v0.3.51: mcp support, copilot improvements, polling for live execution data, bug fixes

fix(webhooks): made spacing more clear, added copy button for webhook URL & fixed race condition for mcp tools/server fetching in the mcp block (#1309 )
* update infra and remove railway * fix(webooks-ui): made spacing more clear, added copy button for webhook URL & fixed race condition for mcp tools/server fetching in the mcp block * Revert "update infra and remove railway" This reverts commit 5a8876209d. * remove extraneous comments * ack PR comments
2026-01-10 23:48:09 -05:00 · 2025-09-10 14:35:53 -07:00 · 2025-09-10 14:25:17 -07:00 · 2025-09-10 10:53:47 -07:00 · 2025-09-10 09:35:28 -07:00 · 2025-09-09 18:11:53 -07:00
600 changed files with 79311 additions and 10045 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,8 +2,7 @@ name: Build and Publish Docker Image

 on:
  push:
-    branches: [main]
-    tags: ['v*']
+    branches: [main, staging]

 jobs:
  build-and-push:
@@ -56,7 +55,7 @@ jobs:
        uses: docker/setup-buildx-action@v3

      - name: Log in to the Container registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
@@ -70,10 +69,7 @@ jobs:
          images: ${{ matrix.image }}
          tags: |
            type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
-            type=ref,event=pr,suffix=-${{ matrix.arch }}
-            type=semver,pattern={{version}},suffix=-${{ matrix.arch }}
-            type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.arch }}
-            type=semver,pattern={{major}}.{{minor}}.{{patch}},suffix=-${{ matrix.arch }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
            type=sha,format=long,suffix=-${{ matrix.arch }}

      - name: Build and push Docker image
@@ -82,7 +78,7 @@ jobs:
          context: .
          file: ${{ matrix.dockerfile }}
          platforms: ${{ matrix.platform }}
-          push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/main' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=build-v3
@@ -93,7 +89,7 @@ jobs:
  create-manifests:
    runs-on: ubuntu-latest
    needs: build-and-push
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
    strategy:
      matrix:
        include:
@@ -119,10 +115,6 @@ jobs:
          images: ${{ matrix.image }}
          tags: |
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}.{{minor}}.{{patch}}
            type=sha,format=long

      - name: Create and push manifest
--- a/README.md
+++ b/README.md
@@ -159,7 +159,7 @@ bun run dev:sockets
 Copilot is a Sim-managed service. To use Copilot on a self-hosted instance:

 - Go to https://sim.ai → Settings → Copilot and generate a Copilot API key
- Set `COPILOT_API_KEY` in your self-hosted environment to that value
+- Set `COPILOT_API_KEY` environment variable in your self-hosted apps/sim/.env file to that value

 ## Tech Stack

@@ -174,6 +174,7 @@ Copilot is a Sim-managed service. To use Copilot on a self-hosted instance:
 - **Monorepo**: [Turborepo](https://turborepo.org/)
 - **Realtime**: [Socket.io](https://socket.io/)
 - **Background Jobs**: [Trigger.dev](https://trigger.dev/)
+- **Remote Code Execution**: [E2B](https://www.e2b.dev/)

 ## Contributing

--- a/apps/docs/content/docs/blocks/router.mdx
+++ b/apps/docs/content/docs/blocks/router.mdx
@@ -117,7 +117,7 @@ Your API key for the selected LLM provider. This is securely stored and used for

 After a router makes a decision, you can access its outputs:

- **`<router.content>`**: Summary of the routing decision made
+- **`<router.prompt>`**: Summary of the routing prompt used
 - **`<router.selected_path>`**: Details of the chosen destination block
 - **`<router.tokens>`**: Token usage statistics from the LLM
 - **`<router.model>`**: The model used for decision-making
@@ -182,7 +182,7 @@ Confidence Threshold: 0.7 // Minimum confidence for routing
  <Tab>
    <ul className="list-disc space-y-2 pl-6">
      <li>
-        <strong>router.content</strong>: Summary of routing decision
+        <strong>router.prompt</strong>: Summary of routing prompt used
      </li>
      <li>
        <strong>router.selected_path</strong>: Details of chosen destination
--- a/apps/docs/content/docs/copilot/index.mdx
+++ b/apps/docs/content/docs/copilot/index.mdx
@@ -91,4 +91,31 @@ Copilot is your in-editor assistant that helps you build, understand, and improv
  >
    <div className="m-0 text-sm">Maximum reasoning for deep planning, debugging, and complex architectural changes.</div>
  </Card>
-</Cards> 
+</Cards>
+
+## Billing and Cost Calculation
+
+### How Costs Are Calculated
+
+Copilot usage is billed per token from the underlying LLM:
+
+- **Input tokens**: billed at the provider's base rate (**at-cost**)
+- **Output tokens**: billed at **1.5×** the provider's base output rate
+
+```javascript
+copilotCost = (inputTokens × inputPrice + outputTokens × (outputPrice × 1.5)) / 1,000,000
+```
+
+| Component | Rate Applied         |
+|----------|----------------------|
+| Input    | inputPrice           |
+| Output   | outputPrice × 1.5    |
+
+<Callout type="warning">
+  Pricing shown reflects rates as of September 4, 2025. Check provider documentation for current pricing.
+</Callout>
+
+<Callout type="info">
+  Model prices are per million tokens. The calculation divides by 1,000,000 to get the actual cost. See <a href="/execution/advanced#cost-calculation">Logging and Cost Calculation</a> for background and examples.
+</Callout>
+
--- a/apps/docs/content/docs/execution/advanced.mdx
+++ b/apps/docs/content/docs/execution/advanced.mdx
@@ -212,3 +212,47 @@ Monitor your usage and billing in Settings → Subscription:
 - **Usage Limits**: Plan limits with visual progress indicators
 - **Billing Details**: Projected charges and minimum commitments
 - **Plan Management**: Upgrade options and billing history
+
+### Programmatic Rate Limits & Usage (API)
+
+You can query your current API rate limits and usage summary using your API key.
+
+Endpoint:
+
+```text
+GET /api/users/me/usage-limits
+```
+
+Authentication:
+
+- Include your API key in the `X-API-Key` header.
+
+Response (example):
+
+```json
+{
+  "success": true,
+  "rateLimit": {
+    "sync": { "isLimited": false, "limit": 10, "remaining": 10, "resetAt": "2025-09-08T22:51:55.999Z" },
+    "async": { "isLimited": false, "limit": 50, "remaining": 50, "resetAt": "2025-09-08T22:51:56.155Z" },
+    "authType": "api"
+  },
+  "usage": {
+    "currentPeriodCost": 12.34,
+    "limit": 100,
+    "plan": "pro"
+  }
+}
+```
+
+Example:
+
+```bash
+curl -X GET -H "X-API-Key: YOUR_API_KEY" -H "Content-Type: application/json" https://sim.ai/api/users/me/usage-limits
+```
+
+Notes:
+
+- `currentPeriodCost` reflects usage in the current billing period.
+- `limit` is derived from individual limits (Free/Pro) or pooled organization limits (Team/Enterprise).
+- `plan` is the highest-priority active plan associated with your user.
--- a/apps/docs/content/docs/execution/api.mdx
+++ b/apps/docs/content/docs/execution/api.mdx
@@ -0,0 +1,532 @@
+---
+title: External API
+description: Query workflow execution logs and set up webhooks for real-time notifications
+---
+
+import { Accordion, Accordions } from 'fumadocs-ui/components/accordion'
+import { Callout } from 'fumadocs-ui/components/callout'
+import { Tab, Tabs } from 'fumadocs-ui/components/tabs'
+import { CodeBlock } from 'fumadocs-ui/components/codeblock'
+
+Sim provides a comprehensive external API for querying workflow execution logs and setting up webhooks for real-time notifications when workflows complete.
+
+## Authentication
+
+All API requests require an API key passed in the `x-api-key` header:
+
+```bash
+curl -H "x-api-key: YOUR_API_KEY" \
+  https://sim.ai/api/v1/logs?workspaceId=YOUR_WORKSPACE_ID
+```
+
+You can generate API keys from your user settings in the Sim dashboard.
+
+## Logs API
+
+All API responses include information about your workflow execution limits and usage:
+
+```json
+"limits": {
+  "workflowExecutionRateLimit": {
+    "sync": {
+      "limit": 60,        // Max sync workflow executions per minute
+      "remaining": 58,    // Remaining sync workflow executions
+      "resetAt": "..."    // When the window resets
+    },
+    "async": {
+      "limit": 60,        // Max async workflow executions per minute
+      "remaining": 59,    // Remaining async workflow executions
+      "resetAt": "..."    // When the window resets
+    }
+  },
+  "usage": {
+    "currentPeriodCost": 1.234,  // Current billing period usage in USD
+    "limit": 10,                  // Usage limit in USD
+    "plan": "pro",                // Current subscription plan
+    "isExceeded": false           // Whether limit is exceeded
+  }
+}
+```
+
+**Note:** The rate limits in the response body are for workflow executions. The rate limits for calling this API endpoint are in the response headers (`X-RateLimit-*`).
+
+### Query Logs
+
+Query workflow execution logs with extensive filtering options.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs
+    ```
+
+    **Required Parameters:**
+    - `workspaceId` - Your workspace ID
+
+    **Optional Filters:**
+    - `workflowIds` - Comma-separated workflow IDs
+    - `folderIds` - Comma-separated folder IDs
+    - `triggers` - Comma-separated trigger types: `api`, `webhook`, `schedule`, `manual`, `chat`
+    - `level` - Filter by level: `info`, `error`
+    - `startDate` - ISO timestamp for date range start
+    - `endDate` - ISO timestamp for date range end
+    - `executionId` - Exact execution ID match
+    - `minDurationMs` - Minimum execution duration in milliseconds
+    - `maxDurationMs` - Maximum execution duration in milliseconds
+    - `minCost` - Minimum execution cost
+    - `maxCost` - Maximum execution cost
+    - `model` - Filter by AI model used
+
+    **Pagination:**
+    - `limit` - Results per page (default: 100)
+    - `cursor` - Cursor for next page
+    - `order` - Sort order: `desc`, `asc` (default: desc)
+
+    **Detail Level:**
+    - `details` - Response detail level: `basic`, `full` (default: basic)
+    - `includeTraceSpans` - Include trace spans (default: false)
+    - `includeFinalOutput` - Include final output (default: false)
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "data": [
+        {
+          "id": "log_abc123",
+          "workflowId": "wf_xyz789",
+          "executionId": "exec_def456",
+          "level": "info",
+          "trigger": "api",
+          "startedAt": "2025-01-01T12:34:56.789Z",
+          "endedAt": "2025-01-01T12:34:57.123Z",
+          "totalDurationMs": 334,
+          "cost": {
+            "total": 0.00234
+          },
+          "files": null
+        }
+      ],
+      "nextCursor": "eyJzIjoiMjAyNS0wMS0wMVQxMjozNDo1Ni43ODlaIiwiaWQiOiJsb2dfYWJjMTIzIn0",
+      "limits": {
+        "workflowExecutionRateLimit": {
+          "sync": {
+            "limit": 60,
+            "remaining": 58,
+            "resetAt": "2025-01-01T12:35:56.789Z"
+          },
+          "async": {
+            "limit": 60,
+            "remaining": 59,
+            "resetAt": "2025-01-01T12:35:56.789Z"
+          }
+        },
+        "usage": {
+          "currentPeriodCost": 1.234,
+          "limit": 10,
+          "plan": "pro",
+          "isExceeded": false
+        }
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+### Get Log Details
+
+Retrieve detailed information about a specific log entry.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs/{id}
+    ```
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "data": {
+        "id": "log_abc123",
+        "workflowId": "wf_xyz789",
+        "executionId": "exec_def456",
+        "level": "info",
+        "trigger": "api",
+        "startedAt": "2025-01-01T12:34:56.789Z",
+        "endedAt": "2025-01-01T12:34:57.123Z",
+        "totalDurationMs": 334,
+        "workflow": {
+          "id": "wf_xyz789",
+          "name": "My Workflow",
+          "description": "Process customer data"
+        },
+        "executionData": {
+          "traceSpans": [...],
+          "finalOutput": {...}
+        },
+        "cost": {
+          "total": 0.00234,
+          "tokens": {
+            "prompt": 123,
+            "completion": 456,
+            "total": 579
+          },
+          "models": {
+            "gpt-4o": {
+              "input": 0.001,
+              "output": 0.00134,
+              "total": 0.00234,
+              "tokens": {
+                "prompt": 123,
+                "completion": 456,
+                "total": 579
+              }
+            }
+          }
+        },
+        "limits": {
+          "workflowExecutionRateLimit": {
+            "sync": {
+              "limit": 60,
+              "remaining": 58,
+              "resetAt": "2025-01-01T12:35:56.789Z"
+            },
+            "async": {
+              "limit": 60,
+              "remaining": 59,
+              "resetAt": "2025-01-01T12:35:56.789Z"
+            }
+          },
+          "usage": {
+            "currentPeriodCost": 1.234,
+            "limit": 10,
+            "plan": "pro",
+            "isExceeded": false
+          }
+        }
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+### Get Execution Details
+
+Retrieve execution details including the workflow state snapshot.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs/executions/{executionId}
+    ```
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "executionId": "exec_def456",
+      "workflowId": "wf_xyz789",
+      "workflowState": {
+        "blocks": {...},
+        "edges": [...],
+        "loops": {...},
+        "parallels": {...}
+      },
+      "executionMetadata": {
+        "trigger": "api",
+        "startedAt": "2025-01-01T12:34:56.789Z",
+        "endedAt": "2025-01-01T12:34:57.123Z",
+        "totalDurationMs": 334,
+        "cost": {...}
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+## Webhook Subscriptions
+
+Get real-time notifications when workflow executions complete. Webhooks are configured through the Sim UI in the workflow editor.
+
+### Configuration
+
+Webhooks can be configured for each workflow through the workflow editor UI. Click the webhook icon in the control bar to set up your webhook subscriptions.
+
+**Available Configuration Options:**
+- `url`: Your webhook endpoint URL
+- `secret`: Optional secret for HMAC signature verification
+- `includeFinalOutput`: Include the workflow's final output in the payload
+- `includeTraceSpans`: Include detailed execution trace spans
+- `includeRateLimits`: Include the workflow owner's rate limit information
+- `includeUsageData`: Include the workflow owner's usage and billing data
+- `levelFilter`: Array of log levels to receive (`info`, `error`)
+- `triggerFilter`: Array of trigger types to receive (`api`, `webhook`, `schedule`, `manual`, `chat`)
+- `active`: Enable/disable the webhook subscription
+
+### Webhook Payload
+
+When a workflow execution completes, Sim sends a POST request to your webhook URL:
+
+```json
+{
+  "id": "evt_123",
+  "type": "workflow.execution.completed",
+  "timestamp": 1735925767890,
+  "data": {
+    "workflowId": "wf_xyz789",
+    "executionId": "exec_def456",
+    "status": "success",
+    "level": "info",
+    "trigger": "api",
+    "startedAt": "2025-01-01T12:34:56.789Z",
+    "endedAt": "2025-01-01T12:34:57.123Z",
+    "totalDurationMs": 334,
+    "cost": {
+      "total": 0.00234,
+      "tokens": {
+        "prompt": 123,
+        "completion": 456,
+        "total": 579
+      },
+      "models": {
+        "gpt-4o": {
+          "input": 0.001,
+          "output": 0.00134,
+          "total": 0.00234,
+          "tokens": {
+            "prompt": 123,
+            "completion": 456,
+            "total": 579
+          }
+        }
+      }
+    },
+    "files": null,
+    "finalOutput": {...},  // Only if includeFinalOutput=true
+    "traceSpans": [...],   // Only if includeTraceSpans=true
+    "rateLimits": {...},   // Only if includeRateLimits=true
+    "usage": {...}         // Only if includeUsageData=true
+  },
+  "links": {
+    "log": "/v1/logs/log_abc123",
+    "execution": "/v1/logs/executions/exec_def456"
+  }
+}
+```
+
+### Webhook Headers
+
+Each webhook request includes these headers:
+
+- `sim-event`: Event type (always `workflow.execution.completed`)
+- `sim-timestamp`: Unix timestamp in milliseconds
+- `sim-delivery-id`: Unique delivery ID for idempotency
+- `sim-signature`: HMAC-SHA256 signature for verification (if secret configured)
+- `Idempotency-Key`: Same as delivery ID for duplicate detection
+
+### Signature Verification
+
+If you configure a webhook secret, verify the signature to ensure the webhook is from Sim:
+
+<Tabs items={['Node.js', 'Python']}>
+  <Tab value="Node.js">
+    ```javascript
+    import crypto from 'crypto';
+
+    function verifyWebhookSignature(body, signature, secret) {
+      const [timestampPart, signaturePart] = signature.split(',');
+      const timestamp = timestampPart.replace('t=', '');
+      const expectedSignature = signaturePart.replace('v1=', '');
+      
+      const signatureBase = `${timestamp}.${body}`;
+      const hmac = crypto.createHmac('sha256', secret);
+      hmac.update(signatureBase);
+      const computedSignature = hmac.digest('hex');
+      
+      return computedSignature === expectedSignature;
+    }
+
+    // In your webhook handler
+    app.post('/webhook', (req, res) => {
+      const signature = req.headers['sim-signature'];
+      const body = JSON.stringify(req.body);
+      
+      if (!verifyWebhookSignature(body, signature, process.env.WEBHOOK_SECRET)) {
+        return res.status(401).send('Invalid signature');
+      }
+      
+      // Process the webhook...
+    });
+    ```
+  </Tab>
+  <Tab value="Python">
+    ```python
+    import hmac
+    import hashlib
+    import json
+
+    def verify_webhook_signature(body: str, signature: str, secret: str) -> bool:
+        timestamp_part, signature_part = signature.split(',')
+        timestamp = timestamp_part.replace('t=', '')
+        expected_signature = signature_part.replace('v1=', '')
+        
+        signature_base = f"{timestamp}.{body}"
+        computed_signature = hmac.new(
+            secret.encode(),
+            signature_base.encode(),
+            hashlib.sha256
+        ).hexdigest()
+        
+        return hmac.compare_digest(computed_signature, expected_signature)
+
+    # In your webhook handler
+    @app.route('/webhook', methods=['POST'])
+    def webhook():
+        signature = request.headers.get('sim-signature')
+        body = json.dumps(request.json)
+        
+        if not verify_webhook_signature(body, signature, os.environ['WEBHOOK_SECRET']):
+            return 'Invalid signature', 401
+        
+        # Process the webhook...
+    ```
+  </Tab>
+</Tabs>
+
+### Retry Policy
+
+Failed webhook deliveries are retried with exponential backoff and jitter:
+
+- Maximum attempts: 5
+- Retry delays: 5 seconds, 15 seconds, 1 minute, 3 minutes, 10 minutes
+- Jitter: Up to 10% additional delay to prevent thundering herd
+- Only HTTP 5xx and 429 responses trigger retries
+- Deliveries timeout after 30 seconds
+
+<Callout type="info">
+  Webhook deliveries are processed asynchronously and don't affect workflow execution performance.
+</Callout>
+
+## Best Practices
+
+1. **Polling Strategy**: When polling for logs, use cursor-based pagination with `order=asc` and `startDate` to fetch new logs efficiently.
+
+2. **Webhook Security**: Always configure a webhook secret and verify signatures to ensure requests are from Sim.
+
+3. **Idempotency**: Use the `Idempotency-Key` header to detect and handle duplicate webhook deliveries.
+
+4. **Privacy**: By default, `finalOutput` and `traceSpans` are excluded from responses. Only enable these if you need the data and understand the privacy implications.
+
+5. **Rate Limiting**: Implement exponential backoff when you receive 429 responses. Check the `Retry-After` header for the recommended wait time.
+
+## Rate Limiting
+
+The API implements rate limiting to ensure fair usage:
+
+- **Free plan**: 10 requests per minute
+- **Pro plan**: 30 requests per minute
+- **Team plan**: 60 requests per minute
+- **Enterprise plan**: Custom limits
+
+Rate limit information is included in response headers:
+- `X-RateLimit-Limit`: Maximum requests per window
+- `X-RateLimit-Remaining`: Requests remaining in current window
+- `X-RateLimit-Reset`: ISO timestamp when the window resets
+
+## Example: Polling for New Logs
+
+```javascript
+let cursor = null;
+const workspaceId = 'YOUR_WORKSPACE_ID';
+const startDate = new Date().toISOString();
+
+async function pollLogs() {
+  const params = new URLSearchParams({
+    workspaceId,
+    startDate,
+    order: 'asc',
+    limit: '100'
+  });
+  
+  if (cursor) {
+    params.append('cursor', cursor);
+  }
+  
+  const response = await fetch(
+    `https://sim.ai/api/v1/logs?${params}`,
+    {
+      headers: {
+        'x-api-key': 'YOUR_API_KEY'
+      }
+    }
+  );
+  
+  if (response.ok) {
+    const data = await response.json();
+    
+    // Process new logs
+    for (const log of data.data) {
+      console.log(`New execution: ${log.executionId}`);
+    }
+    
+    // Update cursor for next poll
+    if (data.nextCursor) {
+      cursor = data.nextCursor;
+    }
+  }
+}
+
+// Poll every 30 seconds
+setInterval(pollLogs, 30000);
+```
+
+## Example: Processing Webhooks
+
+```javascript
+import express from 'express';
+import crypto from 'crypto';
+
+const app = express();
+app.use(express.json());
+
+app.post('/sim-webhook', (req, res) => {
+  // Verify signature
+  const signature = req.headers['sim-signature'];
+  const body = JSON.stringify(req.body);
+  
+  if (!verifyWebhookSignature(body, signature, process.env.WEBHOOK_SECRET)) {
+    return res.status(401).send('Invalid signature');
+  }
+  
+  // Check timestamp to prevent replay attacks
+  const timestamp = parseInt(req.headers['sim-timestamp']);
+  const fiveMinutesAgo = Date.now() - (5 * 60 * 1000);
+  
+  if (timestamp < fiveMinutesAgo) {
+    return res.status(401).send('Timestamp too old');
+  }
+  
+  // Process the webhook
+  const event = req.body;
+  
+  switch (event.type) {
+    case 'workflow.execution.completed':
+      const { workflowId, executionId, status, cost } = event.data;
+      
+      if (status === 'error') {
+        console.error(`Workflow ${workflowId} failed: ${executionId}`);
+        // Handle error...
+      } else {
+        console.log(`Workflow ${workflowId} completed: ${executionId}`);
+        console.log(`Cost: $${cost.total}`);
+        // Process successful execution...
+      }
+      break;
+  }
+  
+  // Return 200 to acknowledge receipt
+  res.status(200).send('OK');
+});
+
+app.listen(3000, () => {
+  console.log('Webhook server listening on port 3000');
+});
+```
--- a/apps/docs/content/docs/execution/meta.json
+++ b/apps/docs/content/docs/execution/meta.json
@@ -1,4 +1,4 @@
 {
  "title": "Execution",
-  "pages": ["basics", "advanced"]
+  "pages": ["basics", "advanced", "api"]
 }
--- a/apps/docs/content/docs/tools/jira.mdx
+++ b/apps/docs/content/docs/tools/jira.mdx
@@ -58,7 +58,7 @@ Retrieve detailed information about a specific Jira issue
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
-| `projectId` | string | No | Jira project ID to retrieve issues from. If not provided, all issues will be retrieved. |
+| `projectId` | string | No | Jira project ID \(optional; not required to retrieve a single issue\). |
 | `issueKey` | string | Yes | Jira issue key to retrieve \(e.g., PROJ-123\) |
 | `cloudId` | string | No | Jira Cloud ID for the instance. If not provided, it will be fetched using the domain. |

--- a/apps/docs/content/docs/tools/meta.json
+++ b/apps/docs/content/docs/tools/meta.json
@@ -33,12 +33,16 @@
    "microsoft_planner",
    "microsoft_teams",
    "mistral_parse",
+    "mongodb",
+    "mysql",
    "notion",
    "onedrive",
    "openai",
    "outlook",
+    "parallel_ai",
    "perplexity",
    "pinecone",
+    "postgresql",
    "qdrant",
    "reddit",
    "s3",
--- a/apps/docs/content/docs/tools/mongodb.mdx
+++ b/apps/docs/content/docs/tools/mongodb.mdx
@@ -0,0 +1,264 @@
+---
+title: MongoDB
+description: Connect to MongoDB database
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="mongodb"
+  color="#E0E0E0"
+  icon={true}
+  iconSvg={`<svg className="block-icon"  xmlns='http://www.w3.org/2000/svg' viewBox='0 0 128 128'>
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='currentColor'
+        d='M88.038 42.812c1.605 4.643 2.761 9.383 3.141 14.296.472 6.095.256 12.147-1.029 18.142-.035.165-.109.32-.164.48-.403.001-.814-.049-1.208.012-3.329.523-6.655 1.065-9.981 1.604-3.438.557-6.881 1.092-10.313 1.687-1.216.21-2.721-.041-3.212 1.641-.014.046-.154.054-.235.08l.166-10.051-.169-24.252 1.602-.275c2.62-.429 5.24-.864 7.862-1.281 3.129-.497 6.261-.98 9.392-1.465 1.381-.215 2.764-.412 4.148-.618z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#45A538'
+        d='M61.729 110.054c-1.69-1.453-3.439-2.842-5.059-4.37-8.717-8.222-15.093-17.899-18.233-29.566-.865-3.211-1.442-6.474-1.627-9.792-.13-2.322-.318-4.665-.154-6.975.437-6.144 1.325-12.229 3.127-18.147l.099-.138c.175.233.427.439.516.702 1.759 5.18 3.505 10.364 5.242 15.551 5.458 16.3 10.909 32.604 16.376 48.9.107.318.384.579.583.866l-.87 2.969z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#46A037'
+        d='M88.038 42.812c-1.384.206-2.768.403-4.149.616-3.131.485-6.263.968-9.392 1.465-2.622.417-5.242.852-7.862 1.281l-1.602.275-.012-1.045c-.053-.859-.144-1.717-.154-2.576-.069-5.478-.112-10.956-.18-16.434-.042-3.429-.105-6.857-.175-10.285-.043-2.13-.089-4.261-.185-6.388-.052-1.143-.236-2.28-.311-3.423-.042-.657.016-1.319.029-1.979.817 1.583 1.616 3.178 2.456 4.749 1.327 2.484 3.441 4.314 5.344 6.311 7.523 7.892 12.864 17.068 16.193 27.433z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#409433'
+        d='M65.036 80.753c.081-.026.222-.034.235-.08.491-1.682 1.996-1.431 3.212-1.641 3.432-.594 6.875-1.13 10.313-1.687 3.326-.539 6.652-1.081 9.981-1.604.394-.062.805-.011 1.208-.012-.622 2.22-1.112 4.488-1.901 6.647-.896 2.449-1.98 4.839-3.131 7.182a49.142 49.142 0 01-6.353 9.763c-1.919 2.308-4.058 4.441-6.202 6.548-1.185 1.165-2.582 2.114-3.882 3.161l-.337-.23-1.214-1.038-1.256-2.753a41.402 41.402 0 01-1.394-9.838l.023-.561.171-2.426c.057-.828.133-1.655.168-2.485.129-2.982.241-5.964.359-8.946z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4FAA41'
+        d='M65.036 80.753c-.118 2.982-.23 5.964-.357 8.947-.035.83-.111 1.657-.168 2.485l-.765.289c-1.699-5.002-3.399-9.951-5.062-14.913-2.75-8.209-5.467-16.431-8.213-24.642a4498.887 4498.887 0 00-6.7-19.867c-.105-.31-.407-.552-.617-.826l4.896-9.002c.168.292.39.565.496.879a6167.476 6167.476 0 016.768 20.118c2.916 8.73 5.814 17.467 8.728 26.198.116.349.308.671.491 1.062l.67-.78-.167 10.052z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4AA73C'
+        d='M43.155 32.227c.21.274.511.516.617.826a4498.887 4498.887 0 016.7 19.867c2.746 8.211 5.463 16.433 8.213 24.642 1.662 4.961 3.362 9.911 5.062 14.913l.765-.289-.171 2.426-.155.559c-.266 2.656-.49 5.318-.814 7.968-.163 1.328-.509 2.632-.772 3.947-.198-.287-.476-.548-.583-.866-5.467-16.297-10.918-32.6-16.376-48.9a3888.972 3888.972 0 00-5.242-15.551c-.089-.263-.34-.469-.516-.702l3.272-8.84z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#57AE47'
+        d='M65.202 70.702l-.67.78c-.183-.391-.375-.714-.491-1.062-2.913-8.731-5.812-17.468-8.728-26.198a6167.476 6167.476 0 00-6.768-20.118c-.105-.314-.327-.588-.496-.879l6.055-7.965c.191.255.463.482.562.769 1.681 4.921 3.347 9.848 5.003 14.778 1.547 4.604 3.071 9.215 4.636 13.813.105.308.47.526.714.786l.012 1.045c.058 8.082.115 16.167.171 24.251z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#60B24F'
+        d='M65.021 45.404c-.244-.26-.609-.478-.714-.786-1.565-4.598-3.089-9.209-4.636-13.813-1.656-4.93-3.322-9.856-5.003-14.778-.099-.287-.371-.514-.562-.769 1.969-1.928 3.877-3.925 5.925-5.764 1.821-1.634 3.285-3.386 3.352-5.968.003-.107.059-.214.145-.514l.519 1.306c-.013.661-.072 1.322-.029 1.979.075 1.143.259 2.28.311 3.423.096 2.127.142 4.258.185 6.388.069 3.428.132 6.856.175 10.285.067 5.478.111 10.956.18 16.434.008.861.098 1.718.152 2.577z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#A9AA88'
+        d='M62.598 107.085c.263-1.315.609-2.62.772-3.947.325-2.649.548-5.312.814-7.968l.066-.01.066.011a41.402 41.402 0 001.394 9.838c-.176.232-.425.439-.518.701-.727 2.05-1.412 4.116-2.143 6.166-.1.28-.378.498-.574.744l-.747-2.566.87-2.969z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#B6B598'
+        d='M62.476 112.621c.196-.246.475-.464.574-.744.731-2.05 1.417-4.115 2.143-6.166.093-.262.341-.469.518-.701l1.255 2.754c-.248.352-.59.669-.728 1.061l-2.404 7.059c-.099.283-.437.483-.663.722l-.695-3.985z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#C2C1A7'
+        d='M63.171 116.605c.227-.238.564-.439.663-.722l2.404-7.059c.137-.391.48-.709.728-1.061l1.215 1.037c-.587.58-.913 1.25-.717 2.097l-.369 1.208c-.168.207-.411.387-.494.624-.839 2.403-1.64 4.819-2.485 7.222-.107.305-.404.544-.614.812-.109-1.387-.22-2.771-.331-4.158z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#CECDB7'
+        d='M63.503 120.763c.209-.269.506-.508.614-.812.845-2.402 1.646-4.818 2.485-7.222.083-.236.325-.417.494-.624l-.509 5.545c-.136.157-.333.294-.398.477-.575 1.614-1.117 3.24-1.694 4.854-.119.333-.347.627-.525.938-.158-.207-.441-.407-.454-.623-.051-.841-.016-1.688-.013-2.533z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#DBDAC7'
+        d='M63.969 123.919c.178-.312.406-.606.525-.938.578-1.613 1.119-3.239 1.694-4.854.065-.183.263-.319.398-.477l.012 3.64-1.218 3.124-1.411-.495z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#EBE9DC'
+        d='M65.38 124.415l1.218-3.124.251 3.696-1.469-.572z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#CECDB7'
+        d='M67.464 110.898c-.196-.847.129-1.518.717-2.097l.337.23-1.054 1.867z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4FAA41'
+        d='M64.316 95.172l-.066-.011-.066.01.155-.559-.023.56z'
+      />
+    </svg>`}
+/>
+
+## Usage Instructions
+
+Connect to any MongoDB database to execute queries, manage data, and perform database operations. Supports find, insert, update, delete, and aggregation operations with secure connection handling.
+
+
+
+## Tools
+
+### `mongodb_query`
+
+Execute find operation on MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to query |
+| `query` | string | No | MongoDB query filter as JSON string |
+| `limit` | number | No | Maximum number of documents to return |
+| `sort` | string | No | Sort criteria as JSON string |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documents` | array | Array of documents returned from the query |
+| `documentCount` | number | Number of documents returned |
+
+### `mongodb_insert`
+
+Insert documents into MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to insert into |
+| `documents` | array | Yes | Array of documents to insert |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documentCount` | number | Number of documents inserted |
+| `insertedId` | string | ID of inserted document \(single insert\) |
+| `insertedIds` | array | Array of inserted document IDs \(multiple insert\) |
+
+### `mongodb_update`
+
+Update documents in MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to update |
+| `filter` | string | Yes | Filter criteria as JSON string |
+| `update` | string | Yes | Update operations as JSON string |
+| `upsert` | boolean | No | Create document if not found |
+| `multi` | boolean | No | Update multiple documents |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `matchedCount` | number | Number of documents matched by filter |
+| `modifiedCount` | number | Number of documents modified |
+| `documentCount` | number | Total number of documents affected |
+| `insertedId` | string | ID of inserted document \(if upsert\) |
+
+### `mongodb_delete`
+
+Delete documents from MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to delete from |
+| `filter` | string | Yes | Filter criteria as JSON string |
+| `multi` | boolean | No | Delete multiple documents |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `deletedCount` | number | Number of documents deleted |
+| `documentCount` | number | Total number of documents affected |
+
+### `mongodb_execute`
+
+Execute MongoDB aggregation pipeline
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to execute pipeline on |
+| `pipeline` | string | Yes | Aggregation pipeline as JSON string |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documents` | array | Array of documents returned from aggregation |
+| `documentCount` | number | Number of documents returned |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `mongodb`
--- a/apps/docs/content/docs/tools/mysql.mdx
+++ b/apps/docs/content/docs/tools/mysql.mdx
@@ -0,0 +1,180 @@
+---
+title: MySQL
+description: Connect to MySQL database
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="mysql"
+  color="#E0E0E0"
+  icon={true}
+  iconSvg={`<svg className="block-icon"
+      
+      xmlns='http://www.w3.org/2000/svg'
+      
+      
+      viewBox='0 0 25.6 25.6'
+    >
+      <path
+        d='M179.076 94.886c-3.568-.1-6.336.268-8.656 1.25-.668.27-1.74.27-1.828 1.116.357.355.4.936.713 1.428.535.893 1.473 2.096 2.32 2.72l2.855 2.053c1.74 1.07 3.703 1.695 5.398 2.766.982.625 1.963 1.428 2.945 2.098.5.357.803.938 1.428 1.16v-.135c-.312-.4-.402-.98-.713-1.428l-1.34-1.293c-1.293-1.74-2.9-3.258-4.64-4.506-1.428-.982-4.55-2.32-5.13-3.97l-.088-.1c.98-.1 2.14-.447 3.078-.715 1.518-.4 2.9-.312 4.46-.713l2.143-.625v-.4c-.803-.803-1.383-1.874-2.23-2.632-2.275-1.963-4.775-3.882-7.363-5.488-1.383-.892-3.168-1.473-4.64-2.23-.537-.268-1.428-.402-1.74-.848-.805-.98-1.25-2.275-1.83-3.436l-3.658-7.763c-.803-1.74-1.295-3.48-2.275-5.086-4.596-7.585-9.594-12.18-17.268-16.687-1.65-.937-3.613-1.34-5.7-1.83l-3.346-.18c-.715-.312-1.428-1.16-2.053-1.562-2.543-1.606-9.102-5.086-10.977-.5-1.205 2.9 1.785 5.755 2.8 7.228.76 1.026 1.74 2.186 2.277 3.346.3.758.4 1.562.713 2.365.713 1.963 1.383 4.15 2.32 5.98.5.937 1.025 1.92 1.65 2.767.357.5.982.714 1.115 1.517-.625.893-.668 2.23-1.025 3.347-1.607 5.042-.982 11.288 1.293 15 .715 1.115 2.4 3.57 4.686 2.632 2.008-.803 1.56-3.346 2.14-5.577.135-.535.045-.892.312-1.25v.1l1.83 3.703c1.383 2.186 3.793 4.462 5.8 5.98 1.07.803 1.918 2.187 3.256 2.677v-.135h-.088c-.268-.4-.67-.58-1.027-.892-.803-.803-1.695-1.785-2.32-2.677-1.873-2.498-3.523-5.265-4.996-8.12-.715-1.383-1.34-2.9-1.918-4.283-.27-.536-.27-1.34-.715-1.606-.67.98-1.65 1.83-2.143 3.034-.848 1.918-.936 4.283-1.248 6.737-.18.045-.1 0-.18.1-1.426-.356-1.918-1.83-2.453-3.078-1.338-3.168-1.562-8.254-.402-11.913.312-.937 1.652-3.882 1.117-4.774-.27-.848-1.16-1.338-1.652-2.008-.58-.848-1.203-1.918-1.605-2.855-1.07-2.5-1.605-5.265-2.766-7.764-.537-1.16-1.473-2.365-2.232-3.435-.848-1.205-1.783-2.053-2.453-3.48-.223-.5-.535-1.294-.178-1.83.088-.357.268-.5.623-.58.58-.5 2.232.134 2.812.4 1.65.67 3.033 1.294 4.416 2.23.625.446 1.295 1.294 2.098 1.518h.938c1.428.312 3.033.1 4.37.5 2.365.76 4.506 1.874 6.426 3.08 5.844 3.703 10.664 8.968 13.92 15.26.535 1.026.758 1.963 1.25 3.034.938 2.187 2.098 4.417 3.033 6.56.938 2.097 1.83 4.24 3.168 5.98.67.937 3.346 1.427 4.55 1.918.893.4 2.275.76 3.08 1.25 1.516.937 3.033 2.008 4.46 3.034.713.534 2.945 1.65 3.078 2.54zm-45.5-38.772a7.09 7.09 0 0 0-1.828.223v.1h.088c.357.714.982 1.205 1.428 1.83l1.027 2.142.088-.1c.625-.446.938-1.16.938-2.23-.268-.312-.312-.625-.535-.937-.268-.446-.848-.67-1.206-1.026z'
+        transform='matrix(.390229 0 0 .38781 -46.300037 -16.856717)'
+        fillRule='evenodd'
+        fill='#00678c'
+      />
+    </svg>`}
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+The [MySQL](https://www.mysql.com/) tool enables you to connect to any MySQL database and perform a wide range of database operations directly within your agentic workflows. With secure connection handling and flexible configuration, you can easily manage and interact with your data.
+
+With the MySQL tool, you can:
+
+- **Query data**: Execute SELECT queries to retrieve data from your MySQL tables using the `mysql_query` operation.
+- **Insert records**: Add new rows to your tables with the `mysql_insert` operation by specifying the table and data to insert.
+- **Update records**: Modify existing data in your tables using the `mysql_update` operation, providing the table, new data, and WHERE conditions.
+- **Delete records**: Remove rows from your tables with the `mysql_delete` operation, specifying the table and WHERE conditions.
+- **Execute raw SQL**: Run any custom SQL command using the `mysql_execute` operation for advanced use cases.
+
+The MySQL tool is ideal for scenarios where your agents need to interact with structured data—such as automating reporting, syncing data between systems, or powering data-driven workflows. It streamlines database access, making it easy to read, write, and manage your MySQL data programmatically.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Connect to any MySQL database to execute queries, manage data, and perform database operations. Supports SELECT, INSERT, UPDATE, DELETE operations with secure connection handling.
+
+
+
+## Tools
+
+### `mysql_query`
+
+Execute SELECT query on MySQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MySQL server hostname or IP address |
+| `port` | number | Yes | MySQL server port \(default: 3306\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `query` | string | Yes | SQL SELECT query to execute |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of rows returned from the query |
+| `rowCount` | number | Number of rows returned |
+
+### `mysql_insert`
+
+Insert new record into MySQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MySQL server hostname or IP address |
+| `port` | number | Yes | MySQL server port \(default: 3306\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to insert into |
+| `data` | object | Yes | Data to insert as key-value pairs |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of inserted rows |
+| `rowCount` | number | Number of rows inserted |
+
+### `mysql_update`
+
+Update existing records in MySQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MySQL server hostname or IP address |
+| `port` | number | Yes | MySQL server port \(default: 3306\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to update |
+| `data` | object | Yes | Data to update as key-value pairs |
+| `where` | string | Yes | WHERE clause condition \(without WHERE keyword\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of updated rows |
+| `rowCount` | number | Number of rows updated |
+
+### `mysql_delete`
+
+Delete records from MySQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MySQL server hostname or IP address |
+| `port` | number | Yes | MySQL server port \(default: 3306\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to delete from |
+| `where` | string | Yes | WHERE clause condition \(without WHERE keyword\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of deleted rows |
+| `rowCount` | number | Number of rows deleted |
+
+### `mysql_execute`
+
+Execute raw SQL query on MySQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MySQL server hostname or IP address |
+| `port` | number | Yes | MySQL server port \(default: 3306\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `query` | string | Yes | Raw SQL query to execute |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of rows returned from the query |
+| `rowCount` | number | Number of rows affected |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `mysql`
--- a/apps/docs/content/docs/tools/parallel_ai.mdx
+++ b/apps/docs/content/docs/tools/parallel_ai.mdx
@@ -0,0 +1,106 @@
+---
+title: Parallel AI
+description: Search with Parallel AI
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="parallel_ai"
+  color="#E0E0E0"
+  icon={true}
+  iconSvg={`<svg className="block-icon"
+      
+      fill='currentColor'
+      
+      
+      viewBox='0 0 271 270'
+      xmlns='http://www.w3.org/2000/svg'
+    >
+      <path
+        d='M267.804 105.65H193.828C194.026 106.814 194.187 107.996 194.349 109.178H76.6703C76.4546 110.736 76.2388 112.312 76.0591 113.87H1.63342C1.27387 116.198 0.950289 118.543 0.698608 120.925H75.3759C75.2501 122.483 75.1602 124.059 75.0703 125.617H195.949C196.003 126.781 196.057 127.962 196.093 129.144H270.68V125.384C270.195 118.651 269.242 112.061 267.804 105.65Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M195.949 144.401H75.0703C75.1422 145.977 75.2501 147.535 75.3759 149.093H0.698608C0.950289 151.457 1.2559 153.802 1.63342 156.148H76.0591C76.2388 157.724 76.4366 159.282 76.6703 160.84H194.349C194.187 162.022 194.008 163.186 193.828 164.367H267.804C269.242 157.957 270.195 151.367 270.68 144.634V140.874H196.093C196.057 142.055 196.003 143.219 195.949 144.401Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M190.628 179.642H80.3559C80.7514 181.218 81.1828 182.776 81.6143 184.334H9.30994C10.2448 186.715 11.2515 189.061 12.3121 191.389H83.7536C84.2749 192.965 84.7962 194.523 85.3535 196.08H185.594C185.163 197.262 184.732 198.426 184.282 199.608H254.519C258.6 192.177 261.98 184.316 264.604 176.114H191.455C191.185 177.296 190.898 178.46 190.61 179.642H190.628Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M177.666 214.883H93.3352C94.1082 216.458 94.9172 218.034 95.7441 219.574H29.8756C31.8351 221.992 33.8666 224.337 35.9699 226.63H99.6632C100.598 228.205 101.551 229.781 102.522 231.321H168.498C167.761 232.503 167.006 233.685 166.233 234.849H226.762C234.474 227.847 241.36 219.95 247.292 211.355H179.356C178.799 212.537 178.26 213.719 177.684 214.883H177.666Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M154.943 250.106H116.058C117.371 251.699 118.701 253.257 120.067 254.797H73.021C91.6094 264.431 112.715 269.946 135.096 270C135.24 270 135.366 270 135.492 270C135.618 270 135.761 270 135.887 270C164.04 269.911 190.178 261.28 211.805 246.56H157.748C156.813 247.742 155.878 248.924 154.925 250.088L154.943 250.106Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M116.059 19.9124H154.943C155.896 21.0764 156.831 22.2582 157.766 23.4401H211.823C190.179 8.72065 164.058 0.0895344 135.906 0C135.762 0 135.636 0 135.51 0C135.384 0 135.24 0 135.115 0C112.715 0.0716275 91.6277 5.56904 73.0393 15.2029H120.086C118.719 16.7429 117.389 18.3187 116.077 19.8945L116.059 19.9124Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M93.3356 55.1532H177.667C178.242 56.3171 178.799 57.499 179.339 58.6808H247.274C241.342 50.0855 234.457 42.1886 226.744 35.187H166.215C166.988 36.351 167.743 37.5328 168.48 38.7147H102.504C101.533 40.2726 100.58 41.8305 99.6456 43.4063H35.9523C33.831 45.6804 31.7996 48.0262 29.858 50.4616H95.7265C94.8996 52.0195 94.1086 53.5774 93.3176 55.1532H93.3356Z'
+        fill='#1D1C1A'
+      />
+      <path
+        d='M80.3736 90.3758H190.646C190.933 91.5398 191.221 92.7216 191.491 93.9035H264.64C262.015 85.7021 258.636 77.841 254.555 70.4097H184.318C184.767 71.5736 185.199 72.7555 185.63 73.9373H85.3893C84.832 75.4952 84.2927 77.0531 83.7893 78.6289H12.3479C11.2872 80.9389 10.2805 83.2847 9.3457 85.6842H81.65C81.2186 87.2421 80.7871 88.8 80.3916 90.3758H80.3736Z'
+        fill='#1D1C1A'
+      />
+    </svg>`}
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+[Parallel AI](https://parallel.ai/) is an advanced web search and content extraction platform designed to deliver comprehensive, high-quality results for any query. By leveraging intelligent processing and large-scale data extraction, Parallel AI enables users and agents to access, analyze, and synthesize information from across the web with speed and accuracy.
+
+With Parallel AI, you can:
+
+- **Search the web intelligently**: Retrieve relevant, up-to-date information from a wide range of sources  
+- **Extract and summarize content**: Get concise, meaningful excerpts from web pages and documents  
+- **Customize search objectives**: Tailor queries to specific needs or questions for targeted results  
+- **Process results at scale**: Handle large volumes of search results with advanced processing options  
+- **Integrate with workflows**: Use Parallel AI within Sim to automate research, content gathering, and knowledge extraction  
+- **Control output granularity**: Specify the number of results and the amount of content per result  
+- **Secure API access**: Protect your searches and data with API key authentication
+
+In Sim, the Parallel AI integration empowers your agents to perform web searches and extract content programmatically. This enables powerful automation scenarios such as real-time research, competitive analysis, content monitoring, and knowledge base creation. By connecting Sim with Parallel AI, you unlock the ability for agents to gather, process, and utilize web data as part of your automated workflows.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Search the web using Parallel AI's advanced search capabilities. Get comprehensive results with intelligent processing and content extraction.
+
+
+
+## Tools
+
+### `parallel_search`
+
+Search the web using Parallel AI. Provides comprehensive search results with intelligent processing and content extraction.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `objective` | string | Yes | The search objective or question to answer |
+| `search_queries` | string | No | Optional comma-separated list of search queries to execute |
+| `processor` | string | No | Processing method: base or pro \(default: base\) |
+| `max_results` | number | No | Maximum number of results to return \(default: 5\) |
+| `max_chars_per_result` | number | No | Maximum characters per result \(default: 1500\) |
+| `apiKey` | string | Yes | Parallel AI API Key |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `results` | array | Search results with excerpts from relevant pages |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `parallel_ai`
--- a/apps/docs/content/docs/tools/postgresql.mdx
+++ b/apps/docs/content/docs/tools/postgresql.mdx
@@ -0,0 +1,188 @@
+---
+title: PostgreSQL
+description: Connect to PostgreSQL database
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="postgresql"
+  color="#336791"
+  icon={true}
+  iconSvg={`<svg className="block-icon"
+      
+      
+      
+      viewBox='-4 0 264 264'
+      xmlns='http://www.w3.org/2000/svg'
+      preserveAspectRatio='xMinYMin meet'
+    >
+      <path d='M255.008 158.086c-1.535-4.649-5.556-7.887-10.756-8.664-2.452-.366-5.26-.21-8.583.475-5.792 1.195-10.089 1.65-13.225 1.738 11.837-19.985 21.462-42.775 27.003-64.228 8.96-34.689 4.172-50.492-1.423-57.64C233.217 10.847 211.614.683 185.552.372c-13.903-.17-26.108 2.575-32.475 4.549-5.928-1.046-12.302-1.63-18.99-1.738-12.537-.2-23.614 2.533-33.079 8.15-5.24-1.772-13.65-4.27-23.362-5.864-22.842-3.75-41.252-.828-54.718 8.685C6.622 25.672-.937 45.684.461 73.634c.444 8.874 5.408 35.874 13.224 61.48 4.492 14.718 9.282 26.94 14.237 36.33 7.027 13.315 14.546 21.156 22.987 23.972 4.731 1.576 13.327 2.68 22.368-4.85 1.146 1.388 2.675 2.767 4.704 4.048 2.577 1.625 5.728 2.953 8.875 3.74 11.341 2.835 21.964 2.126 31.027-1.848.056 1.612.099 3.152.135 4.482.06 2.157.12 4.272.199 6.25.537 13.374 1.447 23.773 4.143 31.049.148.4.347 1.01.557 1.657 1.345 4.118 3.594 11.012 9.316 16.411 5.925 5.593 13.092 7.308 19.656 7.308 3.292 0 6.433-.432 9.188-1.022 9.82-2.105 20.973-5.311 29.041-16.799 7.628-10.86 11.336-27.217 12.007-52.99.087-.729.167-1.425.244-2.088l.16-1.362 1.797.158.463.031c10.002.456 22.232-1.665 29.743-5.154 5.935-2.754 24.954-12.795 20.476-26.351' />
+      <path
+        d='M237.906 160.722c-29.74 6.135-31.785-3.934-31.785-3.934 31.4-46.593 44.527-105.736 33.2-120.211-30.904-39.485-84.399-20.811-85.292-20.327l-.287.052c-5.876-1.22-12.451-1.946-19.842-2.067-13.456-.22-23.664 3.528-31.41 9.402 0 0-95.43-39.314-90.991 49.444.944 18.882 27.064 142.873 58.218 105.422 11.387-13.695 22.39-25.274 22.39-25.274 5.464 3.63 12.006 5.482 18.864 4.817l.533-.452c-.166 1.7-.09 3.363.213 5.332-8.026 8.967-5.667 10.541-21.711 13.844-16.235 3.346-6.698 9.302-.471 10.86 7.549 1.887 25.013 4.561 36.813-11.958l-.47 1.885c3.144 2.519 5.352 16.383 4.982 28.952-.37 12.568-.617 21.197 1.86 27.937 2.479 6.74 4.948 21.905 26.04 17.386 17.623-3.777 26.756-13.564 28.027-29.89.901-11.606 2.942-9.89 3.07-20.267l1.637-4.912c1.887-15.733.3-20.809 11.157-18.448l2.64.232c7.99.363 18.45-1.286 24.589-4.139 13.218-6.134 21.058-16.377 8.024-13.686h.002'
+        fill='#336791'
+      />
+      <path
+        d='M108.076 81.525c-2.68-.373-5.107-.028-6.335.902-.69.523-.904 1.129-.962 1.546-.154 1.105.62 2.327 1.096 2.957 1.346 1.784 3.312 3.01 5.258 3.28.282.04.563.058.842.058 3.245 0 6.196-2.527 6.456-4.392.325-2.336-3.066-3.893-6.355-4.35M196.86 81.599c-.256-1.831-3.514-2.353-6.606-1.923-3.088.43-6.082 1.824-5.832 3.659.2 1.427 2.777 3.863 5.827 3.863.258 0 .518-.017.78-.054 2.036-.282 3.53-1.575 4.24-2.32 1.08-1.136 1.706-2.402 1.591-3.225'
+        fill='#FFF'
+      />
+      <path
+        d='M247.802 160.025c-1.134-3.429-4.784-4.532-10.848-3.28-18.005 3.716-24.453 1.142-26.57-.417 13.995-21.32 25.508-47.092 31.719-71.137 2.942-11.39 4.567-21.968 4.7-30.59.147-9.463-1.465-16.417-4.789-20.665-13.402-17.125-33.072-26.311-56.882-26.563-16.369-.184-30.199 4.005-32.88 5.183-5.646-1.404-11.801-2.266-18.502-2.376-12.288-.199-22.91 2.743-31.704 8.74-3.82-1.422-13.692-4.811-25.765-6.756-20.872-3.36-37.458-.814-49.294 7.571-14.123 10.006-20.643 27.892-19.38 53.16.425 8.501 5.269 34.653 12.913 59.698 10.062 32.964 21 51.625 32.508 55.464 1.347.449 2.9.763 4.613.763 4.198 0 9.345-1.892 14.7-8.33a529.832 529.832 0 0 1 20.261-22.926c4.524 2.428 9.494 3.784 14.577 3.92.01.133.023.266.035.398a117.66 117.66 0 0 0-2.57 3.175c-3.522 4.471-4.255 5.402-15.592 7.736-3.225.666-11.79 2.431-11.916 8.435-.136 6.56 10.125 9.315 11.294 9.607 4.074 1.02 7.999 1.523 11.742 1.523 9.103 0 17.114-2.992 23.516-8.781-.197 23.386.778 46.43 3.586 53.451 2.3 5.748 7.918 19.795 25.664 19.794 2.604 0 5.47-.303 8.623-.979 18.521-3.97 26.564-12.156 29.675-30.203 1.665-9.645 4.522-32.676 5.866-45.03 2.836.885 6.487 1.29 10.434 1.289 8.232 0 17.731-1.749 23.688-4.514 6.692-3.108 18.768-10.734 16.578-17.36zm-44.106-83.48c-.061 3.647-.563 6.958-1.095 10.414-.573 3.717-1.165 7.56-1.314 12.225-.147 4.54.42 9.26.968 13.825 1.108 9.22 2.245 18.712-2.156 28.078a36.508 36.508 0 0 1-1.95-4.009c-.547-1.326-1.735-3.456-3.38-6.404-6.399-11.476-21.384-38.35-13.713-49.316 2.285-3.264 8.084-6.62 22.64-4.813zm-17.644-61.787c21.334.471 38.21 8.452 50.158 23.72 9.164 11.711-.927 64.998-30.14 110.969a171.33 171.33 0 0 0-.886-1.117l-.37-.462c7.549-12.467 6.073-24.802 4.759-35.738-.54-4.488-1.05-8.727-.92-12.709.134-4.22.692-7.84 1.232-11.34.663-4.313 1.338-8.776 1.152-14.037.139-.552.195-1.204.122-1.978-.475-5.045-6.235-20.144-17.975-33.81-6.422-7.475-15.787-15.84-28.574-21.482 5.5-1.14 13.021-2.203 21.442-2.016zM66.674 175.778c-5.9 7.094-9.974 5.734-11.314 5.288-8.73-2.912-18.86-21.364-27.791-50.624-7.728-25.318-12.244-50.777-12.602-57.916-1.128-22.578 4.345-38.313 16.268-46.769 19.404-13.76 51.306-5.524 64.125-1.347-.184.182-.376.352-.558.537-21.036 21.244-20.537 57.54-20.485 59.759-.002.856.07 2.068.168 3.735.362 6.105 1.036 17.467-.764 30.334-1.672 11.957 2.014 23.66 10.111 32.109a36.275 36.275 0 0 0 2.617 2.468c-3.604 3.86-11.437 12.396-19.775 22.426zm22.479-29.993c-6.526-6.81-9.49-16.282-8.133-25.99 1.9-13.592 1.199-25.43.822-31.79-.053-.89-.1-1.67-.127-2.285 3.073-2.725 17.314-10.355 27.47-8.028 4.634 1.061 7.458 4.217 8.632 9.645 6.076 28.103.804 39.816-3.432 49.229-.873 1.939-1.698 3.772-2.402 5.668l-.546 1.466c-1.382 3.706-2.668 7.152-3.465 10.424-6.938-.02-13.687-2.984-18.819-8.34zm1.065 37.9c-2.026-.506-3.848-1.385-4.917-2.114.893-.42 2.482-.992 5.238-1.56 13.337-2.745 15.397-4.683 19.895-10.394 1.031-1.31 2.2-2.794 3.819-4.602l.002-.002c2.411-2.7 3.514-2.242 5.514-1.412 1.621.67 3.2 2.702 3.84 4.938.303 1.056.643 3.06-.47 4.62-9.396 13.156-23.088 12.987-32.921 10.526zm69.799 64.952c-16.316 3.496-22.093-4.829-25.9-14.346-2.457-6.144-3.665-33.85-2.808-64.447.011-.407-.047-.8-.159-1.17a15.444 15.444 0 0 0-.456-2.162c-1.274-4.452-4.379-8.176-8.104-9.72-1.48-.613-4.196-1.738-7.46-.903.696-2.868 1.903-6.107 3.212-9.614l.549-1.475c.618-1.663 1.394-3.386 2.214-5.21 4.433-9.848 10.504-23.337 3.915-53.81-2.468-11.414-10.71-16.988-23.204-15.693-7.49.775-14.343 3.797-17.761 5.53-.735.372-1.407.732-2.035 1.082.954-11.5 4.558-32.992 18.04-46.59 8.489-8.56 19.794-12.788 33.568-12.56 27.14.444 44.544 14.372 54.366 25.979 8.464 10.001 13.047 20.076 14.876 25.51-13.755-1.399-23.11 1.316-27.852 8.096-10.317 14.748 5.644 43.372 13.315 57.129 1.407 2.521 2.621 4.7 3.003 5.626 2.498 6.054 5.732 10.096 8.093 13.046.724.904 1.426 1.781 1.96 2.547-4.166 1.201-11.649 3.976-10.967 17.847-.55 6.96-4.461 39.546-6.448 51.059-2.623 15.21-8.22 20.875-23.957 24.25zm68.104-77.936c-4.26 1.977-11.389 3.46-18.161 3.779-7.48.35-11.288-.838-12.184-1.569-.42-8.644 2.797-9.547 6.202-10.503.535-.15 1.057-.297 1.561-.473.313.255.656.508 1.032.756 6.012 3.968 16.735 4.396 31.874 1.271l.166-.033c-2.042 1.909-5.536 4.471-10.49 6.772z'
+        fill='#FFF'
+      />
+    </svg>`}
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+The [PostgreSQL](https://www.postgresql.org/) tool enables you to connect to any PostgreSQL database and perform a wide range of database operations directly within your agentic workflows. With secure connection handling and flexible configuration, you can easily manage and interact with your data.
+
+With the PostgreSQL tool, you can:
+
+- **Query data**: Execute SELECT queries to retrieve data from your PostgreSQL tables using the `postgresql_query` operation.
+- **Insert records**: Add new rows to your tables with the `postgresql_insert` operation by specifying the table and data to insert.
+- **Update records**: Modify existing data in your tables using the `postgresql_update` operation, providing the table, new data, and WHERE conditions.
+- **Delete records**: Remove rows from your tables with the `postgresql_delete` operation, specifying the table and WHERE conditions.
+- **Execute raw SQL**: Run any custom SQL command using the `postgresql_execute` operation for advanced use cases.
+
+The PostgreSQL tool is ideal for scenarios where your agents need to interact with structured data—such as automating reporting, syncing data between systems, or powering data-driven workflows. It streamlines database access, making it easy to read, write, and manage your PostgreSQL data programmatically.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Connect to any PostgreSQL database to execute queries, manage data, and perform database operations. Supports SELECT, INSERT, UPDATE, DELETE operations with secure connection handling.
+
+
+
+## Tools
+
+### `postgresql_query`
+
+Execute a SELECT query on PostgreSQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | PostgreSQL server hostname or IP address |
+| `port` | number | Yes | PostgreSQL server port \(default: 5432\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `query` | string | Yes | SQL SELECT query to execute |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of rows returned from the query |
+| `rowCount` | number | Number of rows returned |
+
+### `postgresql_insert`
+
+Insert data into PostgreSQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | PostgreSQL server hostname or IP address |
+| `port` | number | Yes | PostgreSQL server port \(default: 5432\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to insert data into |
+| `data` | object | Yes | Data object to insert \(key-value pairs\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Inserted data \(if RETURNING clause used\) |
+| `rowCount` | number | Number of rows inserted |
+
+### `postgresql_update`
+
+Update data in PostgreSQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | PostgreSQL server hostname or IP address |
+| `port` | number | Yes | PostgreSQL server port \(default: 5432\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to update data in |
+| `data` | object | Yes | Data object with fields to update \(key-value pairs\) |
+| `where` | string | Yes | WHERE clause condition \(without WHERE keyword\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Updated data \(if RETURNING clause used\) |
+| `rowCount` | number | Number of rows updated |
+
+### `postgresql_delete`
+
+Delete data from PostgreSQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | PostgreSQL server hostname or IP address |
+| `port` | number | Yes | PostgreSQL server port \(default: 5432\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `table` | string | Yes | Table name to delete data from |
+| `where` | string | Yes | WHERE clause condition \(without WHERE keyword\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Deleted data \(if RETURNING clause used\) |
+| `rowCount` | number | Number of rows deleted |
+
+### `postgresql_execute`
+
+Execute raw SQL query on PostgreSQL database
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | PostgreSQL server hostname or IP address |
+| `port` | number | Yes | PostgreSQL server port \(default: 5432\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | Yes | Database username |
+| `password` | string | Yes | Database password |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `query` | string | Yes | Raw SQL query to execute |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `rows` | array | Array of rows returned from the query |
+| `rowCount` | number | Number of rows affected |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `postgresql`
--- a/apps/sim/app/(auth)/login/login-form.tsx
+++ b/apps/sim/app/(auth)/login/login-form.tsx
@@ -304,6 +304,15 @@ export default function LoginPage({
      return
    }

+    const emailValidation = quickValidateEmail(forgotPasswordEmail.trim().toLowerCase())
+    if (!emailValidation.isValid) {
+      setResetStatus({
+        type: 'error',
+        message: 'Please enter a valid email address',
+      })
+      return
+    }
+
    try {
      setIsSubmittingReset(true)
      setResetStatus({ type: null, message: '' })
@@ -321,7 +330,23 @@ export default function LoginPage({

      if (!response.ok) {
        const errorData = await response.json()
-        throw new Error(errorData.message || 'Failed to request password reset')
+        let errorMessage = errorData.message || 'Failed to request password reset'
+
+        if (
+          errorMessage.includes('Invalid body parameters') ||
+          errorMessage.includes('invalid email')
+        ) {
+          errorMessage = 'Please enter a valid email address'
+        } else if (errorMessage.includes('Email is required')) {
+          errorMessage = 'Please enter your email address'
+        } else if (
+          errorMessage.includes('user not found') ||
+          errorMessage.includes('User not found')
+        ) {
+          errorMessage = 'No account found with this email address'
+        }
+
+        throw new Error(errorMessage)
      }

      setResetStatus({
@@ -497,7 +522,8 @@ export default function LoginPage({
              Reset Password
            </DialogTitle>
            <DialogDescription className='text-neutral-300 text-sm'>
-              Enter your email address and we'll send you a link to reset your password.
+              Enter your email address and we'll send you a link to reset your password if your
+              account exists.
            </DialogDescription>
          </DialogHeader>
          <div className='space-y-4'>
@@ -512,14 +538,20 @@ export default function LoginPage({
                placeholder='Enter your email'
                required
                type='email'
-                className='border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[var(--brand-primary-hover-hex)]/70 focus:ring-[var(--brand-primary-hover-hex)]/20'
+                className={cn(
+                  'border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[var(--brand-primary-hover-hex)]/70 focus:ring-[var(--brand-primary-hover-hex)]/20',
+                  resetStatus.type === 'error' && 'border-red-500 focus-visible:ring-red-500'
+                )}
              />
+              {resetStatus.type === 'error' && (
+                <div className='mt-1 space-y-1 text-red-400 text-xs'>
+                  <p>{resetStatus.message}</p>
+                </div>
+              )}
            </div>
-            {resetStatus.type && (
-              <div
-                className={`text-sm ${resetStatus.type === 'success' ? 'text-[#4CAF50]' : 'text-red-500'}`}
-              >
-                {resetStatus.message}
+            {resetStatus.type === 'success' && (
+              <div className='mt-1 space-y-1 text-[#4CAF50] text-xs'>
+                <p>{resetStatus.message}</p>
              </div>
            )}
            <Button
--- a/apps/sim/app/(auth)/reset-password/page.tsx
+++ b/apps/sim/app/(auth)/reset-password/page.tsx
@@ -101,7 +101,7 @@ function ResetPasswordContent() {
          </CardContent>
          <CardFooter>
            <p className='w-full text-center text-gray-500 text-sm'>
-              <Link href='/login' className='text-primary hover:underline'>
+              <Link href='/login' className='text-muted-foreground hover:underline'>
                Back to login
              </Link>
            </p>
--- a/apps/sim/app/(auth)/signup/signup-form.test.tsx
+++ b/apps/sim/app/(auth)/signup/signup-form.test.tsx
@@ -166,8 +166,9 @@ describe('SignupPage', () => {
      })
    })

-    it('should prevent submission with invalid name validation', async () => {
+    it('should automatically trim spaces from name input', async () => {
      const mockSignUp = vi.mocked(client.signUp.email)
+      mockSignUp.mockResolvedValue({ data: null, error: null })

      render(<SignupPage {...defaultProps} />)

@@ -176,22 +177,20 @@ describe('SignupPage', () => {
      const passwordInput = screen.getByPlaceholderText(/enter your password/i)
      const submitButton = screen.getByRole('button', { name: /create account/i })

-      // Use name with leading/trailing spaces which should fail validation
      fireEvent.change(nameInput, { target: { value: '  John Doe  ' } })
      fireEvent.change(emailInput, { target: { value: 'user@company.com' } })
      fireEvent.change(passwordInput, { target: { value: 'Password123!' } })
      fireEvent.click(submitButton)

-      // Should not call signUp because validation failed
-      expect(mockSignUp).not.toHaveBeenCalled()
-
-      // Should show validation error
      await waitFor(() => {
-        expect(
-          screen.getByText(
-            /Name cannot contain consecutive spaces|Name cannot start or end with spaces/
-          )
-        ).toBeInTheDocument()
+        expect(mockSignUp).toHaveBeenCalledWith(
+          expect.objectContaining({
+            name: 'John Doe',
+            email: 'user@company.com',
+            password: 'Password123!',
+          }),
+          expect.any(Object)
+        )
      })
    })

--- a/apps/sim/app/(auth)/signup/signup-form.tsx
+++ b/apps/sim/app/(auth)/signup/signup-form.tsx
@@ -49,10 +49,6 @@ const NAME_VALIDATIONS = {
    regex: /^(?!.*\s\s).*$/,
    message: 'Name cannot contain consecutive spaces.',
  },
-  noLeadingTrailingSpaces: {
-    test: (value: string) => value === value.trim(),
-    message: 'Name cannot start or end with spaces.',
-  },
 }

 const validateEmailField = (emailValue: string): string[] => {
@@ -175,10 +171,6 @@ function SignupFormContent({
      errors.push(NAME_VALIDATIONS.noConsecutiveSpaces.message)
    }

-    if (!NAME_VALIDATIONS.noLeadingTrailingSpaces.test(nameValue)) {
-      errors.push(NAME_VALIDATIONS.noLeadingTrailingSpaces.message)
-    }
-
    return errors
  }

@@ -193,11 +185,10 @@ function SignupFormContent({
  }

  const handleNameChange = (e: React.ChangeEvent<HTMLInputElement>) => {
-    const newName = e.target.value
-    setName(newName)
+    const rawValue = e.target.value
+    setName(rawValue)

-    // Silently validate but don't show errors until submit
-    const errors = validateName(newName)
+    const errors = validateName(rawValue)
    setNameErrors(errors)
    setShowNameValidationError(false)
  }
@@ -224,23 +215,21 @@ function SignupFormContent({
    const formData = new FormData(e.currentTarget)
    const emailValue = formData.get('email') as string
    const passwordValue = formData.get('password') as string
-    const name = formData.get('name') as string
+    const nameValue = formData.get('name') as string

-    // Validate name on submit
-    const nameValidationErrors = validateName(name)
+    const trimmedName = nameValue.trim()
+
+    const nameValidationErrors = validateName(trimmedName)
    setNameErrors(nameValidationErrors)
    setShowNameValidationError(nameValidationErrors.length > 0)

-    // Validate email on submit
    const emailValidationErrors = validateEmailField(emailValue)
    setEmailErrors(emailValidationErrors)
    setShowEmailValidationError(emailValidationErrors.length > 0)

-    // Validate password on submit
    const errors = validatePassword(passwordValue)
    setPasswordErrors(errors)

-    // Only show validation errors if there are any
    setShowValidationError(errors.length > 0)

    try {
@@ -249,7 +238,6 @@ function SignupFormContent({
        emailValidationErrors.length > 0 ||
        errors.length > 0
      ) {
-        // Prioritize name errors first, then email errors, then password errors
        if (nameValidationErrors.length > 0) {
          setNameErrors([nameValidationErrors[0]])
          setShowNameValidationError(true)
@@ -266,8 +254,6 @@ function SignupFormContent({
        return
      }

-      // Check if name will be truncated and warn user
-      const trimmedName = name.trim()
      if (trimmedName.length > 100) {
        setNameErrors(['Name will be truncated to 100 characters. Please shorten your name.'])
        setShowNameValidationError(true)
@@ -337,7 +323,6 @@ function SignupFormContent({
        logger.info('Session refreshed after successful signup')
      } catch (sessionError) {
        logger.error('Failed to refresh session after signup:', sessionError)
-        // Continue anyway - the verification flow will handle this
      }

      // For new signups, always require verification
--- a/apps/sim/app/(auth)/verify/use-verification.ts
+++ b/apps/sim/app/(auth)/verify/use-verification.ts
@@ -215,20 +215,28 @@ export function useVerification({
    setOtp(value)
  }

+  // Auto-submit when OTP is complete
+  useEffect(() => {
+    if (otp.length === 6 && email && !isLoading && !isVerified) {
+      const timeoutId = setTimeout(() => {
+        verifyCode()
+      }, 300) // Small delay to ensure UI is ready
+
+      return () => clearTimeout(timeoutId)
+    }
+  }, [otp, email, isLoading, isVerified])
+
  useEffect(() => {
    if (typeof window !== 'undefined') {
      if (!isProduction || !hasResendKey) {
        const storedEmail = sessionStorage.getItem('verificationEmail')
-        logger.info('Auto-verifying user', { email: storedEmail })
      }

      const isDevOrDocker = !isProduction || isTruthy(env.DOCKER_BUILD)

-      // Auto-verify and redirect in development/docker environments
      if (isDevOrDocker || !hasResendKey) {
        setIsVerified(true)

-        // Clear verification requirement cookie (same as manual verification)
        document.cookie =
          'requiresEmailVerification=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT'

--- a/apps/sim/app/api/test-utils/setup.ts
+++ b/apps/sim/app/api/test-utils/setup.ts
@@ -3,7 +3,6 @@
 */
 import { afterEach, beforeEach, vi } from 'vitest'

-// Mock Next.js implementations
 vi.mock('next/headers', () => ({
  cookies: () => ({
    get: vi.fn().mockReturnValue({ value: 'test-session-token' }),
@@ -13,7 +12,6 @@ vi.mock('next/headers', () => ({
  }),
 }))

-// Mock auth utilities
 vi.mock('@/lib/auth/session', () => ({
  getSession: vi.fn().mockResolvedValue({
    user: {
@@ -24,13 +22,10 @@ vi.mock('@/lib/auth/session', () => ({
  }),
 }))

-// Configure Vitest environment
 beforeEach(() => {
-  // Clear all mocks before each test
  vi.clearAllMocks()
 })

 afterEach(() => {
-  // Ensure all mocks are restored after each test
  vi.restoreAllMocks()
 })
--- a/apps/sim/app/api/test-utils/utils.ts
+++ b/apps/sim/app/api/test-utils/utils.ts
@@ -143,7 +143,6 @@ export const sampleWorkflowState = {
  ],
  loops: {},
  parallels: {},
-  whiles: {},
  lastSaved: Date.now(),
  isDeployed: false,
 }
@@ -945,12 +944,10 @@ export interface TestSetupOptions {
 export function setupComprehensiveTestMocks(options: TestSetupOptions = {}) {
  const { auth = { authenticated: true }, database = {}, storage, authApi, features = {} } = options

-  // Setup basic infrastructure mocks
  setupCommonApiMocks()
  mockUuid()
  mockCryptoUuid()

-  // Setup authentication
  const authMocks = mockAuth(auth.user)
  if (auth.authenticated) {
    authMocks.setAuthenticated(auth.user)
@@ -958,22 +955,18 @@ export function setupComprehensiveTestMocks(options: TestSetupOptions = {}) {
    authMocks.setUnauthenticated()
  }

-  // Setup database
  const dbMocks = createMockDatabase(database)

-  // Setup storage if needed
  let storageMocks
  if (storage) {
    storageMocks = createStorageProviderMocks(storage)
  }

-  // Setup auth API if needed
  let authApiMocks
  if (authApi) {
    authApiMocks = createAuthApiMocks(authApi)
  }

-  // Setup feature-specific mocks
  const featureMocks: any = {}
  if (features.workflowUtils) {
    featureMocks.workflowUtils = mockWorkflowUtils()
@@ -1009,12 +1002,10 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {

  let selectCallCount = 0

-  // Helper to create error
  const createDbError = (operation: string, message?: string) => {
    return new Error(message || `Database ${operation} error`)
  }

-  // Create chainable select mock
  const createSelectChain = () => ({
    from: vi.fn().mockReturnThis(),
    leftJoin: vi.fn().mockReturnThis(),
@@ -1039,7 +1030,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
    }),
  })

-  // Create insert chain
  const createInsertChain = () => ({
    values: vi.fn().mockImplementation(() => ({
      returning: vi.fn().mockImplementation(() => {
@@ -1057,7 +1047,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
    })),
  })

-  // Create update chain
  const createUpdateChain = () => ({
    set: vi.fn().mockImplementation(() => ({
      where: vi.fn().mockImplementation(() => {
@@ -1069,7 +1058,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
    })),
  })

-  // Create delete chain
  const createDeleteChain = () => ({
    where: vi.fn().mockImplementation(() => {
      if (deleteOptions.throwError) {
@@ -1079,7 +1067,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
    }),
  })

-  // Create transaction mock
  const createTransactionMock = () => {
    return vi.fn().mockImplementation(async (callback: any) => {
      if (transactionOptions.throwError) {
@@ -1201,7 +1188,6 @@ export function setupKnowledgeMocks(
    mocks.generateEmbedding = vi.fn().mockResolvedValue([0.1, 0.2, 0.3])
  }

-  // Mock the knowledge utilities
  vi.doMock('@/app/api/knowledge/utils', () => mocks)

  return mocks
@@ -1219,12 +1205,10 @@ export function setupFileApiMocks(
 ) {
  const { authenticated = true, storageProvider = 's3', cloudEnabled = true } = options

-  // Setup basic mocks
  setupCommonApiMocks()
  mockUuid()
  mockCryptoUuid()

-  // Setup auth
  const authMocks = mockAuth()
  if (authenticated) {
    authMocks.setAuthenticated()
@@ -1232,14 +1216,12 @@ export function setupFileApiMocks(
    authMocks.setUnauthenticated()
  }

-  // Setup file system mocks
  mockFileSystem({
    writeFileSuccess: true,
    readFileContent: 'test content',
    existsResult: true,
  })

-  // Setup storage provider mocks (this will mock @/lib/uploads)
  let storageMocks
  if (storageProvider) {
    storageMocks = createStorageProviderMocks({
@@ -1247,7 +1229,6 @@ export function setupFileApiMocks(
      isCloudEnabled: cloudEnabled,
    })
  } else {
-    // If no storage provider specified, just mock the base functions
    vi.doMock('@/lib/uploads', () => ({
      getStorageProvider: vi.fn().mockReturnValue('local'),
      isUsingCloudStorage: vi.fn().mockReturnValue(cloudEnabled),
--- a/apps/sim/app/api/auth/oauth/connections/route.ts
+++ b/apps/sim/app/api/auth/oauth/connections/route.ts
@@ -3,6 +3,7 @@ import { jwtDecode } from 'jwt-decode'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user } from '@/db/schema'

@@ -18,7 +19,7 @@ interface GoogleIdToken {
 * Get all OAuth connections for the current user
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/auth/oauth/credentials/route.ts
+++ b/apps/sim/app/api/auth/oauth/credentials/route.ts
@@ -6,6 +6,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import type { OAuthService } from '@/lib/oauth/oauth'
 import { parseProvider } from '@/lib/oauth/oauth'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user, workflow } from '@/db/schema'

@@ -23,7 +24,7 @@ interface GoogleIdToken {
 * Get credentials for a specific provider
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get query params
--- a/apps/sim/app/api/auth/oauth/disconnect/route.ts
+++ b/apps/sim/app/api/auth/oauth/disconnect/route.ts
@@ -2,6 +2,7 @@ import { and, eq, like, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'

@@ -13,7 +14,7 @@ const logger = createLogger('OAuthDisconnectAPI')
 * Disconnect an OAuth provider for the current user
 */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/auth/oauth/microsoft/file/route.ts
+++ b/apps/sim/app/api/auth/oauth/microsoft/file/route.ts
@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFileAPI')
 * Get a single file from Microsoft OneDrive
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  try {
    // Get the session
    const session = await getSession()
--- a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts
+++ b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts
@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFilesAPI')
 * Get Excel files from Microsoft OneDrive
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/auth/oauth/token/route.ts
+++ b/apps/sim/app/api/auth/oauth/token/route.ts
@@ -2,6 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getCredential, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'

 export const dynamic = 'force-dynamic'
@@ -14,7 +15,7 @@ const logger = createLogger('OAuthTokenAPI')
 * and workflow-based authentication (for server-side requests)
 */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  logger.info(`[${requestId}] OAuth token API POST request received`)

@@ -59,7 +60,7 @@ export async function POST(request: NextRequest) {
 * Get the access token for a specific credential
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Short request ID for correlation
+  const requestId = generateRequestId()

  try {
    // Get the credential ID from the query params
--- a/apps/sim/app/api/auth/oauth/wealthbox/item/route.ts
+++ b/apps/sim/app/api/auth/oauth/wealthbox/item/route.ts
@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemAPI')
 * Get a single item (note, contact, task) from Wealthbox
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/auth/oauth/wealthbox/items/route.ts
+++ b/apps/sim/app/api/auth/oauth/wealthbox/items/route.ts
@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemsAPI')
 * Get items (notes, contacts, tasks) from Wealthbox
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/billing/route.ts
+++ b/apps/sim/app/api/billing/route.ts
@@ -2,7 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { getSimplifiedBillingSummary } from '@/lib/billing/core/billing'
-import { getOrganizationBillingData } from '@/lib/billing/core/organization-billing'
+import { getOrganizationBillingData } from '@/lib/billing/core/organization'
 import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { member, userStats } from '@/db/schema'
--- a/apps/sim/app/api/billing/update-cost/route.ts
+++ b/apps/sim/app/api/billing/update-cost/route.ts
@@ -1,10 +1,10 @@
-import crypto from 'crypto'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { checkInternalApiKey } from '@/lib/copilot/utils'
 import { isBillingEnabled } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { userStats } from '@/db/schema'
 import { calculateCost } from '@/providers/utils'
@@ -16,7 +16,8 @@ const UpdateCostSchema = z.object({
  input: z.number().min(0, 'Input tokens must be a non-negative number'),
  output: z.number().min(0, 'Output tokens must be a non-negative number'),
  model: z.string().min(1, 'Model is required'),
-  multiplier: z.number().min(0),
+  inputMultiplier: z.number().min(0),
+  outputMultiplier: z.number().min(0),
 })

 /**
@@ -24,7 +25,7 @@ const UpdateCostSchema = z.object({
 * Update user cost based on token usage with internal API key auth
 */
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const startTime = Date.now()

  try {
@@ -75,14 +76,15 @@ export async function POST(req: NextRequest) {
      )
    }

-    const { userId, input, output, model, multiplier } = validation.data
+    const { userId, input, output, model, inputMultiplier, outputMultiplier } = validation.data

    logger.info(`[${requestId}] Processing cost update`, {
      userId,
      input,
      output,
      model,
-      multiplier,
+      inputMultiplier,
+      outputMultiplier,
    })

    const finalPromptTokens = input
@@ -95,7 +97,8 @@ export async function POST(req: NextRequest) {
      finalPromptTokens,
      finalCompletionTokens,
      false,
-      multiplier
+      inputMultiplier,
+      outputMultiplier
    )

    logger.info(`[${requestId}] Cost calculation result`, {
@@ -104,7 +107,8 @@ export async function POST(req: NextRequest) {
      promptTokens: finalPromptTokens,
      completionTokens: finalCompletionTokens,
      totalTokens: totalTokens,
-      multiplier,
+      inputMultiplier,
+      outputMultiplier,
      costResult,
    })

--- a/apps/sim/app/api/chat/[subdomain]/otp/route.ts
+++ b/apps/sim/app/api/chat/[subdomain]/otp/route.ts
@@ -5,6 +5,7 @@ import { renderOTPEmail } from '@/components/emails/render-email'
 import { sendEmail } from '@/lib/email/mailer'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getRedisClient, markMessageAsProcessed, releaseLock } from '@/lib/redis'
+import { generateRequestId } from '@/lib/utils'
 import { addCorsHeaders, setChatAuthCookie } from '@/app/api/chat/utils'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
@@ -115,7 +116,7 @@ export async function POST(
  { params }: { params: Promise<{ subdomain: string }> }
 ) {
  const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.debug(`[${requestId}] Processing OTP request for subdomain: ${subdomain}`)
@@ -229,7 +230,7 @@ export async function PUT(
  { params }: { params: Promise<{ subdomain: string }> }
 ) {
  const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.debug(`[${requestId}] Verifying OTP for subdomain: ${subdomain}`)
--- a/apps/sim/app/api/chat/[subdomain]/route.ts
+++ b/apps/sim/app/api/chat/[subdomain]/route.ts
@@ -1,6 +1,7 @@
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import {
  addCorsHeaders,
  executeWorkflowForChat,
@@ -20,7 +21,7 @@ export async function POST(
  { params }: { params: Promise<{ subdomain: string }> }
 ) {
  const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.debug(`[${requestId}] Processing chat request for subdomain: ${subdomain}`)
@@ -141,7 +142,7 @@ export async function GET(
  { params }: { params: Promise<{ subdomain: string }> }
 ) {
  const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.debug(`[${requestId}] Fetching chat info for subdomain: ${subdomain}`)
--- a/apps/sim/app/api/chat/utils.test.ts
+++ b/apps/sim/app/api/chat/utils.test.ts
@@ -14,10 +14,6 @@ vi.mock('@/db', () => ({
  },
 }))

-vi.mock('@/lib/utils', () => ({
-  decryptSecret: vi.fn().mockResolvedValue({ decrypted: 'test-secret' }),
-}))
-
 vi.mock('@/lib/logs/execution/logging-session', () => ({
  LoggingSession: vi.fn().mockImplementation(() => ({
    safeStart: vi.fn().mockResolvedValue(undefined),
@@ -38,6 +34,13 @@ vi.mock('@/stores/workflows/server-utils', () => ({
  mergeSubblockState: vi.fn().mockReturnValue({}),
 }))

+const mockDecryptSecret = vi.fn()
+
+vi.mock('@/lib/utils', () => ({
+  decryptSecret: mockDecryptSecret,
+  generateRequestId: vi.fn(),
+}))
+
 describe('Chat API Utils', () => {
  beforeEach(() => {
    vi.resetModules()
@@ -177,7 +180,10 @@ describe('Chat API Utils', () => {
  })

  describe('Chat auth validation', () => {
-    beforeEach(() => {
+    beforeEach(async () => {
+      vi.clearAllMocks()
+      mockDecryptSecret.mockResolvedValue({ decrypted: 'correct-password' })
+
      vi.doMock('@/app/api/chat/utils', async (importOriginal) => {
        const original = (await importOriginal()) as any
        return {
@@ -190,13 +196,6 @@ describe('Chat API Utils', () => {
          }),
        }
      })
-
-      // Mock decryptSecret globally for all auth tests
-      vi.doMock('@/lib/utils', () => ({
-        decryptSecret: vi.fn((encryptedValue) => {
-          return Promise.resolve({ decrypted: 'correct-password' })
-        }),
-      }))
    })

    it.concurrent('should allow access to public chats', async () => {
--- a/apps/sim/app/api/chat/utils.ts
+++ b/apps/sim/app/api/chat/utils.ts
@@ -3,16 +3,17 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { checkServerSideUsageLimits } from '@/lib/billing'
 import { isDev } from '@/lib/environment'
+import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
 import { buildTraceSpans } from '@/lib/logs/execution/trace-spans/trace-spans'
 import { hasAdminPermission } from '@/lib/permissions/utils'
 import { processStreamingBlockLogs } from '@/lib/tokenization'
 import { getEmailDomain } from '@/lib/urls/utils'
-import { decryptSecret } from '@/lib/utils'
+import { decryptSecret, generateRequestId } from '@/lib/utils'
 import { getBlock } from '@/blocks'
 import { db } from '@/db'
-import { chat, environment as envTable, userStats, workflow } from '@/db/schema'
+import { chat, userStats, workflow } from '@/db/schema'
 import { Executor } from '@/executor'
 import type { BlockLog, ExecutionResult } from '@/executor/types'
 import { Serializer } from '@/serializer'
@@ -302,7 +303,7 @@ export async function executeWorkflowForChat(
  input: string,
  conversationId?: string
 ): Promise<any> {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  logger.debug(
    `[${requestId}] Executing workflow for chat: ${chatId}${
@@ -420,7 +421,7 @@ export async function executeWorkflowForChat(

  // Use deployed state for chat execution (this is the stable, deployed version)
  const deployedState = workflowResult[0].deployedState as WorkflowState
-  const { blocks, edges, loops, parallels, whiles } = deployedState
+  const { blocks, edges, loops, parallels } = deployedState

  // Prepare for execution, similar to use-workflow-execution.ts
  const mergedStates = mergeSubblockState(blocks)
@@ -453,18 +454,21 @@ export async function executeWorkflowForChat(
    {} as Record<string, Record<string, any>>
  )

-  // Get user environment variables for this workflow
+  // Get user environment variables with workspace precedence
  let envVars: Record<string, string> = {}
  try {
-    const envResult = await db
-      .select()
-      .from(envTable)
-      .where(eq(envTable.userId, deployment.userId))
+    const wfWorkspaceRow = await db
+      .select({ workspaceId: workflow.workspaceId })
+      .from(workflow)
+      .where(eq(workflow.id, workflowId))
      .limit(1)

-    if (envResult.length > 0 && envResult[0].variables) {
-      envVars = envResult[0].variables as Record<string, string>
-    }
+    const workspaceId = wfWorkspaceRow[0]?.workspaceId || undefined
+    const { personalEncrypted, workspaceEncrypted } = await getPersonalAndWorkspaceEnv(
+      deployment.userId,
+      workspaceId
+    )
+    envVars = { ...personalEncrypted, ...workspaceEncrypted }
  } catch (error) {
    logger.warn(`[${requestId}] Could not fetch environment variables:`, error)
  }
@@ -497,7 +501,6 @@ export async function executeWorkflowForChat(
    filteredEdges,
    loops,
    parallels,
-    whiles,
    true // Enable validation during execution
  )

--- a/apps/sim/app/api/copilot/chat/route.test.ts
+++ b/apps/sim/app/api/copilot/chat/route.test.ts
@@ -99,6 +99,7 @@ describe('Copilot Chat API Route', () => {

    vi.doMock('@/lib/utils', () => ({
      getRotatingApiKey: mockGetRotatingApiKey,
+      generateRequestId: vi.fn(() => 'test-request-id'),
    }))

    vi.doMock('@/lib/env', () => ({
@@ -224,7 +225,9 @@ describe('Copilot Chat API Route', () => {
            stream: true,
            streamToolCalls: true,
            mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
            depth: 0,
+            chatId: 'chat-123',
          }),
        })
      )
@@ -286,7 +289,9 @@ describe('Copilot Chat API Route', () => {
            stream: true,
            streamToolCalls: true,
            mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
            depth: 0,
+            chatId: 'chat-123',
          }),
        })
      )
@@ -337,7 +342,9 @@ describe('Copilot Chat API Route', () => {
            stream: true,
            streamToolCalls: true,
            mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
            depth: 0,
+            chatId: 'chat-123',
          }),
        })
      )
@@ -425,7 +432,9 @@ describe('Copilot Chat API Route', () => {
            stream: true,
            streamToolCalls: true,
            mode: 'ask',
+            messageId: 'mock-uuid-1234-5678',
            depth: 0,
+            chatId: 'chat-123',
          }),
        })
      )
--- a/apps/sim/app/api/copilot/chat/route.ts
+++ b/apps/sim/app/api/copilot/chat/route.ts
@@ -12,9 +12,9 @@ import {
 import { getCopilotModel } from '@/lib/copilot/config'
 import type { CopilotProviderConfig } from '@/lib/copilot/types'
 import { env } from '@/lib/env'
-import { generateChatTitle } from '@/lib/generate-chat-title'
 import { createLogger } from '@/lib/logs/console/logger'
 import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent'
+import { generateChatTitle } from '@/lib/sim-agent/utils'
 import { createFileContent, isSupportedFileType } from '@/lib/uploads/file-utils'
 import { S3_COPILOT_CONFIG } from '@/lib/uploads/setup'
 import { downloadFile, getStorageProvider } from '@/lib/uploads/storage-client'
@@ -50,13 +50,25 @@ const ChatMessageSchema = z.object({
  contexts: z
    .array(
      z.object({
-        kind: z.enum(['past_chat', 'workflow', 'blocks', 'logs', 'knowledge', 'templates']),
+        kind: z.enum([
+          'past_chat',
+          'workflow',
+          'current_workflow',
+          'blocks',
+          'logs',
+          'workflow_block',
+          'knowledge',
+          'templates',
+          'docs',
+        ]),
        label: z.string(),
        chatId: z.string().optional(),
        workflowId: z.string().optional(),
        knowledgeId: z.string().optional(),
        blockId: z.string().optional(),
        templateId: z.string().optional(),
+        executionId: z.string().optional(),
+        // For workflow_block, provide both workflowId and blockId
      })
    )
    .optional(),
@@ -96,6 +108,8 @@ export async function POST(req: NextRequest) {
      conversationId,
      contexts,
    } = ChatMessageSchema.parse(body)
+    // Ensure we have a consistent user message ID for this request
+    const userMessageIdToUse = userMessageId || crypto.randomUUID()
    try {
      logger.info(`[${tracker.requestId}] Received chat POST`, {
        hasContexts: Array.isArray(contexts),
@@ -105,6 +119,7 @@ export async function POST(req: NextRequest) {
              kind: c?.kind,
              chatId: c?.chatId,
              workflowId: c?.workflowId,
+              executionId: (c as any)?.executionId,
              label: c?.label,
            }))
          : undefined,
@@ -115,13 +130,18 @@ export async function POST(req: NextRequest) {
    if (Array.isArray(contexts) && contexts.length > 0) {
      try {
        const { processContextsServer } = await import('@/lib/copilot/process-contents')
-        const processed = await processContextsServer(contexts as any, authenticatedUserId)
+        const processed = await processContextsServer(contexts as any, authenticatedUserId, message)
        agentContexts = processed
        logger.info(`[${tracker.requestId}] Contexts processed for request`, {
          processedCount: agentContexts.length,
          kinds: agentContexts.map((c) => c.type),
          lengthPreview: agentContexts.map((c) => c.content?.length ?? 0),
        })
+        if (Array.isArray(contexts) && contexts.length > 0 && agentContexts.length === 0) {
+          logger.warn(
+            `[${tracker.requestId}] Contexts provided but none processed. Check executionId for logs contexts.`
+          )
+        }
      } catch (e) {
        logger.error(`[${tracker.requestId}] Failed to process contexts`, e)
      }
@@ -351,12 +371,14 @@ export async function POST(req: NextRequest) {
      stream: stream,
      streamToolCalls: true,
      mode: mode,
+      messageId: userMessageIdToUse,
      ...(providerConfig ? { provider: providerConfig } : {}),
      ...(effectiveConversationId ? { conversationId: effectiveConversationId } : {}),
      ...(typeof effectiveDepth === 'number' ? { depth: effectiveDepth } : {}),
      ...(typeof effectivePrefetch === 'boolean' ? { prefetch: effectivePrefetch } : {}),
      ...(session?.user?.name && { userName: session.user.name }),
      ...(agentContexts.length > 0 && { context: agentContexts }),
+      ...(actualChatId ? { chatId: actualChatId } : {}),
    }

    try {
@@ -396,7 +418,7 @@ export async function POST(req: NextRequest) {
    if (stream && simAgentResponse.body) {
      // Create user message to save
      const userMessage = {
-        id: userMessageId || crypto.randomUUID(), // Use frontend ID if provided
+        id: userMessageIdToUse, // Consistent ID used for request and persistence
        role: 'user',
        content: message,
        timestamp: new Date().toISOString(),
@@ -474,16 +496,6 @@ export async function POST(req: NextRequest) {
                break
              }

-              // Check if client disconnected before processing chunk
-              try {
-                // Forward the chunk to client immediately
-                controller.enqueue(value)
-              } catch (error) {
-                // Client disconnected - stop reading from sim agent
-                reader.cancel() // Stop reading from sim agent
-                break
-              }
-
              // Decode and parse SSE events for logging and capturing content
              const decodedChunk = decoder.decode(value, { stream: true })
              buffer += decodedChunk
@@ -583,6 +595,47 @@ export async function POST(req: NextRequest) {

                      default:
                    }
+
+                    // Emit to client: rewrite 'error' events into user-friendly assistant message
+                    if (event?.type === 'error') {
+                      try {
+                        const displayMessage: string =
+                          (event?.data && (event.data.displayMessage as string)) ||
+                          'Sorry, I encountered an error. Please try again.'
+                        const formatted = `_${displayMessage}_`
+                        // Accumulate so it persists to DB as assistant content
+                        assistantContent += formatted
+                        // Send as content chunk
+                        try {
+                          controller.enqueue(
+                            encoder.encode(
+                              `data: ${JSON.stringify({ type: 'content', data: formatted })}\n\n`
+                            )
+                          )
+                        } catch (enqueueErr) {
+                          reader.cancel()
+                          break
+                        }
+                        // Then close this response cleanly for the client
+                        try {
+                          controller.enqueue(
+                            encoder.encode(`data: ${JSON.stringify({ type: 'done' })}\n\n`)
+                          )
+                        } catch (enqueueErr) {
+                          reader.cancel()
+                          break
+                        }
+                      } catch {}
+                      // Do not forward the original error event
+                    } else {
+                      // Forward original event to client
+                      try {
+                        controller.enqueue(encoder.encode(`data: ${jsonStr}\n\n`))
+                      } catch (enqueueErr) {
+                        reader.cancel()
+                        break
+                      }
+                    }
                  } catch (e) {
                    // Enhanced error handling for large payloads and parsing issues
                    const lineLength = line.length
@@ -615,10 +668,37 @@ export async function POST(req: NextRequest) {
              logger.debug(`[${tracker.requestId}] Processing remaining buffer: "${buffer}"`)
              if (buffer.startsWith('data: ')) {
                try {
-                  const event = JSON.parse(buffer.slice(6))
+                  const jsonStr = buffer.slice(6)
+                  const event = JSON.parse(jsonStr)
                  if (event.type === 'content' && event.data) {
                    assistantContent += event.data
                  }
+                  // Forward remaining event, applying same error rewrite behavior
+                  if (event?.type === 'error') {
+                    const displayMessage: string =
+                      (event?.data && (event.data.displayMessage as string)) ||
+                      'Sorry, I encountered an error. Please try again.'
+                    const formatted = `_${displayMessage}_`
+                    assistantContent += formatted
+                    try {
+                      controller.enqueue(
+                        encoder.encode(
+                          `data: ${JSON.stringify({ type: 'content', data: formatted })}\n\n`
+                        )
+                      )
+                      controller.enqueue(
+                        encoder.encode(`data: ${JSON.stringify({ type: 'done' })}\n\n`)
+                      )
+                    } catch (enqueueErr) {
+                      reader.cancel()
+                    }
+                  } else {
+                    try {
+                      controller.enqueue(encoder.encode(`data: ${jsonStr}\n\n`))
+                    } catch (enqueueErr) {
+                      reader.cancel()
+                    }
+                  }
                } catch (e) {
                  logger.warn(`[${tracker.requestId}] Failed to parse final buffer: "${buffer}"`)
                }
@@ -734,7 +814,7 @@ export async function POST(req: NextRequest) {
    // Save messages if we have a chat
    if (currentChat && responseData.content) {
      const userMessage = {
-        id: userMessageId || crypto.randomUUID(), // Use frontend ID if provided
+        id: userMessageIdToUse, // Consistent ID used for request and persistence
        role: 'user',
        content: message,
        timestamp: new Date().toISOString(),
--- a/apps/sim/app/api/copilot/checkpoints/revert/route.ts
+++ b/apps/sim/app/api/copilot/checkpoints/revert/route.ts
@@ -71,7 +71,6 @@ export async function POST(request: NextRequest) {
      edges: checkpointState?.edges || [],
      loops: checkpointState?.loops || {},
      parallels: checkpointState?.parallels || {},
-      whiles: checkpointState?.whiles || {},
      isDeployed: checkpointState?.isDeployed || false,
      deploymentStatuses: checkpointState?.deploymentStatuses || {},
      hasActiveWebhook: checkpointState?.hasActiveWebhook || false,
--- a/apps/sim/app/api/copilot/stats/route.ts
+++ b/apps/sim/app/api/copilot/stats/route.ts
@@ -0,0 +1,68 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import {
+  authenticateCopilotRequestSessionOnly,
+  createBadRequestResponse,
+  createInternalServerErrorResponse,
+  createRequestTracker,
+  createUnauthorizedResponse,
+} from '@/lib/copilot/auth'
+import { env } from '@/lib/env'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent'
+
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
+const BodySchema = z.object({
+  messageId: z.string(),
+  diffCreated: z.boolean(),
+  diffAccepted: z.boolean(),
+})
+
+export async function POST(req: NextRequest) {
+  const tracker = createRequestTracker()
+  try {
+    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
+    if (!isAuthenticated || !userId) {
+      return createUnauthorizedResponse()
+    }
+
+    const json = await req.json().catch(() => ({}))
+    const parsed = BodySchema.safeParse(json)
+    if (!parsed.success) {
+      return createBadRequestResponse('Invalid request body for copilot stats')
+    }
+
+    const { messageId, diffCreated, diffAccepted } = parsed.data as any
+
+    // Build outgoing payload for Sim Agent with only required fields
+    const payload: Record<string, any> = {
+      messageId,
+      diffCreated,
+      diffAccepted,
+    }
+
+    const agentRes = await fetch(`${SIM_AGENT_API_URL}/api/stats`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(env.COPILOT_API_KEY ? { 'x-api-key': env.COPILOT_API_KEY } : {}),
+      },
+      body: JSON.stringify(payload),
+    })
+
+    // Prefer not to block clients; still relay status
+    let agentJson: any = null
+    try {
+      agentJson = await agentRes.json()
+    } catch {}
+
+    if (!agentRes.ok) {
+      const message = (agentJson && (agentJson.error || agentJson.message)) || 'Upstream error'
+      return NextResponse.json({ success: false, error: message }, { status: 400 })
+    }
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    return createInternalServerErrorResponse('Failed to forward copilot stats')
+  }
+}
--- a/apps/sim/app/api/environment/route.ts
+++ b/apps/sim/app/api/environment/route.ts
@@ -3,20 +3,19 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-import { decryptSecret, encryptSecret } from '@/lib/utils'
+import { decryptSecret, encryptSecret, generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { environment } from '@/db/schema'
 import type { EnvironmentVariable } from '@/stores/settings/environment/types'

 const logger = createLogger('EnvironmentAPI')

-// Schema for environment variable updates
 const EnvVarSchema = z.object({
  variables: z.record(z.string()),
 })

 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
@@ -30,17 +29,13 @@ export async function POST(req: NextRequest) {
    try {
      const { variables } = EnvVarSchema.parse(body)

-      // Encrypt all variables
-      const encryptedVariables = await Object.entries(variables).reduce(
-        async (accPromise, [key, value]) => {
-          const acc = await accPromise
+      const encryptedVariables = await Promise.all(
+        Object.entries(variables).map(async ([key, value]) => {
          const { encrypted } = await encryptSecret(value)
-          return { ...acc, [key]: encrypted }
-        },
-        Promise.resolve({})
-      )
+          return [key, encrypted] as const
+        })
+      ).then((entries) => Object.fromEntries(entries))

-      // Replace all environment variables for user
      await db
        .insert(environment)
        .values({
@@ -77,10 +72,9 @@ export async function POST(req: NextRequest) {
 }

 export async function GET(request: Request) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
-    // Get the session directly in the API route
    const session = await getSession()
    if (!session?.user?.id) {
      logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
@@ -99,18 +93,15 @@ export async function GET(request: Request) {
      return NextResponse.json({ data: {} }, { status: 200 })
    }

-    // Decrypt the variables for client-side use
    const encryptedVariables = result[0].variables as Record<string, string>
    const decryptedVariables: Record<string, EnvironmentVariable> = {}

-    // Decrypt each variable
    for (const [key, encryptedValue] of Object.entries(encryptedVariables)) {
      try {
        const { decrypted } = await decryptSecret(encryptedValue)
        decryptedVariables[key] = { key, value: decrypted }
      } catch (error) {
        logger.error(`[${requestId}] Error decrypting variable ${key}`, error)
-        // If decryption fails, provide a placeholder
        decryptedVariables[key] = { key, value: '' }
      }
    }
--- a/apps/sim/app/api/environment/variables/route.ts
+++ b/apps/sim/app/api/environment/variables/route.ts
@@ -1,225 +0,0 @@
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getEnvironmentVariableKeys } from '@/lib/environment/utils'
-import { createLogger } from '@/lib/logs/console/logger'
-import { decryptSecret, encryptSecret } from '@/lib/utils'
-import { getUserId } from '@/app/api/auth/oauth/utils'
-import { db } from '@/db'
-import { environment } from '@/db/schema'
-
-const logger = createLogger('EnvironmentVariablesAPI')
-
-// Schema for environment variable updates
-const EnvVarSchema = z.object({
-  variables: z.record(z.string()),
-})
-
-export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    // For GET requests, check for workflowId in query params
-    const { searchParams } = new URL(request.url)
-    const workflowId = searchParams.get('workflowId')
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId || undefined)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Get only the variable names (keys), not values
-    const result = await getEnvironmentVariableKeys(userId)
-
-    return NextResponse.json(
-      {
-        success: true,
-        output: result,
-      },
-      { status: 200 }
-    )
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables fetch error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to get environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}
-
-export async function PUT(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    const body = await request.json()
-    const { workflowId, variables } = body
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables set attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    try {
-      const { variables: validatedVariables } = EnvVarSchema.parse({ variables })
-
-      // Get existing environment variables for this user
-      const existingData = await db
-        .select()
-        .from(environment)
-        .where(eq(environment.userId, userId))
-        .limit(1)
-
-      // Start with existing encrypted variables or empty object
-      const existingEncryptedVariables =
-        (existingData[0]?.variables as Record<string, string>) || {}
-
-      // Determine which variables are new or changed by comparing with decrypted existing values
-      const variablesToEncrypt: Record<string, string> = {}
-      const addedVariables: string[] = []
-      const updatedVariables: string[] = []
-
-      for (const [key, newValue] of Object.entries(validatedVariables)) {
-        if (!(key in existingEncryptedVariables)) {
-          // New variable
-          variablesToEncrypt[key] = newValue
-          addedVariables.push(key)
-        } else {
-          // Check if the value has actually changed by decrypting the existing value
-          try {
-            const { decrypted: existingValue } = await decryptSecret(
-              existingEncryptedVariables[key]
-            )
-
-            if (existingValue !== newValue) {
-              // Value changed, needs re-encryption
-              variablesToEncrypt[key] = newValue
-              updatedVariables.push(key)
-            }
-            // If values are the same, keep the existing encrypted value
-          } catch (decryptError) {
-            // If we can't decrypt the existing value, treat as changed and re-encrypt
-            logger.warn(
-              `[${requestId}] Could not decrypt existing variable ${key}, re-encrypting`,
-              {
-                error: decryptError,
-              }
-            )
-            variablesToEncrypt[key] = newValue
-            updatedVariables.push(key)
-          }
-        }
-      }
-
-      // Only encrypt the variables that are new or changed
-      const newlyEncryptedVariables = await Object.entries(variablesToEncrypt).reduce(
-        async (accPromise, [key, value]) => {
-          const acc = await accPromise
-          const { encrypted } = await encryptSecret(value)
-          return { ...acc, [key]: encrypted }
-        },
-        Promise.resolve({})
-      )
-
-      // Merge existing encrypted variables with newly encrypted ones
-      const finalEncryptedVariables = { ...existingEncryptedVariables, ...newlyEncryptedVariables }
-
-      // Update or insert environment variables for user
-      await db
-        .insert(environment)
-        .values({
-          id: crypto.randomUUID(),
-          userId: userId,
-          variables: finalEncryptedVariables,
-          updatedAt: new Date(),
-        })
-        .onConflictDoUpdate({
-          target: [environment.userId],
-          set: {
-            variables: finalEncryptedVariables,
-            updatedAt: new Date(),
-          },
-        })
-
-      return NextResponse.json(
-        {
-          success: true,
-          output: {
-            message: `Successfully processed ${Object.keys(validatedVariables).length} environment variable(s): ${addedVariables.length} added, ${updatedVariables.length} updated`,
-            variableCount: Object.keys(validatedVariables).length,
-            variableNames: Object.keys(validatedVariables),
-            totalVariableCount: Object.keys(finalEncryptedVariables).length,
-            addedVariables,
-            updatedVariables,
-          },
-        },
-        { status: 200 }
-      )
-    } catch (validationError) {
-      if (validationError instanceof z.ZodError) {
-        logger.warn(`[${requestId}] Invalid environment variables data`, {
-          errors: validationError.errors,
-        })
-        return NextResponse.json(
-          { error: 'Invalid request data', details: validationError.errors },
-          { status: 400 }
-        )
-      }
-      throw validationError
-    }
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables set error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to set environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    const body = await request.json()
-    const { workflowId } = body
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Get only the variable names (keys), not values
-    const result = await getEnvironmentVariableKeys(userId)
-
-    return NextResponse.json(
-      {
-        success: true,
-        output: result,
-      },
-      { status: 200 }
-    )
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables fetch error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to get environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}
--- a/apps/sim/app/api/files/parse/route.ts
+++ b/apps/sim/app/api/files/parse/route.ts
@@ -76,11 +76,9 @@ export async function POST(request: NextRequest) {

    logger.info('File parse request received:', { filePath, fileType })

-    // Handle multiple files
    if (Array.isArray(filePath)) {
      const results = []
      for (const path of filePath) {
-        // Skip empty or invalid paths
        if (!path || (typeof path === 'string' && path.trim() === '')) {
          results.push({
            success: false,
@@ -91,12 +89,10 @@ export async function POST(request: NextRequest) {
        }

        const result = await parseFileSingle(path, fileType)
-        // Add processing time to metadata
        if (result.metadata) {
          result.metadata.processingTime = Date.now() - startTime
        }

-        // Transform each result to match expected frontend format
        if (result.success) {
          results.push({
            success: true,
@@ -105,7 +101,7 @@ export async function POST(request: NextRequest) {
              name: result.filePath.split('/').pop() || 'unknown',
              fileType: result.metadata?.fileType || 'application/octet-stream',
              size: result.metadata?.size || 0,
-              binary: false, // We only return text content
+              binary: false,
            },
            filePath: result.filePath,
          })
@@ -120,15 +116,12 @@ export async function POST(request: NextRequest) {
      })
    }

-    // Handle single file
    const result = await parseFileSingle(filePath, fileType)

-    // Add processing time to metadata
    if (result.metadata) {
      result.metadata.processingTime = Date.now() - startTime
    }

-    // Transform single file result to match expected frontend format
    if (result.success) {
      return NextResponse.json({
        success: true,
@@ -142,8 +135,6 @@ export async function POST(request: NextRequest) {
      })
    }

-    // Only return 500 for actual server errors, not file processing failures
-    // File processing failures (like file not found, parsing errors) should return 200 with success:false
    return NextResponse.json(result)
  } catch (error) {
    logger.error('Error in file parse API:', error)
@@ -164,7 +155,6 @@ export async function POST(request: NextRequest) {
 async function parseFileSingle(filePath: string, fileType?: string): Promise<ParseResult> {
  logger.info('Parsing file:', filePath)

-  // Validate that filePath is not empty
  if (!filePath || filePath.trim() === '') {
    return {
      success: false,
@@ -173,7 +163,6 @@ async function parseFileSingle(filePath: string, fileType?: string): Promise<Par
    }
  }

-  // Validate path for security before any processing
  const pathValidation = validateFilePath(filePath)
  if (!pathValidation.isValid) {
    return {
@@ -183,49 +172,40 @@ async function parseFileSingle(filePath: string, fileType?: string): Promise<Par
    }
  }

-  // Check if this is an external URL
  if (filePath.startsWith('http://') || filePath.startsWith('https://')) {
    return handleExternalUrl(filePath, fileType)
  }

-  // Check if this is a cloud storage path (S3 or Blob)
  const isS3Path = filePath.includes('/api/files/serve/s3/')
  const isBlobPath = filePath.includes('/api/files/serve/blob/')

-  // Use cloud handler if it's a cloud path or we're in cloud mode
  if (isS3Path || isBlobPath || isUsingCloudStorage()) {
    return handleCloudFile(filePath, fileType)
  }

-  // Use local handler for local files
  return handleLocalFile(filePath, fileType)
 }

 /**
- * Validate file path for security
+ * Validate file path for security - prevents null byte injection and path traversal attacks
 */
 function validateFilePath(filePath: string): { isValid: boolean; error?: string } {
-  // Check for null bytes
  if (filePath.includes('\0')) {
    return { isValid: false, error: 'Invalid path: null byte detected' }
  }

-  // Check for path traversal attempts
  if (filePath.includes('..')) {
    return { isValid: false, error: 'Access denied: path traversal detected' }
  }

-  // Check for tilde characters (home directory access)
  if (filePath.includes('~')) {
    return { isValid: false, error: 'Invalid path: tilde character not allowed' }
  }

-  // Check for absolute paths outside allowed directories
  if (filePath.startsWith('/') && !filePath.startsWith('/api/files/serve/')) {
    return { isValid: false, error: 'Path outside allowed directory' }
  }

-  // Check for Windows absolute paths
  if (/^[A-Za-z]:\\/.test(filePath)) {
    return { isValid: false, error: 'Path outside allowed directory' }
  }
@@ -260,12 +240,10 @@ async function handleExternalUrl(url: string, fileType?: string): Promise<ParseR

    logger.info(`Downloaded file from URL: ${url}, size: ${buffer.length} bytes`)

-    // Extract filename from URL
    const urlPath = new URL(url).pathname
    const filename = urlPath.split('/').pop() || 'download'
    const extension = path.extname(filename).toLowerCase().substring(1)

-    // Process the file based on its content type
    if (extension === 'pdf') {
      return await handlePdfBuffer(buffer, filename, fileType, url)
    }
@@ -276,7 +254,6 @@ async function handleExternalUrl(url: string, fileType?: string): Promise<ParseR
      return await handleGenericTextBuffer(buffer, filename, extension, fileType, url)
    }

-    // For binary or unknown files
    return handleGenericBuffer(buffer, filename, extension, fileType)
  } catch (error) {
    logger.error(`Error handling external URL ${url}:`, error)
@@ -289,35 +266,29 @@ async function handleExternalUrl(url: string, fileType?: string): Promise<ParseR
 }

 /**
- * Handle file stored in cloud storage (S3 or Azure Blob)
+ * Handle file stored in cloud storage
 */
 async function handleCloudFile(filePath: string, fileType?: string): Promise<ParseResult> {
  try {
-    // Extract the cloud key from the path
    let cloudKey: string
    if (filePath.includes('/api/files/serve/s3/')) {
      cloudKey = decodeURIComponent(filePath.split('/api/files/serve/s3/')[1])
    } else if (filePath.includes('/api/files/serve/blob/')) {
      cloudKey = decodeURIComponent(filePath.split('/api/files/serve/blob/')[1])
    } else if (filePath.startsWith('/api/files/serve/')) {
-      // Backwards-compatibility: path like "/api/files/serve/<key>"
      cloudKey = decodeURIComponent(filePath.substring('/api/files/serve/'.length))
    } else {
-      // Assume raw key provided
      cloudKey = filePath
    }

    logger.info('Extracted cloud key:', cloudKey)

-    // Download the file from cloud storage - this can throw for access errors
    const fileBuffer = await downloadFile(cloudKey)
    logger.info(`Downloaded file from cloud storage: ${cloudKey}, size: ${fileBuffer.length} bytes`)

-    // Extract the filename from the cloud key
    const filename = cloudKey.split('/').pop() || cloudKey
    const extension = path.extname(filename).toLowerCase().substring(1)

-    // Process the file based on its content type
    if (extension === 'pdf') {
      return await handlePdfBuffer(fileBuffer, filename, fileType, filePath)
    }
@@ -325,22 +296,19 @@ async function handleCloudFile(filePath: string, fileType?: string): Promise<Par
      return await handleCsvBuffer(fileBuffer, filename, fileType, filePath)
    }
    if (isSupportedFileType(extension)) {
-      // For other supported types that we have parsers for
      return await handleGenericTextBuffer(fileBuffer, filename, extension, fileType, filePath)
    }
-    // For binary or unknown files
    return handleGenericBuffer(fileBuffer, filename, extension, fileType)
  } catch (error) {
    logger.error(`Error handling cloud file ${filePath}:`, error)

-    // Check if this is a download/access error that should trigger a 500 response
+    // For download/access errors, throw to trigger 500 response
    const errorMessage = (error as Error).message
    if (errorMessage.includes('Access denied') || errorMessage.includes('Forbidden')) {
-      // For access errors, throw to trigger 500 response
      throw new Error(`Error accessing file from cloud storage: ${errorMessage}`)
    }

-    // For other errors (parsing, processing), return success:false
+    // For other errors (parsing, processing), return success:false and an error message
    return {
      success: false,
      error: `Error accessing file from cloud storage: ${errorMessage}`,
@@ -354,28 +322,23 @@ async function handleCloudFile(filePath: string, fileType?: string): Promise<Par
 */
 async function handleLocalFile(filePath: string, fileType?: string): Promise<ParseResult> {
  try {
-    // Extract filename from path
    const filename = filePath.split('/').pop() || filePath
    const fullPath = path.join(UPLOAD_DIR_SERVER, filename)

    logger.info('Processing local file:', fullPath)

-    // Check if file exists
    try {
      await fsPromises.access(fullPath)
    } catch {
      throw new Error(`File not found: ${filename}`)
    }

-    // Parse the file directly
    const result = await parseFile(fullPath)

-    // Get file stats for metadata
    const stats = await fsPromises.stat(fullPath)
    const fileBuffer = await readFile(fullPath)
    const hash = createHash('md5').update(fileBuffer).digest('hex')

-    // Extract file extension for type detection
    const extension = path.extname(filename).toLowerCase().substring(1)

    return {
@@ -386,7 +349,7 @@ async function handleLocalFile(filePath: string, fileType?: string): Promise<Par
        fileType: fileType || getMimeType(extension),
        size: stats.size,
        hash,
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  } catch (error) {
@@ -425,15 +388,14 @@ async function handlePdfBuffer(
        fileType: fileType || 'application/pdf',
        size: fileBuffer.length,
        hash: createHash('md5').update(fileBuffer).digest('hex'),
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  } catch (error) {
    logger.error('Failed to parse PDF in memory:', error)

-    // Create fallback message for PDF parsing failure
    const content = createPdfFailureMessage(
-      0, // We can't determine page count without parsing
+      0,
      fileBuffer.length,
      originalPath || filename,
      (error as Error).message
@@ -447,7 +409,7 @@ async function handlePdfBuffer(
        fileType: fileType || 'application/pdf',
        size: fileBuffer.length,
        hash: createHash('md5').update(fileBuffer).digest('hex'),
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  }
@@ -465,7 +427,6 @@ async function handleCsvBuffer(
  try {
    logger.info(`Parsing CSV in memory: ${filename}`)

-    // Use the parseBuffer function from our library
    const { parseBuffer } = await import('@/lib/file-parsers')
    const result = await parseBuffer(fileBuffer, 'csv')

@@ -477,7 +438,7 @@ async function handleCsvBuffer(
        fileType: fileType || 'text/csv',
        size: fileBuffer.length,
        hash: createHash('md5').update(fileBuffer).digest('hex'),
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  } catch (error) {
@@ -490,7 +451,7 @@ async function handleCsvBuffer(
        fileType: 'text/csv',
        size: 0,
        hash: '',
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  }
@@ -509,7 +470,6 @@ async function handleGenericTextBuffer(
  try {
    logger.info(`Parsing text file in memory: ${filename}`)

-    // Try to use a specialized parser if available
    try {
      const { parseBuffer, isSupportedFileType } = await import('@/lib/file-parsers')

@@ -524,7 +484,7 @@ async function handleGenericTextBuffer(
            fileType: fileType || getMimeType(extension),
            size: fileBuffer.length,
            hash: createHash('md5').update(fileBuffer).digest('hex'),
-            processingTime: 0, // Will be set by caller
+            processingTime: 0,
          },
        }
      }
@@ -532,7 +492,6 @@ async function handleGenericTextBuffer(
      logger.warn('Specialized parser failed, falling back to generic parsing:', parserError)
    }

-    // Fallback to generic text parsing
    const content = fileBuffer.toString('utf-8')

    return {
@@ -543,7 +502,7 @@ async function handleGenericTextBuffer(
        fileType: fileType || getMimeType(extension),
        size: fileBuffer.length,
        hash: createHash('md5').update(fileBuffer).digest('hex'),
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  } catch (error) {
@@ -556,7 +515,7 @@ async function handleGenericTextBuffer(
        fileType: 'text/plain',
        size: 0,
        hash: '',
-        processingTime: 0, // Will be set by caller
+        processingTime: 0,
      },
    }
  }
@@ -584,7 +543,7 @@ function handleGenericBuffer(
      fileType: fileType || getMimeType(extension),
      size: fileBuffer.length,
      hash: createHash('md5').update(fileBuffer).digest('hex'),
-      processingTime: 0, // Will be set by caller
+      processingTime: 0,
    },
  }
 }
@@ -594,25 +553,11 @@ function handleGenericBuffer(
 */
 async function parseBufferAsPdf(buffer: Buffer) {
  try {
-    // Import parsers dynamically to avoid initialization issues in tests
-    // First try to use the main PDF parser
-    try {
-      const { PdfParser } = await import('@/lib/file-parsers/pdf-parser')
-      const parser = new PdfParser()
-      logger.info('Using main PDF parser for buffer')
+    const { PdfParser } = await import('@/lib/file-parsers/pdf-parser')
+    const parser = new PdfParser()
+    logger.info('Using main PDF parser for buffer')

-      if (parser.parseBuffer) {
-        return await parser.parseBuffer(buffer)
-      }
-      throw new Error('PDF parser does not support buffer parsing')
-    } catch (error) {
-      // Fallback to raw PDF parser
-      logger.warn('Main PDF parser failed, using raw parser for buffer:', error)
-      const { RawPdfParser } = await import('@/lib/file-parsers/raw-pdf-parser')
-      const rawParser = new RawPdfParser()
-
-      return await rawParser.parseBuffer(buffer)
-    }
+    return await parser.parseBuffer(buffer)
  } catch (error) {
    throw new Error(`PDF parsing failed: ${(error as Error).message}`)
  }
@@ -655,7 +600,7 @@ Please use a PDF viewer for best results.`
 }

 /**
- * Create error message for PDF parsing failure
+ * Create error message for PDF parsing failure and make it more readable
 */
 function createPdfFailureMessage(
  pageCount: number,
--- a/apps/sim/app/api/files/presigned/route.test.ts
+++ b/apps/sim/app/api/files/presigned/route.test.ts
@@ -1,7 +1,13 @@
 import { NextRequest } from 'next/server'
-import { beforeEach, describe, expect, test, vi } from 'vitest'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import { setupFileApiMocks } from '@/app/api/__test-utils__/utils'

+/**
+ * Tests for file presigned API route
+ *
+ * @vitest-environment node
+ */
+
 describe('/api/files/presigned', () => {
  beforeEach(() => {
    vi.clearAllMocks()
@@ -19,7 +25,7 @@ describe('/api/files/presigned', () => {
  })

  describe('POST', () => {
-    test('should return error when cloud storage is not enabled', async () => {
+    it('should return error when cloud storage is not enabled', async () => {
      setupFileApiMocks({
        cloudEnabled: false,
        storageProvider: 's3',
@@ -39,7 +45,7 @@ describe('/api/files/presigned', () => {
      const response = await POST(request)
      const data = await response.json()

-      expect(response.status).toBe(500) // Changed from 400 to 500 (StorageConfigError)
+      expect(response.status).toBe(500)
      expect(data.error).toBe('Direct uploads are only available when cloud storage is enabled')
      expect(data.code).toBe('STORAGE_CONFIG_ERROR')
      expect(data.directUploadSupported).toBe(false)
--- a/apps/sim/app/api/files/presigned/route.ts
+++ b/apps/sim/app/api/files/presigned/route.ts
@@ -12,10 +12,12 @@ import {
  BLOB_CONFIG,
  BLOB_COPILOT_CONFIG,
  BLOB_KB_CONFIG,
+  BLOB_PROFILE_PICTURES_CONFIG,
  S3_CHAT_CONFIG,
  S3_CONFIG,
  S3_COPILOT_CONFIG,
  S3_KB_CONFIG,
+  S3_PROFILE_PICTURES_CONFIG,
 } from '@/lib/uploads/setup'
 import { validateFileType } from '@/lib/uploads/validation'
 import { createErrorResponse, createOptionsResponse } from '@/app/api/files/utils'
@@ -30,7 +32,7 @@ interface PresignedUrlRequest {
  chatId?: string
 }

-type UploadType = 'general' | 'knowledge-base' | 'chat' | 'copilot'
+type UploadType = 'general' | 'knowledge-base' | 'chat' | 'copilot' | 'profile-pictures'

 class PresignedUrlError extends Error {
  constructor(
@@ -96,7 +98,9 @@ export async function POST(request: NextRequest) {
          ? 'chat'
          : uploadTypeParam === 'copilot'
            ? 'copilot'
-            : 'general'
+            : uploadTypeParam === 'profile-pictures'
+              ? 'profile-pictures'
+              : 'general'

    if (uploadType === 'knowledge-base') {
      const fileValidationError = validateFileType(fileName, contentType)
@@ -121,6 +125,21 @@ export async function POST(request: NextRequest) {
      }
    }

+    // Validate profile picture requirements
+    if (uploadType === 'profile-pictures') {
+      if (!sessionUserId?.trim()) {
+        throw new ValidationError(
+          'Authenticated user session is required for profile picture uploads'
+        )
+      }
+      // Only allow image uploads for profile pictures
+      if (!isImageFileType(contentType)) {
+        throw new ValidationError(
+          'Only image files (JPEG, PNG, GIF, WebP, SVG) are allowed for profile picture uploads'
+        )
+      }
+    }
+
    if (!isUsingCloudStorage()) {
      throw new StorageConfigError(
        'Direct uploads are only available when cloud storage is enabled'
@@ -185,7 +204,9 @@ async function handleS3PresignedUrl(
          ? S3_CHAT_CONFIG
          : uploadType === 'copilot'
            ? S3_COPILOT_CONFIG
-            : S3_CONFIG
+            : uploadType === 'profile-pictures'
+              ? S3_PROFILE_PICTURES_CONFIG
+              : S3_CONFIG

    if (!config.bucket || !config.region) {
      throw new StorageConfigError(`S3 configuration missing for ${uploadType} uploads`)
@@ -200,6 +221,8 @@ async function handleS3PresignedUrl(
      prefix = 'chat/'
    } else if (uploadType === 'copilot') {
      prefix = `${userId}/`
+    } else if (uploadType === 'profile-pictures') {
+      prefix = `${userId}/`
    }

    const uniqueKey = `${prefix}${uuidv4()}-${safeFileName}`
@@ -219,6 +242,9 @@ async function handleS3PresignedUrl(
    } else if (uploadType === 'copilot') {
      metadata.purpose = 'copilot'
      metadata.userId = userId || ''
+    } else if (uploadType === 'profile-pictures') {
+      metadata.purpose = 'profile-pictures'
+      metadata.userId = userId || ''
    }

    const command = new PutObjectCommand({
@@ -239,9 +265,9 @@ async function handleS3PresignedUrl(
      )
    }

-    // For chat images and knowledge base files, use direct URLs since they need to be accessible by external services
+    // For chat images, knowledge base files, and profile pictures, use direct URLs since they need to be accessible by external services
    const finalPath =
-      uploadType === 'chat' || uploadType === 'knowledge-base'
+      uploadType === 'chat' || uploadType === 'knowledge-base' || uploadType === 'profile-pictures'
        ? `https://${config.bucket}.s3.${config.region}.amazonaws.com/${uniqueKey}`
        : `/api/files/serve/s3/${encodeURIComponent(uniqueKey)}`

@@ -285,7 +311,9 @@ async function handleBlobPresignedUrl(
          ? BLOB_CHAT_CONFIG
          : uploadType === 'copilot'
            ? BLOB_COPILOT_CONFIG
-            : BLOB_CONFIG
+            : uploadType === 'profile-pictures'
+              ? BLOB_PROFILE_PICTURES_CONFIG
+              : BLOB_CONFIG

    if (
      !config.accountName ||
@@ -304,6 +332,8 @@ async function handleBlobPresignedUrl(
      prefix = 'chat/'
    } else if (uploadType === 'copilot') {
      prefix = `${userId}/`
+    } else if (uploadType === 'profile-pictures') {
+      prefix = `${userId}/`
    }

    const uniqueKey = `${prefix}${uuidv4()}-${safeFileName}`
@@ -339,10 +369,10 @@ async function handleBlobPresignedUrl(

    const presignedUrl = `${blockBlobClient.url}?${sasToken}`

-    // For chat images, use direct Blob URLs since they need to be permanently accessible
+    // For chat images and profile pictures, use direct Blob URLs since they need to be permanently accessible
    // For other files, use serve path for access control
    const finalPath =
-      uploadType === 'chat'
+      uploadType === 'chat' || uploadType === 'profile-pictures'
        ? blockBlobClient.url
        : `/api/files/serve/blob/${encodeURIComponent(uniqueKey)}`

@@ -362,6 +392,9 @@ async function handleBlobPresignedUrl(
    } else if (uploadType === 'copilot') {
      uploadHeaders['x-ms-meta-purpose'] = 'copilot'
      uploadHeaders['x-ms-meta-userid'] = encodeURIComponent(userId || '')
+    } else if (uploadType === 'profile-pictures') {
+      uploadHeaders['x-ms-meta-purpose'] = 'profile-pictures'
+      uploadHeaders['x-ms-meta-userid'] = encodeURIComponent(userId || '')
    }

    return NextResponse.json({
--- a/apps/sim/app/api/function/execute/route.test.ts
+++ b/apps/sim/app/api/function/execute/route.test.ts
@@ -32,6 +32,14 @@ describe('Function Execute API Route', () => {
      createLogger: vi.fn().mockReturnValue(mockLogger),
    }))

+    vi.doMock('@/lib/execution/e2b', () => ({
+      executeInE2B: vi.fn().mockResolvedValue({
+        result: 'e2b success',
+        stdout: 'e2b output',
+        sandboxId: 'test-sandbox-id',
+      }),
+    }))
+
    mockRunInContext.mockResolvedValue('vm success')
    mockCreateContext.mockReturnValue({})
  })
@@ -45,6 +53,7 @@ describe('Function Execute API Route', () => {
      const req = createMockRequest('POST', {
        code: 'return "Hello World"',
        timeout: 5000,
+        useLocalVM: true,
      })

      const { POST } = await import('@/app/api/function/execute/route')
@@ -74,6 +83,7 @@ describe('Function Execute API Route', () => {
    it('should use default timeout when not provided', async () => {
      const req = createMockRequest('POST', {
        code: 'return "test"',
+        useLocalVM: true,
      })

      const { POST } = await import('@/app/api/function/execute/route')
@@ -93,6 +103,7 @@ describe('Function Execute API Route', () => {
    it('should resolve environment variables with {{var_name}} syntax', async () => {
      const req = createMockRequest('POST', {
        code: 'return {{API_KEY}}',
+        useLocalVM: true,
        envVars: {
          API_KEY: 'secret-key-123',
        },
@@ -108,6 +119,7 @@ describe('Function Execute API Route', () => {
    it('should resolve tag variables with <tag_name> syntax', async () => {
      const req = createMockRequest('POST', {
        code: 'return <email>',
+        useLocalVM: true,
        params: {
          email: { id: '123', subject: 'Test Email' },
        },
@@ -123,6 +135,7 @@ describe('Function Execute API Route', () => {
    it('should NOT treat email addresses as template variables', async () => {
      const req = createMockRequest('POST', {
        code: 'return "Email sent to user"',
+        useLocalVM: true,
        params: {
          email: {
            from: 'Waleed Latif <waleed@sim.ai>',
@@ -141,6 +154,7 @@ describe('Function Execute API Route', () => {
    it('should only match valid variable names in angle brackets', async () => {
      const req = createMockRequest('POST', {
        code: 'return <validVar> + "<invalid@email.com>" + <another_valid>',
+        useLocalVM: true,
        params: {
          validVar: 'hello',
          another_valid: 'world',
@@ -178,6 +192,7 @@ describe('Function Execute API Route', () => {

      const req = createMockRequest('POST', {
        code: 'return <email>',
+        useLocalVM: true,
        params: gmailData,
      })

@@ -200,6 +215,7 @@ describe('Function Execute API Route', () => {

      const req = createMockRequest('POST', {
        code: 'return <email>',
+        useLocalVM: true,
        params: complexEmailData,
      })

@@ -214,6 +230,7 @@ describe('Function Execute API Route', () => {
    it('should handle custom tool execution with direct parameter access', async () => {
      const req = createMockRequest('POST', {
        code: 'return location + " weather is sunny"',
+        useLocalVM: true,
        params: {
          location: 'San Francisco',
        },
@@ -245,6 +262,7 @@ describe('Function Execute API Route', () => {
    it('should handle timeout parameter', async () => {
      const req = createMockRequest('POST', {
        code: 'return "test"',
+        useLocalVM: true,
        timeout: 10000,
      })

@@ -262,6 +280,7 @@ describe('Function Execute API Route', () => {
    it('should handle empty parameters object', async () => {
      const req = createMockRequest('POST', {
        code: 'return "no params"',
+        useLocalVM: true,
        params: {},
      })

@@ -295,6 +314,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'const obj = {\n  name: "test",\n  description: "This has a missing closing quote\n};\nreturn obj;',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -338,6 +358,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'const obj = null;\nreturn obj.someMethod();',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -379,6 +400,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'const x = 42;\nreturn undefinedVariable + x;',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -409,6 +431,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'return "test";',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -445,6 +468,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'const a = 1;\nconst b = 2;\nconst c = 3;\nconst d = 4;\nreturn a + b + c + d;',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -476,6 +500,7 @@ SyntaxError: Invalid or unexpected token

      const req = createMockRequest('POST', {
        code: 'const obj = {\n  name: "test"\n// Missing closing brace',
+        useLocalVM: true,
        timeout: 5000,
      })

@@ -496,6 +521,7 @@ SyntaxError: Invalid or unexpected token
      // This tests the escapeRegExp function indirectly
      const req = createMockRequest('POST', {
        code: 'return {{special.chars+*?}}',
+        useLocalVM: true,
        envVars: {
          'special.chars+*?': 'escaped-value',
        },
@@ -512,6 +538,7 @@ SyntaxError: Invalid or unexpected token
      // Test with complex but not circular data first
      const req = createMockRequest('POST', {
        code: 'return <complexData>',
+        useLocalVM: true,
        params: {
          complexData: {
            special: 'chars"with\'quotes',
--- a/apps/sim/app/api/function/execute/route.ts
+++ b/apps/sim/app/api/function/execute/route.ts
@@ -1,13 +1,20 @@
 import { createContext, Script } from 'vm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { env, isTruthy } from '@/lib/env'
+import { executeInE2B } from '@/lib/execution/e2b'
+import { CodeLanguage, DEFAULT_CODE_LANGUAGE, isValidCodeLanguage } from '@/lib/execution/languages'
 import { createLogger } from '@/lib/logs/console/logger'
-
+import { generateRequestId } from '@/lib/utils'
 export const dynamic = 'force-dynamic'
 export const runtime = 'nodejs'
 export const maxDuration = 60

 const logger = createLogger('FunctionExecuteAPI')

+// Constants for E2B code wrapping line counts
+const E2B_JS_WRAPPER_LINES = 3 // Lines before user code: ';(async () => {', '  try {', '    const __sim_result = await (async () => {'
+const E2B_PYTHON_WRAPPER_LINES = 1 // Lines before user code: 'def __sim_main__():'
+
 /**
 * Enhanced error information interface
 */
@@ -124,6 +131,103 @@ function extractEnhancedError(
  return enhanced
 }

+/**
+ * Parse and format E2B error message
+ * Removes E2B-specific line references and adds correct user line numbers
+ */
+function formatE2BError(
+  errorMessage: string,
+  errorOutput: string,
+  language: CodeLanguage,
+  userCode: string,
+  prologueLineCount: number
+): { formattedError: string; cleanedOutput: string } {
+  // Calculate line offset based on language and prologue
+  const wrapperLines =
+    language === CodeLanguage.Python ? E2B_PYTHON_WRAPPER_LINES : E2B_JS_WRAPPER_LINES
+  const totalOffset = prologueLineCount + wrapperLines
+
+  let userLine: number | undefined
+  let cleanErrorType = ''
+  let cleanErrorMsg = ''
+
+  if (language === CodeLanguage.Python) {
+    // Python error format: "Cell In[X], line Y" followed by error details
+    // Extract line number from the Cell reference
+    const cellMatch = errorOutput.match(/Cell In\[\d+\], line (\d+)/)
+    if (cellMatch) {
+      const originalLine = Number.parseInt(cellMatch[1], 10)
+      userLine = originalLine - totalOffset
+    }
+
+    // Extract clean error message from the error string
+    // Remove file references like "(detected at line X) (file.py, line Y)"
+    cleanErrorMsg = errorMessage
+      .replace(/\s*\(detected at line \d+\)/g, '')
+      .replace(/\s*\([^)]+\.py, line \d+\)/g, '')
+      .trim()
+  } else if (language === CodeLanguage.JavaScript) {
+    // JavaScript error format from E2B: "SyntaxError: /path/file.ts: Message. (line:col)\n\n   9 | ..."
+    // First, extract the error type and message from the first line
+    const firstLineEnd = errorMessage.indexOf('\n')
+    const firstLine = firstLineEnd > 0 ? errorMessage.substring(0, firstLineEnd) : errorMessage
+
+    // Parse: "SyntaxError: /home/user/index.ts: Missing semicolon. (11:9)"
+    const jsErrorMatch = firstLine.match(/^(\w+Error):\s*[^:]+:\s*([^(]+)\.\s*\((\d+):(\d+)\)/)
+    if (jsErrorMatch) {
+      cleanErrorType = jsErrorMatch[1]
+      cleanErrorMsg = jsErrorMatch[2].trim()
+      const originalLine = Number.parseInt(jsErrorMatch[3], 10)
+      userLine = originalLine - totalOffset
+    } else {
+      // Fallback: look for line number in the arrow pointer line (> 11 |)
+      const arrowMatch = errorMessage.match(/^>\s*(\d+)\s*\|/m)
+      if (arrowMatch) {
+        const originalLine = Number.parseInt(arrowMatch[1], 10)
+        userLine = originalLine - totalOffset
+      }
+      // Try to extract error type and message
+      const errorMatch = firstLine.match(/^(\w+Error):\s*(.+)/)
+      if (errorMatch) {
+        cleanErrorType = errorMatch[1]
+        cleanErrorMsg = errorMatch[2]
+          .replace(/^[^:]+:\s*/, '') // Remove file path
+          .replace(/\s*\(\d+:\d+\)\s*$/, '') // Remove line:col at end
+          .trim()
+      } else {
+        cleanErrorMsg = firstLine
+      }
+    }
+  }
+
+  // Build the final clean error message
+  const finalErrorMsg =
+    cleanErrorType && cleanErrorMsg
+      ? `${cleanErrorType}: ${cleanErrorMsg}`
+      : cleanErrorMsg || errorMessage
+
+  // Format with line number if available
+  let formattedError = finalErrorMsg
+  if (userLine && userLine > 0) {
+    const codeLines = userCode.split('\n')
+    // Clamp userLine to the actual user code range
+    const actualUserLine = Math.min(userLine, codeLines.length)
+    if (actualUserLine > 0 && actualUserLine <= codeLines.length) {
+      const lineContent = codeLines[actualUserLine - 1]?.trim()
+      if (lineContent) {
+        formattedError = `Line ${actualUserLine}: \`${lineContent}\` - ${finalErrorMsg}`
+      } else {
+        formattedError = `Line ${actualUserLine} - ${finalErrorMsg}`
+      }
+    }
+  }
+
+  // For stdout, just return the clean error message without the full traceback
+  const cleanedOutput = finalErrorMsg
+
+  return { formattedError, cleanedOutput }
+}
+
 /**
 * Create a detailed error message for users
 */
@@ -429,7 +533,7 @@ function escapeRegExp(string: string): string {
 }

 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const startTime = Date.now()
  let stdout = ''
  let userCodeStartLine = 3 // Default value for error reporting
@@ -442,6 +546,8 @@ export async function POST(req: NextRequest) {
      code,
      params = {},
      timeout = 5000,
+      language = DEFAULT_CODE_LANGUAGE,
+      useLocalVM = false,
      envVars = {},
      blockData = {},
      blockNameMapping = {},
@@ -474,19 +580,164 @@ export async function POST(req: NextRequest) {
    resolvedCode = codeResolution.resolvedCode
    const contextVariables = codeResolution.contextVariables

-    const executionMethod = 'vm' // Default execution method
+    const e2bEnabled = isTruthy(env.E2B_ENABLED)
+    const lang = isValidCodeLanguage(language) ? language : DEFAULT_CODE_LANGUAGE
+    const useE2B =
+      e2bEnabled &&
+      !useLocalVM &&
+      !isCustomTool &&
+      (lang === CodeLanguage.JavaScript || lang === CodeLanguage.Python)

-    logger.info(`[${requestId}] Using VM for code execution`, {
-      hasEnvVars: Object.keys(envVars).length > 0,
-      hasWorkflowVariables: Object.keys(workflowVariables).length > 0,
-    })
+    if (useE2B) {
+      logger.info(`[${requestId}] E2B status`, {
+        enabled: e2bEnabled,
+        hasApiKey: Boolean(process.env.E2B_API_KEY),
+        language: lang,
+      })
+      let prologue = ''
+      const epilogue = ''

-    // Create a secure context with console logging
+      if (lang === CodeLanguage.JavaScript) {
+        // Track prologue lines for error adjustment
+        let prologueLineCount = 0
+        prologue += `const params = JSON.parse(${JSON.stringify(JSON.stringify(executionParams))});\n`
+        prologueLineCount++
+        prologue += `const environmentVariables = JSON.parse(${JSON.stringify(JSON.stringify(envVars))});\n`
+        prologueLineCount++
+        for (const [k, v] of Object.entries(contextVariables)) {
+          prologue += `const ${k} = JSON.parse(${JSON.stringify(JSON.stringify(v))});\n`
+          prologueLineCount++
+        }
+        const wrapped = [
+          ';(async () => {',
+          '  try {',
+          '    const __sim_result = await (async () => {',
+          `      ${resolvedCode.split('\n').join('\n      ')}`,
+          '    })();',
+          "    console.log('__SIM_RESULT__=' + JSON.stringify(__sim_result));",
+          '  } catch (error) {',
+          '    console.log(String((error && (error.stack || error.message)) || error));',
+          '    throw error;',
+          '  }',
+          '})();',
+        ].join('\n')
+        const codeForE2B = prologue + wrapped + epilogue
+
+        const execStart = Date.now()
+        const {
+          result: e2bResult,
+          stdout: e2bStdout,
+          sandboxId,
+          error: e2bError,
+        } = await executeInE2B({
+          code: codeForE2B,
+          language: CodeLanguage.JavaScript,
+          timeoutMs: timeout,
+        })
+        const executionTime = Date.now() - execStart
+        stdout += e2bStdout
+
+        logger.info(`[${requestId}] E2B JS sandbox`, {
+          sandboxId,
+          stdoutPreview: e2bStdout?.slice(0, 200),
+          error: e2bError,
+        })
+
+        // If there was an execution error, format it properly
+        if (e2bError) {
+          const { formattedError, cleanedOutput } = formatE2BError(
+            e2bError,
+            e2bStdout,
+            lang,
+            resolvedCode,
+            prologueLineCount
+          )
+          return NextResponse.json(
+            {
+              success: false,
+              error: formattedError,
+              output: { result: null, stdout: cleanedOutput, executionTime },
+            },
+            { status: 500 }
+          )
+        }
+
+        return NextResponse.json({
+          success: true,
+          output: { result: e2bResult ?? null, stdout, executionTime },
+        })
+      }
+      // Track prologue lines for error adjustment
+      let prologueLineCount = 0
+      prologue += 'import json\n'
+      prologueLineCount++
+      prologue += `params = json.loads(${JSON.stringify(JSON.stringify(executionParams))})\n`
+      prologueLineCount++
+      prologue += `environmentVariables = json.loads(${JSON.stringify(JSON.stringify(envVars))})\n`
+      prologueLineCount++
+      for (const [k, v] of Object.entries(contextVariables)) {
+        prologue += `${k} = json.loads(${JSON.stringify(JSON.stringify(v))})\n`
+        prologueLineCount++
+      }
+      const wrapped = [
+        'def __sim_main__():',
+        ...resolvedCode.split('\n').map((l) => `    ${l}`),
+        '__sim_result__ = __sim_main__()',
+        "print('__SIM_RESULT__=' + json.dumps(__sim_result__))",
+      ].join('\n')
+      const codeForE2B = prologue + wrapped + epilogue
+
+      const execStart = Date.now()
+      const {
+        result: e2bResult,
+        stdout: e2bStdout,
+        sandboxId,
+        error: e2bError,
+      } = await executeInE2B({
+        code: codeForE2B,
+        language: CodeLanguage.Python,
+        timeoutMs: timeout,
+      })
+      const executionTime = Date.now() - execStart
+      stdout += e2bStdout
+
+      logger.info(`[${requestId}] E2B Py sandbox`, {
+        sandboxId,
+        stdoutPreview: e2bStdout?.slice(0, 200),
+        error: e2bError,
+      })
+
+      // If there was an execution error, format it properly
+      if (e2bError) {
+        const { formattedError, cleanedOutput } = formatE2BError(
+          e2bError,
+          e2bStdout,
+          lang,
+          resolvedCode,
+          prologueLineCount
+        )
+        return NextResponse.json(
+          {
+            success: false,
+            error: formattedError,
+            output: { result: null, stdout: cleanedOutput, executionTime },
+          },
+          { status: 500 }
+        )
+      }
+
+      return NextResponse.json({
+        success: true,
+        output: { result: e2bResult ?? null, stdout, executionTime },
+      })
+    }
+
+    const executionMethod = 'vm'
    const context = createContext({
      params: executionParams,
      environmentVariables: envVars,
-      ...contextVariables, // Add resolved variables directly to context
-      fetch: globalThis.fetch || require('node-fetch').default,
+      ...contextVariables,
+      fetch: (globalThis as any).fetch || require('node-fetch').default,
      console: {
        log: (...args: any[]) => {
          const logMessage = `${args
@@ -504,23 +755,17 @@ export async function POST(req: NextRequest) {
      },
    })

-    // Calculate line offset for user code to provide accurate error reporting
    const wrapperLines = ['(async () => {', '  try {']
-
-    // Add custom tool parameter declarations if needed
    if (isCustomTool) {
      wrapperLines.push('    // For custom tools, make parameters directly accessible')
      Object.keys(executionParams).forEach((key) => {
        wrapperLines.push(`    const ${key} = params.${key};`)
      })
    }
-
-    userCodeStartLine = wrapperLines.length + 1 // +1 because user code starts on next line
-
-    // Build the complete script with proper formatting for line numbers
+    userCodeStartLine = wrapperLines.length + 1
    const fullScript = [
      ...wrapperLines,
-      `    ${resolvedCode.split('\n').join('\n    ')}`, // Indent user code
+      `    ${resolvedCode.split('\n').join('\n    ')}`,
      '  } catch (error) {',
      '    console.error(error);',
      '    throw error;',
@@ -529,33 +774,26 @@ export async function POST(req: NextRequest) {
    ].join('\n')

    const script = new Script(fullScript, {
-      filename: 'user-function.js', // This filename will appear in stack traces
-      lineOffset: 0, // Start line numbering from 0
-      columnOffset: 0, // Start column numbering from 0
+      filename: 'user-function.js',
+      lineOffset: 0,
+      columnOffset: 0,
    })

    const result = await script.runInContext(context, {
      timeout,
      displayErrors: true,
-      breakOnSigint: true, // Allow breaking on SIGINT for better debugging
+      breakOnSigint: true,
    })
-    // }

    const executionTime = Date.now() - startTime
    logger.info(`[${requestId}] Function executed successfully using ${executionMethod}`, {
      executionTime,
    })

-    const response = {
+    return NextResponse.json({
      success: true,
-      output: {
-        result,
-        stdout,
-        executionTime,
-      },
-    }
-
-    return NextResponse.json(response)
+      output: { result, stdout, executionTime },
+    })
  } catch (error: any) {
    const executionTime = Date.now() - startTime
    logger.error(`[${requestId}] Function execution failed`, {
--- a/apps/sim/app/api/help/route.ts
+++ b/apps/sim/app/api/help/route.ts
@@ -7,6 +7,7 @@ import { getFromEmailAddress } from '@/lib/email/utils'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getEmailDomain } from '@/lib/urls/utils'
+import { generateRequestId } from '@/lib/utils'

 const logger = createLogger('HelpAPI')

@@ -17,7 +18,7 @@ const helpFormSchema = z.object({
 })

 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get user session
--- a/apps/sim/app/api/jobs/[jobId]/route.ts
+++ b/apps/sim/app/api/jobs/[jobId]/route.ts
@@ -3,6 +3,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { createErrorResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
 import { apiKey as apiKeyTable } from '@/db/schema'
@@ -14,7 +15,7 @@ export async function GET(
  { params }: { params: Promise<{ jobId: string }> }
 ) {
  const { jobId: taskId } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.debug(`[${requestId}] Getting status for task: ${taskId}`)
--- a/apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts
@@ -1,9 +1,9 @@
-import crypto from 'crypto'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { batchChunkOperation, createChunk, queryChunks } from '@/lib/knowledge/chunks/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { checkDocumentAccess, checkDocumentWriteAccess } from '@/app/api/knowledge/utils'
 import { calculateCost } from '@/providers/utils'
@@ -34,7 +34,7 @@ export async function GET(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
@@ -106,7 +106,7 @@ export async function POST(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
@@ -229,7 +229,7 @@ export async function PATCH(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
--- a/apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts
@@ -8,6 +8,7 @@ import {
  updateDocument,
 } from '@/lib/knowledge/documents/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { checkDocumentAccess, checkDocumentWriteAccess } from '@/app/api/knowledge/utils'

 const logger = createLogger('DocumentByIdAPI')
@@ -36,7 +37,7 @@ export async function GET(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
@@ -79,7 +80,7 @@ export async function PUT(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
@@ -209,7 +210,7 @@ export async function DELETE(
  req: NextRequest,
  { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id: knowledgeBaseId, documentId } = await params

  try {
--- a/apps/sim/app/api/knowledge/[id]/documents/[documentId]/tag-definitions/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/documents/[documentId]/tag-definitions/route.ts
@@ -2,7 +2,7 @@ import { randomUUID } from 'crypto'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { SUPPORTED_FIELD_TYPES } from '@/lib/constants/knowledge'
+import { SUPPORTED_FIELD_TYPES } from '@/lib/knowledge/consts'
 import {
  cleanupUnusedTagDefinitions,
  createOrUpdateTagDefinitionsBulk,
--- a/apps/sim/app/api/knowledge/[id]/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/route.ts
@@ -7,6 +7,7 @@ import {
  updateKnowledgeBase,
 } from '@/lib/knowledge/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { checkKnowledgeBaseAccess, checkKnowledgeBaseWriteAccess } from '@/app/api/knowledge/utils'

 const logger = createLogger('KnowledgeBaseByIdAPI')
@@ -27,7 +28,7 @@ const UpdateKnowledgeBaseSchema = z.object({
 })

 export async function GET(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -69,7 +70,7 @@ export async function GET(_req: NextRequest, { params }: { params: Promise<{ id:
 }

 export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -132,7 +133,7 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
 }

 export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
--- a/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts
@@ -2,7 +2,7 @@ import { randomUUID } from 'crypto'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { SUPPORTED_FIELD_TYPES } from '@/lib/constants/knowledge'
+import { SUPPORTED_FIELD_TYPES } from '@/lib/knowledge/consts'
 import { createTagDefinition, getTagDefinitions } from '@/lib/knowledge/tags/service'
 import { createLogger } from '@/lib/logs/console/logger'
 import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils'
--- a/apps/sim/app/api/knowledge/route.ts
+++ b/apps/sim/app/api/knowledge/route.ts
@@ -3,6 +3,7 @@ import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createKnowledgeBase, getKnowledgeBases } from '@/lib/knowledge/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'

 const logger = createLogger('KnowledgeBaseAPI')

@@ -29,7 +30,7 @@ const CreateKnowledgeBaseSchema = z.object({
 })

 export async function GET(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
@@ -54,7 +55,7 @@ export async function GET(req: NextRequest) {
 }

 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
--- a/apps/sim/app/api/knowledge/search/route.test.ts
+++ b/apps/sim/app/api/knowledge/search/route.test.ts
@@ -34,6 +34,10 @@ vi.mock('@/lib/env', () => ({
    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
 }))

+vi.mock('@/lib/utils', () => ({
+  generateRequestId: vi.fn(() => 'test-request-id'),
+}))
+
 vi.mock('@/lib/documents/utils', () => ({
  retryWithExponentialBackoff: vi.fn().mockImplementation((fn) => fn()),
 }))
--- a/apps/sim/app/api/knowledge/search/route.ts
+++ b/apps/sim/app/api/knowledge/search/route.ts
@@ -1,9 +1,10 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { TAG_SLOTS } from '@/lib/constants/knowledge'
+import { TAG_SLOTS } from '@/lib/knowledge/consts'
 import { getDocumentTagDefinitions } from '@/lib/knowledge/tags/service'
 import { createLogger } from '@/lib/logs/console/logger'
 import { estimateTokenCount } from '@/lib/tokenization/estimators'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils'
 import { calculateCost } from '@/providers/utils'
@@ -57,7 +58,7 @@ const VectorSearchSchema = z
  )

 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const body = await request.json()
--- a/apps/sim/app/api/logs/by-id/[id]/route.ts
+++ b/apps/sim/app/api/logs/by-id/[id]/route.ts
@@ -2,6 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { permissions, workflow, workflowExecutionLogs } from '@/db/schema'

@@ -10,7 +11,7 @@ const logger = createLogger('LogDetailsByIdAPI')
 export const revalidate = 0

 export async function GET(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
--- a/apps/sim/app/api/logs/[executionId]/frozen-canvas/route.ts
+++ b/apps/sim/app/api/logs/[executionId]/frozen-canvas/route.ts
@@ -4,7 +4,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { workflowExecutionLogs, workflowExecutionSnapshots } from '@/db/schema'

-const logger = createLogger('FrozenCanvasAPI')
+const logger = createLogger('LogsByExecutionIdAPI')

 export async function GET(
  _request: NextRequest,
@@ -13,7 +13,7 @@ export async function GET(
  try {
    const { executionId } = await params

-    logger.debug(`Fetching frozen canvas data for execution: ${executionId}`)
+    logger.debug(`Fetching execution data for: ${executionId}`)

    // Get the workflow execution log to find the snapshot
    const [workflowLog] = await db
@@ -50,14 +50,14 @@ export async function GET(
      },
    }

-    logger.debug(`Successfully fetched frozen canvas data for execution: ${executionId}`)
+    logger.debug(`Successfully fetched execution data for: ${executionId}`)
    logger.debug(
      `Workflow state contains ${Object.keys((snapshot.stateData as any)?.blocks || {}).length} blocks`
    )

    return NextResponse.json(response)
  } catch (error) {
-    logger.error('Error fetching frozen canvas data:', error)
-    return NextResponse.json({ error: 'Failed to fetch frozen canvas data' }, { status: 500 })
+    logger.error('Error fetching execution data:', error)
+    return NextResponse.json({ error: 'Failed to fetch execution data' }, { status: 500 })
  }
 }
--- a/apps/sim/app/api/logs/route.ts
+++ b/apps/sim/app/api/logs/route.ts
@@ -3,44 +3,12 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { permissions, workflow, workflowExecutionLogs } from '@/db/schema'

 const logger = createLogger('LogsAPI')

-// Helper function to extract block executions from trace spans
-function extractBlockExecutionsFromTraceSpans(traceSpans: any[]): any[] {
-  const blockExecutions: any[] = []
-
-  function processSpan(span: any) {
-    if (span.blockId) {
-      blockExecutions.push({
-        id: span.id,
-        blockId: span.blockId,
-        blockName: span.name || '',
-        blockType: span.type,
-        startedAt: span.startTime,
-        endedAt: span.endTime,
-        durationMs: span.duration || 0,
-        status: span.status || 'success',
-        errorMessage: span.output?.error || undefined,
-        inputData: span.input || {},
-        outputData: span.output || {},
-        cost: span.cost || undefined,
-        metadata: {},
-      })
-    }
-
-    // Process children recursively
-    if (span.children && Array.isArray(span.children)) {
-      span.children.forEach(processSpan)
-    }
-  }
-
-  traceSpans.forEach(processSpan)
-  return blockExecutions
-}
-
 export const revalidate = 0

 const QueryParamsSchema = z.object({
@@ -58,7 +26,7 @@ const QueryParamsSchema = z.object({
 })

 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
--- a/apps/sim/app/api/mcp/servers/[id]/refresh/route.ts
+++ b/apps/sim/app/api/mcp/servers/[id]/refresh/route.ts
@@ -0,0 +1,99 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServerRefreshAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * POST - Refresh an MCP server connection (requires any workspace permission)
+ */
+export const POST = withMcpAuth('read')(
+  async (
+    request: NextRequest,
+    { userId, workspaceId, requestId },
+    { params }: { params: { id: string } }
+  ) => {
+    const serverId = params.id
+
+    try {
+      logger.info(
+        `[${requestId}] Refreshing MCP server: ${serverId} in workspace: ${workspaceId}`,
+        {
+          userId,
+        }
+      )
+
+      const [server] = await db
+        .select()
+        .from(mcpServers)
+        .where(
+          and(
+            eq(mcpServers.id, serverId),
+            eq(mcpServers.workspaceId, workspaceId),
+            isNull(mcpServers.deletedAt)
+          )
+        )
+        .limit(1)
+
+      if (!server) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      let connectionStatus: 'connected' | 'disconnected' | 'error' = 'error'
+      let toolCount = 0
+      let lastError: string | null = null
+
+      try {
+        const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+        connectionStatus = 'connected'
+        toolCount = tools.length
+        logger.info(
+          `[${requestId}] Successfully connected to server ${serverId}, discovered ${toolCount} tools`
+        )
+      } catch (error) {
+        connectionStatus = 'error'
+        lastError = error instanceof Error ? error.message : 'Connection test failed'
+        logger.warn(`[${requestId}] Failed to connect to server ${serverId}:`, error)
+      }
+
+      const [refreshedServer] = await db
+        .update(mcpServers)
+        .set({
+          lastToolsRefresh: new Date(),
+          connectionStatus,
+          lastError,
+          lastConnected: connectionStatus === 'connected' ? new Date() : server.lastConnected,
+          toolCount,
+          updatedAt: new Date(),
+        })
+        .where(eq(mcpServers.id, serverId))
+        .returning()
+
+      logger.info(`[${requestId}] Successfully refreshed MCP server: ${serverId}`)
+      return createMcpSuccessResponse({
+        status: connectionStatus,
+        toolCount,
+        lastConnected: refreshedServer?.lastConnected?.toISOString() || null,
+        error: lastError,
+      })
+    } catch (error) {
+      logger.error(`[${requestId}] Error refreshing MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to refresh MCP server'),
+        'Failed to refresh MCP server',
+        500
+      )
+    }
+  }
+)
--- a/apps/sim/app/api/mcp/servers/[id]/route.ts
+++ b/apps/sim/app/api/mcp/servers/[id]/route.ts
@@ -0,0 +1,92 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServerAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * PATCH - Update an MCP server in the workspace (requires write or admin permission)
+ */
+export const PATCH = withMcpAuth('write')(
+  async (
+    request: NextRequest,
+    { userId, workspaceId, requestId },
+    { params }: { params: { id: string } }
+  ) => {
+    const serverId = params.id
+
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Updating MCP server: ${serverId} in workspace: ${workspaceId}`, {
+        userId,
+        updates: Object.keys(body).filter((k) => k !== 'workspaceId'),
+      })
+
+      // Validate URL if being updated
+      if (
+        body.url &&
+        (body.transport === 'http' ||
+          body.transport === 'sse' ||
+          body.transport === 'streamable-http')
+      ) {
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      // Remove workspaceId from body to prevent it from being updated
+      const { workspaceId: _, ...updateData } = body
+
+      const [updatedServer] = await db
+        .update(mcpServers)
+        .set({
+          ...updateData,
+          updatedAt: new Date(),
+        })
+        .where(
+          and(
+            eq(mcpServers.id, serverId),
+            eq(mcpServers.workspaceId, workspaceId),
+            isNull(mcpServers.deletedAt)
+          )
+        )
+        .returning()
+
+      if (!updatedServer) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      // Clear MCP service cache after update
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully updated MCP server: ${serverId}`)
+      return createMcpSuccessResponse({ server: updatedServer })
+    } catch (error) {
+      logger.error(`[${requestId}] Error updating MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to update MCP server'),
+        'Failed to update MCP server',
+        500
+      )
+    }
+  }
+)
--- a/apps/sim/app/api/mcp/servers/route.ts
+++ b/apps/sim/app/api/mcp/servers/route.ts
@@ -0,0 +1,166 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpTransport } from '@/lib/mcp/types'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServersAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Check if transport type requires a URL
+ */
+function isUrlBasedTransport(transport: McpTransport): boolean {
+  return transport === 'http' || transport === 'sse' || transport === 'streamable-http'
+}
+
+/**
+ * GET - List all registered MCP servers for the workspace
+ */
+export const GET = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      logger.info(`[${requestId}] Listing MCP servers for workspace ${workspaceId}`)
+
+      const servers = await db
+        .select()
+        .from(mcpServers)
+        .where(and(eq(mcpServers.workspaceId, workspaceId), isNull(mcpServers.deletedAt)))
+
+      logger.info(
+        `[${requestId}] Listed ${servers.length} MCP servers for workspace ${workspaceId}`
+      )
+      return createMcpSuccessResponse({ servers })
+    } catch (error) {
+      logger.error(`[${requestId}] Error listing MCP servers:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to list MCP servers'),
+        'Failed to list MCP servers',
+        500
+      )
+    }
+  }
+)
+
+/**
+ * POST - Register a new MCP server for the workspace (requires write permission)
+ */
+export const POST = withMcpAuth('write')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Registering new MCP server:`, {
+        name: body.name,
+        transport: body.transport,
+        workspaceId,
+      })
+
+      if (!body.name || !body.transport) {
+        return createMcpErrorResponse(
+          new Error('Missing required fields: name or transport'),
+          'Missing required fields',
+          400
+        )
+      }
+
+      if (isUrlBasedTransport(body.transport) && body.url) {
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      const serverId = body.id || crypto.randomUUID()
+
+      await db
+        .insert(mcpServers)
+        .values({
+          id: serverId,
+          workspaceId,
+          createdBy: userId,
+          name: body.name,
+          description: body.description,
+          transport: body.transport,
+          url: body.url,
+          headers: body.headers || {},
+          timeout: body.timeout || 30000,
+          retries: body.retries || 3,
+          enabled: body.enabled !== false,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        })
+        .returning()
+
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully registered MCP server: ${body.name}`)
+      return createMcpSuccessResponse({ serverId }, 201)
+    } catch (error) {
+      logger.error(`[${requestId}] Error registering MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to register MCP server'),
+        'Failed to register MCP server',
+        500
+      )
+    }
+  }
+)
+
+/**
+ * DELETE - Delete an MCP server from the workspace (requires admin permission)
+ */
+export const DELETE = withMcpAuth('admin')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const { searchParams } = new URL(request.url)
+      const serverId = searchParams.get('serverId')
+
+      if (!serverId) {
+        return createMcpErrorResponse(
+          new Error('serverId parameter is required'),
+          'Missing required parameter',
+          400
+        )
+      }
+
+      logger.info(`[${requestId}] Deleting MCP server: ${serverId} from workspace: ${workspaceId}`)
+
+      const [deletedServer] = await db
+        .delete(mcpServers)
+        .where(and(eq(mcpServers.id, serverId), eq(mcpServers.workspaceId, workspaceId)))
+        .returning()
+
+      if (!deletedServer) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully deleted MCP server: ${serverId}`)
+      return createMcpSuccessResponse({ message: `Server ${serverId} deleted successfully` })
+    } catch (error) {
+      logger.error(`[${requestId}] Error deleting MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to delete MCP server'),
+        'Failed to delete MCP server',
+        500
+      )
+    }
+  }
+)
--- a/apps/sim/app/api/mcp/servers/test-connection/route.ts
+++ b/apps/sim/app/api/mcp/servers/test-connection/route.ts
@@ -0,0 +1,209 @@
+import type { NextRequest } from 'next/server'
+import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
+import { createLogger } from '@/lib/logs/console/logger'
+import { McpClient } from '@/lib/mcp/client'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import type { McpServerConfig, McpTransport } from '@/lib/mcp/types'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+
+const logger = createLogger('McpServerTestAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Check if transport type requires a URL
+ */
+function isUrlBasedTransport(transport: McpTransport): boolean {
+  return transport === 'http' || transport === 'sse' || transport === 'streamable-http'
+}
+
+/**
+ * Resolve environment variables in strings
+ */
+function resolveEnvVars(value: string, envVars: Record<string, string>): string {
+  const envMatches = value.match(/\{\{([^}]+)\}\}/g)
+  if (!envMatches) return value
+
+  let resolvedValue = value
+  for (const match of envMatches) {
+    const envKey = match.slice(2, -2).trim()
+    const envValue = envVars[envKey]
+
+    if (envValue === undefined) {
+      logger.warn(`Environment variable "${envKey}" not found in MCP server test`)
+      continue
+    }
+
+    resolvedValue = resolvedValue.replace(match, envValue)
+  }
+  return resolvedValue
+}
+
+interface TestConnectionRequest {
+  name: string
+  transport: McpTransport
+  url?: string
+  headers?: Record<string, string>
+  timeout?: number
+  workspaceId: string
+}
+
+interface TestConnectionResult {
+  success: boolean
+  error?: string
+  serverInfo?: {
+    name: string
+    version: string
+  }
+  negotiatedVersion?: string
+  supportedCapabilities?: string[]
+  toolCount?: number
+  warnings?: string[]
+}
+
+/**
+ * POST - Test connection to an MCP server before registering it
+ */
+export const POST = withMcpAuth('write')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body: TestConnectionRequest = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Testing MCP server connection:`, {
+        name: body.name,
+        transport: body.transport,
+        url: body.url ? `${body.url.substring(0, 50)}...` : undefined, // Partial URL for security
+        workspaceId,
+      })
+
+      if (!body.name || !body.transport) {
+        return createMcpErrorResponse(
+          new Error('Missing required fields: name and transport are required'),
+          'Missing required fields',
+          400
+        )
+      }
+
+      if (isUrlBasedTransport(body.transport)) {
+        if (!body.url) {
+          return createMcpErrorResponse(
+            new Error('URL is required for HTTP-based transports'),
+            'Missing required URL',
+            400
+          )
+        }
+
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      let resolvedUrl = body.url
+      let resolvedHeaders = body.headers || {}
+
+      try {
+        const envVars = await getEffectiveDecryptedEnv(userId, workspaceId)
+
+        if (resolvedUrl) {
+          resolvedUrl = resolveEnvVars(resolvedUrl, envVars)
+        }
+
+        const resolvedHeadersObj: Record<string, string> = {}
+        for (const [key, value] of Object.entries(resolvedHeaders)) {
+          resolvedHeadersObj[key] = resolveEnvVars(value, envVars)
+        }
+        resolvedHeaders = resolvedHeadersObj
+      } catch (envError) {
+        logger.warn(
+          `[${requestId}] Failed to resolve environment variables, using raw values:`,
+          envError
+        )
+      }
+
+      const testConfig: McpServerConfig = {
+        id: `test-${requestId}`,
+        name: body.name,
+        transport: body.transport,
+        url: resolvedUrl,
+        headers: resolvedHeaders,
+        timeout: body.timeout || 10000,
+        retries: 1, // Only one retry for tests
+        enabled: true,
+      }
+
+      const testSecurityPolicy = {
+        requireConsent: false,
+        auditLevel: 'none' as const,
+        maxToolExecutionsPerHour: 0,
+      }
+
+      const result: TestConnectionResult = { success: false }
+      let client: McpClient | null = null
+
+      try {
+        client = new McpClient(testConfig, testSecurityPolicy)
+        await client.connect()
+
+        result.success = true
+        result.negotiatedVersion = client.getNegotiatedVersion()
+
+        try {
+          const tools = await client.listTools()
+          result.toolCount = tools.length
+        } catch (toolError) {
+          logger.warn(`[${requestId}] Could not list tools from test server:`, toolError)
+          result.warnings = result.warnings || []
+          result.warnings.push('Could not list tools from server')
+        }
+
+        const clientVersionInfo = McpClient.getVersionInfo()
+        if (result.negotiatedVersion !== clientVersionInfo.preferred) {
+          result.warnings = result.warnings || []
+          result.warnings.push(
+            `Server uses protocol version '${result.negotiatedVersion}' instead of preferred '${clientVersionInfo.preferred}'`
+          )
+        }
+
+        logger.info(`[${requestId}] MCP server test successful:`, {
+          name: body.name,
+          negotiatedVersion: result.negotiatedVersion,
+          toolCount: result.toolCount,
+          capabilities: result.supportedCapabilities,
+        })
+      } catch (error) {
+        logger.warn(`[${requestId}] MCP server test failed:`, error)
+
+        result.success = false
+        if (error instanceof Error) {
+          result.error = error.message
+        } else {
+          result.error = 'Unknown connection error'
+        }
+      } finally {
+        if (client) {
+          try {
+            await client.disconnect()
+          } catch (disconnectError) {
+            logger.debug(`[${requestId}] Test client disconnect error (expected):`, disconnectError)
+          }
+        }
+      }
+
+      return createMcpSuccessResponse(result, result.success ? 200 : 400)
+    } catch (error) {
+      logger.error(`[${requestId}] Error testing MCP server connection:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to test server connection'),
+        'Failed to test server connection',
+        500
+      )
+    }
+  }
+)
--- a/apps/sim/app/api/mcp/tools/discover/route.ts
+++ b/apps/sim/app/api/mcp/tools/discover/route.ts
@@ -0,0 +1,122 @@
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpToolDiscoveryResponse } from '@/lib/mcp/types'
+import { categorizeError, createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+
+const logger = createLogger('McpToolDiscoveryAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * GET - Discover all tools from user's MCP servers
+ */
+export const GET = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const { searchParams } = new URL(request.url)
+      const serverId = searchParams.get('serverId')
+      const forceRefresh = searchParams.get('refresh') === 'true'
+
+      logger.info(`[${requestId}] Discovering MCP tools for user ${userId}`, {
+        serverId,
+        workspaceId,
+        forceRefresh,
+      })
+
+      let tools
+      if (serverId) {
+        tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+      } else {
+        tools = await mcpService.discoverTools(userId, workspaceId, forceRefresh)
+      }
+
+      const byServer: Record<string, number> = {}
+      for (const tool of tools) {
+        byServer[tool.serverId] = (byServer[tool.serverId] || 0) + 1
+      }
+
+      const responseData: McpToolDiscoveryResponse = {
+        tools,
+        totalCount: tools.length,
+        byServer,
+      }
+
+      logger.info(
+        `[${requestId}] Discovered ${tools.length} tools from ${Object.keys(byServer).length} servers`
+      )
+      return createMcpSuccessResponse(responseData)
+    } catch (error) {
+      logger.error(`[${requestId}] Error discovering MCP tools:`, error)
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), 'Failed to discover MCP tools', status)
+    }
+  }
+)
+
+/**
+ * POST - Refresh tool discovery for specific servers
+ */
+export const POST = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+      const { serverIds } = body
+
+      if (!Array.isArray(serverIds)) {
+        return createMcpErrorResponse(
+          new Error('serverIds must be an array'),
+          'Invalid request format',
+          400
+        )
+      }
+
+      logger.info(
+        `[${requestId}] Refreshing tool discovery for user ${userId}, servers:`,
+        serverIds
+      )
+
+      const results = await Promise.allSettled(
+        serverIds.map(async (serverId: string) => {
+          const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+          return { serverId, toolCount: tools.length }
+        })
+      )
+
+      const successes: Array<{ serverId: string; toolCount: number }> = []
+      const failures: Array<{ serverId: string; error: string }> = []
+
+      results.forEach((result, index) => {
+        const serverId = serverIds[index]
+        if (result.status === 'fulfilled') {
+          successes.push(result.value)
+        } else {
+          failures.push({
+            serverId,
+            error: result.reason instanceof Error ? result.reason.message : 'Unknown error',
+          })
+        }
+      })
+
+      const responseData = {
+        refreshed: successes,
+        failed: failures,
+        summary: {
+          total: serverIds.length,
+          successful: successes.length,
+          failed: failures.length,
+        },
+      }
+
+      logger.info(
+        `[${requestId}] Tool discovery refresh completed: ${successes.length}/${serverIds.length} successful`
+      )
+      return createMcpSuccessResponse(responseData)
+    } catch (error) {
+      logger.error(`[${requestId}] Error refreshing tool discovery:`, error)
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), 'Failed to refresh tool discovery', status)
+    }
+  }
+)
--- a/apps/sim/app/api/mcp/tools/execute/route.ts
+++ b/apps/sim/app/api/mcp/tools/execute/route.ts
@@ -0,0 +1,252 @@
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpTool, McpToolCall, McpToolResult } from '@/lib/mcp/types'
+import {
+  categorizeError,
+  createMcpErrorResponse,
+  createMcpSuccessResponse,
+  MCP_CONSTANTS,
+  validateStringParam,
+} from '@/lib/mcp/utils'
+
+const logger = createLogger('McpToolExecutionAPI')
+
+export const dynamic = 'force-dynamic'
+
+// Type definitions for improved type safety
+interface SchemaProperty {
+  type: 'string' | 'number' | 'boolean' | 'object' | 'array'
+  description?: string
+  enum?: unknown[]
+  format?: string
+  items?: SchemaProperty
+  properties?: Record<string, SchemaProperty>
+}
+
+interface ToolExecutionResult {
+  success: boolean
+  output?: McpToolResult
+  error?: string
+}
+
+/**
+ * Type guard to safely check if a schema property has a type field
+ */
+function hasType(prop: unknown): prop is SchemaProperty {
+  return typeof prop === 'object' && prop !== null && 'type' in prop
+}
+
+/**
+ * POST - Execute a tool on an MCP server
+ */
+export const POST = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] MCP tool execution request received`, {
+        hasAuthHeader: !!request.headers.get('authorization'),
+        authHeaderType: request.headers.get('authorization')?.substring(0, 10),
+        bodyKeys: Object.keys(body),
+        serverId: body.serverId,
+        toolName: body.toolName,
+        hasWorkflowId: !!body.workflowId,
+        workflowId: body.workflowId,
+        userId: userId,
+      })
+
+      const { serverId, toolName, arguments: args } = body
+
+      const serverIdValidation = validateStringParam(serverId, 'serverId')
+      if (!serverIdValidation.isValid) {
+        logger.warn(`[${requestId}] Invalid serverId: ${serverId}`)
+        return createMcpErrorResponse(new Error(serverIdValidation.error), 'Invalid serverId', 400)
+      }
+
+      const toolNameValidation = validateStringParam(toolName, 'toolName')
+      if (!toolNameValidation.isValid) {
+        logger.warn(`[${requestId}] Invalid toolName: ${toolName}`)
+        return createMcpErrorResponse(new Error(toolNameValidation.error), 'Invalid toolName', 400)
+      }
+
+      logger.info(
+        `[${requestId}] Executing tool ${toolName} on server ${serverId} for user ${userId} in workspace ${workspaceId}`
+      )
+
+      let tool = null
+      try {
+        const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+        tool = tools.find((t) => t.name === toolName)
+
+        if (!tool) {
+          return createMcpErrorResponse(
+            new Error(
+              `Tool ${toolName} not found on server ${serverId}. Available tools: ${tools.map((t) => t.name).join(', ')}`
+            ),
+            'Tool not found',
+            404
+          )
+        }
+
+        // Parse array arguments based on tool schema
+        if (tool.inputSchema?.properties) {
+          for (const [paramName, paramSchema] of Object.entries(tool.inputSchema.properties)) {
+            const schema = paramSchema as any
+            if (
+              schema.type === 'array' &&
+              args[paramName] !== undefined &&
+              typeof args[paramName] === 'string'
+            ) {
+              const stringValue = args[paramName].trim()
+              if (stringValue) {
+                try {
+                  // Try to parse as JSON first (handles ["item1", "item2"])
+                  const parsed = JSON.parse(stringValue)
+                  if (Array.isArray(parsed)) {
+                    args[paramName] = parsed
+                  } else {
+                    // JSON parsed but not an array, wrap in array
+                    args[paramName] = [parsed]
+                  }
+                } catch (error) {
+                  // JSON parsing failed - treat as comma-separated if contains commas, otherwise single item
+                  if (stringValue.includes(',')) {
+                    args[paramName] = stringValue
+                      .split(',')
+                      .map((item) => item.trim())
+                      .filter((item) => item)
+                  } else {
+                    // Single item - wrap in array since schema expects array
+                    args[paramName] = [stringValue]
+                  }
+                }
+              } else {
+                // Empty string becomes empty array
+                args[paramName] = []
+              }
+            }
+          }
+        }
+      } catch (error) {
+        logger.warn(
+          `[${requestId}] Failed to discover tools for validation, proceeding anyway:`,
+          error
+        )
+      }
+
+      if (tool) {
+        const validationError = validateToolArguments(tool, args)
+        if (validationError) {
+          logger.warn(`[${requestId}] Tool validation failed: ${validationError}`)
+          return createMcpErrorResponse(
+            new Error(`Invalid arguments for tool ${toolName}: ${validationError}`),
+            'Invalid tool arguments',
+            400
+          )
+        }
+      }
+
+      const toolCall: McpToolCall = {
+        name: toolName,
+        arguments: args || {},
+      }
+
+      const result = await Promise.race([
+        mcpService.executeTool(userId, serverId, toolCall, workspaceId),
+        new Promise<never>((_, reject) =>
+          setTimeout(
+            () => reject(new Error('Tool execution timeout')),
+            MCP_CONSTANTS.EXECUTION_TIMEOUT
+          )
+        ),
+      ])
+
+      const transformedResult = transformToolResult(result)
+
+      if (result.isError) {
+        logger.warn(`[${requestId}] Tool execution returned error for ${toolName} on ${serverId}`)
+        return createMcpErrorResponse(
+          transformedResult,
+          transformedResult.error || 'Tool execution failed',
+          400
+        )
+      }
+      logger.info(`[${requestId}] Successfully executed tool ${toolName} on server ${serverId}`)
+      return createMcpSuccessResponse(transformedResult)
+    } catch (error) {
+      logger.error(`[${requestId}] Error executing MCP tool:`, error)
+
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), message, status)
+    }
+  }
+)
+
+/**
+ * Validate tool arguments against schema
+ */
+function validateToolArguments(tool: McpTool, args: Record<string, unknown>): string | null {
+  if (!tool.inputSchema) {
+    return null // No schema to validate against
+  }
+
+  const schema = tool.inputSchema
+
+  if (schema.required && Array.isArray(schema.required)) {
+    for (const requiredProp of schema.required) {
+      if (!(requiredProp in (args || {}))) {
+        return `Missing required property: ${requiredProp}`
+      }
+    }
+  }
+
+  if (schema.properties && args) {
+    for (const [propName, propSchema] of Object.entries(schema.properties)) {
+      const propValue = args[propName]
+      if (propValue !== undefined && hasType(propSchema)) {
+        const expectedType = propSchema.type
+        const actualType = typeof propValue
+
+        if (expectedType === 'string' && actualType !== 'string') {
+          return `Property ${propName} must be a string`
+        }
+        if (expectedType === 'number' && actualType !== 'number') {
+          return `Property ${propName} must be a number`
+        }
+        if (expectedType === 'boolean' && actualType !== 'boolean') {
+          return `Property ${propName} must be a boolean`
+        }
+        if (
+          expectedType === 'object' &&
+          (actualType !== 'object' || propValue === null || Array.isArray(propValue))
+        ) {
+          return `Property ${propName} must be an object`
+        }
+        if (expectedType === 'array' && !Array.isArray(propValue)) {
+          return `Property ${propName} must be an array`
+        }
+      }
+    }
+  }
+
+  return null
+}
+
+/**
+ * Transform MCP tool result to platform format
+ */
+function transformToolResult(result: McpToolResult): ToolExecutionResult {
+  if (result.isError) {
+    return {
+      success: false,
+      error: result.content?.[0]?.text || 'Tool execution failed',
+    }
+  }
+
+  return {
+    success: true,
+    output: result,
+  }
+}
--- a/apps/sim/app/api/memory/[id]/route.ts
+++ b/apps/sim/app/api/memory/[id]/route.ts
@@ -1,6 +1,7 @@
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { memory } from '@/db/schema'

@@ -13,7 +14,7 @@ export const runtime = 'nodejs'
 * GET handler for retrieving a specific memory by ID
 */
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -85,7 +86,7 @@ export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -156,7 +157,7 @@ export async function DELETE(
 * PUT handler for updating a specific memory
 */
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
--- a/apps/sim/app/api/memory/route.ts
+++ b/apps/sim/app/api/memory/route.ts
@@ -1,6 +1,7 @@
 import { and, eq, isNull, like } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { memory } from '@/db/schema'

@@ -18,7 +19,7 @@ export const runtime = 'nodejs'
 * - workflowId: Filter by workflow ID (required)
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.info(`[${requestId}] Processing memory search request`)
@@ -101,7 +102,7 @@ export async function GET(request: NextRequest) {
 * - workflowId: ID of the workflow this memory belongs to
 */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    logger.info(`[${requestId}] Processing memory creation request`)
--- a/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
+++ b/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
@@ -0,0 +1,198 @@
+import { randomUUID } from 'crypto'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import {
+  invitation,
+  member,
+  organization,
+  permissions,
+  user,
+  type WorkspaceInvitationStatus,
+  workspaceInvitation,
+} from '@/db/schema'
+
+const logger = createLogger('OrganizationInvitation')
+
+// Get invitation details
+export async function GET(
+  _req: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const { id: organizationId, invitationId } = await params
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const orgInvitation = await db
+      .select()
+      .from(invitation)
+      .where(and(eq(invitation.id, invitationId), eq(invitation.organizationId, organizationId)))
+      .then((rows) => rows[0])
+
+    if (!orgInvitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    const org = await db
+      .select()
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .then((rows) => rows[0])
+
+    if (!org) {
+      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+    }
+
+    return NextResponse.json({
+      invitation: orgInvitation,
+      organization: org,
+    })
+  } catch (error) {
+    logger.error('Error fetching organization invitation:', error)
+    return NextResponse.json({ error: 'Failed to fetch invitation' }, { status: 500 })
+  }
+}
+
+export async function PUT(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const { id: organizationId, invitationId } = await params
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const { status } = await req.json()
+
+    if (!status || !['accepted', 'rejected', 'cancelled'].includes(status)) {
+      return NextResponse.json(
+        { error: 'Invalid status. Must be "accepted", "rejected", or "cancelled"' },
+        { status: 400 }
+      )
+    }
+
+    const orgInvitation = await db
+      .select()
+      .from(invitation)
+      .where(and(eq(invitation.id, invitationId), eq(invitation.organizationId, organizationId)))
+      .then((rows) => rows[0])
+
+    if (!orgInvitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    if (orgInvitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Invitation already processed' }, { status: 400 })
+    }
+
+    if (status === 'accepted') {
+      const userData = await db
+        .select()
+        .from(user)
+        .where(eq(user.id, session.user.id))
+        .then((rows) => rows[0])
+
+      if (!userData || userData.email.toLowerCase() !== orgInvitation.email.toLowerCase()) {
+        return NextResponse.json(
+          { error: 'Email mismatch. You can only accept invitations sent to your email address.' },
+          { status: 403 }
+        )
+      }
+    }
+
+    if (status === 'cancelled') {
+      const isAdmin = await db
+        .select()
+        .from(member)
+        .where(
+          and(
+            eq(member.organizationId, organizationId),
+            eq(member.userId, session.user.id),
+            eq(member.role, 'admin')
+          )
+        )
+        .then((rows) => rows.length > 0)
+
+      if (!isAdmin) {
+        return NextResponse.json(
+          { error: 'Only organization admins can cancel invitations' },
+          { status: 403 }
+        )
+      }
+    }
+
+    await db.transaction(async (tx) => {
+      await tx.update(invitation).set({ status }).where(eq(invitation.id, invitationId))
+
+      if (status === 'accepted') {
+        await tx.insert(member).values({
+          id: randomUUID(),
+          userId: session.user.id,
+          organizationId,
+          role: orgInvitation.role,
+          createdAt: new Date(),
+        })
+
+        const linkedWorkspaceInvitations = await tx
+          .select()
+          .from(workspaceInvitation)
+          .where(
+            and(
+              eq(workspaceInvitation.orgInvitationId, invitationId),
+              eq(workspaceInvitation.status, 'pending' as WorkspaceInvitationStatus)
+            )
+          )
+
+        for (const wsInvitation of linkedWorkspaceInvitations) {
+          await tx
+            .update(workspaceInvitation)
+            .set({
+              status: 'accepted' as WorkspaceInvitationStatus,
+              updatedAt: new Date(),
+            })
+            .where(eq(workspaceInvitation.id, wsInvitation.id))
+
+          await tx.insert(permissions).values({
+            id: randomUUID(),
+            entityType: 'workspace',
+            entityId: wsInvitation.workspaceId,
+            userId: session.user.id,
+            permissionType: wsInvitation.permissions || 'read',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          })
+        }
+      } else if (status === 'cancelled') {
+        await tx
+          .update(workspaceInvitation)
+          .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+          .where(eq(workspaceInvitation.orgInvitationId, invitationId))
+      }
+    })
+
+    logger.info(`Organization invitation ${status}`, {
+      organizationId,
+      invitationId,
+      userId: session.user.id,
+      email: orgInvitation.email,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: `Invitation ${status} successfully`,
+      invitation: { ...orgInvitation, status },
+    })
+  } catch (error) {
+    logger.error(`Error updating organization invitation:`, error)
+    return NextResponse.json({ error: 'Failed to update invitation' }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/organizations/[id]/invitations/route.ts
+++ b/apps/sim/app/api/organizations/[id]/invitations/route.ts
@@ -1,5 +1,5 @@
 import { randomUUID } from 'crypto'
-import { and, eq, inArray } from 'drizzle-orm'
+import { and, eq, inArray, isNull } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import {
  getEmailSubject,
@@ -17,9 +17,17 @@ import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { hasWorkspaceAdminAccess } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { invitation, member, organization, user, workspace, workspaceInvitation } from '@/db/schema'
+import {
+  invitation,
+  member,
+  organization,
+  user,
+  type WorkspaceInvitationStatus,
+  workspace,
+  workspaceInvitation,
+} from '@/db/schema'

-const logger = createLogger('OrganizationInvitationsAPI')
+const logger = createLogger('OrganizationInvitations')

 interface WorkspaceInvitation {
  workspaceId: string
@@ -40,7 +48,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{

    const { id: organizationId } = await params

-    // Verify user has access to this organization
    const memberEntry = await db
      .select()
      .from(member)
@@ -61,7 +68,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
    }

-    // Get all pending invitations for the organization
    const invitations = await db
      .select({
        id: invitation.id,
@@ -118,10 +124,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
    const body = await request.json()
    const { email, emails, role = 'member', workspaceInvitations } = body

-    // Handle single invitation vs batch
    const invitationEmails = email ? [email] : emails

-    // Validate input
    if (!invitationEmails || !Array.isArray(invitationEmails) || invitationEmails.length === 0) {
      return NextResponse.json({ error: 'Email or emails array is required' }, { status: 400 })
    }
@@ -130,7 +134,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'Invalid role' }, { status: 400 })
    }

-    // Verify user has admin access
    const memberEntry = await db
      .select()
      .from(member)
@@ -148,7 +151,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
    }

-    // Handle validation-only requests
    if (validateOnly) {
      const validationResult = await validateBulkInvitations(organizationId, invitationEmails)

@@ -167,7 +169,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      })
    }

-    // Validate seat availability
    const seatValidation = await validateSeatAvailability(organizationId, invitationEmails.length)

    if (!seatValidation.canInvite) {
@@ -185,7 +186,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      )
    }

-    // Get organization details
    const organizationEntry = await db
      .select({ name: organization.name })
      .from(organization)
@@ -196,7 +196,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
    }

-    // Validate and normalize emails
    const processedEmails = invitationEmails
      .map((email: string) => {
        const normalized = email.trim().toLowerCase()
@@ -209,11 +208,9 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'No valid emails provided' }, { status: 400 })
    }

-    // Handle batch workspace invitations if provided
    const validWorkspaceInvitations: WorkspaceInvitation[] = []
    if (isBatch && workspaceInvitations && workspaceInvitations.length > 0) {
      for (const wsInvitation of workspaceInvitations) {
-        // Check if user has admin permission on this workspace
        const canInvite = await hasWorkspaceAdminAccess(session.user.id, wsInvitation.workspaceId)

        if (!canInvite) {
@@ -229,7 +226,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      }
    }

-    // Check for existing members
    const existingMembers = await db
      .select({ userEmail: user.email })
      .from(member)
@@ -239,7 +235,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
    const existingEmails = existingMembers.map((m) => m.userEmail)
    const newEmails = processedEmails.filter((email: string) => !existingEmails.includes(email))

-    // Check for existing pending invitations
    const existingInvitations = await db
      .select({ email: invitation.email })
      .from(invitation)
@@ -265,7 +260,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      )
    }

-    // Create invitations
    const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
    const invitationsToCreate = emailsToInvite.map((email: string) => ({
      id: randomUUID(),
@@ -280,10 +274,10 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{

    await db.insert(invitation).values(invitationsToCreate)

-    // Create workspace invitations if batch mode
    const workspaceInvitationIds: string[] = []
    if (isBatch && validWorkspaceInvitations.length > 0) {
      for (const email of emailsToInvite) {
+        const orgInviteForEmail = invitationsToCreate.find((inv) => inv.email === email)
        for (const wsInvitation of validWorkspaceInvitations) {
          const wsInvitationId = randomUUID()
          const token = randomUUID()
@@ -297,6 +291,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
            status: 'pending',
            token,
            permissions: wsInvitation.permission,
+            orgInvitationId: orgInviteForEmail?.id,
            expiresAt,
            createdAt: new Date(),
            updatedAt: new Date(),
@@ -307,7 +302,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
      }
    }

-    // Send invitation emails
    const inviter = await db
      .select({ name: user.name })
      .from(user)
@@ -320,7 +314,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{

      let emailResult
      if (isBatch && validWorkspaceInvitations.length > 0) {
-        // Get workspace details for batch email
        const workspaceDetails = await db
          .select({
            id: workspace.id,
@@ -346,7 +339,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
          organizationEntry[0]?.name || 'organization',
          role,
          workspaceInvitationsWithNames,
-          `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`
+          `${env.NEXT_PUBLIC_APP_URL}/invite/${orgInvitation.id}`
        )

        emailResult = await sendEmail({
@@ -359,7 +352,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
        const emailHtml = await renderInvitationEmail(
          inviter[0]?.name || 'Someone',
          organizationEntry[0]?.name || 'organization',
-          `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`,
+          `${env.NEXT_PUBLIC_APP_URL}/invite/${orgInvitation.id}`,
          email
        )

@@ -446,7 +439,6 @@ export async function DELETE(
      )
    }

-    // Verify user has admin access
    const memberEntry = await db
      .select()
      .from(member)
@@ -464,12 +456,9 @@ export async function DELETE(
      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
    }

-    // Cancel the invitation
    const result = await db
      .update(invitation)
-      .set({
-        status: 'cancelled',
-      })
+      .set({ status: 'cancelled' })
      .where(
        and(
          eq(invitation.id, invitationId),
@@ -486,6 +475,23 @@ export async function DELETE(
      )
    }

+    await db
+      .update(workspaceInvitation)
+      .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+      .where(eq(workspaceInvitation.orgInvitationId, invitationId))
+
+    await db
+      .update(workspaceInvitation)
+      .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+      .where(
+        and(
+          isNull(workspaceInvitation.orgInvitationId),
+          eq(workspaceInvitation.email, result[0].email),
+          eq(workspaceInvitation.status, 'pending' as WorkspaceInvitationStatus),
+          eq(workspaceInvitation.inviterId, session.user.id)
+        )
+      )
+
    logger.info('Organization invitation cancelled', {
      organizationId,
      invitationId,
--- a/apps/sim/app/api/organizations/[id]/members/route.ts
+++ b/apps/sim/app/api/organizations/[id]/members/route.ts
@@ -260,7 +260,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
    const emailHtml = await renderInvitationEmail(
      inviter[0]?.name || 'Someone',
      organizationEntry[0]?.name || 'organization',
-      `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${invitationId}`,
+      `${env.NEXT_PUBLIC_APP_URL}/invite/organization?id=${invitationId}`,
      normalizedEmail
    )

--- a/apps/sim/app/api/organizations/invitations/accept/route.ts
+++ b/apps/sim/app/api/organizations/invitations/accept/route.ts
@@ -1,373 +0,0 @@
-import { randomUUID } from 'crypto'
-import { and, eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { env } from '@/lib/env'
-import { createLogger } from '@/lib/logs/console/logger'
-import { db } from '@/db'
-import { invitation, member, permissions, user, workspaceInvitation } from '@/db/schema'
-
-const logger = createLogger('OrganizationInvitationAcceptanceAPI')
-
-// Accept an organization invitation and any associated workspace invitations
-export async function GET(req: NextRequest) {
-  const invitationId = req.nextUrl.searchParams.get('id')
-
-  if (!invitationId) {
-    return NextResponse.redirect(
-      new URL(
-        '/invite/invite-error?reason=missing-invitation-id',
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-
-  const session = await getSession()
-
-  if (!session?.user?.id) {
-    // Redirect to login, user will be redirected back after login
-    return NextResponse.redirect(
-      new URL(
-        `/invite/organization?id=${invitationId}`,
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-
-  try {
-    // Find the organization invitation
-    const invitationResult = await db
-      .select()
-      .from(invitation)
-      .where(eq(invitation.id, invitationId))
-      .limit(1)
-
-    if (invitationResult.length === 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=invalid-invitation',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    const orgInvitation = invitationResult[0]
-
-    // Check if invitation has expired
-    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
-      return NextResponse.redirect(
-        new URL('/invite/invite-error?reason=expired', env.NEXT_PUBLIC_APP_URL || 'https://sim.ai')
-      )
-    }
-
-    // Check if invitation is still pending
-    if (orgInvitation.status !== 'pending') {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=already-processed',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Get user data to check email verification status
-    const userData = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
-
-    if (userData.length === 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=user-not-found',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Check if user's email is verified
-    if (!userData[0].emailVerified) {
-      return NextResponse.redirect(
-        new URL(
-          `/invite/invite-error?reason=email-not-verified&details=${encodeURIComponent(`You must verify your email address (${userData[0].email}) before accepting invitations.`)}`,
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Verify the email matches the current user
-    if (orgInvitation.email !== session.user.email) {
-      return NextResponse.redirect(
-        new URL(
-          `/invite/invite-error?reason=email-mismatch&details=${encodeURIComponent(`Invitation was sent to ${orgInvitation.email}, but you're logged in as ${userData[0].email}`)}`,
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Check if user is already a member of the organization
-    const existingMember = await db
-      .select()
-      .from(member)
-      .where(
-        and(
-          eq(member.organizationId, orgInvitation.organizationId),
-          eq(member.userId, session.user.id)
-        )
-      )
-      .limit(1)
-
-    if (existingMember.length > 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=already-member',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Start transaction to accept both organization and workspace invitations
-    await db.transaction(async (tx) => {
-      // Accept organization invitation - add user as member
-      await tx.insert(member).values({
-        id: randomUUID(),
-        userId: session.user.id,
-        organizationId: orgInvitation.organizationId,
-        role: orgInvitation.role,
-        createdAt: new Date(),
-      })
-
-      // Mark organization invitation as accepted
-      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
-
-      // Find and accept any pending workspace invitations for the same email
-      const workspaceInvitations = await tx
-        .select()
-        .from(workspaceInvitation)
-        .where(
-          and(
-            eq(workspaceInvitation.email, orgInvitation.email),
-            eq(workspaceInvitation.status, 'pending')
-          )
-        )
-
-      for (const wsInvitation of workspaceInvitations) {
-        // Check if invitation hasn't expired
-        if (
-          wsInvitation.expiresAt &&
-          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
-        ) {
-          // Check if user doesn't already have permissions on the workspace
-          const existingPermission = await tx
-            .select()
-            .from(permissions)
-            .where(
-              and(
-                eq(permissions.userId, session.user.id),
-                eq(permissions.entityType, 'workspace'),
-                eq(permissions.entityId, wsInvitation.workspaceId)
-              )
-            )
-            .limit(1)
-
-          if (existingPermission.length === 0) {
-            // Add workspace permissions
-            await tx.insert(permissions).values({
-              id: randomUUID(),
-              userId: session.user.id,
-              entityType: 'workspace',
-              entityId: wsInvitation.workspaceId,
-              permissionType: wsInvitation.permissions,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            })
-
-            // Mark workspace invitation as accepted
-            await tx
-              .update(workspaceInvitation)
-              .set({ status: 'accepted' })
-              .where(eq(workspaceInvitation.id, wsInvitation.id))
-
-            logger.info('Accepted workspace invitation', {
-              workspaceId: wsInvitation.workspaceId,
-              userId: session.user.id,
-              permission: wsInvitation.permissions,
-            })
-          }
-        }
-      }
-    })
-
-    logger.info('Successfully accepted batch invitation', {
-      organizationId: orgInvitation.organizationId,
-      userId: session.user.id,
-      role: orgInvitation.role,
-    })
-
-    // Redirect to success page or main app
-    return NextResponse.redirect(
-      new URL('/workspaces?invite=accepted', env.NEXT_PUBLIC_APP_URL || 'https://sim.ai')
-    )
-  } catch (error) {
-    logger.error('Failed to accept organization invitation', {
-      invitationId,
-      userId: session.user.id,
-      error,
-    })
-
-    return NextResponse.redirect(
-      new URL(
-        '/invite/invite-error?reason=server-error',
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-}
-
-// POST endpoint for programmatic acceptance (for API use)
-export async function POST(req: NextRequest) {
-  const session = await getSession()
-
-  if (!session?.user?.id) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  try {
-    const { invitationId } = await req.json()
-
-    if (!invitationId) {
-      return NextResponse.json({ error: 'Missing invitationId' }, { status: 400 })
-    }
-
-    // Similar logic to GET but return JSON response
-    const invitationResult = await db
-      .select()
-      .from(invitation)
-      .where(eq(invitation.id, invitationId))
-      .limit(1)
-
-    if (invitationResult.length === 0) {
-      return NextResponse.json({ error: 'Invalid invitation' }, { status: 404 })
-    }
-
-    const orgInvitation = invitationResult[0]
-
-    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
-      return NextResponse.json({ error: 'Invitation expired' }, { status: 400 })
-    }
-
-    if (orgInvitation.status !== 'pending') {
-      return NextResponse.json({ error: 'Invitation already processed' }, { status: 400 })
-    }
-
-    // Get user data to check email verification status
-    const userData = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
-
-    if (userData.length === 0) {
-      return NextResponse.json({ error: 'User not found' }, { status: 404 })
-    }
-
-    // Check if user's email is verified
-    if (!userData[0].emailVerified) {
-      return NextResponse.json(
-        {
-          error: 'Email not verified',
-          message: `You must verify your email address (${userData[0].email}) before accepting invitations.`,
-        },
-        { status: 403 }
-      )
-    }
-
-    if (orgInvitation.email !== session.user.email) {
-      return NextResponse.json({ error: 'Email mismatch' }, { status: 403 })
-    }
-
-    // Check if user is already a member
-    const existingMember = await db
-      .select()
-      .from(member)
-      .where(
-        and(
-          eq(member.organizationId, orgInvitation.organizationId),
-          eq(member.userId, session.user.id)
-        )
-      )
-      .limit(1)
-
-    if (existingMember.length > 0) {
-      return NextResponse.json({ error: 'Already a member' }, { status: 400 })
-    }
-
-    let acceptedWorkspaces = 0
-
-    // Accept invitations in transaction
-    await db.transaction(async (tx) => {
-      // Accept organization invitation
-      await tx.insert(member).values({
-        id: randomUUID(),
-        userId: session.user.id,
-        organizationId: orgInvitation.organizationId,
-        role: orgInvitation.role,
-        createdAt: new Date(),
-      })
-
-      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
-
-      // Accept workspace invitations
-      const workspaceInvitations = await tx
-        .select()
-        .from(workspaceInvitation)
-        .where(
-          and(
-            eq(workspaceInvitation.email, orgInvitation.email),
-            eq(workspaceInvitation.status, 'pending')
-          )
-        )
-
-      for (const wsInvitation of workspaceInvitations) {
-        if (
-          wsInvitation.expiresAt &&
-          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
-        ) {
-          const existingPermission = await tx
-            .select()
-            .from(permissions)
-            .where(
-              and(
-                eq(permissions.userId, session.user.id),
-                eq(permissions.entityType, 'workspace'),
-                eq(permissions.entityId, wsInvitation.workspaceId)
-              )
-            )
-            .limit(1)
-
-          if (existingPermission.length === 0) {
-            await tx.insert(permissions).values({
-              id: randomUUID(),
-              userId: session.user.id,
-              entityType: 'workspace',
-              entityId: wsInvitation.workspaceId,
-              permissionType: wsInvitation.permissions,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            })
-
-            await tx
-              .update(workspaceInvitation)
-              .set({ status: 'accepted' })
-              .where(eq(workspaceInvitation.id, wsInvitation.id))
-
-            acceptedWorkspaces++
-          }
-        }
-      }
-    })
-
-    return NextResponse.json({
-      success: true,
-      message: `Successfully joined organization and ${acceptedWorkspaces} workspace(s)`,
-      organizationId: orgInvitation.organizationId,
-      workspacesJoined: acceptedWorkspaces,
-    })
-  } catch (error) {
-    logger.error('Failed to accept organization invitation via API', { error })
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
--- a/apps/sim/app/api/providers/route.ts
+++ b/apps/sim/app/api/providers/route.ts
@@ -1,5 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import type { StreamingExecution } from '@/executor/types'
 import { executeProviderRequest } from '@/providers'
 import { getApiKey } from '@/providers/utils'
@@ -12,7 +13,7 @@ export const dynamic = 'force-dynamic'
 * Server-side proxy for provider requests
 */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const startTime = Date.now()

  try {
@@ -36,6 +37,7 @@ export async function POST(request: NextRequest) {
      azureApiVersion,
      responseFormat,
      workflowId,
+      workspaceId,
      stream,
      messages,
      environmentVariables,
@@ -104,6 +106,7 @@ export async function POST(request: NextRequest) {
      azureApiVersion,
      responseFormat,
      workflowId,
+      workspaceId,
      stream,
      messages,
      environmentVariables,
--- a/apps/sim/app/api/proxy/image/route.ts
+++ b/apps/sim/app/api/proxy/image/route.ts
@@ -1,6 +1,7 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
 import { validateImageUrl } from '@/lib/security/url-validation'
+import { generateRequestId } from '@/lib/utils'

 const logger = createLogger('ImageProxyAPI')

@@ -11,7 +12,7 @@ const logger = createLogger('ImageProxyAPI')
 export async function GET(request: NextRequest) {
  const url = new URL(request.url)
  const imageUrl = url.searchParams.get('url')
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  if (!imageUrl) {
    logger.error(`[${requestId}] Missing 'url' parameter`)
--- a/apps/sim/app/api/proxy/route.ts
+++ b/apps/sim/app/api/proxy/route.ts
@@ -2,6 +2,7 @@ import { NextResponse } from 'next/server'
 import { isDev } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { validateProxyUrl } from '@/lib/security/url-validation'
+import { generateRequestId } from '@/lib/utils'
 import { executeTool } from '@/tools'
 import { getTool, validateRequiredParametersAfterMerge } from '@/tools/utils'

@@ -74,7 +75,7 @@ const createErrorResponse = (error: any, status = 500, additionalData = {}) => {
 export async function GET(request: Request) {
  const url = new URL(request.url)
  const targetUrl = url.searchParams.get('url')
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  if (!targetUrl) {
    logger.error(`[${requestId}] Missing 'url' parameter`)
@@ -167,7 +168,7 @@ export async function GET(request: Request) {
 }

 export async function POST(request: Request) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const startTime = new Date()
  const startTimeISO = startTime.toISOString()

--- a/apps/sim/app/api/schedules/[id]/route.ts
+++ b/apps/sim/app/api/schedules/[id]/route.ts
@@ -1,9 +1,9 @@
-import crypto from 'crypto'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'

@@ -18,7 +18,7 @@ export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const { id } = await params
@@ -85,7 +85,7 @@ export async function DELETE(
 * Update a schedule - can be used to reactivate a disabled schedule
 */
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const { id } = await params
--- a/apps/sim/app/api/schedules/[id]/status/route.ts
+++ b/apps/sim/app/api/schedules/[id]/status/route.ts
@@ -3,13 +3,14 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'

 const logger = createLogger('ScheduleStatusAPI')

 export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params
  const scheduleId = id

--- a/apps/sim/app/api/schedules/execute/route.test.ts
+++ b/apps/sim/app/api/schedules/execute/route.test.ts
@@ -23,7 +23,6 @@ describe('Scheduled Workflow Execution API Route', () => {
        edges: sampleWorkflowState.edges || [],
        loops: sampleWorkflowState.loops || {},
        parallels: {},
-        whiles: {},
        isFromNormalizedTables: true,
      }),
    }))
--- a/apps/sim/app/api/schedules/execute/route.ts
+++ b/apps/sim/app/api/schedules/execute/route.ts
@@ -4,6 +4,8 @@ import { NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
 import { checkServerSideUsageLimits } from '@/lib/billing'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
+import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
 import { buildTraceSpans } from '@/lib/logs/execution/trace-spans/trace-spans'
@@ -13,24 +15,16 @@ import {
  getScheduleTimeValues,
  getSubBlockValue,
 } from '@/lib/schedules/utils'
-import { decryptSecret } from '@/lib/utils'
+import { decryptSecret, generateRequestId } from '@/lib/utils'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
 import { updateWorkflowRunCounts } from '@/lib/workflows/utils'
 import { db } from '@/db'
-import {
-  environment as environmentTable,
-  subscription,
-  userStats,
-  workflow,
-  workflowSchedule,
-} from '@/db/schema'
+import { userStats, workflow, workflowSchedule } from '@/db/schema'
 import { Executor } from '@/executor'
 import { Serializer } from '@/serializer'
 import { RateLimiter } from '@/services/queue'
-import type { SubscriptionPlan } from '@/services/queue/types'
 import { mergeSubblockState } from '@/stores/workflows/server-utils'

-// Add dynamic export to prevent caching
 export const dynamic = 'force-dynamic'

 const logger = createLogger('ScheduledExecuteAPI')
@@ -71,7 +65,7 @@ const runningExecutions = new Set<string>()

 export async function GET() {
  logger.info(`Scheduled execution triggered at ${new Date().toISOString()}`)
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const now = new Date()

  let dueSchedules: (typeof workflowSchedule.$inferSelect)[] = []
@@ -113,19 +107,13 @@ export async function GET() {
          continue
        }

-        // Check rate limits for scheduled execution
-        const [subscriptionRecord] = await db
-          .select({ plan: subscription.plan })
-          .from(subscription)
-          .where(eq(subscription.referenceId, workflowRecord.userId))
-          .limit(1)
-
-        const subscriptionPlan = (subscriptionRecord?.plan || 'free') as SubscriptionPlan
+        // Check rate limits for scheduled execution (checks both personal and org subscriptions)
+        const userSubscription = await getHighestPrioritySubscription(workflowRecord.userId)

        const rateLimiter = new RateLimiter()
-        const rateLimitCheck = await rateLimiter.checkRateLimit(
+        const rateLimitCheck = await rateLimiter.checkRateLimitWithSubscription(
          workflowRecord.userId,
-          subscriptionPlan,
+          userSubscription,
          'schedule',
          false // schedules are always sync
        )
@@ -230,27 +218,21 @@ export async function GET() {
              const edges = normalizedData.edges
              const loops = normalizedData.loops
              const parallels = normalizedData.parallels
-              const whiles = normalizedData.whiles
              logger.info(
                `[${requestId}] Loaded scheduled workflow ${schedule.workflowId} from normalized tables`
              )

              const mergedStates = mergeSubblockState(blocks)

-              // Retrieve environment variables for this user (if any).
-              const [userEnv] = await db
-                .select()
-                .from(environmentTable)
-                .where(eq(environmentTable.userId, workflowRecord.userId))
-                .limit(1)
-
-              if (!userEnv) {
-                logger.debug(
-                  `[${requestId}] No environment record found for user ${workflowRecord.userId}. Proceeding with empty variables.`
-                )
-              }
-
-              const variables = EnvVarsSchema.parse(userEnv?.variables ?? {})
+              // Retrieve environment variables with workspace precedence
+              const { personalEncrypted, workspaceEncrypted } = await getPersonalAndWorkspaceEnv(
+                workflowRecord.userId,
+                workflowRecord.workspaceId || undefined
+              )
+              const variables = EnvVarsSchema.parse({
+                ...personalEncrypted,
+                ...workspaceEncrypted,
+              })

              const currentBlockStates = await Object.entries(mergedStates).reduce(
                async (accPromise, [id, block]) => {
@@ -385,7 +367,6 @@ export async function GET() {
                edges,
                loops,
                parallels,
-                whiles,
                true // Enable validation during execution
              )

--- a/apps/sim/app/api/schedules/route.ts
+++ b/apps/sim/app/api/schedules/route.ts
@@ -1,4 +1,3 @@
-import crypto from 'crypto'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
@@ -13,6 +12,7 @@ import {
  getSubBlockValue,
  validateCronExpression,
 } from '@/lib/schedules/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'

@@ -65,7 +65,7 @@ function hasValidScheduleConfig(
 * Get schedule information for a workflow
 */
 export async function GET(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const url = new URL(req.url)
  const workflowId = url.searchParams.get('workflowId')
  const blockId = url.searchParams.get('blockId')
@@ -165,7 +165,7 @@ export async function GET(req: NextRequest) {
 * Create or update a schedule for a workflow
 */
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
--- a/apps/sim/app/api/templates/[id]/route.ts
+++ b/apps/sim/app/api/templates/[id]/route.ts
@@ -4,6 +4,7 @@ import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { hasAdminPermission } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templates, workflow } from '@/db/schema'

@@ -13,7 +14,7 @@ export const revalidate = 0

 // GET /api/templates/[id] - Retrieve a single template by ID
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -77,7 +78,7 @@ const updateTemplateSchema = z.object({

 // PUT /api/templates/[id] - Update a template
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -163,7 +164,7 @@ export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
--- a/apps/sim/app/api/templates/[id]/star/route.ts
+++ b/apps/sim/app/api/templates/[id]/star/route.ts
@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templateStars, templates } from '@/db/schema'

@@ -13,7 +14,7 @@ export const revalidate = 0

 // GET /api/templates/[id]/star - Check if user has starred this template
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -47,7 +48,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{

 // POST /api/templates/[id]/star - Add a star to the template
 export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
@@ -123,7 +124,7 @@ export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
--- a/apps/sim/app/api/templates/[id]/use/route.ts
+++ b/apps/sim/app/api/templates/[id]/use/route.ts
@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templates, workflow, workflowBlocks, workflowEdges } from '@/db/schema'

@@ -13,7 +14,7 @@ export const revalidate = 0

 // POST /api/templates/[id]/use - Use a template (increment views and create workflow)
 export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const { id } = await params

  try {
--- a/apps/sim/app/api/templates/route.ts
+++ b/apps/sim/app/api/templates/route.ts
@@ -4,6 +4,7 @@ import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templateStars, templates, workflow } from '@/db/schema'

@@ -68,7 +69,6 @@ const CreateTemplateSchema = z.object({
    edges: z.array(z.any()),
    loops: z.record(z.any()),
    parallels: z.record(z.any()),
-    whiles: z.record(z.any()),
  }),
 })

@@ -83,7 +83,7 @@ const QueryParamsSchema = z.object({

 // GET /api/templates - Retrieve templates
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
@@ -186,7 +186,7 @@ export async function GET(request: NextRequest) {

 // POST /api/templates - Create a new template
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
--- a/apps/sim/app/api/tools/custom/route.ts
+++ b/apps/sim/app/api/tools/custom/route.ts
@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { customTools } from '@/db/schema'
@@ -33,7 +34,7 @@ const CustomToolSchema = z.object({

 // GET - Fetch all custom tools for the user
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const searchParams = request.nextUrl.searchParams
  const workflowId = searchParams.get('workflowId')

@@ -69,7 +70,7 @@ export async function GET(request: NextRequest) {

 // POST - Create or update custom tools
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    const session = await getSession()
@@ -162,7 +163,7 @@ export async function POST(req: NextRequest) {

 // DELETE - Delete a custom tool by ID
 export async function DELETE(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
  const searchParams = request.nextUrl.searchParams
  const toolId = searchParams.get('id')

--- a/apps/sim/app/api/tools/discord/channels/route.ts
+++ b/apps/sim/app/api/tools/discord/channels/route.ts
@@ -85,7 +85,8 @@ export async function POST(request: Request) {

    logger.info(`Fetching all Discord channels for server: ${serverId}`)

-    // Fetch all channels from Discord API
+    // Listing guild channels with a bot token is allowed if the bot is in the guild.
+    // Keep the request, but if unauthorized, return an empty list so the selector doesn't hard fail.
    const response = await fetch(`https://discord.com/api/v10/guilds/${serverId}/channels`, {
      method: 'GET',
      headers: {
@@ -95,20 +96,14 @@ export async function POST(request: Request) {
    })

    if (!response.ok) {
-      logger.error('Discord API error:', {
-        status: response.status,
-        statusText: response.statusText,
-      })
-
-      let errorMessage
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', errorData)
-        errorMessage = errorData.message || `Failed to fetch channels (${response.status})`
-      } catch (_e) {
-        errorMessage = `Failed to fetch channels: ${response.status} ${response.statusText}`
-      }
-      return NextResponse.json({ error: errorMessage }, { status: response.status })
+      logger.warn(
+        'Discord API returned non-OK for channels; returning empty list to avoid UX break',
+        {
+          status: response.status,
+          statusText: response.statusText,
+        }
+      )
+      return NextResponse.json({ channels: [] })
    }

    const channels = (await response.json()) as DiscordChannel[]
--- a/apps/sim/app/api/tools/discord/servers/route.ts
+++ b/apps/sim/app/api/tools/discord/servers/route.ts
@@ -64,46 +64,14 @@ export async function POST(request: Request) {
      })
    }

-    // Otherwise, fetch all servers the bot is in
-    logger.info('Fetching all Discord servers')
-
-    const response = await fetch('https://discord.com/api/v10/users/@me/guilds', {
-      method: 'GET',
-      headers: {
-        Authorization: `Bot ${botToken}`,
-        'Content-Type': 'application/json',
-      },
-    })
-
-    if (!response.ok) {
-      logger.error('Discord API error:', {
-        status: response.status,
-        statusText: response.statusText,
-      })
-
-      let errorMessage
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', errorData)
-        errorMessage = errorData.message || `Failed to fetch servers (${response.status})`
-      } catch (_e) {
-        errorMessage = `Failed to fetch servers: ${response.status} ${response.statusText}`
-      }
-      return NextResponse.json({ error: errorMessage }, { status: response.status })
-    }
-
-    const servers = (await response.json()) as DiscordServer[]
-    logger.info(`Successfully fetched ${servers.length} servers`)
-
-    return NextResponse.json({
-      servers: servers.map((server: DiscordServer) => ({
-        id: server.id,
-        name: server.name,
-        icon: server.icon
-          ? `https://cdn.discordapp.com/icons/${server.id}/${server.icon}.png`
-          : null,
-      })),
-    })
+    // Listing guilds via REST requires a user OAuth2 access token with the 'guilds' scope.
+    // A bot token cannot call /users/@me/guilds and will return 401.
+    // Since this selector only has a bot token, return an empty list instead of erroring
+    // and let users provide a Server ID in advanced mode.
+    logger.info(
+      'Skipping guild listing: bot token cannot list /users/@me/guilds; returning empty list'
+    )
+    return NextResponse.json({ servers: [] })
  } catch (error) {
    logger.error('Error processing request:', error)
    return NextResponse.json(
--- a/apps/sim/app/api/tools/drive/file/route.ts
+++ b/apps/sim/app/api/tools/drive/file/route.ts
@@ -1,8 +1,8 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'

 const logger = createLogger('GoogleDriveFileAPI')
@@ -11,11 +11,10 @@ const logger = createLogger('GoogleDriveFileAPI')
 * Get a single file from Google Drive
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
  logger.info(`[${requestId}] Google Drive file request received`)

  try {
-    // Get the credential ID and file ID from the query params
    const { searchParams } = new URL(request.url)
    const credentialId = searchParams.get('credentialId')
    const fileId = searchParams.get('fileId')
@@ -31,7 +30,6 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
    }

-    // Refresh access token if needed using the utility function
    const accessToken = await refreshAccessTokenIfNeeded(
      credentialId,
      authz.credentialOwnerUserId,
@@ -42,7 +40,6 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
    }

-    // Fetch the file from Google Drive API
    logger.info(`[${requestId}] Fetching file ${fileId} from Google Drive API`)
    const response = await fetch(
      `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks,shortcutDetails&supportsAllDrives=true`,
@@ -69,7 +66,6 @@ export async function GET(request: NextRequest) {

    const file = await response.json()

-    // In case of Google Docs, Sheets, etc., provide the export links
    const exportFormats: { [key: string]: string } = {
      'application/vnd.google-apps.document': 'application/pdf', // Google Docs to PDF
      'application/vnd.google-apps.spreadsheet':
@@ -77,7 +73,6 @@ export async function GET(request: NextRequest) {
      'application/vnd.google-apps.presentation': 'application/pdf', // Google Slides to PDF
    }

-    // Resolve shortcuts transparently for UI stability
    if (
      file.mimeType === 'application/vnd.google-apps.shortcut' &&
      file.shortcutDetails?.targetId
@@ -105,20 +100,16 @@ export async function GET(request: NextRequest) {
      }
    }

-    // If the file is a Google Docs, Sheets, or Slides file, we need to provide the export link
    if (file.mimeType.startsWith('application/vnd.google-apps.')) {
      const format = exportFormats[file.mimeType] || 'application/pdf'
      if (!file.exportLinks) {
-        // If export links are not available in the response, try to construct one
        file.downloadUrl = `https://www.googleapis.com/drive/v3/files/${file.id}/export?mimeType=${encodeURIComponent(
          format
        )}`
      } else {
-        // Use the export link from the response if available
        file.downloadUrl = file.exportLinks[format]
      }
    } else {
-      // For regular files, use the download link
      file.downloadUrl = `https://www.googleapis.com/drive/v3/files/${file.id}?alt=media`
    }

--- a/apps/sim/app/api/tools/drive/files/route.ts
+++ b/apps/sim/app/api/tools/drive/files/route.ts
@@ -2,8 +2,8 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'

 const logger = createLogger('GoogleDriveFilesAPI')
@@ -12,20 +12,17 @@ const logger = createLogger('GoogleDriveFilesAPI')
 * Get files from Google Drive
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
  logger.info(`[${requestId}] Google Drive files request received`)

  try {
-    // Get the session
    const session = await getSession()

-    // Check if the user is authenticated
    if (!session?.user?.id) {
      logger.warn(`[${requestId}] Unauthenticated request rejected`)
      return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
    }

-    // Get the credential ID from the query params
    const { searchParams } = new URL(request.url)
    const credentialId = searchParams.get('credentialId')
    const mimeType = searchParams.get('mimeType')
@@ -38,14 +35,12 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
    }

-    // Authorize use of the credential (supports collaborator credentials via workflow)
    const authz = await authorizeCredentialUse(request, { credentialId: credentialId!, workflowId })
    if (!authz.ok || !authz.credentialOwnerUserId) {
      logger.warn(`[${requestId}] Unauthorized credential access attempt`, authz)
      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
    }

-    // Refresh access token if needed using the utility function
    const accessToken = await refreshAccessTokenIfNeeded(
      credentialId!,
      authz.credentialOwnerUserId,
@@ -56,7 +51,6 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
    }

-    // Build Drive 'q' expression safely
    const qParts: string[] = ['trashed = false']
    if (folderId) {
      qParts.push(`'${folderId.replace(/'/g, "\\'")}' in parents`)
@@ -69,7 +63,6 @@ export async function GET(request: NextRequest) {
    }
    const q = encodeURIComponent(qParts.join(' and '))

-    // Fetch files from Google Drive API with shared drives support
    const response = await fetch(
      `https://www.googleapis.com/drive/v3/files?q=${q}&supportsAllDrives=true&includeItemsFromAllDrives=true&spaces=drive&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,parents)`,
      {
--- a/apps/sim/app/api/tools/gmail/label/route.ts
+++ b/apps/sim/app/api/tools/gmail/label/route.ts
@@ -2,6 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -11,7 +12,7 @@ export const dynamic = 'force-dynamic'
 const logger = createLogger('GmailLabelAPI')

 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/tools/gmail/labels/route.ts
+++ b/apps/sim/app/api/tools/gmail/labels/route.ts
@@ -2,10 +2,10 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
-
 export const dynamic = 'force-dynamic'

 const logger = createLogger('GmailLabelsAPI')
@@ -19,7 +19,7 @@ interface GmailLabel {
 }

 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()

  try {
    // Get the session
--- a/apps/sim/app/api/tools/google_calendar/calendars/route.ts
+++ b/apps/sim/app/api/tools/google_calendar/calendars/route.ts
@@ -1,8 +1,8 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'

 const logger = createLogger('GoogleCalendarAPI')
@@ -21,7 +21,7 @@ interface CalendarListItem {
 * Get calendars from Google Calendar
 */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
  logger.info(`[${requestId}] Google Calendar calendars request received`)

  try {
--- a/apps/sim/app/api/tools/jira/issues/route.ts
+++ b/apps/sim/app/api/tools/jira/issues/route.ts
@@ -6,17 +6,32 @@ export const dynamic = 'force-dynamic'

 const logger = createLogger('JiraIssuesAPI')

+// Helper functions
+const createErrorResponse = async (response: Response, defaultMessage: string) => {
+  try {
+    const errorData = await response.json()
+    return errorData.message || errorData.errorMessages?.[0] || defaultMessage
+  } catch {
+    return defaultMessage
+  }
+}
+
+const validateRequiredParams = (domain: string | null, accessToken: string | null) => {
+  if (!domain) {
+    return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+  }
+  if (!accessToken) {
+    return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+  }
+  return null
+}
+
 export async function POST(request: Request) {
  try {
    const { domain, accessToken, issueKeys = [], cloudId: providedCloudId } = await request.json()

-    if (!domain) {
-      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
-    }
-
-    if (!accessToken) {
-      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
-    }
+    const validationError = validateRequiredParams(domain || null, accessToken || null)
+    if (validationError) return validationError

    if (issueKeys.length === 0) {
      logger.info('No issue keys provided, returning empty result')
@@ -24,7 +39,7 @@ export async function POST(request: Request) {
    }

    // Use provided cloudId or fetch it if not provided
-    const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
+    const cloudId = providedCloudId || (await getJiraCloudId(domain!, accessToken!))

    // Build the URL using cloudId for Jira API
    const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/bulkfetch`
@@ -53,47 +68,24 @@ export async function POST(request: Request) {

    if (!response.ok) {
      logger.error(`Jira API error: ${response.status} ${response.statusText}`)
-      let errorMessage
-
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', JSON.stringify(errorData, null, 2))
-        errorMessage = errorData.message || `Failed to fetch Jira issues (${response.status})`
-      } catch (e) {
-        logger.error('Could not parse error response as JSON:', e)
-
-        try {
-          const _text = await response.text()
-          errorMessage = `Failed to fetch Jira issues: ${response.status} ${response.statusText}`
-        } catch (_textError) {
-          errorMessage = `Failed to fetch Jira issues: ${response.status} ${response.statusText}`
-        }
-      }
-
+      const errorMessage = await createErrorResponse(
+        response,
+        `Failed to fetch Jira issues (${response.status})`
+      )
      return NextResponse.json({ error: errorMessage }, { status: response.status })
    }

    const data = await response.json()
+    const issues = (data.issues || []).map((issue: any) => ({
+      id: issue.key,
+      name: issue.fields.summary,
+      mimeType: 'jira/issue',
+      url: `https://${domain}/browse/${issue.key}`,
+      modifiedTime: issue.fields.updated,
+      webViewLink: `https://${domain}/browse/${issue.key}`,
+    }))

-    if (data.issues && data.issues.length > 0) {
-      data.issues.slice(0, 3).forEach((issue: any) => {
-        logger.info(`- ${issue.key}: ${issue.fields.summary}`)
-      })
-    }
-
-    return NextResponse.json({
-      issues: data.issues
-        ? data.issues.map((issue: any) => ({
-            id: issue.key,
-            name: issue.fields.summary,
-            mimeType: 'jira/issue',
-            url: `https://${domain}/browse/${issue.key}`,
-            modifiedTime: issue.fields.updated,
-            webViewLink: `https://${domain}/browse/${issue.key}`,
-          }))
-        : [],
-      cloudId, // Return the cloudId so it can be cached
-    })
+    return NextResponse.json({ issues, cloudId })
  } catch (error) {
    logger.error('Error fetching Jira issues:', error)
    return NextResponse.json(
@@ -111,83 +103,79 @@ export async function GET(request: Request) {
    const providedCloudId = url.searchParams.get('cloudId')
    const query = url.searchParams.get('query') || ''
    const projectId = url.searchParams.get('projectId') || ''
+    const manualProjectId = url.searchParams.get('manualProjectId') || ''
+    const all = url.searchParams.get('all')?.toLowerCase() === 'true'
+    const limitParam = Number.parseInt(url.searchParams.get('limit') || '', 10)
+    const limit = Number.isFinite(limitParam) && limitParam > 0 ? limitParam : 0

-    if (!domain) {
-      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
-    }
-
-    if (!accessToken) {
-      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
-    }
-
-    // Use provided cloudId or fetch it if not provided
-    const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
-    logger.info('Using cloud ID:', cloudId)
-
-    // Build query parameters
-    const params = new URLSearchParams()
-
-    // Only add query if it exists
-    if (query) {
-      params.append('query', query)
-    }
+    const validationError = validateRequiredParams(domain || null, accessToken || null)
+    if (validationError) return validationError

+    const cloudId = providedCloudId || (await getJiraCloudId(domain!, accessToken!))
    let data: any

    if (query) {
-      const apiUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/picker?${params.toString()}`
-      logger.info(`Fetching Jira issue suggestions from: ${apiUrl}`)
+      const params = new URLSearchParams({ query })
+      const apiUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/picker?${params}`
      const response = await fetch(apiUrl, {
-        method: 'GET',
        headers: {
          Authorization: `Bearer ${accessToken}`,
          Accept: 'application/json',
        },
      })
-      logger.info('Response status:', response.status, response.statusText)
+
      if (!response.ok) {
-        logger.error(`Jira API error: ${response.status} ${response.statusText}`)
-        let errorMessage
-        try {
-          const errorData = await response.json()
-          logger.error('Error details:', errorData)
-          errorMessage =
-            errorData.message || `Failed to fetch issue suggestions (${response.status})`
-        } catch (_e) {
-          errorMessage = `Failed to fetch issue suggestions: ${response.status} ${response.statusText}`
-        }
+        const errorMessage = await createErrorResponse(
+          response,
+          `Failed to fetch issue suggestions (${response.status})`
+        )
        return NextResponse.json({ error: errorMessage }, { status: response.status })
      }
      data = await response.json()
-    } else if (projectId) {
-      // When no query, list latest issues for the selected project using Search API
-      const searchParams = new URLSearchParams()
-      searchParams.append('jql', `project=${projectId} ORDER BY updated DESC`)
-      searchParams.append('maxResults', '25')
-      searchParams.append('fields', 'summary,key')
-      const searchUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${searchParams.toString()}`
-      logger.info(`Fetching Jira issues via search from: ${searchUrl}`)
-      const response = await fetch(searchUrl, {
-        method: 'GET',
-        headers: {
-          Authorization: `Bearer ${accessToken}`,
-          Accept: 'application/json',
-        },
-      })
-      if (!response.ok) {
-        let errorMessage
-        try {
-          const errorData = await response.json()
-          logger.error('Jira Search API error details:', errorData)
-          errorMessage =
-            errorData.errorMessages?.[0] || `Failed to fetch issues (${response.status})`
-        } catch (_e) {
-          errorMessage = `Failed to fetch issues: ${response.status} ${response.statusText}`
-        }
-        return NextResponse.json({ error: errorMessage }, { status: response.status })
+    } else if (projectId || manualProjectId) {
+      const SAFETY_CAP = 1000
+      const PAGE_SIZE = 100
+      const target = Math.min(all ? limit || SAFETY_CAP : 25, SAFETY_CAP)
+      const projectKey = (projectId || manualProjectId).trim()
+
+      const buildSearchUrl = (startAt: number) => {
+        const params = new URLSearchParams({
+          jql: `project=${projectKey} ORDER BY updated DESC`,
+          maxResults: String(Math.min(PAGE_SIZE, target)),
+          startAt: String(startAt),
+          fields: 'summary,key,updated',
+        })
+        return `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${params}`
      }
-      const searchData = await response.json()
-      const issues = (searchData.issues || []).map((it: any) => ({
+
+      let startAt = 0
+      let collected: any[] = []
+      let total = 0
+
+      do {
+        const response = await fetch(buildSearchUrl(startAt), {
+          headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: 'application/json',
+          },
+        })
+
+        if (!response.ok) {
+          const errorMessage = await createErrorResponse(
+            response,
+            `Failed to fetch issues (${response.status})`
+          )
+          return NextResponse.json({ error: errorMessage }, { status: response.status })
+        }
+
+        const page = await response.json()
+        const issues = page.issues || []
+        total = page.total || issues.length
+        collected = collected.concat(issues)
+        startAt += PAGE_SIZE
+      } while (all && collected.length < Math.min(total, target))
+
+      const issues = collected.slice(0, target).map((it: any) => ({
        key: it.key,
        summary: it.fields?.summary || it.key,
      }))
@@ -196,10 +184,7 @@ export async function GET(request: Request) {
      data = { sections: [], cloudId }
    }

-    return NextResponse.json({
-      ...data,
-      cloudId, // Return the cloudId so it can be cached
-    })
+    return NextResponse.json({ ...data, cloudId })
  } catch (error) {
    logger.error('Error fetching Jira issue suggestions:', error)
    return NextResponse.json(
--- a/apps/sim/app/api/tools/jira/write/route.ts
+++ b/apps/sim/app/api/tools/jira/write/route.ts
@@ -42,10 +42,7 @@ export async function POST(request: Request) {
      return NextResponse.json({ error: 'Summary is required' }, { status: 400 })
    }

-    if (!issueType) {
-      logger.error('Missing issue type in request')
-      return NextResponse.json({ error: 'Issue type is required' }, { status: 400 })
-    }
+    const normalizedIssueType = issueType || 'Task'

    // Use provided cloudId or fetch it if not provided
    const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
@@ -62,7 +59,7 @@ export async function POST(request: Request) {
        id: projectId,
      },
      issuetype: {
-        name: issueType,
+        name: normalizedIssueType,
      },
      summary: summary,
    }
--- a/apps/sim/app/api/tools/linear/projects/route.ts
+++ b/apps/sim/app/api/tools/linear/projects/route.ts
@@ -3,6 +3,7 @@ import { LinearClient } from '@linear/sdk'
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'

 export const dynamic = 'force-dynamic'
@@ -19,7 +20,7 @@ export async function POST(request: Request) {
      return NextResponse.json({ error: 'Credential and teamId are required' }, { status: 400 })
    }

-    const requestId = crypto.randomUUID().slice(0, 8)
+    const requestId = generateRequestId()
    const authz = await authorizeCredentialUse(request as any, {
      credentialId: credential,
      workflowId,
--- a/apps/sim/app/api/tools/linear/teams/route.ts
+++ b/apps/sim/app/api/tools/linear/teams/route.ts
@@ -3,6 +3,7 @@ import { LinearClient } from '@linear/sdk'
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'

 export const dynamic = 'force-dynamic'
@@ -11,7 +12,7 @@ const logger = createLogger('LinearTeamsAPI')

 export async function POST(request: Request) {
  try {
-    const requestId = crypto.randomUUID().slice(0, 8)
+    const requestId = generateRequestId()
    const body = await request.json()
    const { credential, workflowId } = body

--- a/apps/sim/app/api/tools/microsoft-teams/chats/route.ts
+++ b/apps/sim/app/api/tools/microsoft-teams/chats/route.ts
@@ -115,7 +115,6 @@ const getChatDisplayName = async (

 export async function POST(request: Request) {
  try {
-    const requestId = crypto.randomUUID().slice(0, 8)
    const body = await request.json()

    const { credential, workflowId } = body
--- a/apps/sim/app/api/tools/microsoft-teams/teams/route.ts
+++ b/apps/sim/app/api/tools/microsoft-teams/teams/route.ts
@@ -1,6 +1,7 @@
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'

 export const dynamic = 'force-dynamic'
@@ -19,7 +20,7 @@ export async function POST(request: Request) {
    }

    try {
-      const requestId = crypto.randomUUID().slice(0, 8)
+      const requestId = generateRequestId()
      const authz = await authorizeCredentialUse(request as any, {
        credentialId: credential,
        workflowId,
--- a/apps/sim/app/api/tools/mongodb/delete/route.ts
+++ b/apps/sim/app/api/tools/mongodb/delete/route.ts
@@ -0,0 +1,114 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validateFilter } from '../utils'
+
+const logger = createLogger('MongoDBDeleteAPI')
+
+const DeleteSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  filter: z
+    .union([z.string(), z.object({}).passthrough()])
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '' && val !== '{}', {
+      message: 'Filter is required for MongoDB Delete',
+    }),
+  multi: z
+    .union([z.boolean(), z.string(), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === 'true' || val === true) return true
+      if (val === 'false' || val === false) return false
+      return false // Default to false
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = DeleteSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Deleting document(s) from ${params.host}:${params.port}/${params.database}.${params.collection} (multi: ${params.multi})`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    const filterValidation = validateFilter(params.filter)
+    if (!filterValidation.isValid) {
+      logger.warn(`[${requestId}] Filter validation failed: ${filterValidation.error}`)
+      return NextResponse.json(
+        { error: `Filter validation failed: ${filterValidation.error}` },
+        { status: 400 }
+      )
+    }
+
+    let filterDoc
+    try {
+      filterDoc = JSON.parse(params.filter)
+    } catch (error) {
+      logger.warn(`[${requestId}] Invalid filter JSON: ${params.filter}`)
+      return NextResponse.json({ error: 'Invalid JSON format in filter' }, { status: 400 })
+    }
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let result
+    if (params.multi) {
+      result = await coll.deleteMany(filterDoc)
+    } else {
+      result = await coll.deleteOne(filterDoc)
+    }
+
+    logger.info(`[${requestId}] Delete completed: ${result.deletedCount} documents deleted`)
+
+    return NextResponse.json({
+      message: `${result.deletedCount} documents deleted`,
+      deletedCount: result.deletedCount,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB delete failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB delete failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}
--- a/apps/sim/app/api/tools/mongodb/execute/route.ts
+++ b/apps/sim/app/api/tools/mongodb/execute/route.ts
@@ -0,0 +1,102 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validatePipeline } from '../utils'
+
+const logger = createLogger('MongoDBExecuteAPI')
+
+const ExecuteSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  pipeline: z
+    .union([z.string(), z.array(z.object({}).passthrough())])
+    .transform((val) => {
+      if (Array.isArray(val)) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '', {
+      message: 'Pipeline is required',
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = ExecuteSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Executing aggregation pipeline on ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    const pipelineValidation = validatePipeline(params.pipeline)
+    if (!pipelineValidation.isValid) {
+      logger.warn(`[${requestId}] Pipeline validation failed: ${pipelineValidation.error}`)
+      return NextResponse.json(
+        { error: `Pipeline validation failed: ${pipelineValidation.error}` },
+        { status: 400 }
+      )
+    }
+
+    const pipelineDoc = JSON.parse(params.pipeline)
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    const cursor = coll.aggregate(pipelineDoc)
+    const documents = await cursor.toArray()
+
+    logger.info(
+      `[${requestId}] Aggregation completed successfully, returned ${documents.length} documents`
+    )
+
+    return NextResponse.json({
+      message: `Aggregation completed, returned ${documents.length} documents`,
+      documents,
+      documentCount: documents.length,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB aggregation failed:`, error)
+
+    return NextResponse.json(
+      { error: `MongoDB aggregation failed: ${errorMessage}` },
+      { status: 500 }
+    )
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}
--- a/apps/sim/app/api/tools/mongodb/insert/route.ts
+++ b/apps/sim/app/api/tools/mongodb/insert/route.ts
@@ -0,0 +1,98 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName } from '../utils'
+
+const logger = createLogger('MongoDBInsertAPI')
+
+const InsertSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  documents: z
+    .union([z.array(z.record(z.unknown())), z.string()])
+    .transform((val) => {
+      if (typeof val === 'string') {
+        try {
+          const parsed = JSON.parse(val)
+          return Array.isArray(parsed) ? parsed : [parsed]
+        } catch {
+          throw new Error('Invalid JSON in documents field')
+        }
+      }
+      return val
+    })
+    .refine((val) => Array.isArray(val) && val.length > 0, {
+      message: 'At least one document is required',
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = InsertSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Inserting ${params.documents.length} document(s) into ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let result
+    if (params.documents.length === 1) {
+      result = await coll.insertOne(params.documents[0] as Record<string, unknown>)
+      logger.info(`[${requestId}] Single document inserted successfully`)
+      return NextResponse.json({
+        message: 'Document inserted successfully',
+        insertedId: result.insertedId.toString(),
+        documentCount: 1,
+      })
+    }
+    result = await coll.insertMany(params.documents as Record<string, unknown>[])
+    const insertedCount = Object.keys(result.insertedIds).length
+    logger.info(`[${requestId}] ${insertedCount} documents inserted successfully`)
+    return NextResponse.json({
+      message: `${insertedCount} documents inserted successfully`,
+      insertedIds: Object.values(result.insertedIds).map((id) => id.toString()),
+      documentCount: insertedCount,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB insert failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB insert failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}
--- a/apps/sim/app/api/tools/mongodb/query/route.ts
+++ b/apps/sim/app/api/tools/mongodb/query/route.ts
@@ -0,0 +1,136 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validateFilter } from '../utils'
+
+const logger = createLogger('MongoDBQueryAPI')
+
+const QuerySchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  query: z
+    .union([z.string(), z.object({}).passthrough()])
+    .optional()
+    .default('{}')
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val || '{}'
+    }),
+  limit: z
+    .union([z.coerce.number().int().positive(), z.literal(''), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === '' || val === undefined || val === null) {
+        return 100
+      }
+      return val
+    }),
+  sort: z
+    .union([z.string(), z.object({}).passthrough(), z.null()])
+    .optional()
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = QuerySchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Executing MongoDB query on ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    let filter = {}
+    if (params.query?.trim()) {
+      const validation = validateFilter(params.query)
+      if (!validation.isValid) {
+        logger.warn(`[${requestId}] Filter validation failed: ${validation.error}`)
+        return NextResponse.json(
+          { error: `Filter validation failed: ${validation.error}` },
+          { status: 400 }
+        )
+      }
+      filter = JSON.parse(params.query)
+    }
+
+    let sortCriteria = {}
+    if (params.sort?.trim()) {
+      try {
+        sortCriteria = JSON.parse(params.sort)
+      } catch (error) {
+        logger.warn(`[${requestId}] Invalid sort JSON: ${params.sort}`)
+        return NextResponse.json({ error: 'Invalid JSON format in sort criteria' }, { status: 400 })
+      }
+    }
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let cursor = coll.find(filter)
+
+    if (Object.keys(sortCriteria).length > 0) {
+      cursor = cursor.sort(sortCriteria)
+    }
+
+    const limit = params.limit || 100
+    cursor = cursor.limit(limit)
+
+    const documents = await cursor.toArray()
+
+    logger.info(
+      `[${requestId}] Query executed successfully, returned ${documents.length} documents`
+    )
+
+    return NextResponse.json({
+      message: `Found ${documents.length} documents`,
+      documents,
+      documentCount: documents.length,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB query failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB query failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}
--- a/Show More
+++ b/Show More