improvement(docs): added images and videos to quick references

apps/docs/content/docs/en/quick-reference/index.mdx

@@ -5,6 +5,14 @@ description: Essential actions for navigating and using the Sim workflow editor
 
 import { Callout } from 'fumadocs-ui/components/callout'
 
+export const ActionImage = ({ src, alt }) => (
+  <img src={src} alt={alt} className="inline-block max-h-8 rounded border border-neutral-200 dark:border-neutral-700" />
+)
+
+export const ActionVideo = ({ src, alt }) => (
+  <video src={src} alt={alt} autoPlay loop muted playsInline className="inline-block max-h-8 rounded border border-neutral-200 dark:border-neutral-700" />
+)
+
 A quick lookup for everyday actions in the Sim workflow editor. For keyboard shortcuts, see [Keyboard Shortcuts](/keyboard-shortcuts).
 
 <Callout type="info">
@@ -13,67 +21,209 @@ A quick lookup for everyday actions in the Sim workflow editor. For keyboard sho
 
 ## Workspaces
 
-| Action | How |
-|--------|-----|
-| Create a workspace | Click workspace dropdown in sidebar → **New Workspace** |
-| Rename a workspace | Workspace settings → Edit name |
-| Switch workspaces | Click workspace dropdown in sidebar → Select workspace |
-| Invite team members | Workspace settings → **Team** → **Invite** |
+<table>
+  <thead>
+    <tr><th>Action</th><th>How</th><th>Preview</th></tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Create a workspace</td>
+      <td>Click workspace dropdown → **New Workspace**</td>
+      <td><ActionVideo src="/static/quick-reference/create-workspace.mp4" alt="Create workspace" /></td>
+    </tr>
+    <tr>
+      <td>Switch workspaces</td>
+      <td>Click workspace dropdown → Select workspace</td>
+      <td><ActionVideo src="/static/quick-reference/switch-workspace.mp4" alt="Switch workspaces" /></td>
+    </tr>
+    <tr>
+      <td>Invite team members</td>
+      <td>Workspace settings → **Team** → **Invite**</td>
+      <td><ActionVideo src="/static/quick-reference/invite.mp4" alt="Invite team members" /></td>
+    </tr>
+    <tr>
+      <td>Rename a workspace</td>
+      <td>Right-click workspace → **Rename**</td>
+      <td rowSpan={4}><ActionImage src="/static/quick-reference/workspace-context-menu.png" alt="Workspace context menu" /></td>
+    </tr>
+    <tr>
+      <td>Duplicate a workspace</td>
+      <td>Right-click workspace → **Duplicate**</td>
+    </tr>
+    <tr>
+      <td>Export a workspace</td>
+      <td>Right-click workspace → **Export**</td>
+    </tr>
+    <tr>
+      <td>Delete a workspace</td>
+      <td>Right-click workspace → **Delete**</td>
+    </tr>
+  </tbody>
+</table>
 
 ## Workflows
 
-| Action | How |
-|--------|-----|
-| Create a workflow | Click **New Workflow** button or `Mod+Shift+A` |
-| Rename a workflow | Double-click workflow name in sidebar, or right-click → **Rename** |
-| Duplicate a workflow | Right-click workflow → **Duplicate** |
-| Reorder workflows | Drag workflow up/down in the sidebar list |
-| Import a workflow | Sidebar menu → **Import** → Select file |
-| Create a folder | Right-click in sidebar → **New Folder** |
-| Rename a folder | Right-click folder → **Rename** |
-| Delete a folder | Right-click folder → **Delete** |
-| Collapse/expand folder | Click folder arrow, or double-click folder |
-| Move workflow to folder | Drag workflow onto folder in sidebar |
-| Delete a workflow | Right-click workflow → **Delete** |
-| Export a workflow | Right-click workflow → **Export** |
-| Assign workflow color | Right-click workflow → **Change Color** |
-| Multi-select workflows | `Mod+Click` or `Shift+Click` workflows in sidebar |
-| Open in new tab | Right-click workflow → **Open in New Tab** |
+<table>
+  <thead>
+    <tr><th>Action</th><th>How</th><th>Preview</th></tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Create a workflow</td>
+      <td>Click **+** button in sidebar</td>
+      <td><ActionImage src="/static/quick-reference/create-workflow.png" alt="Create workflow" /></td>
+    </tr>
+    <tr>
+      <td>Reorder / move workflows</td>
+      <td>Drag workflow up/down or onto a folder</td>
+      <td><ActionVideo src="/static/quick-reference/reordering.mp4" alt="Reorder workflows" /></td>
+    </tr>
+    <tr>
+      <td>Import a workflow</td>
+      <td>Click import button in sidebar → Select file</td>
+      <td><ActionImage src="/static/quick-reference/import-workflow.png" alt="Import workflow" /></td>
+    </tr>
+    <tr>
+      <td>Multi-select workflows</td>
+      <td>`Mod+Click` or `Shift+Click` workflows in sidebar</td>
+      <td><ActionVideo src="/static/quick-reference/multiselect.mp4" alt="Multi-select workflows" /></td>
+    </tr>
+    <tr>
+      <td>Open in new tab</td>
+      <td>Right-click workflow → **Open in New Tab**</td>
+      <td rowSpan={6}><ActionImage src="/static/quick-reference/workflow-context-menu.png" alt="Workflow context menu" /></td>
+    </tr>
+    <tr>
+      <td>Rename a workflow</td>
+      <td>Right-click workflow → **Rename**</td>
+    </tr>
+    <tr>
+      <td>Assign workflow color</td>
+      <td>Right-click workflow → **Change Color**</td>
+    </tr>
+    <tr>
+      <td>Duplicate a workflow</td>
+      <td>Right-click workflow → **Duplicate**</td>
+    </tr>
+    <tr>
+      <td>Export a workflow</td>
+      <td>Right-click workflow → **Export**</td>
+    </tr>
+    <tr>
+      <td>Delete a workflow</td>
+      <td>Right-click workflow → **Delete**</td>
+    </tr>
+    <tr>
+      <td>Rename a folder</td>
+      <td>Right-click folder → **Rename**</td>
+      <td rowSpan={6}><ActionImage src="/static/quick-reference/folder-context-menu.png" alt="Folder context menu" /></td>
+    </tr>
+    <tr>
+      <td>Create workflow in folder</td>
+      <td>Right-click folder → **Create workflow**</td>
+    </tr>
+    <tr>
+      <td>Create folder in folder</td>
+      <td>Right-click folder → **Create folder**</td>
+    </tr>
+    <tr>
+      <td>Duplicate a folder</td>
+      <td>Right-click folder → **Duplicate**</td>
+    </tr>
+    <tr>
+      <td>Export a folder</td>
+      <td>Right-click folder → **Export**</td>
+    </tr>
+    <tr>
+      <td>Delete a folder</td>
+      <td>Right-click folder → **Delete**</td>
+    </tr>
+  </tbody>
+</table>
 
 ## Blocks
 
-| Action | How |
-|--------|-----|
-| Add a block | Drag from Toolbar panel, or right-click canvas → **Add Block** |
-| Select a block | Click on the block |
-| Multi-select blocks | `Mod+Click` additional blocks, or right-drag to draw selection box |
-| Move blocks | Drag selected block(s) to new position |
-| Copy blocks | `Mod+C` with blocks selected |
-| Paste blocks | `Mod+V` to paste copied blocks |
-| Duplicate blocks | Right-click → **Duplicate** |
-| Delete blocks | `Delete` or `Backspace` key, or right-click → **Delete** |
-| Rename a block | Click block name in header, or edit in the Editor panel |
-| Enable/Disable a block | Right-click → **Enable/Disable** |
-| Toggle handle orientation | Right-click → **Toggle Handles** |
-| Toggle trigger mode | Right-click trigger block → **Toggle Trigger Mode** |
-| Configure a block | Select block → use Editor panel on right |
+<table>
+  <thead>
+    <tr><th>Action</th><th>How</th><th>Preview</th></tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Add a block</td>
+      <td>Drag from Toolbar panel, or right-click canvas → **Add Block**</td>
+      <td><ActionVideo src="/static/quick-reference/add-block.mp4" alt="Add a block" /></td>
+    </tr>
+    <tr>
+      <td>Multi-select blocks</td>
+      <td>`Mod+Click` additional blocks, or right-drag to draw selection box</td>
+      <td><ActionVideo src="/static/quick-reference/multiselect-blocks.mp4" alt="Multi-select blocks" /></td>
+    </tr>
+    <tr>
+      <td>Copy blocks</td>
+      <td>`Mod+C` with blocks selected</td>
+      <td rowSpan={2}><ActionVideo src="/static/quick-reference/copy-paste.mp4" alt="Copy and paste blocks" /></td>
+    </tr>
+    <tr>
+      <td>Paste blocks</td>
+      <td>`Mod+V` to paste copied blocks</td>
+    </tr>
+    <tr>
+      <td>Duplicate blocks</td>
+      <td>Right-click → **Duplicate**</td>
+      <td><ActionVideo src="/static/quick-reference/duplicate-block.mp4" alt="Duplicate blocks" /></td>
+    </tr>
+    <tr>
+      <td>Delete blocks</td>
+      <td>`Delete` or `Backspace` key, or right-click → **Delete**</td>
+      <td><ActionImage src="/static/quick-reference/delete-block.png" alt="Delete block" /></td>
+    </tr>
+    <tr>
+      <td>Rename a block</td>
+      <td>Click block name in header, or edit in the Editor panel</td>
+      <td><ActionVideo src="/static/quick-reference/rename-block.mp4" alt="Rename a block" /></td>
+    </tr>
+    <tr>
+      <td>Enable/Disable a block</td>
+      <td>Right-click → **Enable/Disable**</td>
+      <td><ActionImage src="/static/quick-reference/disable-block.png" alt="Disable block" /></td>
+    </tr>
+    <tr>
+      <td>Toggle handle orientation</td>
+      <td>Right-click → **Toggle Handles**</td>
+      <td><ActionVideo src="/static/quick-reference/toggle-handles.mp4" alt="Toggle handle orientation" /></td>
+    </tr>
+    <tr>
+      <td>Configure a block</td>
+      <td>Select block → use Editor panel on right</td>
+      <td><ActionVideo src="/static/quick-reference/configure-block.mp4" alt="Configure a block" /></td>
+    </tr>
+  </tbody>
+</table>
 
 ## Connections
 
-| Action | How |
-|--------|-----|
-| Create a connection | Drag from output handle to input handle |
-| Delete a connection | Click edge to select → `Delete` key |
-| Use output in another block | Drag connection tag into input field |
-
-## Canvas Navigation
-
-| Action | How |
-|--------|-----|
-| Pan/move canvas | Left-drag on empty space, or scroll/trackpad |
-| Zoom in/out | Scroll wheel or pinch gesture |
-| Auto-layout | `Shift+L` |
-| Draw selection box | Right-drag on empty canvas area |
+<table>
+  <thead>
+    <tr><th>Action</th><th>How</th><th>Preview</th></tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Create a connection</td>
+      <td>Drag from output handle to input handle</td>
+      <td><ActionVideo src="/static/quick-reference/connect-blocks.mp4" alt="Connect blocks" /></td>
+    </tr>
+    <tr>
+      <td>Delete a connection</td>
+      <td>Click edge to select → `Delete` key</td>
+      <td><ActionVideo src="/static/quick-reference/delete-connection.mp4" alt="Delete connection" /></td>
+    </tr>
+    <tr>
+      <td>Use output in another block</td>
+      <td>Drag connection tag into input field</td>
+      <td><ActionVideo src="/static/quick-reference/connection-tag.mp4" alt="Use connection tag" /></td>
+    </tr>
+  </tbody>
+</table>
 
 ## Panels & Views
 
@@ -83,7 +233,8 @@ A quick lookup for everyday actions in the Sim workflow editor. For keyboard sho
 | Open Toolbar tab | Press `T` or click Toolbar tab |
 | Open Editor tab | Press `E` or click Editor tab |
 | Search toolbar | `Mod+F` |
-| Toggle advanced mode | Click toggle button on input fields |
+| Search everything | `Mod+K` |
+| Toggle manual mode | Click toggle button in editor fields to switch between manual and selector |
 | Resize panels | Drag panel edge |
 | Collapse/expand sidebar | Click collapse button on sidebar |
 
@@ -123,7 +274,8 @@ A quick lookup for everyday actions in the Sim workflow editor. For keyboard sho
 | Edit workflow variable | Variables tab → Click variable to edit |
 | Delete workflow variable | Variables tab → Click delete icon on variable |
 | Add environment variable | Settings → **Environment Variables** → **Add** |
-| Reference a variable | Use `{{variableName}}` syntax in block inputs |
+| Reference a workflow variable | Use `<blockName.itemName>` syntax in block inputs |
+| Reference an environment variable | Use `{{ENV_VAR}}` syntax in block inputs |
 
 ## Credentials
 

apps/sim/app/api/organizations/[id]/workspaces/route.ts

@@ -0,0 +1,204 @@
+import { db } from '@sim/db'
+import { member, permissions, user, workspace } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, or } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+
+const logger = createLogger('OrganizationWorkspacesAPI')
+
+/**
+ * GET /api/organizations/[id]/workspaces
+ * Get workspaces related to the organization with optional filtering
+ * Query parameters:
+ * - ?available=true - Only workspaces where user can invite others (admin permissions)
+ * - ?member=userId - Workspaces where specific member has access
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const availableOnly = url.searchParams.get('available') === 'true'
+    const memberId = url.searchParams.get('member')
+
+    // Verify user is a member of this organization
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        {
+          error: 'Forbidden - Not a member of this organization',
+        },
+        { status: 403 }
+      )
+    }
+
+    const userRole = memberEntry[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    if (availableOnly) {
+      // Get workspaces where user has admin permissions (can invite others)
+      const availableWorkspaces = await db
+        .select({
+          id: workspace.id,
+          name: workspace.name,
+          ownerId: workspace.ownerId,
+          createdAt: workspace.createdAt,
+          isOwner: eq(workspace.ownerId, session.user.id),
+          permissionType: permissions.permissionType,
+        })
+        .from(workspace)
+        .leftJoin(
+          permissions,
+          and(
+            eq(permissions.entityType, 'workspace'),
+            eq(permissions.entityId, workspace.id),
+            eq(permissions.userId, session.user.id)
+          )
+        )
+        .where(
+          or(
+            // User owns the workspace
+            eq(workspace.ownerId, session.user.id),
+            // User has admin permission on the workspace
+            and(
+              eq(permissions.userId, session.user.id),
+              eq(permissions.entityType, 'workspace'),
+              eq(permissions.permissionType, 'admin')
+            )
+          )
+        )
+
+      // Filter and format the results
+      const workspacesWithInvitePermission = availableWorkspaces
+        .filter((workspace) => {
+          // Include if user owns the workspace OR has admin permission
+          return workspace.isOwner || workspace.permissionType === 'admin'
+        })
+        .map((workspace) => ({
+          id: workspace.id,
+          name: workspace.name,
+          isOwner: workspace.isOwner,
+          canInvite: true, // All returned workspaces have invite permission
+          createdAt: workspace.createdAt,
+        }))
+
+      logger.info('Retrieved available workspaces for organization member', {
+        organizationId,
+        userId: session.user.id,
+        workspaceCount: workspacesWithInvitePermission.length,
+      })
+
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: workspacesWithInvitePermission,
+          totalCount: workspacesWithInvitePermission.length,
+          filter: 'available',
+        },
+      })
+    }
+
+    if (memberId && hasAdminAccess) {
+      // Get workspaces where specific member has access (admin only)
+      const memberWorkspaces = await db
+        .select({
+          id: workspace.id,
+          name: workspace.name,
+          ownerId: workspace.ownerId,
+          isOwner: eq(workspace.ownerId, memberId),
+          permissionType: permissions.permissionType,
+          createdAt: permissions.createdAt,
+        })
+        .from(workspace)
+        .leftJoin(
+          permissions,
+          and(
+            eq(permissions.entityType, 'workspace'),
+            eq(permissions.entityId, workspace.id),
+            eq(permissions.userId, memberId)
+          )
+        )
+        .where(
+          or(
+            // Member owns the workspace
+            eq(workspace.ownerId, memberId),
+            // Member has permissions on the workspace
+            and(eq(permissions.userId, memberId), eq(permissions.entityType, 'workspace'))
+          )
+        )
+
+      const formattedWorkspaces = memberWorkspaces.map((workspace) => ({
+        id: workspace.id,
+        name: workspace.name,
+        isOwner: workspace.isOwner,
+        permission: workspace.permissionType,
+        joinedAt: workspace.createdAt,
+        createdAt: workspace.createdAt,
+      }))
+
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: formattedWorkspaces,
+          totalCount: formattedWorkspaces.length,
+          filter: 'member',
+          memberId,
+        },
+      })
+    }
+
+    // Default: Get all workspaces (basic info only for regular members)
+    if (!hasAdminAccess) {
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: [],
+          totalCount: 0,
+          message: 'Workspace access information is only available to organization admins',
+        },
+      })
+    }
+
+    // For admins: Get summary of all workspaces
+    const allWorkspaces = await db
+      .select({
+        id: workspace.id,
+        name: workspace.name,
+        ownerId: workspace.ownerId,
+        createdAt: workspace.createdAt,
+        ownerName: user.name,
+      })
+      .from(workspace)
+      .leftJoin(user, eq(workspace.ownerId, user.id))
+
+    return NextResponse.json({
+      success: true,
+      data: {
+        workspaces: allWorkspaces,
+        totalCount: allWorkspaces.length,
+        filter: 'all',
+      },
+      userRole,
+      hasAdminAccess,
+    })
+  } catch (error) {
+    logger.error('Failed to get organization workspaces', { error })
+    return NextResponse.json(
+      {
+        error: 'Internal server error',
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/supabase/storage-upload/route.ts

@@ -1,257 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { checkInternalAuth } from '@/lib/auth/hybrid'
-import { generateRequestId } from '@/lib/core/utils/request'
-import { processSingleFileToUserFile } from '@/lib/uploads/utils/file-utils'
-import { downloadFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
-
-export const dynamic = 'force-dynamic'
-
-const logger = createLogger('SupabaseStorageUploadAPI')
-
-const SupabaseStorageUploadSchema = z.object({
-  projectId: z.string().min(1, 'Project ID is required'),
-  apiKey: z.string().min(1, 'API key is required'),
-  bucket: z.string().min(1, 'Bucket name is required'),
-  fileName: z.string().min(1, 'File name is required'),
-  path: z.string().optional().nullable(),
-  fileData: z.any(),
-  contentType: z.string().optional().nullable(),
-  upsert: z.boolean().optional().default(false),
-})
-
-export async function POST(request: NextRequest) {
-  const requestId = generateRequestId()
-
-  try {
-    const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
-
-    if (!authResult.success) {
-      logger.warn(
-        `[${requestId}] Unauthorized Supabase storage upload attempt: ${authResult.error}`
-      )
-      return NextResponse.json(
-        {
-          success: false,
-          error: authResult.error || 'Authentication required',
-        },
-        { status: 401 }
-      )
-    }
-
-    logger.info(
-      `[${requestId}] Authenticated Supabase storage upload request via ${authResult.authType}`,
-      {
-        userId: authResult.userId,
-      }
-    )
-
-    const body = await request.json()
-    const validatedData = SupabaseStorageUploadSchema.parse(body)
-
-    const fileData = validatedData.fileData
-    const isStringInput = typeof fileData === 'string'
-
-    logger.info(`[${requestId}] Uploading to Supabase Storage`, {
-      bucket: validatedData.bucket,
-      fileName: validatedData.fileName,
-      path: validatedData.path,
-      fileDataType: isStringInput ? 'string' : 'object',
-    })
-
-    if (!fileData) {
-      return NextResponse.json(
-        {
-          success: false,
-          error: 'fileData is required',
-        },
-        { status: 400 }
-      )
-    }
-
-    let uploadBody: Buffer
-    let uploadContentType: string | undefined
-
-    if (isStringInput) {
-      let content = fileData as string
-
-      const dataUrlMatch = content.match(/^data:([^;]+);base64,(.+)$/s)
-      if (dataUrlMatch) {
-        const [, mimeType, base64Data] = dataUrlMatch
-        content = base64Data
-        if (!validatedData.contentType) {
-          uploadContentType = mimeType
-        }
-        logger.info(`[${requestId}] Extracted base64 from data URL (MIME: ${mimeType})`)
-      }
-
-      const cleanedContent = content.replace(/[\s\r\n]/g, '')
-      const isLikelyBase64 = /^[A-Za-z0-9+/]*={0,2}$/.test(cleanedContent)
-
-      if (isLikelyBase64 && cleanedContent.length >= 4) {
-        try {
-          uploadBody = Buffer.from(cleanedContent, 'base64')
-
-          const expectedMinSize = Math.floor(cleanedContent.length * 0.7)
-          const expectedMaxSize = Math.ceil(cleanedContent.length * 0.8)
-
-          if (
-            uploadBody.length >= expectedMinSize &&
-            uploadBody.length <= expectedMaxSize &&
-            uploadBody.length > 0
-          ) {
-            logger.info(
-              `[${requestId}] Decoded base64 content: ${cleanedContent.length} chars -> ${uploadBody.length} bytes`
-            )
-          } else {
-            const reEncoded = uploadBody.toString('base64')
-            if (reEncoded !== cleanedContent) {
-              logger.info(
-                `[${requestId}] Content looked like base64 but re-encoding didn't match, using as plain text`
-              )
-              uploadBody = Buffer.from(content, 'utf-8')
-            } else {
-              logger.info(
-                `[${requestId}] Decoded base64 content (verified): ${uploadBody.length} bytes`
-              )
-            }
-          }
-        } catch (decodeError) {
-          logger.info(
-            `[${requestId}] Failed to decode as base64, using as plain text: ${decodeError}`
-          )
-          uploadBody = Buffer.from(content, 'utf-8')
-        }
-      } else {
-        uploadBody = Buffer.from(content, 'utf-8')
-        logger.info(`[${requestId}] Using content as plain text (${uploadBody.length} bytes)`)
-      }
-
-      uploadContentType =
-        uploadContentType || validatedData.contentType || 'application/octet-stream'
-    } else {
-      const rawFile = fileData
-      logger.info(`[${requestId}] Processing file object: ${rawFile.name || 'unknown'}`)
-
-      let userFile
-      try {
-        userFile = processSingleFileToUserFile(rawFile, requestId, logger)
-      } catch (error) {
-        return NextResponse.json(
-          {
-            success: false,
-            error: error instanceof Error ? error.message : 'Failed to process file',
-          },
-          { status: 400 }
-        )
-      }
-
-      const buffer = await downloadFileFromStorage(userFile, requestId, logger)
-
-      uploadBody = buffer
-      uploadContentType = validatedData.contentType || userFile.type || 'application/octet-stream'
-    }
-
-    let fullPath = validatedData.fileName
-    if (validatedData.path) {
-      const folderPath = validatedData.path.endsWith('/')
-        ? validatedData.path
-        : `${validatedData.path}/`
-      fullPath = `${folderPath}${validatedData.fileName}`
-    }
-
-    const supabaseUrl = `https://${validatedData.projectId}.supabase.co/storage/v1/object/${validatedData.bucket}/${fullPath}`
-
-    const headers: Record<string, string> = {
-      apikey: validatedData.apiKey,
-      Authorization: `Bearer ${validatedData.apiKey}`,
-      'Content-Type': uploadContentType,
-    }
-
-    if (validatedData.upsert) {
-      headers['x-upsert'] = 'true'
-    }
-
-    logger.info(`[${requestId}] Sending to Supabase: ${supabaseUrl}`, {
-      contentType: uploadContentType,
-      bodySize: uploadBody.length,
-      upsert: validatedData.upsert,
-    })
-
-    const response = await fetch(supabaseUrl, {
-      method: 'POST',
-      headers,
-      body: new Uint8Array(uploadBody),
-    })
-
-    if (!response.ok) {
-      const errorText = await response.text()
-      let errorData
-      try {
-        errorData = JSON.parse(errorText)
-      } catch {
-        errorData = { message: errorText }
-      }
-
-      logger.error(`[${requestId}] Supabase Storage upload failed:`, {
-        status: response.status,
-        statusText: response.statusText,
-        error: errorData,
-      })
-
-      return NextResponse.json(
-        {
-          success: false,
-          error: errorData.message || errorData.error || `Upload failed: ${response.statusText}`,
-          details: errorData,
-        },
-        { status: response.status }
-      )
-    }
-
-    const result = await response.json()
-
-    logger.info(`[${requestId}] File uploaded successfully to Supabase Storage`, {
-      bucket: validatedData.bucket,
-      path: fullPath,
-    })
-
-    const publicUrl = `https://${validatedData.projectId}.supabase.co/storage/v1/object/public/${validatedData.bucket}/${fullPath}`
-
-    return NextResponse.json({
-      success: true,
-      output: {
-        message: 'Successfully uploaded file to storage',
-        results: {
-          ...result,
-          path: fullPath,
-          bucket: validatedData.bucket,
-          publicUrl,
-        },
-      },
-    })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
-      return NextResponse.json(
-        {
-          success: false,
-          error: 'Invalid request data',
-          details: error.errors,
-        },
-        { status: 400 }
-      )
-    }
-
-    logger.error(`[${requestId}] Error uploading to Supabase Storage:`, error)
-
-    return NextResponse.json(
-      {
-        success: false,
-        error: error instanceof Error ? error.message : 'Internal server error',
-      },
-      { status: 500 }
-    )
-  }
-}

apps/sim/app/api/tools/supabase/storage/upload/route.ts

@@ -0,0 +1,379 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { StorageService } from '@/lib/uploads'
+import {
+  extractStorageKey,
+  inferContextFromKey,
+  isInternalFileUrl,
+} from '@/lib/uploads/utils/file-utils'
+import { verifyFileAccess } from '@/app/api/files/authorization'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('SupabaseStorageUploadAPI')
+
+const SupabaseStorageUploadSchema = z.object({
+  apiKey: z.string().min(1, 'API key is required'),
+  projectId: z.string().min(1, 'Project ID is required'),
+  bucket: z.string().min(1, 'Bucket name is required'),
+  fileName: z.string().min(1, 'File name is required'),
+  path: z.string().optional().nullable(),
+  fileUpload: z
+    .object({
+      name: z.string().optional(),
+      type: z.string().optional(),
+      url: z.string().optional(),
+      path: z.string().optional(),
+    })
+    .optional()
+    .nullable(),
+  fileContent: z.string().optional().nullable(),
+  contentType: z.string().optional().nullable(),
+  upsert: z.boolean().optional().default(false),
+})
+
+/**
+ * Detects if a string is base64 encoded and decodes it to a Buffer.
+ * Handles both standard base64 and base64url encoding.
+ */
+function decodeBase64ToBuffer(content: string): Buffer {
+  // Remove data URI prefix if present (e.g., "data:application/pdf;base64,")
+  const base64Content = content.includes(',') ? content.split(',')[1] : content
+
+  // Convert base64url to standard base64 if needed
+  let normalizedBase64 = base64Content
+  if (base64Content.includes('-') || base64Content.includes('_')) {
+    normalizedBase64 = base64Content.replace(/-/g, '+').replace(/_/g, '/')
+  }
+
+  // Add padding if necessary
+  const padding = normalizedBase64.length % 4
+  if (padding > 0) {
+    normalizedBase64 += '='.repeat(4 - padding)
+  }
+
+  return Buffer.from(normalizedBase64, 'base64')
+}
+
+/**
+ * Checks if a string appears to be base64 encoded.
+ */
+function isBase64(str: string): boolean {
+  // Remove data URI prefix if present
+  const content = str.includes(',') ? str.split(',')[1] : str
+
+  // Check if it matches base64 pattern (including base64url)
+  const base64Regex = /^[A-Za-z0-9+/_-]*={0,2}$/
+  if (!base64Regex.test(content)) {
+    return false
+  }
+
+  // Additional heuristic: base64 strings are typically longer and don't contain spaces
+  if (content.length < 4 || content.includes(' ')) {
+    return false
+  }
+
+  // Try to decode and check if it produces valid bytes
+  try {
+    const decoded = decodeBase64ToBuffer(str)
+    // If decoded length is significantly smaller than input, it's likely base64
+    return decoded.length < content.length
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Infer content type from file extension
+ */
+function inferContentType(fileName: string): string {
+  const ext = fileName.split('.').pop()?.toLowerCase()
+  const mimeTypes: Record<string, string> = {
+    pdf: 'application/pdf',
+    png: 'image/png',
+    jpg: 'image/jpeg',
+    jpeg: 'image/jpeg',
+    gif: 'image/gif',
+    webp: 'image/webp',
+    svg: 'image/svg+xml',
+    txt: 'text/plain',
+    html: 'text/html',
+    css: 'text/css',
+    js: 'application/javascript',
+    json: 'application/json',
+    xml: 'application/xml',
+    zip: 'application/zip',
+    doc: 'application/msword',
+    docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+    xls: 'application/vnd.ms-excel',
+    xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+    ppt: 'application/vnd.ms-powerpoint',
+    pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+    mp3: 'audio/mpeg',
+    mp4: 'video/mp4',
+    wav: 'audio/wav',
+    csv: 'text/csv',
+  }
+  return mimeTypes[ext || ''] || 'application/octet-stream'
+}
+
+export async function POST(request: NextRequest) {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+
+    if (!authResult.success || !authResult.userId) {
+      logger.warn(
+        `[${requestId}] Unauthorized Supabase storage upload attempt: ${authResult.error}`
+      )
+      return NextResponse.json(
+        {
+          success: false,
+          error: authResult.error || 'Authentication required',
+        },
+        { status: 401 }
+      )
+    }
+
+    const userId = authResult.userId
+
+    logger.info(
+      `[${requestId}] Authenticated Supabase storage upload request via ${authResult.authType}`,
+      { userId }
+    )
+
+    const body = await request.json()
+    const validatedData = SupabaseStorageUploadSchema.parse(body)
+
+    // Build the full file path
+    let fullPath = validatedData.fileName
+    if (validatedData.path) {
+      const folderPath = validatedData.path.endsWith('/')
+        ? validatedData.path
+        : `${validatedData.path}/`
+      fullPath = `${folderPath}${validatedData.fileName}`
+    }
+
+    logger.info(`[${requestId}] Uploading to Supabase Storage`, {
+      projectId: validatedData.projectId,
+      bucket: validatedData.bucket,
+      path: fullPath,
+      upsert: validatedData.upsert,
+      hasFileUpload: !!validatedData.fileUpload,
+      hasFileContent: !!validatedData.fileContent,
+    })
+
+    // Determine content type
+    let contentType = validatedData.contentType
+    if (!contentType && validatedData.fileUpload?.type) {
+      contentType = validatedData.fileUpload.type
+    }
+    if (!contentType) {
+      contentType = inferContentType(validatedData.fileName)
+    }
+
+    // Get the file content - either from fileUpload (internal storage) or fileContent (base64)
+    let uploadBody: Buffer
+
+    if (validatedData.fileUpload) {
+      // Handle file upload from internal storage
+      const fileUrl = validatedData.fileUpload.url || validatedData.fileUpload.path
+
+      if (!fileUrl) {
+        return NextResponse.json(
+          {
+            success: false,
+            error: 'File upload is missing URL or path',
+          },
+          { status: 400 }
+        )
+      }
+
+      logger.info(`[${requestId}] Processing file upload from: ${fileUrl}`)
+
+      // Check if it's an internal file URL (workspace file)
+      if (isInternalFileUrl(fileUrl)) {
+        try {
+          const storageKey = extractStorageKey(fileUrl)
+          const context = inferContextFromKey(storageKey)
+
+          const hasAccess = await verifyFileAccess(storageKey, userId, undefined, context, false)
+
+          if (!hasAccess) {
+            logger.warn(`[${requestId}] Unauthorized file access attempt`, {
+              userId,
+              key: storageKey,
+              context,
+            })
+            return NextResponse.json(
+              {
+                success: false,
+                error: 'File not found or access denied',
+              },
+              { status: 404 }
+            )
+          }
+
+          // Download file from internal storage
+          const fileBuffer = await StorageService.downloadFile({ key: storageKey, context })
+          uploadBody = Buffer.from(fileBuffer)
+          logger.info(
+            `[${requestId}] Downloaded file from internal storage: ${fileBuffer.byteLength} bytes`
+          )
+        } catch (error) {
+          logger.error(`[${requestId}] Failed to download from internal storage:`, error)
+          return NextResponse.json(
+            {
+              success: false,
+              error: 'Failed to access uploaded file',
+            },
+            { status: 500 }
+          )
+        }
+      } else {
+        // External URL - fetch the file
+        let fetchUrl = fileUrl
+        if (fetchUrl.startsWith('/')) {
+          const baseUrl = getBaseUrl()
+          fetchUrl = `${baseUrl}${fetchUrl}`
+        }
+
+        try {
+          const response = await fetch(fetchUrl)
+          if (!response.ok) {
+            throw new Error(`Failed to fetch file: ${response.status} ${response.statusText}`)
+          }
+          const arrayBuffer = await response.arrayBuffer()
+          uploadBody = Buffer.from(arrayBuffer)
+          logger.info(`[${requestId}] Downloaded file from URL: ${uploadBody.length} bytes`)
+        } catch (error) {
+          logger.error(`[${requestId}] Failed to fetch file from URL:`, error)
+          return NextResponse.json(
+            {
+              success: false,
+              error: `Failed to fetch file from URL: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            },
+            { status: 500 }
+          )
+        }
+      }
+    } else if (validatedData.fileContent) {
+      // Handle direct file content (base64 or plain text)
+      if (isBase64(validatedData.fileContent)) {
+        logger.info(`[${requestId}] Detected base64 content, decoding to binary`)
+        uploadBody = decodeBase64ToBuffer(validatedData.fileContent)
+      } else {
+        logger.info(`[${requestId}] Using plain text content`)
+        uploadBody = Buffer.from(validatedData.fileContent, 'utf-8')
+      }
+    } else {
+      return NextResponse.json(
+        {
+          success: false,
+          error: 'Either fileUpload or fileContent is required',
+        },
+        { status: 400 }
+      )
+    }
+
+    logger.info(`[${requestId}] Upload body size: ${uploadBody.length} bytes`)
+
+    // Build Supabase Storage URL
+    const supabaseUrl = `https://${validatedData.projectId}.supabase.co/storage/v1/object/${validatedData.bucket}/${fullPath}`
+
+    // Build headers
+    const headers: Record<string, string> = {
+      apikey: validatedData.apiKey,
+      Authorization: `Bearer ${validatedData.apiKey}`,
+      'Content-Type': contentType,
+    }
+
+    if (validatedData.upsert) {
+      headers['x-upsert'] = 'true'
+    }
+
+    // Make the request to Supabase Storage
+    // Convert Buffer to Uint8Array for fetch compatibility
+    const response = await fetch(supabaseUrl, {
+      method: 'POST',
+      headers,
+      body: new Uint8Array(uploadBody),
+    })
+
+    if (!response.ok) {
+      let errorData: any
+      try {
+        errorData = await response.json()
+      } catch {
+        errorData = await response.text()
+      }
+
+      logger.error(`[${requestId}] Supabase Storage upload failed`, {
+        status: response.status,
+        statusText: response.statusText,
+        error: errorData,
+      })
+
+      return NextResponse.json(
+        {
+          success: false,
+          error:
+            typeof errorData === 'object' && errorData.message
+              ? errorData.message
+              : `Upload failed: ${response.status} ${response.statusText}`,
+        },
+        { status: response.status }
+      )
+    }
+
+    const result = await response.json()
+
+    logger.info(`[${requestId}] File uploaded successfully to Supabase Storage`, {
+      bucket: validatedData.bucket,
+      path: fullPath,
+    })
+
+    // Build public URL for reference
+    const publicUrl = `https://${validatedData.projectId}.supabase.co/storage/v1/object/public/${validatedData.bucket}/${fullPath}`
+
+    return NextResponse.json({
+      success: true,
+      output: {
+        message: 'Successfully uploaded file to storage',
+        results: {
+          ...result,
+          publicUrl,
+          bucket: validatedData.bucket,
+          path: fullPath,
+        },
+      },
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
+      return NextResponse.json(
+        {
+          success: false,
+          error: 'Invalid request data',
+          details: error.errors,
+        },
+        { status: 400 }
+      )
+    }
+
+    logger.error(`[${requestId}] Error uploading to Supabase Storage:`, error)
+
+    return NextResponse.json(
+      {
+        success: false,
+        error: error instanceof Error ? error.message : 'Internal server error',
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx

@@ -338,11 +338,6 @@ const arePropsEqual = (prevProps: SubBlockProps, nextProps: SubBlockProps): bool
   const configEqual =
     prevProps.config.id === nextProps.config.id && prevProps.config.type === nextProps.config.type
 
-  const canonicalToggleEqual =
-    !!prevProps.canonicalToggle === !!nextProps.canonicalToggle &&
-    prevProps.canonicalToggle?.mode === nextProps.canonicalToggle?.mode &&
-    prevProps.canonicalToggle?.disabled === nextProps.canonicalToggle?.disabled
-
   return (
     prevProps.blockId === nextProps.blockId &&
     configEqual &&
@@ -351,7 +346,8 @@ const arePropsEqual = (prevProps: SubBlockProps, nextProps: SubBlockProps): bool
     prevProps.disabled === nextProps.disabled &&
     prevProps.fieldDiffStatus === nextProps.fieldDiffStatus &&
     prevProps.allowExpandInPreview === nextProps.allowExpandInPreview &&
-    canonicalToggleEqual
+    prevProps.canonicalToggle?.mode === nextProps.canonicalToggle?.mode &&
+    prevProps.canonicalToggle?.disabled === nextProps.canonicalToggle?.disabled
   )
 }
 

apps/sim/blocks/blocks/a2a.ts

@@ -214,6 +214,15 @@ export const A2ABlock: BlockConfig<A2AResponse> = {
     ],
     config: {
       tool: (params) => params.operation as string,
+      params: (params) => {
+        const { fileUpload, fileReference, ...rest } = params
+        const hasFileUpload = Array.isArray(fileUpload) ? fileUpload.length > 0 : !!fileUpload
+        const files = hasFileUpload ? fileUpload : fileReference
+        return {
+          ...rest,
+          ...(files ? { files } : {}),
+        }
+      },
     },
   },
   inputs: {

apps/sim/blocks/blocks/supabase.ts

@@ -661,25 +661,12 @@ Return ONLY the PostgREST filter expression - no explanations, no markdown, no e
       placeholder: 'folder/subfolder/',
       condition: { field: 'operation', value: 'storage_upload' },
     },
-    {
-      id: 'file',
-      title: 'File',
-      type: 'file-upload',
-      canonicalParamId: 'fileData',
-      placeholder: 'Upload file to storage',
-      condition: { field: 'operation', value: 'storage_upload' },
-      mode: 'basic',
-      multiple: false,
-      required: true,
-    },
     {
       id: 'fileContent',
       title: 'File Content',
       type: 'code',
-      canonicalParamId: 'fileData',
       placeholder: 'Base64 encoded for binary files, or plain text',
       condition: { field: 'operation', value: 'storage_upload' },
-      mode: 'advanced',
       required: true,
     },
     {

apps/sim/hooks/use-collaborative-workflow.ts

@@ -680,10 +680,6 @@ export function useCollaborativeWorkflow() {
         previousPositions?: Map<string, { x: number; y: number; parentId?: string }>
       }
     ) => {
-      if (isBaselineDiffView) {
-        return
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping batch position update - not in active workflow')
         return
@@ -729,7 +725,7 @@ export function useCollaborativeWorkflow() {
         }
       }
     },
-    [isBaselineDiffView, addToQueue, activeWorkflowId, session?.user?.id, isInActiveRoom, undoRedo]
+    [addToQueue, activeWorkflowId, session?.user?.id, isInActiveRoom, undoRedo]
   )
 
   const collaborativeUpdateBlockName = useCallback(
@@ -821,10 +817,6 @@ export function useCollaborativeWorkflow() {
 
   const collaborativeBatchToggleBlockEnabled = useCallback(
     (ids: string[]) => {
-      if (isBaselineDiffView) {
-        return
-      }
-
       if (ids.length === 0) return
 
       const previousStates: Record<string, boolean> = {}
@@ -857,7 +849,7 @@ export function useCollaborativeWorkflow() {
 
       undoRedo.recordBatchToggleEnabled(validIds, previousStates)
     },
-    [isBaselineDiffView, addToQueue, activeWorkflowId, session?.user?.id, undoRedo]
+    [addToQueue, activeWorkflowId, session?.user?.id, undoRedo]
   )
 
   const collaborativeBatchUpdateParent = useCallback(
@@ -869,10 +861,6 @@ export function useCollaborativeWorkflow() {
         affectedEdges: Edge[]
       }>
     ) => {
-      if (isBaselineDiffView) {
-        return
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping batch update parent - not in active workflow')
         return
@@ -943,7 +931,7 @@ export function useCollaborativeWorkflow() {
 
       logger.debug('Batch updated parent for blocks', { updateCount: updates.length })
     },
-    [isBaselineDiffView, isInActiveRoom, undoRedo, addToQueue, activeWorkflowId, session?.user?.id]
+    [isInActiveRoom, undoRedo, addToQueue, activeWorkflowId, session?.user?.id]
   )
 
   const collaborativeToggleBlockAdvancedMode = useCallback(
@@ -963,37 +951,18 @@ export function useCollaborativeWorkflow() {
 
   const collaborativeSetBlockCanonicalMode = useCallback(
     (id: string, canonicalId: string, canonicalMode: 'basic' | 'advanced') => {
-      if (isBaselineDiffView) {
-        return
-      }
-
-      useWorkflowStore.getState().setBlockCanonicalMode(id, canonicalId, canonicalMode)
-
-      if (!activeWorkflowId) {
-        return
-      }
-
-      const operationId = crypto.randomUUID()
-      addToQueue({
-        id: operationId,
-        operation: {
-          operation: BLOCK_OPERATIONS.UPDATE_CANONICAL_MODE,
-          target: OPERATION_TARGETS.BLOCK,
-          payload: { id, canonicalId, canonicalMode },
-        },
-        workflowId: activeWorkflowId,
-        userId: session?.user?.id || 'unknown',
-      })
+      executeQueuedOperation(
+        BLOCK_OPERATIONS.UPDATE_CANONICAL_MODE,
+        OPERATION_TARGETS.BLOCK,
+        { id, canonicalId, canonicalMode },
+        () => useWorkflowStore.getState().setBlockCanonicalMode(id, canonicalId, canonicalMode)
+      )
     },
-    [isBaselineDiffView, activeWorkflowId, addToQueue, session?.user?.id]
+    [executeQueuedOperation]
   )
 
   const collaborativeBatchToggleBlockHandles = useCallback(
     (ids: string[]) => {
-      if (isBaselineDiffView) {
-        return
-      }
-
       if (ids.length === 0) return
 
       const previousStates: Record<string, boolean> = {}
@@ -1026,15 +995,11 @@ export function useCollaborativeWorkflow() {
 
       undoRedo.recordBatchToggleHandles(validIds, previousStates)
     },
-    [isBaselineDiffView, addToQueue, activeWorkflowId, session?.user?.id, undoRedo]
+    [addToQueue, activeWorkflowId, session?.user?.id, undoRedo]
   )
 
   const collaborativeBatchAddEdges = useCallback(
     (edges: Edge[], options?: { skipUndoRedo?: boolean }) => {
-      if (isBaselineDiffView) {
-        return false
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping batch add edges - not in active workflow')
         return false
@@ -1070,15 +1035,11 @@ export function useCollaborativeWorkflow() {
 
       return true
     },
-    [isBaselineDiffView, addToQueue, activeWorkflowId, session?.user?.id, isInActiveRoom, undoRedo]
+    [addToQueue, activeWorkflowId, session?.user?.id, isInActiveRoom, undoRedo]
   )
 
   const collaborativeBatchRemoveEdges = useCallback(
     (edgeIds: string[], options?: { skipUndoRedo?: boolean }) => {
-      if (isBaselineDiffView) {
-        return false
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping batch remove edges - not in active workflow')
         return false
@@ -1128,7 +1089,7 @@ export function useCollaborativeWorkflow() {
       logger.info('Batch removed edges', { count: validEdgeIds.length })
       return true
     },
-    [isBaselineDiffView, isInActiveRoom, addToQueue, activeWorkflowId, session, undoRedo]
+    [isInActiveRoom, addToQueue, activeWorkflowId, session, undoRedo]
   )
 
   const collaborativeSetSubblockValue = useCallback(
@@ -1204,10 +1165,6 @@ export function useCollaborativeWorkflow() {
     (blockId: string, subblockId: string, value: any) => {
       if (isApplyingRemoteChange.current) return
 
-      if (isBaselineDiffView) {
-        return
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping tag selection - not in active workflow', {
           currentWorkflowId,
@@ -1235,14 +1192,7 @@ export function useCollaborativeWorkflow() {
         userId: session?.user?.id || 'unknown',
       })
     },
-    [
-      isBaselineDiffView,
-      addToQueue,
-      currentWorkflowId,
-      activeWorkflowId,
-      session?.user?.id,
-      isInActiveRoom,
-    ]
+    [addToQueue, currentWorkflowId, activeWorkflowId, session?.user?.id, isInActiveRoom]
   )
 
   const collaborativeUpdateLoopType = useCallback(
@@ -1588,10 +1538,6 @@ export function useCollaborativeWorkflow() {
 
   const collaborativeBatchRemoveBlocks = useCallback(
     (blockIds: string[], options?: { skipUndoRedo?: boolean }) => {
-      if (isBaselineDiffView) {
-        return false
-      }
-
       if (!isInActiveRoom()) {
         logger.debug('Skipping batch remove blocks - not in active workflow')
         return false
@@ -1673,7 +1619,6 @@ export function useCollaborativeWorkflow() {
       return true
     },
     [
-      isBaselineDiffView,
       addToQueue,
       activeWorkflowId,
       session?.user?.id,

apps/sim/stores/operation-queue/store.ts

@@ -27,9 +27,6 @@ export function registerEmitFunctions(
   emitSubblockUpdate = subblockEmit
   emitVariableUpdate = variableEmit
   currentRegisteredWorkflowId = workflowId
-  if (workflowId) {
-    useOperationQueueStore.getState().processNextOperation()
-  }
 }
 
 let currentRegisteredWorkflowId: string | null = null
@@ -265,14 +262,16 @@ export const useOperationQueueStore = create<OperationQueueState>((set, get) =>
       return
     }
 
-    if (!currentRegisteredWorkflowId) {
+    const nextOperation = currentRegisteredWorkflowId
+      ? state.operations.find(
+          (op) => op.status === 'pending' && op.workflowId === currentRegisteredWorkflowId
+        )
+      : state.operations.find((op) => op.status === 'pending')
+    if (!nextOperation) {
       return
     }
 
-    const nextOperation = state.operations.find(
-      (op) => op.status === 'pending' && op.workflowId === currentRegisteredWorkflowId
-    )
-    if (!nextOperation) {
+    if (currentRegisteredWorkflowId && nextOperation.workflowId !== currentRegisteredWorkflowId) {
       return
     }
 

apps/sim/tools/supabase/storage_upload.ts

@@ -38,12 +38,11 @@ export const storageUploadTool: ToolConfig<
       visibility: 'user-or-llm',
       description: 'Optional folder path (e.g., "folder/subfolder/")',
     },
-    fileData: {
-      type: 'json',
+    fileContent: {
+      type: 'string',
       required: true,
       visibility: 'user-or-llm',
-      description:
-        'File to upload - UserFile object (basic mode) or string content (advanced mode: base64 or plain text). Supports data URLs.',
+      description: 'The file content (base64 encoded for binary files, or plain text)',
     },
     contentType: {
       type: 'string',
@@ -66,28 +65,65 @@ export const storageUploadTool: ToolConfig<
   },
 
   request: {
-    url: '/api/tools/supabase/storage-upload',
+    url: (params) => {
+      // Combine folder path and fileName, ensuring proper formatting
+      let fullPath = params.fileName
+      if (params.path) {
+        // Ensure path ends with / and doesn't have double slashes
+        const folderPath = params.path.endsWith('/') ? params.path : `${params.path}/`
+        fullPath = `${folderPath}${params.fileName}`
+      }
+      return `https://${params.projectId}.supabase.co/storage/v1/object/${params.bucket}/${fullPath}`
+    },
     method: 'POST',
-    headers: () => ({
-      'Content-Type': 'application/json',
-    }),
-    body: (params) => ({
-      projectId: params.projectId,
-      apiKey: params.apiKey,
-      bucket: params.bucket,
-      fileName: params.fileName,
-      path: params.path,
-      fileData: params.fileData,
-      contentType: params.contentType,
-      upsert: params.upsert,
-    }),
+    headers: (params) => {
+      const headers: Record<string, string> = {
+        apikey: params.apiKey,
+        Authorization: `Bearer ${params.apiKey}`,
+      }
+
+      if (params.contentType) {
+        headers['Content-Type'] = params.contentType
+      }
+
+      if (params.upsert) {
+        headers['x-upsert'] = 'true'
+      }
+
+      return headers
+    },
+    body: (params) => {
+      // Return the file content wrapped in an object
+      // The actual upload will need to handle this appropriately
+      return {
+        content: params.fileContent,
+      }
+    },
+  },
+
+  transformResponse: async (response: Response) => {
+    let data
+    try {
+      data = await response.json()
+    } catch (parseError) {
+      throw new Error(`Failed to parse Supabase storage upload response: ${parseError}`)
+    }
+
+    return {
+      success: true,
+      output: {
+        message: 'Successfully uploaded file to storage',
+        results: data,
+      },
+      error: undefined,
+    }
   },
 
   outputs: {
     message: { type: 'string', description: 'Operation status message' },
     results: {
       type: 'object',
-      description: 'Upload result including file path, bucket, and public URL',
+      description: 'Upload result including file path and metadata',
     },
   },
 }

apps/sim/tools/supabase/types.ts

@@ -136,7 +136,7 @@ export interface SupabaseStorageUploadParams {
   bucket: string
   fileName: string
   path?: string
-  fileData: any // UserFile object (basic mode) or string (advanced mode: base64/plain text)
+  fileContent: string
   contentType?: string
   upsert?: boolean
 }

docs/enterprise-faq-response.md

@@ -0,0 +1,362 @@
+# Enterprise Self-Hosting FAQ Response
+
+This document addresses common questions from enterprise customers regarding self-hosted Sim deployments.
+
+---
+
+## 1. Resource Requirements and Scalability
+
+### What drives resource consumption?
+
+Sim's resource requirements are driven by several memory-intensive components:
+
+| Component | Memory Driver | Description |
+|-----------|--------------|-------------|
+| **Isolated-VM** | High | JavaScript sandboxing for secure workflow code execution. Each concurrent workflow maintains an execution context in memory. |
+| **File Processing** | Medium-High | Documents (PDF, DOCX, XLSX, etc.) are parsed in-memory before chunking for knowledge base operations. |
+| **pgvector Operations** | Medium | Vector database operations for embeddings (1536 dimensions per vector for knowledge base). |
+| **FFmpeg** | Variable | Media transcoding for audio/video processing happens synchronously in memory. |
+| **Sharp** | Low-Medium | Image processing and manipulation. |
+
+### Actual Production Metrics
+
+Based on production telemetry from our cloud deployment:
+
+**Main Application (simstudio)**
+| Metric | Average | Peak | Notes |
+|--------|---------|------|-------|
+| CPU | ~10% | ~30% | Spikes during workflow execution |
+| Memory | ~35% | ~75% | Increases with concurrent workflows |
+
+**WebSocket Server (realtime)**
+| Metric | Average | Peak | Notes |
+|--------|---------|------|-------|
+| CPU | ~1-2% | ~30% | Very lightweight |
+| Memory | ~7% | ~13% | Scales with connected clients |
+
+### Recommended Resource Tiers
+
+Based on actual production data (60k+ users), we recommend the following tiers:
+
+#### Small (Development/Testing)
+- **CPU**: 2 cores
+- **RAM**: 12 GB
+- **Storage**: 20 GB SSD
+- **Use case**: 1-5 users, development, testing, light workloads
+
+#### Standard (Teams)
+- **CPU**: 4 cores
+- **RAM**: 16 GB
+- **Storage**: 50 GB SSD
+- **Use case**: 5-50 users, moderate workflow execution
+
+#### Production (Enterprise)
+- **CPU**: 8+ cores
+- **RAM**: 32+ GB
+- **Storage**: 100+ GB SSD
+- **Use case**: 50+ users, high availability, heavy workflow execution
+- **Note**: Consider running multiple replicas for high availability
+
+### Memory Breakdown (Standard Deployment)
+
+| Component | Recommended | Notes |
+|-----------|-------------|-------|
+| Main App | 6-8 GB | Handles workflow execution, API, UI (peaks to 12 GB under heavy load) |
+| WebSocket | 1 GB | Real-time updates (typically uses 300-500 MB) |
+| PostgreSQL + pgvector | 2-4 GB | Database with vector extensions |
+| OS/Buffer | 2-4 GB | System overhead, file cache |
+| **Total** | **~12-16 GB** | |
+
+### Scalability Considerations
+
+- **Horizontal scaling**: The main app and WebSocket server are stateless and can be scaled horizontally with a load balancer.
+- **Database**: PostgreSQL can be scaled vertically or replaced with managed services (Supabase, Neon, RDS).
+- **Workflow concurrency**: Each concurrent workflow execution consumes additional memory. Plan for peak usage.
+
+---
+
+## 2. Managing Releases in Enterprise Environments
+
+### Multi-Environment Strategy
+
+For enterprise deployments requiring dev/staging/production environments, we recommend deploying **separate Sim instances** for each environment:
+
+```
+┌─────────────┐    ┌─────────────┐    ┌─────────────┐
+│     Dev     │ -> │   Staging   │ -> │ Production  │
+│  Instance   │    │  Instance   │    │  Instance   │
+└─────────────┘    └─────────────┘    └─────────────┘
+       │                  │                  │
+       v                  v                  v
+   Develop            Test/QA            Deploy
+```
+
+**Advantages**:
+- Complete isolation between environments
+- Independent scaling per environment
+- No risk of accidental production changes
+- Environment-specific configurations and credentials
+
+### Promoting Changes Between Environments
+
+Sim provides multiple ways to move workflows, folders, and workspaces between environments:
+
+#### UI-Based Export/Import
+1. **Export** workflows, folders, or entire workspaces from the source environment via the UI
+2. **Import** into the target environment
+3. Configure environment-specific variables and credentials
+
+#### Admin APIs (Automation)
+For CI/CD integration, use the admin APIs to programmatically:
+- Export workflows, folders, and workspaces as JSON
+- Import configurations into target environments
+- Automate promotion pipelines between dev → staging → production
+
+### Version Control Within an Instance
+
+Within a single Sim instance, the **Deploy Modal** provides version control:
+
+1. **Draft Mode**: Edit and test workflows without affecting the live version
+2. **Explicit Deploy**: The live version is **not updated** until you explicitly click Deploy
+3. **Snapshots**: Each deployment creates a snapshot of the workflow state
+4. **Rollback**: Revert to any previous version at any time with one click
+
+This allows teams to:
+- Safely iterate on workflows without disrupting production
+- Test changes before making them live
+- Quickly recover from issues by rolling back
+
+---
+
+## 3. Stable Releases and Backward Compatibility
+
+### Versioning Strategy
+
+Sim uses the following versioning scheme:
+- **Major versions** (0.x): e.g., 0.5, 0.6 - New major features
+- **Minor versions** (0.x.y): e.g., 0.5.1, 0.5.2 - Incremental updates, bug fixes
+
+### Backward Compatibility Guarantees
+
+**Forward upgrades are safe:**
+- Changes are **additive** - new features don't break existing workflows
+- We ensure no breaking changes between versions
+- Breaking changes are announced in advance when necessary
+- Database migrations are automatic and handle schema changes
+
+**Rollbacks are not guaranteed:**
+- Rolling back to an older version may break things due to database schema changes
+- Always backup your database before upgrading
+- If you need to rollback, restore from a database backup taken before the upgrade
+
+### Upgrade Best Practices
+
+1. **Backup first**: Always backup your database before upgrading
+2. **Review release notes**: Check for any announced changes
+3. **Test in staging**: Upgrade your staging environment first
+4. **Monitor after upgrade**: Verify workflows continue to function correctly
+
+### Enterprise Support
+
+For enterprise customers requiring additional stability guarantees:
+- Contact us for support arrangements
+- We can provide guidance on upgrade planning
+- Security patches are prioritized for supported versions
+
+---
+
+## 4. OAuth and OIDC Providers
+
+### Built-in OAuth Providers (Environment Variables)
+
+Only the following providers can be configured via environment variables:
+
+| Provider | Environment Variables |
+|----------|----------------------|
+| **GitHub** | `GITHUB_CLIENT_ID`, `GITHUB_CLIENT_SECRET` |
+| **Google** | `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` |
+
+There are no plans to add additional OAuth providers via environment variables.
+
+### All Other Identity Providers (SSO)
+
+For any other identity providers, configure SSO through the app settings:
+
+1. Enable SSO in environment variables:
+   ```
+   SSO_ENABLED=true
+   NEXT_PUBLIC_SSO_ENABLED=true
+   ```
+
+2. Configure your identity provider in the app's SSO settings UI
+
+Supported protocols:
+- SAML 2.0
+- OpenID Connect (OIDC)
+
+Compatible with any OIDC/SAML provider including:
+- Okta
+- Azure AD / Entra ID
+- Auth0
+- Ping Identity
+- OneLogin
+- Custom OIDC providers
+
+---
+
+## 5. Known Issues and Workarounds
+
+### SSO Save Button Disabled
+
+**Issue**: The 'Save' button remains disabled when configuring SSO.
+
+**Cause**: The form has strict validation on all required fields. The button remains disabled until ALL validations pass.
+
+**Required fields for OIDC**:
+- Provider ID (letters, numbers, dashes only)
+- Issuer URL (must be HTTPS, except for localhost)
+- Domain (no `https://` prefix, must be valid domain format)
+- Client ID
+- Client Secret
+- Scopes (defaults to `openid,profile,email`)
+
+**Required fields for SAML**:
+- Provider ID
+- Issuer URL
+- Domain
+- Entry Point URL
+- Certificate
+
+**Common validation issues**:
+1. **Domain field**: Do NOT include `https://` - enter only the domain (e.g., `login.okta.com` not `https://login.okta.com`)
+2. **Issuer URL**: Must use HTTPS protocol (except localhost for testing)
+3. **Provider ID**: Only lowercase letters, numbers, and dashes allowed (e.g., `okta-prod`)
+
+**Debugging**:
+- Open browser DevTools console to check for JavaScript errors
+- Ensure `SSO_ENABLED=true` and `NEXT_PUBLIC_SSO_ENABLED=true` environment variables are set
+- Try using one of the suggested provider IDs from the dropdown (e.g., `okta`, `azure-ad`)
+
+### Access Control Group Creation
+
+**Issue**: Button appears enabled but nothing happens when clicked.
+
+**Cause**: For self-hosted deployments, an organization must be created via the admin API before access control groups can be used.
+
+**Required Setup**:
+
+1. **Enable required environment variables**:
+   ```env
+   ADMIN_API_KEY=your-admin-api-key
+   ACCESS_CONTROL_ENABLED=true
+   ORGANIZATIONS_ENABLED=true
+   NEXT_PUBLIC_ACCESS_CONTROL_ENABLED=true
+   NEXT_PUBLIC_ORGANIZATIONS_ENABLED=true
+   ```
+
+2. **Create an organization via admin API**:
+   ```bash
+   # List users to get admin user ID
+   curl -H "x-admin-key: $ADMIN_API_KEY" \
+     "https://your-sim-instance.com/api/v1/admin/users?limit=10"
+
+   # Create organization
+   curl -X POST https://your-sim-instance.com/api/v1/admin/organizations \
+     -H "x-admin-key: $ADMIN_API_KEY" \
+     -H "Content-Type: application/json" \
+     -d '{"name": "Your Organization", "slug": "your-org", "ownerId": "<user-id-from-step-1>"}'
+
+   # Add members to organization
+   curl -X POST https://your-sim-instance.com/api/v1/admin/organizations/<org-id>/members \
+     -H "x-admin-key: $ADMIN_API_KEY" \
+     -H "Content-Type: application/json" \
+     -d '{"userId": "<user-id>", "role": "member"}'
+   ```
+
+3. **Create permission groups**: After the organization is set up, go to Settings > Permission Groups in the UI.
+
+---
+
+## 6. File Storage Configuration
+
+### Supported Storage Backends
+
+Sim supports multiple storage backends for file storage:
+
+#### Local Storage (Default)
+Files are stored on the local filesystem. Suitable for development and single-node deployments.
+
+#### AWS S3
+```env
+AWS_REGION=us-east-1
+AWS_ACCESS_KEY_ID=your-access-key
+AWS_SECRET_ACCESS_KEY=your-secret-key
+S3_BUCKET_NAME=sim-files
+S3_KB_BUCKET_NAME=sim-knowledge-base
+S3_EXECUTION_FILES_BUCKET_NAME=sim-execution-files
+S3_CHAT_BUCKET_NAME=sim-chat-files
+```
+
+#### Azure Blob Storage
+
+You can configure Azure Blob Storage using either a connection string or account name/key:
+
+**Option 1: Connection String**
+```env
+AZURE_CONNECTION_STRING=DefaultEndpointsProtocol=https;AccountName=...;AccountKey=...;EndpointSuffix=core.windows.net
+AZURE_STORAGE_CONTAINER_NAME=sim-files
+AZURE_STORAGE_KB_CONTAINER_NAME=sim-knowledge-base
+AZURE_STORAGE_EXECUTION_FILES_CONTAINER_NAME=sim-execution-files
+AZURE_STORAGE_CHAT_CONTAINER_NAME=sim-chat-files
+```
+
+**Option 2: Account Name and Key**
+```env
+AZURE_ACCOUNT_NAME=your-storage-account
+AZURE_ACCOUNT_KEY=your-storage-key
+AZURE_STORAGE_CONTAINER_NAME=sim-files
+AZURE_STORAGE_KB_CONTAINER_NAME=sim-knowledge-base
+AZURE_STORAGE_EXECUTION_FILES_CONTAINER_NAME=sim-execution-files
+AZURE_STORAGE_CHAT_CONTAINER_NAME=sim-chat-files
+```
+
+Both options are fully supported. The connection string is automatically parsed to extract credentials when needed for operations like presigned URL generation.
+
+---
+
+## 7. Knowledge Base Configuration
+
+### Required Environment Variables
+
+```env
+# OpenAI API key for embeddings
+OPENAI_API_KEY=your-openai-api-key
+
+# Embedding model configuration (optional)
+KB_OPENAI_MODEL_NAME=text-embedding-3-small
+```
+
+### Embedding Model Compatibility
+
+**Supported models**:
+- `text-embedding-3-small` (default, 1536 dimensions)
+- `text-embedding-3-large` (1536 dimensions, automatically reduced from 3072)
+- `text-embedding-ada-002` (1536 dimensions)
+
+All text-embedding-3-* models automatically use 1536 dimensions to match the database schema. This allows you to use `text-embedding-3-large` for higher quality embeddings without schema modifications.
+
+### Database Requirements
+
+The knowledge base requires PostgreSQL with the pgvector extension:
+- PostgreSQL 12+ with pgvector
+- The `vector` extension must be enabled
+- Tables are created automatically during migration
+
+---
+
+## Questions?
+
+For additional support:
+- Documentation: https://docs.sim.ai
+- GitHub Issues: https://github.com/simstudioai/sim/issues
+- Enterprise Support: Contact your account representative