v0.2.11: fix + feat + improvement

v0.2.11: fix + feat + improvement

apps/docs/content/docs/blocks/function.mdx

@@ -88,9 +88,8 @@ For security and performance reasons, function execution has certain limitations
 
 ### Outputs
 
-- **Result**: The value returned by your function
-- **Standard Output**: Any console output from your function
-- **Execution Time**: The time taken to execute your function (in milliseconds)
+- **result**: The value returned by your function
+- **stdout**: Any console output from your function
 
 ## Example Usage
 

apps/docs/content/docs/blocks/response.mdx

@@ -115,14 +115,9 @@ Headers are configured as key-value pairs:
   </Tab>
   <Tab>
     <ul className="list-disc space-y-2 pl-6">
-      <li>
-        <strong>response</strong>: Complete response object containing:
-        <ul className="list-disc space-y-1 pl-6 mt-2">
-          <li><strong>data</strong>: The response body data</li>
-          <li><strong>status</strong>: HTTP status code</li>
-          <li><strong>headers</strong>: Response headers</li>
-        </ul>
-      </li>
+      <li><strong>data</strong>: The response body data</li>
+      <li><strong>status</strong>: HTTP status code</li>
+      <li><strong>headers</strong>: Response headers</li>
     </ul>
   </Tab>
 </Tabs>

apps/docs/content/docs/tools/airtable.mdx

@@ -182,10 +182,9 @@ Update multiple existing records in an Airtable table
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `records` | json | records of the response |
-| ↳ `record` | json | record of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `records` | json | records output from the block |
+| `record` | json | record output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/autoblocks.mdx

@@ -174,11 +174,10 @@ Manage and render prompts using Autoblocks prompt management system
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `promptId` | string | promptId of the response |
-| ↳ `version` | string | version of the response |
-| ↳ `renderedPrompt` | string | renderedPrompt of the response |
-| ↳ `templates` | json | templates of the response |
+| `promptId` | string | promptId output from the block |
+| `version` | string | version output from the block |
+| `renderedPrompt` | string | renderedPrompt output from the block |
+| `templates` | json | templates output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/browser_use.mdx

@@ -102,11 +102,10 @@ Runs a browser automation task using BrowserUse
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `id` | string | id of the response |
-| ↳ `success` | boolean | success of the response |
-| ↳ `output` | any | output of the response |
-| ↳ `steps` | json | steps of the response |
+| `id` | string | id output from the block |
+| `success` | boolean | success output from the block |
+| `output` | any | output output from the block |
+| `steps` | json | steps output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/clay.mdx

@@ -238,8 +238,7 @@ Populate Clay with data from a JSON file. Enables direct communication and notif
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `data` | any | data of the response |
+| `data` | any | data output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/confluence.mdx

@@ -113,12 +113,11 @@ Update a Confluence page using the Confluence API.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `ts` | string | ts of the response |
-| ↳ `pageId` | string | pageId of the response |
-| ↳ `content` | string | content of the response |
-| ↳ `title` | string | title of the response |
-| ↳ `success` | boolean | success of the response |
+| `ts` | string | ts output from the block |
+| `pageId` | string | pageId output from the block |
+| `content` | string | content output from the block |
+| `title` | string | title output from the block |
+| `success` | boolean | success output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/discord.mdx

@@ -150,9 +150,8 @@ Retrieve information about a Discord user
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `message` | string | message of the response |
-| ↳ `data` | any | data of the response |
+| `message` | string | message output from the block |
+| `data` | any | data output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/elevenlabs.mdx

@@ -80,8 +80,7 @@ Convert TTS using ElevenLabs voices
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `audioUrl` | string | audioUrl of the response |
+| `audioUrl` | string | audioUrl output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/exa.mdx

@@ -158,11 +158,10 @@ Get an AI-generated answer to a question with citations from the web using Exa A
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `results` | json | results of the response |
-| ↳ `similarLinks` | json | similarLinks of the response |
-| ↳ `answer` | string | answer of the response |
-| ↳ `citations` | json | citations of the response |
+| `results` | json | results output from the block |
+| `similarLinks` | json | similarLinks output from the block |
+| `answer` | string | answer output from the block |
+| `citations` | json | citations output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/file.mdx

@@ -87,9 +87,8 @@ This tool does not produce any outputs.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `files` | json | files of the response |
-| ↳ `combinedContent` | string | combinedContent of the response |
+| `files` | json | files output from the block |
+| `combinedContent` | string | combinedContent output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/firecrawl.mdx

@@ -111,12 +111,11 @@ Search for information on the web using Firecrawl
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `markdown` | string | markdown of the response |
-| ↳ `html` | any | html of the response |
-| ↳ `metadata` | json | metadata of the response |
-| ↳ `data` | json | data of the response |
-| ↳ `warning` | any | warning of the response |
+| `markdown` | string | markdown output from the block |
+| `html` | any | html output from the block |
+| `metadata` | json | metadata output from the block |
+| `data` | json | data output from the block |
+| `warning` | any | warning output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/github.mdx

@@ -174,9 +174,8 @@ Retrieve the latest commit from a GitHub repository
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/gmail.mdx

@@ -130,9 +130,8 @@ No configuration parameters required.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/google_calendar.mdx

@@ -228,9 +228,8 @@ Invite attendees to an existing Google Calendar event
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/google_docs.mdx

@@ -159,10 +159,9 @@ Create a new Google Docs document
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
-| ↳ `updatedContent` | boolean | updatedContent of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
+| `updatedContent` | boolean | updatedContent output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/google_drive.mdx

@@ -177,9 +177,8 @@ List files and folders in Google Drive
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `file` | json | file of the response |
-| ↳ `files` | json | files of the response |
+| `file` | json | file output from the block |
+| `files` | json | files output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/google_search.mdx

@@ -101,7 +101,11 @@ Search the web with the Custom Search API
 
 ### Outputs
 
-This block does not produce any outputs.
+| Output | Type | Description |
+| ------ | ---- | ----------- |
+| `items` | json | items output from the block |
+| `searchInformation` | json | searchInformation output from the block |
+
 
 ## Notes
 

apps/docs/content/docs/tools/google_sheets.mdx

@@ -212,14 +212,13 @@ Append data to the end of a Google Sheets spreadsheet
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `data` | json | data of the response |
-| ↳ `metadata` | json | metadata of the response |
-| ↳ `updatedRange` | string | updatedRange of the response |
-| ↳ `updatedRows` | number | updatedRows of the response |
-| ↳ `updatedColumns` | number | updatedColumns of the response |
-| ↳ `updatedCells` | number | updatedCells of the response |
-| ↳ `tableRange` | string | tableRange of the response |
+| `data` | json | data output from the block |
+| `metadata` | json | metadata output from the block |
+| `updatedRange` | string | updatedRange output from the block |
+| `updatedRows` | number | updatedRows output from the block |
+| `updatedColumns` | number | updatedColumns output from the block |
+| `updatedCells` | number | updatedCells output from the block |
+| `tableRange` | string | tableRange output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/guesty.mdx

@@ -107,15 +107,14 @@ Search for guests in Guesty by phone number
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `id` | string | id of the response |
-| ↳ `guest` | json | guest of the response |
-| ↳ `checkIn` | string | checkIn of the response |
-| ↳ `checkOut` | string | checkOut of the response |
-| ↳ `status` | string | status of the response |
-| ↳ `listing` | json | listing of the response |
-| ↳ `money` | json | money of the response |
-| ↳ `guests` | json | guests of the response |
+| `id` | string | id output from the block |
+| `guest` | json | guest output from the block |
+| `checkIn` | string | checkIn output from the block |
+| `checkOut` | string | checkOut output from the block |
+| `status` | string | status output from the block |
+| `listing` | json | listing output from the block |
+| `money` | json | money output from the block |
+| `guests` | json | guests output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/huggingface.mdx

@@ -115,10 +115,9 @@ Generate completions using Hugging Face Inference API
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `model` | string | model of the response |
-| ↳ `usage` | json | usage of the response |
+| `content` | string | content output from the block |
+| `model` | string | model output from the block |
+| `usage` | json | usage output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/image_generator.mdx

@@ -93,10 +93,9 @@ Generate images using OpenAI
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `image` | string | image of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `content` | string | content output from the block |
+| `image` | string | image output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/jina.mdx

@@ -101,8 +101,7 @@ Extract and process web content into clean, LLM-friendly text using Jina AI Read
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
+| `content` | string | content output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/jira.mdx

@@ -165,15 +165,14 @@ Retrieve multiple Jira issues in bulk
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `ts` | string | ts of the response |
-| ↳ `issueKey` | string | issueKey of the response |
-| ↳ `summary` | string | summary of the response |
-| ↳ `description` | string | description of the response |
-| ↳ `created` | string | created of the response |
-| ↳ `updated` | string | updated of the response |
-| ↳ `success` | boolean | success of the response |
-| ↳ `url` | string | url of the response |
+| `ts` | string | ts output from the block |
+| `issueKey` | string | issueKey output from the block |
+| `summary` | string | summary output from the block |
+| `description` | string | description output from the block |
+| `created` | string | created output from the block |
+| `updated` | string | updated output from the block |
+| `success` | boolean | success output from the block |
+| `url` | string | url output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/knowledge.mdx

@@ -66,6 +66,13 @@ Search for similar content in one or more knowledge bases using vector similarit
 | `knowledgeBaseIds` | string | Yes | ID of the knowledge base to search in, or comma-separated IDs for multiple knowledge bases |
 | `query` | string | Yes | Search query text |
 | `topK` | number | No | Number of most similar results to return \(1-100\) |
+| `tag1` | string | No | Filter by tag 1 value |
+| `tag2` | string | No | Filter by tag 2 value |
+| `tag3` | string | No | Filter by tag 3 value |
+| `tag4` | string | No | Filter by tag 4 value |
+| `tag5` | string | No | Filter by tag 5 value |
+| `tag6` | string | No | Filter by tag 6 value |
+| `tag7` | string | No | Filter by tag 7 value |
 
 #### Output
 
@@ -111,6 +118,13 @@ Create a new document in a knowledge base
 | `knowledgeBaseId` | string | Yes | ID of the knowledge base containing the document |
 | `name` | string | Yes | Name of the document |
 | `content` | string | Yes | Content of the document |
+| `tag1` | string | No | Tag 1 value for the document |
+| `tag2` | string | No | Tag 2 value for the document |
+| `tag3` | string | No | Tag 3 value for the document |
+| `tag4` | string | No | Tag 4 value for the document |
+| `tag5` | string | No | Tag 5 value for the document |
+| `tag6` | string | No | Tag 6 value for the document |
+| `tag7` | string | No | Tag 7 value for the document |
 
 #### Output
 
@@ -135,10 +149,9 @@ Create a new document in a knowledge base
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `results` | json | results of the response |
-| ↳ `query` | string | query of the response |
-| ↳ `totalResults` | number | totalResults of the response |
+| `results` | json | results output from the block |
+| `query` | string | query output from the block |
+| `totalResults` | number | totalResults output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/linear.mdx

@@ -105,9 +105,8 @@ Create a new issue in Linear
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `issues` | json | issues of the response |
-| ↳ `issue` | json | issue of the response |
+| `issues` | json | issues output from the block |
+| `issue` | json | issue output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/linkup.mdx

@@ -92,9 +92,8 @@ Search the web for information using Linkup
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `answer` | string | answer of the response |
-| ↳ `sources` | json | sources of the response |
+| `answer` | string | answer output from the block |
+| `sources` | json | sources output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/mem0.mdx

@@ -126,10 +126,9 @@ Retrieve memories from Mem0 by ID or filter criteria
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `ids` | any | ids of the response |
-| ↳ `memories` | any | memories of the response |
-| ↳ `searchResults` | any | searchResults of the response |
+| `ids` | any | ids output from the block |
+| `memories` | any | memories output from the block |
+| `searchResults` | any | searchResults output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/memory.mdx

@@ -124,9 +124,8 @@ Delete a specific memory by its ID
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `memories` | any | memories of the response |
-| ↳ `id` | string | id of the response |
+| `memories` | any | memories output from the block |
+| `id` | string | id output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/microsoft_excel.mdx

@@ -180,15 +180,14 @@ Add new rows to a Microsoft Excel table
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `data` | json | data of the response |
-| ↳ `metadata` | json | metadata of the response |
-| ↳ `updatedRange` | string | updatedRange of the response |
-| ↳ `updatedRows` | number | updatedRows of the response |
-| ↳ `updatedColumns` | number | updatedColumns of the response |
-| ↳ `updatedCells` | number | updatedCells of the response |
-| ↳ `index` | number | index of the response |
-| ↳ `values` | json | values of the response |
+| `data` | json | data output from the block |
+| `metadata` | json | metadata output from the block |
+| `updatedRange` | string | updatedRange output from the block |
+| `updatedRows` | number | updatedRows output from the block |
+| `updatedColumns` | number | updatedColumns output from the block |
+| `updatedCells` | number | updatedCells output from the block |
+| `index` | number | index output from the block |
+| `values` | json | values output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/microsoft_teams.mdx

@@ -205,10 +205,9 @@ Write or send a message to a Microsoft Teams channel
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
-| ↳ `updatedContent` | boolean | updatedContent of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
+| `updatedContent` | boolean | updatedContent output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/mistral_parse.mdx

@@ -122,9 +122,8 @@ This tool does not produce any outputs.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `content` | string | content output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/notion.mdx

@@ -117,9 +117,8 @@ Create a new page in Notion
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `metadata` | any | metadata of the response |
+| `content` | string | content output from the block |
+| `metadata` | any | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/openai.mdx

@@ -88,10 +88,9 @@ Generate embeddings from text using OpenAI
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `embeddings` | json | embeddings of the response |
-| ↳ `model` | string | model of the response |
-| ↳ `usage` | json | usage of the response |
+| `embeddings` | json | embeddings output from the block |
+| `model` | string | model output from the block |
+| `usage` | json | usage output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/outlook.mdx

@@ -225,9 +225,8 @@ Read emails from Outlook
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `message` | string | message of the response |
-| ↳ `results` | json | results of the response |
+| `message` | string | message output from the block |
+| `results` | json | results output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/perplexity.mdx

@@ -83,10 +83,9 @@ Generate completions using Perplexity AI chat models
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `model` | string | model of the response |
-| ↳ `usage` | json | usage of the response |
+| `content` | string | content output from the block |
+| `model` | string | model output from the block |
+| `usage` | json | usage output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/pinecone.mdx

@@ -181,13 +181,12 @@ Fetch vectors by ID from a Pinecone index
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `matches` | any | matches of the response |
-| ↳ `upsertedCount` | any | upsertedCount of the response |
-| ↳ `data` | any | data of the response |
-| ↳ `model` | any | model of the response |
-| ↳ `vector_type` | any | vector_type of the response |
-| ↳ `usage` | any | usage of the response |
+| `matches` | any | matches output from the block |
+| `upsertedCount` | any | upsertedCount output from the block |
+| `data` | any | data output from the block |
+| `model` | any | model output from the block |
+| `vector_type` | any | vector_type output from the block |
+| `usage` | any | usage output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/reddit.mdx

@@ -129,11 +129,10 @@ Fetch comments from a specific Reddit post
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `subreddit` | string | subreddit of the response |
-| ↳ `posts` | json | posts of the response |
-| ↳ `post` | json | post of the response |
-| ↳ `comments` | json | comments of the response |
+| `subreddit` | string | subreddit output from the block |
+| `posts` | json | posts output from the block |
+| `post` | json | post output from the block |
+| `comments` | json | comments output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/s3.mdx

@@ -89,9 +89,8 @@ Retrieve an object from an AWS S3 bucket
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `url` | string | url of the response |
-| ↳ `metadata` | json | metadata of the response |
+| `url` | string | url output from the block |
+| `metadata` | json | metadata output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/serper.mdx

@@ -121,8 +121,7 @@ A powerful web search tool that provides access to Google search results through
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `searchResults` | json | searchResults of the response |
+| `searchResults` | json | searchResults output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/slack.mdx

@@ -98,9 +98,8 @@ Send messages to Slack channels or users through the Slack API. Supports Slack m
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `ts` | string | ts of the response |
-| ↳ `channel` | string | channel of the response |
+| `ts` | string | ts output from the block |
+| `channel` | string | channel output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/stagehand.mdx

@@ -232,8 +232,7 @@ Extract structured data from a webpage using Stagehand
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `data` | json | data of the response |
+| `data` | json | data output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/stagehand_agent.mdx

@@ -240,9 +240,8 @@ Run an autonomous web agent to complete tasks and extract structured data
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `agentResult` | json | agentResult of the response |
-| ↳ `structuredOutput` | any | structuredOutput of the response |
+| `agentResult` | json | agentResult output from the block |
+| `structuredOutput` | any | structuredOutput output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/supabase.mdx

@@ -127,9 +127,8 @@ Insert data into a Supabase table
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `message` | string | message of the response |
-| ↳ `results` | json | results of the response |
+| `message` | string | message output from the block |
+| `results` | json | results output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/tavily.mdx

@@ -121,13 +121,12 @@ Extract raw content from multiple web pages simultaneously using Tavily
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `results` | json | results of the response |
-| ↳ `answer` | any | answer of the response |
-| ↳ `query` | string | query of the response |
-| ↳ `content` | string | content of the response |
-| ↳ `title` | string | title of the response |
-| ↳ `url` | string | url of the response |
+| `results` | json | results output from the block |
+| `answer` | any | answer output from the block |
+| `query` | string | query output from the block |
+| `content` | string | content output from the block |
+| `title` | string | title output from the block |
+| `url` | string | url output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/telegram.mdx

@@ -121,9 +121,8 @@ Send messages to Telegram channels or users through the Telegram Bot API. Enable
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `ok` | boolean | ok of the response |
-| ↳ `result` | json | result of the response |
+| `ok` | boolean | ok output from the block |
+| `result` | json | result output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/thinking.mdx

@@ -87,8 +87,7 @@ Processes a provided thought/instruction, making it available for subsequent ste
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `acknowledgedThought` | string | acknowledgedThought of the response |
+| `acknowledgedThought` | string | acknowledgedThought output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/translate.mdx

@@ -95,10 +95,9 @@ This tool does not produce any outputs.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `model` | string | model of the response |
-| ↳ `tokens` | any | tokens of the response |
+| `content` | string | content output from the block |
+| `model` | string | model output from the block |
+| `tokens` | any | tokens output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/twilio_sms.mdx

@@ -78,11 +78,10 @@ Send text messages to single or multiple recipients using the Twilio API.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `success` | boolean | success of the response |
-| ↳ `messageId` | any | messageId of the response |
-| ↳ `status` | any | status of the response |
-| ↳ `error` | any | error of the response |
+| `success` | boolean | success output from the block |
+| `messageId` | any | messageId output from the block |
+| `status` | any | status output from the block |
+| `error` | any | error output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/typeform.mdx

@@ -126,10 +126,9 @@ This tool does not produce any outputs.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `total_items` | number | total_items of the response |
-| ↳ `page_count` | number | page_count of the response |
-| ↳ `items` | json | items of the response |
+| `total_items` | number | total_items output from the block |
+| `page_count` | number | page_count output from the block |
+| `items` | json | items output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/vision.mdx

@@ -90,10 +90,9 @@ Process and analyze images using advanced vision models. Capable of understandin
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `content` | string | content of the response |
-| ↳ `model` | any | model of the response |
-| ↳ `tokens` | any | tokens of the response |
+| `content` | string | content output from the block |
+| `model` | any | model output from the block |
+| `tokens` | any | tokens output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/whatsapp.mdx

@@ -79,10 +79,9 @@ Send WhatsApp messages
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `success` | boolean | success of the response |
-| ↳ `messageId` | any | messageId of the response |
-| ↳ `error` | any | error of the response |
+| `success` | boolean | success output from the block |
+| `messageId` | any | messageId output from the block |
+| `error` | any | error output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/x.mdx

@@ -145,15 +145,14 @@ Get user profile information
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `tweet` | json | tweet of the response |
-| ↳ `replies` | any | replies of the response |
-| ↳ `context` | any | context of the response |
-| ↳ `tweets` | json | tweets of the response |
-| ↳ `includes` | any | includes of the response |
-| ↳ `meta` | json | meta of the response |
-| ↳ `user` | json | user of the response |
-| ↳ `recentTweets` | any | recentTweets of the response |
+| `tweet` | json | tweet output from the block |
+| `replies` | any | replies output from the block |
+| `context` | any | context output from the block |
+| `tweets` | json | tweets output from the block |
+| `includes` | any | includes output from the block |
+| `meta` | json | meta output from the block |
+| `user` | json | user output from the block |
+| `recentTweets` | any | recentTweets output from the block |
 
 
 ## Notes

apps/docs/content/docs/tools/youtube.mdx

@@ -82,9 +82,8 @@ Search for videos on YouTube using the YouTube Data API.
 
 | Output | Type | Description |
 | ------ | ---- | ----------- |
-| `response` | object | Output from response |
-| ↳ `items` | json | items of the response |
-| ↳ `totalResults` | number | totalResults of the response |
+| `items` | json | items output from the block |
+| `totalResults` | number | totalResults output from the block |
 
 
 ## Notes

apps/sim/.env.example

@@ -15,5 +15,3 @@ ENCRYPTION_KEY=your_encryption_key  # Use `openssl rand -hex 32` to generate
 # RESEND_API_KEY=  # Uncomment and add your key from https://resend.com to send actual emails
                    # If left commented out, emails will be logged to console instead
 
-# Freestyle API Key (Required for sandboxed code execution for functions/custom-tools)
-# FREESTYLE_API_KEY= # Uncomment and add your key from https://docs.freestyle.sh/Getting-Started/run

apps/sim/app/(landing)/components/waitlist-form.tsx

@@ -1,116 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { z } from 'zod'
-import { Button } from '@/components/ui/button'
-import { Input } from '@/components/ui/input'
-
-const emailSchema = z.string().email('Please enter a valid email')
-
-export default function WaitlistForm() {
-  const [email, setEmail] = useState('')
-  const [isSubmitting, setIsSubmitting] = useState(false)
-  const [status, setStatus] = useState<'idle' | 'success' | 'error' | 'exists' | 'ratelimited'>(
-    'idle'
-  )
-  const [_errorMessage, setErrorMessage] = useState('')
-  const [_retryAfter, setRetryAfter] = useState<number | null>(null)
-
-  const handleSubmit = async (e: React.FormEvent) => {
-    e.preventDefault()
-    setStatus('idle')
-    setErrorMessage('')
-    setRetryAfter(null)
-
-    try {
-      // Validate email
-      emailSchema.parse(email)
-
-      setIsSubmitting(true)
-      const response = await fetch('/api/waitlist', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
-        body: JSON.stringify({ email }),
-      })
-
-      const data = await response.json()
-
-      if (!response.ok) {
-        // Check for rate limiting (429 status)
-        if (response.status === 429) {
-          setStatus('ratelimited')
-          setErrorMessage(data.message || 'Too many attempts. Please try again later.')
-          setRetryAfter(data.retryAfter || 60)
-        }
-        // Check if the error is because the email already exists
-        else if (response.status === 400 && data.message?.includes('already exists')) {
-          setStatus('exists')
-          setErrorMessage('Already on the waitlist')
-        } else {
-          setStatus('error')
-          setErrorMessage(data.message || 'Failed to join waitlist')
-        }
-        return
-      }
-
-      setStatus('success')
-      setEmail('')
-    } catch (_error) {
-      setStatus('error')
-      setErrorMessage('Please try again')
-    } finally {
-      setIsSubmitting(false)
-    }
-  }
-
-  const getButtonText = () => {
-    if (isSubmitting) return 'Joining...'
-    if (status === 'success') return 'Joined!'
-    if (status === 'error') return 'Try again'
-    if (status === 'exists') return 'Already joined'
-    if (status === 'ratelimited') return 'Try again later'
-    return 'Join waitlist'
-  }
-
-  const getButtonStyle = () => {
-    switch (status) {
-      case 'success':
-        return 'bg-green-500 hover:bg-green-600'
-      case 'error':
-        return 'bg-red-500 hover:bg-red-600'
-      case 'exists':
-        return 'bg-amber-500 hover:bg-amber-600'
-      case 'ratelimited':
-        return 'bg-gray-500 hover:bg-gray-600'
-      default:
-        return 'bg-white text-black hover:bg-gray-100'
-    }
-  }
-
-  return (
-    <form
-      onSubmit={handleSubmit}
-      className='mx-auto mt-8 flex max-w-lg flex-col items-center gap-3'
-    >
-      <div className='flex w-full gap-3'>
-        <Input
-          type='email'
-          placeholder='you@example.com'
-          className='h-[49px] flex-1 rounded-md border-white/20 bg-[#020817] text-sm focus:border-white/30 focus:ring-white/30 md:text-md lg:text-[16px]'
-          value={email}
-          onChange={(e) => setEmail(e.target.value)}
-          disabled={isSubmitting || status === 'ratelimited'}
-        />
-        <Button
-          type='submit'
-          className={`h-[48px] rounded-md px-8 text-sm md:text-md ${getButtonStyle()}`}
-          disabled={isSubmitting || status === 'ratelimited'}
-        >
-          {getButtonText()}
-        </Button>
-      </div>
-    </form>
-  )
-}

apps/sim/app/api/__test-utils__/utils.ts

@@ -619,6 +619,13 @@ export function mockKnowledgeSchemas() {
       processingCompletedAt: 'processing_completed_at',
       processingError: 'processing_error',
       enabled: 'enabled',
+      tag1: 'tag1',
+      tag2: 'tag2',
+      tag3: 'tag3',
+      tag4: 'tag4',
+      tag5: 'tag5',
+      tag6: 'tag6',
+      tag7: 'tag7',
       uploadedAt: 'uploaded_at',
       deletedAt: 'deleted_at',
     },
@@ -631,6 +638,13 @@ export function mockKnowledgeSchemas() {
       embedding: 'embedding',
       tokenCount: 'token_count',
       characterCount: 'character_count',
+      tag1: 'tag1',
+      tag2: 'tag2',
+      tag3: 'tag3',
+      tag4: 'tag4',
+      tag5: 'tag5',
+      tag6: 'tag6',
+      tag7: 'tag7',
       createdAt: 'created_at',
     },
   }))

apps/sim/app/api/billing/daily/route.ts

@@ -0,0 +1,109 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { verifyCronAuth } from '@/lib/auth/internal'
+import { processDailyBillingCheck } from '@/lib/billing/core/billing'
+import { createLogger } from '@/lib/logs/console-logger'
+
+const logger = createLogger('DailyBillingCron')
+
+/**
+ * Daily billing CRON job endpoint that checks individual billing periods
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const authError = verifyCronAuth(request, 'daily billing check')
+    if (authError) {
+      return authError
+    }
+
+    logger.info('Starting daily billing check cron job')
+
+    const startTime = Date.now()
+
+    // Process overage billing for users and organizations with periods ending today
+    const result = await processDailyBillingCheck()
+
+    const duration = Date.now() - startTime
+
+    if (result.success) {
+      logger.info('Daily billing check completed successfully', {
+        processedUsers: result.processedUsers,
+        processedOrganizations: result.processedOrganizations,
+        totalChargedAmount: result.totalChargedAmount,
+        duration: `${duration}ms`,
+      })
+
+      return NextResponse.json({
+        success: true,
+        summary: {
+          processedUsers: result.processedUsers,
+          processedOrganizations: result.processedOrganizations,
+          totalChargedAmount: result.totalChargedAmount,
+          duration: `${duration}ms`,
+        },
+      })
+    }
+
+    logger.error('Daily billing check completed with errors', {
+      processedUsers: result.processedUsers,
+      processedOrganizations: result.processedOrganizations,
+      totalChargedAmount: result.totalChargedAmount,
+      errorCount: result.errors.length,
+      errors: result.errors,
+      duration: `${duration}ms`,
+    })
+
+    return NextResponse.json(
+      {
+        success: false,
+        summary: {
+          processedUsers: result.processedUsers,
+          processedOrganizations: result.processedOrganizations,
+          totalChargedAmount: result.totalChargedAmount,
+          errorCount: result.errors.length,
+          duration: `${duration}ms`,
+        },
+        errors: result.errors,
+      },
+      { status: 500 }
+    )
+  } catch (error) {
+    logger.error('Fatal error in monthly billing cron job', { error })
+
+    return NextResponse.json(
+      {
+        success: false,
+        error: 'Internal server error during daily billing check',
+        details: error instanceof Error ? error.message : 'Unknown error',
+      },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * GET endpoint for manual testing and health checks
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const authError = verifyCronAuth(request, 'daily billing check health check')
+    if (authError) {
+      return authError
+    }
+
+    return NextResponse.json({
+      status: 'ready',
+      message:
+        'Daily billing check cron job is ready to process users and organizations with periods ending today',
+      currentDate: new Date().toISOString().split('T')[0],
+    })
+  } catch (error) {
+    logger.error('Error in billing health check', { error })
+    return NextResponse.json(
+      {
+        status: 'error',
+        error: error instanceof Error ? error.message : 'Unknown error',
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/billing/route.ts

@@ -0,0 +1,116 @@
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { getSimplifiedBillingSummary } from '@/lib/billing/core/billing'
+import { getOrganizationBillingData } from '@/lib/billing/core/organization-billing'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { member } from '@/db/schema'
+
+const logger = createLogger('UnifiedBillingAPI')
+
+/**
+ * Unified Billing Endpoint
+ */
+export async function GET(request: NextRequest) {
+  const session = await getSession()
+
+  try {
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const context = searchParams.get('context') || 'user'
+    const contextId = searchParams.get('id')
+
+    // Validate context parameter
+    if (!['user', 'organization'].includes(context)) {
+      return NextResponse.json(
+        { error: 'Invalid context. Must be "user" or "organization"' },
+        { status: 400 }
+      )
+    }
+
+    // For organization context, require contextId
+    if (context === 'organization' && !contextId) {
+      return NextResponse.json(
+        { error: 'Organization ID is required when context=organization' },
+        { status: 400 }
+      )
+    }
+
+    let billingData
+
+    if (context === 'user') {
+      // Get user billing (may include organization if they're part of one)
+      billingData = await getSimplifiedBillingSummary(session.user.id, contextId || undefined)
+    } else {
+      // Get user role in organization for permission checks first
+      const memberRecord = await db
+        .select({ role: member.role })
+        .from(member)
+        .where(and(eq(member.organizationId, contextId!), eq(member.userId, session.user.id)))
+        .limit(1)
+
+      if (memberRecord.length === 0) {
+        return NextResponse.json(
+          { error: 'Access denied - not a member of this organization' },
+          { status: 403 }
+        )
+      }
+
+      // Get organization-specific billing
+      const rawBillingData = await getOrganizationBillingData(contextId!)
+
+      if (!rawBillingData) {
+        return NextResponse.json(
+          { error: 'Organization not found or access denied' },
+          { status: 404 }
+        )
+      }
+
+      // Transform data to match component expectations
+      billingData = {
+        organizationId: rawBillingData.organizationId,
+        organizationName: rawBillingData.organizationName,
+        subscriptionPlan: rawBillingData.subscriptionPlan,
+        subscriptionStatus: rawBillingData.subscriptionStatus,
+        totalSeats: rawBillingData.totalSeats,
+        usedSeats: rawBillingData.usedSeats,
+        totalCurrentUsage: rawBillingData.totalCurrentUsage,
+        totalUsageLimit: rawBillingData.totalUsageLimit,
+        averageUsagePerMember: rawBillingData.averageUsagePerMember,
+        billingPeriodStart: rawBillingData.billingPeriodStart?.toISOString() || null,
+        billingPeriodEnd: rawBillingData.billingPeriodEnd?.toISOString() || null,
+        members: rawBillingData.members.map((member) => ({
+          ...member,
+          joinedAt: member.joinedAt.toISOString(),
+          lastActive: member.lastActive?.toISOString() || null,
+        })),
+      }
+
+      const userRole = memberRecord[0].role
+
+      return NextResponse.json({
+        success: true,
+        context,
+        data: billingData,
+        userRole,
+      })
+    }
+
+    return NextResponse.json({
+      success: true,
+      context,
+      data: billingData,
+    })
+  } catch (error) {
+    logger.error('Failed to get billing data', {
+      userId: session?.user?.id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/billing/webhooks/stripe/route.ts

@@ -0,0 +1,116 @@
+import { headers } from 'next/headers'
+import { type NextRequest, NextResponse } from 'next/server'
+import type Stripe from 'stripe'
+import { requireStripeClient } from '@/lib/billing/stripe-client'
+import { handleInvoiceWebhook } from '@/lib/billing/webhooks/stripe-invoice-webhooks'
+import { env } from '@/lib/env'
+import { createLogger } from '@/lib/logs/console-logger'
+
+const logger = createLogger('StripeInvoiceWebhook')
+
+/**
+ * Stripe billing webhook endpoint for invoice-related events
+ * Endpoint: /api/billing/webhooks/stripe
+ * Handles: invoice.payment_succeeded, invoice.payment_failed, invoice.finalized
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.text()
+    const headersList = await headers()
+    const signature = headersList.get('stripe-signature')
+
+    if (!signature) {
+      logger.error('Missing Stripe signature header')
+      return NextResponse.json({ error: 'Missing Stripe signature' }, { status: 400 })
+    }
+
+    if (!env.STRIPE_WEBHOOK_SECRET) {
+      logger.error('Missing Stripe webhook secret configuration')
+      return NextResponse.json({ error: 'Webhook secret not configured' }, { status: 500 })
+    }
+
+    // Check if Stripe client is available
+    let stripe
+    try {
+      stripe = requireStripeClient()
+    } catch (stripeError) {
+      logger.error('Stripe client not available for webhook processing', {
+        error: stripeError,
+      })
+      return NextResponse.json({ error: 'Stripe client not configured' }, { status: 500 })
+    }
+
+    // Verify webhook signature
+    let event: Stripe.Event
+    try {
+      event = stripe.webhooks.constructEvent(body, signature, env.STRIPE_WEBHOOK_SECRET)
+    } catch (signatureError) {
+      logger.error('Invalid Stripe webhook signature', {
+        error: signatureError,
+        signature,
+      })
+      return NextResponse.json({ error: 'Invalid signature' }, { status: 400 })
+    }
+
+    logger.info('Received Stripe invoice webhook', {
+      eventId: event.id,
+      eventType: event.type,
+    })
+
+    // Handle specific invoice events
+    const supportedEvents = [
+      'invoice.payment_succeeded',
+      'invoice.payment_failed',
+      'invoice.finalized',
+    ]
+
+    if (supportedEvents.includes(event.type)) {
+      try {
+        await handleInvoiceWebhook(event)
+
+        logger.info('Successfully processed invoice webhook', {
+          eventId: event.id,
+          eventType: event.type,
+        })
+
+        return NextResponse.json({ received: true })
+      } catch (processingError) {
+        logger.error('Failed to process invoice webhook', {
+          eventId: event.id,
+          eventType: event.type,
+          error: processingError,
+        })
+
+        // Return 500 to tell Stripe to retry the webhook
+        return NextResponse.json({ error: 'Failed to process webhook' }, { status: 500 })
+      }
+    } else {
+      // Not a supported invoice event, ignore
+      logger.info('Ignoring unsupported webhook event', {
+        eventId: event.id,
+        eventType: event.type,
+        supportedEvents,
+      })
+
+      return NextResponse.json({ received: true })
+    }
+  } catch (error) {
+    logger.error('Fatal error in invoice webhook handler', {
+      error,
+      url: request.url,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * GET endpoint for webhook health checks
+ */
+export async function GET() {
+  return NextResponse.json({
+    status: 'healthy',
+    webhook: 'stripe-invoices',
+    events: ['invoice.payment_succeeded', 'invoice.payment_failed', 'invoice.finalized'],
+  })
+}

apps/sim/app/api/chat/[subdomain]/otp/route.ts

@@ -1,8 +1,7 @@
-import { render } from '@react-email/render'
 import { eq } from 'drizzle-orm'
 import type { NextRequest } from 'next/server'
 import { z } from 'zod'
-import OTPVerificationEmail from '@/components/emails/otp-verification-email'
+import { renderOTPEmail } from '@/components/emails/render-email'
 import { sendEmail } from '@/lib/email/mailer'
 import { createLogger } from '@/lib/logs/console-logger'
 import { getRedisClient, markMessageAsProcessed, releaseLock } from '@/lib/redis'
@@ -158,7 +157,6 @@ export async function POST(
         ? deployment.allowedEmails
         : []
 
-      // Check if the email is allowed
       const isEmailAllowed =
         allowedEmails.includes(email) ||
         allowedEmails.some((allowed: string) => {
@@ -176,24 +174,17 @@ export async function POST(
         )
       }
 
-      // Generate OTP
       const otp = generateOTP()
 
-      // Store OTP in Redis - AWAIT THIS BEFORE RETURNING RESPONSE
       await storeOTP(email, deployment.id, otp)
 
-      // Create the email
-      const emailContent = OTPVerificationEmail({
+      const emailHtml = await renderOTPEmail(
         otp,
         email,
-        type: 'chat-access',
-        chatTitle: deployment.title || 'Chat',
-      })
+        'email-verification',
+        deployment.title || 'Chat'
+      )
 
-      // await the render function
-      const emailHtml = await render(emailContent)
-
-      // MAKE SURE TO AWAIT THE EMAIL SENDING
       const emailResult = await sendEmail({
         to: email,
         subject: `Verification code for ${deployment.title || 'Chat'}`,

apps/sim/app/api/copilot/docs/route.ts

@@ -0,0 +1,281 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import {
+  type CopilotChat,
+  type CopilotMessage,
+  createChat,
+  generateChatTitle,
+  generateDocsResponse,
+  getChat,
+  updateChat,
+} from '@/lib/copilot/service'
+import { createLogger } from '@/lib/logs/console-logger'
+
+const logger = createLogger('CopilotDocsAPI')
+
+// Schema for docs queries
+const DocsQuerySchema = z.object({
+  query: z.string().min(1, 'Query is required'),
+  topK: z.number().min(1).max(20).default(5),
+  provider: z.string().optional(),
+  model: z.string().optional(),
+  stream: z.boolean().optional().default(false),
+  chatId: z.string().optional(),
+  workflowId: z.string().optional(),
+  createNewChat: z.boolean().optional().default(false),
+})
+
+/**
+ * POST /api/copilot/docs
+ * Ask questions about documentation using RAG
+ */
+export async function POST(req: NextRequest) {
+  const requestId = crypto.randomUUID()
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await req.json()
+    const { query, topK, provider, model, stream, chatId, workflowId, createNewChat } =
+      DocsQuerySchema.parse(body)
+
+    logger.info(`[${requestId}] Docs RAG query: "${query}"`, {
+      provider,
+      model,
+      topK,
+      chatId,
+      workflowId,
+      createNewChat,
+      userId: session.user.id,
+    })
+
+    // Handle chat context
+    let currentChat: CopilotChat | null = null
+    let conversationHistory: CopilotMessage[] = []
+
+    if (chatId) {
+      // Load existing chat
+      currentChat = await getChat(chatId, session.user.id)
+      if (currentChat) {
+        conversationHistory = currentChat.messages
+      }
+    } else if (createNewChat && workflowId) {
+      // Create new chat
+      currentChat = await createChat(session.user.id, workflowId)
+    }
+
+    // Generate docs response
+    const result = await generateDocsResponse(query, conversationHistory, {
+      topK,
+      provider,
+      model,
+      stream,
+      workflowId,
+      requestId,
+    })
+
+    if (stream && result.response instanceof ReadableStream) {
+      // Handle streaming response with docs sources
+      logger.info(`[${requestId}] Returning streaming docs response`)
+
+      const encoder = new TextEncoder()
+
+      return new Response(
+        new ReadableStream({
+          async start(controller) {
+            const reader = (result.response as ReadableStream).getReader()
+            let accumulatedResponse = ''
+
+            try {
+              // Send initial metadata including sources
+              const metadata = {
+                type: 'metadata',
+                chatId: currentChat?.id,
+                sources: result.sources,
+                citations: result.sources.map((source, index) => ({
+                  id: index + 1,
+                  title: source.title,
+                  url: source.url,
+                })),
+                metadata: {
+                  requestId,
+                  chunksFound: result.sources.length,
+                  query,
+                  topSimilarity: result.sources[0]?.similarity,
+                  provider,
+                  model,
+                },
+              }
+              controller.enqueue(encoder.encode(`data: ${JSON.stringify(metadata)}\n\n`))
+
+              while (true) {
+                const { done, value } = await reader.read()
+                if (done) break
+
+                const chunk = new TextDecoder().decode(value)
+                // Clean up any object serialization artifacts in streaming content
+                const cleanedChunk = chunk.replace(/\[object Object\],?/g, '')
+                accumulatedResponse += cleanedChunk
+
+                const contentChunk = {
+                  type: 'content',
+                  content: cleanedChunk,
+                }
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify(contentChunk)}\n\n`))
+              }
+
+              // Send completion marker first to unblock the user
+              controller.enqueue(encoder.encode(`data: {"type":"done"}\n\n`))
+
+              // Save conversation to database asynchronously (non-blocking)
+              if (currentChat) {
+                // Fire-and-forget database save to avoid blocking stream completion
+                Promise.resolve()
+                  .then(async () => {
+                    try {
+                      const userMessage: CopilotMessage = {
+                        id: crypto.randomUUID(),
+                        role: 'user',
+                        content: query,
+                        timestamp: new Date().toISOString(),
+                      }
+
+                      const assistantMessage: CopilotMessage = {
+                        id: crypto.randomUUID(),
+                        role: 'assistant',
+                        content: accumulatedResponse,
+                        timestamp: new Date().toISOString(),
+                        citations: result.sources.map((source, index) => ({
+                          id: index + 1,
+                          title: source.title,
+                          url: source.url,
+                        })),
+                      }
+
+                      const updatedMessages = [
+                        ...conversationHistory,
+                        userMessage,
+                        assistantMessage,
+                      ]
+
+                      // Generate title if this is the first message
+                      let updatedTitle = currentChat.title ?? undefined
+                      if (!updatedTitle && conversationHistory.length === 0) {
+                        updatedTitle = await generateChatTitle(query)
+                      }
+
+                      // Update the chat in database
+                      await updateChat(currentChat.id, session.user.id, {
+                        title: updatedTitle,
+                        messages: updatedMessages,
+                      })
+
+                      logger.info(
+                        `[${requestId}] Updated chat ${currentChat.id} with new docs messages`
+                      )
+                    } catch (dbError) {
+                      logger.error(`[${requestId}] Failed to save chat to database:`, dbError)
+                      // Database errors don't affect the user's streaming experience
+                    }
+                  })
+                  .catch((error) => {
+                    logger.error(`[${requestId}] Unexpected error in async database save:`, error)
+                  })
+              }
+            } catch (error) {
+              logger.error(`[${requestId}] Docs streaming error:`, error)
+              try {
+                const errorChunk = {
+                  type: 'error',
+                  error: 'Streaming failed',
+                }
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify(errorChunk)}\n\n`))
+              } catch (enqueueError) {
+                logger.error(`[${requestId}] Failed to enqueue error response:`, enqueueError)
+              }
+            } finally {
+              controller.close()
+            }
+          },
+        }),
+        {
+          headers: {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive',
+          },
+        }
+      )
+    }
+
+    // Handle non-streaming response
+    logger.info(`[${requestId}] Docs RAG response generated successfully`)
+
+    // Save conversation to database if we have a chat
+    if (currentChat) {
+      const userMessage: CopilotMessage = {
+        id: crypto.randomUUID(),
+        role: 'user',
+        content: query,
+        timestamp: new Date().toISOString(),
+      }
+
+      const assistantMessage: CopilotMessage = {
+        id: crypto.randomUUID(),
+        role: 'assistant',
+        content: typeof result.response === 'string' ? result.response : '[Streaming Response]',
+        timestamp: new Date().toISOString(),
+        citations: result.sources.map((source, index) => ({
+          id: index + 1,
+          title: source.title,
+          url: source.url,
+        })),
+      }
+
+      const updatedMessages = [...conversationHistory, userMessage, assistantMessage]
+
+      // Generate title if this is the first message
+      let updatedTitle = currentChat.title ?? undefined
+      if (!updatedTitle && conversationHistory.length === 0) {
+        updatedTitle = await generateChatTitle(query)
+      }
+
+      // Update the chat in database
+      await updateChat(currentChat.id, session.user.id, {
+        title: updatedTitle,
+        messages: updatedMessages,
+      })
+
+      logger.info(`[${requestId}] Updated chat ${currentChat.id} with new docs messages`)
+    }
+
+    return NextResponse.json({
+      success: true,
+      response: result.response,
+      sources: result.sources,
+      chatId: currentChat?.id,
+      metadata: {
+        requestId,
+        chunksFound: result.sources.length,
+        query,
+        topSimilarity: result.sources[0]?.similarity,
+        provider,
+        model,
+      },
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    logger.error(`[${requestId}] Copilot docs error:`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/copilot/route.ts

@@ -1,214 +1,425 @@
-import { NextResponse } from 'next/server'
-import { OpenAI } from 'openai'
-import type { ChatCompletionMessageParam } from 'openai/resources/chat/completions'
+import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import {
+  createChat,
+  deleteChat,
+  generateChatTitle,
+  getChat,
+  listChats,
+  sendMessage,
+  updateChat,
+} from '@/lib/copilot/service'
 import { createLogger } from '@/lib/logs/console-logger'
 
 const logger = createLogger('CopilotAPI')
 
-const MessageSchema = z.object({
-  role: z.enum(['user', 'assistant', 'system']),
-  content: z.string(),
+// Interface for StreamingExecution response
+interface StreamingExecution {
+  stream: ReadableStream
+  execution: Promise<any>
+}
+
+// Schema for sending messages
+const SendMessageSchema = z.object({
+  message: z.string().min(1, 'Message is required'),
+  chatId: z.string().optional(),
+  workflowId: z.string().optional(),
+  createNewChat: z.boolean().optional().default(false),
+  stream: z.boolean().optional().default(false),
 })
 
-const RequestSchema = z.object({
-  messages: z.array(MessageSchema),
-  workflowState: z.object({
-    blocks: z.record(z.any()),
-    edges: z.array(z.any()),
-  }),
+// Schema for docs queries
+const DocsQuerySchema = z.object({
+  query: z.string().min(1, 'Query is required'),
+  topK: z.number().min(1).max(20).default(5),
+  provider: z.string().optional(),
+  model: z.string().optional(),
+  stream: z.boolean().optional().default(false),
+  chatId: z.string().optional(),
+  workflowId: z.string().optional(),
+  createNewChat: z.boolean().optional().default(false),
 })
 
-const workflowActions = {
-  addBlock: {
-    description: 'Add one new block to the workflow',
-    parameters: {
-      type: 'object',
-      required: ['type'],
-      properties: {
-        type: {
-          type: 'string',
-          enum: ['agent', 'api', 'condition', 'function', 'router'],
-          description: 'The type of block to add',
-        },
-        name: {
-          type: 'string',
-          description:
-            'Optional custom name for the block. Do not provide a name unless the user has specified it.',
-        },
-        position: {
-          type: 'object',
-          description:
-            'Optional position for the block. Do not provide a position unless the user has specified it.',
-          properties: {
-            x: { type: 'number' },
-            y: { type: 'number' },
-          },
-        },
-      },
-    },
-  },
-  addEdge: {
-    description: 'Create a connection (edge) between two blocks',
-    parameters: {
-      type: 'object',
-      required: ['sourceId', 'targetId'],
-      properties: {
-        sourceId: {
-          type: 'string',
-          description: 'ID of the source block',
-        },
-        targetId: {
-          type: 'string',
-          description: 'ID of the target block',
-        },
-        sourceHandle: {
-          type: 'string',
-          description: 'Optional handle identifier for the source connection point',
-        },
-        targetHandle: {
-          type: 'string',
-          description: 'Optional handle identifier for the target connection point',
-        },
-      },
-    },
-  },
-  removeBlock: {
-    description: 'Remove a block from the workflow',
-    parameters: {
-      type: 'object',
-      required: ['id'],
-      properties: {
-        id: { type: 'string', description: 'ID of the block to remove' },
-      },
-    },
-  },
-  removeEdge: {
-    description: 'Remove a connection (edge) between blocks',
-    parameters: {
-      type: 'object',
-      required: ['id'],
-      properties: {
-        id: { type: 'string', description: 'ID of the edge to remove' },
-      },
-    },
-  },
-}
+// Schema for creating chats
+const CreateChatSchema = z.object({
+  workflowId: z.string().min(1, 'Workflow ID is required'),
+  title: z.string().optional(),
+  initialMessage: z.string().optional(),
+})
 
-// System prompt that references workflow state
-const getSystemPrompt = (workflowState: any) => {
-  const blockCount = Object.keys(workflowState.blocks).length
-  const edgeCount = workflowState.edges.length
+// Schema for updating chats
+const UpdateChatSchema = z.object({
+  chatId: z.string().min(1, 'Chat ID is required'),
+  messages: z
+    .array(
+      z.object({
+        id: z.string(),
+        role: z.enum(['user', 'assistant', 'system']),
+        content: z.string(),
+        timestamp: z.string(),
+        citations: z
+          .array(
+            z.object({
+              id: z.number(),
+              title: z.string(),
+              url: z.string(),
+              similarity: z.number().optional(),
+            })
+          )
+          .optional(),
+      })
+    )
+    .optional(),
+  title: z.string().optional(),
+})
 
-  // Create a summary of existing blocks
-  const blockSummary = Object.values(workflowState.blocks)
-    .map((block: any) => `- ${block.type} block named "${block.name}" with id ${block.id}`)
-    .join('\n')
+// Schema for listing chats
+const ListChatsSchema = z.object({
+  workflowId: z.string().min(1, 'Workflow ID is required'),
+  limit: z.number().min(1).max(100).optional().default(50),
+  offset: z.number().min(0).optional().default(0),
+})
 
-  // Create a summary of existing edges
-  const edgeSummary = workflowState.edges
-    .map((edge: any) => `- ${edge.source} -> ${edge.target} with id ${edge.id}`)
-    .join('\n')
-
-  return `You are a workflow assistant that helps users modify their workflow by adding/removing blocks and connections.
-
-Current Workflow State:
-${
-  blockCount === 0
-    ? 'The workflow is empty.'
-    : `${blockSummary}
-
-Connections:
-${edgeCount === 0 ? 'No connections between blocks.' : edgeSummary}`
-}
-
-When users request changes:
-- Consider existing blocks when suggesting connections
-- Provide clear feedback about what actions you've taken
-
-Use the following functions to modify the workflow:
-1. Use the addBlock function to create a new block
-2. Use the addEdge function to connect one block to another
-3. Use the removeBlock function to remove a block
-4. Use the removeEdge function to remove a connection
-
-Only use the provided functions and respond naturally to the user's requests.`
-}
-
-export async function POST(request: Request) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+/**
+ * POST /api/copilot
+ * Send a message to the copilot
+ */
+export async function POST(req: NextRequest) {
+  const requestId = crypto.randomUUID()
 
   try {
-    // Validate API key
-    const apiKey = request.headers.get('X-OpenAI-Key')
-    if (!apiKey) {
-      return NextResponse.json({ error: 'OpenAI API key is required' }, { status: 401 })
+    const body = await req.json()
+    const { message, chatId, workflowId, createNewChat, stream } = SendMessageSchema.parse(body)
+
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    // Parse and validate request body
-    const body = await request.json()
-    const validatedData = RequestSchema.parse(body)
-    const { messages, workflowState } = validatedData
-
-    // Initialize OpenAI client
-    const openai = new OpenAI({ apiKey })
-
-    // Create message history with workflow context
-    const messageHistory = [
-      { role: 'system', content: getSystemPrompt(workflowState) },
-      ...messages,
-    ]
-
-    // Make OpenAI API call with workflow context
-    const completion = await openai.chat.completions.create({
-      model: 'gpt-4o',
-      messages: messageHistory as ChatCompletionMessageParam[],
-      tools: Object.entries(workflowActions).map(([name, config]) => ({
-        type: 'function',
-        function: {
-          name,
-          description: config.description,
-          parameters: config.parameters,
-        },
-      })),
-      tool_choice: 'auto',
+    logger.info(`[${requestId}] Copilot message: "${message}"`, {
+      chatId,
+      workflowId,
+      createNewChat,
+      stream,
+      userId: session.user.id,
     })
 
-    const message = completion.choices[0].message
+    // Send message using the service
+    const result = await sendMessage({
+      message,
+      chatId,
+      workflowId,
+      createNewChat,
+      stream,
+      userId: session.user.id,
+    })
 
-    // Process tool calls if present
-    if (message.tool_calls) {
-      logger.debug(`[${requestId}] Tool calls:`, {
-        toolCalls: message.tool_calls,
-      })
-      const actions = message.tool_calls.map((call) => ({
-        name: call.function.name,
-        parameters: JSON.parse(call.function.arguments),
-      }))
+    // Handle streaming response (ReadableStream or StreamingExecution)
+    let streamToRead: ReadableStream | null = null
 
-      return NextResponse.json({
-        message: message.content || "I've updated the workflow based on your request.",
-        actions,
-      })
+    // Debug logging to see what we actually got
+    logger.info(`[${requestId}] Response type analysis:`, {
+      responseType: typeof result.response,
+      isReadableStream: result.response instanceof ReadableStream,
+      hasStreamProperty:
+        typeof result.response === 'object' && result.response && 'stream' in result.response,
+      hasExecutionProperty:
+        typeof result.response === 'object' && result.response && 'execution' in result.response,
+      responseKeys:
+        typeof result.response === 'object' && result.response ? Object.keys(result.response) : [],
+    })
+
+    if (result.response instanceof ReadableStream) {
+      logger.info(`[${requestId}] Direct ReadableStream detected`)
+      streamToRead = result.response
+    } else if (
+      typeof result.response === 'object' &&
+      result.response &&
+      'stream' in result.response &&
+      'execution' in result.response
+    ) {
+      // Handle StreamingExecution (from providers with tool calls)
+      logger.info(`[${requestId}] StreamingExecution detected`)
+      const streamingExecution = result.response as StreamingExecution
+      streamToRead = streamingExecution.stream
+
+      // No need to extract citations - LLM generates direct markdown links
     }
 
-    // Return response with no actions
+    if (streamToRead) {
+      logger.info(`[${requestId}] Returning streaming response`)
+
+      const encoder = new TextEncoder()
+
+      return new Response(
+        new ReadableStream({
+          async start(controller) {
+            const reader = streamToRead!.getReader()
+            let accumulatedResponse = ''
+
+            // Send initial metadata
+            const metadata = {
+              type: 'metadata',
+              chatId: result.chatId,
+              metadata: {
+                requestId,
+                message,
+              },
+            }
+            controller.enqueue(encoder.encode(`data: ${JSON.stringify(metadata)}\n\n`))
+
+            try {
+              while (true) {
+                const { done, value } = await reader.read()
+                if (done) break
+
+                const chunkText = new TextDecoder().decode(value)
+                accumulatedResponse += chunkText
+
+                const contentChunk = {
+                  type: 'content',
+                  content: chunkText,
+                }
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify(contentChunk)}\n\n`))
+              }
+
+              // Send completion signal
+              const completion = {
+                type: 'complete',
+                finalContent: accumulatedResponse,
+              }
+              controller.enqueue(encoder.encode(`data: ${JSON.stringify(completion)}\n\n`))
+              controller.close()
+            } catch (error) {
+              logger.error(`[${requestId}] Streaming error:`, error)
+              const errorChunk = {
+                type: 'error',
+                error: 'Streaming failed',
+              }
+              controller.enqueue(encoder.encode(`data: ${JSON.stringify(errorChunk)}\n\n`))
+              controller.close()
+            }
+          },
+        }),
+        {
+          headers: {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive',
+          },
+        }
+      )
+    }
+
+    // Handle non-streaming response
+    logger.info(`[${requestId}] Chat response generated successfully`)
+
     return NextResponse.json({
-      message:
-        message.content ||
-        "I'm not sure what changes to make to the workflow. Can you please provide more specific instructions?",
+      success: true,
+      response: result.response,
+      chatId: result.chatId,
+      metadata: {
+        requestId,
+        message,
+      },
     })
   } catch (error) {
-    logger.error(`[${requestId}] Copilot API error:`, { error })
-
-    // Handle specific error types
     if (error instanceof z.ZodError) {
       return NextResponse.json(
-        { error: 'Invalid request format', details: error.errors },
+        { error: 'Invalid request data', details: error.errors },
         { status: 400 }
       )
     }
 
-    return NextResponse.json({ error: 'Failed to process copilot message' }, { status: 500 })
+    logger.error(`[${requestId}] Copilot error:`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * GET /api/copilot
+ * List chats or get a specific chat
+ */
+export async function GET(req: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(req.url)
+    const chatId = searchParams.get('chatId')
+
+    // If chatId is provided, get specific chat
+    if (chatId) {
+      const chat = await getChat(chatId, session.user.id)
+      if (!chat) {
+        return NextResponse.json({ error: 'Chat not found' }, { status: 404 })
+      }
+
+      return NextResponse.json({
+        success: true,
+        chat,
+      })
+    }
+
+    // Otherwise, list chats
+    const workflowId = searchParams.get('workflowId')
+    const limit = Number.parseInt(searchParams.get('limit') || '50')
+    const offset = Number.parseInt(searchParams.get('offset') || '0')
+
+    if (!workflowId) {
+      return NextResponse.json(
+        { error: 'workflowId is required for listing chats' },
+        { status: 400 }
+      )
+    }
+
+    const chats = await listChats(session.user.id, workflowId, { limit, offset })
+
+    return NextResponse.json({
+      success: true,
+      chats,
+    })
+  } catch (error) {
+    logger.error('Failed to handle GET request:', error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * PUT /api/copilot
+ * Create a new chat
+ */
+export async function PUT(req: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await req.json()
+    const { workflowId, title, initialMessage } = CreateChatSchema.parse(body)
+
+    logger.info(`Creating new chat for user ${session.user.id}, workflow ${workflowId}`)
+
+    const chat = await createChat(session.user.id, workflowId, {
+      title,
+      initialMessage,
+    })
+
+    logger.info(`Created chat ${chat.id} for user ${session.user.id}`)
+
+    return NextResponse.json({
+      success: true,
+      chat,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    logger.error('Failed to create chat:', error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * PATCH /api/copilot
+ * Update a chat with new messages
+ */
+export async function PATCH(req: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await req.json()
+    const { chatId, messages, title } = UpdateChatSchema.parse(body)
+
+    logger.info(`Updating chat ${chatId} for user ${session.user.id}`)
+
+    // Get the current chat to check if it has a title
+    const existingChat = await getChat(chatId, session.user.id)
+
+    let titleToUse = title
+
+    // Generate title if chat doesn't have one and we have messages
+    if (!titleToUse && existingChat && !existingChat.title && messages && messages.length > 0) {
+      const firstUserMessage = messages.find((msg) => msg.role === 'user')
+      if (firstUserMessage) {
+        logger.info('Generating LLM-based title for chat without title')
+        try {
+          titleToUse = await generateChatTitle(firstUserMessage.content)
+          logger.info(`Generated title: ${titleToUse}`)
+        } catch (error) {
+          logger.error('Failed to generate chat title:', error)
+          titleToUse = 'New Chat'
+        }
+      }
+    }
+
+    const chat = await updateChat(chatId, session.user.id, {
+      messages,
+      title: titleToUse,
+    })
+
+    if (!chat) {
+      return NextResponse.json({ error: 'Chat not found or access denied' }, { status: 404 })
+    }
+
+    return NextResponse.json({
+      success: true,
+      chat,
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid request data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    logger.error('Failed to update chat:', error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE /api/copilot
+ * Delete a chat
+ */
+export async function DELETE(req: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(req.url)
+    const chatId = searchParams.get('chatId')
+
+    if (!chatId) {
+      return NextResponse.json({ error: 'chatId is required' }, { status: 400 })
+    }
+
+    const success = await deleteChat(chatId, session.user.id)
+
+    if (!success) {
+      return NextResponse.json({ error: 'Chat not found or access denied' }, { status: 404 })
+    }
+
+    return NextResponse.json({
+      success: true,
+      message: 'Chat deleted successfully',
+    })
+  } catch (error) {
+    logger.error('Failed to delete chat:', error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }

apps/sim/app/api/docs/search/route.ts

@@ -0,0 +1,76 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { searchDocumentation } from '@/lib/copilot/service'
+import { createLogger } from '@/lib/logs/console-logger'
+
+const logger = createLogger('DocsSearchAPI')
+
+// Request and response type definitions
+interface DocsSearchRequest {
+  query: string
+  topK?: number
+}
+
+interface DocsSearchResult {
+  id: number
+  title: string
+  url: string
+  content: string
+  similarity: number
+}
+
+interface DocsSearchSuccessResponse {
+  success: true
+  results: DocsSearchResult[]
+  query: string
+  totalResults: number
+  searchTime?: number
+}
+
+interface DocsSearchErrorResponse {
+  success: false
+  error: string
+}
+
+export async function POST(
+  request: NextRequest
+): Promise<NextResponse<DocsSearchSuccessResponse | DocsSearchErrorResponse>> {
+  try {
+    const requestBody: DocsSearchRequest = await request.json()
+    const { query, topK = 5 } = requestBody
+
+    if (!query) {
+      const errorResponse: DocsSearchErrorResponse = {
+        success: false,
+        error: 'Query is required',
+      }
+      return NextResponse.json(errorResponse, { status: 400 })
+    }
+
+    logger.info('Executing documentation search', { query, topK })
+
+    const startTime = Date.now()
+    const results = await searchDocumentation(query, { topK })
+    const searchTime = Date.now() - startTime
+
+    logger.info(`Found ${results.length} documentation results`, { query })
+
+    const successResponse: DocsSearchSuccessResponse = {
+      success: true,
+      results,
+      query,
+      totalResults: results.length,
+      searchTime,
+    }
+
+    return NextResponse.json(successResponse)
+  } catch (error) {
+    logger.error('Documentation search API failed', error)
+
+    const errorResponse: DocsSearchErrorResponse = {
+      success: false,
+      error: `Documentation search failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+    }
+
+    return NextResponse.json(errorResponse, { status: 500 })
+  }
+}

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.test.ts

@@ -0,0 +1,413 @@
+/**
+ * Tests for knowledge document chunks API route
+ *
+ * @vitest-environment node
+ */
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import {
+  createMockRequest,
+  mockAuth,
+  mockConsoleLogger,
+  mockDrizzleOrm,
+  mockKnowledgeSchemas,
+} from '@/app/api/__test-utils__/utils'
+import type { DocumentAccessCheck } from '../../../../utils'
+
+mockKnowledgeSchemas()
+mockDrizzleOrm()
+mockConsoleLogger()
+
+vi.mock('@/lib/tokenization/estimators', () => ({
+  estimateTokenCount: vi.fn().mockReturnValue({ count: 452 }),
+}))
+
+vi.mock('@/providers/utils', () => ({
+  calculateCost: vi.fn().mockReturnValue({
+    input: 0.00000904,
+    output: 0,
+    total: 0.00000904,
+    pricing: {
+      input: 0.02,
+      output: 0,
+      updatedAt: '2025-07-10',
+    },
+  }),
+}))
+
+vi.mock('../../../../utils', () => ({
+  checkDocumentAccess: vi.fn(),
+  generateEmbeddings: vi.fn().mockResolvedValue([[0.1, 0.2, 0.3, 0.4, 0.5]]),
+}))
+
+describe('Knowledge Document Chunks API Route', () => {
+  const mockAuth$ = mockAuth()
+
+  const mockDbChain = {
+    select: vi.fn().mockReturnThis(),
+    from: vi.fn().mockReturnThis(),
+    where: vi.fn().mockReturnThis(),
+    orderBy: vi.fn().mockReturnThis(),
+    limit: vi.fn().mockReturnThis(),
+    offset: vi.fn().mockReturnThis(),
+    insert: vi.fn().mockReturnThis(),
+    values: vi.fn().mockResolvedValue(undefined),
+    update: vi.fn().mockReturnThis(),
+    set: vi.fn().mockReturnThis(),
+    returning: vi.fn().mockResolvedValue([]),
+    delete: vi.fn().mockReturnThis(),
+    transaction: vi.fn(),
+  }
+
+  const mockGetUserId = vi.fn()
+
+  beforeEach(async () => {
+    vi.clearAllMocks()
+
+    vi.doMock('@/db', () => ({
+      db: mockDbChain,
+    }))
+
+    vi.doMock('@/app/api/auth/oauth/utils', () => ({
+      getUserId: mockGetUserId,
+    }))
+
+    Object.values(mockDbChain).forEach((fn) => {
+      if (typeof fn === 'function' && fn !== mockDbChain.values && fn !== mockDbChain.returning) {
+        fn.mockClear().mockReturnThis()
+      }
+    })
+
+    vi.stubGlobal('crypto', {
+      randomUUID: vi.fn().mockReturnValue('mock-chunk-uuid-1234'),
+      createHash: vi.fn().mockReturnValue({
+        update: vi.fn().mockReturnThis(),
+        digest: vi.fn().mockReturnValue('mock-hash-123'),
+      }),
+    })
+  })
+
+  afterEach(() => {
+    vi.clearAllMocks()
+  })
+
+  describe('POST /api/knowledge/[id]/documents/[documentId]/chunks', () => {
+    const validChunkData = {
+      content: 'This is test chunk content for uploading to the knowledge base document.',
+      enabled: true,
+    }
+
+    const mockDocumentAccess = {
+      hasAccess: true,
+      notFound: false,
+      reason: '',
+      document: {
+        id: 'doc-123',
+        processingStatus: 'completed',
+        tag1: 'tag1-value',
+        tag2: 'tag2-value',
+        tag3: null,
+        tag4: null,
+        tag5: null,
+        tag6: null,
+        tag7: null,
+      },
+    }
+
+    const mockParams = Promise.resolve({ id: 'kb-123', documentId: 'doc-123' })
+
+    it('should create chunk successfully with cost tracking', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+      const { estimateTokenCount } = await import('@/lib/tokenization/estimators')
+      const { calculateCost } = await import('@/providers/utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue(mockDocumentAccess as DocumentAccessCheck)
+
+      // Mock transaction
+      const mockTx = {
+        select: vi.fn().mockReturnThis(),
+        from: vi.fn().mockReturnThis(),
+        where: vi.fn().mockReturnThis(),
+        orderBy: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockResolvedValue([{ chunkIndex: 0 }]),
+        insert: vi.fn().mockReturnThis(),
+        values: vi.fn().mockResolvedValue(undefined),
+        update: vi.fn().mockReturnThis(),
+        set: vi.fn().mockReturnThis(),
+      }
+
+      mockDbChain.transaction.mockImplementation(async (callback) => {
+        return await callback(mockTx)
+      })
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(200)
+      expect(data.success).toBe(true)
+
+      // Verify cost tracking
+      expect(data.data.cost).toBeDefined()
+      expect(data.data.cost.input).toBe(0.00000904)
+      expect(data.data.cost.output).toBe(0)
+      expect(data.data.cost.total).toBe(0.00000904)
+      expect(data.data.cost.tokens).toEqual({
+        prompt: 452,
+        completion: 0,
+        total: 452,
+      })
+      expect(data.data.cost.model).toBe('text-embedding-3-small')
+      expect(data.data.cost.pricing).toEqual({
+        input: 0.02,
+        output: 0,
+        updatedAt: '2025-07-10',
+      })
+
+      // Verify function calls
+      expect(estimateTokenCount).toHaveBeenCalledWith(validChunkData.content, 'openai')
+      expect(calculateCost).toHaveBeenCalledWith('text-embedding-3-small', 452, 0, false)
+    })
+
+    it('should handle workflow-based authentication', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      const workflowData = {
+        ...validChunkData,
+        workflowId: 'workflow-123',
+      }
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue(mockDocumentAccess as DocumentAccessCheck)
+
+      const mockTx = {
+        select: vi.fn().mockReturnThis(),
+        from: vi.fn().mockReturnThis(),
+        where: vi.fn().mockReturnThis(),
+        orderBy: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockResolvedValue([]),
+        insert: vi.fn().mockReturnThis(),
+        values: vi.fn().mockResolvedValue(undefined),
+        update: vi.fn().mockReturnThis(),
+        set: vi.fn().mockReturnThis(),
+      }
+
+      mockDbChain.transaction.mockImplementation(async (callback) => {
+        return await callback(mockTx)
+      })
+
+      const req = createMockRequest('POST', workflowData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(200)
+      expect(data.success).toBe(true)
+      expect(mockGetUserId).toHaveBeenCalledWith(expect.any(String), 'workflow-123')
+    })
+
+    it.concurrent('should return unauthorized for unauthenticated request', async () => {
+      mockGetUserId.mockResolvedValue(null)
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(401)
+      expect(data.error).toBe('Unauthorized')
+    })
+
+    it('should return not found for workflow that does not exist', async () => {
+      const workflowData = {
+        ...validChunkData,
+        workflowId: 'nonexistent-workflow',
+      }
+
+      mockGetUserId.mockResolvedValue(null)
+
+      const req = createMockRequest('POST', workflowData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(404)
+      expect(data.error).toBe('Workflow not found')
+    })
+
+    it.concurrent('should return not found for document access denied', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue({
+        hasAccess: false,
+        notFound: true,
+        reason: 'Document not found',
+      })
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(404)
+      expect(data.error).toBe('Document not found')
+    })
+
+    it('should return unauthorized for unauthorized document access', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue({
+        hasAccess: false,
+        notFound: false,
+        reason: 'Unauthorized access',
+      })
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(401)
+      expect(data.error).toBe('Unauthorized')
+    })
+
+    it('should reject chunks for failed documents', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue({
+        ...mockDocumentAccess,
+        document: {
+          ...mockDocumentAccess.document!,
+          processingStatus: 'failed',
+        },
+      } as DocumentAccessCheck)
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(400)
+      expect(data.error).toBe('Cannot add chunks to failed document')
+    })
+
+    it.concurrent('should validate chunk data', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue(mockDocumentAccess as DocumentAccessCheck)
+
+      const invalidData = {
+        content: '', // Empty content
+        enabled: true,
+      }
+
+      const req = createMockRequest('POST', invalidData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(400)
+      expect(data.error).toBe('Invalid request data')
+      expect(data.details).toBeDefined()
+    })
+
+    it('should inherit tags from parent document', async () => {
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue(mockDocumentAccess as DocumentAccessCheck)
+
+      const mockTx = {
+        select: vi.fn().mockReturnThis(),
+        from: vi.fn().mockReturnThis(),
+        where: vi.fn().mockReturnThis(),
+        orderBy: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockResolvedValue([]),
+        insert: vi.fn().mockReturnThis(),
+        values: vi.fn().mockImplementation((data) => {
+          // Verify that tags are inherited from document
+          expect(data.tag1).toBe('tag1-value')
+          expect(data.tag2).toBe('tag2-value')
+          expect(data.tag3).toBe(null)
+          return Promise.resolve(undefined)
+        }),
+        update: vi.fn().mockReturnThis(),
+        set: vi.fn().mockReturnThis(),
+      }
+
+      mockDbChain.transaction.mockImplementation(async (callback) => {
+        return await callback(mockTx)
+      })
+
+      const req = createMockRequest('POST', validChunkData)
+      const { POST } = await import('./route')
+      await POST(req, { params: mockParams })
+
+      expect(mockTx.values).toHaveBeenCalled()
+    })
+
+    it.concurrent('should handle cost calculation with different content lengths', async () => {
+      const { estimateTokenCount } = await import('@/lib/tokenization/estimators')
+      const { calculateCost } = await import('@/providers/utils')
+      const { checkDocumentAccess } = await import('../../../../utils')
+
+      // Mock larger content with more tokens
+      vi.mocked(estimateTokenCount).mockReturnValue({
+        count: 1000,
+        confidence: 'high',
+        provider: 'openai',
+        method: 'precise',
+      })
+      vi.mocked(calculateCost).mockReturnValue({
+        input: 0.00002,
+        output: 0,
+        total: 0.00002,
+        pricing: {
+          input: 0.02,
+          output: 0,
+          updatedAt: '2025-07-10',
+        },
+      })
+
+      const largeChunkData = {
+        content:
+          'This is a much larger chunk of content that would result in significantly more tokens when processed through the OpenAI tokenization system for embedding generation. This content is designed to test the cost calculation accuracy with larger input sizes.',
+        enabled: true,
+      }
+
+      mockGetUserId.mockResolvedValue('user-123')
+      vi.mocked(checkDocumentAccess).mockResolvedValue(mockDocumentAccess as DocumentAccessCheck)
+
+      const mockTx = {
+        select: vi.fn().mockReturnThis(),
+        from: vi.fn().mockReturnThis(),
+        where: vi.fn().mockReturnThis(),
+        orderBy: vi.fn().mockReturnThis(),
+        limit: vi.fn().mockResolvedValue([]),
+        insert: vi.fn().mockReturnThis(),
+        values: vi.fn().mockResolvedValue(undefined),
+        update: vi.fn().mockReturnThis(),
+        set: vi.fn().mockReturnThis(),
+      }
+
+      mockDbChain.transaction.mockImplementation(async (callback) => {
+        return await callback(mockTx)
+      })
+
+      const req = createMockRequest('POST', largeChunkData)
+      const { POST } = await import('./route')
+      const response = await POST(req, { params: mockParams })
+      const data = await response.json()
+
+      expect(response.status).toBe(200)
+      expect(data.data.cost.input).toBe(0.00002)
+      expect(data.data.cost.tokens.prompt).toBe(1000)
+      expect(calculateCost).toHaveBeenCalledWith('text-embedding-3-small', 1000, 0, false)
+    })
+  })
+})

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts

@@ -4,9 +4,11 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
+import { estimateTokenCount } from '@/lib/tokenization/estimators'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { document, embedding } from '@/db/schema'
+import { calculateCost } from '@/providers/utils'
 import { checkDocumentAccess, generateEmbeddings } from '../../../../utils'
 
 const logger = createLogger('DocumentChunksAPI')
@@ -118,7 +120,13 @@ export async function GET(
         enabled: embedding.enabled,
         startOffset: embedding.startOffset,
         endOffset: embedding.endOffset,
-        metadata: embedding.metadata,
+        tag1: embedding.tag1,
+        tag2: embedding.tag2,
+        tag3: embedding.tag3,
+        tag4: embedding.tag4,
+        tag5: embedding.tag5,
+        tag6: embedding.tag6,
+        tag7: embedding.tag7,
         createdAt: embedding.createdAt,
         updatedAt: embedding.updatedAt,
       })
@@ -211,6 +219,9 @@ export async function POST(
       logger.info(`[${requestId}] Generating embedding for manual chunk`)
       const embeddings = await generateEmbeddings([validatedData.content])
 
+      // Calculate accurate token count for both database storage and cost calculation
+      const tokenCount = estimateTokenCount(validatedData.content, 'openai')
+
       const chunkId = crypto.randomUUID()
       const now = new Date()
 
@@ -234,12 +245,19 @@ export async function POST(
           chunkHash: crypto.createHash('sha256').update(validatedData.content).digest('hex'),
           content: validatedData.content,
           contentLength: validatedData.content.length,
-          tokenCount: Math.ceil(validatedData.content.length / 4), // Rough approximation
+          tokenCount: tokenCount.count, // Use accurate token count
           embedding: embeddings[0],
           embeddingModel: 'text-embedding-3-small',
           startOffset: 0, // Manual chunks don't have document offsets
           endOffset: validatedData.content.length,
-          metadata: { manual: true }, // Mark as manually created
+          // Inherit tags from parent document
+          tag1: doc.tag1,
+          tag2: doc.tag2,
+          tag3: doc.tag3,
+          tag4: doc.tag4,
+          tag5: doc.tag5,
+          tag6: doc.tag6,
+          tag7: doc.tag7,
           enabled: validatedData.enabled,
           createdAt: now,
           updatedAt: now,
@@ -263,9 +281,38 @@ export async function POST(
 
       logger.info(`[${requestId}] Manual chunk created: ${chunkId} in document ${documentId}`)
 
+      // Calculate cost for the embedding (with fallback if calculation fails)
+      let cost = null
+      try {
+        cost = calculateCost('text-embedding-3-small', tokenCount.count, 0, false)
+      } catch (error) {
+        logger.warn(`[${requestId}] Failed to calculate cost for chunk upload`, {
+          error: error instanceof Error ? error.message : 'Unknown error',
+        })
+        // Continue without cost information rather than failing the upload
+      }
+
       return NextResponse.json({
         success: true,
-        data: newChunk,
+        data: {
+          ...newChunk,
+          ...(cost
+            ? {
+                cost: {
+                  input: cost.input,
+                  output: cost.output,
+                  total: cost.total,
+                  tokens: {
+                    prompt: tokenCount.count,
+                    completion: 0,
+                    total: tokenCount.count,
+                  },
+                  model: 'text-embedding-3-small',
+                  pricing: cost.pricing,
+                },
+              }
+            : {}),
+        },
       })
     } catch (validationError) {
       if (validationError instanceof z.ZodError) {

apps/sim/app/api/knowledge/[id]/documents/route.ts

@@ -153,6 +153,14 @@ const CreateDocumentSchema = z.object({
   fileUrl: z.string().url('File URL must be valid'),
   fileSize: z.number().min(1, 'File size must be greater than 0'),
   mimeType: z.string().min(1, 'MIME type is required'),
+  // Document tags for filtering
+  tag1: z.string().optional(),
+  tag2: z.string().optional(),
+  tag3: z.string().optional(),
+  tag4: z.string().optional(),
+  tag5: z.string().optional(),
+  tag6: z.string().optional(),
+  tag7: z.string().optional(),
 })
 
 const BulkCreateDocumentsSchema = z.object({
@@ -229,6 +237,14 @@ export async function GET(req: NextRequest, { params }: { params: Promise<{ id:
         processingError: document.processingError,
         enabled: document.enabled,
         uploadedAt: document.uploadedAt,
+        // Include tags in response
+        tag1: document.tag1,
+        tag2: document.tag2,
+        tag3: document.tag3,
+        tag4: document.tag4,
+        tag5: document.tag5,
+        tag6: document.tag6,
+        tag7: document.tag7,
       })
       .from(document)
       .where(and(...whereConditions))
@@ -298,6 +314,14 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
               processingStatus: 'pending' as const,
               enabled: true,
               uploadedAt: now,
+              // Include tags from upload
+              tag1: docData.tag1 || null,
+              tag2: docData.tag2 || null,
+              tag3: docData.tag3 || null,
+              tag4: docData.tag4 || null,
+              tag5: docData.tag5 || null,
+              tag6: docData.tag6 || null,
+              tag7: docData.tag7 || null,
             }
 
             await tx.insert(document).values(newDocument)
@@ -372,6 +396,14 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
           characterCount: 0,
           enabled: true,
           uploadedAt: now,
+          // Include tags from upload
+          tag1: validatedData.tag1 || null,
+          tag2: validatedData.tag2 || null,
+          tag3: validatedData.tag3 || null,
+          tag4: validatedData.tag4 || null,
+          tag5: validatedData.tag5 || null,
+          tag6: validatedData.tag6 || null,
+          tag7: validatedData.tag7 || null,
         }
 
         await db.insert(document).values(newDocument)

apps/sim/app/api/knowledge/route.ts

@@ -8,7 +8,6 @@ import { document, knowledgeBase } from '@/db/schema'
 
 const logger = createLogger('KnowledgeBaseAPI')
 
-// Schema for knowledge base creation
 const CreateKnowledgeBaseSchema = z.object({
   name: z.string().min(1, 'Name is required'),
   description: z.string().optional(),

apps/sim/app/api/knowledge/search/route.test.ts

@@ -34,6 +34,23 @@ vi.mock('@/lib/documents/utils', () => ({
   retryWithExponentialBackoff: vi.fn().mockImplementation((fn) => fn()),
 }))
 
+vi.mock('@/lib/tokenization/estimators', () => ({
+  estimateTokenCount: vi.fn().mockReturnValue({ count: 521 }),
+}))
+
+vi.mock('@/providers/utils', () => ({
+  calculateCost: vi.fn().mockReturnValue({
+    input: 0.00001042,
+    output: 0,
+    total: 0.00001042,
+    pricing: {
+      input: 0.02,
+      output: 0,
+      updatedAt: '2025-07-10',
+    },
+  }),
+}))
+
 mockConsoleLogger()
 
 describe('Knowledge Search API Route', () => {
@@ -206,7 +223,7 @@ describe('Knowledge Search API Route', () => {
       expect(mockGetUserId).toHaveBeenCalledWith(expect.any(String), 'workflow-123')
     })
 
-    it('should return unauthorized for unauthenticated request', async () => {
+    it.concurrent('should return unauthorized for unauthenticated request', async () => {
       mockGetUserId.mockResolvedValue(null)
 
       const req = createMockRequest('POST', validSearchData)
@@ -218,7 +235,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.error).toBe('Unauthorized')
     })
 
-    it('should return not found for workflow that does not exist', async () => {
+    it.concurrent('should return not found for workflow that does not exist', async () => {
       const workflowData = {
         ...validSearchData,
         workflowId: 'nonexistent-workflow',
@@ -268,7 +285,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.error).toBe('Knowledge bases not found: kb-missing')
     })
 
-    it('should validate search parameters', async () => {
+    it.concurrent('should validate search parameters', async () => {
       const invalidData = {
         knowledgeBaseIds: '', // Empty string
         query: '', // Empty query
@@ -314,7 +331,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.data.topK).toBe(10) // Default value
     })
 
-    it('should handle OpenAI API errors', async () => {
+    it.concurrent('should handle OpenAI API errors', async () => {
       mockGetUserId.mockResolvedValue('user-123')
       mockDbChain.limit.mockResolvedValueOnce(mockKnowledgeBases)
 
@@ -334,7 +351,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.error).toBe('Failed to perform vector search')
     })
 
-    it('should handle missing OpenAI API key', async () => {
+    it.concurrent('should handle missing OpenAI API key', async () => {
       vi.doMock('@/lib/env', () => ({
         env: {
           OPENAI_API_KEY: undefined,
@@ -353,7 +370,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.error).toBe('Failed to perform vector search')
     })
 
-    it('should handle database errors during search', async () => {
+    it.concurrent('should handle database errors during search', async () => {
       mockGetUserId.mockResolvedValue('user-123')
       mockDbChain.limit.mockResolvedValueOnce(mockKnowledgeBases)
       mockDbChain.limit.mockRejectedValueOnce(new Error('Database error'))
@@ -375,7 +392,7 @@ describe('Knowledge Search API Route', () => {
       expect(data.error).toBe('Failed to perform vector search')
     })
 
-    it('should handle invalid OpenAI response format', async () => {
+    it.concurrent('should handle invalid OpenAI response format', async () => {
       mockGetUserId.mockResolvedValue('user-123')
       mockDbChain.limit.mockResolvedValueOnce(mockKnowledgeBases)
 
@@ -395,5 +412,124 @@ describe('Knowledge Search API Route', () => {
       expect(response.status).toBe(500)
       expect(data.error).toBe('Failed to perform vector search')
     })
+
+    describe('Cost tracking', () => {
+      it.concurrent('should include cost information in successful search response', async () => {
+        mockGetUserId.mockResolvedValue('user-123')
+        mockDbChain.where.mockResolvedValueOnce(mockKnowledgeBases)
+        mockDbChain.limit.mockResolvedValueOnce(mockSearchResults)
+
+        mockFetch.mockResolvedValue({
+          ok: true,
+          json: () =>
+            Promise.resolve({
+              data: [{ embedding: mockEmbedding }],
+            }),
+        })
+
+        const req = createMockRequest('POST', validSearchData)
+        const { POST } = await import('./route')
+        const response = await POST(req)
+        const data = await response.json()
+
+        expect(response.status).toBe(200)
+        expect(data.success).toBe(true)
+
+        // Verify cost information is included
+        expect(data.data.cost).toBeDefined()
+        expect(data.data.cost.input).toBe(0.00001042)
+        expect(data.data.cost.output).toBe(0)
+        expect(data.data.cost.total).toBe(0.00001042)
+        expect(data.data.cost.tokens).toEqual({
+          prompt: 521,
+          completion: 0,
+          total: 521,
+        })
+        expect(data.data.cost.model).toBe('text-embedding-3-small')
+        expect(data.data.cost.pricing).toEqual({
+          input: 0.02,
+          output: 0,
+          updatedAt: '2025-07-10',
+        })
+      })
+
+      it('should call cost calculation functions with correct parameters', async () => {
+        const { estimateTokenCount } = await import('@/lib/tokenization/estimators')
+        const { calculateCost } = await import('@/providers/utils')
+
+        mockGetUserId.mockResolvedValue('user-123')
+        mockDbChain.where.mockResolvedValueOnce(mockKnowledgeBases)
+        mockDbChain.limit.mockResolvedValueOnce(mockSearchResults)
+
+        mockFetch.mockResolvedValue({
+          ok: true,
+          json: () =>
+            Promise.resolve({
+              data: [{ embedding: mockEmbedding }],
+            }),
+        })
+
+        const req = createMockRequest('POST', validSearchData)
+        const { POST } = await import('./route')
+        await POST(req)
+
+        // Verify token estimation was called with correct parameters
+        expect(estimateTokenCount).toHaveBeenCalledWith('test search query', 'openai')
+
+        // Verify cost calculation was called with correct parameters
+        expect(calculateCost).toHaveBeenCalledWith('text-embedding-3-small', 521, 0, false)
+      })
+
+      it('should handle cost calculation with different query lengths', async () => {
+        const { estimateTokenCount } = await import('@/lib/tokenization/estimators')
+        const { calculateCost } = await import('@/providers/utils')
+
+        // Mock different token count for longer query
+        vi.mocked(estimateTokenCount).mockReturnValue({
+          count: 1042,
+          confidence: 'high',
+          provider: 'openai',
+          method: 'precise',
+        })
+        vi.mocked(calculateCost).mockReturnValue({
+          input: 0.00002084,
+          output: 0,
+          total: 0.00002084,
+          pricing: {
+            input: 0.02,
+            output: 0,
+            updatedAt: '2025-07-10',
+          },
+        })
+
+        const longQueryData = {
+          ...validSearchData,
+          query:
+            'This is a much longer search query with many more tokens to test cost calculation accuracy',
+        }
+
+        mockGetUserId.mockResolvedValue('user-123')
+        mockDbChain.where.mockResolvedValueOnce(mockKnowledgeBases)
+        mockDbChain.limit.mockResolvedValueOnce(mockSearchResults)
+
+        mockFetch.mockResolvedValue({
+          ok: true,
+          json: () =>
+            Promise.resolve({
+              data: [{ embedding: mockEmbedding }],
+            }),
+        })
+
+        const req = createMockRequest('POST', longQueryData)
+        const { POST } = await import('./route')
+        const response = await POST(req)
+        const data = await response.json()
+
+        expect(response.status).toBe(200)
+        expect(data.data.cost.input).toBe(0.00002084)
+        expect(data.data.cost.tokens.prompt).toBe(1042)
+        expect(calculateCost).toHaveBeenCalledWith('text-embedding-3-small', 1042, 0, false)
+      })
+    })
   })
 })

apps/sim/app/api/knowledge/search/route.ts

@@ -4,12 +4,37 @@ import { z } from 'zod'
 import { retryWithExponentialBackoff } from '@/lib/documents/utils'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console-logger'
+import { estimateTokenCount } from '@/lib/tokenization/estimators'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { embedding, knowledgeBase } from '@/db/schema'
+import { calculateCost } from '@/providers/utils'
 
 const logger = createLogger('VectorSearchAPI')
 
+function getTagFilters(filters: Record<string, string>, embedding: any) {
+  return Object.entries(filters).map(([key, value]) => {
+    switch (key) {
+      case 'tag1':
+        return sql`LOWER(${embedding.tag1}) = LOWER(${value})`
+      case 'tag2':
+        return sql`LOWER(${embedding.tag2}) = LOWER(${value})`
+      case 'tag3':
+        return sql`LOWER(${embedding.tag3}) = LOWER(${value})`
+      case 'tag4':
+        return sql`LOWER(${embedding.tag4}) = LOWER(${value})`
+      case 'tag5':
+        return sql`LOWER(${embedding.tag5}) = LOWER(${value})`
+      case 'tag6':
+        return sql`LOWER(${embedding.tag6}) = LOWER(${value})`
+      case 'tag7':
+        return sql`LOWER(${embedding.tag7}) = LOWER(${value})`
+      default:
+        return sql`1=1` // No-op for unknown keys
+    }
+  })
+}
+
 class APIError extends Error {
   public status: number
 
@@ -27,6 +52,17 @@ const VectorSearchSchema = z.object({
   ]),
   query: z.string().min(1, 'Search query is required'),
   topK: z.number().min(1).max(100).default(10),
+  filters: z
+    .object({
+      tag1: z.string().optional(),
+      tag2: z.string().optional(),
+      tag3: z.string().optional(),
+      tag4: z.string().optional(),
+      tag5: z.string().optional(),
+      tag6: z.string().optional(),
+      tag7: z.string().optional(),
+    })
+    .optional(),
 })
 
 async function generateSearchEmbedding(query: string): Promise<number[]> {
@@ -102,7 +138,8 @@ async function executeParallelQueries(
   knowledgeBaseIds: string[],
   queryVector: string,
   topK: number,
-  distanceThreshold: number
+  distanceThreshold: number,
+  filters?: Record<string, string>
 ) {
   const parallelLimit = Math.ceil(topK / knowledgeBaseIds.length) + 5
 
@@ -113,7 +150,13 @@ async function executeParallelQueries(
         content: embedding.content,
         documentId: embedding.documentId,
         chunkIndex: embedding.chunkIndex,
-        metadata: embedding.metadata,
+        tag1: embedding.tag1,
+        tag2: embedding.tag2,
+        tag3: embedding.tag3,
+        tag4: embedding.tag4,
+        tag5: embedding.tag5,
+        tag6: embedding.tag6,
+        tag7: embedding.tag7,
         distance: sql<number>`${embedding.embedding} <=> ${queryVector}::vector`.as('distance'),
         knowledgeBaseId: embedding.knowledgeBaseId,
       })
@@ -122,7 +165,8 @@ async function executeParallelQueries(
         and(
           eq(embedding.knowledgeBaseId, kbId),
           eq(embedding.enabled, true),
-          sql`${embedding.embedding} <=> ${queryVector}::vector < ${distanceThreshold}`
+          sql`${embedding.embedding} <=> ${queryVector}::vector < ${distanceThreshold}`,
+          ...(filters ? getTagFilters(filters, embedding) : [])
         )
       )
       .orderBy(sql`${embedding.embedding} <=> ${queryVector}::vector`)
@@ -139,7 +183,8 @@ async function executeSingleQuery(
   knowledgeBaseIds: string[],
   queryVector: string,
   topK: number,
-  distanceThreshold: number
+  distanceThreshold: number,
+  filters?: Record<string, string>
 ) {
   return await db
     .select({
@@ -147,7 +192,13 @@ async function executeSingleQuery(
       content: embedding.content,
       documentId: embedding.documentId,
       chunkIndex: embedding.chunkIndex,
-      metadata: embedding.metadata,
+      tag1: embedding.tag1,
+      tag2: embedding.tag2,
+      tag3: embedding.tag3,
+      tag4: embedding.tag4,
+      tag5: embedding.tag5,
+      tag6: embedding.tag6,
+      tag7: embedding.tag7,
       distance: sql<number>`${embedding.embedding} <=> ${queryVector}::vector`.as('distance'),
     })
     .from(embedding)
@@ -155,7 +206,29 @@ async function executeSingleQuery(
       and(
         inArray(embedding.knowledgeBaseId, knowledgeBaseIds),
         eq(embedding.enabled, true),
-        sql`${embedding.embedding} <=> ${queryVector}::vector < ${distanceThreshold}`
+        sql`${embedding.embedding} <=> ${queryVector}::vector < ${distanceThreshold}`,
+        ...(filters
+          ? Object.entries(filters).map(([key, value]) => {
+              switch (key) {
+                case 'tag1':
+                  return sql`LOWER(${embedding.tag1}) = LOWER(${value})`
+                case 'tag2':
+                  return sql`LOWER(${embedding.tag2}) = LOWER(${value})`
+                case 'tag3':
+                  return sql`LOWER(${embedding.tag3}) = LOWER(${value})`
+                case 'tag4':
+                  return sql`LOWER(${embedding.tag4}) = LOWER(${value})`
+                case 'tag5':
+                  return sql`LOWER(${embedding.tag5}) = LOWER(${value})`
+                case 'tag6':
+                  return sql`LOWER(${embedding.tag6}) = LOWER(${value})`
+                case 'tag7':
+                  return sql`LOWER(${embedding.tag7}) = LOWER(${value})`
+                default:
+                  return sql`1=1` // No-op for unknown keys
+              }
+            })
+          : [])
       )
     )
     .orderBy(sql`${embedding.embedding} <=> ${queryVector}::vector`)
@@ -231,7 +304,8 @@ export async function POST(request: NextRequest) {
           foundKbIds,
           queryVector,
           validatedData.topK,
-          strategy.distanceThreshold
+          strategy.distanceThreshold,
+          validatedData.filters
         )
         results = mergeAndRankResults(parallelResults, validatedData.topK)
       } else {
@@ -240,10 +314,24 @@ export async function POST(request: NextRequest) {
           foundKbIds,
           queryVector,
           validatedData.topK,
-          strategy.distanceThreshold
+          strategy.distanceThreshold,
+          validatedData.filters
         )
       }
 
+      // Calculate cost for the embedding (with fallback if calculation fails)
+      let cost = null
+      let tokenCount = null
+      try {
+        tokenCount = estimateTokenCount(validatedData.query, 'openai')
+        cost = calculateCost('text-embedding-3-small', tokenCount.count, 0, false)
+      } catch (error) {
+        logger.warn(`[${requestId}] Failed to calculate cost for search query`, {
+          error: error instanceof Error ? error.message : 'Unknown error',
+        })
+        // Continue without cost information rather than failing the search
+      }
+
       return NextResponse.json({
         success: true,
         data: {
@@ -252,7 +340,13 @@ export async function POST(request: NextRequest) {
             content: result.content,
             documentId: result.documentId,
             chunkIndex: result.chunkIndex,
-            metadata: result.metadata,
+            tag1: result.tag1,
+            tag2: result.tag2,
+            tag3: result.tag3,
+            tag4: result.tag4,
+            tag5: result.tag5,
+            tag6: result.tag6,
+            tag7: result.tag7,
             similarity: 1 - result.distance,
           })),
           query: validatedData.query,
@@ -260,6 +354,22 @@ export async function POST(request: NextRequest) {
           knowledgeBaseId: foundKbIds[0],
           topK: validatedData.topK,
           totalResults: results.length,
+          ...(cost && tokenCount
+            ? {
+                cost: {
+                  input: cost.input,
+                  output: cost.output,
+                  total: cost.total,
+                  tokens: {
+                    prompt: tokenCount.count,
+                    completion: 0,
+                    total: tokenCount.count,
+                  },
+                  model: 'text-embedding-3-small',
+                  pricing: cost.pricing,
+                },
+              }
+            : {}),
         },
       })
     } catch (validationError) {

apps/sim/app/api/knowledge/utils.ts

@@ -73,6 +73,14 @@ export interface DocumentData {
   enabled: boolean
   deletedAt?: Date | null
   uploadedAt: Date
+  // Document tags
+  tag1?: string | null
+  tag2?: string | null
+  tag3?: string | null
+  tag4?: string | null
+  tag5?: string | null
+  tag6?: string | null
+  tag7?: string | null
 }
 
 export interface EmbeddingData {
@@ -88,7 +96,14 @@ export interface EmbeddingData {
   embeddingModel: string
   startOffset: number
   endOffset: number
-  metadata: unknown
+  // Tag fields for filtering
+  tag1?: string | null
+  tag2?: string | null
+  tag3?: string | null
+  tag4?: string | null
+  tag5?: string | null
+  tag6?: string | null
+  tag7?: string | null
   enabled: boolean
   createdAt: Date
   updatedAt: Date
@@ -445,7 +460,26 @@ export async function processDocumentAsync(
         const chunkTexts = processed.chunks.map((chunk) => chunk.text)
         const embeddings = chunkTexts.length > 0 ? await generateEmbeddings(chunkTexts) : []
 
-        logger.info(`[${documentId}] Embeddings generated, updating document record`)
+        logger.info(`[${documentId}] Embeddings generated, fetching document tags`)
+
+        // Fetch document to get tags
+        const documentRecord = await db
+          .select({
+            tag1: document.tag1,
+            tag2: document.tag2,
+            tag3: document.tag3,
+            tag4: document.tag4,
+            tag5: document.tag5,
+            tag6: document.tag6,
+            tag7: document.tag7,
+          })
+          .from(document)
+          .where(eq(document.id, documentId))
+          .limit(1)
+
+        const documentTags = documentRecord[0] || {}
+
+        logger.info(`[${documentId}] Creating embedding records with tags`)
 
         const embeddingRecords = processed.chunks.map((chunk, chunkIndex) => ({
           id: crypto.randomUUID(),
@@ -460,7 +494,14 @@ export async function processDocumentAsync(
           embeddingModel: 'text-embedding-3-small',
           startOffset: chunk.metadata.startIndex,
           endOffset: chunk.metadata.endIndex,
-          metadata: {},
+          // Copy tags from document
+          tag1: documentTags.tag1,
+          tag2: documentTags.tag2,
+          tag3: documentTags.tag3,
+          tag4: documentTags.tag4,
+          tag5: documentTags.tag5,
+          tag6: documentTags.tag6,
+          tag7: documentTags.tag7,
           createdAt: now,
           updatedAt: now,
         }))

apps/sim/app/api/logs/cleanup/route.ts

@@ -1,6 +1,7 @@
 import { PutObjectCommand } from '@aws-sdk/client-s3'
 import { and, eq, inArray, lt, sql } from 'drizzle-orm'
-import { NextResponse } from 'next/server'
+import { type NextRequest, NextResponse } from 'next/server'
+import { verifyCronAuth } from '@/lib/auth/internal'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console-logger'
 import { snapshotService } from '@/lib/logs/snapshot-service'
@@ -18,17 +19,11 @@ const S3_CONFIG = {
   region: env.AWS_REGION || '',
 }
 
-export async function GET(request: Request) {
+export async function GET(request: NextRequest) {
   try {
-    const authHeader = request.headers.get('authorization')
-
-    if (!env.CRON_SECRET) {
-      return new NextResponse('Configuration error: Cron secret is not set', { status: 500 })
-    }
-
-    if (!authHeader || authHeader !== `Bearer ${env.CRON_SECRET}`) {
-      logger.warn('Unauthorized access attempt to logs cleanup endpoint')
-      return new NextResponse('Unauthorized', { status: 401 })
+    const authError = verifyCronAuth(request, 'logs cleanup')
+    if (authError) {
+      return authError
     }
 
     if (!S3_CONFIG.bucket || !S3_CONFIG.region) {

apps/sim/app/api/marketplace/[id]/info/route.ts

@@ -4,7 +4,7 @@ import { createLogger } from '@/lib/logs/console-logger'
 import { validateWorkflowAccess } from '@/app/api/workflows/middleware'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
-import * as schema from '@/db/schema'
+import { marketplace } from '@/db/schema'
 
 const logger = createLogger('MarketplaceInfoAPI')
 
@@ -24,8 +24,8 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     // Fetch marketplace data for the workflow
     const marketplaceEntry = await db
       .select()
-      .from(schema.marketplace)
-      .where(eq(schema.marketplace.workflowId, id))
+      .from(marketplace)
+      .where(eq(marketplace.workflowId, id))
       .limit(1)
       .then((rows) => rows[0])
 

apps/sim/app/api/marketplace/[id]/unpublish/route.ts

@@ -4,7 +4,7 @@ import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
-import * as schema from '@/db/schema'
+import { marketplace, workflow } from '@/db/schema'
 
 const logger = createLogger('MarketplaceUnpublishAPI')
 
@@ -34,13 +34,13 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     // Get the marketplace entry using the marketplace ID
     const marketplaceEntry = await db
       .select({
-        id: schema.marketplace.id,
-        workflowId: schema.marketplace.workflowId,
-        authorId: schema.marketplace.authorId,
-        name: schema.marketplace.name,
+        id: marketplace.id,
+        workflowId: marketplace.workflowId,
+        authorId: marketplace.authorId,
+        name: marketplace.name,
       })
-      .from(schema.marketplace)
-      .where(eq(schema.marketplace.id, id))
+      .from(marketplace)
+      .where(eq(marketplace.id, id))
       .limit(1)
       .then((rows) => rows[0])
 
@@ -60,36 +60,33 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     const workflowId = marketplaceEntry.workflowId
 
     // Verify the workflow exists and belongs to the user
-    const workflow = await db
+    const workflowEntry = await db
       .select({
-        id: schema.workflow.id,
-        userId: schema.workflow.userId,
+        id: workflow.id,
+        userId: workflow.userId,
       })
-      .from(schema.workflow)
-      .where(eq(schema.workflow.id, workflowId))
+      .from(workflow)
+      .where(eq(workflow.id, workflowId))
       .limit(1)
       .then((rows) => rows[0])
 
-    if (!workflow) {
+    if (!workflowEntry) {
       logger.warn(`[${requestId}] Associated workflow not found: ${workflowId}`)
       // We'll still delete the marketplace entry even if the workflow is missing
-    } else if (workflow.userId !== userId) {
+    } else if (workflowEntry.userId !== userId) {
       logger.warn(
-        `[${requestId}] Workflow ${workflowId} belongs to user ${workflow.userId}, not current user ${userId}`
+        `[${requestId}] Workflow ${workflowId} belongs to user ${workflowEntry.userId}, not current user ${userId}`
       )
       return createErrorResponse('You do not have permission to unpublish this workflow', 403)
     }
 
     try {
       // Delete the marketplace entry - this is the primary action
-      await db.delete(schema.marketplace).where(eq(schema.marketplace.id, id))
+      await db.delete(marketplace).where(eq(marketplace.id, id))
 
       // Update the workflow to mark it as unpublished if it exists
-      if (workflow) {
-        await db
-          .update(schema.workflow)
-          .set({ isPublished: false })
-          .where(eq(schema.workflow.id, workflowId))
+      if (workflowEntry) {
+        await db.update(workflow).set({ isPublished: false }).where(eq(workflow.id, workflowId))
       }
 
       logger.info(

apps/sim/app/api/marketplace/[id]/view/route.ts

@@ -3,7 +3,7 @@ import type { NextRequest } from 'next/server'
 import { createLogger } from '@/lib/logs/console-logger'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
-import * as schema from '@/db/schema'
+import { marketplace } from '@/db/schema'
 
 const logger = createLogger('MarketplaceViewAPI')
 
@@ -22,10 +22,10 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     // Find the marketplace entry for this marketplace ID
     const marketplaceEntry = await db
       .select({
-        id: schema.marketplace.id,
+        id: marketplace.id,
       })
-      .from(schema.marketplace)
-      .where(eq(schema.marketplace.id, id))
+      .from(marketplace)
+      .where(eq(marketplace.id, id))
       .limit(1)
       .then((rows) => rows[0])
 
@@ -36,11 +36,11 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
     // Increment the view count for this workflow
     await db
-      .update(schema.marketplace)
+      .update(marketplace)
       .set({
-        views: sql`${schema.marketplace.views} + 1`,
+        views: sql`${marketplace.views} + 1`,
       })
-      .where(eq(schema.marketplace.id, id))
+      .where(eq(marketplace.id, id))
 
     logger.info(`[${requestId}] Incremented view count for marketplace entry: ${id}`)
 

apps/sim/app/api/marketplace/workflows/route.ts

@@ -4,7 +4,7 @@ import { createLogger } from '@/lib/logs/console-logger'
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { CATEGORIES } from '@/app/workspace/[workspaceId]/marketplace/constants/categories'
 import { db } from '@/db'
-import * as schema from '@/db/schema'
+import { marketplace } from '@/db/schema'
 
 const logger = createLogger('MarketplaceWorkflowsAPI')
 
@@ -50,39 +50,39 @@ export async function GET(request: NextRequest) {
         // Query with state included
         marketplaceEntry = await db
           .select({
-            id: schema.marketplace.id,
-            workflowId: schema.marketplace.workflowId,
-            name: schema.marketplace.name,
-            description: schema.marketplace.description,
-            authorId: schema.marketplace.authorId,
-            authorName: schema.marketplace.authorName,
-            state: schema.marketplace.state,
-            views: schema.marketplace.views,
-            category: schema.marketplace.category,
-            createdAt: schema.marketplace.createdAt,
-            updatedAt: schema.marketplace.updatedAt,
+            id: marketplace.id,
+            workflowId: marketplace.workflowId,
+            name: marketplace.name,
+            description: marketplace.description,
+            authorId: marketplace.authorId,
+            authorName: marketplace.authorName,
+            state: marketplace.state,
+            views: marketplace.views,
+            category: marketplace.category,
+            createdAt: marketplace.createdAt,
+            updatedAt: marketplace.updatedAt,
           })
-          .from(schema.marketplace)
-          .where(eq(schema.marketplace.workflowId, workflowId))
+          .from(marketplace)
+          .where(eq(marketplace.workflowId, workflowId))
           .limit(1)
           .then((rows) => rows[0])
       } else {
         // Query without state
         marketplaceEntry = await db
           .select({
-            id: schema.marketplace.id,
-            workflowId: schema.marketplace.workflowId,
-            name: schema.marketplace.name,
-            description: schema.marketplace.description,
-            authorId: schema.marketplace.authorId,
-            authorName: schema.marketplace.authorName,
-            views: schema.marketplace.views,
-            category: schema.marketplace.category,
-            createdAt: schema.marketplace.createdAt,
-            updatedAt: schema.marketplace.updatedAt,
+            id: marketplace.id,
+            workflowId: marketplace.workflowId,
+            name: marketplace.name,
+            description: marketplace.description,
+            authorId: marketplace.authorId,
+            authorName: marketplace.authorName,
+            views: marketplace.views,
+            category: marketplace.category,
+            createdAt: marketplace.createdAt,
+            updatedAt: marketplace.updatedAt,
           })
-          .from(schema.marketplace)
-          .where(eq(schema.marketplace.workflowId, workflowId))
+          .from(marketplace)
+          .where(eq(marketplace.workflowId, workflowId))
           .limit(1)
           .then((rows) => rows[0])
       }
@@ -114,39 +114,39 @@ export async function GET(request: NextRequest) {
         // Query with state included
         marketplaceEntry = await db
           .select({
-            id: schema.marketplace.id,
-            workflowId: schema.marketplace.workflowId,
-            name: schema.marketplace.name,
-            description: schema.marketplace.description,
-            authorId: schema.marketplace.authorId,
-            authorName: schema.marketplace.authorName,
-            state: schema.marketplace.state,
-            views: schema.marketplace.views,
-            category: schema.marketplace.category,
-            createdAt: schema.marketplace.createdAt,
-            updatedAt: schema.marketplace.updatedAt,
+            id: marketplace.id,
+            workflowId: marketplace.workflowId,
+            name: marketplace.name,
+            description: marketplace.description,
+            authorId: marketplace.authorId,
+            authorName: marketplace.authorName,
+            state: marketplace.state,
+            views: marketplace.views,
+            category: marketplace.category,
+            createdAt: marketplace.createdAt,
+            updatedAt: marketplace.updatedAt,
           })
-          .from(schema.marketplace)
-          .where(eq(schema.marketplace.id, marketplaceId))
+          .from(marketplace)
+          .where(eq(marketplace.id, marketplaceId))
           .limit(1)
           .then((rows) => rows[0])
       } else {
         // Query without state
         marketplaceEntry = await db
           .select({
-            id: schema.marketplace.id,
-            workflowId: schema.marketplace.workflowId,
-            name: schema.marketplace.name,
-            description: schema.marketplace.description,
-            authorId: schema.marketplace.authorId,
-            authorName: schema.marketplace.authorName,
-            views: schema.marketplace.views,
-            category: schema.marketplace.category,
-            createdAt: schema.marketplace.createdAt,
-            updatedAt: schema.marketplace.updatedAt,
+            id: marketplace.id,
+            workflowId: marketplace.workflowId,
+            name: marketplace.name,
+            description: marketplace.description,
+            authorId: marketplace.authorId,
+            authorName: marketplace.authorName,
+            views: marketplace.views,
+            category: marketplace.category,
+            createdAt: marketplace.createdAt,
+            updatedAt: marketplace.updatedAt,
           })
-          .from(schema.marketplace)
-          .where(eq(schema.marketplace.id, marketplaceId))
+          .from(marketplace)
+          .where(eq(marketplace.id, marketplaceId))
           .limit(1)
           .then((rows) => rows[0])
       }
@@ -183,21 +183,19 @@ export async function GET(request: NextRequest) {
 
     // Define common fields to select
     const baseFields = {
-      id: schema.marketplace.id,
-      workflowId: schema.marketplace.workflowId,
-      name: schema.marketplace.name,
-      description: schema.marketplace.description,
-      authorName: schema.marketplace.authorName,
-      views: schema.marketplace.views,
-      category: schema.marketplace.category,
-      createdAt: schema.marketplace.createdAt,
-      updatedAt: schema.marketplace.updatedAt,
+      id: marketplace.id,
+      workflowId: marketplace.workflowId,
+      name: marketplace.name,
+      description: marketplace.description,
+      authorName: marketplace.authorName,
+      views: marketplace.views,
+      category: marketplace.category,
+      createdAt: marketplace.createdAt,
+      updatedAt: marketplace.updatedAt,
     }
 
     // Add state if requested
-    const selectFields = includeState
-      ? { ...baseFields, state: schema.marketplace.state }
-      : baseFields
+    const selectFields = includeState ? { ...baseFields, state: marketplace.state } : baseFields
 
     // Determine which sections to fetch
     const sections = sectionParam ? sectionParam.split(',') : ['popular', 'recent', 'byCategory']
@@ -206,8 +204,8 @@ export async function GET(request: NextRequest) {
     if (sections.includes('popular')) {
       result.popular = await db
         .select(selectFields)
-        .from(schema.marketplace)
-        .orderBy(desc(schema.marketplace.views))
+        .from(marketplace)
+        .orderBy(desc(marketplace.views))
         .limit(limit)
     }
 
@@ -215,8 +213,8 @@ export async function GET(request: NextRequest) {
     if (sections.includes('recent')) {
       result.recent = await db
         .select(selectFields)
-        .from(schema.marketplace)
-        .orderBy(desc(schema.marketplace.createdAt))
+        .from(marketplace)
+        .orderBy(desc(marketplace.createdAt))
         .limit(limit)
     }
 
@@ -255,9 +253,9 @@ export async function GET(request: NextRequest) {
         categoriesToFetch.map(async (categoryValue) => {
           const categoryItems = await db
             .select(selectFields)
-            .from(schema.marketplace)
-            .where(eq(schema.marketplace.category, categoryValue))
-            .orderBy(desc(schema.marketplace.views))
+            .from(marketplace)
+            .where(eq(marketplace.category, categoryValue))
+            .orderBy(desc(marketplace.views))
             .limit(limit)
 
           // Always add the category to the result, even if empty
@@ -328,10 +326,10 @@ export async function POST(request: NextRequest) {
     // Find the marketplace entry
     const marketplaceEntry = await db
       .select({
-        id: schema.marketplace.id,
+        id: marketplace.id,
       })
-      .from(schema.marketplace)
-      .where(eq(schema.marketplace.id, id))
+      .from(marketplace)
+      .where(eq(marketplace.id, id))
       .limit(1)
       .then((rows) => rows[0])
 
@@ -342,11 +340,11 @@ export async function POST(request: NextRequest) {
 
     // Increment the view count
     await db
-      .update(schema.marketplace)
+      .update(marketplace)
       .set({
-        views: sql`${schema.marketplace.views} + 1`,
+        views: sql`${marketplace.views} + 1`,
       })
-      .where(eq(schema.marketplace.id, id))
+      .where(eq(marketplace.id, id))
 
     logger.info(`[${requestId}] Incremented view count for marketplace entry: ${id}`)
 

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -0,0 +1,506 @@
+import { randomUUID } from 'crypto'
+import { and, eq, inArray } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import {
+  getEmailSubject,
+  renderBatchInvitationEmail,
+  renderInvitationEmail,
+} from '@/components/emails/render-email'
+import { getSession } from '@/lib/auth'
+import {
+  validateBulkInvitations,
+  validateSeatAvailability,
+} from '@/lib/billing/validation/seat-management'
+import { sendEmail } from '@/lib/email/mailer'
+import { validateAndNormalizeEmail } from '@/lib/email/utils'
+import { createLogger } from '@/lib/logs/console-logger'
+import { hasWorkspaceAdminAccess } from '@/lib/permissions/utils'
+import { db } from '@/db'
+import { invitation, member, organization, user, workspace, workspaceInvitation } from '@/db/schema'
+
+const logger = createLogger('OrganizationInvitationsAPI')
+
+interface WorkspaceInvitation {
+  workspaceId: string
+  permission: 'admin' | 'write' | 'read'
+}
+
+/**
+ * GET /api/organizations/[id]/invitations
+ * Get all pending invitations for an organization
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+
+    // Verify user has access to this organization
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    const userRole = memberEntry[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    if (!hasAdminAccess) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Get all pending invitations for the organization
+    const invitations = await db
+      .select({
+        id: invitation.id,
+        email: invitation.email,
+        role: invitation.role,
+        status: invitation.status,
+        expiresAt: invitation.expiresAt,
+        createdAt: invitation.createdAt,
+        inviterName: user.name,
+        inviterEmail: user.email,
+      })
+      .from(invitation)
+      .leftJoin(user, eq(invitation.inviterId, user.id))
+      .where(eq(invitation.organizationId, organizationId))
+      .orderBy(invitation.createdAt)
+
+    return NextResponse.json({
+      success: true,
+      data: {
+        invitations,
+        userRole,
+      },
+    })
+  } catch (error) {
+    logger.error('Failed to get organization invitations', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * POST /api/organizations/[id]/invitations
+ * Create organization invitations with optional validation and batch workspace invitations
+ * Query parameters:
+ * - ?validate=true - Only validate, don't send invitations
+ * - ?batch=true - Include workspace invitations
+ */
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const validateOnly = url.searchParams.get('validate') === 'true'
+    const isBatch = url.searchParams.get('batch') === 'true'
+
+    const body = await request.json()
+    const { email, emails, role = 'member', workspaceInvitations } = body
+
+    // Handle single invitation vs batch
+    const invitationEmails = email ? [email] : emails
+
+    // Validate input
+    if (!invitationEmails || !Array.isArray(invitationEmails) || invitationEmails.length === 0) {
+      return NextResponse.json({ error: 'Email or emails array is required' }, { status: 400 })
+    }
+
+    if (!['member', 'admin'].includes(role)) {
+      return NextResponse.json({ error: 'Invalid role' }, { status: 400 })
+    }
+
+    // Verify user has admin access
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    if (!['owner', 'admin'].includes(memberEntry[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Handle validation-only requests
+    if (validateOnly) {
+      const validationResult = await validateBulkInvitations(organizationId, invitationEmails)
+
+      logger.info('Invitation validation completed', {
+        organizationId,
+        userId: session.user.id,
+        emailCount: invitationEmails.length,
+        result: validationResult,
+      })
+
+      return NextResponse.json({
+        success: true,
+        data: validationResult,
+        validatedBy: session.user.id,
+        validatedAt: new Date().toISOString(),
+      })
+    }
+
+    // Validate seat availability
+    const seatValidation = await validateSeatAvailability(organizationId, invitationEmails.length)
+
+    if (!seatValidation.canInvite) {
+      return NextResponse.json(
+        {
+          error: seatValidation.reason,
+          seatInfo: {
+            currentSeats: seatValidation.currentSeats,
+            maxSeats: seatValidation.maxSeats,
+            availableSeats: seatValidation.availableSeats,
+            seatsRequested: invitationEmails.length,
+          },
+        },
+        { status: 400 }
+      )
+    }
+
+    // Get organization details
+    const organizationEntry = await db
+      .select({ name: organization.name })
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .limit(1)
+
+    if (organizationEntry.length === 0) {
+      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+    }
+
+    // Validate and normalize emails
+    const processedEmails = invitationEmails
+      .map((email: string) => {
+        const result = validateAndNormalizeEmail(email)
+        return result.isValid ? result.normalized : null
+      })
+      .filter(Boolean) as string[]
+
+    if (processedEmails.length === 0) {
+      return NextResponse.json({ error: 'No valid emails provided' }, { status: 400 })
+    }
+
+    // Handle batch workspace invitations if provided
+    const validWorkspaceInvitations: WorkspaceInvitation[] = []
+    if (isBatch && workspaceInvitations && workspaceInvitations.length > 0) {
+      for (const wsInvitation of workspaceInvitations) {
+        // Check if user has admin permission on this workspace
+        const canInvite = await hasWorkspaceAdminAccess(session.user.id, wsInvitation.workspaceId)
+
+        if (!canInvite) {
+          return NextResponse.json(
+            {
+              error: `You don't have permission to invite users to workspace ${wsInvitation.workspaceId}`,
+            },
+            { status: 403 }
+          )
+        }
+
+        validWorkspaceInvitations.push(wsInvitation)
+      }
+    }
+
+    // Check for existing members
+    const existingMembers = await db
+      .select({ userEmail: user.email })
+      .from(member)
+      .innerJoin(user, eq(member.userId, user.id))
+      .where(eq(member.organizationId, organizationId))
+
+    const existingEmails = existingMembers.map((m) => m.userEmail)
+    const newEmails = processedEmails.filter((email: string) => !existingEmails.includes(email))
+
+    // Check for existing pending invitations
+    const existingInvitations = await db
+      .select({ email: invitation.email })
+      .from(invitation)
+      .where(and(eq(invitation.organizationId, organizationId), eq(invitation.status, 'pending')))
+
+    const pendingEmails = existingInvitations.map((i) => i.email)
+    const emailsToInvite = newEmails.filter((email: string) => !pendingEmails.includes(email))
+
+    if (emailsToInvite.length === 0) {
+      return NextResponse.json(
+        {
+          error: 'All emails are already members or have pending invitations',
+          details: {
+            existingMembers: processedEmails.filter((email: string) =>
+              existingEmails.includes(email)
+            ),
+            pendingInvitations: processedEmails.filter((email: string) =>
+              pendingEmails.includes(email)
+            ),
+          },
+        },
+        { status: 400 }
+      )
+    }
+
+    // Create invitations
+    const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
+    const invitationsToCreate = emailsToInvite.map((email: string) => ({
+      id: randomUUID(),
+      email,
+      inviterId: session.user.id,
+      organizationId,
+      role,
+      status: 'pending' as const,
+      expiresAt,
+      createdAt: new Date(),
+    }))
+
+    await db.insert(invitation).values(invitationsToCreate)
+
+    // Create workspace invitations if batch mode
+    const workspaceInvitationIds: string[] = []
+    if (isBatch && validWorkspaceInvitations.length > 0) {
+      for (const email of emailsToInvite) {
+        for (const wsInvitation of validWorkspaceInvitations) {
+          const wsInvitationId = randomUUID()
+          const token = randomUUID()
+
+          await db.insert(workspaceInvitation).values({
+            id: wsInvitationId,
+            workspaceId: wsInvitation.workspaceId,
+            email,
+            inviterId: session.user.id,
+            role: 'member',
+            status: 'pending',
+            token,
+            permissions: wsInvitation.permission,
+            expiresAt,
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          })
+
+          workspaceInvitationIds.push(wsInvitationId)
+        }
+      }
+    }
+
+    // Send invitation emails
+    const inviter = await db
+      .select({ name: user.name })
+      .from(user)
+      .where(eq(user.id, session.user.id))
+      .limit(1)
+
+    for (const email of emailsToInvite) {
+      const orgInvitation = invitationsToCreate.find((inv) => inv.email === email)
+      if (!orgInvitation) continue
+
+      let emailResult
+      if (isBatch && validWorkspaceInvitations.length > 0) {
+        // Get workspace details for batch email
+        const workspaceDetails = await db
+          .select({
+            id: workspace.id,
+            name: workspace.name,
+          })
+          .from(workspace)
+          .where(
+            inArray(
+              workspace.id,
+              validWorkspaceInvitations.map((w) => w.workspaceId)
+            )
+          )
+
+        const workspaceInvitationsWithNames = validWorkspaceInvitations.map((wsInv) => ({
+          workspaceId: wsInv.workspaceId,
+          workspaceName:
+            workspaceDetails.find((w) => w.id === wsInv.workspaceId)?.name || 'Unknown Workspace',
+          permission: wsInv.permission,
+        }))
+
+        const emailHtml = await renderBatchInvitationEmail(
+          inviter[0]?.name || 'Someone',
+          organizationEntry[0]?.name || 'organization',
+          role,
+          workspaceInvitationsWithNames,
+          `${process.env.NEXT_PUBLIC_BASE_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`
+        )
+
+        emailResult = await sendEmail({
+          to: email,
+          subject: getEmailSubject('batch-invitation'),
+          html: emailHtml,
+          emailType: 'transactional',
+        })
+      } else {
+        const emailHtml = await renderInvitationEmail(
+          inviter[0]?.name || 'Someone',
+          organizationEntry[0]?.name || 'organization',
+          `${process.env.NEXT_PUBLIC_BASE_URL}/api/organizations/invitations/accept?id=${orgInvitation.id}`,
+          email
+        )
+
+        emailResult = await sendEmail({
+          to: email,
+          subject: getEmailSubject('invitation'),
+          html: emailHtml,
+          emailType: 'transactional',
+        })
+      }
+
+      if (!emailResult.success) {
+        logger.error('Failed to send invitation email', {
+          email,
+          error: emailResult.message,
+        })
+      }
+    }
+
+    logger.info('Organization invitations created', {
+      organizationId,
+      invitedBy: session.user.id,
+      invitationCount: invitationsToCreate.length,
+      emails: emailsToInvite,
+      role,
+      isBatch,
+      workspaceInvitationCount: workspaceInvitationIds.length,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: `${invitationsToCreate.length} invitation(s) sent successfully`,
+      data: {
+        invitationsSent: invitationsToCreate.length,
+        invitedEmails: emailsToInvite,
+        existingMembers: processedEmails.filter((email: string) => existingEmails.includes(email)),
+        pendingInvitations: processedEmails.filter((email: string) =>
+          pendingEmails.includes(email)
+        ),
+        invalidEmails: invitationEmails.filter(
+          (email: string) => !validateAndNormalizeEmail(email)
+        ),
+        workspaceInvitations: isBatch ? validWorkspaceInvitations.length : 0,
+        seatInfo: {
+          seatsUsed: seatValidation.currentSeats + invitationsToCreate.length,
+          maxSeats: seatValidation.maxSeats,
+          availableSeats: seatValidation.availableSeats - invitationsToCreate.length,
+        },
+      },
+    })
+  } catch (error) {
+    logger.error('Failed to create organization invitations', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE /api/organizations/[id]/invitations?invitationId=...
+ * Cancel a pending invitation
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const invitationId = url.searchParams.get('invitationId')
+
+    if (!invitationId) {
+      return NextResponse.json(
+        { error: 'Invitation ID is required as query parameter' },
+        { status: 400 }
+      )
+    }
+
+    // Verify user has admin access
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    if (!['owner', 'admin'].includes(memberEntry[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Cancel the invitation
+    const result = await db
+      .update(invitation)
+      .set({
+        status: 'cancelled',
+      })
+      .where(
+        and(
+          eq(invitation.id, invitationId),
+          eq(invitation.organizationId, organizationId),
+          eq(invitation.status, 'pending')
+        )
+      )
+      .returning()
+
+    if (result.length === 0) {
+      return NextResponse.json(
+        { error: 'Invitation not found or already processed' },
+        { status: 404 }
+      )
+    }
+
+    logger.info('Organization invitation cancelled', {
+      organizationId,
+      invitationId,
+      cancelledBy: session.user.id,
+      email: result[0].email,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: 'Invitation cancelled successfully',
+    })
+  } catch (error) {
+    logger.error('Failed to cancel organization invitation', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/organizations/[id]/members/[memberId]/route.ts

@@ -0,0 +1,314 @@
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { member, user, userStats } from '@/db/schema'
+
+const logger = createLogger('OrganizationMemberAPI')
+
+/**
+ * GET /api/organizations/[id]/members/[memberId]
+ * Get individual organization member details
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; memberId: string }> }
+) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId, memberId } = await params
+    const url = new URL(request.url)
+    const includeUsage = url.searchParams.get('include') === 'usage'
+
+    // Verify user has access to this organization
+    const userMember = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (userMember.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    const userRole = userMember[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    // Get target member details
+    const memberQuery = db
+      .select({
+        id: member.id,
+        userId: member.userId,
+        organizationId: member.organizationId,
+        role: member.role,
+        createdAt: member.createdAt,
+        userName: user.name,
+        userEmail: user.email,
+      })
+      .from(member)
+      .innerJoin(user, eq(member.userId, user.id))
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, memberId)))
+      .limit(1)
+
+    const memberEntry = await memberQuery
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json({ error: 'Member not found' }, { status: 404 })
+    }
+
+    // Check if user can view this member's details
+    const canViewDetails = hasAdminAccess || session.user.id === memberId
+
+    if (!canViewDetails) {
+      return NextResponse.json({ error: 'Forbidden - Insufficient permissions' }, { status: 403 })
+    }
+
+    let memberData = memberEntry[0]
+
+    // Include usage data if requested and user has permission
+    if (includeUsage && hasAdminAccess) {
+      const usageData = await db
+        .select({
+          currentPeriodCost: userStats.currentPeriodCost,
+          currentUsageLimit: userStats.currentUsageLimit,
+          billingPeriodStart: userStats.billingPeriodStart,
+          billingPeriodEnd: userStats.billingPeriodEnd,
+          usageLimitSetBy: userStats.usageLimitSetBy,
+          usageLimitUpdatedAt: userStats.usageLimitUpdatedAt,
+          lastPeriodCost: userStats.lastPeriodCost,
+        })
+        .from(userStats)
+        .where(eq(userStats.userId, memberId))
+        .limit(1)
+
+      if (usageData.length > 0) {
+        memberData = {
+          ...memberData,
+          usage: usageData[0],
+        } as typeof memberData & { usage: (typeof usageData)[0] }
+      }
+    }
+
+    return NextResponse.json({
+      success: true,
+      data: memberData,
+      userRole,
+      hasAdminAccess,
+    })
+  } catch (error) {
+    logger.error('Failed to get organization member', {
+      organizationId: (await params).id,
+      memberId: (await params).memberId,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * PUT /api/organizations/[id]/members/[memberId]
+ * Update organization member role
+ */
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; memberId: string }> }
+) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId, memberId } = await params
+    const { role } = await request.json()
+
+    // Validate input
+    if (!role || !['admin', 'member'].includes(role)) {
+      return NextResponse.json({ error: 'Invalid role' }, { status: 400 })
+    }
+
+    // Verify user has admin access
+    const userMember = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (userMember.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    if (!['owner', 'admin'].includes(userMember[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Check if target member exists
+    const targetMember = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, memberId)))
+      .limit(1)
+
+    if (targetMember.length === 0) {
+      return NextResponse.json({ error: 'Member not found' }, { status: 404 })
+    }
+
+    // Prevent changing owner role
+    if (targetMember[0].role === 'owner') {
+      return NextResponse.json({ error: 'Cannot change owner role' }, { status: 400 })
+    }
+
+    // Prevent non-owners from promoting to admin
+    if (role === 'admin' && userMember[0].role !== 'owner') {
+      return NextResponse.json(
+        { error: 'Only owners can promote members to admin' },
+        { status: 403 }
+      )
+    }
+
+    // Update member role
+    const updatedMember = await db
+      .update(member)
+      .set({ role })
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, memberId)))
+      .returning()
+
+    if (updatedMember.length === 0) {
+      return NextResponse.json({ error: 'Failed to update member role' }, { status: 500 })
+    }
+
+    logger.info('Organization member role updated', {
+      organizationId,
+      memberId,
+      newRole: role,
+      updatedBy: session.user.id,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: 'Member role updated successfully',
+      data: {
+        id: updatedMember[0].id,
+        userId: updatedMember[0].userId,
+        role: updatedMember[0].role,
+        updatedBy: session.user.id,
+      },
+    })
+  } catch (error) {
+    logger.error('Failed to update organization member role', {
+      organizationId: (await params).id,
+      memberId: (await params).memberId,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE /api/organizations/[id]/members/[memberId]
+ * Remove member from organization
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; memberId: string }> }
+) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId, memberId } = await params
+
+    // Verify user has admin access
+    const userMember = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (userMember.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    const canRemoveMembers =
+      ['owner', 'admin'].includes(userMember[0].role) || session.user.id === memberId
+
+    if (!canRemoveMembers) {
+      return NextResponse.json({ error: 'Forbidden - Insufficient permissions' }, { status: 403 })
+    }
+
+    // Check if target member exists
+    const targetMember = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, memberId)))
+      .limit(1)
+
+    if (targetMember.length === 0) {
+      return NextResponse.json({ error: 'Member not found' }, { status: 404 })
+    }
+
+    // Prevent removing the owner
+    if (targetMember[0].role === 'owner') {
+      return NextResponse.json({ error: 'Cannot remove organization owner' }, { status: 400 })
+    }
+
+    // Remove member
+    const removedMember = await db
+      .delete(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, memberId)))
+      .returning()
+
+    if (removedMember.length === 0) {
+      return NextResponse.json({ error: 'Failed to remove member' }, { status: 500 })
+    }
+
+    logger.info('Organization member removed', {
+      organizationId,
+      removedMemberId: memberId,
+      removedBy: session.user.id,
+      wasSelfRemoval: session.user.id === memberId,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message:
+        session.user.id === memberId
+          ? 'You have left the organization'
+          : 'Member removed successfully',
+      data: {
+        removedMemberId: memberId,
+        removedBy: session.user.id,
+        removedAt: new Date().toISOString(),
+      },
+    })
+  } catch (error) {
+    logger.error('Failed to remove organization member', {
+      organizationId: (await params).id,
+      memberId: (await params).memberId,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/organizations/[id]/members/route.ts

@@ -0,0 +1,293 @@
+import { randomUUID } from 'crypto'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getEmailSubject, renderInvitationEmail } from '@/components/emails/render-email'
+import { getSession } from '@/lib/auth'
+import { validateSeatAvailability } from '@/lib/billing/validation/seat-management'
+import { sendEmail } from '@/lib/email/mailer'
+import { validateAndNormalizeEmail } from '@/lib/email/utils'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { invitation, member, organization, user, userStats } from '@/db/schema'
+
+const logger = createLogger('OrganizationMembersAPI')
+
+/**
+ * GET /api/organizations/[id]/members
+ * Get organization members with optional usage data
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const includeUsage = url.searchParams.get('include') === 'usage'
+
+    // Verify user has access to this organization
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    const userRole = memberEntry[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    // Get organization members
+    const query = db
+      .select({
+        id: member.id,
+        userId: member.userId,
+        organizationId: member.organizationId,
+        role: member.role,
+        createdAt: member.createdAt,
+        userName: user.name,
+        userEmail: user.email,
+      })
+      .from(member)
+      .innerJoin(user, eq(member.userId, user.id))
+      .where(eq(member.organizationId, organizationId))
+
+    // Include usage data if requested and user has admin access
+    if (includeUsage && hasAdminAccess) {
+      const membersWithUsage = await db
+        .select({
+          id: member.id,
+          userId: member.userId,
+          organizationId: member.organizationId,
+          role: member.role,
+          createdAt: member.createdAt,
+          userName: user.name,
+          userEmail: user.email,
+          currentPeriodCost: userStats.currentPeriodCost,
+          currentUsageLimit: userStats.currentUsageLimit,
+          billingPeriodStart: userStats.billingPeriodStart,
+          billingPeriodEnd: userStats.billingPeriodEnd,
+          usageLimitSetBy: userStats.usageLimitSetBy,
+          usageLimitUpdatedAt: userStats.usageLimitUpdatedAt,
+        })
+        .from(member)
+        .innerJoin(user, eq(member.userId, user.id))
+        .leftJoin(userStats, eq(user.id, userStats.userId))
+        .where(eq(member.organizationId, organizationId))
+
+      return NextResponse.json({
+        success: true,
+        data: membersWithUsage,
+        total: membersWithUsage.length,
+        userRole,
+        hasAdminAccess,
+      })
+    }
+
+    const members = await query
+
+    return NextResponse.json({
+      success: true,
+      data: members,
+      total: members.length,
+      userRole,
+      hasAdminAccess,
+    })
+  } catch (error) {
+    logger.error('Failed to get organization members', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * POST /api/organizations/[id]/members
+ * Invite new member to organization
+ */
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const { email, role = 'member' } = await request.json()
+
+    // Validate input
+    if (!email) {
+      return NextResponse.json({ error: 'Email is required' }, { status: 400 })
+    }
+
+    if (!['admin', 'member'].includes(role)) {
+      return NextResponse.json({ error: 'Invalid role' }, { status: 400 })
+    }
+
+    // Validate and normalize email
+    const { isValid, normalized: normalizedEmail } = validateAndNormalizeEmail(email)
+    if (!isValid) {
+      return NextResponse.json({ error: 'Invalid email format' }, { status: 400 })
+    }
+
+    // Verify user has admin access
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    if (!['owner', 'admin'].includes(memberEntry[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Check seat availability
+    const seatValidation = await validateSeatAvailability(organizationId, 1)
+    if (!seatValidation.canInvite) {
+      return NextResponse.json(
+        {
+          error: `Cannot invite member. Using ${seatValidation.currentSeats} of ${seatValidation.maxSeats} seats.`,
+          details: seatValidation,
+        },
+        { status: 400 }
+      )
+    }
+
+    // Check if user is already a member
+    const existingUser = await db
+      .select({ id: user.id })
+      .from(user)
+      .where(eq(user.email, normalizedEmail))
+      .limit(1)
+
+    if (existingUser.length > 0) {
+      const existingMember = await db
+        .select()
+        .from(member)
+        .where(
+          and(eq(member.organizationId, organizationId), eq(member.userId, existingUser[0].id))
+        )
+        .limit(1)
+
+      if (existingMember.length > 0) {
+        return NextResponse.json(
+          { error: 'User is already a member of this organization' },
+          { status: 400 }
+        )
+      }
+    }
+
+    // Check for existing pending invitation
+    const existingInvitation = await db
+      .select()
+      .from(invitation)
+      .where(
+        and(
+          eq(invitation.organizationId, organizationId),
+          eq(invitation.email, normalizedEmail),
+          eq(invitation.status, 'pending')
+        )
+      )
+      .limit(1)
+
+    if (existingInvitation.length > 0) {
+      return NextResponse.json(
+        { error: 'Pending invitation already exists for this email' },
+        { status: 400 }
+      )
+    }
+
+    // Create invitation
+    const invitationId = randomUUID()
+    const expiresAt = new Date()
+    expiresAt.setDate(expiresAt.getDate() + 7) // 7 days expiry
+
+    await db.insert(invitation).values({
+      id: invitationId,
+      email: normalizedEmail,
+      inviterId: session.user.id,
+      organizationId,
+      role,
+      status: 'pending',
+      expiresAt,
+      createdAt: new Date(),
+    })
+
+    const organizationEntry = await db
+      .select({ name: organization.name })
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .limit(1)
+
+    const inviter = await db
+      .select({ name: user.name })
+      .from(user)
+      .where(eq(user.id, session.user.id))
+      .limit(1)
+
+    const emailHtml = await renderInvitationEmail(
+      inviter[0]?.name || 'Someone',
+      organizationEntry[0]?.name || 'organization',
+      `${process.env.NEXT_PUBLIC_BASE_URL}/api/organizations/invitations/accept?id=${invitationId}`,
+      normalizedEmail
+    )
+
+    const emailResult = await sendEmail({
+      to: normalizedEmail,
+      subject: getEmailSubject('invitation'),
+      html: emailHtml,
+      emailType: 'transactional',
+    })
+
+    if (emailResult.success) {
+      logger.info('Member invitation sent', {
+        email: normalizedEmail,
+        organizationId,
+        invitationId,
+        role,
+      })
+    } else {
+      logger.error('Failed to send invitation email', {
+        email: normalizedEmail,
+        error: emailResult.message,
+      })
+      // Don't fail the request if email fails
+    }
+
+    return NextResponse.json({
+      success: true,
+      message: `Invitation sent to ${normalizedEmail}`,
+      data: {
+        invitationId,
+        email: normalizedEmail,
+        role,
+        expiresAt,
+      },
+    })
+  } catch (error) {
+    logger.error('Failed to invite organization member', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/organizations/[id]/route.ts

@@ -0,0 +1,248 @@
+import { and, eq, ne } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import {
+  getOrganizationSeatAnalytics,
+  getOrganizationSeatInfo,
+  updateOrganizationSeats,
+} from '@/lib/billing/validation/seat-management'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { member, organization } from '@/db/schema'
+
+const logger = createLogger('OrganizationAPI')
+
+/**
+ * GET /api/organizations/[id]
+ * Get organization details including settings and seat information
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const includeSeats = url.searchParams.get('include') === 'seats'
+
+    // Verify user has access to this organization
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    // Get organization data
+    const organizationEntry = await db
+      .select()
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .limit(1)
+
+    if (organizationEntry.length === 0) {
+      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+    }
+
+    const userRole = memberEntry[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    const response: any = {
+      success: true,
+      data: {
+        id: organizationEntry[0].id,
+        name: organizationEntry[0].name,
+        slug: organizationEntry[0].slug,
+        logo: organizationEntry[0].logo,
+        metadata: organizationEntry[0].metadata,
+        createdAt: organizationEntry[0].createdAt,
+        updatedAt: organizationEntry[0].updatedAt,
+      },
+      userRole,
+      hasAdminAccess,
+    }
+
+    // Include seat information if requested
+    if (includeSeats) {
+      const seatInfo = await getOrganizationSeatInfo(organizationId)
+      if (seatInfo) {
+        response.data.seats = seatInfo
+      }
+
+      // Include analytics for admins
+      if (hasAdminAccess) {
+        const analytics = await getOrganizationSeatAnalytics(organizationId)
+        if (analytics) {
+          response.data.seatAnalytics = analytics
+        }
+      }
+    }
+
+    return NextResponse.json(response)
+  } catch (error) {
+    logger.error('Failed to get organization', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * PUT /api/organizations/[id]
+ * Update organization settings or seat count
+ */
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const body = await request.json()
+    const { name, slug, logo, seats } = body
+
+    // Verify user has admin access
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        { error: 'Forbidden - Not a member of this organization' },
+        { status: 403 }
+      )
+    }
+
+    if (!['owner', 'admin'].includes(memberEntry[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    // Handle seat count update
+    if (seats !== undefined) {
+      if (typeof seats !== 'number' || seats < 1) {
+        return NextResponse.json({ error: 'Invalid seat count' }, { status: 400 })
+      }
+
+      const result = await updateOrganizationSeats(organizationId, seats, session.user.id)
+
+      if (!result.success) {
+        return NextResponse.json({ error: result.error }, { status: 400 })
+      }
+
+      logger.info('Organization seat count updated', {
+        organizationId,
+        newSeatCount: seats,
+        updatedBy: session.user.id,
+      })
+
+      return NextResponse.json({
+        success: true,
+        message: 'Seat count updated successfully',
+        data: {
+          seats: seats,
+          updatedBy: session.user.id,
+          updatedAt: new Date().toISOString(),
+        },
+      })
+    }
+
+    // Handle settings update
+    if (name !== undefined || slug !== undefined || logo !== undefined) {
+      // Validate required fields
+      if (name !== undefined && (!name || typeof name !== 'string' || name.trim().length === 0)) {
+        return NextResponse.json({ error: 'Organization name is required' }, { status: 400 })
+      }
+
+      if (slug !== undefined && (!slug || typeof slug !== 'string' || slug.trim().length === 0)) {
+        return NextResponse.json({ error: 'Organization slug is required' }, { status: 400 })
+      }
+
+      // Validate slug format
+      if (slug !== undefined) {
+        const slugRegex = /^[a-z0-9-_]+$/
+        if (!slugRegex.test(slug)) {
+          return NextResponse.json(
+            {
+              error: 'Slug can only contain lowercase letters, numbers, hyphens, and underscores',
+            },
+            { status: 400 }
+          )
+        }
+
+        // Check if slug is already taken by another organization
+        const existingSlug = await db
+          .select()
+          .from(organization)
+          .where(and(eq(organization.slug, slug), ne(organization.id, organizationId)))
+          .limit(1)
+
+        if (existingSlug.length > 0) {
+          return NextResponse.json({ error: 'This slug is already taken' }, { status: 400 })
+        }
+      }
+
+      // Build update object with only provided fields
+      const updateData: any = { updatedAt: new Date() }
+      if (name !== undefined) updateData.name = name.trim()
+      if (slug !== undefined) updateData.slug = slug.trim()
+      if (logo !== undefined) updateData.logo = logo || null
+
+      // Update organization
+      const updatedOrg = await db
+        .update(organization)
+        .set(updateData)
+        .where(eq(organization.id, organizationId))
+        .returning()
+
+      if (updatedOrg.length === 0) {
+        return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+      }
+
+      logger.info('Organization settings updated', {
+        organizationId,
+        updatedBy: session.user.id,
+        changes: { name, slug, logo },
+      })
+
+      return NextResponse.json({
+        success: true,
+        message: 'Organization updated successfully',
+        data: {
+          id: updatedOrg[0].id,
+          name: updatedOrg[0].name,
+          slug: updatedOrg[0].slug,
+          logo: updatedOrg[0].logo,
+          updatedAt: updatedOrg[0].updatedAt,
+        },
+      })
+    }
+
+    return NextResponse.json({ error: 'No valid fields provided for update' }, { status: 400 })
+  } catch (error) {
+    logger.error('Failed to update organization', {
+      organizationId: (await params).id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+// DELETE method removed - organization deletion not implemented
+// If deletion is needed in the future, it should be implemented with proper
+// cleanup of subscriptions, members, workspaces, and billing data

apps/sim/app/api/organizations/[id]/workspaces/route.ts

@@ -0,0 +1,209 @@
+import { and, eq, or } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { member, permissions, user, workspace, workspaceMember } from '@/db/schema'
+
+const logger = createLogger('OrganizationWorkspacesAPI')
+
+/**
+ * GET /api/organizations/[id]/workspaces
+ * Get workspaces related to the organization with optional filtering
+ * Query parameters:
+ * - ?available=true - Only workspaces where user can invite others (admin permissions)
+ * - ?member=userId - Workspaces where specific member has access
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id: organizationId } = await params
+    const url = new URL(request.url)
+    const availableOnly = url.searchParams.get('available') === 'true'
+    const memberId = url.searchParams.get('member')
+
+    // Verify user is a member of this organization
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0) {
+      return NextResponse.json(
+        {
+          error: 'Forbidden - Not a member of this organization',
+        },
+        { status: 403 }
+      )
+    }
+
+    const userRole = memberEntry[0].role
+    const hasAdminAccess = ['owner', 'admin'].includes(userRole)
+
+    if (availableOnly) {
+      // Get workspaces where user has admin permissions (can invite others)
+      const availableWorkspaces = await db
+        .select({
+          id: workspace.id,
+          name: workspace.name,
+          ownerId: workspace.ownerId,
+          createdAt: workspace.createdAt,
+          isOwner: eq(workspace.ownerId, session.user.id),
+          permissionType: permissions.permissionType,
+        })
+        .from(workspace)
+        .leftJoin(
+          permissions,
+          and(
+            eq(permissions.entityType, 'workspace'),
+            eq(permissions.entityId, workspace.id),
+            eq(permissions.userId, session.user.id)
+          )
+        )
+        .where(
+          or(
+            // User owns the workspace
+            eq(workspace.ownerId, session.user.id),
+            // User has admin permission on the workspace
+            and(
+              eq(permissions.userId, session.user.id),
+              eq(permissions.entityType, 'workspace'),
+              eq(permissions.permissionType, 'admin')
+            )
+          )
+        )
+
+      // Filter and format the results
+      const workspacesWithInvitePermission = availableWorkspaces
+        .filter((workspace) => {
+          // Include if user owns the workspace OR has admin permission
+          return workspace.isOwner || workspace.permissionType === 'admin'
+        })
+        .map((workspace) => ({
+          id: workspace.id,
+          name: workspace.name,
+          isOwner: workspace.isOwner,
+          canInvite: true, // All returned workspaces have invite permission
+          createdAt: workspace.createdAt,
+        }))
+
+      logger.info('Retrieved available workspaces for organization member', {
+        organizationId,
+        userId: session.user.id,
+        workspaceCount: workspacesWithInvitePermission.length,
+      })
+
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: workspacesWithInvitePermission,
+          totalCount: workspacesWithInvitePermission.length,
+          filter: 'available',
+        },
+      })
+    }
+
+    if (memberId && hasAdminAccess) {
+      // Get workspaces where specific member has access (admin only)
+      const memberWorkspaces = await db
+        .select({
+          id: workspace.id,
+          name: workspace.name,
+          ownerId: workspace.ownerId,
+          createdAt: workspace.createdAt,
+          isOwner: eq(workspace.ownerId, memberId),
+          permissionType: permissions.permissionType,
+          joinedAt: workspaceMember.joinedAt,
+        })
+        .from(workspace)
+        .leftJoin(
+          permissions,
+          and(
+            eq(permissions.entityType, 'workspace'),
+            eq(permissions.entityId, workspace.id),
+            eq(permissions.userId, memberId)
+          )
+        )
+        .leftJoin(
+          workspaceMember,
+          and(eq(workspaceMember.workspaceId, workspace.id), eq(workspaceMember.userId, memberId))
+        )
+        .where(
+          or(
+            // Member owns the workspace
+            eq(workspace.ownerId, memberId),
+            // Member has permissions on the workspace
+            and(eq(permissions.userId, memberId), eq(permissions.entityType, 'workspace'))
+          )
+        )
+
+      const formattedWorkspaces = memberWorkspaces.map((workspace) => ({
+        id: workspace.id,
+        name: workspace.name,
+        isOwner: workspace.isOwner,
+        permission: workspace.permissionType,
+        joinedAt: workspace.joinedAt,
+        createdAt: workspace.createdAt,
+      }))
+
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: formattedWorkspaces,
+          totalCount: formattedWorkspaces.length,
+          filter: 'member',
+          memberId,
+        },
+      })
+    }
+
+    // Default: Get all workspaces (basic info only for regular members)
+    if (!hasAdminAccess) {
+      return NextResponse.json({
+        success: true,
+        data: {
+          workspaces: [],
+          totalCount: 0,
+          message: 'Workspace access information is only available to organization admins',
+        },
+      })
+    }
+
+    // For admins: Get summary of all workspaces
+    const allWorkspaces = await db
+      .select({
+        id: workspace.id,
+        name: workspace.name,
+        ownerId: workspace.ownerId,
+        createdAt: workspace.createdAt,
+        ownerName: user.name,
+      })
+      .from(workspace)
+      .leftJoin(user, eq(workspace.ownerId, user.id))
+
+    return NextResponse.json({
+      success: true,
+      data: {
+        workspaces: allWorkspaces,
+        totalCount: allWorkspaces.length,
+        filter: 'all',
+      },
+      userRole,
+      hasAdminAccess,
+    })
+  } catch (error) {
+    logger.error('Failed to get organization workspaces', { error })
+    return NextResponse.json(
+      {
+        error: 'Internal server error',
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/organizations/invitations/accept/route.ts

@@ -0,0 +1,378 @@
+import { randomUUID } from 'crypto'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { env } from '@/lib/env'
+import { createLogger } from '@/lib/logs/console-logger'
+import { db } from '@/db'
+import { invitation, member, permissions, workspaceInvitation, workspaceMember } from '@/db/schema'
+
+const logger = createLogger('OrganizationInvitationAcceptance')
+
+// Accept an organization invitation and any associated workspace invitations
+export async function GET(req: NextRequest) {
+  const invitationId = req.nextUrl.searchParams.get('id')
+
+  if (!invitationId) {
+    return NextResponse.redirect(
+      new URL(
+        '/invite/invite-error?reason=missing-invitation-id',
+        env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+      )
+    )
+  }
+
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    // Redirect to login, user will be redirected back after login
+    return NextResponse.redirect(
+      new URL(
+        `/invite/organization?id=${invitationId}`,
+        env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+      )
+    )
+  }
+
+  try {
+    // Find the organization invitation
+    const invitationResult = await db
+      .select()
+      .from(invitation)
+      .where(eq(invitation.id, invitationId))
+      .limit(1)
+
+    if (invitationResult.length === 0) {
+      return NextResponse.redirect(
+        new URL(
+          '/invite/invite-error?reason=invalid-invitation',
+          env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+        )
+      )
+    }
+
+    const orgInvitation = invitationResult[0]
+
+    // Check if invitation has expired
+    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
+      return NextResponse.redirect(
+        new URL(
+          '/invite/invite-error?reason=expired',
+          env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+        )
+      )
+    }
+
+    // Check if invitation is still pending
+    if (orgInvitation.status !== 'pending') {
+      return NextResponse.redirect(
+        new URL(
+          '/invite/invite-error?reason=already-processed',
+          env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+        )
+      )
+    }
+
+    // Verify the email matches the current user
+    if (orgInvitation.email !== session.user.email) {
+      return NextResponse.redirect(
+        new URL(
+          '/invite/invite-error?reason=email-mismatch',
+          env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+        )
+      )
+    }
+
+    // Check if user is already a member of the organization
+    const existingMember = await db
+      .select()
+      .from(member)
+      .where(
+        and(
+          eq(member.organizationId, orgInvitation.organizationId),
+          eq(member.userId, session.user.id)
+        )
+      )
+      .limit(1)
+
+    if (existingMember.length > 0) {
+      return NextResponse.redirect(
+        new URL(
+          '/invite/invite-error?reason=already-member',
+          env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+        )
+      )
+    }
+
+    // Start transaction to accept both organization and workspace invitations
+    await db.transaction(async (tx) => {
+      // Accept organization invitation - add user as member
+      await tx.insert(member).values({
+        id: randomUUID(),
+        userId: session.user.id,
+        organizationId: orgInvitation.organizationId,
+        role: orgInvitation.role,
+        createdAt: new Date(),
+      })
+
+      // Mark organization invitation as accepted
+      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
+
+      // Find and accept any pending workspace invitations for the same email
+      const workspaceInvitations = await tx
+        .select()
+        .from(workspaceInvitation)
+        .where(
+          and(
+            eq(workspaceInvitation.email, orgInvitation.email),
+            eq(workspaceInvitation.status, 'pending')
+          )
+        )
+
+      for (const wsInvitation of workspaceInvitations) {
+        // Check if invitation hasn't expired
+        if (
+          wsInvitation.expiresAt &&
+          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
+        ) {
+          // Check if user isn't already a member of the workspace
+          const existingWorkspaceMember = await tx
+            .select()
+            .from(workspaceMember)
+            .where(
+              and(
+                eq(workspaceMember.workspaceId, wsInvitation.workspaceId),
+                eq(workspaceMember.userId, session.user.id)
+              )
+            )
+            .limit(1)
+
+          // Check if user doesn't already have permissions on the workspace
+          const existingPermission = await tx
+            .select()
+            .from(permissions)
+            .where(
+              and(
+                eq(permissions.userId, session.user.id),
+                eq(permissions.entityType, 'workspace'),
+                eq(permissions.entityId, wsInvitation.workspaceId)
+              )
+            )
+            .limit(1)
+
+          if (existingWorkspaceMember.length === 0 && existingPermission.length === 0) {
+            // Add user as workspace member
+            await tx.insert(workspaceMember).values({
+              id: randomUUID(),
+              workspaceId: wsInvitation.workspaceId,
+              userId: session.user.id,
+              role: wsInvitation.role,
+              joinedAt: new Date(),
+              updatedAt: new Date(),
+            })
+
+            // Add workspace permissions
+            await tx.insert(permissions).values({
+              id: randomUUID(),
+              userId: session.user.id,
+              entityType: 'workspace',
+              entityId: wsInvitation.workspaceId,
+              permissionType: wsInvitation.permissions,
+              createdAt: new Date(),
+              updatedAt: new Date(),
+            })
+
+            // Mark workspace invitation as accepted
+            await tx
+              .update(workspaceInvitation)
+              .set({ status: 'accepted' })
+              .where(eq(workspaceInvitation.id, wsInvitation.id))
+
+            logger.info('Accepted workspace invitation', {
+              workspaceId: wsInvitation.workspaceId,
+              userId: session.user.id,
+              permission: wsInvitation.permissions,
+            })
+          }
+        }
+      }
+    })
+
+    logger.info('Successfully accepted batch invitation', {
+      organizationId: orgInvitation.organizationId,
+      userId: session.user.id,
+      role: orgInvitation.role,
+    })
+
+    // Redirect to success page or main app
+    return NextResponse.redirect(
+      new URL('/workspaces?invite=accepted', env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai')
+    )
+  } catch (error) {
+    logger.error('Failed to accept organization invitation', {
+      invitationId,
+      userId: session.user.id,
+      error,
+    })
+
+    return NextResponse.redirect(
+      new URL(
+        '/invite/invite-error?reason=server-error',
+        env.NEXT_PUBLIC_APP_URL || 'https://simstudio.ai'
+      )
+    )
+  }
+}
+
+// POST endpoint for programmatic acceptance (for API use)
+export async function POST(req: NextRequest) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const { invitationId } = await req.json()
+
+    if (!invitationId) {
+      return NextResponse.json({ error: 'Missing invitationId' }, { status: 400 })
+    }
+
+    // Similar logic to GET but return JSON response
+    const invitationResult = await db
+      .select()
+      .from(invitation)
+      .where(eq(invitation.id, invitationId))
+      .limit(1)
+
+    if (invitationResult.length === 0) {
+      return NextResponse.json({ error: 'Invalid invitation' }, { status: 404 })
+    }
+
+    const orgInvitation = invitationResult[0]
+
+    if (orgInvitation.expiresAt && new Date() > orgInvitation.expiresAt) {
+      return NextResponse.json({ error: 'Invitation expired' }, { status: 400 })
+    }
+
+    if (orgInvitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Invitation already processed' }, { status: 400 })
+    }
+
+    if (orgInvitation.email !== session.user.email) {
+      return NextResponse.json({ error: 'Email mismatch' }, { status: 403 })
+    }
+
+    // Check if user is already a member
+    const existingMember = await db
+      .select()
+      .from(member)
+      .where(
+        and(
+          eq(member.organizationId, orgInvitation.organizationId),
+          eq(member.userId, session.user.id)
+        )
+      )
+      .limit(1)
+
+    if (existingMember.length > 0) {
+      return NextResponse.json({ error: 'Already a member' }, { status: 400 })
+    }
+
+    let acceptedWorkspaces = 0
+
+    // Accept invitations in transaction
+    await db.transaction(async (tx) => {
+      // Accept organization invitation
+      await tx.insert(member).values({
+        id: randomUUID(),
+        userId: session.user.id,
+        organizationId: orgInvitation.organizationId,
+        role: orgInvitation.role,
+        createdAt: new Date(),
+      })
+
+      await tx.update(invitation).set({ status: 'accepted' }).where(eq(invitation.id, invitationId))
+
+      // Accept workspace invitations
+      const workspaceInvitations = await tx
+        .select()
+        .from(workspaceInvitation)
+        .where(
+          and(
+            eq(workspaceInvitation.email, orgInvitation.email),
+            eq(workspaceInvitation.status, 'pending')
+          )
+        )
+
+      for (const wsInvitation of workspaceInvitations) {
+        if (
+          wsInvitation.expiresAt &&
+          new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
+        ) {
+          const existingWorkspaceMember = await tx
+            .select()
+            .from(workspaceMember)
+            .where(
+              and(
+                eq(workspaceMember.workspaceId, wsInvitation.workspaceId),
+                eq(workspaceMember.userId, session.user.id)
+              )
+            )
+            .limit(1)
+
+          const existingPermission = await tx
+            .select()
+            .from(permissions)
+            .where(
+              and(
+                eq(permissions.userId, session.user.id),
+                eq(permissions.entityType, 'workspace'),
+                eq(permissions.entityId, wsInvitation.workspaceId)
+              )
+            )
+            .limit(1)
+
+          if (existingWorkspaceMember.length === 0 && existingPermission.length === 0) {
+            await tx.insert(workspaceMember).values({
+              id: randomUUID(),
+              workspaceId: wsInvitation.workspaceId,
+              userId: session.user.id,
+              role: wsInvitation.role,
+              joinedAt: new Date(),
+              updatedAt: new Date(),
+            })
+
+            await tx.insert(permissions).values({
+              id: randomUUID(),
+              userId: session.user.id,
+              entityType: 'workspace',
+              entityId: wsInvitation.workspaceId,
+              permissionType: wsInvitation.permissions,
+              createdAt: new Date(),
+              updatedAt: new Date(),
+            })
+
+            await tx
+              .update(workspaceInvitation)
+              .set({ status: 'accepted' })
+              .where(eq(workspaceInvitation.id, wsInvitation.id))
+
+            acceptedWorkspaces++
+          }
+        }
+      }
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: `Successfully joined organization and ${acceptedWorkspaces} workspace(s)`,
+      organizationId: orgInvitation.organizationId,
+      workspacesJoined: acceptedWorkspaces,
+    })
+  } catch (error) {
+    logger.error('Failed to accept organization invitation via API', { error })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/schedules/execute/route.ts

@@ -3,6 +3,7 @@ import { and, eq, lte, not, sql } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { z } from 'zod'
+import { checkServerSideUsageLimits } from '@/lib/billing'
 import { createLogger } from '@/lib/logs/console-logger'
 import { EnhancedLoggingSession } from '@/lib/logs/enhanced-logging-session'
 import { buildTraceSpans } from '@/lib/logs/trace-spans'
@@ -12,7 +13,6 @@ import {
   getScheduleTimeValues,
   getSubBlockValue,
 } from '@/lib/schedules/utils'
-import { checkServerSideUsageLimits } from '@/lib/usage-monitor'
 import { decryptSecret } from '@/lib/utils'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
 import { updateWorkflowRunCounts } from '@/lib/workflows/utils'

apps/sim/app/api/tools/get-user-workflow/route.ts

@@ -0,0 +1,213 @@
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { createLogger } from '@/lib/logs/console-logger'
+import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
+import { generateWorkflowYaml } from '@/lib/workflows/yaml-generator'
+import { getBlock } from '@/blocks'
+import { db } from '@/db'
+import { workflow as workflowTable } from '@/db/schema'
+
+const logger = createLogger('GetUserWorkflowAPI')
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { workflowId, includeMetadata = false } = body
+
+    if (!workflowId) {
+      return NextResponse.json(
+        { success: false, error: 'Workflow ID is required' },
+        { status: 400 }
+      )
+    }
+
+    logger.info('Fetching workflow for YAML generation', { workflowId })
+
+    // Fetch workflow from database
+    const [workflowRecord] = await db
+      .select()
+      .from(workflowTable)
+      .where(eq(workflowTable.id, workflowId))
+      .limit(1)
+
+    if (!workflowRecord) {
+      return NextResponse.json(
+        { success: false, error: `Workflow ${workflowId} not found` },
+        { status: 404 }
+      )
+    }
+
+    // Try to load from normalized tables first, fallback to JSON blob
+    let workflowState: any = null
+    const subBlockValues: Record<string, Record<string, any>> = {}
+
+    const normalizedData = await loadWorkflowFromNormalizedTables(workflowId)
+    if (normalizedData) {
+      workflowState = {
+        blocks: normalizedData.blocks,
+        edges: normalizedData.edges,
+        loops: normalizedData.loops,
+        parallels: normalizedData.parallels,
+      }
+
+      // Extract subblock values from normalized data
+      Object.entries(normalizedData.blocks).forEach(([blockId, block]) => {
+        subBlockValues[blockId] = {}
+        Object.entries((block as any).subBlocks || {}).forEach(([subBlockId, subBlock]) => {
+          if ((subBlock as any).value !== undefined) {
+            subBlockValues[blockId][subBlockId] = (subBlock as any).value
+          }
+        })
+      })
+    } else if (workflowRecord.state) {
+      // Fallback to JSON blob
+      workflowState = workflowRecord.state as any
+      // For JSON blob, subblock values are embedded in the block state
+      Object.entries((workflowState.blocks as any) || {}).forEach(([blockId, block]) => {
+        subBlockValues[blockId] = {}
+        Object.entries((block as any).subBlocks || {}).forEach(([subBlockId, subBlock]) => {
+          if ((subBlock as any).value !== undefined) {
+            subBlockValues[blockId][subBlockId] = (subBlock as any).value
+          }
+        })
+      })
+    }
+
+    if (!workflowState || !workflowState.blocks) {
+      return NextResponse.json(
+        { success: false, error: 'Workflow state is empty or invalid' },
+        { status: 400 }
+      )
+    }
+
+    // Generate YAML using server-side function
+    const yaml = generateWorkflowYaml(workflowState, subBlockValues)
+
+    if (!yaml || yaml.trim() === '') {
+      return NextResponse.json(
+        { success: false, error: 'Generated YAML is empty' },
+        { status: 400 }
+      )
+    }
+
+    // Generate detailed block information with schemas
+    const blockSchemas: Record<string, any> = {}
+    Object.entries(workflowState.blocks).forEach(([blockId, blockState]) => {
+      const block = blockState as any
+      const blockConfig = getBlock(block.type)
+
+      if (blockConfig) {
+        blockSchemas[blockId] = {
+          type: block.type,
+          name: block.name,
+          description: blockConfig.description,
+          longDescription: blockConfig.longDescription,
+          category: blockConfig.category,
+          docsLink: blockConfig.docsLink,
+          inputs: {},
+          inputRequirements: blockConfig.inputs || {},
+          outputs: blockConfig.outputs || {},
+          tools: blockConfig.tools,
+        }
+
+        // Add input schema from subBlocks configuration
+        if (blockConfig.subBlocks) {
+          blockConfig.subBlocks.forEach((subBlock) => {
+            blockSchemas[blockId].inputs[subBlock.id] = {
+              type: subBlock.type,
+              title: subBlock.title,
+              description: subBlock.description || '',
+              layout: subBlock.layout,
+              ...(subBlock.options && { options: subBlock.options }),
+              ...(subBlock.placeholder && { placeholder: subBlock.placeholder }),
+              ...(subBlock.min !== undefined && { min: subBlock.min }),
+              ...(subBlock.max !== undefined && { max: subBlock.max }),
+              ...(subBlock.columns && { columns: subBlock.columns }),
+              ...(subBlock.hidden !== undefined && { hidden: subBlock.hidden }),
+              ...(subBlock.condition && { condition: subBlock.condition }),
+            }
+          })
+        }
+      } else {
+        // Handle special block types like loops and parallels
+        blockSchemas[blockId] = {
+          type: block.type,
+          name: block.name,
+          description: `${block.type.charAt(0).toUpperCase() + block.type.slice(1)} container block`,
+          category: 'Control Flow',
+          inputs: {},
+          outputs: {},
+        }
+      }
+    })
+
+    // Generate workflow summary
+    const blockTypes = Object.values(workflowState.blocks).reduce(
+      (acc: Record<string, number>, block: any) => {
+        acc[block.type] = (acc[block.type] || 0) + 1
+        return acc
+      },
+      {}
+    )
+
+    const categories = Object.values(blockSchemas).reduce(
+      (acc: Record<string, number>, schema: any) => {
+        if (schema.category) {
+          acc[schema.category] = (acc[schema.category] || 0) + 1
+        }
+        return acc
+      },
+      {}
+    )
+
+    // Prepare response with clear context markers
+    const response: any = {
+      workflowContext: 'USER_SPECIFIC_WORKFLOW', // Clear marker for the LLM
+      note: 'This data represents only the blocks and configurations that the user has actually built in their current workflow, not all available Sim Studio capabilities.',
+      yaml,
+      format: 'yaml',
+      summary: {
+        workflowName: workflowRecord.name,
+        blockCount: Object.keys(workflowState.blocks).length,
+        edgeCount: (workflowState.edges || []).length,
+        blockTypes,
+        categories,
+        hasLoops: Object.keys(workflowState.loops || {}).length > 0,
+        hasParallels: Object.keys(workflowState.parallels || {}).length > 0,
+      },
+      userBuiltBlocks: blockSchemas, // Renamed to be clearer
+    }
+
+    // Add metadata if requested
+    if (includeMetadata) {
+      response.metadata = {
+        workflowId: workflowRecord.id,
+        name: workflowRecord.name,
+        description: workflowRecord.description,
+        workspaceId: workflowRecord.workspaceId,
+        createdAt: workflowRecord.createdAt,
+        updatedAt: workflowRecord.updatedAt,
+      }
+    }
+
+    logger.info('Successfully generated workflow YAML', {
+      workflowId,
+      blockCount: response.blockCount,
+      yamlLength: yaml.length,
+    })
+
+    return NextResponse.json({
+      success: true,
+      output: response,
+    })
+  } catch (error) {
+    logger.error('Failed to get workflow YAML:', error)
+    return NextResponse.json(
+      {
+        success: false,
+        error: `Failed to get workflow YAML: ${error instanceof Error ? error.message : 'Unknown error'}`,
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/usage-limits/route.ts

@@ -0,0 +1,179 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { getUserUsageLimitInfo, updateUserUsageLimit } from '@/lib/billing'
+import { updateMemberUsageLimit } from '@/lib/billing/core/organization-billing'
+import { createLogger } from '@/lib/logs/console-logger'
+import { isOrganizationOwnerOrAdmin } from '@/lib/permissions/utils'
+
+const logger = createLogger('UnifiedUsageLimitsAPI')
+
+/**
+ * Unified Usage Limits Endpoint
+ * GET/PUT /api/usage-limits?context=user|member&userId=<id>&organizationId=<id>
+ *
+ */
+export async function GET(request: NextRequest) {
+  const session = await getSession()
+
+  try {
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const context = searchParams.get('context') || 'user'
+    const userId = searchParams.get('userId') || session.user.id
+    const organizationId = searchParams.get('organizationId')
+
+    // Validate context
+    if (!['user', 'member'].includes(context)) {
+      return NextResponse.json(
+        { error: 'Invalid context. Must be "user" or "member"' },
+        { status: 400 }
+      )
+    }
+
+    // For member context, require organizationId and check permissions
+    if (context === 'member') {
+      if (!organizationId) {
+        return NextResponse.json(
+          { error: 'Organization ID is required when context=member' },
+          { status: 400 }
+        )
+      }
+
+      // Check if the current user has permission to view member usage info
+      const hasPermission = await isOrganizationOwnerOrAdmin(session.user.id, organizationId)
+      if (!hasPermission) {
+        logger.warn('Unauthorized attempt to view member usage info', {
+          requesterId: session.user.id,
+          targetUserId: userId,
+          organizationId,
+        })
+        return NextResponse.json(
+          {
+            error:
+              'Permission denied. Only organization owners and admins can view member usage information',
+          },
+          { status: 403 }
+        )
+      }
+    }
+
+    // For user context, ensure they can only view their own info
+    if (context === 'user' && userId !== session.user.id) {
+      return NextResponse.json(
+        { error: "Cannot view other users' usage information" },
+        { status: 403 }
+      )
+    }
+
+    // Get usage limit info
+    const usageLimitInfo = await getUserUsageLimitInfo(userId)
+
+    return NextResponse.json({
+      success: true,
+      context,
+      userId,
+      organizationId,
+      data: usageLimitInfo,
+    })
+  } catch (error) {
+    logger.error('Failed to get usage limit info', {
+      userId: session?.user?.id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+export async function PUT(request: NextRequest) {
+  const session = await getSession()
+
+  try {
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const context = searchParams.get('context') || 'user'
+    const userId = searchParams.get('userId') || session.user.id
+    const organizationId = searchParams.get('organizationId')
+
+    const { limit } = await request.json()
+
+    if (typeof limit !== 'number' || limit < 0) {
+      return NextResponse.json(
+        { error: 'Invalid limit. Must be a positive number' },
+        { status: 400 }
+      )
+    }
+
+    if (context === 'user') {
+      // Update user's own usage limit
+      if (userId !== session.user.id) {
+        return NextResponse.json({ error: "Cannot update other users' limits" }, { status: 403 })
+      }
+
+      await updateUserUsageLimit(userId, limit)
+    } else if (context === 'member') {
+      // Update organization member's usage limit
+      if (!organizationId) {
+        return NextResponse.json(
+          { error: 'Organization ID is required when context=member' },
+          { status: 400 }
+        )
+      }
+
+      // Check if the current user has permission to update member limits
+      const hasPermission = await isOrganizationOwnerOrAdmin(session.user.id, organizationId)
+      if (!hasPermission) {
+        logger.warn('Unauthorized attempt to update member usage limit', {
+          adminUserId: session.user.id,
+          targetUserId: userId,
+          organizationId,
+        })
+        return NextResponse.json(
+          {
+            error:
+              'Permission denied. Only organization owners and admins can update member usage limits',
+          },
+          { status: 403 }
+        )
+      }
+
+      logger.info('Authorized member usage limit update', {
+        adminUserId: session.user.id,
+        targetUserId: userId,
+        organizationId,
+        newLimit: limit,
+      })
+
+      await updateMemberUsageLimit(organizationId, userId, limit, session.user.id)
+    } else {
+      return NextResponse.json(
+        { error: 'Invalid context. Must be "user" or "member"' },
+        { status: 400 }
+      )
+    }
+
+    // Return updated limit info
+    const updatedInfo = await getUserUsageLimitInfo(userId)
+
+    return NextResponse.json({
+      success: true,
+      context,
+      userId,
+      organizationId,
+      data: updatedInfo,
+    })
+  } catch (error) {
+    logger.error('Failed to update usage limit', {
+      userId: session?.user?.id,
+      error,
+    })
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/user/stats/route.ts

@@ -1,69 +0,0 @@
-import { eq, sql } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { createLogger } from '@/lib/logs/console-logger'
-import { db } from '@/db'
-import { userStats, workflow } from '@/db/schema'
-
-const logger = createLogger('UserStatsAPI')
-
-/**
- * GET endpoint to retrieve user statistics including the count of workflows
- */
-export async function GET(request: NextRequest) {
-  try {
-    // Get the user session
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn('Unauthorized user stats access attempt')
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const userId = session.user.id
-
-    // Get workflow count for user
-    const [workflowCountResult] = await db
-      .select({ count: sql`count(*)::int` })
-      .from(workflow)
-      .where(eq(workflow.userId, userId))
-
-    const workflowCount = workflowCountResult?.count || 0
-
-    // Get user stats record
-    const userStatsRecords = await db.select().from(userStats).where(eq(userStats.userId, userId))
-
-    // If no stats record exists, create one
-    if (userStatsRecords.length === 0) {
-      const newStats = {
-        id: crypto.randomUUID(),
-        userId,
-        totalManualExecutions: 0,
-        totalApiCalls: 0,
-        totalWebhookTriggers: 0,
-        totalScheduledExecutions: 0,
-        totalChatExecutions: 0,
-        totalTokensUsed: 0,
-        totalCost: '0.00',
-        lastActive: new Date(),
-      }
-
-      await db.insert(userStats).values(newStats)
-
-      // Return the newly created stats with workflow count
-      return NextResponse.json({
-        ...newStats,
-        workflowCount,
-      })
-    }
-
-    // Return stats with workflow count
-    const stats = userStatsRecords[0]
-    return NextResponse.json({
-      ...stats,
-      workflowCount,
-    })
-  } catch (error) {
-    logger.error('Error fetching user stats:', error)
-    return NextResponse.json({ error: 'Failed to fetch user statistics' }, { status: 500 })
-  }
-}

apps/sim/app/api/user/subscription/[id]/seats/route.test.ts

@@ -1,251 +0,0 @@
-/**
- * Tests for Subscription Seats Update API
- *
- * @vitest-environment node
- */
-import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
-import {
-  createMockRequest,
-  mockDb,
-  mockLogger,
-  mockPersonalSubscription,
-  mockRegularMember,
-  mockSubscription,
-  mockTeamSubscription,
-  mockUser,
-} from '@/app/api/__test-utils__/utils'
-
-describe('Subscription Seats Update API Routes', () => {
-  beforeEach(() => {
-    vi.resetModules()
-
-    vi.doMock('@/lib/auth', () => ({
-      getSession: vi.fn().mockResolvedValue({
-        user: mockUser,
-      }),
-    }))
-
-    vi.doMock('@/lib/subscription/utils', () => ({
-      checkEnterprisePlan: vi.fn().mockReturnValue(true),
-    }))
-
-    vi.doMock('@/lib/logs/console-logger', () => ({
-      createLogger: vi.fn().mockReturnValue(mockLogger),
-    }))
-
-    vi.doMock('@/db', () => ({
-      db: mockDb,
-    }))
-
-    mockDb.select.mockReturnValue({
-      from: vi.fn().mockReturnThis(),
-      where: vi.fn().mockReturnThis(),
-      then: vi.fn().mockResolvedValue([mockSubscription]),
-    })
-
-    const mockSetFn = vi.fn().mockReturnThis()
-    const mockWhereFn = vi.fn().mockResolvedValue([{ affected: 1 }])
-    mockDb.update.mockReturnValue({
-      set: mockSetFn,
-      where: mockWhereFn,
-    })
-  })
-
-  afterEach(() => {
-    vi.clearAllMocks()
-  })
-
-  describe('POST handler', () => {
-    it('should encounter a permission error when trying to update subscription seats', async () => {
-      vi.doMock('@/lib/subscription/utils', () => ({
-        checkEnterprisePlan: vi.fn().mockReturnValue(true),
-      }))
-
-      mockDb.select.mockImplementationOnce(() => ({
-        from: vi.fn().mockReturnThis(),
-        where: vi.fn().mockReturnThis(),
-        then: vi.fn().mockResolvedValue([mockSubscription]),
-      }))
-
-      mockDb.select.mockImplementationOnce(() => ({
-        from: vi.fn().mockReturnThis(),
-        where: vi.fn().mockReturnThis(),
-        then: vi.fn().mockResolvedValue([]),
-      }))
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(403)
-      expect(data).toHaveProperty(
-        'error',
-        'Unauthorized - you do not have permission to modify this subscription'
-      )
-      expect(mockDb.update).not.toHaveBeenCalled()
-    })
-
-    it('should reject team plan subscription updates', async () => {
-      vi.doMock('@/lib/subscription/utils', () => ({
-        checkEnterprisePlan: vi.fn().mockReturnValue(false),
-      }))
-
-      mockDb.select.mockReturnValue({
-        from: vi.fn().mockReturnThis(),
-        where: vi.fn().mockReturnThis(),
-        then: vi.fn().mockResolvedValue([mockTeamSubscription]),
-      })
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(400)
-      expect(data).toHaveProperty(
-        'error',
-        'Only enterprise subscriptions can be updated through this endpoint'
-      )
-      expect(mockDb.update).not.toHaveBeenCalled()
-    })
-
-    it('should encounter permission issues with personal subscription updates', async () => {
-      vi.doMock('@/lib/subscription/utils', () => ({
-        checkEnterprisePlan: vi.fn().mockReturnValue(true),
-      }))
-
-      mockDb.select.mockReturnValue({
-        from: vi.fn().mockReturnThis(),
-        where: vi.fn().mockReturnThis(),
-        then: vi.fn().mockResolvedValue([mockPersonalSubscription]),
-      })
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(403)
-      expect(data).toHaveProperty('error')
-    })
-
-    it('should reject updates from non-admin members', async () => {
-      vi.doMock('@/lib/subscription/utils', () => ({
-        checkEnterprisePlan: vi.fn().mockReturnValue(true),
-      }))
-
-      const mockSelectImpl = vi
-        .fn()
-        .mockReturnValueOnce({
-          from: vi.fn().mockReturnThis(),
-          where: vi.fn().mockReturnThis(),
-          then: vi.fn().mockResolvedValue([mockSubscription]),
-        })
-        .mockReturnValueOnce({
-          from: vi.fn().mockReturnThis(),
-          where: vi.fn().mockReturnThis(),
-          then: vi.fn().mockResolvedValue([mockRegularMember]),
-        })
-
-      mockDb.select.mockImplementation(mockSelectImpl)
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(403)
-      expect(data).toHaveProperty('error')
-    })
-
-    it('should reject invalid request parameters', async () => {
-      const req = createMockRequest('POST', {
-        seats: -5,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(400)
-      expect(data).toHaveProperty('error', 'Invalid request parameters')
-      expect(mockDb.update).not.toHaveBeenCalled()
-    })
-
-    it('should handle subscription not found with permission error', async () => {
-      mockDb.select.mockReturnValue({
-        from: vi.fn().mockReturnThis(),
-        where: vi.fn().mockReturnThis(),
-        then: vi.fn().mockResolvedValue([]),
-      })
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(403)
-      expect(data).toHaveProperty('error')
-    })
-
-    it('should handle authentication error', async () => {
-      vi.doMock('@/lib/auth', () => ({
-        getSession: vi.fn().mockResolvedValue(null),
-      }))
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(401)
-      expect(data).toHaveProperty('error', 'Unauthorized')
-      expect(mockDb.update).not.toHaveBeenCalled()
-    })
-
-    it('should handle internal server error', async () => {
-      mockDb.select.mockImplementation(() => {
-        throw new Error('Database error')
-      })
-
-      const req = createMockRequest('POST', {
-        seats: 10,
-      })
-
-      const { POST } = await import('./route')
-
-      const response = await POST(req, { params: Promise.resolve({ id: 'sub-123' }) })
-      const data = await response.json()
-
-      expect(response.status).toBe(500)
-      expect(data).toHaveProperty('error', 'Failed to update subscription seats')
-      expect(mockLogger.error).toHaveBeenCalled()
-    })
-  })
-})

apps/sim/app/api/user/subscription/[id]/seats/route.ts

@@ -1,151 +0,0 @@
-import { and, eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getSession } from '@/lib/auth'
-import { createLogger } from '@/lib/logs/console-logger'
-import { checkEnterprisePlan } from '@/lib/subscription/utils'
-import { db } from '@/db'
-import { member, subscription } from '@/db/schema'
-
-const logger = createLogger('SubscriptionSeatsUpdateAPI')
-
-const updateSeatsSchema = z.object({
-  seats: z.number().int().min(1),
-})
-
-const subscriptionMetadataSchema = z
-  .object({
-    perSeatAllowance: z.number().positive().optional(),
-    totalAllowance: z.number().positive().optional(),
-    updatedAt: z.string().optional(),
-  })
-  .catchall(z.any())
-
-interface SubscriptionMetadata {
-  perSeatAllowance?: number
-  totalAllowance?: number
-  updatedAt?: string
-  [key: string]: any
-}
-
-export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  try {
-    const subscriptionId = (await params).id
-    const session = await getSession()
-
-    if (!session?.user?.id) {
-      logger.warn('Unauthorized seats update attempt')
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    let body
-    try {
-      body = await request.json()
-    } catch (_parseError) {
-      return NextResponse.json(
-        {
-          error: 'Invalid JSON in request body',
-        },
-        { status: 400 }
-      )
-    }
-
-    const validationResult = updateSeatsSchema.safeParse(body)
-    if (!validationResult.success) {
-      return NextResponse.json(
-        {
-          error: 'Invalid request parameters',
-          details: validationResult.error.format(),
-        },
-        { status: 400 }
-      )
-    }
-
-    const { seats } = validationResult.data
-
-    const sub = await db
-      .select()
-      .from(subscription)
-      .where(eq(subscription.id, subscriptionId))
-      .then((rows) => rows[0])
-
-    if (!sub) {
-      return NextResponse.json({ error: 'Subscription not found' }, { status: 404 })
-    }
-
-    if (!checkEnterprisePlan(sub)) {
-      return NextResponse.json(
-        { error: 'Only enterprise subscriptions can be updated through this endpoint' },
-        { status: 400 }
-      )
-    }
-
-    const isPersonalSubscription = sub.referenceId === session.user.id
-
-    let hasAccess = isPersonalSubscription
-
-    if (!isPersonalSubscription) {
-      const mem = await db
-        .select()
-        .from(member)
-        .where(and(eq(member.userId, session.user.id), eq(member.organizationId, sub.referenceId)))
-        .then((rows) => rows[0])
-
-      hasAccess = mem && (mem.role === 'owner' || mem.role === 'admin')
-    }
-
-    if (!hasAccess) {
-      return NextResponse.json(
-        { error: 'Unauthorized - you do not have permission to modify this subscription' },
-        { status: 403 }
-      )
-    }
-
-    let validatedMetadata: SubscriptionMetadata
-    try {
-      validatedMetadata = subscriptionMetadataSchema.parse(sub.metadata || {})
-    } catch (error) {
-      logger.error('Invalid subscription metadata format', {
-        error,
-        subscriptionId,
-        metadata: sub.metadata,
-      })
-      return NextResponse.json(
-        { error: 'Subscription metadata has invalid format' },
-        { status: 400 }
-      )
-    }
-
-    if (validatedMetadata.perSeatAllowance && validatedMetadata.perSeatAllowance > 0) {
-      validatedMetadata.totalAllowance = seats * validatedMetadata.perSeatAllowance
-      validatedMetadata.updatedAt = new Date().toISOString()
-    }
-
-    await db
-      .update(subscription)
-      .set({
-        seats,
-        metadata: validatedMetadata,
-      })
-      .where(eq(subscription.id, subscriptionId))
-
-    logger.info('Subscription seats updated', {
-      subscriptionId,
-      oldSeats: sub.seats,
-      newSeats: seats,
-      userId: session.user.id,
-    })
-
-    return NextResponse.json({
-      success: true,
-      message: 'Subscription seats updated successfully',
-      seats,
-      metadata: validatedMetadata,
-    })
-  } catch (error) {
-    logger.error('Error updating subscription seats', {
-      error: error instanceof Error ? error.message : String(error),
-    })
-    return NextResponse.json({ error: 'Failed to update subscription seats' }, { status: 500 })
-  }
-}

apps/sim/app/api/user/subscription/enterprise/route.ts

@@ -1,78 +0,0 @@
-import { and, eq } from 'drizzle-orm'
-import { NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { createLogger } from '@/lib/logs/console-logger'
-import { checkEnterprisePlan } from '@/lib/subscription/utils'
-import { db } from '@/db'
-import { member, subscription } from '@/db/schema'
-
-const logger = createLogger('EnterpriseSubscriptionAPI')
-
-export async function GET() {
-  try {
-    const session = await getSession()
-
-    if (!session?.user?.id) {
-      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
-    }
-
-    const userId = session.user.id
-
-    const userSubscriptions = await db
-      .select()
-      .from(subscription)
-      .where(and(eq(subscription.referenceId, userId), eq(subscription.status, 'active')))
-      .limit(1)
-
-    if (userSubscriptions.length > 0 && checkEnterprisePlan(userSubscriptions[0])) {
-      const enterpriseSub = userSubscriptions[0]
-      logger.info('Found direct enterprise subscription', { userId, subId: enterpriseSub.id })
-
-      return NextResponse.json({
-        success: true,
-        subscription: enterpriseSub,
-      })
-    }
-
-    const memberships = await db
-      .select({ organizationId: member.organizationId })
-      .from(member)
-      .where(eq(member.userId, userId))
-
-    for (const { organizationId } of memberships) {
-      const orgSubscriptions = await db
-        .select()
-        .from(subscription)
-        .where(and(eq(subscription.referenceId, organizationId), eq(subscription.status, 'active')))
-        .limit(1)
-
-      if (orgSubscriptions.length > 0 && checkEnterprisePlan(orgSubscriptions[0])) {
-        const enterpriseSub = orgSubscriptions[0]
-        logger.info('Found organization enterprise subscription', {
-          userId,
-          orgId: organizationId,
-          subId: enterpriseSub.id,
-        })
-
-        return NextResponse.json({
-          success: true,
-          subscription: enterpriseSub,
-        })
-      }
-    }
-
-    return NextResponse.json({
-      success: false,
-      subscription: null,
-    })
-  } catch (error) {
-    logger.error('Error fetching enterprise subscription:', error)
-    return NextResponse.json(
-      {
-        success: false,
-        error: 'Failed to fetch enterprise subscription data',
-      },
-      { status: 500 }
-    )
-  }
-}

apps/sim/app/api/user/subscription/route.ts

@@ -1,43 +0,0 @@
-import { NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { createLogger } from '@/lib/logs/console-logger'
-import { getHighestPrioritySubscription } from '@/lib/subscription/subscription'
-import { checkEnterprisePlan, checkTeamPlan } from '@/lib/subscription/utils'
-
-const logger = createLogger('UserSubscriptionAPI')
-
-export async function GET() {
-  try {
-    const session = await getSession()
-
-    if (!session?.user?.id) {
-      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
-    }
-
-    const activeSub = await getHighestPrioritySubscription(session.user.id)
-
-    const isPaid =
-      activeSub?.status === 'active' &&
-      ['pro', 'team', 'enterprise'].includes(activeSub?.plan ?? '')
-
-    const isPro = isPaid
-
-    const isTeam = checkTeamPlan(activeSub)
-
-    const isEnterprise = checkEnterprisePlan(activeSub)
-
-    return NextResponse.json({
-      isPaid,
-      isPro,
-      isTeam,
-      isEnterprise,
-      plan: activeSub?.plan || 'free',
-      status: activeSub?.status || null,
-      seats: activeSub?.seats || null,
-      metadata: activeSub?.metadata || null,
-    })
-  } catch (error) {
-    logger.error('Error fetching subscription:', error)
-    return NextResponse.json({ error: 'Failed to fetch subscription data' }, { status: 500 })
-  }
-}

apps/sim/app/api/user/usage/route.ts

@@ -1,34 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { createLogger } from '@/lib/logs/console-logger'
-import { checkUsageStatus } from '@/lib/usage-monitor'
-
-const logger = createLogger('UserUsageAPI')
-
-export async function GET(request: NextRequest) {
-  try {
-    // Get the authenticated user
-    const session = await getSession()
-
-    if (!session?.user?.id) {
-      logger.warn('Unauthorized usage data access attempt')
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Get usage data using our monitor utility
-    const usageData = await checkUsageStatus(session.user.id)
-
-    // Set appropriate caching headers
-    const response = NextResponse.json(usageData)
-
-    // Cache for 5 minutes, private (user-specific data), must revalidate
-    response.headers.set('Cache-Control', 'private, max-age=300, must-revalidate')
-    // Add date header for age calculation
-    response.headers.set('Date', new Date().toUTCString())
-
-    return response
-  } catch (error) {
-    logger.error('Error checking usage data:', error)
-    return NextResponse.json({ error: 'Failed to check usage data' }, { status: 500 })
-  }
-}

apps/sim/app/api/users/me/api-keys/[id]/route.ts

@@ -7,7 +7,7 @@ import { apiKey } from '@/db/schema'
 
 const logger = createLogger('ApiKeyAPI')
 
-// DELETE /api/user/api-keys/[id] - Delete an API key
+// DELETE /api/users/me/api-keys/[id] - Delete an API key
 export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ id: string }> }

apps/sim/app/api/users/me/api-keys/route.ts

@@ -9,7 +9,7 @@ import { apiKey } from '@/db/schema'
 
 const logger = createLogger('ApiKeysAPI')
 
-// GET /api/user/api-keys - Get all API keys for the current user
+// GET /api/users/me/api-keys - Get all API keys for the current user
 export async function GET(request: NextRequest) {
   try {
     const session = await getSession()
@@ -45,7 +45,7 @@ export async function GET(request: NextRequest) {
   }
 }
 
-// POST /api/user/api-keys - Create a new API key
+// POST /api/users/me/api-keys - Create a new API key
 export async function POST(request: NextRequest) {
   try {
     const session = await getSession()

apps/sim/app/api/waitlist/route.ts

@@ -1,76 +0,0 @@
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { isRateLimited } from '@/lib/waitlist/rate-limiter'
-import { addToWaitlist } from '@/lib/waitlist/service'
-
-const waitlistSchema = z.object({
-  email: z.string().email('Please enter a valid email'),
-})
-
-export async function POST(request: NextRequest) {
-  const rateLimitCheck = await isRateLimited(request, 'waitlist')
-  if (rateLimitCheck.limited) {
-    return NextResponse.json(
-      {
-        success: false,
-        message: rateLimitCheck.message || 'Too many requests. Please try again later.',
-        retryAfter: rateLimitCheck.remainingTime,
-      },
-      {
-        status: 429,
-        headers: {
-          'Retry-After': String(rateLimitCheck.remainingTime || 60),
-        },
-      }
-    )
-  }
-
-  try {
-    // Parse the request body
-    const body = await request.json()
-
-    // Validate the request
-    const validatedData = waitlistSchema.safeParse(body)
-
-    if (!validatedData.success) {
-      return NextResponse.json(
-        {
-          success: false,
-          message: 'Invalid email address',
-          errors: validatedData.error.format(),
-        },
-        { status: 400 }
-      )
-    }
-
-    const { email } = validatedData.data
-
-    // Add the email to the waitlist and send confirmation email
-    const result = await addToWaitlist(email)
-
-    if (!result.success) {
-      return NextResponse.json(
-        {
-          success: false,
-          message: result.message,
-        },
-        { status: 400 }
-      )
-    }
-
-    return NextResponse.json({
-      success: true,
-      message: 'Successfully added to waitlist',
-    })
-  } catch (error) {
-    console.error('Waitlist API error:', error)
-
-    return NextResponse.json(
-      {
-        success: false,
-        message: 'An error occurred while processing your request',
-      },
-      { status: 500 }
-    )
-  }
-}

apps/sim/app/api/webhooks/poll/gmail/route.ts

@@ -1,6 +1,6 @@
 import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
-import { env } from '@/lib/env'
+import { verifyCronAuth } from '@/lib/auth/internal'
 import { Logger } from '@/lib/logs/console-logger'
 import { acquireLock, releaseLock } from '@/lib/redis'
 import { pollGmailWebhooks } from '@/lib/webhooks/gmail-polling-service'
@@ -20,16 +20,9 @@ export async function GET(request: NextRequest) {
   let lockValue: string | undefined
 
   try {
-    const authHeader = request.headers.get('authorization')
-    const webhookSecret = env.CRON_SECRET
-
-    if (!webhookSecret) {
-      return new NextResponse('Configuration error: Webhook secret is not set', { status: 500 })
-    }
-
-    if (!authHeader || authHeader !== `Bearer ${webhookSecret}`) {
-      logger.warn(`Unauthorized access attempt to Gmail polling endpoint (${requestId})`)
-      return new NextResponse('Unauthorized', { status: 401 })
+    const authError = verifyCronAuth(request, 'Gmail webhook polling')
+    if (authError) {
+      return authError
     }
 
     lockValue = requestId // unique value to identify the holder

apps/sim/app/api/webhooks/trigger/[path]/route.ts

@@ -1,9 +1,9 @@
 import { and, eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
+import { checkServerSideUsageLimits } from '@/lib/billing'
 import { createLogger } from '@/lib/logs/console-logger'
 import { acquireLock, hasProcessedMessage, markMessageAsProcessed } from '@/lib/redis'
-import { checkServerSideUsageLimits } from '@/lib/usage-monitor'
 import {
   fetchAndProcessAirtablePayloads,
   handleSlackChallenge,