v0.3.51: mcp support, copilot improvements, polling for live execution data, bug fixes

* update infra and remove railway

* fix(webooks-ui): made spacing more clear, added copy button for webhook URL & fixed race condition for mcp tools/server fetching in the mcp block

* Revert "update infra and remove railway"

This reverts commit 5a8876209d.

* remove extraneous comments

* ack PR comments

.github/workflows/build.yml

@@ -2,8 +2,7 @@ name: Build and Publish Docker Image
 
 on:
   push:
-    branches: [main]
-    tags: ['v*']
+    branches: [main, staging]
 
 jobs:
   build-and-push:
@@ -56,7 +55,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -70,10 +69,7 @@ jobs:
           images: ${{ matrix.image }}
           tags: |
             type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
-            type=ref,event=pr,suffix=-${{ matrix.arch }}
-            type=semver,pattern={{version}},suffix=-${{ matrix.arch }}
-            type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.arch }}
-            type=semver,pattern={{major}}.{{minor}}.{{patch}},suffix=-${{ matrix.arch }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
             type=sha,format=long,suffix=-${{ matrix.arch }}
 
       - name: Build and push Docker image
@@ -82,7 +78,7 @@ jobs:
           context: .
           file: ${{ matrix.dockerfile }}
           platforms: ${{ matrix.platform }}
-          push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/main' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=build-v3
@@ -93,7 +89,7 @@ jobs:
   create-manifests:
     runs-on: ubuntu-latest
     needs: build-and-push
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
     strategy:
       matrix:
         include:
@@ -119,10 +115,6 @@ jobs:
           images: ${{ matrix.image }}
           tags: |
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}.{{minor}}.{{patch}}
             type=sha,format=long
 
       - name: Create and push manifest

README.md

@@ -159,7 +159,7 @@ bun run dev:sockets
 Copilot is a Sim-managed service. To use Copilot on a self-hosted instance:
 
 - Go to https://sim.ai → Settings → Copilot and generate a Copilot API key
-- Set `COPILOT_API_KEY` in your self-hosted environment to that value
+- Set `COPILOT_API_KEY` environment variable in your self-hosted apps/sim/.env file to that value
 
 ## Tech Stack
 
@@ -174,6 +174,7 @@ Copilot is a Sim-managed service. To use Copilot on a self-hosted instance:
 - **Monorepo**: [Turborepo](https://turborepo.org/)
 - **Realtime**: [Socket.io](https://socket.io/)
 - **Background Jobs**: [Trigger.dev](https://trigger.dev/)
+- **Remote Code Execution**: [E2B](https://www.e2b.dev/)
 
 ## Contributing
 

apps/docs/content/docs/blocks/router.mdx

@@ -117,7 +117,7 @@ Your API key for the selected LLM provider. This is securely stored and used for
 
 After a router makes a decision, you can access its outputs:
 
-- **`<router.content>`**: Summary of the routing decision made
+- **`<router.prompt>`**: Summary of the routing prompt used
 - **`<router.selected_path>`**: Details of the chosen destination block
 - **`<router.tokens>`**: Token usage statistics from the LLM
 - **`<router.model>`**: The model used for decision-making
@@ -182,7 +182,7 @@ Confidence Threshold: 0.7 // Minimum confidence for routing
   <Tab>
     <ul className="list-disc space-y-2 pl-6">
       <li>
-        <strong>router.content</strong>: Summary of routing decision
+        <strong>router.prompt</strong>: Summary of routing prompt used
       </li>
       <li>
         <strong>router.selected_path</strong>: Details of chosen destination

apps/docs/content/docs/copilot/index.mdx

@@ -91,4 +91,31 @@ Copilot is your in-editor assistant that helps you build, understand, and improv
   >
     <div className="m-0 text-sm">Maximum reasoning for deep planning, debugging, and complex architectural changes.</div>
   </Card>
-</Cards> 
+</Cards>
+
+## Billing and Cost Calculation
+
+### How Costs Are Calculated
+
+Copilot usage is billed per token from the underlying LLM:
+
+- **Input tokens**: billed at the provider's base rate (**at-cost**)
+- **Output tokens**: billed at **1.5×** the provider's base output rate
+
+```javascript
+copilotCost = (inputTokens × inputPrice + outputTokens × (outputPrice × 1.5)) / 1,000,000
+```
+
+| Component | Rate Applied         |
+|----------|----------------------|
+| Input    | inputPrice           |
+| Output   | outputPrice × 1.5    |
+
+<Callout type="warning">
+  Pricing shown reflects rates as of September 4, 2025. Check provider documentation for current pricing.
+</Callout>
+
+<Callout type="info">
+  Model prices are per million tokens. The calculation divides by 1,000,000 to get the actual cost. See <a href="/execution/advanced#cost-calculation">Logging and Cost Calculation</a> for background and examples.
+</Callout>
+

apps/docs/content/docs/execution/advanced.mdx

@@ -212,3 +212,47 @@ Monitor your usage and billing in Settings → Subscription:
 - **Usage Limits**: Plan limits with visual progress indicators
 - **Billing Details**: Projected charges and minimum commitments
 - **Plan Management**: Upgrade options and billing history
+
+### Programmatic Rate Limits & Usage (API)
+
+You can query your current API rate limits and usage summary using your API key.
+
+Endpoint:
+
+```text
+GET /api/users/me/usage-limits
+```
+
+Authentication:
+
+- Include your API key in the `X-API-Key` header.
+
+Response (example):
+
+```json
+{
+  "success": true,
+  "rateLimit": {
+    "sync": { "isLimited": false, "limit": 10, "remaining": 10, "resetAt": "2025-09-08T22:51:55.999Z" },
+    "async": { "isLimited": false, "limit": 50, "remaining": 50, "resetAt": "2025-09-08T22:51:56.155Z" },
+    "authType": "api"
+  },
+  "usage": {
+    "currentPeriodCost": 12.34,
+    "limit": 100,
+    "plan": "pro"
+  }
+}
+```
+
+Example:
+
+```bash
+curl -X GET -H "X-API-Key: YOUR_API_KEY" -H "Content-Type: application/json" https://sim.ai/api/users/me/usage-limits
+```
+
+Notes:
+
+- `currentPeriodCost` reflects usage in the current billing period.
+- `limit` is derived from individual limits (Free/Pro) or pooled organization limits (Team/Enterprise).
+- `plan` is the highest-priority active plan associated with your user.

apps/docs/content/docs/execution/api.mdx

@@ -0,0 +1,532 @@
+---
+title: External API
+description: Query workflow execution logs and set up webhooks for real-time notifications
+---
+
+import { Accordion, Accordions } from 'fumadocs-ui/components/accordion'
+import { Callout } from 'fumadocs-ui/components/callout'
+import { Tab, Tabs } from 'fumadocs-ui/components/tabs'
+import { CodeBlock } from 'fumadocs-ui/components/codeblock'
+
+Sim provides a comprehensive external API for querying workflow execution logs and setting up webhooks for real-time notifications when workflows complete.
+
+## Authentication
+
+All API requests require an API key passed in the `x-api-key` header:
+
+```bash
+curl -H "x-api-key: YOUR_API_KEY" \
+  https://sim.ai/api/v1/logs?workspaceId=YOUR_WORKSPACE_ID
+```
+
+You can generate API keys from your user settings in the Sim dashboard.
+
+## Logs API
+
+All API responses include information about your workflow execution limits and usage:
+
+```json
+"limits": {
+  "workflowExecutionRateLimit": {
+    "sync": {
+      "limit": 60,        // Max sync workflow executions per minute
+      "remaining": 58,    // Remaining sync workflow executions
+      "resetAt": "..."    // When the window resets
+    },
+    "async": {
+      "limit": 60,        // Max async workflow executions per minute
+      "remaining": 59,    // Remaining async workflow executions
+      "resetAt": "..."    // When the window resets
+    }
+  },
+  "usage": {
+    "currentPeriodCost": 1.234,  // Current billing period usage in USD
+    "limit": 10,                  // Usage limit in USD
+    "plan": "pro",                // Current subscription plan
+    "isExceeded": false           // Whether limit is exceeded
+  }
+}
+```
+
+**Note:** The rate limits in the response body are for workflow executions. The rate limits for calling this API endpoint are in the response headers (`X-RateLimit-*`).
+
+### Query Logs
+
+Query workflow execution logs with extensive filtering options.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs
+    ```
+
+    **Required Parameters:**
+    - `workspaceId` - Your workspace ID
+
+    **Optional Filters:**
+    - `workflowIds` - Comma-separated workflow IDs
+    - `folderIds` - Comma-separated folder IDs
+    - `triggers` - Comma-separated trigger types: `api`, `webhook`, `schedule`, `manual`, `chat`
+    - `level` - Filter by level: `info`, `error`
+    - `startDate` - ISO timestamp for date range start
+    - `endDate` - ISO timestamp for date range end
+    - `executionId` - Exact execution ID match
+    - `minDurationMs` - Minimum execution duration in milliseconds
+    - `maxDurationMs` - Maximum execution duration in milliseconds
+    - `minCost` - Minimum execution cost
+    - `maxCost` - Maximum execution cost
+    - `model` - Filter by AI model used
+
+    **Pagination:**
+    - `limit` - Results per page (default: 100)
+    - `cursor` - Cursor for next page
+    - `order` - Sort order: `desc`, `asc` (default: desc)
+
+    **Detail Level:**
+    - `details` - Response detail level: `basic`, `full` (default: basic)
+    - `includeTraceSpans` - Include trace spans (default: false)
+    - `includeFinalOutput` - Include final output (default: false)
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "data": [
+        {
+          "id": "log_abc123",
+          "workflowId": "wf_xyz789",
+          "executionId": "exec_def456",
+          "level": "info",
+          "trigger": "api",
+          "startedAt": "2025-01-01T12:34:56.789Z",
+          "endedAt": "2025-01-01T12:34:57.123Z",
+          "totalDurationMs": 334,
+          "cost": {
+            "total": 0.00234
+          },
+          "files": null
+        }
+      ],
+      "nextCursor": "eyJzIjoiMjAyNS0wMS0wMVQxMjozNDo1Ni43ODlaIiwiaWQiOiJsb2dfYWJjMTIzIn0",
+      "limits": {
+        "workflowExecutionRateLimit": {
+          "sync": {
+            "limit": 60,
+            "remaining": 58,
+            "resetAt": "2025-01-01T12:35:56.789Z"
+          },
+          "async": {
+            "limit": 60,
+            "remaining": 59,
+            "resetAt": "2025-01-01T12:35:56.789Z"
+          }
+        },
+        "usage": {
+          "currentPeriodCost": 1.234,
+          "limit": 10,
+          "plan": "pro",
+          "isExceeded": false
+        }
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+### Get Log Details
+
+Retrieve detailed information about a specific log entry.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs/{id}
+    ```
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "data": {
+        "id": "log_abc123",
+        "workflowId": "wf_xyz789",
+        "executionId": "exec_def456",
+        "level": "info",
+        "trigger": "api",
+        "startedAt": "2025-01-01T12:34:56.789Z",
+        "endedAt": "2025-01-01T12:34:57.123Z",
+        "totalDurationMs": 334,
+        "workflow": {
+          "id": "wf_xyz789",
+          "name": "My Workflow",
+          "description": "Process customer data"
+        },
+        "executionData": {
+          "traceSpans": [...],
+          "finalOutput": {...}
+        },
+        "cost": {
+          "total": 0.00234,
+          "tokens": {
+            "prompt": 123,
+            "completion": 456,
+            "total": 579
+          },
+          "models": {
+            "gpt-4o": {
+              "input": 0.001,
+              "output": 0.00134,
+              "total": 0.00234,
+              "tokens": {
+                "prompt": 123,
+                "completion": 456,
+                "total": 579
+              }
+            }
+          }
+        },
+        "limits": {
+          "workflowExecutionRateLimit": {
+            "sync": {
+              "limit": 60,
+              "remaining": 58,
+              "resetAt": "2025-01-01T12:35:56.789Z"
+            },
+            "async": {
+              "limit": 60,
+              "remaining": 59,
+              "resetAt": "2025-01-01T12:35:56.789Z"
+            }
+          },
+          "usage": {
+            "currentPeriodCost": 1.234,
+            "limit": 10,
+            "plan": "pro",
+            "isExceeded": false
+          }
+        }
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+### Get Execution Details
+
+Retrieve execution details including the workflow state snapshot.
+
+<Tabs items={['Request', 'Response']}>
+  <Tab value="Request">
+    ```http
+    GET /api/v1/logs/executions/{executionId}
+    ```
+  </Tab>
+  <Tab value="Response">
+    ```json
+    {
+      "executionId": "exec_def456",
+      "workflowId": "wf_xyz789",
+      "workflowState": {
+        "blocks": {...},
+        "edges": [...],
+        "loops": {...},
+        "parallels": {...}
+      },
+      "executionMetadata": {
+        "trigger": "api",
+        "startedAt": "2025-01-01T12:34:56.789Z",
+        "endedAt": "2025-01-01T12:34:57.123Z",
+        "totalDurationMs": 334,
+        "cost": {...}
+      }
+    }
+    ```
+  </Tab>
+</Tabs>
+
+## Webhook Subscriptions
+
+Get real-time notifications when workflow executions complete. Webhooks are configured through the Sim UI in the workflow editor.
+
+### Configuration
+
+Webhooks can be configured for each workflow through the workflow editor UI. Click the webhook icon in the control bar to set up your webhook subscriptions.
+
+**Available Configuration Options:**
+- `url`: Your webhook endpoint URL
+- `secret`: Optional secret for HMAC signature verification
+- `includeFinalOutput`: Include the workflow's final output in the payload
+- `includeTraceSpans`: Include detailed execution trace spans
+- `includeRateLimits`: Include the workflow owner's rate limit information
+- `includeUsageData`: Include the workflow owner's usage and billing data
+- `levelFilter`: Array of log levels to receive (`info`, `error`)
+- `triggerFilter`: Array of trigger types to receive (`api`, `webhook`, `schedule`, `manual`, `chat`)
+- `active`: Enable/disable the webhook subscription
+
+### Webhook Payload
+
+When a workflow execution completes, Sim sends a POST request to your webhook URL:
+
+```json
+{
+  "id": "evt_123",
+  "type": "workflow.execution.completed",
+  "timestamp": 1735925767890,
+  "data": {
+    "workflowId": "wf_xyz789",
+    "executionId": "exec_def456",
+    "status": "success",
+    "level": "info",
+    "trigger": "api",
+    "startedAt": "2025-01-01T12:34:56.789Z",
+    "endedAt": "2025-01-01T12:34:57.123Z",
+    "totalDurationMs": 334,
+    "cost": {
+      "total": 0.00234,
+      "tokens": {
+        "prompt": 123,
+        "completion": 456,
+        "total": 579
+      },
+      "models": {
+        "gpt-4o": {
+          "input": 0.001,
+          "output": 0.00134,
+          "total": 0.00234,
+          "tokens": {
+            "prompt": 123,
+            "completion": 456,
+            "total": 579
+          }
+        }
+      }
+    },
+    "files": null,
+    "finalOutput": {...},  // Only if includeFinalOutput=true
+    "traceSpans": [...],   // Only if includeTraceSpans=true
+    "rateLimits": {...},   // Only if includeRateLimits=true
+    "usage": {...}         // Only if includeUsageData=true
+  },
+  "links": {
+    "log": "/v1/logs/log_abc123",
+    "execution": "/v1/logs/executions/exec_def456"
+  }
+}
+```
+
+### Webhook Headers
+
+Each webhook request includes these headers:
+
+- `sim-event`: Event type (always `workflow.execution.completed`)
+- `sim-timestamp`: Unix timestamp in milliseconds
+- `sim-delivery-id`: Unique delivery ID for idempotency
+- `sim-signature`: HMAC-SHA256 signature for verification (if secret configured)
+- `Idempotency-Key`: Same as delivery ID for duplicate detection
+
+### Signature Verification
+
+If you configure a webhook secret, verify the signature to ensure the webhook is from Sim:
+
+<Tabs items={['Node.js', 'Python']}>
+  <Tab value="Node.js">
+    ```javascript
+    import crypto from 'crypto';
+
+    function verifyWebhookSignature(body, signature, secret) {
+      const [timestampPart, signaturePart] = signature.split(',');
+      const timestamp = timestampPart.replace('t=', '');
+      const expectedSignature = signaturePart.replace('v1=', '');
+      
+      const signatureBase = `${timestamp}.${body}`;
+      const hmac = crypto.createHmac('sha256', secret);
+      hmac.update(signatureBase);
+      const computedSignature = hmac.digest('hex');
+      
+      return computedSignature === expectedSignature;
+    }
+
+    // In your webhook handler
+    app.post('/webhook', (req, res) => {
+      const signature = req.headers['sim-signature'];
+      const body = JSON.stringify(req.body);
+      
+      if (!verifyWebhookSignature(body, signature, process.env.WEBHOOK_SECRET)) {
+        return res.status(401).send('Invalid signature');
+      }
+      
+      // Process the webhook...
+    });
+    ```
+  </Tab>
+  <Tab value="Python">
+    ```python
+    import hmac
+    import hashlib
+    import json
+
+    def verify_webhook_signature(body: str, signature: str, secret: str) -> bool:
+        timestamp_part, signature_part = signature.split(',')
+        timestamp = timestamp_part.replace('t=', '')
+        expected_signature = signature_part.replace('v1=', '')
+        
+        signature_base = f"{timestamp}.{body}"
+        computed_signature = hmac.new(
+            secret.encode(),
+            signature_base.encode(),
+            hashlib.sha256
+        ).hexdigest()
+        
+        return hmac.compare_digest(computed_signature, expected_signature)
+
+    # In your webhook handler
+    @app.route('/webhook', methods=['POST'])
+    def webhook():
+        signature = request.headers.get('sim-signature')
+        body = json.dumps(request.json)
+        
+        if not verify_webhook_signature(body, signature, os.environ['WEBHOOK_SECRET']):
+            return 'Invalid signature', 401
+        
+        # Process the webhook...
+    ```
+  </Tab>
+</Tabs>
+
+### Retry Policy
+
+Failed webhook deliveries are retried with exponential backoff and jitter:
+
+- Maximum attempts: 5
+- Retry delays: 5 seconds, 15 seconds, 1 minute, 3 minutes, 10 minutes
+- Jitter: Up to 10% additional delay to prevent thundering herd
+- Only HTTP 5xx and 429 responses trigger retries
+- Deliveries timeout after 30 seconds
+
+<Callout type="info">
+  Webhook deliveries are processed asynchronously and don't affect workflow execution performance.
+</Callout>
+
+## Best Practices
+
+1. **Polling Strategy**: When polling for logs, use cursor-based pagination with `order=asc` and `startDate` to fetch new logs efficiently.
+
+2. **Webhook Security**: Always configure a webhook secret and verify signatures to ensure requests are from Sim.
+
+3. **Idempotency**: Use the `Idempotency-Key` header to detect and handle duplicate webhook deliveries.
+
+4. **Privacy**: By default, `finalOutput` and `traceSpans` are excluded from responses. Only enable these if you need the data and understand the privacy implications.
+
+5. **Rate Limiting**: Implement exponential backoff when you receive 429 responses. Check the `Retry-After` header for the recommended wait time.
+
+## Rate Limiting
+
+The API implements rate limiting to ensure fair usage:
+
+- **Free plan**: 10 requests per minute
+- **Pro plan**: 30 requests per minute
+- **Team plan**: 60 requests per minute
+- **Enterprise plan**: Custom limits
+
+Rate limit information is included in response headers:
+- `X-RateLimit-Limit`: Maximum requests per window
+- `X-RateLimit-Remaining`: Requests remaining in current window
+- `X-RateLimit-Reset`: ISO timestamp when the window resets
+
+## Example: Polling for New Logs
+
+```javascript
+let cursor = null;
+const workspaceId = 'YOUR_WORKSPACE_ID';
+const startDate = new Date().toISOString();
+
+async function pollLogs() {
+  const params = new URLSearchParams({
+    workspaceId,
+    startDate,
+    order: 'asc',
+    limit: '100'
+  });
+  
+  if (cursor) {
+    params.append('cursor', cursor);
+  }
+  
+  const response = await fetch(
+    `https://sim.ai/api/v1/logs?${params}`,
+    {
+      headers: {
+        'x-api-key': 'YOUR_API_KEY'
+      }
+    }
+  );
+  
+  if (response.ok) {
+    const data = await response.json();
+    
+    // Process new logs
+    for (const log of data.data) {
+      console.log(`New execution: ${log.executionId}`);
+    }
+    
+    // Update cursor for next poll
+    if (data.nextCursor) {
+      cursor = data.nextCursor;
+    }
+  }
+}
+
+// Poll every 30 seconds
+setInterval(pollLogs, 30000);
+```
+
+## Example: Processing Webhooks
+
+```javascript
+import express from 'express';
+import crypto from 'crypto';
+
+const app = express();
+app.use(express.json());
+
+app.post('/sim-webhook', (req, res) => {
+  // Verify signature
+  const signature = req.headers['sim-signature'];
+  const body = JSON.stringify(req.body);
+  
+  if (!verifyWebhookSignature(body, signature, process.env.WEBHOOK_SECRET)) {
+    return res.status(401).send('Invalid signature');
+  }
+  
+  // Check timestamp to prevent replay attacks
+  const timestamp = parseInt(req.headers['sim-timestamp']);
+  const fiveMinutesAgo = Date.now() - (5 * 60 * 1000);
+  
+  if (timestamp < fiveMinutesAgo) {
+    return res.status(401).send('Timestamp too old');
+  }
+  
+  // Process the webhook
+  const event = req.body;
+  
+  switch (event.type) {
+    case 'workflow.execution.completed':
+      const { workflowId, executionId, status, cost } = event.data;
+      
+      if (status === 'error') {
+        console.error(`Workflow ${workflowId} failed: ${executionId}`);
+        // Handle error...
+      } else {
+        console.log(`Workflow ${workflowId} completed: ${executionId}`);
+        console.log(`Cost: $${cost.total}`);
+        // Process successful execution...
+      }
+      break;
+  }
+  
+  // Return 200 to acknowledge receipt
+  res.status(200).send('OK');
+});
+
+app.listen(3000, () => {
+  console.log('Webhook server listening on port 3000');
+});
+```

apps/docs/content/docs/execution/meta.json

@@ -1,4 +1,4 @@
 {
   "title": "Execution",
-  "pages": ["basics", "advanced"]
+  "pages": ["basics", "advanced", "api"]
 }

apps/docs/content/docs/tools/jira.mdx

@@ -58,7 +58,7 @@ Retrieve detailed information about a specific Jira issue
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
-| `projectId` | string | No | Jira project ID to retrieve issues from. If not provided, all issues will be retrieved. |
+| `projectId` | string | No | Jira project ID \(optional; not required to retrieve a single issue\). |
 | `issueKey` | string | Yes | Jira issue key to retrieve \(e.g., PROJ-123\) |
 | `cloudId` | string | No | Jira Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 

apps/docs/content/docs/tools/meta.json

@@ -33,6 +33,7 @@
     "microsoft_planner",
     "microsoft_teams",
     "mistral_parse",
+    "mongodb",
     "mysql",
     "notion",
     "onedrive",

apps/docs/content/docs/tools/mongodb.mdx

@@ -0,0 +1,264 @@
+---
+title: MongoDB
+description: Connect to MongoDB database
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="mongodb"
+  color="#E0E0E0"
+  icon={true}
+  iconSvg={`<svg className="block-icon"  xmlns='http://www.w3.org/2000/svg' viewBox='0 0 128 128'>
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='currentColor'
+        d='M88.038 42.812c1.605 4.643 2.761 9.383 3.141 14.296.472 6.095.256 12.147-1.029 18.142-.035.165-.109.32-.164.48-.403.001-.814-.049-1.208.012-3.329.523-6.655 1.065-9.981 1.604-3.438.557-6.881 1.092-10.313 1.687-1.216.21-2.721-.041-3.212 1.641-.014.046-.154.054-.235.08l.166-10.051-.169-24.252 1.602-.275c2.62-.429 5.24-.864 7.862-1.281 3.129-.497 6.261-.98 9.392-1.465 1.381-.215 2.764-.412 4.148-.618z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#45A538'
+        d='M61.729 110.054c-1.69-1.453-3.439-2.842-5.059-4.37-8.717-8.222-15.093-17.899-18.233-29.566-.865-3.211-1.442-6.474-1.627-9.792-.13-2.322-.318-4.665-.154-6.975.437-6.144 1.325-12.229 3.127-18.147l.099-.138c.175.233.427.439.516.702 1.759 5.18 3.505 10.364 5.242 15.551 5.458 16.3 10.909 32.604 16.376 48.9.107.318.384.579.583.866l-.87 2.969z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#46A037'
+        d='M88.038 42.812c-1.384.206-2.768.403-4.149.616-3.131.485-6.263.968-9.392 1.465-2.622.417-5.242.852-7.862 1.281l-1.602.275-.012-1.045c-.053-.859-.144-1.717-.154-2.576-.069-5.478-.112-10.956-.18-16.434-.042-3.429-.105-6.857-.175-10.285-.043-2.13-.089-4.261-.185-6.388-.052-1.143-.236-2.28-.311-3.423-.042-.657.016-1.319.029-1.979.817 1.583 1.616 3.178 2.456 4.749 1.327 2.484 3.441 4.314 5.344 6.311 7.523 7.892 12.864 17.068 16.193 27.433z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#409433'
+        d='M65.036 80.753c.081-.026.222-.034.235-.08.491-1.682 1.996-1.431 3.212-1.641 3.432-.594 6.875-1.13 10.313-1.687 3.326-.539 6.652-1.081 9.981-1.604.394-.062.805-.011 1.208-.012-.622 2.22-1.112 4.488-1.901 6.647-.896 2.449-1.98 4.839-3.131 7.182a49.142 49.142 0 01-6.353 9.763c-1.919 2.308-4.058 4.441-6.202 6.548-1.185 1.165-2.582 2.114-3.882 3.161l-.337-.23-1.214-1.038-1.256-2.753a41.402 41.402 0 01-1.394-9.838l.023-.561.171-2.426c.057-.828.133-1.655.168-2.485.129-2.982.241-5.964.359-8.946z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4FAA41'
+        d='M65.036 80.753c-.118 2.982-.23 5.964-.357 8.947-.035.83-.111 1.657-.168 2.485l-.765.289c-1.699-5.002-3.399-9.951-5.062-14.913-2.75-8.209-5.467-16.431-8.213-24.642a4498.887 4498.887 0 00-6.7-19.867c-.105-.31-.407-.552-.617-.826l4.896-9.002c.168.292.39.565.496.879a6167.476 6167.476 0 016.768 20.118c2.916 8.73 5.814 17.467 8.728 26.198.116.349.308.671.491 1.062l.67-.78-.167 10.052z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4AA73C'
+        d='M43.155 32.227c.21.274.511.516.617.826a4498.887 4498.887 0 016.7 19.867c2.746 8.211 5.463 16.433 8.213 24.642 1.662 4.961 3.362 9.911 5.062 14.913l.765-.289-.171 2.426-.155.559c-.266 2.656-.49 5.318-.814 7.968-.163 1.328-.509 2.632-.772 3.947-.198-.287-.476-.548-.583-.866-5.467-16.297-10.918-32.6-16.376-48.9a3888.972 3888.972 0 00-5.242-15.551c-.089-.263-.34-.469-.516-.702l3.272-8.84z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#57AE47'
+        d='M65.202 70.702l-.67.78c-.183-.391-.375-.714-.491-1.062-2.913-8.731-5.812-17.468-8.728-26.198a6167.476 6167.476 0 00-6.768-20.118c-.105-.314-.327-.588-.496-.879l6.055-7.965c.191.255.463.482.562.769 1.681 4.921 3.347 9.848 5.003 14.778 1.547 4.604 3.071 9.215 4.636 13.813.105.308.47.526.714.786l.012 1.045c.058 8.082.115 16.167.171 24.251z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#60B24F'
+        d='M65.021 45.404c-.244-.26-.609-.478-.714-.786-1.565-4.598-3.089-9.209-4.636-13.813-1.656-4.93-3.322-9.856-5.003-14.778-.099-.287-.371-.514-.562-.769 1.969-1.928 3.877-3.925 5.925-5.764 1.821-1.634 3.285-3.386 3.352-5.968.003-.107.059-.214.145-.514l.519 1.306c-.013.661-.072 1.322-.029 1.979.075 1.143.259 2.28.311 3.423.096 2.127.142 4.258.185 6.388.069 3.428.132 6.856.175 10.285.067 5.478.111 10.956.18 16.434.008.861.098 1.718.152 2.577z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#A9AA88'
+        d='M62.598 107.085c.263-1.315.609-2.62.772-3.947.325-2.649.548-5.312.814-7.968l.066-.01.066.011a41.402 41.402 0 001.394 9.838c-.176.232-.425.439-.518.701-.727 2.05-1.412 4.116-2.143 6.166-.1.28-.378.498-.574.744l-.747-2.566.87-2.969z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#B6B598'
+        d='M62.476 112.621c.196-.246.475-.464.574-.744.731-2.05 1.417-4.115 2.143-6.166.093-.262.341-.469.518-.701l1.255 2.754c-.248.352-.59.669-.728 1.061l-2.404 7.059c-.099.283-.437.483-.663.722l-.695-3.985z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#C2C1A7'
+        d='M63.171 116.605c.227-.238.564-.439.663-.722l2.404-7.059c.137-.391.48-.709.728-1.061l1.215 1.037c-.587.58-.913 1.25-.717 2.097l-.369 1.208c-.168.207-.411.387-.494.624-.839 2.403-1.64 4.819-2.485 7.222-.107.305-.404.544-.614.812-.109-1.387-.22-2.771-.331-4.158z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#CECDB7'
+        d='M63.503 120.763c.209-.269.506-.508.614-.812.845-2.402 1.646-4.818 2.485-7.222.083-.236.325-.417.494-.624l-.509 5.545c-.136.157-.333.294-.398.477-.575 1.614-1.117 3.24-1.694 4.854-.119.333-.347.627-.525.938-.158-.207-.441-.407-.454-.623-.051-.841-.016-1.688-.013-2.533z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#DBDAC7'
+        d='M63.969 123.919c.178-.312.406-.606.525-.938.578-1.613 1.119-3.239 1.694-4.854.065-.183.263-.319.398-.477l.012 3.64-1.218 3.124-1.411-.495z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#EBE9DC'
+        d='M65.38 124.415l1.218-3.124.251 3.696-1.469-.572z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#CECDB7'
+        d='M67.464 110.898c-.196-.847.129-1.518.717-2.097l.337.23-1.054 1.867z'
+      />
+      <path
+        fillRule='evenodd'
+        clipRule='evenodd'
+        fill='#4FAA41'
+        d='M64.316 95.172l-.066-.011-.066.01.155-.559-.023.56z'
+      />
+    </svg>`}
+/>
+
+## Usage Instructions
+
+Connect to any MongoDB database to execute queries, manage data, and perform database operations. Supports find, insert, update, delete, and aggregation operations with secure connection handling.
+
+
+
+## Tools
+
+### `mongodb_query`
+
+Execute find operation on MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to query |
+| `query` | string | No | MongoDB query filter as JSON string |
+| `limit` | number | No | Maximum number of documents to return |
+| `sort` | string | No | Sort criteria as JSON string |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documents` | array | Array of documents returned from the query |
+| `documentCount` | number | Number of documents returned |
+
+### `mongodb_insert`
+
+Insert documents into MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to insert into |
+| `documents` | array | Yes | Array of documents to insert |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documentCount` | number | Number of documents inserted |
+| `insertedId` | string | ID of inserted document \(single insert\) |
+| `insertedIds` | array | Array of inserted document IDs \(multiple insert\) |
+
+### `mongodb_update`
+
+Update documents in MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to update |
+| `filter` | string | Yes | Filter criteria as JSON string |
+| `update` | string | Yes | Update operations as JSON string |
+| `upsert` | boolean | No | Create document if not found |
+| `multi` | boolean | No | Update multiple documents |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `matchedCount` | number | Number of documents matched by filter |
+| `modifiedCount` | number | Number of documents modified |
+| `documentCount` | number | Total number of documents affected |
+| `insertedId` | string | ID of inserted document \(if upsert\) |
+
+### `mongodb_delete`
+
+Delete documents from MongoDB collection
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to delete from |
+| `filter` | string | Yes | Filter criteria as JSON string |
+| `multi` | boolean | No | Delete multiple documents |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `deletedCount` | number | Number of documents deleted |
+| `documentCount` | number | Total number of documents affected |
+
+### `mongodb_execute`
+
+Execute MongoDB aggregation pipeline
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `host` | string | Yes | MongoDB server hostname or IP address |
+| `port` | number | Yes | MongoDB server port \(default: 27017\) |
+| `database` | string | Yes | Database name to connect to |
+| `username` | string | No | MongoDB username |
+| `password` | string | No | MongoDB password |
+| `authSource` | string | No | Authentication database |
+| `ssl` | string | No | SSL connection mode \(disabled, required, preferred\) |
+| `collection` | string | Yes | Collection name to execute pipeline on |
+| `pipeline` | string | Yes | Aggregation pipeline as JSON string |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `documents` | array | Array of documents returned from aggregation |
+| `documentCount` | number | Number of documents returned |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `mongodb`

apps/sim/app/(auth)/login/login-form.tsx

@@ -304,6 +304,15 @@ export default function LoginPage({
       return
     }
 
+    const emailValidation = quickValidateEmail(forgotPasswordEmail.trim().toLowerCase())
+    if (!emailValidation.isValid) {
+      setResetStatus({
+        type: 'error',
+        message: 'Please enter a valid email address',
+      })
+      return
+    }
+
     try {
       setIsSubmittingReset(true)
       setResetStatus({ type: null, message: '' })
@@ -321,7 +330,23 @@ export default function LoginPage({
 
       if (!response.ok) {
         const errorData = await response.json()
-        throw new Error(errorData.message || 'Failed to request password reset')
+        let errorMessage = errorData.message || 'Failed to request password reset'
+
+        if (
+          errorMessage.includes('Invalid body parameters') ||
+          errorMessage.includes('invalid email')
+        ) {
+          errorMessage = 'Please enter a valid email address'
+        } else if (errorMessage.includes('Email is required')) {
+          errorMessage = 'Please enter your email address'
+        } else if (
+          errorMessage.includes('user not found') ||
+          errorMessage.includes('User not found')
+        ) {
+          errorMessage = 'No account found with this email address'
+        }
+
+        throw new Error(errorMessage)
       }
 
       setResetStatus({
@@ -497,7 +522,8 @@ export default function LoginPage({
               Reset Password
             </DialogTitle>
             <DialogDescription className='text-neutral-300 text-sm'>
-              Enter your email address and we'll send you a link to reset your password.
+              Enter your email address and we'll send you a link to reset your password if your
+              account exists.
             </DialogDescription>
           </DialogHeader>
           <div className='space-y-4'>
@@ -512,14 +538,20 @@ export default function LoginPage({
                 placeholder='Enter your email'
                 required
                 type='email'
-                className='border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[var(--brand-primary-hover-hex)]/70 focus:ring-[var(--brand-primary-hover-hex)]/20'
+                className={cn(
+                  'border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[var(--brand-primary-hover-hex)]/70 focus:ring-[var(--brand-primary-hover-hex)]/20',
+                  resetStatus.type === 'error' && 'border-red-500 focus-visible:ring-red-500'
+                )}
               />
+              {resetStatus.type === 'error' && (
+                <div className='mt-1 space-y-1 text-red-400 text-xs'>
+                  <p>{resetStatus.message}</p>
+                </div>
+              )}
             </div>
-            {resetStatus.type && (
-              <div
-                className={`text-sm ${resetStatus.type === 'success' ? 'text-[#4CAF50]' : 'text-red-500'}`}
-              >
-                {resetStatus.message}
+            {resetStatus.type === 'success' && (
+              <div className='mt-1 space-y-1 text-[#4CAF50] text-xs'>
+                <p>{resetStatus.message}</p>
               </div>
             )}
             <Button

apps/sim/app/(auth)/reset-password/page.tsx

@@ -101,7 +101,7 @@ function ResetPasswordContent() {
           </CardContent>
           <CardFooter>
             <p className='w-full text-center text-gray-500 text-sm'>
-              <Link href='/login' className='text-primary hover:underline'>
+              <Link href='/login' className='text-muted-foreground hover:underline'>
                 Back to login
               </Link>
             </p>

apps/sim/app/(auth)/signup/signup-form.test.tsx

@@ -166,8 +166,9 @@ describe('SignupPage', () => {
       })
     })
 
-    it('should prevent submission with invalid name validation', async () => {
+    it('should automatically trim spaces from name input', async () => {
       const mockSignUp = vi.mocked(client.signUp.email)
+      mockSignUp.mockResolvedValue({ data: null, error: null })
 
       render(<SignupPage {...defaultProps} />)
 
@@ -176,22 +177,20 @@ describe('SignupPage', () => {
       const passwordInput = screen.getByPlaceholderText(/enter your password/i)
       const submitButton = screen.getByRole('button', { name: /create account/i })
 
-      // Use name with leading/trailing spaces which should fail validation
       fireEvent.change(nameInput, { target: { value: '  John Doe  ' } })
       fireEvent.change(emailInput, { target: { value: 'user@company.com' } })
       fireEvent.change(passwordInput, { target: { value: 'Password123!' } })
       fireEvent.click(submitButton)
 
-      // Should not call signUp because validation failed
-      expect(mockSignUp).not.toHaveBeenCalled()
-
-      // Should show validation error
       await waitFor(() => {
-        expect(
-          screen.getByText(
-            /Name cannot contain consecutive spaces|Name cannot start or end with spaces/
-          )
-        ).toBeInTheDocument()
+        expect(mockSignUp).toHaveBeenCalledWith(
+          expect.objectContaining({
+            name: 'John Doe',
+            email: 'user@company.com',
+            password: 'Password123!',
+          }),
+          expect.any(Object)
+        )
       })
     })
 

apps/sim/app/(auth)/signup/signup-form.tsx

@@ -49,10 +49,6 @@ const NAME_VALIDATIONS = {
     regex: /^(?!.*\s\s).*$/,
     message: 'Name cannot contain consecutive spaces.',
   },
-  noLeadingTrailingSpaces: {
-    test: (value: string) => value === value.trim(),
-    message: 'Name cannot start or end with spaces.',
-  },
 }
 
 const validateEmailField = (emailValue: string): string[] => {
@@ -175,10 +171,6 @@ function SignupFormContent({
       errors.push(NAME_VALIDATIONS.noConsecutiveSpaces.message)
     }
 
-    if (!NAME_VALIDATIONS.noLeadingTrailingSpaces.test(nameValue)) {
-      errors.push(NAME_VALIDATIONS.noLeadingTrailingSpaces.message)
-    }
-
     return errors
   }
 
@@ -193,11 +185,10 @@ function SignupFormContent({
   }
 
   const handleNameChange = (e: React.ChangeEvent<HTMLInputElement>) => {
-    const newName = e.target.value
-    setName(newName)
+    const rawValue = e.target.value
+    setName(rawValue)
 
-    // Silently validate but don't show errors until submit
-    const errors = validateName(newName)
+    const errors = validateName(rawValue)
     setNameErrors(errors)
     setShowNameValidationError(false)
   }
@@ -224,23 +215,21 @@ function SignupFormContent({
     const formData = new FormData(e.currentTarget)
     const emailValue = formData.get('email') as string
     const passwordValue = formData.get('password') as string
-    const name = formData.get('name') as string
+    const nameValue = formData.get('name') as string
 
-    // Validate name on submit
-    const nameValidationErrors = validateName(name)
+    const trimmedName = nameValue.trim()
+
+    const nameValidationErrors = validateName(trimmedName)
     setNameErrors(nameValidationErrors)
     setShowNameValidationError(nameValidationErrors.length > 0)
 
-    // Validate email on submit
     const emailValidationErrors = validateEmailField(emailValue)
     setEmailErrors(emailValidationErrors)
     setShowEmailValidationError(emailValidationErrors.length > 0)
 
-    // Validate password on submit
     const errors = validatePassword(passwordValue)
     setPasswordErrors(errors)
 
-    // Only show validation errors if there are any
     setShowValidationError(errors.length > 0)
 
     try {
@@ -249,7 +238,6 @@ function SignupFormContent({
         emailValidationErrors.length > 0 ||
         errors.length > 0
       ) {
-        // Prioritize name errors first, then email errors, then password errors
         if (nameValidationErrors.length > 0) {
           setNameErrors([nameValidationErrors[0]])
           setShowNameValidationError(true)
@@ -266,8 +254,6 @@ function SignupFormContent({
         return
       }
 
-      // Check if name will be truncated and warn user
-      const trimmedName = name.trim()
       if (trimmedName.length > 100) {
         setNameErrors(['Name will be truncated to 100 characters. Please shorten your name.'])
         setShowNameValidationError(true)
@@ -337,7 +323,6 @@ function SignupFormContent({
         logger.info('Session refreshed after successful signup')
       } catch (sessionError) {
         logger.error('Failed to refresh session after signup:', sessionError)
-        // Continue anyway - the verification flow will handle this
       }
 
       // For new signups, always require verification

apps/sim/app/(auth)/verify/use-verification.ts

@@ -215,20 +215,28 @@ export function useVerification({
     setOtp(value)
   }
 
+  // Auto-submit when OTP is complete
+  useEffect(() => {
+    if (otp.length === 6 && email && !isLoading && !isVerified) {
+      const timeoutId = setTimeout(() => {
+        verifyCode()
+      }, 300) // Small delay to ensure UI is ready
+
+      return () => clearTimeout(timeoutId)
+    }
+  }, [otp, email, isLoading, isVerified])
+
   useEffect(() => {
     if (typeof window !== 'undefined') {
       if (!isProduction || !hasResendKey) {
         const storedEmail = sessionStorage.getItem('verificationEmail')
-        logger.info('Auto-verifying user', { email: storedEmail })
       }
 
       const isDevOrDocker = !isProduction || isTruthy(env.DOCKER_BUILD)
 
-      // Auto-verify and redirect in development/docker environments
       if (isDevOrDocker || !hasResendKey) {
         setIsVerified(true)
 
-        // Clear verification requirement cookie (same as manual verification)
         document.cookie =
           'requiresEmailVerification=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT'
 

apps/sim/app/api/__test-utils__/setup.ts

@@ -3,7 +3,6 @@
  */
 import { afterEach, beforeEach, vi } from 'vitest'
 
-// Mock Next.js implementations
 vi.mock('next/headers', () => ({
   cookies: () => ({
     get: vi.fn().mockReturnValue({ value: 'test-session-token' }),
@@ -13,7 +12,6 @@ vi.mock('next/headers', () => ({
   }),
 }))
 
-// Mock auth utilities
 vi.mock('@/lib/auth/session', () => ({
   getSession: vi.fn().mockResolvedValue({
     user: {
@@ -24,13 +22,10 @@ vi.mock('@/lib/auth/session', () => ({
   }),
 }))
 
-// Configure Vitest environment
 beforeEach(() => {
-  // Clear all mocks before each test
   vi.clearAllMocks()
 })
 
 afterEach(() => {
-  // Ensure all mocks are restored after each test
   vi.restoreAllMocks()
 })

apps/sim/app/api/__test-utils__/utils.ts

@@ -944,12 +944,10 @@ export interface TestSetupOptions {
 export function setupComprehensiveTestMocks(options: TestSetupOptions = {}) {
   const { auth = { authenticated: true }, database = {}, storage, authApi, features = {} } = options
 
-  // Setup basic infrastructure mocks
   setupCommonApiMocks()
   mockUuid()
   mockCryptoUuid()
 
-  // Setup authentication
   const authMocks = mockAuth(auth.user)
   if (auth.authenticated) {
     authMocks.setAuthenticated(auth.user)
@@ -957,22 +955,18 @@ export function setupComprehensiveTestMocks(options: TestSetupOptions = {}) {
     authMocks.setUnauthenticated()
   }
 
-  // Setup database
   const dbMocks = createMockDatabase(database)
 
-  // Setup storage if needed
   let storageMocks
   if (storage) {
     storageMocks = createStorageProviderMocks(storage)
   }
 
-  // Setup auth API if needed
   let authApiMocks
   if (authApi) {
     authApiMocks = createAuthApiMocks(authApi)
   }
 
-  // Setup feature-specific mocks
   const featureMocks: any = {}
   if (features.workflowUtils) {
     featureMocks.workflowUtils = mockWorkflowUtils()
@@ -1008,12 +1002,10 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
 
   let selectCallCount = 0
 
-  // Helper to create error
   const createDbError = (operation: string, message?: string) => {
     return new Error(message || `Database ${operation} error`)
   }
 
-  // Create chainable select mock
   const createSelectChain = () => ({
     from: vi.fn().mockReturnThis(),
     leftJoin: vi.fn().mockReturnThis(),
@@ -1038,7 +1030,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     }),
   })
 
-  // Create insert chain
   const createInsertChain = () => ({
     values: vi.fn().mockImplementation(() => ({
       returning: vi.fn().mockImplementation(() => {
@@ -1056,7 +1047,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     })),
   })
 
-  // Create update chain
   const createUpdateChain = () => ({
     set: vi.fn().mockImplementation(() => ({
       where: vi.fn().mockImplementation(() => {
@@ -1068,7 +1058,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     })),
   })
 
-  // Create delete chain
   const createDeleteChain = () => ({
     where: vi.fn().mockImplementation(() => {
       if (deleteOptions.throwError) {
@@ -1078,7 +1067,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     }),
   })
 
-  // Create transaction mock
   const createTransactionMock = () => {
     return vi.fn().mockImplementation(async (callback: any) => {
       if (transactionOptions.throwError) {
@@ -1200,7 +1188,6 @@ export function setupKnowledgeMocks(
     mocks.generateEmbedding = vi.fn().mockResolvedValue([0.1, 0.2, 0.3])
   }
 
-  // Mock the knowledge utilities
   vi.doMock('@/app/api/knowledge/utils', () => mocks)
 
   return mocks
@@ -1218,12 +1205,10 @@ export function setupFileApiMocks(
 ) {
   const { authenticated = true, storageProvider = 's3', cloudEnabled = true } = options
 
-  // Setup basic mocks
   setupCommonApiMocks()
   mockUuid()
   mockCryptoUuid()
 
-  // Setup auth
   const authMocks = mockAuth()
   if (authenticated) {
     authMocks.setAuthenticated()
@@ -1231,14 +1216,12 @@ export function setupFileApiMocks(
     authMocks.setUnauthenticated()
   }
 
-  // Setup file system mocks
   mockFileSystem({
     writeFileSuccess: true,
     readFileContent: 'test content',
     existsResult: true,
   })
 
-  // Setup storage provider mocks (this will mock @/lib/uploads)
   let storageMocks
   if (storageProvider) {
     storageMocks = createStorageProviderMocks({
@@ -1246,7 +1229,6 @@ export function setupFileApiMocks(
       isCloudEnabled: cloudEnabled,
     })
   } else {
-    // If no storage provider specified, just mock the base functions
     vi.doMock('@/lib/uploads', () => ({
       getStorageProvider: vi.fn().mockReturnValue('local'),
       isUsingCloudStorage: vi.fn().mockReturnValue(cloudEnabled),

apps/sim/app/api/auth/oauth/connections/route.ts

@@ -3,6 +3,7 @@ import { jwtDecode } from 'jwt-decode'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user } from '@/db/schema'
 
@@ -18,7 +19,7 @@ interface GoogleIdToken {
  * Get all OAuth connections for the current user
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/credentials/route.ts

@@ -6,6 +6,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import type { OAuthService } from '@/lib/oauth/oauth'
 import { parseProvider } from '@/lib/oauth/oauth'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user, workflow } from '@/db/schema'
 
@@ -23,7 +24,7 @@ interface GoogleIdToken {
  * Get credentials for a specific provider
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get query params

apps/sim/app/api/auth/oauth/disconnect/route.ts

@@ -2,6 +2,7 @@ import { and, eq, like, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
 
@@ -13,7 +14,7 @@ const logger = createLogger('OAuthDisconnectAPI')
  * Disconnect an OAuth provider for the current user
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/microsoft/file/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFileAPI')
  * Get a single file from Microsoft OneDrive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   try {
     // Get the session
     const session = await getSession()

apps/sim/app/api/auth/oauth/microsoft/files/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFilesAPI')
  * Get Excel files from Microsoft OneDrive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/token/route.ts

@@ -2,6 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getCredential, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -14,7 +15,7 @@ const logger = createLogger('OAuthTokenAPI')
  * and workflow-based authentication (for server-side requests)
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   logger.info(`[${requestId}] OAuth token API POST request received`)
 
@@ -59,7 +60,7 @@ export async function POST(request: NextRequest) {
  * Get the access token for a specific credential
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Short request ID for correlation
+  const requestId = generateRequestId()
 
   try {
     // Get the credential ID from the query params

apps/sim/app/api/auth/oauth/wealthbox/item/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemAPI')
  * Get a single item (note, contact, task) from Wealthbox
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/wealthbox/items/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemsAPI')
  * Get items (notes, contacts, tasks) from Wealthbox
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/billing/route.ts

@@ -2,7 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { getSimplifiedBillingSummary } from '@/lib/billing/core/billing'
-import { getOrganizationBillingData } from '@/lib/billing/core/organization-billing'
+import { getOrganizationBillingData } from '@/lib/billing/core/organization'
 import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { member, userStats } from '@/db/schema'

apps/sim/app/api/billing/update-cost/route.ts

@@ -1,10 +1,10 @@
-import crypto from 'crypto'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { checkInternalApiKey } from '@/lib/copilot/utils'
 import { isBillingEnabled } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { userStats } from '@/db/schema'
 import { calculateCost } from '@/providers/utils'
@@ -16,7 +16,8 @@ const UpdateCostSchema = z.object({
   input: z.number().min(0, 'Input tokens must be a non-negative number'),
   output: z.number().min(0, 'Output tokens must be a non-negative number'),
   model: z.string().min(1, 'Model is required'),
-  multiplier: z.number().min(0),
+  inputMultiplier: z.number().min(0),
+  outputMultiplier: z.number().min(0),
 })
 
 /**
@@ -24,7 +25,7 @@ const UpdateCostSchema = z.object({
  * Update user cost based on token usage with internal API key auth
  */
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const startTime = Date.now()
 
   try {
@@ -75,14 +76,15 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    const { userId, input, output, model, multiplier } = validation.data
+    const { userId, input, output, model, inputMultiplier, outputMultiplier } = validation.data
 
     logger.info(`[${requestId}] Processing cost update`, {
       userId,
       input,
       output,
       model,
-      multiplier,
+      inputMultiplier,
+      outputMultiplier,
     })
 
     const finalPromptTokens = input
@@ -95,7 +97,8 @@ export async function POST(req: NextRequest) {
       finalPromptTokens,
       finalCompletionTokens,
       false,
-      multiplier
+      inputMultiplier,
+      outputMultiplier
     )
 
     logger.info(`[${requestId}] Cost calculation result`, {
@@ -104,7 +107,8 @@ export async function POST(req: NextRequest) {
       promptTokens: finalPromptTokens,
       completionTokens: finalCompletionTokens,
       totalTokens: totalTokens,
-      multiplier,
+      inputMultiplier,
+      outputMultiplier,
       costResult,
     })
 

apps/sim/app/api/chat/[subdomain]/otp/route.ts

@@ -5,6 +5,7 @@ import { renderOTPEmail } from '@/components/emails/render-email'
 import { sendEmail } from '@/lib/email/mailer'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getRedisClient, markMessageAsProcessed, releaseLock } from '@/lib/redis'
+import { generateRequestId } from '@/lib/utils'
 import { addCorsHeaders, setChatAuthCookie } from '@/app/api/chat/utils'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
@@ -115,7 +116,7 @@ export async function POST(
   { params }: { params: Promise<{ subdomain: string }> }
 ) {
   const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.debug(`[${requestId}] Processing OTP request for subdomain: ${subdomain}`)
@@ -229,7 +230,7 @@ export async function PUT(
   { params }: { params: Promise<{ subdomain: string }> }
 ) {
   const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.debug(`[${requestId}] Verifying OTP for subdomain: ${subdomain}`)

apps/sim/app/api/chat/[subdomain]/route.ts

@@ -1,6 +1,7 @@
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import {
   addCorsHeaders,
   executeWorkflowForChat,
@@ -20,7 +21,7 @@ export async function POST(
   { params }: { params: Promise<{ subdomain: string }> }
 ) {
   const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.debug(`[${requestId}] Processing chat request for subdomain: ${subdomain}`)
@@ -141,7 +142,7 @@ export async function GET(
   { params }: { params: Promise<{ subdomain: string }> }
 ) {
   const { subdomain } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.debug(`[${requestId}] Fetching chat info for subdomain: ${subdomain}`)

apps/sim/app/api/chat/utils.test.ts

@@ -14,10 +14,6 @@ vi.mock('@/db', () => ({
   },
 }))
 
-vi.mock('@/lib/utils', () => ({
-  decryptSecret: vi.fn().mockResolvedValue({ decrypted: 'test-secret' }),
-}))
-
 vi.mock('@/lib/logs/execution/logging-session', () => ({
   LoggingSession: vi.fn().mockImplementation(() => ({
     safeStart: vi.fn().mockResolvedValue(undefined),
@@ -38,6 +34,13 @@ vi.mock('@/stores/workflows/server-utils', () => ({
   mergeSubblockState: vi.fn().mockReturnValue({}),
 }))
 
+const mockDecryptSecret = vi.fn()
+
+vi.mock('@/lib/utils', () => ({
+  decryptSecret: mockDecryptSecret,
+  generateRequestId: vi.fn(),
+}))
+
 describe('Chat API Utils', () => {
   beforeEach(() => {
     vi.resetModules()
@@ -177,7 +180,10 @@ describe('Chat API Utils', () => {
   })
 
   describe('Chat auth validation', () => {
-    beforeEach(() => {
+    beforeEach(async () => {
+      vi.clearAllMocks()
+      mockDecryptSecret.mockResolvedValue({ decrypted: 'correct-password' })
+
       vi.doMock('@/app/api/chat/utils', async (importOriginal) => {
         const original = (await importOriginal()) as any
         return {
@@ -190,13 +196,6 @@ describe('Chat API Utils', () => {
           }),
         }
       })
-
-      // Mock decryptSecret globally for all auth tests
-      vi.doMock('@/lib/utils', () => ({
-        decryptSecret: vi.fn((encryptedValue) => {
-          return Promise.resolve({ decrypted: 'correct-password' })
-        }),
-      }))
     })
 
     it.concurrent('should allow access to public chats', async () => {

apps/sim/app/api/chat/utils.ts

@@ -3,16 +3,17 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { checkServerSideUsageLimits } from '@/lib/billing'
 import { isDev } from '@/lib/environment'
+import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
 import { buildTraceSpans } from '@/lib/logs/execution/trace-spans/trace-spans'
 import { hasAdminPermission } from '@/lib/permissions/utils'
 import { processStreamingBlockLogs } from '@/lib/tokenization'
 import { getEmailDomain } from '@/lib/urls/utils'
-import { decryptSecret } from '@/lib/utils'
+import { decryptSecret, generateRequestId } from '@/lib/utils'
 import { getBlock } from '@/blocks'
 import { db } from '@/db'
-import { chat, environment as envTable, userStats, workflow } from '@/db/schema'
+import { chat, userStats, workflow } from '@/db/schema'
 import { Executor } from '@/executor'
 import type { BlockLog, ExecutionResult } from '@/executor/types'
 import { Serializer } from '@/serializer'
@@ -302,7 +303,7 @@ export async function executeWorkflowForChat(
   input: string,
   conversationId?: string
 ): Promise<any> {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   logger.debug(
     `[${requestId}] Executing workflow for chat: ${chatId}${
@@ -453,18 +454,21 @@ export async function executeWorkflowForChat(
     {} as Record<string, Record<string, any>>
   )
 
-  // Get user environment variables for this workflow
+  // Get user environment variables with workspace precedence
   let envVars: Record<string, string> = {}
   try {
-    const envResult = await db
-      .select()
-      .from(envTable)
-      .where(eq(envTable.userId, deployment.userId))
+    const wfWorkspaceRow = await db
+      .select({ workspaceId: workflow.workspaceId })
+      .from(workflow)
+      .where(eq(workflow.id, workflowId))
       .limit(1)
 
-    if (envResult.length > 0 && envResult[0].variables) {
-      envVars = envResult[0].variables as Record<string, string>
-    }
+    const workspaceId = wfWorkspaceRow[0]?.workspaceId || undefined
+    const { personalEncrypted, workspaceEncrypted } = await getPersonalAndWorkspaceEnv(
+      deployment.userId,
+      workspaceId
+    )
+    envVars = { ...personalEncrypted, ...workspaceEncrypted }
   } catch (error) {
     logger.warn(`[${requestId}] Could not fetch environment variables:`, error)
   }
@@ -543,8 +547,6 @@ export async function executeWorkflowForChat(
     userId: deployment.userId,
     workspaceId: '', // TODO: Get from workflow
     variables: workflowVariables,
-    initialInput: { input, conversationId },
-    executionType: 'chat',
   })
 
   const stream = new ReadableStream({

apps/sim/app/api/copilot/chat/route.test.ts

@@ -99,6 +99,7 @@ describe('Copilot Chat API Route', () => {
 
     vi.doMock('@/lib/utils', () => ({
       getRotatingApiKey: mockGetRotatingApiKey,
+      generateRequestId: vi.fn(() => 'test-request-id'),
     }))
 
     vi.doMock('@/lib/env', () => ({
@@ -224,7 +225,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
             depth: 0,
+            chatId: 'chat-123',
           }),
         })
       )
@@ -286,7 +289,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
             depth: 0,
+            chatId: 'chat-123',
           }),
         })
       )
@@ -337,7 +342,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            messageId: 'mock-uuid-1234-5678',
             depth: 0,
+            chatId: 'chat-123',
           }),
         })
       )
@@ -425,7 +432,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'ask',
+            messageId: 'mock-uuid-1234-5678',
             depth: 0,
+            chatId: 'chat-123',
           }),
         })
       )

apps/sim/app/api/copilot/chat/route.ts

@@ -50,13 +50,25 @@ const ChatMessageSchema = z.object({
   contexts: z
     .array(
       z.object({
-        kind: z.enum(['past_chat', 'workflow', 'blocks', 'logs', 'knowledge', 'templates']),
+        kind: z.enum([
+          'past_chat',
+          'workflow',
+          'current_workflow',
+          'blocks',
+          'logs',
+          'workflow_block',
+          'knowledge',
+          'templates',
+          'docs',
+        ]),
         label: z.string(),
         chatId: z.string().optional(),
         workflowId: z.string().optional(),
         knowledgeId: z.string().optional(),
         blockId: z.string().optional(),
         templateId: z.string().optional(),
+        executionId: z.string().optional(),
+        // For workflow_block, provide both workflowId and blockId
       })
     )
     .optional(),
@@ -96,6 +108,8 @@ export async function POST(req: NextRequest) {
       conversationId,
       contexts,
     } = ChatMessageSchema.parse(body)
+    // Ensure we have a consistent user message ID for this request
+    const userMessageIdToUse = userMessageId || crypto.randomUUID()
     try {
       logger.info(`[${tracker.requestId}] Received chat POST`, {
         hasContexts: Array.isArray(contexts),
@@ -105,6 +119,7 @@ export async function POST(req: NextRequest) {
               kind: c?.kind,
               chatId: c?.chatId,
               workflowId: c?.workflowId,
+              executionId: (c as any)?.executionId,
               label: c?.label,
             }))
           : undefined,
@@ -115,13 +130,18 @@ export async function POST(req: NextRequest) {
     if (Array.isArray(contexts) && contexts.length > 0) {
       try {
         const { processContextsServer } = await import('@/lib/copilot/process-contents')
-        const processed = await processContextsServer(contexts as any, authenticatedUserId)
+        const processed = await processContextsServer(contexts as any, authenticatedUserId, message)
         agentContexts = processed
         logger.info(`[${tracker.requestId}] Contexts processed for request`, {
           processedCount: agentContexts.length,
           kinds: agentContexts.map((c) => c.type),
           lengthPreview: agentContexts.map((c) => c.content?.length ?? 0),
         })
+        if (Array.isArray(contexts) && contexts.length > 0 && agentContexts.length === 0) {
+          logger.warn(
+            `[${tracker.requestId}] Contexts provided but none processed. Check executionId for logs contexts.`
+          )
+        }
       } catch (e) {
         logger.error(`[${tracker.requestId}] Failed to process contexts`, e)
       }
@@ -351,12 +371,14 @@ export async function POST(req: NextRequest) {
       stream: stream,
       streamToolCalls: true,
       mode: mode,
+      messageId: userMessageIdToUse,
       ...(providerConfig ? { provider: providerConfig } : {}),
       ...(effectiveConversationId ? { conversationId: effectiveConversationId } : {}),
       ...(typeof effectiveDepth === 'number' ? { depth: effectiveDepth } : {}),
       ...(typeof effectivePrefetch === 'boolean' ? { prefetch: effectivePrefetch } : {}),
       ...(session?.user?.name && { userName: session.user.name }),
       ...(agentContexts.length > 0 && { context: agentContexts }),
+      ...(actualChatId ? { chatId: actualChatId } : {}),
     }
 
     try {
@@ -396,7 +418,7 @@ export async function POST(req: NextRequest) {
     if (stream && simAgentResponse.body) {
       // Create user message to save
       const userMessage = {
-        id: userMessageId || crypto.randomUUID(), // Use frontend ID if provided
+        id: userMessageIdToUse, // Consistent ID used for request and persistence
         role: 'user',
         content: message,
         timestamp: new Date().toISOString(),
@@ -474,16 +496,6 @@ export async function POST(req: NextRequest) {
                 break
               }
 
-              // Check if client disconnected before processing chunk
-              try {
-                // Forward the chunk to client immediately
-                controller.enqueue(value)
-              } catch (error) {
-                // Client disconnected - stop reading from sim agent
-                reader.cancel() // Stop reading from sim agent
-                break
-              }
-
               // Decode and parse SSE events for logging and capturing content
               const decodedChunk = decoder.decode(value, { stream: true })
               buffer += decodedChunk
@@ -583,6 +595,47 @@ export async function POST(req: NextRequest) {
 
                       default:
                     }
+
+                    // Emit to client: rewrite 'error' events into user-friendly assistant message
+                    if (event?.type === 'error') {
+                      try {
+                        const displayMessage: string =
+                          (event?.data && (event.data.displayMessage as string)) ||
+                          'Sorry, I encountered an error. Please try again.'
+                        const formatted = `_${displayMessage}_`
+                        // Accumulate so it persists to DB as assistant content
+                        assistantContent += formatted
+                        // Send as content chunk
+                        try {
+                          controller.enqueue(
+                            encoder.encode(
+                              `data: ${JSON.stringify({ type: 'content', data: formatted })}\n\n`
+                            )
+                          )
+                        } catch (enqueueErr) {
+                          reader.cancel()
+                          break
+                        }
+                        // Then close this response cleanly for the client
+                        try {
+                          controller.enqueue(
+                            encoder.encode(`data: ${JSON.stringify({ type: 'done' })}\n\n`)
+                          )
+                        } catch (enqueueErr) {
+                          reader.cancel()
+                          break
+                        }
+                      } catch {}
+                      // Do not forward the original error event
+                    } else {
+                      // Forward original event to client
+                      try {
+                        controller.enqueue(encoder.encode(`data: ${jsonStr}\n\n`))
+                      } catch (enqueueErr) {
+                        reader.cancel()
+                        break
+                      }
+                    }
                   } catch (e) {
                     // Enhanced error handling for large payloads and parsing issues
                     const lineLength = line.length
@@ -615,10 +668,37 @@ export async function POST(req: NextRequest) {
               logger.debug(`[${tracker.requestId}] Processing remaining buffer: "${buffer}"`)
               if (buffer.startsWith('data: ')) {
                 try {
-                  const event = JSON.parse(buffer.slice(6))
+                  const jsonStr = buffer.slice(6)
+                  const event = JSON.parse(jsonStr)
                   if (event.type === 'content' && event.data) {
                     assistantContent += event.data
                   }
+                  // Forward remaining event, applying same error rewrite behavior
+                  if (event?.type === 'error') {
+                    const displayMessage: string =
+                      (event?.data && (event.data.displayMessage as string)) ||
+                      'Sorry, I encountered an error. Please try again.'
+                    const formatted = `_${displayMessage}_`
+                    assistantContent += formatted
+                    try {
+                      controller.enqueue(
+                        encoder.encode(
+                          `data: ${JSON.stringify({ type: 'content', data: formatted })}\n\n`
+                        )
+                      )
+                      controller.enqueue(
+                        encoder.encode(`data: ${JSON.stringify({ type: 'done' })}\n\n`)
+                      )
+                    } catch (enqueueErr) {
+                      reader.cancel()
+                    }
+                  } else {
+                    try {
+                      controller.enqueue(encoder.encode(`data: ${jsonStr}\n\n`))
+                    } catch (enqueueErr) {
+                      reader.cancel()
+                    }
+                  }
                 } catch (e) {
                   logger.warn(`[${tracker.requestId}] Failed to parse final buffer: "${buffer}"`)
                 }
@@ -734,7 +814,7 @@ export async function POST(req: NextRequest) {
     // Save messages if we have a chat
     if (currentChat && responseData.content) {
       const userMessage = {
-        id: userMessageId || crypto.randomUUID(), // Use frontend ID if provided
+        id: userMessageIdToUse, // Consistent ID used for request and persistence
         role: 'user',
         content: message,
         timestamp: new Date().toISOString(),

apps/sim/app/api/copilot/stats/route.ts

@@ -0,0 +1,68 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import {
+  authenticateCopilotRequestSessionOnly,
+  createBadRequestResponse,
+  createInternalServerErrorResponse,
+  createRequestTracker,
+  createUnauthorizedResponse,
+} from '@/lib/copilot/auth'
+import { env } from '@/lib/env'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent'
+
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
+const BodySchema = z.object({
+  messageId: z.string(),
+  diffCreated: z.boolean(),
+  diffAccepted: z.boolean(),
+})
+
+export async function POST(req: NextRequest) {
+  const tracker = createRequestTracker()
+  try {
+    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
+    if (!isAuthenticated || !userId) {
+      return createUnauthorizedResponse()
+    }
+
+    const json = await req.json().catch(() => ({}))
+    const parsed = BodySchema.safeParse(json)
+    if (!parsed.success) {
+      return createBadRequestResponse('Invalid request body for copilot stats')
+    }
+
+    const { messageId, diffCreated, diffAccepted } = parsed.data as any
+
+    // Build outgoing payload for Sim Agent with only required fields
+    const payload: Record<string, any> = {
+      messageId,
+      diffCreated,
+      diffAccepted,
+    }
+
+    const agentRes = await fetch(`${SIM_AGENT_API_URL}/api/stats`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(env.COPILOT_API_KEY ? { 'x-api-key': env.COPILOT_API_KEY } : {}),
+      },
+      body: JSON.stringify(payload),
+    })
+
+    // Prefer not to block clients; still relay status
+    let agentJson: any = null
+    try {
+      agentJson = await agentRes.json()
+    } catch {}
+
+    if (!agentRes.ok) {
+      const message = (agentJson && (agentJson.error || agentJson.message)) || 'Upstream error'
+      return NextResponse.json({ success: false, error: message }, { status: 400 })
+    }
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    return createInternalServerErrorResponse('Failed to forward copilot stats')
+  }
+}

apps/sim/app/api/environment/route.ts

@@ -3,20 +3,19 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-import { decryptSecret, encryptSecret } from '@/lib/utils'
+import { decryptSecret, encryptSecret, generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { environment } from '@/db/schema'
 import type { EnvironmentVariable } from '@/stores/settings/environment/types'
 
 const logger = createLogger('EnvironmentAPI')
 
-// Schema for environment variable updates
 const EnvVarSchema = z.object({
   variables: z.record(z.string()),
 })
 
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()
@@ -30,17 +29,13 @@ export async function POST(req: NextRequest) {
     try {
       const { variables } = EnvVarSchema.parse(body)
 
-      // Encrypt all variables
-      const encryptedVariables = await Object.entries(variables).reduce(
-        async (accPromise, [key, value]) => {
-          const acc = await accPromise
+      const encryptedVariables = await Promise.all(
+        Object.entries(variables).map(async ([key, value]) => {
           const { encrypted } = await encryptSecret(value)
-          return { ...acc, [key]: encrypted }
-        },
-        Promise.resolve({})
-      )
+          return [key, encrypted] as const
+        })
+      ).then((entries) => Object.fromEntries(entries))
 
-      // Replace all environment variables for user
       await db
         .insert(environment)
         .values({
@@ -77,10 +72,9 @@ export async function POST(req: NextRequest) {
 }
 
 export async function GET(request: Request) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
-    // Get the session directly in the API route
     const session = await getSession()
     if (!session?.user?.id) {
       logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
@@ -99,18 +93,15 @@ export async function GET(request: Request) {
       return NextResponse.json({ data: {} }, { status: 200 })
     }
 
-    // Decrypt the variables for client-side use
     const encryptedVariables = result[0].variables as Record<string, string>
     const decryptedVariables: Record<string, EnvironmentVariable> = {}
 
-    // Decrypt each variable
     for (const [key, encryptedValue] of Object.entries(encryptedVariables)) {
       try {
         const { decrypted } = await decryptSecret(encryptedValue)
         decryptedVariables[key] = { key, value: decrypted }
       } catch (error) {
         logger.error(`[${requestId}] Error decrypting variable ${key}`, error)
-        // If decryption fails, provide a placeholder
         decryptedVariables[key] = { key, value: '' }
       }
     }

apps/sim/app/api/environment/variables/route.ts

@@ -1,225 +0,0 @@
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getEnvironmentVariableKeys } from '@/lib/environment/utils'
-import { createLogger } from '@/lib/logs/console/logger'
-import { decryptSecret, encryptSecret } from '@/lib/utils'
-import { getUserId } from '@/app/api/auth/oauth/utils'
-import { db } from '@/db'
-import { environment } from '@/db/schema'
-
-const logger = createLogger('EnvironmentVariablesAPI')
-
-// Schema for environment variable updates
-const EnvVarSchema = z.object({
-  variables: z.record(z.string()),
-})
-
-export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    // For GET requests, check for workflowId in query params
-    const { searchParams } = new URL(request.url)
-    const workflowId = searchParams.get('workflowId')
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId || undefined)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Get only the variable names (keys), not values
-    const result = await getEnvironmentVariableKeys(userId)
-
-    return NextResponse.json(
-      {
-        success: true,
-        output: result,
-      },
-      { status: 200 }
-    )
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables fetch error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to get environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}
-
-export async function PUT(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    const body = await request.json()
-    const { workflowId, variables } = body
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables set attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    try {
-      const { variables: validatedVariables } = EnvVarSchema.parse({ variables })
-
-      // Get existing environment variables for this user
-      const existingData = await db
-        .select()
-        .from(environment)
-        .where(eq(environment.userId, userId))
-        .limit(1)
-
-      // Start with existing encrypted variables or empty object
-      const existingEncryptedVariables =
-        (existingData[0]?.variables as Record<string, string>) || {}
-
-      // Determine which variables are new or changed by comparing with decrypted existing values
-      const variablesToEncrypt: Record<string, string> = {}
-      const addedVariables: string[] = []
-      const updatedVariables: string[] = []
-
-      for (const [key, newValue] of Object.entries(validatedVariables)) {
-        if (!(key in existingEncryptedVariables)) {
-          // New variable
-          variablesToEncrypt[key] = newValue
-          addedVariables.push(key)
-        } else {
-          // Check if the value has actually changed by decrypting the existing value
-          try {
-            const { decrypted: existingValue } = await decryptSecret(
-              existingEncryptedVariables[key]
-            )
-
-            if (existingValue !== newValue) {
-              // Value changed, needs re-encryption
-              variablesToEncrypt[key] = newValue
-              updatedVariables.push(key)
-            }
-            // If values are the same, keep the existing encrypted value
-          } catch (decryptError) {
-            // If we can't decrypt the existing value, treat as changed and re-encrypt
-            logger.warn(
-              `[${requestId}] Could not decrypt existing variable ${key}, re-encrypting`,
-              {
-                error: decryptError,
-              }
-            )
-            variablesToEncrypt[key] = newValue
-            updatedVariables.push(key)
-          }
-        }
-      }
-
-      // Only encrypt the variables that are new or changed
-      const newlyEncryptedVariables = await Object.entries(variablesToEncrypt).reduce(
-        async (accPromise, [key, value]) => {
-          const acc = await accPromise
-          const { encrypted } = await encryptSecret(value)
-          return { ...acc, [key]: encrypted }
-        },
-        Promise.resolve({})
-      )
-
-      // Merge existing encrypted variables with newly encrypted ones
-      const finalEncryptedVariables = { ...existingEncryptedVariables, ...newlyEncryptedVariables }
-
-      // Update or insert environment variables for user
-      await db
-        .insert(environment)
-        .values({
-          id: crypto.randomUUID(),
-          userId: userId,
-          variables: finalEncryptedVariables,
-          updatedAt: new Date(),
-        })
-        .onConflictDoUpdate({
-          target: [environment.userId],
-          set: {
-            variables: finalEncryptedVariables,
-            updatedAt: new Date(),
-          },
-        })
-
-      return NextResponse.json(
-        {
-          success: true,
-          output: {
-            message: `Successfully processed ${Object.keys(validatedVariables).length} environment variable(s): ${addedVariables.length} added, ${updatedVariables.length} updated`,
-            variableCount: Object.keys(validatedVariables).length,
-            variableNames: Object.keys(validatedVariables),
-            totalVariableCount: Object.keys(finalEncryptedVariables).length,
-            addedVariables,
-            updatedVariables,
-          },
-        },
-        { status: 200 }
-      )
-    } catch (validationError) {
-      if (validationError instanceof z.ZodError) {
-        logger.warn(`[${requestId}] Invalid environment variables data`, {
-          errors: validationError.errors,
-        })
-        return NextResponse.json(
-          { error: 'Invalid request data', details: validationError.errors },
-          { status: 400 }
-        )
-      }
-      throw validationError
-    }
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables set error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to set environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}
-
-export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
-
-  try {
-    const body = await request.json()
-    const { workflowId } = body
-
-    // Use dual authentication pattern like other copilot tools
-    const userId = await getUserId(requestId, workflowId)
-
-    if (!userId) {
-      logger.warn(`[${requestId}] Unauthorized environment variables access attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Get only the variable names (keys), not values
-    const result = await getEnvironmentVariableKeys(userId)
-
-    return NextResponse.json(
-      {
-        success: true,
-        output: result,
-      },
-      { status: 200 }
-    )
-  } catch (error: any) {
-    logger.error(`[${requestId}] Environment variables fetch error`, error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: error.message || 'Failed to get environment variables',
-      },
-      { status: 500 }
-    )
-  }
-}

apps/sim/app/api/files/parse/route.ts

@@ -553,22 +553,11 @@ function handleGenericBuffer(
  */
 async function parseBufferAsPdf(buffer: Buffer) {
   try {
-    try {
-      const { PdfParser } = await import('@/lib/file-parsers/pdf-parser')
-      const parser = new PdfParser()
-      logger.info('Using main PDF parser for buffer')
+    const { PdfParser } = await import('@/lib/file-parsers/pdf-parser')
+    const parser = new PdfParser()
+    logger.info('Using main PDF parser for buffer')
 
-      if (parser.parseBuffer) {
-        return await parser.parseBuffer(buffer)
-      }
-      throw new Error('PDF parser does not support buffer parsing')
-    } catch (error) {
-      logger.warn('Main PDF parser failed, using raw parser for buffer:', error)
-      const { RawPdfParser } = await import('@/lib/file-parsers/raw-pdf-parser')
-      const rawParser = new RawPdfParser()
-
-      return await rawParser.parseBuffer(buffer)
-    }
+    return await parser.parseBuffer(buffer)
   } catch (error) {
     throw new Error(`PDF parsing failed: ${(error as Error).message}`)
   }

apps/sim/app/api/files/presigned/route.test.ts

@@ -1,7 +1,13 @@
 import { NextRequest } from 'next/server'
-import { beforeEach, describe, expect, test, vi } from 'vitest'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import { setupFileApiMocks } from '@/app/api/__test-utils__/utils'
 
+/**
+ * Tests for file presigned API route
+ *
+ * @vitest-environment node
+ */
+
 describe('/api/files/presigned', () => {
   beforeEach(() => {
     vi.clearAllMocks()
@@ -19,7 +25,7 @@ describe('/api/files/presigned', () => {
   })
 
   describe('POST', () => {
-    test('should return error when cloud storage is not enabled', async () => {
+    it('should return error when cloud storage is not enabled', async () => {
       setupFileApiMocks({
         cloudEnabled: false,
         storageProvider: 's3',
@@ -39,7 +45,7 @@ describe('/api/files/presigned', () => {
       const response = await POST(request)
       const data = await response.json()
 
-      expect(response.status).toBe(500) // Changed from 400 to 500 (StorageConfigError)
+      expect(response.status).toBe(500)
       expect(data.error).toBe('Direct uploads are only available when cloud storage is enabled')
       expect(data.code).toBe('STORAGE_CONFIG_ERROR')
       expect(data.directUploadSupported).toBe(false)

apps/sim/app/api/files/presigned/route.ts

@@ -12,10 +12,12 @@ import {
   BLOB_CONFIG,
   BLOB_COPILOT_CONFIG,
   BLOB_KB_CONFIG,
+  BLOB_PROFILE_PICTURES_CONFIG,
   S3_CHAT_CONFIG,
   S3_CONFIG,
   S3_COPILOT_CONFIG,
   S3_KB_CONFIG,
+  S3_PROFILE_PICTURES_CONFIG,
 } from '@/lib/uploads/setup'
 import { validateFileType } from '@/lib/uploads/validation'
 import { createErrorResponse, createOptionsResponse } from '@/app/api/files/utils'
@@ -30,7 +32,7 @@ interface PresignedUrlRequest {
   chatId?: string
 }
 
-type UploadType = 'general' | 'knowledge-base' | 'chat' | 'copilot'
+type UploadType = 'general' | 'knowledge-base' | 'chat' | 'copilot' | 'profile-pictures'
 
 class PresignedUrlError extends Error {
   constructor(
@@ -96,7 +98,9 @@ export async function POST(request: NextRequest) {
           ? 'chat'
           : uploadTypeParam === 'copilot'
             ? 'copilot'
-            : 'general'
+            : uploadTypeParam === 'profile-pictures'
+              ? 'profile-pictures'
+              : 'general'
 
     if (uploadType === 'knowledge-base') {
       const fileValidationError = validateFileType(fileName, contentType)
@@ -121,6 +125,21 @@ export async function POST(request: NextRequest) {
       }
     }
 
+    // Validate profile picture requirements
+    if (uploadType === 'profile-pictures') {
+      if (!sessionUserId?.trim()) {
+        throw new ValidationError(
+          'Authenticated user session is required for profile picture uploads'
+        )
+      }
+      // Only allow image uploads for profile pictures
+      if (!isImageFileType(contentType)) {
+        throw new ValidationError(
+          'Only image files (JPEG, PNG, GIF, WebP, SVG) are allowed for profile picture uploads'
+        )
+      }
+    }
+
     if (!isUsingCloudStorage()) {
       throw new StorageConfigError(
         'Direct uploads are only available when cloud storage is enabled'
@@ -185,7 +204,9 @@ async function handleS3PresignedUrl(
           ? S3_CHAT_CONFIG
           : uploadType === 'copilot'
             ? S3_COPILOT_CONFIG
-            : S3_CONFIG
+            : uploadType === 'profile-pictures'
+              ? S3_PROFILE_PICTURES_CONFIG
+              : S3_CONFIG
 
     if (!config.bucket || !config.region) {
       throw new StorageConfigError(`S3 configuration missing for ${uploadType} uploads`)
@@ -200,6 +221,8 @@ async function handleS3PresignedUrl(
       prefix = 'chat/'
     } else if (uploadType === 'copilot') {
       prefix = `${userId}/`
+    } else if (uploadType === 'profile-pictures') {
+      prefix = `${userId}/`
     }
 
     const uniqueKey = `${prefix}${uuidv4()}-${safeFileName}`
@@ -219,6 +242,9 @@ async function handleS3PresignedUrl(
     } else if (uploadType === 'copilot') {
       metadata.purpose = 'copilot'
       metadata.userId = userId || ''
+    } else if (uploadType === 'profile-pictures') {
+      metadata.purpose = 'profile-pictures'
+      metadata.userId = userId || ''
     }
 
     const command = new PutObjectCommand({
@@ -239,9 +265,9 @@ async function handleS3PresignedUrl(
       )
     }
 
-    // For chat images and knowledge base files, use direct URLs since they need to be accessible by external services
+    // For chat images, knowledge base files, and profile pictures, use direct URLs since they need to be accessible by external services
     const finalPath =
-      uploadType === 'chat' || uploadType === 'knowledge-base'
+      uploadType === 'chat' || uploadType === 'knowledge-base' || uploadType === 'profile-pictures'
         ? `https://${config.bucket}.s3.${config.region}.amazonaws.com/${uniqueKey}`
         : `/api/files/serve/s3/${encodeURIComponent(uniqueKey)}`
 
@@ -285,7 +311,9 @@ async function handleBlobPresignedUrl(
           ? BLOB_CHAT_CONFIG
           : uploadType === 'copilot'
             ? BLOB_COPILOT_CONFIG
-            : BLOB_CONFIG
+            : uploadType === 'profile-pictures'
+              ? BLOB_PROFILE_PICTURES_CONFIG
+              : BLOB_CONFIG
 
     if (
       !config.accountName ||
@@ -304,6 +332,8 @@ async function handleBlobPresignedUrl(
       prefix = 'chat/'
     } else if (uploadType === 'copilot') {
       prefix = `${userId}/`
+    } else if (uploadType === 'profile-pictures') {
+      prefix = `${userId}/`
     }
 
     const uniqueKey = `${prefix}${uuidv4()}-${safeFileName}`
@@ -339,10 +369,10 @@ async function handleBlobPresignedUrl(
 
     const presignedUrl = `${blockBlobClient.url}?${sasToken}`
 
-    // For chat images, use direct Blob URLs since they need to be permanently accessible
+    // For chat images and profile pictures, use direct Blob URLs since they need to be permanently accessible
     // For other files, use serve path for access control
     const finalPath =
-      uploadType === 'chat'
+      uploadType === 'chat' || uploadType === 'profile-pictures'
         ? blockBlobClient.url
         : `/api/files/serve/blob/${encodeURIComponent(uniqueKey)}`
 
@@ -362,6 +392,9 @@ async function handleBlobPresignedUrl(
     } else if (uploadType === 'copilot') {
       uploadHeaders['x-ms-meta-purpose'] = 'copilot'
       uploadHeaders['x-ms-meta-userid'] = encodeURIComponent(userId || '')
+    } else if (uploadType === 'profile-pictures') {
+      uploadHeaders['x-ms-meta-purpose'] = 'profile-pictures'
+      uploadHeaders['x-ms-meta-userid'] = encodeURIComponent(userId || '')
     }
 
     return NextResponse.json({

apps/sim/app/api/function/execute/route.test.ts

@@ -32,6 +32,14 @@ describe('Function Execute API Route', () => {
       createLogger: vi.fn().mockReturnValue(mockLogger),
     }))
 
+    vi.doMock('@/lib/execution/e2b', () => ({
+      executeInE2B: vi.fn().mockResolvedValue({
+        result: 'e2b success',
+        stdout: 'e2b output',
+        sandboxId: 'test-sandbox-id',
+      }),
+    }))
+
     mockRunInContext.mockResolvedValue('vm success')
     mockCreateContext.mockReturnValue({})
   })
@@ -45,6 +53,7 @@ describe('Function Execute API Route', () => {
       const req = createMockRequest('POST', {
         code: 'return "Hello World"',
         timeout: 5000,
+        useLocalVM: true,
       })
 
       const { POST } = await import('@/app/api/function/execute/route')
@@ -74,6 +83,7 @@ describe('Function Execute API Route', () => {
     it('should use default timeout when not provided', async () => {
       const req = createMockRequest('POST', {
         code: 'return "test"',
+        useLocalVM: true,
       })
 
       const { POST } = await import('@/app/api/function/execute/route')
@@ -93,6 +103,7 @@ describe('Function Execute API Route', () => {
     it('should resolve environment variables with {{var_name}} syntax', async () => {
       const req = createMockRequest('POST', {
         code: 'return {{API_KEY}}',
+        useLocalVM: true,
         envVars: {
           API_KEY: 'secret-key-123',
         },
@@ -108,6 +119,7 @@ describe('Function Execute API Route', () => {
     it('should resolve tag variables with <tag_name> syntax', async () => {
       const req = createMockRequest('POST', {
         code: 'return <email>',
+        useLocalVM: true,
         params: {
           email: { id: '123', subject: 'Test Email' },
         },
@@ -123,6 +135,7 @@ describe('Function Execute API Route', () => {
     it('should NOT treat email addresses as template variables', async () => {
       const req = createMockRequest('POST', {
         code: 'return "Email sent to user"',
+        useLocalVM: true,
         params: {
           email: {
             from: 'Waleed Latif <waleed@sim.ai>',
@@ -141,6 +154,7 @@ describe('Function Execute API Route', () => {
     it('should only match valid variable names in angle brackets', async () => {
       const req = createMockRequest('POST', {
         code: 'return <validVar> + "<invalid@email.com>" + <another_valid>',
+        useLocalVM: true,
         params: {
           validVar: 'hello',
           another_valid: 'world',
@@ -178,6 +192,7 @@ describe('Function Execute API Route', () => {
 
       const req = createMockRequest('POST', {
         code: 'return <email>',
+        useLocalVM: true,
         params: gmailData,
       })
 
@@ -200,6 +215,7 @@ describe('Function Execute API Route', () => {
 
       const req = createMockRequest('POST', {
         code: 'return <email>',
+        useLocalVM: true,
         params: complexEmailData,
       })
 
@@ -214,6 +230,7 @@ describe('Function Execute API Route', () => {
     it('should handle custom tool execution with direct parameter access', async () => {
       const req = createMockRequest('POST', {
         code: 'return location + " weather is sunny"',
+        useLocalVM: true,
         params: {
           location: 'San Francisco',
         },
@@ -245,6 +262,7 @@ describe('Function Execute API Route', () => {
     it('should handle timeout parameter', async () => {
       const req = createMockRequest('POST', {
         code: 'return "test"',
+        useLocalVM: true,
         timeout: 10000,
       })
 
@@ -262,6 +280,7 @@ describe('Function Execute API Route', () => {
     it('should handle empty parameters object', async () => {
       const req = createMockRequest('POST', {
         code: 'return "no params"',
+        useLocalVM: true,
         params: {},
       })
 
@@ -295,6 +314,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'const obj = {\n  name: "test",\n  description: "This has a missing closing quote\n};\nreturn obj;',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -338,6 +358,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'const obj = null;\nreturn obj.someMethod();',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -379,6 +400,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'const x = 42;\nreturn undefinedVariable + x;',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -409,6 +431,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'return "test";',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -445,6 +468,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'const a = 1;\nconst b = 2;\nconst c = 3;\nconst d = 4;\nreturn a + b + c + d;',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -476,6 +500,7 @@ SyntaxError: Invalid or unexpected token
 
       const req = createMockRequest('POST', {
         code: 'const obj = {\n  name: "test"\n// Missing closing brace',
+        useLocalVM: true,
         timeout: 5000,
       })
 
@@ -496,6 +521,7 @@ SyntaxError: Invalid or unexpected token
       // This tests the escapeRegExp function indirectly
       const req = createMockRequest('POST', {
         code: 'return {{special.chars+*?}}',
+        useLocalVM: true,
         envVars: {
           'special.chars+*?': 'escaped-value',
         },
@@ -512,6 +538,7 @@ SyntaxError: Invalid or unexpected token
       // Test with complex but not circular data first
       const req = createMockRequest('POST', {
         code: 'return <complexData>',
+        useLocalVM: true,
         params: {
           complexData: {
             special: 'chars"with\'quotes',

apps/sim/app/api/function/execute/route.ts

@@ -1,13 +1,20 @@
 import { createContext, Script } from 'vm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { env, isTruthy } from '@/lib/env'
+import { executeInE2B } from '@/lib/execution/e2b'
+import { CodeLanguage, DEFAULT_CODE_LANGUAGE, isValidCodeLanguage } from '@/lib/execution/languages'
 import { createLogger } from '@/lib/logs/console/logger'
-
+import { generateRequestId } from '@/lib/utils'
 export const dynamic = 'force-dynamic'
 export const runtime = 'nodejs'
 export const maxDuration = 60
 
 const logger = createLogger('FunctionExecuteAPI')
 
+// Constants for E2B code wrapping line counts
+const E2B_JS_WRAPPER_LINES = 3 // Lines before user code: ';(async () => {', '  try {', '    const __sim_result = await (async () => {'
+const E2B_PYTHON_WRAPPER_LINES = 1 // Lines before user code: 'def __sim_main__():'
+
 /**
  * Enhanced error information interface
  */
@@ -124,6 +131,103 @@ function extractEnhancedError(
   return enhanced
 }
 
+/**
+ * Parse and format E2B error message
+ * Removes E2B-specific line references and adds correct user line numbers
+ */
+function formatE2BError(
+  errorMessage: string,
+  errorOutput: string,
+  language: CodeLanguage,
+  userCode: string,
+  prologueLineCount: number
+): { formattedError: string; cleanedOutput: string } {
+  // Calculate line offset based on language and prologue
+  const wrapperLines =
+    language === CodeLanguage.Python ? E2B_PYTHON_WRAPPER_LINES : E2B_JS_WRAPPER_LINES
+  const totalOffset = prologueLineCount + wrapperLines
+
+  let userLine: number | undefined
+  let cleanErrorType = ''
+  let cleanErrorMsg = ''
+
+  if (language === CodeLanguage.Python) {
+    // Python error format: "Cell In[X], line Y" followed by error details
+    // Extract line number from the Cell reference
+    const cellMatch = errorOutput.match(/Cell In\[\d+\], line (\d+)/)
+    if (cellMatch) {
+      const originalLine = Number.parseInt(cellMatch[1], 10)
+      userLine = originalLine - totalOffset
+    }
+
+    // Extract clean error message from the error string
+    // Remove file references like "(detected at line X) (file.py, line Y)"
+    cleanErrorMsg = errorMessage
+      .replace(/\s*\(detected at line \d+\)/g, '')
+      .replace(/\s*\([^)]+\.py, line \d+\)/g, '')
+      .trim()
+  } else if (language === CodeLanguage.JavaScript) {
+    // JavaScript error format from E2B: "SyntaxError: /path/file.ts: Message. (line:col)\n\n   9 | ..."
+    // First, extract the error type and message from the first line
+    const firstLineEnd = errorMessage.indexOf('\n')
+    const firstLine = firstLineEnd > 0 ? errorMessage.substring(0, firstLineEnd) : errorMessage
+
+    // Parse: "SyntaxError: /home/user/index.ts: Missing semicolon. (11:9)"
+    const jsErrorMatch = firstLine.match(/^(\w+Error):\s*[^:]+:\s*([^(]+)\.\s*\((\d+):(\d+)\)/)
+    if (jsErrorMatch) {
+      cleanErrorType = jsErrorMatch[1]
+      cleanErrorMsg = jsErrorMatch[2].trim()
+      const originalLine = Number.parseInt(jsErrorMatch[3], 10)
+      userLine = originalLine - totalOffset
+    } else {
+      // Fallback: look for line number in the arrow pointer line (> 11 |)
+      const arrowMatch = errorMessage.match(/^>\s*(\d+)\s*\|/m)
+      if (arrowMatch) {
+        const originalLine = Number.parseInt(arrowMatch[1], 10)
+        userLine = originalLine - totalOffset
+      }
+      // Try to extract error type and message
+      const errorMatch = firstLine.match(/^(\w+Error):\s*(.+)/)
+      if (errorMatch) {
+        cleanErrorType = errorMatch[1]
+        cleanErrorMsg = errorMatch[2]
+          .replace(/^[^:]+:\s*/, '') // Remove file path
+          .replace(/\s*\(\d+:\d+\)\s*$/, '') // Remove line:col at end
+          .trim()
+      } else {
+        cleanErrorMsg = firstLine
+      }
+    }
+  }
+
+  // Build the final clean error message
+  const finalErrorMsg =
+    cleanErrorType && cleanErrorMsg
+      ? `${cleanErrorType}: ${cleanErrorMsg}`
+      : cleanErrorMsg || errorMessage
+
+  // Format with line number if available
+  let formattedError = finalErrorMsg
+  if (userLine && userLine > 0) {
+    const codeLines = userCode.split('\n')
+    // Clamp userLine to the actual user code range
+    const actualUserLine = Math.min(userLine, codeLines.length)
+    if (actualUserLine > 0 && actualUserLine <= codeLines.length) {
+      const lineContent = codeLines[actualUserLine - 1]?.trim()
+      if (lineContent) {
+        formattedError = `Line ${actualUserLine}: \`${lineContent}\` - ${finalErrorMsg}`
+      } else {
+        formattedError = `Line ${actualUserLine} - ${finalErrorMsg}`
+      }
+    }
+  }
+
+  // For stdout, just return the clean error message without the full traceback
+  const cleanedOutput = finalErrorMsg
+
+  return { formattedError, cleanedOutput }
+}
+
 /**
  * Create a detailed error message for users
  */
@@ -429,7 +533,7 @@ function escapeRegExp(string: string): string {
 }
 
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const startTime = Date.now()
   let stdout = ''
   let userCodeStartLine = 3 // Default value for error reporting
@@ -442,6 +546,8 @@ export async function POST(req: NextRequest) {
       code,
       params = {},
       timeout = 5000,
+      language = DEFAULT_CODE_LANGUAGE,
+      useLocalVM = false,
       envVars = {},
       blockData = {},
       blockNameMapping = {},
@@ -474,19 +580,164 @@ export async function POST(req: NextRequest) {
     resolvedCode = codeResolution.resolvedCode
     const contextVariables = codeResolution.contextVariables
 
-    const executionMethod = 'vm' // Default execution method
+    const e2bEnabled = isTruthy(env.E2B_ENABLED)
+    const lang = isValidCodeLanguage(language) ? language : DEFAULT_CODE_LANGUAGE
+    const useE2B =
+      e2bEnabled &&
+      !useLocalVM &&
+      !isCustomTool &&
+      (lang === CodeLanguage.JavaScript || lang === CodeLanguage.Python)
 
-    logger.info(`[${requestId}] Using VM for code execution`, {
-      hasEnvVars: Object.keys(envVars).length > 0,
-      hasWorkflowVariables: Object.keys(workflowVariables).length > 0,
-    })
+    if (useE2B) {
+      logger.info(`[${requestId}] E2B status`, {
+        enabled: e2bEnabled,
+        hasApiKey: Boolean(process.env.E2B_API_KEY),
+        language: lang,
+      })
+      let prologue = ''
+      const epilogue = ''
 
-    // Create a secure context with console logging
+      if (lang === CodeLanguage.JavaScript) {
+        // Track prologue lines for error adjustment
+        let prologueLineCount = 0
+        prologue += `const params = JSON.parse(${JSON.stringify(JSON.stringify(executionParams))});\n`
+        prologueLineCount++
+        prologue += `const environmentVariables = JSON.parse(${JSON.stringify(JSON.stringify(envVars))});\n`
+        prologueLineCount++
+        for (const [k, v] of Object.entries(contextVariables)) {
+          prologue += `const ${k} = JSON.parse(${JSON.stringify(JSON.stringify(v))});\n`
+          prologueLineCount++
+        }
+        const wrapped = [
+          ';(async () => {',
+          '  try {',
+          '    const __sim_result = await (async () => {',
+          `      ${resolvedCode.split('\n').join('\n      ')}`,
+          '    })();',
+          "    console.log('__SIM_RESULT__=' + JSON.stringify(__sim_result));",
+          '  } catch (error) {',
+          '    console.log(String((error && (error.stack || error.message)) || error));',
+          '    throw error;',
+          '  }',
+          '})();',
+        ].join('\n')
+        const codeForE2B = prologue + wrapped + epilogue
+
+        const execStart = Date.now()
+        const {
+          result: e2bResult,
+          stdout: e2bStdout,
+          sandboxId,
+          error: e2bError,
+        } = await executeInE2B({
+          code: codeForE2B,
+          language: CodeLanguage.JavaScript,
+          timeoutMs: timeout,
+        })
+        const executionTime = Date.now() - execStart
+        stdout += e2bStdout
+
+        logger.info(`[${requestId}] E2B JS sandbox`, {
+          sandboxId,
+          stdoutPreview: e2bStdout?.slice(0, 200),
+          error: e2bError,
+        })
+
+        // If there was an execution error, format it properly
+        if (e2bError) {
+          const { formattedError, cleanedOutput } = formatE2BError(
+            e2bError,
+            e2bStdout,
+            lang,
+            resolvedCode,
+            prologueLineCount
+          )
+          return NextResponse.json(
+            {
+              success: false,
+              error: formattedError,
+              output: { result: null, stdout: cleanedOutput, executionTime },
+            },
+            { status: 500 }
+          )
+        }
+
+        return NextResponse.json({
+          success: true,
+          output: { result: e2bResult ?? null, stdout, executionTime },
+        })
+      }
+      // Track prologue lines for error adjustment
+      let prologueLineCount = 0
+      prologue += 'import json\n'
+      prologueLineCount++
+      prologue += `params = json.loads(${JSON.stringify(JSON.stringify(executionParams))})\n`
+      prologueLineCount++
+      prologue += `environmentVariables = json.loads(${JSON.stringify(JSON.stringify(envVars))})\n`
+      prologueLineCount++
+      for (const [k, v] of Object.entries(contextVariables)) {
+        prologue += `${k} = json.loads(${JSON.stringify(JSON.stringify(v))})\n`
+        prologueLineCount++
+      }
+      const wrapped = [
+        'def __sim_main__():',
+        ...resolvedCode.split('\n').map((l) => `    ${l}`),
+        '__sim_result__ = __sim_main__()',
+        "print('__SIM_RESULT__=' + json.dumps(__sim_result__))",
+      ].join('\n')
+      const codeForE2B = prologue + wrapped + epilogue
+
+      const execStart = Date.now()
+      const {
+        result: e2bResult,
+        stdout: e2bStdout,
+        sandboxId,
+        error: e2bError,
+      } = await executeInE2B({
+        code: codeForE2B,
+        language: CodeLanguage.Python,
+        timeoutMs: timeout,
+      })
+      const executionTime = Date.now() - execStart
+      stdout += e2bStdout
+
+      logger.info(`[${requestId}] E2B Py sandbox`, {
+        sandboxId,
+        stdoutPreview: e2bStdout?.slice(0, 200),
+        error: e2bError,
+      })
+
+      // If there was an execution error, format it properly
+      if (e2bError) {
+        const { formattedError, cleanedOutput } = formatE2BError(
+          e2bError,
+          e2bStdout,
+          lang,
+          resolvedCode,
+          prologueLineCount
+        )
+        return NextResponse.json(
+          {
+            success: false,
+            error: formattedError,
+            output: { result: null, stdout: cleanedOutput, executionTime },
+          },
+          { status: 500 }
+        )
+      }
+
+      return NextResponse.json({
+        success: true,
+        output: { result: e2bResult ?? null, stdout, executionTime },
+      })
+    }
+
+    const executionMethod = 'vm'
     const context = createContext({
       params: executionParams,
       environmentVariables: envVars,
-      ...contextVariables, // Add resolved variables directly to context
-      fetch: globalThis.fetch || require('node-fetch').default,
+      ...contextVariables,
+      fetch: (globalThis as any).fetch || require('node-fetch').default,
       console: {
         log: (...args: any[]) => {
           const logMessage = `${args
@@ -504,23 +755,17 @@ export async function POST(req: NextRequest) {
       },
     })
 
-    // Calculate line offset for user code to provide accurate error reporting
     const wrapperLines = ['(async () => {', '  try {']
-
-    // Add custom tool parameter declarations if needed
     if (isCustomTool) {
       wrapperLines.push('    // For custom tools, make parameters directly accessible')
       Object.keys(executionParams).forEach((key) => {
         wrapperLines.push(`    const ${key} = params.${key};`)
       })
     }
-
-    userCodeStartLine = wrapperLines.length + 1 // +1 because user code starts on next line
-
-    // Build the complete script with proper formatting for line numbers
+    userCodeStartLine = wrapperLines.length + 1
     const fullScript = [
       ...wrapperLines,
-      `    ${resolvedCode.split('\n').join('\n    ')}`, // Indent user code
+      `    ${resolvedCode.split('\n').join('\n    ')}`,
       '  } catch (error) {',
       '    console.error(error);',
       '    throw error;',
@@ -529,33 +774,26 @@ export async function POST(req: NextRequest) {
     ].join('\n')
 
     const script = new Script(fullScript, {
-      filename: 'user-function.js', // This filename will appear in stack traces
-      lineOffset: 0, // Start line numbering from 0
-      columnOffset: 0, // Start column numbering from 0
+      filename: 'user-function.js',
+      lineOffset: 0,
+      columnOffset: 0,
     })
 
     const result = await script.runInContext(context, {
       timeout,
       displayErrors: true,
-      breakOnSigint: true, // Allow breaking on SIGINT for better debugging
+      breakOnSigint: true,
     })
-    // }
 
     const executionTime = Date.now() - startTime
     logger.info(`[${requestId}] Function executed successfully using ${executionMethod}`, {
       executionTime,
     })
 
-    const response = {
+    return NextResponse.json({
       success: true,
-      output: {
-        result,
-        stdout,
-        executionTime,
-      },
-    }
-
-    return NextResponse.json(response)
+      output: { result, stdout, executionTime },
+    })
   } catch (error: any) {
     const executionTime = Date.now() - startTime
     logger.error(`[${requestId}] Function execution failed`, {

apps/sim/app/api/help/route.ts

@@ -7,6 +7,7 @@ import { getFromEmailAddress } from '@/lib/email/utils'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getEmailDomain } from '@/lib/urls/utils'
+import { generateRequestId } from '@/lib/utils'
 
 const logger = createLogger('HelpAPI')
 
@@ -17,7 +18,7 @@ const helpFormSchema = z.object({
 })
 
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get user session

apps/sim/app/api/jobs/[jobId]/route.ts

@@ -3,6 +3,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { createErrorResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
 import { apiKey as apiKeyTable } from '@/db/schema'
@@ -14,7 +15,7 @@ export async function GET(
   { params }: { params: Promise<{ jobId: string }> }
 ) {
   const { jobId: taskId } = await params
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.debug(`[${requestId}] Getting status for task: ${taskId}`)

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts

@@ -1,9 +1,9 @@
-import crypto from 'crypto'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { batchChunkOperation, createChunk, queryChunks } from '@/lib/knowledge/chunks/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { checkDocumentAccess, checkDocumentWriteAccess } from '@/app/api/knowledge/utils'
 import { calculateCost } from '@/providers/utils'
@@ -34,7 +34,7 @@ export async function GET(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {
@@ -106,7 +106,7 @@ export async function POST(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {
@@ -229,7 +229,7 @@ export async function PATCH(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {

apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts

@@ -8,6 +8,7 @@ import {
   updateDocument,
 } from '@/lib/knowledge/documents/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { checkDocumentAccess, checkDocumentWriteAccess } from '@/app/api/knowledge/utils'
 
 const logger = createLogger('DocumentByIdAPI')
@@ -36,7 +37,7 @@ export async function GET(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {
@@ -79,7 +80,7 @@ export async function PUT(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {
@@ -209,7 +210,7 @@ export async function DELETE(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; documentId: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id: knowledgeBaseId, documentId } = await params
 
   try {

apps/sim/app/api/knowledge/[id]/route.ts

@@ -7,6 +7,7 @@ import {
   updateKnowledgeBase,
 } from '@/lib/knowledge/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { checkKnowledgeBaseAccess, checkKnowledgeBaseWriteAccess } from '@/app/api/knowledge/utils'
 
 const logger = createLogger('KnowledgeBaseByIdAPI')
@@ -27,7 +28,7 @@ const UpdateKnowledgeBaseSchema = z.object({
 })
 
 export async function GET(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -69,7 +70,7 @@ export async function GET(_req: NextRequest, { params }: { params: Promise<{ id:
 }
 
 export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -132,7 +133,7 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
 }
 
 export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {

apps/sim/app/api/knowledge/route.ts

@@ -3,6 +3,7 @@ import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createKnowledgeBase, getKnowledgeBases } from '@/lib/knowledge/service'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 
 const logger = createLogger('KnowledgeBaseAPI')
 
@@ -29,7 +30,7 @@ const CreateKnowledgeBaseSchema = z.object({
 })
 
 export async function GET(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()
@@ -54,7 +55,7 @@ export async function GET(req: NextRequest) {
 }
 
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()

apps/sim/app/api/knowledge/search/route.test.ts

@@ -34,6 +34,10 @@ vi.mock('@/lib/env', () => ({
     typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
 }))
 
+vi.mock('@/lib/utils', () => ({
+  generateRequestId: vi.fn(() => 'test-request-id'),
+}))
+
 vi.mock('@/lib/documents/utils', () => ({
   retryWithExponentialBackoff: vi.fn().mockImplementation((fn) => fn()),
 }))

apps/sim/app/api/knowledge/search/route.ts

@@ -4,6 +4,7 @@ import { TAG_SLOTS } from '@/lib/knowledge/consts'
 import { getDocumentTagDefinitions } from '@/lib/knowledge/tags/service'
 import { createLogger } from '@/lib/logs/console/logger'
 import { estimateTokenCount } from '@/lib/tokenization/estimators'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils'
 import { calculateCost } from '@/providers/utils'
@@ -57,7 +58,7 @@ const VectorSearchSchema = z
   )
 
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const body = await request.json()

apps/sim/app/api/logs/[id]/route.ts

@@ -2,6 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { permissions, workflow, workflowExecutionLogs } from '@/db/schema'
 
@@ -10,7 +11,7 @@ const logger = createLogger('LogDetailsByIdAPI')
 export const revalidate = 0
 
 export async function GET(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()

apps/sim/app/api/logs/execution/[executionId]/route.ts

@@ -4,7 +4,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { workflowExecutionLogs, workflowExecutionSnapshots } from '@/db/schema'
 
-const logger = createLogger('FrozenCanvasAPI')
+const logger = createLogger('LogsByExecutionIdAPI')
 
 export async function GET(
   _request: NextRequest,
@@ -13,7 +13,7 @@ export async function GET(
   try {
     const { executionId } = await params
 
-    logger.debug(`Fetching frozen canvas data for execution: ${executionId}`)
+    logger.debug(`Fetching execution data for: ${executionId}`)
 
     // Get the workflow execution log to find the snapshot
     const [workflowLog] = await db
@@ -41,7 +41,6 @@ export async function GET(
       executionId,
       workflowId: workflowLog.workflowId,
       workflowState: snapshot.stateData,
-      executionData: workflowLog.executionData || {},
       executionMetadata: {
         trigger: workflowLog.trigger,
         startedAt: workflowLog.startedAt.toISOString(),
@@ -51,14 +50,14 @@ export async function GET(
       },
     }
 
-    logger.debug(`Successfully fetched frozen canvas data for execution: ${executionId}`)
+    logger.debug(`Successfully fetched execution data for: ${executionId}`)
     logger.debug(
       `Workflow state contains ${Object.keys((snapshot.stateData as any)?.blocks || {}).length} blocks`
     )
 
     return NextResponse.json(response)
   } catch (error) {
-    logger.error('Error fetching frozen canvas data:', error)
-    return NextResponse.json({ error: 'Failed to fetch frozen canvas data' }, { status: 500 })
+    logger.error('Error fetching execution data:', error)
+    return NextResponse.json({ error: 'Failed to fetch execution data' }, { status: 500 })
   }
 }

apps/sim/app/api/logs/route.ts

@@ -3,44 +3,12 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { permissions, workflow, workflowExecutionLogs } from '@/db/schema'
 
 const logger = createLogger('LogsAPI')
 
-// Helper function to extract block executions from trace spans
-function extractBlockExecutionsFromTraceSpans(traceSpans: any[]): any[] {
-  const blockExecutions: any[] = []
-
-  function processSpan(span: any) {
-    if (span.blockId) {
-      blockExecutions.push({
-        id: span.id,
-        blockId: span.blockId,
-        blockName: span.name || '',
-        blockType: span.type,
-        startedAt: span.startTime,
-        endedAt: span.endTime,
-        durationMs: span.duration || 0,
-        status: span.status || 'success',
-        errorMessage: span.output?.error || undefined,
-        inputData: span.input || {},
-        outputData: span.output || {},
-        cost: span.cost || undefined,
-        metadata: {},
-      })
-    }
-
-    // Process children recursively
-    if (span.children && Array.isArray(span.children)) {
-      span.children.forEach(processSpan)
-    }
-  }
-
-  traceSpans.forEach(processSpan)
-  return blockExecutions
-}
-
 export const revalidate = 0
 
 const QueryParamsSchema = z.object({
@@ -58,7 +26,7 @@ const QueryParamsSchema = z.object({
 })
 
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()

apps/sim/app/api/mcp/servers/[id]/refresh/route.ts

@@ -0,0 +1,99 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServerRefreshAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * POST - Refresh an MCP server connection (requires any workspace permission)
+ */
+export const POST = withMcpAuth('read')(
+  async (
+    request: NextRequest,
+    { userId, workspaceId, requestId },
+    { params }: { params: { id: string } }
+  ) => {
+    const serverId = params.id
+
+    try {
+      logger.info(
+        `[${requestId}] Refreshing MCP server: ${serverId} in workspace: ${workspaceId}`,
+        {
+          userId,
+        }
+      )
+
+      const [server] = await db
+        .select()
+        .from(mcpServers)
+        .where(
+          and(
+            eq(mcpServers.id, serverId),
+            eq(mcpServers.workspaceId, workspaceId),
+            isNull(mcpServers.deletedAt)
+          )
+        )
+        .limit(1)
+
+      if (!server) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      let connectionStatus: 'connected' | 'disconnected' | 'error' = 'error'
+      let toolCount = 0
+      let lastError: string | null = null
+
+      try {
+        const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+        connectionStatus = 'connected'
+        toolCount = tools.length
+        logger.info(
+          `[${requestId}] Successfully connected to server ${serverId}, discovered ${toolCount} tools`
+        )
+      } catch (error) {
+        connectionStatus = 'error'
+        lastError = error instanceof Error ? error.message : 'Connection test failed'
+        logger.warn(`[${requestId}] Failed to connect to server ${serverId}:`, error)
+      }
+
+      const [refreshedServer] = await db
+        .update(mcpServers)
+        .set({
+          lastToolsRefresh: new Date(),
+          connectionStatus,
+          lastError,
+          lastConnected: connectionStatus === 'connected' ? new Date() : server.lastConnected,
+          toolCount,
+          updatedAt: new Date(),
+        })
+        .where(eq(mcpServers.id, serverId))
+        .returning()
+
+      logger.info(`[${requestId}] Successfully refreshed MCP server: ${serverId}`)
+      return createMcpSuccessResponse({
+        status: connectionStatus,
+        toolCount,
+        lastConnected: refreshedServer?.lastConnected?.toISOString() || null,
+        error: lastError,
+      })
+    } catch (error) {
+      logger.error(`[${requestId}] Error refreshing MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to refresh MCP server'),
+        'Failed to refresh MCP server',
+        500
+      )
+    }
+  }
+)

apps/sim/app/api/mcp/servers/[id]/route.ts

@@ -0,0 +1,92 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServerAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * PATCH - Update an MCP server in the workspace (requires write or admin permission)
+ */
+export const PATCH = withMcpAuth('write')(
+  async (
+    request: NextRequest,
+    { userId, workspaceId, requestId },
+    { params }: { params: { id: string } }
+  ) => {
+    const serverId = params.id
+
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Updating MCP server: ${serverId} in workspace: ${workspaceId}`, {
+        userId,
+        updates: Object.keys(body).filter((k) => k !== 'workspaceId'),
+      })
+
+      // Validate URL if being updated
+      if (
+        body.url &&
+        (body.transport === 'http' ||
+          body.transport === 'sse' ||
+          body.transport === 'streamable-http')
+      ) {
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      // Remove workspaceId from body to prevent it from being updated
+      const { workspaceId: _, ...updateData } = body
+
+      const [updatedServer] = await db
+        .update(mcpServers)
+        .set({
+          ...updateData,
+          updatedAt: new Date(),
+        })
+        .where(
+          and(
+            eq(mcpServers.id, serverId),
+            eq(mcpServers.workspaceId, workspaceId),
+            isNull(mcpServers.deletedAt)
+          )
+        )
+        .returning()
+
+      if (!updatedServer) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      // Clear MCP service cache after update
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully updated MCP server: ${serverId}`)
+      return createMcpSuccessResponse({ server: updatedServer })
+    } catch (error) {
+      logger.error(`[${requestId}] Error updating MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to update MCP server'),
+        'Failed to update MCP server',
+        500
+      )
+    }
+  }
+)

apps/sim/app/api/mcp/servers/route.ts

@@ -0,0 +1,166 @@
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpTransport } from '@/lib/mcp/types'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { db } from '@/db'
+import { mcpServers } from '@/db/schema'
+
+const logger = createLogger('McpServersAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Check if transport type requires a URL
+ */
+function isUrlBasedTransport(transport: McpTransport): boolean {
+  return transport === 'http' || transport === 'sse' || transport === 'streamable-http'
+}
+
+/**
+ * GET - List all registered MCP servers for the workspace
+ */
+export const GET = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      logger.info(`[${requestId}] Listing MCP servers for workspace ${workspaceId}`)
+
+      const servers = await db
+        .select()
+        .from(mcpServers)
+        .where(and(eq(mcpServers.workspaceId, workspaceId), isNull(mcpServers.deletedAt)))
+
+      logger.info(
+        `[${requestId}] Listed ${servers.length} MCP servers for workspace ${workspaceId}`
+      )
+      return createMcpSuccessResponse({ servers })
+    } catch (error) {
+      logger.error(`[${requestId}] Error listing MCP servers:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to list MCP servers'),
+        'Failed to list MCP servers',
+        500
+      )
+    }
+  }
+)
+
+/**
+ * POST - Register a new MCP server for the workspace (requires write permission)
+ */
+export const POST = withMcpAuth('write')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Registering new MCP server:`, {
+        name: body.name,
+        transport: body.transport,
+        workspaceId,
+      })
+
+      if (!body.name || !body.transport) {
+        return createMcpErrorResponse(
+          new Error('Missing required fields: name or transport'),
+          'Missing required fields',
+          400
+        )
+      }
+
+      if (isUrlBasedTransport(body.transport) && body.url) {
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      const serverId = body.id || crypto.randomUUID()
+
+      await db
+        .insert(mcpServers)
+        .values({
+          id: serverId,
+          workspaceId,
+          createdBy: userId,
+          name: body.name,
+          description: body.description,
+          transport: body.transport,
+          url: body.url,
+          headers: body.headers || {},
+          timeout: body.timeout || 30000,
+          retries: body.retries || 3,
+          enabled: body.enabled !== false,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        })
+        .returning()
+
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully registered MCP server: ${body.name}`)
+      return createMcpSuccessResponse({ serverId }, 201)
+    } catch (error) {
+      logger.error(`[${requestId}] Error registering MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to register MCP server'),
+        'Failed to register MCP server',
+        500
+      )
+    }
+  }
+)
+
+/**
+ * DELETE - Delete an MCP server from the workspace (requires admin permission)
+ */
+export const DELETE = withMcpAuth('admin')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const { searchParams } = new URL(request.url)
+      const serverId = searchParams.get('serverId')
+
+      if (!serverId) {
+        return createMcpErrorResponse(
+          new Error('serverId parameter is required'),
+          'Missing required parameter',
+          400
+        )
+      }
+
+      logger.info(`[${requestId}] Deleting MCP server: ${serverId} from workspace: ${workspaceId}`)
+
+      const [deletedServer] = await db
+        .delete(mcpServers)
+        .where(and(eq(mcpServers.id, serverId), eq(mcpServers.workspaceId, workspaceId)))
+        .returning()
+
+      if (!deletedServer) {
+        return createMcpErrorResponse(
+          new Error('Server not found or access denied'),
+          'Server not found',
+          404
+        )
+      }
+
+      mcpService.clearCache(workspaceId)
+
+      logger.info(`[${requestId}] Successfully deleted MCP server: ${serverId}`)
+      return createMcpSuccessResponse({ message: `Server ${serverId} deleted successfully` })
+    } catch (error) {
+      logger.error(`[${requestId}] Error deleting MCP server:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to delete MCP server'),
+        'Failed to delete MCP server',
+        500
+      )
+    }
+  }
+)

apps/sim/app/api/mcp/servers/test-connection/route.ts

@@ -0,0 +1,209 @@
+import type { NextRequest } from 'next/server'
+import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
+import { createLogger } from '@/lib/logs/console/logger'
+import { McpClient } from '@/lib/mcp/client'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import type { McpServerConfig, McpTransport } from '@/lib/mcp/types'
+import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
+import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+
+const logger = createLogger('McpServerTestAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Check if transport type requires a URL
+ */
+function isUrlBasedTransport(transport: McpTransport): boolean {
+  return transport === 'http' || transport === 'sse' || transport === 'streamable-http'
+}
+
+/**
+ * Resolve environment variables in strings
+ */
+function resolveEnvVars(value: string, envVars: Record<string, string>): string {
+  const envMatches = value.match(/\{\{([^}]+)\}\}/g)
+  if (!envMatches) return value
+
+  let resolvedValue = value
+  for (const match of envMatches) {
+    const envKey = match.slice(2, -2).trim()
+    const envValue = envVars[envKey]
+
+    if (envValue === undefined) {
+      logger.warn(`Environment variable "${envKey}" not found in MCP server test`)
+      continue
+    }
+
+    resolvedValue = resolvedValue.replace(match, envValue)
+  }
+  return resolvedValue
+}
+
+interface TestConnectionRequest {
+  name: string
+  transport: McpTransport
+  url?: string
+  headers?: Record<string, string>
+  timeout?: number
+  workspaceId: string
+}
+
+interface TestConnectionResult {
+  success: boolean
+  error?: string
+  serverInfo?: {
+    name: string
+    version: string
+  }
+  negotiatedVersion?: string
+  supportedCapabilities?: string[]
+  toolCount?: number
+  warnings?: string[]
+}
+
+/**
+ * POST - Test connection to an MCP server before registering it
+ */
+export const POST = withMcpAuth('write')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body: TestConnectionRequest = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] Testing MCP server connection:`, {
+        name: body.name,
+        transport: body.transport,
+        url: body.url ? `${body.url.substring(0, 50)}...` : undefined, // Partial URL for security
+        workspaceId,
+      })
+
+      if (!body.name || !body.transport) {
+        return createMcpErrorResponse(
+          new Error('Missing required fields: name and transport are required'),
+          'Missing required fields',
+          400
+        )
+      }
+
+      if (isUrlBasedTransport(body.transport)) {
+        if (!body.url) {
+          return createMcpErrorResponse(
+            new Error('URL is required for HTTP-based transports'),
+            'Missing required URL',
+            400
+          )
+        }
+
+        const urlValidation = validateMcpServerUrl(body.url)
+        if (!urlValidation.isValid) {
+          return createMcpErrorResponse(
+            new Error(`Invalid MCP server URL: ${urlValidation.error}`),
+            'Invalid server URL',
+            400
+          )
+        }
+        body.url = urlValidation.normalizedUrl
+      }
+
+      let resolvedUrl = body.url
+      let resolvedHeaders = body.headers || {}
+
+      try {
+        const envVars = await getEffectiveDecryptedEnv(userId, workspaceId)
+
+        if (resolvedUrl) {
+          resolvedUrl = resolveEnvVars(resolvedUrl, envVars)
+        }
+
+        const resolvedHeadersObj: Record<string, string> = {}
+        for (const [key, value] of Object.entries(resolvedHeaders)) {
+          resolvedHeadersObj[key] = resolveEnvVars(value, envVars)
+        }
+        resolvedHeaders = resolvedHeadersObj
+      } catch (envError) {
+        logger.warn(
+          `[${requestId}] Failed to resolve environment variables, using raw values:`,
+          envError
+        )
+      }
+
+      const testConfig: McpServerConfig = {
+        id: `test-${requestId}`,
+        name: body.name,
+        transport: body.transport,
+        url: resolvedUrl,
+        headers: resolvedHeaders,
+        timeout: body.timeout || 10000,
+        retries: 1, // Only one retry for tests
+        enabled: true,
+      }
+
+      const testSecurityPolicy = {
+        requireConsent: false,
+        auditLevel: 'none' as const,
+        maxToolExecutionsPerHour: 0,
+      }
+
+      const result: TestConnectionResult = { success: false }
+      let client: McpClient | null = null
+
+      try {
+        client = new McpClient(testConfig, testSecurityPolicy)
+        await client.connect()
+
+        result.success = true
+        result.negotiatedVersion = client.getNegotiatedVersion()
+
+        try {
+          const tools = await client.listTools()
+          result.toolCount = tools.length
+        } catch (toolError) {
+          logger.warn(`[${requestId}] Could not list tools from test server:`, toolError)
+          result.warnings = result.warnings || []
+          result.warnings.push('Could not list tools from server')
+        }
+
+        const clientVersionInfo = McpClient.getVersionInfo()
+        if (result.negotiatedVersion !== clientVersionInfo.preferred) {
+          result.warnings = result.warnings || []
+          result.warnings.push(
+            `Server uses protocol version '${result.negotiatedVersion}' instead of preferred '${clientVersionInfo.preferred}'`
+          )
+        }
+
+        logger.info(`[${requestId}] MCP server test successful:`, {
+          name: body.name,
+          negotiatedVersion: result.negotiatedVersion,
+          toolCount: result.toolCount,
+          capabilities: result.supportedCapabilities,
+        })
+      } catch (error) {
+        logger.warn(`[${requestId}] MCP server test failed:`, error)
+
+        result.success = false
+        if (error instanceof Error) {
+          result.error = error.message
+        } else {
+          result.error = 'Unknown connection error'
+        }
+      } finally {
+        if (client) {
+          try {
+            await client.disconnect()
+          } catch (disconnectError) {
+            logger.debug(`[${requestId}] Test client disconnect error (expected):`, disconnectError)
+          }
+        }
+      }
+
+      return createMcpSuccessResponse(result, result.success ? 200 : 400)
+    } catch (error) {
+      logger.error(`[${requestId}] Error testing MCP server connection:`, error)
+      return createMcpErrorResponse(
+        error instanceof Error ? error : new Error('Failed to test server connection'),
+        'Failed to test server connection',
+        500
+      )
+    }
+  }
+)

apps/sim/app/api/mcp/tools/discover/route.ts

@@ -0,0 +1,122 @@
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpToolDiscoveryResponse } from '@/lib/mcp/types'
+import { categorizeError, createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+
+const logger = createLogger('McpToolDiscoveryAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * GET - Discover all tools from user's MCP servers
+ */
+export const GET = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const { searchParams } = new URL(request.url)
+      const serverId = searchParams.get('serverId')
+      const forceRefresh = searchParams.get('refresh') === 'true'
+
+      logger.info(`[${requestId}] Discovering MCP tools for user ${userId}`, {
+        serverId,
+        workspaceId,
+        forceRefresh,
+      })
+
+      let tools
+      if (serverId) {
+        tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+      } else {
+        tools = await mcpService.discoverTools(userId, workspaceId, forceRefresh)
+      }
+
+      const byServer: Record<string, number> = {}
+      for (const tool of tools) {
+        byServer[tool.serverId] = (byServer[tool.serverId] || 0) + 1
+      }
+
+      const responseData: McpToolDiscoveryResponse = {
+        tools,
+        totalCount: tools.length,
+        byServer,
+      }
+
+      logger.info(
+        `[${requestId}] Discovered ${tools.length} tools from ${Object.keys(byServer).length} servers`
+      )
+      return createMcpSuccessResponse(responseData)
+    } catch (error) {
+      logger.error(`[${requestId}] Error discovering MCP tools:`, error)
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), 'Failed to discover MCP tools', status)
+    }
+  }
+)
+
+/**
+ * POST - Refresh tool discovery for specific servers
+ */
+export const POST = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+      const { serverIds } = body
+
+      if (!Array.isArray(serverIds)) {
+        return createMcpErrorResponse(
+          new Error('serverIds must be an array'),
+          'Invalid request format',
+          400
+        )
+      }
+
+      logger.info(
+        `[${requestId}] Refreshing tool discovery for user ${userId}, servers:`,
+        serverIds
+      )
+
+      const results = await Promise.allSettled(
+        serverIds.map(async (serverId: string) => {
+          const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+          return { serverId, toolCount: tools.length }
+        })
+      )
+
+      const successes: Array<{ serverId: string; toolCount: number }> = []
+      const failures: Array<{ serverId: string; error: string }> = []
+
+      results.forEach((result, index) => {
+        const serverId = serverIds[index]
+        if (result.status === 'fulfilled') {
+          successes.push(result.value)
+        } else {
+          failures.push({
+            serverId,
+            error: result.reason instanceof Error ? result.reason.message : 'Unknown error',
+          })
+        }
+      })
+
+      const responseData = {
+        refreshed: successes,
+        failed: failures,
+        summary: {
+          total: serverIds.length,
+          successful: successes.length,
+          failed: failures.length,
+        },
+      }
+
+      logger.info(
+        `[${requestId}] Tool discovery refresh completed: ${successes.length}/${serverIds.length} successful`
+      )
+      return createMcpSuccessResponse(responseData)
+    } catch (error) {
+      logger.error(`[${requestId}] Error refreshing tool discovery:`, error)
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), 'Failed to refresh tool discovery', status)
+    }
+  }
+)

apps/sim/app/api/mcp/tools/execute/route.ts

@@ -0,0 +1,252 @@
+import type { NextRequest } from 'next/server'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
+import { mcpService } from '@/lib/mcp/service'
+import type { McpTool, McpToolCall, McpToolResult } from '@/lib/mcp/types'
+import {
+  categorizeError,
+  createMcpErrorResponse,
+  createMcpSuccessResponse,
+  MCP_CONSTANTS,
+  validateStringParam,
+} from '@/lib/mcp/utils'
+
+const logger = createLogger('McpToolExecutionAPI')
+
+export const dynamic = 'force-dynamic'
+
+// Type definitions for improved type safety
+interface SchemaProperty {
+  type: 'string' | 'number' | 'boolean' | 'object' | 'array'
+  description?: string
+  enum?: unknown[]
+  format?: string
+  items?: SchemaProperty
+  properties?: Record<string, SchemaProperty>
+}
+
+interface ToolExecutionResult {
+  success: boolean
+  output?: McpToolResult
+  error?: string
+}
+
+/**
+ * Type guard to safely check if a schema property has a type field
+ */
+function hasType(prop: unknown): prop is SchemaProperty {
+  return typeof prop === 'object' && prop !== null && 'type' in prop
+}
+
+/**
+ * POST - Execute a tool on an MCP server
+ */
+export const POST = withMcpAuth('read')(
+  async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    try {
+      const body = getParsedBody(request) || (await request.json())
+
+      logger.info(`[${requestId}] MCP tool execution request received`, {
+        hasAuthHeader: !!request.headers.get('authorization'),
+        authHeaderType: request.headers.get('authorization')?.substring(0, 10),
+        bodyKeys: Object.keys(body),
+        serverId: body.serverId,
+        toolName: body.toolName,
+        hasWorkflowId: !!body.workflowId,
+        workflowId: body.workflowId,
+        userId: userId,
+      })
+
+      const { serverId, toolName, arguments: args } = body
+
+      const serverIdValidation = validateStringParam(serverId, 'serverId')
+      if (!serverIdValidation.isValid) {
+        logger.warn(`[${requestId}] Invalid serverId: ${serverId}`)
+        return createMcpErrorResponse(new Error(serverIdValidation.error), 'Invalid serverId', 400)
+      }
+
+      const toolNameValidation = validateStringParam(toolName, 'toolName')
+      if (!toolNameValidation.isValid) {
+        logger.warn(`[${requestId}] Invalid toolName: ${toolName}`)
+        return createMcpErrorResponse(new Error(toolNameValidation.error), 'Invalid toolName', 400)
+      }
+
+      logger.info(
+        `[${requestId}] Executing tool ${toolName} on server ${serverId} for user ${userId} in workspace ${workspaceId}`
+      )
+
+      let tool = null
+      try {
+        const tools = await mcpService.discoverServerTools(userId, serverId, workspaceId)
+        tool = tools.find((t) => t.name === toolName)
+
+        if (!tool) {
+          return createMcpErrorResponse(
+            new Error(
+              `Tool ${toolName} not found on server ${serverId}. Available tools: ${tools.map((t) => t.name).join(', ')}`
+            ),
+            'Tool not found',
+            404
+          )
+        }
+
+        // Parse array arguments based on tool schema
+        if (tool.inputSchema?.properties) {
+          for (const [paramName, paramSchema] of Object.entries(tool.inputSchema.properties)) {
+            const schema = paramSchema as any
+            if (
+              schema.type === 'array' &&
+              args[paramName] !== undefined &&
+              typeof args[paramName] === 'string'
+            ) {
+              const stringValue = args[paramName].trim()
+              if (stringValue) {
+                try {
+                  // Try to parse as JSON first (handles ["item1", "item2"])
+                  const parsed = JSON.parse(stringValue)
+                  if (Array.isArray(parsed)) {
+                    args[paramName] = parsed
+                  } else {
+                    // JSON parsed but not an array, wrap in array
+                    args[paramName] = [parsed]
+                  }
+                } catch (error) {
+                  // JSON parsing failed - treat as comma-separated if contains commas, otherwise single item
+                  if (stringValue.includes(',')) {
+                    args[paramName] = stringValue
+                      .split(',')
+                      .map((item) => item.trim())
+                      .filter((item) => item)
+                  } else {
+                    // Single item - wrap in array since schema expects array
+                    args[paramName] = [stringValue]
+                  }
+                }
+              } else {
+                // Empty string becomes empty array
+                args[paramName] = []
+              }
+            }
+          }
+        }
+      } catch (error) {
+        logger.warn(
+          `[${requestId}] Failed to discover tools for validation, proceeding anyway:`,
+          error
+        )
+      }
+
+      if (tool) {
+        const validationError = validateToolArguments(tool, args)
+        if (validationError) {
+          logger.warn(`[${requestId}] Tool validation failed: ${validationError}`)
+          return createMcpErrorResponse(
+            new Error(`Invalid arguments for tool ${toolName}: ${validationError}`),
+            'Invalid tool arguments',
+            400
+          )
+        }
+      }
+
+      const toolCall: McpToolCall = {
+        name: toolName,
+        arguments: args || {},
+      }
+
+      const result = await Promise.race([
+        mcpService.executeTool(userId, serverId, toolCall, workspaceId),
+        new Promise<never>((_, reject) =>
+          setTimeout(
+            () => reject(new Error('Tool execution timeout')),
+            MCP_CONSTANTS.EXECUTION_TIMEOUT
+          )
+        ),
+      ])
+
+      const transformedResult = transformToolResult(result)
+
+      if (result.isError) {
+        logger.warn(`[${requestId}] Tool execution returned error for ${toolName} on ${serverId}`)
+        return createMcpErrorResponse(
+          transformedResult,
+          transformedResult.error || 'Tool execution failed',
+          400
+        )
+      }
+      logger.info(`[${requestId}] Successfully executed tool ${toolName} on server ${serverId}`)
+      return createMcpSuccessResponse(transformedResult)
+    } catch (error) {
+      logger.error(`[${requestId}] Error executing MCP tool:`, error)
+
+      const { message, status } = categorizeError(error)
+      return createMcpErrorResponse(new Error(message), message, status)
+    }
+  }
+)
+
+/**
+ * Validate tool arguments against schema
+ */
+function validateToolArguments(tool: McpTool, args: Record<string, unknown>): string | null {
+  if (!tool.inputSchema) {
+    return null // No schema to validate against
+  }
+
+  const schema = tool.inputSchema
+
+  if (schema.required && Array.isArray(schema.required)) {
+    for (const requiredProp of schema.required) {
+      if (!(requiredProp in (args || {}))) {
+        return `Missing required property: ${requiredProp}`
+      }
+    }
+  }
+
+  if (schema.properties && args) {
+    for (const [propName, propSchema] of Object.entries(schema.properties)) {
+      const propValue = args[propName]
+      if (propValue !== undefined && hasType(propSchema)) {
+        const expectedType = propSchema.type
+        const actualType = typeof propValue
+
+        if (expectedType === 'string' && actualType !== 'string') {
+          return `Property ${propName} must be a string`
+        }
+        if (expectedType === 'number' && actualType !== 'number') {
+          return `Property ${propName} must be a number`
+        }
+        if (expectedType === 'boolean' && actualType !== 'boolean') {
+          return `Property ${propName} must be a boolean`
+        }
+        if (
+          expectedType === 'object' &&
+          (actualType !== 'object' || propValue === null || Array.isArray(propValue))
+        ) {
+          return `Property ${propName} must be an object`
+        }
+        if (expectedType === 'array' && !Array.isArray(propValue)) {
+          return `Property ${propName} must be an array`
+        }
+      }
+    }
+  }
+
+  return null
+}
+
+/**
+ * Transform MCP tool result to platform format
+ */
+function transformToolResult(result: McpToolResult): ToolExecutionResult {
+  if (result.isError) {
+    return {
+      success: false,
+      error: result.content?.[0]?.text || 'Tool execution failed',
+    }
+  }
+
+  return {
+    success: true,
+    output: result,
+  }
+}

apps/sim/app/api/memory/[id]/route.ts

@@ -1,6 +1,7 @@
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { memory } from '@/db/schema'
 
@@ -13,7 +14,7 @@ export const runtime = 'nodejs'
  * GET handler for retrieving a specific memory by ID
  */
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -85,7 +86,7 @@ export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -156,7 +157,7 @@ export async function DELETE(
  * PUT handler for updating a specific memory
  */
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {

apps/sim/app/api/memory/route.ts

@@ -1,6 +1,7 @@
 import { and, eq, isNull, like } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { memory } from '@/db/schema'
 
@@ -18,7 +19,7 @@ export const runtime = 'nodejs'
  * - workflowId: Filter by workflow ID (required)
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.info(`[${requestId}] Processing memory search request`)
@@ -101,7 +102,7 @@ export async function GET(request: NextRequest) {
  * - workflowId: ID of the workflow this memory belongs to
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     logger.info(`[${requestId}] Processing memory creation request`)

apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts

@@ -0,0 +1,198 @@
+import { randomUUID } from 'crypto'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import {
+  invitation,
+  member,
+  organization,
+  permissions,
+  user,
+  type WorkspaceInvitationStatus,
+  workspaceInvitation,
+} from '@/db/schema'
+
+const logger = createLogger('OrganizationInvitation')
+
+// Get invitation details
+export async function GET(
+  _req: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const { id: organizationId, invitationId } = await params
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const orgInvitation = await db
+      .select()
+      .from(invitation)
+      .where(and(eq(invitation.id, invitationId), eq(invitation.organizationId, organizationId)))
+      .then((rows) => rows[0])
+
+    if (!orgInvitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    const org = await db
+      .select()
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .then((rows) => rows[0])
+
+    if (!org) {
+      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+    }
+
+    return NextResponse.json({
+      invitation: orgInvitation,
+      organization: org,
+    })
+  } catch (error) {
+    logger.error('Error fetching organization invitation:', error)
+    return NextResponse.json({ error: 'Failed to fetch invitation' }, { status: 500 })
+  }
+}
+
+export async function PUT(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const { id: organizationId, invitationId } = await params
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const { status } = await req.json()
+
+    if (!status || !['accepted', 'rejected', 'cancelled'].includes(status)) {
+      return NextResponse.json(
+        { error: 'Invalid status. Must be "accepted", "rejected", or "cancelled"' },
+        { status: 400 }
+      )
+    }
+
+    const orgInvitation = await db
+      .select()
+      .from(invitation)
+      .where(and(eq(invitation.id, invitationId), eq(invitation.organizationId, organizationId)))
+      .then((rows) => rows[0])
+
+    if (!orgInvitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    if (orgInvitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Invitation already processed' }, { status: 400 })
+    }
+
+    if (status === 'accepted') {
+      const userData = await db
+        .select()
+        .from(user)
+        .where(eq(user.id, session.user.id))
+        .then((rows) => rows[0])
+
+      if (!userData || userData.email.toLowerCase() !== orgInvitation.email.toLowerCase()) {
+        return NextResponse.json(
+          { error: 'Email mismatch. You can only accept invitations sent to your email address.' },
+          { status: 403 }
+        )
+      }
+    }
+
+    if (status === 'cancelled') {
+      const isAdmin = await db
+        .select()
+        .from(member)
+        .where(
+          and(
+            eq(member.organizationId, organizationId),
+            eq(member.userId, session.user.id),
+            eq(member.role, 'admin')
+          )
+        )
+        .then((rows) => rows.length > 0)
+
+      if (!isAdmin) {
+        return NextResponse.json(
+          { error: 'Only organization admins can cancel invitations' },
+          { status: 403 }
+        )
+      }
+    }
+
+    await db.transaction(async (tx) => {
+      await tx.update(invitation).set({ status }).where(eq(invitation.id, invitationId))
+
+      if (status === 'accepted') {
+        await tx.insert(member).values({
+          id: randomUUID(),
+          userId: session.user.id,
+          organizationId,
+          role: orgInvitation.role,
+          createdAt: new Date(),
+        })
+
+        const linkedWorkspaceInvitations = await tx
+          .select()
+          .from(workspaceInvitation)
+          .where(
+            and(
+              eq(workspaceInvitation.orgInvitationId, invitationId),
+              eq(workspaceInvitation.status, 'pending' as WorkspaceInvitationStatus)
+            )
+          )
+
+        for (const wsInvitation of linkedWorkspaceInvitations) {
+          await tx
+            .update(workspaceInvitation)
+            .set({
+              status: 'accepted' as WorkspaceInvitationStatus,
+              updatedAt: new Date(),
+            })
+            .where(eq(workspaceInvitation.id, wsInvitation.id))
+
+          await tx.insert(permissions).values({
+            id: randomUUID(),
+            entityType: 'workspace',
+            entityId: wsInvitation.workspaceId,
+            userId: session.user.id,
+            permissionType: wsInvitation.permissions || 'read',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          })
+        }
+      } else if (status === 'cancelled') {
+        await tx
+          .update(workspaceInvitation)
+          .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+          .where(eq(workspaceInvitation.orgInvitationId, invitationId))
+      }
+    })
+
+    logger.info(`Organization invitation ${status}`, {
+      organizationId,
+      invitationId,
+      userId: session.user.id,
+      email: orgInvitation.email,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: `Invitation ${status} successfully`,
+      invitation: { ...orgInvitation, status },
+    })
+  } catch (error) {
+    logger.error(`Error updating organization invitation:`, error)
+    return NextResponse.json({ error: 'Failed to update invitation' }, { status: 500 })
+  }
+}

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -1,5 +1,5 @@
 import { randomUUID } from 'crypto'
-import { and, eq, inArray } from 'drizzle-orm'
+import { and, eq, inArray, isNull } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import {
   getEmailSubject,
@@ -17,9 +17,17 @@ import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { hasWorkspaceAdminAccess } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { invitation, member, organization, user, workspace, workspaceInvitation } from '@/db/schema'
+import {
+  invitation,
+  member,
+  organization,
+  user,
+  type WorkspaceInvitationStatus,
+  workspace,
+  workspaceInvitation,
+} from '@/db/schema'
 
-const logger = createLogger('OrganizationInvitationsAPI')
+const logger = createLogger('OrganizationInvitations')
 
 interface WorkspaceInvitation {
   workspaceId: string
@@ -40,7 +48,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
 
     const { id: organizationId } = await params
 
-    // Verify user has access to this organization
     const memberEntry = await db
       .select()
       .from(member)
@@ -61,7 +68,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
     }
 
-    // Get all pending invitations for the organization
     const invitations = await db
       .select({
         id: invitation.id,
@@ -118,10 +124,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     const body = await request.json()
     const { email, emails, role = 'member', workspaceInvitations } = body
 
-    // Handle single invitation vs batch
     const invitationEmails = email ? [email] : emails
 
-    // Validate input
     if (!invitationEmails || !Array.isArray(invitationEmails) || invitationEmails.length === 0) {
       return NextResponse.json({ error: 'Email or emails array is required' }, { status: 400 })
     }
@@ -130,7 +134,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Invalid role' }, { status: 400 })
     }
 
-    // Verify user has admin access
     const memberEntry = await db
       .select()
       .from(member)
@@ -148,7 +151,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
     }
 
-    // Handle validation-only requests
     if (validateOnly) {
       const validationResult = await validateBulkInvitations(organizationId, invitationEmails)
 
@@ -167,7 +169,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       })
     }
 
-    // Validate seat availability
     const seatValidation = await validateSeatAvailability(organizationId, invitationEmails.length)
 
     if (!seatValidation.canInvite) {
@@ -185,7 +186,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       )
     }
 
-    // Get organization details
     const organizationEntry = await db
       .select({ name: organization.name })
       .from(organization)
@@ -196,7 +196,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
     }
 
-    // Validate and normalize emails
     const processedEmails = invitationEmails
       .map((email: string) => {
         const normalized = email.trim().toLowerCase()
@@ -209,11 +208,9 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'No valid emails provided' }, { status: 400 })
     }
 
-    // Handle batch workspace invitations if provided
     const validWorkspaceInvitations: WorkspaceInvitation[] = []
     if (isBatch && workspaceInvitations && workspaceInvitations.length > 0) {
       for (const wsInvitation of workspaceInvitations) {
-        // Check if user has admin permission on this workspace
         const canInvite = await hasWorkspaceAdminAccess(session.user.id, wsInvitation.workspaceId)
 
         if (!canInvite) {
@@ -229,7 +226,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       }
     }
 
-    // Check for existing members
     const existingMembers = await db
       .select({ userEmail: user.email })
       .from(member)
@@ -239,7 +235,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     const existingEmails = existingMembers.map((m) => m.userEmail)
     const newEmails = processedEmails.filter((email: string) => !existingEmails.includes(email))
 
-    // Check for existing pending invitations
     const existingInvitations = await db
       .select({ email: invitation.email })
       .from(invitation)
@@ -265,7 +260,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       )
     }
 
-    // Create invitations
     const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
     const invitationsToCreate = emailsToInvite.map((email: string) => ({
       id: randomUUID(),
@@ -280,10 +274,10 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
     await db.insert(invitation).values(invitationsToCreate)
 
-    // Create workspace invitations if batch mode
     const workspaceInvitationIds: string[] = []
     if (isBatch && validWorkspaceInvitations.length > 0) {
       for (const email of emailsToInvite) {
+        const orgInviteForEmail = invitationsToCreate.find((inv) => inv.email === email)
         for (const wsInvitation of validWorkspaceInvitations) {
           const wsInvitationId = randomUUID()
           const token = randomUUID()
@@ -297,6 +291,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
             status: 'pending',
             token,
             permissions: wsInvitation.permission,
+            orgInvitationId: orgInviteForEmail?.id,
             expiresAt,
             createdAt: new Date(),
             updatedAt: new Date(),
@@ -307,7 +302,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       }
     }
 
-    // Send invitation emails
     const inviter = await db
       .select({ name: user.name })
       .from(user)
@@ -320,7 +314,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
       let emailResult
       if (isBatch && validWorkspaceInvitations.length > 0) {
-        // Get workspace details for batch email
         const workspaceDetails = await db
           .select({
             id: workspace.id,
@@ -346,7 +339,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
           organizationEntry[0]?.name || 'organization',
           role,
           workspaceInvitationsWithNames,
-          `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`
+          `${env.NEXT_PUBLIC_APP_URL}/invite/${orgInvitation.id}`
         )
 
         emailResult = await sendEmail({
@@ -359,7 +352,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
         const emailHtml = await renderInvitationEmail(
           inviter[0]?.name || 'Someone',
           organizationEntry[0]?.name || 'organization',
-          `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`,
+          `${env.NEXT_PUBLIC_APP_URL}/invite/${orgInvitation.id}`,
           email
         )
 
@@ -446,7 +439,6 @@ export async function DELETE(
       )
     }
 
-    // Verify user has admin access
     const memberEntry = await db
       .select()
       .from(member)
@@ -464,12 +456,9 @@ export async function DELETE(
       return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
     }
 
-    // Cancel the invitation
     const result = await db
       .update(invitation)
-      .set({
-        status: 'cancelled',
-      })
+      .set({ status: 'cancelled' })
       .where(
         and(
           eq(invitation.id, invitationId),
@@ -486,6 +475,23 @@ export async function DELETE(
       )
     }
 
+    await db
+      .update(workspaceInvitation)
+      .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+      .where(eq(workspaceInvitation.orgInvitationId, invitationId))
+
+    await db
+      .update(workspaceInvitation)
+      .set({ status: 'cancelled' as WorkspaceInvitationStatus })
+      .where(
+        and(
+          isNull(workspaceInvitation.orgInvitationId),
+          eq(workspaceInvitation.email, result[0].email),
+          eq(workspaceInvitation.status, 'pending' as WorkspaceInvitationStatus),
+          eq(workspaceInvitation.inviterId, session.user.id)
+        )
+      )
+
     logger.info('Organization invitation cancelled', {
       organizationId,
       invitationId,

apps/sim/app/api/organizations/[id]/members/route.ts

@@ -260,7 +260,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     const emailHtml = await renderInvitationEmail(
       inviter[0]?.name || 'Someone',
       organizationEntry[0]?.name || 'organization',
-      `${env.NEXT_PUBLIC_APP_URL}/api/organizations/invitations/accept?id=${invitationId}`,
+      `${env.NEXT_PUBLIC_APP_URL}/invite/organization?id=${invitationId}`,
       normalizedEmail
     )
 

apps/sim/app/api/organizations/invitations/accept/route.ts

@@ -1,373 +0,0 @@
-import { randomUUID } from 'crypto'
-import { and, eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { env } from '@/lib/env'
-import { createLogger } from '@/lib/logs/console/logger'
-import { db } from '@/db'
-import { invitation, member, permissions, user, workspaceInvitation } from '@/db/schema'
-
-const logger = createLogger('OrganizationInvitationAcceptanceAPI')
-
-// Accept an organization invitation and any associated workspace invitations
-export async function GET(req: NextRequest) {
-  const invitationId = req.nextUrl.searchParams.get('id')
-
-  if (!invitationId) {
-    return NextResponse.redirect(
-      new URL(
-        '/invite/invite-error?reason=missing-invitation-id',
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-
-  const session = await getSession()
-
-  if (!session?.user?.id) {
-    // Redirect to login, user will be redirected back after login
-    return NextResponse.redirect(
-      new URL(
-        `/invite/organization?id=${invitationId}`,
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-
-  try {
-    // Find the organization invitation
-    const invitationResult = await db
-      .select()
-      .from(invitation)
-      .where(eq(invitation.id, invitationId))
-      .limit(1)
-
-    if (invitationResult.length === 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=invalid-invitation',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    const orgInvitation = invitationResult[0]
-
-    // Check if invitation has expired
-    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
-      return NextResponse.redirect(
-        new URL('/invite/invite-error?reason=expired', env.NEXT_PUBLIC_APP_URL || 'https://sim.ai')
-      )
-    }
-
-    // Check if invitation is still pending
-    if (orgInvitation.status !== 'pending') {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=already-processed',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Get user data to check email verification status
-    const userData = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
-
-    if (userData.length === 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=user-not-found',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Check if user's email is verified
-    if (!userData[0].emailVerified) {
-      return NextResponse.redirect(
-        new URL(
-          `/invite/invite-error?reason=email-not-verified&details=${encodeURIComponent(`You must verify your email address (${userData[0].email}) before accepting invitations.`)}`,
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Verify the email matches the current user
-    if (orgInvitation.email !== session.user.email) {
-      return NextResponse.redirect(
-        new URL(
-          `/invite/invite-error?reason=email-mismatch&details=${encodeURIComponent(`Invitation was sent to ${orgInvitation.email}, but you're logged in as ${userData[0].email}`)}`,
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Check if user is already a member of the organization
-    const existingMember = await db
-      .select()
-      .from(member)
-      .where(
-        and(
-          eq(member.organizationId, orgInvitation.organizationId),
-          eq(member.userId, session.user.id)
-        )
-      )
-      .limit(1)
-
-    if (existingMember.length > 0) {
-      return NextResponse.redirect(
-        new URL(
-          '/invite/invite-error?reason=already-member',
-          env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-        )
-      )
-    }
-
-    // Start transaction to accept both organization and workspace invitations
-    await db.transaction(async (tx) => {
-      // Accept organization invitation - add user as member
-      await tx.insert(member).values({
-        id: randomUUID(),
-        userId: session.user.id,
-        organizationId: orgInvitation.organizationId,
-        role: orgInvitation.role,
-        createdAt: new Date(),
-      })
-
-      // Mark organization invitation as accepted
-      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
-
-      // Find and accept any pending workspace invitations for the same email
-      const workspaceInvitations = await tx
-        .select()
-        .from(workspaceInvitation)
-        .where(
-          and(
-            eq(workspaceInvitation.email, orgInvitation.email),
-            eq(workspaceInvitation.status, 'pending')
-          )
-        )
-
-      for (const wsInvitation of workspaceInvitations) {
-        // Check if invitation hasn't expired
-        if (
-          wsInvitation.expiresAt &&
-          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
-        ) {
-          // Check if user doesn't already have permissions on the workspace
-          const existingPermission = await tx
-            .select()
-            .from(permissions)
-            .where(
-              and(
-                eq(permissions.userId, session.user.id),
-                eq(permissions.entityType, 'workspace'),
-                eq(permissions.entityId, wsInvitation.workspaceId)
-              )
-            )
-            .limit(1)
-
-          if (existingPermission.length === 0) {
-            // Add workspace permissions
-            await tx.insert(permissions).values({
-              id: randomUUID(),
-              userId: session.user.id,
-              entityType: 'workspace',
-              entityId: wsInvitation.workspaceId,
-              permissionType: wsInvitation.permissions,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            })
-
-            // Mark workspace invitation as accepted
-            await tx
-              .update(workspaceInvitation)
-              .set({ status: 'accepted' })
-              .where(eq(workspaceInvitation.id, wsInvitation.id))
-
-            logger.info('Accepted workspace invitation', {
-              workspaceId: wsInvitation.workspaceId,
-              userId: session.user.id,
-              permission: wsInvitation.permissions,
-            })
-          }
-        }
-      }
-    })
-
-    logger.info('Successfully accepted batch invitation', {
-      organizationId: orgInvitation.organizationId,
-      userId: session.user.id,
-      role: orgInvitation.role,
-    })
-
-    // Redirect to success page or main app
-    return NextResponse.redirect(
-      new URL('/workspaces?invite=accepted', env.NEXT_PUBLIC_APP_URL || 'https://sim.ai')
-    )
-  } catch (error) {
-    logger.error('Failed to accept organization invitation', {
-      invitationId,
-      userId: session.user.id,
-      error,
-    })
-
-    return NextResponse.redirect(
-      new URL(
-        '/invite/invite-error?reason=server-error',
-        env.NEXT_PUBLIC_APP_URL || 'https://sim.ai'
-      )
-    )
-  }
-}
-
-// POST endpoint for programmatic acceptance (for API use)
-export async function POST(req: NextRequest) {
-  const session = await getSession()
-
-  if (!session?.user?.id) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-
-  try {
-    const { invitationId } = await req.json()
-
-    if (!invitationId) {
-      return NextResponse.json({ error: 'Missing invitationId' }, { status: 400 })
-    }
-
-    // Similar logic to GET but return JSON response
-    const invitationResult = await db
-      .select()
-      .from(invitation)
-      .where(eq(invitation.id, invitationId))
-      .limit(1)
-
-    if (invitationResult.length === 0) {
-      return NextResponse.json({ error: 'Invalid invitation' }, { status: 404 })
-    }
-
-    const orgInvitation = invitationResult[0]
-
-    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
-      return NextResponse.json({ error: 'Invitation expired' }, { status: 400 })
-    }
-
-    if (orgInvitation.status !== 'pending') {
-      return NextResponse.json({ error: 'Invitation already processed' }, { status: 400 })
-    }
-
-    // Get user data to check email verification status
-    const userData = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
-
-    if (userData.length === 0) {
-      return NextResponse.json({ error: 'User not found' }, { status: 404 })
-    }
-
-    // Check if user's email is verified
-    if (!userData[0].emailVerified) {
-      return NextResponse.json(
-        {
-          error: 'Email not verified',
-          message: `You must verify your email address (${userData[0].email}) before accepting invitations.`,
-        },
-        { status: 403 }
-      )
-    }
-
-    if (orgInvitation.email !== session.user.email) {
-      return NextResponse.json({ error: 'Email mismatch' }, { status: 403 })
-    }
-
-    // Check if user is already a member
-    const existingMember = await db
-      .select()
-      .from(member)
-      .where(
-        and(
-          eq(member.organizationId, orgInvitation.organizationId),
-          eq(member.userId, session.user.id)
-        )
-      )
-      .limit(1)
-
-    if (existingMember.length > 0) {
-      return NextResponse.json({ error: 'Already a member' }, { status: 400 })
-    }
-
-    let acceptedWorkspaces = 0
-
-    // Accept invitations in transaction
-    await db.transaction(async (tx) => {
-      // Accept organization invitation
-      await tx.insert(member).values({
-        id: randomUUID(),
-        userId: session.user.id,
-        organizationId: orgInvitation.organizationId,
-        role: orgInvitation.role,
-        createdAt: new Date(),
-      })
-
-      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
-
-      // Accept workspace invitations
-      const workspaceInvitations = await tx
-        .select()
-        .from(workspaceInvitation)
-        .where(
-          and(
-            eq(workspaceInvitation.email, orgInvitation.email),
-            eq(workspaceInvitation.status, 'pending')
-          )
-        )
-
-      for (const wsInvitation of workspaceInvitations) {
-        if (
-          wsInvitation.expiresAt &&
-          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
-        ) {
-          const existingPermission = await tx
-            .select()
-            .from(permissions)
-            .where(
-              and(
-                eq(permissions.userId, session.user.id),
-                eq(permissions.entityType, 'workspace'),
-                eq(permissions.entityId, wsInvitation.workspaceId)
-              )
-            )
-            .limit(1)
-
-          if (existingPermission.length === 0) {
-            await tx.insert(permissions).values({
-              id: randomUUID(),
-              userId: session.user.id,
-              entityType: 'workspace',
-              entityId: wsInvitation.workspaceId,
-              permissionType: wsInvitation.permissions,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            })
-
-            await tx
-              .update(workspaceInvitation)
-              .set({ status: 'accepted' })
-              .where(eq(workspaceInvitation.id, wsInvitation.id))
-
-            acceptedWorkspaces++
-          }
-        }
-      }
-    })
-
-    return NextResponse.json({
-      success: true,
-      message: `Successfully joined organization and ${acceptedWorkspaces} workspace(s)`,
-      organizationId: orgInvitation.organizationId,
-      workspacesJoined: acceptedWorkspaces,
-    })
-  } catch (error) {
-    logger.error('Failed to accept organization invitation via API', { error })
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}

apps/sim/app/api/providers/route.ts

@@ -1,5 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import type { StreamingExecution } from '@/executor/types'
 import { executeProviderRequest } from '@/providers'
 import { getApiKey } from '@/providers/utils'
@@ -12,7 +13,7 @@ export const dynamic = 'force-dynamic'
  * Server-side proxy for provider requests
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const startTime = Date.now()
 
   try {
@@ -36,6 +37,7 @@ export async function POST(request: NextRequest) {
       azureApiVersion,
       responseFormat,
       workflowId,
+      workspaceId,
       stream,
       messages,
       environmentVariables,
@@ -104,6 +106,7 @@ export async function POST(request: NextRequest) {
       azureApiVersion,
       responseFormat,
       workflowId,
+      workspaceId,
       stream,
       messages,
       environmentVariables,

apps/sim/app/api/proxy/image/route.ts

@@ -1,6 +1,7 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
 import { validateImageUrl } from '@/lib/security/url-validation'
+import { generateRequestId } from '@/lib/utils'
 
 const logger = createLogger('ImageProxyAPI')
 
@@ -11,7 +12,7 @@ const logger = createLogger('ImageProxyAPI')
 export async function GET(request: NextRequest) {
   const url = new URL(request.url)
   const imageUrl = url.searchParams.get('url')
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   if (!imageUrl) {
     logger.error(`[${requestId}] Missing 'url' parameter`)

apps/sim/app/api/proxy/route.ts

@@ -2,6 +2,7 @@ import { NextResponse } from 'next/server'
 import { isDev } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { validateProxyUrl } from '@/lib/security/url-validation'
+import { generateRequestId } from '@/lib/utils'
 import { executeTool } from '@/tools'
 import { getTool, validateRequiredParametersAfterMerge } from '@/tools/utils'
 
@@ -74,7 +75,7 @@ const createErrorResponse = (error: any, status = 500, additionalData = {}) => {
 export async function GET(request: Request) {
   const url = new URL(request.url)
   const targetUrl = url.searchParams.get('url')
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   if (!targetUrl) {
     logger.error(`[${requestId}] Missing 'url' parameter`)
@@ -167,7 +168,7 @@ export async function GET(request: Request) {
 }
 
 export async function POST(request: Request) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const startTime = new Date()
   const startTimeISO = startTime.toISOString()
 

apps/sim/app/api/schedules/[id]/route.ts

@@ -1,9 +1,9 @@
-import crypto from 'crypto'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'
 
@@ -18,7 +18,7 @@ export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const { id } = await params
@@ -85,7 +85,7 @@ export async function DELETE(
  * Update a schedule - can be used to reactivate a disabled schedule
  */
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const { id } = await params

apps/sim/app/api/schedules/[id]/status/route.ts

@@ -3,13 +3,14 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'
 
 const logger = createLogger('ScheduleStatusAPI')
 
 export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
   const scheduleId = id
 

apps/sim/app/api/schedules/execute/route.ts

@@ -4,6 +4,8 @@ import { NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
 import { checkServerSideUsageLimits } from '@/lib/billing'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
+import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
 import { buildTraceSpans } from '@/lib/logs/execution/trace-spans/trace-spans'
@@ -13,24 +15,16 @@ import {
   getScheduleTimeValues,
   getSubBlockValue,
 } from '@/lib/schedules/utils'
-import { decryptSecret } from '@/lib/utils'
+import { decryptSecret, generateRequestId } from '@/lib/utils'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
 import { updateWorkflowRunCounts } from '@/lib/workflows/utils'
 import { db } from '@/db'
-import {
-  environment as environmentTable,
-  subscription,
-  userStats,
-  workflow,
-  workflowSchedule,
-} from '@/db/schema'
+import { userStats, workflow, workflowSchedule } from '@/db/schema'
 import { Executor } from '@/executor'
 import { Serializer } from '@/serializer'
 import { RateLimiter } from '@/services/queue'
-import type { SubscriptionPlan } from '@/services/queue/types'
 import { mergeSubblockState } from '@/stores/workflows/server-utils'
 
-// Add dynamic export to prevent caching
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('ScheduledExecuteAPI')
@@ -71,7 +65,7 @@ const runningExecutions = new Set<string>()
 
 export async function GET() {
   logger.info(`Scheduled execution triggered at ${new Date().toISOString()}`)
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const now = new Date()
 
   let dueSchedules: (typeof workflowSchedule.$inferSelect)[] = []
@@ -113,19 +107,13 @@ export async function GET() {
           continue
         }
 
-        // Check rate limits for scheduled execution
-        const [subscriptionRecord] = await db
-          .select({ plan: subscription.plan })
-          .from(subscription)
-          .where(eq(subscription.referenceId, workflowRecord.userId))
-          .limit(1)
-
-        const subscriptionPlan = (subscriptionRecord?.plan || 'free') as SubscriptionPlan
+        // Check rate limits for scheduled execution (checks both personal and org subscriptions)
+        const userSubscription = await getHighestPrioritySubscription(workflowRecord.userId)
 
         const rateLimiter = new RateLimiter()
-        const rateLimitCheck = await rateLimiter.checkRateLimit(
+        const rateLimitCheck = await rateLimiter.checkRateLimitWithSubscription(
           workflowRecord.userId,
-          subscriptionPlan,
+          userSubscription,
           'schedule',
           false // schedules are always sync
         )
@@ -236,20 +224,15 @@ export async function GET() {
 
               const mergedStates = mergeSubblockState(blocks)
 
-              // Retrieve environment variables for this user (if any).
-              const [userEnv] = await db
-                .select()
-                .from(environmentTable)
-                .where(eq(environmentTable.userId, workflowRecord.userId))
-                .limit(1)
-
-              if (!userEnv) {
-                logger.debug(
-                  `[${requestId}] No environment record found for user ${workflowRecord.userId}. Proceeding with empty variables.`
-                )
-              }
-
-              const variables = EnvVarsSchema.parse(userEnv?.variables ?? {})
+              // Retrieve environment variables with workspace precedence
+              const { personalEncrypted, workspaceEncrypted } = await getPersonalAndWorkspaceEnv(
+                workflowRecord.userId,
+                workflowRecord.workspaceId || undefined
+              )
+              const variables = EnvVarsSchema.parse({
+                ...personalEncrypted,
+                ...workspaceEncrypted,
+              })
 
               const currentBlockStates = await Object.entries(mergedStates).reduce(
                 async (accPromise, [id, block]) => {
@@ -399,9 +382,6 @@ export async function GET() {
                 userId: workflowRecord.userId,
                 workspaceId: workflowRecord.workspaceId || '',
                 variables: variables || {},
-                initialInput: input,
-                startBlockId: schedule.blockId || undefined,
-                executionType: 'schedule',
               })
 
               const executor = new Executor({
@@ -470,19 +450,10 @@ export async function GET() {
 
               // Create a minimal log entry for early failures
               try {
-                const input = {
-                  workflowId: schedule.workflowId,
-                  _context: {
-                    workflowId: schedule.workflowId,
-                  },
-                }
                 await loggingSession.safeStart({
                   userId: workflowRecord.userId,
                   workspaceId: workflowRecord.workspaceId || '',
                   variables: {},
-                  initialInput: input,
-                  startBlockId: schedule.blockId || undefined,
-                  executionType: 'schedule',
                 })
 
                 await loggingSession.safeCompleteWithError({
@@ -598,17 +569,10 @@ export async function GET() {
                 requestId
               )
 
-              const input = {
-                workflowId: schedule.workflowId,
-                _context: {
-                  workflowId: schedule.workflowId,
-                },
-              }
               await failureLoggingSession.safeStart({
                 userId: workflowRecord.userId,
                 workspaceId: workflowRecord.workspaceId || '',
                 variables: {},
-                initialInput: input,
               })
 
               await failureLoggingSession.safeCompleteWithError({

apps/sim/app/api/schedules/route.ts

@@ -1,4 +1,3 @@
-import crypto from 'crypto'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
@@ -13,6 +12,7 @@ import {
   getSubBlockValue,
   validateCronExpression,
 } from '@/lib/schedules/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'
 
@@ -65,7 +65,7 @@ function hasValidScheduleConfig(
  * Get schedule information for a workflow
  */
 export async function GET(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const url = new URL(req.url)
   const workflowId = url.searchParams.get('workflowId')
   const blockId = url.searchParams.get('blockId')
@@ -165,7 +165,7 @@ export async function GET(req: NextRequest) {
  * Create or update a schedule for a workflow
  */
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()

apps/sim/app/api/templates/[id]/route.ts

@@ -4,6 +4,7 @@ import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { hasAdminPermission } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templates, workflow } from '@/db/schema'
 
@@ -13,7 +14,7 @@ export const revalidate = 0
 
 // GET /api/templates/[id] - Retrieve a single template by ID
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -77,7 +78,7 @@ const updateTemplateSchema = z.object({
 
 // PUT /api/templates/[id] - Update a template
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -163,7 +164,7 @@ export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {

apps/sim/app/api/templates/[id]/star/route.ts

@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templateStars, templates } from '@/db/schema'
 
@@ -13,7 +14,7 @@ export const revalidate = 0
 
 // GET /api/templates/[id]/star - Check if user has starred this template
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -47,7 +48,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
 
 // POST /api/templates/[id]/star - Add a star to the template
 export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {
@@ -123,7 +124,7 @@ export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ id: string }> }
 ) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {

apps/sim/app/api/templates/[id]/use/route.ts

@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templates, workflow, workflowBlocks, workflowEdges } from '@/db/schema'
 
@@ -13,7 +14,7 @@ export const revalidate = 0
 
 // POST /api/templates/[id]/use - Use a template (increment views and create workflow)
 export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const { id } = await params
 
   try {

apps/sim/app/api/templates/route.ts

@@ -4,6 +4,7 @@ import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { templateStars, templates, workflow } from '@/db/schema'
 
@@ -82,7 +83,7 @@ const QueryParamsSchema = z.object({
 
 // GET /api/templates - Retrieve templates
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()
@@ -185,7 +186,7 @@ export async function GET(request: NextRequest) {
 
 // POST /api/templates - Create a new template
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()

apps/sim/app/api/tools/custom/route.ts

@@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { customTools } from '@/db/schema'
@@ -33,7 +34,7 @@ const CustomToolSchema = z.object({
 
 // GET - Fetch all custom tools for the user
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const searchParams = request.nextUrl.searchParams
   const workflowId = searchParams.get('workflowId')
 
@@ -69,7 +70,7 @@ export async function GET(request: NextRequest) {
 
 // POST - Create or update custom tools
 export async function POST(req: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()
@@ -162,7 +163,7 @@ export async function POST(req: NextRequest) {
 
 // DELETE - Delete a custom tool by ID
 export async function DELETE(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   const searchParams = request.nextUrl.searchParams
   const toolId = searchParams.get('id')
 

apps/sim/app/api/tools/discord/channels/route.ts

@@ -85,7 +85,8 @@ export async function POST(request: Request) {
 
     logger.info(`Fetching all Discord channels for server: ${serverId}`)
 
-    // Fetch all channels from Discord API
+    // Listing guild channels with a bot token is allowed if the bot is in the guild.
+    // Keep the request, but if unauthorized, return an empty list so the selector doesn't hard fail.
     const response = await fetch(`https://discord.com/api/v10/guilds/${serverId}/channels`, {
       method: 'GET',
       headers: {
@@ -95,20 +96,14 @@ export async function POST(request: Request) {
     })
 
     if (!response.ok) {
-      logger.error('Discord API error:', {
-        status: response.status,
-        statusText: response.statusText,
-      })
-
-      let errorMessage
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', errorData)
-        errorMessage = errorData.message || `Failed to fetch channels (${response.status})`
-      } catch (_e) {
-        errorMessage = `Failed to fetch channels: ${response.status} ${response.statusText}`
-      }
-      return NextResponse.json({ error: errorMessage }, { status: response.status })
+      logger.warn(
+        'Discord API returned non-OK for channels; returning empty list to avoid UX break',
+        {
+          status: response.status,
+          statusText: response.statusText,
+        }
+      )
+      return NextResponse.json({ channels: [] })
     }
 
     const channels = (await response.json()) as DiscordChannel[]

apps/sim/app/api/tools/discord/servers/route.ts

@@ -64,46 +64,14 @@ export async function POST(request: Request) {
       })
     }
 
-    // Otherwise, fetch all servers the bot is in
-    logger.info('Fetching all Discord servers')
-
-    const response = await fetch('https://discord.com/api/v10/users/@me/guilds', {
-      method: 'GET',
-      headers: {
-        Authorization: `Bot ${botToken}`,
-        'Content-Type': 'application/json',
-      },
-    })
-
-    if (!response.ok) {
-      logger.error('Discord API error:', {
-        status: response.status,
-        statusText: response.statusText,
-      })
-
-      let errorMessage
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', errorData)
-        errorMessage = errorData.message || `Failed to fetch servers (${response.status})`
-      } catch (_e) {
-        errorMessage = `Failed to fetch servers: ${response.status} ${response.statusText}`
-      }
-      return NextResponse.json({ error: errorMessage }, { status: response.status })
-    }
-
-    const servers = (await response.json()) as DiscordServer[]
-    logger.info(`Successfully fetched ${servers.length} servers`)
-
-    return NextResponse.json({
-      servers: servers.map((server: DiscordServer) => ({
-        id: server.id,
-        name: server.name,
-        icon: server.icon
-          ? `https://cdn.discordapp.com/icons/${server.id}/${server.icon}.png`
-          : null,
-      })),
-    })
+    // Listing guilds via REST requires a user OAuth2 access token with the 'guilds' scope.
+    // A bot token cannot call /users/@me/guilds and will return 401.
+    // Since this selector only has a bot token, return an empty list instead of erroring
+    // and let users provide a Server ID in advanced mode.
+    logger.info(
+      'Skipping guild listing: bot token cannot list /users/@me/guilds; returning empty list'
+    )
+    return NextResponse.json({ servers: [] })
   } catch (error) {
     logger.error('Error processing request:', error)
     return NextResponse.json(

apps/sim/app/api/tools/drive/file/route.ts

@@ -1,8 +1,8 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('GoogleDriveFileAPI')
@@ -11,11 +11,10 @@ const logger = createLogger('GoogleDriveFileAPI')
  * Get a single file from Google Drive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
   logger.info(`[${requestId}] Google Drive file request received`)
 
   try {
-    // Get the credential ID and file ID from the query params
     const { searchParams } = new URL(request.url)
     const credentialId = searchParams.get('credentialId')
     const fileId = searchParams.get('fileId')
@@ -31,7 +30,6 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
 
-    // Refresh access token if needed using the utility function
     const accessToken = await refreshAccessTokenIfNeeded(
       credentialId,
       authz.credentialOwnerUserId,
@@ -42,7 +40,6 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
     }
 
-    // Fetch the file from Google Drive API
     logger.info(`[${requestId}] Fetching file ${fileId} from Google Drive API`)
     const response = await fetch(
       `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks,shortcutDetails&supportsAllDrives=true`,
@@ -69,7 +66,6 @@ export async function GET(request: NextRequest) {
 
     const file = await response.json()
 
-    // In case of Google Docs, Sheets, etc., provide the export links
     const exportFormats: { [key: string]: string } = {
       'application/vnd.google-apps.document': 'application/pdf', // Google Docs to PDF
       'application/vnd.google-apps.spreadsheet':
@@ -77,7 +73,6 @@ export async function GET(request: NextRequest) {
       'application/vnd.google-apps.presentation': 'application/pdf', // Google Slides to PDF
     }
 
-    // Resolve shortcuts transparently for UI stability
     if (
       file.mimeType === 'application/vnd.google-apps.shortcut' &&
       file.shortcutDetails?.targetId
@@ -105,20 +100,16 @@ export async function GET(request: NextRequest) {
       }
     }
 
-    // If the file is a Google Docs, Sheets, or Slides file, we need to provide the export link
     if (file.mimeType.startsWith('application/vnd.google-apps.')) {
       const format = exportFormats[file.mimeType] || 'application/pdf'
       if (!file.exportLinks) {
-        // If export links are not available in the response, try to construct one
         file.downloadUrl = `https://www.googleapis.com/drive/v3/files/${file.id}/export?mimeType=${encodeURIComponent(
           format
         )}`
       } else {
-        // Use the export link from the response if available
         file.downloadUrl = file.exportLinks[format]
       }
     } else {
-      // For regular files, use the download link
       file.downloadUrl = `https://www.googleapis.com/drive/v3/files/${file.id}?alt=media`
     }
 

apps/sim/app/api/tools/drive/files/route.ts

@@ -2,8 +2,8 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('GoogleDriveFilesAPI')
@@ -12,20 +12,17 @@ const logger = createLogger('GoogleDriveFilesAPI')
  * Get files from Google Drive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
   logger.info(`[${requestId}] Google Drive files request received`)
 
   try {
-    // Get the session
     const session = await getSession()
 
-    // Check if the user is authenticated
     if (!session?.user?.id) {
       logger.warn(`[${requestId}] Unauthenticated request rejected`)
       return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
     }
 
-    // Get the credential ID from the query params
     const { searchParams } = new URL(request.url)
     const credentialId = searchParams.get('credentialId')
     const mimeType = searchParams.get('mimeType')
@@ -38,14 +35,12 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
     }
 
-    // Authorize use of the credential (supports collaborator credentials via workflow)
     const authz = await authorizeCredentialUse(request, { credentialId: credentialId!, workflowId })
     if (!authz.ok || !authz.credentialOwnerUserId) {
       logger.warn(`[${requestId}] Unauthorized credential access attempt`, authz)
       return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
 
-    // Refresh access token if needed using the utility function
     const accessToken = await refreshAccessTokenIfNeeded(
       credentialId!,
       authz.credentialOwnerUserId,
@@ -56,7 +51,6 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
     }
 
-    // Build Drive 'q' expression safely
     const qParts: string[] = ['trashed = false']
     if (folderId) {
       qParts.push(`'${folderId.replace(/'/g, "\\'")}' in parents`)
@@ -69,7 +63,6 @@ export async function GET(request: NextRequest) {
     }
     const q = encodeURIComponent(qParts.join(' and '))
 
-    // Fetch files from Google Drive API with shared drives support
     const response = await fetch(
       `https://www.googleapis.com/drive/v3/files?q=${q}&supportsAllDrives=true&includeItemsFromAllDrives=true&spaces=drive&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,parents)`,
       {

apps/sim/app/api/tools/gmail/label/route.ts

@@ -2,6 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -11,7 +12,7 @@ export const dynamic = 'force-dynamic'
 const logger = createLogger('GmailLabelAPI')
 
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/tools/gmail/labels/route.ts

@@ -2,10 +2,10 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
-
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('GmailLabelsAPI')
@@ -19,7 +19,7 @@ interface GmailLabel {
 }
 
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/tools/google_calendar/calendars/route.ts

@@ -1,8 +1,8 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('GoogleCalendarAPI')
@@ -21,7 +21,7 @@ interface CalendarListItem {
  * Get calendars from Google Calendar
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
   logger.info(`[${requestId}] Google Calendar calendars request received`)
 
   try {

apps/sim/app/api/tools/jira/issues/route.ts

@@ -6,17 +6,32 @@ export const dynamic = 'force-dynamic'
 
 const logger = createLogger('JiraIssuesAPI')
 
+// Helper functions
+const createErrorResponse = async (response: Response, defaultMessage: string) => {
+  try {
+    const errorData = await response.json()
+    return errorData.message || errorData.errorMessages?.[0] || defaultMessage
+  } catch {
+    return defaultMessage
+  }
+}
+
+const validateRequiredParams = (domain: string | null, accessToken: string | null) => {
+  if (!domain) {
+    return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+  }
+  if (!accessToken) {
+    return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+  }
+  return null
+}
+
 export async function POST(request: Request) {
   try {
     const { domain, accessToken, issueKeys = [], cloudId: providedCloudId } = await request.json()
 
-    if (!domain) {
-      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
-    }
-
-    if (!accessToken) {
-      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
-    }
+    const validationError = validateRequiredParams(domain || null, accessToken || null)
+    if (validationError) return validationError
 
     if (issueKeys.length === 0) {
       logger.info('No issue keys provided, returning empty result')
@@ -24,7 +39,7 @@ export async function POST(request: Request) {
     }
 
     // Use provided cloudId or fetch it if not provided
-    const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
+    const cloudId = providedCloudId || (await getJiraCloudId(domain!, accessToken!))
 
     // Build the URL using cloudId for Jira API
     const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/bulkfetch`
@@ -53,47 +68,24 @@ export async function POST(request: Request) {
 
     if (!response.ok) {
       logger.error(`Jira API error: ${response.status} ${response.statusText}`)
-      let errorMessage
-
-      try {
-        const errorData = await response.json()
-        logger.error('Error details:', JSON.stringify(errorData, null, 2))
-        errorMessage = errorData.message || `Failed to fetch Jira issues (${response.status})`
-      } catch (e) {
-        logger.error('Could not parse error response as JSON:', e)
-
-        try {
-          const _text = await response.text()
-          errorMessage = `Failed to fetch Jira issues: ${response.status} ${response.statusText}`
-        } catch (_textError) {
-          errorMessage = `Failed to fetch Jira issues: ${response.status} ${response.statusText}`
-        }
-      }
-
+      const errorMessage = await createErrorResponse(
+        response,
+        `Failed to fetch Jira issues (${response.status})`
+      )
       return NextResponse.json({ error: errorMessage }, { status: response.status })
     }
 
     const data = await response.json()
+    const issues = (data.issues || []).map((issue: any) => ({
+      id: issue.key,
+      name: issue.fields.summary,
+      mimeType: 'jira/issue',
+      url: `https://${domain}/browse/${issue.key}`,
+      modifiedTime: issue.fields.updated,
+      webViewLink: `https://${domain}/browse/${issue.key}`,
+    }))
 
-    if (data.issues && data.issues.length > 0) {
-      data.issues.slice(0, 3).forEach((issue: any) => {
-        logger.info(`- ${issue.key}: ${issue.fields.summary}`)
-      })
-    }
-
-    return NextResponse.json({
-      issues: data.issues
-        ? data.issues.map((issue: any) => ({
-            id: issue.key,
-            name: issue.fields.summary,
-            mimeType: 'jira/issue',
-            url: `https://${domain}/browse/${issue.key}`,
-            modifiedTime: issue.fields.updated,
-            webViewLink: `https://${domain}/browse/${issue.key}`,
-          }))
-        : [],
-      cloudId, // Return the cloudId so it can be cached
-    })
+    return NextResponse.json({ issues, cloudId })
   } catch (error) {
     logger.error('Error fetching Jira issues:', error)
     return NextResponse.json(
@@ -111,83 +103,79 @@ export async function GET(request: Request) {
     const providedCloudId = url.searchParams.get('cloudId')
     const query = url.searchParams.get('query') || ''
     const projectId = url.searchParams.get('projectId') || ''
+    const manualProjectId = url.searchParams.get('manualProjectId') || ''
+    const all = url.searchParams.get('all')?.toLowerCase() === 'true'
+    const limitParam = Number.parseInt(url.searchParams.get('limit') || '', 10)
+    const limit = Number.isFinite(limitParam) && limitParam > 0 ? limitParam : 0
 
-    if (!domain) {
-      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
-    }
-
-    if (!accessToken) {
-      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
-    }
-
-    // Use provided cloudId or fetch it if not provided
-    const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
-    logger.info('Using cloud ID:', cloudId)
-
-    // Build query parameters
-    const params = new URLSearchParams()
-
-    // Only add query if it exists
-    if (query) {
-      params.append('query', query)
-    }
+    const validationError = validateRequiredParams(domain || null, accessToken || null)
+    if (validationError) return validationError
 
+    const cloudId = providedCloudId || (await getJiraCloudId(domain!, accessToken!))
     let data: any
 
     if (query) {
-      const apiUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/picker?${params.toString()}`
-      logger.info(`Fetching Jira issue suggestions from: ${apiUrl}`)
+      const params = new URLSearchParams({ query })
+      const apiUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/issue/picker?${params}`
       const response = await fetch(apiUrl, {
-        method: 'GET',
         headers: {
           Authorization: `Bearer ${accessToken}`,
           Accept: 'application/json',
         },
       })
-      logger.info('Response status:', response.status, response.statusText)
+
       if (!response.ok) {
-        logger.error(`Jira API error: ${response.status} ${response.statusText}`)
-        let errorMessage
-        try {
-          const errorData = await response.json()
-          logger.error('Error details:', errorData)
-          errorMessage =
-            errorData.message || `Failed to fetch issue suggestions (${response.status})`
-        } catch (_e) {
-          errorMessage = `Failed to fetch issue suggestions: ${response.status} ${response.statusText}`
-        }
+        const errorMessage = await createErrorResponse(
+          response,
+          `Failed to fetch issue suggestions (${response.status})`
+        )
         return NextResponse.json({ error: errorMessage }, { status: response.status })
       }
       data = await response.json()
-    } else if (projectId) {
-      // When no query, list latest issues for the selected project using Search API
-      const searchParams = new URLSearchParams()
-      searchParams.append('jql', `project=${projectId} ORDER BY updated DESC`)
-      searchParams.append('maxResults', '25')
-      searchParams.append('fields', 'summary,key')
-      const searchUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${searchParams.toString()}`
-      logger.info(`Fetching Jira issues via search from: ${searchUrl}`)
-      const response = await fetch(searchUrl, {
-        method: 'GET',
-        headers: {
-          Authorization: `Bearer ${accessToken}`,
-          Accept: 'application/json',
-        },
-      })
-      if (!response.ok) {
-        let errorMessage
-        try {
-          const errorData = await response.json()
-          logger.error('Jira Search API error details:', errorData)
-          errorMessage =
-            errorData.errorMessages?.[0] || `Failed to fetch issues (${response.status})`
-        } catch (_e) {
-          errorMessage = `Failed to fetch issues: ${response.status} ${response.statusText}`
-        }
-        return NextResponse.json({ error: errorMessage }, { status: response.status })
+    } else if (projectId || manualProjectId) {
+      const SAFETY_CAP = 1000
+      const PAGE_SIZE = 100
+      const target = Math.min(all ? limit || SAFETY_CAP : 25, SAFETY_CAP)
+      const projectKey = (projectId || manualProjectId).trim()
+
+      const buildSearchUrl = (startAt: number) => {
+        const params = new URLSearchParams({
+          jql: `project=${projectKey} ORDER BY updated DESC`,
+          maxResults: String(Math.min(PAGE_SIZE, target)),
+          startAt: String(startAt),
+          fields: 'summary,key,updated',
+        })
+        return `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${params}`
       }
-      const searchData = await response.json()
-      const issues = (searchData.issues || []).map((it: any) => ({
+
+      let startAt = 0
+      let collected: any[] = []
+      let total = 0
+
+      do {
+        const response = await fetch(buildSearchUrl(startAt), {
+          headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: 'application/json',
+          },
+        })
+
+        if (!response.ok) {
+          const errorMessage = await createErrorResponse(
+            response,
+            `Failed to fetch issues (${response.status})`
+          )
+          return NextResponse.json({ error: errorMessage }, { status: response.status })
+        }
+
+        const page = await response.json()
+        const issues = page.issues || []
+        total = page.total || issues.length
+        collected = collected.concat(issues)
+        startAt += PAGE_SIZE
+      } while (all && collected.length < Math.min(total, target))
+
+      const issues = collected.slice(0, target).map((it: any) => ({
         key: it.key,
         summary: it.fields?.summary || it.key,
       }))
@@ -196,10 +184,7 @@ export async function GET(request: Request) {
       data = { sections: [], cloudId }
     }
 
-    return NextResponse.json({
-      ...data,
-      cloudId, // Return the cloudId so it can be cached
-    })
+    return NextResponse.json({ ...data, cloudId })
   } catch (error) {
     logger.error('Error fetching Jira issue suggestions:', error)
     return NextResponse.json(

apps/sim/app/api/tools/jira/write/route.ts

@@ -42,10 +42,7 @@ export async function POST(request: Request) {
       return NextResponse.json({ error: 'Summary is required' }, { status: 400 })
     }
 
-    if (!issueType) {
-      logger.error('Missing issue type in request')
-      return NextResponse.json({ error: 'Issue type is required' }, { status: 400 })
-    }
+    const normalizedIssueType = issueType || 'Task'
 
     // Use provided cloudId or fetch it if not provided
     const cloudId = providedCloudId || (await getJiraCloudId(domain, accessToken))
@@ -62,7 +59,7 @@ export async function POST(request: Request) {
         id: projectId,
       },
       issuetype: {
-        name: issueType,
+        name: normalizedIssueType,
       },
       summary: summary,
     }

apps/sim/app/api/tools/linear/projects/route.ts

@@ -3,6 +3,7 @@ import { LinearClient } from '@linear/sdk'
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -19,7 +20,7 @@ export async function POST(request: Request) {
       return NextResponse.json({ error: 'Credential and teamId are required' }, { status: 400 })
     }
 
-    const requestId = crypto.randomUUID().slice(0, 8)
+    const requestId = generateRequestId()
     const authz = await authorizeCredentialUse(request as any, {
       credentialId: credential,
       workflowId,

apps/sim/app/api/tools/linear/teams/route.ts

@@ -3,6 +3,7 @@ import { LinearClient } from '@linear/sdk'
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -11,7 +12,7 @@ const logger = createLogger('LinearTeamsAPI')
 
 export async function POST(request: Request) {
   try {
-    const requestId = crypto.randomUUID().slice(0, 8)
+    const requestId = generateRequestId()
     const body = await request.json()
     const { credential, workflowId } = body
 

apps/sim/app/api/tools/microsoft-teams/chats/route.ts

@@ -115,7 +115,6 @@ const getChatDisplayName = async (
 
 export async function POST(request: Request) {
   try {
-    const requestId = crypto.randomUUID().slice(0, 8)
     const body = await request.json()
 
     const { credential, workflowId } = body

apps/sim/app/api/tools/microsoft-teams/teams/route.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -19,7 +20,7 @@ export async function POST(request: Request) {
     }
 
     try {
-      const requestId = crypto.randomUUID().slice(0, 8)
+      const requestId = generateRequestId()
       const authz = await authorizeCredentialUse(request as any, {
         credentialId: credential,
         workflowId,

apps/sim/app/api/tools/mongodb/delete/route.ts

@@ -0,0 +1,114 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validateFilter } from '../utils'
+
+const logger = createLogger('MongoDBDeleteAPI')
+
+const DeleteSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  filter: z
+    .union([z.string(), z.object({}).passthrough()])
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '' && val !== '{}', {
+      message: 'Filter is required for MongoDB Delete',
+    }),
+  multi: z
+    .union([z.boolean(), z.string(), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === 'true' || val === true) return true
+      if (val === 'false' || val === false) return false
+      return false // Default to false
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = DeleteSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Deleting document(s) from ${params.host}:${params.port}/${params.database}.${params.collection} (multi: ${params.multi})`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    const filterValidation = validateFilter(params.filter)
+    if (!filterValidation.isValid) {
+      logger.warn(`[${requestId}] Filter validation failed: ${filterValidation.error}`)
+      return NextResponse.json(
+        { error: `Filter validation failed: ${filterValidation.error}` },
+        { status: 400 }
+      )
+    }
+
+    let filterDoc
+    try {
+      filterDoc = JSON.parse(params.filter)
+    } catch (error) {
+      logger.warn(`[${requestId}] Invalid filter JSON: ${params.filter}`)
+      return NextResponse.json({ error: 'Invalid JSON format in filter' }, { status: 400 })
+    }
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let result
+    if (params.multi) {
+      result = await coll.deleteMany(filterDoc)
+    } else {
+      result = await coll.deleteOne(filterDoc)
+    }
+
+    logger.info(`[${requestId}] Delete completed: ${result.deletedCount} documents deleted`)
+
+    return NextResponse.json({
+      message: `${result.deletedCount} documents deleted`,
+      deletedCount: result.deletedCount,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB delete failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB delete failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}

apps/sim/app/api/tools/mongodb/execute/route.ts

@@ -0,0 +1,102 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validatePipeline } from '../utils'
+
+const logger = createLogger('MongoDBExecuteAPI')
+
+const ExecuteSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  pipeline: z
+    .union([z.string(), z.array(z.object({}).passthrough())])
+    .transform((val) => {
+      if (Array.isArray(val)) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '', {
+      message: 'Pipeline is required',
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = ExecuteSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Executing aggregation pipeline on ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    const pipelineValidation = validatePipeline(params.pipeline)
+    if (!pipelineValidation.isValid) {
+      logger.warn(`[${requestId}] Pipeline validation failed: ${pipelineValidation.error}`)
+      return NextResponse.json(
+        { error: `Pipeline validation failed: ${pipelineValidation.error}` },
+        { status: 400 }
+      )
+    }
+
+    const pipelineDoc = JSON.parse(params.pipeline)
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    const cursor = coll.aggregate(pipelineDoc)
+    const documents = await cursor.toArray()
+
+    logger.info(
+      `[${requestId}] Aggregation completed successfully, returned ${documents.length} documents`
+    )
+
+    return NextResponse.json({
+      message: `Aggregation completed, returned ${documents.length} documents`,
+      documents,
+      documentCount: documents.length,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB aggregation failed:`, error)
+
+    return NextResponse.json(
+      { error: `MongoDB aggregation failed: ${errorMessage}` },
+      { status: 500 }
+    )
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}

apps/sim/app/api/tools/mongodb/insert/route.ts

@@ -0,0 +1,98 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName } from '../utils'
+
+const logger = createLogger('MongoDBInsertAPI')
+
+const InsertSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  documents: z
+    .union([z.array(z.record(z.unknown())), z.string()])
+    .transform((val) => {
+      if (typeof val === 'string') {
+        try {
+          const parsed = JSON.parse(val)
+          return Array.isArray(parsed) ? parsed : [parsed]
+        } catch {
+          throw new Error('Invalid JSON in documents field')
+        }
+      }
+      return val
+    })
+    .refine((val) => Array.isArray(val) && val.length > 0, {
+      message: 'At least one document is required',
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = InsertSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Inserting ${params.documents.length} document(s) into ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let result
+    if (params.documents.length === 1) {
+      result = await coll.insertOne(params.documents[0] as Record<string, unknown>)
+      logger.info(`[${requestId}] Single document inserted successfully`)
+      return NextResponse.json({
+        message: 'Document inserted successfully',
+        insertedId: result.insertedId.toString(),
+        documentCount: 1,
+      })
+    }
+    result = await coll.insertMany(params.documents as Record<string, unknown>[])
+    const insertedCount = Object.keys(result.insertedIds).length
+    logger.info(`[${requestId}] ${insertedCount} documents inserted successfully`)
+    return NextResponse.json({
+      message: `${insertedCount} documents inserted successfully`,
+      insertedIds: Object.values(result.insertedIds).map((id) => id.toString()),
+      documentCount: insertedCount,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB insert failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB insert failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}

apps/sim/app/api/tools/mongodb/query/route.ts

@@ -0,0 +1,136 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validateFilter } from '../utils'
+
+const logger = createLogger('MongoDBQueryAPI')
+
+const QuerySchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  query: z
+    .union([z.string(), z.object({}).passthrough()])
+    .optional()
+    .default('{}')
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val || '{}'
+    }),
+  limit: z
+    .union([z.coerce.number().int().positive(), z.literal(''), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === '' || val === undefined || val === null) {
+        return 100
+      }
+      return val
+    }),
+  sort: z
+    .union([z.string(), z.object({}).passthrough(), z.null()])
+    .optional()
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = QuerySchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Executing MongoDB query on ${params.host}:${params.port}/${params.database}.${params.collection}`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    let filter = {}
+    if (params.query?.trim()) {
+      const validation = validateFilter(params.query)
+      if (!validation.isValid) {
+        logger.warn(`[${requestId}] Filter validation failed: ${validation.error}`)
+        return NextResponse.json(
+          { error: `Filter validation failed: ${validation.error}` },
+          { status: 400 }
+        )
+      }
+      filter = JSON.parse(params.query)
+    }
+
+    let sortCriteria = {}
+    if (params.sort?.trim()) {
+      try {
+        sortCriteria = JSON.parse(params.sort)
+      } catch (error) {
+        logger.warn(`[${requestId}] Invalid sort JSON: ${params.sort}`)
+        return NextResponse.json({ error: 'Invalid JSON format in sort criteria' }, { status: 400 })
+      }
+    }
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let cursor = coll.find(filter)
+
+    if (Object.keys(sortCriteria).length > 0) {
+      cursor = cursor.sort(sortCriteria)
+    }
+
+    const limit = params.limit || 100
+    cursor = cursor.limit(limit)
+
+    const documents = await cursor.toArray()
+
+    logger.info(
+      `[${requestId}] Query executed successfully, returned ${documents.length} documents`
+    )
+
+    return NextResponse.json({
+      message: `Found ${documents.length} documents`,
+      documents,
+      documentCount: documents.length,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB query failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB query failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}

apps/sim/app/api/tools/mongodb/update/route.ts

@@ -0,0 +1,143 @@
+import { randomUUID } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createLogger } from '@/lib/logs/console/logger'
+import { createMongoDBConnection, sanitizeCollectionName, validateFilter } from '../utils'
+
+const logger = createLogger('MongoDBUpdateAPI')
+
+const UpdateSchema = z.object({
+  host: z.string().min(1, 'Host is required'),
+  port: z.coerce.number().int().positive('Port must be a positive integer'),
+  database: z.string().min(1, 'Database name is required'),
+  username: z.string().min(1, 'Username is required'),
+  password: z.string().min(1, 'Password is required'),
+  authSource: z.string().optional(),
+  ssl: z.enum(['disabled', 'required', 'preferred']).default('preferred'),
+  collection: z.string().min(1, 'Collection name is required'),
+  filter: z
+    .union([z.string(), z.object({}).passthrough()])
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '' && val !== '{}', {
+      message: 'Filter is required for MongoDB Update',
+    }),
+  update: z
+    .union([z.string(), z.object({}).passthrough()])
+    .transform((val) => {
+      if (typeof val === 'object' && val !== null) {
+        return JSON.stringify(val)
+      }
+      return val
+    })
+    .refine((val) => val && val.trim() !== '', {
+      message: 'Update is required',
+    }),
+  upsert: z
+    .union([z.boolean(), z.string(), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === 'true' || val === true) return true
+      if (val === 'false' || val === false) return false
+      return false
+    }),
+  multi: z
+    .union([z.boolean(), z.string(), z.undefined()])
+    .optional()
+    .transform((val) => {
+      if (val === 'true' || val === true) return true
+      if (val === 'false' || val === false) return false
+      return false
+    }),
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = randomUUID().slice(0, 8)
+  let client = null
+
+  try {
+    const body = await request.json()
+    const params = UpdateSchema.parse(body)
+
+    logger.info(
+      `[${requestId}] Updating document(s) in ${params.host}:${params.port}/${params.database}.${params.collection} (multi: ${params.multi}, upsert: ${params.upsert})`
+    )
+
+    const sanitizedCollection = sanitizeCollectionName(params.collection)
+
+    const filterValidation = validateFilter(params.filter)
+    if (!filterValidation.isValid) {
+      logger.warn(`[${requestId}] Filter validation failed: ${filterValidation.error}`)
+      return NextResponse.json(
+        { error: `Filter validation failed: ${filterValidation.error}` },
+        { status: 400 }
+      )
+    }
+
+    let filterDoc
+    let updateDoc
+    try {
+      filterDoc = JSON.parse(params.filter)
+      updateDoc = JSON.parse(params.update)
+    } catch (error) {
+      logger.warn(`[${requestId}] Invalid JSON in filter or update`)
+      return NextResponse.json(
+        { error: 'Invalid JSON format in filter or update' },
+        { status: 400 }
+      )
+    }
+
+    client = await createMongoDBConnection({
+      host: params.host,
+      port: params.port,
+      database: params.database,
+      username: params.username,
+      password: params.password,
+      authSource: params.authSource,
+      ssl: params.ssl,
+    })
+
+    const db = client.db(params.database)
+    const coll = db.collection(sanitizedCollection)
+
+    let result
+    if (params.multi) {
+      result = await coll.updateMany(filterDoc, updateDoc, { upsert: params.upsert })
+    } else {
+      result = await coll.updateOne(filterDoc, updateDoc, { upsert: params.upsert })
+    }
+
+    logger.info(
+      `[${requestId}] Update completed: ${result.modifiedCount} modified, ${result.matchedCount} matched${result.upsertedCount ? `, ${result.upsertedCount} upserted` : ''}`
+    )
+
+    return NextResponse.json({
+      message: `${result.modifiedCount} documents updated${result.upsertedCount ? `, ${result.upsertedCount} documents upserted` : ''}`,
+      matchedCount: result.matchedCount,
+      modifiedCount: result.modifiedCount,
+      documentCount: result.modifiedCount + (result.upsertedCount || 0),
+      ...(result.upsertedId && { insertedId: result.upsertedId.toString() }),
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'
+    logger.error(`[${requestId}] MongoDB update failed:`, error)
+
+    return NextResponse.json({ error: `MongoDB update failed: ${errorMessage}` }, { status: 500 })
+  } finally {
+    if (client) {
+      await client.close()
+    }
+  }
+}

apps/sim/app/api/tools/mongodb/utils.ts

@@ -0,0 +1,123 @@
+import { MongoClient } from 'mongodb'
+import type { MongoDBConnectionConfig } from '@/tools/mongodb/types'
+
+export async function createMongoDBConnection(config: MongoDBConnectionConfig) {
+  const credentials =
+    config.username && config.password
+      ? `${encodeURIComponent(config.username)}:${encodeURIComponent(config.password)}@`
+      : ''
+
+  const queryParams = new URLSearchParams()
+
+  if (config.authSource) {
+    queryParams.append('authSource', config.authSource)
+  }
+
+  if (config.ssl === 'required') {
+    queryParams.append('ssl', 'true')
+  }
+
+  const queryString = queryParams.toString()
+  const uri = `mongodb://${credentials}${config.host}:${config.port}/${config.database}${queryString ? `?${queryString}` : ''}`
+
+  const client = new MongoClient(uri, {
+    connectTimeoutMS: 10000,
+    socketTimeoutMS: 10000,
+    maxPoolSize: 1,
+  })
+
+  await client.connect()
+  return client
+}
+
+export function validateFilter(filter: string): { isValid: boolean; error?: string } {
+  try {
+    const parsed = JSON.parse(filter)
+
+    const dangerousOperators = ['$where', '$regex', '$expr', '$function', '$accumulator', '$let']
+
+    const checkForDangerousOps = (obj: any): boolean => {
+      if (typeof obj !== 'object' || obj === null) return false
+
+      for (const key of Object.keys(obj)) {
+        if (dangerousOperators.includes(key)) return true
+        if (typeof obj[key] === 'object' && checkForDangerousOps(obj[key])) return true
+      }
+      return false
+    }
+
+    if (checkForDangerousOps(parsed)) {
+      return {
+        isValid: false,
+        error: 'Filter contains potentially dangerous operators',
+      }
+    }
+
+    return { isValid: true }
+  } catch (error) {
+    return {
+      isValid: false,
+      error: 'Invalid JSON format in filter',
+    }
+  }
+}
+
+export function validatePipeline(pipeline: string): { isValid: boolean; error?: string } {
+  try {
+    const parsed = JSON.parse(pipeline)
+
+    if (!Array.isArray(parsed)) {
+      return {
+        isValid: false,
+        error: 'Pipeline must be an array',
+      }
+    }
+
+    const dangerousOperators = [
+      '$where',
+      '$function',
+      '$accumulator',
+      '$let',
+      '$merge',
+      '$out',
+      '$currentOp',
+      '$listSessions',
+      '$listLocalSessions',
+    ]
+
+    const checkPipelineStage = (stage: any): boolean => {
+      if (typeof stage !== 'object' || stage === null) return false
+
+      for (const key of Object.keys(stage)) {
+        if (dangerousOperators.includes(key)) return true
+        if (typeof stage[key] === 'object' && checkPipelineStage(stage[key])) return true
+      }
+      return false
+    }
+
+    for (const stage of parsed) {
+      if (checkPipelineStage(stage)) {
+        return {
+          isValid: false,
+          error: 'Pipeline contains potentially dangerous operators',
+        }
+      }
+    }
+
+    return { isValid: true }
+  } catch (error) {
+    return {
+      isValid: false,
+      error: 'Invalid JSON format in pipeline',
+    }
+  }
+}
+
+export function sanitizeCollectionName(name: string): string {
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
+    throw new Error(
+      'Invalid collection name. Must start with letter or underscore and contain only letters, numbers, and underscores.'
+    )
+  }
+  return name
+}

apps/sim/app/api/tools/outlook/folders/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -48,7 +49,7 @@ export async function GET(request: Request) {
       const accessToken = await refreshAccessTokenIfNeeded(
         credentialId,
         credentialOwnerUserId,
-        crypto.randomUUID().slice(0, 8)
+        generateRequestId()
       )
 
       if (!accessToken) {

apps/sim/app/api/tools/slack/channels/route.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -17,7 +18,7 @@ interface SlackChannel {
 
 export async function POST(request: Request) {
   try {
-    const requestId = crypto.randomUUID().slice(0, 8)
+    const requestId = generateRequestId()
     const body = await request.json()
     const { credential, workflowId } = body
 

apps/sim/app/api/tools/thinking/route.ts

@@ -1,5 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import type { ThinkingToolParams, ThinkingToolResponse } from '@/tools/thinking/types'
 
 const logger = createLogger('ThinkingToolAPI')
@@ -11,7 +12,7 @@ export const dynamic = 'force-dynamic'
  * Simply acknowledges the thought by returning it in the output
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const body: ThinkingToolParams = await request.json()

apps/sim/app/api/tools/wealthbox/item/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemAPI')
  * Get a single item (note, contact, task) from Wealthbox
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/tools/wealthbox/items/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -24,7 +25,7 @@ interface WealthboxItem {
  * Get items (notes, contacts, tasks) from Wealthbox
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     const session = await getSession()