v0.3.37: azure OCR api key, wand SSE, CRON helm

* feat(native-bg-tasks): support webhooks and async workflow executions without trigger"

* fix tests

* fix env var defaults and revert async workflow execution to always use trigger

* fix UI for hiding async

* hide entire toggle

.github/workflows/build.yml

@@ -85,8 +85,8 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha,scope=build-v2
-          cache-to: type=gha,mode=max,scope=build-v2
+          cache-from: type=gha,scope=build-v3
+          cache-to: type=gha,mode=max,scope=build-v3
           provenance: false
           sbom: false
 

.github/workflows/trigger-deploy.yml

@@ -0,0 +1,44 @@
+name: Trigger.dev Deploy
+
+on:
+  push:
+    branches:
+      - main
+      - staging
+
+jobs:
+  deploy:
+    name: Trigger.dev Deploy
+    runs-on: ubuntu-latest
+    concurrency:
+      group: trigger-deploy-${{ github.ref }}
+      cancel-in-progress: false
+    env:
+      TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install
+
+      - name: Deploy to Staging
+        if: github.ref == 'refs/heads/staging'
+        working-directory: ./apps/sim
+        run: npx --yes trigger.dev@4.0.0 deploy -e staging
+
+      - name: Deploy to Production
+        if: github.ref == 'refs/heads/main'
+        working-directory: ./apps/sim
+        run: npx --yes trigger.dev@4.0.0 deploy
+

README.md

@@ -1,50 +1,46 @@
 <p align="center">
-  <img src="apps/sim/public/static/sim.png" alt="Sim Logo" width="500"/>
+  <a href="https://sim.ai" target="_blank" rel="noopener noreferrer">
+    <img src="apps/sim/public/logo/reverse/text/large.png" alt="Sim Logo" width="500"/>
+  </a>
 </p>
 
-<p align="center">
-  <a href="https://www.apache.org/licenses/LICENSE-2.0"><img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License: Apache-2.0"></a>
-  <a href="https://discord.gg/Hr4UWYEcTT"><img src="https://img.shields.io/badge/Discord-Join%20Server-7289DA?logo=discord&logoColor=white" alt="Discord"></a>
-  <a href="https://x.com/simdotai"><img src="https://img.shields.io/twitter/follow/simstudioai?style=social" alt="Twitter"></a>
-  <a href="https://github.com/simstudioai/sim/pulls"><img src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg" alt="PRs welcome"></a>
-  <a href="https://docs.sim.ai"><img src="https://img.shields.io/badge/Docs-visit%20documentation-blue.svg" alt="Documentation"></a>
-</p>
+<p align="center">Build and deploy AI agent workflows in minutes.</p>
 
 <p align="center">
-  <strong>Sim</strong> is a lightweight, user-friendly platform for building AI agent workflows.
+  <a href="https://sim.ai" target="_blank" rel="noopener noreferrer"><img src="https://img.shields.io/badge/sim.ai-6F3DFA" alt="Sim.ai"></a>
+  <a href="https://discord.gg/Hr4UWYEcTT" target="_blank" rel="noopener noreferrer"><img src="https://img.shields.io/badge/Discord-Join%20Server-5865F2?logo=discord&logoColor=white" alt="Discord"></a>
+  <a href="https://x.com/simdotai" target="_blank" rel="noopener noreferrer"><img src="https://img.shields.io/twitter/follow/simstudioai?style=social" alt="Twitter"></a>
+  <a href="https://docs.sim.ai" target="_blank" rel="noopener noreferrer"><img src="https://img.shields.io/badge/Docs-6F3DFA.svg" alt="Documentation"></a>
 </p>
 
 <p align="center">
   <img src="apps/sim/public/static/demo.gif" alt="Sim Demo" width="800"/>
 </p>
 
-## Getting Started
+## Quickstart
 
-1. Use our [cloud-hosted version](https://sim.ai)
-2. Self-host using one of the methods below
+### Cloud-hosted: [sim.ai](https://sim.ai)
 
-## Self-Hosting Options
+<a href="https://sim.ai" target="_blank" rel="noopener noreferrer"><img src="https://img.shields.io/badge/sim.ai-6F3DFA?logo=data:image/svg%2bxml;base64,PHN2ZyB3aWR0aD0iNjE2IiBoZWlnaHQ9IjYxNiIgdmlld0JveD0iMCAwIDYxNiA2MTYiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTU5XzMxMykiPgo8cGF0aCBkPSJNNjE2IDBIMFY2MTZINjE2VjBaIiBmaWxsPSIjNkYzREZBIi8+CjxwYXRoIGQ9Ik04MyAzNjUuNTY3SDExM0MxMTMgMzczLjgwNSAxMTYgMzgwLjM3MyAxMjIgMzg1LjI3MkMxMjggMzg5Ljk0OCAxMzYuMTExIDM5Mi4yODUgMTQ2LjMzMyAzOTIuMjg1QzE1Ny40NDQgMzkyLjI4NSAxNjYgMzkwLjE3MSAxNzIgMzg1LjkzOUMxNzcuOTk5IDM4MS40ODcgMTgxIDM3NS41ODYgMTgxIDM2OC4yMzlDMTgxIDM2Mi44OTUgMTc5LjMzMyAzNTguNDQyIDE3NiAzNTQuODhDMTcyLjg4OSAzNTEuMzE4IDE2Ny4xMTEgMzQ4LjQyMiAxNTguNjY3IDM0Ni4xOTZMMTMwIDMzOS41MTdDMTE1LjU1NSAzMzUuOTU1IDEwNC43NzggMzMwLjQ5OSA5Ny42NjY1IDMyMy4xNTFDOTAuNzc3NSAzMTUuODA0IDg3LjMzMzQgMzA2LjExOSA4Ny4zMzM0IDI5NC4wOTZDODcuMzMzNCAyODQuMDc2IDg5Ljg4OSAyNzUuMzkyIDk0Ljk5OTYgMjY4LjA0NUMxMDAuMzMzIDI2MC42OTcgMTA3LjU1NSAyNTUuMDIgMTE2LjY2NiAyNTEuMDEyQzEyNiAyNDcuMDA0IDEzNi42NjcgMjQ1IDE0OC42NjYgMjQ1QzE2MC42NjcgMjQ1IDE3MSAyNDcuMTE2IDE3OS42NjcgMjUxLjM0NkMxODguNTU1IDI1NS41NzYgMTk1LjQ0NCAyNjEuNDc3IDIwMC4zMzMgMjY5LjA0N0MyMDUuNDQ0IDI3Ni42MTcgMjA4LjExMSAyODUuNjM0IDIwOC4zMzMgMjk2LjA5OUgxNzguMzMzQzE3OC4xMTEgMjg3LjYzOCAxNzUuMzMzIDI4MS4wNyAxNjkuOTk5IDI3Ni4zOTRDMTY0LjY2NiAyNzEuNzE5IDE1Ny4yMjIgMjY5LjM4MSAxNDcuNjY3IDI2OS4zODFDMTM3Ljg4OSAyNjkuMzgxIDEzMC4zMzMgMjcxLjQ5NiAxMjUgMjc1LjcyNkMxMTkuNjY2IDI3OS45NTcgMTE3IDI4NS43NDYgMTE3IDI5My4wOTNDMTE3IDMwNC4wMDMgMTI1IDMxMS40NjIgMTQxIDMxNS40N0wxNjkuNjY3IDMyMi40ODNDMTgzLjQ0NSAzMjUuNiAxOTMuNzc4IDMzMC43MjIgMjAwLjY2NyAzMzcuODQ3QzIwNy41NTUgMzQ0Ljc0OSAyMTEgMzU0LjIxMiAyMTEgMzY2LjIzNUMyMTEgMzc2LjQ3NyAyMDguMjIyIDM4NS40OTQgMjAyLjY2NiAzOTMuMjg3QzE5Ny4xMTEgNDAwLjg1NyAxODkuNDQ0IDQwNi43NTggMTc5LjY2NyA0MTAuOTg5QzE3MC4xMTEgNDE0Ljk5NiAxNTguNzc4IDQxNyAxNDUuNjY3IDQxN0MxMjYuNTU1IDQxNyAxMTEuMzMzIDQxMi4zMjUgOTkuOTk5NyA0MDIuOTczQzg4LjY2NjggMzkzLjYyMSA4MyAzODEuMTUzIDgzIDM2NS41NjdaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjMyLjI5MSA0MTNWMjUwLjA4MkMyNDQuNjg0IDI1NC42MTQgMjUwLjE0OCAyNTQuNjE0IDI2My4zNzEgMjUwLjA4MlY0MTNIMjMyLjI5MVpNMjQ3LjUgMjM5LjMxM0MyNDEuOTkgMjM5LjMxMyAyMzcuMTQgMjM3LjMxMyAyMzIuOTUyIDIzMy4zMTZDMjI4Ljk4NCAyMjkuMDk1IDIyNyAyMjQuMjA5IDIyNyAyMTguNjU2QzIyNyAyMTIuODgyIDIyOC45ODQgMjA3Ljk5NSAyMzIuOTUyIDIwMy45OTdDMjM3LjE0IDE5OS45OTkgMjQxLjk5IDE5OCAyNDcuNSAxOThDMjUzLjIzMSAxOTggMjU4LjA4IDE5OS45OTkgMjYyLjA0OSAyMDMuOTk3QzI2Ni4wMTYgMjA3Ljk5NSAyNjggMjEyLjg4MiAyNjggMjE4LjY1NkMyNjggMjI0LjIwOSAyNjYuMDE2IDIyOS4wOTUgMjYyLjA0OSAyMzMuMzE2QzI1OC4wOCAyMzcuMzEzIDI1My4yMzEgMjM5LjMxMyAyNDcuNSAyMzkuMzEzWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTMxOS4zMzMgNDEzSDI4OFYyNDkuNjc2SDMxNlYyNzcuMjMzQzMxOS4zMzMgMjY4LjEwNCAzMjUuNzc4IDI2MC4zNjQgMzM0LjY2NyAyNTQuMzUyQzM0My43NzggMjQ4LjExNyAzNTQuNzc4IDI0NSAzNjcuNjY3IDI0NUMzODIuMTExIDI0NSAzOTQuMTEyIDI0OC44OTcgNDAzLjY2NyAyNTYuNjlDNDEzLjIyMiAyNjQuNDg0IDQxOS40NDQgMjc0LjgzNyA0MjIuMzM0IDI4Ny43NTJINDE2LjY2N0M0MTguODg5IDI3NC44MzcgNDI1IDI2NC40ODQgNDM1IDI1Ni42OUM0NDUgMjQ4Ljg5NyA0NTcuMzM0IDI0NSA0NzIgMjQ1QzQ5MC42NjYgMjQ1IDUwNS4zMzQgMjUwLjQ1NSA1MTYgMjYxLjM2NkM1MjYuNjY3IDI3Mi4yNzYgNTMyIDI4Ny4xOTUgNTMyIDMwNi4xMjFWNDEzSDUwMS4zMzNWMzEzLjgwNEM1MDEuMzMzIDMwMC44ODkgNDk4IDI5MC45ODEgNDkxLjMzMyAyODQuMDc4QzQ4NC44ODkgMjc2Ljk1MiA0NzYuMTExIDI3My4zOSA0NjUgMjczLjM5QzQ1Ny4yMjIgMjczLjM5IDQ1MC4zMzMgMjc1LjE3MSA0NDQuMzM0IDI3OC43MzRDNDM4LjU1NiAyODIuMDc0IDQzNCAyODYuOTcyIDQzMC42NjcgMjkzLjQzQzQyNy4zMzMgMjk5Ljg4NyA0MjUuNjY3IDMwNy40NTcgNDI1LjY2NyAzMTYuMTQxVjQxM0gzOTQuNjY3VjMxMy40NjlDMzk0LjY2NyAzMDAuNTU1IDM5MS40NDUgMjkwLjc1OCAzODUgMjg0LjA3OEMzNzguNTU2IDI3Ny4xNzUgMzY5Ljc3OCAyNzMuNzI0IDM1OC42NjcgMjczLjcyNEMzNTAuODg5IDI3My43MjQgMzQ0IDI3NS41MDUgMzM4IDI3OS4wNjhDMzMyLjIyMiAyODIuNDA4IDMyNy42NjcgMjg3LjMwNyAzMjQuMzMzIDI5My43NjNDMzIxIDI5OS45OTggMzE5LjMzMyAzMDcuNDU3IDMxOS4zMzMgMzE2LjE0MVY0MTNaIiBmaWxsPSJ3aGl0ZSIvPgo8L2c+CjxkZWZzPgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzExNTlfMzEzIj4KPHJlY3Qgd2lkdGg9IjYxNiIgaGVpZ2h0PSI2MTYiIGZpbGw9IndoaXRlIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg==&logoColor=white" alt="Sim.ai"></a>
 
-### Option 1: NPM Package (Simplest)
-
-The easiest way to run Sim locally is using our [NPM package](https://www.npmjs.com/package/simstudio?activeTab=readme):
+### Self-hosted: NPM Package
 
 ```bash
 npx simstudio
 ```
+→ http://localhost:3000
 
-After running these commands, open [http://localhost:3000/](http://localhost:3000/) in your browser.
+#### Note
+Docker must be installed and running on your machine.
 
 #### Options
 
-- `-p, --port <port>`: Specify the port to run Sim on (default: 3000)
-- `--no-pull`: Skip pulling the latest Docker images
+| Flag | Description |
+|------|-------------|
+| `-p, --port <port>` | Port to run Sim on (default `3000`) |
+| `--no-pull` | Skip pulling latest Docker images |
 
-#### Requirements
-
-- Docker must be installed and running on your machine
-
-### Option 2: Docker Compose
+### Self-hosted: Docker Compose
 
 ```bash
 # Clone the repository
@@ -76,14 +72,14 @@ Wait for the model to download, then visit [http://localhost:3000](http://localh
 docker compose -f docker-compose.ollama.yml exec ollama ollama pull llama3.1:8b
 ```
 
-### Option 3: Dev Containers
+### Self-hosted: Dev Containers
 
 1. Open VS Code with the [Remote - Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers)
 2. Open the project and click "Reopen in Container" when prompted
 3. Run `bun run dev:full` in the terminal or use the `sim-start` alias
    - This starts both the main application and the realtime socket server
 
-### Option 4: Manual Setup
+### Self-hosted: Manual Setup
 
 **Requirements:**
 - [Bun](https://bun.sh/) runtime
@@ -158,6 +154,14 @@ cd apps/sim
 bun run dev:sockets
 ```
 
+## Copilot API Keys
+
+Copilot is a Sim-managed service. To use Copilot on a self-hosted instance:
+
+- Go to https://sim.ai → Settings → Copilot and generate a Copilot API key
+- Set `COPILOT_API_KEY` in your self-hosted environment to that value
+- Host Sim on a publicly available DNS and set NEXT_PUBLIC_APP_URL and BETTER_AUTH_URL to that value ([ngrok](https://ngrok.com/))
+
 ## Tech Stack
 
 - **Framework**: [Next.js](https://nextjs.org/) (App Router)
@@ -180,4 +184,4 @@ We welcome contributions! Please see our [Contributing Guide](.github/CONTRIBUTI
 
 This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.
 
-<p align="center">Made with ❤️ by the Sim Team</p>
+<p align="center">Made with ❤️ by the Sim Team</p>

apps/docs/content/docs/copilot/index.mdx

@@ -0,0 +1,97 @@
+---
+title: Copilot
+description: Build and edit workflows with Sim Copilot
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+import { Card, Cards } from 'fumadocs-ui/components/card'
+import { MessageCircle, Package, Zap, Infinity as InfinityIcon, Brain, BrainCircuit } from 'lucide-react'
+
+## What is Copilot
+
+Copilot is your in-editor assistant that helps you build, understand, and improve workflows. It can:
+
+- **Explain**: Answer questions about Sim and your current workflow
+- **Guide**: Suggest edits and best practices
+- **Edit**: Make changes to blocks, connections, and settings when you approve
+
+<Callout type="info">
+  Copilot is a Sim-managed service. For self-hosted deployments, generate a Copilot API key in the hosted app (sim.ai → Settings → Copilot)
+  1. Go to [sim.ai](https://sim.ai) → Settings → Copilot and generate a Copilot API key
+2. Set `COPILOT_API_KEY` in your self-hosted environment to that value
+3. Host Sim on a publicly available DNS and set `NEXT_PUBLIC_APP_URL` and `BETTER_AUTH_URL` to that value (e.g., using ngrok)
+</Callout>
+
+## Modes
+
+<Cards>
+  <Card title="Ask">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <MessageCircle className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">
+          Q&A mode for explanations, guidance, and suggestions without making changes to your workflow.
+        </p>
+      </div>
+    </div>
+  </Card>
+  <Card title="Agent">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <Package className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">
+          Build-and-edit mode. Copilot proposes specific edits (add blocks, wire variables, tweak settings) and applies them when you approve.
+        </p>
+      </div>
+    </div>
+  </Card>
+</Cards>
+
+## Depth Levels
+
+<Cards>
+  <Card title="Fast">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <Zap className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">Quickest and cheapest. Best for small edits, simple workflows, and minor tweaks.</p>
+      </div>
+    </div>
+  </Card>
+  <Card title="Auto">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <InfinityIcon className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">Balanced speed and reasoning. Recommended default for most tasks.</p>
+      </div>
+    </div>
+  </Card>
+  <Card title="Pro">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <Brain className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">More reasoning for larger workflows and complex edits while staying performant.</p>
+      </div>
+    </div>
+  </Card>
+  <Card title="Max">
+    <div className="flex items-start gap-3">
+      <span className="mt-0.5 inline-flex h-8 w-8 items-center justify-center rounded-md border border-border/50 bg-muted/60">
+        <BrainCircuit className="h-4 w-4 text-muted-foreground" />
+      </span>
+      <div>
+        <p className="m-0 text-sm">Maximum reasoning for deep planning, debugging, and complex architectural changes.</p>
+      </div>
+    </div>
+  </Card>
+</Cards> 

apps/docs/content/docs/copilot/meta.json

@@ -0,0 +1,4 @@
+{
+  "title": "Copilot",
+  "pages": ["index"]
+}

apps/docs/content/docs/meta.json

@@ -12,6 +12,8 @@
     "connections",
     "---Execution---",
     "execution",
+    "---Copilot---",
+    "copilot",
     "---Advanced---",
     "./variables/index",
     "yaml",

apps/docs/content/docs/tools/microsoft_excel.mdx

@@ -115,8 +115,7 @@ Read data from a Microsoft Excel spreadsheet
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `success` | boolean | Operation success status |
-| `output` | object | Excel spreadsheet data and metadata |
+| `data` | object | Range data from the spreadsheet |
 
 ### `microsoft_excel_write`
 
@@ -136,8 +135,11 @@ Write data to a Microsoft Excel spreadsheet
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `success` | boolean | Operation success status |
-| `output` | object | Write operation results and metadata |
+| `updatedRange` | string | The range that was updated |
+| `updatedRows` | number | Number of rows that were updated |
+| `updatedColumns` | number | Number of columns that were updated |
+| `updatedCells` | number | Number of cells that were updated |
+| `metadata` | object | Spreadsheet metadata |
 
 ### `microsoft_excel_table_add`
 
@@ -155,8 +157,9 @@ Add new rows to a Microsoft Excel table
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `success` | boolean | Operation success status |
-| `output` | object | Table add operation results and metadata |
+| `index` | number | Index of the first row that was added |
+| `values` | array | Array of rows that were added to the table |
+| `metadata` | object | Spreadsheet metadata |
 
 
 

apps/docs/content/docs/tools/supabase.mdx

@@ -142,7 +142,7 @@ Get a single row from a Supabase table based on filter criteria
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `message` | string | Operation status message |
-| `results` | object | The row data if found, null if not found |
+| `results` | array | Array containing the row data if found, empty array if not found |
 
 ### `supabase_update`
 
@@ -185,6 +185,26 @@ Delete rows from a Supabase table based on filter criteria
 | `message` | string | Operation status message |
 | `results` | array | Array of deleted records |
 
+### `supabase_upsert`
+
+Insert or update data in a Supabase table (upsert operation)
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `projectId` | string | Yes | Your Supabase project ID \(e.g., jdrkgepadsdopsntdlom\) |
+| `table` | string | Yes | The name of the Supabase table to upsert data into |
+| `data` | any | Yes | The data to upsert \(insert or update\) |
+| `apiKey` | string | Yes | Your Supabase service role secret key |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `message` | string | Operation status message |
+| `results` | array | Array of upserted records |
+
 
 
 ## Notes

apps/sim/app/(auth)/components/social-login-buttons.tsx

@@ -3,7 +3,6 @@
 import { useEffect, useState } from 'react'
 import { GithubIcon, GoogleIcon } from '@/components/icons'
 import { Button } from '@/components/ui/button'
-import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from '@/components/ui/tooltip'
 import { client } from '@/lib/auth-client'
 
 interface SocialLoginButtonsProps {
@@ -114,58 +113,16 @@ export function SocialLoginButtons({
     </Button>
   )
 
-  const renderGithubButton = () => {
-    if (githubAvailable) return githubButton
+  const hasAnyOAuthProvider = githubAvailable || googleAvailable
 
-    return (
-      <TooltipProvider>
-        <Tooltip>
-          <TooltipTrigger asChild>
-            <div>{githubButton}</div>
-          </TooltipTrigger>
-          <TooltipContent className='border-neutral-700 bg-neutral-800 text-white'>
-            <p>
-              GitHub login requires OAuth credentials to be configured. Add the following
-              environment variables:
-            </p>
-            <ul className='mt-2 space-y-1 text-neutral-300 text-xs'>
-              <li>• GITHUB_CLIENT_ID</li>
-              <li>• GITHUB_CLIENT_SECRET</li>
-            </ul>
-          </TooltipContent>
-        </Tooltip>
-      </TooltipProvider>
-    )
-  }
-
-  const renderGoogleButton = () => {
-    if (googleAvailable) return googleButton
-
-    return (
-      <TooltipProvider>
-        <Tooltip>
-          <TooltipTrigger asChild>
-            <div>{googleButton}</div>
-          </TooltipTrigger>
-          <TooltipContent className='border-neutral-700 bg-neutral-800 text-white'>
-            <p>
-              Google login requires OAuth credentials to be configured. Add the following
-              environment variables:
-            </p>
-            <ul className='mt-2 space-y-1 text-neutral-300 text-xs'>
-              <li>• GOOGLE_CLIENT_ID</li>
-              <li>• GOOGLE_CLIENT_SECRET</li>
-            </ul>
-          </TooltipContent>
-        </Tooltip>
-      </TooltipProvider>
-    )
+  if (!hasAnyOAuthProvider) {
+    return null
   }
 
   return (
     <div className='grid gap-3'>
-      {renderGithubButton()}
-      {renderGoogleButton()}
+      {githubAvailable && githubButton}
+      {googleAvailable && googleButton}
     </div>
   )
 }

apps/sim/app/(auth)/layout.tsx

@@ -9,7 +9,7 @@ export default function AuthLayout({ children }: { children: React.ReactNode })
   const brand = useBrandConfig()
 
   return (
-    <main className='relative flex min-h-screen flex-col bg-[#0C0C0C] font-geist-sans text-white'>
+    <main className='relative flex min-h-screen flex-col bg-[var(--brand-background-hex)] font-geist-sans text-white'>
       {/* Background pattern */}
       <GridPattern
         x={-5}
@@ -28,12 +28,12 @@ export default function AuthLayout({ children }: { children: React.ReactNode })
               <img
                 src={brand.logoUrl}
                 alt={`${brand.name} Logo`}
-                width={42}
-                height={42}
-                className='h-[42px] w-[42px] object-contain'
+                width={56}
+                height={56}
+                className='h-[56px] w-[56px] object-contain'
               />
             ) : (
-              <Image src='/sim.svg' alt={`${brand.name} Logo`} width={42} height={42} />
+              <Image src='/sim.svg' alt={`${brand.name} Logo`} width={56} height={56} />
             )}
           </Link>
         </div>

apps/sim/app/(auth)/login/login-form.tsx

@@ -366,11 +366,13 @@ export default function LoginPage({
             callbackURL={callbackUrl}
           />
 
-          <div className='relative mt-2 py-4'>
-            <div className='absolute inset-0 flex items-center'>
-              <div className='w-full border-neutral-700/50 border-t' />
+          {(githubAvailable || googleAvailable) && (
+            <div className='relative mt-2 py-4'>
+              <div className='absolute inset-0 flex items-center'>
+                <div className='w-full border-neutral-700/50 border-t' />
+              </div>
             </div>
-          </div>
+          )}
 
           <form onSubmit={onSubmit} className='space-y-5'>
             <div className='space-y-4'>
@@ -456,7 +458,7 @@ export default function LoginPage({
 
             <Button
               type='submit'
-              className='flex h-11 w-full items-center justify-center gap-2 bg-[#701ffc] font-medium text-base text-white shadow-[#701ffc]/20 shadow-lg transition-colors duration-200 hover:bg-[#802FFF]'
+              className='flex h-11 w-full items-center justify-center gap-2 bg-brand-primary font-medium text-base text-white shadow-[var(--brand-primary-hex)]/20 shadow-lg transition-colors duration-200 hover:bg-brand-primary-hover'
               disabled={isLoading}
             >
               {isLoading ? 'Signing in...' : 'Sign In'}
@@ -468,7 +470,7 @@ export default function LoginPage({
           <span className='text-neutral-400'>Don't have an account? </span>
           <Link
             href={isInviteFlow ? `/signup?invite_flow=true&callbackUrl=${callbackUrl}` : '/signup'}
-            className='font-medium text-[#9D54FF] underline-offset-4 transition hover:text-[#a66fff] hover:underline'
+            className='font-medium text-[var(--brand-accent-hex)] underline-offset-4 transition hover:text-[var(--brand-accent-hover-hex)] hover:underline'
           >
             Sign up
           </Link>
@@ -497,7 +499,7 @@ export default function LoginPage({
                 placeholder='Enter your email'
                 required
                 type='email'
-                className='border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[#802FFF]/70 focus:ring-[#802FFF]/20'
+                className='border-neutral-700/80 bg-neutral-900 text-white placeholder:text-white/60 focus:border-[var(--brand-primary-hover-hex)]/70 focus:ring-[var(--brand-primary-hover-hex)]/20'
               />
             </div>
             {resetStatus.type && (
@@ -512,7 +514,7 @@ export default function LoginPage({
             <Button
               type='button'
               onClick={handleForgotPassword}
-              className='h-11 w-full bg-[#701ffc] font-medium text-base text-white shadow-[#701ffc]/20 shadow-lg transition-colors duration-200 hover:bg-[#802FFF]'
+              className='h-11 w-full bg-[var(--brand-primary-hex)] font-medium text-base text-white shadow-[var(--brand-primary-hex)]/20 shadow-lg transition-colors duration-200 hover:bg-[var(--brand-primary-hover-hex)]'
               disabled={isSubmittingReset}
             >
               {isSubmittingReset ? 'Sending...' : 'Send Reset Link'}

apps/sim/app/(auth)/signup/signup-form.tsx

@@ -381,11 +381,13 @@ function SignupFormContent({
             isProduction={isProduction}
           />
 
-          <div className='relative mt-2 py-4'>
-            <div className='absolute inset-0 flex items-center'>
-              <div className='w-full border-neutral-700/50 border-t' />
+          {(githubAvailable || googleAvailable) && (
+            <div className='relative mt-2 py-4'>
+              <div className='absolute inset-0 flex items-center'>
+                <div className='w-full border-neutral-700/50 border-t' />
+              </div>
             </div>
-          </div>
+          )}
 
           <form onSubmit={onSubmit} className='space-y-5'>
             <div className='space-y-4'>
@@ -488,7 +490,7 @@ function SignupFormContent({
 
             <Button
               type='submit'
-              className='flex h-11 w-full items-center justify-center gap-2 bg-[#701ffc] font-medium text-base text-white shadow-[#701ffc]/20 shadow-lg transition-colors duration-200 hover:bg-[#802FFF]'
+              className='flex h-11 w-full items-center justify-center gap-2 bg-[var(--brand-primary-hex)] font-medium text-base text-white shadow-[var(--brand-primary-hex)]/20 shadow-lg transition-colors duration-200 hover:bg-[var(--brand-primary-hover-hex)]'
               disabled={isLoading}
             >
               {isLoading ? 'Creating account...' : 'Create Account'}
@@ -500,7 +502,7 @@ function SignupFormContent({
           <span className='text-neutral-400'>Already have an account? </span>
           <Link
             href={isInviteFlow ? `/login?invite_flow=true&callbackUrl=${redirectUrl}` : '/login'}
-            className='font-medium text-[#9D54FF] underline-offset-4 transition hover:text-[#a66fff] hover:underline'
+            className='font-medium text-[var(--brand-accent-hex)] underline-offset-4 transition hover:text-[var(--brand-accent-hover-hex)] hover:underline'
           >
             Sign in
           </Link>

apps/sim/app/(auth)/verify/verify-content.tsx

@@ -124,7 +124,7 @@ function VerificationForm({
 
             <Button
               onClick={verifyCode}
-              className='h-11 w-full bg-[#701ffc] font-medium text-base text-white shadow-[#701ffc]/20 shadow-lg transition-colors duration-200 hover:bg-[#802FFF]'
+              className='h-11 w-full bg-[var(--brand-primary-hex)] font-medium text-base text-white shadow-[var(--brand-primary-hex)]/20 shadow-lg transition-colors duration-200 hover:bg-[var(--brand-primary-hover-hex)]'
               disabled={!isOtpComplete || isLoading}
             >
               {isLoading ? 'Verifying...' : 'Verify Email'}
@@ -140,7 +140,7 @@ function VerificationForm({
                     </span>
                   ) : (
                     <button
-                      className='font-medium text-[#9D54FF] underline-offset-4 transition hover:text-[#a66fff] hover:underline'
+                      className='font-medium text-[var(--brand-accent-hex)] underline-offset-4 transition hover:text-[var(--brand-accent-hover-hex)] hover:underline'
                       onClick={handleResend}
                       disabled={isLoading || isResendDisabled}
                     >

apps/sim/app/(landing)/components/blog-card.tsx

@@ -35,7 +35,7 @@ export const BlogCard = ({
 }: BlogCardProps) => {
   return (
     <Link href={href}>
-      <div className='flex flex-col rounded-3xl border border-[#606060]/40 bg-[#101010] p-8 transition-all duration-500 hover:bg-[#202020]'>
+      <div className='flex flex-col rounded-3xl border border-[#606060]/40 bg-[#101010] p-8 transition-all duration-500 hover:bg-[var(--surface-elevated)]'>
         {image ? (
           <Image
             src={image}

apps/sim/app/(landing)/components/nav-client.tsx

@@ -245,7 +245,7 @@ export default function NavClient({
                     target='_blank'
                     rel='noopener noreferrer'
                   >
-                    <Button className='h-[43px] bg-[#701ffc] px-6 py-2 font-geist-sans font-medium text-base text-neutral-100 transition-colors duration-200 hover:bg-[#802FFF]'>
+                    <Button className='h-[43px] bg-[var(--brand-primary-hex)] px-6 py-2 font-geist-sans font-medium text-base text-neutral-100 transition-colors duration-200 hover:bg-[var(--brand-primary-hover-hex)]'>
                       Contact
                     </Button>
                   </Link>
@@ -277,7 +277,7 @@ export default function NavClient({
                     >
                       <SheetContent
                         side='right'
-                        className='flex h-full w-[280px] flex-col border-[#181818] border-l bg-[#0C0C0C] p-6 pt-6 text-white shadow-xl sm:w-[320px] [&>button]:hidden'
+                        className='flex h-full w-[280px] flex-col border-[#181818] border-l bg-[var(--brand-background-hex)] p-6 pt-6 text-white shadow-xl sm:w-[320px] [&>button]:hidden'
                         onOpenAutoFocus={(e) => e.preventDefault()}
                         onCloseAutoFocus={(e) => e.preventDefault()}
                       >
@@ -311,7 +311,7 @@ export default function NavClient({
                                 target='_blank'
                                 rel='noopener noreferrer'
                               >
-                                <Button className='w-full bg-[#701ffc] py-6 font-medium text-base text-white shadow-[#701ffc]/20 shadow-lg transition-colors duration-200 hover:bg-[#802FFF]'>
+                                <Button className='w-full bg-[var(--brand-primary-hex)] py-6 font-medium text-base text-white shadow-[var(--brand-primary-hex)]/20 shadow-lg transition-colors duration-200 hover:bg-[var(--brand-primary-hover-hex)]'>
                                   Contact
                                 </Button>
                               </Link>

apps/sim/app/(landing)/components/sections/hero.tsx

@@ -62,7 +62,7 @@ function Hero() {
       <Button
         variant={'secondary'}
         onClick={handleNavigate}
-        className='animate-fade-in items-center bg-[#701ffc] px-7 py-6 font-[420] font-geist-sans text-lg text-neutral-100 tracking-normal shadow-[#701ffc]/30 shadow-lg hover:bg-[#802FFF]'
+        className='animate-fade-in items-center bg-[var(--brand-primary-hex)] px-7 py-6 font-[420] font-geist-sans text-lg text-neutral-100 tracking-normal shadow-[var(--brand-primary-hex)]/30 shadow-lg hover:bg-[var(--brand-primary-hover-hex)]'
         aria-label='Start using the platform'
       >
         <div className='text-[1.15rem]'>Start now</div>
@@ -104,7 +104,7 @@ function Hero() {
           className='aspect-[5/3] h-auto md:aspect-auto'
         >
           <g filter='url(#filter0_b_0_1)'>
-            <ellipse cx='300' cy='240' rx='290' ry='220' fill='#0C0C0C' />
+            <ellipse cx='300' cy='240' rx='290' ry='220' fill='var(--brand-background-hex)' />
           </g>
           <defs>
             <filter

apps/sim/app/(landing)/contributors/page.tsx

@@ -151,7 +151,7 @@ export default function ContributorsPage() {
   )
 
   return (
-    <main className='relative min-h-screen bg-[#0C0C0C] font-geist-sans text-white'>
+    <main className='relative min-h-screen bg-[var(--brand-background-hex)] font-geist-sans text-white'>
       {/* Grid pattern background */}
       <div className='absolute inset-0 bottom-[400px] z-0'>
         <GridPattern
@@ -239,7 +239,7 @@ export default function ContributorsPage() {
               <div className='mb-6 grid grid-cols-1 gap-3 sm:mb-8 sm:grid-cols-2 sm:gap-4 lg:grid-cols-5'>
                 <div className='rounded-lg border border-[#606060]/20 bg-neutral-800/30 p-3 text-center sm:rounded-xl sm:p-4'>
                   <div className='mb-1 flex items-center justify-center sm:mb-2'>
-                    <Star className='h-4 w-4 text-[#701ffc] sm:h-5 sm:w-5' />
+                    <Star className='h-4 w-4 text-[var(--brand-primary-hex)] sm:h-5 sm:w-5' />
                   </div>
                   <div className='font-bold text-lg text-white sm:text-xl'>{repoStats.stars}</div>
                   <div className='text-neutral-400 text-xs'>Stars</div>
@@ -247,7 +247,7 @@ export default function ContributorsPage() {
 
                 <div className='rounded-lg border border-[#606060]/20 bg-neutral-800/30 p-3 text-center sm:rounded-xl sm:p-4'>
                   <div className='mb-1 flex items-center justify-center sm:mb-2'>
-                    <GitFork className='h-4 w-4 text-[#701ffc] sm:h-5 sm:w-5' />
+                    <GitFork className='h-4 w-4 text-[var(--brand-primary-hex)] sm:h-5 sm:w-5' />
                   </div>
                   <div className='font-bold text-lg text-white sm:text-xl'>{repoStats.forks}</div>
                   <div className='text-neutral-400 text-xs'>Forks</div>
@@ -255,7 +255,7 @@ export default function ContributorsPage() {
 
                 <div className='rounded-lg border border-[#606060]/20 bg-neutral-800/30 p-3 text-center sm:rounded-xl sm:p-4'>
                   <div className='mb-1 flex items-center justify-center sm:mb-2'>
-                    <GitGraph className='h-4 w-4 text-[#701ffc] sm:h-5 sm:w-5' />
+                    <GitGraph className='h-4 w-4 text-[var(--brand-primary-hex)] sm:h-5 sm:w-5' />
                   </div>
                   <div className='font-bold text-lg text-white sm:text-xl'>
                     {filteredContributors?.length || 0}
@@ -265,7 +265,7 @@ export default function ContributorsPage() {
 
                 <div className='rounded-lg border border-[#606060]/20 bg-neutral-800/30 p-3 text-center sm:rounded-xl sm:p-4'>
                   <div className='mb-1 flex items-center justify-center sm:mb-2'>
-                    <MessageCircle className='h-4 w-4 text-[#701ffc] sm:h-5 sm:w-5' />
+                    <MessageCircle className='h-4 w-4 text-[var(--brand-primary-hex)] sm:h-5 sm:w-5' />
                   </div>
                   <div className='font-bold text-lg text-white sm:text-xl'>
                     {repoStats.openIssues}
@@ -275,7 +275,7 @@ export default function ContributorsPage() {
 
                 <div className='rounded-lg border border-[#606060]/20 bg-neutral-800/30 p-3 text-center sm:rounded-xl sm:p-4'>
                   <div className='mb-1 flex items-center justify-center sm:mb-2'>
-                    <GitPullRequest className='h-4 w-4 text-[#701ffc] sm:h-5 sm:w-5' />
+                    <GitPullRequest className='h-4 w-4 text-[var(--brand-primary-hex)] sm:h-5 sm:w-5' />
                   </div>
                   <div className='font-bold text-lg text-white sm:text-xl'>{repoStats.openPRs}</div>
                   <div className='text-neutral-400 text-xs'>Pull Requests</div>
@@ -291,8 +291,8 @@ export default function ContributorsPage() {
                   <AreaChart data={timelineData} className='-mx-2 sm:-mx-5 mt-1 sm:mt-2'>
                     <defs>
                       <linearGradient id='commits' x1='0' y1='0' x2='0' y2='1'>
-                        <stop offset='5%' stopColor='#701ffc' stopOpacity={0.3} />
-                        <stop offset='95%' stopColor='#701ffc' stopOpacity={0} />
+                        <stop offset='5%' stopColor='var(--brand-primary-hex)' stopOpacity={0.3} />
+                        <stop offset='95%' stopColor='var(--brand-primary-hex)' stopOpacity={0} />
                       </linearGradient>
                     </defs>
                     <XAxis
@@ -320,7 +320,7 @@ export default function ContributorsPage() {
                             <div className='rounded-lg border border-[#606060]/30 bg-[#0f0f0f] p-2 shadow-lg backdrop-blur-sm sm:p-3'>
                               <div className='grid gap-1 sm:gap-2'>
                                 <div className='flex items-center gap-1 sm:gap-2'>
-                                  <GitGraph className='h-3 w-3 text-[#701ffc] sm:h-4 sm:w-4' />
+                                  <GitGraph className='h-3 w-3 text-[var(--brand-primary-hex)] sm:h-4 sm:w-4' />
                                   <span className='text-neutral-400 text-xs sm:text-sm'>
                                     Commits:
                                   </span>
@@ -338,7 +338,7 @@ export default function ContributorsPage() {
                     <Area
                       type='monotone'
                       dataKey='commits'
-                      stroke='#701ffc'
+                      stroke='var(--brand-primary-hex)'
                       strokeWidth={2}
                       fill='url(#commits)'
                     />
@@ -393,7 +393,7 @@ export default function ContributorsPage() {
                         animate={{ opacity: 1, y: 0 }}
                         style={{ animationDelay: `${index * 50}ms` }}
                       >
-                        <Avatar className='h-12 w-12 ring-2 ring-[#606060]/30 transition-transform group-hover:scale-105 group-hover:ring-[#701ffc]/60 sm:h-16 sm:w-16'>
+                        <Avatar className='h-12 w-12 ring-2 ring-[#606060]/30 transition-transform group-hover:scale-105 group-hover:ring-[var(--brand-primary-hex)]/60 sm:h-16 sm:w-16'>
                           <AvatarImage
                             src={contributor.avatar_url}
                             alt={contributor.login}
@@ -405,13 +405,13 @@ export default function ContributorsPage() {
                         </Avatar>
 
                         <div className='mt-2 text-center sm:mt-3'>
-                          <span className='block font-medium text-white text-xs transition-colors group-hover:text-[#701ffc] sm:text-sm'>
+                          <span className='block font-medium text-white text-xs transition-colors group-hover:text-[var(--brand-primary-hex)] sm:text-sm'>
                             {contributor.login.length > 12
                               ? `${contributor.login.slice(0, 12)}...`
                               : contributor.login}
                           </span>
                           <div className='mt-1 flex items-center justify-center gap-1 sm:mt-2'>
-                            <GitGraph className='h-2 w-2 text-neutral-400 transition-colors group-hover:text-[#701ffc] sm:h-3 sm:w-3' />
+                            <GitGraph className='h-2 w-2 text-neutral-400 transition-colors group-hover:text-[var(--brand-primary-hex)] sm:h-3 sm:w-3' />
                             <span className='font-medium text-neutral-300 text-xs transition-colors group-hover:text-white sm:text-sm'>
                               {contributor.contributions}
                             </span>
@@ -508,7 +508,7 @@ export default function ContributorsPage() {
                         />
                         <Bar
                           dataKey='contributions'
-                          className='fill-[#701ffc]'
+                          className='fill-[var(--brand-primary-hex)]'
                           radius={[4, 4, 0, 0]}
                         />
                       </BarChart>
@@ -532,7 +532,7 @@ export default function ContributorsPage() {
             >
               <div className='relative p-6 sm:p-8 md:p-12 lg:p-16'>
                 <div className='text-center'>
-                  <div className='mb-4 inline-flex items-center rounded-full border border-[#701ffc]/20 bg-[#701ffc]/10 px-3 py-1 font-medium text-[#701ffc] text-xs sm:mb-6 sm:px-4 sm:py-2 sm:text-sm'>
+                  <div className='mb-4 inline-flex items-center rounded-full border border-[var(--brand-primary-hex)]/20 bg-[var(--brand-primary-hex)]/10 px-3 py-1 font-medium text-[var(--brand-primary-hex)] text-xs sm:mb-6 sm:px-4 sm:py-2 sm:text-sm'>
                     <Github className='mr-1 h-3 w-3 sm:mr-2 sm:h-4 sm:w-4' />
                     Apache-2.0 Licensed
                   </div>
@@ -550,7 +550,7 @@ export default function ContributorsPage() {
                     <Button
                       asChild
                       size='lg'
-                      className='bg-[#701ffc] text-white transition-colors duration-500 hover:bg-[#802FFF]'
+                      className='bg-[var(--brand-primary-hex)] text-white transition-colors duration-500 hover:bg-[var(--brand-primary-hover-hex)]'
                     >
                       <a
                         href='https://github.com/simstudioai/sim/blob/main/.github/CONTRIBUTING.md'

apps/sim/app/(landing)/landing.tsx

@@ -12,7 +12,7 @@ export default function Landing() {
   }
 
   return (
-    <main className='relative min-h-screen bg-[#0C0C0C] font-geist-sans'>
+    <main className='relative min-h-screen bg-[var(--brand-background-hex)] font-geist-sans'>
       <NavWrapper onOpenTypeformLink={handleOpenTypeformLink} />
 
       <Hero />

apps/sim/app/(landing)/privacy/page.tsx

@@ -11,7 +11,7 @@ export default function PrivacyPolicy() {
   }
 
   return (
-    <main className='relative min-h-screen overflow-hidden bg-[#0C0C0C] text-white'>
+    <main className='relative min-h-screen overflow-hidden bg-[var(--brand-background-hex)] text-white'>
       {/* Grid pattern background - only covers content area */}
       <div className='absolute inset-0 bottom-[400px] z-0 overflow-hidden'>
         <GridPattern
@@ -42,7 +42,7 @@ export default function PrivacyPolicy() {
           className='h-full w-full'
         >
           <g filter='url(#filter0_b_privacy)'>
-            <rect width='600' height='1600' rx='0' fill='#0C0C0C' />
+            <rect width='600' height='1600' rx='0' fill='var(--brand-background-hex)' />
           </g>
           <defs>
             <filter
@@ -391,7 +391,7 @@ export default function PrivacyPolicy() {
                   Privacy & Terms web page:{' '}
                   <Link
                     href='https://policies.google.com/privacy?hl=en'
-                    className='text-[#B5A1D4] hover:text-[#701ffc]'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
                     target='_blank'
                     rel='noopener noreferrer'
                   >
@@ -569,7 +569,7 @@ export default function PrivacyPolicy() {
                   Please note that we may ask you to verify your identity before responding to such
                   requests.
                 </p>
-                <p className='mb-4 border-[#701ffc] border-l-4 bg-[#701ffc]/10 p-3'>
+                <p className='mb-4 border-[var(--brand-primary-hex)] border-l-4 bg-[var(--brand-primary-hex)]/10 p-3'>
                   You have the right to complain to a Data Protection Authority about our collection
                   and use of your Personal Information. For more information, please contact your
                   local data protection authority in the European Economic Area (EEA).
@@ -661,7 +661,7 @@ export default function PrivacyPolicy() {
                   policy (if any). Before beginning your inquiry, email us at{' '}
                   <Link
                     href='mailto:security@sim.ai'
-                    className='text-[#B5A1D4] hover:text-[#701ffc]'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
                   >
                     security@sim.ai
                   </Link>{' '}
@@ -686,7 +686,7 @@ export default function PrivacyPolicy() {
                   To report any security flaws, send an email to{' '}
                   <Link
                     href='mailto:security@sim.ai'
-                    className='text-[#B5A1D4] hover:text-[#701ffc]'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
                   >
                     security@sim.ai
                   </Link>
@@ -726,7 +726,7 @@ export default function PrivacyPolicy() {
                   If you have any questions about this Privacy Policy, please contact us at:{' '}
                   <Link
                     href='mailto:privacy@sim.ai'
-                    className='text-[#B5A1D4] hover:text-[#701ffc]'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
                   >
                     privacy@sim.ai
                   </Link>

apps/sim/app/(landing)/terms/page.tsx

@@ -11,7 +11,7 @@ export default function TermsOfService() {
   }
 
   return (
-    <main className='relative min-h-screen overflow-hidden bg-[#0C0C0C] text-white'>
+    <main className='relative min-h-screen overflow-hidden bg-[var(--brand-background-hex)] text-white'>
       {/* Grid pattern background */}
       <div className='absolute inset-0 bottom-[400px] z-0 overflow-hidden'>
         <GridPattern
@@ -42,7 +42,7 @@ export default function TermsOfService() {
           className='h-full w-full'
         >
           <g filter='url(#filter0_b_terms)'>
-            <rect width='600' height='1600' rx='0' fill='#0C0C0C' />
+            <rect width='600' height='1600' rx='0' fill='var(--brand-background-hex)' />
           </g>
           <defs>
             <filter
@@ -268,7 +268,7 @@ export default function TermsOfService() {
                   Arbitration Agreement. The arbitration will be conducted by JAMS, an established
                   alternative dispute resolution provider.
                 </p>
-                <p className='mb-4 border-[#701ffc] border-l-4 bg-[#701ffc]/10 p-3'>
+                <p className='mb-4 border-[var(--brand-primary-hex)] border-l-4 bg-[var(--brand-primary-hex)]/10 p-3'>
                   YOU AND COMPANY AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON
                   AN INDIVIDUAL BASIS AND NOT ON A CLASS, REPRESENTATIVE, OR COLLECTIVE BASIS. ONLY
                   INDIVIDUAL RELIEF IS AVAILABLE, AND DISPUTES OF MORE THAN ONE CUSTOMER OR USER
@@ -277,7 +277,10 @@ export default function TermsOfService() {
                 <p className='mb-4'>
                   You have the right to opt out of the provisions of this Arbitration Agreement by
                   sending a timely written notice of your decision to opt out to:{' '}
-                  <Link href='mailto:legal@sim.ai' className='text-[#B5A1D4] hover:text-[#701ffc]'>
+                  <Link
+                    href='mailto:legal@sim.ai'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
+                  >
                     legal@sim.ai{' '}
                   </Link>
                   within 30 days after first becoming subject to this Arbitration Agreement.
@@ -330,7 +333,7 @@ export default function TermsOfService() {
                   Our Copyright Agent can be reached at:{' '}
                   <Link
                     href='mailto:copyright@sim.ai'
-                    className='text-[#B5A1D4] hover:text-[#701ffc]'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
                   >
                     copyright@sim.ai
                   </Link>
@@ -341,7 +344,10 @@ export default function TermsOfService() {
                 <h2 className='mb-4 font-semibold text-2xl text-white'>12. Contact Us</h2>
                 <p>
                   If you have any questions about these Terms, please contact us at:{' '}
-                  <Link href='mailto:legal@sim.ai' className='text-[#B5A1D4] hover:text-[#701ffc]'>
+                  <Link
+                    href='mailto:legal@sim.ai'
+                    className='text-[#B5A1D4] hover:text-[var(--brand-primary-hex)]'
+                  >
                     legal@sim.ai
                   </Link>
                 </p>

apps/sim/app/api/__test-utils__/utils.ts

@@ -354,6 +354,18 @@ export function mockExecutionDependencies() {
   }))
 }
 
+/**
+ * Mock Trigger.dev SDK (tasks.trigger and task factory) for tests that import background modules
+ */
+export function mockTriggerDevSdk() {
+  vi.mock('@trigger.dev/sdk', () => ({
+    tasks: {
+      trigger: vi.fn().mockResolvedValue({ id: 'mock-task-id' }),
+    },
+    task: vi.fn().mockReturnValue({}),
+  }))
+}
+
 export function mockWorkflowAccessValidation(shouldSucceed = true) {
   if (shouldSucceed) {
     vi.mock('@/app/api/workflows/middleware', () => ({

apps/sim/app/api/auth/oauth/token/route.ts

@@ -28,7 +28,12 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
     }
 
-    const authz = await authorizeCredentialUse(request, { credentialId, workflowId })
+    // We already have workflowId from the parsed body; avoid forcing hybrid auth to re-read it
+    const authz = await authorizeCredentialUse(request, {
+      credentialId,
+      workflowId,
+      requireWorkflowIdForInternal: false,
+    })
     if (!authz.ok || !authz.credentialOwnerUserId) {
       return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
@@ -79,14 +84,12 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    // Check if the access token is valid
     if (!credential.accessToken) {
       logger.warn(`[${requestId}] No access token available for credential`)
       return NextResponse.json({ error: 'No access token available' }, { status: 400 })
     }
 
     try {
-      // Refresh the token if needed
       const { accessToken } = await refreshTokenIfNeeded(requestId, credential, credentialId)
       return NextResponse.json({ accessToken }, { status: 200 })
     } catch (_error) {

apps/sim/app/api/auth/oauth/utils.ts

@@ -1,4 +1,4 @@
-import { and, eq } from 'drizzle-orm'
+import { and, desc, eq } from 'drizzle-orm'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { refreshOAuthToken } from '@/lib/oauth/oauth'
@@ -70,7 +70,8 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
     })
     .from(account)
     .where(and(eq(account.userId, userId), eq(account.providerId, providerId)))
-    .orderBy(account.createdAt)
+    // Always use the most recently updated credential for this provider
+    .orderBy(desc(account.updatedAt))
     .limit(1)
 
   if (connections.length === 0) {
@@ -80,19 +81,13 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
 
   const credential = connections[0]
 
-  // Check if we have a valid access token
-  if (!credential.accessToken) {
-    logger.warn(`Access token is null for user ${userId}, provider ${providerId}`)
-    return null
-  }
-
-  // Check if the token is expired and needs refreshing
+  // Determine whether we should refresh: missing token OR expired token
   const now = new Date()
   const tokenExpiry = credential.accessTokenExpiresAt
-  // Only refresh if we have an expiration time AND it's expired AND we have a refresh token
-  const needsRefresh = tokenExpiry && tokenExpiry < now && !!credential.refreshToken
+  const shouldAttemptRefresh =
+    !!credential.refreshToken && (!credential.accessToken || (tokenExpiry && tokenExpiry < now))
 
-  if (needsRefresh) {
+  if (shouldAttemptRefresh) {
     logger.info(
       `Access token expired for user ${userId}, provider ${providerId}. Attempting to refresh.`
     )
@@ -141,6 +136,13 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
     }
   }
 
+  if (!credential.accessToken) {
+    logger.warn(
+      `Access token is null and no refresh attempted or available for user ${userId}, provider ${providerId}`
+    )
+    return null
+  }
+
   logger.info(`Found valid OAuth token for user ${userId}, provider ${providerId}`)
   return credential.accessToken
 }
@@ -164,19 +166,21 @@ export async function refreshAccessTokenIfNeeded(
     return null
   }
 
-  // Check if we need to refresh the token
+  // Decide if we should refresh: token missing OR expired
   const expiresAt = credential.accessTokenExpiresAt
   const now = new Date()
-  // Only refresh if we have an expiration time AND it's expired
-  // If no expiration time is set (newly created credentials), assume token is valid
-  const needsRefresh = expiresAt && expiresAt <= now
+  const shouldRefresh =
+    !!credential.refreshToken && (!credential.accessToken || (expiresAt && expiresAt <= now))
 
   const accessToken = credential.accessToken
 
-  if (needsRefresh && credential.refreshToken) {
+  if (shouldRefresh) {
     logger.info(`[${requestId}] Token expired, attempting to refresh for credential`)
     try {
-      const refreshedToken = await refreshOAuthToken(credential.providerId, credential.refreshToken)
+      const refreshedToken = await refreshOAuthToken(
+        credential.providerId,
+        credential.refreshToken!
+      )
 
       if (!refreshedToken) {
         logger.error(`[${requestId}] Failed to refresh token for credential: ${credentialId}`, {
@@ -217,6 +221,7 @@ export async function refreshAccessTokenIfNeeded(
       return null
     }
   } else if (!accessToken) {
+    // We have no access token and either no refresh token or not eligible to refresh
     logger.error(`[${requestId}] Missing access token for credential`)
     return null
   }
@@ -233,21 +238,20 @@ export async function refreshTokenIfNeeded(
   credential: any,
   credentialId: string
 ): Promise<{ accessToken: string; refreshed: boolean }> {
-  // Check if we need to refresh the token
+  // Decide if we should refresh: token missing OR expired
   const expiresAt = credential.accessTokenExpiresAt
   const now = new Date()
-  // Only refresh if we have an expiration time AND it's expired
-  // If no expiration time is set (newly created credentials), assume token is valid
-  const needsRefresh = expiresAt && expiresAt <= now
+  const shouldRefresh =
+    !!credential.refreshToken && (!credential.accessToken || (expiresAt && expiresAt <= now))
 
-  // If token is still valid, return it directly
-  if (!needsRefresh || !credential.refreshToken) {
+  // If token appears valid and present, return it directly
+  if (!shouldRefresh) {
     logger.info(`[${requestId}] Access token is valid`)
     return { accessToken: credential.accessToken, refreshed: false }
   }
 
   try {
-    const refreshResult = await refreshOAuthToken(credential.providerId, credential.refreshToken)
+    const refreshResult = await refreshOAuthToken(credential.providerId, credential.refreshToken!)
 
     if (!refreshResult) {
       logger.error(`[${requestId}] Failed to refresh token for credential`)

apps/sim/app/api/auth/socket-token/route.ts

@@ -4,8 +4,9 @@ import { auth } from '@/lib/auth'
 
 export async function POST() {
   try {
+    const hdrs = await headers()
     const response = await auth.api.generateOneTimeToken({
-      headers: await headers(),
+      headers: hdrs,
     })
 
     if (!response) {
@@ -14,7 +15,6 @@ export async function POST() {
 
     return NextResponse.json({ token: response.token })
   } catch (error) {
-    console.error('Error generating one-time token:', error)
     return NextResponse.json({ error: 'Failed to generate token' }, { status: 500 })
   }
 }

apps/sim/app/api/billing/update-cost/route.ts

@@ -2,8 +2,8 @@ import crypto from 'crypto'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { env } from '@/lib/env'
-import { isProd } from '@/lib/environment'
+import { checkInternalApiKey } from '@/lib/copilot/utils'
+import { isBillingEnabled } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { userStats } from '@/db/schema'
@@ -11,34 +11,14 @@ import { calculateCost } from '@/providers/utils'
 
 const logger = createLogger('billing-update-cost')
 
-// Schema for the request body
 const UpdateCostSchema = z.object({
   userId: z.string().min(1, 'User ID is required'),
   input: z.number().min(0, 'Input tokens must be a non-negative number'),
   output: z.number().min(0, 'Output tokens must be a non-negative number'),
   model: z.string().min(1, 'Model is required'),
+  multiplier: z.number().min(0),
 })
 
-// Authentication function (reused from copilot/methods route)
-function checkInternalApiKey(req: NextRequest) {
-  const apiKey = req.headers.get('x-api-key')
-  const expectedApiKey = env.INTERNAL_API_SECRET
-
-  if (!expectedApiKey) {
-    return { success: false, error: 'Internal API key not configured' }
-  }
-
-  if (!apiKey) {
-    return { success: false, error: 'API key required' }
-  }
-
-  if (apiKey !== expectedApiKey) {
-    return { success: false, error: 'Invalid API key' }
-  }
-
-  return { success: true }
-}
-
 /**
  * POST /api/billing/update-cost
  * Update user cost based on token usage with internal API key auth
@@ -50,6 +30,19 @@ export async function POST(req: NextRequest) {
   try {
     logger.info(`[${requestId}] Update cost request started`)
 
+    if (!isBillingEnabled) {
+      logger.debug(`[${requestId}] Billing is disabled, skipping cost update`)
+      return NextResponse.json({
+        success: true,
+        message: 'Billing disabled, cost update skipped',
+        data: {
+          billingEnabled: false,
+          processedAt: new Date().toISOString(),
+          requestId,
+        },
+      })
+    }
+
     // Check authentication (internal API key)
     const authResult = checkInternalApiKey(req)
     if (!authResult.success) {
@@ -82,27 +75,27 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    const { userId, input, output, model } = validation.data
+    const { userId, input, output, model, multiplier } = validation.data
 
     logger.info(`[${requestId}] Processing cost update`, {
       userId,
       input,
       output,
       model,
+      multiplier,
     })
 
     const finalPromptTokens = input
     const finalCompletionTokens = output
     const totalTokens = input + output
 
-    // Calculate cost using COPILOT_COST_MULTIPLIER (only in production, like normal executions)
-    const copilotMultiplier = isProd ? env.COPILOT_COST_MULTIPLIER || 1 : 1
+    // Calculate cost using provided multiplier (required)
     const costResult = calculateCost(
       model,
       finalPromptTokens,
       finalCompletionTokens,
       false,
-      copilotMultiplier
+      multiplier
     )
 
     logger.info(`[${requestId}] Cost calculation result`, {
@@ -111,7 +104,7 @@ export async function POST(req: NextRequest) {
       promptTokens: finalPromptTokens,
       completionTokens: finalCompletionTokens,
       totalTokens: totalTokens,
-      copilotMultiplier,
+      multiplier,
       costResult,
     })
 
@@ -134,6 +127,10 @@ export async function POST(req: NextRequest) {
         totalTokensUsed: totalTokens,
         totalCost: costToStore.toString(),
         currentPeriodCost: costToStore.toString(),
+        // Copilot usage tracking
+        totalCopilotCost: costToStore.toString(),
+        totalCopilotTokens: totalTokens,
+        totalCopilotCalls: 1,
         lastActive: new Date(),
       })
 
@@ -148,6 +145,10 @@ export async function POST(req: NextRequest) {
         totalTokensUsed: sql`total_tokens_used + ${totalTokens}`,
         totalCost: sql`total_cost + ${costToStore}`,
         currentPeriodCost: sql`current_period_cost + ${costToStore}`,
+        // Copilot usage tracking increments
+        totalCopilotCost: sql`total_copilot_cost + ${costToStore}`,
+        totalCopilotTokens: sql`total_copilot_tokens + ${totalTokens}`,
+        totalCopilotCalls: sql`total_copilot_calls + 1`,
         totalApiCalls: sql`total_api_calls`,
         lastActive: new Date(),
       }

apps/sim/app/api/chat/route.test.ts

@@ -246,7 +246,10 @@ describe('Chat API Route', () => {
           NEXT_PUBLIC_APP_URL: 'http://localhost:3000',
         },
         isTruthy: (value: string | boolean | number | undefined) =>
-          typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
+          typeof value === 'string'
+            ? value.toLowerCase() === 'true' || value === '1'
+            : Boolean(value),
+        getEnv: (variable: string) => process.env[variable],
       }))
 
       const validData = {
@@ -291,6 +294,7 @@ describe('Chat API Route', () => {
         },
         isTruthy: (value: string | boolean | number | undefined) =>
           typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
+        getEnv: (variable: string) => process.env[variable],
       }))
 
       const validData = {

apps/sim/app/api/chat/route.ts

@@ -14,8 +14,6 @@ import { chat } from '@/db/schema'
 
 const logger = createLogger('ChatAPI')
 
-export const dynamic = 'force-dynamic'
-
 const chatSchema = z.object({
   workflowId: z.string().min(1, 'Workflow ID is required'),
   subdomain: z
@@ -150,7 +148,7 @@ export async function POST(request: NextRequest) {
       // Merge customizations with the additional fields
       const mergedCustomizations = {
         ...(customizations || {}),
-        primaryColor: customizations?.primaryColor || '#802FFF',
+        primaryColor: customizations?.primaryColor || 'var(--brand-primary-hover-hex)',
         welcomeMessage: customizations?.welcomeMessage || 'Hi there! How can I help you today?',
       }
 

apps/sim/app/api/chat/subdomains/validate/route.ts

@@ -2,9 +2,6 @@ import { eq } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
 import { chat } from '@/db/schema'

apps/sim/app/api/copilot/api-keys/generate/route.ts

@@ -0,0 +1,70 @@
+import { createCipheriv, createHash, createHmac, randomBytes } from 'crypto'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { env } from '@/lib/env'
+import { createLogger } from '@/lib/logs/console/logger'
+import { generateApiKey } from '@/lib/utils'
+import { db } from '@/db'
+import { copilotApiKeys } from '@/db/schema'
+
+const logger = createLogger('CopilotApiKeysGenerate')
+
+function deriveKey(keyString: string): Buffer {
+  return createHash('sha256').update(keyString, 'utf8').digest()
+}
+
+function encryptRandomIv(plaintext: string, keyString: string): string {
+  const key = deriveKey(keyString)
+  const iv = randomBytes(16)
+  const cipher = createCipheriv('aes-256-gcm', key, iv)
+  let encrypted = cipher.update(plaintext, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+  const authTag = cipher.getAuthTag().toString('hex')
+  return `${iv.toString('hex')}:${encrypted}:${authTag}`
+}
+
+function computeLookup(plaintext: string, keyString: string): string {
+  // Deterministic, constant-time comparable MAC: HMAC-SHA256(DB_KEY, plaintext)
+  return createHmac('sha256', Buffer.from(keyString, 'utf8'))
+    .update(plaintext, 'utf8')
+    .digest('hex')
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    if (!env.AGENT_API_DB_ENCRYPTION_KEY) {
+      logger.error('AGENT_API_DB_ENCRYPTION_KEY is not set')
+      return NextResponse.json({ error: 'Server not configured' }, { status: 500 })
+    }
+
+    const userId = session.user.id
+
+    // Generate and prefix the key (strip the generic sim_ prefix from the random part)
+    const rawKey = generateApiKey().replace(/^sim_/, '')
+    const plaintextKey = `sk-sim-copilot-${rawKey}`
+
+    // Encrypt with random IV for confidentiality
+    const dbEncrypted = encryptRandomIv(plaintextKey, env.AGENT_API_DB_ENCRYPTION_KEY)
+
+    // Compute deterministic lookup value for O(1) search
+    const lookup = computeLookup(plaintextKey, env.AGENT_API_DB_ENCRYPTION_KEY)
+
+    const [inserted] = await db
+      .insert(copilotApiKeys)
+      .values({ userId, apiKeyEncrypted: dbEncrypted, apiKeyLookup: lookup })
+      .returning({ id: copilotApiKeys.id })
+
+    return NextResponse.json(
+      { success: true, key: { id: inserted.id, apiKey: plaintextKey } },
+      { status: 201 }
+    )
+  } catch (error) {
+    logger.error('Failed to generate copilot API key', { error })
+    return NextResponse.json({ error: 'Failed to generate copilot API key' }, { status: 500 })
+  }
+}

apps/sim/app/api/copilot/api-keys/route.ts

@@ -0,0 +1,85 @@
+import { createDecipheriv, createHash } from 'crypto'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { env } from '@/lib/env'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import { copilotApiKeys } from '@/db/schema'
+
+const logger = createLogger('CopilotApiKeys')
+
+function deriveKey(keyString: string): Buffer {
+  return createHash('sha256').update(keyString, 'utf8').digest()
+}
+
+function decryptWithKey(encryptedValue: string, keyString: string): string {
+  const parts = encryptedValue.split(':')
+  if (parts.length !== 3) {
+    throw new Error('Invalid encrypted value format')
+  }
+  const [ivHex, encryptedHex, authTagHex] = parts
+  const key = deriveKey(keyString)
+  const iv = Buffer.from(ivHex, 'hex')
+  const decipher = createDecipheriv('aes-256-gcm', key, iv)
+  decipher.setAuthTag(Buffer.from(authTagHex, 'hex'))
+  let decrypted = decipher.update(encryptedHex, 'hex', 'utf8')
+  decrypted += decipher.final('utf8')
+  return decrypted
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    if (!env.AGENT_API_DB_ENCRYPTION_KEY) {
+      logger.error('AGENT_API_DB_ENCRYPTION_KEY is not set')
+      return NextResponse.json({ error: 'Server not configured' }, { status: 500 })
+    }
+
+    const userId = session.user.id
+
+    const rows = await db
+      .select({ id: copilotApiKeys.id, apiKeyEncrypted: copilotApiKeys.apiKeyEncrypted })
+      .from(copilotApiKeys)
+      .where(eq(copilotApiKeys.userId, userId))
+
+    const keys = rows.map((row) => ({
+      id: row.id,
+      apiKey: decryptWithKey(row.apiKeyEncrypted, env.AGENT_API_DB_ENCRYPTION_KEY as string),
+    }))
+
+    return NextResponse.json({ keys }, { status: 200 })
+  } catch (error) {
+    logger.error('Failed to get copilot API keys', { error })
+    return NextResponse.json({ error: 'Failed to get keys' }, { status: 500 })
+  }
+}
+
+export async function DELETE(request: NextRequest) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const url = new URL(request.url)
+    const id = url.searchParams.get('id')
+    if (!id) {
+      return NextResponse.json({ error: 'id is required' }, { status: 400 })
+    }
+
+    await db
+      .delete(copilotApiKeys)
+      .where(and(eq(copilotApiKeys.userId, userId), eq(copilotApiKeys.id, id)))
+
+    return NextResponse.json({ success: true }, { status: 200 })
+  } catch (error) {
+    logger.error('Failed to delete copilot API key', { error })
+    return NextResponse.json({ error: 'Failed to delete key' }, { status: 500 })
+  }
+}

apps/sim/app/api/copilot/api-keys/validate/route.ts

@@ -0,0 +1,79 @@
+import { createHmac } from 'crypto'
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { env } from '@/lib/env'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import { copilotApiKeys, userStats } from '@/db/schema'
+
+const logger = createLogger('CopilotApiKeysValidate')
+
+function computeLookup(plaintext: string, keyString: string): string {
+  // Deterministic MAC: HMAC-SHA256(DB_KEY, plaintext)
+  return createHmac('sha256', Buffer.from(keyString, 'utf8'))
+    .update(plaintext, 'utf8')
+    .digest('hex')
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    if (!env.AGENT_API_DB_ENCRYPTION_KEY) {
+      logger.error('AGENT_API_DB_ENCRYPTION_KEY is not set')
+      return NextResponse.json({ error: 'Server not configured' }, { status: 500 })
+    }
+
+    const body = await req.json().catch(() => null)
+    const apiKey = typeof body?.apiKey === 'string' ? body.apiKey : undefined
+
+    if (!apiKey) {
+      return new NextResponse(null, { status: 401 })
+    }
+
+    const lookup = computeLookup(apiKey, env.AGENT_API_DB_ENCRYPTION_KEY)
+
+    // Find matching API key and its user
+    const rows = await db
+      .select({ id: copilotApiKeys.id, userId: copilotApiKeys.userId })
+      .from(copilotApiKeys)
+      .where(eq(copilotApiKeys.apiKeyLookup, lookup))
+      .limit(1)
+
+    if (rows.length === 0) {
+      return new NextResponse(null, { status: 401 })
+    }
+
+    const { userId } = rows[0]
+
+    // Check usage for the associated user
+    const usage = await db
+      .select({
+        currentPeriodCost: userStats.currentPeriodCost,
+        totalCost: userStats.totalCost,
+        currentUsageLimit: userStats.currentUsageLimit,
+      })
+      .from(userStats)
+      .where(eq(userStats.userId, userId))
+      .limit(1)
+
+    if (usage.length > 0) {
+      const currentUsage = Number.parseFloat(
+        (usage[0].currentPeriodCost?.toString() as string) ||
+          (usage[0].totalCost as unknown as string) ||
+          '0'
+      )
+      const limit = Number.parseFloat((usage[0].currentUsageLimit as unknown as string) || '0')
+
+      if (!Number.isNaN(limit) && limit > 0 && currentUsage >= limit) {
+        // Usage exceeded
+        logger.info('[API VALIDATION] Usage exceeded', { userId, currentUsage, limit })
+        return new NextResponse(null, { status: 402 })
+      }
+    }
+
+    // Valid and within usage limits
+    return new NextResponse(null, { status: 200 })
+  } catch (error) {
+    logger.error('Error validating copilot API key', { error })
+    return NextResponse.json({ error: 'Failed to validate key' }, { status: 500 })
+  }
+}

apps/sim/app/api/copilot/chat/route.test.ts

@@ -104,7 +104,8 @@ describe('Copilot Chat API Route', () => {
     vi.doMock('@/lib/env', () => ({
       env: {
         SIM_AGENT_API_URL: 'http://localhost:8000',
-        SIM_AGENT_API_KEY: 'test-sim-agent-key',
+        COPILOT_API_KEY: 'test-sim-agent-key',
+        BETTER_AUTH_URL: 'http://localhost:3000',
       },
     }))
 
@@ -223,6 +224,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            provider: 'openai',
+            depth: 0,
+            origin: 'http://localhost:3000',
           }),
         })
       )
@@ -284,6 +288,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            provider: 'openai',
+            depth: 0,
+            origin: 'http://localhost:3000',
           }),
         })
       )
@@ -337,6 +344,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'agent',
+            provider: 'openai',
+            depth: 0,
+            origin: 'http://localhost:3000',
           }),
         })
       )
@@ -430,6 +440,9 @@ describe('Copilot Chat API Route', () => {
             stream: true,
             streamToolCalls: true,
             mode: 'ask',
+            provider: 'openai',
+            depth: 0,
+            origin: 'http://localhost:3000',
           }),
         })
       )

apps/sim/app/api/copilot/chat/route.ts

@@ -1,3 +1,4 @@
+import { createCipheriv, createDecipheriv, createHash, randomBytes } from 'crypto'
 import { and, desc, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
@@ -13,6 +14,7 @@ import { getCopilotModel } from '@/lib/copilot/config'
 import { TITLE_GENERATION_SYSTEM_PROMPT, TITLE_GENERATION_USER_PROMPT } from '@/lib/copilot/prompts'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent'
 import { downloadFile } from '@/lib/uploads'
 import { downloadFromS3WithConfig } from '@/lib/uploads/s3/s3-client'
 import { S3_COPILOT_CONFIG, USE_S3_STORAGE } from '@/lib/uploads/setup'
@@ -23,6 +25,46 @@ import { createAnthropicFileContent, isSupportedFileType } from './file-utils'
 
 const logger = createLogger('CopilotChatAPI')
 
+// Sim Agent API configuration
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
+function getRequestOrigin(_req: NextRequest): string {
+  try {
+    // Strictly use configured Better Auth URL
+    return env.BETTER_AUTH_URL || ''
+  } catch (_) {
+    return ''
+  }
+}
+
+function deriveKey(keyString: string): Buffer {
+  return createHash('sha256').update(keyString, 'utf8').digest()
+}
+
+function decryptWithKey(encryptedValue: string, keyString: string): string {
+  const [ivHex, encryptedHex, authTagHex] = encryptedValue.split(':')
+  if (!ivHex || !encryptedHex || !authTagHex) {
+    throw new Error('Invalid encrypted format')
+  }
+  const key = deriveKey(keyString)
+  const iv = Buffer.from(ivHex, 'hex')
+  const decipher = createDecipheriv('aes-256-gcm', key, iv)
+  decipher.setAuthTag(Buffer.from(authTagHex, 'hex'))
+  let decrypted = decipher.update(encryptedHex, 'hex', 'utf8')
+  decrypted += decipher.final('utf8')
+  return decrypted
+}
+
+function encryptWithKey(plaintext: string, keyString: string): string {
+  const key = deriveKey(keyString)
+  const iv = randomBytes(16)
+  const cipher = createCipheriv('aes-256-gcm', key, iv)
+  let encrypted = cipher.update(plaintext, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+  const authTag = cipher.getAuthTag().toString('hex')
+  return `${iv.toString('hex')}:${encrypted}:${authTag}`
+}
+
 // Schema for file attachments
 const FileAttachmentSchema = z.object({
   id: z.string(),
@@ -39,16 +81,16 @@ const ChatMessageSchema = z.object({
   chatId: z.string().optional(),
   workflowId: z.string().min(1, 'Workflow ID is required'),
   mode: z.enum(['ask', 'agent']).optional().default('agent'),
+  depth: z.number().int().min(-2).max(3).optional().default(0),
+  prefetch: z.boolean().optional(),
   createNewChat: z.boolean().optional().default(false),
   stream: z.boolean().optional().default(true),
   implicitFeedback: z.string().optional(),
   fileAttachments: z.array(FileAttachmentSchema).optional(),
+  provider: z.string().optional().default('openai'),
+  conversationId: z.string().optional(),
 })
 
-// Sim Agent API configuration
-const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || 'http://localhost:8000'
-const SIM_AGENT_API_KEY = env.SIM_AGENT_API_KEY
-
 /**
  * Generate a chat title using LLM
  */
@@ -156,12 +198,37 @@ export async function POST(req: NextRequest) {
       chatId,
       workflowId,
       mode,
+      depth,
+      prefetch,
       createNewChat,
       stream,
       implicitFeedback,
       fileAttachments,
+      provider,
+      conversationId,
     } = ChatMessageSchema.parse(body)
 
+    // Derive request origin for downstream service
+    const requestOrigin = getRequestOrigin(req)
+
+    if (!requestOrigin) {
+      logger.error(`[${tracker.requestId}] Missing required configuration: BETTER_AUTH_URL`)
+      return createInternalServerErrorResponse('Missing required configuration: BETTER_AUTH_URL')
+    }
+
+    // Consolidation mapping: map negative depths to base depth with prefetch=true
+    let effectiveDepth: number | undefined = typeof depth === 'number' ? depth : undefined
+    let effectivePrefetch: boolean | undefined = prefetch
+    if (typeof effectiveDepth === 'number') {
+      if (effectiveDepth === -2) {
+        effectiveDepth = 1
+        effectivePrefetch = true
+      } else if (effectiveDepth === -1) {
+        effectiveDepth = 0
+        effectivePrefetch = true
+      }
+    }
+
     logger.info(`[${tracker.requestId}] Processing copilot chat request`, {
       userId: authenticatedUserId,
       workflowId,
@@ -171,6 +238,11 @@ export async function POST(req: NextRequest) {
       createNewChat,
       messageLength: message.length,
       hasImplicitFeedback: !!implicitFeedback,
+      provider: provider || 'openai',
+      hasConversationId: !!conversationId,
+      depth,
+      prefetch,
+      origin: requestOrigin,
     })
 
     // Handle chat context
@@ -252,7 +324,7 @@ export async function POST(req: NextRequest) {
     }
 
     // Build messages array for sim agent with conversation history
-    const messages = []
+    const messages: any[] = []
 
     // Add conversation history (need to rebuild these with file support if they had attachments)
     for (const msg of conversationHistory) {
@@ -327,40 +399,74 @@ export async function POST(req: NextRequest) {
       })
     }
 
-    // Start title generation in parallel if this is a new chat with first message
-    if (actualChatId && !currentChat?.title && conversationHistory.length === 0) {
-      logger.info(`[${tracker.requestId}] Will start parallel title generation inside stream`)
+    // Determine provider and conversationId to use for this request
+    const providerToUse = provider || 'openai'
+    const effectiveConversationId =
+      (currentChat?.conversationId as string | undefined) || conversationId
+
+    // If we have a conversationId, only send the most recent user message; else send full history
+    const latestUserMessage =
+      [...messages].reverse().find((m) => m?.role === 'user') || messages[messages.length - 1]
+    const messagesForAgent = effectiveConversationId ? [latestUserMessage] : messages
+
+    const requestPayload = {
+      messages: messagesForAgent,
+      workflowId,
+      userId: authenticatedUserId,
+      stream: stream,
+      streamToolCalls: true,
+      mode: mode,
+      provider: providerToUse,
+      ...(effectiveConversationId ? { conversationId: effectiveConversationId } : {}),
+      ...(typeof effectiveDepth === 'number' ? { depth: effectiveDepth } : {}),
+      ...(typeof effectivePrefetch === 'boolean' ? { prefetch: effectivePrefetch } : {}),
+      ...(session?.user?.name && { userName: session.user.name }),
+      ...(requestOrigin ? { origin: requestOrigin } : {}),
     }
 
-    // Forward to sim agent API
-    logger.info(`[${tracker.requestId}] Sending request to sim agent API`, {
-      messageCount: messages.length,
-      endpoint: `${SIM_AGENT_API_URL}/api/chat-completion-streaming`,
-    })
+    // Log the payload being sent to the streaming endpoint
+    try {
+      logger.info(`[${tracker.requestId}] Sending payload to sim agent streaming endpoint`, {
+        url: `${SIM_AGENT_API_URL}/api/chat-completion-streaming`,
+        provider: providerToUse,
+        mode,
+        stream,
+        workflowId,
+        hasConversationId: !!effectiveConversationId,
+        depth: typeof effectiveDepth === 'number' ? effectiveDepth : undefined,
+        prefetch: typeof effectivePrefetch === 'boolean' ? effectivePrefetch : undefined,
+        messagesCount: requestPayload.messages.length,
+        ...(requestOrigin ? { origin: requestOrigin } : {}),
+      })
+      // Full payload as JSON string
+      logger.info(
+        `[${tracker.requestId}] Full streaming payload: ${JSON.stringify(requestPayload)}`
+      )
+    } catch (e) {
+      logger.warn(`[${tracker.requestId}] Failed to log payload preview for streaming endpoint`, e)
+    }
 
     const simAgentResponse = await fetch(`${SIM_AGENT_API_URL}/api/chat-completion-streaming`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
-        ...(SIM_AGENT_API_KEY && { 'x-api-key': SIM_AGENT_API_KEY }),
+        ...(env.COPILOT_API_KEY ? { 'x-api-key': env.COPILOT_API_KEY } : {}),
       },
-      body: JSON.stringify({
-        messages,
-        workflowId,
-        userId: authenticatedUserId,
-        stream: stream,
-        streamToolCalls: true,
-        mode: mode,
-        ...(session?.user?.name && { userName: session.user.name }),
-      }),
+      body: JSON.stringify(requestPayload),
     })
 
     if (!simAgentResponse.ok) {
-      const errorText = await simAgentResponse.text()
+      if (simAgentResponse.status === 401 || simAgentResponse.status === 402) {
+        // Rethrow status only; client will render appropriate assistant message
+        return new NextResponse(null, { status: simAgentResponse.status })
+      }
+
+      const errorText = await simAgentResponse.text().catch(() => '')
       logger.error(`[${tracker.requestId}] Sim agent API error:`, {
         status: simAgentResponse.status,
         error: errorText,
       })
+
       return NextResponse.json(
         { error: `Sim agent API error: ${simAgentResponse.statusText}` },
         { status: simAgentResponse.status }
@@ -388,6 +494,14 @@ export async function POST(req: NextRequest) {
           const toolCalls: any[] = []
           let buffer = ''
           let isFirstDone = true
+          let responseIdFromStart: string | undefined
+          let responseIdFromDone: string | undefined
+          // Track tool call progress to identify a safe done event
+          const announcedToolCallIds = new Set<string>()
+          const startedToolExecutionIds = new Set<string>()
+          const completedToolExecutionIds = new Set<string>()
+          let lastDoneResponseId: string | undefined
+          let lastSafeDoneResponseId: string | undefined
 
           // Send chatId as first event
           if (actualChatId) {
@@ -486,6 +600,13 @@ export async function POST(req: NextRequest) {
                         }
                         break
 
+                      case 'reasoning':
+                        // Treat like thinking: do not add to assistantContent to avoid leaking
+                        logger.debug(
+                          `[${tracker.requestId}] Reasoning chunk received (${(event.data || event.content || '').length} chars)`
+                        )
+                        break
+
                       case 'tool_call':
                         logger.info(
                           `[${tracker.requestId}] Tool call ${event.data?.partial ? '(partial)' : '(complete)'}:`,
@@ -498,6 +619,9 @@ export async function POST(req: NextRequest) {
                         )
                         if (!event.data?.partial) {
                           toolCalls.push(event.data)
+                          if (event.data?.id) {
+                            announcedToolCallIds.add(event.data.id)
+                          }
                         }
                         break
 
@@ -507,6 +631,14 @@ export async function POST(req: NextRequest) {
                           toolName: event.toolName,
                           status: event.status,
                         })
+                        if (event.toolCallId) {
+                          if (event.status === 'completed') {
+                            startedToolExecutionIds.add(event.toolCallId)
+                            completedToolExecutionIds.add(event.toolCallId)
+                          } else {
+                            startedToolExecutionIds.add(event.toolCallId)
+                          }
+                        }
                         break
 
                       case 'tool_result':
@@ -517,6 +649,9 @@ export async function POST(req: NextRequest) {
                           result: `${JSON.stringify(event.result).substring(0, 200)}...`,
                           resultSize: JSON.stringify(event.result).length,
                         })
+                        if (event.toolCallId) {
+                          completedToolExecutionIds.add(event.toolCallId)
+                        }
                         break
 
                       case 'tool_error':
@@ -526,9 +661,43 @@ export async function POST(req: NextRequest) {
                           error: event.error,
                           success: event.success,
                         })
+                        if (event.toolCallId) {
+                          completedToolExecutionIds.add(event.toolCallId)
+                        }
+                        break
+
+                      case 'start':
+                        if (event.data?.responseId) {
+                          responseIdFromStart = event.data.responseId
+                          logger.info(
+                            `[${tracker.requestId}] Received start event with responseId: ${responseIdFromStart}`
+                          )
+                        }
                         break
 
                       case 'done':
+                        if (event.data?.responseId) {
+                          responseIdFromDone = event.data.responseId
+                          lastDoneResponseId = responseIdFromDone
+                          logger.info(
+                            `[${tracker.requestId}] Received done event with responseId: ${responseIdFromDone}`
+                          )
+                          // Mark this done as safe only if no tool call is currently in progress or pending
+                          const announced = announcedToolCallIds.size
+                          const completed = completedToolExecutionIds.size
+                          const started = startedToolExecutionIds.size
+                          const hasToolInProgress = announced > completed || started > completed
+                          if (!hasToolInProgress) {
+                            lastSafeDoneResponseId = responseIdFromDone
+                            logger.info(
+                              `[${tracker.requestId}] Marked done as SAFE (no tools in progress)`
+                            )
+                          } else {
+                            logger.info(
+                              `[${tracker.requestId}] Done received but tools are in progress (announced=${announced}, started=${started}, completed=${completed})`
+                            )
+                          }
+                        }
                         if (isFirstDone) {
                           logger.info(
                             `[${tracker.requestId}] Initial AI response complete, tool count: ${toolCalls.length}`
@@ -622,12 +791,17 @@ export async function POST(req: NextRequest) {
                 )
               }
 
+              // Persist only a safe conversationId to avoid continuing from a state that expects tool outputs
+              const previousConversationId = currentChat?.conversationId as string | undefined
+              const responseId = lastSafeDoneResponseId || previousConversationId || undefined
+
               // Update chat in database immediately (without title)
               await db
                 .update(copilotChats)
                 .set({
                   messages: updatedMessages,
                   updatedAt: new Date(),
+                  ...(responseId ? { conversationId: responseId } : {}),
                 })
                 .where(eq(copilotChats.id, actualChatId!))
 
@@ -635,6 +809,7 @@ export async function POST(req: NextRequest) {
                 messageCount: updatedMessages.length,
                 savedUserMessage: true,
                 savedAssistantMessage: assistantContent.trim().length > 0,
+                updatedConversationId: responseId || null,
               })
             }
           } catch (error) {

apps/sim/app/api/copilot/chat/update-messages/route.ts

@@ -51,12 +51,6 @@ export async function POST(req: NextRequest) {
     const body = await req.json()
     const { chatId, messages } = UpdateMessagesSchema.parse(body)
 
-    logger.info(`[${tracker.requestId}] Updating chat messages`, {
-      userId,
-      chatId,
-      messageCount: messages.length,
-    })
-
     // Verify that the chat belongs to the user
     const [chat] = await db
       .select()

apps/sim/app/api/copilot/confirm/route.ts

@@ -38,7 +38,7 @@ async function updateToolCallStatus(
 
   try {
     const key = `tool_call:${toolCallId}`
-    const timeout = 60000 // 1 minute timeout
+    const timeout = 600000 // 10 minutes timeout for user confirmation
     const pollInterval = 100 // Poll every 100ms
     const startTime = Date.now()
 
@@ -48,11 +48,6 @@ async function updateToolCallStatus(
     while (Date.now() - startTime < timeout) {
       const exists = await redis.exists(key)
       if (exists) {
-        logger.info('Tool call found in Redis, updating status', {
-          toolCallId,
-          key,
-          pollDuration: Date.now() - startTime,
-        })
         break
       }
 
@@ -79,27 +74,8 @@ async function updateToolCallStatus(
       timestamp: new Date().toISOString(),
     }
 
-    // Log what we're about to update in Redis
-    logger.info('About to update Redis with tool call data', {
-      toolCallId,
-      key,
-      toolCallData,
-      serializedData: JSON.stringify(toolCallData),
-      providedStatus: status,
-      providedMessage: message,
-      messageIsUndefined: message === undefined,
-      messageIsNull: message === null,
-    })
-
     await redis.set(key, JSON.stringify(toolCallData), 'EX', 86400) // Keep 24 hour expiry
 
-    logger.info('Tool call status updated in Redis', {
-      toolCallId,
-      key,
-      status,
-      message,
-      pollDuration: Date.now() - startTime,
-    })
     return true
   } catch (error) {
     logger.error('Failed to update tool call status in Redis', {
@@ -131,13 +107,6 @@ export async function POST(req: NextRequest) {
     const body = await req.json()
     const { toolCallId, status, message } = ConfirmationSchema.parse(body)
 
-    logger.info(`[${tracker.requestId}] Tool call confirmation request`, {
-      userId: authenticatedUserId,
-      toolCallId,
-      status,
-      message,
-    })
-
     // Update the tool call status in Redis
     const updated = await updateToolCallStatus(toolCallId, status, message)
 
@@ -153,13 +122,6 @@ export async function POST(req: NextRequest) {
     }
 
     const duration = tracker.getDuration()
-    logger.info(`[${tracker.requestId}] Tool call confirmation completed`, {
-      userId: authenticatedUserId,
-      toolCallId,
-      status,
-      internalStatus: status,
-      duration,
-    })
 
     return NextResponse.json({
       success: true,

apps/sim/app/api/copilot/methods/route.test.ts

@@ -60,6 +60,7 @@ describe('Copilot Methods API Route', () => {
     vi.doMock('@/lib/env', () => ({
       env: {
         INTERNAL_API_SECRET: 'test-secret-key',
+        COPILOT_API_KEY: 'test-copilot-key',
       },
     }))
 
@@ -123,10 +124,8 @@ describe('Copilot Methods API Route', () => {
 
       expect(response.status).toBe(401)
       const responseData = await response.json()
-      expect(responseData).toEqual({
-        success: false,
-        error: 'Invalid API key',
-      })
+      expect(responseData.success).toBe(false)
+      expect(typeof responseData.error).toBe('string')
     })
 
     it('should return 401 when internal API key is not configured', async () => {
@@ -134,6 +133,7 @@ describe('Copilot Methods API Route', () => {
       vi.doMock('@/lib/env', () => ({
         env: {
           INTERNAL_API_SECRET: undefined,
+          COPILOT_API_KEY: 'test-copilot-key',
         },
       }))
 
@@ -154,10 +154,9 @@ describe('Copilot Methods API Route', () => {
 
       expect(response.status).toBe(401)
       const responseData = await response.json()
-      expect(responseData).toEqual({
-        success: false,
-        error: 'Internal API key not configured',
-      })
+      expect(responseData.status).toBeUndefined()
+      expect(responseData.success).toBe(false)
+      expect(typeof responseData.error).toBe('string')
     })
 
     it('should return 400 for invalid request body - missing methodId', async () => {

apps/sim/app/api/copilot/methods/route.ts

@@ -2,7 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { copilotToolRegistry } from '@/lib/copilot/tools/server-tools/registry'
 import type { NotificationStatus } from '@/lib/copilot/types'
-import { env } from '@/lib/env'
+import { checkCopilotApiKey, checkInternalApiKey } from '@/lib/copilot/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getRedisClient } from '@/lib/redis'
 import { createErrorResponse } from '@/app/api/copilot/methods/utils'
@@ -65,16 +65,10 @@ async function pollRedisForTool(
   }
 
   const key = `tool_call:${toolCallId}`
-  const timeout = 300000 // 5 minutes
+  const timeout = 600000 // 10 minutes for long-running operations
   const pollInterval = 1000 // 1 second
   const startTime = Date.now()
 
-  logger.info('Starting to poll Redis for tool call status', {
-    toolCallId,
-    timeout,
-    pollInterval,
-  })
-
   while (Date.now() - startTime < timeout) {
     try {
       const redisValue = await redis.get(key)
@@ -112,23 +106,6 @@ async function pollRedisForTool(
           rawRedisValue: redisValue,
         })
 
-        logger.info('Tool call status resolved', {
-          toolCallId,
-          status,
-          message,
-          duration: Date.now() - startTime,
-          rawRedisValue: redisValue,
-          parsedAsJSON: redisValue
-            ? (() => {
-                try {
-                  return JSON.parse(redisValue)
-                } catch {
-                  return 'failed-to-parse'
-                }
-              })()
-            : null,
-        })
-
         // Special logging for set environment variables tool when Redis status is found
         if (toolCallId && (status === 'accepted' || status === 'rejected')) {
           logger.info('SET_ENV_VARS: Redis polling found status update', {
@@ -240,33 +217,12 @@ async function interruptHandler(toolCallId: string): Promise<{
   }
 }
 
-// Schema for method execution
 const MethodExecutionSchema = z.object({
   methodId: z.string().min(1, 'Method ID is required'),
   params: z.record(z.any()).optional().default({}),
   toolCallId: z.string().nullable().optional().default(null),
 })
 
-// Simple internal API key authentication
-function checkInternalApiKey(req: NextRequest) {
-  const apiKey = req.headers.get('x-api-key')
-  const expectedApiKey = env.INTERNAL_API_SECRET
-
-  if (!expectedApiKey) {
-    return { success: false, error: 'Internal API key not configured' }
-  }
-
-  if (!apiKey) {
-    return { success: false, error: 'API key required' }
-  }
-
-  if (apiKey !== expectedApiKey) {
-    return { success: false, error: 'Invalid API key' }
-  }
-
-  return { success: true }
-}
-
 /**
  * POST /api/copilot/methods
  * Execute a method based on methodId with internal API key auth
@@ -276,10 +232,13 @@ export async function POST(req: NextRequest) {
   const startTime = Date.now()
 
   try {
-    // Check authentication (internal API key)
-    const authResult = checkInternalApiKey(req)
-    if (!authResult.success) {
-      return NextResponse.json(createErrorResponse(authResult.error || 'Authentication failed'), {
+    // Evaluate both auth schemes; pass if either is valid
+    const internalAuth = checkInternalApiKey(req)
+    const copilotAuth = checkCopilotApiKey(req)
+    const isAuthenticated = !!(internalAuth?.success || copilotAuth?.success)
+    if (!isAuthenticated) {
+      const errorMessage = copilotAuth.error || internalAuth.error || 'Authentication failed'
+      return NextResponse.json(createErrorResponse(errorMessage), {
         status: 401,
       })
     }
@@ -287,7 +246,7 @@ export async function POST(req: NextRequest) {
     const body = await req.json()
     const { methodId, params, toolCallId } = MethodExecutionSchema.parse(body)
 
-    logger.info(`[${requestId}] Method execution request: ${methodId}`, {
+    logger.info(`[${requestId}] Method execution request`, {
       methodId,
       toolCallId,
       hasParams: !!params && Object.keys(params).length > 0,

apps/sim/app/api/environment/route.ts

@@ -3,9 +3,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { decryptSecret, encryptSecret } from '@/lib/utils'
 import { db } from '@/db'
 import { environment } from '@/db/schema'

apps/sim/app/api/files/utils.ts

@@ -178,7 +178,7 @@ export function findLocalFile(filename: string): string | null {
  * Create a file response with appropriate headers
  */
 export function createFileResponse(file: FileResponse): NextResponse {
-  return new NextResponse(file.buffer, {
+  return new NextResponse(file.buffer as BodyInit, {
     status: 200,
     headers: {
       'Content-Type': file.contentType,

apps/sim/app/api/function/execute/route.test.ts

@@ -7,7 +7,6 @@ import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import { createMockRequest } from '@/app/api/__test-utils__/utils'
 
-const mockFreestyleExecuteScript = vi.fn()
 const mockCreateContext = vi.fn()
 const mockRunInContext = vi.fn()
 const mockLogger = {
@@ -29,27 +28,10 @@ describe('Function Execute API Route', () => {
       })),
     }))
 
-    vi.doMock('freestyle-sandboxes', () => ({
-      FreestyleSandboxes: vi.fn().mockImplementation(() => ({
-        executeScript: mockFreestyleExecuteScript,
-      })),
-    }))
-
-    vi.doMock('@/lib/env', () => ({
-      env: {
-        FREESTYLE_API_KEY: 'test-freestyle-key',
-      },
-    }))
-
     vi.doMock('@/lib/logs/console/logger', () => ({
       createLogger: vi.fn().mockReturnValue(mockLogger),
     }))
 
-    mockFreestyleExecuteScript.mockResolvedValue({
-      result: 'freestyle success',
-      logs: [],
-    })
-
     mockRunInContext.mockResolvedValue('vm success')
     mockCreateContext.mockReturnValue({})
   })
@@ -228,107 +210,6 @@ describe('Function Execute API Route', () => {
     })
   })
 
-  describe.skip('Freestyle Execution', () => {
-    it('should use Freestyle when API key is available', async () => {
-      const req = createMockRequest('POST', {
-        code: 'return "freestyle test"',
-      })
-
-      const { POST } = await import('@/app/api/function/execute/route')
-      await POST(req)
-
-      expect(mockFreestyleExecuteScript).toHaveBeenCalled()
-      expect(mockLogger.info).toHaveBeenCalledWith(
-        expect.stringMatching(/\[.*\] Using Freestyle for code execution/)
-      )
-    })
-
-    it('should handle Freestyle errors and fallback to VM', async () => {
-      mockFreestyleExecuteScript.mockRejectedValueOnce(new Error('Freestyle API error'))
-
-      const req = createMockRequest('POST', {
-        code: 'return "fallback test"',
-      })
-
-      const { POST } = await import('@/app/api/function/execute/route')
-      const response = await POST(req)
-
-      expect(mockFreestyleExecuteScript).toHaveBeenCalled()
-      expect(mockRunInContext).toHaveBeenCalled()
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        expect.stringMatching(/\[.*\] Freestyle API call failed, falling back to VM:/),
-        expect.any(Object)
-      )
-    })
-
-    it('should handle Freestyle script errors', async () => {
-      mockFreestyleExecuteScript.mockResolvedValueOnce({
-        result: null,
-        logs: [{ type: 'error', message: 'ReferenceError: undefined variable' }],
-      })
-
-      const req = createMockRequest('POST', {
-        code: 'return undefinedVariable',
-      })
-
-      const { POST } = await import('@/app/api/function/execute/route')
-      const response = await POST(req)
-
-      expect(response.status).toBe(500)
-      const data = await response.json()
-      expect(data.success).toBe(false)
-    })
-  })
-
-  describe('VM Execution', () => {
-    it.skip('should use VM when Freestyle API key is not available', async () => {
-      // Mock no Freestyle API key
-      vi.doMock('@/lib/env', () => ({
-        env: {
-          FREESTYLE_API_KEY: undefined,
-        },
-      }))
-
-      const req = createMockRequest('POST', {
-        code: 'return "vm test"',
-      })
-
-      const { POST } = await import('@/app/api/function/execute/route')
-      await POST(req)
-
-      expect(mockFreestyleExecuteScript).not.toHaveBeenCalled()
-      expect(mockRunInContext).toHaveBeenCalled()
-      expect(mockLogger.info).toHaveBeenCalledWith(
-        expect.stringMatching(
-          /\[.*\] Using VM for code execution \(no Freestyle API key available\)/
-        )
-      )
-    })
-
-    it('should handle VM execution errors', async () => {
-      // Mock no Freestyle API key so it uses VM
-      vi.doMock('@/lib/env', () => ({
-        env: {
-          FREESTYLE_API_KEY: undefined,
-        },
-      }))
-
-      mockRunInContext.mockRejectedValueOnce(new Error('VM execution error'))
-
-      const req = createMockRequest('POST', {
-        code: 'return invalidCode(',
-      })
-
-      const { POST } = await import('@/app/api/function/execute/route')
-      const response = await POST(req)
-
-      expect(response.status).toBe(500)
-      const data = await response.json()
-      expect(data.success).toBe(false)
-      expect(data.error).toContain('VM execution error')
-    })
-  })
-
   describe('Custom Tools', () => {
     it('should handle custom tool execution with direct parameter access', async () => {
       const req = createMockRequest('POST', {
@@ -651,113 +532,3 @@ SyntaxError: Invalid or unexpected token
     })
   })
 })
-
-describe('Function Execute API - Template Variable Edge Cases', () => {
-  beforeEach(() => {
-    vi.resetModules()
-    vi.resetAllMocks()
-
-    vi.doMock('@/lib/logs/console/logger', () => ({
-      createLogger: vi.fn().mockReturnValue(mockLogger),
-    }))
-
-    vi.doMock('@/lib/env', () => ({
-      env: {
-        FREESTYLE_API_KEY: 'test-freestyle-key',
-      },
-    }))
-
-    vi.doMock('vm', () => ({
-      createContext: mockCreateContext,
-      Script: vi.fn().mockImplementation(() => ({
-        runInContext: mockRunInContext,
-      })),
-    }))
-
-    vi.doMock('freestyle-sandboxes', () => ({
-      FreestyleSandboxes: vi.fn().mockImplementation(() => ({
-        executeScript: mockFreestyleExecuteScript,
-      })),
-    }))
-
-    mockFreestyleExecuteScript.mockResolvedValue({
-      result: 'freestyle success',
-      logs: [],
-    })
-
-    mockRunInContext.mockResolvedValue('vm success')
-    mockCreateContext.mockReturnValue({})
-  })
-
-  it.skip('should handle nested template variables', async () => {
-    mockFreestyleExecuteScript.mockResolvedValueOnce({
-      result: 'environment-valueparam-value',
-      logs: [],
-    })
-
-    const req = createMockRequest('POST', {
-      code: 'return {{outer}} + <inner>',
-      envVars: {
-        outer: 'environment-value',
-      },
-      params: {
-        inner: 'param-value',
-      },
-    })
-
-    const { POST } = await import('@/app/api/function/execute/route')
-    const response = await POST(req)
-    const data = await response.json()
-
-    expect(response.status).toBe(200)
-    expect(data.success).toBe(true)
-    expect(data.output.result).toBe('environment-valueparam-value')
-  })
-
-  it.skip('should prioritize environment variables over params for {{}} syntax', async () => {
-    mockFreestyleExecuteScript.mockResolvedValueOnce({
-      result: 'env-wins',
-      logs: [],
-    })
-
-    const req = createMockRequest('POST', {
-      code: 'return {{conflictVar}}',
-      envVars: {
-        conflictVar: 'env-wins',
-      },
-      params: {
-        conflictVar: 'param-loses',
-      },
-    })
-
-    const { POST } = await import('@/app/api/function/execute/route')
-    const response = await POST(req)
-    const data = await response.json()
-
-    expect(response.status).toBe(200)
-    expect(data.success).toBe(true)
-    // Environment variable should take precedence
-    expect(data.output.result).toBe('env-wins')
-  })
-
-  it.skip('should handle missing template variables gracefully', async () => {
-    mockFreestyleExecuteScript.mockResolvedValueOnce({
-      result: '',
-      logs: [],
-    })
-
-    const req = createMockRequest('POST', {
-      code: 'return {{nonexistent}} + <alsoMissing>',
-      envVars: {},
-      params: {},
-    })
-
-    const { POST } = await import('@/app/api/function/execute/route')
-    const response = await POST(req)
-    const data = await response.json()
-
-    expect(response.status).toBe(200)
-    expect(data.success).toBe(true)
-    expect(data.output.result).toBe('')
-  })
-})

apps/sim/app/api/function/execute/route.ts

@@ -367,150 +367,6 @@ export async function POST(req: NextRequest) {
 
     const executionMethod = 'vm' // Default execution method
 
-    // // Try to use Freestyle if the API key is available
-    // if (env.FREESTYLE_API_KEY) {
-    //   try {
-    //     logger.info(`[${requestId}] Using Freestyle for code execution`)
-    //     executionMethod = 'freestyle'
-
-    //     // Extract npm packages from code if needed
-    //     const importRegex =
-    //       /import\s+?(?:(?:(?:[\w*\s{},]*)\s+from\s+?)|)(?:(?:"([^"]*)")|(?:'([^']*)'))[^;]*/g
-    //     const requireRegex = /const\s+[\w\s{}]*\s*=\s*require\s*\(\s*['"]([^'"]+)['"]\s*\)/g
-
-    //     const packages: Record<string, string> = {}
-    //     const matches = [
-    //       ...resolvedCode.matchAll(importRegex),
-    //       ...resolvedCode.matchAll(requireRegex),
-    //     ]
-
-    //     // Extract package names from import statements
-    //     for (const match of matches) {
-    //       const packageName = match[1] || match[2]
-    //       if (packageName && !packageName.startsWith('.') && !packageName.startsWith('/')) {
-    //         // Extract just the package name without version or subpath
-    //         const basePackageName = packageName.split('/')[0]
-    //         packages[basePackageName] = 'latest' // Use latest version
-    //       }
-    //     }
-
-    //     const freestyle = new FreestyleSandboxes({
-    //       apiKey: env.FREESTYLE_API_KEY,
-    //     })
-
-    //     // Wrap code in export default to match Freestyle's expectations
-    //     const wrappedCode = isCustomTool
-    //       ? `export default async () => {
-    //           // For custom tools, directly declare parameters as variables
-    //           ${Object.entries(executionParams)
-    //             .map(([key, value]) => `const ${key} = ${safeJSONStringify(value)};`)
-    //             .join('\n              ')}
-    //           ${resolvedCode}
-    //         }`
-    //       : `export default async () => { ${resolvedCode} }`
-
-    //     // Execute the code with Freestyle
-    //     const res = await freestyle.executeScript(wrappedCode, {
-    //       nodeModules: packages,
-    //       timeout: null,
-    //       envVars: envVars,
-    //     })
-
-    //     // Check for direct API error response
-    //     // Type assertion since the library types don't include error response
-    //     const response = res as { _type?: string; error?: string }
-    //     if (response._type === 'error' && response.error) {
-    //       logger.error(`[${requestId}] Freestyle returned error response`, {
-    //         error: response.error,
-    //       })
-    //       throw response.error
-    //     }
-
-    //     // Capture stdout/stderr from Freestyle logs
-    //     stdout =
-    //       res.logs
-    //         ?.map((log) => (log.type === 'error' ? 'ERROR: ' : '') + log.message)
-    //         .join('\n') || ''
-
-    //     // Check for errors reported within Freestyle logs
-    //     const freestyleErrors = res.logs?.filter((log) => log.type === 'error') || []
-    //     if (freestyleErrors.length > 0) {
-    //       const errorMessage = freestyleErrors.map((log) => log.message).join('\n')
-    //       logger.error(`[${requestId}] Freestyle execution completed with script errors`, {
-    //         errorMessage,
-    //         stdout,
-    //       })
-    //       // Create a proper Error object to be caught by the outer handler
-    //       const scriptError = new Error(errorMessage)
-    //       scriptError.name = 'FreestyleScriptError'
-    //       throw scriptError
-    //     }
-
-    //     // If no errors, execution was successful
-    //     result = res.result
-    //     logger.info(`[${requestId}] Freestyle execution successful`, {
-    //       result,
-    //       stdout,
-    //     })
-    //   } catch (error: any) {
-    //     // Check if the error came from our explicit throw above due to script errors
-    //     if (error.name === 'FreestyleScriptError') {
-    //       throw error // Re-throw to be caught by the outer handler
-    //     }
-
-    //     // Otherwise, it's likely a Freestyle API call error (network, auth, config, etc.) -> Fallback to VM
-    //     logger.error(`[${requestId}] Freestyle API call failed, falling back to VM:`, {
-    //       error: error.message,
-    //       stack: error.stack,
-    //     })
-    //     executionMethod = 'vm_fallback'
-
-    //     // Continue to VM execution
-    //     const context = createContext({
-    //       params: executionParams,
-    //       environmentVariables: envVars,
-    //       console: {
-    //         log: (...args: any[]) => {
-    //           const logMessage = `${args
-    //             .map((arg) => (typeof arg === 'object' ? JSON.stringify(arg) : String(arg)))
-    //             .join(' ')}\n`
-    //           stdout += logMessage
-    //         },
-    //         error: (...args: any[]) => {
-    //           const errorMessage = `${args
-    //             .map((arg) => (typeof arg === 'object' ? JSON.stringify(arg) : String(arg)))
-    //             .join(' ')}\n`
-    //           logger.error(`[${requestId}] Code Console Error: ${errorMessage}`)
-    //           stdout += `ERROR: ${errorMessage}`
-    //         },
-    //       },
-    //     })
-
-    //     const script = new Script(`
-    //       (async () => {
-    //         try {
-    //           ${
-    //             isCustomTool
-    //               ? `// For custom tools, make parameters directly accessible
-    //               ${Object.keys(executionParams)
-    //                 .map((key) => `const ${key} = params.${key};`)
-    //                 .join('\n                  ')}`
-    //               : ''
-    //           }
-    //           ${resolvedCode}
-    //         } catch (error) {
-    //           console.error(error);
-    //           throw error;
-    //         }
-    //       })()
-    //     `)
-
-    //     result = await script.runInContext(context, {
-    //       timeout,
-    //       displayErrors: true,
-    //     })
-    //   }
-    // } else {
     logger.info(`[${requestId}] Using VM for code execution`, {
       resolvedCode,
       hasEnvVars: Object.keys(envVars).length > 0,

apps/sim/app/api/help/route.ts

@@ -1,15 +1,16 @@
 import { type NextRequest, NextResponse } from 'next/server'
-import { Resend } from 'resend'
 import { z } from 'zod'
+import { renderHelpConfirmationEmail } from '@/components/emails'
+import { getSession } from '@/lib/auth'
+import { sendEmail } from '@/lib/email/mailer'
+import { getFromEmailAddress } from '@/lib/email/utils'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getEmailDomain } from '@/lib/urls/utils'
 
-const resend = env.RESEND_API_KEY ? new Resend(env.RESEND_API_KEY) : null
 const logger = createLogger('HelpAPI')
 
 const helpFormSchema = z.object({
-  email: z.string().email('Invalid email address'),
   subject: z.string().min(1, 'Subject is required'),
   message: z.string().min(1, 'Message is required'),
   type: z.enum(['bug', 'feedback', 'feature_request', 'other']),
@@ -19,23 +20,19 @@ export async function POST(req: NextRequest) {
   const requestId = crypto.randomUUID().slice(0, 8)
 
   try {
-    // Check if Resend API key is configured
-    if (!resend) {
-      logger.error(`[${requestId}] RESEND_API_KEY not configured`)
-      return NextResponse.json(
-        {
-          error:
-            'Email service not configured. Please set RESEND_API_KEY in environment variables.',
-        },
-        { status: 500 }
-      )
+    // Get user session
+    const session = await getSession()
+    if (!session?.user?.email) {
+      logger.warn(`[${requestId}] Unauthorized help request attempt`)
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
     }
 
+    const email = session.user.email
+
     // Handle multipart form data
     const formData = await req.formData()
 
     // Extract form fields
-    const email = formData.get('email') as string
     const subject = formData.get('subject') as string
     const message = formData.get('message') as string
     const type = formData.get('type') as string
@@ -46,19 +43,18 @@ export async function POST(req: NextRequest) {
     })
 
     // Validate the form data
-    const result = helpFormSchema.safeParse({
-      email,
+    const validationResult = helpFormSchema.safeParse({
       subject,
       message,
       type,
     })
 
-    if (!result.success) {
+    if (!validationResult.success) {
       logger.warn(`[${requestId}] Invalid help request data`, {
-        errors: result.error.format(),
+        errors: validationResult.error.format(),
       })
       return NextResponse.json(
-        { error: 'Invalid request data', details: result.error.format() },
+        { error: 'Invalid request data', details: validationResult.error.format() },
         { status: 400 }
       )
     }
@@ -96,63 +92,60 @@ ${message}
       emailText += `\n\n${images.length} image(s) attached.`
     }
 
-    // Send email using Resend
-    const { data, error } = await resend.emails.send({
-      from: `Sim <noreply@${getEmailDomain()}>`,
-      to: [`help@${getEmailDomain()}`],
+    const emailResult = await sendEmail({
+      to: [`help@${env.EMAIL_DOMAIN || getEmailDomain()}`],
       subject: `[${type.toUpperCase()}] ${subject}`,
-      replyTo: email,
       text: emailText,
+      from: getFromEmailAddress(),
+      replyTo: email,
+      emailType: 'transactional',
       attachments: images.map((image) => ({
         filename: image.filename,
         content: image.content.toString('base64'),
         contentType: image.contentType,
-        disposition: 'attachment', // Explicitly set as attachment
+        disposition: 'attachment',
       })),
     })
 
-    if (error) {
-      logger.error(`[${requestId}] Error sending help request email`, error)
+    if (!emailResult.success) {
+      logger.error(`[${requestId}] Error sending help request email`, emailResult.message)
       return NextResponse.json({ error: 'Failed to send email' }, { status: 500 })
     }
 
     logger.info(`[${requestId}] Help request email sent successfully`)
 
     // Send confirmation email to the user
-    await resend.emails
-      .send({
-        from: `Sim <noreply@${getEmailDomain()}>`,
+    try {
+      const confirmationHtml = await renderHelpConfirmationEmail(
+        email,
+        type as 'bug' | 'feedback' | 'feature_request' | 'other',
+        images.length
+      )
+
+      await sendEmail({
         to: [email],
         subject: `Your ${type} request has been received: ${subject}`,
-        text: `
-Hello,
-
-Thank you for your ${type} submission. We've received your request and will get back to you as soon as possible.
-
-Your message:
-${message}
-
-${images.length > 0 ? `You attached ${images.length} image(s).` : ''}
-
-Best regards,
-The Sim Team
-        `,
-        replyTo: `help@${getEmailDomain()}`,
-      })
-      .catch((err) => {
-        logger.warn(`[${requestId}] Failed to send confirmation email`, err)
+        html: confirmationHtml,
+        from: getFromEmailAddress(),
+        replyTo: `help@${env.EMAIL_DOMAIN || getEmailDomain()}`,
+        emailType: 'transactional',
       })
+    } catch (err) {
+      logger.warn(`[${requestId}] Failed to send confirmation email`, err)
+    }
 
     return NextResponse.json(
       { success: true, message: 'Help request submitted successfully' },
       { status: 200 }
     )
   } catch (error) {
-    // Check if error is related to missing API key
-    if (error instanceof Error && error.message.includes('API key')) {
-      logger.error(`[${requestId}] API key configuration error`, error)
+    if (error instanceof Error && error.message.includes('not configured')) {
+      logger.error(`[${requestId}] Email service configuration error`, error)
       return NextResponse.json(
-        { error: 'Email service configuration error. Please check your RESEND_API_KEY.' },
+        {
+          error:
+            'Email service configuration error. Please check your email service configuration.',
+        },
         { status: 500 }
       )
     }

apps/sim/app/api/jobs/[jobId]/route.ts

@@ -1,13 +1,10 @@
-import { runs } from '@trigger.dev/sdk/v3'
+import { runs } from '@trigger.dev/sdk'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-import { db } from '@/db'
-
-export const dynamic = 'force-dynamic'
-
 import { createErrorResponse } from '@/app/api/workflows/utils'
+import { db } from '@/db'
 import { apiKey as apiKeyTable } from '@/db/schema'
 
 const logger = createLogger('TaskStatusAPI')

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/[chunkId]/route.ts

@@ -4,9 +4,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { checkChunkAccess } from '@/app/api/knowledge/utils'
 import { db } from '@/db'
 import { document, embedding } from '@/db/schema'

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts

@@ -4,9 +4,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { estimateTokenCount } from '@/lib/tokenization/estimators'
 import { getUserId } from '@/app/api/auth/oauth/utils'
 import {

apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts

@@ -4,9 +4,6 @@ import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { TAG_SLOTS } from '@/lib/constants/knowledge'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import {
   checkDocumentAccess,
   checkDocumentWriteAccess,

apps/sim/app/api/knowledge/search/utils.test.ts

@@ -4,15 +4,50 @@
  *
  * @vitest-environment node
  */
-import { describe, expect, it, vi } from 'vitest'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
 
 vi.mock('drizzle-orm')
-vi.mock('@/lib/logs/console/logger')
+vi.mock('@/lib/logs/console/logger', () => ({
+  createLogger: vi.fn(() => ({
+    info: vi.fn(),
+    debug: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+  })),
+}))
 vi.mock('@/db')
+vi.mock('@/lib/documents/utils', () => ({
+  retryWithExponentialBackoff: (fn: any) => fn(),
+}))
 
-import { handleTagAndVectorSearch, handleTagOnlySearch, handleVectorOnlySearch } from './utils'
+vi.stubGlobal(
+  'fetch',
+  vi.fn().mockResolvedValue({
+    ok: true,
+    json: async () => ({
+      data: [{ embedding: [0.1, 0.2, 0.3] }],
+    }),
+  })
+)
+
+vi.mock('@/lib/env', () => ({
+  env: {},
+  isTruthy: (value: string | boolean | number | undefined) =>
+    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
+}))
+
+import {
+  generateSearchEmbedding,
+  handleTagAndVectorSearch,
+  handleTagOnlySearch,
+  handleVectorOnlySearch,
+} from './utils'
 
 describe('Knowledge Search Utils', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
   describe('handleTagOnlySearch', () => {
     it('should throw error when no filters provided', async () => {
       const params = {
@@ -140,4 +175,251 @@ describe('Knowledge Search Utils', () => {
       expect(params.distanceThreshold).toBe(0.8)
     })
   })
+
+  describe('generateSearchEmbedding', () => {
+    it('should use Azure OpenAI when KB-specific config is provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        AZURE_OPENAI_API_VERSION: '2024-12-01-preview',
+        KB_OPENAI_MODEL_NAME: 'text-embedding-ada-002',
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      const result = await generateSearchEmbedding('test query')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://test.openai.azure.com/openai/deployments/text-embedding-ada-002/embeddings?api-version=2024-12-01-preview',
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            'api-key': 'test-azure-key',
+          }),
+        })
+      )
+      expect(result).toEqual([0.1, 0.2, 0.3])
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should fallback to OpenAI when no KB Azure config provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      const result = await generateSearchEmbedding('test query')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://api.openai.com/v1/embeddings',
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            Authorization: 'Bearer test-openai-key',
+          }),
+        })
+      )
+      expect(result).toEqual([0.1, 0.2, 0.3])
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should use default API version when not provided in Azure config', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        KB_OPENAI_MODEL_NAME: 'custom-embedding-model',
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      await generateSearchEmbedding('test query')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        expect.stringContaining('api-version='),
+        expect.any(Object)
+      )
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should use custom model name when provided in Azure config', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        AZURE_OPENAI_API_VERSION: '2024-12-01-preview',
+        KB_OPENAI_MODEL_NAME: 'custom-embedding-model',
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      await generateSearchEmbedding('test query', 'text-embedding-3-small')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://test.openai.azure.com/openai/deployments/custom-embedding-model/embeddings?api-version=2024-12-01-preview',
+        expect.any(Object)
+      )
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should throw error when no API configuration provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+
+      await expect(generateSearchEmbedding('test query')).rejects.toThrow(
+        'Either OPENAI_API_KEY or Azure OpenAI configuration (AZURE_OPENAI_API_KEY + AZURE_OPENAI_ENDPOINT) must be configured'
+      )
+    })
+
+    it('should handle Azure OpenAI API errors properly', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        AZURE_OPENAI_API_VERSION: '2024-12-01-preview',
+        KB_OPENAI_MODEL_NAME: 'text-embedding-ada-002',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: false,
+        status: 404,
+        statusText: 'Not Found',
+        text: async () => 'Deployment not found',
+      } as any)
+
+      await expect(generateSearchEmbedding('test query')).rejects.toThrow('Embedding API failed')
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should handle OpenAI API errors properly', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: false,
+        status: 429,
+        statusText: 'Too Many Requests',
+        text: async () => 'Rate limit exceeded',
+      } as any)
+
+      await expect(generateSearchEmbedding('test query')).rejects.toThrow('Embedding API failed')
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should include correct request body for Azure OpenAI', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        AZURE_OPENAI_API_VERSION: '2024-12-01-preview',
+        KB_OPENAI_MODEL_NAME: 'text-embedding-ada-002',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      await generateSearchEmbedding('test query')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({
+          body: JSON.stringify({
+            input: ['test query'],
+            encoding_format: 'float',
+          }),
+        })
+      )
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should include correct request body for OpenAI', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2, 0.3] }],
+        }),
+      } as any)
+
+      await generateSearchEmbedding('test query', 'text-embedding-3-small')
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({
+          body: JSON.stringify({
+            input: ['test query'],
+            model: 'text-embedding-3-small',
+            encoding_format: 'float',
+          }),
+        })
+      )
+
+      // Clean up
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+  })
 })

apps/sim/app/api/knowledge/search/utils.ts

@@ -1,22 +1,10 @@
 import { and, eq, inArray, sql } from 'drizzle-orm'
-import { retryWithExponentialBackoff } from '@/lib/documents/utils'
-import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { embedding } from '@/db/schema'
 
 const logger = createLogger('KnowledgeSearchUtils')
 
-export class APIError extends Error {
-  public status: number
-
-  constructor(message: string, status: number) {
-    super(message)
-    this.name = 'APIError'
-    this.status = status
-  }
-}
-
 export interface SearchResult {
   id: string
   content: string
@@ -41,61 +29,8 @@ export interface SearchParams {
   distanceThreshold?: number
 }
 
-export async function generateSearchEmbedding(query: string): Promise<number[]> {
-  const openaiApiKey = env.OPENAI_API_KEY
-  if (!openaiApiKey) {
-    throw new Error('OPENAI_API_KEY not configured')
-  }
-
-  try {
-    const embedding = await retryWithExponentialBackoff(
-      async () => {
-        const response = await fetch('https://api.openai.com/v1/embeddings', {
-          method: 'POST',
-          headers: {
-            Authorization: `Bearer ${openaiApiKey}`,
-            'Content-Type': 'application/json',
-          },
-          body: JSON.stringify({
-            input: query,
-            model: 'text-embedding-3-small',
-            encoding_format: 'float',
-          }),
-        })
-
-        if (!response.ok) {
-          const errorText = await response.text()
-          const error = new APIError(
-            `OpenAI API error: ${response.status} ${response.statusText} - ${errorText}`,
-            response.status
-          )
-          throw error
-        }
-
-        const data = await response.json()
-
-        if (!data.data || !Array.isArray(data.data) || data.data.length === 0) {
-          throw new Error('Invalid response format from OpenAI embeddings API')
-        }
-
-        return data.data[0].embedding
-      },
-      {
-        maxRetries: 5,
-        initialDelayMs: 1000,
-        maxDelayMs: 30000,
-        backoffMultiplier: 2,
-      }
-    )
-
-    return embedding
-  } catch (error) {
-    logger.error('Failed to generate search embedding:', error)
-    throw new Error(
-      `Embedding generation failed: ${error instanceof Error ? error.message : 'Unknown error'}`
-    )
-  }
-}
+// Use shared embedding utility
+export { generateSearchEmbedding } from '@/lib/embeddings/utils'
 
 function getTagFilters(filters: Record<string, string>, embedding: any) {
   return Object.entries(filters).map(([key, value]) => {

apps/sim/app/api/knowledge/utils.test.ts

@@ -252,5 +252,76 @@ describe('Knowledge Utils', () => {
 
       expect(result.length).toBe(2)
     })
+
+    it('should use Azure OpenAI when Azure config is provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        AZURE_OPENAI_API_KEY: 'test-azure-key',
+        AZURE_OPENAI_ENDPOINT: 'https://test.openai.azure.com',
+        AZURE_OPENAI_API_VERSION: '2024-12-01-preview',
+        KB_OPENAI_MODEL_NAME: 'text-embedding-ada-002',
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2], index: 0 }],
+        }),
+      } as any)
+
+      await generateEmbeddings(['test text'])
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://test.openai.azure.com/openai/deployments/text-embedding-ada-002/embeddings?api-version=2024-12-01-preview',
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            'api-key': 'test-azure-key',
+          }),
+        })
+      )
+
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should fallback to OpenAI when no Azure config provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+      Object.assign(env, {
+        OPENAI_API_KEY: 'test-openai-key',
+      })
+
+      const fetchSpy = vi.mocked(fetch)
+      fetchSpy.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({
+          data: [{ embedding: [0.1, 0.2], index: 0 }],
+        }),
+      } as any)
+
+      await generateEmbeddings(['test text'])
+
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://api.openai.com/v1/embeddings',
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            Authorization: 'Bearer test-openai-key',
+          }),
+        })
+      )
+
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+    })
+
+    it('should throw error when no API configuration provided', async () => {
+      const { env } = await import('@/lib/env')
+      Object.keys(env).forEach((key) => delete (env as any)[key])
+
+      await expect(generateEmbeddings(['test text'])).rejects.toThrow(
+        'Either OPENAI_API_KEY or Azure OpenAI configuration (AZURE_OPENAI_API_KEY + AZURE_OPENAI_ENDPOINT) must be configured'
+      )
+    })
   })
 })

apps/sim/app/api/knowledge/utils.ts

@@ -1,8 +1,7 @@
 import crypto from 'crypto'
 import { and, eq, isNull } from 'drizzle-orm'
 import { processDocument } from '@/lib/documents/document-processor'
-import { retryWithExponentialBackoff } from '@/lib/documents/utils'
-import { env } from '@/lib/env'
+import { generateEmbeddings } from '@/lib/embeddings/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
@@ -10,22 +9,11 @@ import { document, embedding, knowledgeBase } from '@/db/schema'
 
 const logger = createLogger('KnowledgeUtils')
 
-// Timeout constants (in milliseconds)
 const TIMEOUTS = {
   OVERALL_PROCESSING: 150000, // 150 seconds (2.5 minutes)
   EMBEDDINGS_API: 60000, // 60 seconds per batch
 } as const
 
-class APIError extends Error {
-  public status: number
-
-  constructor(message: string, status: number) {
-    super(message)
-    this.name = 'APIError'
-    this.status = status
-  }
-}
-
 /**
  * Create a timeout wrapper for async operations
  */
@@ -110,18 +98,6 @@ export interface EmbeddingData {
   updatedAt: Date
 }
 
-interface OpenAIEmbeddingResponse {
-  data: Array<{
-    embedding: number[]
-    index: number
-  }>
-  model: string
-  usage: {
-    prompt_tokens: number
-    total_tokens: number
-  }
-}
-
 export interface KnowledgeBaseAccessResult {
   hasAccess: true
   knowledgeBase: Pick<KnowledgeBaseData, 'id' | 'userId'>
@@ -405,87 +381,8 @@ export async function checkChunkAccess(
   }
 }
 
-/**
- * Generate embeddings using OpenAI API with retry logic for rate limiting
- */
-export async function generateEmbeddings(
-  texts: string[],
-  embeddingModel = 'text-embedding-3-small'
-): Promise<number[][]> {
-  const openaiApiKey = env.OPENAI_API_KEY
-  if (!openaiApiKey) {
-    throw new Error('OPENAI_API_KEY not configured')
-  }
-
-  try {
-    const batchSize = 100
-    const allEmbeddings: number[][] = []
-
-    for (let i = 0; i < texts.length; i += batchSize) {
-      const batch = texts.slice(i, i + batchSize)
-
-      logger.info(
-        `Generating embeddings for batch ${Math.floor(i / batchSize) + 1} (${batch.length} texts)`
-      )
-
-      const batchEmbeddings = await retryWithExponentialBackoff(
-        async () => {
-          const controller = new AbortController()
-          const timeoutId = setTimeout(() => controller.abort(), TIMEOUTS.EMBEDDINGS_API)
-
-          try {
-            const response = await fetch('https://api.openai.com/v1/embeddings', {
-              method: 'POST',
-              headers: {
-                Authorization: `Bearer ${openaiApiKey}`,
-                'Content-Type': 'application/json',
-              },
-              body: JSON.stringify({
-                input: batch,
-                model: embeddingModel,
-                encoding_format: 'float',
-              }),
-              signal: controller.signal,
-            })
-
-            clearTimeout(timeoutId)
-
-            if (!response.ok) {
-              const errorText = await response.text()
-              const error = new APIError(
-                `OpenAI API error: ${response.status} ${response.statusText} - ${errorText}`,
-                response.status
-              )
-              throw error
-            }
-
-            const data: OpenAIEmbeddingResponse = await response.json()
-            return data.data.map((item) => item.embedding)
-          } catch (error) {
-            clearTimeout(timeoutId)
-            if (error instanceof Error && error.name === 'AbortError') {
-              throw new Error('OpenAI API request timed out')
-            }
-            throw error
-          }
-        },
-        {
-          maxRetries: 5,
-          initialDelayMs: 1000,
-          maxDelayMs: 60000, // Max 1 minute delay for embeddings
-          backoffMultiplier: 2,
-        }
-      )
-
-      allEmbeddings.push(...batchEmbeddings)
-    }
-
-    return allEmbeddings
-  } catch (error) {
-    logger.error('Failed to generate embeddings:', error)
-    throw error
-  }
-}
+// Export for external use
+export { generateEmbeddings }
 
 /**
  * Process a document asynchronously with full error handling

apps/sim/app/api/logs/[executionId]/frozen-canvas/route.ts

@@ -46,20 +46,7 @@ export async function GET(
         startedAt: workflowLog.startedAt.toISOString(),
         endedAt: workflowLog.endedAt?.toISOString(),
         totalDurationMs: workflowLog.totalDurationMs,
-        blockStats: {
-          total: workflowLog.blockCount,
-          success: workflowLog.successCount,
-          error: workflowLog.errorCount,
-          skipped: workflowLog.skippedCount,
-        },
-        cost: {
-          total: workflowLog.totalCost ? Number.parseFloat(workflowLog.totalCost) : null,
-          input: workflowLog.totalInputCost ? Number.parseFloat(workflowLog.totalInputCost) : null,
-          output: workflowLog.totalOutputCost
-            ? Number.parseFloat(workflowLog.totalOutputCost)
-            : null,
-        },
-        totalTokens: workflowLog.totalTokens,
+        cost: workflowLog.cost || null,
       },
     }
 

apps/sim/app/api/logs/by-id/[id]/route.ts

@@ -0,0 +1,102 @@
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import { permissions, workflow, workflowExecutionLogs } from '@/db/schema'
+
+const logger = createLogger('LogDetailsByIdAPI')
+
+export const revalidate = 0
+
+export async function GET(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized log details access attempt`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const { id } = await params
+
+    const rows = await db
+      .select({
+        id: workflowExecutionLogs.id,
+        workflowId: workflowExecutionLogs.workflowId,
+        executionId: workflowExecutionLogs.executionId,
+        stateSnapshotId: workflowExecutionLogs.stateSnapshotId,
+        level: workflowExecutionLogs.level,
+        trigger: workflowExecutionLogs.trigger,
+        startedAt: workflowExecutionLogs.startedAt,
+        endedAt: workflowExecutionLogs.endedAt,
+        totalDurationMs: workflowExecutionLogs.totalDurationMs,
+        executionData: workflowExecutionLogs.executionData,
+        cost: workflowExecutionLogs.cost,
+        files: workflowExecutionLogs.files,
+        createdAt: workflowExecutionLogs.createdAt,
+        workflowName: workflow.name,
+        workflowDescription: workflow.description,
+        workflowColor: workflow.color,
+        workflowFolderId: workflow.folderId,
+        workflowUserId: workflow.userId,
+        workflowWorkspaceId: workflow.workspaceId,
+        workflowCreatedAt: workflow.createdAt,
+        workflowUpdatedAt: workflow.updatedAt,
+      })
+      .from(workflowExecutionLogs)
+      .innerJoin(workflow, eq(workflowExecutionLogs.workflowId, workflow.id))
+      .innerJoin(
+        permissions,
+        and(
+          eq(permissions.entityType, 'workspace'),
+          eq(permissions.entityId, workflow.workspaceId),
+          eq(permissions.userId, userId)
+        )
+      )
+      .where(eq(workflowExecutionLogs.id, id))
+      .limit(1)
+
+    const log = rows[0]
+    if (!log) {
+      return NextResponse.json({ error: 'Not found' }, { status: 404 })
+    }
+
+    const workflowSummary = {
+      id: log.workflowId,
+      name: log.workflowName,
+      description: log.workflowDescription,
+      color: log.workflowColor,
+      folderId: log.workflowFolderId,
+      userId: log.workflowUserId,
+      workspaceId: log.workflowWorkspaceId,
+      createdAt: log.workflowCreatedAt,
+      updatedAt: log.workflowUpdatedAt,
+    }
+
+    const response = {
+      id: log.id,
+      workflowId: log.workflowId,
+      executionId: log.executionId,
+      level: log.level,
+      duration: log.totalDurationMs ? `${log.totalDurationMs}ms` : null,
+      trigger: log.trigger,
+      createdAt: log.startedAt.toISOString(),
+      files: log.files || undefined,
+      workflow: workflowSummary,
+      executionData: {
+        totalDuration: log.totalDurationMs,
+        ...(log.executionData as any),
+        enhanced: true,
+      },
+      cost: log.cost as any,
+    }
+
+    return NextResponse.json({ data: response })
+  } catch (error: any) {
+    logger.error(`[${requestId}] log details fetch error`, error)
+    return NextResponse.json({ error: error.message }, { status: 500 })
+  }
+}

apps/sim/app/api/logs/cleanup/route.ts

@@ -99,21 +99,13 @@ export async function GET(request: NextRequest) {
           executionId: workflowExecutionLogs.executionId,
           stateSnapshotId: workflowExecutionLogs.stateSnapshotId,
           level: workflowExecutionLogs.level,
-          message: workflowExecutionLogs.message,
           trigger: workflowExecutionLogs.trigger,
           startedAt: workflowExecutionLogs.startedAt,
           endedAt: workflowExecutionLogs.endedAt,
           totalDurationMs: workflowExecutionLogs.totalDurationMs,
-          blockCount: workflowExecutionLogs.blockCount,
-          successCount: workflowExecutionLogs.successCount,
-          errorCount: workflowExecutionLogs.errorCount,
-          skippedCount: workflowExecutionLogs.skippedCount,
-          totalCost: workflowExecutionLogs.totalCost,
-          totalInputCost: workflowExecutionLogs.totalInputCost,
-          totalOutputCost: workflowExecutionLogs.totalOutputCost,
-          totalTokens: workflowExecutionLogs.totalTokens,
+          executionData: workflowExecutionLogs.executionData,
+          cost: workflowExecutionLogs.cost,
           files: workflowExecutionLogs.files,
-          metadata: workflowExecutionLogs.metadata,
           createdAt: workflowExecutionLogs.createdAt,
         })
         .from(workflowExecutionLogs)

apps/sim/app/api/logs/route.ts

@@ -1,4 +1,4 @@
-import { and, desc, eq, gte, inArray, lte, or, type SQL, sql } from 'drizzle-orm'
+import { and, desc, eq, gte, inArray, lte, type SQL, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
@@ -44,8 +44,7 @@ function extractBlockExecutionsFromTraceSpans(traceSpans: any[]): any[] {
 export const revalidate = 0
 
 const QueryParamsSchema = z.object({
-  includeWorkflow: z.coerce.boolean().optional().default(false),
-  includeBlocks: z.coerce.boolean().optional().default(false),
+  details: z.enum(['basic', 'full']).optional().default('basic'),
   limit: z.coerce.number().optional().default(100),
   offset: z.coerce.number().optional().default(0),
   level: z.string().optional(),
@@ -81,20 +80,12 @@ export async function GET(request: NextRequest) {
           executionId: workflowExecutionLogs.executionId,
           stateSnapshotId: workflowExecutionLogs.stateSnapshotId,
           level: workflowExecutionLogs.level,
-          message: workflowExecutionLogs.message,
           trigger: workflowExecutionLogs.trigger,
           startedAt: workflowExecutionLogs.startedAt,
           endedAt: workflowExecutionLogs.endedAt,
           totalDurationMs: workflowExecutionLogs.totalDurationMs,
-          blockCount: workflowExecutionLogs.blockCount,
-          successCount: workflowExecutionLogs.successCount,
-          errorCount: workflowExecutionLogs.errorCount,
-          skippedCount: workflowExecutionLogs.skippedCount,
-          totalCost: workflowExecutionLogs.totalCost,
-          totalInputCost: workflowExecutionLogs.totalInputCost,
-          totalOutputCost: workflowExecutionLogs.totalOutputCost,
-          totalTokens: workflowExecutionLogs.totalTokens,
-          metadata: workflowExecutionLogs.metadata,
+          executionData: workflowExecutionLogs.executionData,
+          cost: workflowExecutionLogs.cost,
           files: workflowExecutionLogs.files,
           createdAt: workflowExecutionLogs.createdAt,
           workflowName: workflow.name,
@@ -163,13 +154,8 @@ export async function GET(request: NextRequest) {
       // Filter by search query
       if (params.search) {
         const searchTerm = `%${params.search}%`
-        conditions = and(
-          conditions,
-          or(
-            sql`${workflowExecutionLogs.message} ILIKE ${searchTerm}`,
-            sql`${workflowExecutionLogs.executionId} ILIKE ${searchTerm}`
-          )
-        )
+        // With message removed, restrict search to executionId only
+        conditions = and(conditions, sql`${workflowExecutionLogs.executionId} ILIKE ${searchTerm}`)
       }
 
       // Execute the query using the optimized join
@@ -290,31 +276,20 @@ export async function GET(request: NextRequest) {
       const enhancedLogs = logs.map((log) => {
         const blockExecutions = blockExecutionsByExecution[log.executionId] || []
 
-        // Use stored trace spans from metadata if available, otherwise create from block executions
-        const storedTraceSpans = (log.metadata as any)?.traceSpans
+        // Use stored trace spans if available, otherwise create from block executions
+        const storedTraceSpans = (log.executionData as any)?.traceSpans
         const traceSpans =
           storedTraceSpans && Array.isArray(storedTraceSpans) && storedTraceSpans.length > 0
             ? storedTraceSpans
             : createTraceSpans(blockExecutions)
 
-        // Use extracted cost summary if available, otherwise use stored values
+        // Prefer stored cost JSON; otherwise synthesize from blocks
         const costSummary =
-          blockExecutions.length > 0
-            ? extractCostSummary(blockExecutions)
-            : {
-                input: Number(log.totalInputCost) || 0,
-                output: Number(log.totalOutputCost) || 0,
-                total: Number(log.totalCost) || 0,
-                tokens: {
-                  total: log.totalTokens || 0,
-                  prompt: (log.metadata as any)?.tokenBreakdown?.prompt || 0,
-                  completion: (log.metadata as any)?.tokenBreakdown?.completion || 0,
-                },
-                models: (log.metadata as any)?.models || {},
-              }
+          log.cost && Object.keys(log.cost as any).length > 0
+            ? (log.cost as any)
+            : extractCostSummary(blockExecutions)
 
-        // Build workflow object from joined data
-        const workflow = {
+        const workflowSummary = {
           id: log.workflowId,
           name: log.workflowName,
           description: log.workflowDescription,
@@ -329,67 +304,28 @@ export async function GET(request: NextRequest) {
         return {
           id: log.id,
           workflowId: log.workflowId,
-          executionId: log.executionId,
+          executionId: params.details === 'full' ? log.executionId : undefined,
           level: log.level,
-          message: log.message,
           duration: log.totalDurationMs ? `${log.totalDurationMs}ms` : null,
           trigger: log.trigger,
           createdAt: log.startedAt.toISOString(),
-          files: log.files || undefined,
-          workflow: params.includeWorkflow ? workflow : undefined,
-          metadata: {
-            totalDuration: log.totalDurationMs,
-            cost: costSummary,
-            blockStats: {
-              total: log.blockCount,
-              success: log.successCount,
-              error: log.errorCount,
-              skipped: log.skippedCount,
-            },
-            traceSpans,
-            blockExecutions,
-            enhanced: true,
-          },
+          files: params.details === 'full' ? log.files || undefined : undefined,
+          workflow: workflowSummary,
+          executionData:
+            params.details === 'full'
+              ? {
+                  totalDuration: log.totalDurationMs,
+                  traceSpans,
+                  blockExecutions,
+                  enhanced: true,
+                }
+              : undefined,
+          cost:
+            params.details === 'full'
+              ? (costSummary as any)
+              : { total: (costSummary as any)?.total || 0 },
         }
       })
-
-      // Include block execution data if requested
-      if (params.includeBlocks) {
-        // Block executions are now extracted from stored trace spans in metadata
-        const blockLogsByExecution: Record<string, any[]> = {}
-
-        logs.forEach((log) => {
-          const storedTraceSpans = (log.metadata as any)?.traceSpans
-          if (storedTraceSpans && Array.isArray(storedTraceSpans)) {
-            blockLogsByExecution[log.executionId] =
-              extractBlockExecutionsFromTraceSpans(storedTraceSpans)
-          } else {
-            blockLogsByExecution[log.executionId] = []
-          }
-        })
-
-        // Add block logs to metadata
-        const logsWithBlocks = enhancedLogs.map((log) => ({
-          ...log,
-          metadata: {
-            ...log.metadata,
-            blockExecutions: blockLogsByExecution[log.executionId] || [],
-          },
-        }))
-
-        return NextResponse.json(
-          {
-            data: logsWithBlocks,
-            total: Number(count),
-            page: Math.floor(params.offset / params.limit) + 1,
-            pageSize: params.limit,
-            totalPages: Math.ceil(Number(count) / params.limit),
-          },
-          { status: 200 }
-        )
-      }
-
-      // Return basic logs
       return NextResponse.json(
         {
           data: enhancedLogs,

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -21,8 +21,6 @@ import { invitation, member, organization, user, workspace, workspaceInvitation
 
 const logger = createLogger('OrganizationInvitationsAPI')
 
-export const dynamic = 'force-dynamic'
-
 interface WorkspaceInvitation {
   workspaceId: string
   permission: 'admin' | 'write' | 'read'

apps/sim/app/api/organizations/[id]/members/[memberId]/route.ts

@@ -7,8 +7,6 @@ import { member, user, userStats } from '@/db/schema'
 
 const logger = createLogger('OrganizationMemberAPI')
 
-export const dynamic = 'force-dynamic'
-
 /**
  * GET /api/organizations/[id]/members/[memberId]
  * Get individual organization member details

apps/sim/app/api/organizations/[id]/members/route.ts

@@ -13,8 +13,6 @@ import { invitation, member, organization, user, userStats } from '@/db/schema'
 
 const logger = createLogger('OrganizationMembersAPI')
 
-export const dynamic = 'force-dynamic'
-
 /**
  * GET /api/organizations/[id]/members
  * Get organization members with optional usage data

apps/sim/app/api/organizations/invitations/accept/route.ts

@@ -9,8 +9,6 @@ import { invitation, member, permissions, workspaceInvitation } from '@/db/schem
 
 const logger = createLogger('OrganizationInvitationAcceptanceAPI')
 
-export const dynamic = 'force-dynamic'
-
 // Accept an organization invitation and any associated workspace invitations
 export async function GET(req: NextRequest) {
   const invitationId = req.nextUrl.searchParams.get('id')

apps/sim/app/api/providers/route.ts

@@ -39,6 +39,8 @@ export async function POST(request: NextRequest) {
       stream,
       messages,
       environmentVariables,
+      reasoningEffort,
+      verbosity,
     } = body
 
     logger.info(`[${requestId}] Provider request details`, {
@@ -58,6 +60,8 @@ export async function POST(request: NextRequest) {
       messageCount: messages?.length || 0,
       hasEnvironmentVariables:
         !!environmentVariables && Object.keys(environmentVariables).length > 0,
+      reasoningEffort,
+      verbosity,
     })
 
     let finalApiKey: string
@@ -99,6 +103,8 @@ export async function POST(request: NextRequest) {
       stream,
       messages,
       environmentVariables,
+      reasoningEffort,
+      verbosity,
     })
 
     const executionTime = Date.now() - startTime

apps/sim/app/api/schedules/[id]/status/route.ts

@@ -3,9 +3,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
-
-export const dynamic = 'force-dynamic'
-
 import { db } from '@/db'
 import { workflow, workflowSchedule } from '@/db/schema'
 

apps/sim/app/api/schedules/route.ts

@@ -18,8 +18,6 @@ import { workflow, workflowSchedule } from '@/db/schema'
 
 const logger = createLogger('ScheduledAPI')
 
-export const dynamic = 'force-dynamic'
-
 const ScheduleRequestSchema = z.object({
   workflowId: z.string(),
   blockId: z.string().optional(),

apps/sim/app/api/templates/[id]/route.ts

@@ -1,9 +1,11 @@
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { hasAdminPermission } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { templates } from '@/db/schema'
+import { templates, workflow } from '@/db/schema'
 
 const logger = createLogger('TemplateByIdAPI')
 
@@ -62,3 +64,153 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }
+
+const updateTemplateSchema = z.object({
+  name: z.string().min(1).max(100),
+  description: z.string().min(1).max(500),
+  author: z.string().min(1).max(100),
+  category: z.string().min(1),
+  icon: z.string().min(1),
+  color: z.string().regex(/^#[0-9A-F]{6}$/i),
+  state: z.any().optional(), // Workflow state
+})
+
+// PUT /api/templates/[id] - Update a template
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const { id } = await params
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized template update attempt for ID: ${id}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const validationResult = updateTemplateSchema.safeParse(body)
+
+    if (!validationResult.success) {
+      logger.warn(`[${requestId}] Invalid template data for update: ${id}`, validationResult.error)
+      return NextResponse.json(
+        { error: 'Invalid template data', details: validationResult.error.errors },
+        { status: 400 }
+      )
+    }
+
+    const { name, description, author, category, icon, color, state } = validationResult.data
+
+    // Check if template exists
+    const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
+
+    if (existingTemplate.length === 0) {
+      logger.warn(`[${requestId}] Template not found for update: ${id}`)
+      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
+    }
+
+    // Permission: template owner OR admin of the workflow's workspace (if any)
+    let canUpdate = existingTemplate[0].userId === session.user.id
+
+    if (!canUpdate && existingTemplate[0].workflowId) {
+      const wfRows = await db
+        .select({ workspaceId: workflow.workspaceId })
+        .from(workflow)
+        .where(eq(workflow.id, existingTemplate[0].workflowId))
+        .limit(1)
+
+      const workspaceId = wfRows[0]?.workspaceId as string | null | undefined
+      if (workspaceId) {
+        const hasAdmin = await hasAdminPermission(session.user.id, workspaceId)
+        if (hasAdmin) canUpdate = true
+      }
+    }
+
+    if (!canUpdate) {
+      logger.warn(`[${requestId}] User denied permission to update template ${id}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    // Update the template
+    const updatedTemplate = await db
+      .update(templates)
+      .set({
+        name,
+        description,
+        author,
+        category,
+        icon,
+        color,
+        ...(state && { state }),
+        updatedAt: new Date(),
+      })
+      .where(eq(templates.id, id))
+      .returning()
+
+    logger.info(`[${requestId}] Successfully updated template: ${id}`)
+
+    return NextResponse.json({
+      data: updatedTemplate[0],
+      message: 'Template updated successfully',
+    })
+  } catch (error: any) {
+    logger.error(`[${requestId}] Error updating template: ${id}`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+// DELETE /api/templates/[id] - Delete a template
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const { id } = await params
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized template delete attempt for ID: ${id}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    // Fetch template
+    const existing = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
+    if (existing.length === 0) {
+      logger.warn(`[${requestId}] Template not found for delete: ${id}`)
+      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
+    }
+
+    const template = existing[0]
+
+    // Permission: owner or admin of the workflow's workspace (if any)
+    let canDelete = template.userId === session.user.id
+
+    if (!canDelete && template.workflowId) {
+      // Look up workflow to get workspaceId
+      const wfRows = await db
+        .select({ workspaceId: workflow.workspaceId })
+        .from(workflow)
+        .where(eq(workflow.id, template.workflowId))
+        .limit(1)
+
+      const workspaceId = wfRows[0]?.workspaceId as string | null | undefined
+      if (workspaceId) {
+        const hasAdmin = await hasAdminPermission(session.user.id, workspaceId)
+        if (hasAdmin) canDelete = true
+      }
+    }
+
+    if (!canDelete) {
+      logger.warn(`[${requestId}] User denied permission to delete template ${id}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    await db.delete(templates).where(eq(templates.id, id))
+
+    logger.info(`[${requestId}] Deleted template: ${id}`)
+    return NextResponse.json({ success: true })
+  } catch (error: any) {
+    logger.error(`[${requestId}] Error deleting template: ${id}`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/templates/[id]/use/route.ts

@@ -80,7 +80,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
           workspaceId: workspaceId,
           name: `${templateData.name} (copy)`,
           description: templateData.description,
-          state: templateData.state,
           color: templateData.color,
           userId: session.user.id,
           createdAt: now,
@@ -158,9 +157,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
           }))
         }
 
-        // Update the workflow with the corrected state
-        await tx.update(workflow).set({ state: updatedState }).where(eq(workflow.id, newWorkflowId))
-
         // Insert blocks and edges
         if (blockEntries.length > 0) {
           await tx.insert(workflowBlocks).values(blockEntries)

apps/sim/app/api/templates/route.ts

@@ -77,6 +77,7 @@ const QueryParamsSchema = z.object({
   limit: z.coerce.number().optional().default(50),
   offset: z.coerce.number().optional().default(0),
   search: z.string().optional(),
+  workflowId: z.string().optional(),
 })
 
 // GET /api/templates - Retrieve templates
@@ -111,6 +112,11 @@ export async function GET(request: NextRequest) {
       )
     }
 
+    // Apply workflow filter if provided (for getting template by workflow)
+    if (params.workflowId) {
+      conditions.push(eq(templates.workflowId, params.workflowId))
+    }
+
     // Combine conditions
     const whereCondition = conditions.length > 0 ? and(...conditions) : undefined
 

apps/sim/app/api/tools/custom/route.ts

@@ -9,9 +9,6 @@ import { customTools } from '@/db/schema'
 
 const logger = createLogger('CustomToolsAPI')
 
-export const dynamic = 'force-dynamic'
-
-// Define validation schema for custom tools
 const CustomToolSchema = z.object({
   tools: z.array(
     z.object({

apps/sim/app/api/tools/drive/file/route.ts

@@ -45,7 +45,7 @@ export async function GET(request: NextRequest) {
     // Fetch the file from Google Drive API
     logger.info(`[${requestId}] Fetching file ${fileId} from Google Drive API`)
     const response = await fetch(
-      `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks`,
+      `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks,shortcutDetails&supportsAllDrives=true`,
       {
         headers: {
           Authorization: `Bearer ${accessToken}`,
@@ -77,6 +77,34 @@ export async function GET(request: NextRequest) {
       'application/vnd.google-apps.presentation': 'application/pdf', // Google Slides to PDF
     }
 
+    // Resolve shortcuts transparently for UI stability
+    if (
+      file.mimeType === 'application/vnd.google-apps.shortcut' &&
+      file.shortcutDetails?.targetId
+    ) {
+      const targetId = file.shortcutDetails.targetId
+      const shortcutResp = await fetch(
+        `https://www.googleapis.com/drive/v3/files/${targetId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks&supportsAllDrives=true`,
+        {
+          headers: { Authorization: `Bearer ${accessToken}` },
+        }
+      )
+      if (shortcutResp.ok) {
+        const targetFile = await shortcutResp.json()
+        file.id = targetFile.id
+        file.name = targetFile.name
+        file.mimeType = targetFile.mimeType
+        file.iconLink = targetFile.iconLink
+        file.webViewLink = targetFile.webViewLink
+        file.thumbnailLink = targetFile.thumbnailLink
+        file.createdTime = targetFile.createdTime
+        file.modifiedTime = targetFile.modifiedTime
+        file.size = targetFile.size
+        file.owners = targetFile.owners
+        file.exportLinks = targetFile.exportLinks
+      }
+    }
+
     // If the file is a Google Docs, Sheets, or Slides file, we need to provide the export link
     if (file.mimeType.startsWith('application/vnd.google-apps.')) {
       const format = exportFormats[file.mimeType] || 'application/pdf'

apps/sim/app/api/tools/drive/files/route.ts

@@ -1,10 +1,8 @@
-import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-import { db } from '@/db'
-import { account } from '@/db/schema'
 
 export const dynamic = 'force-dynamic'
 
@@ -32,64 +30,48 @@ export async function GET(request: NextRequest) {
     const credentialId = searchParams.get('credentialId')
     const mimeType = searchParams.get('mimeType')
     const query = searchParams.get('query') || ''
+    const folderId = searchParams.get('folderId') || searchParams.get('parentId') || ''
+    const workflowId = searchParams.get('workflowId') || undefined
 
     if (!credentialId) {
       logger.warn(`[${requestId}] Missing credential ID`)
       return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
     }
 
-    // Get the credential from the database
-    const credentials = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-
-    if (!credentials.length) {
-      logger.warn(`[${requestId}] Credential not found`, { credentialId })
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
-    }
-
-    const credential = credentials[0]
-
-    // Check if the credential belongs to the user
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
+    // Authorize use of the credential (supports collaborator credentials via workflow)
+    const authz = await authorizeCredentialUse(request, { credentialId: credentialId!, workflowId })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      logger.warn(`[${requestId}] Unauthorized credential access attempt`, authz)
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
 
     // Refresh access token if needed using the utility function
-    const accessToken = await refreshAccessTokenIfNeeded(credentialId, session.user.id, requestId)
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credentialId!,
+      authz.credentialOwnerUserId,
+      requestId
+    )
 
     if (!accessToken) {
       return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
     }
 
-    // Build the query parameters for Google Drive API
-    let queryParams = 'trashed=false'
-
-    // Add mimeType filter if provided
+    // Build Drive 'q' expression safely
+    const qParts: string[] = ['trashed = false']
+    if (folderId) {
+      qParts.push(`'${folderId.replace(/'/g, "\\'")}' in parents`)
+    }
     if (mimeType) {
-      // For Google Drive API, we need to use 'q' parameter for mimeType filtering
-      // Instead of using the mimeType parameter directly, we'll add it to the query
-      if (queryParams.includes('q=')) {
-        queryParams += ` and mimeType='${mimeType}'`
-      } else {
-        queryParams += `&q=mimeType='${mimeType}'`
-      }
+      qParts.push(`mimeType = '${mimeType.replace(/'/g, "\\'")}'`)
     }
-
-    // Add search query if provided
     if (query) {
-      if (queryParams.includes('q=')) {
-        queryParams += ` and name contains '${query}'`
-      } else {
-        queryParams += `&q=name contains '${query}'`
-      }
+      qParts.push(`name contains '${query.replace(/'/g, "\\'")}'`)
     }
+    const q = encodeURIComponent(qParts.join(' and '))
 
-    // Fetch files from Google Drive API
+    // Fetch files from Google Drive API with shared drives support
     const response = await fetch(
-      `https://www.googleapis.com/drive/v3/files?${queryParams}&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners)`,
+      `https://www.googleapis.com/drive/v3/files?q=${q}&supportsAllDrives=true&includeItemsFromAllDrives=true&spaces=drive&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,parents)`,
       {
         headers: {
           Authorization: `Bearer ${accessToken}`,

apps/sim/app/api/tools/jira/issue/route.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from 'next/server'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { getJiraCloudId } from '@/tools/jira/utils'
 
 export const dynamic = 'force-dynamic'
 
-const logger = new Logger('JiraIssueAPI')
+const logger = createLogger('JiraIssueAPI')
 
 export async function POST(request: Request) {
   try {

apps/sim/app/api/tools/jira/issues/route.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from 'next/server'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { getJiraCloudId } from '@/tools/jira/utils'
 
 export const dynamic = 'force-dynamic'
 
-const logger = new Logger('JiraIssuesAPI')
+const logger = createLogger('JiraIssuesAPI')
 
 export async function POST(request: Request) {
   try {

apps/sim/app/api/tools/jira/projects/route.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from 'next/server'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { getJiraCloudId } from '@/tools/jira/utils'
 
 export const dynamic = 'force-dynamic'
 
-const logger = new Logger('JiraProjectsAPI')
+const logger = createLogger('JiraProjectsAPI')
 
 export async function GET(request: Request) {
   try {

apps/sim/app/api/tools/jira/update/route.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from 'next/server'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { getJiraCloudId } from '@/tools/jira/utils'
 
 export const dynamic = 'force-dynamic'
 
-const logger = new Logger('JiraUpdateAPI')
+const logger = createLogger('JiraUpdateAPI')
 
 export async function PUT(request: Request) {
   try {

apps/sim/app/api/tools/jira/write/route.ts

@@ -1,10 +1,10 @@
 import { NextResponse } from 'next/server'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { getJiraCloudId } from '@/tools/jira/utils'
 
 export const dynamic = 'force-dynamic'
 
-const logger = new Logger('JiraWriteAPI')
+const logger = createLogger('JiraWriteAPI')
 
 export async function POST(request: Request) {
   try {

apps/sim/app/api/usage-limits/route.ts

@@ -7,8 +7,6 @@ import { isOrganizationOwnerOrAdmin } from '@/lib/permissions/utils'
 
 const logger = createLogger('UnifiedUsageLimitsAPI')
 
-export const dynamic = 'force-dynamic'
-
 /**
  * Unified Usage Limits Endpoint
  * GET/PUT /api/usage-limits?context=user|member&userId=<id>&organizationId=<id>

apps/sim/app/api/users/me/api-keys/[id]/route.ts

@@ -2,9 +2,6 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { db } from '@/db'
 import { apiKey } from '@/db/schema'
 

apps/sim/app/api/users/me/api-keys/route.ts

@@ -9,8 +9,6 @@ import { apiKey } from '@/db/schema'
 
 const logger = createLogger('ApiKeysAPI')
 
-export const dynamic = 'force-dynamic'
-
 // GET /api/users/me/api-keys - Get all API keys for the current user
 export async function GET(request: NextRequest) {
   try {

apps/sim/app/api/users/me/profile/route.ts

@@ -0,0 +1,120 @@
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console/logger'
+import { db } from '@/db'
+import { user } from '@/db/schema'
+
+const logger = createLogger('UpdateUserProfileAPI')
+
+// Schema for updating user profile
+const UpdateProfileSchema = z
+  .object({
+    name: z.string().min(1, 'Name is required').optional(),
+  })
+  .refine((data) => data.name !== undefined, {
+    message: 'Name field must be provided',
+  })
+
+export const dynamic = 'force-dynamic'
+
+export async function PATCH(request: NextRequest) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized profile update attempt`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+    const body = await request.json()
+
+    const validatedData = UpdateProfileSchema.parse(body)
+
+    // Build update object
+    const updateData: any = { updatedAt: new Date() }
+    if (validatedData.name !== undefined) updateData.name = validatedData.name
+
+    // Update user profile
+    const [updatedUser] = await db
+      .update(user)
+      .set(updateData)
+      .where(eq(user.id, userId))
+      .returning()
+
+    if (!updatedUser) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 })
+    }
+
+    logger.info(`[${requestId}] User profile updated`, {
+      userId,
+      updatedFields: Object.keys(validatedData),
+    })
+
+    return NextResponse.json({
+      success: true,
+      user: {
+        id: updatedUser.id,
+        name: updatedUser.name,
+        email: updatedUser.email,
+        image: updatedUser.image,
+      },
+    })
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      logger.warn(`[${requestId}] Invalid profile data`, {
+        errors: error.errors,
+      })
+      return NextResponse.json(
+        { error: 'Invalid profile data', details: error.errors },
+        { status: 400 }
+      )
+    }
+
+    logger.error(`[${requestId}] Profile update error`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+// GET endpoint to fetch current user profile
+export async function GET() {
+  const requestId = crypto.randomUUID().slice(0, 8)
+
+  try {
+    const session = await getSession()
+
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized profile fetch attempt`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+
+    const [userRecord] = await db
+      .select({
+        id: user.id,
+        name: user.name,
+        email: user.email,
+        image: user.image,
+        emailVerified: user.emailVerified,
+      })
+      .from(user)
+      .where(eq(user.id, userId))
+      .limit(1)
+
+    if (!userRecord) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 })
+    }
+
+    return NextResponse.json({
+      user: userRecord,
+    })
+  } catch (error: any) {
+    logger.error(`[${requestId}] Profile fetch error`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/users/me/settings/route.ts

@@ -16,7 +16,6 @@ const SettingsSchema = z.object({
   autoPan: z.boolean().optional(),
   consoleExpandedByDefault: z.boolean().optional(),
   telemetryEnabled: z.boolean().optional(),
-  telemetryNotifiedUser: z.boolean().optional(),
   emailPreferences: z
     .object({
       unsubscribeAll: z.boolean().optional(),
@@ -35,7 +34,6 @@ const defaultSettings = {
   autoPan: true,
   consoleExpandedByDefault: true,
   telemetryEnabled: true,
-  telemetryNotifiedUser: false,
   emailPreferences: {},
 }
 
@@ -69,7 +67,6 @@ export async function GET() {
           autoPan: userSettings.autoPan,
           consoleExpandedByDefault: userSettings.consoleExpandedByDefault,
           telemetryEnabled: userSettings.telemetryEnabled,
-          telemetryNotifiedUser: userSettings.telemetryNotifiedUser,
           emailPreferences: userSettings.emailPreferences ?? {},
         },
       },

apps/sim/app/api/users/me/subscription/[id]/transfer/route.ts

@@ -3,9 +3,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { db } from '@/db'
 import { member, organization, subscription } from '@/db/schema'
 

apps/sim/app/api/users/rate-limit/route.ts

@@ -2,9 +2,6 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { createErrorResponse } from '@/app/api/workflows/utils'
 import { db } from '@/db'
 import { apiKey as apiKeyTable, subscription } from '@/db/schema'

apps/sim/app/api/wand-generate/route.ts

@@ -1,6 +1,6 @@
 import { unstable_noStore as noStore } from 'next/cache'
 import { type NextRequest, NextResponse } from 'next/server'
-import OpenAI from 'openai'
+import OpenAI, { AzureOpenAI } from 'openai'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 
@@ -10,14 +10,32 @@ export const maxDuration = 60
 
 const logger = createLogger('WandGenerateAPI')
 
-const openai = env.OPENAI_API_KEY
-  ? new OpenAI({
-      apiKey: env.OPENAI_API_KEY,
-    })
-  : null
+const azureApiKey = env.AZURE_OPENAI_API_KEY
+const azureEndpoint = env.AZURE_OPENAI_ENDPOINT
+const azureApiVersion = env.AZURE_OPENAI_API_VERSION
+const wandModelName = env.WAND_OPENAI_MODEL_NAME || 'gpt-4o'
+const openaiApiKey = env.OPENAI_API_KEY
 
-if (!env.OPENAI_API_KEY) {
-  logger.warn('OPENAI_API_KEY not found. Wand generation API will not function.')
+const useWandAzure = azureApiKey && azureEndpoint && azureApiVersion
+
+const client = useWandAzure
+  ? new AzureOpenAI({
+      apiKey: azureApiKey,
+      apiVersion: azureApiVersion,
+      endpoint: azureEndpoint,
+    })
+  : openaiApiKey
+    ? new OpenAI({
+        apiKey: openaiApiKey,
+      })
+    : null
+
+if (!useWandAzure && !openaiApiKey) {
+  logger.warn(
+    'Neither Azure OpenAI nor OpenAI API key found. Wand generation API will not function.'
+  )
+} else {
+  logger.info(`Using ${useWandAzure ? 'Azure OpenAI' : 'OpenAI'} for wand generation`)
 }
 
 interface ChatMessage {
@@ -32,14 +50,12 @@ interface RequestBody {
   history?: ChatMessage[]
 }
 
-// The endpoint is now generic - system prompts come from wand configs
-
 export async function POST(req: NextRequest) {
   const requestId = crypto.randomUUID().slice(0, 8)
   logger.info(`[${requestId}] Received wand generation request`)
 
-  if (!openai) {
-    logger.error(`[${requestId}] OpenAI client not initialized. Missing API key.`)
+  if (!client) {
+    logger.error(`[${requestId}] AI client not initialized. Missing API key.`)
     return NextResponse.json(
       { success: false, error: 'Wand generation service is not configured.' },
       { status: 503 }
@@ -74,22 +90,34 @@ export async function POST(req: NextRequest) {
     // Add the current user prompt
     messages.push({ role: 'user', content: prompt })
 
-    logger.debug(`[${requestId}] Calling OpenAI API for wand generation`, {
-      stream,
-      historyLength: history.length,
-    })
+    logger.debug(
+      `[${requestId}] Calling ${useWandAzure ? 'Azure OpenAI' : 'OpenAI'} API for wand generation`,
+      {
+        stream,
+        historyLength: history.length,
+        endpoint: useWandAzure ? azureEndpoint : 'api.openai.com',
+        model: useWandAzure ? wandModelName : 'gpt-4o',
+        apiVersion: useWandAzure ? azureApiVersion : 'N/A',
+      }
+    )
 
     // For streaming responses
     if (stream) {
       try {
-        const streamCompletion = await openai?.chat.completions.create({
-          model: 'gpt-4o',
+        logger.debug(
+          `[${requestId}] Starting streaming request to ${useWandAzure ? 'Azure OpenAI' : 'OpenAI'}`
+        )
+
+        const streamCompletion = await client.chat.completions.create({
+          model: useWandAzure ? wandModelName : 'gpt-4o',
           messages: messages,
           temperature: 0.3,
           max_tokens: 10000,
           stream: true,
         })
 
+        logger.debug(`[${requestId}] Stream connection established successfully`)
+
         return new Response(
           new ReadableStream({
             async start(controller) {
@@ -99,21 +127,23 @@ export async function POST(req: NextRequest) {
                 for await (const chunk of streamCompletion) {
                   const content = chunk.choices[0]?.delta?.content || ''
                   if (content) {
-                    // Use the same format as codegen API for consistency
+                    // Use SSE format identical to chat streaming
                     controller.enqueue(
-                      encoder.encode(`${JSON.stringify({ chunk: content, done: false })}\n`)
+                      encoder.encode(`data: ${JSON.stringify({ chunk: content })}\n\n`)
                     )
                   }
                 }
 
-                // Send completion signal
-                controller.enqueue(encoder.encode(`${JSON.stringify({ chunk: '', done: true })}\n`))
+                // Send completion signal in SSE format
+                controller.enqueue(encoder.encode(`data: ${JSON.stringify({ done: true })}\n\n`))
                 controller.close()
                 logger.info(`[${requestId}] Wand generation streaming completed`)
               } catch (streamError: any) {
                 logger.error(`[${requestId}] Streaming error`, { error: streamError.message })
                 controller.enqueue(
-                  encoder.encode(`${JSON.stringify({ error: 'Streaming failed', done: true })}\n`)
+                  encoder.encode(
+                    `data: ${JSON.stringify({ error: 'Streaming failed', done: true })}\n\n`
+                  )
                 )
                 controller.close()
               }
@@ -121,9 +151,10 @@ export async function POST(req: NextRequest) {
           }),
           {
             headers: {
-              'Content-Type': 'text/plain',
-              'Cache-Control': 'no-cache, no-transform',
+              'Content-Type': 'text/event-stream',
+              'Cache-Control': 'no-cache',
               Connection: 'keep-alive',
+              'X-Accel-Buffering': 'no',
             },
           }
         )
@@ -141,8 +172,8 @@ export async function POST(req: NextRequest) {
     }
 
     // For non-streaming responses
-    const completion = await openai?.chat.completions.create({
-      model: 'gpt-4o',
+    const completion = await client.chat.completions.create({
+      model: useWandAzure ? wandModelName : 'gpt-4o',
       messages: messages,
       temperature: 0.3,
       max_tokens: 10000,
@@ -151,9 +182,11 @@ export async function POST(req: NextRequest) {
     const generatedContent = completion.choices[0]?.message?.content?.trim()
 
     if (!generatedContent) {
-      logger.error(`[${requestId}] OpenAI response was empty or invalid.`)
+      logger.error(
+        `[${requestId}] ${useWandAzure ? 'Azure OpenAI' : 'OpenAI'} response was empty or invalid.`
+      )
       return NextResponse.json(
-        { success: false, error: 'Failed to generate content. OpenAI response was empty.' },
+        { success: false, error: 'Failed to generate content. AI response was empty.' },
         { status: 500 }
       )
     }
@@ -171,7 +204,9 @@ export async function POST(req: NextRequest) {
 
     if (error instanceof OpenAI.APIError) {
       status = error.status || 500
-      logger.error(`[${requestId}] OpenAI API Error: ${status} - ${error.message}`)
+      logger.error(
+        `[${requestId}] ${useWandAzure ? 'Azure OpenAI' : 'OpenAI'} API Error: ${status} - ${error.message}`
+      )
 
       if (status === 401) {
         clientErrorMessage = 'Authentication failed. Please check your API key configuration.'
@@ -181,6 +216,10 @@ export async function POST(req: NextRequest) {
         clientErrorMessage =
           'The wand generation service is currently unavailable. Please try again later.'
       }
+    } else if (useWandAzure && error.message?.includes('DeploymentNotFound')) {
+      clientErrorMessage =
+        'Azure OpenAI deployment not found. Please check your model deployment configuration.'
+      status = 404
     }
 
     return NextResponse.json(

apps/sim/app/api/webhooks/[id]/route.ts

@@ -1,8 +1,10 @@
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
+import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { getOAuthToken } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { webhook, workflow } from '@/db/schema'
 
@@ -242,6 +244,167 @@ export async function DELETE(
 
     const foundWebhook = webhookData.webhook
 
+    // If it's an Airtable webhook, delete it from Airtable first
+    if (foundWebhook.provider === 'airtable') {
+      try {
+        const { baseId, externalId } = (foundWebhook.providerConfig || {}) as {
+          baseId?: string
+          externalId?: string
+        }
+
+        if (!baseId) {
+          logger.warn(`[${requestId}] Missing baseId for Airtable webhook deletion.`, {
+            webhookId: id,
+          })
+          return NextResponse.json(
+            { error: 'Missing baseId for Airtable webhook deletion' },
+            { status: 400 }
+          )
+        }
+
+        // Get access token for the workflow owner
+        const userIdForToken = webhookData.workflow.userId
+        const accessToken = await getOAuthToken(userIdForToken, 'airtable')
+        if (!accessToken) {
+          logger.warn(
+            `[${requestId}] Could not retrieve Airtable access token for user ${userIdForToken}. Cannot delete webhook in Airtable.`,
+            { webhookId: id }
+          )
+          return NextResponse.json(
+            { error: 'Airtable access token not found for webhook deletion' },
+            { status: 401 }
+          )
+        }
+
+        // Resolve externalId if missing by listing webhooks and matching our notificationUrl
+        let resolvedExternalId: string | undefined = externalId
+
+        if (!resolvedExternalId) {
+          try {
+            const requestOrigin = new URL(request.url).origin
+            const effectiveOrigin = requestOrigin.includes('localhost')
+              ? env.NEXT_PUBLIC_APP_URL || requestOrigin
+              : requestOrigin
+            const expectedNotificationUrl = `${effectiveOrigin}/api/webhooks/trigger/${foundWebhook.path}`
+
+            const listUrl = `https://api.airtable.com/v0/bases/${baseId}/webhooks`
+            const listResp = await fetch(listUrl, {
+              headers: {
+                Authorization: `Bearer ${accessToken}`,
+              },
+            })
+            const listBody = await listResp.json().catch(() => null)
+
+            if (listResp.ok && listBody && Array.isArray(listBody.webhooks)) {
+              const match = listBody.webhooks.find((w: any) => {
+                const url: string | undefined = w?.notificationUrl
+                if (!url) return false
+                // Prefer exact match; fallback to suffix match to handle origin/host remaps
+                return (
+                  url === expectedNotificationUrl ||
+                  url.endsWith(`/api/webhooks/trigger/${foundWebhook.path}`)
+                )
+              })
+              if (match?.id) {
+                resolvedExternalId = match.id as string
+                // Persist resolved externalId for future operations
+                try {
+                  await db
+                    .update(webhook)
+                    .set({
+                      providerConfig: {
+                        ...(foundWebhook.providerConfig || {}),
+                        externalId: resolvedExternalId,
+                      },
+                      updatedAt: new Date(),
+                    })
+                    .where(eq(webhook.id, id))
+                } catch {
+                  // non-fatal persistence error
+                }
+                logger.info(`[${requestId}] Resolved Airtable externalId by listing webhooks`, {
+                  baseId,
+                  externalId: resolvedExternalId,
+                })
+              } else {
+                logger.warn(`[${requestId}] Could not resolve Airtable externalId from list`, {
+                  baseId,
+                  expectedNotificationUrl,
+                })
+              }
+            } else {
+              logger.warn(`[${requestId}] Failed to list Airtable webhooks to resolve externalId`, {
+                baseId,
+                status: listResp.status,
+                body: listBody,
+              })
+            }
+          } catch (e: any) {
+            logger.warn(`[${requestId}] Error attempting to resolve Airtable externalId`, {
+              error: e?.message,
+            })
+          }
+        }
+
+        // If still not resolvable, skip remote deletion but proceed with local delete
+        if (!resolvedExternalId) {
+          logger.info(
+            `[${requestId}] Airtable externalId not found; skipping remote deletion and proceeding to remove local record`,
+            { baseId }
+          )
+        }
+
+        if (resolvedExternalId) {
+          const airtableDeleteUrl = `https://api.airtable.com/v0/bases/${baseId}/webhooks/${resolvedExternalId}`
+          const airtableResponse = await fetch(airtableDeleteUrl, {
+            method: 'DELETE',
+            headers: {
+              Authorization: `Bearer ${accessToken}`,
+            },
+          })
+
+          // Attempt to parse error body for better diagnostics
+          if (!airtableResponse.ok) {
+            let responseBody: any = null
+            try {
+              responseBody = await airtableResponse.json()
+            } catch {
+              // ignore parse errors
+            }
+
+            logger.error(
+              `[${requestId}] Failed to delete Airtable webhook in Airtable. Status: ${airtableResponse.status}`,
+              { baseId, externalId: resolvedExternalId, response: responseBody }
+            )
+            return NextResponse.json(
+              {
+                error: 'Failed to delete webhook from Airtable',
+                details:
+                  (responseBody && (responseBody.error?.message || responseBody.error)) ||
+                  `Status ${airtableResponse.status}`,
+              },
+              { status: 500 }
+            )
+          }
+
+          logger.info(`[${requestId}] Successfully deleted Airtable webhook in Airtable`, {
+            baseId,
+            externalId: resolvedExternalId,
+          })
+        }
+      } catch (error: any) {
+        logger.error(`[${requestId}] Error deleting Airtable webhook`, {
+          webhookId: id,
+          error: error.message,
+          stack: error.stack,
+        })
+        return NextResponse.json(
+          { error: 'Failed to delete webhook from Airtable', details: error.message },
+          { status: 500 }
+        )
+      }
+    }
+
     // If it's a Telegram webhook, delete it from Telegram first
     if (foundWebhook.provider === 'telegram') {
       try {

apps/sim/app/api/webhooks/poll/gmail/route.ts

@@ -1,11 +1,11 @@
 import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
 import { verifyCronAuth } from '@/lib/auth/internal'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { acquireLock, releaseLock } from '@/lib/redis'
 import { pollGmailWebhooks } from '@/lib/webhooks/gmail-polling-service'
 
-const logger = new Logger('GmailPollingAPI')
+const logger = createLogger('GmailPollingAPI')
 
 export const dynamic = 'force-dynamic'
 export const maxDuration = 180 // Allow up to 3 minutes for polling to complete

apps/sim/app/api/webhooks/poll/outlook/route.ts

@@ -1,11 +1,11 @@
 import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
 import { verifyCronAuth } from '@/lib/auth/internal'
-import { Logger } from '@/lib/logs/console/logger'
+import { createLogger } from '@/lib/logs/console/logger'
 import { acquireLock, releaseLock } from '@/lib/redis'
 import { pollOutlookWebhooks } from '@/lib/webhooks/outlook-polling-service'
 
-const logger = new Logger('OutlookPollingAPI')
+const logger = createLogger('OutlookPollingAPI')
 
 export const dynamic = 'force-dynamic'
 export const maxDuration = 180 // Allow up to 3 minutes for polling to complete

apps/sim/app/api/webhooks/route.ts

@@ -329,7 +329,7 @@ export async function POST(request: NextRequest) {
       logger.info(`[${requestId}] Gmail provider detected. Setting up Gmail webhook configuration.`)
       try {
         const { configureGmailPolling } = await import('@/lib/webhooks/utils')
-        // Use workflow owner for OAuth lookups to support collaborator-saved credentials
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
         const success = await configureGmailPolling(workflowRecord.userId, savedWebhook, requestId)
 
         if (!success) {
@@ -364,7 +364,7 @@ export async function POST(request: NextRequest) {
       )
       try {
         const { configureOutlookPolling } = await import('@/lib/webhooks/utils')
-        // Use workflow owner for OAuth lookups to support collaborator-saved credentials
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
         const success = await configureOutlookPolling(
           workflowRecord.userId,
           savedWebhook,

apps/sim/app/api/webhooks/trigger/[path]/route.test.ts

@@ -5,9 +5,23 @@ import { NextRequest } from 'next/server'
  * @vitest-environment node
  */
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
-import { createMockRequest, mockExecutionDependencies } from '@/app/api/__test-utils__/utils'
+import {
+  createMockRequest,
+  mockExecutionDependencies,
+  mockTriggerDevSdk,
+} from '@/app/api/__test-utils__/utils'
+
+// Prefer mocking the background module to avoid loading Trigger.dev at all during tests
+vi.mock('@/background/webhook-execution', () => ({
+  executeWebhookJob: vi.fn().mockResolvedValue({
+    success: true,
+    workflowId: 'test-workflow-id',
+    executionId: 'test-exec-id',
+    output: {},
+    executedAt: new Date().toISOString(),
+  }),
+}))
 
-// Define mock functions at the top level to be used in mocks
 const hasProcessedMessageMock = vi.fn().mockResolvedValue(false)
 const markMessageAsProcessedMock = vi.fn().mockResolvedValue(true)
 const closeRedisConnectionMock = vi.fn().mockResolvedValue(undefined)
@@ -33,7 +47,6 @@ const executeMock = vi.fn().mockResolvedValue({
   },
 })
 
-// Mock the DB schema objects
 const webhookMock = {
   id: 'webhook-id-column',
   path: 'path-column',
@@ -43,10 +56,6 @@ const webhookMock = {
 }
 const workflowMock = { id: 'workflow-id-column' }
 
-// Mock global timers
-vi.useFakeTimers()
-
-// Mock modules at file scope before any tests
 vi.mock('@/lib/redis', () => ({
   hasProcessedMessage: hasProcessedMessageMock,
   markMessageAsProcessed: markMessageAsProcessedMock,
@@ -77,19 +86,6 @@ vi.mock('@/executor', () => ({
   })),
 }))
 
-// Mock setTimeout and other timer functions
-vi.mock('timers', () => {
-  return {
-    setTimeout: (callback: any) => {
-      // Immediately invoke the callback
-      callback()
-      // Return a fake timer id
-      return 123
-    },
-  }
-})
-
-// Mock the database and schema
 vi.mock('@/db', () => {
   const dbMock = {
     select: vi.fn().mockImplementation((columns) => ({
@@ -128,11 +124,10 @@ describe('Webhook Trigger API Route', () => {
   beforeEach(() => {
     vi.resetModules()
     vi.resetAllMocks()
-    vi.clearAllTimers()
 
     mockExecutionDependencies()
+    mockTriggerDevSdk()
 
-    // Mock services/queue for rate limiting
     vi.doMock('@/services/queue', () => ({
       RateLimiter: vi.fn().mockImplementation(() => ({
         checkRateLimit: vi.fn().mockResolvedValue({
@@ -284,10 +279,328 @@ describe('Webhook Trigger API Route', () => {
     expect(text).toMatch(/not found/i) // Response should contain "not found" message
   })
 
-  /**
-   * Test Slack-specific webhook handling
-   * Verifies that Slack signature verification is performed
-   */
-  // TODO: Fix failing test - returns 500 instead of 200
-  // it('should handle Slack webhooks with signature verification', async () => { ... })
+  describe('Generic Webhook Authentication', () => {
+    const setupGenericWebhook = async (config: Record<string, any>) => {
+      const { db } = await import('@/db')
+      const limitMock = vi.fn().mockReturnValue([
+        {
+          webhook: {
+            id: 'generic-webhook-id',
+            provider: 'generic',
+            path: 'test-path',
+            isActive: true,
+            providerConfig: config,
+            workflowId: 'test-workflow-id',
+          },
+          workflow: {
+            id: 'test-workflow-id',
+            userId: 'test-user-id',
+            name: 'Test Workflow',
+          },
+        },
+      ])
+      const whereMock = vi.fn().mockReturnValue({ limit: limitMock })
+      const innerJoinMock = vi.fn().mockReturnValue({ where: whereMock })
+      const fromMock = vi.fn().mockReturnValue({ innerJoin: innerJoinMock })
+
+      const subscriptionLimitMock = vi.fn().mockReturnValue([{ plan: 'pro' }])
+      const subscriptionWhereMock = vi.fn().mockReturnValue({ limit: subscriptionLimitMock })
+      const subscriptionFromMock = vi.fn().mockReturnValue({ where: subscriptionWhereMock })
+
+      // @ts-ignore - mocking the query chain
+      db.select.mockImplementation((columns: any) => {
+        if (columns.plan) {
+          return { from: subscriptionFromMock }
+        }
+        return { from: fromMock }
+      })
+    }
+
+    /**
+     * Test generic webhook without authentication (default behavior)
+     */
+    it('should process generic webhook without authentication', async () => {
+      await setupGenericWebhook({ requireAuth: false })
+
+      const req = createMockRequest('POST', { event: 'test', id: 'test-123' })
+      const params = Promise.resolve({ path: 'test-path' })
+
+      mockTriggerDevSdk()
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      // Authentication passed if we don't get 401
+      expect(response.status).not.toBe(401)
+    })
+
+    /**
+     * Test generic webhook with Bearer token authentication (no custom header)
+     */
+    it('should authenticate with Bearer token when no custom header is configured', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'test-token-123',
+        // No secretHeaderName - should default to Bearer
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        Authorization: 'Bearer test-token-123',
+      }
+      const req = createMockRequest('POST', { event: 'bearer.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      mockTriggerDevSdk()
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      // Authentication passed if we don't get 401
+      expect(response.status).not.toBe(401)
+    })
+
+    /**
+     * Test generic webhook with custom header authentication
+     */
+    it('should authenticate with custom header when configured', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'secret-token-456',
+        secretHeaderName: 'X-Custom-Auth',
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Custom-Auth': 'secret-token-456',
+      }
+      const req = createMockRequest('POST', { event: 'custom.header.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      mockTriggerDevSdk()
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      // Authentication passed if we don't get 401
+      expect(response.status).not.toBe(401)
+    })
+
+    /**
+     * Test case insensitive Bearer token authentication
+     */
+    it('should handle case insensitive Bearer token authentication', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'case-test-token',
+      })
+
+      vi.doMock('@trigger.dev/sdk', () => ({
+        tasks: {
+          trigger: vi.fn().mockResolvedValue({ id: 'mock-task-id' }),
+        },
+      }))
+
+      const testCases = [
+        'Bearer case-test-token',
+        'bearer case-test-token',
+        'BEARER case-test-token',
+        'BeArEr case-test-token',
+      ]
+
+      for (const authHeader of testCases) {
+        const headers = {
+          'Content-Type': 'application/json',
+          Authorization: authHeader,
+        }
+        const req = createMockRequest('POST', { event: 'case.test' }, headers)
+        const params = Promise.resolve({ path: 'test-path' })
+
+        const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+        const response = await POST(req, { params })
+
+        // Authentication passed if we don't get 401
+        expect(response.status).not.toBe(401)
+      }
+    })
+
+    /**
+     * Test case insensitive custom header authentication
+     */
+    it('should handle case insensitive custom header authentication', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'custom-token-789',
+        secretHeaderName: 'X-Secret-Key',
+      })
+
+      vi.doMock('@trigger.dev/sdk', () => ({
+        tasks: {
+          trigger: vi.fn().mockResolvedValue({ id: 'mock-task-id' }),
+        },
+      }))
+
+      const testCases = ['X-Secret-Key', 'x-secret-key', 'X-SECRET-KEY', 'x-Secret-Key']
+
+      for (const headerName of testCases) {
+        const headers = {
+          'Content-Type': 'application/json',
+          [headerName]: 'custom-token-789',
+        }
+        const req = createMockRequest('POST', { event: 'custom.case.test' }, headers)
+        const params = Promise.resolve({ path: 'test-path' })
+
+        const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+        const response = await POST(req, { params })
+
+        // Authentication passed if we don't get 401
+        expect(response.status).not.toBe(401)
+      }
+    })
+
+    /**
+     * Test rejection of wrong Bearer token
+     */
+    it('should reject wrong Bearer token', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'correct-token',
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        Authorization: 'Bearer wrong-token',
+      }
+      const req = createMockRequest('POST', { event: 'wrong.token.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+
+    /**
+     * Test rejection of wrong custom header token
+     */
+    it('should reject wrong custom header token', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'correct-custom-token',
+        secretHeaderName: 'X-Auth-Key',
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Auth-Key': 'wrong-custom-token',
+      }
+      const req = createMockRequest('POST', { event: 'wrong.custom.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+
+    /**
+     * Test rejection of missing authentication
+     */
+    it('should reject missing authentication when required', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'required-token',
+      })
+
+      const req = createMockRequest('POST', { event: 'no.auth.test' })
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+
+    /**
+     * Test exclusivity - Bearer token should be rejected when custom header is configured
+     */
+    it('should reject Bearer token when custom header is configured', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'exclusive-token',
+        secretHeaderName: 'X-Only-Header',
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        Authorization: 'Bearer exclusive-token', // Correct token but wrong header type
+      }
+      const req = createMockRequest('POST', { event: 'exclusivity.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+
+    /**
+     * Test wrong custom header name is rejected
+     */
+    it('should reject wrong custom header name', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        token: 'correct-token',
+        secretHeaderName: 'X-Expected-Header',
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Wrong-Header': 'correct-token', // Correct token but wrong header name
+      }
+      const req = createMockRequest('POST', { event: 'wrong.header.name.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+
+    /**
+     * Test authentication required but no token configured
+     */
+    it('should reject when auth is required but no token is configured', async () => {
+      await setupGenericWebhook({
+        requireAuth: true,
+        // No token configured
+      })
+
+      const headers = {
+        'Content-Type': 'application/json',
+        Authorization: 'Bearer any-token',
+      }
+      const req = createMockRequest('POST', { event: 'no.token.config.test' }, headers)
+      const params = Promise.resolve({ path: 'test-path' })
+
+      const { POST } = await import('@/app/api/webhooks/trigger/[path]/route')
+      const response = await POST(req, { params })
+
+      expect(response.status).toBe(401)
+      expect(await response.text()).toContain(
+        'Unauthorized - Authentication required but not configured'
+      )
+      expect(processWebhookMock).not.toHaveBeenCalled()
+    })
+  })
 })

apps/sim/app/api/webhooks/trigger/[path]/route.ts

@@ -1,12 +1,15 @@
-import { tasks } from '@trigger.dev/sdk/v3'
+import { tasks } from '@trigger.dev/sdk'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { checkServerSideUsageLimits } from '@/lib/billing'
+import { env, isTruthy } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import {
   handleSlackChallenge,
   handleWhatsAppVerification,
   validateMicrosoftTeamsSignature,
 } from '@/lib/webhooks/utils'
+import { executeWebhookJob } from '@/background/webhook-execution'
 import { db } from '@/db'
 import { subscription, webhook, workflow } from '@/db/schema'
 import { RateLimiter } from '@/services/queue'
@@ -16,6 +19,7 @@ const logger = createLogger('WebhookTriggerAPI')
 
 export const dynamic = 'force-dynamic'
 export const maxDuration = 300
+export const runtime = 'nodejs'
 
 /**
  * Webhook Verification Handler (GET)
@@ -195,6 +199,53 @@ export async function POST(
     }
   }
 
+  // Handle generic webhook authentication if enabled
+  if (foundWebhook.provider === 'generic') {
+    const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
+
+    if (providerConfig.requireAuth) {
+      const configToken = providerConfig.token
+      const secretHeaderName = providerConfig.secretHeaderName
+
+      // --- Token Validation ---
+      if (configToken) {
+        let isTokenValid = false
+
+        if (secretHeaderName) {
+          // Check custom header (headers are case-insensitive)
+          const headerValue = request.headers.get(secretHeaderName.toLowerCase())
+          if (headerValue === configToken) {
+            isTokenValid = true
+          }
+        } else {
+          // Check standard Authorization header (case-insensitive Bearer keyword)
+          const authHeader = request.headers.get('authorization')
+
+          // Case-insensitive comparison for "Bearer" keyword
+          if (authHeader?.toLowerCase().startsWith('bearer ')) {
+            const token = authHeader.substring(7) // Remove "Bearer " (7 characters)
+            if (token === configToken) {
+              isTokenValid = true
+            }
+          }
+        }
+
+        if (!isTokenValid) {
+          const expectedHeader = secretHeaderName || 'Authorization: Bearer TOKEN'
+          logger.warn(
+            `[${requestId}] Generic webhook authentication failed. Expected header: ${expectedHeader}`
+          )
+          return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 })
+        }
+      } else {
+        logger.warn(`[${requestId}] Generic webhook requires auth but no token configured`)
+        return new NextResponse('Unauthorized - Authentication required but not configured', {
+          status: 401,
+        })
+      }
+    }
+  }
+
   // --- PHASE 3: Rate limiting for webhook execution ---
   try {
     // Get user subscription for rate limiting
@@ -245,10 +296,46 @@ export async function POST(
     // Continue processing - better to risk rate limit bypass than fail webhook
   }
 
-  // --- PHASE 4: Queue webhook execution via trigger.dev ---
+  // --- PHASE 4: Usage limit check ---
   try {
-    // Queue the webhook execution task
-    const handle = await tasks.trigger('webhook-execution', {
+    const usageCheck = await checkServerSideUsageLimits(foundWorkflow.userId)
+    if (usageCheck.isExceeded) {
+      logger.warn(
+        `[${requestId}] User ${foundWorkflow.userId} has exceeded usage limits. Skipping webhook execution.`,
+        {
+          currentUsage: usageCheck.currentUsage,
+          limit: usageCheck.limit,
+          workflowId: foundWorkflow.id,
+          provider: foundWebhook.provider,
+        }
+      )
+
+      // Return 200 to prevent webhook provider retries, but indicate usage limit exceeded
+      if (foundWebhook.provider === 'microsoftteams') {
+        // Microsoft Teams requires specific response format
+        return NextResponse.json({
+          type: 'message',
+          text: 'Usage limit exceeded. Please upgrade your plan to continue.',
+        })
+      }
+
+      // Simple error response for other providers (return 200 to prevent retries)
+      return NextResponse.json({ message: 'Usage limit exceeded' }, { status: 200 })
+    }
+
+    logger.debug(`[${requestId}] Usage limit check passed for webhook`, {
+      provider: foundWebhook.provider,
+      currentUsage: usageCheck.currentUsage,
+      limit: usageCheck.limit,
+    })
+  } catch (usageError) {
+    logger.error(`[${requestId}] Error checking webhook usage limits:`, usageError)
+    // Continue processing - better to risk usage limit bypass than fail webhook
+  }
+
+  // --- PHASE 5: Queue webhook execution (trigger.dev or direct based on env) ---
+  try {
+    const payload = {
       webhookId: foundWebhook.id,
       workflowId: foundWorkflow.id,
       userId: foundWorkflow.userId,
@@ -257,11 +344,24 @@ export async function POST(
       headers: Object.fromEntries(request.headers.entries()),
       path,
       blockId: foundWebhook.blockId,
-    })
+    }
 
-    logger.info(
-      `[${requestId}] Queued webhook execution task ${handle.id} for ${foundWebhook.provider} webhook`
-    )
+    const useTrigger = isTruthy(env.TRIGGER_DEV_ENABLED)
+
+    if (useTrigger) {
+      const handle = await tasks.trigger('webhook-execution', payload)
+      logger.info(
+        `[${requestId}] Queued webhook execution task ${handle.id} for ${foundWebhook.provider} webhook`
+      )
+    } else {
+      // Fire-and-forget direct execution to avoid blocking webhook response
+      void executeWebhookJob(payload).catch((error) => {
+        logger.error(`[${requestId}] Direct webhook execution failed`, error)
+      })
+      logger.info(
+        `[${requestId}] Queued direct webhook execution for ${foundWebhook.provider} webhook (Trigger.dev disabled)`
+      )
+    }
 
     // Return immediate acknowledgment with provider-specific format
     if (foundWebhook.provider === 'microsoftteams') {

apps/sim/app/api/workflows/[id]/autolayout/route.ts

@@ -17,12 +17,6 @@ export const dynamic = 'force-dynamic'
 
 const logger = createLogger('AutoLayoutAPI')
 
-// Check API key configuration at module level
-const SIM_AGENT_API_KEY = process.env.SIM_AGENT_API_KEY
-if (!SIM_AGENT_API_KEY) {
-  logger.warn('SIM_AGENT_API_KEY not configured - autolayout requests will fail')
-}
-
 const AutoLayoutRequestSchema = z.object({
   strategy: z
     .enum(['smart', 'hierarchical', 'layered', 'force-directed'])
@@ -125,15 +119,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Could not load workflow data' }, { status: 500 })
     }
 
-    // Apply autolayout
-    logger.info(
-      `[${requestId}] Applying autolayout to ${Object.keys(currentWorkflowData.blocks).length} blocks`,
-      {
-        hasApiKey: !!SIM_AGENT_API_KEY,
-        simAgentUrl: process.env.SIM_AGENT_API_URL || 'http://localhost:8000',
-      }
-    )
-
     // Create workflow state for autolayout
     const workflowState = {
       blocks: currentWorkflowData.blocks,
@@ -184,7 +169,6 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
           resolveOutputType: resolveOutputType.toString(),
         },
       },
-      apiKey: SIM_AGENT_API_KEY,
     })
 
     // Log the full response for debugging

apps/sim/app/api/workflows/[id]/duplicate/route.ts

@@ -4,13 +4,10 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
 import { workflow, workflowBlocks, workflowEdges, workflowSubflows } from '@/db/schema'
-import type { LoopConfig, ParallelConfig, WorkflowState } from '@/stores/workflows/workflow/types'
+import type { LoopConfig, ParallelConfig } from '@/stores/workflows/workflow/types'
 
 const logger = createLogger('WorkflowDuplicateAPI')
 
@@ -93,7 +90,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
         folderId: folderId || source.folderId,
         name,
         description: description || source.description,
-        state: source.state, // We'll update this later with new block IDs
         color: color || source.color,
         lastSynced: now,
         createdAt: now,
@@ -115,9 +111,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       // Create a mapping from old block IDs to new block IDs
       const blockIdMapping = new Map<string, string>()
 
-      // Initialize state for updating with new block IDs
-      let updatedState: WorkflowState = source.state as WorkflowState
-
       if (sourceBlocks.length > 0) {
         // First pass: Create all block ID mappings
         sourceBlocks.forEach((block) => {
@@ -268,86 +261,10 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
         )
       }
 
-      // Update the JSON state to use new block IDs
-      if (updatedState && typeof updatedState === 'object') {
-        updatedState = JSON.parse(JSON.stringify(updatedState)) as WorkflowState
-
-        // Update blocks object keys
-        if (updatedState.blocks && typeof updatedState.blocks === 'object') {
-          const newBlocks = {} as Record<string, (typeof updatedState.blocks)[string]>
-          for (const [oldId, blockData] of Object.entries(updatedState.blocks)) {
-            const newId = blockIdMapping.get(oldId) || oldId
-            newBlocks[newId] = {
-              ...blockData,
-              id: newId,
-              // Update data.parentId and extent in the JSON state as well
-              data: (() => {
-                const block = blockData as any
-                if (block.data && typeof block.data === 'object' && block.data.parentId) {
-                  return {
-                    ...block.data,
-                    parentId: blockIdMapping.get(block.data.parentId) || block.data.parentId,
-                    extent: 'parent', // Ensure extent is set for child blocks
-                  }
-                }
-                return block.data
-              })(),
-            }
-          }
-          updatedState.blocks = newBlocks
-        }
-
-        // Update edges array
-        if (updatedState.edges && Array.isArray(updatedState.edges)) {
-          updatedState.edges = updatedState.edges.map((edge) => ({
-            ...edge,
-            id: crypto.randomUUID(),
-            source: blockIdMapping.get(edge.source) || edge.source,
-            target: blockIdMapping.get(edge.target) || edge.target,
-          }))
-        }
-
-        // Update loops and parallels if they exist
-        if (updatedState.loops && typeof updatedState.loops === 'object') {
-          const newLoops = {} as Record<string, (typeof updatedState.loops)[string]>
-          for (const [oldId, loopData] of Object.entries(updatedState.loops)) {
-            const newId = blockIdMapping.get(oldId) || oldId
-            const loopConfig = loopData as any
-            newLoops[newId] = {
-              ...loopConfig,
-              id: newId,
-              // Update node references in loop config
-              nodes: loopConfig.nodes
-                ? loopConfig.nodes.map((nodeId: string) => blockIdMapping.get(nodeId) || nodeId)
-                : [],
-            }
-          }
-          updatedState.loops = newLoops
-        }
-
-        if (updatedState.parallels && typeof updatedState.parallels === 'object') {
-          const newParallels = {} as Record<string, (typeof updatedState.parallels)[string]>
-          for (const [oldId, parallelData] of Object.entries(updatedState.parallels)) {
-            const newId = blockIdMapping.get(oldId) || oldId
-            const parallelConfig = parallelData as any
-            newParallels[newId] = {
-              ...parallelConfig,
-              id: newId,
-              // Update node references in parallel config
-              nodes: parallelConfig.nodes
-                ? parallelConfig.nodes.map((nodeId: string) => blockIdMapping.get(nodeId) || nodeId)
-                : [],
-            }
-          }
-          updatedState.parallels = newParallels
-        }
-      }
-
-      // Update the workflow state with the new block IDs
+      // Update the workflow timestamp
       await tx
         .update(workflow)
         .set({
-          state: updatedState,
           updatedAt: now,
         })
         .where(eq(workflow.id, newWorkflowId))

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -1,4 +1,4 @@
-import { tasks } from '@trigger.dev/sdk/v3'
+import { tasks } from '@trigger.dev/sdk'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
@@ -540,7 +540,7 @@ export async function POST(
           )
         }
 
-        // Rate limit passed - trigger the task
+        // Rate limit passed - always use Trigger.dev for async executions
         const handle = await tasks.trigger('workflow-execution', {
           workflowId,
           userId: authenticatedUserId,

apps/sim/app/api/workflows/[id]/route.test.ts

@@ -89,7 +89,14 @@ describe('Workflow By ID API Route', () => {
         userId: 'user-123',
         name: 'Test Workflow',
         workspaceId: null,
-        state: { blocks: {}, edges: [] },
+      }
+
+      const mockNormalizedData = {
+        blocks: {},
+        edges: [],
+        loops: {},
+        parallels: {},
+        isFromNormalizedTables: true,
       }
 
       vi.doMock('@/lib/auth', () => ({
@@ -110,6 +117,10 @@ describe('Workflow By ID API Route', () => {
         },
       }))
 
+      vi.doMock('@/lib/workflows/db-helpers', () => ({
+        loadWorkflowFromNormalizedTables: vi.fn().mockResolvedValue(mockNormalizedData),
+      }))
+
       const req = new NextRequest('http://localhost:3000/api/workflows/workflow-123')
       const params = Promise.resolve({ id: 'workflow-123' })
 
@@ -127,7 +138,14 @@ describe('Workflow By ID API Route', () => {
         userId: 'other-user',
         name: 'Test Workflow',
         workspaceId: 'workspace-456',
-        state: { blocks: {}, edges: [] },
+      }
+
+      const mockNormalizedData = {
+        blocks: {},
+        edges: [],
+        loops: {},
+        parallels: {},
+        isFromNormalizedTables: true,
       }
 
       vi.doMock('@/lib/auth', () => ({
@@ -148,6 +166,10 @@ describe('Workflow By ID API Route', () => {
         },
       }))
 
+      vi.doMock('@/lib/workflows/db-helpers', () => ({
+        loadWorkflowFromNormalizedTables: vi.fn().mockResolvedValue(mockNormalizedData),
+      }))
+
       vi.doMock('@/lib/permissions/utils', () => ({
         getUserEntityPermissions: vi.fn().mockResolvedValue('read'),
         hasAdminPermission: vi.fn().mockResolvedValue(false),
@@ -170,7 +192,6 @@ describe('Workflow By ID API Route', () => {
         userId: 'other-user',
         name: 'Test Workflow',
         workspaceId: 'workspace-456',
-        state: { blocks: {}, edges: [] },
       }
 
       vi.doMock('@/lib/auth', () => ({
@@ -213,7 +234,6 @@ describe('Workflow By ID API Route', () => {
         userId: 'user-123',
         name: 'Test Workflow',
         workspaceId: null,
-        state: { blocks: {}, edges: [] },
       }
 
       const mockNormalizedData = {

apps/sim/app/api/workflows/[id]/route.ts

@@ -8,12 +8,10 @@ import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions, hasAdminPermission } from '@/lib/permissions/utils'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
 import { db } from '@/db'
-import { apiKey as apiKeyTable, workflow } from '@/db/schema'
+import { apiKey as apiKeyTable, templates, workflow } from '@/db/schema'
 
 const logger = createLogger('WorkflowByIdAPI')
 
-export const dynamic = 'force-dynamic'
-
 const UpdateWorkflowSchema = z.object({
   name: z.string().min(1, 'Name is required').optional(),
   description: z.string().optional(),
@@ -122,8 +120,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     logger.debug(`[${requestId}] Attempting to load workflow ${workflowId} from normalized tables`)
     const normalizedData = await loadWorkflowFromNormalizedTables(workflowId)
 
-    const finalWorkflowData = { ...workflowData }
-
     if (normalizedData) {
       logger.debug(`[${requestId}] Found normalized data for workflow ${workflowId}:`, {
         blocksCount: Object.keys(normalizedData.blocks).length,
@@ -133,38 +129,31 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
         loops: normalizedData.loops,
       })
 
-      // Use normalized table data - reconstruct complete state object
-      // First get any existing state properties, then override with normalized data
-      const existingState =
-        workflowData.state && typeof workflowData.state === 'object' ? workflowData.state : {}
-
-      finalWorkflowData.state = {
-        // Default values for expected properties
-        deploymentStatuses: {},
-        hasActiveWebhook: false,
-        // Preserve any existing state properties
-        ...existingState,
-        // Override with normalized data (this takes precedence)
-        blocks: normalizedData.blocks,
-        edges: normalizedData.edges,
-        loops: normalizedData.loops,
-        parallels: normalizedData.parallels,
-        lastSaved: Date.now(),
-        isDeployed: workflowData.isDeployed || false,
-        deployedAt: workflowData.deployedAt,
+      // Construct response object with workflow data and state from normalized tables
+      const finalWorkflowData = {
+        ...workflowData,
+        state: {
+          // Default values for expected properties
+          deploymentStatuses: {},
+          hasActiveWebhook: false,
+          // Data from normalized tables
+          blocks: normalizedData.blocks,
+          edges: normalizedData.edges,
+          loops: normalizedData.loops,
+          parallels: normalizedData.parallels,
+          lastSaved: Date.now(),
+          isDeployed: workflowData.isDeployed || false,
+          deployedAt: workflowData.deployedAt,
+        },
       }
+
       logger.info(`[${requestId}] Loaded workflow ${workflowId} from normalized tables`)
-    } else {
-      // Fallback to JSON blob
-      logger.info(
-        `[${requestId}] Using JSON blob for workflow ${workflowId} - no normalized data found`
-      )
+      const elapsed = Date.now() - startTime
+      logger.info(`[${requestId}] Successfully fetched workflow ${workflowId} in ${elapsed}ms`)
+
+      return NextResponse.json({ data: finalWorkflowData }, { status: 200 })
     }
-
-    const elapsed = Date.now() - startTime
-    logger.info(`[${requestId}] Successfully fetched workflow ${workflowId} in ${elapsed}ms`)
-
-    return NextResponse.json({ data: finalWorkflowData }, { status: 200 })
+    return NextResponse.json({ error: 'Workflow has no normalized data' }, { status: 400 })
   } catch (error: any) {
     const elapsed = Date.now() - startTime
     logger.error(`[${requestId}] Error fetching workflow ${workflowId} after ${elapsed}ms`, error)
@@ -229,6 +218,48 @@ export async function DELETE(
       return NextResponse.json({ error: 'Access denied' }, { status: 403 })
     }
 
+    // Check if workflow has published templates before deletion
+    const { searchParams } = new URL(request.url)
+    const checkTemplates = searchParams.get('check-templates') === 'true'
+    const deleteTemplatesParam = searchParams.get('deleteTemplates')
+
+    if (checkTemplates) {
+      // Return template information for frontend to handle
+      const publishedTemplates = await db
+        .select()
+        .from(templates)
+        .where(eq(templates.workflowId, workflowId))
+
+      return NextResponse.json({
+        hasPublishedTemplates: publishedTemplates.length > 0,
+        count: publishedTemplates.length,
+        publishedTemplates: publishedTemplates.map((t) => ({
+          id: t.id,
+          name: t.name,
+          views: t.views,
+          stars: t.stars,
+        })),
+      })
+    }
+
+    // Handle template deletion based on user choice
+    if (deleteTemplatesParam !== null) {
+      const deleteTemplates = deleteTemplatesParam === 'delete'
+
+      if (deleteTemplates) {
+        // Delete all templates associated with this workflow
+        await db.delete(templates).where(eq(templates.workflowId, workflowId))
+        logger.info(`[${requestId}] Deleted templates for workflow ${workflowId}`)
+      } else {
+        // Orphan the templates (set workflowId to null)
+        await db
+          .update(templates)
+          .set({ workflowId: null })
+          .where(eq(templates.workflowId, workflowId))
+        logger.info(`[${requestId}] Orphaned templates for workflow ${workflowId}`)
+      }
+    }
+
     await db.delete(workflow).where(eq(workflow.id, workflowId))
 
     const elapsed = Date.now() - startTime

apps/sim/app/api/workflows/[id]/state/route.ts

@@ -3,9 +3,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { saveWorkflowToNormalizedTables } from '@/lib/workflows/db-helpers'
 import { db } from '@/db'
@@ -13,7 +10,6 @@ import { workflow } from '@/db/schema'
 
 const logger = createLogger('WorkflowStateAPI')
 
-// Zod schemas for workflow state validation
 const PositionSchema = z.object({
   x: z.number(),
   y: z.number(),
@@ -224,7 +220,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       .set({
         lastSynced: new Date(),
         updatedAt: new Date(),
-        state: saveResult.jsonBlob, // Also update JSON blob for backward compatibility
       })
       .where(eq(workflow.id, workflowId))
 

apps/sim/app/api/workflows/[id]/variables/route.ts

@@ -3,9 +3,6 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
 import { workflow } from '@/db/schema'

apps/sim/app/api/workflows/[id]/yaml/route.ts

@@ -1,9 +1,10 @@
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
-import { simAgentClient } from '@/lib/sim-agent'
+import { SIM_AGENT_API_URL_DEFAULT, simAgentClient } from '@/lib/sim-agent'
 import {
   loadWorkflowFromNormalizedTables,
   saveWorkflowToNormalizedTables,
@@ -17,15 +18,12 @@ import { db } from '@/db'
 import { workflowCheckpoints, workflow as workflowTable } from '@/db/schema'
 import { generateLoopBlocks, generateParallelBlocks } from '@/stores/workflows/workflow/utils'
 
-// Sim Agent API configuration
-const SIM_AGENT_API_URL = process.env.SIM_AGENT_API_URL || 'http://localhost:8000'
-const SIM_AGENT_API_KEY = process.env.SIM_AGENT_API_KEY
+const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
 
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('WorkflowYamlAPI')
 
-// Request schema for YAML workflow operations
 const YamlWorkflowRequestSchema = z.object({
   yamlContent: z.string().min(1, 'YAML content is required'),
   description: z.string().optional(),
@@ -74,7 +72,6 @@ async function createWorkflowCheckpoint(
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          ...(SIM_AGENT_API_KEY && { 'x-api-key': SIM_AGENT_API_KEY }),
         },
         body: JSON.stringify({
           workflowState: currentWorkflowData,
@@ -288,7 +285,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
-        ...(SIM_AGENT_API_KEY && { 'x-api-key': SIM_AGENT_API_KEY }),
       },
       body: JSON.stringify({
         yamlContent,
@@ -365,6 +361,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       position: { x: number; y: number }
       subBlocks?: Record<string, any>
       data?: Record<string, any>
+      parentId?: string
+      extent?: string
     }>
     const edges = workflowState.edges
     const warnings = conversionResult.warnings || []
@@ -395,6 +393,13 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
 
       if (!blockConfig && (block.type === 'loop' || block.type === 'parallel')) {
         // Handle loop/parallel blocks (they don't have regular block configs)
+        // Preserve parentId if it exists (though loop/parallel shouldn't have parents)
+        const containerData = block.data || {}
+        if (block.parentId) {
+          containerData.parentId = block.parentId
+          containerData.extent = block.extent || 'parent'
+        }
+
         newWorkflowState.blocks[newId] = {
           id: newId,
           type: block.type,
@@ -407,7 +412,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
           isWide: false,
           advancedMode: false,
           height: 0,
-          data: block.data || {},
+          data: containerData,
         }
         logger.debug(`[${requestId}] Processed loop/parallel block: ${block.id} -> ${newId}`)
       } else if (blockConfig) {
@@ -440,6 +445,13 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         // Set up outputs from block configuration
         const outputs = resolveOutputType(blockConfig.outputs)
 
+        // Preserve parentId if it exists in the imported block
+        const blockData = block.data || {}
+        if (block.parentId) {
+          blockData.parentId = block.parentId
+          blockData.extent = block.extent || 'parent'
+        }
+
         newWorkflowState.blocks[newId] = {
           id: newId,
           type: block.type,
@@ -452,7 +464,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
           isWide: false,
           advancedMode: false,
           height: 0,
-          data: block.data || {},
+          data: blockData,
         }
 
         logger.debug(`[${requestId}] Processed regular block: ${block.id} -> ${newId}`)
@@ -529,6 +541,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       }
     }
 
+    // Debug: Log block parent-child relationships before generating loops
     // Generate loop and parallel configurations
     const loops = generateLoopBlocks(newWorkflowState.blocks)
     const parallels = generateParallelBlocks(newWorkflowState.blocks)
@@ -632,14 +645,13 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       .set({
         lastSynced: new Date(),
         updatedAt: new Date(),
-        state: saveResult.jsonBlob,
       })
       .where(eq(workflowTable.id, workflowId))
 
     // Notify socket server for real-time collaboration (for copilot and editor)
     if (source === 'copilot' || source === 'editor') {
       try {
-        const socketUrl = process.env.SOCKET_URL || 'http://localhost:3002'
+        const socketUrl = env.SOCKET_SERVER_URL || 'http://localhost:3002'
         await fetch(`${socketUrl}/api/copilot-workflow-edit`, {
           method: 'POST',
           headers: { 'Content-Type': 'application/json' },

apps/sim/app/api/workflows/route.ts

@@ -8,9 +8,6 @@ import { workflow, workflowBlocks } from '@/db/schema'
 
 const logger = createLogger('WorkflowAPI')
 
-export const dynamic = 'force-dynamic'
-
-// Schema for workflow creation
 const CreateWorkflowSchema = z.object({
   name: z.string().min(1, 'Name is required'),
   description: z.string().optional().default(''),
@@ -154,7 +151,6 @@ export async function POST(req: NextRequest) {
         folderId: folderId || null,
         name,
         description,
-        state: initialState,
         color,
         lastSynced: now,
         createdAt: now,

apps/sim/app/api/workflows/sync/route.ts

@@ -3,9 +3,6 @@ import { and, eq, isNull } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
-
-export const dynamic = 'force-dynamic'
-
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
 import { workflow, workspace } from '@/db/schema'

apps/sim/app/api/workflows/yaml/convert/route.ts

@@ -8,9 +8,6 @@ import { generateLoopBlocks, generateParallelBlocks } from '@/stores/workflows/w
 
 const logger = createLogger('WorkflowYamlAPI')
 
-// Get API key at module level like working routes
-const SIM_AGENT_API_KEY = process.env.SIM_AGENT_API_KEY
-
 export async function POST(request: NextRequest) {
   const requestId = crypto.randomUUID().slice(0, 8)
 
@@ -55,7 +52,6 @@ export async function POST(request: NextRequest) {
           resolveOutputType: resolveOutputType.toString(),
         },
       },
-      apiKey: SIM_AGENT_API_KEY,
     })
 
     if (!result.success || !result.data?.yaml) {

apps/sim/app/api/workflows/yaml/export/route.ts

@@ -0,0 +1,179 @@
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { createLogger } from '@/lib/logs/console/logger'
+import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { simAgentClient } from '@/lib/sim-agent'
+import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
+import { getAllBlocks } from '@/blocks/registry'
+import type { BlockConfig } from '@/blocks/types'
+import { resolveOutputType } from '@/blocks/utils'
+import { db } from '@/db'
+import { workflow } from '@/db/schema'
+import { generateLoopBlocks, generateParallelBlocks } from '@/stores/workflows/workflow/utils'
+
+const logger = createLogger('WorkflowYamlExportAPI')
+
+export async function GET(request: NextRequest) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const url = new URL(request.url)
+  const workflowId = url.searchParams.get('workflowId')
+
+  try {
+    logger.info(`[${requestId}] Exporting workflow YAML from database: ${workflowId}`)
+
+    if (!workflowId) {
+      return NextResponse.json({ success: false, error: 'workflowId is required' }, { status: 400 })
+    }
+
+    // Get the session for authentication
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized access attempt for workflow ${workflowId}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+
+    // Fetch the workflow from database
+    const workflowData = await db
+      .select()
+      .from(workflow)
+      .where(eq(workflow.id, workflowId))
+      .then((rows) => rows[0])
+
+    if (!workflowData) {
+      logger.warn(`[${requestId}] Workflow ${workflowId} not found`)
+      return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
+    }
+
+    // Check if user has access to this workflow
+    let hasAccess = false
+
+    // Case 1: User owns the workflow
+    if (workflowData.userId === userId) {
+      hasAccess = true
+    }
+
+    // Case 2: Workflow belongs to a workspace the user has permissions for
+    if (!hasAccess && workflowData.workspaceId) {
+      const userPermission = await getUserEntityPermissions(
+        userId,
+        'workspace',
+        workflowData.workspaceId
+      )
+      if (userPermission !== null) {
+        hasAccess = true
+      }
+    }
+
+    if (!hasAccess) {
+      logger.warn(`[${requestId}] User ${userId} denied access to workflow ${workflowId}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    // Try to load from normalized tables first
+    logger.debug(`[${requestId}] Attempting to load workflow ${workflowId} from normalized tables`)
+    const normalizedData = await loadWorkflowFromNormalizedTables(workflowId)
+
+    let workflowState: any
+    const subBlockValues: Record<string, Record<string, any>> = {}
+
+    if (normalizedData) {
+      logger.debug(`[${requestId}] Found normalized data for workflow ${workflowId}:`, {
+        blocksCount: Object.keys(normalizedData.blocks).length,
+        edgesCount: normalizedData.edges.length,
+      })
+
+      // Use normalized table data - construct state from normalized tables
+      workflowState = {
+        deploymentStatuses: {},
+        hasActiveWebhook: false,
+        blocks: normalizedData.blocks,
+        edges: normalizedData.edges,
+        loops: normalizedData.loops,
+        parallels: normalizedData.parallels,
+        lastSaved: Date.now(),
+        isDeployed: workflowData.isDeployed || false,
+        deployedAt: workflowData.deployedAt,
+      }
+
+      // Extract subblock values from the normalized blocks
+      Object.entries(normalizedData.blocks).forEach(([blockId, block]: [string, any]) => {
+        subBlockValues[blockId] = {}
+        if (block.subBlocks) {
+          Object.entries(block.subBlocks).forEach(([subBlockId, subBlock]: [string, any]) => {
+            if (subBlock && typeof subBlock === 'object' && 'value' in subBlock) {
+              subBlockValues[blockId][subBlockId] = subBlock.value
+            }
+          })
+        }
+      })
+
+      logger.info(`[${requestId}] Loaded workflow ${workflowId} from normalized tables`)
+    } else {
+      return NextResponse.json(
+        { success: false, error: 'Workflow has no normalized data' },
+        { status: 400 }
+      )
+    }
+
+    // Gather block registry and utilities for sim-agent
+    const blocks = getAllBlocks()
+    const blockRegistry = blocks.reduce(
+      (acc, block) => {
+        const blockType = block.type
+        acc[blockType] = {
+          ...block,
+          id: blockType,
+          subBlocks: block.subBlocks || [],
+          outputs: block.outputs || {},
+        } as any
+        return acc
+      },
+      {} as Record<string, BlockConfig>
+    )
+
+    // Call sim-agent directly
+    const result = await simAgentClient.makeRequest('/api/workflow/to-yaml', {
+      body: {
+        workflowState,
+        subBlockValues,
+        blockRegistry,
+        utilities: {
+          generateLoopBlocks: generateLoopBlocks.toString(),
+          generateParallelBlocks: generateParallelBlocks.toString(),
+          resolveOutputType: resolveOutputType.toString(),
+        },
+      },
+    })
+
+    if (!result.success || !result.data?.yaml) {
+      return NextResponse.json(
+        {
+          success: false,
+          error: result.error || 'Failed to generate YAML',
+        },
+        { status: result.status || 500 }
+      )
+    }
+
+    logger.info(`[${requestId}] Successfully generated YAML from database`, {
+      yamlLength: result.data.yaml.length,
+    })
+
+    return NextResponse.json({
+      success: true,
+      yaml: result.data.yaml,
+    })
+  } catch (error) {
+    logger.error(`[${requestId}] YAML export failed`, error)
+    return NextResponse.json(
+      {
+        success: false,
+        error: `Failed to export YAML: ${error instanceof Error ? error.message : 'Unknown error'}`,
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/workspaces/[id]/permissions/route.ts

@@ -3,9 +3,6 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { getUsersWithPermissions, hasWorkspaceAdminAccess } from '@/lib/permissions/utils'
-
-export const dynamic = 'force-dynamic'
-
 import { db } from '@/db'
 import { permissions, type permissionTypeEnum } from '@/db/schema'
 

apps/sim/app/api/workspaces/[id]/route.ts

@@ -1,4 +1,4 @@
-import { and, eq } from 'drizzle-orm'
+import { and, eq, inArray } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
@@ -8,7 +8,7 @@ const logger = createLogger('WorkspaceByIdAPI')
 
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { knowledgeBase, permissions, workspace } from '@/db/schema'
+import { knowledgeBase, permissions, templates, workspace } from '@/db/schema'
 
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -19,6 +19,8 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
   }
 
   const workspaceId = id
+  const url = new URL(request.url)
+  const checkTemplates = url.searchParams.get('check-templates') === 'true'
 
   // Check if user has any access to this workspace
   const userPermission = await getUserEntityPermissions(session.user.id, 'workspace', workspaceId)
@@ -26,6 +28,42 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     return NextResponse.json({ error: 'Workspace not found or access denied' }, { status: 404 })
   }
 
+  // If checking for published templates before deletion
+  if (checkTemplates) {
+    try {
+      // Get all workflows in this workspace
+      const workspaceWorkflows = await db
+        .select({ id: workflow.id })
+        .from(workflow)
+        .where(eq(workflow.workspaceId, workspaceId))
+
+      if (workspaceWorkflows.length === 0) {
+        return NextResponse.json({ hasPublishedTemplates: false, publishedTemplates: [] })
+      }
+
+      const workflowIds = workspaceWorkflows.map((w) => w.id)
+
+      // Check for published templates that reference these workflows
+      const publishedTemplates = await db
+        .select({
+          id: templates.id,
+          name: templates.name,
+          workflowId: templates.workflowId,
+        })
+        .from(templates)
+        .where(inArray(templates.workflowId, workflowIds))
+
+      return NextResponse.json({
+        hasPublishedTemplates: publishedTemplates.length > 0,
+        publishedTemplates,
+        count: publishedTemplates.length,
+      })
+    } catch (error) {
+      logger.error(`Error checking published templates for workspace ${workspaceId}:`, error)
+      return NextResponse.json({ error: 'Failed to check published templates' }, { status: 500 })
+    }
+  }
+
   // Get workspace details
   const workspaceDetails = await db
     .select()
@@ -108,6 +146,8 @@ export async function DELETE(
   }
 
   const workspaceId = id
+  const body = await request.json().catch(() => ({}))
+  const { deleteTemplates = false } = body // User's choice: false = keep templates (recommended), true = delete templates
 
   // Check if user has admin permissions to delete workspace
   const userPermission = await getUserEntityPermissions(session.user.id, 'workspace', workspaceId)
@@ -116,10 +156,39 @@ export async function DELETE(
   }
 
   try {
-    logger.info(`Deleting workspace ${workspaceId} for user ${session.user.id}`)
+    logger.info(
+      `Deleting workspace ${workspaceId} for user ${session.user.id}, deleteTemplates: ${deleteTemplates}`
+    )
 
     // Delete workspace and all related data in a transaction
     await db.transaction(async (tx) => {
+      // Get all workflows in this workspace before deletion
+      const workspaceWorkflows = await tx
+        .select({ id: workflow.id })
+        .from(workflow)
+        .where(eq(workflow.workspaceId, workspaceId))
+
+      if (workspaceWorkflows.length > 0) {
+        const workflowIds = workspaceWorkflows.map((w) => w.id)
+
+        // Handle templates based on user choice
+        if (deleteTemplates) {
+          // Delete published templates that reference these workflows
+          await tx.delete(templates).where(inArray(templates.workflowId, workflowIds))
+          logger.info(`Deleted templates for workflows in workspace ${workspaceId}`)
+        } else {
+          // Set workflowId to null for templates to create "orphaned" templates
+          // This allows templates to remain in marketplace but without source workflows
+          await tx
+            .update(templates)
+            .set({ workflowId: null })
+            .where(inArray(templates.workflowId, workflowIds))
+          logger.info(
+            `Updated templates to orphaned status for workflows in workspace ${workspaceId}`
+          )
+        }
+      }
+
       // Delete all workflows in the workspace - database cascade will handle all workflow-related data
       // The database cascade will handle deleting related workflow_blocks, workflow_edges, workflow_subflows,
       // workflow_logs, workflow_execution_snapshots, workflow_execution_logs, workflow_execution_trace_spans,