v0.5.79: longer MCP tools timeout, optimize loop/parallel regeneration, enrich.so integration

* fix(subflows): tag dropdown + resolution logic (#2949)

* fix(subflows): tag dropdown + resolution logic

* fixes;

* revert parallel change

* chore(deps): bump posthog-js to 1.334.1 (#2948)

* fix(idempotency): add conflict target to atomicallyClaimDb query + remove redundant db namespace tracking (#2950)

* fix(idempotency): add conflict target to atomicallyClaimDb query

* delete needs to account for namespace

* simplify namespace filtering logic

* fix cleanup

* consistent target

* improvement(kb): add document filtering, select all, and React Query migration (#2951)

* improvement(kb): add document filtering, select all, and React Query migration

* test(kb): update tests for enabledFilter and removed userId params

* fix(kb): remove non-null assertion, add explicit guard

* improvement(logs): trace span, details (#2952)

* improvement(action-bar): ordering

* improvement(logs): details, trace span

* feat(blog): v0.5 release post (#2953)

* feat(blog): v0.5 post

* improvement(blog): simplify title and remove code block header

- Simplified blog title from Introducing Sim Studio v0.5 to Introducing Sim v0.5
- Removed language label header and copy button from code blocks for cleaner appearance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ack PR comments

* small styling improvements

* created system to create post-specific components

* updated componnet

* cache invalidation

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat(admin): add credits endpoint to issue credits to users (#2954)

* feat(admin): add credits endpoint to issue credits to users

* fix(admin): use existing credit functions and handle enterprise seats

* fix(admin): reject NaN and Infinity in amount validation

* styling

* fix(admin): validate userId and email are strings

* improvement(copilot): fast mode, subagent tool responses and allow preferences (#2955)

* Improvements

* Fix actions mapping

* Remove console logs

* fix(billing): handle missing userStats and prevent crashes (#2956)

* fix(billing): handle missing userStats and prevent crashes

* fix(billing): correct import path for getFilledPillColor

* fix(billing): add Number.isFinite check to lastPeriodCost

* fix(logs): refresh logic to refresh logs details (#2958)

* fix(security): add authentication and input validation to API routes (#2959)

* fix(security): add authentication and input validation to API routes

* moved utils

* remove extraneous commetns

* removed unused dep

* improvement(helm): add internal ingress support and same-host path consolidation (#2960)

* improvement(helm): add internal ingress support and same-host path consolidation

* improvement(helm): clean up ingress template comments

Simplify verbose inline Helm comments and section dividers to match the
minimal style used in services.yaml.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(helm): add missing copilot path consolidation for realtime host

When copilot.host equals realtime.host but differs from app.host,
copilot paths were not being routed. Added logic to consolidate
copilot paths into the realtime rule for this scenario.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* improvement(helm): follow ingress best practices

- Remove orphan comments that appeared when services were disabled
- Add documentation about path ordering requirements
- Paths rendered in order: realtime, copilot, app (specific before catch-all)
- Clean template output matching industry Helm chart standards

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat(blog): enterprise post (#2961)

* feat(blog): enterprise post

* added more images, styling

* more content

* updated v0-5 post

* remove unused transition

---------

Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>

* fix(envvars): resolution standardized (#2957)

* fix(envvars): resolution standardized

* remove comments

* address bugbot

* fix highlighting for env vars

* remove comments

* address greptile

* address bugbot

* fix(copilot): mask credentials fix (#2963)

* Fix copilot masking

* Clean up

* Lint

* improvement(webhooks): remove dead code (#2965)

* fix(webhooks): subscription recreation path

* improvement(webhooks): remove dead code

* fix tests

* address bugbot comments

* fix restoration edge case

* fix more edge cases

* address bugbot comments

* fix gmail polling

* add warnings for UI indication for credential sets

* fix(preview): subblock values (#2969)

* fix(child-workflow): nested spans handoff (#2966)

* fix(child-workflow): nested spans handoff

* remove overly defensive programming

* update type check

* type more code

* remove more dead code

* address bugbot comments

* fix(security): restrict API key access on internal-only routes (#2964)

* fix(security): restrict API key access on internal-only routes

* test(security): update function execute tests for checkInternalAuth

* updated agent handler

* move session check higher in checkSessionOrInternalAuth

* extracted duplicate code into helper for resolving user from jwt

* fix(copilot): update copilot chat title (#2968)

* fix(hitl): fix condition blocks after hitl (#2967)

* fix(notes): ghost edges (#2970)

* fix(notes): ghost edges

* fix deployed state fallback

* fallback

* remove UI level checks

* annotation missing from autoconnect source check

* improvement(docs): loop and parallel var reference syntax (#2975)

* fix(blog): slash actions description (#2976)

* improvement(docs): loop and parallel var reference syntax

* fix(blog): slash actions description

* fix(auth): copilot routes (#2977)

* Fix copilot auth

* Fix

* Fix

* Fix

* fix(copilot): fix edit summary for loops/parallels (#2978)

* fix(integrations): hide from tool bar (#2544)

* fix(landing): ui (#2979)

* fix(edge-validation): race condition on collaborative add (#2980)

* fix(variables): boolean type support and input improvements (#2981)

* fix(variables): boolean type support and input improvements

* fix formatting

---------

Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
Co-authored-by: Emir Karabeg <78010029+emir-karabeg@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Siddharth Ganesan <33737564+Sg312@users.noreply.github.com>
Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>

apps/sim/app/(auth)/sso/page.tsx

@@ -1,6 +1,6 @@
 import { redirect } from 'next/navigation'
 import { getEnv, isTruthy } from '@/lib/core/config/env'
-import SSOForm from '@/ee/sso/components/sso-form'
+import SSOForm from '@/app/(auth)/sso/sso-form'
 
 export const dynamic = 'force-dynamic'
 

apps/sim/app/api/cron/cleanup-stale-executions/route.ts

@@ -8,7 +8,6 @@ import { verifyCronAuth } from '@/lib/auth/internal'
 const logger = createLogger('CleanupStaleExecutions')
 
 const STALE_THRESHOLD_MINUTES = 30
-const MAX_INT32 = 2_147_483_647
 
 export async function GET(request: NextRequest) {
   try {
@@ -46,14 +45,13 @@ export async function GET(request: NextRequest) {
       try {
         const staleDurationMs = Date.now() - new Date(execution.startedAt).getTime()
         const staleDurationMinutes = Math.round(staleDurationMs / 60000)
-        const totalDurationMs = Math.min(staleDurationMs, MAX_INT32)
 
         await db
           .update(workflowExecutionLogs)
           .set({
             status: 'failed',
             endedAt: new Date(),
-            totalDurationMs,
+            totalDurationMs: staleDurationMs,
             executionData: sql`jsonb_set(
               COALESCE(execution_data, '{}'::jsonb),
               ARRAY['error'],

apps/sim/app/api/mcp/serve/[serverId]/route.ts

@@ -284,7 +284,7 @@ async function handleToolsCall(
       content: [
         { type: 'text', text: JSON.stringify(executeResult.output || executeResult, null, 2) },
       ],
-      isError: executeResult.success === false,
+      isError: !executeResult.success,
     }
 
     return NextResponse.json(createResponse(id, result))

apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts

@@ -20,7 +20,6 @@ import { z } from 'zod'
 import { getEmailSubject, renderInvitationEmail } from '@/components/emails'
 import { getSession } from '@/lib/auth'
 import { hasAccessControlAccess } from '@/lib/billing'
-import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { sendEmail } from '@/lib/messaging/email/mailer'
@@ -502,18 +501,6 @@ export async function PUT(
       }
     }
 
-    if (status === 'accepted') {
-      try {
-        await syncUsageLimitsFromSubscription(session.user.id)
-      } catch (syncError) {
-        logger.error('Failed to sync usage limits after joining org', {
-          userId: session.user.id,
-          organizationId,
-          error: syncError,
-        })
-      }
-    }
-
     logger.info(`Organization invitation ${status}`, {
       organizationId,
       invitationId,

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -29,7 +29,7 @@ import { hasWorkspaceAdminAccess } from '@/lib/workspaces/permissions/utils'
 import {
   InvitationsNotAllowedError,
   validateInvitationsAllowed,
-} from '@/ee/access-control/utils/permission-check'
+} from '@/executor/utils/permission-check'
 
 const logger = createLogger('OrganizationInvitations')
 

apps/sim/app/api/users/me/subscription/[id]/transfer/route.ts

@@ -5,7 +5,6 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { hasActiveSubscription } from '@/lib/billing'
 
 const logger = createLogger('SubscriptionTransferAPI')
 
@@ -89,14 +88,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       )
     }
 
-    // Check if org already has an active subscription (prevent duplicates)
-    if (await hasActiveSubscription(organizationId)) {
-      return NextResponse.json(
-        { error: 'Organization already has an active subscription' },
-        { status: 409 }
-      )
-    }
-
     await db
       .update(subscription)
       .set({ referenceId: organizationId })

apps/sim/app/api/v1/admin/users/[id]/billing/route.ts

@@ -203,10 +203,6 @@ export const PATCH = withAdminAuthParams<RouteParams>(async (request, context) =
       }
 
       updateData.billingBlocked = body.billingBlocked
-      // Clear the reason when unblocking
-      if (body.billingBlocked === false) {
-        updateData.billingBlockedReason = null
-      }
       updated.push('billingBlocked')
     }
 

apps/sim/app/api/workflows/[id]/execute-from-block/route.ts

@@ -1,4 +1,6 @@
+import { db, workflow as workflowTable } from '@sim/db'
 import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
@@ -6,7 +8,6 @@ import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { SSE_HEADERS } from '@/lib/core/utils/sse'
 import { markExecutionCancelled } from '@/lib/execution/cancellation'
-import { preprocessExecution } from '@/lib/execution/preprocessing'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
 import { executeWorkflowCore } from '@/lib/workflows/executor/execution-core'
 import { createSSECallbacks } from '@/lib/workflows/executor/execution-events'
@@ -74,31 +75,12 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
     const { startBlockId, sourceSnapshot, input } = validation.data
     const executionId = uuidv4()
 
-    // Run preprocessing checks (billing, rate limits, usage limits)
+    const [workflowRecord] = await db
-    const preprocessResult = await preprocessExecution({
+      .select({ workspaceId: workflowTable.workspaceId, userId: workflowTable.userId })
-      workflowId,
+      .from(workflowTable)
-      userId,
+      .where(eq(workflowTable.id, workflowId))
-      triggerType: 'manual',
+      .limit(1)
-      executionId,
-      requestId,
-      checkRateLimit: false, // Manual executions don't rate limit
-      checkDeployment: false, // Run-from-block doesn't require deployment
-    })
 
-    if (!preprocessResult.success) {
-      const { error } = preprocessResult
-      logger.warn(`[${requestId}] Preprocessing failed for run-from-block`, {
-        workflowId,
-        error: error?.message,
-        statusCode: error?.statusCode,
-      })
-      return NextResponse.json(
-        { error: error?.message || 'Execution blocked' },
-        { status: error?.statusCode || 500 }
-      )
-    }
-
-    const workflowRecord = preprocessResult.workflowRecord
     if (!workflowRecord?.workspaceId) {
       return NextResponse.json({ error: 'Workflow not found or has no workspace' }, { status: 404 })
     }
@@ -110,7 +92,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       workflowId,
       startBlockId,
       executedBlocksCount: sourceSnapshot.executedBlocks.length,
-      billingActorUserId: preprocessResult.actorUserId,
     })
 
     const loggingSession = new LoggingSession(workflowId, executionId, 'manual', requestId)

apps/sim/app/api/workspaces/invitations/route.test.ts

@@ -102,7 +102,7 @@ describe('Workspace Invitations API Route', () => {
       inArray: vi.fn().mockImplementation((field, values) => ({ type: 'inArray', field, values })),
     }))
 
-    vi.doMock('@/ee/access-control/utils/permission-check', () => ({
+    vi.doMock('@/executor/utils/permission-check', () => ({
       validateInvitationsAllowed: vi.fn().mockResolvedValue(undefined),
       InvitationsNotAllowedError: class InvitationsNotAllowedError extends Error {
         constructor() {

apps/sim/app/api/workspaces/invitations/route.ts

@@ -21,7 +21,7 @@ import { getFromEmailAddress } from '@/lib/messaging/email/utils'
 import {
   InvitationsNotAllowedError,
   validateInvitationsAllowed,
-} from '@/ee/access-control/utils/permission-check'
+} from '@/executor/utils/permission-check'
 
 export const dynamic = 'force-dynamic'
 
@@ -38,6 +38,7 @@ export async function GET(req: NextRequest) {
   }
 
   try {
+    // Get all workspaces where the user has permissions
     const userWorkspaces = await db
       .select({ id: workspace.id })
       .from(workspace)
@@ -54,8 +55,10 @@ export async function GET(req: NextRequest) {
       return NextResponse.json({ invitations: [] })
     }
 
+    // Get all workspaceIds where the user is a member
     const workspaceIds = userWorkspaces.map((w) => w.id)
 
+    // Find all invitations for those workspaces
     const invitations = await db
       .select()
       .from(workspaceInvitation)

apps/sim/app/chat/[identifier]/chat.tsx

@@ -14,11 +14,11 @@ import {
   ChatMessageContainer,
   EmailAuth,
   PasswordAuth,
+  SSOAuth,
   VoiceInterface,
 } from '@/app/chat/components'
 import { CHAT_ERROR_MESSAGES, CHAT_REQUEST_TIMEOUT_MS } from '@/app/chat/constants'
 import { useAudioStreaming, useChatStreaming } from '@/app/chat/hooks'
-import SSOAuth from '@/ee/sso/components/sso-auth'
 
 const logger = createLogger('ChatClient')
 

apps/sim/app/chat/components/index.ts

@@ -1,5 +1,6 @@
 export { default as EmailAuth } from './auth/email/email-auth'
 export { default as PasswordAuth } from './auth/password/password-auth'
+export { default as SSOAuth } from './auth/sso/sso-auth'
 export { ChatErrorState } from './error-state/error-state'
 export { ChatHeader } from './header/header'
 export { ChatInput } from './input/input'

apps/sim/app/workspace/[workspaceId]/knowledge/page.tsx

@@ -1,7 +1,7 @@
 import { redirect } from 'next/navigation'
 import { getSession } from '@/lib/auth'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import { Knowledge } from './knowledge'
 
 interface KnowledgePageProps {
@@ -23,6 +23,7 @@ export default async function KnowledgePage({ params }: KnowledgePageProps) {
     redirect('/')
   }
 
+  // Check permission group restrictions
   const permissionConfig = await getUserPermissionConfig(session.user.id)
   if (permissionConfig?.hideKnowledgeBaseTab) {
     redirect(`/workspace/${workspaceId}`)

apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx

@@ -18,7 +18,6 @@ import {
 import { ScrollArea } from '@/components/ui/scroll-area'
 import { BASE_EXECUTION_CHARGE } from '@/lib/billing/constants'
 import { cn } from '@/lib/core/utils/cn'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { filterHiddenOutputKeys } from '@/lib/logs/execution/trace-spans/trace-spans'
 import {
   ExecutionSnapshot,
@@ -454,7 +453,7 @@ export const LogDetails = memo(function LogDetails({
                       Duration
                     </span>
                     <span className='font-medium text-[13px] text-[var(--text-secondary)]'>
-                      {formatDuration(log.duration, { precision: 2 }) || '—'}
+                      {log.duration || '—'}
                     </span>
                   </div>
 

apps/sim/app/workspace/[workspaceId]/logs/components/logs-list/logs-list.tsx

@@ -6,11 +6,11 @@ import Link from 'next/link'
 import { List, type RowComponentProps, useListRef } from 'react-window'
 import { Badge, buttonVariants } from '@/components/emcn'
 import { cn } from '@/lib/core/utils/cn'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import {
   DELETED_WORKFLOW_COLOR,
   DELETED_WORKFLOW_LABEL,
   formatDate,
+  formatDuration,
   getDisplayStatus,
   LOG_COLUMNS,
   StatusBadge,
@@ -113,7 +113,7 @@ const LogRow = memo(
 
           <div className={`${LOG_COLUMNS.duration.width} ${LOG_COLUMNS.duration.minWidth}`}>
             <Badge variant='default' className='rounded-[6px] px-[9px] py-[2px] text-[12px]'>
-              {formatDuration(log.duration, { precision: 2 }) || '—'}
+              {formatDuration(log.duration) || '—'}
             </Badge>
           </div>
         </div>

apps/sim/app/workspace/[workspaceId]/logs/utils.ts

@@ -1,7 +1,6 @@
 import React from 'react'
 import { format } from 'date-fns'
 import { Badge } from '@/components/emcn'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { getIntegrationMetadata } from '@/lib/logs/get-trigger-options'
 import { getBlock } from '@/blocks/registry'
 import { CORE_TRIGGER_TYPES } from '@/stores/logs/filters/types'
@@ -363,14 +362,47 @@ export function mapToExecutionLogAlt(log: RawLogResponse): ExecutionLog {
   }
 }
 
+/**
+ * Format duration for display in logs UI
+ * If duration is under 1 second, displays as milliseconds (e.g., "500ms")
+ * If duration is 1 second or more, displays as seconds (e.g., "1.23s")
+ * @param duration - Duration string (e.g., "500ms") or null
+ * @returns Formatted duration string or null
+ */
+export function formatDuration(duration: string | null): string | null {
+  if (!duration) return null
+
+  // Extract numeric value from duration string (e.g., "500ms" -> 500)
+  const ms = Number.parseInt(duration.replace(/[^0-9]/g, ''), 10)
+
+  if (!Number.isFinite(ms)) return duration
+
+  if (ms < 1000) {
+    return `${ms}ms`
+  }
+
+  // Convert to seconds with up to 2 decimal places
+  const seconds = ms / 1000
+  return `${seconds.toFixed(2).replace(/\.?0+$/, '')}s`
+}
+
 /**
  * Format latency value for display in dashboard UI
+ * If latency is under 1 second, displays as milliseconds (e.g., "500ms")
+ * If latency is 1 second or more, displays as seconds (e.g., "1.23s")
  * @param ms - Latency in milliseconds (number)
  * @returns Formatted latency string
  */
 export function formatLatency(ms: number): string {
   if (!Number.isFinite(ms) || ms <= 0) return '—'
-  return formatDuration(ms, { precision: 2 }) ?? '—'
+
+  if (ms < 1000) {
+    return `${Math.round(ms)}ms`
+  }
+
+  // Convert to seconds with up to 2 decimal places
+  const seconds = ms / 1000
+  return `${seconds.toFixed(2).replace(/\.?0+$/, '')}s`
 }
 
 export const formatDate = (dateString: string) => {

apps/sim/app/workspace/[workspaceId]/templates/page.tsx

@@ -6,7 +6,7 @@ import { getSession } from '@/lib/auth'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
 import type { Template as WorkspaceTemplate } from '@/app/workspace/[workspaceId]/templates/templates'
 import Templates from '@/app/workspace/[workspaceId]/templates/templates'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 
 interface TemplatesPageProps {
   params: Promise<{

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/thinking-block/thinking-block.tsx

@@ -3,7 +3,6 @@
 import { memo, useEffect, useMemo, useRef, useState } from 'react'
 import clsx from 'clsx'
 import { ChevronUp } from 'lucide-react'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { CopilotMarkdownRenderer } from '../markdown-renderer'
 
 /** Removes thinking tags (raw or escaped) and special tags from streamed content */
@@ -242,11 +241,15 @@ export function ThinkingBlock({
     return () => window.clearInterval(intervalId)
   }, [isStreaming, isExpanded, userHasScrolledAway])
 
+  /** Formats duration in milliseconds to seconds (minimum 1s) */
+  const formatDuration = (ms: number) => {
+    const seconds = Math.max(1, Math.round(ms / 1000))
+    return `${seconds}s`
+  }
+
   const hasContent = cleanContent.length > 0
   const isThinkingDone = !isStreaming || hasFollowingContent || hasSpecialTags
-  // Round to nearest second (minimum 1s) to match original behavior
+  const durationText = `${label} for ${formatDuration(duration)}`
-  const roundedMs = Math.max(1000, Math.round(duration / 1000) * 1000)
-  const durationText = `${label} for ${formatDuration(roundedMs)}`
 
   const getStreamingLabel = (lbl: string) => {
     if (lbl === 'Thought') return 'Thinking'

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/tool-call/tool-call.tsx

@@ -15,7 +15,6 @@ import {
   hasInterrupt as hasInterruptFromConfig,
   isSpecialTool as isSpecialToolFromConfig,
 } from '@/lib/copilot/tools/client/ui-config'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { CopilotMarkdownRenderer } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/markdown-renderer'
 import { SmoothStreamingText } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/smooth-streaming'
 import { ThinkingBlock } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/copilot-message/components/thinking-block'
@@ -849,10 +848,13 @@ const SubagentContentRenderer = memo(function SubagentContentRenderer({
     (allParsed.options && Object.keys(allParsed.options).length > 0)
   )
 
+  const formatDuration = (ms: number) => {
+    const seconds = Math.max(1, Math.round(ms / 1000))
+    return `${seconds}s`
+  }
+
   const outerLabel = getSubagentCompletionLabel(toolCall.name)
-  // Round to nearest second (minimum 1s) to match original behavior
+  const durationText = `${outerLabel} for ${formatDuration(duration)}`
-  const roundedMs = Math.max(1000, Math.round(duration / 1000) * 1000)
-  const durationText = `${outerLabel} for ${formatDuration(roundedMs)}`
 
   const renderCollapsibleContent = () => (
     <>

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/editor.tsx

@@ -50,12 +50,6 @@ import { useSubBlockStore } from '@/stores/workflows/subblock/store'
 /** Stable empty object to avoid creating new references */
 const EMPTY_SUBBLOCK_VALUES = {} as Record<string, any>
 
-/** Shared style for dashed divider lines */
-const DASHED_DIVIDER_STYLE = {
-  backgroundImage:
-    'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
-} as const
-
 /**
  * Icon component for rendering block icons.
  *
@@ -95,23 +89,31 @@ export function Editor() {
   const blockConfig = currentBlock ? getBlock(currentBlock.type) : null
   const title = currentBlock?.name || 'Editor'
 
+  // Check if selected block is a subflow (loop or parallel)
   const isSubflow =
     currentBlock && (currentBlock.type === 'loop' || currentBlock.type === 'parallel')
 
+  // Get subflow display properties from configs
   const subflowConfig = isSubflow ? (currentBlock.type === 'loop' ? LoopTool : ParallelTool) : null
 
+  // Check if selected block is a workflow block
   const isWorkflowBlock =
     currentBlock && (currentBlock.type === 'workflow' || currentBlock.type === 'workflow_input')
 
+  // Get workspace ID from params
   const params = useParams()
   const workspaceId = params.workspaceId as string
 
+  // Refs for resize functionality
   const subBlocksRef = useRef<HTMLDivElement>(null)
 
+  // Get user permissions
   const userPermissions = useUserPermissionsContext()
 
+  // Get active workflow ID
   const activeWorkflowId = useWorkflowRegistry((state) => state.activeWorkflowId)
 
+  // Get block properties (advanced/trigger modes)
   const { advancedMode, triggerMode } = useEditorBlockProperties(
     currentBlockId,
     currentWorkflow.isSnapshotView
@@ -143,9 +145,10 @@ export function Editor() {
     [subBlocksForCanonical]
   )
   const canonicalModeOverrides = currentBlock?.data?.canonicalModes
-  const advancedValuesPresent = useMemo(
+  const advancedValuesPresent = hasAdvancedValues(
-    () => hasAdvancedValues(subBlocksForCanonical, blockSubBlockValues, canonicalIndex),
+    subBlocksForCanonical,
-    [subBlocksForCanonical, blockSubBlockValues, canonicalIndex]
+    blockSubBlockValues,
+    canonicalIndex
   )
   const displayAdvancedOptions = userPermissions.canEdit
     ? advancedMode
@@ -153,9 +156,11 @@ export function Editor() {
 
   const hasAdvancedOnlyFields = useMemo(() => {
     for (const subBlock of subBlocksForCanonical) {
+      // Must be standalone advanced (mode: 'advanced' without canonicalParamId)
       if (subBlock.mode !== 'advanced') continue
       if (canonicalIndex.canonicalIdBySubBlockId[subBlock.id]) continue
 
+      // Check condition - skip if condition not met for current values
       if (
         subBlock.condition &&
         !evaluateSubBlockCondition(subBlock.condition, blockSubBlockValues)
@@ -168,6 +173,7 @@ export function Editor() {
     return false
   }, [subBlocksForCanonical, canonicalIndex.canonicalIdBySubBlockId, blockSubBlockValues])
 
+  // Get subblock layout using custom hook
   const { subBlocks, stateToUse: subBlockState } = useEditorSubblockLayout(
     blockConfig || ({} as any),
     currentBlockId || '',
@@ -200,34 +206,31 @@ export function Editor() {
     return { regularSubBlocks: regular, advancedOnlySubBlocks: advancedOnly }
   }, [subBlocks, canonicalIndex.canonicalIdBySubBlockId])
 
+  // Get block connections
   const { incomingConnections, hasIncomingConnections } = useBlockConnections(currentBlockId || '')
 
+  // Connections resize hook
   const { handleMouseDown: handleConnectionsResizeMouseDown, isResizing } = useConnectionsResize({
     subBlocksRef,
   })
 
+  // Collaborative actions
   const {
     collaborativeSetBlockCanonicalMode,
     collaborativeUpdateBlockName,
     collaborativeToggleBlockAdvancedMode,
   } = useCollaborativeWorkflow()
 
+  // Advanced mode toggle handler
   const handleToggleAdvancedMode = useCallback(() => {
     if (!currentBlockId || !userPermissions.canEdit) return
     collaborativeToggleBlockAdvancedMode(currentBlockId)
   }, [currentBlockId, userPermissions.canEdit, collaborativeToggleBlockAdvancedMode])
 
+  // Rename state
   const [isRenaming, setIsRenaming] = useState(false)
   const [editedName, setEditedName] = useState('')
-
+  const nameInputRef = useRef<HTMLInputElement>(null)
-  /**
-   * Ref callback that auto-selects the input text when mounted.
-   */
-  const nameInputRefCallback = useCallback((element: HTMLInputElement | null) => {
-    if (element) {
-      element.select()
-    }
-  }, [])
 
   /**
    * Handles starting the rename process.
@@ -248,6 +251,7 @@ export function Editor() {
     if (trimmedName && trimmedName !== currentBlock?.name) {
       const result = collaborativeUpdateBlockName(currentBlockId, trimmedName)
       if (!result.success) {
+        // Keep rename mode open on error so user can correct the name
         return
       }
     }
@@ -262,6 +266,14 @@ export function Editor() {
     setEditedName('')
   }, [])
 
+  // Focus input when entering rename mode
+  useEffect(() => {
+    if (isRenaming && nameInputRef.current) {
+      nameInputRef.current.select()
+    }
+  }, [isRenaming])
+
+  // Trigger rename mode when signaled from context menu
   useEffect(() => {
     if (shouldFocusRename && currentBlock) {
       handleStartRename()
@@ -272,13 +284,17 @@ export function Editor() {
   /**
    * Handles opening documentation link in a new secure tab.
    */
-  const handleOpenDocs = useCallback(() => {
+  const handleOpenDocs = () => {
     const docsLink = isSubflow ? subflowConfig?.docsLink : blockConfig?.docsLink
-    window.open(docsLink || 'https://docs.sim.ai/quick-reference', '_blank', 'noopener,noreferrer')
+    if (docsLink) {
-  }, [isSubflow, subflowConfig?.docsLink, blockConfig?.docsLink])
+      window.open(docsLink, '_blank', 'noopener,noreferrer')
+    }
+  }
 
+  // Get child workflow ID for workflow blocks
   const childWorkflowId = isWorkflowBlock ? blockSubBlockValues?.workflowId : null
 
+  // Fetch child workflow state for preview (only for workflow blocks with a selected workflow)
   const { data: childWorkflowState, isLoading: isLoadingChildWorkflow } =
     useWorkflowState(childWorkflowId)
 
@@ -291,6 +307,7 @@ export function Editor() {
     }
   }, [childWorkflowId, workspaceId])
 
+  // Determine if connections are at minimum height (collapsed state)
   const isConnectionsAtMinHeight = connectionsHeight <= 35
 
   return (
@@ -311,7 +328,7 @@ export function Editor() {
           )}
           {isRenaming ? (
             <input
-              ref={nameInputRefCallback}
+              ref={nameInputRef}
               type='text'
               value={editedName}
               onChange={(e) => setEditedName(e.target.value)}
@@ -382,21 +399,23 @@ export function Editor() {
               </Tooltip.Content>
             </Tooltip.Root>
           )} */}
-          <Tooltip.Root>
+          {currentBlock && (isSubflow ? subflowConfig?.docsLink : blockConfig?.docsLink) && (
-            <Tooltip.Trigger asChild>
+            <Tooltip.Root>
-              <Button
+              <Tooltip.Trigger asChild>
-                variant='ghost'
+                <Button
-                className='p-0'
+                  variant='ghost'
-                onClick={handleOpenDocs}
+                  className='p-0'
-                aria-label='Open documentation'
+                  onClick={handleOpenDocs}
-              >
+                  aria-label='Open documentation'
-                <BookOpen className='h-[14px] w-[14px]' />
+                >
-              </Button>
+                  <BookOpen className='h-[14px] w-[14px]' />
-            </Tooltip.Trigger>
+                </Button>
-            <Tooltip.Content side='top'>
+              </Tooltip.Trigger>
-              <p>Open docs</p>
+              <Tooltip.Content side='top'>
-            </Tooltip.Content>
+                <p>Open docs</p>
-          </Tooltip.Root>
+              </Tooltip.Content>
+            </Tooltip.Root>
+          )}
         </div>
       </div>
 
@@ -476,7 +495,13 @@ export function Editor() {
                     </div>
                   </div>
                   <div className='subblock-divider px-[2px] pt-[16px] pb-[13px]'>
-                    <div className='h-[1.25px]' style={DASHED_DIVIDER_STYLE} />
+                    <div
+                      className='h-[1.25px]'
+                      style={{
+                        backgroundImage:
+                          'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                      }}
+                    />
                   </div>
                 </>
               )}
@@ -541,7 +566,13 @@ export function Editor() {
                         />
                         {showDivider && (
                           <div className='subblock-divider px-[2px] pt-[16px] pb-[13px]'>
-                            <div className='h-[1.25px]' style={DASHED_DIVIDER_STYLE} />
+                            <div
+                              className='h-[1.25px]'
+                              style={{
+                                backgroundImage:
+                                  'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                              }}
+                            />
                           </div>
                         )}
                       </div>
@@ -550,7 +581,13 @@ export function Editor() {
 
                   {hasAdvancedOnlyFields && userPermissions.canEdit && (
                     <div className='flex items-center gap-[10px] px-[2px] pt-[14px] pb-[12px]'>
-                      <div className='h-[1.25px] flex-1' style={DASHED_DIVIDER_STYLE} />
+                      <div
+                        className='h-[1.25px] flex-1'
+                        style={{
+                          backgroundImage:
+                            'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                        }}
+                      />
                       <button
                         type='button'
                         onClick={handleToggleAdvancedMode}
@@ -563,7 +600,13 @@ export function Editor() {
                           className={`h-[14px] w-[14px] transition-transform duration-200 ${displayAdvancedOptions ? 'rotate-180' : ''}`}
                         />
                       </button>
-                      <div className='h-[1.25px] flex-1' style={DASHED_DIVIDER_STYLE} />
+                      <div
+                        className='h-[1.25px] flex-1'
+                        style={{
+                          backgroundImage:
+                            'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                        }}
+                      />
                     </div>
                   )}
 
@@ -587,7 +630,13 @@ export function Editor() {
                         />
                         {index < advancedOnlySubBlocks.length - 1 && (
                           <div className='subblock-divider px-[2px] pt-[16px] pb-[13px]'>
-                            <div className='h-[1.25px]' style={DASHED_DIVIDER_STYLE} />
+                            <div
+                              className='h-[1.25px]'
+                              style={{
+                                backgroundImage:
+                                  'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                              }}
+                            />
                           </div>
                         )}
                       </div>

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/terminal/terminal.tsx

@@ -24,7 +24,6 @@ import {
   Tooltip,
 } from '@/components/emcn'
 import { getEnv, isTruthy } from '@/lib/core/config/env'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { useRegisterGlobalCommands } from '@/app/workspace/[workspaceId]/providers/global-commands-provider'
 import { createCommands } from '@/app/workspace/[workspaceId]/utils/commands-utils'
 import {
@@ -44,6 +43,7 @@ import {
   type EntryNode,
   type ExecutionGroup,
   flattenBlockEntriesOnly,
+  formatDuration,
   getBlockColor,
   getBlockIcon,
   groupEntriesByExecution,
@@ -128,7 +128,7 @@ const BlockRow = memo(function BlockRow({
         <StatusDisplay
           isRunning={isRunning}
           isCanceled={isCanceled}
-          formattedDuration={formatDuration(entry.durationMs, { precision: 2 }) ?? '-'}
+          formattedDuration={formatDuration(entry.durationMs)}
         />
       </span>
     </div>
@@ -201,7 +201,7 @@ const IterationNodeRow = memo(function IterationNodeRow({
           <StatusDisplay
             isRunning={hasRunningChild}
             isCanceled={hasCanceledChild}
-            formattedDuration={formatDuration(entry.durationMs, { precision: 2 }) ?? '-'}
+            formattedDuration={formatDuration(entry.durationMs)}
           />
         </span>
       </div>
@@ -314,7 +314,7 @@ const SubflowNodeRow = memo(function SubflowNodeRow({
           <StatusDisplay
             isRunning={hasRunningDescendant}
             isCanceled={hasCanceledDescendant}
-            formattedDuration={formatDuration(entry.durationMs, { precision: 2 }) ?? '-'}
+            formattedDuration={formatDuration(entry.durationMs)}
           />
         </span>
       </div>

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/terminal/utils.ts

@@ -53,6 +53,17 @@ export function getBlockColor(blockType: string): string {
   return '#6b7280'
 }
 
+/**
+ * Formats duration from milliseconds to readable format
+ */
+export function formatDuration(ms?: number): string {
+  if (ms === undefined || ms === null) return '-'
+  if (ms < 1000) {
+    return `${Math.round(ms)}ms`
+  }
+  return `${(ms / 1000).toFixed(2)}s`
+}
+
 /**
  * Determines if a keyboard event originated from a text-editable element
  */

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/training-modal/training-modal.tsx

@@ -30,7 +30,6 @@ import {
   Textarea,
 } from '@/components/emcn'
 import { cn } from '@/lib/core/utils/cn'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { sanitizeForCopilot } from '@/lib/workflows/sanitization/json-sanitizer'
 import { formatEditSequence } from '@/lib/workflows/training/compute-edit-sequence'
 import { useCurrentWorkflow } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-current-workflow'
@@ -576,9 +575,7 @@ export function TrainingModal() {
                                     <span className='text-[var(--text-muted)]'>Duration:</span>{' '}
                                     <span className='text-[var(--text-secondary)]'>
                                       {dataset.metadata?.duration
-                                        ? formatDuration(dataset.metadata.duration, {
+                                        ? `${(dataset.metadata.duration / 1000).toFixed(1)}s`
-                                            precision: 1,
-                                          })
                                         : 'N/A'}
                                     </span>
                                   </div>

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/access-control/access-control.tsx

@@ -29,6 +29,7 @@ import type { PermissionGroupConfig } from '@/lib/permission-groups/types'
 import { getUserColor } from '@/lib/workspaces/colors'
 import { getUserRole } from '@/lib/workspaces/organization'
 import { getAllBlocks } from '@/blocks'
+import { useOrganization, useOrganizations } from '@/hooks/queries/organization'
 import {
   type PermissionGroup,
   useBulkAddPermissionGroupMembers,
@@ -38,8 +39,7 @@ import {
   usePermissionGroups,
   useRemovePermissionGroupMember,
   useUpdatePermissionGroup,
-} from '@/ee/access-control/hooks/permission-groups'
+} from '@/hooks/queries/permission-groups'
-import { useOrganization, useOrganizations } from '@/hooks/queries/organization'
 import { useSubscriptionData } from '@/hooks/queries/subscription'
 import { PROVIDER_DEFINITIONS } from '@/providers/models'
 import { getAllProviderIds } from '@/providers/utils'
@@ -255,6 +255,7 @@ export function AccessControl() {
     queryEnabled
   )
 
+  // Show loading while dependencies load, or while permission groups query is pending
   const isLoading = orgsLoading || subLoading || (queryEnabled && groupsLoading)
   const { data: organization } = useOrganization(activeOrganization?.id || '')
 
@@ -409,8 +410,10 @@ export function AccessControl() {
   }, [viewingGroup, editingConfig])
 
   const allBlocks = useMemo(() => {
+    // Filter out hidden blocks and start_trigger (which should never be disabled)
     const blocks = getAllBlocks().filter((b) => !b.hideFromToolbar && b.type !== 'start_trigger')
     return blocks.sort((a, b) => {
+      // Group by category: triggers first, then blocks, then tools
       const categoryOrder = { triggers: 0, blocks: 1, tools: 2 }
       const catA = categoryOrder[a.category] ?? 3
       const catB = categoryOrder[b.category] ?? 3
@@ -552,9 +555,10 @@ export function AccessControl() {
   }, [viewingGroup, editingConfig, activeOrganization?.id, updatePermissionGroup])
 
   const handleOpenAddMembersModal = useCallback(() => {
+    const existingMemberUserIds = new Set(members.map((m) => m.userId))
     setSelectedMemberIds(new Set())
     setShowAddMembersModal(true)
-  }, [])
+  }, [members])
 
   const handleAddSelectedMembers = useCallback(async () => {
     if (!viewingGroup || selectedMemberIds.size === 0) return
@@ -887,6 +891,7 @@ export function AccessControl() {
                             prev
                               ? {
                                   ...prev,
+                                  // When deselecting all, keep start_trigger allowed (it should never be disabled)
                                   allowedIntegrations: allAllowed ? ['start_trigger'] : null,
                                 }
                               : prev

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credential-sets/credential-sets.tsx

@@ -246,6 +246,7 @@ export function CredentialSets() {
       setNewSetDescription('')
       setNewSetProvider('google-email')
 
+      // Open detail view for the newly created group
       if (result?.credentialSet) {
         setViewingSet(result.credentialSet)
       }
@@ -335,6 +336,7 @@ export function CredentialSets() {
           email,
         })
 
+        // Start 60s cooldown
         setResendCooldowns((prev) => ({ ...prev, [invitationId]: 60 }))
         const interval = setInterval(() => {
           setResendCooldowns((prev) => {
@@ -391,6 +393,7 @@ export function CredentialSets() {
     return <GmailIcon className='h-4 w-4' />
   }
 
+  // All hooks must be called before any early returns
   const activeMemberships = useMemo(
     () => memberships.filter((m) => m.status === 'active'),
     [memberships]
@@ -444,6 +447,7 @@ export function CredentialSets() {
         <div className='flex h-full flex-col gap-[16px]'>
           <div className='min-h-0 flex-1 overflow-y-auto'>
             <div className='flex flex-col gap-[16px]'>
+              {/* Group Info */}
               <div className='flex items-center gap-[16px]'>
                 <div className='flex items-center gap-[8px]'>
                   <span className='font-medium text-[13px] text-[var(--text-primary)]'>
@@ -467,6 +471,7 @@ export function CredentialSets() {
                 </div>
               </div>
 
+              {/* Invite Section - Email Tags Input */}
               <div className='flex flex-col gap-[4px]'>
                 <div className='flex items-center gap-[8px]'>
                   <TagInput
@@ -490,6 +495,7 @@ export function CredentialSets() {
                 {emailError && <p className='text-[12px] text-[var(--text-error)]'>{emailError}</p>}
               </div>
 
+              {/* Members List - styled like team members */}
               <div className='flex flex-col gap-[16px]'>
                 <h4 className='font-medium text-[14px] text-[var(--text-primary)]'>Members</h4>
 
@@ -513,6 +519,7 @@ export function CredentialSets() {
                   </p>
                 ) : (
                   <div className='flex flex-col gap-[16px]'>
+                    {/* Active Members */}
                     {activeMembers.map((member) => {
                       const name = member.userName || 'Unknown'
                       const avatarInitial = name.charAt(0).toUpperCase()
@@ -565,6 +572,7 @@ export function CredentialSets() {
                       )
                     })}
 
+                    {/* Pending Invitations */}
                     {pendingInvitations.map((invitation) => {
                       const email = invitation.email || 'Unknown'
                       const emailPrefix = email.split('@')[0]
@@ -633,6 +641,7 @@ export function CredentialSets() {
             </div>
           </div>
 
+          {/* Footer Actions */}
           <div className='mt-auto flex items-center justify-end'>
             <Button onClick={handleBackToList} variant='tertiary'>
               Back
@@ -813,6 +822,7 @@ export function CredentialSets() {
         </div>
       </div>
 
+      {/* Create Polling Group Modal */}
       <Modal open={showCreateModal} onOpenChange={handleCloseCreateModal}>
         <ModalContent size='sm'>
           <ModalHeader>Create Polling Group</ModalHeader>
@@ -885,6 +895,7 @@ export function CredentialSets() {
         </ModalContent>
       </Modal>
 
+      {/* Leave Confirmation Modal */}
       <Modal open={!!leavingMembership} onOpenChange={() => setLeavingMembership(null)}>
         <ModalContent size='sm'>
           <ModalHeader>Leave Polling Group</ModalHeader>
@@ -912,6 +923,7 @@ export function CredentialSets() {
         </ModalContent>
       </Modal>
 
+      {/* Delete Confirmation Modal */}
       <Modal open={!!deletingSet} onOpenChange={() => setDeletingSet(null)}>
         <ModalContent size='sm'>
           <ModalHeader>Delete Polling Group</ModalHeader>

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts

@@ -1,3 +1,4 @@
+export { AccessControl } from './access-control/access-control'
 export { ApiKeys } from './api-keys/api-keys'
 export { BYOK } from './byok/byok'
 export { Copilot } from './copilot/copilot'
@@ -9,6 +10,7 @@ export { Files as FileUploads } from './files/files'
 export { General } from './general/general'
 export { Integrations } from './integrations/integrations'
 export { MCP } from './mcp/mcp'
+export { SSO } from './sso/sso'
 export { Subscription } from './subscription/subscription'
 export { TeamManagement } from './team-management/team-management'
 export { WorkflowMcpServers } from './workflow-mcp-servers/workflow-mcp-servers'

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/mcp/mcp.tsx

@@ -407,12 +407,14 @@ export function MCP({ initialServerId }: MCPProps) {
   const [urlScrollLeft, setUrlScrollLeft] = useState(0)
   const [headerScrollLeft, setHeaderScrollLeft] = useState<Record<string, number>>({})
 
+  // Auto-select server when initialServerId is provided
   useEffect(() => {
     if (initialServerId && servers.some((s) => s.id === initialServerId)) {
       setSelectedServerId(initialServerId)
     }
   }, [initialServerId, servers])
 
+  // Force refresh tools when entering server detail view to detect stale schemas
   useEffect(() => {
     if (selectedServerId) {
       forceRefreshTools(workspaceId)
@@ -715,6 +717,7 @@ export function MCP({ initialServerId }: MCPProps) {
           `Refreshed MCP server: ${serverId}, workflows updated: ${result.workflowsUpdated}`
         )
 
+        // If the active workflow was updated, reload its subblock values from DB
         const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
         if (activeWorkflowId && result.updatedWorkflowIds?.includes(activeWorkflowId)) {
           logger.info(`Active workflow ${activeWorkflowId} was updated, reloading subblock values`)

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/sso/sso.tsx

@@ -11,13 +11,55 @@ import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { cn } from '@/lib/core/utils/cn'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { getUserRole } from '@/lib/workspaces/organization/utils'
-import { SSO_TRUSTED_PROVIDERS } from '@/ee/sso/constants'
-import { useConfigureSSO, useSSOProviders } from '@/ee/sso/hooks/sso'
 import { useOrganizations } from '@/hooks/queries/organization'
+import { useConfigureSSO, useSSOProviders } from '@/hooks/queries/sso'
 import { useSubscriptionData } from '@/hooks/queries/subscription'
 
 const logger = createLogger('SSO')
 
+const TRUSTED_SSO_PROVIDERS = [
+  'okta',
+  'okta-saml',
+  'okta-prod',
+  'okta-dev',
+  'okta-staging',
+  'okta-test',
+  'azure-ad',
+  'azure-active-directory',
+  'azure-corp',
+  'azure-enterprise',
+  'adfs',
+  'adfs-company',
+  'adfs-corp',
+  'adfs-enterprise',
+  'auth0',
+  'auth0-prod',
+  'auth0-dev',
+  'auth0-staging',
+  'onelogin',
+  'onelogin-prod',
+  'onelogin-corp',
+  'jumpcloud',
+  'jumpcloud-prod',
+  'jumpcloud-corp',
+  'ping-identity',
+  'ping-federate',
+  'pingone',
+  'shibboleth',
+  'shibboleth-idp',
+  'google-workspace',
+  'google-sso',
+  'saml',
+  'saml2',
+  'saml-sso',
+  'oidc',
+  'oidc-sso',
+  'openid-connect',
+  'custom-sso',
+  'enterprise-sso',
+  'company-sso',
+]
+
 interface SSOProvider {
   id: string
   providerId: string
@@ -523,7 +565,7 @@ export function SSO() {
             <Combobox
               value={formData.providerId}
               onChange={(value: string) => handleInputChange('providerId', value)}
-              options={SSO_TRUSTED_PROVIDERS.map((id) => ({
+              options={TRUSTED_SSO_PROVIDERS.map((id) => ({
                 label: id,
                 value: id,
               }))}

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx

@@ -41,6 +41,7 @@ import { getEnv, isTruthy } from '@/lib/core/config/env'
 import { isHosted } from '@/lib/core/config/feature-flags'
 import { getUserRole } from '@/lib/workspaces/organization'
 import {
+  AccessControl,
   ApiKeys,
   BYOK,
   Copilot,
@@ -52,16 +53,15 @@ import {
   General,
   Integrations,
   MCP,
+  SSO,
   Subscription,
   TeamManagement,
   WorkflowMcpServers,
 } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components'
 import { TemplateProfile } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/template-profile/template-profile'
-import { AccessControl } from '@/ee/access-control/components/access-control'
-import { SSO } from '@/ee/sso/components/sso-settings'
-import { ssoKeys, useSSOProviders } from '@/ee/sso/hooks/sso'
 import { generalSettingsKeys, useGeneralSettings } from '@/hooks/queries/general-settings'
 import { organizationKeys, useOrganizations } from '@/hooks/queries/organization'
+import { ssoKeys, useSSOProviders } from '@/hooks/queries/sso'
 import { subscriptionKeys, useSubscriptionData } from '@/hooks/queries/subscription'
 import { usePermissionConfig } from '@/hooks/use-permission-config'
 import { useSettingsModalStore } from '@/stores/modals/settings/store'

apps/sim/background/workspace-notification-delivery.ts

@@ -19,7 +19,6 @@ import { checkUsageStatus } from '@/lib/billing/calculations/usage-monitor'
 import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
 import { RateLimiter } from '@/lib/core/rate-limiter'
 import { decryptSecret } from '@/lib/core/security/encryption'
-import { formatDuration } from '@/lib/core/utils/formatting'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import type { TraceSpan, WorkflowExecutionLog } from '@/lib/logs/types'
 import { sendEmail } from '@/lib/messaging/email/mailer'
@@ -228,6 +227,12 @@ async function deliverWebhook(
   }
 }
 
+function formatDuration(ms: number): string {
+  if (ms < 1000) return `${ms}ms`
+  if (ms < 60000) return `${(ms / 1000).toFixed(1)}s`
+  return `${(ms / 60000).toFixed(1)}m`
+}
+
 function formatCost(cost?: Record<string, unknown>): string {
   if (!cost?.total) return 'N/A'
   const total = cost.total as number
@@ -297,7 +302,7 @@ async function deliverEmail(
     workflowName: payload.data.workflowName || 'Unknown Workflow',
     status: payload.data.status,
     trigger: payload.data.trigger,
-    duration: formatDuration(payload.data.totalDurationMs, { precision: 1 }) ?? '-',
+    duration: formatDuration(payload.data.totalDurationMs),
     cost: formatCost(payload.data.cost),
     logUrl,
     alertReason,
@@ -310,7 +315,7 @@ async function deliverEmail(
     to: subscription.emailRecipients,
     subject,
     html,
-    text: `${subject}\n${alertReason ? `\nReason: ${alertReason}\n` : ''}\nWorkflow: ${payload.data.workflowName}\nStatus: ${statusText}\nTrigger: ${payload.data.trigger}\nDuration: ${formatDuration(payload.data.totalDurationMs, { precision: 1 }) ?? '-'}\nCost: ${formatCost(payload.data.cost)}\n\nView Log: ${logUrl}${includedDataText}`,
+    text: `${subject}\n${alertReason ? `\nReason: ${alertReason}\n` : ''}\nWorkflow: ${payload.data.workflowName}\nStatus: ${statusText}\nTrigger: ${payload.data.trigger}\nDuration: ${formatDuration(payload.data.totalDurationMs)}\nCost: ${formatCost(payload.data.cost)}\n\nView Log: ${logUrl}${includedDataText}`,
     emailType: 'notifications',
   })
 
@@ -368,10 +373,7 @@ async function deliverSlack(
       fields: [
         { type: 'mrkdwn', text: `*Status:*\n${payload.data.status}` },
         { type: 'mrkdwn', text: `*Trigger:*\n${payload.data.trigger}` },
-        {
+        { type: 'mrkdwn', text: `*Duration:*\n${formatDuration(payload.data.totalDurationMs)}` },
-          type: 'mrkdwn',
-          text: `*Duration:*\n${formatDuration(payload.data.totalDurationMs, { precision: 1 }) ?? '-'}`,
-        },
         { type: 'mrkdwn', text: `*Cost:*\n${formatCost(payload.data.cost)}` },
       ],
     },

apps/sim/components/ui/tool-call.tsx

@@ -7,7 +7,6 @@ import { Button } from '@/components/ui/button'
 import { Collapsible, CollapsibleContent, CollapsibleTrigger } from '@/components/ui/collapsible'
 import type { ToolCallGroup, ToolCallState } from '@/lib/copilot/types'
 import { cn } from '@/lib/core/utils/cn'
-import { formatDuration } from '@/lib/core/utils/formatting'
 
 interface ToolCallProps {
   toolCall: ToolCallState
@@ -226,6 +225,11 @@ export function ToolCallCompletion({ toolCall, isCompact = false }: ToolCallProp
   const isError = toolCall.state === 'error'
   const isAborted = toolCall.state === 'aborted'
 
+  const formatDuration = (duration?: number) => {
+    if (!duration) return ''
+    return duration < 1000 ? `${duration}ms` : `${(duration / 1000).toFixed(1)}s`
+  }
+
   return (
     <div
       className={cn(
@@ -275,7 +279,7 @@ export function ToolCallCompletion({ toolCall, isCompact = false }: ToolCallProp
                   )}
                   style={{ fontSize: '0.625rem' }}
                 >
-                  {toolCall.duration ? formatDuration(toolCall.duration, { precision: 1 }) : ''}
+                  {formatDuration(toolCall.duration)}
                 </Badge>
               )}
             </div>

apps/sim/ee/LICENSE

@@ -1,43 +0,0 @@
-Sim Enterprise License
-
-Copyright (c) 2025-present Sim Studio, Inc.
-
-This software and associated documentation files (the "Software") are licensed
-under the following terms:
-
-1. LICENSE GRANT
-
-   Subject to the terms of this license, Sim Studio, Inc. grants you a limited,
-   non-exclusive, non-transferable license to use the Software for:
-
-   - Development, testing, and evaluation purposes
-   - Internal non-production use
-
-   Production use of the Software requires a valid Sim Enterprise subscription.
-
-2. RESTRICTIONS
-
-   You may not:
-
-   - Use the Software in production without a valid Enterprise subscription
-   - Modify, adapt, or create derivative works of the Software
-   - Redistribute, sublicense, or transfer the Software
-   - Remove or alter any proprietary notices in the Software
-
-3. ENTERPRISE SUBSCRIPTION
-
-   Production deployment of enterprise features requires an active Sim Enterprise
-   subscription. Contact sales@simstudio.ai for licensing information.
-
-4. DISCLAIMER
-
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-
-5. LIMITATION OF LIABILITY
-
-   IN NO EVENT SHALL SIM STUDIO, INC. BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY ARISING FROM THE USE OF THE SOFTWARE.
-
-For questions about enterprise licensing, contact: sales@simstudio.ai

apps/sim/ee/README.md

@@ -1,21 +0,0 @@
-# Sim Enterprise Edition
-
-This directory contains enterprise features that require a Sim Enterprise subscription
-for production use.
-
-## Features
-
-- **SSO (Single Sign-On)**: OIDC and SAML authentication integration
-- **Access Control**: Permission groups for fine-grained user access management
-- **Credential Sets**: Shared credential pools for email polling workflows
-
-## Licensing
-
-See [LICENSE](./LICENSE) for terms. Development and testing use is permitted.
-Production deployment requires an active Enterprise subscription.
-
-## Architecture
-
-Enterprise features are imported directly throughout the codebase. The `ee/` directory
-is required at build time. Feature visibility is controlled at runtime via environment
-variables (e.g., `NEXT_PUBLIC_ACCESS_CONTROL_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED`).

apps/sim/executor/execution/block-executor.ts

@@ -5,7 +5,6 @@ import {
   hydrateUserFilesWithBase64,
 } from '@/lib/uploads/utils/user-file-base64.server'
 import { sanitizeInputFormat, sanitizeTools } from '@/lib/workflows/comparison/normalize'
-import { validateBlockType } from '@/ee/access-control/utils/permission-check'
 import {
   BlockType,
   buildResumeApiUrl,
@@ -32,6 +31,7 @@ import { streamingResponseFormatProcessor } from '@/executor/utils'
 import { buildBlockExecutionError, normalizeError } from '@/executor/utils/errors'
 import { isJSONString } from '@/executor/utils/json'
 import { filterOutputForLog } from '@/executor/utils/output-filter'
+import { validateBlockType } from '@/executor/utils/permission-check'
 import type { VariableResolver } from '@/executor/variables/resolver'
 import type { SerializedBlock } from '@/serializer/types'
 import type { SubflowType } from '@/stores/workflows/workflow/types'

apps/sim/executor/handlers/agent/agent-handler.ts

@@ -6,12 +6,6 @@ import { createMcpToolId } from '@/lib/mcp/utils'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { getAllBlocks } from '@/blocks'
 import type { BlockOutput } from '@/blocks/types'
-import {
-  validateBlockType,
-  validateCustomToolsAllowed,
-  validateMcpToolsAllowed,
-  validateModelProvider,
-} from '@/ee/access-control/utils/permission-check'
 import { AGENT, BlockType, DEFAULTS, REFERENCE, stripCustomToolPrefix } from '@/executor/constants'
 import { memoryService } from '@/executor/handlers/agent/memory'
 import type {
@@ -24,6 +18,12 @@ import type { BlockHandler, ExecutionContext, StreamingExecution } from '@/execu
 import { collectBlockData } from '@/executor/utils/block-data'
 import { buildAPIUrl, buildAuthHeaders } from '@/executor/utils/http'
 import { stringifyJSON } from '@/executor/utils/json'
+import {
+  validateBlockType,
+  validateCustomToolsAllowed,
+  validateMcpToolsAllowed,
+  validateModelProvider,
+} from '@/executor/utils/permission-check'
 import { executeProviderRequest } from '@/providers'
 import { getProviderFromModel, transformBlockTool } from '@/providers/utils'
 import type { SerializedBlock } from '@/serializer/types'

apps/sim/executor/handlers/evaluator/evaluator-handler.ts

@@ -4,11 +4,11 @@ import { createLogger } from '@sim/logger'
 import { eq } from 'drizzle-orm'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import type { BlockOutput } from '@/blocks/types'
-import { validateModelProvider } from '@/ee/access-control/utils/permission-check'
 import { BlockType, DEFAULTS, EVALUATOR } from '@/executor/constants'
 import type { BlockHandler, ExecutionContext } from '@/executor/types'
 import { buildAPIUrl, buildAuthHeaders, extractAPIErrorMessage } from '@/executor/utils/http'
 import { isJSONString, parseJSON, stringifyJSON } from '@/executor/utils/json'
+import { validateModelProvider } from '@/executor/utils/permission-check'
 import { calculateCost, getProviderFromModel } from '@/providers/utils'
 import type { SerializedBlock } from '@/serializer/types'
 

apps/sim/executor/handlers/router/router-handler.ts

@@ -6,7 +6,6 @@ import { getBaseUrl } from '@/lib/core/utils/urls'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { generateRouterPrompt, generateRouterV2Prompt } from '@/blocks/blocks/router'
 import type { BlockOutput } from '@/blocks/types'
-import { validateModelProvider } from '@/ee/access-control/utils/permission-check'
 import {
   BlockType,
   DEFAULTS,
@@ -16,6 +15,7 @@ import {
 } from '@/executor/constants'
 import type { BlockHandler, ExecutionContext } from '@/executor/types'
 import { buildAuthHeaders } from '@/executor/utils/http'
+import { validateModelProvider } from '@/executor/utils/permission-check'
 import { calculateCost, getProviderFromModel } from '@/providers/utils'
 import type { SerializedBlock } from '@/serializer/types'
 

apps/sim/hooks/queries/credential-sets.ts

@@ -1,5 +1,3 @@
-'use client'
-
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { fetchJson } from '@/hooks/selectors/helpers'
 

apps/sim/hooks/queries/permission-groups.ts

@@ -1,5 +1,3 @@
-'use client'
-
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import type { PermissionGroupConfig } from '@/lib/permission-groups/types'
 import { fetchJson } from '@/hooks/selectors/helpers'

apps/sim/hooks/queries/sso.ts

@@ -1,5 +1,3 @@
-'use client'
-
 import { keepPreviousData, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { organizationKeys } from '@/hooks/queries/organization'
 
@@ -77,3 +75,39 @@ export function useConfigureSSO() {
     },
   })
 }
+
+/**
+ * Delete SSO provider mutation
+ */
+interface DeleteSSOParams {
+  providerId: string
+  orgId?: string
+}
+
+export function useDeleteSSO() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async ({ providerId }: DeleteSSOParams) => {
+      const response = await fetch(`/api/auth/sso/providers/${providerId}`, {
+        method: 'DELETE',
+      })
+
+      if (!response.ok) {
+        const error = await response.json()
+        throw new Error(error.message || 'Failed to delete SSO provider')
+      }
+
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({ queryKey: ssoKeys.providers() })
+
+      if (variables.orgId) {
+        queryClient.invalidateQueries({
+          queryKey: organizationKeys.detail(variables.orgId),
+        })
+      }
+    },
+  })
+}

apps/sim/hooks/use-permission-config.ts

@@ -1,5 +1,3 @@
-'use client'
-
 import { useMemo } from 'react'
 import { getEnv, isTruthy } from '@/lib/core/config/env'
 import { isAccessControlEnabled, isHosted } from '@/lib/core/config/feature-flags'
@@ -7,8 +5,8 @@ import {
   DEFAULT_PERMISSION_GROUP_CONFIG,
   type PermissionGroupConfig,
 } from '@/lib/permission-groups/types'
-import { useUserPermissionConfig } from '@/ee/access-control/hooks/permission-groups'
 import { useOrganizations } from '@/hooks/queries/organization'
+import { useUserPermissionConfig } from '@/hooks/queries/permission-groups'
 
 export interface PermissionConfigResult {
   config: PermissionGroupConfig

apps/sim/lib/auth/auth.ts

@@ -59,8 +59,8 @@ import { sendEmail } from '@/lib/messaging/email/mailer'
 import { getFromEmailAddress, getPersonalEmailFrom } from '@/lib/messaging/email/utils'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
 import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
-import { SSO_TRUSTED_PROVIDERS } from '@/ee/sso/constants'
 import { createAnonymousSession, ensureAnonymousUserExists } from './anonymous'
+import { SSO_TRUSTED_PROVIDERS } from './sso/constants'
 
 const logger = createLogger('Auth')
 

apps/sim/lib/auth/sso/constants.ts

@@ -1,7 +1,3 @@
-/**
- * List of trusted SSO provider identifiers.
- * Used for validation and autocomplete in SSO configuration.
- */
 export const SSO_TRUSTED_PROVIDERS = [
   'okta',
   'okta-saml',

apps/sim/lib/billing/authorization.ts

@@ -1,37 +1,20 @@
 import { db } from '@sim/db'
 import * as schema from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
-import { hasActiveSubscription } from '@/lib/billing'
-
-const logger = createLogger('BillingAuthorization')
 
 /**
  * Check if a user is authorized to manage billing for a given reference ID
  * Reference ID can be either a user ID (individual subscription) or organization ID (team subscription)
- *
- * This function also performs duplicate subscription validation for organizations:
- * - Rejects if an organization already has an active subscription (prevents duplicates)
- * - Personal subscriptions (referenceId === userId) skip this check to allow upgrades
  */
 export async function authorizeSubscriptionReference(
   userId: string,
   referenceId: string
 ): Promise<boolean> {
-  // User can always manage their own subscriptions (Pro upgrades, etc.)
+  // User can always manage their own subscriptions
   if (referenceId === userId) {
     return true
   }
 
-  // For organizations: check for existing active subscriptions to prevent duplicates
-  if (await hasActiveSubscription(referenceId)) {
-    logger.warn('Blocking checkout - active subscription already exists for organization', {
-      userId,
-      referenceId,
-    })
-    return false
-  }
-
   // Check if referenceId is an organizationId the user has admin rights to
   const members = await db
     .select()

apps/sim/lib/billing/client/upgrade.ts

@@ -25,11 +25,9 @@ export function useSubscriptionUpgrade() {
       }
 
       let currentSubscriptionId: string | undefined
-      let allSubscriptions: any[] = []
       try {
         const listResult = await client.subscription.list()
-        allSubscriptions = listResult.data || []
+        const activePersonalSub = listResult.data?.find(
-        const activePersonalSub = allSubscriptions.find(
           (sub: any) => sub.status === 'active' && sub.referenceId === userId
         )
         currentSubscriptionId = activePersonalSub?.id
@@ -52,25 +50,6 @@ export function useSubscriptionUpgrade() {
           )
 
           if (existingOrg) {
-            // Check if this org already has an active team subscription
-            const existingTeamSub = allSubscriptions.find(
-              (sub: any) =>
-                sub.status === 'active' &&
-                sub.referenceId === existingOrg.id &&
-                (sub.plan === 'team' || sub.plan === 'enterprise')
-            )
-
-            if (existingTeamSub) {
-              logger.warn('Organization already has an active team subscription', {
-                userId,
-                organizationId: existingOrg.id,
-                existingSubscriptionId: existingTeamSub.id,
-              })
-              throw new Error(
-                'This organization already has an active team subscription. Please manage it from the billing settings.'
-              )
-            }
-
             logger.info('Using existing organization for team plan upgrade', {
               userId,
               organizationId: existingOrg.id,

apps/sim/lib/billing/core/plan.ts

@@ -1,5 +1,5 @@
 import { db } from '@sim/db'
-import { member, organization, subscription } from '@sim/db/schema'
+import { member, subscription } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, inArray } from 'drizzle-orm'
 import { checkEnterprisePlan, checkProPlan, checkTeamPlan } from '@/lib/billing/subscriptions/utils'
@@ -26,22 +26,10 @@ export async function getHighestPrioritySubscription(userId: string) {
 
     let orgSubs: typeof personalSubs = []
     if (orgIds.length > 0) {
-      // Verify orgs exist to filter out orphaned subscriptions
+      orgSubs = await db
-      const existingOrgs = await db
+        .select()
-        .select({ id: organization.id })
+        .from(subscription)
-        .from(organization)
+        .where(and(inArray(subscription.referenceId, orgIds), eq(subscription.status, 'active')))
-        .where(inArray(organization.id, orgIds))
-
-      const validOrgIds = existingOrgs.map((o) => o.id)
-
-      if (validOrgIds.length > 0) {
-        orgSubs = await db
-          .select()
-          .from(subscription)
-          .where(
-            and(inArray(subscription.referenceId, validOrgIds), eq(subscription.status, 'active'))
-          )
-      }
     }
 
     const allSubs = [...personalSubs, ...orgSubs]

apps/sim/lib/billing/core/subscription.ts

@@ -25,28 +25,6 @@ const logger = createLogger('SubscriptionCore')
 
 export { getHighestPrioritySubscription }
 
-/**
- * Check if a referenceId (user ID or org ID) has an active subscription
- * Used for duplicate subscription prevention
- *
- * Fails closed: returns true on error to prevent duplicate creation
- */
-export async function hasActiveSubscription(referenceId: string): Promise<boolean> {
-  try {
-    const [activeSub] = await db
-      .select({ id: subscription.id })
-      .from(subscription)
-      .where(and(eq(subscription.referenceId, referenceId), eq(subscription.status, 'active')))
-      .limit(1)
-
-    return !!activeSub
-  } catch (error) {
-    logger.error('Error checking active subscription', { error, referenceId })
-    // Fail closed: assume subscription exists to prevent duplicate creation
-    return true
-  }
-}
-
 /**
  * Check if user is on Pro plan (direct or via organization)
  */

apps/sim/lib/billing/index.ts

@@ -11,7 +11,6 @@ export {
   getHighestPrioritySubscription as getActiveSubscription,
   getUserSubscriptionState as getSubscriptionState,
   hasAccessControlAccess,
-  hasActiveSubscription,
   hasCredentialSetsAccess,
   hasSSOAccess,
   isEnterpriseOrgAdminOrOwner,
@@ -33,11 +32,6 @@ export {
 } from '@/lib/billing/core/usage'
 export * from '@/lib/billing/credits/balance'
 export * from '@/lib/billing/credits/purchase'
-export {
-  blockOrgMembers,
-  getOrgMemberIds,
-  unblockOrgMembers,
-} from '@/lib/billing/organizations/membership'
 export * from '@/lib/billing/subscriptions/utils'
 export { canEditUsageLimit as canEditLimit } from '@/lib/billing/subscriptions/utils'
 export * from '@/lib/billing/types'

apps/sim/lib/billing/organization.ts

@@ -8,7 +8,6 @@ import {
 } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
-import { hasActiveSubscription } from '@/lib/billing'
 import { getPlanPricing } from '@/lib/billing/core/billing'
 import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
 
@@ -160,16 +159,6 @@ export async function ensureOrganizationForTeamSubscription(
   if (existingMembership.length > 0) {
     const membership = existingMembership[0]
     if (membership.role === 'owner' || membership.role === 'admin') {
-      // Check if org already has an active subscription (prevent duplicates)
-      if (await hasActiveSubscription(membership.organizationId)) {
-        logger.error('Organization already has an active subscription', {
-          userId,
-          organizationId: membership.organizationId,
-          newSubscriptionId: subscription.id,
-        })
-        throw new Error('Organization already has an active subscription')
-      }
-
       logger.info('User already owns/admins an org, using it', {
         userId,
         organizationId: membership.organizationId,

apps/sim/lib/billing/organizations/membership.ts

@@ -15,86 +15,13 @@ import {
   userStats,
 } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray, isNull, ne, or, sql } from 'drizzle-orm'
+import { and, eq, sql } from 'drizzle-orm'
 import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { validateSeatAvailability } from '@/lib/billing/validation/seat-management'
 
 const logger = createLogger('OrganizationMembership')
 
-export type BillingBlockReason = 'payment_failed' | 'dispute'
-
-/**
- * Get all member user IDs for an organization
- */
-export async function getOrgMemberIds(organizationId: string): Promise<string[]> {
-  const members = await db
-    .select({ userId: member.userId })
-    .from(member)
-    .where(eq(member.organizationId, organizationId))
-
-  return members.map((m) => m.userId)
-}
-
-/**
- * Block all members of an organization for billing reasons
- * Returns the number of members actually blocked
- *
- * Reason priority: dispute > payment_failed
- * A payment_failed block won't overwrite an existing dispute block
- */
-export async function blockOrgMembers(
-  organizationId: string,
-  reason: BillingBlockReason
-): Promise<number> {
-  const memberIds = await getOrgMemberIds(organizationId)
-
-  if (memberIds.length === 0) {
-    return 0
-  }
-
-  // Don't overwrite dispute blocks with payment_failed (dispute is higher priority)
-  const whereClause =
-    reason === 'payment_failed'
-      ? and(
-          inArray(userStats.userId, memberIds),
-          or(ne(userStats.billingBlockedReason, 'dispute'), isNull(userStats.billingBlockedReason))
-        )
-      : inArray(userStats.userId, memberIds)
-
-  const result = await db
-    .update(userStats)
-    .set({ billingBlocked: true, billingBlockedReason: reason })
-    .where(whereClause)
-    .returning({ userId: userStats.userId })
-
-  return result.length
-}
-
-/**
- * Unblock all members of an organization blocked for a specific reason
- * Only unblocks members blocked for the specified reason (not other reasons)
- * Returns the number of members actually unblocked
- */
-export async function unblockOrgMembers(
-  organizationId: string,
-  reason: BillingBlockReason
-): Promise<number> {
-  const memberIds = await getOrgMemberIds(organizationId)
-
-  if (memberIds.length === 0) {
-    return 0
-  }
-
-  const result = await db
-    .update(userStats)
-    .set({ billingBlocked: false, billingBlockedReason: null })
-    .where(and(inArray(userStats.userId, memberIds), eq(userStats.billingBlockedReason, reason)))
-    .returning({ userId: userStats.userId })
-
-  return result.length
-}
-
 export interface RestoreProResult {
   restored: boolean
   usageRestored: boolean

apps/sim/lib/billing/webhooks/disputes.ts

@@ -1,9 +1,8 @@
 import { db } from '@sim/db'
-import { subscription, user, userStats } from '@sim/db/schema'
+import { member, subscription, user, userStats } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import type Stripe from 'stripe'
-import { blockOrgMembers, unblockOrgMembers } from '@/lib/billing'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 
 const logger = createLogger('DisputeWebhooks')
@@ -58,34 +57,36 @@ export async function handleChargeDispute(event: Stripe.Event): Promise<void> {
 
   if (subs.length > 0) {
     const orgId = subs[0].referenceId
-    const memberCount = await blockOrgMembers(orgId, 'dispute')
 
-    if (memberCount > 0) {
+    const owners = await db
-      logger.warn('Blocked all org members due to dispute', {
+      .select({ userId: member.userId })
+      .from(member)
+      .where(and(eq(member.organizationId, orgId), eq(member.role, 'owner')))
+      .limit(1)
+
+    if (owners.length > 0) {
+      await db
+        .update(userStats)
+        .set({ billingBlocked: true, billingBlockedReason: 'dispute' })
+        .where(eq(userStats.userId, owners[0].userId))
+
+      logger.warn('Blocked org owner due to dispute', {
         disputeId: dispute.id,
+        ownerId: owners[0].userId,
         organizationId: orgId,
-        memberCount,
       })
     }
   }
 }
 
 /**
- * Handles charge.dispute.closed - unblocks user if dispute was won or warning closed
+ * Handles charge.dispute.closed - unblocks user if dispute was won
- *
- * Status meanings:
- * - 'won': Merchant won, customer's chargeback denied → unblock
- * - 'lost': Customer won, money refunded → stay blocked (they owe us)
- * - 'warning_closed': Pre-dispute inquiry closed without chargeback → unblock (false alarm)
  */
 export async function handleDisputeClosed(event: Stripe.Event): Promise<void> {
   const dispute = event.data.object as Stripe.Dispute
 
-  // Only unblock if we won or the warning was closed without a full dispute
+  if (dispute.status !== 'won') {
-  const shouldUnblock = dispute.status === 'won' || dispute.status === 'warning_closed'
+    logger.info('Dispute not won, user remains blocked', {
-
-  if (!shouldUnblock) {
-    logger.info('Dispute resolved against us, user remains blocked', {
       disputeId: dispute.id,
       status: dispute.status,
     })
@@ -97,7 +98,7 @@ export async function handleDisputeClosed(event: Stripe.Event): Promise<void> {
     return
   }
 
-  // Find and unblock user (Pro plans) - only if blocked for dispute, not other reasons
+  // Find and unblock user (Pro plans)
   const users = await db
     .select({ id: user.id })
     .from(user)
@@ -108,17 +109,16 @@ export async function handleDisputeClosed(event: Stripe.Event): Promise<void> {
     await db
       .update(userStats)
       .set({ billingBlocked: false, billingBlockedReason: null })
-      .where(and(eq(userStats.userId, users[0].id), eq(userStats.billingBlockedReason, 'dispute')))
+      .where(eq(userStats.userId, users[0].id))
 
-    logger.info('Unblocked user after dispute resolved in our favor', {
+    logger.info('Unblocked user after winning dispute', {
       disputeId: dispute.id,
       userId: users[0].id,
-      status: dispute.status,
     })
     return
   }
 
-  // Find and unblock all org members (Team/Enterprise) - consistent with payment success
+  // Find and unblock org owner (Team/Enterprise)
   const subs = await db
     .select({ referenceId: subscription.referenceId })
     .from(subscription)
@@ -127,13 +127,24 @@ export async function handleDisputeClosed(event: Stripe.Event): Promise<void> {
 
   if (subs.length > 0) {
     const orgId = subs[0].referenceId
-    const memberCount = await unblockOrgMembers(orgId, 'dispute')
 
-    logger.info('Unblocked all org members after dispute resolved in our favor', {
+    const owners = await db
-      disputeId: dispute.id,
+      .select({ userId: member.userId })
-      organizationId: orgId,
+      .from(member)
-      memberCount,
+      .where(and(eq(member.organizationId, orgId), eq(member.role, 'owner')))
-      status: dispute.status,
+      .limit(1)
-    })
+
+    if (owners.length > 0) {
+      await db
+        .update(userStats)
+        .set({ billingBlocked: false, billingBlockedReason: null })
+        .where(eq(userStats.userId, owners[0].userId))
+
+      logger.info('Unblocked org owner after winning dispute', {
+        disputeId: dispute.id,
+        ownerId: owners[0].userId,
+        organizationId: orgId,
+      })
+    }
   }
 }

apps/sim/lib/billing/webhooks/invoices.ts

@@ -8,13 +8,12 @@ import {
   userStats,
 } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray, isNull, ne, or } from 'drizzle-orm'
+import { and, eq, inArray } from 'drizzle-orm'
 import type Stripe from 'stripe'
 import { getEmailSubject, PaymentFailedEmail, renderCreditPurchaseEmail } from '@/components/emails'
 import { calculateSubscriptionOverage } from '@/lib/billing/core/billing'
 import { addCredits, getCreditBalance, removeCredits } from '@/lib/billing/credits/balance'
 import { setUsageLimitForCredits } from '@/lib/billing/credits/purchase'
-import { blockOrgMembers, unblockOrgMembers } from '@/lib/billing/organizations/membership'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { sendEmail } from '@/lib/messaging/email/mailer'
@@ -503,7 +502,24 @@ export async function handleInvoicePaymentSucceeded(event: Stripe.Event) {
     }
 
     if (sub.plan === 'team' || sub.plan === 'enterprise') {
-      await unblockOrgMembers(sub.referenceId, 'payment_failed')
+      const members = await db
+        .select({ userId: member.userId })
+        .from(member)
+        .where(eq(member.organizationId, sub.referenceId))
+      const memberIds = members.map((m) => m.userId)
+
+      if (memberIds.length > 0) {
+        // Only unblock users blocked for payment_failed, not disputes
+        await db
+          .update(userStats)
+          .set({ billingBlocked: false, billingBlockedReason: null })
+          .where(
+            and(
+              inArray(userStats.userId, memberIds),
+              eq(userStats.billingBlockedReason, 'payment_failed')
+            )
+          )
+      }
     } else {
       // Only unblock users blocked for payment_failed, not disputes
       await db
@@ -600,26 +616,28 @@ export async function handleInvoicePaymentFailed(event: Stripe.Event) {
       if (records.length > 0) {
         const sub = records[0]
         if (sub.plan === 'team' || sub.plan === 'enterprise') {
-          const memberCount = await blockOrgMembers(sub.referenceId, 'payment_failed')
+          const members = await db
+            .select({ userId: member.userId })
+            .from(member)
+            .where(eq(member.organizationId, sub.referenceId))
+          const memberIds = members.map((m) => m.userId)
+
+          if (memberIds.length > 0) {
+            await db
+              .update(userStats)
+              .set({ billingBlocked: true, billingBlockedReason: 'payment_failed' })
+              .where(inArray(userStats.userId, memberIds))
+          }
           logger.info('Blocked team/enterprise members due to payment failure', {
             organizationId: sub.referenceId,
-            memberCount,
+            memberCount: members.length,
             isOverageInvoice,
           })
         } else {
-          // Don't overwrite dispute blocks (dispute > payment_failed priority)
           await db
             .update(userStats)
             .set({ billingBlocked: true, billingBlockedReason: 'payment_failed' })
-            .where(
+            .where(eq(userStats.userId, sub.referenceId))
-              and(
-                eq(userStats.userId, sub.referenceId),
-                or(
-                  ne(userStats.billingBlockedReason, 'dispute'),
-                  isNull(userStats.billingBlockedReason)
-                )
-              )
-            )
           logger.info('Blocked user due to payment failure', {
             userId: sub.referenceId,
             isOverageInvoice,

apps/sim/lib/billing/webhooks/subscription.ts

@@ -3,7 +3,6 @@ import { member, organization, subscription } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, ne } from 'drizzle-orm'
 import { calculateSubscriptionOverage } from '@/lib/billing/core/billing'
-import { hasActiveSubscription } from '@/lib/billing/core/subscription'
 import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
 import { restoreUserProSubscription } from '@/lib/billing/organizations/membership'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
@@ -53,37 +52,14 @@ async function restoreMemberProSubscriptions(organizationId: string): Promise<nu
 
 /**
  * Cleanup organization when team/enterprise subscription is deleted.
- * - Checks if other active subscriptions point to this org (skip deletion if so)
  * - Restores member Pro subscriptions
- * - Deletes the organization (only if no other active subs)
+ * - Deletes the organization
  * - Syncs usage limits for former members (resets to free or Pro tier)
  */
 async function cleanupOrganizationSubscription(organizationId: string): Promise<{
   restoredProCount: number
   membersSynced: number
-  organizationDeleted: boolean
 }> {
-  // Check if other active subscriptions still point to this org
-  // Note: The subscription being deleted is already marked as 'canceled' by better-auth
-  // before this handler runs, so we only find truly active ones
-  if (await hasActiveSubscription(organizationId)) {
-    logger.info('Skipping organization deletion - other active subscriptions exist', {
-      organizationId,
-    })
-
-    // Still sync limits for members since this subscription was deleted
-    const memberUserIds = await db
-      .select({ userId: member.userId })
-      .from(member)
-      .where(eq(member.organizationId, organizationId))
-
-    for (const m of memberUserIds) {
-      await syncUsageLimitsFromSubscription(m.userId)
-    }
-
-    return { restoredProCount: 0, membersSynced: memberUserIds.length, organizationDeleted: false }
-  }
-
   // Get member userIds before deletion (needed for limit syncing after org deletion)
   const memberUserIds = await db
     .select({ userId: member.userId })
@@ -99,7 +75,7 @@ async function cleanupOrganizationSubscription(organizationId: string): Promise<
     await syncUsageLimitsFromSubscription(m.userId)
   }
 
-  return { restoredProCount, membersSynced: memberUserIds.length, organizationDeleted: true }
+  return { restoredProCount, membersSynced: memberUserIds.length }
 }
 
 /**
@@ -196,14 +172,15 @@ export async function handleSubscriptionDeleted(subscription: {
         referenceId: subscription.referenceId,
       })
 
-      const { restoredProCount, membersSynced, organizationDeleted } =
+      const { restoredProCount, membersSynced } = await cleanupOrganizationSubscription(
-        await cleanupOrganizationSubscription(subscription.referenceId)
+        subscription.referenceId
+      )
 
       logger.info('Successfully processed enterprise subscription cancellation', {
         subscriptionId: subscription.id,
         stripeSubscriptionId,
         restoredProCount,
-        organizationDeleted,
+        organizationDeleted: true,
         membersSynced,
       })
       return
@@ -320,7 +297,7 @@ export async function handleSubscriptionDeleted(subscription: {
       const cleanup = await cleanupOrganizationSubscription(subscription.referenceId)
       restoredProCount = cleanup.restoredProCount
       membersSynced = cleanup.membersSynced
-      organizationDeleted = cleanup.organizationDeleted
+      organizationDeleted = true
     } else if (subscription.plan === 'pro') {
       await syncUsageLimitsFromSubscription(subscription.referenceId)
       membersSynced = 1

apps/sim/lib/copilot/process-contents.ts

@@ -5,8 +5,8 @@ import { and, eq, isNull } from 'drizzle-orm'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
 import { sanitizeForCopilot } from '@/lib/workflows/sanitization/json-sanitizer'
 import { isHiddenFromDisplay } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
 import { escapeRegExp } from '@/executor/constants'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import type { ChatContext } from '@/stores/panel/copilot/types'
 
 export type AgentContextType =

apps/sim/lib/copilot/tools/server/blocks/get-block-config.ts

@@ -7,7 +7,7 @@ import {
 } from '@/lib/copilot/tools/shared/schemas'
 import { registry as blockRegistry, getLatestBlock } from '@/blocks/registry'
 import { isHiddenFromDisplay, type SubBlockConfig } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import { PROVIDER_DEFINITIONS } from '@/providers/models'
 import { tools as toolsRegistry } from '@/tools/registry'
 import { getTrigger, isTriggerValid } from '@/triggers'

apps/sim/lib/copilot/tools/server/blocks/get-block-options.ts

@@ -6,7 +6,7 @@ import {
   type GetBlockOptionsResultType,
 } from '@/lib/copilot/tools/shared/schemas'
 import { registry as blockRegistry, getLatestBlock } from '@/blocks/registry'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import { tools as toolsRegistry } from '@/tools/registry'
 
 export const getBlockOptionsServerTool: BaseServerTool<

apps/sim/lib/copilot/tools/server/blocks/get-blocks-and-tools.ts

@@ -6,7 +6,7 @@ import {
 } from '@/lib/copilot/tools/shared/schemas'
 import { registry as blockRegistry } from '@/blocks/registry'
 import type { BlockConfig } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 
 export const getBlocksAndToolsServerTool: BaseServerTool<
   ReturnType<typeof GetBlocksAndToolsInput.parse>,

apps/sim/lib/copilot/tools/server/blocks/get-blocks-metadata-tool.ts

@@ -8,7 +8,7 @@ import {
 } from '@/lib/copilot/tools/shared/schemas'
 import { registry as blockRegistry } from '@/blocks/registry'
 import { AuthMode, type BlockConfig, isHiddenFromDisplay } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import { PROVIDER_DEFINITIONS } from '@/providers/models'
 import { tools as toolsRegistry } from '@/tools/registry'
 import { getTrigger, isTriggerValid } from '@/triggers'

apps/sim/lib/copilot/tools/server/blocks/get-trigger-blocks.ts

@@ -3,7 +3,7 @@ import { z } from 'zod'
 import type { BaseServerTool } from '@/lib/copilot/tools/server/base-tool'
 import { registry as blockRegistry } from '@/blocks/registry'
 import type { BlockConfig } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 
 export const GetTriggerBlocksInput = z.object({})
 export const GetTriggerBlocksResult = z.object({

apps/sim/lib/copilot/tools/server/workflow/edit-workflow.ts

@@ -15,8 +15,8 @@ import { buildCanonicalIndex, isCanonicalPair } from '@/lib/workflows/subblocks/
 import { TriggerUtils } from '@/lib/workflows/triggers/triggers'
 import { getAllBlocks, getBlock } from '@/blocks/registry'
 import type { BlockConfig, SubBlockConfig } from '@/blocks/types'
-import { getUserPermissionConfig } from '@/ee/access-control/utils/permission-check'
 import { EDGE, normalizeName, RESERVED_BLOCK_NAMES } from '@/executor/constants'
+import { getUserPermissionConfig } from '@/executor/utils/permission-check'
 import { generateLoopBlocks, generateParallelBlocks } from '@/stores/workflows/workflow/utils'
 import { TRIGGER_RUNTIME_SUBBLOCK_IDS } from '@/triggers/constants'
 

apps/sim/lib/core/utils/formatting.ts

@@ -153,50 +153,22 @@ export function formatCompactTimestamp(iso: string): string {
 }
 
 /**
- * Format a duration to a human-readable format
+ * Format a duration in milliseconds to a human-readable format
- * @param duration - Duration in milliseconds (number) or as string (e.g., "500ms")
+ * @param durationMs - The duration in milliseconds
  * @param options - Optional formatting options
- * @param options.precision - Number of decimal places for seconds (default: 0), trailing zeros are stripped
+ * @param options.precision - Number of decimal places for seconds (default: 0)
- * @returns A formatted duration string, or null if input is null/undefined
+ * @returns A formatted duration string
  */
-export function formatDuration(
+export function formatDuration(durationMs: number, options?: { precision?: number }): string {
-  duration: number | string | undefined | null,
-  options?: { precision?: number }
-): string | null {
-  if (duration === undefined || duration === null) {
-    return null
-  }
-
-  // Parse string durations (e.g., "500ms", "0.44ms", "1234")
-  let ms: number
-  if (typeof duration === 'string') {
-    ms = Number.parseFloat(duration.replace(/[^0-9.-]/g, ''))
-    if (!Number.isFinite(ms)) {
-      return duration
-    }
-  } else {
-    ms = duration
-  }
-
   const precision = options?.precision ?? 0
 
-  if (ms < 1) {
+  if (durationMs < 1000) {
-    // Sub-millisecond: show with 2 decimal places
+    return `${durationMs}ms`
-    return `${ms.toFixed(2)}ms`
   }
 
-  if (ms < 1000) {
+  const seconds = durationMs / 1000
-    // Milliseconds: round to integer
-    return `${Math.round(ms)}ms`
-  }
-
-  const seconds = ms / 1000
   if (seconds < 60) {
-    if (precision > 0) {
+    return precision > 0 ? `${seconds.toFixed(precision)}s` : `${Math.floor(seconds)}s`
-      // Strip trailing zeros (e.g., "5.00s" -> "5s", "5.10s" -> "5.1s")
-      return `${seconds.toFixed(precision).replace(/\.?0+$/, '')}s`
-    }
-    return `${Math.floor(seconds)}s`
   }
 
   const minutes = Math.floor(seconds / 60)

apps/sim/lib/logs/execution/logger.ts

@@ -33,7 +33,6 @@ import type {
   WorkflowExecutionSnapshot,
   WorkflowState,
 } from '@/lib/logs/types'
-import { getWorkspaceBilledAccountUserId } from '@/lib/workspaces/utils'
 
 export interface ToolCall {
   name: string
@@ -504,7 +503,7 @@ export class ExecutionLogger implements IExecutionLoggerService {
     }
 
     try {
-      // Get the workflow record to get workspace and fallback userId
+      // Get the workflow record to get the userId
       const [workflowRecord] = await db
         .select()
         .from(workflow)
@@ -516,12 +515,7 @@ export class ExecutionLogger implements IExecutionLoggerService {
         return
       }
 
-      let billingUserId: string | null = null
+      const userId = workflowRecord.userId
-      if (workflowRecord.workspaceId) {
-        billingUserId = await getWorkspaceBilledAccountUserId(workflowRecord.workspaceId)
-      }
-
-      const userId = billingUserId || workflowRecord.userId
       const costToStore = costSummary.totalCost
 
       const existing = await db.select().from(userStats).where(eq(userStats.userId, userId))