidates[candidates.length - 1].id : undefined
       }
       if (id) updatePreviewToolCallState('rejected', id)

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/tool-call/tool-call.tsx

@@ -47,28 +47,6 @@ interface ParsedTags {
   cleanContent: string
 }
 
-function getToolCallParams(toolCall?: CopilotToolCall): Record<string, unknown> {
-  const candidate = ((toolCall as any)?.parameters ||
-    (toolCall as any)?.input ||
-    (toolCall as any)?.params ||
-    {}) as Record<string, unknown>
-  return candidate && typeof candidate === 'object' ? candidate : {}
-}
-
-function isWorkflowChangeApplyMode(toolCall?: CopilotToolCall): boolean {
-  if (!toolCall || toolCall.name !== 'workflow_change') return false
-  const params = getToolCallParams(toolCall)
-  const mode = typeof params.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function isWorkflowEditSummaryTool(toolCall?: CopilotToolCall): boolean {
-  if (!toolCall) return false
-  if (toolCall.name === 'edit_workflow') return true
-  return isWorkflowChangeApplyMode(toolCall)
-}
-
 /**
  * Extracts plan steps from plan_respond tool calls in subagent blocks.
  * @param blocks - The subagent content blocks to search
@@ -893,10 +871,7 @@ const SubagentContentRenderer = memo(function SubagentContentRenderer({
           )
         }
         if (segment.type === 'tool' && segment.block.toolCall) {
-          if (
+          if (toolCall.name === 'edit' && segment.block.toolCall.name === 'edit_workflow') {
-            (toolCall.name === 'edit' || toolCall.name === 'build') &&
-            isWorkflowEditSummaryTool(segment.block.toolCall)
-          ) {
             return (
               <div key={`tool-${segment.block.toolCall.id || index}`}>
                 <WorkflowEditSummary toolCall={segment.block.toolCall} />
@@ -993,11 +968,12 @@ const WorkflowEditSummary = memo(function WorkflowEditSummary({
     }
   }, [blocks])
 
-  if (!isWorkflowEditSummaryTool(toolCall)) {
+  if (toolCall.name !== 'edit_workflow') {
     return null
   }
 
-  const params = getToolCallParams(toolCall)
+  const params =
+    (toolCall as any).parameters || (toolCall as any).input || (toolCall as any).params || {}
   let operations = Array.isArray(params.operations) ? params.operations : []
 
   if (operations.length === 0 && Array.isArray((toolCall as any).operations)) {
@@ -1243,6 +1219,11 @@ const WorkflowEditSummary = memo(function WorkflowEditSummary({
   )
 })
 
+/** Checks if a tool is server-side executed (not a client tool) */
+function isIntegrationTool(toolName: string): boolean {
+  return !TOOL_DISPLAY_REGISTRY[toolName]
+}
+
 function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
   if (!toolCall.name || toolCall.name === 'unknown_tool') {
     return false
@@ -1252,96 +1233,59 @@ function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
     return false
   }
 
-  if (toolCall.ui?.showInterrupt !== true) {
+  // Never show buttons for tools the user has marked as always-allowed
+  if (useCopilotStore.getState().isToolAutoAllowed(toolCall.name)) {
     return false
   }
 
-  return true
+  const hasInterrupt = !!TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.interrupt
+  if (hasInterrupt) {
+    return true
+  }
+
+  // Integration tools (user-installed) always require approval
+  if (isIntegrationTool(toolCall.name)) {
+    return true
+  }
+
+  return false
 }
 
 const toolCallLogger = createLogger('CopilotToolCall')
 
 async function sendToolDecision(
   toolCallId: string,
-  status: 'accepted' | 'rejected' | 'background',
+  status: 'accepted' | 'rejected' | 'background'
-  options?: {
-    toolName?: string
-    remember?: boolean
-  }
 ) {
   try {
     await fetch('/api/copilot/confirm', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
+      body: JSON.stringify({ toolCallId, status }),
-        toolCallId,
-        status,
-        ...(options?.toolName ? { toolName: options.toolName } : {}),
-        ...(options?.remember ? { remember: true } : {}),
-      }),
     })
   } catch (error) {
     toolCallLogger.warn('Failed to send tool decision', {
       toolCallId,
       status,
-      remember: options?.remember === true,
-      toolName: options?.toolName,
       error: error instanceof Error ? error.message : String(error),
     })
   }
 }
 
-async function removeAutoAllowedToolPreference(toolName: string): Promise<boolean> {
-  try {
-    const response = await fetch(`/api/copilot/auto-allowed-tools?toolId=${encodeURIComponent(toolName)}`, {
-      method: 'DELETE',
-    })
-    return response.ok
-  } catch (error) {
-    toolCallLogger.warn('Failed to remove auto-allowed tool preference', {
-      toolName,
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return false
-  }
-}
-
-type ToolUiAction = NonNullable<NonNullable<CopilotToolCall['ui']>['actions']>[number]
-
-function actionDecision(action: ToolUiAction): 'accepted' | 'rejected' | 'background' {
-  const id = action.id.toLowerCase()
-  if (id.includes('background')) return 'background'
-  if (action.kind === 'reject') return 'rejected'
-  return 'accepted'
-}
-
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
-  if (toolCall.execution?.target === 'sim_client_capability') {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
-  }
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
-}
-
 async function handleRun(
   toolCall: CopilotToolCall,
   setToolCallState: any,
   onStateChange?: any,
-  editedParams?: any,
+  editedParams?: any
-  options?: {
-    remember?: boolean
-  }
 ) {
   setToolCallState(toolCall, 'executing', editedParams ? { params: editedParams } : undefined)
   onStateChange?.('executing')
-  await sendToolDecision(toolCall.id, 'accepted', {
+  await sendToolDecision(toolCall.id, 'accepted')
-    toolName: toolCall.name,
-    remember: options?.remember === true,
-  })
 
   // Client-executable run tools: execute on the client for real-time feedback
   // (block pulsing, console logs, stop button). The server defers execution
   // for these tools; the client reports back via mark-complete.
-  if (isClientRunCapability(toolCall)) {
+  if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)) {
     const params = editedParams || toolCall.params || {}
     executeRunToolOnClient(toolCall.id, toolCall.name, params)
   }
@@ -1354,9 +1298,6 @@ async function handleSkip(toolCall: CopilotToolCall, setToolCallState: any, onSt
 }
 
 function getDisplayName(toolCall: CopilotToolCall): string {
-  if (toolCall.ui?.phaseLabel) return toolCall.ui.phaseLabel
-  if (toolCall.ui?.title) return `${getStateVerb(toolCall.state)} ${toolCall.ui.title}`
-
   const fromStore = (toolCall as any).display?.text
   if (fromStore) return fromStore
   const registryEntry = TOOL_DISPLAY_REGISTRY[toolCall.name]
@@ -1401,37 +1342,53 @@ function RunSkipButtons({
   toolCall,
   onStateChange,
   editedParams,
-  actions,
 }: {
   toolCall: CopilotToolCall
   onStateChange?: (state: any) => void
   editedParams?: any
-  actions: ToolUiAction[]
 }) {
   const [isProcessing, setIsProcessing] = useState(false)
   const [buttonsHidden, setButtonsHidden] = useState(false)
   const actionInProgressRef = useRef(false)
-  const { setToolCallState } = useCopilotStore()
+  const { setToolCallState, addAutoAllowedTool } = useCopilotStore()
 
-  const onAction = async (action: ToolUiAction) => {
+  const onRun = async () => {
     // Prevent race condition - check ref synchronously
     if (actionInProgressRef.current) return
     actionInProgressRef.current = true
     setIsProcessing(true)
     setButtonsHidden(true)
     try {
-      const decision = actionDecision(action)
+      await handleRun(toolCall, setToolCallState, onStateChange, editedParams)
-      if (decision === 'accepted') {
+    } finally {
-        await handleRun(toolCall, setToolCallState, onStateChange, editedParams, {
+      setIsProcessing(false)
-          remember: action.remember === true,
+      actionInProgressRef.current = false
-        })
+    }
-      } else if (decision === 'rejected') {
+  }
-        await handleSkip(toolCall, setToolCallState, onStateChange)
+
-      } else {
+  const onAlwaysAllow = async () => {
-        setToolCallState(toolCall, ClientToolCallState.background)
+    // Prevent race condition - check ref synchronously
-        onStateChange?.('background')
+    if (actionInProgressRef.current) return
-        await sendToolDecision(toolCall.id, 'background')
+    actionInProgressRef.current = true
-      }
+    setIsProcessing(true)
+    setButtonsHidden(true)
+    try {
+      await addAutoAllowedTool(toolCall.name)
+      await handleRun(toolCall, setToolCallState, onStateChange, editedParams)
+    } finally {
+      setIsProcessing(false)
+      actionInProgressRef.current = false
+    }
+  }
+
+  const onSkip = async () => {
+    // Prevent race condition - check ref synchronously
+    if (actionInProgressRef.current) return
+    actionInProgressRef.current = true
+    setIsProcessing(true)
+    setButtonsHidden(true)
+    try {
+      await handleSkip(toolCall, setToolCallState, onStateChange)
     } finally {
       setIsProcessing(false)
       actionInProgressRef.current = false
@@ -1440,22 +1397,23 @@ function RunSkipButtons({
 
   if (buttonsHidden) return null
 
+  // Show "Always Allow" for all tools that require confirmation
+  const showAlwaysAllow = true
+
+  // Standardized buttons for all interrupt tools: Allow, Always Allow, Skip
   return (
     <div className='mt-[10px] flex gap-[6px]'>
-      {actions.map((action, index) => {
+      <Button onClick={onRun} disabled={isProcessing} variant='tertiary'>
-        const variant =
+        {isProcessing ? 'Allowing...' : 'Allow'}
-          action.kind === 'reject' ? 'default' : action.remember ? 'default' : 'tertiary'
+      </Button>
-        return (
+      {showAlwaysAllow && (
-          <Button
+        <Button onClick={onAlwaysAllow} disabled={isProcessing} variant='default'>
-            key={action.id}
+          {isProcessing ? 'Allowing...' : 'Always Allow'}
-            onClick={() => onAction(action)}
+        </Button>
-            disabled={isProcessing}
+      )}
-            variant={variant}
+      <Button onClick={onSkip} disabled={isProcessing} variant='default'>
-          >
+        Skip
-            {isProcessing && index === 0 ? 'Working...' : action.label}
+      </Button>
-          </Button>
-        )
-      })}
     </div>
   )
 }
@@ -1472,16 +1430,10 @@ export function ToolCall({
   const liveToolCall = useCopilotStore((s) =>
     effectiveId ? s.toolCallsById[effectiveId] : undefined
   )
-  const rawToolCall = liveToolCall || toolCallProp
+  const toolCall = liveToolCall || toolCallProp
-  const hasRealToolCall = !!rawToolCall
+
-  const toolCall: CopilotToolCall =
+  // Guard: nothing to render without a toolCall
-    rawToolCall ||
+  if (!toolCall) return null
-    ({
-      id: effectiveId || '',
-      name: '',
-      state: ClientToolCallState.generating,
-      params: {},
-    } as CopilotToolCall)
 
   const isExpandablePending =
     toolCall?.state === 'pending' &&
@@ -1489,15 +1441,17 @@ export function ToolCall({
 
   const [expanded, setExpanded] = useState(isExpandablePending)
   const [showRemoveAutoAllow, setShowRemoveAutoAllow] = useState(false)
-  const [autoAllowRemovedForCall, setAutoAllowRemovedForCall] = useState(false)
 
   // State for editable parameters
   const params = (toolCall as any).parameters || (toolCall as any).input || toolCall.params || {}
   const [editedParams, setEditedParams] = useState(params)
   const paramsRef = useRef(params)
 
-  const { setToolCallState } = useCopilotStore()
+  // Check if this integration tool is auto-allowed
-  const isAutoAllowed = toolCall.ui?.autoAllowed === true && !autoAllowRemovedForCall
+  const { removeAutoAllowedTool, setToolCallState } = useCopilotStore()
+  const isAutoAllowed = useCopilotStore(
+    (s) => isIntegrationTool(toolCall.name) && s.isToolAutoAllowed(toolCall.name)
+  )
 
   // Update edited params when toolCall params change (deep comparison to avoid resetting user edits on ref change)
   useEffect(() => {
@@ -1507,14 +1461,6 @@ export function ToolCall({
     }
   }, [params])
 
-  useEffect(() => {
-    setAutoAllowRemovedForCall(false)
-    setShowRemoveAutoAllow(false)
-  }, [toolCall.id])
-
-  // Guard: nothing to render without a toolCall
-  if (!hasRealToolCall) return null
-
   // Skip rendering some internal tools
   if (
     toolCall.name === 'checkoff_todo' ||
@@ -1526,9 +1472,7 @@ export function ToolCall({
     return null
 
   // Special rendering for subagent tools - show as thinking text with tool calls at top level
-  const isSubagentTool =
+  const isSubagentTool = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.subagent === true
-    toolCall.execution?.target === 'go_subagent' ||
-    TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.subagent === true
 
   // For ALL subagent tools, don't show anything until we have blocks with content
   if (isSubagentTool) {
@@ -1555,6 +1499,28 @@ export function ToolCall({
     )
   }
 
+  // Get current mode from store to determine if we should render integration tools
+  const mode = useCopilotStore.getState().mode
+
+  // Check if this is a completed/historical tool call (not pending/executing)
+  // Use string comparison to handle both enum values and string values from DB
+  const stateStr = String(toolCall.state)
+  const isCompletedToolCall =
+    stateStr === 'success' ||
+    stateStr === 'error' ||
+    stateStr === 'rejected' ||
+    stateStr === 'aborted'
+
+  // Allow rendering if:
+  // 1. Tool is in TOOL_DISPLAY_REGISTRY (client tools), OR
+  // 2. We're in build mode (integration tools are executed server-side), OR
+  // 3. Tool call is already completed (historical - should always render)
+  const isClientTool = !!TOOL_DISPLAY_REGISTRY[toolCall.name]
+  const isIntegrationToolInBuildMode = mode === 'build' && !isClientTool
+
+  if (!isClientTool && !isIntegrationToolInBuildMode && !isCompletedToolCall) {
+    return null
+  }
   const toolUIConfig = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig
   // Check if tool has params table config (meaning it's expandable)
   const hasParamsTable = !!toolUIConfig?.paramsTable
@@ -1564,14 +1530,6 @@ export function ToolCall({
     toolCall.name === 'make_api_request' ||
     toolCall.name === 'set_global_workflow_variables'
 
-  const interruptActions =
-    (toolCall.ui?.actions && toolCall.ui.actions.length > 0
-      ? toolCall.ui.actions
-      : [
-          { id: 'allow_once', label: 'Allow', kind: 'accept' as const },
-          { id: 'allow_always', label: 'Always Allow', kind: 'accept' as const, remember: true },
-          { id: 'reject', label: 'Skip', kind: 'reject' as const },
-        ]) as ToolUiAction[]
   const showButtons = isCurrentMessage && shouldShowRunSkipButtons(toolCall)
 
   // Check UI config for secondary action - only show for current message tool calls
@@ -2029,12 +1987,9 @@ export function ToolCall({
           <div className='mt-[10px]'>
             <Button
               onClick={async () => {
-                const removed = await removeAutoAllowedToolPreference(toolCall.name)
+                await removeAutoAllowedTool(toolCall.name)
-                if (removed) {
+                setShowRemoveAutoAllow(false)
-                  setAutoAllowRemovedForCall(true)
+                forceUpdate({})
-                  setShowRemoveAutoAllow(false)
-                  forceUpdate({})
-                }
               }}
               variant='default'
               className='text-xs'
@@ -2048,7 +2003,6 @@ export function ToolCall({
             toolCall={toolCall}
             onStateChange={handleStateChange}
             editedParams={editedParams}
-            actions={interruptActions}
           />
         )}
         {/* Render subagent content as thinking text */}
@@ -2094,12 +2048,9 @@ export function ToolCall({
           <div className='mt-[10px]'>
             <Button
               onClick={async () => {
-                const removed = await removeAutoAllowedToolPreference(toolCall.name)
+                await removeAutoAllowedTool(toolCall.name)
-                if (removed) {
+                setShowRemoveAutoAllow(false)
-                  setAutoAllowRemovedForCall(true)
+                forceUpdate({})
-                  setShowRemoveAutoAllow(false)
-                  forceUpdate({})
-                }
               }}
               variant='default'
               className='text-xs'
@@ -2113,7 +2064,6 @@ export function ToolCall({
             toolCall={toolCall}
             onStateChange={handleStateChange}
             editedParams={editedParams}
-            actions={interruptActions}
           />
         )}
         {/* Render subagent content as thinking text */}
@@ -2137,7 +2087,7 @@ export function ToolCall({
     }
   }
 
-  const isEditWorkflow = isWorkflowEditSummaryTool(toolCall)
+  const isEditWorkflow = toolCall.name === 'edit_workflow'
   const shouldShowDetails = isRunWorkflow || (isExpandableTool && expanded)
   const hasOperations = Array.isArray(params.operations) && params.operations.length > 0
   const hideTextForEditWorkflow = isEditWorkflow && hasOperations
@@ -2159,12 +2109,9 @@ export function ToolCall({
         <div className='mt-[10px]'>
           <Button
             onClick={async () => {
-              const removed = await removeAutoAllowedToolPreference(toolCall.name)
+              await removeAutoAllowedTool(toolCall.name)
-              if (removed) {
+              setShowRemoveAutoAllow(false)
-                setAutoAllowRemovedForCall(true)
+              forceUpdate({})
-                setShowRemoveAutoAllow(false)
-                forceUpdate({})
-              }
             }}
             variant='default'
             className='text-xs'
@@ -2178,7 +2125,6 @@ export function ToolCall({
           toolCall={toolCall}
           onStateChange={handleStateChange}
           editedParams={editedParams}
-          actions={interruptActions}
         />
       ) : showMoveToBackground ? (
         <div className='mt-[10px]'>
@@ -2209,7 +2155,7 @@ export function ToolCall({
           </Button>
         </div>
       ) : null}
-      {/* Workflow edit summary - shows block changes after edit_workflow/workflow_change(apply) */}
+      {/* Workflow edit summary - shows block changes after edit_workflow completes */}
       <WorkflowEditSummary toolCall={toolCall} />
 
       {/* Render subagent content as thinking text */}

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/copilot.tsx

@@ -113,6 +113,7 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     clearPlanArtifact,
     savePlanArtifact,
     loadAvailableModels,
+    loadAutoAllowedTools,
     resumeActiveStream,
   } = useCopilotStore()
 
@@ -124,6 +125,8 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     setCopilotWorkflowId,
     loadChats,
     loadAvailableModels,
+    loadAutoAllowedTools,
+    currentChat,
     isSendingMessage,
     resumeActiveStream,
   })

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/hooks/use-copilot-initialization.ts

@@ -12,6 +12,8 @@ interface UseCopilotInitializationProps {
   setCopilotWorkflowId: (workflowId: string | null) => Promise<void>
   loadChats: (forceRefresh?: boolean) => Promise<void>
   loadAvailableModels: () => Promise<void>
+  loadAutoAllowedTools: () => Promise<void>
+  currentChat: any
   isSendingMessage: boolean
   resumeActiveStream: () => Promise<boolean>
 }
@@ -30,6 +32,8 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     setCopilotWorkflowId,
     loadChats,
     loadAvailableModels,
+    loadAutoAllowedTools,
+    currentChat,
     isSendingMessage,
     resumeActiveStream,
   } = props
@@ -116,6 +120,17 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     })
   }, [isSendingMessage, resumeActiveStream])
 
+  /** Load auto-allowed tools once on mount - runs immediately, independent of workflow */
+  const hasLoadedAutoAllowedToolsRef = useRef(false)
+  useEffect(() => {
+    if (!hasLoadedAutoAllowedToolsRef.current) {
+      hasLoadedAutoAllowedToolsRef.current = true
+      loadAutoAllowedTools().catch((err) => {
+        logger.warn('[Copilot] Failed to load auto-allowed tools', err)
+      })
+    }
+  }, [loadAutoAllowedTools])
+
   /** Load available models once on mount */
   const hasLoadedModelsRef = useRef(false)
   useEffect(() => {

apps/sim/lib/copilot/client-sse/handlers.ts

@@ -1,5 +1,5 @@
 import { createLogger } from '@sim/logger'
-import { STREAM_STORAGE_KEY } from '@/lib/copilot/constants'
+import { COPILOT_CONFIRM_API_PATH, STREAM_STORAGE_KEY } from '@/lib/copilot/constants'
 import { asRecord } from '@/lib/copilot/orchestrator/sse-utils'
 import type { SSEEvent } from '@/lib/copilot/orchestrator/types'
 import {
@@ -26,119 +26,21 @@ const MAX_BATCH_INTERVAL = 50
 const MIN_BATCH_INTERVAL = 16
 const MAX_QUEUE_SIZE = 5
 
-function isWorkflowEditToolCall(toolName?: string, params?: Record<string, unknown>): boolean {
+/**
-  if (toolName === 'edit_workflow') return true
+ * Send an auto-accept confirmation to the server for auto-allowed tools.
-  if (toolName !== 'workflow_change') return false
+ * The server-side orchestrator polls Redis for this decision.
-
+ */
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
+export function sendAutoAcceptConfirmation(toolCallId: string): void {
-  if (mode === 'apply') return true
+  fetch(COPILOT_CONFIRM_API_PATH, {
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
+    method: 'POST',
-}
+    headers: { 'Content-Type': 'application/json' },
-
+    body: JSON.stringify({ toolCallId, status: 'accepted' }),
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
+  }).catch((error) => {
-  if (toolCall.execution?.target === 'sim_client_capability') {
+    logger.warn('Failed to send auto-accept confirmation', {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
+      toolCallId,
-  }
+      error: error instanceof Error ? error.message : String(error),
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
+    })
-}
+  })
-
-function mapServerStateToClientState(state: unknown): ClientToolCallState {
-  switch (String(state || '')) {
-    case 'generating':
-      return ClientToolCallState.generating
-    case 'pending':
-    case 'awaiting_approval':
-      return ClientToolCallState.pending
-    case 'executing':
-      return ClientToolCallState.executing
-    case 'success':
-      return ClientToolCallState.success
-    case 'rejected':
-    case 'skipped':
-      return ClientToolCallState.rejected
-    case 'aborted':
-      return ClientToolCallState.aborted
-    case 'error':
-    case 'failed':
-      return ClientToolCallState.error
-    default:
-      return ClientToolCallState.pending
-  }
-}
-
-function extractToolUiMetadata(data: Record<string, unknown>): CopilotToolCall['ui'] | undefined {
-  const ui = asRecord(data.ui)
-  if (!ui || Object.keys(ui).length === 0) return undefined
-  const autoAllowedFromUi = ui.autoAllowed === true
-  const autoAllowedFromData = data.autoAllowed === true
-  return {
-    title: typeof ui.title === 'string' ? ui.title : undefined,
-    phaseLabel: typeof ui.phaseLabel === 'string' ? ui.phaseLabel : undefined,
-    icon: typeof ui.icon === 'string' ? ui.icon : undefined,
-    showInterrupt: ui.showInterrupt === true,
-    showRemember: ui.showRemember === true,
-    autoAllowed: autoAllowedFromUi || autoAllowedFromData,
-    actions: Array.isArray(ui.actions)
-      ? ui.actions
-          .map((action) => {
-            const a = asRecord(action)
-            const id = typeof a.id === 'string' ? a.id : undefined
-            const label = typeof a.label === 'string' ? a.label : undefined
-            const kind: 'accept' | 'reject' = a.kind === 'reject' ? 'reject' : 'accept'
-            if (!id || !label) return null
-            return {
-              id,
-              label,
-              kind,
-              remember: a.remember === true,
-            }
-          })
-          .filter((a): a is NonNullable<typeof a> => !!a)
-      : undefined,
-  }
-}
-
-function extractToolExecutionMetadata(
-  data: Record<string, unknown>
-): CopilotToolCall['execution'] | undefined {
-  const execution = asRecord(data.execution)
-  if (!execution || Object.keys(execution).length === 0) return undefined
-  return {
-    target: typeof execution.target === 'string' ? execution.target : undefined,
-    capabilityId: typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-  }
-}
-
-function isWorkflowChangeApplyCall(toolName?: string, params?: Record<string, unknown>): boolean {
-  if (toolName !== 'workflow_change') return false
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function extractWorkflowStateFromResultPayload(
-  resultPayload: Record<string, unknown>
-): WorkflowState | null {
-  const directState = asRecord(resultPayload.workflowState)
-  if (directState) return directState as unknown as WorkflowState
-
-  const editResult = asRecord(resultPayload.editResult)
-  const nestedState = asRecord(editResult?.workflowState)
-  if (nestedState) return nestedState as unknown as WorkflowState
-
-  return null
-}
-
-function extractOperationListFromResultPayload(
-  resultPayload: Record<string, unknown>
-): Array<Record<string, unknown>> | undefined {
-  const operations = resultPayload.operations
-  if (Array.isArray(operations)) return operations as Array<Record<string, unknown>>
-
-  const compiled = resultPayload.compiledOperations
-  if (Array.isArray(compiled)) return compiled as Array<Record<string, unknown>>
-
-  return undefined
 }
 
 function writeActiveStreamToStorage(info: CopilotStreamInfo | null): void {
@@ -342,28 +244,14 @@ export const sseHandlers: Record<string, SSEHandler> = {
     try {
       const eventData = asRecord(data?.data)
       const toolCallId: string | undefined =
-        data?.toolCallId ||
+        data?.toolCallId || (eventData.id as string | undefined)
-        (eventData.id as string | undefined) ||
-        (eventData.callId as string | undefined)
       const success: boolean | undefined = data?.success
       const failedDependency: boolean = data?.failedDependency === true
       const resultObj = asRecord(data?.result)
       const skipped: boolean = resultObj.skipped === true
       if (!toolCallId) return
-      const uiMetadata = extractToolUiMetadata(eventData)
-      const executionMetadata = extractToolExecutionMetadata(eventData)
-      const serverState = (eventData.state as string | undefined) || undefined
-      const targetState = serverState
-        ? mapServerStateToClientState(serverState)
-        : success
-          ? ClientToolCallState.success
-          : failedDependency || skipped
-            ? ClientToolCallState.rejected
-            : ClientToolCallState.error
-      const resultPayload = asRecord(data?.result || eventData.result || eventData.data || data?.data)
       const { toolCallsById } = get()
       const current = toolCallsById[toolCallId]
-      let paramsForCurrentToolCall: Record<string, unknown> | undefined = current?.params
       if (current) {
         if (
           isRejectedState(current.state) ||
@@ -372,32 +260,16 @@ export const sseHandlers: Record<string, SSEHandler> = {
         ) {
           return
         }
-        if (
+        const targetState = success
-          targetState === ClientToolCallState.success &&
+          ? ClientToolCallState.success
-          isWorkflowChangeApplyCall(current.name, paramsForCurrentToolCall)
+          : failedDependency || skipped
-        ) {
+            ? ClientToolCallState.rejected
-          const operations = extractOperationListFromResultPayload(resultPayload || {})
+            : ClientToolCallState.error
-          if (operations && operations.length > 0) {
-            paramsForCurrentToolCall = {
-              ...(current.params || {}),
-              operations,
-            }
-          }
-        }
-
         const updatedMap = { ...toolCallsById }
         updatedMap[toolCallId] = {
           ...current,
-          ui: uiMetadata || current.ui,
-          execution: executionMetadata || current.execution,
-          params: paramsForCurrentToolCall,
           state: targetState,
-          display: resolveToolDisplay(
+          display: resolveToolDisplay(current.name, targetState, current.id, current.params),
-            current.name,
-            targetState,
-            current.id,
-            paramsForCurrentToolCall
-          ),
         }
         set({ toolCallsById: updatedMap })
 
@@ -440,39 +312,31 @@ export const sseHandlers: Record<string, SSEHandler> = {
           }
         }
 
-        if (
+        if (current.name === 'edit_workflow') {
-          targetState === ClientToolCallState.success &&
-          isWorkflowEditToolCall(current.name, paramsForCurrentToolCall)
-        ) {
           try {
-            const workflowState = resultPayload
+            const resultPayload = asRecord(
-              ? extractWorkflowStateFromResultPayload(resultPayload)
+              data?.result || eventData.result || eventData.data || data?.data
-              : null
+            )
-            const hasWorkflowState = !!workflowState
+            const workflowState = asRecord(resultPayload?.workflowState)
-            logger.info('[SSE] workflow edit result received', {
+            const hasWorkflowState = !!resultPayload?.workflowState
-              toolName: current.name,
+            logger.info('[SSE] edit_workflow result received', {
               hasWorkflowState,
-              blockCount: hasWorkflowState
+              blockCount: hasWorkflowState ? Object.keys(workflowState.blocks ?? {}).length : 0,
-                ? Object.keys((workflowState as any).blocks ?? {}).length
+              edgeCount: Array.isArray(workflowState.edges) ? workflowState.edges.length : 0,
-                : 0,
-              edgeCount:
-                hasWorkflowState && Array.isArray((workflowState as any).edges)
-                  ? (workflowState as any).edges.length
-                  : 0,
             })
-            if (workflowState) {
+            if (hasWorkflowState) {
               const diffStore = useWorkflowDiffStore.getState()
-              diffStore.setProposedChanges(workflowState).catch((err) => {
+              diffStore
-                logger.error('[SSE] Failed to apply workflow edit diff', {
+                .setProposedChanges(resultPayload.workflowState as WorkflowState)
-                  error: err instanceof Error ? err.message : String(err),
+                .catch((err) => {
-                  toolName: current.name,
+                  logger.error('[SSE] Failed to apply edit_workflow diff', {
+                    error: err instanceof Error ? err.message : String(err),
+                  })
                 })
-              })
             }
           } catch (err) {
-            logger.error('[SSE] workflow edit result handling failed', {
+            logger.error('[SSE] edit_workflow result handling failed', {
               error: err instanceof Error ? err.message : String(err),
-              toolName: current.name,
             })
           }
         }
@@ -596,23 +460,16 @@ export const sseHandlers: Record<string, SSEHandler> = {
             : failedDependency || skipped
               ? ClientToolCallState.rejected
               : ClientToolCallState.error
-          const paramsForBlock =
-            b.toolCall?.id === toolCallId
-              ? paramsForCurrentToolCall || b.toolCall?.params
-              : b.toolCall?.params
           context.contentBlocks[i] = {
             ...b,
             toolCall: {
               ...b.toolCall,
-              params: paramsForBlock,
-              ui: uiMetadata || b.toolCall?.ui,
-              execution: executionMetadata || b.toolCall?.execution,
               state: targetState,
               display: resolveToolDisplay(
                 b.toolCall?.name,
                 targetState,
                 toolCallId,
-                paramsForBlock
+                b.toolCall?.params
               ),
             },
           }
@@ -630,9 +487,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
     try {
       const errorData = asRecord(data?.data)
       const toolCallId: string | undefined =
-        data?.toolCallId ||
+        data?.toolCallId || (errorData.id as string | undefined)
-        (errorData.id as string | undefined) ||
-        (errorData.callId as string | undefined)
       const failedDependency: boolean = data?.failedDependency === true
       if (!toolCallId) return
       const { toolCallsById } = get()
@@ -645,18 +500,12 @@ export const sseHandlers: Record<string, SSEHandler> = {
         ) {
           return
         }
-        const targetState = errorData.state
+        const targetState = failedDependency
-          ? mapServerStateToClientState(errorData.state)
+          ? ClientToolCallState.rejected
-          : failedDependency
+          : ClientToolCallState.error
-            ? ClientToolCallState.rejected
-            : ClientToolCallState.error
-        const uiMetadata = extractToolUiMetadata(errorData)
-        const executionMetadata = extractToolExecutionMetadata(errorData)
         const updatedMap = { ...toolCallsById }
         updatedMap[toolCallId] = {
           ...current,
-          ui: uiMetadata || current.ui,
-          execution: executionMetadata || current.execution,
           state: targetState,
           display: resolveToolDisplay(current.name, targetState, current.id, current.params),
         }
@@ -671,19 +520,13 @@ export const sseHandlers: Record<string, SSEHandler> = {
             isBackgroundState(b.toolCall?.state)
           )
             break
-          const targetState = errorData.state
+          const targetState = failedDependency
-            ? mapServerStateToClientState(errorData.state)
+            ? ClientToolCallState.rejected
-            : failedDependency
+            : ClientToolCallState.error
-              ? ClientToolCallState.rejected
-              : ClientToolCallState.error
-          const uiMetadata = extractToolUiMetadata(errorData)
-          const executionMetadata = extractToolExecutionMetadata(errorData)
           context.contentBlocks[i] = {
             ...b,
             toolCall: {
               ...b.toolCall,
-              ui: uiMetadata || b.toolCall?.ui,
-              execution: executionMetadata || b.toolCall?.execution,
               state: targetState,
               display: resolveToolDisplay(
                 b.toolCall?.name,
@@ -704,26 +547,19 @@ export const sseHandlers: Record<string, SSEHandler> = {
     }
   },
   tool_generating: (data, context, get, set) => {
-    const eventData = asRecord(data?.data)
+    const { toolCallId, toolName } = data
-    const toolCallId =
-      data?.toolCallId ||
-      (eventData.id as string | undefined) ||
-      (eventData.callId as string | undefined)
-    const toolName =
-      data?.toolName ||
-      (eventData.name as string | undefined) ||
-      (eventData.toolName as string | undefined)
     if (!toolCallId || !toolName) return
     const { toolCallsById } = get()
 
     if (!toolCallsById[toolCallId]) {
-      const initialState = ClientToolCallState.generating
+      const isAutoAllowed = get().isToolAutoAllowed(toolName)
+      const initialState = isAutoAllowed
+        ? ClientToolCallState.executing
+        : ClientToolCallState.pending
       const tc: CopilotToolCall = {
         id: toolCallId,
         name: toolName,
         state: initialState,
-        ui: extractToolUiMetadata(eventData),
-        execution: extractToolExecutionMetadata(eventData),
         display: resolveToolDisplay(toolName, initialState, toolCallId),
       }
       const updated = { ...toolCallsById, [toolCallId]: tc }
@@ -736,27 +572,17 @@ export const sseHandlers: Record<string, SSEHandler> = {
   },
   tool_call: (data, context, get, set) => {
     const toolData = asRecord(data?.data)
-    const id: string | undefined =
+    const id: string | undefined = (toolData.id as string | undefined) || data?.toolCallId
-      (toolData.id as string | undefined) ||
+    const name: string | undefined = (toolData.name as string | undefined) || data?.toolName
-      (toolData.callId as string | undefined) ||
-      data?.toolCallId
-    const name: string | undefined =
-      (toolData.name as string | undefined) ||
-      (toolData.toolName as string | undefined) ||
-      data?.toolName
     if (!id) return
     const args = toolData.arguments as Record<string, unknown> | undefined
     const isPartial = toolData.partial === true
-    const uiMetadata = extractToolUiMetadata(toolData)
-    const executionMetadata = extractToolExecutionMetadata(toolData)
-    const serverState = toolData.state
     const { toolCallsById } = get()
 
     const existing = toolCallsById[id]
     const toolName = name || existing?.name || 'unknown_tool'
-    let initialState = serverState
+    const isAutoAllowed = get().isToolAutoAllowed(toolName)
-      ? mapServerStateToClientState(serverState)
+    let initialState = isAutoAllowed ? ClientToolCallState.executing : ClientToolCallState.pending
-      : ClientToolCallState.pending
 
     // Avoid flickering back to pending on partial/duplicate events once a tool is executing.
     if (
@@ -771,8 +597,6 @@ export const sseHandlers: Record<string, SSEHandler> = {
           ...existing,
           name: toolName,
           state: initialState,
-          ui: uiMetadata || existing.ui,
-          execution: executionMetadata || existing.execution,
           ...(args ? { params: args } : {}),
           display: resolveToolDisplay(toolName, initialState, id, args || existing.params),
         }
@@ -780,8 +604,6 @@ export const sseHandlers: Record<string, SSEHandler> = {
           id,
           name: toolName,
           state: initialState,
-          ui: uiMetadata,
-          execution: executionMetadata,
           ...(args ? { params: args } : {}),
           display: resolveToolDisplay(toolName, initialState, id, args),
         }
@@ -796,12 +618,20 @@ export const sseHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    const shouldInterrupt = next.ui?.showInterrupt === true
+    // Auto-allowed tools: send confirmation to the server so it can proceed
+    // without waiting for the user to click "Allow".
+    if (isAutoAllowed) {
+      sendAutoAcceptConfirmation(id)
+    }
 
-    // Client-run capability: execution is delegated to the browser.
+    // Client-executable run tools: execute on the client for real-time feedback
-    // We run immediately only when no interrupt is required.
+    // (block pulsing, console logs, stop button). The server defers execution
-    if (isClientRunCapability(next) && !shouldInterrupt) {
+    // for these tools in interactive mode; the client reports back via mark-complete.
-      executeRunToolOnClient(id, toolName, args || next.params || {})
+    if (
+      CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName) &&
+      initialState === ClientToolCallState.executing
+    ) {
+      executeRunToolOnClient(id, toolName, args || existing?.params || {})
     }
 
     // OAuth: dispatch event to open the OAuth connect modal

apps/sim/lib/copilot/client-sse/subagent-handlers.ts

@@ -9,10 +9,9 @@ import type { SSEEvent } from '@/lib/copilot/orchestrator/types'
 import { resolveToolDisplay } from '@/lib/copilot/store-utils'
 import { ClientToolCallState } from '@/lib/copilot/tools/client/tool-display-registry'
 import type { CopilotStore, CopilotToolCall } from '@/stores/panel/copilot/types'
-import { useWorkflowDiffStore } from '@/stores/workflow-diff/store'
-import type { WorkflowState } from '@/stores/workflows/workflow/types'
 import {
   type SSEHandler,
+  sendAutoAcceptConfirmation,
   sseHandlers,
   updateStreamingMessage,
 } from './handlers'
@@ -25,113 +24,6 @@ type StoreSet = (
   partial: Partial<CopilotStore> | ((state: CopilotStore) => Partial<CopilotStore>)
 ) => void
 
-function mapServerStateToClientState(state: unknown): ClientToolCallState {
-  switch (String(state || '')) {
-    case 'generating':
-      return ClientToolCallState.generating
-    case 'pending':
-    case 'awaiting_approval':
-      return ClientToolCallState.pending
-    case 'executing':
-      return ClientToolCallState.executing
-    case 'success':
-      return ClientToolCallState.success
-    case 'rejected':
-    case 'skipped':
-      return ClientToolCallState.rejected
-    case 'aborted':
-      return ClientToolCallState.aborted
-    case 'error':
-    case 'failed':
-      return ClientToolCallState.error
-    default:
-      return ClientToolCallState.pending
-  }
-}
-
-function extractToolUiMetadata(data: Record<string, unknown>): CopilotToolCall['ui'] | undefined {
-  const ui = asRecord(data.ui)
-  if (!ui || Object.keys(ui).length === 0) return undefined
-  const autoAllowedFromUi = ui.autoAllowed === true
-  const autoAllowedFromData = data.autoAllowed === true
-  return {
-    title: typeof ui.title === 'string' ? ui.title : undefined,
-    phaseLabel: typeof ui.phaseLabel === 'string' ? ui.phaseLabel : undefined,
-    icon: typeof ui.icon === 'string' ? ui.icon : undefined,
-    showInterrupt: ui.showInterrupt === true,
-    showRemember: ui.showRemember === true,
-    autoAllowed: autoAllowedFromUi || autoAllowedFromData,
-    actions: Array.isArray(ui.actions)
-      ? ui.actions
-          .map((action) => {
-            const a = asRecord(action)
-            const id = typeof a.id === 'string' ? a.id : undefined
-            const label = typeof a.label === 'string' ? a.label : undefined
-            const kind: 'accept' | 'reject' = a.kind === 'reject' ? 'reject' : 'accept'
-            if (!id || !label) return null
-            return {
-              id,
-              label,
-              kind,
-              remember: a.remember === true,
-            }
-          })
-          .filter((a): a is NonNullable<typeof a> => !!a)
-      : undefined,
-  }
-}
-
-function extractToolExecutionMetadata(
-  data: Record<string, unknown>
-): CopilotToolCall['execution'] | undefined {
-  const execution = asRecord(data.execution)
-  if (!execution || Object.keys(execution).length === 0) return undefined
-  return {
-    target: typeof execution.target === 'string' ? execution.target : undefined,
-    capabilityId: typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-  }
-}
-
-function isClientRunCapability(toolCall: CopilotToolCall): boolean {
-  if (toolCall.execution?.target === 'sim_client_capability') {
-    return toolCall.execution.capabilityId === 'workflow.run' || !toolCall.execution.capabilityId
-  }
-  return CLIENT_EXECUTABLE_RUN_TOOLS.has(toolCall.name)
-}
-
-function isWorkflowChangeApplyCall(toolCall: CopilotToolCall): boolean {
-  if (toolCall.name !== 'workflow_change') return false
-  const params = (toolCall.params || {}) as Record<string, unknown>
-  const mode = typeof params.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params.proposalId === 'string' && params.proposalId.length > 0
-}
-
-function extractWorkflowStateFromResultPayload(
-  resultPayload: Record<string, unknown>
-): WorkflowState | null {
-  const directState = asRecord(resultPayload.workflowState)
-  if (directState) return directState as unknown as WorkflowState
-
-  const editResult = asRecord(resultPayload.editResult)
-  const nestedState = asRecord(editResult?.workflowState)
-  if (nestedState) return nestedState as unknown as WorkflowState
-
-  return null
-}
-
-function extractOperationListFromResultPayload(
-  resultPayload: Record<string, unknown>
-): Array<Record<string, unknown>> | undefined {
-  const operations = resultPayload.operations
-  if (Array.isArray(operations)) return operations as Array<Record<string, unknown>>
-
-  const compiled = resultPayload.compiledOperations
-  if (Array.isArray(compiled)) return compiled as Array<Record<string, unknown>>
-
-  return undefined
-}
-
 export function appendSubAgentContent(
   context: ClientStreamingContext,
   parentToolCallId: string,
@@ -272,8 +164,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     const name: string | undefined = (toolData.name as string | undefined) || data?.toolName
     if (!id || !name) return
     const isPartial = toolData.partial === true
-    const uiMetadata = extractToolUiMetadata(toolData)
-    const executionMetadata = extractToolExecutionMetadata(toolData)
 
     let args: Record<string, unknown> | undefined = (toolData.arguments || toolData.input) as
       | Record<string, unknown>
@@ -309,10 +199,9 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     const existingToolCall =
       existingIndex >= 0 ? context.subAgentToolCalls[parentToolCallId][existingIndex] : undefined
 
-    const serverState = toolData.state
+    // Auto-allowed tools skip pending state to avoid flashing interrupt buttons
-    let initialState = serverState
+    const isAutoAllowed = get().isToolAutoAllowed(name)
-      ? mapServerStateToClientState(serverState)
+    let initialState = isAutoAllowed ? ClientToolCallState.executing : ClientToolCallState.pending
-      : ClientToolCallState.pending
 
     // Avoid flickering back to pending on partial/duplicate events once a tool is executing.
     if (
@@ -326,8 +215,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
       id,
       name,
       state: initialState,
-      ui: uiMetadata,
-      execution: executionMetadata,
       ...(args ? { params: args } : {}),
       display: resolveToolDisplay(name, initialState, id, args),
     }
@@ -354,11 +241,16 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    const shouldInterrupt = subAgentToolCall.ui?.showInterrupt === true
+    // Auto-allowed tools: send confirmation to the server so it can proceed
+    // without waiting for the user to click "Allow".
+    if (isAutoAllowed) {
+      sendAutoAcceptConfirmation(id)
+    }
 
-    // Client-run capability: execution is delegated to the browser.
+    // Client-executable run tools: if auto-allowed, execute immediately for
-    // Execute immediately only for non-interrupting calls.
+    // real-time feedback. For non-auto-allowed, the user must click "Allow"
-    if (isClientRunCapability(subAgentToolCall) && !shouldInterrupt) {
+    // first — handleRun in tool-call.tsx triggers executeRunToolOnClient.
+    if (CLIENT_EXECUTABLE_RUN_TOOLS.has(name) && isAutoAllowed) {
       executeRunToolOnClient(id, name, args || {})
     }
   },
@@ -383,45 +275,17 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
     if (!context.subAgentToolCalls[parentToolCallId]) return
     if (!context.subAgentBlocks[parentToolCallId]) return
 
-    const serverState = resultData.state
+    const targetState = success ? ClientToolCallState.success : ClientToolCallState.error
-    const targetState = serverState
-      ? mapServerStateToClientState(serverState)
-      : success
-        ? ClientToolCallState.success
-        : ClientToolCallState.error
-    const uiMetadata = extractToolUiMetadata(resultData)
-    const executionMetadata = extractToolExecutionMetadata(resultData)
     const existingIndex = context.subAgentToolCalls[parentToolCallId].findIndex(
       (tc: CopilotToolCall) => tc.id === toolCallId
     )
 
     if (existingIndex >= 0) {
       const existing = context.subAgentToolCalls[parentToolCallId][existingIndex]
-      let nextParams = existing.params
-      const resultPayload = asRecord(
-        data?.result || resultData.result || resultData.data || data?.data
-      )
-      if (
-        targetState === ClientToolCallState.success &&
-        isWorkflowChangeApplyCall(existing) &&
-        resultPayload
-      ) {
-        const operations = extractOperationListFromResultPayload(resultPayload)
-        if (operations && operations.length > 0) {
-          nextParams = {
-            ...(existing.params || {}),
-            operations,
-          }
-        }
-      }
-
       const updatedSubAgentToolCall = {
         ...existing,
-        params: nextParams,
-        ui: uiMetadata || existing.ui,
-        execution: executionMetadata || existing.execution,
         state: targetState,
-        display: resolveToolDisplay(existing.name, targetState, toolCallId, nextParams),
+        display: resolveToolDisplay(existing.name, targetState, toolCallId, existing.params),
       }
       context.subAgentToolCalls[parentToolCallId][existingIndex] = updatedSubAgentToolCall
 
@@ -445,23 +309,6 @@ export const subAgentSSEHandlers: Record<string, SSEHandler> = {
           state: targetState,
         })
       }
-
-      if (
-        targetState === ClientToolCallState.success &&
-        resultPayload &&
-        isWorkflowChangeApplyCall(updatedSubAgentToolCall)
-      ) {
-        const workflowState = extractWorkflowStateFromResultPayload(resultPayload)
-        if (workflowState) {
-          const diffStore = useWorkflowDiffStore.getState()
-          diffStore.setProposedChanges(workflowState).catch((error) => {
-            logger.error('[SubAgent] Failed to apply workflow_change diff', {
-              error: error instanceof Error ? error.message : String(error),
-              toolCallId,
-            })
-          })
-        }
-      }
     }
 
     updateToolCallWithSubAgentData(context, get, set, parentToolCallId)

apps/sim/lib/copilot/constants.ts

@@ -101,6 +101,9 @@ export const COPILOT_CHECKPOINTS_API_PATH = '/api/copilot/checkpoints'
 /** POST — revert to a checkpoint. */
 export const COPILOT_CHECKPOINTS_REVERT_API_PATH = '/api/copilot/checkpoints/revert'
 
+/** GET/POST/DELETE — manage auto-allowed tools. */
+export const COPILOT_AUTO_ALLOWED_TOOLS_API_PATH = '/api/copilot/auto-allowed-tools'
+
 /** GET — fetch dynamically available copilot models. */
 export const COPILOT_MODELS_API_PATH = '/api/copilot/models'
 

apps/sim/lib/copilot/orchestrator/config.ts

@@ -0,0 +1,67 @@
+export const INTERRUPT_TOOL_NAMES = [
+  'set_global_workflow_variables',
+  'run_workflow',
+  'run_workflow_until_block',
+  'run_from_block',
+  'run_block',
+  'manage_mcp_tool',
+  'manage_custom_tool',
+  'deploy_mcp',
+  'deploy_chat',
+  'deploy_api',
+  'create_workspace_mcp_server',
+  'set_environment_variables',
+  'make_api_request',
+  'oauth_request_access',
+  'navigate_ui',
+  'knowledge_base',
+  'generate_api_key',
+] as const
+
+export const INTERRUPT_TOOL_SET = new Set<string>(INTERRUPT_TOOL_NAMES)
+
+export const SUBAGENT_TOOL_NAMES = [
+  'debug',
+  'edit',
+  'build',
+  'plan',
+  'test',
+  'deploy',
+  'auth',
+  'research',
+  'knowledge',
+  'custom_tool',
+  'tour',
+  'info',
+  'workflow',
+  'evaluate',
+  'superagent',
+  'discovery',
+] as const
+
+export const SUBAGENT_TOOL_SET = new Set<string>(SUBAGENT_TOOL_NAMES)
+
+/**
+ * Respond tools are internal to the copilot's subagent system.
+ * They're used by subagents to signal completion and should NOT be executed by the sim side.
+ * The copilot backend handles these internally.
+ */
+export const RESPOND_TOOL_NAMES = [
+  'plan_respond',
+  'edit_respond',
+  'build_respond',
+  'debug_respond',
+  'info_respond',
+  'research_respond',
+  'deploy_respond',
+  'superagent_respond',
+  'discovery_respond',
+  'tour_respond',
+  'auth_respond',
+  'workflow_respond',
+  'knowledge_respond',
+  'custom_tool_respond',
+  'test_respond',
+] as const
+
+export const RESPOND_TOOL_SET = new Set<string>(RESPOND_TOOL_NAMES)

apps/sim/lib/copilot/orchestrator/sse-handlers/handlers.ts

@@ -1,12 +1,17 @@
 import { createLogger } from '@sim/logger'
 import { STREAM_TIMEOUT_MS } from '@/lib/copilot/constants'
+import { RESPOND_TOOL_SET, SUBAGENT_TOOL_SET } from '@/lib/copilot/orchestrator/config'
 import {
   asRecord,
   getEventData,
   markToolResultSeen,
   wasToolResultSeen,
 } from '@/lib/copilot/orchestrator/sse-utils'
-import { markToolComplete } from '@/lib/copilot/orchestrator/tool-executor'
+import {
+  isIntegrationTool,
+  isToolAvailableOnSimSide,
+  markToolComplete,
+} from '@/lib/copilot/orchestrator/tool-executor'
 import type {
   ContentBlock,
   ExecutionContext,
@@ -17,6 +22,7 @@ import type {
 } from '@/lib/copilot/orchestrator/types'
 import {
   executeToolAndReport,
+  isInterruptToolName,
   waitForToolCompletion,
   waitForToolDecision,
 } from './tool-execution'
@@ -35,113 +41,6 @@ const CLIENT_EXECUTABLE_RUN_TOOLS = new Set([
   'run_block',
 ])
 
-function mapServerStateToToolStatus(state: unknown): ToolCallState['status'] {
-  switch (String(state || '')) {
-    case 'generating':
-    case 'pending':
-    case 'awaiting_approval':
-      return 'pending'
-    case 'executing':
-      return 'executing'
-    case 'success':
-      return 'success'
-    case 'rejected':
-    case 'skipped':
-      return 'rejected'
-    case 'aborted':
-      return 'skipped'
-    case 'error':
-    case 'failed':
-      return 'error'
-    default:
-      return 'pending'
-  }
-}
-
-function getExecutionTarget(
-  toolData: Record<string, unknown>,
-  toolName: string
-): { target: string; capabilityId?: string } {
-  const execution = asRecord(toolData.execution)
-  if (typeof execution.target === 'string' && execution.target.length > 0) {
-    return {
-      target: execution.target,
-      capabilityId:
-        typeof execution.capabilityId === 'string' ? execution.capabilityId : undefined,
-    }
-  }
-
-  // Fallback only when metadata is missing.
-  if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
-    return { target: 'sim_client_capability', capabilityId: 'workflow.run' }
-  }
-  return { target: 'sim_server' }
-}
-
-function needsApproval(toolData: Record<string, unknown>): boolean {
-  const ui = asRecord(toolData.ui)
-  return ui.showInterrupt === true
-}
-
-async function waitForClientCapabilityAndReport(
-  toolCall: ToolCallState,
-  options: OrchestratorOptions,
-  logScope: string
-): Promise<void> {
-  toolCall.status = 'executing'
-  const completion = await waitForToolCompletion(
-    toolCall.id,
-    options.timeout || STREAM_TIMEOUT_MS,
-    options.abortSignal
-  )
-
-  if (completion?.status === 'background') {
-    toolCall.status = 'skipped'
-    toolCall.endTime = Date.now()
-    markToolComplete(
-      toolCall.id,
-      toolCall.name,
-      202,
-      completion.message || 'Tool execution moved to background',
-      { background: true }
-    ).catch((err) => {
-      logger.error(`markToolComplete fire-and-forget failed (${logScope} background)`, {
-        toolCallId: toolCall.id,
-        error: err instanceof Error ? err.message : String(err),
-      })
-    })
-    markToolResultSeen(toolCall.id)
-    return
-  }
-
-  if (completion?.status === 'rejected') {
-    toolCall.status = 'rejected'
-    toolCall.endTime = Date.now()
-    markToolComplete(toolCall.id, toolCall.name, 400, completion.message || 'Tool execution rejected')
-      .catch((err) => {
-        logger.error(`markToolComplete fire-and-forget failed (${logScope} rejected)`, {
-          toolCallId: toolCall.id,
-          error: err instanceof Error ? err.message : String(err),
-        })
-      })
-    markToolResultSeen(toolCall.id)
-    return
-  }
-
-  const success = completion?.status === 'success'
-  toolCall.status = success ? 'success' : 'error'
-  toolCall.endTime = Date.now()
-  const msg = completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
-  markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
-    logger.error(`markToolComplete fire-and-forget failed (${logScope})`, {
-      toolCallId: toolCall.id,
-      toolName: toolCall.name,
-      error: err instanceof Error ? err.message : String(err),
-    })
-  })
-  markToolResultSeen(toolCall.id)
-}
-
 // Normalization + dedupe helpers live in sse-utils to keep server/client in sync.
 
 function inferToolSuccess(data: Record<string, unknown> | undefined): {
@@ -186,11 +85,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
 
     const { success, hasResultData, hasError } = inferToolSuccess(data)
 
-    current.status = data?.state
+    current.status = success ? 'success' : 'error'
-      ? mapServerStateToToolStatus(data.state)
-      : success
-        ? 'success'
-        : 'error'
     current.endTime = Date.now()
     if (hasResultData) {
       current.result = {
@@ -209,7 +104,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
     if (!toolCallId) return
     const current = context.toolCalls.get(toolCallId)
     if (!current) return
-    current.status = data?.state ? mapServerStateToToolStatus(data.state) : 'error'
+    current.status = 'error'
     current.error = (data?.error as string | undefined) || 'Tool execution failed'
     current.endTime = Date.now()
   },
@@ -226,7 +121,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       context.toolCalls.set(toolCallId, {
         id: toolCallId,
         name: toolName,
-        status: data?.state ? mapServerStateToToolStatus(data.state) : 'pending',
+        status: 'pending',
         startTime: Date.now(),
       })
     }
@@ -261,7 +156,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       context.toolCalls.set(toolCallId, {
         id: toolCallId,
         name: toolName,
-        status: toolData.state ? mapServerStateToToolStatus(toolData.state) : 'pending',
+        status: 'pending',
         params: args,
         startTime: Date.now(),
       })
@@ -275,29 +170,83 @@ export const sseHandlers: Record<string, SSEHandler> = {
     const toolCall = context.toolCalls.get(toolCallId)
     if (!toolCall) return
 
-    const execution = getExecutionTarget(toolData, toolName)
+    // Subagent tools are executed by the copilot backend, not sim side.
-    const isInteractive = options.interactive === true
+    if (SUBAGENT_TOOL_SET.has(toolName)) {
-    const requiresApproval = isInteractive && needsApproval(toolData)
+      return
-    if (toolData.state) {
-      toolCall.status = mapServerStateToToolStatus(toolData.state)
     }
 
-    if (requiresApproval) {
+    // Respond tools are internal to copilot's subagent system - skip execution.
+    // The copilot backend handles these internally to signal subagent completion.
+    if (RESPOND_TOOL_SET.has(toolName)) {
+      toolCall.status = 'success'
+      toolCall.endTime = Date.now()
+      toolCall.result = {
+        success: true,
+        output: 'Internal respond tool - handled by copilot backend',
+      }
+      return
+    }
+
+    const isInterruptTool = isInterruptToolName(toolName)
+    const isInteractive = options.interactive === true
+    // Integration tools (user-installed) also require approval in interactive mode
+    const needsApproval = isInterruptTool || isIntegrationTool(toolName)
+
+    if (needsApproval && isInteractive) {
       const decision = await waitForToolDecision(
         toolCallId,
         options.timeout || STREAM_TIMEOUT_MS,
         options.abortSignal
       )
       if (decision?.status === 'accepted' || decision?.status === 'success') {
-        if (execution.target === 'sim_client_capability' && isInteractive) {
+        // Client-executable run tools: defer execution to the browser client.
-          await waitForClientCapabilityAndReport(toolCall, options, 'run tool')
+        // The client calls executeWorkflowWithFullLogging for real-time feedback
+        // (block pulsing, logs, stop button) and reports completion via
+        // /api/copilot/confirm with status success/error. We poll Redis for
+        // that completion signal, then fire-and-forget markToolComplete to Go.
+        if (CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
+          toolCall.status = 'executing'
+          const completion = await waitForToolCompletion(
+            toolCallId,
+            options.timeout || STREAM_TIMEOUT_MS,
+            options.abortSignal
+          )
+          if (completion?.status === 'background') {
+            toolCall.status = 'skipped'
+            toolCall.endTime = Date.now()
+            markToolComplete(
+              toolCall.id,
+              toolCall.name,
+              202,
+              completion.message || 'Tool execution moved to background',
+              { background: true }
+            ).catch((err) => {
+              logger.error('markToolComplete fire-and-forget failed (run tool background)', {
+                toolCallId: toolCall.id,
+                error: err instanceof Error ? err.message : String(err),
+              })
+            })
+            markToolResultSeen(toolCallId)
+            return
+          }
+          const success = completion?.status === 'success'
+          toolCall.status = success ? 'success' : 'error'
+          toolCall.endTime = Date.now()
+          const msg =
+            completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
+          // Fire-and-forget: tell Go backend the tool is done
+          // (must NOT await — see deadlock note in executeToolAndReport)
+          markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
+            logger.error('markToolComplete fire-and-forget failed (run tool)', {
+              toolCallId: toolCall.id,
+              toolName: toolCall.name,
+              error: err instanceof Error ? err.message : String(err),
+            })
+          })
+          markToolResultSeen(toolCallId)
           return
         }
-        if (execution.target === 'sim_server' || execution.target === 'sim_client_capability') {
+        await executeToolAndReport(toolCallId, context, execContext, options)
-          if (options.autoExecuteTools !== false) {
-            await executeToolAndReport(toolCallId, context, execContext, options)
-          }
-        }
         return
       }
 
@@ -359,15 +308,7 @@ export const sseHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    if (execution.target === 'sim_client_capability' && isInteractive) {
+    if (options.autoExecuteTools !== false) {
-      await waitForClientCapabilityAndReport(toolCall, options, 'run tool')
-      return
-    }
-
-    if (
-      (execution.target === 'sim_server' || execution.target === 'sim_client_capability') &&
-      options.autoExecuteTools !== false
-    ) {
       await executeToolAndReport(toolCallId, context, execContext, options)
     }
   },
@@ -469,7 +410,7 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
     const toolCall: ToolCallState = {
       id: toolCallId,
       name: toolName,
-      status: toolData.state ? mapServerStateToToolStatus(toolData.state) : 'pending',
+      status: 'pending',
       params: args,
       startTime: Date.now(),
     }
@@ -487,26 +428,37 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
 
     if (isPartial) return
 
-    const execution = getExecutionTarget(toolData, toolName)
+    // Respond tools are internal to copilot's subagent system - skip execution.
-    const isInteractive = options.interactive === true
+    if (RESPOND_TOOL_SET.has(toolName)) {
-    const requiresApproval = isInteractive && needsApproval(toolData)
+      toolCall.status = 'success'
+      toolCall.endTime = Date.now()
+      toolCall.result = {
+        success: true,
+        output: 'Internal respond tool - handled by copilot backend',
+      }
+      return
+    }
 
-    if (requiresApproval) {
+    // Tools that only exist on the Go backend (e.g. search_patterns,
+    // search_errors, remember_debug) should NOT be re-executed on the Sim side.
+    // The Go backend already executed them and will send its own tool_result
+    // SSE event with the real outcome.  Trying to execute them here would fail
+    // with "Tool not found" and incorrectly mark the tool as failed.
+    if (!isToolAvailableOnSimSide(toolName)) {
+      return
+    }
+
+    // Interrupt tools and integration tools (user-installed) require approval
+    // in interactive mode, same as top-level handler.
+    const needsSubagentApproval = isInterruptToolName(toolName) || isIntegrationTool(toolName)
+    if (options.interactive === true && needsSubagentApproval) {
       const decision = await waitForToolDecision(
         toolCallId,
         options.timeout || STREAM_TIMEOUT_MS,
         options.abortSignal
       )
       if (decision?.status === 'accepted' || decision?.status === 'success') {
-        if (execution.target === 'sim_client_capability' && isInteractive) {
+        await executeToolAndReport(toolCallId, context, execContext, options)
-          await waitForClientCapabilityAndReport(toolCall, options, 'subagent run tool')
-          return
-        }
-        if (execution.target === 'sim_server' || execution.target === 'sim_client_capability') {
-          if (options.autoExecuteTools !== false) {
-            await executeToolAndReport(toolCallId, context, execContext, options)
-          }
-        }
         return
       }
       if (decision?.status === 'rejected' || decision?.status === 'error') {
@@ -565,15 +517,66 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
       return
     }
 
-    if (execution.target === 'sim_client_capability' && isInteractive) {
+    // Client-executable run tools in interactive mode: defer to client.
-      await waitForClientCapabilityAndReport(toolCall, options, 'subagent run tool')
+    // Same pattern as main handler: wait for client completion, then tell Go.
+    if (options.interactive === true && CLIENT_EXECUTABLE_RUN_TOOLS.has(toolName)) {
+      toolCall.status = 'executing'
+      const completion = await waitForToolCompletion(
+        toolCallId,
+        options.timeout || STREAM_TIMEOUT_MS,
+        options.abortSignal
+      )
+      if (completion?.status === 'rejected') {
+        toolCall.status = 'rejected'
+        toolCall.endTime = Date.now()
+        markToolComplete(
+          toolCall.id,
+          toolCall.name,
+          400,
+          completion.message || 'Tool execution rejected'
+        ).catch((err) => {
+          logger.error('markToolComplete fire-and-forget failed (subagent run tool rejected)', {
+            toolCallId: toolCall.id,
+            error: err instanceof Error ? err.message : String(err),
+          })
+        })
+        markToolResultSeen(toolCallId)
+        return
+      }
+      if (completion?.status === 'background') {
+        toolCall.status = 'skipped'
+        toolCall.endTime = Date.now()
+        markToolComplete(
+          toolCall.id,
+          toolCall.name,
+          202,
+          completion.message || 'Tool execution moved to background',
+          { background: true }
+        ).catch((err) => {
+          logger.error('markToolComplete fire-and-forget failed (subagent run tool background)', {
+            toolCallId: toolCall.id,
+            error: err instanceof Error ? err.message : String(err),
+          })
+        })
+        markToolResultSeen(toolCallId)
+        return
+      }
+      const success = completion?.status === 'success'
+      toolCall.status = success ? 'success' : 'error'
+      toolCall.endTime = Date.now()
+      const msg = completion?.message || (success ? 'Tool completed' : 'Tool failed or timed out')
+      markToolComplete(toolCall.id, toolCall.name, success ? 200 : 500, msg).catch((err) => {
+        logger.error('markToolComplete fire-and-forget failed (subagent run tool)', {
+          toolCallId: toolCall.id,
+          toolName: toolCall.name,
+          error: err instanceof Error ? err.message : String(err),
+        })
+      })
+      markToolResultSeen(toolCallId)
       return
     }
 
-    if (
+    if (options.autoExecuteTools !== false) {
-      (execution.target === 'sim_server' || execution.target === 'sim_client_capability') &&
-      options.autoExecuteTools !== false
-    ) {
       await executeToolAndReport(toolCallId, context, execContext, options)
     }
   },
@@ -593,7 +596,7 @@ export const subAgentHandlers: Record<string, SSEHandler> = {
 
     const { success, hasResultData, hasError } = inferToolSuccess(data)
 
-    const status = data?.state ? mapServerStateToToolStatus(data.state) : success ? 'success' : 'error'
+    const status = success ? 'success' : 'error'
     const endTime = Date.now()
     const result = hasResultData ? { success, output: data?.result || data?.data } : undefined
 

apps/sim/lib/copilot/orchestrator/sse-handlers/tool-execution.ts

@@ -4,6 +4,7 @@ import {
   TOOL_DECISION_MAX_POLL_MS,
   TOOL_DECISION_POLL_BACKOFF,
 } from '@/lib/copilot/constants'
+import { INTERRUPT_TOOL_SET } from '@/lib/copilot/orchestrator/config'
 import { getToolConfirmation } from '@/lib/copilot/orchestrator/persistence'
 import {
   asRecord,
@@ -20,6 +21,10 @@ import type {
 
 const logger = createLogger('CopilotSseToolExecution')
 
+export function isInterruptToolName(toolName: string): boolean {
+  return INTERRUPT_TOOL_SET.has(toolName)
+}
+
 export async function executeToolAndReport(
   toolCallId: string,
   context: StreamingContext,
@@ -29,11 +34,9 @@ export async function executeToolAndReport(
   const toolCall = context.toolCalls.get(toolCallId)
   if (!toolCall) return
 
-  const lockable = toolCall as typeof toolCall & { __simExecuting?: boolean }
+  if (toolCall.status === 'executing') return
-  if (lockable.__simExecuting) return
   if (wasToolResultSeen(toolCall.id)) return
 
-  lockable.__simExecuting = true
   toolCall.status = 'executing'
   try {
     const result = await executeToolServerSide(toolCall, execContext)
@@ -119,8 +122,6 @@ export async function executeToolAndReport(
       },
     }
     await options?.onEvent?.(errorEvent)
-  } finally {
-    delete lockable.__simExecuting
   }
 }
 

apps/sim/lib/copilot/orchestrator/tool-executor/index.ts

@@ -325,10 +325,6 @@ const SERVER_TOOLS = new Set<string>([
   'get_block_config',
   'get_trigger_blocks',
   'edit_workflow',
-  'workflow_context_get',
-  'workflow_context_expand',
-  'workflow_change',
-  'workflow_verify',
   'get_workflow_console',
   'search_documentation',
   'search_online',

apps/sim/lib/copilot/tools/client/tool-display-registry.ts

@@ -609,83 +609,6 @@ const META_edit_workflow: ToolMetadata = {
   },
 }
 
-const META_workflow_change: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Planning workflow changes', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Applying workflow changes', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Updated your workflow', icon: Grid2x2Check },
-    [ClientToolCallState.error]: { text: 'Failed to update your workflow', icon: XCircle },
-    [ClientToolCallState.review]: { text: 'Review your workflow changes', icon: Grid2x2 },
-    [ClientToolCallState.rejected]: { text: 'Rejected workflow changes', icon: Grid2x2X },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow changes', icon: MinusCircle },
-    [ClientToolCallState.pending]: { text: 'Planning workflow changes', icon: Loader2 },
-  },
-  getDynamicText: (params, state) => {
-    const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-    if (mode === 'dry_run') {
-      switch (state) {
-        case ClientToolCallState.success:
-          return 'Planned workflow changes'
-        case ClientToolCallState.executing:
-        case ClientToolCallState.generating:
-        case ClientToolCallState.pending:
-          return 'Planning workflow changes'
-      }
-    }
-    if (mode === 'apply' || typeof params?.proposalId === 'string') {
-      switch (state) {
-        case ClientToolCallState.success:
-          return 'Applied workflow changes'
-        case ClientToolCallState.executing:
-        case ClientToolCallState.generating:
-        case ClientToolCallState.pending:
-          return 'Applying workflow changes'
-      }
-    }
-    return undefined
-  },
-  uiConfig: {
-    isSpecial: true,
-    customRenderer: 'edit_summary',
-  },
-}
-
-const META_workflow_context_get: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Gathering workflow context', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Gathered workflow context', icon: FileText },
-    [ClientToolCallState.error]: { text: 'Failed to gather workflow context', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped workflow context', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow context', icon: MinusCircle },
-  },
-}
-
-const META_workflow_context_expand: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Expanding workflow schemas', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Expanded workflow schemas', icon: FileText },
-    [ClientToolCallState.error]: { text: 'Failed to expand workflow schemas', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped schema expansion', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted schema expansion', icon: MinusCircle },
-  },
-}
-
-const META_workflow_verify: ToolMetadata = {
-  displayNames: {
-    [ClientToolCallState.generating]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.pending]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.executing]: { text: 'Verifying workflow', icon: Loader2 },
-    [ClientToolCallState.success]: { text: 'Verified workflow', icon: CheckCircle2 },
-    [ClientToolCallState.error]: { text: 'Workflow verification failed', icon: XCircle },
-    [ClientToolCallState.rejected]: { text: 'Skipped workflow verification', icon: MinusCircle },
-    [ClientToolCallState.aborted]: { text: 'Aborted workflow verification', icon: MinusCircle },
-  },
-}
-
 const META_evaluate: ToolMetadata = {
   displayNames: {
     [ClientToolCallState.generating]: { text: 'Evaluating', icon: Loader2 },
@@ -2619,10 +2542,6 @@ const TOOL_METADATA_BY_ID: Record<string, ToolMetadata> = {
   deploy_mcp: META_deploy_mcp,
   edit: META_edit,
   edit_workflow: META_edit_workflow,
-  workflow_context_get: META_workflow_context_get,
-  workflow_context_expand: META_workflow_context_expand,
-  workflow_change: META_workflow_change,
-  workflow_verify: META_workflow_verify,
   evaluate: META_evaluate,
   get_block_config: META_get_block_config,
   get_block_options: META_get_block_options,

apps/sim/lib/copilot/tools/server/router.ts

@@ -13,12 +13,6 @@ import { getCredentialsServerTool } from '@/lib/copilot/tools/server/user/get-cr
 import { setEnvironmentVariablesServerTool } from '@/lib/copilot/tools/server/user/set-environment-variables'
 import { editWorkflowServerTool } from '@/lib/copilot/tools/server/workflow/edit-workflow'
 import { getWorkflowConsoleServerTool } from '@/lib/copilot/tools/server/workflow/get-workflow-console'
-import { workflowChangeServerTool } from '@/lib/copilot/tools/server/workflow/workflow-change'
-import {
-  workflowContextExpandServerTool,
-  workflowContextGetServerTool,
-} from '@/lib/copilot/tools/server/workflow/workflow-context'
-import { workflowVerifyServerTool } from '@/lib/copilot/tools/server/workflow/workflow-verify'
 import { ExecuteResponseSuccessSchema } from '@/lib/copilot/tools/shared/schemas'
 
 export { ExecuteResponseSuccessSchema }
@@ -41,10 +35,6 @@ const serverToolRegistry: Record<string, BaseServerTool> = {
   [getCredentialsServerTool.name]: getCredentialsServerTool,
   [makeApiRequestServerTool.name]: makeApiRequestServerTool,
   [knowledgeBaseServerTool.name]: knowledgeBaseServerTool,
-  [workflowContextGetServerTool.name]: workflowContextGetServerTool,
-  [workflowContextExpandServerTool.name]: workflowContextExpandServerTool,
-  [workflowChangeServerTool.name]: workflowChangeServerTool,
-  [workflowVerifyServerTool.name]: workflowVerifyServerTool,
 }
 
 /**

apps/sim/lib/copilot/tools/server/workflow/change-store.ts

@@ -1,93 +0,0 @@
-import crypto from 'crypto'
-
-type StoreEntry<T> = {
-  value: T
-  expiresAt: number
-}
-
-const DEFAULT_TTL_MS = 30 * 60 * 1000
-const MAX_ENTRIES = 500
-
-class TTLStore<T> {
-  private readonly data = new Map<string, StoreEntry<T>>()
-
-  constructor(private readonly ttlMs = DEFAULT_TTL_MS) {}
-
-  set(value: T): string {
-    this.gc()
-    if (this.data.size >= MAX_ENTRIES) {
-      const firstKey = this.data.keys().next().value as string | undefined
-      if (firstKey) {
-        this.data.delete(firstKey)
-      }
-    }
-    const id = crypto.randomUUID()
-    this.data.set(id, {
-      value,
-      expiresAt: Date.now() + this.ttlMs,
-    })
-    return id
-  }
-
-  get(id: string): T | null {
-    const entry = this.data.get(id)
-    if (!entry) return null
-    if (entry.expiresAt <= Date.now()) {
-      this.data.delete(id)
-      return null
-    }
-    return entry.value
-  }
-
-  private gc(): void {
-    const now = Date.now()
-    for (const [key, entry] of this.data.entries()) {
-      if (entry.expiresAt <= now) {
-        this.data.delete(key)
-      }
-    }
-  }
-}
-
-export type WorkflowContextPack = {
-  workflowId: string
-  snapshotHash: string
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  schemasByType: Record<string, any>
-  schemaRefsByType: Record<string, string>
-  summary: Record<string, any>
-}
-
-export type WorkflowChangeProposal = {
-  workflowId: string
-  baseSnapshotHash: string
-  compiledOperations: Array<Record<string, any>>
-  diffSummary: Record<string, any>
-  warnings: string[]
-  diagnostics: string[]
-  touchedBlocks: string[]
-}
-
-const contextPackStore = new TTLStore<WorkflowContextPack>()
-const proposalStore = new TTLStore<WorkflowChangeProposal>()
-
-export function saveContextPack(pack: WorkflowContextPack): string {
-  return contextPackStore.set(pack)
-}
-
-export function getContextPack(id: string): WorkflowContextPack | null {
-  return contextPackStore.get(id)
-}
-
-export function saveProposal(proposal: WorkflowChangeProposal): string {
-  return proposalStore.set(proposal)
-}
-
-export function getProposal(id: string): WorkflowChangeProposal | null {
-  return proposalStore.get(id)
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-change.ts

@@ -1,987 +0,0 @@
-import crypto from 'crypto'
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { getCredentialsServerTool } from '@/lib/copilot/tools/server/user/get-credentials'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { getBlock } from '@/blocks/registry'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
-import {
-  getContextPack,
-  getProposal,
-  saveProposal,
-  type WorkflowChangeProposal,
-} from './change-store'
-import { editWorkflowServerTool } from './edit-workflow'
-import { applyOperationsToWorkflowState } from './edit-workflow/engine'
-import { preValidateCredentialInputs } from './edit-workflow/validation'
-import { hashWorkflowState, loadWorkflowStateFromDb } from './workflow-state'
-
-const logger = createLogger('WorkflowChangeServerTool')
-
-const TargetSchema = z
-  .object({
-    blockId: z.string().optional(),
-    alias: z.string().optional(),
-    match: z
-      .object({
-        type: z.string().optional(),
-        name: z.string().optional(),
-      })
-      .optional(),
-  })
-  .strict()
-
-const CredentialSelectionSchema = z
-  .object({
-    strategy: z.enum(['first_connected', 'by_id', 'by_name']).optional(),
-    id: z.string().optional(),
-    name: z.string().optional(),
-  })
-  .strict()
-
-const ChangeOperationSchema = z
-  .object({
-    op: z.enum(['set', 'unset', 'merge', 'append', 'remove', 'attach_credential']),
-    path: z.string().optional(),
-    value: z.any().optional(),
-    provider: z.string().optional(),
-    selection: CredentialSelectionSchema.optional(),
-    required: z.boolean().optional(),
-  })
-  .strict()
-
-const MutationSchema = z
-  .object({
-    action: z.enum([
-      'ensure_block',
-      'patch_block',
-      'remove_block',
-      'connect',
-      'disconnect',
-      'ensure_variable',
-      'set_variable',
-    ]),
-    target: TargetSchema.optional(),
-    type: z.string().optional(),
-    name: z.string().optional(),
-    inputs: z.record(z.any()).optional(),
-    triggerMode: z.boolean().optional(),
-    advancedMode: z.boolean().optional(),
-    enabled: z.boolean().optional(),
-    changes: z.array(ChangeOperationSchema).optional(),
-    from: TargetSchema.optional(),
-    to: TargetSchema.optional(),
-    handle: z.string().optional(),
-    toHandle: z.string().optional(),
-    mode: z.enum(['set', 'append', 'remove']).optional(),
-  })
-  .strict()
-
-const LinkEndpointSchema = z
-  .object({
-    blockId: z.string().optional(),
-    alias: z.string().optional(),
-    match: z
-      .object({
-        type: z.string().optional(),
-        name: z.string().optional(),
-      })
-      .optional(),
-    handle: z.string().optional(),
-  })
-  .strict()
-
-const LinkSchema = z
-  .object({
-    from: LinkEndpointSchema,
-    to: LinkEndpointSchema,
-    mode: z.enum(['set', 'append', 'remove']).optional(),
-  })
-  .strict()
-
-const ChangeSpecSchema = z
-  .object({
-    objective: z.string().optional(),
-    constraints: z.record(z.any()).optional(),
-    resources: z.record(z.any()).optional(),
-    mutations: z.array(MutationSchema).optional(),
-    links: z.array(LinkSchema).optional(),
-    acceptance: z.array(z.any()).optional(),
-  })
-  .strict()
-
-const WorkflowChangeInputSchema = z
-  .object({
-    mode: z.enum(['dry_run', 'apply']),
-    workflowId: z.string().optional(),
-    contextPackId: z.string().optional(),
-    proposalId: z.string().optional(),
-    baseSnapshotHash: z.string().optional(),
-    expectedSnapshotHash: z.string().optional(),
-    changeSpec: ChangeSpecSchema.optional(),
-  })
-  .strict()
-
-type WorkflowChangeParams = z.input<typeof WorkflowChangeInputSchema>
-type ChangeSpec = z.input<typeof ChangeSpecSchema>
-type TargetRef = z.input<typeof TargetSchema>
-type ChangeOperation = z.input<typeof ChangeOperationSchema>
-
-type CredentialRecord = {
-  id: string
-  name: string
-  provider: string
-  isDefault?: boolean
-}
-
-type ConnectionTarget = {
-  block: string
-  handle?: string
-}
-
-type ConnectionState = Map<string, Map<string, ConnectionTarget[]>>
-
-function createDraftBlockId(seed?: string): string {
-  const suffix = crypto.randomUUID().slice(0, 8)
-  const base = seed ? seed.replace(/[^a-zA-Z0-9]/g, '').slice(0, 24) : 'draft'
-  return `${base || 'draft'}_${suffix}`
-}
-
-function normalizeHandle(handle?: string): string {
-  if (!handle) return 'source'
-  if (handle === 'success') return 'source'
-  return handle
-}
-
-function deepClone<T>(value: T): T {
-  return JSON.parse(JSON.stringify(value))
-}
-
-function stableUnique(values: string[]): string[] {
-  return [...new Set(values.filter(Boolean))]
-}
-
-function buildConnectionState(workflowState: {
-  edges: Array<Record<string, any>>
-}): ConnectionState {
-  const state: ConnectionState = new Map()
-  for (const edge of workflowState.edges || []) {
-    const source = String(edge.source || '')
-    const target = String(edge.target || '')
-    if (!source || !target) continue
-    const sourceHandle = normalizeHandle(String(edge.sourceHandle || 'source'))
-    const targetHandle = edge.targetHandle ? String(edge.targetHandle) : undefined
-
-    let handleMap = state.get(source)
-    if (!handleMap) {
-      handleMap = new Map()
-      state.set(source, handleMap)
-    }
-    const existing = handleMap.get(sourceHandle) || []
-    existing.push({ block: target, handle: targetHandle })
-    handleMap.set(sourceHandle, existing)
-  }
-  return state
-}
-
-function connectionStateToPayload(state: Map<string, ConnectionTarget[]>): Record<string, any> {
-  const payload: Record<string, any> = {}
-  for (const [handle, targets] of state.entries()) {
-    if (!targets || targets.length === 0) continue
-    const normalizedTargets = targets.map((target) => {
-      if (!target.handle || target.handle === 'target') {
-        return target.block
-      }
-      return { block: target.block, handle: target.handle }
-    })
-    payload[handle] = normalizedTargets.length === 1 ? normalizedTargets[0] : normalizedTargets
-  }
-  return payload
-}
-
-function findMatchingBlockId(
-  workflowState: { blocks: Record<string, any> },
-  target: TargetRef
-): string | null {
-  if (target.blockId && workflowState.blocks[target.blockId]) {
-    return target.blockId
-  }
-
-  if (target.match) {
-    const type = target.match.type
-    const name = target.match.name?.toLowerCase()
-    const matches = Object.entries(workflowState.blocks || {}).filter(([_, block]) => {
-      const blockType = String((block as Record<string, unknown>).type || '')
-      const blockName = String((block as Record<string, unknown>).name || '').toLowerCase()
-      const typeOk = type ? blockType === type : true
-      const nameOk = name ? blockName === name : true
-      return typeOk && nameOk
-    })
-    if (matches.length === 1) {
-      return matches[0][0]
-    }
-    if (matches.length > 1) {
-      throw new Error(
-        `ambiguous_target: target match resolved to ${matches.length} blocks (${matches.map(([id]) => id).join(', ')})`
-      )
-    }
-  }
-
-  return null
-}
-
-function getNestedValue(value: any, path: string[]): any {
-  let cursor = value
-  for (const segment of path) {
-    if (cursor == null || typeof cursor !== 'object') return undefined
-    cursor = cursor[segment]
-  }
-  return cursor
-}
-
-function setNestedValue(base: any, path: string[], nextValue: any): any {
-  if (path.length === 0) return nextValue
-  const out = Array.isArray(base) ? [...base] : { ...(base || {}) }
-  let cursor: any = out
-  for (let i = 0; i < path.length - 1; i++) {
-    const key = path[i]
-    const current = cursor[key]
-    cursor[key] =
-      current && typeof current === 'object'
-        ? Array.isArray(current)
-          ? [...current]
-          : { ...current }
-        : {}
-    cursor = cursor[key]
-  }
-  cursor[path[path.length - 1]] = nextValue
-  return out
-}
-
-function removeArrayItem(arr: unknown[], value: unknown): unknown[] {
-  return arr.filter((item) => JSON.stringify(item) !== JSON.stringify(value))
-}
-
-function selectCredentialId(
-  availableCredentials: CredentialRecord[],
-  provider: string,
-  selection: z.infer<typeof CredentialSelectionSchema> | undefined
-): string | null {
-  const providerLower = provider.toLowerCase()
-  const providerMatches = availableCredentials.filter((credential) => {
-    const credentialProvider = credential.provider.toLowerCase()
-    return (
-      credentialProvider === providerLower || credentialProvider.startsWith(`${providerLower}-`)
-    )
-  })
-
-  const pool = providerMatches.length > 0 ? providerMatches : availableCredentials
-  const strategy = selection?.strategy || 'first_connected'
-
-  if (strategy === 'by_id') {
-    const id = selection?.id
-    if (!id) return null
-    return pool.find((credential) => credential.id === id)?.id || null
-  }
-
-  if (strategy === 'by_name') {
-    const name = selection?.name?.toLowerCase()
-    if (!name) return null
-    const exact = pool.find((credential) => credential.name.toLowerCase() === name)
-    if (exact) return exact.id
-    const partial = pool.find((credential) => credential.name.toLowerCase().includes(name))
-    return partial?.id || null
-  }
-
-  const defaultCredential = pool.find((credential) => credential.isDefault)
-  if (defaultCredential) return defaultCredential.id
-  return pool[0]?.id || null
-}
-
-function selectCredentialFieldId(blockType: string, provider: string): string | null {
-  const blockConfig = getBlock(blockType)
-  if (!blockConfig) return null
-
-  const oauthFields = (blockConfig.subBlocks || []).filter(
-    (subBlock) => subBlock.type === 'oauth-input'
-  )
-  if (oauthFields.length === 0) return null
-
-  const providerKey = provider.replace(/[^a-zA-Z0-9]/g, '').toLowerCase()
-  const fieldMatch = oauthFields.find((subBlock) =>
-    subBlock.id
-      .replace(/[^a-zA-Z0-9]/g, '')
-      .toLowerCase()
-      .includes(providerKey)
-  )
-  if (fieldMatch) return fieldMatch.id
-  return oauthFields[0].id
-}
-
-function ensureConnectionTarget(
-  existing: ConnectionTarget[],
-  target: ConnectionTarget,
-  mode: 'set' | 'append' | 'remove'
-): ConnectionTarget[] {
-  if (mode === 'set') {
-    return [target]
-  }
-
-  if (mode === 'remove') {
-    return existing.filter(
-      (item) =>
-        !(item.block === target.block && (item.handle || 'target') === (target.handle || 'target'))
-    )
-  }
-
-  const duplicate = existing.some(
-    (item) =>
-      item.block === target.block && (item.handle || 'target') === (target.handle || 'target')
-  )
-  if (duplicate) return existing
-  return [...existing, target]
-}
-
-async function compileChangeSpec(params: {
-  changeSpec: ChangeSpec
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  userId: string
-  workflowId: string
-}): Promise<{
-  operations: Array<Record<string, any>>
-  warnings: string[]
-  diagnostics: string[]
-  touchedBlocks: string[]
-}> {
-  const { changeSpec, workflowState, userId, workflowId } = params
-  const operations: Array<Record<string, any>> = []
-  const diagnostics: string[] = []
-  const warnings: string[] = []
-  const touchedBlocks = new Set<string>()
-
-  const aliasMap = new Map<string, string>()
-  const workingState = deepClone(workflowState)
-  const connectionState = buildConnectionState(workingState)
-  const connectionTouchedSources = new Set<string>()
-  const plannedBlockTypes = new Map<string, string>()
-
-  // Seed aliases from existing block names.
-  for (const [blockId, block] of Object.entries(workingState.blocks || {})) {
-    const blockName = String((block as Record<string, unknown>).name || '')
-    if (!blockName) continue
-    const normalizedAlias = blockName.replace(/[^a-zA-Z0-9]/g, '')
-    if (normalizedAlias && !aliasMap.has(normalizedAlias)) {
-      aliasMap.set(normalizedAlias, blockId)
-    }
-  }
-
-  const credentialsResponse = await getCredentialsServerTool.execute({ workflowId }, { userId })
-  const availableCredentials: CredentialRecord[] =
-    credentialsResponse?.oauth?.connected?.credentials?.map((credential: any) => ({
-      id: String(credential.id || ''),
-      name: String(credential.name || ''),
-      provider: String(credential.provider || ''),
-      isDefault: Boolean(credential.isDefault),
-    })) || []
-
-  const resolveTarget = (
-    target: TargetRef | undefined,
-    allowCreateAlias = false
-  ): string | null => {
-    if (!target) return null
-    if (target.blockId) {
-      if (workingState.blocks[target.blockId] || plannedBlockTypes.has(target.blockId)) {
-        return target.blockId
-      }
-      return allowCreateAlias ? target.blockId : null
-    }
-
-    if (target.alias) {
-      if (aliasMap.has(target.alias)) return aliasMap.get(target.alias) || null
-      const byMatch = findMatchingBlockId(workingState, { alias: target.alias })
-      if (byMatch) {
-        aliasMap.set(target.alias, byMatch)
-        return byMatch
-      }
-      return allowCreateAlias ? target.alias : null
-    }
-
-    const matched = findMatchingBlockId(workingState, target)
-    if (matched) return matched
-    return null
-  }
-
-  const applyPatchChange = (
-    targetId: string,
-    blockType: string | null,
-    change: ChangeOperation,
-    paramsOut: Record<string, any>
-  ): void => {
-    if (change.op === 'attach_credential') {
-      const provider = change.provider
-      if (!provider) {
-        diagnostics.push(`attach_credential on ${targetId} is missing provider`)
-        return
-      }
-      if (!blockType) {
-        diagnostics.push(`attach_credential on ${targetId} failed: unknown block type`)
-        return
-      }
-      const credentialFieldId = selectCredentialFieldId(blockType, provider)
-      if (!credentialFieldId) {
-        const msg = `No oauth input field found for block type "${blockType}" on ${targetId}`
-        if (change.required) diagnostics.push(msg)
-        else warnings.push(msg)
-        return
-      }
-
-      const credentialId = selectCredentialId(availableCredentials, provider, change.selection)
-      if (!credentialId) {
-        const msg = `No credential found for provider "${provider}" on ${targetId}`
-        if (change.required) diagnostics.push(msg)
-        else warnings.push(msg)
-        return
-      }
-
-      paramsOut.inputs = paramsOut.inputs || {}
-      paramsOut.inputs[credentialFieldId] = credentialId
-      return
-    }
-
-    if (!change.path) {
-      diagnostics.push(`${change.op} on ${targetId} requires a path`)
-      return
-    }
-
-    const pathSegments = change.path.split('.').filter(Boolean)
-    if (pathSegments.length === 0) {
-      diagnostics.push(`${change.op} on ${targetId} has an invalid path "${change.path}"`)
-      return
-    }
-
-    if (pathSegments[0] === 'inputs') {
-      const inputKey = pathSegments[1]
-      if (!inputKey) {
-        diagnostics.push(`${change.op} on ${targetId} has invalid input path "${change.path}"`)
-        return
-      }
-
-      const currentInputValue =
-        paramsOut.inputs?.[inputKey] ??
-        workingState.blocks[targetId]?.subBlocks?.[inputKey]?.value ??
-        null
-
-      let nextInputValue = currentInputValue
-      const nestedPath = pathSegments.slice(2)
-
-      if (change.op === 'set') {
-        nextInputValue =
-          nestedPath.length > 0
-            ? setNestedValue(currentInputValue ?? {}, nestedPath, change.value)
-            : change.value
-      } else if (change.op === 'unset') {
-        nextInputValue =
-          nestedPath.length > 0 ? setNestedValue(currentInputValue ?? {}, nestedPath, null) : null
-      } else if (change.op === 'merge') {
-        if (nestedPath.length > 0) {
-          const baseObject = getNestedValue(currentInputValue ?? {}, nestedPath) || {}
-          if (
-            baseObject &&
-            typeof baseObject === 'object' &&
-            change.value &&
-            typeof change.value === 'object'
-          ) {
-            nextInputValue = setNestedValue(currentInputValue ?? {}, nestedPath, {
-              ...baseObject,
-              ...(change.value as Record<string, unknown>),
-            })
-          } else {
-            diagnostics.push(`merge on ${targetId} at "${change.path}" requires object values`)
-            return
-          }
-        } else if (
-          currentInputValue &&
-          typeof currentInputValue === 'object' &&
-          !Array.isArray(currentInputValue) &&
-          change.value &&
-          typeof change.value === 'object' &&
-          !Array.isArray(change.value)
-        ) {
-          nextInputValue = { ...currentInputValue, ...(change.value as Record<string, unknown>) }
-        } else if (currentInputValue == null && change.value && typeof change.value === 'object') {
-          nextInputValue = change.value
-        } else {
-          diagnostics.push(`merge on ${targetId} at "${change.path}" requires object values`)
-          return
-        }
-      } else if (change.op === 'append') {
-        const arr = Array.isArray(currentInputValue) ? [...currentInputValue] : []
-        arr.push(change.value)
-        nextInputValue = arr
-      } else if (change.op === 'remove') {
-        if (!Array.isArray(currentInputValue)) {
-          diagnostics.push(`remove on ${targetId} at "${change.path}" requires an array value`)
-          return
-        }
-        nextInputValue = removeArrayItem(currentInputValue, change.value)
-      }
-
-      paramsOut.inputs = paramsOut.inputs || {}
-      paramsOut.inputs[inputKey] = nextInputValue
-      return
-    }
-
-    if (pathSegments.length !== 1) {
-      diagnostics.push(
-        `Unsupported path "${change.path}" on ${targetId}. Use inputs.* or top-level field names.`
-      )
-      return
-    }
-    const topLevelField = pathSegments[0]
-    if (!['name', 'type', 'triggerMode', 'advancedMode', 'enabled'].includes(topLevelField)) {
-      diagnostics.push(`Unsupported top-level path "${change.path}" on ${targetId}`)
-      return
-    }
-    paramsOut[topLevelField] = change.op === 'unset' ? null : change.value
-  }
-
-  for (const mutation of changeSpec.mutations || []) {
-    if (mutation.action === 'ensure_block') {
-      const targetId = resolveTarget(mutation.target, true)
-      if (!targetId) {
-        diagnostics.push('ensure_block is missing a resolvable target')
-        continue
-      }
-
-      const existingBlock = workingState.blocks[targetId]
-      if (existingBlock) {
-        const editParams: Record<string, any> = {}
-        if (mutation.name) editParams.name = mutation.name
-        if (mutation.type) editParams.type = mutation.type
-        if (mutation.inputs) editParams.inputs = mutation.inputs
-        if (mutation.triggerMode !== undefined) editParams.triggerMode = mutation.triggerMode
-        if (mutation.advancedMode !== undefined) editParams.advancedMode = mutation.advancedMode
-        if (mutation.enabled !== undefined) editParams.enabled = mutation.enabled
-        operations.push({
-          operation_type: 'edit',
-          block_id: targetId,
-          params: editParams,
-        })
-        touchedBlocks.add(targetId)
-      } else {
-        if (!mutation.type || !mutation.name) {
-          diagnostics.push(`ensure_block for "${targetId}" requires type and name when creating`)
-          continue
-        }
-        const blockId =
-          mutation.target?.blockId || mutation.target?.alias || createDraftBlockId(mutation.name)
-        const addParams: Record<string, any> = {
-          type: mutation.type,
-          name: mutation.name,
-        }
-        if (mutation.inputs) addParams.inputs = mutation.inputs
-        if (mutation.triggerMode !== undefined) addParams.triggerMode = mutation.triggerMode
-        if (mutation.advancedMode !== undefined) addParams.advancedMode = mutation.advancedMode
-        if (mutation.enabled !== undefined) addParams.enabled = mutation.enabled
-        operations.push({
-          operation_type: 'add',
-          block_id: blockId,
-          params: addParams,
-        })
-        workingState.blocks[blockId] = {
-          id: blockId,
-          type: mutation.type,
-          name: mutation.name,
-          subBlocks: Object.fromEntries(
-            Object.entries(mutation.inputs || {}).map(([key, value]) => [
-              key,
-              { id: key, value, type: 'short-input' },
-            ])
-          ),
-          triggerMode: mutation.triggerMode || false,
-          advancedMode: mutation.advancedMode || false,
-          enabled: mutation.enabled !== undefined ? mutation.enabled : true,
-        }
-        plannedBlockTypes.set(blockId, mutation.type)
-        touchedBlocks.add(blockId)
-        if (mutation.target?.alias) aliasMap.set(mutation.target.alias, blockId)
-      }
-      continue
-    }
-
-    if (mutation.action === 'patch_block') {
-      const targetId = resolveTarget(mutation.target)
-      if (!targetId) {
-        diagnostics.push('patch_block target could not be resolved')
-        continue
-      }
-      const blockType =
-        String(workingState.blocks[targetId]?.type || '') || plannedBlockTypes.get(targetId) || null
-
-      const editParams: Record<string, any> = {}
-      for (const change of mutation.changes || []) {
-        applyPatchChange(targetId, blockType, change, editParams)
-      }
-      if (Object.keys(editParams).length === 0) {
-        warnings.push(`patch_block for ${targetId} had no effective changes`)
-        continue
-      }
-      operations.push({
-        operation_type: 'edit',
-        block_id: targetId,
-        params: editParams,
-      })
-      touchedBlocks.add(targetId)
-      continue
-    }
-
-    if (mutation.action === 'remove_block') {
-      const targetId = resolveTarget(mutation.target)
-      if (!targetId) {
-        diagnostics.push('remove_block target could not be resolved')
-        continue
-      }
-      operations.push({
-        operation_type: 'delete',
-        block_id: targetId,
-        params: {},
-      })
-      touchedBlocks.add(targetId)
-      connectionState.delete(targetId)
-      for (const [source, handles] of connectionState.entries()) {
-        for (const [handle, targets] of handles.entries()) {
-          const nextTargets = targets.filter((target) => target.block !== targetId)
-          handles.set(handle, nextTargets)
-        }
-        connectionTouchedSources.add(source)
-      }
-      continue
-    }
-
-    if (mutation.action === 'connect' || mutation.action === 'disconnect') {
-      const from = resolveTarget(mutation.from)
-      const to = resolveTarget(mutation.to)
-      if (!from || !to) {
-        diagnostics.push(`${mutation.action} requires resolvable from/to targets`)
-        continue
-      }
-      const sourceHandle = normalizeHandle(mutation.handle)
-      const targetHandle = mutation.toHandle || 'target'
-      let sourceMap = connectionState.get(from)
-      if (!sourceMap) {
-        sourceMap = new Map()
-        connectionState.set(from, sourceMap)
-      }
-      const existingTargets = sourceMap.get(sourceHandle) || []
-      const mode = mutation.action === 'disconnect' ? 'remove' : mutation.mode || 'set'
-      const nextTargets = ensureConnectionTarget(
-        existingTargets,
-        { block: to, handle: targetHandle },
-        mode
-      )
-      sourceMap.set(sourceHandle, nextTargets)
-      connectionTouchedSources.add(from)
-      touchedBlocks.add(from)
-    }
-  }
-
-  for (const link of changeSpec.links || []) {
-    const from = resolveTarget(
-      {
-        blockId: link.from.blockId,
-        alias: link.from.alias,
-        match: link.from.match,
-      },
-      true
-    )
-    const to = resolveTarget(
-      {
-        blockId: link.to.blockId,
-        alias: link.to.alias,
-        match: link.to.match,
-      },
-      true
-    )
-    if (!from || !to) {
-      diagnostics.push('link contains unresolved from/to target')
-      continue
-    }
-
-    const sourceHandle = normalizeHandle(link.from.handle)
-    const targetHandle = link.to.handle || 'target'
-    let sourceMap = connectionState.get(from)
-    if (!sourceMap) {
-      sourceMap = new Map()
-      connectionState.set(from, sourceMap)
-    }
-    const existingTargets = sourceMap.get(sourceHandle) || []
-    const nextTargets = ensureConnectionTarget(
-      existingTargets,
-      { block: to, handle: targetHandle },
-      link.mode || 'set'
-    )
-    sourceMap.set(sourceHandle, nextTargets)
-    connectionTouchedSources.add(from)
-    touchedBlocks.add(from)
-  }
-
-  for (const sourceBlockId of stableUnique([...connectionTouchedSources])) {
-    if (!connectionState.has(sourceBlockId)) continue
-    const sourceConnections = connectionState.get(sourceBlockId)!
-    operations.push({
-      operation_type: 'edit',
-      block_id: sourceBlockId,
-      params: {
-        connections: connectionStateToPayload(sourceConnections),
-      },
-    })
-  }
-
-  return {
-    operations,
-    warnings,
-    diagnostics,
-    touchedBlocks: [...touchedBlocks],
-  }
-}
-
-function summarizeDiff(
-  beforeState: { blocks: Record<string, any>; edges: Array<Record<string, any>> },
-  afterState: { blocks: Record<string, any>; edges: Array<Record<string, any>> },
-  operations: Array<Record<string, any>>
-): Record<string, any> {
-  const beforeBlocks = Object.keys(beforeState.blocks || {}).length
-  const afterBlocks = Object.keys(afterState.blocks || {}).length
-  const beforeEdges = (beforeState.edges || []).length
-  const afterEdges = (afterState.edges || []).length
-
-  const counts = operations.reduce<Record<string, number>>((acc, operation) => {
-    const opType = String(operation.operation_type || 'unknown')
-    acc[opType] = (acc[opType] || 0) + 1
-    return acc
-  }, {})
-
-  return {
-    operationCounts: counts,
-    blocks: {
-      before: beforeBlocks,
-      after: afterBlocks,
-      delta: afterBlocks - beforeBlocks,
-    },
-    edges: {
-      before: beforeEdges,
-      after: afterEdges,
-      delta: afterEdges - beforeEdges,
-    },
-  }
-}
-
-async function validateAndSimulateOperations(params: {
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  operations: Array<Record<string, any>>
-  userId: string
-}): Promise<{
-  operationsForApply: Array<Record<string, any>>
-  simulatedState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  warnings: string[]
-  diagnostics: string[]
-}> {
-  const diagnostics: string[] = []
-  const warnings: string[] = []
-
-  const permissionConfig = await getUserPermissionConfig(params.userId)
-  const { filteredOperations, errors: preValidationErrors } = await preValidateCredentialInputs(
-    params.operations as any,
-    { userId: params.userId },
-    params.workflowState
-  )
-  for (const error of preValidationErrors) {
-    warnings.push(error.error)
-  }
-
-  const { state, validationErrors, skippedItems } = applyOperationsToWorkflowState(
-    params.workflowState,
-    filteredOperations as any,
-    permissionConfig
-  )
-
-  for (const validationError of validationErrors) {
-    warnings.push(validationError.error)
-  }
-  for (const skippedItem of skippedItems) {
-    warnings.push(skippedItem.reason)
-  }
-
-  if (Object.keys(state.blocks || {}).length === 0) {
-    diagnostics.push('Simulation produced an empty workflow state')
-  }
-
-  return {
-    operationsForApply: filteredOperations as Array<Record<string, any>>,
-    simulatedState: state,
-    warnings,
-    diagnostics,
-  }
-}
-
-export const workflowChangeServerTool: BaseServerTool<WorkflowChangeParams, any> = {
-  name: 'workflow_change',
-  inputSchema: WorkflowChangeInputSchema,
-  async execute(params: WorkflowChangeParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    if (params.mode === 'dry_run') {
-      const workflowId = params.workflowId || getContextPack(params.contextPackId || '')?.workflowId
-      if (!workflowId) {
-        throw new Error('workflowId is required for dry_run')
-      }
-      if (!params.changeSpec) {
-        throw new Error('changeSpec is required for dry_run')
-      }
-
-      const authorization = await authorizeWorkflowByWorkspacePermission({
-        workflowId,
-        userId: context.userId,
-        action: 'write',
-      })
-      if (!authorization.allowed) {
-        throw new Error(authorization.message || 'Unauthorized workflow access')
-      }
-
-      const { workflowState } = await loadWorkflowStateFromDb(workflowId)
-      const currentHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-      const requestedHash = params.baseSnapshotHash
-      if (requestedHash && requestedHash !== currentHash) {
-        throw new Error(
-          `snapshot_mismatch: expected ${requestedHash} but current state is ${currentHash}`
-        )
-      }
-
-      const compileResult = await compileChangeSpec({
-        changeSpec: params.changeSpec,
-        workflowState,
-        userId: context.userId,
-        workflowId,
-      })
-
-      const simulation = await validateAndSimulateOperations({
-        workflowState,
-        operations: compileResult.operations,
-        userId: context.userId,
-      })
-
-      const diffSummary = summarizeDiff(
-        workflowState,
-        simulation.simulatedState,
-        simulation.operationsForApply
-      )
-      const diagnostics = [...compileResult.diagnostics, ...simulation.diagnostics]
-      const warnings = [...compileResult.warnings, ...simulation.warnings]
-
-      const proposal: WorkflowChangeProposal = {
-        workflowId,
-        baseSnapshotHash: currentHash,
-        compiledOperations: simulation.operationsForApply,
-        diffSummary,
-        warnings,
-        diagnostics,
-        touchedBlocks: compileResult.touchedBlocks,
-      }
-      const proposalId = saveProposal(proposal)
-
-      logger.info('Compiled workflow_change dry run', {
-        workflowId,
-        proposalId,
-        operationCount: proposal.compiledOperations.length,
-        warningCount: warnings.length,
-        diagnosticsCount: diagnostics.length,
-      })
-
-      return {
-        success: diagnostics.length === 0,
-        mode: 'dry_run',
-        workflowId,
-        proposalId,
-        baseSnapshotHash: currentHash,
-        compiledOperations: proposal.compiledOperations,
-        diffSummary,
-        warnings,
-        diagnostics,
-        touchedBlocks: proposal.touchedBlocks,
-      }
-    }
-
-    // apply mode
-    const proposalId = params.proposalId
-    if (!proposalId) {
-      throw new Error('proposalId is required for apply')
-    }
-
-    const proposal = getProposal(proposalId)
-    if (!proposal) {
-      throw new Error(`Proposal not found or expired: ${proposalId}`)
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: proposal.workflowId,
-      userId: context.userId,
-      action: 'write',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(proposal.workflowId)
-    const currentHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-    const expectedHash = params.expectedSnapshotHash || proposal.baseSnapshotHash
-    if (expectedHash && expectedHash !== currentHash) {
-      throw new Error(`snapshot_mismatch: expected ${expectedHash} but current is ${currentHash}`)
-    }
-
-    const applyResult = await editWorkflowServerTool.execute(
-      {
-        workflowId: proposal.workflowId,
-        operations: proposal.compiledOperations as any,
-      },
-      { userId: context.userId }
-    )
-
-    const appliedWorkflowState = (applyResult as any)?.workflowState
-    const newSnapshotHash = appliedWorkflowState
-      ? hashWorkflowState(appliedWorkflowState as Record<string, unknown>)
-      : null
-
-    return {
-      success: true,
-      mode: 'apply',
-      workflowId: proposal.workflowId,
-      proposalId,
-      baseSnapshotHash: proposal.baseSnapshotHash,
-      newSnapshotHash,
-      operations: proposal.compiledOperations,
-      workflowState: appliedWorkflowState || null,
-      appliedDiff: proposal.diffSummary,
-      warnings: proposal.warnings,
-      diagnostics: proposal.diagnostics,
-      editResult: applyResult,
-    }
-  },
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-context.ts

@@ -1,158 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { getContextPack, saveContextPack } from './change-store'
-import {
-  buildSchemasByType,
-  getAllKnownBlockTypes,
-  hashWorkflowState,
-  loadWorkflowStateFromDb,
-  summarizeWorkflowState,
-} from './workflow-state'
-
-const logger = createLogger('WorkflowContextServerTool')
-
-const WorkflowContextGetInputSchema = z.object({
-  workflowId: z.string(),
-  objective: z.string().optional(),
-  includeBlockTypes: z.array(z.string()).optional(),
-  includeAllSchemas: z.boolean().optional(),
-})
-
-type WorkflowContextGetParams = z.infer<typeof WorkflowContextGetInputSchema>
-
-const WorkflowContextExpandInputSchema = z.object({
-  contextPackId: z.string(),
-  blockTypes: z.array(z.string()).optional(),
-  schemaRefs: z.array(z.string()).optional(),
-})
-
-type WorkflowContextExpandParams = z.infer<typeof WorkflowContextExpandInputSchema>
-
-function parseSchemaRefToBlockType(schemaRef: string): string | null {
-  if (!schemaRef) return null
-  const [blockType] = schemaRef.split('@')
-  return blockType || null
-}
-
-function buildAvailableBlockCatalog(
-  schemaRefsByType: Record<string, string>
-): Array<Record<string, any>> {
-  return Object.entries(schemaRefsByType)
-    .sort((a, b) => a[0].localeCompare(b[0]))
-    .map(([blockType, schemaRef]) => ({
-      blockType,
-      schemaRef,
-    }))
-}
-
-export const workflowContextGetServerTool: BaseServerTool<WorkflowContextGetParams, any> = {
-  name: 'workflow_context_get',
-  inputSchema: WorkflowContextGetInputSchema,
-  async execute(params: WorkflowContextGetParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: params.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(params.workflowId)
-    const snapshotHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-
-    const blockTypesInWorkflow = Object.values(workflowState.blocks || {}).map((block: any) =>
-      String(block?.type || '')
-    )
-    const requestedTypes = params.includeBlockTypes || []
-    const includeAllSchemas = params.includeAllSchemas === true
-    const candidateTypes = includeAllSchemas
-      ? getAllKnownBlockTypes()
-      : [...blockTypesInWorkflow, ...requestedTypes]
-    const { schemasByType, schemaRefsByType } = buildSchemasByType(candidateTypes)
-
-    const summary = summarizeWorkflowState(workflowState)
-    const packId = saveContextPack({
-      workflowId: params.workflowId,
-      snapshotHash,
-      workflowState,
-      schemasByType,
-      schemaRefsByType,
-      summary: {
-        ...summary,
-        objective: params.objective || null,
-      },
-    })
-
-    logger.info('Generated workflow context pack', {
-      workflowId: params.workflowId,
-      contextPackId: packId,
-      schemaCount: Object.keys(schemaRefsByType).length,
-    })
-
-    return {
-      success: true,
-      contextPackId: packId,
-      workflowId: params.workflowId,
-      snapshotHash,
-      summary: {
-        ...summary,
-        objective: params.objective || null,
-      },
-      schemaRefsByType,
-      availableBlockCatalog: buildAvailableBlockCatalog(schemaRefsByType),
-      inScopeSchemas: schemasByType,
-    }
-  },
-}
-
-export const workflowContextExpandServerTool: BaseServerTool<WorkflowContextExpandParams, any> = {
-  name: 'workflow_context_expand',
-  inputSchema: WorkflowContextExpandInputSchema,
-  async execute(params: WorkflowContextExpandParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const contextPack = getContextPack(params.contextPackId)
-    if (!contextPack) {
-      throw new Error(`Context pack not found or expired: ${params.contextPackId}`)
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: contextPack.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const requestedBlockTypes = new Set<string>()
-    for (const blockType of params.blockTypes || []) {
-      if (blockType) requestedBlockTypes.add(blockType)
-    }
-    for (const schemaRef of params.schemaRefs || []) {
-      const blockType = parseSchemaRefToBlockType(schemaRef)
-      if (blockType) requestedBlockTypes.add(blockType)
-    }
-
-    const typesToExpand = [...requestedBlockTypes]
-    const { schemasByType, schemaRefsByType } = buildSchemasByType(typesToExpand)
-
-    return {
-      success: true,
-      contextPackId: params.contextPackId,
-      workflowId: contextPack.workflowId,
-      snapshotHash: contextPack.snapshotHash,
-      schemasByType,
-      schemaRefsByType,
-    }
-  },
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-state.ts

@@ -1,226 +0,0 @@
-import crypto from 'crypto'
-import { db } from '@sim/db'
-import { workflow as workflowTable } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
-import { getAllBlockTypes, getBlock } from '@/blocks/registry'
-import type { SubBlockConfig } from '@/blocks/types'
-
-const logger = createLogger('WorkflowContextState')
-
-function stableSortValue(value: any): any {
-  if (Array.isArray(value)) {
-    return value.map(stableSortValue)
-  }
-  if (value && typeof value === 'object') {
-    const sorted: Record<string, any> = {}
-    for (const key of Object.keys(value).sort()) {
-      sorted[key] = stableSortValue(value[key])
-    }
-    return sorted
-  }
-  return value
-}
-
-export function hashWorkflowState(state: Record<string, unknown>): string {
-  const stable = stableSortValue(state)
-  const payload = JSON.stringify(stable)
-  return `sha256:${crypto.createHash('sha256').update(payload).digest('hex')}`
-}
-
-function normalizeOptions(options: unknown): string[] | null {
-  if (!Array.isArray(options)) return null
-  const normalized = options
-    .map((option) => {
-      if (option == null) return null
-      if (typeof option === 'object') {
-        const optionRecord = option as Record<string, unknown>
-        const id = optionRecord.id
-        if (typeof id === 'string') return id
-        const label = optionRecord.label
-        if (typeof label === 'string') return label
-        return null
-      }
-      return String(option)
-    })
-    .filter((value): value is string => Boolean(value))
-  return normalized.length > 0 ? normalized : null
-}
-
-function serializeRequired(required: SubBlockConfig['required']): boolean | Record<string, any> {
-  if (typeof required === 'boolean') return required
-  if (!required) return false
-  if (typeof required === 'object') {
-    const out: Record<string, any> = {}
-    const record = required as Record<string, unknown>
-    for (const key of ['field', 'operator', 'value']) {
-      if (record[key] !== undefined) {
-        out[key] = record[key]
-      }
-    }
-    return out
-  }
-  return false
-}
-
-function serializeSubBlock(subBlock: SubBlockConfig): Record<string, unknown> {
-  const staticOptions =
-    typeof subBlock.options === 'function' ? null : normalizeOptions(subBlock.options)
-  return {
-    id: subBlock.id,
-    type: subBlock.type,
-    title: subBlock.title,
-    description: subBlock.description || null,
-    mode: subBlock.mode || null,
-    placeholder: subBlock.placeholder || null,
-    hidden: Boolean(subBlock.hidden),
-    multiSelect: Boolean(subBlock.multiSelect),
-    required: serializeRequired(subBlock.required),
-    hasDynamicOptions: typeof subBlock.options === 'function',
-    options: staticOptions,
-    defaultValue: subBlock.defaultValue ?? null,
-    min: subBlock.min ?? null,
-    max: subBlock.max ?? null,
-  }
-}
-
-function serializeBlockSchema(blockType: string): Record<string, unknown> | null {
-  const blockConfig = getBlock(blockType)
-  if (!blockConfig) return null
-
-  const subBlocks = Array.isArray(blockConfig.subBlocks)
-    ? blockConfig.subBlocks.map(serializeSubBlock)
-    : []
-  const outputs = blockConfig.outputs || {}
-  const outputKeys = Object.keys(outputs)
-
-  return {
-    blockType,
-    blockName: blockConfig.name || blockType,
-    category: blockConfig.category,
-    triggerAllowed: Boolean(blockConfig.triggerAllowed || blockConfig.triggers?.enabled),
-    hasTriggersConfig: Boolean(blockConfig.triggers?.enabled),
-    subBlocks,
-    outputKeys,
-    longDescription: blockConfig.longDescription || null,
-  }
-}
-
-export function buildSchemasByType(blockTypes: string[]): {
-  schemasByType: Record<string, any>
-  schemaRefsByType: Record<string, string>
-} {
-  const schemasByType: Record<string, any> = {}
-  const schemaRefsByType: Record<string, string> = {}
-
-  const uniqueTypes = [...new Set(blockTypes.filter(Boolean))]
-  for (const blockType of uniqueTypes) {
-    const schema = serializeBlockSchema(blockType)
-    if (!schema) continue
-    const stableSchema = stableSortValue(schema)
-    const schemaHash = crypto
-      .createHash('sha256')
-      .update(JSON.stringify(stableSchema))
-      .digest('hex')
-    schemasByType[blockType] = stableSchema
-    schemaRefsByType[blockType] = `${blockType}@sha256:${schemaHash}`
-  }
-
-  return { schemasByType, schemaRefsByType }
-}
-
-export async function loadWorkflowStateFromDb(workflowId: string): Promise<{
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-    loops: Record<string, any>
-    parallels: Record<string, any>
-  }
-  workspaceId?: string
-}> {
-  const [workflowRecord] = await db
-    .select({ workspaceId: workflowTable.workspaceId })
-    .from(workflowTable)
-    .where(eq(workflowTable.id, workflowId))
-    .limit(1)
-  if (!workflowRecord) {
-    throw new Error(`Workflow ${workflowId} not found`)
-  }
-
-  const normalized = await loadWorkflowFromNormalizedTables(workflowId)
-  if (!normalized) {
-    throw new Error(`Workflow ${workflowId} has no normalized data`)
-  }
-
-  const blocks = { ...normalized.blocks }
-  const invalidBlockIds: string[] = []
-  for (const [blockId, block] of Object.entries(blocks)) {
-    if (!(block as { type?: unknown })?.type) {
-      invalidBlockIds.push(blockId)
-    }
-  }
-
-  for (const blockId of invalidBlockIds) {
-    delete blocks[blockId]
-  }
-
-  const invalidSet = new Set(invalidBlockIds)
-  const edges = (normalized.edges || []).filter(
-    (edge: any) => !invalidSet.has(edge.source) && !invalidSet.has(edge.target)
-  )
-
-  if (invalidBlockIds.length > 0) {
-    logger.warn('Dropped blocks without type while loading workflow state', {
-      workflowId,
-      dropped: invalidBlockIds,
-    })
-  }
-
-  return {
-    workflowState: {
-      blocks,
-      edges,
-      loops: normalized.loops || {},
-      parallels: normalized.parallels || {},
-    },
-    workspaceId: workflowRecord.workspaceId || undefined,
-  }
-}
-
-export function summarizeWorkflowState(workflowState: {
-  blocks: Record<string, any>
-  edges: Array<Record<string, any>>
-  loops: Record<string, any>
-  parallels: Record<string, any>
-}): Record<string, unknown> {
-  const blocks = workflowState.blocks || {}
-  const edges = workflowState.edges || []
-  const blockTypes: Record<string, number> = {}
-  const triggerBlocks: Array<{ id: string; name: string; type: string }> = []
-
-  for (const [blockId, block] of Object.entries(blocks)) {
-    const blockType = String((block as Record<string, unknown>).type || 'unknown')
-    blockTypes[blockType] = (blockTypes[blockType] || 0) + 1
-    if ((block as Record<string, unknown>).triggerMode === true) {
-      triggerBlocks.push({
-        id: blockId,
-        name: String((block as Record<string, unknown>).name || blockType),
-        type: blockType,
-      })
-    }
-  }
-
-  return {
-    blockCount: Object.keys(blocks).length,
-    edgeCount: edges.length,
-    loopCount: Object.keys(workflowState.loops || {}).length,
-    parallelCount: Object.keys(workflowState.parallels || {}).length,
-    blockTypes,
-    triggerBlocks,
-  }
-}
-
-export function getAllKnownBlockTypes(): string[] {
-  return getAllBlockTypes()
-}

apps/sim/lib/copilot/tools/server/workflow/workflow-verify.ts

@@ -1,194 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { z } from 'zod'
-import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
-import { validateWorkflowState } from '@/lib/workflows/sanitization/validation'
-import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
-import { hashWorkflowState, loadWorkflowStateFromDb } from './workflow-state'
-
-const logger = createLogger('WorkflowVerifyServerTool')
-
-const AcceptanceItemSchema = z.union([
-  z.string(),
-  z.object({
-    kind: z.string().optional(),
-    assert: z.string(),
-  }),
-])
-
-const WorkflowVerifyInputSchema = z
-  .object({
-    workflowId: z.string(),
-    acceptance: z.array(AcceptanceItemSchema).optional(),
-    baseSnapshotHash: z.string().optional(),
-  })
-  .strict()
-
-type WorkflowVerifyParams = z.infer<typeof WorkflowVerifyInputSchema>
-
-function normalizeName(value: string): string {
-  return value.trim().toLowerCase()
-}
-
-function resolveBlockToken(
-  workflowState: { blocks: Record<string, any> },
-  token: string
-): string | null {
-  if (!token) return null
-  if (workflowState.blocks[token]) return token
-  const normalized = normalizeName(token)
-  for (const [blockId, block] of Object.entries(workflowState.blocks || {})) {
-    const blockName = normalizeName(String((block as Record<string, unknown>).name || ''))
-    if (blockName === normalized) return blockId
-  }
-  return null
-}
-
-function hasPath(
-  workflowState: { edges: Array<Record<string, any>> },
-  blockPath: string[]
-): boolean {
-  if (blockPath.length < 2) return true
-  const adjacency = new Map<string, string[]>()
-  for (const edge of workflowState.edges || []) {
-    const source = String(edge.source || '')
-    const target = String(edge.target || '')
-    if (!source || !target) continue
-    const existing = adjacency.get(source) || []
-    existing.push(target)
-    adjacency.set(source, existing)
-  }
-
-  for (let i = 0; i < blockPath.length - 1; i++) {
-    const from = blockPath[i]
-    const to = blockPath[i + 1]
-    const next = adjacency.get(from) || []
-    if (!next.includes(to)) return false
-  }
-  return true
-}
-
-function evaluateAssertions(params: {
-  workflowState: {
-    blocks: Record<string, any>
-    edges: Array<Record<string, any>>
-  }
-  assertions: string[]
-}): { failures: string[]; checks: Array<Record<string, any>> } {
-  const failures: string[] = []
-  const checks: Array<Record<string, any>> = []
-
-  for (const assertion of params.assertions) {
-    if (assertion.startsWith('block_exists:')) {
-      const token = assertion.slice('block_exists:'.length).trim()
-      const blockId = resolveBlockToken(params.workflowState, token)
-      const passed = Boolean(blockId)
-      checks.push({ assert: assertion, passed, resolvedBlockId: blockId || null })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    if (assertion.startsWith('trigger_exists:')) {
-      const triggerType = normalizeName(assertion.slice('trigger_exists:'.length))
-      const triggerBlock = Object.values(params.workflowState.blocks || {}).find((block: any) => {
-        if (block?.triggerMode !== true) return false
-        return normalizeName(String(block?.type || '')) === triggerType
-      })
-      const passed = Boolean(triggerBlock)
-      checks.push({ assert: assertion, passed })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    if (assertion.startsWith('path_exists:')) {
-      const rawPath = assertion.slice('path_exists:'.length).trim()
-      const tokens = rawPath
-        .split('->')
-        .map((token) => token.trim())
-        .filter(Boolean)
-      const resolvedPath = tokens
-        .map((token) => resolveBlockToken(params.workflowState, token))
-        .filter((value): value is string => Boolean(value))
-
-      const resolvedAll = resolvedPath.length === tokens.length
-      const passed = resolvedAll && hasPath(params.workflowState, resolvedPath)
-      checks.push({
-        assert: assertion,
-        passed,
-        resolvedPath,
-      })
-      if (!passed) failures.push(`Assertion failed: ${assertion}`)
-      continue
-    }
-
-    // Unknown assertion format - mark as warning failure for explicit visibility.
-    checks.push({ assert: assertion, passed: false, reason: 'unknown_assertion_type' })
-    failures.push(`Unknown assertion format: ${assertion}`)
-  }
-
-  return { failures, checks }
-}
-
-export const workflowVerifyServerTool: BaseServerTool<WorkflowVerifyParams, any> = {
-  name: 'workflow_verify',
-  inputSchema: WorkflowVerifyInputSchema,
-  async execute(params: WorkflowVerifyParams, context?: { userId: string }): Promise<any> {
-    if (!context?.userId) {
-      throw new Error('Unauthorized workflow access')
-    }
-
-    const authorization = await authorizeWorkflowByWorkspacePermission({
-      workflowId: params.workflowId,
-      userId: context.userId,
-      action: 'read',
-    })
-    if (!authorization.allowed) {
-      throw new Error(authorization.message || 'Unauthorized workflow access')
-    }
-
-    const { workflowState } = await loadWorkflowStateFromDb(params.workflowId)
-    const snapshotHash = hashWorkflowState(workflowState as unknown as Record<string, unknown>)
-    if (params.baseSnapshotHash && params.baseSnapshotHash !== snapshotHash) {
-      return {
-        success: false,
-        verified: false,
-        reason: 'snapshot_mismatch',
-        expected: params.baseSnapshotHash,
-        current: snapshotHash,
-      }
-    }
-
-    const validation = validateWorkflowState(workflowState as any, { sanitize: false })
-
-    const assertions = (params.acceptance || []).map((item) =>
-      typeof item === 'string' ? item : item.assert
-    )
-    const assertionResults = evaluateAssertions({
-      workflowState,
-      assertions,
-    })
-
-    const verified =
-      validation.valid && assertionResults.failures.length === 0 && validation.errors.length === 0
-
-    logger.info('Workflow verification complete', {
-      workflowId: params.workflowId,
-      verified,
-      errorCount: validation.errors.length,
-      warningCount: validation.warnings.length,
-      assertionFailures: assertionResults.failures.length,
-    })
-
-    return {
-      success: true,
-      verified,
-      snapshotHash,
-      validation: {
-        valid: validation.valid,
-        errors: validation.errors,
-        warnings: validation.warnings,
-      },
-      assertions: assertionResults.checks,
-      failures: assertionResults.failures,
-    }
-  },
-}

apps/sim/stores/panel/copilot/store.ts

@@ -18,6 +18,7 @@ import {
 import { flushStreamingUpdates, stopStreamingUpdates } from '@/lib/copilot/client-sse/handlers'
 import type { ClientContentBlock, ClientStreamingContext } from '@/lib/copilot/client-sse/types'
 import {
+  COPILOT_AUTO_ALLOWED_TOOLS_API_PATH,
   COPILOT_CHAT_API_PATH,
   COPILOT_CHAT_STREAM_API_PATH,
   COPILOT_CHECKPOINTS_API_PATH,
@@ -83,15 +84,6 @@ function isPageUnloading(): boolean {
   return _isPageUnloading
 }
 
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
 function readActiveStreamFromStorage(): CopilotStreamInfo | null {
   if (typeof window === 'undefined') return null
   try {
@@ -148,6 +140,41 @@ function updateActiveStreamEventId(
   writeActiveStreamToStorage(next)
 }
 
+const AUTO_ALLOWED_TOOLS_STORAGE_KEY = 'copilot_auto_allowed_tools'
+
+function readAutoAllowedToolsFromStorage(): string[] | null {
+  if (typeof window === 'undefined') return null
+  try {
+    const raw = window.localStorage.getItem(AUTO_ALLOWED_TOOLS_STORAGE_KEY)
+    if (!raw) return null
+    const parsed = JSON.parse(raw)
+    if (!Array.isArray(parsed)) return null
+    return parsed.filter((item): item is string => typeof item === 'string')
+  } catch (error) {
+    logger.warn('[AutoAllowedTools] Failed to read local cache', {
+      error: error instanceof Error ? error.message : String(error),
+    })
+    return null
+  }
+}
+
+function writeAutoAllowedToolsToStorage(tools: string[]): void {
+  if (typeof window === 'undefined') return
+  try {
+    window.localStorage.setItem(AUTO_ALLOWED_TOOLS_STORAGE_KEY, JSON.stringify(tools))
+  } catch (error) {
+    logger.warn('[AutoAllowedTools] Failed to write local cache', {
+      error: error instanceof Error ? error.message : String(error),
+    })
+  }
+}
+
+function isToolAutoAllowedByList(toolId: string, autoAllowedTools: string[]): boolean {
+  if (!toolId) return false
+  const normalizedTarget = toolId.trim()
+  return autoAllowedTools.some((allowed) => allowed?.trim() === normalizedTarget)
+}
+
 /**
  * Clear any lingering diff preview from a previous session.
  * Called lazily when the store is first activated (setWorkflowId).
@@ -453,6 +480,11 @@ function prepareSendContext(
     .catch((err) => {
       logger.warn('[Copilot] Failed to load sensitive credential IDs', err)
     })
+  get()
+    .loadAutoAllowedTools()
+    .catch((err) => {
+      logger.warn('[Copilot] Failed to load auto-allowed tools', err)
+    })
 
   let newMessages: CopilotMessage[]
   if (revertState) {
@@ -1005,6 +1037,8 @@ async function resumeFromLiveStream(
   return false
 }
 
+const cachedAutoAllowedTools = readAutoAllowedToolsFromStorage()
+
 // Initial state (subset required for UI/streaming)
 const initialState = {
   mode: 'build' as const,
@@ -1039,6 +1073,8 @@ const initialState = {
   streamingPlanContent: '',
   toolCallsById: {} as Record<string, CopilotToolCall>,
   suppressAutoSelect: false,
+  autoAllowedTools: cachedAutoAllowedTools ?? ([] as string[]),
+  autoAllowedToolsLoaded: cachedAutoAllowedTools !== null,
   activeStream: null as CopilotStreamInfo | null,
   messageQueue: [] as import('./types').QueuedMessage[],
   suppressAbortContinueOption: false,
@@ -1077,6 +1113,8 @@ export const useCopilotStore = create<CopilotStore>()(
         agentPrefetch: get().agentPrefetch,
         availableModels: get().availableModels,
         isLoadingModels: get().isLoadingModels,
+        autoAllowedTools: get().autoAllowedTools,
+        autoAllowedToolsLoaded: get().autoAllowedToolsLoaded,
       })
     },
 
@@ -1391,6 +1429,16 @@ export const useCopilotStore = create<CopilotStore>()(
 
     // Send a message (streaming only)
     sendMessage: async (message: string, options = {}) => {
+      if (!get().autoAllowedToolsLoaded) {
+        try {
+          await get().loadAutoAllowedTools()
+        } catch (error) {
+          logger.warn('[Copilot] Failed to preload auto-allowed tools before send', {
+            error: error instanceof Error ? error.message : String(error),
+          })
+        }
+      }
+
       const prepared = prepareSendContext(get, set, message, options as SendMessageOptionsInput)
       if (!prepared) return
 
@@ -1657,7 +1705,7 @@ export const useCopilotStore = create<CopilotStore>()(
             const b = blocks[bi]
             if (b?.type === 'tool_call') {
               const tn = b.toolCall?.name
-              if (isWorkflowEditToolCall(tn, b.toolCall?.params)) {
+              if (tn === 'edit_workflow') {
                 id = b.toolCall?.id
                 break outer
               }
@@ -1666,9 +1714,7 @@ export const useCopilotStore = create<CopilotStore>()(
         }
         // Fallback to map if not found in messages
         if (!id) {
-          const candidates = Object.values(toolCallsById).filter((t) =>
+          const candidates = Object.values(toolCallsById).filter((t) => t.name === 'edit_workflow')
-            isWorkflowEditToolCall(t.name, t.params)
-          )
           id = candidates.length ? candidates[candidates.length - 1].id : undefined
         }
       }
@@ -2361,6 +2407,74 @@ export const useCopilotStore = create<CopilotStore>()(
       }
     },
 
+    loadAutoAllowedTools: async () => {
+      try {
+        logger.debug('[AutoAllowedTools] Loading from API...')
+        const res = await fetch(COPILOT_AUTO_ALLOWED_TOOLS_API_PATH)
+        logger.debug('[AutoAllowedTools] Load response', { status: res.status, ok: res.ok })
+        if (res.ok) {
+          const data = await res.json()
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Loaded successfully', { count: tools.length, tools })
+        } else {
+          set({ autoAllowedToolsLoaded: true })
+          logger.warn('[AutoAllowedTools] Load failed with status', { status: res.status })
+        }
+      } catch (err) {
+        set({ autoAllowedToolsLoaded: true })
+        logger.error('[AutoAllowedTools] Failed to load', { error: err })
+      }
+    },
+
+    addAutoAllowedTool: async (toolId: string) => {
+      try {
+        logger.debug('[AutoAllowedTools] Adding tool...', { toolId })
+        const res = await fetch(COPILOT_AUTO_ALLOWED_TOOLS_API_PATH, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ toolId }),
+        })
+        logger.debug('[AutoAllowedTools] API response', { toolId, status: res.status, ok: res.ok })
+        if (res.ok) {
+          const data = await res.json()
+          logger.debug('[AutoAllowedTools] API returned', { toolId, tools: data.autoAllowedTools })
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Added tool to store', { toolId })
+        }
+      } catch (err) {
+        logger.error('[AutoAllowedTools] Failed to add tool', { toolId, error: err })
+      }
+    },
+
+    removeAutoAllowedTool: async (toolId: string) => {
+      try {
+        const res = await fetch(
+          `${COPILOT_AUTO_ALLOWED_TOOLS_API_PATH}?toolId=${encodeURIComponent(toolId)}`,
+          {
+            method: 'DELETE',
+          }
+        )
+        if (res.ok) {
+          const data = await res.json()
+          const tools = data.autoAllowedTools ?? []
+          set({ autoAllowedTools: tools, autoAllowedToolsLoaded: true })
+          writeAutoAllowedToolsToStorage(tools)
+          logger.debug('[AutoAllowedTools] Removed tool', { toolId })
+        }
+      } catch (err) {
+        logger.error('[AutoAllowedTools] Failed to remove tool', { toolId, error: err })
+      }
+    },
+
+    isToolAutoAllowed: (toolId: string) => {
+      const { autoAllowedTools } = get()
+      return isToolAutoAllowedByList(toolId, autoAllowedTools)
+    },
+
     // Credential masking
     loadSensitiveCredentialIds: async () => {
       try {

apps/sim/stores/panel/copilot/types.ts

@@ -26,26 +26,6 @@ export interface CopilotToolCall {
   params?: Record<string, unknown>
   input?: Record<string, unknown>
   display?: ClientToolDisplay
-  /** Server-provided UI contract for this tool call phase */
-  ui?: {
-    title?: string
-    phaseLabel?: string
-    icon?: string
-    showInterrupt?: boolean
-    showRemember?: boolean
-    autoAllowed?: boolean
-    actions?: Array<{
-      id: string
-      label: string
-      kind: 'accept' | 'reject'
-      remember?: boolean
-    }>
-  }
-  /** Server-provided execution routing contract */
-  execution?: {
-    target?: 'go' | 'go_subagent' | 'sim_server' | 'sim_client_capability' | string
-    capabilityId?: string
-  }
   /** Content streamed from a subagent (e.g., debug agent) */
   subAgentContent?: string
   /** Tool calls made by the subagent */
@@ -187,6 +167,10 @@ export interface CopilotState {
 
   // Per-message metadata captured at send-time for reliable stats
 
+  // Auto-allowed integration tools (tools that can run without confirmation)
+  autoAllowedTools: string[]
+  autoAllowedToolsLoaded: boolean
+
   // Active stream metadata for reconnect/replay
   activeStream: CopilotStreamInfo | null
 
@@ -263,6 +247,11 @@ export interface CopilotActions {
     abortSignal?: AbortSignal
   ) => Promise<void>
   handleNewChatCreation: (newChatId: string) => Promise<void>
+  loadAutoAllowedTools: () => Promise<void>
+  addAutoAllowedTool: (toolId: string) => Promise<void>
+  removeAutoAllowedTool: (toolId: string) => Promise<void>
+  isToolAutoAllowed: (toolId: string) => boolean
+
   // Credential masking
   loadSensitiveCredentialIds: () => Promise<void>
   maskCredentialValue: (value: string) => string

apps/sim/stores/workflow-diff/store.ts

@@ -15,7 +15,7 @@ import {
   captureBaselineSnapshot,
   cloneWorkflowState,
   createBatchedUpdater,
-  findLatestWorkflowEditToolCallId,
+  findLatestEditWorkflowToolCallId,
   getLatestUserMessageId,
   persistWorkflowStateToServer,
 } from './utils'
@@ -334,7 +334,7 @@ export const useWorkflowDiffStore = create<WorkflowDiffState & WorkflowDiffActio
             })
           }
 
-          findLatestWorkflowEditToolCallId().then((toolCallId) => {
+          findLatestEditWorkflowToolCallId().then((toolCallId) => {
             if (toolCallId) {
               import('@/stores/panel/copilot/store')
                 .then(({ useCopilotStore }) => {
@@ -439,7 +439,7 @@ export const useWorkflowDiffStore = create<WorkflowDiffState & WorkflowDiffActio
             })
           }
 
-          findLatestWorkflowEditToolCallId().then((toolCallId) => {
+          findLatestEditWorkflowToolCallId().then((toolCallId) => {
             if (toolCallId) {
               import('@/stores/panel/copilot/store')
                 .then(({ useCopilotStore }) => {

apps/sim/stores/workflow-diff/utils.ts

@@ -126,21 +126,6 @@ export async function getLatestUserMessageId(): Promise<string | null> {
 }
 
 export async function findLatestEditWorkflowToolCallId(): Promise<string | undefined> {
-  return findLatestWorkflowEditToolCallId()
-}
-
-function isWorkflowEditToolCall(name?: string, params?: Record<string, unknown>): boolean {
-  if (name === 'edit_workflow') return true
-  if (name !== 'workflow_change') return false
-
-  const mode = typeof params?.mode === 'string' ? params.mode.toLowerCase() : ''
-  if (mode === 'apply') return true
-
-  // Be permissive for legacy/incomplete events: apply calls always include proposalId.
-  return typeof params?.proposalId === 'string' && params.proposalId.length > 0
-}
-
-export async function findLatestWorkflowEditToolCallId(): Promise<string | undefined> {
   try {
     const { useCopilotStore } = await import('@/stores/panel/copilot/store')
     const { messages, toolCallsById } = useCopilotStore.getState()
@@ -149,22 +134,17 @@ export async function findLatestWorkflowEditToolCallId(): Promise<string | undef
       const message = messages[mi]
       if (message.role !== 'assistant' || !message.contentBlocks) continue
       for (const block of message.contentBlocks) {
-        if (
+        if (block?.type === 'tool_call' && block.toolCall?.name === 'edit_workflow') {
-          block?.type === 'tool_call' &&
-          isWorkflowEditToolCall(block.toolCall?.name, block.toolCall?.params)
-        ) {
           return block.toolCall?.id
         }
       }
     }
 
-    const fallback = Object.values(toolCallsById).filter((call) =>
+    const fallback = Object.values(toolCallsById).filter((call) => call.name === 'edit_workflow')
-      isWorkflowEditToolCall(call.name, call.params)
-    )
 
     return fallback.length ? fallback[fallback.length - 1].id : undefined
   } catch (error) {
-    logger.warn('Failed to resolve workflow edit tool call id', { error })
+    logger.warn('Failed to resolve edit_workflow tool call id', { error })
     return undefined
   }
 }