v0.5.109: obsidian and evernote integrations, slack fixes, remove memory instrumentation

Revert "feat(hosted key): Add exa hosted key (#3221 )" (#3495 )
This reverts commit 158d5236bc. Co-authored-by: Theodore Li <teddy@zenobiapay.com>
2026-03-15 03:00:33 -04:00 · 2026-03-09 10:40:37 -07:00 · 2026-03-09 10:31:54 -07:00 · 2026-03-09 10:11:36 -07:00 · 2026-03-08 17:27:05 -07:00 · 2026-03-07 13:06:57 -05:00
175 changed files with 10536 additions and 2278 deletions
--- a/.claude/commands/add-block.md
+++ b/.claude/commands/add-block.md
@@ -20,6 +20,7 @@ When the user asks you to create a block:
 import { {ServiceName}Icon } from '@/components/icons'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
+import { getScopesForService } from '@/lib/oauth/utils'

 export const {ServiceName}Block: BlockConfig = {
  type: '{service}',                    // snake_case identifier
@@ -115,12 +116,17 @@ export const {ServiceName}Block: BlockConfig = {
  id: 'credential',
  title: 'Account',
  type: 'oauth-input',
-  serviceId: '{service}',  // Must match OAuth provider
+  serviceId: '{service}',  // Must match OAuth provider service key
+  requiredScopes: getScopesForService('{service}'),  // Import from @/lib/oauth/utils
  placeholder: 'Select account',
  required: true,
 }
 ```

+**Scopes:** Always use `getScopesForService(serviceId)` from `@/lib/oauth/utils` for `requiredScopes`. Never hardcode scope arrays — the single source of truth is `OAUTH_PROVIDERS` in `lib/oauth/oauth.ts`.
+
+**Scope descriptions:** When adding a new OAuth provider, also add human-readable descriptions for all scopes in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts`.
+
 ### Selectors (with dynamic options)
 ```typescript
 // Channel selector (Slack, Discord, etc.)
@@ -624,6 +630,7 @@ export const registry: Record<string, BlockConfig> = {
 import { ServiceIcon } from '@/components/icons'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
+import { getScopesForService } from '@/lib/oauth/utils'

 export const ServiceBlock: BlockConfig = {
  type: 'service',
@@ -654,6 +661,7 @@ export const ServiceBlock: BlockConfig = {
      title: 'Service Account',
      type: 'oauth-input',
      serviceId: 'service',
+      requiredScopes: getScopesForService('service'),
      placeholder: 'Select account',
      required: true,
    },
@@ -792,7 +800,8 @@ All tool IDs referenced in `tools.access` and returned by `tools.config.tool` MU
 - [ ] Conditions use correct syntax (field, value, not, and)
 - [ ] DependsOn set for fields that need other values
 - [ ] Required fields marked correctly (boolean or condition)
- [ ] OAuth inputs have correct `serviceId`
+- [ ] OAuth inputs have correct `serviceId` and `requiredScopes: getScopesForService(serviceId)`
+- [ ] Scope descriptions added to `SCOPE_DESCRIPTIONS` in `lib/oauth/utils.ts` for any new scopes
 - [ ] Tools.access lists all tool IDs (snake_case)
 - [ ] Tools.config.tool returns correct tool ID (snake_case)
 - [ ] Outputs match tool outputs
--- a/.claude/commands/add-integration.md
+++ b/.claude/commands/add-integration.md
@@ -114,6 +114,7 @@ export const {service}{Action}Tool: ToolConfig<Params, Response> = {
 import { {Service}Icon } from '@/components/icons'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
+import { getScopesForService } from '@/lib/oauth/utils'

 export const {Service}Block: BlockConfig = {
  type: '{service}',
@@ -144,6 +145,7 @@ export const {Service}Block: BlockConfig = {
      title: '{Service} Account',
      type: 'oauth-input',
      serviceId: '{service}',
+      requiredScopes: getScopesForService('{service}'),
      required: true,
    },
    // Conditional fields per operation
@@ -409,7 +411,7 @@ If creating V2 versions (API-aligned outputs):
 ### Block
 - [ ] Created `blocks/blocks/{service}.ts`
 - [ ] Defined operation dropdown with all operations
- [ ] Added credential field (oauth-input or short-input)
+- [ ] Added credential field with `requiredScopes: getScopesForService('{service}')`
 - [ ] Added conditional fields per operation
 - [ ] Set up dependsOn for cascading selectors
 - [ ] Configured tools.access with all tool IDs
@@ -419,6 +421,12 @@ If creating V2 versions (API-aligned outputs):
 - [ ] If triggers: set `triggers.enabled` and `triggers.available`
 - [ ] If triggers: spread trigger subBlocks with `getTrigger()`

+### OAuth Scopes (if OAuth service)
+- [ ] Defined scopes in `lib/oauth/oauth.ts` under `OAUTH_PROVIDERS`
+- [ ] Added scope descriptions in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts`
+- [ ] Used `getCanonicalScopesForProvider()` in `auth.ts` (never hardcode)
+- [ ] Used `getScopesForService()` in block `requiredScopes` (never hardcode)
+
 ### Icon
 - [ ] Asked user to provide SVG
 - [ ] Added icon to `components/icons.tsx`
@@ -717,6 +725,25 @@ Use `wandConfig` for fields that are hard to fill out manually:
 }
 ```

+### OAuth Scopes (Centralized System)
+
+Scopes are maintained in a single source of truth and reused everywhere:
+
+1. **Define scopes** in `lib/oauth/oauth.ts` under `OAUTH_PROVIDERS[provider].services[service].scopes`
+2. **Add descriptions** in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts` for the OAuth modal UI
+3. **Reference in auth.ts** using `getCanonicalScopesForProvider(providerId)` from `@/lib/oauth/utils`
+4. **Reference in blocks** using `getScopesForService(serviceId)` from `@/lib/oauth/utils`
+
+**Never hardcode scope arrays** in `auth.ts` or block `requiredScopes`. Always import from the centralized source.
+
+```typescript
+// In auth.ts (Better Auth config)
+scopes: getCanonicalScopesForProvider('{service}'),
+
+// In block credential sub-block
+requiredScopes: getScopesForService('{service}'),
+```
+
 ### Common Gotchas

 1. **OAuth serviceId must match** - The `serviceId` in oauth-input must match the OAuth provider configuration
@@ -729,3 +756,5 @@ Use `wandConfig` for fields that are hard to fill out manually:
 8. **Always handle legacy file params** - Keep hidden `fileContent` params for backwards compatibility
 9. **Optional fields use advanced mode** - Set `mode: 'advanced'` on rarely-used optional fields
 10. **Complex inputs need wandConfig** - Timestamps, JSON arrays, and other hard-to-type values should have `wandConfig` enabled
+11. **Never hardcode scopes** - Use `getScopesForService()` in blocks and `getCanonicalScopesForProvider()` in auth.ts
+12. **Always add scope descriptions** - New scopes must have entries in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts`
--- a/.claude/commands/validate-integration.md
+++ b/.claude/commands/validate-integration.md
@@ -26,8 +26,9 @@ apps/sim/blocks/blocks/{service}.ts # Block definition
 apps/sim/tools/registry.ts          # Tool registry entries for this service
 apps/sim/blocks/registry.ts         # Block registry entry for this service
 apps/sim/components/icons.tsx        # Icon definition
-apps/sim/lib/auth/auth.ts           # OAuth scopes (if OAuth service)
-apps/sim/lib/oauth/oauth.ts         # OAuth provider config (if OAuth service)
+apps/sim/lib/auth/auth.ts           # OAuth config — should use getCanonicalScopesForProvider()
+apps/sim/lib/oauth/oauth.ts         # OAuth provider config — single source of truth for scopes
+apps/sim/lib/oauth/utils.ts               # Scope utilities, SCOPE_DESCRIPTIONS for modal UI
 ```

 ## Step 2: Pull API Documentation
@@ -199,11 +200,14 @@ For **each tool** in `tools.access`:

 ## Step 5: Validate OAuth Scopes (if OAuth service)

- [ ] `auth.ts` scopes include ALL scopes needed by ALL tools in the integration
- [ ] `oauth.ts` provider config scopes match `auth.ts` scopes
- [ ] Block `requiredScopes` (if defined) matches `auth.ts` scopes
+Scopes are centralized — the single source of truth is `OAUTH_PROVIDERS` in `lib/oauth/oauth.ts`.
+
+- [ ] Scopes defined in `lib/oauth/oauth.ts` under `OAUTH_PROVIDERS[provider].services[service].scopes`
+- [ ] `auth.ts` uses `getCanonicalScopesForProvider(providerId)` — NOT a hardcoded array
+- [ ] Block `requiredScopes` uses `getScopesForService(serviceId)` — NOT a hardcoded array
+- [ ] No hardcoded scope arrays in `auth.ts` or block files (should all use utility functions)
+- [ ] Each scope has a human-readable description in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts`
 - [ ] No excess scopes that aren't needed by any tool
- [ ] Each scope has a human-readable description in `oauth-required-modal.tsx`'s `SCOPE_DESCRIPTIONS`

 ## Step 6: Validate Pagination Consistency

@@ -244,7 +248,8 @@ Group findings by severity:
 - Missing `.trim()` on ID fields in request URLs
 - Missing `?? null` on nullable response fields
 - Block condition array missing an operation that uses that field
- Missing scope description in `oauth-required-modal.tsx`
+- Hardcoded scope arrays instead of using `getScopesForService()` / `getCanonicalScopesForProvider()`
+- Missing scope description in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts`

 **Suggestion** (minor improvements):
 - Better description text
@@ -273,7 +278,8 @@ After fixing, confirm:
 - [ ] Validated wandConfig on timestamps and complex inputs
 - [ ] Validated tools.config mapping, tool selector, and type coercions
 - [ ] Validated block outputs match what tools return, with typed JSON where possible
- [ ] Validated OAuth scopes alignment across auth.ts, oauth.ts, block, and modal (if OAuth)
+- [ ] Validated OAuth scopes use centralized utilities (getScopesForService, getCanonicalScopesForProvider) — no hardcoded arrays
+- [ ] Validated scope descriptions exist in `SCOPE_DESCRIPTIONS` within `lib/oauth/utils.ts` for all scopes
 - [ ] Validated pagination consistency across tools and block
 - [ ] Validated error handling (error checks, meaningful messages)
 - [ ] Validated registry entries (tools and block, alphabetical, correct imports)
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM oven/bun:1.3.9-alpine
+FROM oven/bun:1.3.10-alpine

 # Install necessary packages for development
 RUN apk add --no-cache \
--- a/.github/workflows/docs-embeddings.yml
+++ b/.github/workflows/docs-embeddings.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Setup Node
        uses: actions/setup-node@v4
--- a/.github/workflows/i18n.yml
+++ b/.github/workflows/i18n.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Cache Bun dependencies
        uses: actions/cache@v4
@@ -122,7 +122,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Cache Bun dependencies
        uses: actions/cache@v4
--- a/.github/workflows/migrations.yml
+++ b/.github/workflows/migrations.yml
@@ -19,7 +19,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Cache Bun dependencies
        uses: actions/cache@v4
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -19,7 +19,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Setup Node.js for npm publishing
        uses: actions/setup-node@v4
--- a/.github/workflows/publish-ts-sdk.yml
+++ b/.github/workflows/publish-ts-sdk.yml
@@ -19,7 +19,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Setup Node.js for npm publishing
        uses: actions/setup-node@v4
--- a/.github/workflows/test-build.yml
+++ b/.github/workflows/test-build.yml
@@ -19,7 +19,7 @@ jobs:
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: 1.3.9
+          bun-version: 1.3.10

      - name: Setup Node
        uses: actions/setup-node@v4
--- a/apps/docs/components/icons.tsx
+++ b/apps/docs/components/icons.tsx
@@ -710,6 +710,155 @@ export function PerplexityIcon(props: SVGProps<SVGSVGElement>) {
  )
 }

+export function ObsidianIcon(props: SVGProps<SVGSVGElement>) {
+  const id = useId()
+  const bl = `${id}-bl`
+  const tr = `${id}-tr`
+  const tl = `${id}-tl`
+  const br = `${id}-br`
+  const te = `${id}-te`
+  const le = `${id}-le`
+  const be = `${id}-be`
+  const me = `${id}-me`
+  const clip = `${id}-clip`
+  return (
+    <svg {...props} viewBox='0 0 512 512' fill='none' xmlns='http://www.w3.org/2000/svg'>
+      <radialGradient
+        id={bl}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(-59 -225 150 -39 161.4 470)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.4' />
+        <stop offset='1' stopOpacity='.1' />
+      </radialGradient>
+      <radialGradient
+        id={tr}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(50 -379 280 37 360 374.2)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.6' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.1' />
+      </radialGradient>
+      <radialGradient
+        id={tl}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(69 -319 218 47 175.4 307)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.8' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.4' />
+      </radialGradient>
+      <radialGradient
+        id={br}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(-96 -163 187 -111 335.3 512.2)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.3' />
+        <stop offset='1' stopOpacity='.3' />
+      </radialGradient>
+      <radialGradient
+        id={te}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(-36 166 -112 -24 310 128.2)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='0' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.2' />
+      </radialGradient>
+      <radialGradient
+        id={le}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(88 89 -190 187 111 220.2)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.2' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.4' />
+      </radialGradient>
+      <radialGradient
+        id={be}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(9 130 -276 20 215 284)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.2' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.3' />
+      </radialGradient>
+      <radialGradient
+        id={me}
+        cx='0'
+        cy='0'
+        gradientTransform='matrix(-198 -104 327 -623 400 399.2)'
+        gradientUnits='userSpaceOnUse'
+        r='1'
+      >
+        <stop offset='0' stopColor='#fff' stopOpacity='.2' />
+        <stop offset='.5' stopColor='#fff' stopOpacity='.2' />
+        <stop offset='1' stopColor='#fff' stopOpacity='.3' />
+      </radialGradient>
+      <clipPath id={clip}>
+        <path d='M.2.2h512v512H.2z' />
+      </clipPath>
+      <g clipPath={`url(#${clip})`}>
+        <path
+          d='M382.3 475.6c-3.1 23.4-26 41.6-48.7 35.3-32.4-8.9-69.9-22.8-103.6-25.4l-51.7-4a34 34 0 0 1-22-10.2l-89-91.7a34 34 0 0 1-6.7-37.7s55-121 57.1-127.3c2-6.3 9.6-61.2 14-90.6 1.2-7.9 5-15 11-20.3L248 8.9a34.1 34.1 0 0 1 49.6 4.3L386 125.6a37 37 0 0 1 7.6 22.4c0 21.3 1.8 65 13.6 93.2 11.5 27.3 32.5 57 43.5 71.5a17.3 17.3 0 0 1 1.3 19.2 1494 1494 0 0 1-44.8 70.6c-15 22.3-21.9 49.9-25 73.1z'
+          fill='#6c31e3'
+        />
+        <path
+          d='M165.9 478.3c41.4-84 40.2-144.2 22.6-187-16.2-39.6-46.3-64.5-70-80-.6 2.3-1.3 4.4-2.2 6.5L60.6 342a34 34 0 0 0 6.6 37.7l89.1 91.7a34 34 0 0 0 9.6 7z'
+          fill={`url(#${bl})`}
+        />
+        <path
+          d='M278.4 307.8c11.2 1.2 22.2 3.6 32.8 7.6 34 12.7 65 41.2 90.5 96.3 1.8-3.1 3.6-6.2 5.6-9.2a1536 1536 0 0 0 44.8-70.6 17 17 0 0 0-1.3-19.2c-11-14.6-32-44.2-43.5-71.5-11.8-28.2-13.5-72-13.6-93.2 0-8.1-2.6-16-7.6-22.4L297.6 13.2a34 34 0 0 0-1.5-1.7 96 96 0 0 1 2 54 198.3 198.3 0 0 1-17.6 41.3l-7.2 14.2a171 171 0 0 0-19.4 71c-1.2 29.4 4.8 66.4 24.5 115.8z'
+          fill={`url(#${tr})`}
+        />
+        <path
+          d='M278.4 307.8c-19.7-49.4-25.8-86.4-24.5-115.9a171 171 0 0 1 19.4-71c2.3-4.8 4.8-9.5 7.2-14.1 7.1-13.9 14-27 17.6-41.4a96 96 0 0 0-2-54A34.1 34.1 0 0 0 248 9l-105.4 94.8a34.1 34.1 0 0 0-10.9 20.3l-12.8 85-.5 2.3c23.8 15.5 54 40.4 70.1 80a147 147 0 0 1 7.8 24.8c28-6.8 55.7-11 82.1-8.3z'
+          fill={`url(#${tl})`}
+        />
+        <path
+          d='M333.6 511c22.7 6.2 45.6-12 48.7-35.4a187 187 0 0 1 19.4-63.9c-25.6-55-56.5-83.6-90.4-96.3-36-13.4-75.2-9-115 .7 8.9 40.4 3.6 93.3-30.4 162.2 4 1.8 8.1 3 12.5 3.3 0 0 24.4 2 53.6 4.1 29 2 72.4 17.1 101.6 25.2z'
+          fill={`url(#${br})`}
+        />
+        <g clipRule='evenodd' fillRule='evenodd'>
+          <path
+            d='M254.1 190c-1.3 29.2 2.4 62.8 22.1 112.1l-6.2-.5c-17.7-51.5-21.5-78-20.2-107.6a174.7 174.7 0 0 1 20.4-72c2.4-4.9 8-14.1 10.5-18.8 7.1-13.7 11.9-21 16-33.6 5.7-17.5 4.5-25.9 3.8-34.1 4.6 29.9-12.7 56-25.7 82.4a177.1 177.1 0 0 0-20.7 72z'
+            fill={`url(#${te})`}
+          />
+          <path
+            d='M194.3 293.4c2.4 5.4 4.6 9.8 6 16.5L195 311c-2.1-7.8-3.8-13.4-6.8-20-17.8-42-46.3-63.6-69.7-79.5 28.2 15.2 57.2 39 75.7 81.9z'
+            fill={`url(#${le})`}
+          />
+          <path
+            d='M200.6 315.1c9.8 46-1.2 104.2-33.6 160.9 27.1-56.2 40.2-110.1 29.3-160z'
+            fill={`url(#${be})`}
+          />
+          <path
+            d='M312.5 311c53.1 19.9 73.6 63.6 88.9 100-19-38.1-45.2-80.3-90.8-96-34.8-11.8-64.1-10.4-114.3 1l-1.1-5c53.2-12.1 81-13.5 117.3 0z'
+            fill={`url(#${me})`}
+          />
+        </g>
+      </g>
+    </svg>
+  )
+}
+
 export function NotionIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 50 50' width='1em' height='1em' {...props}>
@@ -1806,6 +1955,14 @@ export function Mem0Icon(props: SVGProps<SVGSVGElement>) {
  )
 }

+export function EvernoteIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg {...props} xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32' fill='#7fce2c'>
+      <path d='M29.343 16.818c.1 1.695-.08 3.368-.305 5.045-.225 1.712-.508 3.416-.964 5.084-.3 1.067-.673 2.1-1.202 3.074-.65 1.192-1.635 1.87-2.992 1.924l-3.832.036c-.636-.017-1.278-.146-1.9-.297-1.192-.3-1.862-1.1-2.06-2.3-.186-1.08-.173-2.187.04-3.264.252-1.23 1-1.96 2.234-2.103.817-.1 1.65-.077 2.476-.1.205-.007.275.098.203.287-.196.53-.236 1.07-.098 1.623.053.207-.023.307-.26.305a7.77 7.77 0 0 0-1.123.053c-.636.086-.96.47-.96 1.112 0 .205.026.416.066.622.103.507.45.78.944.837 1.123.127 2.247.138 3.37-.05.675-.114 1.08-.54 1.16-1.208.152-1.3.155-2.587-.228-3.845-.33-1.092-1.006-1.565-2.134-1.7l-3.36-.54c-1.06-.193-1.7-.887-1.92-1.9-.13-.572-.14-1.17-.214-1.757-.013-.106-.074-.208-.1-.3-.04.1-.106.212-.117.326-.066.68-.053 1.373-.185 2.04-.16.8-.404 1.566-.67 2.33-.185.535-.616.837-1.205.8a37.76 37.76 0 0 1-7.123-1.353l-.64-.207c-.927-.26-1.487-.903-1.74-1.787l-1-3.853-.74-4.3c-.115-.755-.2-1.523-.083-2.293.154-1.112.914-1.903 2.04-1.964l3.558-.062c.127 0 .254.003.373-.026a1.23 1.23 0 0 0 1.01-1.255l-.05-3.036c-.048-1.576.8-2.38 2.156-2.622a10.58 10.58 0 0 1 4.91.26c.933.275 1.467.923 1.715 1.83.058.22.146.3.37.287l2.582.01 3.333.37c.686.095 1.364.25 2.032.42 1.165.298 1.793 1.112 1.962 2.256l.357 3.355.3 5.577.01 2.277zm-4.534-1.155c-.02-.666-.07-1.267-.444-1.784a1.66 1.66 0 0 0-2.469-.15c-.364.4-.494.88-.564 1.4-.008.034.106.126.16.126l.8-.053c.768.007 1.523.113 2.25.393.066.026.136.04.265.077zM8.787 1.154a3.82 3.82 0 0 0-.278 1.592l.05 2.934c.005.357-.075.45-.433.45L5.1 6.156c-.583 0-1.143.1-1.554.278l5.2-5.332c.02.013.04.033.06.053z' />
+    </svg>
+  )
+}
+
 export function ElevenLabsIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
--- a/apps/docs/components/ui/icon-mapping.ts
+++ b/apps/docs/components/ui/icon-mapping.ts
@@ -40,6 +40,7 @@ import {
  ElasticsearchIcon,
  ElevenLabsIcon,
  EnrichSoIcon,
+  EvernoteIcon,
  ExaAIIcon,
  EyeIcon,
  FirecrawlIcon,
@@ -103,6 +104,7 @@ import {
  MySQLIcon,
  Neo4jIcon,
  NotionIcon,
+  ObsidianIcon,
  OnePasswordIcon,
  OpenAIIcon,
  OutlookIcon,
@@ -202,6 +204,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
  elasticsearch: ElasticsearchIcon,
  elevenlabs: ElevenLabsIcon,
  enrich: EnrichSoIcon,
+  evernote: EvernoteIcon,
  exa: ExaAIIcon,
  file_v3: DocumentIcon,
  firecrawl: FirecrawlIcon,
@@ -265,6 +268,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
  mysql: MySQLIcon,
  neo4j: Neo4jIcon,
  notion_v2: NotionIcon,
+  obsidian: ObsidianIcon,
  onedrive: MicrosoftOneDriveIcon,
  onepassword: OnePasswordIcon,
  openai: OpenAIIcon,
--- a/apps/docs/content/docs/en/tools/evernote.mdx
+++ b/apps/docs/content/docs/en/tools/evernote.mdx
@@ -0,0 +1,267 @@
+---
+title: Evernote
+description: Manage notes, notebooks, and tags in Evernote
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="evernote"
+  color="#E0E0E0"
+/>
+
+## Usage Instructions
+
+Integrate with Evernote to manage notes, notebooks, and tags. Create, read, update, copy, search, and delete notes. Create and list notebooks and tags.
+
+
+
+## Tools
+
+### `evernote_copy_note`
+
+Copy a note to another notebook in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `noteGuid` | string | Yes | GUID of the note to copy |
+| `toNotebookGuid` | string | Yes | GUID of the destination notebook |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `note` | object | The copied note metadata |
+|   ↳ `guid` | string | New note GUID |
+|   ↳ `title` | string | Note title |
+|   ↳ `notebookGuid` | string | GUID of the destination notebook |
+|   ↳ `created` | number | Creation timestamp in milliseconds |
+|   ↳ `updated` | number | Last updated timestamp in milliseconds |
+
+### `evernote_create_note`
+
+Create a new note in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `title` | string | Yes | Title of the note |
+| `content` | string | Yes | Content of the note \(plain text or ENML\) |
+| `notebookGuid` | string | No | GUID of the notebook to create the note in \(defaults to default notebook\) |
+| `tagNames` | string | No | Comma-separated list of tag names to apply |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `note` | object | The created note |
+|   ↳ `guid` | string | Unique identifier of the note |
+|   ↳ `title` | string | Title of the note |
+|   ↳ `content` | string | ENML content of the note |
+|   ↳ `notebookGuid` | string | GUID of the containing notebook |
+|   ↳ `tagNames` | array | Tag names applied to the note |
+|   ↳ `created` | number | Creation timestamp in milliseconds |
+|   ↳ `updated` | number | Last updated timestamp in milliseconds |
+
+### `evernote_create_notebook`
+
+Create a new notebook in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `name` | string | Yes | Name for the new notebook |
+| `stack` | string | No | Stack name to group the notebook under |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `notebook` | object | The created notebook |
+|   ↳ `guid` | string | Notebook GUID |
+|   ↳ `name` | string | Notebook name |
+|   ↳ `defaultNotebook` | boolean | Whether this is the default notebook |
+|   ↳ `serviceCreated` | number | Creation timestamp in milliseconds |
+|   ↳ `serviceUpdated` | number | Last updated timestamp in milliseconds |
+|   ↳ `stack` | string | Notebook stack name |
+
+### `evernote_create_tag`
+
+Create a new tag in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `name` | string | Yes | Name for the new tag |
+| `parentGuid` | string | No | GUID of the parent tag for hierarchy |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `tag` | object | The created tag |
+|   ↳ `guid` | string | Tag GUID |
+|   ↳ `name` | string | Tag name |
+|   ↳ `parentGuid` | string | Parent tag GUID |
+|   ↳ `updateSequenceNum` | number | Update sequence number |
+
+### `evernote_delete_note`
+
+Move a note to the trash in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `noteGuid` | string | Yes | GUID of the note to delete |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `success` | boolean | Whether the note was successfully deleted |
+| `noteGuid` | string | GUID of the deleted note |
+
+### `evernote_get_note`
+
+Retrieve a note from Evernote by its GUID
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `noteGuid` | string | Yes | GUID of the note to retrieve |
+| `withContent` | boolean | No | Whether to include note content \(default: true\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `note` | object | The retrieved note |
+|   ↳ `guid` | string | Unique identifier of the note |
+|   ↳ `title` | string | Title of the note |
+|   ↳ `content` | string | ENML content of the note |
+|   ↳ `contentLength` | number | Length of the note content |
+|   ↳ `notebookGuid` | string | GUID of the containing notebook |
+|   ↳ `tagGuids` | array | GUIDs of tags on the note |
+|   ↳ `tagNames` | array | Names of tags on the note |
+|   ↳ `created` | number | Creation timestamp in milliseconds |
+|   ↳ `updated` | number | Last updated timestamp in milliseconds |
+|   ↳ `active` | boolean | Whether the note is active \(not in trash\) |
+
+### `evernote_get_notebook`
+
+Retrieve a notebook from Evernote by its GUID
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `notebookGuid` | string | Yes | GUID of the notebook to retrieve |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `notebook` | object | The retrieved notebook |
+|   ↳ `guid` | string | Notebook GUID |
+|   ↳ `name` | string | Notebook name |
+|   ↳ `defaultNotebook` | boolean | Whether this is the default notebook |
+|   ↳ `serviceCreated` | number | Creation timestamp in milliseconds |
+|   ↳ `serviceUpdated` | number | Last updated timestamp in milliseconds |
+|   ↳ `stack` | string | Notebook stack name |
+
+### `evernote_list_notebooks`
+
+List all notebooks in an Evernote account
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `notebooks` | array | List of notebooks |
+
+### `evernote_list_tags`
+
+List all tags in an Evernote account
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `tags` | array | List of tags |
+
+### `evernote_search_notes`
+
+Search for notes in Evernote using the Evernote search grammar
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `query` | string | Yes | Search query using Evernote search grammar \(e.g., "tag:work intitle:meeting"\) |
+| `notebookGuid` | string | No | Restrict search to a specific notebook by GUID |
+| `offset` | number | No | Starting index for results \(default: 0\) |
+| `maxNotes` | number | No | Maximum number of notes to return \(default: 25\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `totalNotes` | number | Total number of matching notes |
+| `notes` | array | List of matching note metadata |
+
+### `evernote_update_note`
+
+Update an existing note in Evernote
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | Evernote developer token |
+| `noteGuid` | string | Yes | GUID of the note to update |
+| `title` | string | No | New title for the note |
+| `content` | string | No | New content for the note \(plain text or ENML\) |
+| `notebookGuid` | string | No | GUID of the notebook to move the note to |
+| `tagNames` | string | No | Comma-separated list of tag names \(replaces existing tags\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `note` | object | The updated note |
+|   ↳ `guid` | string | Unique identifier of the note |
+|   ↳ `title` | string | Title of the note |
+|   ↳ `content` | string | ENML content of the note |
+|   ↳ `notebookGuid` | string | GUID of the containing notebook |
+|   ↳ `tagNames` | array | Tag names on the note |
+|   ↳ `created` | number | Creation timestamp in milliseconds |
+|   ↳ `updated` | number | Last updated timestamp in milliseconds |
+
+
--- a/apps/docs/content/docs/en/tools/jira.mdx
+++ b/apps/docs/content/docs/en/tools/jira.mdx
@@ -1014,4 +1014,36 @@ Get Jira users. If an account ID is provided, returns a single user. Otherwise,
 | `startAt` | number | Pagination start index |
 | `maxResults` | number | Maximum results per page |

+### `jira_search_users`
+
+Search for Jira users by email address or display name. Returns matching users with their accountId, displayName, and emailAddress.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
+| `query` | string | Yes | A query string to search for users. Can be an email address, display name, or partial match. |
+| `maxResults` | number | No | Maximum number of users to return \(default: 50, max: 1000\) |
+| `startAt` | number | No | The index of the first user to return \(for pagination, default: 0\) |
+| `cloudId` | string | No | Jira Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `users` | array | Array of matching Jira users |
+|   ↳ `accountId` | string | Atlassian account ID of the user |
+|   ↳ `displayName` | string | Display name of the user |
+|   ↳ `active` | boolean | Whether the user account is active |
+|   ↳ `emailAddress` | string | Email address of the user |
+|   ↳ `accountType` | string | Type of account \(e.g., atlassian, app, customer\) |
+|   ↳ `avatarUrl` | string | URL to the user avatar \(48x48\) |
+|   ↳ `timeZone` | string | User timezone |
+|   ↳ `self` | string | REST API URL for this user |
+| `total` | number | Number of users returned in this page \(may be less than total matches\) |
+| `startAt` | number | Pagination start index |
+| `maxResults` | number | Maximum results per page |
+

--- a/apps/docs/content/docs/en/tools/meta.json
+++ b/apps/docs/content/docs/en/tools/meta.json
@@ -35,6 +35,7 @@
    "elasticsearch",
    "elevenlabs",
    "enrich",
+    "evernote",
    "exa",
    "file",
    "firecrawl",
@@ -98,6 +99,7 @@
    "mysql",
    "neo4j",
    "notion",
+    "obsidian",
    "onedrive",
    "onepassword",
    "openai",
--- a/apps/docs/content/docs/en/tools/obsidian.mdx
+++ b/apps/docs/content/docs/en/tools/obsidian.mdx
@@ -0,0 +1,323 @@
+---
+title: Obsidian
+description: Interact with your Obsidian vault via the Local REST API
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="obsidian"
+  color="#0F0F0F"
+/>
+
+## Usage Instructions
+
+Read, create, update, search, and delete notes in your Obsidian vault. Manage periodic notes, execute commands, and patch content at specific locations. Requires the Obsidian Local REST API plugin.
+
+
+
+## Tools
+
+### `obsidian_append_active`
+
+Append content to the currently active file in Obsidian
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `content` | string | Yes | Markdown content to append to the active file |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `appended` | boolean | Whether content was successfully appended |
+
+### `obsidian_append_note`
+
+Append content to an existing note in your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path to the note relative to vault root \(e.g. "folder/note.md"\) |
+| `content` | string | Yes | Markdown content to append to the note |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `filename` | string | Path of the note |
+| `appended` | boolean | Whether content was successfully appended |
+
+### `obsidian_append_periodic_note`
+
+Append content to the current periodic note (daily, weekly, monthly, quarterly, or yearly). Creates the note if it does not exist.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `period` | string | Yes | Period type: daily, weekly, monthly, quarterly, or yearly |
+| `content` | string | Yes | Markdown content to append to the periodic note |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `period` | string | Period type of the note |
+| `appended` | boolean | Whether content was successfully appended |
+
+### `obsidian_create_note`
+
+Create or replace a note in your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path for the note relative to vault root \(e.g. "folder/note.md"\) |
+| `content` | string | Yes | Markdown content for the note |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `filename` | string | Path of the created note |
+| `created` | boolean | Whether the note was successfully created |
+
+### `obsidian_delete_note`
+
+Delete a note from your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path to the note to delete relative to vault root |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `filename` | string | Path of the deleted note |
+| `deleted` | boolean | Whether the note was successfully deleted |
+
+### `obsidian_execute_command`
+
+Execute a command in Obsidian (e.g. open daily note, toggle sidebar)
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `commandId` | string | Yes | ID of the command to execute \(use List Commands operation to discover available commands\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `commandId` | string | ID of the executed command |
+| `executed` | boolean | Whether the command was successfully executed |
+
+### `obsidian_get_active`
+
+Retrieve the content of the currently active file in Obsidian
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `content` | string | Markdown content of the active file |
+| `filename` | string | Path to the active file |
+
+### `obsidian_get_note`
+
+Retrieve the content of a note from your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path to the note relative to vault root \(e.g. "folder/note.md"\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `content` | string | Markdown content of the note |
+| `filename` | string | Path to the note |
+
+### `obsidian_get_periodic_note`
+
+Retrieve the current periodic note (daily, weekly, monthly, quarterly, or yearly)
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `period` | string | Yes | Period type: daily, weekly, monthly, quarterly, or yearly |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `content` | string | Markdown content of the periodic note |
+| `period` | string | Period type of the note |
+
+### `obsidian_list_commands`
+
+List all available commands in Obsidian
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `commands` | json | List of available commands with IDs and names |
+|   ↳ `id` | string | Command identifier |
+|   ↳ `name` | string | Human-readable command name |
+
+### `obsidian_list_files`
+
+List files and directories in your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `path` | string | No | Directory path relative to vault root. Leave empty to list root. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `files` | json | List of files and directories |
+|   ↳ `path` | string | File or directory path |
+|   ↳ `type` | string | Whether the entry is a file or directory |
+
+### `obsidian_open_file`
+
+Open a file in the Obsidian UI (creates the file if it does not exist)
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path to the file relative to vault root |
+| `newLeaf` | boolean | No | Whether to open the file in a new leaf/tab |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `filename` | string | Path of the opened file |
+| `opened` | boolean | Whether the file was successfully opened |
+
+### `obsidian_patch_active`
+
+Insert or replace content at a specific heading, block reference, or frontmatter field in the active file
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `content` | string | Yes | Content to insert at the target location |
+| `operation` | string | Yes | How to insert content: append, prepend, or replace |
+| `targetType` | string | Yes | Type of target: heading, block, or frontmatter |
+| `target` | string | Yes | Target identifier \(heading text, block reference ID, or frontmatter field name\) |
+| `targetDelimiter` | string | No | Delimiter for nested headings \(default: "::"\) |
+| `trimTargetWhitespace` | boolean | No | Whether to trim whitespace from target before matching \(default: false\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `patched` | boolean | Whether the active file was successfully patched |
+
+### `obsidian_patch_note`
+
+Insert or replace content at a specific heading, block reference, or frontmatter field in a note
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `filename` | string | Yes | Path to the note relative to vault root \(e.g. "folder/note.md"\) |
+| `content` | string | Yes | Content to insert at the target location |
+| `operation` | string | Yes | How to insert content: append, prepend, or replace |
+| `targetType` | string | Yes | Type of target: heading, block, or frontmatter |
+| `target` | string | Yes | Target identifier \(heading text, block reference ID, or frontmatter field name\) |
+| `targetDelimiter` | string | No | Delimiter for nested headings \(default: "::"\) |
+| `trimTargetWhitespace` | boolean | No | Whether to trim whitespace from target before matching \(default: false\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `filename` | string | Path of the patched note |
+| `patched` | boolean | Whether the note was successfully patched |
+
+### `obsidian_search`
+
+Search for text across notes in your Obsidian vault
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `apiKey` | string | Yes | API key from Obsidian Local REST API plugin settings |
+| `baseUrl` | string | Yes | Base URL for the Obsidian Local REST API |
+| `query` | string | Yes | Text to search for across vault notes |
+| `contextLength` | number | No | Number of characters of context around each match \(default: 100\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `results` | json | Search results with filenames, scores, and matching contexts |
+|   ↳ `filename` | string | Path to the matching note |
+|   ↳ `score` | number | Relevance score |
+|   ↳ `matches` | json | Matching text contexts |
+|     ↳ `context` | string | Text surrounding the match |
+
+
--- a/apps/sim/app/api/a2a/serve/[agentId]/route.ts
+++ b/apps/sim/app/api/a2a/serve/[agentId]/route.ts
@@ -19,7 +19,6 @@ import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { SSE_HEADERS } from '@/lib/core/utils/sse'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { markExecutionCancelled } from '@/lib/execution/cancellation'
-import { decrementSSEConnections, incrementSSEConnections } from '@/lib/monitoring/sse-connections'
 import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
 import { getWorkspaceBilledAccountUserId } from '@/lib/workspaces/utils'
 import {
@@ -631,11 +630,9 @@ async function handleMessageStream(
  }

  const encoder = new TextEncoder()
-  let messageStreamDecremented = false

  const stream = new ReadableStream({
    async start(controller) {
-      incrementSSEConnections('a2a-message')
      const sendEvent = (event: string, data: unknown) => {
        try {
          const jsonRpcResponse = {
@@ -845,19 +842,10 @@ async function handleMessageStream(
        })
      } finally {
        await releaseLock(lockKey, lockValue)
-        if (!messageStreamDecremented) {
-          messageStreamDecremented = true
-          decrementSSEConnections('a2a-message')
-        }
        controller.close()
      }
    },
-    cancel() {
-      if (!messageStreamDecremented) {
-        messageStreamDecremented = true
-        decrementSSEConnections('a2a-message')
-      }
-    },
+    cancel() {},
  })

  return new NextResponse(stream, {
@@ -1042,22 +1030,16 @@ async function handleTaskResubscribe(
    { once: true }
  )

-  let sseDecremented = false
  const cleanup = () => {
    isCancelled = true
    if (pollTimeoutId) {
      clearTimeout(pollTimeoutId)
      pollTimeoutId = null
    }
-    if (!sseDecremented) {
-      sseDecremented = true
-      decrementSSEConnections('a2a-resubscribe')
-    }
  }

  const stream = new ReadableStream({
    async start(controller) {
-      incrementSSEConnections('a2a-resubscribe')
      const sendEvent = (event: string, data: unknown): boolean => {
        if (isCancelled || abortSignal.aborted) return false
        try {
--- a/apps/sim/app/api/auth/oauth/connections/route.test.ts
+++ b/apps/sim/app/api/auth/oauth/connections/route.test.ts
@@ -6,40 +6,33 @@
 import { createMockRequest } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'

-const {
-  mockGetSession,
-  mockDb,
-  mockLogger,
-  mockParseProvider,
-  mockEvaluateScopeCoverage,
-  mockJwtDecode,
-  mockEq,
-} = vi.hoisted(() => {
-  const db = {
-    select: vi.fn().mockReturnThis(),
-    from: vi.fn().mockReturnThis(),
-    where: vi.fn().mockReturnThis(),
-    limit: vi.fn(),
+const { mockGetSession, mockDb, mockLogger, mockParseProvider, mockJwtDecode, mockEq } = vi.hoisted(
+  () => {
+    const db = {
+      select: vi.fn().mockReturnThis(),
+      from: vi.fn().mockReturnThis(),
+      where: vi.fn().mockReturnThis(),
+      limit: vi.fn(),
+    }
+    const logger = {
+      info: vi.fn(),
+      warn: vi.fn(),
+      error: vi.fn(),
+      debug: vi.fn(),
+      trace: vi.fn(),
+      fatal: vi.fn(),
+      child: vi.fn(),
+    }
+    return {
+      mockGetSession: vi.fn(),
+      mockDb: db,
+      mockLogger: logger,
+      mockParseProvider: vi.fn(),
+      mockJwtDecode: vi.fn(),
+      mockEq: vi.fn((field: unknown, value: unknown) => ({ field, value, type: 'eq' })),
+    }
  }
-  const logger = {
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-    debug: vi.fn(),
-    trace: vi.fn(),
-    fatal: vi.fn(),
-    child: vi.fn(),
-  }
-  return {
-    mockGetSession: vi.fn(),
-    mockDb: db,
-    mockLogger: logger,
-    mockParseProvider: vi.fn(),
-    mockEvaluateScopeCoverage: vi.fn(),
-    mockJwtDecode: vi.fn(),
-    mockEq: vi.fn((field: unknown, value: unknown) => ({ field, value, type: 'eq' })),
-  }
-})
+)

 vi.mock('@/lib/auth', () => ({
  getSession: mockGetSession,
@@ -66,7 +59,6 @@ vi.mock('@sim/logger', () => ({

 vi.mock('@/lib/oauth/utils', () => ({
  parseProvider: mockParseProvider,
-  evaluateScopeCoverage: mockEvaluateScopeCoverage,
 }))

 import { GET } from '@/app/api/auth/oauth/connections/route'
@@ -83,16 +75,6 @@ describe('OAuth Connections API Route', () => {
      baseProvider: providerId.split('-')[0] || providerId,
      featureType: providerId.split('-')[1] || 'default',
    }))
-
-    mockEvaluateScopeCoverage.mockImplementation(
-      (_providerId: string, _grantedScopes: string[]) => ({
-        canonicalScopes: ['email', 'profile'],
-        grantedScopes: ['email', 'profile'],
-        missingScopes: [],
-        extraScopes: [],
-        requiresReauthorization: false,
-      })
-    )
  })

  it('should return connections successfully', async () => {
--- a/apps/sim/app/api/auth/oauth/connections/route.ts
+++ b/apps/sim/app/api/auth/oauth/connections/route.ts
@@ -6,7 +6,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
 import type { OAuthProvider } from '@/lib/oauth'
-import { evaluateScopeCoverage, parseProvider } from '@/lib/oauth'
+import { parseProvider } from '@/lib/oauth'

 const logger = createLogger('OAuthConnectionsAPI')

@@ -49,8 +49,7 @@ export async function GET(request: NextRequest) {

    for (const acc of accounts) {
      const { baseProvider, featureType } = parseProvider(acc.providerId as OAuthProvider)
-      const grantedScopes = acc.scope ? acc.scope.split(/\s+/).filter(Boolean) : []
-      const scopeEvaluation = evaluateScopeCoverage(acc.providerId, grantedScopes)
+      const scopes = acc.scope ? acc.scope.split(/\s+/).filter(Boolean) : []

      if (baseProvider) {
        // Try multiple methods to get a user-friendly display name
@@ -96,10 +95,6 @@ export async function GET(request: NextRequest) {
        const accountSummary = {
          id: acc.id,
          name: displayName,
-          scopes: scopeEvaluation.grantedScopes,
-          missingScopes: scopeEvaluation.missingScopes,
-          extraScopes: scopeEvaluation.extraScopes,
-          requiresReauthorization: scopeEvaluation.requiresReauthorization,
        }

        if (existingConnection) {
@@ -108,20 +103,8 @@ export async function GET(request: NextRequest) {
          existingConnection.accounts.push(accountSummary)

          existingConnection.scopes = Array.from(
-            new Set([...(existingConnection.scopes || []), ...scopeEvaluation.grantedScopes])
+            new Set([...(existingConnection.scopes || []), ...scopes])
          )
-          existingConnection.missingScopes = Array.from(
-            new Set([...(existingConnection.missingScopes || []), ...scopeEvaluation.missingScopes])
-          )
-          existingConnection.extraScopes = Array.from(
-            new Set([...(existingConnection.extraScopes || []), ...scopeEvaluation.extraScopes])
-          )
-          existingConnection.canonicalScopes =
-            existingConnection.canonicalScopes && existingConnection.canonicalScopes.length > 0
-              ? existingConnection.canonicalScopes
-              : scopeEvaluation.canonicalScopes
-          existingConnection.requiresReauthorization =
-            existingConnection.requiresReauthorization || scopeEvaluation.requiresReauthorization

          const existingTimestamp = existingConnection.lastConnected
            ? new Date(existingConnection.lastConnected).getTime()
@@ -138,11 +121,7 @@ export async function GET(request: NextRequest) {
            baseProvider,
            featureType,
            isConnected: true,
-            scopes: scopeEvaluation.grantedScopes,
-            canonicalScopes: scopeEvaluation.canonicalScopes,
-            missingScopes: scopeEvaluation.missingScopes,
-            extraScopes: scopeEvaluation.extraScopes,
-            requiresReauthorization: scopeEvaluation.requiresReauthorization,
+            scopes,
            lastConnected: acc.updatedAt.toISOString(),
            accounts: [accountSummary],
          })
--- a/apps/sim/app/api/auth/oauth/credentials/route.test.ts
+++ b/apps/sim/app/api/auth/oauth/credentials/route.test.ts
@@ -7,7 +7,7 @@
 import { NextRequest } from 'next/server'
 import { beforeEach, describe, expect, it, vi } from 'vitest'

-const { mockCheckSessionOrInternalAuth, mockEvaluateScopeCoverage, mockLogger } = vi.hoisted(() => {
+const { mockCheckSessionOrInternalAuth, mockLogger } = vi.hoisted(() => {
  const logger = {
    info: vi.fn(),
    warn: vi.fn(),
@@ -19,7 +19,6 @@ const { mockCheckSessionOrInternalAuth, mockEvaluateScopeCoverage, mockLogger }
  }
  return {
    mockCheckSessionOrInternalAuth: vi.fn(),
-    mockEvaluateScopeCoverage: vi.fn(),
    mockLogger: logger,
  }
 })
@@ -28,10 +27,6 @@ vi.mock('@/lib/auth/hybrid', () => ({
  checkSessionOrInternalAuth: mockCheckSessionOrInternalAuth,
 }))

-vi.mock('@/lib/oauth', () => ({
-  evaluateScopeCoverage: mockEvaluateScopeCoverage,
-}))
-
 vi.mock('@/lib/core/utils/request', () => ({
  generateRequestId: vi.fn().mockReturnValue('mock-request-id'),
 }))
@@ -87,16 +82,6 @@ describe('OAuth Credentials API Route', () => {

  beforeEach(() => {
    vi.clearAllMocks()
-
-    mockEvaluateScopeCoverage.mockImplementation(
-      (_providerId: string, grantedScopes: string[]) => ({
-        canonicalScopes: grantedScopes,
-        grantedScopes,
-        missingScopes: [],
-        extraScopes: [],
-        requiresReauthorization: false,
-      })
-    )
  })

  it('should handle unauthenticated user', async () => {
--- a/apps/sim/app/api/auth/oauth/credentials/route.ts
+++ b/apps/sim/app/api/auth/oauth/credentials/route.ts
@@ -7,7 +7,6 @@ import { z } from 'zod'
 import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { syncWorkspaceOAuthCredentialsForUser } from '@/lib/credentials/oauth'
-import { evaluateScopeCoverage } from '@/lib/oauth'
 import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
 import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'

@@ -39,8 +38,7 @@ function toCredentialResponse(
  scope: string | null
 ) {
  const storedScope = scope?.trim()
-  const grantedScopes = storedScope ? storedScope.split(/[\s,]+/).filter(Boolean) : []
-  const scopeEvaluation = evaluateScopeCoverage(providerId, grantedScopes)
+  const scopes = storedScope ? storedScope.split(/[\s,]+/).filter(Boolean) : []
  const [_, featureType = 'default'] = providerId.split('-')

  return {
@@ -49,11 +47,7 @@ function toCredentialResponse(
    provider: providerId,
    lastUsed: updatedAt.toISOString(),
    isDefault: featureType === 'default',
-    scopes: scopeEvaluation.grantedScopes,
-    canonicalScopes: scopeEvaluation.canonicalScopes,
-    missingScopes: scopeEvaluation.missingScopes,
-    extraScopes: scopeEvaluation.extraScopes,
-    requiresReauthorization: scopeEvaluation.requiresReauthorization,
+    scopes,
  }
 }

--- a/apps/sim/app/api/mcp/events/route.ts
+++ b/apps/sim/app/api/mcp/events/route.ts
@@ -14,7 +14,6 @@ import { getSession } from '@/lib/auth'
 import { SSE_HEADERS } from '@/lib/core/utils/sse'
 import { mcpConnectionManager } from '@/lib/mcp/connection-manager'
 import { mcpPubSub } from '@/lib/mcp/pubsub'
-import { decrementSSEConnections, incrementSSEConnections } from '@/lib/monitoring/sse-connections'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'

 const logger = createLogger('McpEventsSSE')
@@ -50,14 +49,11 @@ export async function GET(request: NextRequest) {
    for (const unsub of unsubscribers) {
      unsub()
    }
-    decrementSSEConnections('mcp-events')
    logger.info(`SSE connection closed for workspace ${workspaceId}`)
  }

  const stream = new ReadableStream({
    start(controller) {
-      incrementSSEConnections('mcp-events')
-
      const send = (eventName: string, data: Record<string, unknown>) => {
        if (cleaned) return
        try {
--- a/apps/sim/app/api/tools/airtable/bases/route.ts
+++ b/apps/sim/app/api/tools/airtable/bases/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('AirtableBasesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.airtable.com/v0/meta/bases', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Airtable bases', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Airtable bases', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const bases = (data.bases || []).map((base: { id: string; name: string }) => ({
+      id: base.id,
+      name: base.name,
+    }))
+
+    return NextResponse.json({ bases })
+  } catch (error) {
+    logger.error('Error processing Airtable bases request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Airtable bases', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/airtable/tables/route.ts
+++ b/apps/sim/app/api/tools/airtable/tables/route.ts
@@ -0,0 +1,95 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { validateAirtableId } from '@/lib/core/security/input-validation'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('AirtableTablesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, baseId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!baseId) {
+      logger.error('Missing baseId in request')
+      return NextResponse.json({ error: 'Base ID is required' }, { status: 400 })
+    }
+
+    const baseIdValidation = validateAirtableId(baseId, 'app', 'baseId')
+    if (!baseIdValidation.isValid) {
+      logger.error('Invalid baseId', { error: baseIdValidation.error })
+      return NextResponse.json({ error: baseIdValidation.error }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch(
+      `https://api.airtable.com/v0/meta/bases/${baseIdValidation.sanitized}/tables`,
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Airtable tables', {
+        status: response.status,
+        error: errorData,
+        baseId,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Airtable tables', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const tables = (data.tables || []).map((table: { id: string; name: string }) => ({
+      id: table.id,
+      name: table.name,
+    }))
+
+    return NextResponse.json({ tables })
+  } catch (error) {
+    logger.error('Error processing Airtable tables request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Airtable tables', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/asana/workspaces/route.ts
+++ b/apps/sim/app/api/tools/asana/workspaces/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('AsanaWorkspacesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://app.asana.com/api/1.0/workspaces', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Asana workspaces', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Asana workspaces', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const workspaces = (data.data || []).map((workspace: { gid: string; name: string }) => ({
+      id: workspace.gid,
+      name: workspace.name,
+    }))
+
+    return NextResponse.json({ workspaces })
+  } catch (error) {
+    logger.error('Error processing Asana workspaces request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Asana workspaces', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/attio/lists/route.ts
+++ b/apps/sim/app/api/tools/attio/lists/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('AttioListsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.attio.com/v2/lists', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Attio lists', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Attio lists', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const lists = (data.data || []).map((list: { api_slug: string; name: string }) => ({
+      id: list.api_slug,
+      name: list.name,
+    }))
+
+    return NextResponse.json({ lists })
+  } catch (error) {
+    logger.error('Error processing Attio lists request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Attio lists', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/attio/objects/route.ts
+++ b/apps/sim/app/api/tools/attio/objects/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('AttioObjectsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.attio.com/v2/objects', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Attio objects', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Attio objects', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const objects = (data.data || []).map((obj: { api_slug: string; singular_noun: string }) => ({
+      id: obj.api_slug,
+      name: obj.singular_noun,
+    }))
+
+    return NextResponse.json({ objects })
+  } catch (error) {
+    logger.error('Error processing Attio objects request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Attio objects', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/calcom/event-types/route.ts
+++ b/apps/sim/app/api/tools/calcom/event-types/route.ts
@@ -0,0 +1,83 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('CalcomEventTypesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.cal.com/v2/event-types', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+        'cal-api-version': '2024-06-14',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Cal.com event types', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Cal.com event types', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const eventTypes = (data.data || []).map(
+      (eventType: { id: number; title: string; slug: string }) => ({
+        id: String(eventType.id),
+        title: eventType.title,
+        slug: eventType.slug,
+      })
+    )
+
+    return NextResponse.json({ eventTypes })
+  } catch (error) {
+    logger.error('Error processing Cal.com event types request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Cal.com event types', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/calcom/schedules/route.ts
+++ b/apps/sim/app/api/tools/calcom/schedules/route.ts
@@ -0,0 +1,80 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('CalcomSchedulesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.cal.com/v2/schedules', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+        'cal-api-version': '2024-06-11',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Cal.com schedules', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Cal.com schedules', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const schedules = (data.data || []).map((schedule: { id: number; name: string }) => ({
+      id: String(schedule.id),
+      name: schedule.name,
+    }))
+
+    return NextResponse.json({ schedules })
+  } catch (error) {
+    logger.error('Error processing Cal.com schedules request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Cal.com schedules', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/confluence/selector-spaces/route.ts
+++ b/apps/sim/app/api/tools/confluence/selector-spaces/route.ts
@@ -0,0 +1,96 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluenceSelectorSpacesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, domain } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const cloudId = await getConfluenceCloudId(domain, accessToken)
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudIdValidation.sanitized}/wiki/api/v2/spaces?limit=250`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: errorData,
+      })
+      const errorMessage =
+        errorData?.message || `Failed to list Confluence spaces (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+    const spaces = (data.results || []).map((space: { id: string; name: string; key: string }) => ({
+      id: space.id,
+      name: space.name,
+      key: space.key,
+    }))
+
+    return NextResponse.json({ spaces })
+  } catch (error) {
+    logger.error('Error listing Confluence spaces:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/evernote/copy-note/route.ts
+++ b/apps/sim/app/api/tools/evernote/copy-note/route.ts
@@ -0,0 +1,38 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { copyNote } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteCopyNoteAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, noteGuid, toNotebookGuid } = body
+
+    if (!apiKey || !noteGuid || !toNotebookGuid) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey, noteGuid, and toNotebookGuid are required' },
+        { status: 400 }
+      )
+    }
+
+    const note = await copyNote(apiKey, noteGuid, toNotebookGuid)
+
+    return NextResponse.json({
+      success: true,
+      output: { note },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to copy note', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/create-note/route.ts
+++ b/apps/sim/app/api/tools/evernote/create-note/route.ts
@@ -0,0 +1,51 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { createNote } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteCreateNoteAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, title, content, notebookGuid, tagNames } = body
+
+    if (!apiKey || !title || !content) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey, title, and content are required' },
+        { status: 400 }
+      )
+    }
+
+    const parsedTags = tagNames
+      ? (() => {
+          const tags =
+            typeof tagNames === 'string'
+              ? tagNames
+                  .split(',')
+                  .map((t: string) => t.trim())
+                  .filter(Boolean)
+              : tagNames
+          return tags.length > 0 ? tags : undefined
+        })()
+      : undefined
+
+    const note = await createNote(apiKey, title, content, notebookGuid || undefined, parsedTags)
+
+    return NextResponse.json({
+      success: true,
+      output: { note },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to create note', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/create-notebook/route.ts
+++ b/apps/sim/app/api/tools/evernote/create-notebook/route.ts
@@ -0,0 +1,38 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { createNotebook } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteCreateNotebookAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, name, stack } = body
+
+    if (!apiKey || !name) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and name are required' },
+        { status: 400 }
+      )
+    }
+
+    const notebook = await createNotebook(apiKey, name, stack || undefined)
+
+    return NextResponse.json({
+      success: true,
+      output: { notebook },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to create notebook', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/create-tag/route.ts
+++ b/apps/sim/app/api/tools/evernote/create-tag/route.ts
@@ -0,0 +1,38 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { createTag } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteCreateTagAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, name, parentGuid } = body
+
+    if (!apiKey || !name) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and name are required' },
+        { status: 400 }
+      )
+    }
+
+    const tag = await createTag(apiKey, name, parentGuid || undefined)
+
+    return NextResponse.json({
+      success: true,
+      output: { tag },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to create tag', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/delete-note/route.ts
+++ b/apps/sim/app/api/tools/evernote/delete-note/route.ts
@@ -0,0 +1,41 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { deleteNote } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteDeleteNoteAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, noteGuid } = body
+
+    if (!apiKey || !noteGuid) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and noteGuid are required' },
+        { status: 400 }
+      )
+    }
+
+    await deleteNote(apiKey, noteGuid)
+
+    return NextResponse.json({
+      success: true,
+      output: {
+        success: true,
+        noteGuid,
+      },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to delete note', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/get-note/route.ts
+++ b/apps/sim/app/api/tools/evernote/get-note/route.ts
@@ -0,0 +1,38 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { getNote } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteGetNoteAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, noteGuid, withContent = true } = body
+
+    if (!apiKey || !noteGuid) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and noteGuid are required' },
+        { status: 400 }
+      )
+    }
+
+    const note = await getNote(apiKey, noteGuid, withContent)
+
+    return NextResponse.json({
+      success: true,
+      output: { note },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to get note', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/get-notebook/route.ts
+++ b/apps/sim/app/api/tools/evernote/get-notebook/route.ts
@@ -0,0 +1,38 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { getNotebook } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteGetNotebookAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, notebookGuid } = body
+
+    if (!apiKey || !notebookGuid) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and notebookGuid are required' },
+        { status: 400 }
+      )
+    }
+
+    const notebook = await getNotebook(apiKey, notebookGuid)
+
+    return NextResponse.json({
+      success: true,
+      output: { notebook },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to get notebook', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/lib/client.ts
+++ b/apps/sim/app/api/tools/evernote/lib/client.ts
@@ -0,0 +1,799 @@
+/**
+ * Evernote API client using Thrift binary protocol over HTTP.
+ * Implements only the NoteStore methods needed for the integration.
+ */
+
+import {
+  ThriftReader,
+  ThriftWriter,
+  TYPE_BOOL,
+  TYPE_I32,
+  TYPE_I64,
+  TYPE_LIST,
+  TYPE_STRING,
+  TYPE_STRUCT,
+} from './thrift'
+
+export interface EvernoteNotebook {
+  guid: string
+  name: string
+  defaultNotebook: boolean
+  serviceCreated: number | null
+  serviceUpdated: number | null
+  stack: string | null
+}
+
+export interface EvernoteNote {
+  guid: string
+  title: string
+  content: string | null
+  contentLength: number | null
+  created: number | null
+  updated: number | null
+  deleted: number | null
+  active: boolean
+  notebookGuid: string | null
+  tagGuids: string[]
+  tagNames: string[]
+}
+
+export interface EvernoteNoteMetadata {
+  guid: string
+  title: string | null
+  contentLength: number | null
+  created: number | null
+  updated: number | null
+  notebookGuid: string | null
+  tagGuids: string[]
+}
+
+export interface EvernoteTag {
+  guid: string
+  name: string
+  parentGuid: string | null
+  updateSequenceNum: number | null
+}
+
+export interface EvernoteSearchResult {
+  startIndex: number
+  totalNotes: number
+  notes: EvernoteNoteMetadata[]
+}
+
+/** Extract shard ID from an Evernote developer token */
+function extractShardId(token: string): string {
+  const match = token.match(/S=s(\d+)/)
+  if (!match) {
+    throw new Error('Invalid Evernote token format: cannot extract shard ID')
+  }
+  return `s${match[1]}`
+}
+
+/** Get the NoteStore URL for the given token */
+function getNoteStoreUrl(token: string): string {
+  const shardId = extractShardId(token)
+  const host = token.includes(':Sandbox') ? 'sandbox.evernote.com' : 'www.evernote.com'
+  return `https://${host}/shard/${shardId}/notestore`
+}
+
+/** Make a Thrift RPC call to the NoteStore */
+async function callNoteStore(token: string, writer: ThriftWriter): Promise<ThriftReader> {
+  const url = getNoteStoreUrl(token)
+  const body = writer.toBuffer()
+
+  const response = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-thrift',
+      Accept: 'application/x-thrift',
+    },
+    body: new Uint8Array(body),
+  })
+
+  if (!response.ok) {
+    throw new Error(`Evernote API HTTP error: ${response.status} ${response.statusText}`)
+  }
+
+  const arrayBuffer = await response.arrayBuffer()
+  const reader = new ThriftReader(arrayBuffer)
+  const msg = reader.readMessageBegin()
+
+  if (reader.isException(msg.type)) {
+    const ex = reader.readException()
+    throw new Error(`Evernote API error: ${ex.message}`)
+  }
+
+  return reader
+}
+
+/** Check for Evernote-specific exceptions in the response struct. Returns true if handled. */
+function checkEvernoteException(reader: ThriftReader, fieldId: number, fieldType: number): boolean {
+  if (fieldId === 1 && fieldType === TYPE_STRUCT) {
+    let message = ''
+    let errorCode = 0
+    reader.readStruct((r, fid, ftype) => {
+      if (fid === 1 && ftype === TYPE_I32) {
+        errorCode = r.readI32()
+      } else if (fid === 2 && ftype === TYPE_STRING) {
+        message = r.readString()
+      } else {
+        r.skip(ftype)
+      }
+    })
+    throw new Error(`Evernote error (${errorCode}): ${message}`)
+  }
+  if (fieldId === 2 && fieldType === TYPE_STRUCT) {
+    let message = ''
+    let errorCode = 0
+    reader.readStruct((r, fid, ftype) => {
+      if (fid === 1 && ftype === TYPE_I32) {
+        errorCode = r.readI32()
+      } else if (fid === 2 && ftype === TYPE_STRING) {
+        message = r.readString()
+      } else {
+        r.skip(ftype)
+      }
+    })
+    throw new Error(`Evernote system error (${errorCode}): ${message}`)
+  }
+  if (fieldId === 3 && fieldType === TYPE_STRUCT) {
+    let identifier = ''
+    let key = ''
+    reader.readStruct((r, fid, ftype) => {
+      if (fid === 1 && ftype === TYPE_STRING) {
+        identifier = r.readString()
+      } else if (fid === 2 && ftype === TYPE_STRING) {
+        key = r.readString()
+      } else {
+        r.skip(ftype)
+      }
+    })
+    throw new Error(`Evernote not found: ${identifier}${key ? ` (${key})` : ''}`)
+  }
+  return false
+}
+
+function readNotebook(reader: ThriftReader): EvernoteNotebook {
+  const notebook: EvernoteNotebook = {
+    guid: '',
+    name: '',
+    defaultNotebook: false,
+    serviceCreated: null,
+    serviceUpdated: null,
+    stack: null,
+  }
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    switch (fieldId) {
+      case 1:
+        if (fieldType === TYPE_STRING) notebook.guid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 2:
+        if (fieldType === TYPE_STRING) notebook.name = r.readString()
+        else r.skip(fieldType)
+        break
+      case 4:
+        if (fieldType === TYPE_BOOL) notebook.defaultNotebook = r.readBool()
+        else r.skip(fieldType)
+        break
+      case 5:
+        if (fieldType === TYPE_I64) notebook.serviceCreated = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 6:
+        if (fieldType === TYPE_I64) notebook.serviceUpdated = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 9:
+        if (fieldType === TYPE_STRING) notebook.stack = r.readString()
+        else r.skip(fieldType)
+        break
+      default:
+        r.skip(fieldType)
+    }
+  })
+
+  return notebook
+}
+
+function readNote(reader: ThriftReader): EvernoteNote {
+  const note: EvernoteNote = {
+    guid: '',
+    title: '',
+    content: null,
+    contentLength: null,
+    created: null,
+    updated: null,
+    deleted: null,
+    active: true,
+    notebookGuid: null,
+    tagGuids: [],
+    tagNames: [],
+  }
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    switch (fieldId) {
+      case 1:
+        if (fieldType === TYPE_STRING) note.guid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 2:
+        if (fieldType === TYPE_STRING) note.title = r.readString()
+        else r.skip(fieldType)
+        break
+      case 3:
+        if (fieldType === TYPE_STRING) note.content = r.readString()
+        else r.skip(fieldType)
+        break
+      case 5:
+        if (fieldType === TYPE_I32) note.contentLength = r.readI32()
+        else r.skip(fieldType)
+        break
+      case 6:
+        if (fieldType === TYPE_I64) note.created = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 7:
+        if (fieldType === TYPE_I64) note.updated = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 8:
+        if (fieldType === TYPE_I64) note.deleted = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 9:
+        if (fieldType === TYPE_BOOL) note.active = r.readBool()
+        else r.skip(fieldType)
+        break
+      case 11:
+        if (fieldType === TYPE_STRING) note.notebookGuid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 12:
+        if (fieldType === TYPE_LIST) {
+          const { size } = r.readListBegin()
+          for (let i = 0; i < size; i++) {
+            note.tagGuids.push(r.readString())
+          }
+        } else {
+          r.skip(fieldType)
+        }
+        break
+      case 15:
+        if (fieldType === TYPE_LIST) {
+          const { size } = r.readListBegin()
+          for (let i = 0; i < size; i++) {
+            note.tagNames.push(r.readString())
+          }
+        } else {
+          r.skip(fieldType)
+        }
+        break
+      default:
+        r.skip(fieldType)
+    }
+  })
+
+  return note
+}
+
+function readTag(reader: ThriftReader): EvernoteTag {
+  const tag: EvernoteTag = {
+    guid: '',
+    name: '',
+    parentGuid: null,
+    updateSequenceNum: null,
+  }
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    switch (fieldId) {
+      case 1:
+        if (fieldType === TYPE_STRING) tag.guid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 2:
+        if (fieldType === TYPE_STRING) tag.name = r.readString()
+        else r.skip(fieldType)
+        break
+      case 3:
+        if (fieldType === TYPE_STRING) tag.parentGuid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 4:
+        if (fieldType === TYPE_I32) tag.updateSequenceNum = r.readI32()
+        else r.skip(fieldType)
+        break
+      default:
+        r.skip(fieldType)
+    }
+  })
+
+  return tag
+}
+
+function readNoteMetadata(reader: ThriftReader): EvernoteNoteMetadata {
+  const meta: EvernoteNoteMetadata = {
+    guid: '',
+    title: null,
+    contentLength: null,
+    created: null,
+    updated: null,
+    notebookGuid: null,
+    tagGuids: [],
+  }
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    switch (fieldId) {
+      case 1:
+        if (fieldType === TYPE_STRING) meta.guid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 2:
+        if (fieldType === TYPE_STRING) meta.title = r.readString()
+        else r.skip(fieldType)
+        break
+      case 5:
+        if (fieldType === TYPE_I32) meta.contentLength = r.readI32()
+        else r.skip(fieldType)
+        break
+      case 6:
+        if (fieldType === TYPE_I64) meta.created = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 7:
+        if (fieldType === TYPE_I64) meta.updated = Number(r.readI64())
+        else r.skip(fieldType)
+        break
+      case 11:
+        if (fieldType === TYPE_STRING) meta.notebookGuid = r.readString()
+        else r.skip(fieldType)
+        break
+      case 12:
+        if (fieldType === TYPE_LIST) {
+          const { size } = r.readListBegin()
+          for (let i = 0; i < size; i++) {
+            meta.tagGuids.push(r.readString())
+          }
+        } else {
+          r.skip(fieldType)
+        }
+        break
+      default:
+        r.skip(fieldType)
+    }
+  })
+
+  return meta
+}
+
+export async function listNotebooks(token: string): Promise<EvernoteNotebook[]> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('listNotebooks', 0)
+  writer.writeStringField(1, token)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  const notebooks: EvernoteNotebook[] = []
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_LIST) {
+      const { size } = r.readListBegin()
+      for (let i = 0; i < size; i++) {
+        notebooks.push(readNotebook(r))
+      }
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  return notebooks
+}
+
+export async function getNote(
+  token: string,
+  guid: string,
+  withContent = true
+): Promise<EvernoteNote> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('getNote', 0)
+  writer.writeStringField(1, token)
+  writer.writeStringField(2, guid)
+  writer.writeBoolField(3, withContent)
+  writer.writeBoolField(4, false)
+  writer.writeBoolField(5, false)
+  writer.writeBoolField(6, false)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let note: EvernoteNote | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      note = readNote(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!note) {
+    throw new Error('No note returned from Evernote API')
+  }
+
+  return note
+}
+
+/** Wrap content in ENML if it's not already */
+function wrapInEnml(content: string): string {
+  if (content.includes('<!DOCTYPE en-note')) {
+    return content
+  }
+  const escaped = content
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/\n/g, '<br/>')
+  return `<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE en-note SYSTEM "http://xml.evernote.com/pub/enml2.dtd"><en-note>${escaped}</en-note>`
+}
+
+export async function createNote(
+  token: string,
+  title: string,
+  content: string,
+  notebookGuid?: string,
+  tagNames?: string[]
+): Promise<EvernoteNote> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('createNote', 0)
+  writer.writeStringField(1, token)
+
+  writer.writeFieldBegin(TYPE_STRUCT, 2)
+  writer.writeStringField(2, title)
+  writer.writeStringField(3, wrapInEnml(content))
+  if (notebookGuid) {
+    writer.writeStringField(11, notebookGuid)
+  }
+  if (tagNames && tagNames.length > 0) {
+    writer.writeStringListField(15, tagNames)
+  }
+  writer.writeFieldStop()
+
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let note: EvernoteNote | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      note = readNote(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!note) {
+    throw new Error('No note returned from Evernote API')
+  }
+
+  return note
+}
+
+export async function updateNote(
+  token: string,
+  guid: string,
+  title?: string,
+  content?: string,
+  notebookGuid?: string,
+  tagNames?: string[]
+): Promise<EvernoteNote> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('updateNote', 0)
+  writer.writeStringField(1, token)
+
+  writer.writeFieldBegin(TYPE_STRUCT, 2)
+  writer.writeStringField(1, guid)
+  if (title !== undefined) {
+    writer.writeStringField(2, title)
+  }
+  if (content !== undefined) {
+    writer.writeStringField(3, wrapInEnml(content))
+  }
+  if (notebookGuid !== undefined) {
+    writer.writeStringField(11, notebookGuid)
+  }
+  if (tagNames !== undefined) {
+    writer.writeStringListField(15, tagNames)
+  }
+  writer.writeFieldStop()
+
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let note: EvernoteNote | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      note = readNote(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!note) {
+    throw new Error('No note returned from Evernote API')
+  }
+
+  return note
+}
+
+export async function deleteNote(token: string, guid: string): Promise<number> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('deleteNote', 0)
+  writer.writeStringField(1, token)
+  writer.writeStringField(2, guid)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let usn = 0
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_I32) {
+      usn = r.readI32()
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  return usn
+}
+
+export async function searchNotes(
+  token: string,
+  query: string,
+  notebookGuid?: string,
+  offset = 0,
+  maxNotes = 25
+): Promise<EvernoteSearchResult> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('findNotesMetadata', 0)
+  writer.writeStringField(1, token)
+
+  // NoteFilter (field 2)
+  writer.writeFieldBegin(TYPE_STRUCT, 2)
+  if (query) {
+    writer.writeStringField(3, query)
+  }
+  if (notebookGuid) {
+    writer.writeStringField(4, notebookGuid)
+  }
+  writer.writeFieldStop()
+
+  // offset (field 3)
+  writer.writeI32Field(3, offset)
+  // maxNotes (field 4)
+  writer.writeI32Field(4, maxNotes)
+
+  // NotesMetadataResultSpec (field 5)
+  writer.writeFieldBegin(TYPE_STRUCT, 5)
+  writer.writeBoolField(2, true) // includeTitle
+  writer.writeBoolField(5, true) // includeContentLength
+  writer.writeBoolField(6, true) // includeCreated
+  writer.writeBoolField(7, true) // includeUpdated
+  writer.writeBoolField(11, true) // includeNotebookGuid
+  writer.writeBoolField(12, true) // includeTagGuids
+  writer.writeFieldStop()
+
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  const result: EvernoteSearchResult = {
+    startIndex: 0,
+    totalNotes: 0,
+    notes: [],
+  }
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      r.readStruct((r2, fid2, ftype2) => {
+        switch (fid2) {
+          case 1:
+            if (ftype2 === TYPE_I32) result.startIndex = r2.readI32()
+            else r2.skip(ftype2)
+            break
+          case 2:
+            if (ftype2 === TYPE_I32) result.totalNotes = r2.readI32()
+            else r2.skip(ftype2)
+            break
+          case 3:
+            if (ftype2 === TYPE_LIST) {
+              const { size } = r2.readListBegin()
+              for (let i = 0; i < size; i++) {
+                result.notes.push(readNoteMetadata(r2))
+              }
+            } else {
+              r2.skip(ftype2)
+            }
+            break
+          default:
+            r2.skip(ftype2)
+        }
+      })
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  return result
+}
+
+export async function getNotebook(token: string, guid: string): Promise<EvernoteNotebook> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('getNotebook', 0)
+  writer.writeStringField(1, token)
+  writer.writeStringField(2, guid)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let notebook: EvernoteNotebook | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      notebook = readNotebook(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!notebook) {
+    throw new Error('No notebook returned from Evernote API')
+  }
+
+  return notebook
+}
+
+export async function createNotebook(
+  token: string,
+  name: string,
+  stack?: string
+): Promise<EvernoteNotebook> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('createNotebook', 0)
+  writer.writeStringField(1, token)
+
+  writer.writeFieldBegin(TYPE_STRUCT, 2)
+  writer.writeStringField(2, name)
+  if (stack) {
+    writer.writeStringField(9, stack)
+  }
+  writer.writeFieldStop()
+
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let notebook: EvernoteNotebook | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      notebook = readNotebook(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!notebook) {
+    throw new Error('No notebook returned from Evernote API')
+  }
+
+  return notebook
+}
+
+export async function listTags(token: string): Promise<EvernoteTag[]> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('listTags', 0)
+  writer.writeStringField(1, token)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  const tags: EvernoteTag[] = []
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_LIST) {
+      const { size } = r.readListBegin()
+      for (let i = 0; i < size; i++) {
+        tags.push(readTag(r))
+      }
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  return tags
+}
+
+export async function createTag(
+  token: string,
+  name: string,
+  parentGuid?: string
+): Promise<EvernoteTag> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('createTag', 0)
+  writer.writeStringField(1, token)
+
+  writer.writeFieldBegin(TYPE_STRUCT, 2)
+  writer.writeStringField(2, name)
+  if (parentGuid) {
+    writer.writeStringField(3, parentGuid)
+  }
+  writer.writeFieldStop()
+
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let tag: EvernoteTag | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      tag = readTag(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!tag) {
+    throw new Error('No tag returned from Evernote API')
+  }
+
+  return tag
+}
+
+export async function copyNote(
+  token: string,
+  noteGuid: string,
+  toNotebookGuid: string
+): Promise<EvernoteNote> {
+  const writer = new ThriftWriter()
+  writer.writeMessageBegin('copyNote', 0)
+  writer.writeStringField(1, token)
+  writer.writeStringField(2, noteGuid)
+  writer.writeStringField(3, toNotebookGuid)
+  writer.writeFieldStop()
+
+  const reader = await callNoteStore(token, writer)
+  let note: EvernoteNote | null = null
+
+  reader.readStruct((r, fieldId, fieldType) => {
+    if (fieldId === 0 && fieldType === TYPE_STRUCT) {
+      note = readNote(r)
+    } else {
+      if (!checkEvernoteException(r, fieldId, fieldType)) {
+        r.skip(fieldType)
+      }
+    }
+  })
+
+  if (!note) {
+    throw new Error('No note returned from Evernote API')
+  }
+
+  return note
+}
--- a/apps/sim/app/api/tools/evernote/lib/thrift.ts
+++ b/apps/sim/app/api/tools/evernote/lib/thrift.ts
@@ -0,0 +1,255 @@
+/**
+ * Minimal Thrift binary protocol encoder/decoder for Evernote API.
+ * Supports only the types needed for NoteStore operations.
+ */
+
+const THRIFT_VERSION_1 = 0x80010000
+const MESSAGE_CALL = 1
+const MESSAGE_EXCEPTION = 3
+
+const TYPE_STOP = 0
+const TYPE_BOOL = 2
+const TYPE_I32 = 8
+const TYPE_I64 = 10
+const TYPE_STRING = 11
+const TYPE_STRUCT = 12
+const TYPE_LIST = 15
+
+export class ThriftWriter {
+  private buffer: number[] = []
+
+  writeMessageBegin(name: string, seqId: number): void {
+    this.writeI32(THRIFT_VERSION_1 | MESSAGE_CALL)
+    this.writeString(name)
+    this.writeI32(seqId)
+  }
+
+  writeFieldBegin(type: number, id: number): void {
+    this.buffer.push(type)
+    this.writeI16(id)
+  }
+
+  writeFieldStop(): void {
+    this.buffer.push(TYPE_STOP)
+  }
+
+  writeString(value: string): void {
+    const encoded = new TextEncoder().encode(value)
+    this.writeI32(encoded.length)
+    for (const byte of encoded) {
+      this.buffer.push(byte)
+    }
+  }
+
+  writeBool(value: boolean): void {
+    this.buffer.push(value ? 1 : 0)
+  }
+
+  writeI16(value: number): void {
+    this.buffer.push((value >> 8) & 0xff)
+    this.buffer.push(value & 0xff)
+  }
+
+  writeI32(value: number): void {
+    this.buffer.push((value >> 24) & 0xff)
+    this.buffer.push((value >> 16) & 0xff)
+    this.buffer.push((value >> 8) & 0xff)
+    this.buffer.push(value & 0xff)
+  }
+
+  writeI64(value: bigint): void {
+    const buf = new ArrayBuffer(8)
+    const view = new DataView(buf)
+    view.setBigInt64(0, value, false)
+    for (let i = 0; i < 8; i++) {
+      this.buffer.push(view.getUint8(i))
+    }
+  }
+
+  writeStringField(id: number, value: string): void {
+    this.writeFieldBegin(TYPE_STRING, id)
+    this.writeString(value)
+  }
+
+  writeBoolField(id: number, value: boolean): void {
+    this.writeFieldBegin(TYPE_BOOL, id)
+    this.writeBool(value)
+  }
+
+  writeI32Field(id: number, value: number): void {
+    this.writeFieldBegin(TYPE_I32, id)
+    this.writeI32(value)
+  }
+
+  writeStringListField(id: number, values: string[]): void {
+    this.writeFieldBegin(TYPE_LIST, id)
+    this.buffer.push(TYPE_STRING)
+    this.writeI32(values.length)
+    for (const v of values) {
+      this.writeString(v)
+    }
+  }
+
+  toBuffer(): Buffer {
+    return Buffer.from(this.buffer)
+  }
+}
+
+export class ThriftReader {
+  private view: DataView
+  private pos = 0
+
+  constructor(buffer: ArrayBuffer) {
+    this.view = new DataView(buffer)
+  }
+
+  readMessageBegin(): { name: string; type: number; seqId: number } {
+    const versionAndType = this.readI32()
+    const version = versionAndType & 0xffff0000
+    if (version !== (THRIFT_VERSION_1 | 0)) {
+      throw new Error(`Unsupported Thrift version: 0x${version.toString(16)}`)
+    }
+    const type = versionAndType & 0x000000ff
+    const name = this.readString()
+    const seqId = this.readI32()
+    return { name, type, seqId }
+  }
+
+  readFieldBegin(): { type: number; id: number } {
+    const type = this.view.getUint8(this.pos++)
+    if (type === TYPE_STOP) {
+      return { type: TYPE_STOP, id: 0 }
+    }
+    const id = this.view.getInt16(this.pos, false)
+    this.pos += 2
+    return { type, id }
+  }
+
+  readString(): string {
+    const length = this.readI32()
+    const bytes = new Uint8Array(this.view.buffer, this.pos, length)
+    this.pos += length
+    return new TextDecoder().decode(bytes)
+  }
+
+  readBool(): boolean {
+    return this.view.getUint8(this.pos++) !== 0
+  }
+
+  readI32(): number {
+    const value = this.view.getInt32(this.pos, false)
+    this.pos += 4
+    return value
+  }
+
+  readI64(): bigint {
+    const value = this.view.getBigInt64(this.pos, false)
+    this.pos += 8
+    return value
+  }
+
+  readBinary(): Uint8Array {
+    const length = this.readI32()
+    const bytes = new Uint8Array(this.view.buffer, this.pos, length)
+    this.pos += length
+    return bytes
+  }
+
+  readListBegin(): { elementType: number; size: number } {
+    const elementType = this.view.getUint8(this.pos++)
+    const size = this.readI32()
+    return { elementType, size }
+  }
+
+  /** Skip a value of the given Thrift type */
+  skip(type: number): void {
+    switch (type) {
+      case TYPE_BOOL:
+        this.pos += 1
+        break
+      case 6: // I16
+        this.pos += 2
+        break
+      case 3: // BYTE
+        this.pos += 1
+        break
+      case TYPE_I32:
+        this.pos += 4
+        break
+      case TYPE_I64:
+      case 4: // DOUBLE
+        this.pos += 8
+        break
+      case TYPE_STRING: {
+        const len = this.readI32()
+        this.pos += len
+        break
+      }
+      case TYPE_STRUCT:
+        this.skipStruct()
+        break
+      case TYPE_LIST:
+      case 14: {
+        // SET
+        const { elementType, size } = this.readListBegin()
+        for (let i = 0; i < size; i++) {
+          this.skip(elementType)
+        }
+        break
+      }
+      case 13: {
+        // MAP
+        const keyType = this.view.getUint8(this.pos++)
+        const valueType = this.view.getUint8(this.pos++)
+        const count = this.readI32()
+        for (let i = 0; i < count; i++) {
+          this.skip(keyType)
+          this.skip(valueType)
+        }
+        break
+      }
+      default:
+        throw new Error(`Cannot skip unknown Thrift type: ${type}`)
+    }
+  }
+
+  private skipStruct(): void {
+    for (;;) {
+      const { type } = this.readFieldBegin()
+      if (type === TYPE_STOP) break
+      this.skip(type)
+    }
+  }
+
+  /** Read struct fields, calling the handler for each field */
+  readStruct<T>(handler: (reader: ThriftReader, fieldId: number, fieldType: number) => void): void {
+    for (;;) {
+      const { type, id } = this.readFieldBegin()
+      if (type === TYPE_STOP) break
+      handler(this, id, type)
+    }
+  }
+
+  /** Check if this is an exception response */
+  isException(messageType: number): boolean {
+    return messageType === MESSAGE_EXCEPTION
+  }
+
+  /** Read a Thrift application exception */
+  readException(): { message: string; type: number } {
+    let message = ''
+    let type = 0
+    this.readStruct((reader, fieldId, fieldType) => {
+      if (fieldId === 1 && fieldType === TYPE_STRING) {
+        message = reader.readString()
+      } else if (fieldId === 2 && fieldType === TYPE_I32) {
+        type = reader.readI32()
+      } else {
+        reader.skip(fieldType)
+      }
+    })
+    return { message, type }
+  }
+}
+
+export { TYPE_BOOL, TYPE_I32, TYPE_I64, TYPE_LIST, TYPE_STOP, TYPE_STRING, TYPE_STRUCT }
--- a/apps/sim/app/api/tools/evernote/list-notebooks/route.ts
+++ b/apps/sim/app/api/tools/evernote/list-notebooks/route.ts
@@ -0,0 +1,35 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { listNotebooks } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteListNotebooksAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey } = body
+
+    if (!apiKey) {
+      return NextResponse.json({ success: false, error: 'apiKey is required' }, { status: 400 })
+    }
+
+    const notebooks = await listNotebooks(apiKey)
+
+    return NextResponse.json({
+      success: true,
+      output: { notebooks },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to list notebooks', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/list-tags/route.ts
+++ b/apps/sim/app/api/tools/evernote/list-tags/route.ts
@@ -0,0 +1,35 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { listTags } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteListTagsAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey } = body
+
+    if (!apiKey) {
+      return NextResponse.json({ success: false, error: 'apiKey is required' }, { status: 400 })
+    }
+
+    const tags = await listTags(apiKey)
+
+    return NextResponse.json({
+      success: true,
+      output: { tags },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to list tags', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/search-notes/route.ts
+++ b/apps/sim/app/api/tools/evernote/search-notes/route.ts
@@ -0,0 +1,49 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { searchNotes } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteSearchNotesAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, query, notebookGuid, offset = 0, maxNotes = 25 } = body
+
+    if (!apiKey || !query) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and query are required' },
+        { status: 400 }
+      )
+    }
+
+    const clampedMaxNotes = Math.min(Math.max(Number(maxNotes) || 25, 1), 250)
+
+    const result = await searchNotes(
+      apiKey,
+      query,
+      notebookGuid || undefined,
+      Number(offset),
+      clampedMaxNotes
+    )
+
+    return NextResponse.json({
+      success: true,
+      output: {
+        totalNotes: result.totalNotes,
+        notes: result.notes,
+      },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to search notes', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/evernote/update-note/route.ts
+++ b/apps/sim/app/api/tools/evernote/update-note/route.ts
@@ -0,0 +1,58 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { updateNote } from '@/app/api/tools/evernote/lib/client'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('EvernoteUpdateNoteAPI')
+
+export async function POST(request: NextRequest) {
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const body = await request.json()
+    const { apiKey, noteGuid, title, content, notebookGuid, tagNames } = body
+
+    if (!apiKey || !noteGuid) {
+      return NextResponse.json(
+        { success: false, error: 'apiKey and noteGuid are required' },
+        { status: 400 }
+      )
+    }
+
+    const parsedTags = tagNames
+      ? (() => {
+          const tags =
+            typeof tagNames === 'string'
+              ? tagNames
+                  .split(',')
+                  .map((t: string) => t.trim())
+                  .filter(Boolean)
+              : tagNames
+          return tags.length > 0 ? tags : undefined
+        })()
+      : undefined
+
+    const note = await updateNote(
+      apiKey,
+      noteGuid,
+      title || undefined,
+      content || undefined,
+      notebookGuid || undefined,
+      parsedTags
+    )
+
+    return NextResponse.json({
+      success: true,
+      output: { note },
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Failed to update note', { error: message })
+    return NextResponse.json({ success: false, error: message }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/google_bigquery/datasets/route.ts
+++ b/apps/sim/app/api/tools/google_bigquery/datasets/route.ts
@@ -0,0 +1,100 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('GoogleBigQueryDatasetsAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * POST /api/tools/google_bigquery/datasets
+ *
+ * Fetches the list of BigQuery datasets for a given project using the caller's OAuth credential.
+ *
+ * @param request - Incoming request containing `credential`, `workflowId`, and `projectId` in the JSON body
+ * @returns JSON response with a `datasets` array, each entry containing `datasetReference` and optional `friendlyName`
+ */
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, projectId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!projectId) {
+      logger.error('Missing project ID in request')
+      return NextResponse.json({ error: 'Project ID is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch(
+      `https://bigquery.googleapis.com/bigquery/v2/projects/${encodeURIComponent(projectId)}/datasets?maxResults=200`,
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch BigQuery datasets', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch BigQuery datasets', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const datasets = (data.datasets || []).map(
+      (ds: {
+        datasetReference: { datasetId: string; projectId: string }
+        friendlyName?: string
+      }) => ({
+        datasetReference: ds.datasetReference,
+        friendlyName: ds.friendlyName,
+      })
+    )
+
+    return NextResponse.json({ datasets })
+  } catch (error) {
+    logger.error('Error processing BigQuery datasets request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve BigQuery datasets', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/google_bigquery/tables/route.ts
+++ b/apps/sim/app/api/tools/google_bigquery/tables/route.ts
@@ -0,0 +1,94 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('GoogleBigQueryTablesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, projectId, datasetId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!projectId) {
+      logger.error('Missing project ID in request')
+      return NextResponse.json({ error: 'Project ID is required' }, { status: 400 })
+    }
+
+    if (!datasetId) {
+      logger.error('Missing dataset ID in request')
+      return NextResponse.json({ error: 'Dataset ID is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch(
+      `https://bigquery.googleapis.com/bigquery/v2/projects/${encodeURIComponent(projectId)}/datasets/${encodeURIComponent(datasetId)}/tables?maxResults=200`,
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch BigQuery tables', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch BigQuery tables', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const tables = (data.tables || []).map(
+      (t: { tableReference: { tableId: string }; friendlyName?: string }) => ({
+        tableReference: t.tableReference,
+        friendlyName: t.friendlyName,
+      })
+    )
+
+    return NextResponse.json({ tables })
+  } catch (error) {
+    logger.error('Error processing BigQuery tables request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve BigQuery tables', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/google_tasks/task-lists/route.ts
+++ b/apps/sim/app/api/tools/google_tasks/task-lists/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('GoogleTasksTaskListsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://tasks.googleapis.com/tasks/v1/users/@me/lists', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Google Tasks task lists', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Google Tasks task lists', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const taskLists = (data.items || []).map((list: { id: string; title: string }) => ({
+      id: list.id,
+      title: list.title,
+    }))
+
+    return NextResponse.json({ taskLists })
+  } catch (error) {
+    logger.error('Error processing Google Tasks task lists request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Google Tasks task lists', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/jsm/selector-requesttypes/route.ts
+++ b/apps/sim/app/api/tools/jsm/selector-requesttypes/route.ts
@@ -0,0 +1,103 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
+
+const logger = createLogger('JsmSelectorRequestTypesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, domain, serviceDeskId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!serviceDeskId) {
+      return NextResponse.json({ error: 'Service Desk ID is required' }, { status: 400 })
+    }
+
+    const serviceDeskIdValidation = validateAlphanumericId(serviceDeskId, 'serviceDeskId')
+    if (!serviceDeskIdValidation.isValid) {
+      return NextResponse.json({ error: serviceDeskIdValidation.error }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const cloudId = await getJiraCloudId(domain, accessToken)
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const baseUrl = getJsmApiBaseUrl(cloudIdValidation.sanitized!)
+    const url = `${baseUrl}/servicedesk/${serviceDeskIdValidation.sanitized}/requesttype?limit=100`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: getJsmHeaders(accessToken),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      logger.error('JSM API error:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: errorText,
+      })
+      return NextResponse.json(
+        { error: `JSM API error: ${response.status} ${response.statusText}` },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const requestTypes = (data.values || []).map((rt: { id: string; name: string }) => ({
+      id: rt.id,
+      name: rt.name,
+    }))
+
+    return NextResponse.json({ requestTypes })
+  } catch (error) {
+    logger.error('Error listing JSM request types:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/jsm/selector-servicedesks/route.ts
+++ b/apps/sim/app/api/tools/jsm/selector-servicedesks/route.ts
@@ -0,0 +1,94 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
+
+const logger = createLogger('JsmSelectorServiceDesksAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId, domain } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const cloudId = await getJiraCloudId(domain, accessToken)
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const baseUrl = getJsmApiBaseUrl(cloudIdValidation.sanitized!)
+    const url = `${baseUrl}/servicedesk?limit=100`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: getJsmHeaders(accessToken),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      logger.error('JSM API error:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: errorText,
+      })
+      return NextResponse.json(
+        { error: `JSM API error: ${response.status} ${response.statusText}` },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const serviceDesks = (data.values || []).map((sd: { id: string; projectName: string }) => ({
+      id: sd.id,
+      name: sd.projectName,
+    }))
+
+    return NextResponse.json({ serviceDesks })
+  } catch (error) {
+    logger.error('Error listing JSM service desks:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/microsoft_planner/plans/route.ts
+++ b/apps/sim/app/api/tools/microsoft_planner/plans/route.ts
@@ -0,0 +1,72 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('MicrosoftPlannerPlansAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error(`[${requestId}] Missing credential in request`)
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error(`[${requestId}] Failed to obtain valid access token`)
+      return NextResponse.json(
+        { error: 'Failed to obtain valid access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://graph.microsoft.com/v1.0/me/planner/plans', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      logger.error(`[${requestId}] Microsoft Graph API error:`, errorText)
+      return NextResponse.json(
+        { error: 'Failed to fetch plans from Microsoft Graph' },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const plans = data.value || []
+
+    const filteredPlans = plans.map((plan: { id: string; title: string }) => ({
+      id: plan.id,
+      title: plan.title,
+    }))
+
+    return NextResponse.json({ plans: filteredPlans })
+  } catch (error) {
+    logger.error(`[${requestId}] Error fetching Microsoft Planner plans:`, error)
+    return NextResponse.json({ error: 'Failed to fetch plans' }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/microsoft_planner/tasks/route.ts
+++ b/apps/sim/app/api/tools/microsoft_planner/tasks/route.ts
@@ -1,38 +1,29 @@
-import { randomUUID } from 'crypto'
-import { db } from '@sim/db'
-import { account } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { validateMicrosoftGraphId } from '@/lib/core/security/input-validation'
-import { refreshAccessTokenIfNeeded, resolveOAuthAccountId } from '@/app/api/auth/oauth/utils'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import type { PlannerTask } from '@/tools/microsoft_planner/types'

 const logger = createLogger('MicrosoftPlannerTasksAPI')

-export async function GET(request: NextRequest) {
-  const requestId = randomUUID().slice(0, 8)
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()

  try {
-    const session = await getSession()
+    const body = await request.json()
+    const { credential, workflowId, planId } = body

-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthenticated request rejected`)
-      return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
-    }
-
-    const { searchParams } = new URL(request.url)
-    const credentialId = searchParams.get('credentialId')
-    const planId = searchParams.get('planId')
-
-    if (!credentialId) {
-      logger.error(`[${requestId}] Missing credentialId parameter`)
-      return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
+    if (!credential) {
+      logger.error(`[${requestId}] Missing credential in request`)
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
    }

    if (!planId) {
-      logger.error(`[${requestId}] Missing planId parameter`)
+      logger.error(`[${requestId}] Missing planId in request`)
      return NextResponse.json({ error: 'Plan ID is required' }, { status: 400 })
    }

@@ -42,52 +33,35 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: planIdValidation.error }, { status: 400 })
    }

-    const resolved = await resolveOAuthAccountId(credentialId)
-    if (!resolved) {
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
    }

-    if (resolved.workspaceId) {
-      const { getUserEntityPermissions } = await import('@/lib/workspaces/permissions/utils')
-      const perm = await getUserEntityPermissions(
-        session.user.id,
-        'workspace',
-        resolved.workspaceId
-      )
-      if (perm === null) {
-        return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
-      }
-    }
-
-    const credentials = await db
-      .select()
-      .from(account)
-      .where(eq(account.id, resolved.accountId))
-      .limit(1)
-
-    if (!credentials.length) {
-      logger.warn(`[${requestId}] Credential not found`, { credentialId })
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
-    }
-
-    const accountRow = credentials[0]
-
    const accessToken = await refreshAccessTokenIfNeeded(
-      resolved.accountId,
-      accountRow.userId,
+      credential,
+      authz.credentialOwnerUserId,
      requestId
    )
-
    if (!accessToken) {
      logger.error(`[${requestId}] Failed to obtain valid access token`)
-      return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
+      return NextResponse.json(
+        { error: 'Failed to obtain valid access token', authRequired: true },
+        { status: 401 }
+      )
    }

-    const response = await fetch(`https://graph.microsoft.com/v1.0/planner/plans/${planId}/tasks`, {
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-      },
-    })
+    const response = await fetch(
+      `https://graph.microsoft.com/v1.0/planner/plans/${planIdValidation.sanitized}/tasks`,
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      }
+    )

    if (!response.ok) {
      const errorText = await response.text()
--- a/apps/sim/app/api/tools/notion/databases/route.ts
+++ b/apps/sim/app/api/tools/notion/databases/route.ts
@@ -0,0 +1,86 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { extractTitleFromItem } from '@/tools/notion/utils'
+
+const logger = createLogger('NotionDatabasesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.notion.com/v1/search', {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+        'Notion-Version': '2022-06-28',
+      },
+      body: JSON.stringify({
+        filter: { value: 'database', property: 'object' },
+        page_size: 100,
+      }),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Notion databases', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Notion databases', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const databases = (data.results || []).map((db: Record<string, unknown>) => ({
+      id: db.id as string,
+      name: extractTitleFromItem(db),
+    }))
+
+    return NextResponse.json({ databases })
+  } catch (error) {
+    logger.error('Error processing Notion databases request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Notion databases', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/notion/pages/route.ts
+++ b/apps/sim/app/api/tools/notion/pages/route.ts
@@ -0,0 +1,86 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { extractTitleFromItem } from '@/tools/notion/utils'
+
+const logger = createLogger('NotionPagesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.notion.com/v1/search', {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+        'Notion-Version': '2022-06-28',
+      },
+      body: JSON.stringify({
+        filter: { value: 'page', property: 'object' },
+        page_size: 100,
+      }),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Notion pages', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Notion pages', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const pages = (data.results || []).map((page: Record<string, unknown>) => ({
+      id: page.id as string,
+      name: extractTitleFromItem(page),
+    }))
+
+    return NextResponse.json({ pages })
+  } catch (error) {
+    logger.error('Error processing Notion pages request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Notion pages', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/pipedrive/pipelines/route.ts
+++ b/apps/sim/app/api/tools/pipedrive/pipelines/route.ts
@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('PipedrivePipelinesAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch('https://api.pipedrive.com/v1/pipelines', {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Pipedrive pipelines', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Pipedrive pipelines', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const pipelines = (data.data || []).map((pipeline: { id: number; name: string }) => ({
+      id: String(pipeline.id),
+      name: pipeline.name,
+    }))
+
+    return NextResponse.json({ pipelines })
+  } catch (error) {
+    logger.error('Error processing Pipedrive pipelines request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Pipedrive pipelines', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/sharepoint/lists/route.ts
+++ b/apps/sim/app/api/tools/sharepoint/lists/route.ts
@@ -0,0 +1,91 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { validateSharePointSiteId } from '@/lib/core/security/input-validation'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('SharePointListsAPI')
+
+interface SharePointList {
+  id: string
+  displayName: string
+  description?: string
+  webUrl?: string
+  list?: {
+    hidden?: boolean
+  }
+}
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+
+  try {
+    const body = await request.json()
+    const { credential, workflowId, siteId } = body
+
+    if (!credential) {
+      logger.error(`[${requestId}] Missing credential in request`)
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const siteIdValidation = validateSharePointSiteId(siteId)
+    if (!siteIdValidation.isValid) {
+      logger.error(`[${requestId}] Invalid siteId: ${siteIdValidation.error}`)
+      return NextResponse.json({ error: siteIdValidation.error }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error(`[${requestId}] Failed to obtain valid access token`)
+      return NextResponse.json(
+        { error: 'Failed to obtain valid access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const url = `https://graph.microsoft.com/v1.0/sites/${siteIdValidation.sanitized}/lists?$select=id,displayName,description,webUrl&$expand=list($select=hidden)&$top=100`
+
+    const response = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({ error: { message: 'Unknown error' } }))
+      return NextResponse.json(
+        { error: errorData.error?.message || 'Failed to fetch lists from SharePoint' },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const lists = (data.value || [])
+      .filter((list: SharePointList) => list.list?.hidden !== true)
+      .map((list: SharePointList) => ({
+        id: list.id,
+        displayName: list.displayName,
+      }))
+
+    logger.info(`[${requestId}] Successfully fetched ${lists.length} SharePoint lists`)
+    return NextResponse.json({ lists }, { status: 200 })
+  } catch (error) {
+    logger.error(`[${requestId}] Error fetching lists from SharePoint`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
--- a/apps/sim/app/api/tools/sharepoint/sites/route.ts
+++ b/apps/sim/app/api/tools/sharepoint/sites/route.ts
@@ -1,79 +1,45 @@
-import { randomUUID } from 'crypto'
-import { db } from '@sim/db'
-import { account } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { validateAlphanumericId } from '@/lib/core/security/input-validation'
-import { refreshAccessTokenIfNeeded, resolveOAuthAccountId } from '@/app/api/auth/oauth/utils'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import type { SharepointSite } from '@/tools/sharepoint/types'

 export const dynamic = 'force-dynamic'

 const logger = createLogger('SharePointSitesAPI')

-/**
- * Get SharePoint sites from Microsoft Graph API
- */
-export async function GET(request: NextRequest) {
-  const requestId = randomUUID().slice(0, 8)
+export async function POST(request: Request) {
+  const requestId = generateRequestId()

  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
+    const body = await request.json()
+    const { credential, workflowId, query } = body
+
+    if (!credential) {
+      logger.error(`[${requestId}] Missing credential in request`)
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
    }

-    const { searchParams } = new URL(request.url)
-    const credentialId = searchParams.get('credentialId')
-    const query = searchParams.get('query') || ''
-
-    if (!credentialId) {
-      return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
    }

-    const credentialIdValidation = validateAlphanumericId(credentialId, 'credentialId', 255)
-    if (!credentialIdValidation.isValid) {
-      logger.warn(`[${requestId}] Invalid credential ID`, { error: credentialIdValidation.error })
-      return NextResponse.json({ error: credentialIdValidation.error }, { status: 400 })
-    }
-
-    const resolved = await resolveOAuthAccountId(credentialId)
-    if (!resolved) {
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
-    }
-
-    if (resolved.workspaceId) {
-      const { getUserEntityPermissions } = await import('@/lib/workspaces/permissions/utils')
-      const perm = await getUserEntityPermissions(
-        session.user.id,
-        'workspace',
-        resolved.workspaceId
-      )
-      if (perm === null) {
-        return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
-      }
-    }
-
-    const credentials = await db
-      .select()
-      .from(account)
-      .where(eq(account.id, resolved.accountId))
-      .limit(1)
-    if (!credentials.length) {
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
-    }
-
-    const accountRow = credentials[0]
-
    const accessToken = await refreshAccessTokenIfNeeded(
-      resolved.accountId,
-      accountRow.userId,
+      credential,
+      authz.credentialOwnerUserId,
      requestId
    )
    if (!accessToken) {
-      return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
+      logger.error(`[${requestId}] Failed to obtain valid access token`)
+      return NextResponse.json(
+        { error: 'Failed to obtain valid access token', authRequired: true },
+        { status: 401 }
+      )
    }

    const searchQuery = query || '*'
--- a/apps/sim/app/api/tools/trello/boards/route.ts
+++ b/apps/sim/app/api/tools/trello/boards/route.ts
@@ -0,0 +1,87 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('TrelloBoardsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const apiKey = process.env.TRELLO_API_KEY
+    if (!apiKey) {
+      logger.error('Trello API key not configured')
+      return NextResponse.json({ error: 'Trello API key not configured' }, { status: 500 })
+    }
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch(
+      `https://api.trello.com/1/members/me/boards?key=${apiKey}&token=${accessToken}&fields=id,name,closed`,
+      {
+        headers: {
+          Accept: 'application/json',
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Trello boards', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Trello boards', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const boards = (data || []).map((board: { id: string; name: string; closed: boolean }) => ({
+      id: board.id,
+      name: board.name,
+      closed: board.closed,
+    }))
+
+    return NextResponse.json({ boards })
+  } catch (error) {
+    logger.error('Error processing Trello boards request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Trello boards', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/tools/zoom/meetings/route.ts
+++ b/apps/sim/app/api/tools/zoom/meetings/route.ts
@@ -0,0 +1,82 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+
+const logger = createLogger('ZoomMeetingsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(request: Request) {
+  const requestId = generateRequestId()
+  try {
+    const body = await request.json()
+    const { credential, workflowId } = body
+
+    if (!credential) {
+      logger.error('Missing credential in request')
+      return NextResponse.json({ error: 'Credential is required' }, { status: 400 })
+    }
+
+    const authz = await authorizeCredentialUse(request as any, {
+      credentialId: credential,
+      workflowId,
+    })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
+    }
+
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credential,
+      authz.credentialOwnerUserId,
+      requestId
+    )
+    if (!accessToken) {
+      logger.error('Failed to get access token', {
+        credentialId: credential,
+        userId: authz.credentialOwnerUserId,
+      })
+      return NextResponse.json(
+        { error: 'Could not retrieve access token', authRequired: true },
+        { status: 401 }
+      )
+    }
+
+    const response = await fetch(
+      'https://api.zoom.us/v2/users/me/meetings?page_size=300&type=scheduled',
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      logger.error('Failed to fetch Zoom meetings', {
+        status: response.status,
+        error: errorData,
+      })
+      return NextResponse.json(
+        { error: 'Failed to fetch Zoom meetings', details: errorData },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    const meetings = (data.meetings || []).map((meeting: { id: number; topic: string }) => ({
+      id: String(meeting.id),
+      name: meeting.topic,
+    }))
+
+    return NextResponse.json({ meetings })
+  } catch (error) {
+    logger.error('Error processing Zoom meetings request:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve Zoom meetings', details: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}
--- a/apps/sim/app/api/wand/route.ts
+++ b/apps/sim/app/api/wand/route.ts
@@ -10,7 +10,6 @@ import { checkAndBillOverageThreshold } from '@/lib/billing/threshold-billing'
 import { env } from '@/lib/core/config/env'
 import { getCostMultiplier, isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { generateRequestId } from '@/lib/core/utils/request'
-import { decrementSSEConnections, incrementSSEConnections } from '@/lib/monitoring/sse-connections'
 import { enrichTableSchema } from '@/lib/table/llm/wand'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
 import { extractResponseText, parseResponsesUsage } from '@/providers/openai/utils'
@@ -331,14 +330,10 @@ export async function POST(req: NextRequest) {
        const encoder = new TextEncoder()
        const decoder = new TextDecoder()

-        let wandStreamClosed = false
        const readable = new ReadableStream({
          async start(controller) {
-            incrementSSEConnections('wand')
            const reader = response.body?.getReader()
            if (!reader) {
-              wandStreamClosed = true
-              decrementSSEConnections('wand')
              controller.close()
              return
            }
@@ -483,18 +478,9 @@ export async function POST(req: NextRequest) {
              controller.close()
            } finally {
              reader.releaseLock()
-              if (!wandStreamClosed) {
-                wandStreamClosed = true
-                decrementSSEConnections('wand')
-              }
-            }
-          },
-          cancel() {
-            if (!wandStreamClosed) {
-              wandStreamClosed = true
-              decrementSSEConnections('wand')
            }
          },
+          cancel() {},
        })

        return new Response(readable, {
--- a/apps/sim/app/api/workflows/[id]/execute/route.ts
+++ b/apps/sim/app/api/workflows/[id]/execute/route.ts
@@ -22,7 +22,6 @@ import { createExecutionEventWriter, setExecutionMeta } from '@/lib/execution/ev
 import { processInputFileFields } from '@/lib/execution/files'
 import { preprocessExecution } from '@/lib/execution/preprocessing'
 import { LoggingSession } from '@/lib/logs/execution/logging-session'
-import { decrementSSEConnections, incrementSSEConnections } from '@/lib/monitoring/sse-connections'
 import {
  cleanupExecutionBase64Cache,
  hydrateUserFilesWithBase64,
@@ -764,7 +763,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
    const encoder = new TextEncoder()
    const timeoutController = createTimeoutAbortController(preprocessResult.executionTimeout?.sync)
    let isStreamClosed = false
-    let sseDecremented = false

    const eventWriter = createExecutionEventWriter(executionId)
    setExecutionMeta(executionId, {
@@ -775,7 +773,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:

    const stream = new ReadableStream<Uint8Array>({
      async start(controller) {
-        incrementSSEConnections('workflow-execute')
        let finalMetaStatus: 'complete' | 'error' | 'cancelled' | null = null

        const sendEvent = (event: ExecutionEvent) => {
@@ -1159,10 +1156,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
          if (executionId) {
            await cleanupExecutionBase64Cache(executionId)
          }
-          if (!sseDecremented) {
-            sseDecremented = true
-            decrementSSEConnections('workflow-execute')
-          }
          if (!isStreamClosed) {
            try {
              controller.enqueue(encoder.encode('data: [DONE]\n\n'))
@@ -1174,10 +1167,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
      cancel() {
        isStreamClosed = true
        logger.info(`[${requestId}] Client disconnected from SSE stream`)
-        if (!sseDecremented) {
-          sseDecremented = true
-          decrementSSEConnections('workflow-execute')
-        }
      },
    })

--- a/apps/sim/app/api/workflows/[id]/executions/[executionId]/stream/route.ts
+++ b/apps/sim/app/api/workflows/[id]/executions/[executionId]/stream/route.ts
@@ -7,7 +7,6 @@ import {
  getExecutionMeta,
  readExecutionEvents,
 } from '@/lib/execution/event-buffer'
-import { decrementSSEConnections, incrementSSEConnections } from '@/lib/monitoring/sse-connections'
 import { formatSSEEvent } from '@/lib/workflows/executor/execution-events'
 import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'

@@ -74,10 +73,8 @@ export async function GET(

    let closed = false

-    let sseDecremented = false
    const stream = new ReadableStream<Uint8Array>({
      async start(controller) {
-        incrementSSEConnections('execution-stream-reconnect')
        let lastEventId = fromEventId
        const pollDeadline = Date.now() + MAX_POLL_DURATION_MS

@@ -145,20 +142,11 @@ export async function GET(
              controller.close()
            } catch {}
          }
-        } finally {
-          if (!sseDecremented) {
-            sseDecremented = true
-            decrementSSEConnections('execution-stream-reconnect')
-          }
        }
      },
      cancel() {
        closed = true
        logger.info('Client disconnected from reconnection stream', { executionId })
-        if (!sseDecremented) {
-          sseDecremented = true
-          decrementSSEConnections('execution-stream-reconnect')
-        }
      },
    })

--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
@@ -15,6 +15,7 @@ import {
 import { client } from '@/lib/auth/auth-client'
 import {
  getProviderIdFromServiceId,
+  getScopeDescription,
  OAUTH_PROVIDERS,
  type OAuthProvider,
  parseProvider,
@@ -33,318 +34,6 @@ export interface OAuthRequiredModalProps {
  onConnect?: () => Promise<void> | void
 }

-const SCOPE_DESCRIPTIONS: Record<string, string> = {
-  'https://www.googleapis.com/auth/gmail.send': 'Send emails',
-  'https://www.googleapis.com/auth/gmail.labels': 'View and manage email labels',
-  'https://www.googleapis.com/auth/gmail.modify': 'View and manage email messages',
-  'https://www.googleapis.com/auth/drive.file': 'View and manage Google Drive files',
-  'https://www.googleapis.com/auth/drive': 'Access all Google Drive files',
-  'https://www.googleapis.com/auth/calendar': 'View and manage calendar',
-  'https://www.googleapis.com/auth/contacts': 'View and manage Google Contacts',
-  'https://www.googleapis.com/auth/tasks': 'Create, read, update, and delete Google Tasks',
-  'https://www.googleapis.com/auth/userinfo.email': 'View email address',
-  'https://www.googleapis.com/auth/userinfo.profile': 'View basic profile info',
-  'https://www.googleapis.com/auth/forms.body': 'View and manage Google Forms',
-  'https://www.googleapis.com/auth/forms.responses.readonly': 'View responses to Google Forms',
-  'https://www.googleapis.com/auth/bigquery': 'View and manage data in Google BigQuery',
-  'https://www.googleapis.com/auth/ediscovery': 'Access Google Vault for eDiscovery',
-  'https://www.googleapis.com/auth/devstorage.read_only': 'Read files from Google Cloud Storage',
-  'https://www.googleapis.com/auth/admin.directory.group': 'Manage Google Workspace groups',
-  'https://www.googleapis.com/auth/admin.directory.group.member':
-    'Manage Google Workspace group memberships',
-  'https://www.googleapis.com/auth/admin.directory.group.readonly': 'View Google Workspace groups',
-  'https://www.googleapis.com/auth/admin.directory.group.member.readonly':
-    'View Google Workspace group memberships',
-  'https://www.googleapis.com/auth/meetings.space.created':
-    'Create and manage Google Meet meeting spaces',
-  'https://www.googleapis.com/auth/meetings.space.readonly':
-    'View Google Meet meeting space details',
-  'https://www.googleapis.com/auth/cloud-platform':
-    'Full access to Google Cloud resources for Vertex AI',
-  'read:confluence-content.all': 'Read all Confluence content',
-  'read:confluence-space.summary': 'Read Confluence space information',
-  'read:space:confluence': 'View Confluence spaces',
-  'read:space-details:confluence': 'View detailed Confluence space information',
-  'write:confluence-content': 'Create and edit Confluence pages',
-  'write:confluence-space': 'Manage Confluence spaces',
-  'write:confluence-file': 'Upload files to Confluence',
-  'read:content:confluence': 'Read Confluence content',
-  'read:page:confluence': 'View Confluence pages',
-  'write:page:confluence': 'Create and update Confluence pages',
-  'read:comment:confluence': 'View comments on Confluence pages',
-  'write:comment:confluence': 'Create and update comments',
-  'delete:comment:confluence': 'Delete comments from Confluence pages',
-  'read:attachment:confluence': 'View attachments on Confluence pages',
-  'write:attachment:confluence': 'Upload and manage attachments',
-  'delete:attachment:confluence': 'Delete attachments from Confluence pages',
-  'delete:page:confluence': 'Delete Confluence pages',
-  'read:label:confluence': 'View labels on Confluence content',
-  'write:label:confluence': 'Add and remove labels',
-  'search:confluence': 'Search Confluence content',
-  'readonly:content.attachment:confluence': 'View attachments',
-  'read:blogpost:confluence': 'View Confluence blog posts',
-  'write:blogpost:confluence': 'Create and update Confluence blog posts',
-  'read:content.property:confluence': 'View properties on Confluence content',
-  'write:content.property:confluence': 'Create and manage content properties',
-  'read:hierarchical-content:confluence': 'View page hierarchy (children and ancestors)',
-  'read:content.metadata:confluence': 'View content metadata (required for ancestors)',
-  'read:user:confluence': 'View Confluence user profiles',
-  'read:task:confluence': 'View Confluence inline tasks',
-  'write:task:confluence': 'Update Confluence inline tasks',
-  'delete:blogpost:confluence': 'Delete Confluence blog posts',
-  'write:space:confluence': 'Create and update Confluence spaces',
-  'delete:space:confluence': 'Delete Confluence spaces',
-  'read:space.property:confluence': 'View Confluence space properties',
-  'write:space.property:confluence': 'Create and manage space properties',
-  'read:space.permission:confluence': 'View Confluence space permissions',
-  'read:me': 'Read profile information',
-  'database.read': 'Read database',
-  'database.write': 'Write to database',
-  'projects.read': 'Read projects',
-  offline_access: 'Access account when not using the application',
-  repo: 'Access repositories',
-  workflow: 'Manage repository workflows',
-  'read:user': 'Read public user information',
-  'user:email': 'Access email address',
-  'tweet.read': 'Read tweets and timeline',
-  'tweet.write': 'Post and delete tweets',
-  'tweet.moderate.write': 'Hide and unhide replies to tweets',
-  'users.read': 'Read user profiles and account information',
-  'follows.read': 'View followers and following lists',
-  'follows.write': 'Follow and unfollow users',
-  'bookmark.read': 'View bookmarked tweets',
-  'bookmark.write': 'Add and remove bookmarks',
-  'like.read': 'View liked tweets and liking users',
-  'like.write': 'Like and unlike tweets',
-  'block.read': 'View blocked users',
-  'block.write': 'Block and unblock users',
-  'mute.read': 'View muted users',
-  'mute.write': 'Mute and unmute users',
-  'offline.access': 'Access account when not using the application',
-  'data.records:read': 'Read records',
-  'data.records:write': 'Write to records',
-  'schema.bases:read': 'View bases and tables',
-  'webhook:manage': 'Manage webhooks',
-  'page.read': 'Read Notion pages',
-  'page.write': 'Write to Notion pages',
-  'workspace.content': 'Read Notion content',
-  'workspace.name': 'Read Notion workspace name',
-  'workspace.read': 'Read Notion workspace',
-  'workspace.write': 'Write to Notion workspace',
-  'user.email:read': 'Read email address',
-  'read:jira-user': 'Read Jira user',
-  'read:jira-work': 'Read Jira work',
-  'write:jira-work': 'Write to Jira work',
-  'manage:jira-webhook': 'Register and manage Jira webhooks',
-  'read:webhook:jira': 'View Jira webhooks',
-  'write:webhook:jira': 'Create and update Jira webhooks',
-  'delete:webhook:jira': 'Delete Jira webhooks',
-  'read:issue-event:jira': 'Read Jira issue events',
-  'write:issue:jira': 'Write to Jira issues',
-  'read:project:jira': 'Read Jira projects',
-  'read:issue-type:jira': 'Read Jira issue types',
-  'read:issue-meta:jira': 'Read Jira issue meta',
-  'read:issue-security-level:jira': 'Read Jira issue security level',
-  'read:issue.vote:jira': 'Read Jira issue votes',
-  'read:issue.changelog:jira': 'Read Jira issue changelog',
-  'read:avatar:jira': 'Read Jira avatar',
-  'read:issue:jira': 'Read Jira issues',
-  'read:status:jira': 'Read Jira status',
-  'read:user:jira': 'Read Jira user',
-  'read:field-configuration:jira': 'Read Jira field configuration',
-  'read:issue-details:jira': 'Read Jira issue details',
-  'read:field:jira': 'Read Jira field configurations',
-  'read:jql:jira': 'Use JQL to filter Jira issues',
-  'read:comment.property:jira': 'Read Jira comment properties',
-  'read:issue.property:jira': 'Read Jira issue properties',
-  'delete:issue:jira': 'Delete Jira issues',
-  'write:comment:jira': 'Add and update comments on Jira issues',
-  'read:comment:jira': 'Read comments on Jira issues',
-  'delete:comment:jira': 'Delete comments from Jira issues',
-  'read:attachment:jira': 'Read attachments from Jira issues',
-  'delete:attachment:jira': 'Delete attachments from Jira issues',
-  'write:issue-worklog:jira': 'Add and update worklog entries on Jira issues',
-  'read:issue-worklog:jira': 'Read worklog entries from Jira issues',
-  'delete:issue-worklog:jira': 'Delete worklog entries from Jira issues',
-  'write:issue-link:jira': 'Create links between Jira issues',
-  'delete:issue-link:jira': 'Delete links between Jira issues',
-  'User.Read': 'Read Microsoft user',
-  'Chat.Read': 'Read Microsoft chats',
-  'Chat.ReadWrite': 'Write to Microsoft chats',
-  'Chat.ReadBasic': 'Read Microsoft chats',
-  'ChatMessage.Send': 'Send chat messages',
-  'Channel.ReadBasic.All': 'Read Microsoft channels',
-  'ChannelMessage.Send': 'Write to Microsoft channels',
-  'ChannelMessage.Read.All': 'Read Microsoft channels',
-  'ChannelMessage.ReadWrite': 'Read and write to Microsoft channels',
-  'ChannelMember.Read.All': 'Read team channel members',
-  'Group.Read.All': 'Read Microsoft groups',
-  'Group.ReadWrite.All': 'Write to Microsoft groups',
-  'Team.ReadBasic.All': 'Read Microsoft teams',
-  'TeamMember.Read.All': 'Read team members',
-  'Mail.ReadWrite': 'Write to Microsoft emails',
-  'Mail.ReadBasic': 'Read Microsoft emails',
-  'Mail.Read': 'Read Microsoft emails',
-  'Mail.Send': 'Send emails',
-  'Files.Read': 'Read OneDrive files',
-  'Files.ReadWrite': 'Read and write OneDrive files',
-  'Tasks.ReadWrite': 'Read and manage Planner tasks',
-  'Sites.Read.All': 'Read Sharepoint sites',
-  'Sites.ReadWrite.All': 'Read and write Sharepoint sites',
-  'Sites.Manage.All': 'Manage Sharepoint sites',
-  openid: 'Standard authentication',
-  profile: 'Access profile information',
-  email: 'Access email address',
-  identify: 'Read Discord user',
-  bot: 'Read Discord bot',
-  'messages.read': 'Read Discord messages',
-  guilds: 'Read Discord guilds',
-  'guilds.members.read': 'Read Discord guild members',
-  identity: 'Access Reddit identity',
-  submit: 'Submit posts and comments',
-  vote: 'Vote on posts and comments',
-  save: 'Save and unsave posts and comments',
-  edit: 'Edit posts and comments',
-  subscribe: 'Subscribe and unsubscribe from subreddits',
-  history: 'Access Reddit history',
-  privatemessages: 'Access inbox and send private messages',
-  account: 'Update account preferences and settings',
-  mysubreddits: 'Access subscribed and moderated subreddits',
-  flair: 'Manage user and post flair',
-  report: 'Report posts and comments for rule violations',
-  modposts: 'Approve, remove, and moderate posts in moderated subreddits',
-  modflair: 'Manage flair in moderated subreddits',
-  modmail: 'Access and respond to moderator mail',
-  login: 'Access Wealthbox account',
-  data: 'Access Wealthbox data',
-  read: 'Read access to workspace',
-  write: 'Write access to Linear workspace',
-  'channels:read': 'View public channels',
-  'channels:history': 'Read channel messages',
-  'groups:read': 'View private channels',
-  'groups:history': 'Read private messages',
-  'chat:write': 'Send messages',
-  'chat:write.public': 'Post to public channels',
-  'im:write': 'Send direct messages',
-  'im:history': 'Read direct message history',
-  'im:read': 'View direct message channels',
-  'users:read': 'View workspace users',
-  'files:write': 'Upload files',
-  'files:read': 'Download and read files',
-  'canvases:write': 'Create canvas documents',
-  'reactions:write': 'Add emoji reactions to messages',
-  'sites:read': 'View Webflow sites',
-  'sites:write': 'Manage webhooks and site settings',
-  'cms:read': 'View CMS content',
-  'cms:write': 'Manage CMS content',
-  'crm.objects.contacts.read': 'Read HubSpot contacts',
-  'crm.objects.contacts.write': 'Create and update HubSpot contacts',
-  'crm.objects.companies.read': 'Read HubSpot companies',
-  'crm.objects.companies.write': 'Create and update HubSpot companies',
-  'crm.objects.deals.read': 'Read HubSpot deals',
-  'crm.objects.deals.write': 'Create and update HubSpot deals',
-  'crm.objects.owners.read': 'Read HubSpot object owners',
-  'crm.objects.users.read': 'Read HubSpot users',
-  'crm.objects.users.write': 'Create and update HubSpot users',
-  'crm.objects.marketing_events.read': 'Read HubSpot marketing events',
-  'crm.objects.marketing_events.write': 'Create and update HubSpot marketing events',
-  'crm.objects.line_items.read': 'Read HubSpot line items',
-  'crm.objects.line_items.write': 'Create and update HubSpot line items',
-  'crm.objects.quotes.read': 'Read HubSpot quotes',
-  'crm.objects.quotes.write': 'Create and update HubSpot quotes',
-  'crm.objects.appointments.read': 'Read HubSpot appointments',
-  'crm.objects.appointments.write': 'Create and update HubSpot appointments',
-  'crm.objects.carts.read': 'Read HubSpot shopping carts',
-  'crm.objects.carts.write': 'Create and update HubSpot shopping carts',
-  'crm.import': 'Import data into HubSpot',
-  'crm.lists.read': 'Read HubSpot lists',
-  'crm.lists.write': 'Create and update HubSpot lists',
-  tickets: 'Manage HubSpot tickets',
-  api: 'Access Salesforce API',
-  refresh_token: 'Maintain long-term access to Salesforce account',
-  default: 'Access Asana workspace',
-  base: 'Basic access to Pipedrive account',
-  'deals:read': 'Read Pipedrive deals',
-  'deals:full': 'Full access to manage Pipedrive deals',
-  'contacts:read': 'Read Pipedrive contacts',
-  'contacts:full': 'Full access to manage Pipedrive contacts',
-  'leads:read': 'Read Pipedrive leads',
-  'leads:full': 'Full access to manage Pipedrive leads',
-  'activities:read': 'Read Pipedrive activities',
-  'activities:full': 'Full access to manage Pipedrive activities',
-  'mail:read': 'Read Pipedrive emails',
-  'mail:full': 'Full access to manage Pipedrive emails',
-  'projects:read': 'Read Pipedrive projects',
-  'projects:full': 'Full access to manage Pipedrive projects',
-  'webhooks:read': 'Read Pipedrive webhooks',
-  'webhooks:full': 'Full access to manage Pipedrive webhooks',
-  w_member_social: 'Access LinkedIn profile',
-  // Box scopes
-  root_readwrite: 'Read and write all files and folders in Box account',
-  root_readonly: 'Read all files and folders in Box account',
-  // Shopify scopes (write_* implicitly includes read access)
-  write_products: 'Read and manage Shopify products',
-  write_orders: 'Read and manage Shopify orders',
-  write_customers: 'Read and manage Shopify customers',
-  write_inventory: 'Read and manage Shopify inventory levels',
-  read_locations: 'View store locations',
-  write_merchant_managed_fulfillment_orders: 'Create fulfillments for orders',
-  // Zoom scopes
-  'user:read:user': 'View Zoom profile information',
-  'meeting:write:meeting': 'Create Zoom meetings',
-  'meeting:read:meeting': 'View Zoom meeting details',
-  'meeting:read:list_meetings': 'List Zoom meetings',
-  'meeting:update:meeting': 'Update Zoom meetings',
-  'meeting:delete:meeting': 'Delete Zoom meetings',
-  'meeting:read:invitation': 'View Zoom meeting invitations',
-  'meeting:read:list_past_participants': 'View past meeting participants',
-  'cloud_recording:read:list_user_recordings': 'List Zoom cloud recordings',
-  'cloud_recording:read:list_recording_files': 'View recording files',
-  'cloud_recording:delete:recording_file': 'Delete cloud recordings',
-  // Dropbox scopes
-  'account_info.read': 'View Dropbox account information',
-  'files.metadata.read': 'View file and folder names, sizes, and dates',
-  'files.metadata.write': 'Modify file and folder metadata',
-  'files.content.read': 'Download and read Dropbox files',
-  'files.content.write': 'Upload, copy, move, and delete files in Dropbox',
-  'sharing.read': 'View shared files and folders',
-  'sharing.write': 'Share files and folders with others',
-  // WordPress.com scopes
-  global: 'Full access to manage WordPress.com sites, posts, pages, media, and settings',
-  // Spotify scopes
-  'user-read-private': 'View Spotify account details',
-  'user-read-email': 'View email address on Spotify',
-  'user-library-read': 'View saved tracks and albums',
-  'user-library-modify': 'Save and remove tracks and albums from library',
-  'playlist-read-private': 'View private playlists',
-  'playlist-read-collaborative': 'View collaborative playlists',
-  'playlist-modify-public': 'Create and manage public playlists',
-  'playlist-modify-private': 'Create and manage private playlists',
-  'user-read-playback-state': 'View current playback state',
-  'user-modify-playback-state': 'Control playback on Spotify devices',
-  'user-read-currently-playing': 'View currently playing track',
-  'user-read-recently-played': 'View recently played tracks',
-  'user-top-read': 'View top artists and tracks',
-  'user-follow-read': 'View followed artists and users',
-  'user-follow-modify': 'Follow and unfollow artists and users',
-  'user-read-playback-position': 'View playback position in podcasts',
-  'ugc-image-upload': 'Upload images to Spotify playlists',
-  // Attio
-  'record_permission:read-write': 'Read and write CRM records',
-  'object_configuration:read-write': 'Read and manage object schemas',
-  'list_configuration:read-write': 'Read and manage list configurations',
-  'list_entry:read-write': 'Read and write list entries',
-  'note:read-write': 'Read and write notes',
-  'task:read-write': 'Read and write tasks',
-  'comment:read-write': 'Read and write comments and threads',
-  'user_management:read': 'View workspace members',
-  'webhook:read-write': 'Manage webhooks',
-}
-
-function getScopeDescription(scope: string): string {
-  return SCOPE_DESCRIPTIONS[scope] || scope
-}
-
 export function OAuthRequiredModal({
  isOpen,
  onClose,
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
@@ -15,6 +15,7 @@ import {
  type OAuthProvider,
  parseProvider,
 } from '@/lib/oauth'
+import { getMissingRequiredScopes } from '@/lib/oauth/utils'
 import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal'
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
@@ -25,7 +26,6 @@ import { useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
 import { useOrganizations } from '@/hooks/queries/organization'
 import { useSubscriptionData } from '@/hooks/queries/subscription'
 import { useCredentialRefreshTriggers } from '@/hooks/use-credential-refresh-triggers'
-import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'

 const isBillingEnabled = isTruthy(getEnv('NEXT_PUBLIC_BILLING_ENABLED'))
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tools/credential-selector.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tools/credential-selector.tsx
@@ -12,10 +12,10 @@ import {
  type OAuthService,
  parseProvider,
 } from '@/lib/oauth'
+import { getMissingRequiredScopes } from '@/lib/oauth/utils'
 import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal'
 import { useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
 import { useCredentialRefreshTriggers } from '@/hooks/use-credential-refresh-triggers'
-import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'

 const getProviderIcon = (providerName: OAuthProvider) => {
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx
@@ -1969,9 +1969,8 @@ export const ToolInput = memo(function ToolInput({
                    }

                    if (useSubBlocks && displaySubBlocks.length > 0) {
-                      const allBlockSubBlocks = toolBlock?.subBlocks || []
                      const coveredParamIds = new Set(
-                        allBlockSubBlocks.flatMap((sb) => {
+                        displaySubBlocks.flatMap((sb) => {
                          const ids = [sb.id]
                          if (sb.canonicalParamId) ids.push(sb.canonicalParamId)
                          const cId = toolCanonicalIndex?.canonicalIdBySubBlockId[sb.id]
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-selector-setup.ts
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-selector-setup.ts
@@ -2,8 +2,11 @@

 import { useMemo } from 'react'
 import { useParams } from 'next/navigation'
+import { SELECTOR_CONTEXT_FIELDS } from '@/lib/workflows/subblocks/context'
 import type { SubBlockConfig } from '@/blocks/types'
+import { extractEnvVarName, isEnvVarReference, isReference } from '@/executor/constants'
 import type { SelectorContext, SelectorKey } from '@/hooks/selectors/types'
+import { useEnvironmentStore } from '@/stores/settings/environment'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 import { useDependsOnGate } from './use-depends-on-gate'

@@ -12,8 +15,7 @@ import { useDependsOnGate } from './use-depends-on-gate'
 *
 * Builds a `SelectorContext` by mapping each `dependsOn` entry through the
 * canonical index to its `canonicalParamId`, which maps directly to
- * `SelectorContext` field names (e.g. `siteId`, `teamId`, `collectionId`).
- * The one special case is `oauthCredential` which maps to `credentialId`.
+ * `SelectorContext` field names (e.g. `siteId`, `teamId`, `oauthCredential`).
 *
 * @param blockId - The block containing the selector sub-block
 * @param subBlock - The sub-block config (must have `selectorKey` set)
@@ -29,53 +31,58 @@ export function useSelectorSetup(
  const activeWorkflowId = useWorkflowRegistry((s) => s.activeWorkflowId)
  const workflowId = (params?.workflowId as string) || activeWorkflowId || ''

+  const envVariables = useEnvironmentStore((s) => s.variables)
+
  const { finalDisabled, dependencyValues, canonicalIndex } = useDependsOnGate(
    blockId,
    subBlock,
    opts
  )

+  const resolvedDependencyValues = useMemo(() => {
+    const resolved: Record<string, unknown> = {}
+    for (const [key, value] of Object.entries(dependencyValues)) {
+      if (value === null || value === undefined) {
+        resolved[key] = value
+        continue
+      }
+      const str = String(value)
+      if (isEnvVarReference(str)) {
+        const varName = extractEnvVarName(str)
+        resolved[key] = envVariables[varName]?.value || undefined
+      } else {
+        resolved[key] = value
+      }
+    }
+    return resolved
+  }, [dependencyValues, envVariables])
+
  const selectorContext = useMemo<SelectorContext>(() => {
    const context: SelectorContext = {
      workflowId,
      mimeType: subBlock.mimeType,
    }

-    for (const [depKey, value] of Object.entries(dependencyValues)) {
+    for (const [depKey, value] of Object.entries(resolvedDependencyValues)) {
      if (value === null || value === undefined) continue
      const strValue = String(value)
      if (!strValue) continue
+      if (isReference(strValue)) continue

      const canonicalParamId = canonicalIndex.canonicalIdBySubBlockId[depKey] ?? depKey
-
-      if (canonicalParamId === 'oauthCredential') {
-        context.credentialId = strValue
-      } else if (canonicalParamId in CONTEXT_FIELD_SET) {
-        ;(context as Record<string, unknown>)[canonicalParamId] = strValue
+      if (SELECTOR_CONTEXT_FIELDS.has(canonicalParamId as keyof SelectorContext)) {
+        context[canonicalParamId as keyof SelectorContext] = strValue
      }
    }

    return context
-  }, [dependencyValues, canonicalIndex, workflowId, subBlock.mimeType])
+  }, [resolvedDependencyValues, canonicalIndex, workflowId, subBlock.mimeType])

  return {
    selectorKey: (subBlock.selectorKey ?? null) as SelectorKey | null,
    selectorContext,
    allowSearch: subBlock.selectorAllowSearch ?? true,
    disabled: finalDisabled || !subBlock.selectorKey,
-    dependencyValues,
+    dependencyValues: resolvedDependencyValues,
  }
 }
-
-const CONTEXT_FIELD_SET: Record<string, true> = {
-  credentialId: true,
-  domain: true,
-  teamId: true,
-  projectId: true,
-  knowledgeBaseId: true,
-  planId: true,
-  siteId: true,
-  collectionId: true,
-  spreadsheetId: true,
-  fileId: true,
-}
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx
@@ -57,9 +57,9 @@ import { useWebhookManagement } from '@/hooks/use-webhook-management'
 const SLACK_OVERRIDES: SelectorOverrides = {
  transformContext: (context, deps) => {
    const authMethod = deps.authMethod as string
-    const credentialId =
+    const oauthCredential =
      authMethod === 'bot_token' ? String(deps.botToken ?? '') : String(deps.credential ?? '')
-    return { ...context, credentialId }
+    return { ...context, oauthCredential }
  },
 }

--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx
@@ -549,21 +549,48 @@ const SubBlockRow = memo(function SubBlockRow({
    return typeof option === 'string' ? option : option.label
  }, [subBlock, rawValue])

-  const domainValue = getStringValue('domain')
-  const teamIdValue = getStringValue('teamId')
-  const projectIdValue = getStringValue('projectId')
-  const planIdValue = getStringValue('planId')
+  const resolveContextValue = useCallback(
+    (key: string): string | undefined => {
+      const resolved = resolveDependencyValue(
+        key,
+        rawValues,
+        canonicalIndex || buildCanonicalIndex([]),
+        canonicalModeOverrides
+      )
+      return typeof resolved === 'string' && resolved.length > 0 ? resolved : undefined
+    },
+    [rawValues, canonicalIndex, canonicalModeOverrides]
+  )
+
+  const domainValue = resolveContextValue('domain')
+  const teamIdValue = resolveContextValue('teamId')
+  const projectIdValue = resolveContextValue('projectId')
+  const planIdValue = resolveContextValue('planId')
+  const baseIdValue = resolveContextValue('baseId')
+  const datasetIdValue = resolveContextValue('datasetId')
+  const serviceDeskIdValue = resolveContextValue('serviceDeskId')
+  const siteIdValue = resolveContextValue('siteId')
+  const collectionIdValue = resolveContextValue('collectionId')
+  const spreadsheetIdValue = resolveContextValue('spreadsheetId')
+  const fileIdValue = resolveContextValue('fileId')

  const { displayName: selectorDisplayName } = useSelectorDisplayName({
    subBlock,
    value: rawValue,
    workflowId,
-    credentialId: typeof credentialId === 'string' ? credentialId : undefined,
+    oauthCredential: typeof credentialId === 'string' ? credentialId : undefined,
    knowledgeBaseId: typeof knowledgeBaseId === 'string' ? knowledgeBaseId : undefined,
    domain: domainValue,
    teamId: teamIdValue,
    projectId: projectIdValue,
    planId: planIdValue,
+    baseId: baseIdValue,
+    datasetId: datasetIdValue,
+    serviceDeskId: serviceDeskIdValue,
+    siteId: siteIdValue,
+    collectionId: collectionIdValue,
+    spreadsheetId: spreadsheetIdValue,
+    fileId: fileIdValue,
  })

  const { knowledgeBase: kbForDisplayName } = useKnowledgeBase(
--- a/apps/sim/blocks/blocks.test.ts
+++ b/apps/sim/blocks/blocks.test.ts
@@ -667,15 +667,18 @@ describe.concurrent('Blocks Module', () => {
      const errors: string[] = []

      for (const block of blocks) {
-        const allSubBlockIds = new Set(block.subBlocks.map((sb) => sb.id))
+        // Exclude trigger-mode subBlocks — they operate in a separate rendering context
+        // and their IDs don't participate in canonical param resolution
+        const nonTriggerSubBlocks = block.subBlocks.filter((sb) => sb.mode !== 'trigger')
+        const allSubBlockIds = new Set(nonTriggerSubBlocks.map((sb) => sb.id))
        const canonicalParamIds = new Set(
-          block.subBlocks.filter((sb) => sb.canonicalParamId).map((sb) => sb.canonicalParamId)
+          nonTriggerSubBlocks.filter((sb) => sb.canonicalParamId).map((sb) => sb.canonicalParamId)
        )

        for (const canonicalId of canonicalParamIds) {
          if (allSubBlockIds.has(canonicalId!)) {
            // Check if the matching subBlock also has a canonicalParamId pointing to itself
-            const matchingSubBlock = block.subBlocks.find(
+            const matchingSubBlock = nonTriggerSubBlocks.find(
              (sb) => sb.id === canonicalId && !sb.canonicalParamId
            )
            if (matchingSubBlock) {
@@ -857,6 +860,10 @@ describe.concurrent('Blocks Module', () => {
            if (typeof subBlock.condition === 'function') {
              continue
            }
+            // Skip trigger-mode subBlocks — they operate in a separate rendering context
+            if (subBlock.mode === 'trigger') {
+              continue
+            }
            const conditionKey = serializeCondition(subBlock.condition)
            if (!canonicalByCondition.has(subBlock.canonicalParamId)) {
              canonicalByCondition.set(subBlock.canonicalParamId, new Set())
--- a/apps/sim/blocks/blocks/agent.ts
+++ b/apps/sim/blocks/blocks/agent.ts
@@ -1,5 +1,6 @@
 import { createLogger } from '@sim/logger'
 import { AgentIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { getApiKeyCondition, getModelOptions } from '@/blocks/utils'
@@ -128,7 +129,7 @@ Return ONLY the JSON array.`,
      serviceId: 'vertex-ai',
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
-      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
+      requiredScopes: getScopesForService('vertex-ai'),
      placeholder: 'Select Google Cloud account',
      required: true,
      condition: {
--- a/apps/sim/blocks/blocks/airtable.ts
+++ b/apps/sim/blocks/blocks/airtable.ts
@@ -1,4 +1,5 @@
 import { AirtableIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { AirtableResponse } from '@/tools/airtable/types'
@@ -38,13 +39,7 @@ export const AirtableBlock: BlockConfig<AirtableResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'airtable',
-      requiredScopes: [
-        'data.records:read',
-        'data.records:write',
-        'schema.bases:read',
-        'user.email:read',
-        'webhook:manage',
-      ],
+      requiredScopes: getScopesForService('airtable'),
      placeholder: 'Select Airtable account',
      required: true,
    },
@@ -57,21 +52,51 @@ export const AirtableBlock: BlockConfig<AirtableResponse> = {
      placeholder: 'Enter credential ID',
      required: true,
    },
+    {
+      id: 'baseSelector',
+      title: 'Base',
+      type: 'project-selector',
+      canonicalParamId: 'baseId',
+      serviceId: 'airtable',
+      selectorKey: 'airtable.bases',
+      selectorAllowSearch: false,
+      placeholder: 'Select Airtable base',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: { field: 'operation', value: 'listBases', not: true },
+      required: { field: 'operation', value: 'listBases', not: true },
+    },
    {
      id: 'baseId',
      title: 'Base ID',
      type: 'short-input',
+      canonicalParamId: 'baseId',
      placeholder: 'Enter your base ID (e.g., appXXXXXXXXXXXXXX)',
-      dependsOn: ['credential'],
+      mode: 'advanced',
      condition: { field: 'operation', value: 'listBases', not: true },
      required: { field: 'operation', value: 'listBases', not: true },
    },
+    {
+      id: 'tableSelector',
+      title: 'Table',
+      type: 'file-selector',
+      canonicalParamId: 'tableId',
+      serviceId: 'airtable',
+      selectorKey: 'airtable.tables',
+      selectorAllowSearch: false,
+      placeholder: 'Select Airtable table',
+      dependsOn: ['credential', 'baseSelector'],
+      mode: 'basic',
+      condition: { field: 'operation', value: ['listBases', 'listTables'], not: true },
+      required: { field: 'operation', value: ['listBases', 'listTables'], not: true },
+    },
    {
      id: 'tableId',
      title: 'Table ID',
      type: 'short-input',
+      canonicalParamId: 'tableId',
      placeholder: 'Enter table ID (e.g., tblXXXXXXXXXXXXXX)',
-      dependsOn: ['credential', 'baseId'],
+      mode: 'advanced',
      condition: { field: 'operation', value: ['listBases', 'listTables'], not: true },
      required: { field: 'operation', value: ['listBases', 'listTables'], not: true },
    },
--- a/apps/sim/blocks/blocks/asana.ts
+++ b/apps/sim/blocks/blocks/asana.ts
@@ -1,4 +1,5 @@
 import { AsanaIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { AsanaResponse } from '@/tools/asana/types'
@@ -36,7 +37,7 @@ export const AsanaBlock: BlockConfig<AsanaResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'asana',
-      requiredScopes: ['default'],
+      requiredScopes: getScopesForService('asana'),
      placeholder: 'Select Asana account',
    },
    {
@@ -48,12 +49,31 @@ export const AsanaBlock: BlockConfig<AsanaResponse> = {
      placeholder: 'Enter credential ID',
      required: true,
    },
+    {
+      id: 'workspaceSelector',
+      title: 'Workspace',
+      type: 'project-selector',
+      canonicalParamId: 'workspace',
+      serviceId: 'asana',
+      selectorKey: 'asana.workspaces',
+      selectorAllowSearch: false,
+      placeholder: 'Select Asana workspace',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['create_task', 'get_projects', 'search_tasks'],
+      },
+      required: true,
+    },
    {
      id: 'workspace',
      title: 'Workspace GID',
      type: 'short-input',
+      canonicalParamId: 'workspace',
      required: true,
      placeholder: 'Enter Asana workspace GID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['create_task', 'get_projects', 'search_tasks'],
@@ -81,11 +101,29 @@ export const AsanaBlock: BlockConfig<AsanaResponse> = {
        value: ['update_task', 'add_comment'],
      },
    },
+    {
+      id: 'getTasksWorkspaceSelector',
+      title: 'Workspace',
+      type: 'project-selector',
+      canonicalParamId: 'getTasks_workspace',
+      serviceId: 'asana',
+      selectorKey: 'asana.workspaces',
+      selectorAllowSearch: false,
+      placeholder: 'Select Asana workspace',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['get_task'],
+      },
+    },
    {
      id: 'getTasks_workspace',
      title: 'Workspace GID',
      type: 'short-input',
+      canonicalParamId: 'getTasks_workspace',
      placeholder: 'Enter workspace GID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['get_task'],
--- a/apps/sim/blocks/blocks/attio.ts
+++ b/apps/sim/blocks/blocks/attio.ts
@@ -86,11 +86,47 @@ export const AttioBlock: BlockConfig<AttioResponse> = {
    },

    // Record fields
+    {
+      id: 'objectTypeSelector',
+      title: 'Object Type',
+      type: 'project-selector',
+      canonicalParamId: 'objectType',
+      serviceId: 'attio',
+      selectorKey: 'attio.objects',
+      selectorAllowSearch: false,
+      placeholder: 'Select object type',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: [
+          'list_records',
+          'get_record',
+          'create_record',
+          'update_record',
+          'delete_record',
+          'assert_record',
+        ],
+      },
+      required: {
+        field: 'operation',
+        value: [
+          'list_records',
+          'get_record',
+          'create_record',
+          'update_record',
+          'delete_record',
+          'assert_record',
+        ],
+      },
+    },
    {
      id: 'objectType',
      title: 'Object Type',
      type: 'short-input',
+      canonicalParamId: 'objectType',
      placeholder: 'e.g. people, companies',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: [
@@ -524,11 +560,49 @@ Return ONLY the JSON array. No explanations, no markdown, no extra text.
    },

    // List fields
+    {
+      id: 'listSelector',
+      title: 'List',
+      type: 'project-selector',
+      canonicalParamId: 'listIdOrSlug',
+      serviceId: 'attio',
+      selectorKey: 'attio.lists',
+      selectorAllowSearch: false,
+      placeholder: 'Select Attio list',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: [
+          'get_list',
+          'update_list',
+          'query_list_entries',
+          'get_list_entry',
+          'create_list_entry',
+          'update_list_entry',
+          'delete_list_entry',
+        ],
+      },
+      required: {
+        field: 'operation',
+        value: [
+          'get_list',
+          'update_list',
+          'query_list_entries',
+          'get_list_entry',
+          'create_list_entry',
+          'update_list_entry',
+          'delete_list_entry',
+        ],
+      },
+    },
    {
      id: 'listIdOrSlug',
      title: 'List ID or Slug',
      type: 'short-input',
+      canonicalParamId: 'listIdOrSlug',
      placeholder: 'Enter the list ID or slug',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: [
--- a/apps/sim/blocks/blocks/calcom.ts
+++ b/apps/sim/blocks/blocks/calcom.ts
@@ -65,11 +65,30 @@ export const CalComBlock: BlockConfig<ToolResponse> = {
    },

    // === Create Booking fields ===
+    {
+      id: 'eventTypeSelector',
+      title: 'Event Type',
+      type: 'project-selector',
+      canonicalParamId: 'eventTypeId',
+      serviceId: 'calcom',
+      selectorKey: 'calcom.eventTypes',
+      selectorAllowSearch: false,
+      placeholder: 'Select event type',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['calcom_create_booking', 'calcom_get_slots'],
+      },
+      required: { field: 'operation', value: 'calcom_create_booking' },
+    },
    {
      id: 'eventTypeId',
      title: 'Event Type ID',
      type: 'short-input',
+      canonicalParamId: 'eventTypeId',
      placeholder: 'Enter event type ID (number)',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['calcom_create_booking', 'calcom_get_slots'],
@@ -261,11 +280,33 @@ Return ONLY the IANA timezone string - no explanations or quotes.`,
    },

    // === Event Type fields ===
+    {
+      id: 'eventTypeParamSelector',
+      title: 'Event Type',
+      type: 'project-selector',
+      canonicalParamId: 'eventTypeIdParam',
+      serviceId: 'calcom',
+      selectorKey: 'calcom.eventTypes',
+      selectorAllowSearch: false,
+      placeholder: 'Select event type',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['calcom_get_event_type', 'calcom_update_event_type', 'calcom_delete_event_type'],
+      },
+      required: {
+        field: 'operation',
+        value: ['calcom_get_event_type', 'calcom_update_event_type', 'calcom_delete_event_type'],
+      },
+    },
    {
      id: 'eventTypeIdParam',
      title: 'Event Type ID',
      type: 'short-input',
+      canonicalParamId: 'eventTypeIdParam',
      placeholder: 'Enter event type ID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['calcom_get_event_type', 'calcom_update_event_type', 'calcom_delete_event_type'],
@@ -364,10 +405,27 @@ Return ONLY the IANA timezone string - no explanations or quotes.`,
      },
      mode: 'advanced',
    },
+    {
+      id: 'eventTypeScheduleSelector',
+      title: 'Schedule',
+      type: 'project-selector',
+      canonicalParamId: 'eventTypeScheduleId',
+      serviceId: 'calcom',
+      selectorKey: 'calcom.schedules',
+      selectorAllowSearch: false,
+      placeholder: 'Select schedule',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['calcom_create_event_type', 'calcom_update_event_type'],
+      },
+    },
    {
      id: 'eventTypeScheduleId',
      title: 'Schedule ID',
      type: 'short-input',
+      canonicalParamId: 'eventTypeScheduleId',
      placeholder: 'Assign to a specific schedule',
      condition: {
        field: 'operation',
@@ -388,11 +446,33 @@ Return ONLY the IANA timezone string - no explanations or quotes.`,
    },

    // === Schedule fields ===
+    {
+      id: 'scheduleSelector',
+      title: 'Schedule',
+      type: 'project-selector',
+      canonicalParamId: 'scheduleId',
+      serviceId: 'calcom',
+      selectorKey: 'calcom.schedules',
+      selectorAllowSearch: false,
+      placeholder: 'Select schedule',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['calcom_get_schedule', 'calcom_update_schedule', 'calcom_delete_schedule'],
+      },
+      required: {
+        field: 'operation',
+        value: ['calcom_get_schedule', 'calcom_update_schedule', 'calcom_delete_schedule'],
+      },
+    },
    {
      id: 'scheduleId',
      title: 'Schedule ID',
      type: 'short-input',
+      canonicalParamId: 'scheduleId',
      placeholder: 'Enter schedule ID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['calcom_get_schedule', 'calcom_update_schedule', 'calcom_delete_schedule'],
@@ -771,7 +851,10 @@ Return ONLY valid JSON - no explanations.`,
    cancellationReason: { type: 'string', description: 'Reason for cancellation' },
    reschedulingReason: { type: 'string', description: 'Reason for rescheduling' },
    bookingStatus: { type: 'string', description: 'Filter by booking status' },
-    eventTypeIdParam: { type: 'number', description: 'Event type ID for get/update/delete' },
+    eventTypeIdParam: {
+      type: 'number',
+      description: 'Event type ID for get/update/delete',
+    },
    title: { type: 'string', description: 'Event type title' },
    slug: { type: 'string', description: 'URL-friendly slug' },
    eventLength: { type: 'number', description: 'Event duration in minutes' },
--- a/apps/sim/blocks/blocks/confluence.ts
+++ b/apps/sim/blocks/blocks/confluence.ts
@@ -1,4 +1,5 @@
 import { ConfluenceIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -55,37 +56,7 @@ export const ConfluenceBlock: BlockConfig<ConfluenceResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'confluence',
-      requiredScopes: [
-        'read:confluence-content.all',
-        'read:confluence-space.summary',
-        'read:space:confluence',
-        'read:space-details:confluence',
-        'write:confluence-content',
-        'write:confluence-space',
-        'write:confluence-file',
-        'read:content:confluence',
-        'read:page:confluence',
-        'write:page:confluence',
-        'read:comment:confluence',
-        'write:comment:confluence',
-        'delete:comment:confluence',
-        'read:attachment:confluence',
-        'write:attachment:confluence',
-        'delete:attachment:confluence',
-        'delete:page:confluence',
-        'read:label:confluence',
-        'write:label:confluence',
-        'search:confluence',
-        'read:me',
-        'offline_access',
-        'read:blogpost:confluence',
-        'write:blogpost:confluence',
-        'read:content.property:confluence',
-        'write:content.property:confluence',
-        'read:hierarchical-content:confluence',
-        'read:content.metadata:confluence',
-        'read:user:confluence',
-      ],
+      requiredScopes: getScopesForService('confluence'),
      placeholder: 'Select Confluence account',
      required: true,
    },
@@ -464,45 +435,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'confluence',
-      requiredScopes: [
-        'read:confluence-content.all',
-        'read:confluence-space.summary',
-        'read:space:confluence',
-        'read:space-details:confluence',
-        'write:confluence-content',
-        'write:confluence-space',
-        'write:confluence-file',
-        'read:content:confluence',
-        'read:page:confluence',
-        'write:page:confluence',
-        'read:comment:confluence',
-        'write:comment:confluence',
-        'delete:comment:confluence',
-        'read:attachment:confluence',
-        'write:attachment:confluence',
-        'delete:attachment:confluence',
-        'delete:page:confluence',
-        'read:label:confluence',
-        'write:label:confluence',
-        'search:confluence',
-        'read:me',
-        'offline_access',
-        'read:blogpost:confluence',
-        'write:blogpost:confluence',
-        'read:content.property:confluence',
-        'write:content.property:confluence',
-        'read:hierarchical-content:confluence',
-        'read:content.metadata:confluence',
-        'read:user:confluence',
-        'read:task:confluence',
-        'write:task:confluence',
-        'delete:blogpost:confluence',
-        'write:space:confluence',
-        'delete:space:confluence',
-        'read:space.property:confluence',
-        'write:space.property:confluence',
-        'read:space.permission:confluence',
-      ],
+      requiredScopes: getScopesForService('confluence'),
      placeholder: 'Select Confluence account',
      required: true,
    },
@@ -645,11 +578,44 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
        ],
      },
    },
+    {
+      id: 'spaceSelector',
+      title: 'Space',
+      type: 'project-selector',
+      canonicalParamId: 'spaceId',
+      serviceId: 'confluence',
+      selectorKey: 'confluence.spaces',
+      selectorAllowSearch: false,
+      placeholder: 'Select Confluence space',
+      dependsOn: ['credential', 'domain'],
+      mode: 'basic',
+      required: true,
+      condition: {
+        field: 'operation',
+        value: [
+          'create',
+          'get_space',
+          'update_space',
+          'delete_space',
+          'list_pages_in_space',
+          'search_in_space',
+          'create_blogpost',
+          'list_blogposts_in_space',
+          'list_space_labels',
+          'list_space_permissions',
+          'list_space_properties',
+          'create_space_property',
+          'delete_space_property',
+        ],
+      },
+    },
    {
      id: 'spaceId',
      title: 'Space ID',
      type: 'short-input',
+      canonicalParamId: 'spaceId',
      placeholder: 'Enter Confluence space ID',
+      mode: 'advanced',
      required: true,
      condition: {
        field: 'operation',
@@ -1250,7 +1216,6 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
          ...rest
        } = params

-        // Use canonical param (serializer already handles basic/advanced mode)
        const effectivePageId = pageId ? String(pageId).trim() : ''

        if (operation === 'add_label') {
@@ -1511,7 +1476,7 @@ export const ConfluenceV2Block: BlockConfig<ConfluenceResponse> = {
    operation: { type: 'string', description: 'Operation to perform' },
    domain: { type: 'string', description: 'Confluence domain' },
    oauthCredential: { type: 'string', description: 'Confluence access token' },
-    pageId: { type: 'string', description: 'Page identifier (canonical param)' },
+    pageId: { type: 'string', description: 'Page identifier' },
    spaceId: { type: 'string', description: 'Space identifier' },
    blogPostId: { type: 'string', description: 'Blog post identifier' },
    versionNumber: { type: 'number', description: 'Page version number' },
--- a/apps/sim/blocks/blocks/dropbox.ts
+++ b/apps/sim/blocks/blocks/dropbox.ts
@@ -1,4 +1,5 @@
 import { DropboxIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -41,15 +42,7 @@ export const DropboxBlock: BlockConfig<DropboxResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'dropbox',
-      requiredScopes: [
-        'account_info.read',
-        'files.metadata.read',
-        'files.metadata.write',
-        'files.content.read',
-        'files.content.write',
-        'sharing.read',
-        'sharing.write',
-      ],
+      requiredScopes: getScopesForService('dropbox'),
      placeholder: 'Select Dropbox account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/evernote.ts
+++ b/apps/sim/blocks/blocks/evernote.ts
@@ -0,0 +1,308 @@
+import { EvernoteIcon } from '@/components/icons'
+import type { BlockConfig } from '@/blocks/types'
+import { AuthMode } from '@/blocks/types'
+
+export const EvernoteBlock: BlockConfig = {
+  type: 'evernote',
+  name: 'Evernote',
+  description: 'Manage notes, notebooks, and tags in Evernote',
+  longDescription:
+    'Integrate with Evernote to manage notes, notebooks, and tags. Create, read, update, copy, search, and delete notes. Create and list notebooks and tags.',
+  docsLink: 'https://docs.sim.ai/tools/evernote',
+  category: 'tools',
+  bgColor: '#E0E0E0',
+  icon: EvernoteIcon,
+  authMode: AuthMode.ApiKey,
+
+  subBlocks: [
+    {
+      id: 'operation',
+      title: 'Operation',
+      type: 'dropdown',
+      options: [
+        { label: 'Create Note', id: 'create_note' },
+        { label: 'Get Note', id: 'get_note' },
+        { label: 'Update Note', id: 'update_note' },
+        { label: 'Delete Note', id: 'delete_note' },
+        { label: 'Copy Note', id: 'copy_note' },
+        { label: 'Search Notes', id: 'search_notes' },
+        { label: 'Get Notebook', id: 'get_notebook' },
+        { label: 'Create Notebook', id: 'create_notebook' },
+        { label: 'List Notebooks', id: 'list_notebooks' },
+        { label: 'Create Tag', id: 'create_tag' },
+        { label: 'List Tags', id: 'list_tags' },
+      ],
+      value: () => 'create_note',
+    },
+    {
+      id: 'apiKey',
+      title: 'Developer Token',
+      type: 'short-input',
+      password: true,
+      placeholder: 'Enter your Evernote developer token',
+      required: true,
+    },
+    {
+      id: 'title',
+      title: 'Title',
+      type: 'short-input',
+      placeholder: 'Note title',
+      condition: { field: 'operation', value: 'create_note' },
+      required: { field: 'operation', value: 'create_note' },
+    },
+    {
+      id: 'content',
+      title: 'Content',
+      type: 'long-input',
+      placeholder: 'Note content (plain text or ENML)',
+      condition: { field: 'operation', value: 'create_note' },
+      required: { field: 'operation', value: 'create_note' },
+    },
+    {
+      id: 'noteGuid',
+      title: 'Note GUID',
+      type: 'short-input',
+      placeholder: 'Enter the note GUID',
+      condition: {
+        field: 'operation',
+        value: ['get_note', 'update_note', 'delete_note', 'copy_note'],
+      },
+      required: {
+        field: 'operation',
+        value: ['get_note', 'update_note', 'delete_note', 'copy_note'],
+      },
+    },
+    {
+      id: 'updateTitle',
+      title: 'New Title',
+      type: 'short-input',
+      placeholder: 'New title (leave empty to keep current)',
+      condition: { field: 'operation', value: 'update_note' },
+    },
+    {
+      id: 'updateContent',
+      title: 'New Content',
+      type: 'long-input',
+      placeholder: 'New content (leave empty to keep current)',
+      condition: { field: 'operation', value: 'update_note' },
+    },
+    {
+      id: 'toNotebookGuid',
+      title: 'Destination Notebook GUID',
+      type: 'short-input',
+      placeholder: 'GUID of the destination notebook',
+      condition: { field: 'operation', value: 'copy_note' },
+      required: { field: 'operation', value: 'copy_note' },
+    },
+    {
+      id: 'query',
+      title: 'Search Query',
+      type: 'short-input',
+      placeholder: 'e.g., "tag:work intitle:meeting"',
+      condition: { field: 'operation', value: 'search_notes' },
+      required: { field: 'operation', value: 'search_notes' },
+    },
+    {
+      id: 'notebookGuid',
+      title: 'Notebook GUID',
+      type: 'short-input',
+      placeholder: 'Notebook GUID',
+      condition: {
+        field: 'operation',
+        value: ['create_note', 'update_note', 'search_notes', 'get_notebook'],
+      },
+      required: { field: 'operation', value: 'get_notebook' },
+    },
+    {
+      id: 'notebookName',
+      title: 'Notebook Name',
+      type: 'short-input',
+      placeholder: 'Name for the new notebook',
+      condition: { field: 'operation', value: 'create_notebook' },
+      required: { field: 'operation', value: 'create_notebook' },
+    },
+    {
+      id: 'stack',
+      title: 'Stack',
+      type: 'short-input',
+      placeholder: 'Stack name (optional)',
+      condition: { field: 'operation', value: 'create_notebook' },
+      mode: 'advanced',
+    },
+    {
+      id: 'tagName',
+      title: 'Tag Name',
+      type: 'short-input',
+      placeholder: 'Name for the new tag',
+      condition: { field: 'operation', value: 'create_tag' },
+      required: { field: 'operation', value: 'create_tag' },
+    },
+    {
+      id: 'parentGuid',
+      title: 'Parent Tag GUID',
+      type: 'short-input',
+      placeholder: 'Parent tag GUID (optional)',
+      condition: { field: 'operation', value: 'create_tag' },
+      mode: 'advanced',
+    },
+    {
+      id: 'tagNames',
+      title: 'Tags',
+      type: 'short-input',
+      placeholder: 'Comma-separated tags (e.g., "work, meeting, urgent")',
+      condition: { field: 'operation', value: ['create_note', 'update_note'] },
+      mode: 'advanced',
+    },
+    {
+      id: 'maxNotes',
+      title: 'Max Results',
+      type: 'short-input',
+      placeholder: '25',
+      condition: { field: 'operation', value: 'search_notes' },
+      mode: 'advanced',
+    },
+    {
+      id: 'offset',
+      title: 'Offset',
+      type: 'short-input',
+      placeholder: '0',
+      condition: { field: 'operation', value: 'search_notes' },
+      mode: 'advanced',
+    },
+    {
+      id: 'withContent',
+      title: 'Include Content',
+      type: 'dropdown',
+      options: [
+        { label: 'Yes', id: 'true' },
+        { label: 'No', id: 'false' },
+      ],
+      value: () => 'true',
+      condition: { field: 'operation', value: 'get_note' },
+      mode: 'advanced',
+    },
+  ],
+
+  tools: {
+    access: [
+      'evernote_copy_note',
+      'evernote_create_note',
+      'evernote_create_notebook',
+      'evernote_create_tag',
+      'evernote_delete_note',
+      'evernote_get_note',
+      'evernote_get_notebook',
+      'evernote_list_notebooks',
+      'evernote_list_tags',
+      'evernote_search_notes',
+      'evernote_update_note',
+    ],
+    config: {
+      tool: (params) => `evernote_${params.operation}`,
+      params: (params) => {
+        const { operation, apiKey, ...rest } = params
+
+        switch (operation) {
+          case 'create_note':
+            return {
+              apiKey,
+              title: rest.title,
+              content: rest.content,
+              notebookGuid: rest.notebookGuid || undefined,
+              tagNames: rest.tagNames || undefined,
+            }
+          case 'get_note':
+            return {
+              apiKey,
+              noteGuid: rest.noteGuid,
+              withContent: rest.withContent !== 'false',
+            }
+          case 'update_note':
+            return {
+              apiKey,
+              noteGuid: rest.noteGuid,
+              title: rest.updateTitle || undefined,
+              content: rest.updateContent || undefined,
+              notebookGuid: rest.notebookGuid || undefined,
+              tagNames: rest.tagNames || undefined,
+            }
+          case 'delete_note':
+            return {
+              apiKey,
+              noteGuid: rest.noteGuid,
+            }
+          case 'copy_note':
+            return {
+              apiKey,
+              noteGuid: rest.noteGuid,
+              toNotebookGuid: rest.toNotebookGuid,
+            }
+          case 'search_notes':
+            return {
+              apiKey,
+              query: rest.query,
+              notebookGuid: rest.notebookGuid || undefined,
+              offset: rest.offset ? Number(rest.offset) : 0,
+              maxNotes: rest.maxNotes ? Number(rest.maxNotes) : 25,
+            }
+          case 'get_notebook':
+            return {
+              apiKey,
+              notebookGuid: rest.notebookGuid,
+            }
+          case 'create_notebook':
+            return {
+              apiKey,
+              name: rest.notebookName,
+              stack: rest.stack || undefined,
+            }
+          case 'list_notebooks':
+            return { apiKey }
+          case 'create_tag':
+            return {
+              apiKey,
+              name: rest.tagName,
+              parentGuid: rest.parentGuid || undefined,
+            }
+          case 'list_tags':
+            return { apiKey }
+          default:
+            return { apiKey }
+        }
+      },
+    },
+  },
+
+  inputs: {
+    apiKey: { type: 'string', description: 'Evernote developer token' },
+    operation: { type: 'string', description: 'Operation to perform' },
+    title: { type: 'string', description: 'Note title' },
+    content: { type: 'string', description: 'Note content' },
+    noteGuid: { type: 'string', description: 'Note GUID' },
+    updateTitle: { type: 'string', description: 'New note title' },
+    updateContent: { type: 'string', description: 'New note content' },
+    toNotebookGuid: { type: 'string', description: 'Destination notebook GUID' },
+    query: { type: 'string', description: 'Search query' },
+    notebookGuid: { type: 'string', description: 'Notebook GUID' },
+    notebookName: { type: 'string', description: 'Notebook name' },
+    stack: { type: 'string', description: 'Notebook stack name' },
+    tagName: { type: 'string', description: 'Tag name' },
+    parentGuid: { type: 'string', description: 'Parent tag GUID' },
+    tagNames: { type: 'string', description: 'Comma-separated tag names' },
+    maxNotes: { type: 'string', description: 'Maximum number of results' },
+    offset: { type: 'string', description: 'Starting index for results' },
+    withContent: { type: 'string', description: 'Whether to include note content' },
+  },
+
+  outputs: {
+    note: { type: 'json', description: 'Note data' },
+    notebook: { type: 'json', description: 'Notebook data' },
+    notebooks: { type: 'json', description: 'List of notebooks' },
+    tag: { type: 'json', description: 'Tag data' },
+    tags: { type: 'json', description: 'List of tags' },
+    totalNotes: { type: 'number', description: 'Total number of matching notes' },
+    notes: { type: 'json', description: 'List of note metadata' },
+    success: { type: 'boolean', description: 'Whether the operation succeeded' },
+    noteGuid: { type: 'string', description: 'GUID of the affected note' },
+  },
+}
--- a/apps/sim/blocks/blocks/gmail.ts
+++ b/apps/sim/blocks/blocks/gmail.ts
@@ -1,4 +1,5 @@
 import { GmailIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { createVersionedToolSelector, normalizeFileInput } from '@/blocks/utils'
@@ -79,11 +80,7 @@ export const GmailBlock: BlockConfig<GmailToolResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'gmail',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/gmail.send',
-        'https://www.googleapis.com/auth/gmail.modify',
-        'https://www.googleapis.com/auth/gmail.labels',
-      ],
+      requiredScopes: getScopesForService('gmail'),
      placeholder: 'Select Gmail account',
      required: true,
    },
@@ -222,7 +219,7 @@ Return ONLY the email body - no explanations, no extra text.`,
      canonicalParamId: 'folder',
      serviceId: 'gmail',
      selectorKey: 'gmail.labels',
-      requiredScopes: ['https://www.googleapis.com/auth/gmail.labels'],
+      requiredScopes: getScopesForService('gmail'),
      placeholder: 'Select Gmail label/folder',
      dependsOn: ['credential'],
      mode: 'basic',
@@ -303,7 +300,7 @@ Return ONLY the search query - no explanations, no extra text.`,
      canonicalParamId: 'addLabelIds',
      serviceId: 'gmail',
      selectorKey: 'gmail.labels',
-      requiredScopes: ['https://www.googleapis.com/auth/gmail.labels'],
+      requiredScopes: getScopesForService('gmail'),
      placeholder: 'Select destination label',
      dependsOn: ['credential'],
      mode: 'basic',
@@ -329,7 +326,7 @@ Return ONLY the search query - no explanations, no extra text.`,
      canonicalParamId: 'removeLabelIds',
      serviceId: 'gmail',
      selectorKey: 'gmail.labels',
-      requiredScopes: ['https://www.googleapis.com/auth/gmail.labels'],
+      requiredScopes: getScopesForService('gmail'),
      placeholder: 'Select label to remove',
      dependsOn: ['credential'],
      mode: 'basic',
@@ -382,7 +379,7 @@ Return ONLY the search query - no explanations, no extra text.`,
      canonicalParamId: 'manageLabelId',
      serviceId: 'gmail',
      selectorKey: 'gmail.labels',
-      requiredScopes: ['https://www.googleapis.com/auth/gmail.labels'],
+      requiredScopes: getScopesForService('gmail'),
      placeholder: 'Select label',
      dependsOn: ['credential'],
      mode: 'basic',
--- a/apps/sim/blocks/blocks/google_bigquery.ts
+++ b/apps/sim/blocks/blocks/google_bigquery.ts
@@ -1,4 +1,5 @@
 import { GoogleBigQueryIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'

@@ -36,7 +37,7 @@ export const GoogleBigQueryBlock: BlockConfig = {
      mode: 'basic',
      required: true,
      serviceId: 'google-bigquery',
-      requiredScopes: ['https://www.googleapis.com/auth/bigquery'],
+      requiredScopes: getScopesForService('google-bigquery'),
      placeholder: 'Select Google account',
    },
    {
@@ -109,20 +110,52 @@ Return ONLY the SQL query - no explanations, no quotes, no extra text.`,
      condition: { field: 'operation', value: 'query' },
    },

+    {
+      id: 'datasetSelector',
+      title: 'Dataset',
+      type: 'project-selector',
+      canonicalParamId: 'datasetId',
+      serviceId: 'google-bigquery',
+      selectorKey: 'bigquery.datasets',
+      selectorAllowSearch: false,
+      placeholder: 'Select BigQuery dataset',
+      dependsOn: ['credential', 'projectId'],
+      mode: 'basic',
+      condition: { field: 'operation', value: ['list_tables', 'get_table', 'insert_rows'] },
+      required: { field: 'operation', value: ['list_tables', 'get_table', 'insert_rows'] },
+    },
    {
      id: 'datasetId',
      title: 'Dataset ID',
      type: 'short-input',
+      canonicalParamId: 'datasetId',
      placeholder: 'Enter BigQuery dataset ID',
+      mode: 'advanced',
      condition: { field: 'operation', value: ['list_tables', 'get_table', 'insert_rows'] },
      required: { field: 'operation', value: ['list_tables', 'get_table', 'insert_rows'] },
    },

+    {
+      id: 'tableSelector',
+      title: 'Table',
+      type: 'file-selector',
+      canonicalParamId: 'tableId',
+      serviceId: 'google-bigquery',
+      selectorKey: 'bigquery.tables',
+      selectorAllowSearch: false,
+      placeholder: 'Select BigQuery table',
+      dependsOn: ['credential', 'projectId', 'datasetSelector'],
+      mode: 'basic',
+      condition: { field: 'operation', value: ['get_table', 'insert_rows'] },
+      required: { field: 'operation', value: ['get_table', 'insert_rows'] },
+    },
    {
      id: 'tableId',
      title: 'Table ID',
      type: 'short-input',
+      canonicalParamId: 'tableId',
      placeholder: 'Enter BigQuery table ID',
+      mode: 'advanced',
      condition: { field: 'operation', value: ['get_table', 'insert_rows'] },
      required: { field: 'operation', value: ['get_table', 'insert_rows'] },
    },
--- a/apps/sim/blocks/blocks/google_calendar.ts
+++ b/apps/sim/blocks/blocks/google_calendar.ts
@@ -1,4 +1,5 @@
 import { GoogleCalendarIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { createVersionedToolSelector } from '@/blocks/utils'
@@ -43,7 +44,7 @@ export const GoogleCalendarBlock: BlockConfig<GoogleCalendarResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-calendar',
-      requiredScopes: ['https://www.googleapis.com/auth/calendar'],
+      requiredScopes: getScopesForService('google-calendar'),
      placeholder: 'Select Google Calendar account',
    },
    {
@@ -64,7 +65,7 @@ export const GoogleCalendarBlock: BlockConfig<GoogleCalendarResponse> = {
      serviceId: 'google-calendar',
      selectorKey: 'google.calendar',
      selectorAllowSearch: false,
-      requiredScopes: ['https://www.googleapis.com/auth/calendar'],
+      requiredScopes: getScopesForService('google-calendar'),
      placeholder: 'Select calendar',
      dependsOn: ['credential'],
      mode: 'basic',
@@ -330,7 +331,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
      serviceId: 'google-calendar',
      selectorKey: 'google.calendar',
      selectorAllowSearch: false,
-      requiredScopes: ['https://www.googleapis.com/auth/calendar'],
+      requiredScopes: getScopesForService('google-calendar'),
      placeholder: 'Select destination calendar',
      dependsOn: ['credential'],
      condition: { field: 'operation', value: 'move' },
--- a/apps/sim/blocks/blocks/google_contacts.ts
+++ b/apps/sim/blocks/blocks/google_contacts.ts
@@ -1,4 +1,5 @@
 import { GoogleContactsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { GoogleContactsResponse } from '@/tools/google_contacts/types'
@@ -37,7 +38,7 @@ export const GoogleContactsBlock: BlockConfig<GoogleContactsResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-contacts',
-      requiredScopes: ['https://www.googleapis.com/auth/contacts'],
+      requiredScopes: getScopesForService('google-contacts'),
      placeholder: 'Select Google account',
    },
    {
--- a/apps/sim/blocks/blocks/google_docs.ts
+++ b/apps/sim/blocks/blocks/google_docs.ts
@@ -1,4 +1,5 @@
 import { GoogleDocsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { GoogleDocsResponse } from '@/tools/google_docs/types'
@@ -36,10 +37,7 @@ export const GoogleDocsBlock: BlockConfig<GoogleDocsResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-docs',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-docs'),
      placeholder: 'Select Google account',
    },
    {
--- a/apps/sim/blocks/blocks/google_drive.ts
+++ b/apps/sim/blocks/blocks/google_drive.ts
@@ -1,4 +1,5 @@
 import { GoogleDriveIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -48,10 +49,7 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select Google Drive account',
    },
    {
@@ -138,10 +136,7 @@ Return ONLY the file content - no explanations, no markdown code blocks, no extr
      canonicalParamId: 'uploadFolderId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      mimeType: 'application/vnd.google-apps.folder',
      placeholder: 'Select a parent folder',
      mode: 'basic',
@@ -211,10 +206,7 @@ Return ONLY the file content - no explanations, no markdown code blocks, no extr
      canonicalParamId: 'createFolderParentId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      mimeType: 'application/vnd.google-apps.folder',
      placeholder: 'Select a parent folder',
      mode: 'basic',
@@ -239,10 +231,7 @@ Return ONLY the file content - no explanations, no markdown code blocks, no extr
      canonicalParamId: 'listFolderId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      mimeType: 'application/vnd.google-apps.folder',
      placeholder: 'Select a folder to list files from',
      mode: 'basic',
@@ -299,10 +288,7 @@ Return ONLY the query string - no explanations, no quotes around the whole thing
      canonicalParamId: 'downloadFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to download',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -361,10 +347,7 @@ Return ONLY the query string - no explanations, no quotes around the whole thing
      canonicalParamId: 'getFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to get info for',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -389,10 +372,7 @@ Return ONLY the query string - no explanations, no quotes around the whole thing
      canonicalParamId: 'copyFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to copy',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -423,10 +403,7 @@ Return ONLY the query string - no explanations, no quotes around the whole thing
      canonicalParamId: 'copyDestFolderId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      mimeType: 'application/vnd.google-apps.folder',
      placeholder: 'Select destination folder (optional)',
      mode: 'basic',
@@ -450,10 +427,7 @@ Return ONLY the query string - no explanations, no quotes around the whole thing
      canonicalParamId: 'updateFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to update',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -529,10 +503,7 @@ Return ONLY the description text - no explanations, no quotes, no extra text.`,
      canonicalParamId: 'trashFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to move to trash',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -557,10 +528,7 @@ Return ONLY the description text - no explanations, no quotes, no extra text.`,
      canonicalParamId: 'deleteFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to permanently delete',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -585,10 +553,7 @@ Return ONLY the description text - no explanations, no quotes, no extra text.`,
      canonicalParamId: 'shareFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to share',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -700,10 +665,7 @@ Return ONLY the message text - no subject line, no greetings/signatures, no extr
      canonicalParamId: 'unshareFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to remove sharing from',
      mode: 'basic',
      dependsOn: ['credential'],
@@ -736,10 +698,7 @@ Return ONLY the message text - no subject line, no greetings/signatures, no extr
      canonicalParamId: 'listPermissionsFileId',
      serviceId: 'google-drive',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select a file to list permissions for',
      mode: 'basic',
      dependsOn: ['credential'],
--- a/apps/sim/blocks/blocks/google_forms.ts
+++ b/apps/sim/blocks/blocks/google_forms.ts
@@ -1,4 +1,5 @@
 import { GoogleFormsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { getTrigger } from '@/triggers'

@@ -38,13 +39,7 @@ export const GoogleFormsBlock: BlockConfig = {
      mode: 'basic',
      required: true,
      serviceId: 'google-forms',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/userinfo.email',
-        'https://www.googleapis.com/auth/userinfo.profile',
-        'https://www.googleapis.com/auth/drive',
-        'https://www.googleapis.com/auth/forms.body',
-        'https://www.googleapis.com/auth/forms.responses.readonly',
-      ],
+      requiredScopes: getScopesForService('google-forms'),
      placeholder: 'Select Google account',
    },
    {
--- a/apps/sim/blocks/blocks/google_groups.ts
+++ b/apps/sim/blocks/blocks/google_groups.ts
@@ -1,4 +1,5 @@
 import { GoogleGroupsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'

@@ -46,10 +47,7 @@ export const GoogleGroupsBlock: BlockConfig = {
      mode: 'basic',
      required: true,
      serviceId: 'google-groups',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/admin.directory.group',
-        'https://www.googleapis.com/auth/admin.directory.group.member',
-      ],
+      requiredScopes: getScopesForService('google-groups'),
      placeholder: 'Select Google Workspace account',
    },
    {
--- a/apps/sim/blocks/blocks/google_meet.ts
+++ b/apps/sim/blocks/blocks/google_meet.ts
@@ -1,4 +1,5 @@
 import { GoogleMeetIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { GoogleMeetResponse } from '@/tools/google_meet/types'
@@ -37,10 +38,7 @@ export const GoogleMeetBlock: BlockConfig<GoogleMeetResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-meet',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/meetings.space.created',
-        'https://www.googleapis.com/auth/meetings.space.readonly',
-      ],
+      requiredScopes: getScopesForService('google-meet'),
      placeholder: 'Select Google Meet account',
    },
    {
--- a/apps/sim/blocks/blocks/google_sheets.ts
+++ b/apps/sim/blocks/blocks/google_sheets.ts
@@ -1,4 +1,5 @@
 import { GoogleSheetsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { createVersionedToolSelector } from '@/blocks/utils'
@@ -40,10 +41,7 @@ export const GoogleSheetsBlock: BlockConfig<GoogleSheetsResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-sheets',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-sheets'),
      placeholder: 'Select Google account',
    },
    {
@@ -63,10 +61,7 @@ export const GoogleSheetsBlock: BlockConfig<GoogleSheetsResponse> = {
      canonicalParamId: 'spreadsheetId',
      serviceId: 'google-sheets',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-sheets'),
      mimeType: 'application/vnd.google-apps.spreadsheet',
      placeholder: 'Select a spreadsheet',
      dependsOn: ['credential'],
@@ -339,10 +334,7 @@ export const GoogleSheetsV2Block: BlockConfig<GoogleSheetsV2Response> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-sheets',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-sheets'),
      placeholder: 'Select Google account',
    },
    {
@@ -362,10 +354,7 @@ export const GoogleSheetsV2Block: BlockConfig<GoogleSheetsV2Response> = {
      canonicalParamId: 'spreadsheetId',
      serviceId: 'google-sheets',
      selectorKey: 'google.drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-sheets'),
      mimeType: 'application/vnd.google-apps.spreadsheet',
      placeholder: 'Select a spreadsheet',
      dependsOn: ['credential'],
--- a/apps/sim/blocks/blocks/google_slides.ts
+++ b/apps/sim/blocks/blocks/google_slides.ts
@@ -1,4 +1,5 @@
 import { GoogleSlidesIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import { resolveHttpsUrlFromFileInput } from '@/lib/uploads/utils/file-utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
@@ -50,10 +51,7 @@ export const GoogleSlidesBlock: BlockConfig<GoogleSlidesResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-drive',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/drive.file',
-        'https://www.googleapis.com/auth/drive',
-      ],
+      requiredScopes: getScopesForService('google-drive'),
      placeholder: 'Select Google account',
    },
    {
--- a/apps/sim/blocks/blocks/google_tasks.ts
+++ b/apps/sim/blocks/blocks/google_tasks.ts
@@ -1,4 +1,5 @@
 import { GoogleTasksIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { GoogleTasksResponse } from '@/tools/google_tasks/types'
@@ -38,7 +39,7 @@ export const GoogleTasksBlock: BlockConfig<GoogleTasksResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'google-tasks',
-      requiredScopes: ['https://www.googleapis.com/auth/tasks'],
+      requiredScopes: getScopesForService('google-tasks'),
      placeholder: 'Select Google Tasks account',
    },
    {
@@ -51,12 +52,27 @@ export const GoogleTasksBlock: BlockConfig<GoogleTasksResponse> = {
      required: true,
    },

-    // Task List ID - shown for all task operations (not list_task_lists)
+    // Task List - shown for all task operations (not list_task_lists)
+    {
+      id: 'taskListSelector',
+      title: 'Task List',
+      type: 'project-selector',
+      canonicalParamId: 'taskListId',
+      serviceId: 'google-tasks',
+      selectorKey: 'google.tasks.lists',
+      selectorAllowSearch: false,
+      placeholder: 'Select task list',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: { field: 'operation', value: 'list_task_lists', not: true },
+    },
    {
      id: 'taskListId',
      title: 'Task List ID',
      type: 'short-input',
+      canonicalParamId: 'taskListId',
      placeholder: 'Task list ID (leave empty for default list)',
+      mode: 'advanced',
      condition: { field: 'operation', value: 'list_task_lists', not: true },
    },

@@ -210,7 +226,9 @@ Return ONLY the timestamp - no explanations, no extra text.`,
      params: (params) => {
        const { oauthCredential, operation, showCompleted, maxResults, ...rest } = params

-        const processedParams: Record<string, unknown> = { ...rest }
+        const processedParams: Record<string, unknown> = {
+          ...rest,
+        }

        if (maxResults && typeof maxResults === 'string') {
          processedParams.maxResults = Number.parseInt(maxResults, 10)
--- a/apps/sim/blocks/blocks/google_vault.ts
+++ b/apps/sim/blocks/blocks/google_vault.ts
@@ -1,4 +1,5 @@
 import { GoogleVaultIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'

@@ -38,10 +39,7 @@ export const GoogleVaultBlock: BlockConfig = {
      mode: 'basic',
      required: true,
      serviceId: 'google-vault',
-      requiredScopes: [
-        'https://www.googleapis.com/auth/ediscovery',
-        'https://www.googleapis.com/auth/devstorage.read_only',
-      ],
+      requiredScopes: getScopesForService('google-vault'),
      placeholder: 'Select Google Vault account',
    },
    {
--- a/apps/sim/blocks/blocks/hubspot.ts
+++ b/apps/sim/blocks/blocks/hubspot.ts
@@ -1,4 +1,5 @@
 import { HubspotIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { HubSpotResponse } from '@/tools/hubspot/types'
@@ -42,31 +43,7 @@ export const HubSpotBlock: BlockConfig<HubSpotResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'hubspot',
-      requiredScopes: [
-        'crm.objects.contacts.read',
-        'crm.objects.contacts.write',
-        'crm.objects.companies.read',
-        'crm.objects.companies.write',
-        'crm.objects.deals.read',
-        'crm.objects.deals.write',
-        'crm.objects.owners.read',
-        'crm.objects.users.read',
-        'crm.objects.users.write',
-        'crm.objects.marketing_events.read',
-        'crm.objects.marketing_events.write',
-        'crm.objects.line_items.read',
-        'crm.objects.line_items.write',
-        'crm.objects.quotes.read',
-        'crm.objects.quotes.write',
-        'crm.objects.appointments.read',
-        'crm.objects.appointments.write',
-        'crm.objects.carts.read',
-        'crm.objects.carts.write',
-        'crm.import',
-        'crm.lists.read',
-        'crm.lists.write',
-        'tickets',
-      ],
+      requiredScopes: getScopesForService('hubspot'),
      placeholder: 'Select HubSpot account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/jira.ts
+++ b/apps/sim/blocks/blocks/jira.ts
@@ -1,4 +1,5 @@
 import { JiraIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -46,6 +47,7 @@ export const JiraBlock: BlockConfig<JiraResponse> = {
        { label: 'Add Watcher', id: 'add_watcher' },
        { label: 'Remove Watcher', id: 'remove_watcher' },
        { label: 'Get Users', id: 'get_users' },
+        { label: 'Search Users', id: 'search_users' },
      ],
      value: () => 'read',
    },
@@ -64,38 +66,7 @@ export const JiraBlock: BlockConfig<JiraResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'jira',
-      requiredScopes: [
-        'read:jira-work',
-        'read:jira-user',
-        'write:jira-work',
-        'read:issue-event:jira',
-        'write:issue:jira',
-        'read:project:jira',
-        'read:issue-type:jira',
-        'read:me',
-        'offline_access',
-        'read:issue-meta:jira',
-        'read:issue-security-level:jira',
-        'read:issue.vote:jira',
-        'read:issue.changelog:jira',
-        'read:avatar:jira',
-        'read:issue:jira',
-        'read:status:jira',
-        'read:user:jira',
-        'read:field-configuration:jira',
-        'read:issue-details:jira',
-        'delete:issue:jira',
-        'write:comment:jira',
-        'read:comment:jira',
-        'delete:comment:jira',
-        'read:attachment:jira',
-        'delete:attachment:jira',
-        'write:issue-worklog:jira',
-        'read:issue-worklog:jira',
-        'delete:issue-worklog:jira',
-        'write:issue-link:jira',
-        'delete:issue-link:jira',
-      ],
+      requiredScopes: getScopesForService('jira'),
      placeholder: 'Select Jira account',
    },
    {
@@ -703,6 +674,31 @@ Return ONLY the comment text - no explanations.`,
      placeholder: 'Maximum users to return (default: 50)',
      condition: { field: 'operation', value: 'get_users' },
    },
+    // Search Users fields
+    {
+      id: 'searchUsersQuery',
+      title: 'Search Query',
+      type: 'short-input',
+      required: true,
+      placeholder: 'Enter email address or display name to search',
+      condition: { field: 'operation', value: 'search_users' },
+    },
+    {
+      id: 'searchUsersMaxResults',
+      title: 'Max Results',
+      type: 'short-input',
+      placeholder: 'Maximum users to return (default: 50)',
+      condition: { field: 'operation', value: 'search_users' },
+      mode: 'advanced',
+    },
+    {
+      id: 'searchUsersStartAt',
+      title: 'Start At',
+      type: 'short-input',
+      placeholder: 'Pagination start index (default: 0)',
+      condition: { field: 'operation', value: 'search_users' },
+      mode: 'advanced',
+    },
    // Trigger SubBlocks
    ...getTrigger('jira_issue_created').subBlocks,
    ...getTrigger('jira_issue_updated').subBlocks,
@@ -737,6 +733,7 @@ Return ONLY the comment text - no explanations.`,
      'jira_add_watcher',
      'jira_remove_watcher',
      'jira_get_users',
+      'jira_search_users',
    ],
    config: {
      tool: (params) => {
@@ -797,6 +794,8 @@ Return ONLY the comment text - no explanations.`,
            return 'jira_remove_watcher'
          case 'get_users':
            return 'jira_get_users'
+          case 'search_users':
+            return 'jira_search_users'
          default:
            return 'jira_retrieve'
        }
@@ -1053,6 +1052,18 @@ Return ONLY the comment text - no explanations.`,
                : undefined,
            }
          }
+          case 'search_users': {
+            return {
+              ...baseParams,
+              query: params.searchUsersQuery,
+              maxResults: params.searchUsersMaxResults
+                ? Number.parseInt(params.searchUsersMaxResults)
+                : undefined,
+              startAt: params.searchUsersStartAt
+                ? Number.parseInt(params.searchUsersStartAt)
+                : undefined,
+            }
+          }
          default:
            return baseParams
        }
@@ -1132,6 +1143,13 @@ Return ONLY the comment text - no explanations.`,
    },
    usersStartAt: { type: 'string', description: 'Pagination start index for users' },
    usersMaxResults: { type: 'string', description: 'Maximum users to return' },
+    // Search Users operation inputs
+    searchUsersQuery: {
+      type: 'string',
+      description: 'Search query (email address or display name)',
+    },
+    searchUsersMaxResults: { type: 'string', description: 'Maximum users to return from search' },
+    searchUsersStartAt: { type: 'string', description: 'Pagination start index for user search' },
  },
  outputs: {
    // Common outputs across all Jira operations
--- a/apps/sim/blocks/blocks/jira_service_management.ts
+++ b/apps/sim/blocks/blocks/jira_service_management.ts
@@ -1,4 +1,5 @@
 import { JiraServiceManagementIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { JsmResponse } from '@/tools/jsm/types'
@@ -59,42 +60,7 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
      mode: 'basic',
      required: true,
      serviceId: 'jira',
-      requiredScopes: [
-        'read:jira-user',
-        'read:jira-work',
-        'write:jira-work',
-        'read:project:jira',
-        'read:me',
-        'offline_access',
-        'read:issue:jira',
-        'read:status:jira',
-        'read:user:jira',
-        'read:issue-details:jira',
-        'write:comment:jira',
-        'read:comment:jira',
-        'read:servicedesk:jira-service-management',
-        'read:requesttype:jira-service-management',
-        'read:request:jira-service-management',
-        'write:request:jira-service-management',
-        'read:request.comment:jira-service-management',
-        'write:request.comment:jira-service-management',
-        'read:customer:jira-service-management',
-        'write:customer:jira-service-management',
-        'read:servicedesk.customer:jira-service-management',
-        'write:servicedesk.customer:jira-service-management',
-        'read:organization:jira-service-management',
-        'write:organization:jira-service-management',
-        'read:servicedesk.organization:jira-service-management',
-        'write:servicedesk.organization:jira-service-management',
-        'read:queue:jira-service-management',
-        'read:request.sla:jira-service-management',
-        'read:request.status:jira-service-management',
-        'write:request.status:jira-service-management',
-        'read:request.participant:jira-service-management',
-        'write:request.participant:jira-service-management',
-        'read:request.approval:jira-service-management',
-        'write:request.approval:jira-service-management',
-      ],
+      requiredScopes: getScopesForService('jira'),
      placeholder: 'Select Jira account',
    },
    {
@@ -107,10 +73,16 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
      required: true,
    },
    {
-      id: 'serviceDeskId',
-      title: 'Service Desk ID',
-      type: 'short-input',
-      placeholder: 'Enter service desk ID',
+      id: 'serviceDeskSelector',
+      title: 'Service Desk',
+      type: 'project-selector',
+      canonicalParamId: 'serviceDeskId',
+      serviceId: 'jira',
+      selectorKey: 'jsm.serviceDesks',
+      selectorAllowSearch: false,
+      placeholder: 'Select service desk',
+      dependsOn: ['credential', 'domain'],
+      mode: 'basic',
      required: {
        field: 'operation',
        value: [
@@ -139,12 +111,63 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
        ],
      },
    },
+    {
+      id: 'serviceDeskId',
+      title: 'Service Desk ID',
+      type: 'short-input',
+      canonicalParamId: 'serviceDeskId',
+      placeholder: 'Enter service desk ID',
+      mode: 'advanced',
+      required: {
+        field: 'operation',
+        value: [
+          'get_request_types',
+          'create_request',
+          'get_customers',
+          'add_customer',
+          'get_organizations',
+          'add_organization',
+          'get_queues',
+          'get_request_type_fields',
+        ],
+      },
+      condition: {
+        field: 'operation',
+        value: [
+          'get_request_types',
+          'create_request',
+          'get_customers',
+          'add_customer',
+          'get_organizations',
+          'add_organization',
+          'get_queues',
+          'get_requests',
+          'get_request_type_fields',
+        ],
+      },
+    },
+    {
+      id: 'requestTypeSelector',
+      title: 'Request Type',
+      type: 'file-selector',
+      canonicalParamId: 'requestTypeId',
+      serviceId: 'jira',
+      selectorKey: 'jsm.requestTypes',
+      selectorAllowSearch: false,
+      placeholder: 'Select request type',
+      dependsOn: ['credential', 'domain', 'serviceDeskSelector'],
+      mode: 'basic',
+      required: true,
+      condition: { field: 'operation', value: ['create_request', 'get_request_type_fields'] },
+    },
    {
      id: 'requestTypeId',
      title: 'Request Type ID',
      type: 'short-input',
+      canonicalParamId: 'requestTypeId',
      required: true,
      placeholder: 'Enter request type ID',
+      mode: 'advanced',
      condition: { field: 'operation', value: ['create_request', 'get_request_type_fields'] },
    },
    {
--- a/apps/sim/blocks/blocks/linear.ts
+++ b/apps/sim/blocks/blocks/linear.ts
@@ -1,4 +1,5 @@
 import { LinearIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -132,7 +133,7 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'linear',
-      requiredScopes: ['read', 'write'],
+      requiredScopes: getScopesForService('linear'),
      placeholder: 'Select Linear account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/linkedin.ts
+++ b/apps/sim/blocks/blocks/linkedin.ts
@@ -1,4 +1,5 @@
 import { LinkedInIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { LinkedInResponse } from '@/tools/linkedin/types'
@@ -35,7 +36,7 @@ export const LinkedInBlock: BlockConfig<LinkedInResponse> = {
      serviceId: 'linkedin',
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
-      requiredScopes: ['profile', 'openid', 'email', 'w_member_social'],
+      requiredScopes: getScopesForService('linkedin'),
      placeholder: 'Select LinkedIn account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/microsoft_dataverse.ts
+++ b/apps/sim/blocks/blocks/microsoft_dataverse.ts
@@ -1,4 +1,5 @@
 import { MicrosoftDataverseIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -46,13 +47,7 @@ export const MicrosoftDataverseBlock: BlockConfig<DataverseResponse> = {
      title: 'Microsoft Account',
      type: 'oauth-input',
      serviceId: 'microsoft-dataverse',
-      requiredScopes: [
-        'openid',
-        'profile',
-        'email',
-        'https://dynamics.microsoft.com/user_impersonation',
-        'offline_access',
-      ],
+      requiredScopes: getScopesForService('microsoft-dataverse'),
      placeholder: 'Select Microsoft account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/microsoft_excel.ts
+++ b/apps/sim/blocks/blocks/microsoft_excel.ts
@@ -1,4 +1,5 @@
 import { MicrosoftExcelIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { createVersionedToolSelector } from '@/blocks/utils'
@@ -39,14 +40,7 @@ export const MicrosoftExcelBlock: BlockConfig<MicrosoftExcelResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'microsoft-excel',
-      requiredScopes: [
-        'openid',
-        'profile',
-        'email',
-        'Files.Read',
-        'Files.ReadWrite',
-        'offline_access',
-      ],
+      requiredScopes: getScopesForService('microsoft-excel'),
      placeholder: 'Select Microsoft account',
      required: true,
    },
@@ -366,14 +360,7 @@ export const MicrosoftExcelV2Block: BlockConfig<MicrosoftExcelV2Response> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'microsoft-excel',
-      requiredScopes: [
-        'openid',
-        'profile',
-        'email',
-        'Files.Read',
-        'Files.ReadWrite',
-        'offline_access',
-      ],
+      requiredScopes: getScopesForService('microsoft-excel'),
      placeholder: 'Select Microsoft account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/microsoft_planner.ts
+++ b/apps/sim/blocks/blocks/microsoft_planner.ts
@@ -1,4 +1,5 @@
 import { MicrosoftPlannerIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import type { MicrosoftPlannerResponse } from '@/tools/microsoft_planner/types'
@@ -64,15 +65,7 @@ export const MicrosoftPlannerBlock: BlockConfig<MicrosoftPlannerResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'microsoft-planner',
-      requiredScopes: [
-        'openid',
-        'profile',
-        'email',
-        'Group.ReadWrite.All',
-        'Group.Read.All',
-        'Tasks.ReadWrite',
-        'offline_access',
-      ],
+      requiredScopes: getScopesForService('microsoft-planner'),
      placeholder: 'Select Microsoft account',
    },
    {
@@ -84,12 +77,36 @@ export const MicrosoftPlannerBlock: BlockConfig<MicrosoftPlannerResponse> = {
      placeholder: 'Enter credential ID',
    },

-    // Plan ID - for various operations
+    // Plan selector - basic mode
+    {
+      id: 'planSelector',
+      title: 'Plan',
+      type: 'project-selector',
+      canonicalParamId: 'planId',
+      serviceId: 'microsoft-planner',
+      selectorKey: 'microsoft.planner.plans',
+      selectorAllowSearch: false,
+      placeholder: 'Select a plan',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['create_task', 'read_task', 'read_plan', 'list_buckets', 'create_bucket'],
+      },
+      required: {
+        field: 'operation',
+        value: ['read_plan', 'list_buckets', 'create_bucket', 'create_task'],
+      },
+    },
+
+    // Plan ID - advanced mode
    {
      id: 'planId',
      title: 'Plan ID',
      type: 'short-input',
+      canonicalParamId: 'planId',
      placeholder: 'Enter the plan ID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
        value: ['create_task', 'read_task', 'read_plan', 'list_buckets', 'create_bucket'],
@@ -110,7 +127,7 @@ export const MicrosoftPlannerBlock: BlockConfig<MicrosoftPlannerResponse> = {
      serviceId: 'microsoft-planner',
      selectorKey: 'microsoft.planner',
      condition: { field: 'operation', value: ['read_task'] },
-      dependsOn: ['credential', 'planId'],
+      dependsOn: ['credential', 'planSelector'],
      mode: 'basic',
      canonicalParamId: 'readTaskId',
    },
--- a/apps/sim/blocks/blocks/microsoft_teams.ts
+++ b/apps/sim/blocks/blocks/microsoft_teams.ts
@@ -1,4 +1,5 @@
 import { MicrosoftTeamsIcon } from '@/components/icons'
+import { getScopesForService } from '@/lib/oauth/utils'
 import type { BlockConfig } from '@/blocks/types'
 import { AuthMode } from '@/blocks/types'
 import { normalizeFileInput } from '@/blocks/utils'
@@ -47,28 +48,7 @@ export const MicrosoftTeamsBlock: BlockConfig<MicrosoftTeamsResponse> = {
      canonicalParamId: 'oauthCredential',
      mode: 'basic',
      serviceId: 'microsoft-teams',
-      requiredScopes: [
-        'openid',
-        'profile',
-        'email',
-        'User.Read',
-        'Chat.Read',
-        'Chat.ReadWrite',
-        'Chat.ReadBasic',
-        'ChatMessage.Send',
-        'Channel.ReadBasic.All',
-        'ChannelMessage.Send',
-        'ChannelMessage.Read.All',
-        'ChannelMessage.ReadWrite',
-        'ChannelMember.Read.All',
-        'Group.Read.All',
-        'Group.ReadWrite.All',
-        'Team.ReadBasic.All',
-        'TeamMember.Read.All',
-        'offline_access',
-        'Files.Read',
-        'Sites.Read.All',
-      ],
+      requiredScopes: getScopesForService('microsoft-teams'),
      placeholder: 'Select Microsoft account',
      required: true,
    },
--- a/apps/sim/blocks/blocks/notion.ts
+++ b/apps/sim/blocks/blocks/notion.ts
@@ -53,15 +53,49 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
      placeholder: 'Enter credential ID',
      required: true,
    },
-    // Read/Write operation - Page ID
+    {
+      id: 'pageSelector',
+      title: 'Page',
+      type: 'file-selector',
+      canonicalParamId: 'pageId',
+      serviceId: 'notion',
+      selectorKey: 'notion.pages',
+      placeholder: 'Select Notion page',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['notion_read', 'notion_write'],
+      },
+      required: true,
+    },
    {
      id: 'pageId',
      title: 'Page ID',
      type: 'short-input',
+      canonicalParamId: 'pageId',
      placeholder: 'Enter Notion page ID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
-        value: 'notion_read',
+        value: ['notion_read', 'notion_write'],
+      },
+      required: true,
+    },
+    {
+      id: 'databaseSelector',
+      title: 'Database',
+      type: 'project-selector',
+      canonicalParamId: 'databaseId',
+      serviceId: 'notion',
+      selectorKey: 'notion.databases',
+      selectorAllowSearch: false,
+      placeholder: 'Select Notion database',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: {
+        field: 'operation',
+        value: ['notion_read_database', 'notion_query_database', 'notion_add_database_row'],
      },
      required: true,
    },
@@ -69,31 +103,36 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
      id: 'databaseId',
      title: 'Database ID',
      type: 'short-input',
+      canonicalParamId: 'databaseId',
      placeholder: 'Enter Notion database ID',
+      mode: 'advanced',
      condition: {
        field: 'operation',
-        value: 'notion_read_database',
+        value: ['notion_read_database', 'notion_query_database', 'notion_add_database_row'],
      },
      required: true,
    },
    {
-      id: 'pageId',
-      title: 'Page ID',
-      type: 'short-input',
-      placeholder: 'Enter Notion page ID',
-      condition: {
-        field: 'operation',
-        value: 'notion_write',
-      },
+      id: 'parentSelector',
+      title: 'Parent Page',
+      type: 'file-selector',
+      canonicalParamId: 'parentId',
+      serviceId: 'notion',
+      selectorKey: 'notion.pages',
+      placeholder: 'Select parent page',
+      dependsOn: ['credential'],
+      mode: 'basic',
+      condition: { field: 'operation', value: ['notion_create_page', 'notion_create_database'] },
      required: true,
    },
-    // Create operation fields
    {
      id: 'parentId',
      title: 'Parent Page ID',
      type: 'short-input',
+      canonicalParamId: 'parentId',
      placeholder: 'ID of parent page',
-      condition: { field: 'operation', value: 'notion_create_page' },
+      mode: 'advanced',
+      condition: { field: 'operation', value: ['notion_create_page', 'notion_create_database'] },
      required: true,
    },
    {
@@ -148,14 +187,6 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
      },
    },
    // Query Database Fields
-    {
-      id: 'databaseId',
-      title: 'Database ID',
-      type: 'short-input',
-      placeholder: 'Enter Notion database ID',
-      condition: { field: 'operation', value: 'notion_query_database' },
-      required: true,
-    },
    {
      id: 'filter',
      title: 'Filter',
@@ -218,14 +249,6 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
      condition: { field: 'operation', value: 'notion_search' },
    },
    // Create Database Fields
-    {
-      id: 'parentId',
-      title: 'Parent Page ID',
-      type: 'short-input',
-      placeholder: 'ID of parent page where database will be created',
-      condition: { field: 'operation', value: 'notion_create_database' },
-      required: true,
-    },
    {
      id: 'title',
      title: 'Database Title',
@@ -256,14 +279,6 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
      },
    },
    // Add Database Row Fields
-    {
-      id: 'databaseId',
-      title: 'Database ID',
-      type: 'short-input',
-      placeholder: 'Enter Notion database ID',
-      condition: { field: 'operation', value: 'notion_add_database_row' },
-      required: true,
-    },
    {
      id: 'properties',
      title: 'Row Properties',
@@ -404,6 +419,7 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
 }

 // V2 Block with API-aligned outputs
+
 export const NotionV2Block: BlockConfig<any> = {
  type: 'notion_v2',
  name: 'Notion',
--- a/apps/sim/blocks/blocks/obsidian.ts
+++ b/apps/sim/blocks/blocks/obsidian.ts
@@ -0,0 +1,270 @@
+import { ObsidianIcon } from '@/components/icons'
+import type { BlockConfig } from '@/blocks/types'
+import { AuthMode } from '@/blocks/types'
+
+export const ObsidianBlock: BlockConfig = {
+  type: 'obsidian',
+  name: 'Obsidian',
+  description: 'Interact with your Obsidian vault via the Local REST API',
+  longDescription:
+    'Read, create, update, search, and delete notes in your Obsidian vault. Manage periodic notes, execute commands, and patch content at specific locations. Requires the Obsidian Local REST API plugin.',
+  docsLink: 'https://docs.sim.ai/tools/obsidian',
+  category: 'tools',
+  bgColor: '#0F0F0F',
+  icon: ObsidianIcon,
+  authMode: AuthMode.ApiKey,
+
+  subBlocks: [
+    {
+      id: 'operation',
+      title: 'Operation',
+      type: 'dropdown',
+      options: [
+        { label: 'List Files', id: 'list_files' },
+        { label: 'Get Note', id: 'get_note' },
+        { label: 'Create Note', id: 'create_note' },
+        { label: 'Append to Note', id: 'append_note' },
+        { label: 'Patch Note', id: 'patch_note' },
+        { label: 'Delete Note', id: 'delete_note' },
+        { label: 'Search', id: 'search' },
+        { label: 'Get Active File', id: 'get_active' },
+        { label: 'Append to Active File', id: 'append_active' },
+        { label: 'Patch Active File', id: 'patch_active' },
+        { label: 'Open File', id: 'open_file' },
+        { label: 'List Commands', id: 'list_commands' },
+        { label: 'Execute Command', id: 'execute_command' },
+        { label: 'Get Periodic Note', id: 'get_periodic_note' },
+        { label: 'Append to Periodic Note', id: 'append_periodic_note' },
+      ],
+      value: () => 'get_note',
+    },
+    {
+      id: 'baseUrl',
+      title: 'Base URL',
+      type: 'short-input',
+      placeholder: 'https://127.0.0.1:27124',
+      value: () => 'https://127.0.0.1:27124',
+      required: true,
+    },
+    {
+      id: 'apiKey',
+      title: 'API Key',
+      type: 'short-input',
+      placeholder: 'Enter your Obsidian Local REST API key',
+      password: true,
+      required: true,
+    },
+    {
+      id: 'path',
+      title: 'Directory Path',
+      type: 'short-input',
+      placeholder: 'Leave empty for vault root (e.g. "Projects/notes")',
+      condition: { field: 'operation', value: 'list_files' },
+    },
+    {
+      id: 'filename',
+      title: 'Note Path',
+      type: 'short-input',
+      placeholder: 'folder/note.md',
+      condition: {
+        field: 'operation',
+        value: ['get_note', 'create_note', 'append_note', 'patch_note', 'delete_note', 'open_file'],
+      },
+      required: {
+        field: 'operation',
+        value: ['get_note', 'create_note', 'append_note', 'patch_note', 'delete_note', 'open_file'],
+      },
+    },
+    {
+      id: 'content',
+      title: 'Content',
+      type: 'long-input',
+      placeholder: 'Markdown content',
+      condition: {
+        field: 'operation',
+        value: [
+          'create_note',
+          'append_note',
+          'patch_note',
+          'append_active',
+          'patch_active',
+          'append_periodic_note',
+        ],
+      },
+      required: {
+        field: 'operation',
+        value: [
+          'create_note',
+          'append_note',
+          'patch_note',
+          'append_active',
+          'patch_active',
+          'append_periodic_note',
+        ],
+      },
+    },
+    {
+      id: 'patchOperation',
+      title: 'Patch Operation',
+      type: 'dropdown',
+      options: [
+        { label: 'Append', id: 'append' },
+        { label: 'Prepend', id: 'prepend' },
+        { label: 'Replace', id: 'replace' },
+      ],
+      value: () => 'append',
+      condition: { field: 'operation', value: ['patch_note', 'patch_active'] },
+      required: { field: 'operation', value: ['patch_note', 'patch_active'] },
+    },
+    {
+      id: 'targetType',
+      title: 'Target Type',
+      type: 'dropdown',
+      options: [
+        { label: 'Heading', id: 'heading' },
+        { label: 'Block Reference', id: 'block' },
+        { label: 'Frontmatter', id: 'frontmatter' },
+      ],
+      value: () => 'heading',
+      condition: { field: 'operation', value: ['patch_note', 'patch_active'] },
+      required: { field: 'operation', value: ['patch_note', 'patch_active'] },
+    },
+    {
+      id: 'target',
+      title: 'Target',
+      type: 'short-input',
+      placeholder: 'Heading text, block ID, or frontmatter field',
+      condition: { field: 'operation', value: ['patch_note', 'patch_active'] },
+      required: { field: 'operation', value: ['patch_note', 'patch_active'] },
+    },
+    {
+      id: 'targetDelimiter',
+      title: 'Target Delimiter',
+      type: 'short-input',
+      placeholder: ':: (default)',
+      condition: { field: 'operation', value: ['patch_note', 'patch_active'] },
+      mode: 'advanced',
+    },
+    {
+      id: 'trimTargetWhitespace',
+      title: 'Trim Target Whitespace',
+      type: 'switch',
+      condition: { field: 'operation', value: ['patch_note', 'patch_active'] },
+      mode: 'advanced',
+    },
+    {
+      id: 'query',
+      title: 'Search Query',
+      type: 'short-input',
+      placeholder: 'Text to search for',
+      condition: { field: 'operation', value: 'search' },
+      required: { field: 'operation', value: 'search' },
+    },
+    {
+      id: 'contextLength',
+      title: 'Context Length',
+      type: 'short-input',
+      placeholder: '100',
+      condition: { field: 'operation', value: 'search' },
+      mode: 'advanced',
+    },
+    {
+      id: 'commandId',
+      title: 'Command ID',
+      type: 'short-input',
+      placeholder: 'e.g. daily-notes:open-today',
+      condition: { field: 'operation', value: 'execute_command' },
+      required: { field: 'operation', value: 'execute_command' },
+    },
+    {
+      id: 'newLeaf',
+      title: 'Open in New Tab',
+      type: 'switch',
+      condition: { field: 'operation', value: 'open_file' },
+      mode: 'advanced',
+    },
+    {
+      id: 'period',
+      title: 'Period',
+      type: 'dropdown',
+      options: [
+        { label: 'Daily', id: 'daily' },
+        { label: 'Weekly', id: 'weekly' },
+        { label: 'Monthly', id: 'monthly' },
+        { label: 'Quarterly', id: 'quarterly' },
+        { label: 'Yearly', id: 'yearly' },
+      ],
+      value: () => 'daily',
+      condition: { field: 'operation', value: ['get_periodic_note', 'append_periodic_note'] },
+      required: { field: 'operation', value: ['get_periodic_note', 'append_periodic_note'] },
+    },
+  ],
+
+  tools: {
+    access: [
+      'obsidian_append_active',
+      'obsidian_append_note',
+      'obsidian_append_periodic_note',
+      'obsidian_create_note',
+      'obsidian_delete_note',
+      'obsidian_execute_command',
+      'obsidian_get_active',
+      'obsidian_get_note',
+      'obsidian_get_periodic_note',
+      'obsidian_list_commands',
+      'obsidian_list_files',
+      'obsidian_open_file',
+      'obsidian_patch_active',
+      'obsidian_patch_note',
+      'obsidian_search',
+    ],
+    config: {
+      tool: (params) => `obsidian_${params.operation}`,
+      params: (params) => {
+        const result: Record<string, unknown> = {}
+        if (params.contextLength) {
+          result.contextLength = Number(params.contextLength)
+        }
+        if (params.patchOperation) {
+          result.operation = params.patchOperation
+        }
+        return result
+      },
+    },
+  },
+
+  inputs: {
+    operation: { type: 'string', description: 'Operation to perform' },
+    baseUrl: { type: 'string', description: 'Base URL for the Obsidian Local REST API' },
+    apiKey: { type: 'string', description: 'API key for authentication' },
+    filename: { type: 'string', description: 'Path to the note relative to vault root' },
+    content: { type: 'string', description: 'Markdown content for the note' },
+    path: { type: 'string', description: 'Directory path to list' },
+    query: { type: 'string', description: 'Text to search for' },
+    contextLength: { type: 'number', description: 'Characters of context around matches' },
+    commandId: { type: 'string', description: 'ID of the command to execute' },
+    patchOperation: { type: 'string', description: 'Patch operation: append, prepend, or replace' },
+    targetType: { type: 'string', description: 'Target type: heading, block, or frontmatter' },
+    target: { type: 'string', description: 'Target identifier for patch operations' },
+    targetDelimiter: { type: 'string', description: 'Delimiter for nested headings' },
+    trimTargetWhitespace: { type: 'boolean', description: 'Trim whitespace from target' },
+    newLeaf: { type: 'boolean', description: 'Open file in new tab' },
+    period: { type: 'string', description: 'Periodic note period type' },
+  },
+
+  outputs: {
+    content: { type: 'string', description: 'Markdown content of the note' },
+    filename: { type: 'string', description: 'Path to the note' },
+    files: { type: 'json', description: 'List of files and directories (path, type)' },
+    results: { type: 'json', description: 'Search results (filename, score, matches)' },
+    commands: { type: 'json', description: 'List of available commands (id, name)' },
+    created: { type: 'boolean', description: 'Whether the note was created' },
+    appended: { type: 'boolean', description: 'Whether content was appended' },
+    patched: { type: 'boolean', description: 'Whether content was patched' },
+    deleted: { type: 'boolean', description: 'Whether the note was deleted' },
+    executed: { type: 'boolean', description: 'Whether the command was executed' },
+    opened: { type: 'boolean', description: 'Whether the file was opened' },
+    commandId: { type: 'string', description: 'ID of the executed command' },
+    period: { type: 'string', description: 'Period type of the periodic note' },
+  },
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Waleed	ecd3536a72	v0.5.109: obsidian and evernote integrations, slack fixes, remove memory instrumentation	2026-03-09 10:40:37 -07:00
Theodore Li	635179d696	Revert "feat(hosted key): Add exa hosted key (#3221 )" (#3495 ) This reverts commit `158d5236bc`. Co-authored-by: Theodore Li <teddy@zenobiapay.com>	2026-03-09 10:31:54 -07:00
Waleed	f88926a6a8	fix(webhooks): return empty 200 for Slack to close modals cleanly (#3492 ) * fix(webhooks): return empty 200 for Slack to close modals cleanly * fix(webhooks): add clarifying comment on Slack error path trade-off	2026-03-09 10:11:36 -07:00
Waleed	690b47a0bf	chore(monitoring): remove SSE connection tracking and Bun.gc debug instrumentation (#3472 )	2026-03-08 17:27:05 -07:00
Theodore Li	158d5236bc	feat(hosted key): Add exa hosted key (#3221 ) * feat(hosted keys): Implement serper hosted key * Handle required fields correctly for hosted keys * Add rate limiting (3 tries, exponential backoff) * Add custom pricing, switch to exa as first hosted key * Add telemetry * Consolidate byok type definitions * Add warning comment if default calculation is used * Record usage to user stats table * Fix unit tests, use cost property * Include more metadata in cost output * Fix disabled tests * Fix spacing * Fix lint * Move knowledge cost restructuring away from generic block handler * Migrate knowledge unit tests * Lint * Fix broken tests * Add user based hosted key throttling * Refactor hosted key handling. Add optimistic handling of throttling for custom throttle rules. * Remove research as hosted key. Recommend BYOK if throtttling occurs * Make adding api keys adjustable via env vars * Remove vestigial fields from research * Make billing actor id required for throttling * Switch to round robin for api key distribution * Add helper method for adding hosted key cost * Strip leading double underscores to avoid breaking change * Lint fix * Remove falsy check in favor for explicit null check * Add more detailed metrics for different throttling types * Fix _costDollars field * Handle hosted agent tool calls * Fail loudly if cost field isn't found * Remove any type * Fix type error * Fix lint * Fix usage log double logging data * Fix test --------- Co-authored-by: Theodore Li <teddy@zenobiapay.com>	2026-03-07 13:06:57 -05:00
Waleed	1ba1bc8edb	feat(evernote): add Evernote integration with 11 tools (#3456 ) * feat(evernote): add Evernote integration with 11 tools * fix(evernote): fix signed integer mismatch in Thrift version check * fix(evernote): fix exception field mapping and add sandbox support * fix(evernote): address PR review feedback * fix(evernote): clamp maxNotes to Evernote's 250 limit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 00:52:57 -08:00
Waleed	53fd92a30a	feat(obsidian): add Obsidian integration with 15 tools (#3455 ) * feat(obsidian): add Obsidian integration with 15 tools * fix(obsidian): encode path segments individually to preserve slashes * improvement(obsidian): add type re-exports and improve output descriptions * fix(obsidian): remove unreachable 404 handling from transformResponse	2026-03-06 23:13:47 -08:00
Vikhyath Mondreti	8c0a2e04b1	v0.5.108: workflow input params in agent tools, bun upgrade, dropdown selectors for 14 blocks	2026-03-06 21:02:25 -08:00
Waleed	0a52b09deb	feat(jira): add search_users tool for user lookup by email (#3451 ) * feat(jira): add search_users tool for user lookup by email * improvement(jira): reuse shared transformUser utility in search_users * improvement(jira): add pagination fields to search_users response * update * fix(jira): filter falsy entries before transforming search_users results * fix(jira): add defensive fallback for nullable transformUser in search_users * fix(jira): align search_users response type with transformUser return type	2026-03-06 19:52:37 -08:00
Vikhyath Mondreti	1d36b80172	improvement(selectors): remove dead semantic fallback code (#3454 ) * improvement(selectors): simplify selectorContext + add tests * fix resolve values fallback * another workflowid pass through * remove dead code * make workspace id required	2026-03-06 19:38:57 -08:00
Vikhyath Mondreti	e6a5e7f4e4	improvement(selectors): simplify selector context + add tests (#3453 ) * improvement(selectors): simplify selectorContext + add tests * fix resolve values fallback * another workflowid pass through	2026-03-06 18:30:46 -08:00
Waleed	a71304200e	improvement(oauth): centralize scopes and remove dead scope evaluation code (#3449 ) * improvement(oauth): centralize scopes and remove dead scope evaluation code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(oauth): fix stale scope-descriptions.ts references and add test coverage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 17:08:25 -08:00
Vikhyath Mondreti	a4d581c76f	improvement(canonical): backfill for canonical modes on config changes (#3447 ) * improvement(canonical): backfill for canonical modes on config changes * persist data changes to db	2026-03-06 16:17:14 -08:00
Waleed	f1efc598d1	fix(selectors): resolve env var references at design time for selector context (#3446 ) * fix(selectors): resolve env var references at design time for selector context Selectors now resolve {{ENV_VAR}} references before building context and returning dependency values to consumers, enabling env-var-based credentials (e.g. {{SLACK_BOT_TOKEN}}) to work with selector dropdowns. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): prevent unresolved env var templates from leaking into context - Fall back to undefined instead of raw template string when env var is missing from store, so the null-check in the context loop discards it - Use resolvedDetailId in query cache key so React Query refetches when the underlying env var value changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): use \|\| for consistent empty-string env var handling Align use-selector-setup.ts with use-selector-query.ts by using \|\| instead of ?? so empty-string env var values are treated as unset. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 15:53:00 -08:00
Waleed	244cf4ff7e	feat(selectors): add dropdown selectors for 14 integrations (#3433 ) * feat(selectors): add dropdown selectors for 14 integrations * fix(selectors): secure OAuth tokens in JSM and Confluence selector routes Convert JSM selector-servicedesks, selector-requesttypes, and Confluence selector-spaces routes from GET (with access token in URL query params) to POST with authorizeCredentialUse + refreshAccessTokenIfNeeded pattern. Also adds missing ensureCredential guard to microsoft.planner.plans registry entry. * fix(selectors): use sanitized serviceDeskId and encode SharePoint siteId Use serviceDeskIdValidation.sanitized instead of raw serviceDeskId in JSM request types URL. Add encodeURIComponent to SharePoint siteId to prevent URL path injection. * lint * fix(selectors): revert encodeURIComponent on SharePoint siteId SharePoint site IDs use the format "hostname,guid,guid" with commas that must remain unencoded for the Microsoft Graph API. The encodeURIComponent call would convert commas to %2C and break the API call. * fix(selectors): use sanitized cloudId in Confluence and JSM route URLs Use cloudIdValidation.sanitized instead of raw cloudId in URL construction for consistency with the validation pattern, even though the current validator returns the input unchanged. * fix(selectors): add missing context fields to resolution, ensureCredential to sharepoint.lists, and siteId validation - Add baseId, datasetId, serviceDeskId to SelectorResolutionArgs, ExtendedSelectorContext, extractExtendedContext, useSelectorDisplayName, and resolveSelectorForSubBlock so cascading selectors resolve correctly through the resolution path. - Add ensureCredential guard to sharepoint.lists registry entry. - Add regex validation for SharePoint siteId format (hostname,GUID,GUID). * fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes Rename all advanced-mode subBlock IDs that matched their canonicalParamId to use a `manual` prefix, following the established convention (e.g., manualSiteId, manualCredential). This prevents ambiguity between subBlock IDs and canonical parameter names in the serialization layer. 25 renames across 14 blocks: baseId→manualBaseId, tableId→manualTableId, workspace→manualWorkspace, objectType→manualObjectType, etc. Revert "fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes" This reverts commit `4e30161c68`. * fix(selectors): rename canonicalParamIds to avoid subBlock ID clashes Prefix all clashing canonicalParamId values with `selected_` so they don't match any subBlock ID. Update each block's `inputs` section and `tools.config.params` function to destructure the new canonical names and remap them to the original tool param names. SubBlock IDs and tool definitions remain unchanged for backwards compatibility. Affected: 25 canonical params across 14 blocks (airtable, asana, attio, calcom, confluence, google_bigquery, google_tasks, jsm, microsoft_planner, notion, pipedrive, sharepoint, trello, zoom). * fix(selectors): rename pre-existing driveId and files canonicalParamIds in SharePoint Apply the same selected_ prefix convention to the pre-existing SharePoint driveId and files canonical params that clashed with their subBlock IDs. * style: format long lines in calcom, pipedrive, and sharepoint blocks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): resolve cascading context for selected_ canonical params and normalize Asana response Strip `selected_` prefix from canonical param IDs when mapping to SelectorContext fields so cascading selectors (Airtable base→table, BigQuery dataset→table, JSM serviceDesk→requestType) correctly propagate parent values. Normalize Asana workspaces route to return `{ id, name }` instead of `{ gid, name }` for consistency with all other selector routes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): replace hacky prefix stripping with explicit CANONICAL_TO_CONTEXT mapping Replace CONTEXT_FIELD_SET (Record<string, true>) with CANONICAL_TO_CONTEXT (Record<string, keyof SelectorContext>) that explicitly maps canonical param IDs to their SelectorContext field names. This properly handles the selected_ prefix aliases (e.g. selected_baseId → baseId) without string manipulation, and removes the unsafe Record<string, unknown> cast. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(selectors): remove unnecessary selected_ prefix from canonicalParamIds The selected_ prefix was added to avoid a perceived clash between canonicalParamId and subBlock id values, but this clash does not actually cause any issues — pre-existing blocks on main (Google Sheets, Webflow, SharePoint) already use matching values successfully. Remove the prefix from all 14 blocks, revert use-selector-setup.ts to the simple CONTEXT_FIELD_SET pattern, and simplify tools.config.params functions that were only remapping the prefix back. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): add spaceId selector pair to Confluence V2 block The V2 block was missing the spaceSelector basic-mode selector that the V1 (Legacy) block already had. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(selectors): revert V1 block changes, add selectors to Notion V1 for V2 inheritance Confluence V1: reverted to main state (V2 has its own subBlocks). Notion V1: added selector pairs per-operation since V2 inherits subBlocks, inputs, and params from V1. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): audit fixes for auth patterns, registry gaps, and display name resolution - Convert Microsoft Planner plans/tasks routes from GET+getSession to POST+authorizeCredentialUse - Add fetchById to microsoft.planner (tasks) and sharepoint.sites registry entries - Add ensureCredential to sharepoint.sites and microsoft.planner registry fetchList - Update microsoft.planner.plans registry to use POST method - Add siteId, collectionId, spreadsheetId, fileId to SelectorDisplayNameArgs and caller - Add fileId to SelectorResolutionArgs and resolution context - Fix Zoom topicUpdate visibility in basic mode (remove mode:'advanced') - Change Zoom meetings selector to fetch upcoming_meetings instead of only scheduled Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style: lint formatting fixes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): consolidate Notion canonical param pairs into array conditions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): add missing selectorKey to Confluence V1 page selector Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): use sanitized IDs in URLs, convert SharePoint routes to POST+authorizeCredentialUse - Use planIdValidation.sanitized in MS Planner tasks fetch URL - Convert sharepoint/lists and sharepoint/sites from GET+getSession to POST+authorizeCredentialUse - Update registry entries to match POST pattern Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): revert Zoom meetings type to scheduled for broader compatibility Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): add SharePoint site ID validator, fix cascading selector display name fallbacks - Add validateSharePointSiteId to input-validation.ts - Use validation util in SharePoint lists route instead of inline regex - Add \|\| fallback to selector IDs in workflow-block.tsx so cascading display names resolve in basic mode (baseSelector, planSelector, etc.) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): hoist requestId before try block in all selector routes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): hoist requestId before try block in Trello boards route Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): guard selector queries against unresolved variable references Skip fetchById and context population when values are design-time placeholders (<Block.output> or {{ENV_VAR}}) rather than real IDs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(selectors): replace hardcoded display name fallbacks with canonical-aware resolution Use resolveDependencyValue to resolve context values for useSelectorDisplayName, eliminating manual \|\| getStringValue('Selector') fallbacks that required updating for each new selector pair. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> fix(selectors): tighten SharePoint site ID validation to exclude underscores SharePoint composite site IDs use hostname,guid,guid format where only alphanumerics, periods, hyphens, and commas are valid characters. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): ensure string IDs in Pipedrive/Cal.com routes, fix Trello closed board filter Pipedrive pipelines and Cal.com event-types/schedules routes now consistently return string IDs via String() conversion. Trello boards route no longer filters out closed boards, preserving them for fetchById lookups. The closed filter is applied only in the registry's fetchList so archived boards don't appear in dropdowns but can still be resolved by ID for display names. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): convert Zoom meeting IDs to strings for consistency Zoom API returns numeric meeting IDs. Convert with String() to match the string ID convention used by all other selector routes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(selectors): align registry types with route string ID returns Routes already convert numeric IDs to strings via String(), so update the registry types (CalcomEventType, CalcomSchedule, PipedrivePipeline, ZoomMeeting) from id: number to id: string and remove the now-redundant String() coercions in fetchList/fetchById. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 12:34:28 -08:00
Waleed	ae887185a1	fix(memory): upgrade bun from 1.3.9 to 1.3.10 (#3441 )	2026-03-06 11:35:46 -08:00
Waleed	06c88441f8	fix(tool-input): restore workflow input mapper visibility (#3438 )	2026-03-06 05:51:27 -08:00