improvement(blocks): extract model config subBlocks into shared utils

* feat(models): updated model configs, updated anthropic provider to propagate errors back to user if any

* moved max tokens to advanced

* updated model configs and testesd

* removed default in max config for output tokens

* moved more stuff to advanced mode in the agent block

* stronger typing

* move api key under model, update mistral and groq

* update openrouter, fixed serializer to allow ollama/vllm models without api key

* removed ollama handling

apps/docs/components/icons.tsx

@@ -5462,3 +5462,24 @@ export function EnrichSoIcon(props: SVGProps<SVGSVGElement>) {
     </svg>
   )
 }
+
+export function AgentSkillsIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      {...props}
+      xmlns='http://www.w3.org/2000/svg'
+      width='16'
+      height='16'
+      viewBox='0 0 16 16'
+      fill='none'
+    >
+      <path
+        d='M8 1L14.0622 4.5V11.5L8 15L1.93782 11.5V4.5L8 1Z'
+        stroke='currentColor'
+        strokeWidth='1.5'
+        fill='none'
+      />
+      <path d='M8 4.5L11 6.25V9.75L8 11.5L5 9.75V6.25L8 4.5Z' fill='currentColor' />
+    </svg>
+  )
+}

apps/docs/content/docs/en/copilot/index.mdx

@@ -56,7 +56,7 @@ Switch between modes using the mode selector at the bottom of the input area.
 Select your preferred AI model using the model selector at the bottom right of the input area.
 
 **Available Models:**
-- Claude 4.6 Opus (default), 4.5 Opus, Sonnet, Haiku
+- Claude 4.5 Opus, Sonnet (default), Haiku
 - GPT 5.2 Codex, Pro
 - Gemini 3 Pro
 

apps/docs/content/docs/en/skills/index.mdx

@@ -18,7 +18,9 @@ This means you can attach many skills to an agent without bloating its context w
 
 ## Creating Skills
 
-Go to **Settings** (gear icon) and select **Skills** under the Tools section.
+Go to **Settings** and select **Skills** under the Tools section.
+
+![Manage Skills](/static/skills/manage-skills.png)
 
 Click **Add** to create a new skill with three fields:
 
@@ -52,11 +54,22 @@ Use when the user asks you to write, optimize, or debug SQL queries.
 ...
 ```
 
+**Recommended structure:**
+- **When to use** — Specific triggers and scenarios
+- **Instructions** — Step-by-step guidance with numbered lists
+- **Examples** — Input/output samples showing expected behavior
+- **Common Patterns** — Reusable approaches for frequent tasks
+- **Edge Cases** — Gotchas and special considerations
+
+Keep skills focused and under 500 lines. If a skill grows too large, split it into multiple specialized skills.
+
 ## Adding Skills to an Agent
 
 Open any **Agent** block and find the **Skills** dropdown below the tools section. Select the skills you want the agent to have access to.
 
-Selected skills appear as chips that you can click to edit or remove.
+![Add Skill](/static/skills/add-skill.png)
+
+Selected skills appear as cards that you can click to edit or remove.
 
 ### What Happens at Runtime
 
@@ -69,12 +82,50 @@ When the workflow runs:
 
 This works across all supported LLM providers — the `load_skill` tool uses standard tool-calling, so no provider-specific configuration is needed.
 
-## Tips
+## Common Use Cases
 
-- **Keep descriptions actionable** — Instead of "Helps with SQL", write "Write optimized SQL queries for PostgreSQL, MySQL, and SQLite, including index recommendations and query plan analysis"
+Skills are most valuable when agents need specialized knowledge or multi-step workflows:
+
+**Domain Expertise**
+- `api-integration-expert` — Best practices for calling specific APIs (authentication, rate limiting, error handling)
+- `data-transformation` — ETL patterns, data cleaning, and validation rules
+- `code-reviewer` — Code review guidelines specific to your team's standards
+
+**Workflow Templates**
+- `bug-investigation` — Step-by-step debugging methodology (reproduce → isolate → test → fix)
+- `feature-implementation` — Development workflow from requirements to deployment
+- `document-generator` — Templates and formatting rules for technical documentation
+
+**Company-Specific Knowledge**
+- `our-architecture` — System architecture diagrams, service dependencies, and deployment processes
+- `style-guide` — Brand guidelines, writing tone, UI/UX patterns
+- `customer-onboarding` — Standard procedures and common customer questions
+
+**When to use skills vs. agent instructions:**
+- Use **skills** for knowledge that applies across multiple workflows or changes frequently
+- Use **agent instructions** for task-specific context that's unique to a single agent
+
+## Best Practices
+
+**Writing Effective Descriptions**
+- **Be specific and keyword-rich** — Instead of "Helps with SQL", write "Write optimized SQL queries for PostgreSQL, MySQL, and SQLite, including index recommendations and query plan analysis"
+- **Include activation triggers** — Mention specific words or phrases that should prompt the skill (e.g., "Use when the user mentions PDFs, forms, or document extraction")
+- **Keep it under 200 words** — Agents scan descriptions quickly; make every word count
+
+**Skill Scope and Organization**
 - **One skill per domain** — A focused `sql-expert` skill works better than a broad `database-everything` skill
-- **Use markdown structure** — Headers, lists, and code blocks help the agent parse and follow instructions
+- **Limit to 5-10 skills per agent** — More skills = more decision overhead; start small and add as needed
-- **Test iteratively** — Run your workflow and check if the agent activates the skill when expected
+- **Split large skills** — If a skill exceeds 500 lines, break it into focused sub-skills
+
+**Content Structure**
+- **Use markdown formatting** — Headers, lists, and code blocks help agents parse and follow instructions
+- **Provide examples** — Show input/output pairs so agents understand expected behavior
+- **Be explicit about edge cases** — Don't assume agents will infer special handling
+
+**Testing and Iteration**
+- **Test activation** — Run your workflow and verify the agent loads the skill when expected
+- **Check for false positives** — Make sure skills aren't activating when they shouldn't
+- **Refine descriptions** — If a skill isn't loading when needed, add more keywords to the description
 
 ## Learn More
 

apps/docs/content/docs/en/tools/airweave.mdx

@@ -10,6 +10,21 @@ import { BlockInfoCard } from "@/components/ui/block-info-card"
   color="#6366F1"
 />
 
+{/* MANUAL-CONTENT-START:intro */}
+[Airweave](https://airweave.ai/) is an AI-powered semantic search platform that helps you discover and retrieve knowledge across all your synced data sources. Built for modern teams, Airweave enables fast, relevant search results using neural, hybrid, or keyword-based strategies tailored to your needs.
+
+With Airweave, you can:
+
+- **Search smarter**: Use natural language queries to uncover information stored across your connected tools and databases
+- **Unify your data**: Seamlessly access content from sources like code, docs, chat, emails, cloud files, and more
+- **Customize retrieval**: Select between hybrid (semantic + keyword), neural, or keyword search strategies for optimal results
+- **Boost recall**: Expand search queries with AI to find more comprehensive answers
+- **Rerank results using AI**: Prioritize the most relevant answers with powerful language models
+- **Get instant answers**: Generate clear, AI-powered responses synthesized from your data
+
+In Sim, the Airweave integration empowers your agents to search, summarize, and extract insights from all your organization’s data via a single tool. Use Airweave to drive rich, contextual knowledge retrieval within your workflows—whether answering questions, generating summaries, or supporting dynamic decision-making.
+{/* MANUAL-CONTENT-END */}
+
 ## Usage Instructions
 
 Search across your synced data sources using Airweave. Supports semantic search with hybrid, neural, or keyword retrieval strategies. Optionally generate AI-powered answers from search results.

apps/sim/app/.well-known/oauth-authorization-server/[...issuer]/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
-}

apps/sim/app/.well-known/oauth-authorization-server/api/mcp/copilot/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
-}

apps/sim/app/.well-known/oauth-authorization-server/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
-}

apps/sim/app/.well-known/oauth-protected-resource/api/mcp/copilot/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
-}

apps/sim/app/.well-known/oauth-protected-resource/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
-}

apps/sim/app/api/a2a/agents/[agentId]/route.ts

@@ -5,7 +5,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { generateAgentCard, generateSkillsFromWorkflow } from '@/lib/a2a/agent-card'
 import type { AgentCapabilities, AgentSkill } from '@/lib/a2a/types'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { getRedisClient } from '@/lib/core/config/redis'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
 import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
@@ -40,7 +40,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<Ro
     }
 
     if (!agent.agent.isPublished) {
-      const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+      const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
       if (!auth.success) {
         return NextResponse.json({ error: 'Agent not published' }, { status: 404 })
       }
@@ -81,7 +81,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<Ro
   const { agentId } = await params
 
   try {
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
@@ -151,7 +151,7 @@ export async function DELETE(request: NextRequest, { params }: { params: Promise
   const { agentId } = await params
 
   try {
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
@@ -189,7 +189,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<R
   const { agentId } = await params
 
   try {
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || !auth.userId) {
       logger.warn('A2A agent publish auth failed:', { error: auth.error, hasUserId: !!auth.userId })
       return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })

apps/sim/app/api/a2a/agents/route.ts

@@ -13,7 +13,7 @@ import { v4 as uuidv4 } from 'uuid'
 import { generateSkillsFromWorkflow } from '@/lib/a2a/agent-card'
 import { A2A_DEFAULT_CAPABILITIES } from '@/lib/a2a/constants'
 import { sanitizeAgentName } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
 import { hasValidStartBlockInState } from '@/lib/workflows/triggers/trigger-utils'
 import { getWorkspaceById } from '@/lib/workspaces/permissions/utils'
@@ -27,7 +27,7 @@ export const dynamic = 'force-dynamic'
  */
 export async function GET(request: NextRequest) {
   try {
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
@@ -87,7 +87,7 @@ export async function GET(request: NextRequest) {
  */
 export async function POST(request: NextRequest) {
   try {
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }

apps/sim/app/api/auth/oauth/credentials/route.ts

@@ -5,7 +5,7 @@ import { and, eq } from 'drizzle-orm'
 import { jwtDecode } from 'jwt-decode'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { evaluateScopeCoverage, type OAuthProvider, parseProvider } from '@/lib/oauth'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
@@ -81,7 +81,7 @@ export async function GET(request: NextRequest) {
     const { provider: providerParam, workflowId, credentialId } = parseResult.data
 
     // Authenticate requester (supports session, API key, internal JWT)
-    const authResult = await checkHybridAuth(request)
+    const authResult = await checkSessionOrInternalAuth(request)
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthenticated credentials request rejected`)
       return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })

apps/sim/app/api/auth/oauth/token/route.test.ts

@@ -12,7 +12,7 @@ describe('OAuth Token API Routes', () => {
   const mockRefreshTokenIfNeeded = vi.fn()
   const mockGetOAuthToken = vi.fn()
   const mockAuthorizeCredentialUse = vi.fn()
-  const mockCheckHybridAuth = vi.fn()
+  const mockCheckSessionOrInternalAuth = vi.fn()
 
   const mockLogger = createMockLogger()
 
@@ -42,7 +42,7 @@ describe('OAuth Token API Routes', () => {
     }))
 
     vi.doMock('@/lib/auth/hybrid', () => ({
-      checkHybridAuth: mockCheckHybridAuth,
+      checkSessionOrInternalAuth: mockCheckSessionOrInternalAuth,
     }))
   })
 
@@ -235,7 +235,7 @@ describe('OAuth Token API Routes', () => {
 
     describe('credentialAccountUserId + providerId path', () => {
       it('should reject unauthenticated requests', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
+        mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
           success: false,
           error: 'Authentication required',
         })
@@ -255,30 +255,8 @@ describe('OAuth Token API Routes', () => {
         expect(mockGetOAuthToken).not.toHaveBeenCalled()
       })
 
-      it('should reject API key authentication', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
-          success: true,
-          authType: 'api_key',
-          userId: 'test-user-id',
-        })
-
-        const req = createMockRequest('POST', {
-          credentialAccountUserId: 'test-user-id',
-          providerId: 'google',
-        })
-
-        const { POST } = await import('@/app/api/auth/oauth/token/route')
-
-        const response = await POST(req)
-        const data = await response.json()
-
-        expect(response.status).toBe(401)
-        expect(data).toHaveProperty('error', 'User not authenticated')
-        expect(mockGetOAuthToken).not.toHaveBeenCalled()
-      })
-
       it('should reject internal JWT authentication', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
+        mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
           success: true,
           authType: 'internal_jwt',
           userId: 'test-user-id',
@@ -300,7 +278,7 @@ describe('OAuth Token API Routes', () => {
       })
 
       it('should reject requests for other users credentials', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
+        mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
           success: true,
           authType: 'session',
           userId: 'attacker-user-id',
@@ -322,7 +300,7 @@ describe('OAuth Token API Routes', () => {
       })
 
       it('should allow session-authenticated users to access their own credentials', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
+        mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
           success: true,
           authType: 'session',
           userId: 'test-user-id',
@@ -345,7 +323,7 @@ describe('OAuth Token API Routes', () => {
       })
 
       it('should return 404 when credential not found for user', async () => {
-        mockCheckHybridAuth.mockResolvedValueOnce({
+        mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
           success: true,
           authType: 'session',
           userId: 'test-user-id',
@@ -373,7 +351,7 @@ describe('OAuth Token API Routes', () => {
    */
   describe('GET handler', () => {
     it('should return access token successfully', async () => {
-      mockCheckHybridAuth.mockResolvedValueOnce({
+      mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
         success: true,
         authType: 'session',
         userId: 'test-user-id',
@@ -402,7 +380,7 @@ describe('OAuth Token API Routes', () => {
       expect(response.status).toBe(200)
       expect(data).toHaveProperty('accessToken', 'fresh-token')
 
-      expect(mockCheckHybridAuth).toHaveBeenCalled()
+      expect(mockCheckSessionOrInternalAuth).toHaveBeenCalled()
       expect(mockGetCredential).toHaveBeenCalledWith(mockRequestId, 'credential-id', 'test-user-id')
       expect(mockRefreshTokenIfNeeded).toHaveBeenCalled()
     })
@@ -421,7 +399,7 @@ describe('OAuth Token API Routes', () => {
     })
 
     it('should handle authentication failure', async () => {
-      mockCheckHybridAuth.mockResolvedValueOnce({
+      mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
         success: false,
         error: 'Authentication required',
       })
@@ -440,7 +418,7 @@ describe('OAuth Token API Routes', () => {
     })
 
     it('should handle credential not found', async () => {
-      mockCheckHybridAuth.mockResolvedValueOnce({
+      mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
         success: true,
         authType: 'session',
         userId: 'test-user-id',
@@ -461,7 +439,7 @@ describe('OAuth Token API Routes', () => {
     })
 
     it('should handle missing access token', async () => {
-      mockCheckHybridAuth.mockResolvedValueOnce({
+      mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
         success: true,
         authType: 'session',
         userId: 'test-user-id',
@@ -487,7 +465,7 @@ describe('OAuth Token API Routes', () => {
     })
 
     it('should handle token refresh failure', async () => {
-      mockCheckHybridAuth.mockResolvedValueOnce({
+      mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
         success: true,
         authType: 'session',
         userId: 'test-user-id',

apps/sim/app/api/auth/oauth/token/route.ts

@@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getCredential, getOAuthToken, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
@@ -71,7 +71,7 @@ export async function POST(request: NextRequest) {
         providerId,
       })
 
-      const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+      const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
       if (!auth.success || auth.authType !== 'session' || !auth.userId) {
         logger.warn(`[${requestId}] Unauthorized request for credentialAccountUserId path`, {
           success: auth.success,
@@ -187,7 +187,7 @@ export async function GET(request: NextRequest) {
     const { credentialId } = parseResult.data
 
     // For GET requests, we only support session-based authentication
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!auth.success || auth.authType !== 'session' || !auth.userId) {
       return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
     }

apps/sim/app/api/billing/update-cost/route.ts

@@ -18,7 +18,6 @@ const UpdateCostSchema = z.object({
   model: z.string().min(1, 'Model is required'),
   inputTokens: z.number().min(0).default(0),
   outputTokens: z.number().min(0).default(0),
-  source: z.enum(['copilot', 'mcp_copilot']).default('copilot'),
 })
 
 /**
@@ -76,14 +75,12 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    const { userId, cost, model, inputTokens, outputTokens, source } = validation.data
+    const { userId, cost, model, inputTokens, outputTokens } = validation.data
-    const isMcp = source === 'mcp_copilot'
 
     logger.info(`[${requestId}] Processing cost update`, {
       userId,
       cost,
       model,
-      source,
     })
 
     // Check if user stats record exists (same as ExecutionLogger)
@@ -99,7 +96,7 @@ export async function POST(req: NextRequest) {
       return NextResponse.json({ error: 'User stats record not found' }, { status: 500 })
     }
 
-    const updateFields: Record<string, unknown> = {
+    const updateFields = {
       totalCost: sql`total_cost + ${cost}`,
       currentPeriodCost: sql`current_period_cost + ${cost}`,
       totalCopilotCost: sql`total_copilot_cost + ${cost}`,
@@ -108,24 +105,17 @@ export async function POST(req: NextRequest) {
       lastActive: new Date(),
     }
 
-    // Also increment MCP-specific counters when source is mcp_copilot
-    if (isMcp) {
-      updateFields.totalMcpCopilotCost = sql`total_mcp_copilot_cost + ${cost}`
-      updateFields.currentPeriodMcpCopilotCost = sql`current_period_mcp_copilot_cost + ${cost}`
-    }
-
     await db.update(userStats).set(updateFields).where(eq(userStats.userId, userId))
 
     logger.info(`[${requestId}] Updated user stats record`, {
       userId,
       addedCost: cost,
-      source,
     })
 
     // Log usage for complete audit trail
     await logModelUsage({
       userId,
-      source: isMcp ? 'mcp_copilot' : 'copilot',
+      source: 'copilot',
       model,
       inputTokens,
       outputTokens,

apps/sim/app/api/copilot/api-keys/generate/route.ts

@@ -1,7 +1,7 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
 import { env } from '@/lib/core/config/env'
 
 const GenerateApiKeySchema = z.object({
@@ -17,6 +17,9 @@ export async function POST(req: NextRequest) {
 
     const userId = session.user.id
 
+    // Move environment variable access inside the function
+    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
     const body = await req.json().catch(() => ({}))
     const validationResult = GenerateApiKeySchema.safeParse(body)
 

apps/sim/app/api/copilot/api-keys/route.ts

@@ -1,6 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
-import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
 import { env } from '@/lib/core/config/env'
 
 export async function GET(request: NextRequest) {
@@ -12,6 +12,8 @@ export async function GET(request: NextRequest) {
 
     const userId = session.user.id
 
+    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
     const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key/get-api-keys`, {
       method: 'POST',
       headers: {
@@ -66,6 +68,8 @@ export async function DELETE(request: NextRequest) {
       return NextResponse.json({ error: 'id is required' }, { status: 400 })
     }
 
+    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
     const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key/delete`, {
       method: 'POST',
       headers: {

apps/sim/app/api/copilot/chat/stream/route.ts

@@ -1,130 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { type NextRequest, NextResponse } from 'next/server'
-import {
-  getStreamMeta,
-  readStreamEvents,
-  type StreamMeta,
-} from '@/lib/copilot/orchestrator/stream-buffer'
-import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
-import { SSE_HEADERS } from '@/lib/core/utils/sse'
-
-const logger = createLogger('CopilotChatStreamAPI')
-const POLL_INTERVAL_MS = 250
-const MAX_STREAM_MS = 10 * 60 * 1000
-
-function encodeEvent(event: Record<string, any>): Uint8Array {
-  return new TextEncoder().encode(`data: ${JSON.stringify(event)}\n\n`)
-}
-
-export async function GET(request: NextRequest) {
-  const { userId: authenticatedUserId, isAuthenticated } =
-    await authenticateCopilotRequestSessionOnly()
-
-  if (!isAuthenticated || !authenticatedUserId) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  const url = new URL(request.url)
-  const streamId = url.searchParams.get('streamId') || ''
-  const fromParam = url.searchParams.get('from') || '0'
-  const fromEventId = Number(fromParam || 0)
-  // If batch=true, return buffered events as JSON instead of SSE
-  const batchMode = url.searchParams.get('batch') === 'true'
-  const toParam = url.searchParams.get('to')
-  const toEventId = toParam ? Number(toParam) : undefined
-
-  if (!streamId) {
-    return NextResponse.json({ error: 'streamId is required' }, { status: 400 })
-  }
-
-  const meta = (await getStreamMeta(streamId)) as StreamMeta | null
-  logger.info('[Resume] Stream lookup', {
-    streamId,
-    fromEventId,
-    toEventId,
-    batchMode,
-    hasMeta: !!meta,
-    metaStatus: meta?.status,
-  })
-  if (!meta) {
-    return NextResponse.json({ error: 'Stream not found' }, { status: 404 })
-  }
-  if (meta.userId && meta.userId !== authenticatedUserId) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-  }
-
-  // Batch mode: return all buffered events as JSON
-  if (batchMode) {
-    const events = await readStreamEvents(streamId, fromEventId)
-    const filteredEvents = toEventId ? events.filter((e) => e.eventId <= toEventId) : events
-    logger.info('[Resume] Batch response', {
-      streamId,
-      fromEventId,
-      toEventId,
-      eventCount: filteredEvents.length,
-    })
-    return NextResponse.json({
-      success: true,
-      events: filteredEvents,
-      status: meta.status,
-    })
-  }
-
-  const startTime = Date.now()
-
-  const stream = new ReadableStream({
-    async start(controller) {
-      let lastEventId = Number.isFinite(fromEventId) ? fromEventId : 0
-
-      const flushEvents = async () => {
-        const events = await readStreamEvents(streamId, lastEventId)
-        if (events.length > 0) {
-          logger.info('[Resume] Flushing events', {
-            streamId,
-            fromEventId: lastEventId,
-            eventCount: events.length,
-          })
-        }
-        for (const entry of events) {
-          lastEventId = entry.eventId
-          const payload = {
-            ...entry.event,
-            eventId: entry.eventId,
-            streamId: entry.streamId,
-          }
-          controller.enqueue(encodeEvent(payload))
-        }
-      }
-
-      try {
-        await flushEvents()
-
-        while (Date.now() - startTime < MAX_STREAM_MS) {
-          const currentMeta = await getStreamMeta(streamId)
-          if (!currentMeta) break
-
-          await flushEvents()
-
-          if (currentMeta.status === 'complete' || currentMeta.status === 'error') {
-            break
-          }
-
-          if (request.signal.aborted) {
-            break
-          }
-
-          await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS))
-        }
-      } catch (error) {
-        logger.warn('Stream replay failed', {
-          streamId,
-          error: error instanceof Error ? error.message : String(error),
-        })
-      } finally {
-        controller.close()
-      }
-    },
-  })
-
-  return new Response(stream, { headers: SSE_HEADERS })
-}

apps/sim/app/api/copilot/confirm/route.ts

@@ -1,7 +1,6 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { REDIS_TOOL_CALL_PREFIX, REDIS_TOOL_CALL_TTL_SECONDS } from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -24,8 +23,7 @@ const ConfirmationSchema = z.object({
 })
 
 /**
- * Write the user's tool decision to Redis. The server-side orchestrator's
+ * Update tool call status in Redis
- * waitForToolDecision() polls Redis for this value.
  */
 async function updateToolCallStatus(
   toolCallId: string,
@@ -34,24 +32,57 @@ async function updateToolCallStatus(
 ): Promise<boolean> {
   const redis = getRedisClient()
   if (!redis) {
-    logger.warn('Redis client not available for tool confirmation')
+    logger.warn('updateToolCallStatus: Redis client not available')
     return false
   }
 
   try {
-    const key = `${REDIS_TOOL_CALL_PREFIX}${toolCallId}`
+    const key = `tool_call:${toolCallId}`
-    const payload = {
+    const timeout = 600000 // 10 minutes timeout for user confirmation
+    const pollInterval = 100 // Poll every 100ms
+    const startTime = Date.now()
+
+    logger.info('Polling for tool call in Redis', { toolCallId, key, timeout })
+
+    // Poll until the key exists or timeout
+    while (Date.now() - startTime < timeout) {
+      const exists = await redis.exists(key)
+      if (exists) {
+        break
+      }
+
+      // Wait before next poll
+      await new Promise((resolve) => setTimeout(resolve, pollInterval))
+    }
+
+    // Final check if key exists after polling
+    const exists = await redis.exists(key)
+    if (!exists) {
+      logger.warn('Tool call not found in Redis after polling timeout', {
+        toolCallId,
+        key,
+        timeout,
+        pollDuration: Date.now() - startTime,
+      })
+      return false
+    }
+
+    // Store both status and message as JSON
+    const toolCallData = {
       status,
       message: message || null,
       timestamp: new Date().toISOString(),
     }
-    await redis.set(key, JSON.stringify(payload), 'EX', REDIS_TOOL_CALL_TTL_SECONDS)
+
+    await redis.set(key, JSON.stringify(toolCallData), 'EX', 86400) // Keep 24 hour expiry
+
     return true
   } catch (error) {
-    logger.error('Failed to update tool call status', {
+    logger.error('Failed to update tool call status in Redis', {
       toolCallId,
       status,
-      error: error instanceof Error ? error.message : String(error),
+      message,
+      error: error instanceof Error ? error.message : 'Unknown error',
     })
     return false
   }

apps/sim/app/api/copilot/credentials/route.ts

@@ -1,28 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
-import { routeExecution } from '@/lib/copilot/tools/server/router'
-
-/**
- * GET /api/copilot/credentials
- * Returns connected OAuth credentials for the authenticated user.
- * Used by the copilot store for credential masking.
- */
-export async function GET(_req: NextRequest) {
-  const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
-  if (!isAuthenticated || !userId) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  try {
-    const result = await routeExecution('get_credentials', {}, { userId })
-    return NextResponse.json({ success: true, result })
-  } catch (error) {
-    return NextResponse.json(
-      {
-        success: false,
-        error: error instanceof Error ? error.message : 'Failed to load credentials',
-      },
-      { status: 500 }
-    )
-  }
-}

apps/sim/app/api/copilot/execute-copilot-server-tool/route.ts

@@ -0,0 +1,54 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import {
+  authenticateCopilotRequestSessionOnly,
+  createBadRequestResponse,
+  createInternalServerErrorResponse,
+  createRequestTracker,
+  createUnauthorizedResponse,
+} from '@/lib/copilot/request-helpers'
+import { routeExecution } from '@/lib/copilot/tools/server/router'
+
+const logger = createLogger('ExecuteCopilotServerToolAPI')
+
+const ExecuteSchema = z.object({
+  toolName: z.string(),
+  payload: z.unknown().optional(),
+})
+
+export async function POST(req: NextRequest) {
+  const tracker = createRequestTracker()
+  try {
+    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
+    if (!isAuthenticated || !userId) {
+      return createUnauthorizedResponse()
+    }
+
+    const body = await req.json()
+    try {
+      const preview = JSON.stringify(body).slice(0, 300)
+      logger.debug(`[${tracker.requestId}] Incoming request body preview`, { preview })
+    } catch {}
+
+    const { toolName, payload } = ExecuteSchema.parse(body)
+
+    logger.info(`[${tracker.requestId}] Executing server tool`, { toolName })
+    const result = await routeExecution(toolName, payload, { userId })
+
+    try {
+      const resultPreview = JSON.stringify(result).slice(0, 300)
+      logger.debug(`[${tracker.requestId}] Server tool result preview`, { toolName, resultPreview })
+    } catch {}
+
+    return NextResponse.json({ success: true, result })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.debug(`[${tracker.requestId}] Zod validation error`, { issues: error.issues })
+      return createBadRequestResponse('Invalid request body for execute-copilot-server-tool')
+    }
+    logger.error(`[${tracker.requestId}] Failed to execute server tool:`, error)
+    const errorMessage = error instanceof Error ? error.message : 'Failed to execute server tool'
+    return createInternalServerErrorResponse(errorMessage)
+  }
+}

apps/sim/app/api/copilot/execute-tool/route.ts

@@ -0,0 +1,247 @@
+import { db } from '@sim/db'
+import { account, workflow } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import {
+  createBadRequestResponse,
+  createInternalServerErrorResponse,
+  createRequestTracker,
+  createUnauthorizedResponse,
+} from '@/lib/copilot/request-helpers'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
+import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { resolveEnvVarReferences } from '@/executor/utils/reference-validation'
+import { executeTool } from '@/tools'
+import { getTool, resolveToolId } from '@/tools/utils'
+
+const logger = createLogger('CopilotExecuteToolAPI')
+
+const ExecuteToolSchema = z.object({
+  toolCallId: z.string(),
+  toolName: z.string(),
+  arguments: z.record(z.any()).optional().default({}),
+  workflowId: z.string().optional(),
+})
+
+export async function POST(req: NextRequest) {
+  const tracker = createRequestTracker()
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return createUnauthorizedResponse()
+    }
+
+    const userId = session.user.id
+    const body = await req.json()
+
+    try {
+      const preview = JSON.stringify(body).slice(0, 300)
+      logger.debug(`[${tracker.requestId}] Incoming execute-tool request`, { preview })
+    } catch {}
+
+    const { toolCallId, toolName, arguments: toolArgs, workflowId } = ExecuteToolSchema.parse(body)
+
+    const resolvedToolName = resolveToolId(toolName)
+
+    logger.info(`[${tracker.requestId}] Executing tool`, {
+      toolCallId,
+      toolName,
+      resolvedToolName,
+      workflowId,
+      hasArgs: Object.keys(toolArgs).length > 0,
+    })
+
+    const toolConfig = getTool(resolvedToolName)
+    if (!toolConfig) {
+      // Find similar tool names to help debug
+      const { tools: allTools } = await import('@/tools/registry')
+      const allToolNames = Object.keys(allTools)
+      const prefix = toolName.split('_').slice(0, 2).join('_')
+      const similarTools = allToolNames
+        .filter((name) => name.startsWith(`${prefix.split('_')[0]}_`))
+        .slice(0, 10)
+
+      logger.warn(`[${tracker.requestId}] Tool not found in registry`, {
+        toolName,
+        prefix,
+        similarTools,
+        totalToolsInRegistry: allToolNames.length,
+      })
+      return NextResponse.json(
+        {
+          success: false,
+          error: `Tool not found: ${toolName}. Similar tools: ${similarTools.join(', ')}`,
+          toolCallId,
+        },
+        { status: 404 }
+      )
+    }
+
+    // Get the workspaceId from the workflow (env vars are stored at workspace level)
+    let workspaceId: string | undefined
+    if (workflowId) {
+      const workflowResult = await db
+        .select({ workspaceId: workflow.workspaceId })
+        .from(workflow)
+        .where(eq(workflow.id, workflowId))
+        .limit(1)
+      workspaceId = workflowResult[0]?.workspaceId ?? undefined
+    }
+
+    // Get decrypted environment variables early so we can resolve all {{VAR}} references
+    const decryptedEnvVars = await getEffectiveDecryptedEnv(userId, workspaceId)
+
+    logger.info(`[${tracker.requestId}] Fetched environment variables`, {
+      workflowId,
+      workspaceId,
+      envVarCount: Object.keys(decryptedEnvVars).length,
+      envVarKeys: Object.keys(decryptedEnvVars),
+    })
+
+    // Build execution params starting with LLM-provided arguments
+    // Resolve all {{ENV_VAR}} references in the arguments (deep for nested objects)
+    const executionParams: Record<string, any> = resolveEnvVarReferences(
+      toolArgs,
+      decryptedEnvVars,
+      { deep: true }
+    ) as Record<string, any>
+
+    logger.info(`[${tracker.requestId}] Resolved env var references in arguments`, {
+      toolName,
+      originalArgKeys: Object.keys(toolArgs),
+      resolvedArgKeys: Object.keys(executionParams),
+    })
+
+    // Resolve OAuth access token if required
+    if (toolConfig.oauth?.required && toolConfig.oauth.provider) {
+      const provider = toolConfig.oauth.provider
+      logger.info(`[${tracker.requestId}] Resolving OAuth token`, { provider })
+
+      try {
+        // Find the account for this provider and user
+        const accounts = await db
+          .select()
+          .from(account)
+          .where(and(eq(account.providerId, provider), eq(account.userId, userId)))
+          .limit(1)
+
+        if (accounts.length > 0) {
+          const acc = accounts[0]
+          const requestId = generateRequestId()
+          const { accessToken } = await refreshTokenIfNeeded(requestId, acc as any, acc.id)
+
+          if (accessToken) {
+            executionParams.accessToken = accessToken
+            logger.info(`[${tracker.requestId}] OAuth token resolved`, { provider })
+          } else {
+            logger.warn(`[${tracker.requestId}] No access token available`, { provider })
+            return NextResponse.json(
+              {
+                success: false,
+                error: `OAuth token not available for ${provider}. Please reconnect your account.`,
+                toolCallId,
+              },
+              { status: 400 }
+            )
+          }
+        } else {
+          logger.warn(`[${tracker.requestId}] No account found for provider`, { provider })
+          return NextResponse.json(
+            {
+              success: false,
+              error: `No ${provider} account connected. Please connect your account first.`,
+              toolCallId,
+            },
+            { status: 400 }
+          )
+        }
+      } catch (error) {
+        logger.error(`[${tracker.requestId}] Failed to resolve OAuth token`, {
+          provider,
+          error: error instanceof Error ? error.message : String(error),
+        })
+        return NextResponse.json(
+          {
+            success: false,
+            error: `Failed to get OAuth token for ${provider}`,
+            toolCallId,
+          },
+          { status: 500 }
+        )
+      }
+    }
+
+    // Check if tool requires an API key that wasn't resolved via {{ENV_VAR}} reference
+    const needsApiKey = toolConfig.params?.apiKey?.required
+
+    if (needsApiKey && !executionParams.apiKey) {
+      logger.warn(`[${tracker.requestId}] No API key found for tool`, { toolName })
+      return NextResponse.json(
+        {
+          success: false,
+          error: `API key not provided for ${toolName}. Use {{YOUR_API_KEY_ENV_VAR}} to reference your environment variable.`,
+          toolCallId,
+        },
+        { status: 400 }
+      )
+    }
+
+    // Add execution context
+    executionParams._context = {
+      workflowId,
+      userId,
+    }
+
+    // Special handling for function_execute - inject environment variables
+    if (toolName === 'function_execute') {
+      executionParams.envVars = decryptedEnvVars
+      executionParams.workflowVariables = {} // No workflow variables in copilot context
+      executionParams.blockData = {} // No block data in copilot context
+      executionParams.blockNameMapping = {} // No block mapping in copilot context
+      executionParams.language = executionParams.language || 'javascript'
+      executionParams.timeout = executionParams.timeout || 30000
+
+      logger.info(`[${tracker.requestId}] Injected env vars for function_execute`, {
+        envVarCount: Object.keys(decryptedEnvVars).length,
+      })
+    }
+
+    // Execute the tool
+    logger.info(`[${tracker.requestId}] Executing tool with resolved credentials`, {
+      toolName,
+      hasAccessToken: !!executionParams.accessToken,
+      hasApiKey: !!executionParams.apiKey,
+    })
+
+    const result = await executeTool(resolvedToolName, executionParams)
+
+    logger.info(`[${tracker.requestId}] Tool execution complete`, {
+      toolName,
+      success: result.success,
+      hasOutput: !!result.output,
+    })
+
+    return NextResponse.json({
+      success: true,
+      toolCallId,
+      result: {
+        success: result.success,
+        output: result.output,
+        error: result.error,
+      },
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.debug(`[${tracker.requestId}] Zod validation error`, { issues: error.issues })
+      return createBadRequestResponse('Invalid request body for execute-tool')
+    }
+    logger.error(`[${tracker.requestId}] Failed to execute tool:`, error)
+    const errorMessage = error instanceof Error ? error.message : 'Failed to execute tool'
+    return createInternalServerErrorResponse(errorMessage)
+  }
+}

apps/sim/app/api/copilot/stats/route.ts

@@ -1,6 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -10,6 +10,8 @@ import {
 } from '@/lib/copilot/request-helpers'
 import { env } from '@/lib/core/config/env'
 
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
 const BodySchema = z.object({
   messageId: z.string(),
   diffCreated: z.boolean(),

apps/sim/app/api/copilot/tools/mark-complete/route.ts

@@ -0,0 +1,123 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
+import {
+  authenticateCopilotRequestSessionOnly,
+  createBadRequestResponse,
+  createInternalServerErrorResponse,
+  createRequestTracker,
+  createUnauthorizedResponse,
+} from '@/lib/copilot/request-helpers'
+import { env } from '@/lib/core/config/env'
+
+const logger = createLogger('CopilotMarkToolCompleteAPI')
+
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
+const MarkCompleteSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  status: z.number().int(),
+  message: z.any().optional(),
+  data: z.any().optional(),
+})
+
+/**
+ * POST /api/copilot/tools/mark-complete
+ * Proxy to Sim Agent: POST /api/tools/mark-complete
+ */
+export async function POST(req: NextRequest) {
+  const tracker = createRequestTracker()
+
+  try {
+    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
+    if (!isAuthenticated || !userId) {
+      return createUnauthorizedResponse()
+    }
+
+    const body = await req.json()
+
+    // Log raw body shape for diagnostics (avoid dumping huge payloads)
+    try {
+      const bodyPreview = JSON.stringify(body).slice(0, 300)
+      logger.debug(`[${tracker.requestId}] Incoming mark-complete raw body preview`, {
+        preview: `${bodyPreview}${bodyPreview.length === 300 ? '...' : ''}`,
+      })
+    } catch {}
+
+    const parsed = MarkCompleteSchema.parse(body)
+
+    const messagePreview = (() => {
+      try {
+        const s =
+          typeof parsed.message === 'string' ? parsed.message : JSON.stringify(parsed.message)
+        return s ? `${s.slice(0, 200)}${s.length > 200 ? '...' : ''}` : undefined
+      } catch {
+        return undefined
+      }
+    })()
+
+    logger.info(`[${tracker.requestId}] Forwarding tool mark-complete`, {
+      userId,
+      toolCallId: parsed.id,
+      toolName: parsed.name,
+      status: parsed.status,
+      hasMessage: parsed.message !== undefined,
+      hasData: parsed.data !== undefined,
+      messagePreview,
+      agentUrl: `${SIM_AGENT_API_URL}/api/tools/mark-complete`,
+    })
+
+    const agentRes = await fetch(`${SIM_AGENT_API_URL}/api/tools/mark-complete`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(env.COPILOT_API_KEY ? { 'x-api-key': env.COPILOT_API_KEY } : {}),
+      },
+      body: JSON.stringify(parsed),
+    })
+
+    // Attempt to parse agent response JSON
+    let agentJson: any = null
+    let agentText: string | null = null
+    try {
+      agentJson = await agentRes.json()
+    } catch (_) {
+      try {
+        agentText = await agentRes.text()
+      } catch {}
+    }
+
+    logger.info(`[${tracker.requestId}] Agent responded to mark-complete`, {
+      status: agentRes.status,
+      ok: agentRes.ok,
+      responseJsonPreview: agentJson ? JSON.stringify(agentJson).slice(0, 300) : undefined,
+      responseTextPreview: agentText ? agentText.slice(0, 300) : undefined,
+    })
+
+    if (agentRes.ok) {
+      return NextResponse.json({ success: true })
+    }
+
+    const errorMessage =
+      agentJson?.error || agentText || `Agent responded with status ${agentRes.status}`
+    const status = agentRes.status >= 500 ? 500 : 400
+
+    logger.warn(`[${tracker.requestId}] Mark-complete failed`, {
+      status,
+      error: errorMessage,
+    })
+
+    return NextResponse.json({ success: false, error: errorMessage }, { status })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${tracker.requestId}] Invalid mark-complete request body`, {
+        issues: error.issues,
+      })
+      return createBadRequestResponse('Invalid request body for mark-complete')
+    }
+    logger.error(`[${tracker.requestId}] Failed to proxy mark-complete:`, error)
+    return createInternalServerErrorResponse('Failed to mark tool as complete')
+  }
+}

apps/sim/app/api/copilot/user-models/route.ts

@@ -28,7 +28,6 @@ const DEFAULT_ENABLED_MODELS: Record<CopilotModelId, boolean> = {
   'claude-4-sonnet': false,
   'claude-4.5-haiku': true,
   'claude-4.5-sonnet': true,
-  'claude-4.6-opus': true,
   'claude-4.5-opus': true,
   'claude-4.1-opus': false,
   'gemini-3-pro': true,

apps/sim/app/api/files/delete/route.test.ts

@@ -29,7 +29,7 @@ function setupFileApiMocks(
   }
 
   vi.doMock('@/lib/auth/hybrid', () => ({
-    checkHybridAuth: vi.fn().mockResolvedValue({
+    checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
       success: authenticated,
       userId: authenticated ? 'test-user-id' : undefined,
       error: authenticated ? undefined : 'Unauthorized',

apps/sim/app/api/files/delete/route.ts

@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import type { NextRequest } from 'next/server'
 import { NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import type { StorageContext } from '@/lib/uploads/config'
 import { deleteFile, hasCloudStorage } from '@/lib/uploads/core/storage-service'
 import { extractStorageKey, inferContextFromKey } from '@/lib/uploads/utils/file-utils'
@@ -24,7 +24,7 @@ const logger = createLogger('FilesDeleteAPI')
  */
 export async function POST(request: NextRequest) {
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success || !authResult.userId) {
       logger.warn('Unauthorized file delete request', {

apps/sim/app/api/files/download/route.ts

@@ -1,6 +1,6 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import type { StorageContext } from '@/lib/uploads/config'
 import { hasCloudStorage } from '@/lib/uploads/core/storage-service'
 import { verifyFileAccess } from '@/app/api/files/authorization'
@@ -12,7 +12,7 @@ export const dynamic = 'force-dynamic'
 
 export async function POST(request: NextRequest) {
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success || !authResult.userId) {
       logger.warn('Unauthorized download URL request', {

apps/sim/app/api/files/parse/route.test.ts

@@ -35,7 +35,7 @@ function setupFileApiMocks(
   }
 
   vi.doMock('@/lib/auth/hybrid', () => ({
-    checkHybridAuth: vi.fn().mockResolvedValue({
+    checkInternalAuth: vi.fn().mockResolvedValue({
       success: authenticated,
       userId: authenticated ? 'test-user-id' : undefined,
       error: authenticated ? undefined : 'Unauthorized',

apps/sim/app/api/files/parse/route.ts

@@ -5,7 +5,7 @@ import path from 'path'
 import { createLogger } from '@sim/logger'
 import binaryExtensionsList from 'binary-extensions'
 import { type NextRequest, NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
 import {
   secureFetchWithPinnedIP,
   validateUrlWithDNS,
@@ -66,7 +66,7 @@ export async function POST(request: NextRequest) {
   const startTime = Date.now()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: true })
+    const authResult = await checkInternalAuth(request, { requireWorkflowId: true })
 
     if (!authResult.success) {
       logger.warn('Unauthorized file parse request', {

apps/sim/app/api/files/serve/[...path]/route.test.ts

@@ -55,7 +55,7 @@ describe('File Serve API Route', () => {
     })
 
     vi.doMock('@/lib/auth/hybrid', () => ({
-      checkHybridAuth: vi.fn().mockResolvedValue({
+      checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
         success: true,
         userId: 'test-user-id',
       }),
@@ -165,7 +165,7 @@ describe('File Serve API Route', () => {
     }))
 
     vi.doMock('@/lib/auth/hybrid', () => ({
-      checkHybridAuth: vi.fn().mockResolvedValue({
+      checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
         success: true,
         userId: 'test-user-id',
       }),
@@ -226,7 +226,7 @@ describe('File Serve API Route', () => {
     }))
 
     vi.doMock('@/lib/auth/hybrid', () => ({
-      checkHybridAuth: vi.fn().mockResolvedValue({
+      checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
         success: true,
         userId: 'test-user-id',
       }),
@@ -291,7 +291,7 @@ describe('File Serve API Route', () => {
     }))
 
     vi.doMock('@/lib/auth/hybrid', () => ({
-      checkHybridAuth: vi.fn().mockResolvedValue({
+      checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
         success: true,
         userId: 'test-user-id',
       }),
@@ -350,7 +350,7 @@ describe('File Serve API Route', () => {
     for (const test of contentTypeTests) {
       it(`should serve ${test.ext} file with correct content type`, async () => {
         vi.doMock('@/lib/auth/hybrid', () => ({
-          checkHybridAuth: vi.fn().mockResolvedValue({
+          checkSessionOrInternalAuth: vi.fn().mockResolvedValue({
             success: true,
             userId: 'test-user-id',
           }),

apps/sim/app/api/files/serve/[...path]/route.ts

@@ -2,7 +2,7 @@ import { readFile } from 'fs/promises'
 import { createLogger } from '@sim/logger'
 import type { NextRequest } from 'next/server'
 import { NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { CopilotFiles, isUsingCloudStorage } from '@/lib/uploads'
 import type { StorageContext } from '@/lib/uploads/config'
 import { downloadFile } from '@/lib/uploads/core/storage-service'
@@ -49,7 +49,7 @@ export async function GET(
       return await handleLocalFilePublic(fullPath)
     }
 
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success || !authResult.userId) {
       logger.warn('Unauthorized file access attempt', {

apps/sim/app/api/function/execute/route.ts

@@ -845,6 +845,8 @@ export async function POST(req: NextRequest) {
       contextVariables,
       timeoutMs: timeout,
       requestId,
+      ownerKey: `user:${auth.userId}`,
+      ownerWeight: 1,
     })
 
     const executionTime = Date.now() - startTime

apps/sim/app/api/guardrails/validate/route.ts

@@ -23,7 +23,16 @@ export async function POST(request: NextRequest) {
       topK,
       model,
       apiKey,
+      azureEndpoint,
+      azureApiVersion,
+      vertexProject,
+      vertexLocation,
+      vertexCredential,
+      bedrockAccessKeyId,
+      bedrockSecretKey,
+      bedrockRegion,
       workflowId,
+      workspaceId,
       piiEntityTypes,
       piiMode,
       piiLanguage,
@@ -110,7 +119,18 @@ export async function POST(request: NextRequest) {
       topK,
       model,
       apiKey,
+      {
+        azureEndpoint,
+        azureApiVersion,
+        vertexProject,
+        vertexLocation,
+        vertexCredential,
+        bedrockAccessKeyId,
+        bedrockSecretKey,
+        bedrockRegion,
+      },
       workflowId,
+      workspaceId,
       piiEntityTypes,
       piiMode,
       piiLanguage,
@@ -178,7 +198,18 @@ async function executeValidation(
   topK: string | undefined,
   model: string,
   apiKey: string | undefined,
+  providerCredentials: {
+    azureEndpoint?: string
+    azureApiVersion?: string
+    vertexProject?: string
+    vertexLocation?: string
+    vertexCredential?: string
+    bedrockAccessKeyId?: string
+    bedrockSecretKey?: string
+    bedrockRegion?: string
+  },
   workflowId: string | undefined,
+  workspaceId: string | undefined,
   piiEntityTypes: string[] | undefined,
   piiMode: string | undefined,
   piiLanguage: string | undefined,
@@ -219,7 +250,9 @@ async function executeValidation(
       topK: topK ? Number.parseInt(topK) : 10, // Default topK is 10
       model: model,
       apiKey,
+      providerCredentials,
       workflowId,
+      workspaceId,
       requestId,
     })
   }

apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts

@@ -2,7 +2,7 @@ import { randomUUID } from 'crypto'
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { SUPPORTED_FIELD_TYPES } from '@/lib/knowledge/constants'
 import { createTagDefinition, getTagDefinitions } from '@/lib/knowledge/tags/service'
 import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils'
@@ -19,19 +19,11 @@ export async function GET(req: NextRequest, { params }: { params: Promise<{ id:
   try {
     logger.info(`[${requestId}] Getting tag definitions for knowledge base ${knowledgeBaseId}`)
 
-    const auth = await checkHybridAuth(req, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false })
     if (!auth.success) {
       return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
     }
 
-    // Only allow session and internal JWT auth (not API key)
-    if (auth.authType === 'api_key') {
-      return NextResponse.json(
-        { error: 'API key auth not supported for this endpoint' },
-        { status: 401 }
-      )
-    }
-
     // For session auth, verify KB access. Internal JWT is trusted.
     if (auth.authType === 'session' && auth.userId) {
       const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId)
@@ -64,19 +56,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
   try {
     logger.info(`[${requestId}] Creating tag definition for knowledge base ${knowledgeBaseId}`)
 
-    const auth = await checkHybridAuth(req, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false })
     if (!auth.success) {
       return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
     }
 
-    // Only allow session and internal JWT auth (not API key)
-    if (auth.authType === 'api_key') {
-      return NextResponse.json(
-        { error: 'API key auth not supported for this endpoint' },
-        { status: 401 }
-      )
-    }
-
     // For session auth, verify KB access. Internal JWT is trusted.
     if (auth.authType === 'session' && auth.userId) {
       const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId)

apps/sim/app/api/logs/execution/[executionId]/route.ts

@@ -8,7 +8,7 @@ import {
 import { createLogger } from '@sim/logger'
 import { and, eq, inArray } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import type { TraceSpan, WorkflowExecutionLog } from '@/lib/logs/types'
 
@@ -23,7 +23,7 @@ export async function GET(
   try {
     const { executionId } = await params
 
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized execution data access attempt for: ${executionId}`)
       return NextResponse.json(

apps/sim/app/api/mcp/copilot/.well-known/oauth-authorization-server/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
-}

apps/sim/app/api/mcp/copilot/.well-known/oauth-protected-resource/route.ts

@@ -1,6 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
-
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
-}

apps/sim/app/api/mcp/copilot/route.ts

@@ -1,790 +0,0 @@
-import { Server } from '@modelcontextprotocol/sdk/server/index.js'
-import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js'
-import {
-  CallToolRequestSchema,
-  type CallToolResult,
-  ErrorCode,
-  type JSONRPCError,
-  type ListToolsResult,
-  ListToolsRequestSchema,
-  McpError,
-  type RequestId,
-} from '@modelcontextprotocol/sdk/types.js'
-import { db } from '@sim/db'
-import { userStats } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { randomUUID } from 'node:crypto'
-import { eq, sql } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
-import { getCopilotModel } from '@/lib/copilot/config'
-import {
-  ORCHESTRATION_TIMEOUT_MS,
-  SIM_AGENT_API_URL,
-  SIM_AGENT_VERSION,
-} from '@/lib/copilot/constants'
-import { RateLimiter } from '@/lib/core/rate-limiter'
-import { env } from '@/lib/core/config/env'
-import { orchestrateCopilotStream } from '@/lib/copilot/orchestrator'
-import { orchestrateSubagentStream } from '@/lib/copilot/orchestrator/subagent'
-import {
-  executeToolServerSide,
-  prepareExecutionContext,
-} from '@/lib/copilot/orchestrator/tool-executor'
-import { DIRECT_TOOL_DEFS, SUBAGENT_TOOL_DEFS } from '@/lib/copilot/tools/mcp/definitions'
-import { resolveWorkflowIdForUser } from '@/lib/workflows/utils'
-
-const logger = createLogger('CopilotMcpAPI')
-const mcpRateLimiter = new RateLimiter()
-
-export const dynamic = 'force-dynamic'
-export const runtime = 'nodejs'
-export const maxDuration = 300
-
-interface CopilotKeyAuthResult {
-  success: boolean
-  userId?: string
-  error?: string
-}
-
-/**
- * Validates a copilot API key by forwarding it to the Go copilot service's
- * `/api/validate-key` endpoint. Returns the associated userId on success.
- */
-async function authenticateCopilotApiKey(apiKey: string): Promise<CopilotKeyAuthResult> {
-  try {
-    const internalSecret = env.INTERNAL_API_SECRET
-    if (!internalSecret) {
-      logger.error('INTERNAL_API_SECRET not configured')
-      return { success: false, error: 'Server configuration error' }
-    }
-
-    const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'x-api-key': internalSecret,
-      },
-      body: JSON.stringify({ targetApiKey: apiKey }),
-      signal: AbortSignal.timeout(10_000),
-    })
-
-    if (!res.ok) {
-      const body = await res.json().catch(() => null)
-      const upstream = (body as Record<string, unknown>)?.message
-      const status = res.status
-
-      if (status === 401 || status === 403) {
-        return {
-          success: false,
-          error: `Invalid Copilot API key. Generate a new key in Settings → Copilot and set it in the x-api-key header.`,
-        }
-      }
-      if (status === 402) {
-        return {
-          success: false,
-          error: `Usage limit exceeded for this Copilot API key. Upgrade your plan or wait for your quota to reset.`,
-        }
-      }
-
-      return { success: false, error: String(upstream ?? 'Copilot API key validation failed') }
-    }
-
-    const data = (await res.json()) as { ok?: boolean; userId?: string }
-    if (!data.ok || !data.userId) {
-      return {
-        success: false,
-        error: 'Invalid Copilot API key. Generate a new key in Settings → Copilot.',
-      }
-    }
-
-    return { success: true, userId: data.userId }
-  } catch (error) {
-    logger.error('Copilot API key validation failed', { error })
-    return {
-      success: false,
-      error: 'Could not validate Copilot API key — the authentication service is temporarily unreachable. This is NOT a problem with the API key itself; please retry shortly.',
-    }
-  }
-}
-
-/**
- * MCP Server instructions that guide LLMs on how to use the Sim copilot tools.
- * This is included in the initialize response to help external LLMs understand
- * the workflow lifecycle and best practices.
- */
-const MCP_SERVER_INSTRUCTIONS = `
-## Sim Workflow Copilot
-
-Sim is a workflow automation platform. Workflows are visual pipelines of connected blocks (Agent, Function, Condition, API, integrations, etc.). The Agent block is the core — an LLM with tools, memory, structured output, and knowledge bases.
-
-### Workflow Lifecycle (Happy Path)
-
-1. \`list_workspaces\` → know where to work
-2. \`create_workflow(name, workspaceId)\` → get a workflowId
-3. \`sim_build(request, workflowId)\` → plan and build in one pass
-4. \`sim_test(request, workflowId)\` → verify it works
-5. \`sim_deploy("deploy as api", workflowId)\` → make it accessible externally (optional)
-
-For fine-grained control, use \`sim_plan\` → \`sim_edit\` instead of \`sim_build\`. Pass the plan object from sim_plan EXACTLY as-is to sim_edit's context.plan field.
-
-### Working with Existing Workflows
-
-When the user refers to a workflow by name or description ("the email one", "my Slack bot"):
-1. Use \`sim_discovery\` to find it by functionality
-2. Or use \`list_workflows\` and match by name
-3. Then pass the workflowId to other tools
-
-### Organization
-
-- \`rename_workflow\` — rename a workflow
-- \`move_workflow\` — move a workflow into a folder (or root with null)
-- \`move_folder\` — nest a folder inside another (or root with null)
-- \`create_folder(name, parentId)\` — create nested folder hierarchies
-
-### Key Rules
-
-- You can test workflows immediately after building — deployment is only needed for external access (API, chat, MCP).
-- All copilot tools (build, plan, edit, deploy, test, debug) require workflowId.
-- If the user reports errors → use \`sim_debug\` first, don't guess.
-- Variable syntax: \`<blockname.field>\` for block outputs, \`{{ENV_VAR}}\` for env vars.
-`
-
-type HeaderMap = Record<string, string | string[] | undefined>
-
-function createError(id: RequestId, code: ErrorCode | number, message: string): JSONRPCError {
-  return {
-    jsonrpc: '2.0',
-    id,
-    error: { code, message },
-  }
-}
-
-function normalizeRequestHeaders(request: NextRequest): HeaderMap {
-  const headers: HeaderMap = {}
-
-  request.headers.forEach((value, key) => {
-    headers[key.toLowerCase()] = value
-  })
-
-  return headers
-}
-
-function readHeader(headers: HeaderMap | undefined, name: string): string | undefined {
-  if (!headers) return undefined
-  const value = headers[name.toLowerCase()]
-  if (Array.isArray(value)) {
-    return value[0]
-  }
-  return value
-}
-
-class NextResponseCapture {
-  private _status = 200
-  private _headers = new Headers()
-  private _controller: ReadableStreamDefaultController<Uint8Array> | null = null
-  private _pendingChunks: Uint8Array[] = []
-  private _closeHandlers: Array<() => void> = []
-  private _errorHandlers: Array<(error: Error) => void> = []
-  private _headersWritten = false
-  private _ended = false
-  private _headersPromise: Promise<void>
-  private _resolveHeaders: (() => void) | null = null
-  private _endedPromise: Promise<void>
-  private _resolveEnded: (() => void) | null = null
-  readonly readable: ReadableStream<Uint8Array>
-
-  constructor() {
-    this._headersPromise = new Promise<void>((resolve) => {
-      this._resolveHeaders = resolve
-    })
-
-    this._endedPromise = new Promise<void>((resolve) => {
-      this._resolveEnded = resolve
-    })
-
-    this.readable = new ReadableStream<Uint8Array>({
-      start: (controller) => {
-        this._controller = controller
-        if (this._pendingChunks.length > 0) {
-          for (const chunk of this._pendingChunks) {
-            controller.enqueue(chunk)
-          }
-          this._pendingChunks = []
-        }
-      },
-      cancel: () => {
-        this._ended = true
-        this._resolveEnded?.()
-        this.triggerCloseHandlers()
-      },
-    })
-  }
-
-  private markHeadersWritten(): void {
-    if (this._headersWritten) return
-    this._headersWritten = true
-    this._resolveHeaders?.()
-  }
-
-  private triggerCloseHandlers(): void {
-    for (const handler of this._closeHandlers) {
-      try {
-        handler()
-      } catch (error) {
-        this.triggerErrorHandlers(error instanceof Error ? error : new Error(String(error)))
-      }
-    }
-  }
-
-  private triggerErrorHandlers(error: Error): void {
-    for (const errorHandler of this._errorHandlers) {
-      errorHandler(error)
-    }
-  }
-
-  private normalizeChunk(chunk: unknown): Uint8Array | null {
-    if (typeof chunk === 'string') {
-      return new TextEncoder().encode(chunk)
-    }
-
-    if (chunk instanceof Uint8Array) {
-      return chunk
-    }
-
-    if (chunk === undefined || chunk === null) {
-      return null
-    }
-
-    return new TextEncoder().encode(String(chunk))
-  }
-
-  writeHead(status: number, headers?: Record<string, string | number | string[]>): this {
-    this._status = status
-
-    if (headers) {
-      Object.entries(headers).forEach(([key, value]) => {
-        if (Array.isArray(value)) {
-          this._headers.set(key, value.join(', '))
-        } else {
-          this._headers.set(key, String(value))
-        }
-      })
-    }
-
-    this.markHeadersWritten()
-    return this
-  }
-
-  flushHeaders(): this {
-    this.markHeadersWritten()
-    return this
-  }
-
-  write(chunk: unknown): boolean {
-    const normalized = this.normalizeChunk(chunk)
-    if (!normalized) return true
-
-    this.markHeadersWritten()
-
-    if (this._controller) {
-      try {
-        this._controller.enqueue(normalized)
-      } catch (error) {
-        this.triggerErrorHandlers(error instanceof Error ? error : new Error(String(error)))
-      }
-    } else {
-      this._pendingChunks.push(normalized)
-    }
-
-    return true
-  }
-
-  end(chunk?: unknown): this {
-    if (chunk !== undefined) this.write(chunk)
-    this.markHeadersWritten()
-    if (this._ended) return this
-
-    this._ended = true
-    this._resolveEnded?.()
-
-    if (this._controller) {
-      try {
-        this._controller.close()
-      } catch (error) {
-        this.triggerErrorHandlers(error instanceof Error ? error : new Error(String(error)))
-      }
-    }
-
-    this.triggerCloseHandlers()
-
-    return this
-  }
-
-  async waitForHeaders(timeoutMs = 30000): Promise<void> {
-    if (this._headersWritten) return
-
-    await Promise.race([
-      this._headersPromise,
-      new Promise<void>((resolve) => {
-        setTimeout(resolve, timeoutMs)
-      }),
-    ])
-  }
-
-  async waitForEnd(timeoutMs = 30000): Promise<void> {
-    if (this._ended) return
-
-    await Promise.race([
-      this._endedPromise,
-      new Promise<void>((resolve) => {
-        setTimeout(resolve, timeoutMs)
-      }),
-    ])
-  }
-
-  on(event: 'close' | 'error', handler: (() => void) | ((error: Error) => void)): this {
-    if (event === 'close') {
-      this._closeHandlers.push(handler as () => void)
-    }
-
-    if (event === 'error') {
-      this._errorHandlers.push(handler as (error: Error) => void)
-    }
-
-    return this
-  }
-
-  toNextResponse(): NextResponse {
-    return new NextResponse(this.readable, {
-      status: this._status,
-      headers: this._headers,
-    })
-  }
-}
-
-function buildMcpServer(abortSignal?: AbortSignal): Server {
-  const server = new Server(
-    {
-      name: 'sim-copilot',
-      version: '1.0.0',
-    },
-    {
-      capabilities: { tools: {} },
-      instructions: MCP_SERVER_INSTRUCTIONS,
-    }
-  )
-
-  server.setRequestHandler(ListToolsRequestSchema, async () => {
-    const directTools = DIRECT_TOOL_DEFS.map((tool) => ({
-      name: tool.name,
-      description: tool.description,
-      inputSchema: tool.inputSchema,
-    }))
-
-    const subagentTools = SUBAGENT_TOOL_DEFS.map((tool) => ({
-      name: tool.name,
-      description: tool.description,
-      inputSchema: tool.inputSchema,
-    }))
-
-    const result: ListToolsResult = {
-      tools: [...directTools, ...subagentTools],
-    }
-
-    return result
-  })
-
-  server.setRequestHandler(CallToolRequestSchema, async (request, extra) => {
-    const headers = (extra.requestInfo?.headers || {}) as HeaderMap
-    const apiKeyHeader = readHeader(headers, 'x-api-key')
-
-    if (!apiKeyHeader) {
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: 'AUTHENTICATION ERROR: No Copilot API key provided. The user must set their Copilot API key in the x-api-key header. They can generate one in the Sim app under Settings → Copilot. Do NOT retry — this will fail until the key is configured.',
-          },
-        ],
-        isError: true,
-      }
-    }
-
-    const authResult = await authenticateCopilotApiKey(apiKeyHeader)
-    if (!authResult.success || !authResult.userId) {
-      logger.warn('MCP copilot key auth failed', { method: request.method })
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: `AUTHENTICATION ERROR: ${authResult.error} Do NOT retry — this will fail until the user fixes their Copilot API key.`,
-          },
-        ],
-        isError: true,
-      }
-    }
-
-    const rateLimitResult = await mcpRateLimiter.checkRateLimitWithSubscription(
-      authResult.userId,
-      await getHighestPrioritySubscription(authResult.userId),
-      'api-endpoint',
-      false
-    )
-
-    if (!rateLimitResult.allowed) {
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: `RATE LIMIT: Too many requests. Please wait and retry after ${rateLimitResult.resetAt.toISOString()}.`,
-          },
-        ],
-        isError: true,
-      }
-    }
-
-    const params = request.params as { name?: string; arguments?: Record<string, unknown> } | undefined
-    if (!params?.name) {
-      throw new McpError(ErrorCode.InvalidParams, 'Tool name required')
-    }
-
-    const result = await handleToolsCall(
-      {
-        name: params.name,
-        arguments: params.arguments,
-      },
-      authResult.userId,
-      abortSignal
-    )
-
-    trackMcpCopilotCall(authResult.userId)
-
-    return result
-  })
-
-  return server
-}
-
-async function handleMcpRequestWithSdk(
-  request: NextRequest,
-  parsedBody: unknown
-): Promise<NextResponse> {
-  const server = buildMcpServer(request.signal)
-  const transport = new StreamableHTTPServerTransport({
-    sessionIdGenerator: undefined,
-    enableJsonResponse: true,
-  })
-
-  const responseCapture = new NextResponseCapture()
-  const requestAdapter = {
-    method: request.method,
-    headers: normalizeRequestHeaders(request),
-  }
-
-  await server.connect(transport)
-
-  try {
-    await transport.handleRequest(requestAdapter as any, responseCapture as any, parsedBody)
-    await responseCapture.waitForHeaders()
-    // Must exceed the longest possible tool execution (build = 5 min).
-    // Using ORCHESTRATION_TIMEOUT_MS + 60 s buffer so the orchestrator can
-    // finish or time-out on its own before the transport is torn down.
-    await responseCapture.waitForEnd(ORCHESTRATION_TIMEOUT_MS + 60_000)
-    return responseCapture.toNextResponse()
-  } finally {
-    await server.close().catch(() => {})
-    await transport.close().catch(() => {})
-  }
-}
-
-export async function GET() {
-  // Return 405 to signal that server-initiated SSE notifications are not
-  // supported.  Without this, clients like mcp-remote will repeatedly
-  // reconnect trying to open an SSE stream, flooding the logs with GETs.
-  return new NextResponse(null, { status: 405 })
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    let parsedBody: unknown
-
-    try {
-      parsedBody = await request.json()
-    } catch {
-      return NextResponse.json(createError(0, ErrorCode.ParseError, 'Invalid JSON body'), {
-        status: 400,
-      })
-    }
-
-    return await handleMcpRequestWithSdk(request, parsedBody)
-  } catch (error) {
-    logger.error('Error handling MCP request', { error })
-    return NextResponse.json(createError(0, ErrorCode.InternalError, 'Internal error'), {
-      status: 500,
-    })
-  }
-}
-
-export async function DELETE(request: NextRequest) {
-  void request
-  return NextResponse.json(createError(0, -32000, 'Method not allowed.'), { status: 405 })
-}
-
-/**
- * Increment MCP copilot call counter in userStats (fire-and-forget).
- */
-function trackMcpCopilotCall(userId: string): void {
-  db.update(userStats)
-    .set({
-      totalMcpCopilotCalls: sql`total_mcp_copilot_calls + 1`,
-      lastActive: new Date(),
-    })
-    .where(eq(userStats.userId, userId))
-    .then(() => {})
-    .catch((error) => {
-      logger.error('Failed to track MCP copilot call', { error, userId })
-    })
-}
-
-async function handleToolsCall(
-  params: { name: string; arguments?: Record<string, unknown> },
-  userId: string,
-  abortSignal?: AbortSignal
-): Promise<CallToolResult> {
-  const args = params.arguments || {}
-
-  const directTool = DIRECT_TOOL_DEFS.find((tool) => tool.name === params.name)
-  if (directTool) {
-    return handleDirectToolCall(directTool, args, userId)
-  }
-
-  const subagentTool = SUBAGENT_TOOL_DEFS.find((tool) => tool.name === params.name)
-  if (subagentTool) {
-    return handleSubagentToolCall(subagentTool, args, userId, abortSignal)
-  }
-
-  throw new McpError(ErrorCode.MethodNotFound, `Tool not found: ${params.name}`)
-}
-
-async function handleDirectToolCall(
-  toolDef: (typeof DIRECT_TOOL_DEFS)[number],
-  args: Record<string, unknown>,
-  userId: string
-): Promise<CallToolResult> {
-  try {
-    const execContext = await prepareExecutionContext(userId, (args.workflowId as string) || '')
-
-    const toolCall = {
-      id: randomUUID(),
-      name: toolDef.toolId,
-      status: 'pending' as const,
-      params: args as Record<string, any>,
-      startTime: Date.now(),
-    }
-
-    const result = await executeToolServerSide(toolCall, execContext)
-
-    return {
-      content: [
-        {
-          type: 'text',
-          text: JSON.stringify(result.output ?? result, null, 2),
-        },
-      ],
-      isError: !result.success,
-    }
-  } catch (error) {
-    logger.error('Direct tool execution failed', { tool: toolDef.name, error })
-    return {
-      content: [
-        {
-          type: 'text',
-          text: `Tool execution failed: ${error instanceof Error ? error.message : String(error)}`,
-        },
-      ],
-      isError: true,
-    }
-  }
-}
-
-/**
- * Build mode uses the main chat orchestrator with the 'fast' command instead of
- * the subagent endpoint. In Go, 'build' is not a registered subagent — it's a mode
- * (ModeFast) on the main chat processor that bypasses subagent orchestration and
- * executes all tools directly.
- */
-async function handleBuildToolCall(
-  args: Record<string, unknown>,
-  userId: string,
-  abortSignal?: AbortSignal
-): Promise<CallToolResult> {
-  try {
-    const requestText = (args.request as string) || JSON.stringify(args)
-    const { model } = getCopilotModel('chat')
-    const workflowId = args.workflowId as string | undefined
-
-    const resolved = workflowId ? { workflowId } : await resolveWorkflowIdForUser(userId)
-
-    if (!resolved?.workflowId) {
-      return {
-        content: [
-          {
-            type: 'text',
-            text: JSON.stringify(
-              {
-                success: false,
-                error: 'workflowId is required for build. Call create_workflow first.',
-              },
-              null,
-              2
-            ),
-          },
-        ],
-        isError: true,
-      }
-    }
-
-    const chatId = randomUUID()
-
-    const requestPayload = {
-      message: requestText,
-      workflowId: resolved.workflowId,
-      userId,
-      model,
-      mode: 'agent',
-      commands: ['fast'],
-      messageId: randomUUID(),
-      version: SIM_AGENT_VERSION,
-      headless: true,
-      chatId,
-      source: 'mcp',
-    }
-
-    const result = await orchestrateCopilotStream(requestPayload, {
-      userId,
-      workflowId: resolved.workflowId,
-      chatId,
-      autoExecuteTools: true,
-      timeout: 300000,
-      interactive: false,
-      abortSignal,
-    })
-
-    const responseData = {
-      success: result.success,
-      content: result.content,
-      toolCalls: result.toolCalls,
-      error: result.error,
-    }
-
-    return {
-      content: [{ type: 'text', text: JSON.stringify(responseData, null, 2) }],
-      isError: !result.success,
-    }
-  } catch (error) {
-    logger.error('Build tool call failed', { error })
-    return {
-      content: [
-        {
-          type: 'text',
-          text: `Build failed: ${error instanceof Error ? error.message : String(error)}`,
-        },
-      ],
-      isError: true,
-    }
-  }
-}
-
-async function handleSubagentToolCall(
-  toolDef: (typeof SUBAGENT_TOOL_DEFS)[number],
-  args: Record<string, unknown>,
-  userId: string,
-  abortSignal?: AbortSignal
-): Promise<CallToolResult> {
-  if (toolDef.agentId === 'build') {
-    return handleBuildToolCall(args, userId, abortSignal)
-  }
-
-  try {
-    const requestText =
-      (args.request as string) ||
-      (args.message as string) ||
-      (args.error as string) ||
-      JSON.stringify(args)
-
-    const context = (args.context as Record<string, unknown>) || {}
-    if (args.plan && !context.plan) {
-      context.plan = args.plan
-    }
-
-    const { model } = getCopilotModel('chat')
-
-    const result = await orchestrateSubagentStream(
-      toolDef.agentId,
-      {
-        message: requestText,
-        workflowId: args.workflowId,
-        workspaceId: args.workspaceId,
-        context,
-        model,
-        headless: true,
-        source: 'mcp',
-      },
-      {
-        userId,
-        workflowId: args.workflowId as string | undefined,
-        workspaceId: args.workspaceId as string | undefined,
-        abortSignal,
-      }
-    )
-
-    let responseData: unknown
-
-    if (result.structuredResult) {
-      responseData = {
-        success: result.structuredResult.success ?? result.success,
-        type: result.structuredResult.type,
-        summary: result.structuredResult.summary,
-        data: result.structuredResult.data,
-      }
-    } else if (result.error) {
-      responseData = {
-        success: false,
-        error: result.error,
-        errors: result.errors,
-      }
-    } else {
-      responseData = {
-        success: result.success,
-        content: result.content,
-      }
-    }
-
-    return {
-      content: [
-        {
-          type: 'text',
-          text: JSON.stringify(responseData, null, 2),
-        },
-      ],
-      isError: !result.success,
-    }
-  } catch (error) {
-    logger.error('Subagent tool call failed', {
-      tool: toolDef.name,
-      agentId: toolDef.agentId,
-      error,
-    })
-
-    return {
-      content: [
-        {
-          type: 'text',
-          text: `Subagent call failed: ${error instanceof Error ? error.message : String(error)}`,
-        },
-      ],
-      isError: true,
-    }
-  }
-}

apps/sim/app/api/memory/[id]/route.ts

@@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
 
@@ -36,7 +36,7 @@ async function validateMemoryAccess(
   requestId: string,
   action: 'read' | 'write'
 ): Promise<{ userId: string } | { error: NextResponse }> {
-  const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
   if (!authResult.success || !authResult.userId) {
     logger.warn(`[${requestId}] Unauthorized memory ${action} attempt`)
     return {

apps/sim/app/api/memory/route.ts

@@ -3,7 +3,7 @@ import { memory } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, isNull, like } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
 
@@ -16,7 +16,7 @@ export async function GET(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request)
+    const authResult = await checkInternalAuth(request)
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized memory access attempt`)
       return NextResponse.json(
@@ -89,7 +89,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request)
+    const authResult = await checkInternalAuth(request)
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized memory creation attempt`)
       return NextResponse.json(
@@ -228,7 +228,7 @@ export async function DELETE(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request)
+    const authResult = await checkInternalAuth(request)
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized memory deletion attempt`)
       return NextResponse.json(

apps/sim/app/api/tools/a2a/cancel-task/route.ts

@@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 const logger = createLogger('A2ACancelTaskAPI')
@@ -20,7 +20,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A cancel task attempt`)

apps/sim/app/api/tools/a2a/delete-push-notification/route.ts

@@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -20,7 +20,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(

apps/sim/app/api/tools/a2a/get-agent-card/route.ts

@@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -18,7 +18,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A get agent card attempt: ${authResult.error}`)

apps/sim/app/api/tools/a2a/get-push-notification/route.ts

@@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -19,7 +19,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(

apps/sim/app/api/tools/a2a/get-task/route.ts

@@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -21,7 +21,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A get task attempt: ${authResult.error}`)

apps/sim/app/api/tools/a2a/resubscribe/route.ts

@@ -10,7 +10,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 const logger = createLogger('A2AResubscribeAPI')
@@ -27,7 +27,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A resubscribe attempt`)

apps/sim/app/api/tools/a2a/send-message/route.ts

@@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 
@@ -32,7 +32,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A send message attempt: ${authResult.error}`)

apps/sim/app/api/tools/a2a/set-push-notification/route.ts

@@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 
@@ -22,7 +22,7 @@ export async function POST(request: NextRequest) {
   const requestId = generateRequestId()
 
   try {
-    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
 
     if (!authResult.success) {
       logger.warn(`[${requestId}] Unauthorized A2A set push notification attempt`, {

apps/sim/app/api/users/me/usage-logs/route.ts

@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { getUserUsageLogs, type UsageLogSource } from '@/lib/billing/core/usage-log'
 
 const logger = createLogger('UsageLogsAPI')
@@ -20,7 +20,7 @@ const QuerySchema = z.object({
  */
 export async function GET(req: NextRequest) {
   try {
-    const auth = await checkHybridAuth(req, { requireWorkflowId: false })
+    const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false })
 
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })

apps/sim/app/api/v1/copilot/chat/route.ts

@@ -1,114 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getCopilotModel } from '@/lib/copilot/config'
-import { SIM_AGENT_VERSION } from '@/lib/copilot/constants'
-import { COPILOT_REQUEST_MODES } from '@/lib/copilot/models'
-import { orchestrateCopilotStream } from '@/lib/copilot/orchestrator'
-import { resolveWorkflowIdForUser } from '@/lib/workflows/utils'
-import { authenticateV1Request } from '@/app/api/v1/auth'
-
-const logger = createLogger('CopilotHeadlessAPI')
-
-const RequestSchema = z.object({
-  message: z.string().min(1, 'message is required'),
-  workflowId: z.string().optional(),
-  workflowName: z.string().optional(),
-  chatId: z.string().optional(),
-  mode: z.enum(COPILOT_REQUEST_MODES).optional().default('agent'),
-  model: z.string().optional(),
-  autoExecuteTools: z.boolean().optional().default(true),
-  timeout: z.number().optional().default(300000),
-})
-
-/**
- * POST /api/v1/copilot/chat
- * Headless copilot endpoint for server-side orchestration.
- *
- * workflowId is optional - if not provided:
- * - If workflowName is provided, finds that workflow
- * - Otherwise uses the user's first workflow as context
- * - The copilot can still operate on any workflow using list_user_workflows
- */
-export async function POST(req: NextRequest) {
-  const auth = await authenticateV1Request(req)
-  if (!auth.authenticated || !auth.userId) {
-    return NextResponse.json(
-      { success: false, error: auth.error || 'Unauthorized' },
-      { status: 401 }
-    )
-  }
-
-  try {
-    const body = await req.json()
-    const parsed = RequestSchema.parse(body)
-    const defaults = getCopilotModel('chat')
-    const selectedModel = parsed.model || defaults.model
-
-    // Resolve workflow ID
-    const resolved = await resolveWorkflowIdForUser(
-      auth.userId,
-      parsed.workflowId,
-      parsed.workflowName
-    )
-    if (!resolved) {
-      return NextResponse.json(
-        {
-          success: false,
-          error: 'No workflows found. Create a workflow first or provide a valid workflowId.',
-        },
-        { status: 400 }
-      )
-    }
-
-    // Transform mode to transport mode (same as client API)
-    // build and agent both map to 'agent' on the backend
-    const effectiveMode = parsed.mode === 'agent' ? 'build' : parsed.mode
-    const transportMode = effectiveMode === 'build' ? 'agent' : effectiveMode
-
-    // Always generate a chatId - required for artifacts system to work with subagents
-    const chatId = parsed.chatId || crypto.randomUUID()
-
-    const requestPayload = {
-      message: parsed.message,
-      workflowId: resolved.workflowId,
-      userId: auth.userId,
-      model: selectedModel,
-      mode: transportMode,
-      messageId: crypto.randomUUID(),
-      version: SIM_AGENT_VERSION,
-      headless: true,
-      chatId,
-    }
-
-    const result = await orchestrateCopilotStream(requestPayload, {
-      userId: auth.userId,
-      workflowId: resolved.workflowId,
-      chatId,
-      autoExecuteTools: parsed.autoExecuteTools,
-      timeout: parsed.timeout,
-      interactive: false,
-    })
-
-    return NextResponse.json({
-      success: result.success,
-      content: result.content,
-      toolCalls: result.toolCalls,
-      chatId: result.chatId || chatId, // Return the chatId for conversation continuity
-      conversationId: result.conversationId,
-      error: result.error,
-    })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      return NextResponse.json(
-        { success: false, error: 'Invalid request', details: error.errors },
-        { status: 400 }
-      )
-    }
-
-    logger.error('Headless copilot request failed', {
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return NextResponse.json({ success: false, error: 'Internal server error' }, { status: 500 })
-  }
-}

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -325,6 +325,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       requestId
     )
 
+    // Client-side sessions and personal API keys bill/permission-check the
+    // authenticated user, not the workspace billed account.
+    const useAuthenticatedUserAsActor =
+      isClientSession || (auth.authType === 'api_key' && auth.apiKeyType === 'personal')
+
     const preprocessResult = await preprocessExecution({
       workflowId,
       userId,
@@ -334,6 +339,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       checkDeployment: !shouldUseDraftState,
       loggingSession,
       useDraftState: shouldUseDraftState,
+      useAuthenticatedUserAsActor,
     })
 
     if (!preprocessResult.success) {

apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx

@@ -74,8 +74,7 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps)
       }
 
       if (isExecutionFile) {
-        const serveUrl =
+        const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution`
-          file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution`
         window.open(serveUrl, '_blank')
         logger.info(`Opened execution file serve URL: ${serveUrl}`)
       } else {
@@ -88,16 +87,12 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps)
           logger.warn(
             `Could not construct viewer URL for file: ${file.name}, falling back to serve URL`
           )
-          const serveUrl =
+          const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace`
-            file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace`
           window.open(serveUrl, '_blank')
         }
       }
     } catch (error) {
       logger.error(`Failed to download file ${file.name}:`, error)
-      if (file.url) {
-        window.open(file.url, '_blank')
-      }
     } finally {
       setIsDownloading(false)
     }
@@ -198,8 +193,7 @@ export function FileDownload({
       }
 
       if (isExecutionFile) {
-        const serveUrl =
+        const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution`
-          file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution`
         window.open(serveUrl, '_blank')
         logger.info(`Opened execution file serve URL: ${serveUrl}`)
       } else {
@@ -212,16 +206,12 @@ export function FileDownload({
           logger.warn(
             `Could not construct viewer URL for file: ${file.name}, falling back to serve URL`
           )
-          const serveUrl =
+          const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace`
-            file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace`
           window.open(serveUrl, '_blank')
         }
       }
     } catch (error) {
       logger.error(`Failed to download file ${file.name}:`, error)
-      if (file.url) {
-        window.open(file.url, '_blank')
-      }
     } finally {
       setIsDownloading(false)
     }

apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx

@@ -89,7 +89,7 @@ export function WorkflowSelector({
             onMouseDown={(e) => handleRemove(e, w.id)}
           >
             {w.name}
-            <X className='h-3 w-3' />
+            <X className='!text-[var(--text-primary)] h-4 w-4 flex-shrink-0 opacity-50' />
           </Badge>
         ))}
         {selectedWorkflows.length > 2 && (

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/copilot-message.tsx

@@ -211,7 +211,7 @@ const CopilotMessage: FC<CopilotMessageProps> = memo(
         if (block.type === 'text') {
           const isLastTextBlock =
             index === message.contentBlocks!.length - 1 && block.type === 'text'
-          const parsed = parseSpecialTags(block.content ?? '')
+          const parsed = parseSpecialTags(block.content)
           // Mask credential IDs in the displayed content
           const cleanBlockContent = maskCredentialValue(
             parsed.cleanContent.replace(/\n{3,}/g, '\n\n')
@@ -243,7 +243,7 @@ const CopilotMessage: FC<CopilotMessageProps> = memo(
           return (
             <div key={blockKey} className='w-full'>
               <ThinkingBlock
-                content={maskCredentialValue(block.content ?? '')}
+                content={maskCredentialValue(block.content)}
                 isStreaming={isActivelyStreaming}
                 hasFollowingContent={hasFollowingContent}
                 hasSpecialTags={hasSpecialTags}
@@ -251,7 +251,7 @@ const CopilotMessage: FC<CopilotMessageProps> = memo(
             </div>
           )
         }
-        if (block.type === 'tool_call' && block.toolCall) {
+        if (block.type === 'tool_call') {
           const blockKey = `tool-${block.toolCall.id}`
 
           return (

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/tool-call/tool-call.tsx

@@ -1,15 +1,20 @@
 'use client'
 
 import { memo, useEffect, useMemo, useRef, useState } from 'react'
-import { createLogger } from '@sim/logger'
 import clsx from 'clsx'
 import { ChevronUp, LayoutList } from 'lucide-react'
 import Editor from 'react-simple-code-editor'
 import { Button, Code, getCodeEditorProps, highlight, languages } from '@/components/emcn'
+import { ClientToolCallState } from '@/lib/copilot/tools/client/base-tool'
+import { getClientTool } from '@/lib/copilot/tools/client/manager'
+import { getRegisteredTools } from '@/lib/copilot/tools/client/registry'
+import '@/lib/copilot/tools/client/init-tool-configs'
 import {
-  ClientToolCallState,
+  getSubagentLabels as getSubagentLabelsFromConfig,
-  TOOL_DISPLAY_REGISTRY,
+  getToolUIConfig,
-} from '@/lib/copilot/tools/client/tool-display-registry'
+  hasInterrupt as hasInterruptFromConfig,
+  isSpecialTool as isSpecialToolFromConfig,
+} from '@/lib/copilot/tools/client/ui-config'
 import { formatDuration } from '@/lib/core/utils/formatting'
 import { CopilotMarkdownRenderer } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/markdown-renderer'
 import { SmoothStreamingText } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/smooth-streaming'
@@ -20,6 +25,7 @@ import { getDisplayValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/co
 import { getBlock } from '@/blocks/registry'
 import type { CopilotToolCall } from '@/stores/panel'
 import { useCopilotStore } from '@/stores/panel'
+import { CLASS_TOOL_METADATA } from '@/stores/panel/copilot/store'
 import type { SubAgentContentBlock } from '@/stores/panel/copilot/types'
 import { useWorkflowStore } from '@/stores/workflows/workflow/store'
 
@@ -704,8 +710,8 @@ const ShimmerOverlayText = memo(function ShimmerOverlayText({
  * @returns The completion label from UI config, defaults to 'Thought'
  */
 function getSubagentCompletionLabel(toolName: string): string {
-  const labels = TOOL_DISPLAY_REGISTRY[toolName]?.uiConfig?.subagentLabels
+  const labels = getSubagentLabelsFromConfig(toolName, false)
-  return labels?.completed || 'Thought'
+  return labels?.completed ?? 'Thought'
 }
 
 /**
@@ -937,7 +943,7 @@ const SubagentContentRenderer = memo(function SubagentContentRenderer({
  * Determines if a tool call should display with special gradient styling.
  */
 function isSpecialToolCall(toolCall: CopilotToolCall): boolean {
-  return TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.isSpecial === true
+  return isSpecialToolFromConfig(toolCall.name)
 }
 
 /**
@@ -1217,11 +1223,28 @@ const WorkflowEditSummary = memo(function WorkflowEditSummary({
 
 /** Checks if a tool is server-side executed (not a client tool) */
 function isIntegrationTool(toolName: string): boolean {
-  return !TOOL_DISPLAY_REGISTRY[toolName]
+  return !CLASS_TOOL_METADATA[toolName]
 }
 
 function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
-  const hasInterrupt = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.interrupt === true
+  if (hasInterruptFromConfig(toolCall.name) && toolCall.state === 'pending') {
+    return true
+  }
+
+  const instance = getClientTool(toolCall.id)
+  let hasInterrupt = !!instance?.getInterruptDisplays?.()
+  if (!hasInterrupt) {
+    try {
+      const def = getRegisteredTools()[toolCall.name]
+      if (def) {
+        hasInterrupt =
+          typeof def.hasInterrupt === 'function'
+            ? !!def.hasInterrupt(toolCall.params || {})
+            : !!def.hasInterrupt
+      }
+    } catch {}
+  }
+
   if (hasInterrupt && toolCall.state === 'pending') {
     return true
   }
@@ -1234,50 +1257,109 @@ function shouldShowRunSkipButtons(toolCall: CopilotToolCall): boolean {
   return false
 }
 
-const toolCallLogger = createLogger('CopilotToolCall')
-
-async function sendToolDecision(
-  toolCallId: string,
-  status: 'accepted' | 'rejected' | 'background'
-) {
-  try {
-    await fetch('/api/copilot/confirm', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ toolCallId, status }),
-    })
-  } catch (error) {
-    toolCallLogger.warn('Failed to send tool decision', {
-      toolCallId,
-      status,
-      error: error instanceof Error ? error.message : String(error),
-    })
-  }
-}
-
 async function handleRun(
   toolCall: CopilotToolCall,
   setToolCallState: any,
   onStateChange?: any,
   editedParams?: any
 ) {
-  setToolCallState(toolCall, 'executing', editedParams ? { params: editedParams } : undefined)
+  const instance = getClientTool(toolCall.id)
-  onStateChange?.('executing')
+
-  await sendToolDecision(toolCall.id, 'accepted')
+  if (!instance && isIntegrationTool(toolCall.name)) {
+    onStateChange?.('executing')
+    try {
+      await useCopilotStore.getState().executeIntegrationTool(toolCall.id)
+    } catch (e) {
+      setToolCallState(toolCall, 'error', { error: e instanceof Error ? e.message : String(e) })
+      onStateChange?.('error')
+      try {
+        await fetch('/api/copilot/tools/mark-complete', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            id: toolCall.id,
+            name: toolCall.name,
+            status: 500,
+            message: e instanceof Error ? e.message : 'Tool execution failed',
+            data: { error: e instanceof Error ? e.message : String(e) },
+          }),
+        })
+      } catch {
+        console.error('[handleRun] Failed to notify backend of tool error:', toolCall.id)
+      }
+    }
+    return
+  }
+
+  if (!instance) return
+  try {
+    const mergedParams =
+      editedParams ||
+      (toolCall as any).params ||
+      (toolCall as any).parameters ||
+      (toolCall as any).input ||
+      {}
+    await instance.handleAccept?.(mergedParams)
+    onStateChange?.('executing')
+  } catch (e) {
+    setToolCallState(toolCall, 'error', { error: e instanceof Error ? e.message : String(e) })
+  }
 }
 
 async function handleSkip(toolCall: CopilotToolCall, setToolCallState: any, onStateChange?: any) {
+  const instance = getClientTool(toolCall.id)
+
+  if (!instance && isIntegrationTool(toolCall.name)) {
+    setToolCallState(toolCall, 'rejected')
+    onStateChange?.('rejected')
+
+    let notified = false
+    for (let attempt = 0; attempt < 3 && !notified; attempt++) {
+      try {
+        const res = await fetch('/api/copilot/tools/mark-complete', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            id: toolCall.id,
+            name: toolCall.name,
+            status: 400,
+            message: 'Tool execution skipped by user',
+            data: { skipped: true, reason: 'user_skipped' },
+          }),
+        })
+        if (res.ok) {
+          notified = true
+        }
+      } catch (e) {
+        if (attempt < 2) {
+          await new Promise((resolve) => setTimeout(resolve, 500))
+        }
+      }
+    }
+
+    if (!notified) {
+      console.error('[handleSkip] Failed to notify backend after 3 attempts:', toolCall.id)
+    }
+    return
+  }
+
+  if (instance) {
+    try {
+      await instance.handleReject?.()
+    } catch {}
+  }
   setToolCallState(toolCall, 'rejected')
   onStateChange?.('rejected')
-  await sendToolDecision(toolCall.id, 'rejected')
 }
 
 function getDisplayName(toolCall: CopilotToolCall): string {
   const fromStore = (toolCall as any).display?.text
   if (fromStore) return fromStore
-  const registryEntry = TOOL_DISPLAY_REGISTRY[toolCall.name]
+  try {
-  const byState = registryEntry?.displayNames?.[toolCall.state as ClientToolCallState]
+    const def = getRegisteredTools()[toolCall.name] as any
-  if (byState?.text) return byState.text
+    const byState = def?.metadata?.displayNames?.[toolCall.state]
+    if (byState?.text) return byState.text
+  } catch {}
 
   const stateVerb = getStateVerb(toolCall.state)
   const formattedName = formatToolName(toolCall.name)
@@ -1427,7 +1509,7 @@ export function ToolCall({
   // Check if this integration tool is auto-allowed
   // Subscribe to autoAllowedTools so we re-render when it changes
   const autoAllowedTools = useCopilotStore((s) => s.autoAllowedTools)
-  const { removeAutoAllowedTool, setToolCallState } = useCopilotStore()
+  const { removeAutoAllowedTool } = useCopilotStore()
   const isAutoAllowed = isIntegrationTool(toolCall.name) && autoAllowedTools.includes(toolCall.name)
 
   // Update edited params when toolCall params change (deep comparison to avoid resetting user edits on ref change)
@@ -1444,12 +1526,34 @@ export function ToolCall({
     toolCall.name === 'mark_todo_in_progress' ||
     toolCall.name === 'tool_search_tool_regex' ||
     toolCall.name === 'user_memory' ||
-    toolCall.name.endsWith('_respond')
+    toolCall.name === 'edit_respond' ||
+    toolCall.name === 'debug_respond' ||
+    toolCall.name === 'plan_respond' ||
+    toolCall.name === 'research_respond' ||
+    toolCall.name === 'info_respond' ||
+    toolCall.name === 'deploy_respond' ||
+    toolCall.name === 'superagent_respond'
   )
     return null
 
   // Special rendering for subagent tools - show as thinking text with tool calls at top level
-  const isSubagentTool = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig?.subagent === true
+  const SUBAGENT_TOOLS = [
+    'plan',
+    'edit',
+    'debug',
+    'test',
+    'deploy',
+    'evaluate',
+    'auth',
+    'research',
+    'knowledge',
+    'custom_tool',
+    'tour',
+    'info',
+    'workflow',
+    'superagent',
+  ]
+  const isSubagentTool = SUBAGENT_TOOLS.includes(toolCall.name)
 
   // For ALL subagent tools, don't show anything until we have blocks with content
   if (isSubagentTool) {
@@ -1489,18 +1593,17 @@ export function ToolCall({
     stateStr === 'aborted'
 
   // Allow rendering if:
-  // 1. Tool is in TOOL_DISPLAY_REGISTRY (client tools), OR
+  // 1. Tool is in CLASS_TOOL_METADATA (client tools), OR
   // 2. We're in build mode (integration tools are executed server-side), OR
   // 3. Tool call is already completed (historical - should always render)
-  const isClientTool = !!TOOL_DISPLAY_REGISTRY[toolCall.name]
+  const isClientTool = !!CLASS_TOOL_METADATA[toolCall.name]
   const isIntegrationToolInBuildMode = mode === 'build' && !isClientTool
 
   if (!isClientTool && !isIntegrationToolInBuildMode && !isCompletedToolCall) {
     return null
   }
-  const toolUIConfig = TOOL_DISPLAY_REGISTRY[toolCall.name]?.uiConfig
   // Check if tool has params table config (meaning it's expandable)
-  const hasParamsTable = !!toolUIConfig?.paramsTable
+  const hasParamsTable = !!getToolUIConfig(toolCall.name)?.paramsTable
   const isRunWorkflow = toolCall.name === 'run_workflow'
   const isExpandableTool =
     hasParamsTable ||
@@ -1510,6 +1613,7 @@ export function ToolCall({
   const showButtons = isCurrentMessage && shouldShowRunSkipButtons(toolCall)
 
   // Check UI config for secondary action - only show for current message tool calls
+  const toolUIConfig = getToolUIConfig(toolCall.name)
   const secondaryAction = toolUIConfig?.secondaryAction
   const showSecondaryAction = secondaryAction?.showInStates.includes(
     toolCall.state as ClientToolCallState
@@ -2107,9 +2211,16 @@ export function ToolCall({
         <div className='mt-[10px]'>
           <Button
             onClick={async () => {
-              setToolCallState(toolCall, ClientToolCallState.background)
+              try {
-              onStateChange?.('background')
+                const instance = getClientTool(toolCall.id)
-              await sendToolDecision(toolCall.id, 'background')
+                instance?.setState?.((ClientToolCallState as any).background)
+                await instance?.markToolComplete?.(
+                  200,
+                  'The user has chosen to move the workflow execution to the background. Check back with them later to know when the workflow execution is complete'
+                )
+                forceUpdate({})
+                onStateChange?.('background')
+              } catch {}
             }}
             variant='tertiary'
             title='Move to Background'
@@ -2121,9 +2232,21 @@ export function ToolCall({
         <div className='mt-[10px]'>
           <Button
             onClick={async () => {
-              setToolCallState(toolCall, ClientToolCallState.background)
+              try {
-              onStateChange?.('background')
+                const instance = getClientTool(toolCall.id)
-              await sendToolDecision(toolCall.id, 'background')
+                const elapsedSeconds = instance?.getElapsedSeconds?.() || 0
+                instance?.setState?.((ClientToolCallState as any).background, {
+                  result: { _elapsedSeconds: elapsedSeconds },
+                })
+                const { updateToolCallParams } = useCopilotStore.getState()
+                updateToolCallParams?.(toolCall.id, { _elapsedSeconds: Math.round(elapsedSeconds) })
+                await instance?.markToolComplete?.(
+                  200,
+                  `User woke you up after ${Math.round(elapsedSeconds)} seconds`
+                )
+                forceUpdate({})
+                onStateChange?.('background')
+              } catch {}
             }}
             variant='tertiary'
             title='Wake'

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/user-input/constants.ts

@@ -246,7 +246,6 @@ export function getCommandDisplayLabel(commandId: string): string {
  * Model configuration options
  */
 export const MODEL_OPTIONS = [
-  { value: 'claude-4.6-opus', label: 'Claude 4.6 Opus' },
   { value: 'claude-4.5-opus', label: 'Claude 4.5 Opus' },
   { value: 'claude-4.5-sonnet', label: 'Claude 4.5 Sonnet' },
   { value: 'claude-4.5-haiku', label: 'Claude 4.5 Haiku' },

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/copilot.tsx

@@ -107,13 +107,13 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     currentChat,
     selectChat,
     deleteChat,
+    areChatsFresh,
     workflowId: copilotWorkflowId,
     setPlanTodos,
     closePlanTodos,
     clearPlanArtifact,
     savePlanArtifact,
     loadAutoAllowedTools,
-    resumeActiveStream,
   } = useCopilotStore()
 
   // Initialize copilot
@@ -126,7 +126,6 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
     loadAutoAllowedTools,
     currentChat,
     isSendingMessage,
-    resumeActiveStream,
   })
 
   // Handle scroll management (80px stickiness for copilot)
@@ -141,6 +140,7 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
       activeWorkflowId,
       copilotWorkflowId,
       loadChats,
+      areChatsFresh,
       isSendingMessage,
     }
   )
@@ -421,8 +421,8 @@ export const Copilot = forwardRef<CopilotRef, CopilotProps>(({ panelWidth }, ref
           </div>
         </div>
 
-        {/* Show loading state until fully initialized, but skip if actively streaming (resume case) */}
+        {/* Show loading state until fully initialized */}
-        {!isInitialized && !isSendingMessage ? (
+        {!isInitialized ? (
           <div className='flex h-full w-full items-center justify-center'>
             <div className='flex flex-col items-center gap-3'>
               <p className='text-muted-foreground text-sm'>Loading copilot</p>

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/hooks/use-chat-history.ts

@@ -10,6 +10,7 @@ interface UseChatHistoryProps {
   activeWorkflowId: string | null
   copilotWorkflowId: string | null
   loadChats: (forceRefresh: boolean) => Promise<void>
+  areChatsFresh: (workflowId: string) => boolean
   isSendingMessage: boolean
 }
 
@@ -20,7 +21,8 @@ interface UseChatHistoryProps {
  * @returns Chat history utilities
  */
 export function useChatHistory(props: UseChatHistoryProps) {
-  const { chats, activeWorkflowId, copilotWorkflowId, loadChats, isSendingMessage } = props
+  const { chats, activeWorkflowId, copilotWorkflowId, loadChats, areChatsFresh, isSendingMessage } =
+    props
 
   /** Groups chats by time period (Today, Yesterday, This Week, etc.) */
   const groupedChats = useMemo(() => {
@@ -78,7 +80,7 @@ export function useChatHistory(props: UseChatHistoryProps) {
   /** Handles history dropdown opening and loads chats if needed (non-blocking) */
   const handleHistoryDropdownOpen = useCallback(
     (open: boolean) => {
-      if (open && activeWorkflowId && !isSendingMessage) {
+      if (open && activeWorkflowId && !isSendingMessage && !areChatsFresh(activeWorkflowId)) {
         loadChats(false).catch((error) => {
           logger.error('Failed to load chat history:', error)
         })
@@ -88,7 +90,7 @@ export function useChatHistory(props: UseChatHistoryProps) {
         logger.info('Chat history opened during stream - showing cached data only')
       }
     },
-    [activeWorkflowId, isSendingMessage, loadChats]
+    [activeWorkflowId, areChatsFresh, isSendingMessage, loadChats]
   )
 
   return {

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/hooks/use-copilot-initialization.ts

@@ -14,7 +14,6 @@ interface UseCopilotInitializationProps {
   loadAutoAllowedTools: () => Promise<void>
   currentChat: any
   isSendingMessage: boolean
-  resumeActiveStream: () => Promise<boolean>
 }
 
 /**
@@ -33,13 +32,11 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     loadAutoAllowedTools,
     currentChat,
     isSendingMessage,
-    resumeActiveStream,
   } = props
 
   const [isInitialized, setIsInitialized] = useState(false)
   const lastWorkflowIdRef = useRef<string | null>(null)
   const hasMountedRef = useRef(false)
-  const hasResumedRef = useRef(false)
 
   /** Initialize on mount - loads chats if needed. Never loads during streaming */
   useEffect(() => {
@@ -108,16 +105,6 @@ export function useCopilotInitialization(props: UseCopilotInitializationProps) {
     isSendingMessage,
   ])
 
-  /** Try to resume active stream on mount - runs early, before waiting for chats */
-  useEffect(() => {
-    if (hasResumedRef.current || isSendingMessage) return
-    hasResumedRef.current = true
-    // Resume immediately on mount - don't wait for isInitialized
-    resumeActiveStream().catch((err) => {
-      logger.warn('[Copilot] Failed to resume active stream', err)
-    })
-  }, [isSendingMessage, resumeActiveStream])
-
   /** Load auto-allowed tools once on mount - runs immediately, independent of workflow */
   const hasLoadedAutoAllowedToolsRef = useRef(false)
   useEffect(() => {

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx

@@ -35,6 +35,7 @@ interface CredentialSelectorProps {
   disabled?: boolean
   isPreview?: boolean
   previewValue?: any | null
+  previewContextValues?: Record<string, unknown>
 }
 
 export function CredentialSelector({
@@ -43,6 +44,7 @@ export function CredentialSelector({
   disabled = false,
   isPreview = false,
   previewValue,
+  previewContextValues,
 }: CredentialSelectorProps) {
   const [showOAuthModal, setShowOAuthModal] = useState(false)
   const [editingValue, setEditingValue] = useState('')
@@ -67,7 +69,11 @@ export function CredentialSelector({
     canUseCredentialSets
   )
 
-  const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { disabled, isPreview })
+  const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, {
+    disabled,
+    isPreview,
+    previewContextValues,
+  })
   const hasDependencies = dependsOn.length > 0
 
   const effectiveDisabled = disabled || (hasDependencies && !depsSatisfied)

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx

@@ -5,6 +5,7 @@ import { Tooltip } from '@/components/emcn'
 import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import type { SubBlockConfig } from '@/blocks/types'
 import type { SelectorContext } from '@/hooks/selectors/types'
 
@@ -33,7 +34,9 @@ export function DocumentSelector({
     previewContextValues,
   })
   const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId')
-  const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore
+  const knowledgeBaseIdValue = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId)
+    : knowledgeBaseIdFromStore
   const normalizedKnowledgeBaseId =
     typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0
       ? knowledgeBaseIdValue

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx

@@ -17,6 +17,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/
 import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown'
 import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes'
 import type { SubBlockConfig } from '@/blocks/types'
 import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions'
@@ -77,7 +78,9 @@ export function DocumentTagEntry({
   })
 
   const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId')
-  const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore
+  const knowledgeBaseIdValue = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId)
+    : knowledgeBaseIdFromStore
   const knowledgeBaseId =
     typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0
       ? knowledgeBaseIdValue

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx

@@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { getBlock } from '@/blocks/registry'
 import type { SubBlockConfig } from '@/blocks/types'
 import { isDependency } from '@/blocks/utils'
@@ -62,42 +63,56 @@ export function FileSelectorInput({
 
   const [domainValueFromStore] = useSubBlockValue(blockId, 'domain')
 
-  const connectedCredential = previewContextValues?.credential ?? blockValues.credential
+  const connectedCredential = previewContextValues
-  const domainValue = previewContextValues?.domain ?? domainValueFromStore
+    ? resolvePreviewContextValue(previewContextValues.credential)
+    : blockValues.credential
+  const domainValue = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.domain)
+    : domainValueFromStore
 
   const teamIdValue = useMemo(
     () =>
-      previewContextValues?.teamId ??
+      previewContextValues
-      resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.teamId)
-    [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const siteIdValue = useMemo(
     () =>
-      previewContextValues?.siteId ??
+      previewContextValues
-      resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.siteId)
-    [previewContextValues?.siteId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const collectionIdValue = useMemo(
     () =>
-      previewContextValues?.collectionId ??
+      previewContextValues
-      resolveDependencyValue('collectionId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.collectionId)
-    [previewContextValues?.collectionId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue(
+            'collectionId',
+            blockValues,
+            canonicalIndex,
+            canonicalModeOverrides
+          ),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const projectIdValue = useMemo(
     () =>
-      previewContextValues?.projectId ??
+      previewContextValues
-      resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.projectId)
-    [previewContextValues?.projectId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const planIdValue = useMemo(
     () =>
-      previewContextValues?.planId ??
+      previewContextValues
-      resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.planId)
-    [previewContextValues?.planId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const normalizedCredentialId =

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx

@@ -6,6 +6,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import type { SubBlockConfig } from '@/blocks/types'
 import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution'
 import { useCollaborativeWorkflow } from '@/hooks/use-collaborative-workflow'
@@ -17,6 +18,7 @@ interface FolderSelectorInputProps {
   disabled?: boolean
   isPreview?: boolean
   previewValue?: any | null
+  previewContextValues?: Record<string, unknown>
 }
 
 export function FolderSelectorInput({
@@ -25,9 +27,13 @@ export function FolderSelectorInput({
   disabled = false,
   isPreview = false,
   previewValue,
+  previewContextValues,
 }: FolderSelectorInputProps) {
   const [storeValue] = useSubBlockValue(blockId, subBlock.id)
-  const [connectedCredential] = useSubBlockValue(blockId, 'credential')
+  const [credentialFromStore] = useSubBlockValue(blockId, 'credential')
+  const connectedCredential = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.credential)
+    : credentialFromStore
   const { collaborativeSetSubblockValue } = useCollaborativeWorkflow()
   const { activeWorkflowId } = useWorkflowRegistry()
   const [selectedFolderId, setSelectedFolderId] = useState<string>('')
@@ -47,7 +53,11 @@ export function FolderSelectorInput({
   )
 
   // Central dependsOn gating
-  const { finalDisabled } = useDependsOnGate(blockId, subBlock, { disabled, isPreview })
+  const { finalDisabled } = useDependsOnGate(blockId, subBlock, {
+    disabled,
+    isPreview,
+    previewContextValues,
+  })
 
   // Get the current value from the store or prop value if in preview mode
   useEffect(() => {

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx

@@ -7,6 +7,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/
 import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown'
 import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes'
 import { useWorkflowState } from '@/hooks/queries/workflows'
 
@@ -37,6 +38,8 @@ interface InputMappingProps {
   isPreview?: boolean
   previewValue?: Record<string, unknown>
   disabled?: boolean
+  /** Sub-block values from the preview context for resolving sibling sub-block values */
+  previewContextValues?: Record<string, unknown>
 }
 
 /**
@@ -50,9 +53,13 @@ export function InputMapping({
   isPreview = false,
   previewValue,
   disabled = false,
+  previewContextValues,
 }: InputMappingProps) {
   const [mapping, setMapping] = useSubBlockValue(blockId, subBlockId)
-  const [selectedWorkflowId] = useSubBlockValue(blockId, 'workflowId')
+  const [storeWorkflowId] = useSubBlockValue(blockId, 'workflowId')
+  const selectedWorkflowId = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.workflowId)
+    : storeWorkflowId
 
   const inputController = useSubBlockInput({
     blockId,

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx

@@ -17,6 +17,7 @@ import { type FilterFieldType, getOperatorsForFieldType } from '@/lib/knowledge/
 import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/formatted-text'
 import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown'
 import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes'
 import type { SubBlockConfig } from '@/blocks/types'
 import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions'
@@ -69,7 +70,9 @@ export function KnowledgeTagFilters({
   const overlayRefs = useRef<Record<string, HTMLDivElement>>({})
 
   const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId')
-  const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore
+  const knowledgeBaseIdValue = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId)
+    : knowledgeBaseIdFromStore
   const knowledgeBaseId =
     typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0
       ? knowledgeBaseIdValue

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx

@@ -6,6 +6,7 @@ import { cn } from '@/lib/core/utils/cn'
 import { LongInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input'
 import { ShortInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import type { SubBlockConfig } from '@/blocks/types'
 import { useMcpTools } from '@/hooks/mcp/use-mcp-tools'
 import { formatParameterLabel } from '@/tools/params'
@@ -18,6 +19,7 @@ interface McpDynamicArgsProps {
   disabled?: boolean
   isPreview?: boolean
   previewValue?: any
+  previewContextValues?: Record<string, unknown>
 }
 
 /**
@@ -47,12 +49,19 @@ export function McpDynamicArgs({
   disabled = false,
   isPreview = false,
   previewValue,
+  previewContextValues,
 }: McpDynamicArgsProps) {
   const params = useParams()
   const workspaceId = params.workspaceId as string
   const { mcpTools, isLoading } = useMcpTools(workspaceId)
-  const [selectedTool] = useSubBlockValue(blockId, 'tool')
+  const [toolFromStore] = useSubBlockValue(blockId, 'tool')
-  const [cachedSchema] = useSubBlockValue(blockId, '_toolSchema')
+  const selectedTool = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.tool)
+    : toolFromStore
+  const [schemaFromStore] = useSubBlockValue(blockId, '_toolSchema')
+  const cachedSchema = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues._toolSchema)
+    : schemaFromStore
   const [toolArgs, setToolArgs] = useSubBlockValue(blockId, subBlockId)
 
   const selectedToolConfig = mcpTools.find((tool) => tool.id === selectedTool)

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx

@@ -4,6 +4,7 @@ import { useEffect, useMemo, useState } from 'react'
 import { useParams } from 'next/navigation'
 import { Combobox } from '@/components/emcn/components'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import type { SubBlockConfig } from '@/blocks/types'
 import { useMcpTools } from '@/hooks/mcp/use-mcp-tools'
 
@@ -13,6 +14,7 @@ interface McpToolSelectorProps {
   disabled?: boolean
   isPreview?: boolean
   previewValue?: string | null
+  previewContextValues?: Record<string, unknown>
 }
 
 export function McpToolSelector({
@@ -21,6 +23,7 @@ export function McpToolSelector({
   disabled = false,
   isPreview = false,
   previewValue,
+  previewContextValues,
 }: McpToolSelectorProps) {
   const params = useParams()
   const workspaceId = params.workspaceId as string
@@ -31,7 +34,10 @@ export function McpToolSelector({
   const [storeValue, setStoreValue] = useSubBlockValue(blockId, subBlock.id)
   const [, setSchemaCache] = useSubBlockValue(blockId, '_toolSchema')
 
-  const [serverValue] = useSubBlockValue(blockId, 'server')
+  const [serverFromStore] = useSubBlockValue(blockId, 'server')
+  const serverValue = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.server)
+    : serverFromStore
 
   const label = subBlock.placeholder || 'Select tool'
 

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx

@@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { getBlock } from '@/blocks/registry'
 import type { SubBlockConfig } from '@/blocks/types'
 import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution'
@@ -55,14 +56,19 @@ export function ProjectSelectorInput({
     return (workflowValues as Record<string, Record<string, unknown>>)[blockId] || {}
   })
 
-  const connectedCredential = previewContextValues?.credential ?? blockValues.credential
+  const connectedCredential = previewContextValues
-  const jiraDomain = previewContextValues?.domain ?? jiraDomainFromStore
+    ? resolvePreviewContextValue(previewContextValues.credential)
+    : blockValues.credential
+  const jiraDomain = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.domain)
+    : jiraDomainFromStore
 
   const linearTeamId = useMemo(
     () =>
-      previewContextValues?.teamId ??
+      previewContextValues
-      resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides),
+        ? resolvePreviewContextValue(previewContextValues.teamId)
-    [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides]
+        : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides),
+    [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
   const serviceId = subBlock.serviceId || ''

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx

@@ -8,6 +8,7 @@ import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/sub
 import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox'
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import { getBlock } from '@/blocks/registry'
 import type { SubBlockConfig } from '@/blocks/types'
 import { resolveSelectorForSubBlock, type SelectorResolution } from '@/hooks/selectors/resolution'
@@ -66,9 +67,12 @@ export function SheetSelectorInput({
     [blockValues, canonicalIndex, canonicalModeOverrides]
   )
 
-  const connectedCredential = previewContextValues?.credential ?? connectedCredentialFromStore
+  const connectedCredential = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.credential)
+    : connectedCredentialFromStore
   const spreadsheetId = previewContextValues
-    ? (previewContextValues.spreadsheetId ?? previewContextValues.manualSpreadsheetId)
+    ? (resolvePreviewContextValue(previewContextValues.spreadsheetId) ??
+      resolvePreviewContextValue(previewContextValues.manualSpreadsheetId))
     : spreadsheetIdFromStore
 
   const normalizedCredentialId =

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx

@@ -130,39 +130,52 @@ export function SkillInput({
           onOpenChange={setOpen}
         />
 
-        {selectedSkills.length > 0 && (
+        {selectedSkills.length > 0 &&
-          <div className='flex flex-wrap gap-[4px]'>
+          selectedSkills.map((stored) => {
-            {selectedSkills.map((stored) => {
+            const fullSkill = workspaceSkills.find((s) => s.id === stored.skillId)
-              const fullSkill = workspaceSkills.find((s) => s.id === stored.skillId)
+            return (
-              return (
+              <div
+                key={stored.skillId}
+                className='group relative flex flex-col overflow-hidden rounded-[4px] border border-[var(--border-1)] transition-all duration-200 ease-in-out'
+              >
                 <div
-                  key={stored.skillId}
+                  className='flex cursor-pointer items-center justify-between gap-[8px] rounded-t-[4px] bg-[var(--surface-4)] px-[8px] py-[6.5px]'
-                  className='flex cursor-pointer items-center gap-[4px] rounded-[4px] border border-[var(--border-1)] bg-[var(--surface-5)] px-[6px] py-[2px] font-medium text-[12px] text-[var(--text-secondary)] hover:bg-[var(--surface-6)]'
                   onClick={() => {
                     if (fullSkill && !disabled && !isPreview) {
                       setEditingSkill(fullSkill)
                     }
                   }}
                 >
-                  <AgentSkillsIcon className='h-[10px] w-[10px] text-[var(--text-tertiary)]' />
+                  <div className='flex min-w-0 flex-1 items-center gap-[8px]'>
-                  <span className='max-w-[140px] truncate'>{resolveSkillName(stored)}</span>
+                    <div
-                  {!disabled && !isPreview && (
+                      className='flex h-[16px] w-[16px] flex-shrink-0 items-center justify-center rounded-[4px]'
-                    <button
+                      style={{ backgroundColor: '#e0e0e0' }}
-                      type='button'
-                      onClick={(e) => {
-                        e.stopPropagation()
-                        handleRemove(stored.skillId)
-                      }}
-                      className='ml-[2px] rounded-[2px] p-[1px] text-[var(--text-tertiary)] hover:bg-[var(--surface-7)] hover:text-[var(--text-secondary)]'
                     >
-                      <XIcon className='h-[10px] w-[10px]' />
+                      <AgentSkillsIcon className='h-[10px] w-[10px] text-[#333]' />
-                    </button>
+                    </div>
-                  )}
+                    <span className='truncate font-medium text-[13px] text-[var(--text-primary)]'>
+                      {resolveSkillName(stored)}
+                    </span>
+                  </div>
+                  <div className='flex flex-shrink-0 items-center gap-[8px]'>
+                    {!disabled && !isPreview && (
+                      <button
+                        type='button'
+                        onClick={(e) => {
+                          e.stopPropagation()
+                          handleRemove(stored.skillId)
+                        }}
+                        className='flex items-center justify-center text-[var(--text-tertiary)] transition-colors hover:text-[var(--text-primary)]'
+                        aria-label='Remove skill'
+                      >
+                        <XIcon className='h-[13px] w-[13px]' />
+                      </button>
+                    )}
+                  </div>
                 </div>
-              )
+              </div>
-            })}
+            )
-          </div>
+          })}
-        )}
       </div>
 
       <SkillModal

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx

@@ -8,6 +8,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
+import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils'
 import type { SubBlockConfig } from '@/blocks/types'
 import type { SelectorContext, SelectorKey } from '@/hooks/selectors/types'
 
@@ -58,9 +59,15 @@ export function SlackSelectorInput({
   const [botToken] = useSubBlockValue(blockId, 'botToken')
   const [connectedCredential] = useSubBlockValue(blockId, 'credential')
 
-  const effectiveAuthMethod = previewContextValues?.authMethod ?? authMethod
+  const effectiveAuthMethod = previewContextValues
-  const effectiveBotToken = previewContextValues?.botToken ?? botToken
+    ? resolvePreviewContextValue(previewContextValues.authMethod)
-  const effectiveCredential = previewContextValues?.credential ?? connectedCredential
+    : authMethod
+  const effectiveBotToken = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.botToken)
+    : botToken
+  const effectiveCredential = previewContextValues
+    ? resolvePreviewContextValue(previewContextValues.credential)
+    : connectedCredential
   const [_selectedValue, setSelectedValue] = useState<string | null>(null)
 
   const serviceId = subBlock.serviceId || ''

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx

@@ -332,6 +332,7 @@ function FolderSelectorSyncWrapper({
           dependsOn: uiComponent.dependsOn,
         }}
         disabled={disabled}
+        previewContextValues={previewContextValues}
       />
     </GenericSyncWrapper>
   )

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx

@@ -797,6 +797,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -832,6 +833,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -843,6 +845,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -865,6 +868,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue as any}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -876,6 +880,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue as any}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -887,6 +892,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue as any}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -911,6 +917,7 @@ function SubBlockComponent({
             isPreview={isPreview}
             previewValue={previewValue as any}
             disabled={isDisabled}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -946,6 +953,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -979,6 +987,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue as any}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 
@@ -990,6 +999,7 @@ function SubBlockComponent({
             disabled={isDisabled}
             isPreview={isPreview}
             previewValue={previewValue}
+            previewContextValues={isPreview ? subBlockValues : undefined}
           />
         )
 

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts

@@ -0,0 +1,18 @@
+/**
+ * Extracts the raw value from a preview context entry.
+ *
+ * @remarks
+ * In the sub-block preview context, values are wrapped as `{ value: T }` objects
+ * (the full sub-block state). In the tool-input preview context, values are already
+ * raw. This function normalizes both cases to return the underlying value.
+ *
+ * @param raw - The preview context entry, which may be a raw value or a `{ value: T }` wrapper
+ * @returns The unwrapped value, or `null` if the input is nullish
+ */
+export function resolvePreviewContextValue(raw: unknown): unknown {
+  if (raw === null || raw === undefined) return null
+  if (typeof raw === 'object' && !Array.isArray(raw) && 'value' in raw) {
+    return (raw as Record<string, unknown>).value ?? null
+  }
+  return raw
+}

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts

@@ -6,6 +6,7 @@ import {
   isSubBlockVisibleForMode,
 } from '@/lib/workflows/subblocks/visibility'
 import type { BlockConfig, SubBlockConfig, SubBlockType } from '@/blocks/types'
+import { usePermissionConfig } from '@/hooks/use-permission-config'
 import { useWorkflowDiffStore } from '@/stores/workflow-diff'
 import { mergeSubblockState } from '@/stores/workflows/utils'
 import { useWorkflowStore } from '@/stores/workflows/workflow/store'
@@ -35,6 +36,7 @@ export function useEditorSubblockLayout(
   const blockDataFromStore = useWorkflowStore(
     useCallback((state) => state.blocks?.[blockId]?.data, [blockId])
   )
+  const { config: permissionConfig } = usePermissionConfig()
 
   return useMemo(() => {
     // Guard against missing config or block selection
@@ -100,6 +102,9 @@ export function useEditorSubblockLayout(
     const visibleSubBlocks = (config.subBlocks || []).filter((block) => {
       if (block.hidden) return false
 
+      // Hide skill-input subblock when skills are disabled via permissions
+      if (block.type === 'skill-input' && permissionConfig.disableSkills) return false
+
       // Check required feature if specified - declarative feature gating
       if (!isSubBlockFeatureEnabled(block)) return false
 
@@ -149,5 +154,6 @@ export function useEditorSubblockLayout(
     activeWorkflowId,
     isSnapshotView,
     blockDataFromStore,
+    permissionConfig.disableSkills,
   ])
 }

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx

@@ -40,6 +40,7 @@ import { useCustomTools } from '@/hooks/queries/custom-tools'
 import { useMcpServers, useMcpToolsQuery } from '@/hooks/queries/mcp'
 import { useCredentialName } from '@/hooks/queries/oauth-credentials'
 import { useReactivateSchedule, useScheduleInfo } from '@/hooks/queries/schedules'
+import { useSkills } from '@/hooks/queries/skills'
 import { useDeployChildWorkflow } from '@/hooks/queries/workflows'
 import { useSelectorDisplayName } from '@/hooks/use-selector-display-name'
 import { useVariablesStore } from '@/stores/panel'
@@ -618,6 +619,48 @@ const SubBlockRow = memo(function SubBlockRow({
     return `${toolNames[0]}, ${toolNames[1]} +${toolNames.length - 2}`
   }, [subBlock?.type, rawValue, customTools, workspaceId])
 
+  /**
+   * Hydrates skill references to display names.
+   * Resolves skill IDs to their current names from the skills query.
+   */
+  const { data: workspaceSkills = [] } = useSkills(workspaceId || '')
+
+  const skillsDisplayValue = useMemo(() => {
+    if (subBlock?.type !== 'skill-input' || !Array.isArray(rawValue) || rawValue.length === 0) {
+      return null
+    }
+
+    interface StoredSkill {
+      skillId: string
+      name?: string
+    }
+
+    const skillNames = rawValue
+      .map((skill: StoredSkill) => {
+        if (!skill || typeof skill !== 'object') return null
+
+        // Priority 1: Resolve skill name from the skills query (fresh data)
+        if (skill.skillId) {
+          const foundSkill = workspaceSkills.find((s) => s.id === skill.skillId)
+          if (foundSkill?.name) return foundSkill.name
+        }
+
+        // Priority 2: Fall back to stored name (for deleted skills)
+        if (skill.name && typeof skill.name === 'string') return skill.name
+
+        // Priority 3: Use skillId as last resort
+        if (skill.skillId) return skill.skillId
+
+        return null
+      })
+      .filter((name): name is string => !!name)
+
+    if (skillNames.length === 0) return null
+    if (skillNames.length === 1) return skillNames[0]
+    if (skillNames.length === 2) return `${skillNames[0]}, ${skillNames[1]}`
+    return `${skillNames[0]}, ${skillNames[1]} +${skillNames.length - 2}`
+  }, [subBlock?.type, rawValue, workspaceSkills])
+
   const isPasswordField = subBlock?.password === true
   const maskedValue = isPasswordField && value && value !== '-' ? '•••' : null
 
@@ -627,6 +670,7 @@ const SubBlockRow = memo(function SubBlockRow({
     dropdownLabel ||
     variablesDisplayValue ||
     toolsDisplayValue ||
+    skillsDisplayValue ||
     knowledgeBaseDisplayName ||
     workflowSelectionName ||
     mcpServerDisplayName ||

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx

@@ -18,7 +18,7 @@ import 'reactflow/dist/style.css'
 import { createLogger } from '@sim/logger'
 import { useShallow } from 'zustand/react/shallow'
 import { useSession } from '@/lib/auth/auth-client'
-import type { OAuthConnectEventDetail } from '@/lib/copilot/tools/client/base-tool'
+import type { OAuthConnectEventDetail } from '@/lib/copilot/tools/client/other/oauth-request-access'
 import type { OAuthProvider } from '@/lib/oauth'
 import { BLOCK_DIMENSIONS, CONTAINER_DIMENSIONS } from '@/lib/workflows/blocks/block-dimensions'
 import { TriggerUtils } from '@/lib/workflows/triggers/triggers'

apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx

@@ -784,8 +784,12 @@ function PreviewEditorContent({
     ? childWorkflowSnapshotState
     : childWorkflowState
   const resolvedIsLoadingChildWorkflow = isExecutionMode ? false : isLoadingChildWorkflow
+  const isBlockNotExecuted = isExecutionMode && !executionData
   const isMissingChildWorkflow =
-    Boolean(childWorkflowId) && !resolvedIsLoadingChildWorkflow && !resolvedChildWorkflowState
+    Boolean(childWorkflowId) &&
+    !isBlockNotExecuted &&
+    !resolvedIsLoadingChildWorkflow &&
+    !resolvedChildWorkflowState
 
   /** Drills down into the child workflow or opens it in a new tab */
   const handleExpandChildWorkflow = useCallback(() => {
@@ -1192,7 +1196,7 @@ function PreviewEditorContent({
         <div ref={subBlocksRef} className='subblocks-section flex flex-1 flex-col overflow-hidden'>
           <div className='flex-1 overflow-y-auto overflow-x-hidden'>
             {/* Not Executed Banner - shown when in execution mode but block wasn't executed */}
-            {isExecutionMode && !executionData && (
+            {isBlockNotExecuted && (
               <div className='flex min-w-0 flex-col gap-[8px] overflow-hidden border-[var(--border)] border-b px-[12px] py-[10px]'>
                 <div className='flex items-center justify-between'>
                   <Badge variant='gray-secondary' size='sm' dot>
@@ -1419,9 +1423,11 @@ function PreviewEditorContent({
                     ) : (
                       <div className='flex h-full items-center justify-center bg-[var(--surface-3)]'>
                         <span className='text-[13px] text-[var(--text-tertiary)]'>
-                          {isMissingChildWorkflow
+                          {isBlockNotExecuted
-                            ? DELETED_WORKFLOW_LABEL
+                            ? 'Not Executed'
-                            : 'Unable to load preview'}
+                            : isMissingChildWorkflow
+                              ? DELETED_WORKFLOW_LABEL
+                              : 'Unable to load preview'}
                         </span>
                       </div>
                     )}

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx

@@ -27,6 +27,13 @@ interface SkillModalProps {
 
 const KEBAB_CASE_REGEX = /^[a-z0-9]+(-[a-z0-9]+)*$/
 
+interface FieldErrors {
+  name?: string
+  description?: string
+  content?: string
+  general?: string
+}
+
 export function SkillModal({
   open,
   onOpenChange,
@@ -43,7 +50,7 @@ export function SkillModal({
   const [name, setName] = useState('')
   const [description, setDescription] = useState('')
   const [content, setContent] = useState('')
-  const [formError, setFormError] = useState('')
+  const [errors, setErrors] = useState<FieldErrors>({})
   const [saving, setSaving] = useState(false)
 
   useEffect(() => {
@@ -57,7 +64,7 @@ export function SkillModal({
         setDescription('')
         setContent('')
       }
-      setFormError('')
+      setErrors({})
     }
   }, [open, initialValues])
 
@@ -71,24 +78,26 @@ export function SkillModal({
   }, [name, description, content, initialValues])
 
   const handleSave = async () => {
+    const newErrors: FieldErrors = {}
+
     if (!name.trim()) {
-      setFormError('Name is required')
+      newErrors.name = 'Name is required'
-      return
+    } else if (name.length > 64) {
-    }
+      newErrors.name = 'Name must be 64 characters or less'
-    if (name.length > 64) {
+    } else if (!KEBAB_CASE_REGEX.test(name)) {
-      setFormError('Name must be 64 characters or less')
+      newErrors.name = 'Name must be kebab-case (e.g. my-skill)'
-      return
-    }
-    if (!KEBAB_CASE_REGEX.test(name)) {
-      setFormError('Name must be kebab-case (e.g. my-skill)')
-      return
     }
+
     if (!description.trim()) {
-      setFormError('Description is required')
+      newErrors.description = 'Description is required'
-      return
     }
+
     if (!content.trim()) {
-      setFormError('Content is required')
+      newErrors.content = 'Content is required'
+    }
+
+    if (Object.keys(newErrors).length > 0) {
+      setErrors(newErrors)
       return
     }
 
@@ -113,7 +122,7 @@ export function SkillModal({
         error instanceof Error && error.message.includes('already exists')
           ? error.message
           : 'Failed to save skill. Please try again.'
-      setFormError(message)
+      setErrors({ general: message })
     } finally {
       setSaving(false)
     }
@@ -135,12 +144,17 @@ export function SkillModal({
                 value={name}
                 onChange={(e) => {
                   setName(e.target.value)
-                  if (formError) setFormError('')
+                  if (errors.name || errors.general)
+                    setErrors((prev) => ({ ...prev, name: undefined, general: undefined }))
                 }}
               />
-              <span className='text-[11px] text-[var(--text-muted)]'>
+              {errors.name ? (
-                Lowercase letters, numbers, and hyphens (e.g. my-skill)
+                <p className='text-[12px] text-[var(--text-error)]'>{errors.name}</p>
-              </span>
+              ) : (
+                <span className='text-[11px] text-[var(--text-muted)]'>
+                  Lowercase letters, numbers, and hyphens (e.g. my-skill)
+                </span>
+              )}
             </div>
 
             <div className='flex flex-col gap-[4px]'>
@@ -153,10 +167,14 @@ export function SkillModal({
                 value={description}
                 onChange={(e) => {
                   setDescription(e.target.value)
-                  if (formError) setFormError('')
+                  if (errors.description || errors.general)
+                    setErrors((prev) => ({ ...prev, description: undefined, general: undefined }))
                 }}
                 maxLength={1024}
               />
+              {errors.description && (
+                <p className='text-[12px] text-[var(--text-error)]'>{errors.description}</p>
+              )}
             </div>
 
             <div className='flex flex-col gap-[4px]'>
@@ -169,13 +187,19 @@ export function SkillModal({
                 value={content}
                 onChange={(e: ChangeEvent<HTMLTextAreaElement>) => {
                   setContent(e.target.value)
-                  if (formError) setFormError('')
+                  if (errors.content || errors.general)
+                    setErrors((prev) => ({ ...prev, content: undefined, general: undefined }))
                 }}
                 className='min-h-[200px] resize-y font-mono text-[13px]'
               />
+              {errors.content && (
+                <p className='text-[12px] text-[var(--text-error)]'>{errors.content}</p>
+              )}
             </div>
 
-            {formError && <span className='text-[11px] text-[var(--text-error)]'>{formError}</span>}
+            {errors.general && (
+              <p className='text-[12px] text-[var(--text-error)]'>{errors.general}</p>
+            )}
           </div>
         </ModalBody>
         <ModalFooter className='items-center justify-between'>

apps/sim/blocks/blocks/agent.ts

@@ -1,31 +1,9 @@
 import { createLogger } from '@sim/logger'
 import { AgentIcon } from '@/components/icons'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
-import {
+import { getApiKeyCondition, getModelConfigSubBlocks, MODEL_CONFIG_INPUTS } from '@/blocks/utils'
-  getBaseModelProviders,
+import { getBaseModelProviders, getProviderIcon, providers } from '@/providers/utils'
-  getHostedModels,
-  getMaxTemperature,
-  getProviderIcon,
-  getReasoningEffortValuesForModel,
-  getThinkingLevelsForModel,
-  getVerbosityValuesForModel,
-  MODELS_WITH_REASONING_EFFORT,
-  MODELS_WITH_THINKING,
-  MODELS_WITH_VERBOSITY,
-  providers,
-  supportsTemperature,
-} from '@/providers/utils'
-
-const getCurrentOllamaModels = () => {
-  return useProvidersStore.getState().providers.ollama.models
-}
-
-const getCurrentVLLMModels = () => {
-  return useProvidersStore.getState().providers.vllm.models
-}
-
 import { useProvidersStore } from '@/stores/providers'
 import type { ToolResponse } from '@/tools/types'
 
@@ -158,165 +136,7 @@ Return ONLY the JSON array.`,
         value: providers.vertex.models,
       },
     },
-    {
+    ...getModelConfigSubBlocks(),
-      id: 'reasoningEffort',
-      title: 'Reasoning Effort',
-      type: 'dropdown',
-      placeholder: 'Select reasoning effort...',
-      options: [
-        { label: 'low', id: 'low' },
-        { label: 'medium', id: 'medium' },
-        { label: 'high', id: 'high' },
-      ],
-      dependsOn: ['model'],
-      fetchOptions: async (blockId: string) => {
-        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
-        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
-
-        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
-        if (!activeWorkflowId) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
-        const blockValues = workflowValues?.[blockId]
-        const modelValue = blockValues?.model as string
-
-        if (!modelValue) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const validOptions = getReasoningEffortValuesForModel(modelValue)
-        if (!validOptions) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        return validOptions.map((opt) => ({ label: opt, id: opt }))
-      },
-      value: () => 'medium',
-      condition: {
-        field: 'model',
-        value: MODELS_WITH_REASONING_EFFORT,
-      },
-    },
-    {
-      id: 'verbosity',
-      title: 'Verbosity',
-      type: 'dropdown',
-      placeholder: 'Select verbosity...',
-      options: [
-        { label: 'low', id: 'low' },
-        { label: 'medium', id: 'medium' },
-        { label: 'high', id: 'high' },
-      ],
-      dependsOn: ['model'],
-      fetchOptions: async (blockId: string) => {
-        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
-        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
-
-        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
-        if (!activeWorkflowId) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
-        const blockValues = workflowValues?.[blockId]
-        const modelValue = blockValues?.model as string
-
-        if (!modelValue) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const validOptions = getVerbosityValuesForModel(modelValue)
-        if (!validOptions) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'medium', id: 'medium' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        return validOptions.map((opt) => ({ label: opt, id: opt }))
-      },
-      value: () => 'medium',
-      condition: {
-        field: 'model',
-        value: MODELS_WITH_VERBOSITY,
-      },
-    },
-    {
-      id: 'thinkingLevel',
-      title: 'Thinking Level',
-      type: 'dropdown',
-      placeholder: 'Select thinking level...',
-      options: [
-        { label: 'minimal', id: 'minimal' },
-        { label: 'low', id: 'low' },
-        { label: 'medium', id: 'medium' },
-        { label: 'high', id: 'high' },
-        { label: 'max', id: 'max' },
-      ],
-      dependsOn: ['model'],
-      fetchOptions: async (blockId: string) => {
-        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
-        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
-
-        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
-        if (!activeWorkflowId) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
-        const blockValues = workflowValues?.[blockId]
-        const modelValue = blockValues?.model as string
-
-        if (!modelValue) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        const validOptions = getThinkingLevelsForModel(modelValue)
-        if (!validOptions) {
-          return [
-            { label: 'low', id: 'low' },
-            { label: 'high', id: 'high' },
-          ]
-        }
-
-        return validOptions.map((opt) => ({ label: opt, id: opt }))
-      },
-      value: () => 'high',
-      condition: {
-        field: 'model',
-        value: MODELS_WITH_THINKING,
-      },
-    },
-
     {
       id: 'azureEndpoint',
       title: 'Azure Endpoint',
@@ -333,11 +153,11 @@ Return ONLY the JSON array.`,
       id: 'azureApiVersion',
       title: 'Azure API Version',
       type: 'short-input',
-      placeholder: '2024-07-01-preview',
+      placeholder: 'Enter API version',
       connectionDroppable: false,
       condition: {
         field: 'model',
-        value: providers['azure-openai'].models,
+        value: [...providers['azure-openai'].models, ...providers['azure-anthropic'].models],
       },
     },
     {
@@ -401,6 +221,16 @@ Return ONLY the JSON array.`,
         value: providers.bedrock.models,
       },
     },
+    {
+      id: 'apiKey',
+      title: 'API Key',
+      type: 'short-input',
+      placeholder: 'Enter your API key',
+      password: true,
+      connectionDroppable: false,
+      required: true,
+      condition: getApiKeyCondition(),
+    },
     {
       id: 'tools',
       title: 'Tools',
@@ -413,32 +243,6 @@ Return ONLY the JSON array.`,
       type: 'skill-input',
       defaultValue: [],
     },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      // Hide API key for hosted models, Ollama models, vLLM models, Vertex models (uses OAuth), and Bedrock (uses AWS credentials)
-      condition: isHosted
-        ? {
-            field: 'model',
-            value: [...getHostedModels(), ...providers.vertex.models, ...providers.bedrock.models],
-            not: true, // Show for all models EXCEPT those listed
-          }
-        : () => ({
-            field: 'model',
-            value: [
-              ...getCurrentOllamaModels(),
-              ...getCurrentVLLMModels(),
-              ...providers.vertex.models,
-              ...providers.bedrock.models,
-            ],
-            not: true, // Show for all models EXCEPT Ollama, vLLM, Vertex, and Bedrock models
-          }),
-    },
     {
       id: 'memoryType',
       title: 'Memory',
@@ -486,46 +290,6 @@ Return ONLY the JSON array.`,
         value: ['sliding_window_tokens'],
       },
     },
-    {
-      id: 'temperature',
-      title: 'Temperature',
-      type: 'slider',
-      min: 0,
-      max: 1,
-      defaultValue: 0.3,
-      condition: () => ({
-        field: 'model',
-        value: (() => {
-          const allModels = Object.keys(getBaseModelProviders())
-          return allModels.filter(
-            (model) => supportsTemperature(model) && getMaxTemperature(model) === 1
-          )
-        })(),
-      }),
-    },
-    {
-      id: 'temperature',
-      title: 'Temperature',
-      type: 'slider',
-      min: 0,
-      max: 2,
-      defaultValue: 0.3,
-      condition: () => ({
-        field: 'model',
-        value: (() => {
-          const allModels = Object.keys(getBaseModelProviders())
-          return allModels.filter(
-            (model) => supportsTemperature(model) && getMaxTemperature(model) === 2
-          )
-        })(),
-      }),
-    },
-    {
-      id: 'maxTokens',
-      title: 'Max Output Tokens',
-      type: 'short-input',
-      placeholder: 'Enter max tokens (e.g., 4096)...',
-    },
     {
       id: 'responseFormat',
       title: 'Response Format',
@@ -715,7 +479,7 @@ Example 3 (Array Input):
     },
     model: { type: 'string', description: 'AI model to use' },
     apiKey: { type: 'string', description: 'Provider API key' },
-    azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
+    azureEndpoint: { type: 'string', description: 'Azure endpoint URL' },
     azureApiVersion: { type: 'string', description: 'Azure API version' },
     vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
     vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
@@ -766,14 +530,7 @@ Example 3 (Array Input):
         required: ['schema'],
       },
     },
-    temperature: { type: 'number', description: 'Response randomness level' },
+    ...MODEL_CONFIG_INPUTS,
-    maxTokens: { type: 'number', description: 'Maximum number of tokens in the response' },
-    reasoningEffort: { type: 'string', description: 'Reasoning effort level for GPT-5 models' },
-    verbosity: { type: 'string', description: 'Verbosity level for GPT-5 models' },
-    thinkingLevel: {
-      type: 'string',
-      description: 'Thinking level for models with extended thinking (Anthropic Claude, Gemini 3)',
-    },
     tools: { type: 'json', description: 'Available tools configuration' },
     skills: { type: 'json', description: 'Selected skills configuration' },
   },

apps/sim/blocks/blocks/translate.ts

@@ -76,8 +76,9 @@ export const TranslateBlock: BlockConfig = {
         vertexProject: params.vertexProject,
         vertexLocation: params.vertexLocation,
         vertexCredential: params.vertexCredential,
-        bedrockRegion: params.bedrockRegion,
+        bedrockAccessKeyId: params.bedrockAccessKeyId,
         bedrockSecretKey: params.bedrockSecretKey,
+        bedrockRegion: params.bedrockRegion,
       }),
     },
   },

apps/sim/blocks/types.ts

@@ -208,7 +208,7 @@ export interface SubBlockConfig {
           not?: boolean
         }
       }
-    | (() => {
+    | ((values?: Record<string, unknown>) => {
         field: string
         value: string | number | boolean | Array<string | number | boolean>
         not?: boolean
@@ -261,7 +261,7 @@ export interface SubBlockConfig {
           not?: boolean
         }
       }
-    | (() => {
+    | ((values?: Record<string, unknown>) => {
         field: string
         value: string | number | boolean | Array<string | number | boolean>
         not?: boolean

apps/sim/blocks/utils.ts

@@ -1,6 +1,19 @@
 import { isHosted } from '@/lib/core/config/feature-flags'
 import type { BlockOutput, OutputFieldDefinition, SubBlockConfig } from '@/blocks/types'
-import { getHostedModels, providers } from '@/providers/utils'
+import {
+  getBaseModelProviders,
+  getHostedModels,
+  getMaxTemperature,
+  getProviderFromModel,
+  getReasoningEffortValuesForModel,
+  getThinkingLevelsForModel,
+  getVerbosityValuesForModel,
+  MODELS_WITH_REASONING_EFFORT,
+  MODELS_WITH_THINKING,
+  MODELS_WITH_VERBOSITY,
+  providers,
+  supportsTemperature,
+} from '@/providers/utils'
 import { useProvidersStore } from '@/stores/providers/store'
 
 /**
@@ -48,11 +61,54 @@ const getCurrentOllamaModels = () => {
   return useProvidersStore.getState().providers.ollama.models
 }
 
-/**
+function buildModelVisibilityCondition(model: string, shouldShow: boolean) {
- * Helper to get current vLLM models from store
+  if (!model) {
- */
+    return { field: 'model', value: '__no_model_selected__' }
-const getCurrentVLLMModels = () => {
+  }
-  return useProvidersStore.getState().providers.vllm.models
+
+  return shouldShow ? { field: 'model', value: model } : { field: 'model', value: model, not: true }
+}
+
+function shouldRequireApiKeyForModel(model: string): boolean {
+  const normalizedModel = model.trim().toLowerCase()
+  if (!normalizedModel) return false
+
+  const hostedModels = getHostedModels()
+  const isHostedModel = hostedModels.some(
+    (hostedModel) => hostedModel.toLowerCase() === normalizedModel
+  )
+  if (isHosted && isHostedModel) return false
+
+  if (normalizedModel.startsWith('vertex/') || normalizedModel.startsWith('bedrock/')) {
+    return false
+  }
+
+  if (normalizedModel.startsWith('vllm/')) {
+    return false
+  }
+
+  const currentOllamaModels = getCurrentOllamaModels()
+  if (currentOllamaModels.some((ollamaModel) => ollamaModel.toLowerCase() === normalizedModel)) {
+    return false
+  }
+
+  if (!isHosted) {
+    try {
+      const providerId = getProviderFromModel(model)
+      if (
+        providerId === 'ollama' ||
+        providerId === 'vllm' ||
+        providerId === 'vertex' ||
+        providerId === 'bedrock'
+      ) {
+        return false
+      }
+    } catch {
+      // If model resolution fails, fall through and require an API key.
+    }
+  }
+
+  return true
 }
 
 /**
@@ -60,27 +116,16 @@ const getCurrentVLLMModels = () => {
  * Handles hosted vs self-hosted environments and excludes providers that don't need API key.
  */
 export function getApiKeyCondition() {
-  return isHosted
+  return (values?: Record<string, unknown>) => {
-    ? {
+    const model = typeof values?.model === 'string' ? values.model : ''
-        field: 'model',
+    const shouldShow = shouldRequireApiKeyForModel(model)
-        value: [...getHostedModels(), ...providers.vertex.models, ...providers.bedrock.models],
+    return buildModelVisibilityCondition(model, shouldShow)
-        not: true,
+  }
-      }
-    : () => ({
-        field: 'model',
-        value: [
-          ...getCurrentOllamaModels(),
-          ...getCurrentVLLMModels(),
-          ...providers.vertex.models,
-          ...providers.bedrock.models,
-        ],
-        not: true,
-      })
 }
 
 /**
  * Returns the standard provider credential subblocks used by LLM-based blocks.
- * This includes: Vertex AI OAuth, API Key, Azure OpenAI, Vertex AI config, and Bedrock config.
+ * This includes: Vertex AI OAuth, API Key, Azure (OpenAI + Anthropic), Vertex AI config, and Bedrock config.
  *
  * Usage: Spread into your block's subBlocks array after block-specific fields
  */
@@ -111,25 +156,25 @@ export function getProviderCredentialSubBlocks(): SubBlockConfig[] {
     },
     {
       id: 'azureEndpoint',
-      title: 'Azure OpenAI Endpoint',
+      title: 'Azure Endpoint',
       type: 'short-input',
       password: true,
-      placeholder: 'https://your-resource.openai.azure.com',
+      placeholder: 'https://your-resource.services.ai.azure.com',
       connectionDroppable: false,
       condition: {
         field: 'model',
-        value: providers['azure-openai'].models,
+        value: [...providers['azure-openai'].models, ...providers['azure-anthropic'].models],
       },
     },
     {
       id: 'azureApiVersion',
       title: 'Azure API Version',
       type: 'short-input',
-      placeholder: '2024-07-01-preview',
+      placeholder: 'Enter API version',
       connectionDroppable: false,
       condition: {
         field: 'model',
-        value: providers['azure-openai'].models,
+        value: [...providers['azure-openai'].models, ...providers['azure-anthropic'].models],
       },
     },
     {
@@ -202,7 +247,7 @@ export function getProviderCredentialSubBlocks(): SubBlockConfig[] {
  */
 export const PROVIDER_CREDENTIAL_INPUTS = {
   apiKey: { type: 'string', description: 'Provider API key' },
-  azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
+  azureEndpoint: { type: 'string', description: 'Azure endpoint URL' },
   azureApiVersion: { type: 'string', description: 'Azure API version' },
   vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
   vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
@@ -250,6 +295,239 @@ export function createVersionedToolSelector<TParams extends Record<string, any>>
   }
 }
 
+/**
+ * Returns the standard model configuration subBlocks used by LLM-based blocks.
+ * Includes: reasoningEffort, verbosity, thinkingLevel, temperature (max=1 and max=2), maxTokens.
+ *
+ * Usage: Spread into your block's subBlocks array after provider credential fields
+ */
+export function getModelConfigSubBlocks(): SubBlockConfig[] {
+  return [
+    {
+      id: 'reasoningEffort',
+      title: 'Reasoning Effort',
+      type: 'dropdown',
+      placeholder: 'Select reasoning effort...',
+      options: [
+        { label: 'auto', id: 'auto' },
+        { label: 'low', id: 'low' },
+        { label: 'medium', id: 'medium' },
+        { label: 'high', id: 'high' },
+      ],
+      dependsOn: ['model'],
+      fetchOptions: async (blockId: string) => {
+        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
+        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
+
+        const autoOption = { label: 'auto', id: 'auto' }
+
+        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
+        if (!activeWorkflowId) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
+        const blockValues = workflowValues?.[blockId]
+        const modelValue = blockValues?.model as string
+
+        if (!modelValue) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        const validOptions = getReasoningEffortValuesForModel(modelValue)
+        if (!validOptions) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        return [autoOption, ...validOptions.map((opt) => ({ label: opt, id: opt }))]
+      },
+      mode: 'advanced',
+      condition: {
+        field: 'model',
+        value: MODELS_WITH_REASONING_EFFORT,
+      },
+    },
+    {
+      id: 'verbosity',
+      title: 'Verbosity',
+      type: 'dropdown',
+      placeholder: 'Select verbosity...',
+      options: [
+        { label: 'auto', id: 'auto' },
+        { label: 'low', id: 'low' },
+        { label: 'medium', id: 'medium' },
+        { label: 'high', id: 'high' },
+      ],
+      dependsOn: ['model'],
+      fetchOptions: async (blockId: string) => {
+        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
+        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
+
+        const autoOption = { label: 'auto', id: 'auto' }
+
+        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
+        if (!activeWorkflowId) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
+        const blockValues = workflowValues?.[blockId]
+        const modelValue = blockValues?.model as string
+
+        if (!modelValue) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        const validOptions = getVerbosityValuesForModel(modelValue)
+        if (!validOptions) {
+          return [
+            autoOption,
+            { label: 'low', id: 'low' },
+            { label: 'medium', id: 'medium' },
+            { label: 'high', id: 'high' },
+          ]
+        }
+
+        return [autoOption, ...validOptions.map((opt) => ({ label: opt, id: opt }))]
+      },
+      mode: 'advanced',
+      condition: {
+        field: 'model',
+        value: MODELS_WITH_VERBOSITY,
+      },
+    },
+    {
+      id: 'thinkingLevel',
+      title: 'Thinking Level',
+      type: 'dropdown',
+      placeholder: 'Select thinking level...',
+      options: [
+        { label: 'none', id: 'none' },
+        { label: 'minimal', id: 'minimal' },
+        { label: 'low', id: 'low' },
+        { label: 'medium', id: 'medium' },
+        { label: 'high', id: 'high' },
+        { label: 'max', id: 'max' },
+      ],
+      dependsOn: ['model'],
+      fetchOptions: async (blockId: string) => {
+        const { useSubBlockStore } = await import('@/stores/workflows/subblock/store')
+        const { useWorkflowRegistry } = await import('@/stores/workflows/registry/store')
+
+        const noneOption = { label: 'none', id: 'none' }
+
+        const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
+        if (!activeWorkflowId) {
+          return [noneOption, { label: 'low', id: 'low' }, { label: 'high', id: 'high' }]
+        }
+
+        const workflowValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]
+        const blockValues = workflowValues?.[blockId]
+        const modelValue = blockValues?.model as string
+
+        if (!modelValue) {
+          return [noneOption, { label: 'low', id: 'low' }, { label: 'high', id: 'high' }]
+        }
+
+        const validOptions = getThinkingLevelsForModel(modelValue)
+        if (!validOptions) {
+          return [noneOption, { label: 'low', id: 'low' }, { label: 'high', id: 'high' }]
+        }
+
+        return [noneOption, ...validOptions.map((opt) => ({ label: opt, id: opt }))]
+      },
+      mode: 'advanced',
+      condition: {
+        field: 'model',
+        value: MODELS_WITH_THINKING,
+      },
+    },
+    {
+      id: 'temperature',
+      title: 'Temperature',
+      type: 'slider',
+      min: 0,
+      max: 1,
+      defaultValue: 0.3,
+      mode: 'advanced',
+      condition: () => ({
+        field: 'model',
+        value: (() => {
+          const allModels = Object.keys(getBaseModelProviders())
+          return allModels.filter(
+            (model) => supportsTemperature(model) && getMaxTemperature(model) === 1
+          )
+        })(),
+      }),
+    },
+    {
+      id: 'temperature',
+      title: 'Temperature',
+      type: 'slider',
+      min: 0,
+      max: 2,
+      defaultValue: 0.3,
+      mode: 'advanced',
+      condition: () => ({
+        field: 'model',
+        value: (() => {
+          const allModels = Object.keys(getBaseModelProviders())
+          return allModels.filter(
+            (model) => supportsTemperature(model) && getMaxTemperature(model) === 2
+          )
+        })(),
+      }),
+    },
+    {
+      id: 'maxTokens',
+      title: 'Max Output Tokens',
+      type: 'short-input',
+      placeholder: 'Enter max tokens (e.g., 4096)...',
+      mode: 'advanced',
+    },
+  ]
+}
+
+/**
+ * Returns the standard input definitions for model configuration parameters.
+ * Use this in your block's inputs definition.
+ */
+export const MODEL_CONFIG_INPUTS = {
+  temperature: { type: 'number', description: 'Response randomness level' },
+  maxTokens: { type: 'number', description: 'Maximum number of tokens in the response' },
+  reasoningEffort: { type: 'string', description: 'Reasoning effort level' },
+  verbosity: { type: 'string', description: 'Verbosity level' },
+  thinkingLevel: {
+    type: 'string',
+    description: 'Thinking level for models with extended thinking',
+  },
+} as const
+
 const DEFAULT_MULTIPLE_FILES_ERROR =
   'File reference must be a single file, not an array. Use <block.files[0]> to select one file.'
 

apps/sim/components/icons.tsx

@@ -5468,18 +5468,18 @@ export function AgentSkillsIcon(props: SVGProps<SVGSVGElement>) {
     <svg
       {...props}
       xmlns='http://www.w3.org/2000/svg'
-      width='24'
+      width='16'
-      height='24'
+      height='16'
-      viewBox='0 0 32 32'
+      viewBox='0 0 16 16'
       fill='none'
     >
-      <path d='M16 0.5L29.4234 8.25V23.75L16 31.5L2.57661 23.75V8.25L16 0.5Z' fill='currentColor' />
       <path
-        d='M16 6L24.6603 11V21L16 26L7.33975 21V11L16 6Z'
+        d='M8 1L14.0622 4.5V11.5L8 15L1.93782 11.5V4.5L8 1Z'
-        fill='currentColor'
+        stroke='currentColor'
-        stroke='var(--background, white)'
+        strokeWidth='1.5'
-        strokeWidth='3'
+        fill='none'
       />
+      <path d='M8 4.5L11 6.25V9.75L8 11.5L5 9.75V6.25L8 4.5Z' fill='currentColor' />
     </svg>
   )
 }

apps/sim/components/ui/tool-call.tsx

@@ -5,43 +5,10 @@ import { CheckCircle, ChevronDown, ChevronRight, Loader2, Settings, XCircle } fr
 import { Badge } from '@/components/emcn'
 import { Button } from '@/components/ui/button'
 import { Collapsible, CollapsibleContent, CollapsibleTrigger } from '@/components/ui/collapsible'
+import type { ToolCallGroup, ToolCallState } from '@/lib/copilot/types'
 import { cn } from '@/lib/core/utils/cn'
 import { formatDuration } from '@/lib/core/utils/formatting'
 
-interface ToolCallState {
-  id: string
-  name: string
-  displayName?: string
-  parameters?: Record<string, unknown>
-  state:
-    | 'detecting'
-    | 'pending'
-    | 'executing'
-    | 'completed'
-    | 'error'
-    | 'rejected'
-    | 'applied'
-    | 'ready_for_review'
-    | 'aborted'
-    | 'skipped'
-    | 'background'
-  startTime?: number
-  endTime?: number
-  duration?: number
-  result?: unknown
-  error?: string
-  progress?: string
-}
-
-interface ToolCallGroup {
-  id: string
-  toolCalls: ToolCallState[]
-  status: 'pending' | 'in_progress' | 'completed' | 'error'
-  startTime?: number
-  endTime?: number
-  summary?: string
-}
-
 interface ToolCallProps {
   toolCall: ToolCallState
   isCompact?: boolean

apps/sim/executor/execution/engine.ts

@@ -4,7 +4,6 @@ import { BlockType } from '@/executor/constants'
 import type { DAG } from '@/executor/dag/builder'
 import type { EdgeManager } from '@/executor/execution/edge-manager'
 import { serializePauseSnapshot } from '@/executor/execution/snapshot-serializer'
-import type { SerializableExecutionState } from '@/executor/execution/types'
 import type { NodeExecutionOrchestrator } from '@/executor/orchestrators/node'
 import type {
   ExecutionContext,
@@ -136,7 +135,6 @@ export class ExecutionEngine {
           success: false,
           output: this.finalOutput,
           logs: this.context.blockLogs,
-          executionState: this.getSerializableExecutionState(),
           metadata: this.context.metadata,
           status: 'cancelled',
         }
@@ -146,7 +144,6 @@ export class ExecutionEngine {
         success: true,
         output: this.finalOutput,
         logs: this.context.blockLogs,
-        executionState: this.getSerializableExecutionState(),
         metadata: this.context.metadata,
       }
     } catch (error) {
@@ -160,7 +157,6 @@ export class ExecutionEngine {
           success: false,
           output: this.finalOutput,
           logs: this.context.blockLogs,
-          executionState: this.getSerializableExecutionState(),
           metadata: this.context.metadata,
           status: 'cancelled',
         }
@@ -463,7 +459,6 @@ export class ExecutionEngine {
       success: true,
       output: this.collectPauseResponses(),
       logs: this.context.blockLogs,
-      executionState: this.getSerializableExecutionState(snapshotSeed),
       metadata: this.context.metadata,
       status: 'paused',
       pausePoints,
@@ -471,24 +466,6 @@ export class ExecutionEngine {
     }
   }
 
-  private getSerializableExecutionState(snapshotSeed?: {
-    snapshot: string
-  }): SerializableExecutionState | undefined {
-    try {
-      const serializedSnapshot =
-        snapshotSeed?.snapshot ?? serializePauseSnapshot(this.context, [], this.dag).snapshot
-      const parsedSnapshot = JSON.parse(serializedSnapshot) as {
-        state?: SerializableExecutionState
-      }
-      return parsedSnapshot.state
-    } catch (error) {
-      logger.warn('Failed to serialize execution state', {
-        error: error instanceof Error ? error.message : String(error),
-      })
-      return undefined
-    }
-  }
-
   private collectPauseResponses(): NormalizedBlockOutput {
     const responses = Array.from(this.pausedBlocks.values()).map((pause) => pause.response)
 

apps/sim/executor/handlers/agent/agent-handler.ts

@@ -326,6 +326,7 @@ export class AgentBlockHandler implements BlockHandler {
             _context: {
               workflowId: ctx.workflowId,
               workspaceId: ctx.workspaceId,
+              userId: ctx.userId,
               isDeployedContext: ctx.isDeployedContext,
             },
           },
@@ -377,6 +378,9 @@ export class AgentBlockHandler implements BlockHandler {
       if (ctx.workflowId) {
         params.workflowId = ctx.workflowId
       }
+      if (ctx.userId) {
+        params.userId = ctx.userId
+      }
 
       const url = buildAPIUrl('/api/tools/custom', params)
       const response = await fetch(url.toString(), {
@@ -487,7 +491,9 @@ export class AgentBlockHandler implements BlockHandler {
       usageControl: tool.usageControl || 'auto',
       executeFunction: async (callParams: Record<string, any>) => {
         const headers = await buildAuthHeaders()
-        const execUrl = buildAPIUrl('/api/mcp/tools/execute')
+        const execParams: Record<string, string> = {}
+        if (ctx.userId) execParams.userId = ctx.userId
+        const execUrl = buildAPIUrl('/api/mcp/tools/execute', execParams)
 
         const execResponse = await fetch(execUrl.toString(), {
           method: 'POST',
@@ -596,6 +602,7 @@ export class AgentBlockHandler implements BlockHandler {
       serverId,
       workspaceId: ctx.workspaceId,
       workflowId: ctx.workflowId,
+      ...(ctx.userId ? { userId: ctx.userId } : {}),
     })
 
     const maxAttempts = 2
@@ -670,7 +677,9 @@ export class AgentBlockHandler implements BlockHandler {
       usageControl: tool.usageControl || 'auto',
       executeFunction: async (callParams: Record<string, any>) => {
         const headers = await buildAuthHeaders()
-        const execUrl = buildAPIUrl('/api/mcp/tools/execute')
+        const discoverExecParams: Record<string, string> = {}
+        if (ctx.userId) discoverExecParams.userId = ctx.userId
+        const execUrl = buildAPIUrl('/api/mcp/tools/execute', discoverExecParams)
 
         const execResponse = await fetch(execUrl.toString(), {
           method: 'POST',
@@ -906,24 +915,17 @@ export class AgentBlockHandler implements BlockHandler {
       }
     }
 
-    // Find first system message
     const firstSystemIndex = messages.findIndex((msg) => msg.role === 'system')
 
     if (firstSystemIndex === -1) {
-      // No system message exists - add at position 0
       messages.unshift({ role: 'system', content })
     } else if (firstSystemIndex === 0) {
-      // System message already at position 0 - replace it
-      // Explicit systemPrompt parameter takes precedence over memory/messages
       messages[0] = { role: 'system', content }
     } else {
-      // System message exists but not at position 0 - move it to position 0
-      // and update with new content
       messages.splice(firstSystemIndex, 1)
       messages.unshift({ role: 'system', content })
     }
 
-    // Remove any additional system messages (keep only the first one)
     for (let i = messages.length - 1; i >= 1; i--) {
       if (messages[i].role === 'system') {
         messages.splice(i, 1)
@@ -989,13 +991,14 @@ export class AgentBlockHandler implements BlockHandler {
       workflowId: ctx.workflowId,
       workspaceId: ctx.workspaceId,
       stream: streaming,
-      messages,
+      messages: messages?.map(({ executionId, ...msg }) => msg),
       environmentVariables: ctx.environmentVariables || {},
       workflowVariables: ctx.workflowVariables || {},
       blockData,
       blockNameMapping,
       reasoningEffort: inputs.reasoningEffort,
       verbosity: inputs.verbosity,
+      thinkingLevel: inputs.thinkingLevel,
     }
   }
 
@@ -1055,6 +1058,7 @@ export class AgentBlockHandler implements BlockHandler {
         responseFormat: providerRequest.responseFormat,
         workflowId: providerRequest.workflowId,
         workspaceId: ctx.workspaceId,
+        userId: ctx.userId,
         stream: providerRequest.stream,
         messages: 'messages' in providerRequest ? providerRequest.messages : undefined,
         environmentVariables: ctx.environmentVariables || {},
@@ -1064,6 +1068,7 @@ export class AgentBlockHandler implements BlockHandler {
         isDeployedContext: ctx.isDeployedContext,
         reasoningEffort: providerRequest.reasoningEffort,
         verbosity: providerRequest.verbosity,
+        thinkingLevel: providerRequest.thinkingLevel,
       })
 
       return this.processProviderResponse(response, block, responseFormat)
@@ -1081,8 +1086,6 @@ export class AgentBlockHandler implements BlockHandler {
 
     logger.info(`[${requestId}] Resolving Vertex AI credential: ${credentialId}`)
 
-    // Get the credential - we need to find the owner
-    // Since we're in a workflow context, we can query the credential directly
     const credential = await db.query.account.findFirst({
       where: eq(account.id, credentialId),
     })
@@ -1091,7 +1094,6 @@ export class AgentBlockHandler implements BlockHandler {
       throw new Error(`Vertex AI credential not found: ${credentialId}`)
     }
 
-    // Refresh the token if needed
     const { accessToken } = await refreshTokenIfNeeded(requestId, credential, credentialId)
 
     if (!accessToken) {

apps/sim/executor/handlers/agent/types.ts

@@ -34,6 +34,7 @@ export interface AgentInputs {
   bedrockRegion?: string
   reasoningEffort?: string
   verbosity?: string
+  thinkingLevel?: string
 }
 
 export interface ToolInput {

apps/sim/executor/handlers/api/api-handler.ts

@@ -72,6 +72,7 @@ export class ApiBlockHandler implements BlockHandler {
             workflowId: ctx.workflowId,
             workspaceId: ctx.workspaceId,
             executionId: ctx.executionId,
+            userId: ctx.userId,
             isDeployedContext: ctx.isDeployedContext,
           },
         },

apps/sim/executor/handlers/condition/condition-handler.ts

@@ -48,6 +48,7 @@ export async function evaluateConditionExpression(
         _context: {
           workflowId: ctx.workflowId,
           workspaceId: ctx.workspaceId,
+          userId: ctx.userId,
           isDeployedContext: ctx.isDeployedContext,
         },
       },

apps/sim/executor/handlers/evaluator/evaluator-handler.ts

@@ -104,7 +104,7 @@ export class EvaluatorBlockHandler implements BlockHandler {
     }
 
     try {
-      const url = buildAPIUrl('/api/providers')
+      const url = buildAPIUrl('/api/providers', ctx.userId ? { userId: ctx.userId } : {})
 
       const providerRequest: Record<string, any> = {
         provider: providerId,
@@ -121,26 +121,17 @@ export class EvaluatorBlockHandler implements BlockHandler {
 
         temperature: EVALUATOR.DEFAULT_TEMPERATURE,
         apiKey: finalApiKey,
+        azureEndpoint: inputs.azureEndpoint,
+        azureApiVersion: inputs.azureApiVersion,
+        vertexProject: evaluatorConfig.vertexProject,
+        vertexLocation: evaluatorConfig.vertexLocation,
+        bedrockAccessKeyId: evaluatorConfig.bedrockAccessKeyId,
+        bedrockSecretKey: evaluatorConfig.bedrockSecretKey,
+        bedrockRegion: evaluatorConfig.bedrockRegion,
         workflowId: ctx.workflowId,
         workspaceId: ctx.workspaceId,
       }
 
-      if (providerId === 'vertex') {
-        providerRequest.vertexProject = evaluatorConfig.vertexProject
-        providerRequest.vertexLocation = evaluatorConfig.vertexLocation
-      }
-
-      if (providerId === 'azure-openai') {
-        providerRequest.azureEndpoint = inputs.azureEndpoint
-        providerRequest.azureApiVersion = inputs.azureApiVersion
-      }
-
-      if (providerId === 'bedrock') {
-        providerRequest.bedrockAccessKeyId = evaluatorConfig.bedrockAccessKeyId
-        providerRequest.bedrockSecretKey = evaluatorConfig.bedrockSecretKey
-        providerRequest.bedrockRegion = evaluatorConfig.bedrockRegion
-      }
-
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: await buildAuthHeaders(),

apps/sim/executor/handlers/function/function-handler.ts

@@ -39,6 +39,7 @@ export class FunctionBlockHandler implements BlockHandler {
         _context: {
           workflowId: ctx.workflowId,
           workspaceId: ctx.workspaceId,
+          userId: ctx.userId,
           isDeployedContext: ctx.isDeployedContext,
         },
       },

apps/sim/executor/handlers/generic/generic-handler.ts

@@ -66,6 +66,7 @@ export class GenericBlockHandler implements BlockHandler {
             workflowId: ctx.workflowId,
             workspaceId: ctx.workspaceId,
             executionId: ctx.executionId,
+            userId: ctx.userId,
             isDeployedContext: ctx.isDeployedContext,
           },
         },

apps/sim/executor/handlers/human-in-the-loop/human-in-the-loop-handler.ts

@@ -605,6 +605,7 @@ export class HumanInTheLoopBlockHandler implements BlockHandler {
           _context: {
             workflowId: ctx.workflowId,
             workspaceId: ctx.workspaceId,
+            userId: ctx.userId,
             isDeployedContext: ctx.isDeployedContext,
           },
           blockData: blockDataWithPause,

apps/sim/executor/handlers/router/router-handler.ts

@@ -80,6 +80,7 @@ export class RouterBlockHandler implements BlockHandler {
 
     try {
       const url = new URL('/api/providers', getBaseUrl())
+      if (ctx.userId) url.searchParams.set('userId', ctx.userId)
 
       const messages = [{ role: 'user', content: routerConfig.prompt }]
       const systemPrompt = generateRouterPrompt(routerConfig.prompt, targetBlocks)
@@ -96,26 +97,17 @@ export class RouterBlockHandler implements BlockHandler {
         context: JSON.stringify(messages),
         temperature: ROUTER.INFERENCE_TEMPERATURE,
         apiKey: finalApiKey,
+        azureEndpoint: inputs.azureEndpoint,
+        azureApiVersion: inputs.azureApiVersion,
+        vertexProject: routerConfig.vertexProject,
+        vertexLocation: routerConfig.vertexLocation,
+        bedrockAccessKeyId: routerConfig.bedrockAccessKeyId,
+        bedrockSecretKey: routerConfig.bedrockSecretKey,
+        bedrockRegion: routerConfig.bedrockRegion,
         workflowId: ctx.workflowId,
         workspaceId: ctx.workspaceId,
       }
 
-      if (providerId === 'vertex') {
-        providerRequest.vertexProject = routerConfig.vertexProject
-        providerRequest.vertexLocation = routerConfig.vertexLocation
-      }
-
-      if (providerId === 'azure-openai') {
-        providerRequest.azureEndpoint = inputs.azureEndpoint
-        providerRequest.azureApiVersion = inputs.azureApiVersion
-      }
-
-      if (providerId === 'bedrock') {
-        providerRequest.bedrockAccessKeyId = routerConfig.bedrockAccessKeyId
-        providerRequest.bedrockSecretKey = routerConfig.bedrockSecretKey
-        providerRequest.bedrockRegion = routerConfig.bedrockRegion
-      }
-
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: await buildAuthHeaders(),
@@ -218,6 +210,7 @@ export class RouterBlockHandler implements BlockHandler {
 
     try {
       const url = new URL('/api/providers', getBaseUrl())
+      if (ctx.userId) url.searchParams.set('userId', ctx.userId)
 
       const messages = [{ role: 'user', content: routerConfig.context }]
       const systemPrompt = generateRouterV2Prompt(routerConfig.context, routes)
@@ -234,6 +227,13 @@ export class RouterBlockHandler implements BlockHandler {
         context: JSON.stringify(messages),
         temperature: ROUTER.INFERENCE_TEMPERATURE,
         apiKey: finalApiKey,
+        azureEndpoint: inputs.azureEndpoint,
+        azureApiVersion: inputs.azureApiVersion,
+        vertexProject: routerConfig.vertexProject,
+        vertexLocation: routerConfig.vertexLocation,
+        bedrockAccessKeyId: routerConfig.bedrockAccessKeyId,
+        bedrockSecretKey: routerConfig.bedrockSecretKey,
+        bedrockRegion: routerConfig.bedrockRegion,
         workflowId: ctx.workflowId,
         workspaceId: ctx.workspaceId,
         responseFormat: {
@@ -257,22 +257,6 @@ export class RouterBlockHandler implements BlockHandler {
         },
       }
 
-      if (providerId === 'vertex') {
-        providerRequest.vertexProject = routerConfig.vertexProject
-        providerRequest.vertexLocation = routerConfig.vertexLocation
-      }
-
-      if (providerId === 'azure-openai') {
-        providerRequest.azureEndpoint = inputs.azureEndpoint
-        providerRequest.azureApiVersion = inputs.azureApiVersion
-      }
-
-      if (providerId === 'bedrock') {
-        providerRequest.bedrockAccessKeyId = routerConfig.bedrockAccessKeyId
-        providerRequest.bedrockSecretKey = routerConfig.bedrockSecretKey
-        providerRequest.bedrockRegion = routerConfig.bedrockRegion
-      }
-
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: await buildAuthHeaders(),