Fix definitions

* feat(azure): added azure anthropic, added backwards compat support for chat completions API, added opus 4.6

* added max thinking level

* update tests

* ack comments

* update cql validation

.claude/commands/add-block.md

@@ -183,6 +183,109 @@ export const {ServiceName}Block: BlockConfig = {
 }
 ```
 
+## File Input Handling
+
+When your block accepts file uploads, use the basic/advanced mode pattern with `normalizeFileInput`.
+
+### Basic/Advanced File Pattern
+
+```typescript
+// Basic mode: Visual file upload
+{
+  id: 'uploadFile',
+  title: 'File',
+  type: 'file-upload',
+  canonicalParamId: 'file',  // Both map to 'file' param
+  placeholder: 'Upload file',
+  mode: 'basic',
+  multiple: false,
+  required: true,
+  condition: { field: 'operation', value: 'upload' },
+},
+// Advanced mode: Reference from other blocks
+{
+  id: 'fileRef',
+  title: 'File',
+  type: 'short-input',
+  canonicalParamId: 'file',  // Both map to 'file' param
+  placeholder: 'Reference file (e.g., {{file_block.output}})',
+  mode: 'advanced',
+  required: true,
+  condition: { field: 'operation', value: 'upload' },
+},
+```
+
+**Critical constraints:**
+- `canonicalParamId` must NOT match any subblock's `id` in the same block
+- Values are stored under subblock `id`, not `canonicalParamId`
+
+### Normalizing File Input in tools.config
+
+Use `normalizeFileInput` to handle all input variants:
+
+```typescript
+import { normalizeFileInput } from '@/blocks/utils'
+
+tools: {
+  access: ['service_upload'],
+  config: {
+    tool: (params) => {
+      // Check all field IDs: uploadFile (basic), fileRef (advanced), fileContent (legacy)
+      const normalizedFile = normalizeFileInput(
+        params.uploadFile || params.fileRef || params.fileContent,
+        { single: true }
+      )
+      if (normalizedFile) {
+        params.file = normalizedFile
+      }
+      return `service_${params.operation}`
+    },
+  },
+}
+```
+
+**Why this pattern?**
+- Values come through as `params.uploadFile` or `params.fileRef` (the subblock IDs)
+- `canonicalParamId` only controls UI/schema mapping, not runtime values
+- `normalizeFileInput` handles JSON strings from advanced mode template resolution
+
+### File Input Types in `inputs`
+
+Use `type: 'json'` for file inputs:
+
+```typescript
+inputs: {
+  uploadFile: { type: 'json', description: 'Uploaded file (UserFile)' },
+  fileRef: { type: 'json', description: 'File reference from previous block' },
+  // Legacy field for backwards compatibility
+  fileContent: { type: 'string', description: 'Legacy: base64 encoded content' },
+}
+```
+
+### Multiple Files
+
+For multiple file uploads:
+
+```typescript
+{
+  id: 'attachments',
+  title: 'Attachments',
+  type: 'file-upload',
+  multiple: true,  // Allow multiple files
+  maxSize: 25,     // Max size in MB per file
+  acceptedTypes: 'image/*,application/pdf,.doc,.docx',
+}
+
+// In tools.config:
+const normalizedFiles = normalizeFileInput(
+  params.attachments || params.attachmentRefs,
+  // No { single: true } - returns array
+)
+if (normalizedFiles) {
+  params.files = normalizedFiles
+}
+```
+
 ## Condition Syntax
 
 Controls when a field is shown based on other field values.

.claude/commands/add-integration.md

@@ -206,10 +206,15 @@ export const {Service}Block: BlockConfig = {
 }
 ```
 
-**Critical:**
-- `canonicalParamId` must NOT match any other subblock's `id`, must be unique per block, and should only be used to link basic/advanced alternatives for the same parameter.
-- `mode` only controls UI visibility, NOT serialization. Without `canonicalParamId`, both basic and advanced field values would be sent.
-- Every subblock `id` must be unique within the block. Duplicate IDs cause conflicts even with different conditions.
+**Critical Canonical Param Rules:**
+- `canonicalParamId` must NOT match any subblock's `id` in the block
+- `canonicalParamId` must be unique per operation/condition context
+- Only use `canonicalParamId` to link basic/advanced alternatives for the same logical parameter
+- `mode` only controls UI visibility, NOT serialization. Without `canonicalParamId`, both basic and advanced field values would be sent
+- Every subblock `id` must be unique within the block. Duplicate IDs cause conflicts even with different conditions
+- **Required consistency:** If one subblock in a canonical group has `required: true`, ALL subblocks in that group must have `required: true` (prevents bypassing validation by switching modes)
+- **Inputs section:** Must list canonical param IDs (e.g., `fileId`), NOT raw subblock IDs (e.g., `fileSelector`, `manualFileId`)
+- **Params function:** Must use canonical param IDs, NOT raw subblock IDs (raw IDs are deleted after canonical transformation)
 
 ## Step 4: Add Icon
 
@@ -457,7 +462,230 @@ You can usually find this in the service's brand/press kit page, or copy it from
 Paste the SVG code here and I'll convert it to a React component.
 ```
 
-## Common Gotchas
+## File Handling
+
+When your integration handles file uploads or downloads, follow these patterns to work with `UserFile` objects consistently.
+
+### What is a UserFile?
+
+A `UserFile` is the standard file representation in Sim:
+
+```typescript
+interface UserFile {
+  id: string       // Unique identifier
+  name: string     // Original filename
+  url: string      // Presigned URL for download
+  size: number     // File size in bytes
+  type: string     // MIME type (e.g., 'application/pdf')
+  base64?: string  // Optional base64 content (if small file)
+  key?: string     // Internal storage key
+  context?: object // Storage context metadata
+}
+```
+
+### File Input Pattern (Uploads)
+
+For tools that accept file uploads, **always route through an internal API endpoint** rather than calling external APIs directly. This ensures proper file content retrieval.
+
+#### 1. Block SubBlocks for File Input
+
+Use the basic/advanced mode pattern:
+
+```typescript
+// Basic mode: File upload UI
+{
+  id: 'uploadFile',
+  title: 'File',
+  type: 'file-upload',
+  canonicalParamId: 'file',  // Maps to 'file' param
+  placeholder: 'Upload file',
+  mode: 'basic',
+  multiple: false,
+  required: true,
+  condition: { field: 'operation', value: 'upload' },
+},
+// Advanced mode: Reference from previous block
+{
+  id: 'fileRef',
+  title: 'File',
+  type: 'short-input',
+  canonicalParamId: 'file',  // Same canonical param
+  placeholder: 'Reference file (e.g., {{file_block.output}})',
+  mode: 'advanced',
+  required: true,
+  condition: { field: 'operation', value: 'upload' },
+},
+```
+
+**Critical:** `canonicalParamId` must NOT match any subblock `id`.
+
+#### 2. Normalize File Input in Block Config
+
+In `tools.config.tool`, use `normalizeFileInput` to handle all input variants:
+
+```typescript
+import { normalizeFileInput } from '@/blocks/utils'
+
+tools: {
+  config: {
+    tool: (params) => {
+      // Normalize file from basic (uploadFile), advanced (fileRef), or legacy (fileContent)
+      const normalizedFile = normalizeFileInput(
+        params.uploadFile || params.fileRef || params.fileContent,
+        { single: true }
+      )
+      if (normalizedFile) {
+        params.file = normalizedFile
+      }
+      return `{service}_${params.operation}`
+    },
+  },
+}
+```
+
+#### 3. Create Internal API Route
+
+Create `apps/sim/app/api/tools/{service}/{action}/route.ts`:
+
+```typescript
+import { createLogger } from '@sim/logger'
+import { NextResponse, type NextRequest } from 'next/server'
+import { z } from 'zod'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { FileInputSchema, type RawFileInput } from '@/lib/uploads/utils/file-schemas'
+import { processFilesToUserFiles } from '@/lib/uploads/utils/file-utils'
+import { downloadFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
+
+const logger = createLogger('{Service}UploadAPI')
+
+const RequestSchema = z.object({
+  accessToken: z.string(),
+  file: FileInputSchema.optional().nullable(),
+  // Legacy field for backwards compatibility
+  fileContent: z.string().optional().nullable(),
+  // ... other params
+})
+
+export async function POST(request: NextRequest) {
+  const requestId = generateRequestId()
+
+  const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+  if (!authResult.success) {
+    return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const body = await request.json()
+  const data = RequestSchema.parse(body)
+
+  let fileBuffer: Buffer
+  let fileName: string
+
+  // Prefer UserFile input, fall back to legacy base64
+  if (data.file) {
+    const userFiles = processFilesToUserFiles([data.file as RawFileInput], requestId, logger)
+    if (userFiles.length === 0) {
+      return NextResponse.json({ success: false, error: 'Invalid file' }, { status: 400 })
+    }
+    const userFile = userFiles[0]
+    fileBuffer = await downloadFileFromStorage(userFile, requestId, logger)
+    fileName = userFile.name
+  } else if (data.fileContent) {
+    // Legacy: base64 string (backwards compatibility)
+    fileBuffer = Buffer.from(data.fileContent, 'base64')
+    fileName = 'file'
+  } else {
+    return NextResponse.json({ success: false, error: 'File required' }, { status: 400 })
+  }
+
+  // Now call external API with fileBuffer
+  const response = await fetch('https://api.{service}.com/upload', {
+    method: 'POST',
+    headers: { Authorization: `Bearer ${data.accessToken}` },
+    body: new Uint8Array(fileBuffer),  // Convert Buffer for fetch
+  })
+
+  // ... handle response
+}
+```
+
+#### 4. Update Tool to Use Internal Route
+
+```typescript
+export const {service}UploadTool: ToolConfig<Params, Response> = {
+  id: '{service}_upload',
+  // ...
+  params: {
+    file: { type: 'file', required: false, visibility: 'user-or-llm' },
+    fileContent: { type: 'string', required: false, visibility: 'hidden' }, // Legacy
+  },
+  request: {
+    url: '/api/tools/{service}/upload',  // Internal route
+    method: 'POST',
+    body: (params) => ({
+      accessToken: params.accessToken,
+      file: params.file,
+      fileContent: params.fileContent,
+    }),
+  },
+}
+```
+
+### File Output Pattern (Downloads)
+
+For tools that return files, use `FileToolProcessor` to store files and return `UserFile` objects.
+
+#### In Tool transformResponse
+
+```typescript
+import { FileToolProcessor } from '@/executor/utils/file-tool-processor'
+
+transformResponse: async (response, context) => {
+  const data = await response.json()
+
+  // Process file outputs to UserFile objects
+  const fileProcessor = new FileToolProcessor(context)
+  const file = await fileProcessor.processFileData({
+    data: data.content,      // base64 or buffer
+    mimeType: data.mimeType,
+    filename: data.filename,
+  })
+
+  return {
+    success: true,
+    output: { file },
+  }
+}
+```
+
+#### In API Route (for complex file handling)
+
+```typescript
+// Return file data that FileToolProcessor can handle
+return NextResponse.json({
+  success: true,
+  output: {
+    file: {
+      data: base64Content,
+      mimeType: 'application/pdf',
+      filename: 'document.pdf',
+    },
+  },
+})
+```
+
+### Key Helpers Reference
+
+| Helper | Location | Purpose |
+|--------|----------|---------|
+| `normalizeFileInput` | `@/blocks/utils` | Normalize file params in block config |
+| `processFilesToUserFiles` | `@/lib/uploads/utils/file-utils` | Convert raw inputs to UserFile[] |
+| `downloadFileFromStorage` | `@/lib/uploads/utils/file-utils.server` | Get file Buffer from UserFile |
+| `FileToolProcessor` | `@/executor/utils/file-tool-processor` | Process tool output files |
+| `isUserFile` | `@/lib/core/utils/user-file` | Type guard for UserFile objects |
+| `FileInputSchema` | `@/lib/uploads/utils/file-schemas` | Zod schema for file validation |
+
+### Common Gotchas
 
 1. **OAuth serviceId must match** - The `serviceId` in oauth-input must match the OAuth provider configuration
 2. **Tool IDs are snake_case** - `stripe_create_payment`, not `stripeCreatePayment`
@@ -465,3 +693,5 @@ Paste the SVG code here and I'll convert it to a React component.
 4. **Alphabetical ordering** - Keep imports and registry entries alphabetically sorted
 5. **Required can be conditional** - Use `required: { field: 'op', value: 'create' }` instead of always true
 6. **DependsOn clears options** - When a dependency changes, selector options are refetched
+7. **Never pass Buffer directly to fetch** - Convert to `new Uint8Array(buffer)` for TypeScript compatibility
+8. **Always handle legacy file params** - Keep hidden `fileContent` params for backwards compatibility

.claude/rules/sim-integrations.md

@@ -157,6 +157,36 @@ dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] }
 - `'both'` - Show in both modes (default)
 - `'trigger'` - Only when block is used as trigger
 
+### `canonicalParamId` - Link basic/advanced alternatives
+
+Use to map multiple UI inputs to a single logical parameter:
+
+```typescript
+// Basic mode: Visual selector
+{
+  id: 'fileSelector',
+  type: 'file-selector',
+  mode: 'basic',
+  canonicalParamId: 'fileId',
+  required: true,
+},
+// Advanced mode: Manual input
+{
+  id: 'manualFileId',
+  type: 'short-input',
+  mode: 'advanced',
+  canonicalParamId: 'fileId',
+  required: true,
+},
+```
+
+**Critical Rules:**
+- `canonicalParamId` must NOT match any subblock's `id`
+- `canonicalParamId` must be unique per operation/condition context
+- **Required consistency:** All subblocks in a canonical group must have the same `required` status
+- **Inputs section:** Must list canonical param IDs (e.g., `fileId`), NOT raw subblock IDs
+- **Params function:** Must use canonical param IDs (raw IDs are deleted after canonical transformation)
+
 **Register in `blocks/registry.ts`:**
 
 ```typescript
@@ -195,6 +225,52 @@ import { {service}WebhookTrigger } from '@/triggers/{service}'
 {service}_webhook: {service}WebhookTrigger,
 ```
 
+## File Handling
+
+When integrations handle file uploads/downloads, use `UserFile` objects consistently.
+
+### File Input (Uploads)
+
+1. **Block subBlocks:** Use basic/advanced mode pattern with `canonicalParamId`
+2. **Normalize in block config:** Use `normalizeFileInput` from `@/blocks/utils`
+3. **Internal API route:** Create route that uses `downloadFileFromStorage` to get file content
+4. **Tool routes to internal API:** Don't call external APIs directly with files
+
+```typescript
+// In block tools.config:
+import { normalizeFileInput } from '@/blocks/utils'
+
+const normalizedFile = normalizeFileInput(
+  params.uploadFile || params.fileRef || params.fileContent,
+  { single: true }
+)
+if (normalizedFile) params.file = normalizedFile
+```
+
+### File Output (Downloads)
+
+Use `FileToolProcessor` in tool `transformResponse` to store files:
+
+```typescript
+import { FileToolProcessor } from '@/executor/utils/file-tool-processor'
+
+const processor = new FileToolProcessor(context)
+const file = await processor.processFileData({
+  data: base64Content,
+  mimeType: 'application/pdf',
+  filename: 'doc.pdf',
+})
+```
+
+### Key Helpers
+
+| Helper | Location | Purpose |
+|--------|----------|---------|
+| `normalizeFileInput` | `@/blocks/utils` | Normalize file params in block config |
+| `processFilesToUserFiles` | `@/lib/uploads/utils/file-utils` | Convert raw inputs to UserFile[] |
+| `downloadFileFromStorage` | `@/lib/uploads/utils/file-utils.server` | Get Buffer from UserFile |
+| `FileToolProcessor` | `@/executor/utils/file-tool-processor` | Process tool output files |
+
 ## Checklist
 
 - [ ] Look up API docs for the service
@@ -207,3 +283,5 @@ import { {service}WebhookTrigger } from '@/triggers/{service}'
 - [ ] Register block in `blocks/registry.ts`
 - [ ] (Optional) Create triggers in `triggers/{service}/`
 - [ ] (Optional) Register triggers in `triggers/registry.ts`
+- [ ] (If file uploads) Create internal API route with `downloadFileFromStorage`
+- [ ] (If file uploads) Use `normalizeFileInput` in block config

.cursor/rules/sim-integrations.mdc

@@ -155,6 +155,36 @@ dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] }
 - `'both'` - Show in both modes (default)
 - `'trigger'` - Only when block is used as trigger
 
+### `canonicalParamId` - Link basic/advanced alternatives
+
+Use to map multiple UI inputs to a single logical parameter:
+
+```typescript
+// Basic mode: Visual selector
+{
+  id: 'fileSelector',
+  type: 'file-selector',
+  mode: 'basic',
+  canonicalParamId: 'fileId',
+  required: true,
+},
+// Advanced mode: Manual input
+{
+  id: 'manualFileId',
+  type: 'short-input',
+  mode: 'advanced',
+  canonicalParamId: 'fileId',
+  required: true,
+},
+```
+
+**Critical Rules:**
+- `canonicalParamId` must NOT match any subblock's `id`
+- `canonicalParamId` must be unique per operation/condition context
+- **Required consistency:** All subblocks in a canonical group must have the same `required` status
+- **Inputs section:** Must list canonical param IDs (e.g., `fileId`), NOT raw subblock IDs
+- **Params function:** Must use canonical param IDs (raw IDs are deleted after canonical transformation)
+
 **Register in `blocks/registry.ts`:**
 
 ```typescript
@@ -193,6 +223,52 @@ import { {service}WebhookTrigger } from '@/triggers/{service}'
 {service}_webhook: {service}WebhookTrigger,
 ```
 
+## File Handling
+
+When integrations handle file uploads/downloads, use `UserFile` objects consistently.
+
+### File Input (Uploads)
+
+1. **Block subBlocks:** Use basic/advanced mode pattern with `canonicalParamId`
+2. **Normalize in block config:** Use `normalizeFileInput` from `@/blocks/utils`
+3. **Internal API route:** Create route that uses `downloadFileFromStorage` to get file content
+4. **Tool routes to internal API:** Don't call external APIs directly with files
+
+```typescript
+// In block tools.config:
+import { normalizeFileInput } from '@/blocks/utils'
+
+const normalizedFile = normalizeFileInput(
+  params.uploadFile || params.fileRef || params.fileContent,
+  { single: true }
+)
+if (normalizedFile) params.file = normalizedFile
+```
+
+### File Output (Downloads)
+
+Use `FileToolProcessor` in tool `transformResponse` to store files:
+
+```typescript
+import { FileToolProcessor } from '@/executor/utils/file-tool-processor'
+
+const processor = new FileToolProcessor(context)
+const file = await processor.processFileData({
+  data: base64Content,
+  mimeType: 'application/pdf',
+  filename: 'doc.pdf',
+})
+```
+
+### Key Helpers
+
+| Helper | Location | Purpose |
+|--------|----------|---------|
+| `normalizeFileInput` | `@/blocks/utils` | Normalize file params in block config |
+| `processFilesToUserFiles` | `@/lib/uploads/utils/file-utils` | Convert raw inputs to UserFile[] |
+| `downloadFileFromStorage` | `@/lib/uploads/utils/file-utils.server` | Get Buffer from UserFile |
+| `FileToolProcessor` | `@/executor/utils/file-tool-processor` | Process tool output files |
+
 ## Checklist
 
 - [ ] Look up API docs for the service
@@ -205,3 +281,5 @@ import { {service}WebhookTrigger } from '@/triggers/{service}'
 - [ ] Register block in `blocks/registry.ts`
 - [ ] (Optional) Create triggers in `triggers/{service}/`
 - [ ] (Optional) Register triggers in `triggers/registry.ts`
+- [ ] (If file uploads) Create internal API route with `downloadFileFromStorage`
+- [ ] (If file uploads) Use `normalizeFileInput` in block config

CLAUDE.md

@@ -265,6 +265,23 @@ Register in `blocks/registry.ts` (alphabetically).
 
 **dependsOn:** `['field']` or `{ all: ['a'], any: ['b', 'c'] }`
 
+**File Input Pattern (basic/advanced mode):**
+```typescript
+// Basic: file-upload UI
+{ id: 'uploadFile', type: 'file-upload', canonicalParamId: 'file', mode: 'basic' },
+// Advanced: reference from other blocks
+{ id: 'fileRef', type: 'short-input', canonicalParamId: 'file', mode: 'advanced' },
+```
+
+In `tools.config.tool`, normalize with:
+```typescript
+import { normalizeFileInput } from '@/blocks/utils'
+const file = normalizeFileInput(params.uploadFile || params.fileRef, { single: true })
+if (file) params.file = file
+```
+
+For file uploads, create an internal API route (`/api/tools/{service}/upload`) that uses `downloadFileFromStorage` to get file content from `UserFile` objects.
+
 ### 3. Icon (`components/icons.tsx`)
 
 ```typescript
@@ -293,3 +310,5 @@ Register in `triggers/registry.ts`.
 - [ ] Create block in `blocks/blocks/{service}.ts`
 - [ ] Register block in `blocks/registry.ts`
 - [ ] (Optional) Create and register triggers
+- [ ] (If file uploads) Create internal API route with `downloadFileFromStorage`
+- [ ] (If file uploads) Use `normalizeFileInput` in block config

apps/docs/components/ui/icon-mapping.ts

@@ -163,9 +163,9 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   elevenlabs: ElevenLabsIcon,
   enrich: EnrichSoIcon,
   exa: ExaAIIcon,
-  file_v2: DocumentIcon,
+  file_v3: DocumentIcon,
   firecrawl: FirecrawlIcon,
-  fireflies: FirefliesIcon,
+  fireflies_v2: FirefliesIcon,
   github_v2: GithubIcon,
   gitlab: GitLabIcon,
   gmail_v2: GmailIcon,
@@ -177,7 +177,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   google_maps: GoogleMapsIcon,
   google_search: GoogleIcon,
   google_sheets_v2: GoogleSheetsIcon,
-  google_slides: GoogleSlidesIcon,
+  google_slides_v2: GoogleSlidesIcon,
   google_vault: GoogleVaultIcon,
   grafana: GrafanaIcon,
   grain: GrainIcon,
@@ -206,7 +206,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   microsoft_excel_v2: MicrosoftExcelIcon,
   microsoft_planner: MicrosoftPlannerIcon,
   microsoft_teams: MicrosoftTeamsIcon,
-  mistral_parse_v2: MistralIcon,
+  mistral_parse_v3: MistralIcon,
   mongodb: MongoDBIcon,
   mysql: MySQLIcon,
   neo4j: Neo4jIcon,
@@ -221,11 +221,11 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   polymarket: PolymarketIcon,
   postgresql: PostgresIcon,
   posthog: PosthogIcon,
-  pulse: PulseIcon,
+  pulse_v2: PulseIcon,
   qdrant: QdrantIcon,
   rds: RDSIcon,
   reddit: RedditIcon,
-  reducto: ReductoIcon,
+  reducto_v2: ReductoIcon,
   resend: ResendIcon,
   s3: S3Icon,
   salesforce: SalesforceIcon,
@@ -244,11 +244,11 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   ssh: SshIcon,
   stagehand: StagehandIcon,
   stripe: StripeIcon,
-  stt: STTIcon,
+  stt_v2: STTIcon,
   supabase: SupabaseIcon,
   tavily: TavilyIcon,
   telegram: TelegramIcon,
-  textract: TextractIcon,
+  textract_v2: TextractIcon,
   tinybird: TinybirdIcon,
   translate: TranslateIcon,
   trello: TrelloIcon,
@@ -257,7 +257,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   twilio_voice: TwilioIcon,
   typeform: TypeformIcon,
   video_generator_v2: VideoIcon,
-  vision: EyeIcon,
+  vision_v2: EyeIcon,
   wealthbox: WealthboxIcon,
   webflow: WebflowIcon,
   whatsapp: WhatsAppIcon,

apps/docs/content/docs/de/tools/file.mdx

@@ -6,7 +6,7 @@ description: Mehrere Dateien lesen und parsen
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file"
+  type="file_v3"
   color="#40916C"
 />
 

apps/docs/content/docs/de/tools/fireflies.mdx

@@ -6,7 +6,7 @@ description: Interagieren Sie mit Fireflies.ai-Besprechungstranskripten und -auf
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/de/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: Text aus PDF-Dokumenten extrahieren
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse"
+  type="mistral_parse_v3"
   color="#000000"
 />
 

apps/docs/content/docs/en/execution/costs.mdx

@@ -213,6 +213,25 @@ Different subscription plans have different usage limits:
 | **Team** | $40/seat (pooled, adjustable) | 300 sync, 2,500 async |
 | **Enterprise** | Custom | Custom |
 
+## Execution Time Limits
+
+Workflows have maximum execution time limits based on your subscription plan:
+
+| Plan | Sync Execution | Async Execution |
+|------|----------------|-----------------|
+| **Free** | 5 minutes | 10 minutes |
+| **Pro** | 50 minutes | 90 minutes |
+| **Team** | 50 minutes | 90 minutes |
+| **Enterprise** | 50 minutes | 90 minutes |
+
+**Sync executions** run immediately and return results directly. These are triggered via the API with `async: false` (default) or through the UI.
+**Async executions** (triggered via API with `async: true`, webhooks, or schedules) run in the background. Async time limits are up to 2x the sync limit, capped at 90 minutes.
+
+
+<Callout type="info">
+  If a workflow exceeds its time limit, it will be terminated and marked as failed with a timeout error. Design long-running workflows to use async execution or break them into smaller workflows.
+</Callout>
+
 ## Billing Model
 
 Sim uses a **base subscription + overage** billing model:

apps/docs/content/docs/en/execution/files.mdx

@@ -0,0 +1,168 @@
+---
+title: Passing Files
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+import { Tab, Tabs } from 'fumadocs-ui/components/tabs'
+
+Sim makes it easy to work with files throughout your workflows. Blocks can receive files, process them, and pass them to other blocks seamlessly.
+
+## File Objects
+
+When blocks output files (like Gmail attachments, generated images, or parsed documents), they return a standardized file object:
+
+```json
+{
+  "name": "report.pdf",
+  "url": "https://...",
+  "base64": "JVBERi0xLjQK...",
+  "type": "application/pdf",
+  "size": 245678
+}
+```
+
+You can access any of these properties when referencing files from previous blocks.
+
+## The File Block
+
+The **File block** is the universal entry point for files in your workflows. It accepts files from any source and outputs standardized file objects that work with all integrations.
+
+**Inputs:**
+- **Uploaded files** - Drag and drop or select files directly
+- **External URLs** - Any publicly accessible file URL
+- **Files from other blocks** - Pass files from Gmail attachments, Slack downloads, etc.
+
+**Outputs:**
+- A list of `UserFile` objects with consistent structure (`name`, `url`, `base64`, `type`, `size`)
+- `combinedContent` - Extracted text content from all files (for documents)
+
+**Example usage:**
+
+```
+// Get all files from the File block
+<file.files>
+
+// Get the first file
+<file.files[0]>
+
+// Get combined text content from parsed documents
+<file.combinedContent>
+```
+
+The File block automatically:
+- Detects file types from URLs and extensions
+- Extracts text from PDFs, CSVs, and documents
+- Generates base64 encoding for binary files
+- Creates presigned URLs for secure access
+
+Use the File block when you need to normalize files from different sources before passing them to other blocks like Vision, STT, or email integrations.
+
+## Passing Files Between Blocks
+
+Reference files from previous blocks using the tag dropdown. Click in any file input field and type `<` to see available outputs.
+
+**Common patterns:**
+
+```
+// Single file from a block
+<gmail.attachments[0]>
+
+// Pass the whole file object
+<file_parser.files[0]>
+
+// Access specific properties
+<gmail.attachments[0].name>
+<gmail.attachments[0].base64>
+```
+
+Most blocks accept the full file object and extract what they need automatically. You don't need to manually extract `base64` or `url` in most cases.
+
+## Triggering Workflows with Files
+
+When calling a workflow via API that expects file input, include files in your request:
+
+<Tabs items={['Base64', 'URL']}>
+  <Tab value="Base64">
+    ```bash
+    curl -X POST "https://sim.ai/api/workflows/YOUR_WORKFLOW_ID/execute" \
+      -H "Content-Type: application/json" \
+      -H "x-api-key: YOUR_API_KEY" \
+      -d '{
+        "document": {
+          "name": "report.pdf",
+          "base64": "JVBERi0xLjQK...",
+          "type": "application/pdf"
+        }
+      }'
+    ```
+  </Tab>
+  <Tab value="URL">
+    ```bash
+    curl -X POST "https://sim.ai/api/workflows/YOUR_WORKFLOW_ID/execute" \
+      -H "Content-Type: application/json" \
+      -H "x-api-key: YOUR_API_KEY" \
+      -d '{
+        "document": {
+          "name": "report.pdf",
+          "url": "https://example.com/report.pdf",
+          "type": "application/pdf"
+        }
+      }'
+    ```
+  </Tab>
+</Tabs>
+
+The workflow's Start block should have an input field configured to receive the file parameter.
+
+## Receiving Files in API Responses
+
+When a workflow outputs files, they're included in the response:
+
+```json
+{
+  "success": true,
+  "output": {
+    "generatedFile": {
+      "name": "output.png",
+      "url": "https://...",
+      "base64": "iVBORw0KGgo...",
+      "type": "image/png",
+      "size": 34567
+    }
+  }
+}
+```
+
+Use `url` for direct downloads or `base64` for inline processing.
+
+## Blocks That Work with Files
+
+**File inputs:**
+- **File** - Parse documents, images, and text files
+- **Vision** - Analyze images with AI models
+- **Mistral Parser** - Extract text from PDFs
+
+**File outputs:**
+- **Gmail** - Email attachments
+- **Slack** - Downloaded files
+- **TTS** - Generated audio files
+- **Video Generator** - Generated videos
+- **Image Generator** - Generated images
+
+**File storage:**
+- **Supabase** - Upload/download from storage
+- **S3** - AWS S3 operations
+- **Google Drive** - Drive file operations
+- **Dropbox** - Dropbox file operations
+
+<Callout type="info">
+  Files are automatically available to downstream blocks. The execution engine handles all file transfer and format conversion.
+</Callout>
+
+## Best Practices
+
+1. **Use file objects directly** - Pass the full file object rather than extracting individual properties. Blocks handle the conversion automatically.
+
+2. **Check file types** - Ensure the file type matches what the receiving block expects. The Vision block needs images, the File block handles documents.
+
+3. **Consider file size** - Large files increase execution time. For very large files, consider using storage blocks (S3, Supabase) for intermediate storage.

apps/docs/content/docs/en/execution/meta.json

@@ -1,3 +1,3 @@
 {
-  "pages": ["index", "basics", "api", "logging", "costs"]
+  "pages": ["index", "basics", "files", "api", "logging", "costs"]
 }

apps/docs/content/docs/en/quick-reference/index.mdx

@@ -180,6 +180,11 @@ A quick lookup for everyday actions in the Sim workflow editor. For keyboard sho
       <td>Right-click → **Enable/Disable**</td>
       <td><ActionImage src="/static/quick-reference/disable-block.png" alt="Disable block" /></td>
     </tr>
+    <tr>
+      <td>Lock/Unlock a block</td>
+      <td>Hover block → Click lock icon (Admin only)</td>
+      <td><ActionImage src="/static/quick-reference/lock-block.png" alt="Lock block" /></td>
+    </tr>
     <tr>
       <td>Toggle handle orientation</td>
       <td>Right-click → **Toggle Handles**</td>

apps/docs/content/docs/en/tools/confluence.mdx

@@ -49,10 +49,25 @@ Retrieve content from Confluence pages using the Confluence API.
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `ts` | string | Timestamp of retrieval |
+| `ts` | string | ISO 8601 timestamp of the operation |
 | `pageId` | string | Confluence page ID |
-| `content` | string | Page content with HTML tags stripped |
 | `title` | string | Page title |
+| `content` | string | Page content with HTML tags stripped |
+| `status` | string | Page status \(current, archived, trashed, draft\) |
+| `spaceId` | string | ID of the space containing the page |
+| `parentId` | string | ID of the parent page |
+| `authorId` | string | Account ID of the page author |
+| `createdAt` | string | ISO 8601 timestamp when the page was created |
+| `url` | string | URL to view the page in Confluence |
+| `body` | object | Raw page body content in storage format |
+|   ↳ `value` | string | The content value in the specified format |
+|   ↳ `representation` | string | Content representation type |
+| `version` | object | Page version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
 
 ### `confluence_update`
 
@@ -76,6 +91,25 @@ Update a Confluence page using the Confluence API.
 | `ts` | string | Timestamp of update |
 | `pageId` | string | Confluence page ID |
 | `title` | string | Updated page title |
+| `status` | string | Page status |
+| `spaceId` | string | Space ID |
+| `body` | object | Page body content in storage format |
+|   ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `view` | object | Body in view format \(rendered HTML\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+| `version` | object | Page version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `url` | string | URL to view the page in Confluence |
 | `success` | boolean | Update operation success status |
 
 ### `confluence_create_page`
@@ -100,11 +134,30 @@ Create a new page in a Confluence space.
 | `ts` | string | Timestamp of creation |
 | `pageId` | string | Created page ID |
 | `title` | string | Page title |
+| `status` | string | Page status |
+| `spaceId` | string | Space ID |
+| `parentId` | string | Parent page ID |
+| `body` | object | Page body content |
+|   ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `view` | object | Body in view format \(rendered HTML\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+| `version` | object | Page version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
 | `url` | string | Page URL |
 
 ### `confluence_delete_page`
 
-Delete a Confluence page (moves it to trash where it can be restored).
+Delete a Confluence page. By default moves to trash; use purge=true to permanently delete.
 
 #### Input
 
@@ -112,6 +165,7 @@ Delete a Confluence page (moves it to trash where it can be restored).
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
 | `pageId` | string | Yes | Confluence page ID to delete |
+| `purge` | boolean | No | If true, permanently deletes the page instead of moving to trash \(default: false\) |
 | `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 
 #### Output
@@ -122,6 +176,229 @@ Delete a Confluence page (moves it to trash where it can be restored).
 | `pageId` | string | Deleted page ID |
 | `deleted` | boolean | Deletion status |
 
+### `confluence_list_pages_in_space`
+
+List all pages within a specific Confluence space. Supports pagination and filtering by status.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `spaceId` | string | Yes | The ID of the Confluence space to list pages from |
+| `limit` | number | No | Maximum number of pages to return \(default: 50, max: 250\) |
+| `status` | string | No | Filter pages by status: current, archived, trashed, or draft |
+| `bodyFormat` | string | No | Format for page body content: storage, atlas_doc_format, or view. If not specified, body is not included. |
+| `cursor` | string | No | Pagination cursor from previous response to get the next page of results |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pages` | array | Array of pages in the space |
+|   ↳ `id` | string | Unique page identifier |
+|   ↳ `title` | string | Page title |
+|   ↳ `status` | string | Page status \(e.g., current, archived, trashed, draft\) |
+|   ↳ `spaceId` | string | ID of the space containing the page |
+|   ↳ `parentId` | string | ID of the parent page \(null if top-level\) |
+|   ↳ `authorId` | string | Account ID of the page author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp when the page was created |
+|   ↳ `version` | object | Page version information |
+|     ↳ `number` | number | Version number |
+|     ↳ `message` | string | Version message |
+|     ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|     ↳ `authorId` | string | Account ID of the version author |
+|     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+|   ↳ `body` | object | Page body content \(if bodyFormat was specified\) |
+|     ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|     ↳ `view` | object | Body in view format \(rendered HTML\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|     ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|   ↳ `webUrl` | string | URL to view the page in Confluence |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_get_page_children`
+
+Get all child pages of a specific Confluence page. Useful for navigating page hierarchies.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the parent page to get children from |
+| `limit` | number | No | Maximum number of child pages to return \(default: 50, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response to get the next page of results |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `parentId` | string | ID of the parent page |
+| `children` | array | Array of child pages |
+|   ↳ `id` | string | Child page ID |
+|   ↳ `title` | string | Child page title |
+|   ↳ `status` | string | Page status |
+|   ↳ `spaceId` | string | Space ID |
+|   ↳ `childPosition` | number | Position among siblings |
+|   ↳ `webUrl` | string | URL to view the page |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_get_page_ancestors`
+
+Get the ancestor (parent) pages of a specific Confluence page. Returns the full hierarchy from the page up to the root.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the page to get ancestors for |
+| `limit` | number | No | Maximum number of ancestors to return \(default: 25, max: 250\) |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | ID of the page whose ancestors were retrieved |
+| `ancestors` | array | Array of ancestor pages, ordered from direct parent to root |
+|   ↳ `id` | string | Ancestor page ID |
+|   ↳ `title` | string | Ancestor page title |
+|   ↳ `status` | string | Page status |
+|   ↳ `spaceId` | string | Space ID |
+|   ↳ `webUrl` | string | URL to view the page |
+
+### `confluence_list_page_versions`
+
+List all versions (revision history) of a Confluence page.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the page to get versions for |
+| `limit` | number | No | Maximum number of versions to return \(default: 50, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | ID of the page |
+| `versions` | array | Array of page versions |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_get_page_version`
+
+Get details about a specific version of a Confluence page.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the page |
+| `versionNumber` | number | Yes | The version number to retrieve \(e.g., 1, 2, 3\) |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | ID of the page |
+| `version` | object | Detailed version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+|   ↳ `contentTypeModified` | boolean | Whether the content type was modified in this version |
+|   ↳ `collaborators` | array | List of collaborator account IDs for this version |
+|   ↳ `prevVersion` | number | Previous version number |
+|   ↳ `nextVersion` | number | Next version number |
+
+### `confluence_list_page_properties`
+
+List all custom properties (metadata) attached to a Confluence page.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the page to list properties from |
+| `limit` | number | No | Maximum number of properties to return \(default: 50, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | ID of the page |
+| `properties` | array | Array of content properties |
+|   ↳ `id` | string | Property ID |
+|   ↳ `key` | string | Property key |
+|   ↳ `value` | json | Property value \(can be any JSON\) |
+|   ↳ `version` | object | Version information |
+|     ↳ `number` | number | Version number |
+|     ↳ `message` | string | Version message |
+|     ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|     ↳ `authorId` | string | Account ID of the version author |
+|     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_create_page_property`
+
+Create a new custom property (metadata) on a Confluence page.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | The ID of the page to add the property to |
+| `key` | string | Yes | The key/name for the property |
+| `value` | json | Yes | The value for the property \(can be any JSON value\) |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | ID of the page |
+| `propertyId` | string | ID of the created property |
+| `key` | string | Property key |
+| `value` | json | Property value |
+| `version` | object | Version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+
 ### `confluence_search`
 
 Search for content across Confluence pages, blog posts, and other content.
@@ -155,6 +432,211 @@ Search for content across Confluence pages, blog posts, and other content.
 |   ↳ `lastModified` | string | ISO 8601 timestamp of last modification |
 |   ↳ `entityType` | string | Entity type identifier \(e.g., content, space\) |
 
+### `confluence_search_in_space`
+
+Search for content within a specific Confluence space. Optionally filter by text query and content type.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `spaceKey` | string | Yes | The key of the Confluence space to search in \(e.g., "ENG", "HR"\) |
+| `query` | string | No | Text search query. If not provided, returns all content in the space. |
+| `contentType` | string | No | Filter by content type: page, blogpost, attachment, or comment |
+| `limit` | number | No | Maximum number of results to return \(default: 25, max: 250\) |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `spaceKey` | string | The space key that was searched |
+| `totalSize` | number | Total number of matching results |
+| `results` | array | Array of search results |
+|   ↳ `id` | string | Unique content identifier |
+|   ↳ `title` | string | Content title |
+|   ↳ `type` | string | Content type \(e.g., page, blogpost, attachment, comment\) |
+|   ↳ `status` | string | Content status \(e.g., current\) |
+|   ↳ `url` | string | URL to view the content in Confluence |
+|   ↳ `excerpt` | string | Text excerpt matching the search query |
+|   ↳ `spaceKey` | string | Key of the space containing the content |
+|   ↳ `space` | object | Space information for the content |
+|     ↳ `id` | string | Space identifier |
+|     ↳ `key` | string | Space key |
+|     ↳ `name` | string | Space name |
+|   ↳ `lastModified` | string | ISO 8601 timestamp of last modification |
+|   ↳ `entityType` | string | Entity type identifier \(e.g., content, space\) |
+
+### `confluence_list_blogposts`
+
+List all blog posts across all accessible Confluence spaces.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `limit` | number | No | Maximum number of blog posts to return \(default: 25, max: 250\) |
+| `status` | string | No | Filter by status: current, archived, trashed, or draft |
+| `sort` | string | No | Sort order: created-date, -created-date, modified-date, -modified-date, title, -title |
+| `cursor` | string | No | Pagination cursor from previous response |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `blogPosts` | array | Array of blog posts |
+|   ↳ `id` | string | Blog post ID |
+|   ↳ `title` | string | Blog post title |
+|   ↳ `status` | string | Blog post status |
+|   ↳ `spaceId` | string | Space ID |
+|   ↳ `authorId` | string | Author account ID |
+|   ↳ `createdAt` | string | Creation timestamp |
+|   ↳ `version` | object | Version information |
+|     ↳ `number` | number | Version number |
+|     ↳ `message` | string | Version message |
+|     ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|     ↳ `authorId` | string | Account ID of the version author |
+|     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+|   ↳ `webUrl` | string | URL to view the blog post |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_get_blogpost`
+
+Get a specific Confluence blog post by ID, including its content.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `blogPostId` | string | Yes | The ID of the blog post to retrieve |
+| `bodyFormat` | string | No | Format for blog post body: storage, atlas_doc_format, or view |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `id` | string | Blog post ID |
+| `title` | string | Blog post title |
+| `status` | string | Blog post status |
+| `spaceId` | string | Space ID |
+| `authorId` | string | Author account ID |
+| `createdAt` | string | Creation timestamp |
+| `version` | object | Version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `body` | object | Blog post body content in requested format\(s\) |
+|   ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `view` | object | Body in view format \(rendered HTML\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+| `webUrl` | string | URL to view the blog post |
+
+### `confluence_create_blogpost`
+
+Create a new blog post in a Confluence space.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `spaceId` | string | Yes | The ID of the space to create the blog post in |
+| `title` | string | Yes | Title of the blog post |
+| `content` | string | Yes | Blog post content in Confluence storage format \(HTML\) |
+| `status` | string | No | Blog post status: current \(default\) or draft |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `id` | string | Created blog post ID |
+| `title` | string | Blog post title |
+| `status` | string | Blog post status |
+| `spaceId` | string | Space ID |
+| `authorId` | string | Author account ID |
+| `body` | object | Blog post body content |
+|   ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `view` | object | Body in view format \(rendered HTML\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+|   ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|     ↳ `value` | string | The content value in the specified format |
+|     ↳ `representation` | string | Content representation type |
+| `version` | object | Blog post version information |
+|   ↳ `number` | number | Version number |
+|   ↳ `message` | string | Version message |
+|   ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|   ↳ `authorId` | string | Account ID of the version author |
+|   ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `webUrl` | string | URL to view the blog post |
+
+### `confluence_list_blogposts_in_space`
+
+List all blog posts within a specific Confluence space.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `spaceId` | string | Yes | The ID of the Confluence space to list blog posts from |
+| `limit` | number | No | Maximum number of blog posts to return \(default: 25, max: 250\) |
+| `status` | string | No | Filter by status: current, archived, trashed, or draft |
+| `bodyFormat` | string | No | Format for blog post body: storage, atlas_doc_format, or view |
+| `cursor` | string | No | Pagination cursor from previous response |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `blogPosts` | array | Array of blog posts in the space |
+|   ↳ `id` | string | Blog post ID |
+|   ↳ `title` | string | Blog post title |
+|   ↳ `status` | string | Blog post status |
+|   ↳ `spaceId` | string | Space ID |
+|   ↳ `authorId` | string | Author account ID |
+|   ↳ `createdAt` | string | Creation timestamp |
+|   ↳ `version` | object | Version information |
+|     ↳ `number` | number | Version number |
+|     ↳ `message` | string | Version message |
+|     ↳ `minorEdit` | boolean | Whether this is a minor edit |
+|     ↳ `authorId` | string | Account ID of the version author |
+|     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+|   ↳ `body` | object | Blog post body content |
+|     ↳ `storage` | object | Body in storage format \(Confluence markup\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|     ↳ `view` | object | Body in view format \(rendered HTML\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|     ↳ `atlas_doc_format` | object | Body in Atlassian Document Format \(ADF\) |
+|       ↳ `value` | string | The content value in the specified format |
+|       ↳ `representation` | string | Content representation type |
+|   ↳ `webUrl` | string | URL to view the blog post |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
 ### `confluence_create_comment`
 
 Add a comment to a Confluence page.
@@ -187,6 +669,8 @@ List all comments on a Confluence page.
 | `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
 | `pageId` | string | Yes | Confluence page ID to list comments from |
 | `limit` | number | No | Maximum number of comments to return \(default: 25\) |
+| `bodyFormat` | string | No | Format for the comment body: storage, atlas_doc_format, view, or export_view \(default: storage\) |
+| `cursor` | string | No | Pagination cursor from previous response |
 | `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 
 #### Output
@@ -212,6 +696,7 @@ List all comments on a Confluence page.
 |     ↳ `minorEdit` | boolean | Whether this is a minor edit |
 |     ↳ `authorId` | string | Account ID of the version author |
 |     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `nextCursor` | string | Cursor for fetching the next page of results |
 
 ### `confluence_update_comment`
 
@@ -291,7 +776,8 @@ List all attachments on a Confluence page.
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
 | `pageId` | string | Yes | Confluence page ID to list attachments from |
-| `limit` | number | No | Maximum number of attachments to return \(default: 25\) |
+| `limit` | number | No | Maximum number of attachments to return \(default: 50, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response |
 | `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 
 #### Output
@@ -316,6 +802,7 @@ List all attachments on a Confluence page.
 |     ↳ `minorEdit` | boolean | Whether this is a minor edit |
 |     ↳ `authorId` | string | Account ID of the version author |
 |     ↳ `createdAt` | string | ISO 8601 timestamp of version creation |
+| `nextCursor` | string | Cursor for fetching the next page of results |
 
 ### `confluence_delete_attachment`
 
@@ -347,6 +834,8 @@ List all labels on a Confluence page.
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
 | `pageId` | string | Yes | Confluence page ID to list labels from |
+| `limit` | number | No | Maximum number of labels to return \(default: 25, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response |
 | `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 
 #### Output
@@ -358,6 +847,30 @@ List all labels on a Confluence page.
 |   ↳ `id` | string | Unique label identifier |
 |   ↳ `name` | string | Label name |
 |   ↳ `prefix` | string | Label prefix/type \(e.g., global, my, team\) |
+| `nextCursor` | string | Cursor for fetching the next page of results |
+
+### `confluence_add_label`
+
+Add a label to a Confluence page for organization and categorization.
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
+| `pageId` | string | Yes | Confluence page ID to add the label to |
+| `labelName` | string | Yes | Name of the label to add |
+| `prefix` | string | No | Label prefix: global \(default\), my, team, or system |
+| `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | ISO 8601 timestamp of the operation |
+| `pageId` | string | Page ID that the label was added to |
+| `labelName` | string | Name of the added label |
+| `labelId` | string | ID of the added label |
 
 ### `confluence_get_space`
 
@@ -375,13 +888,19 @@ Get details about a specific Confluence space.
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `ts` | string | Timestamp of retrieval |
+| `ts` | string | ISO 8601 timestamp of the operation |
 | `spaceId` | string | Space ID |
 | `name` | string | Space name |
 | `key` | string | Space key |
-| `type` | string | Space type |
-| `status` | string | Space status |
-| `url` | string | Space URL |
+| `type` | string | Space type \(global, personal\) |
+| `status` | string | Space status \(current, archived\) |
+| `url` | string | URL to view the space in Confluence |
+| `authorId` | string | Account ID of the space creator |
+| `createdAt` | string | ISO 8601 timestamp when the space was created |
+| `homepageId` | string | ID of the space homepage |
+| `description` | object | Space description content |
+|   ↳ `value` | string | Description text content |
+|   ↳ `representation` | string | Content representation format \(e.g., plain, view, storage\) |
 
 ### `confluence_list_spaces`
 
@@ -392,7 +911,8 @@ List all Confluence spaces accessible to the user.
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `domain` | string | Yes | Your Confluence domain \(e.g., yourcompany.atlassian.net\) |
-| `limit` | number | No | Maximum number of spaces to return \(default: 25\) |
+| `limit` | number | No | Maximum number of spaces to return \(default: 25, max: 250\) |
+| `cursor` | string | No | Pagination cursor from previous response |
 | `cloudId` | string | No | Confluence Cloud ID for the instance. If not provided, it will be fetched using the domain. |
 
 #### Output
@@ -412,5 +932,6 @@ List all Confluence spaces accessible to the user.
 |   ↳ `description` | object | Space description |
 |     ↳ `value` | string | Description text content |
 |     ↳ `representation` | string | Content representation format \(e.g., plain, view, storage\) |
+| `nextCursor` | string | Cursor for fetching the next page of results |
 
 

apps/docs/content/docs/en/tools/discord.mdx

@@ -63,6 +63,7 @@ Send a message to a Discord channel
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `message` | string | Success or error message |
+| `files` | file[] | Files attached to the message |
 | `data` | object | Discord message data |
 |   ↳ `id` | string | Message ID |
 |   ↳ `content` | string | Message content |

apps/docs/content/docs/en/tools/dropbox.mdx

@@ -43,7 +43,8 @@ Upload a file to Dropbox
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `path` | string | Yes | The path in Dropbox where the file should be saved \(e.g., /folder/document.pdf\) |
-| `fileContent` | string | Yes | The base64 encoded content of the file to upload |
+| `file` | file | No | The file to upload \(UserFile object\) |
+| `fileContent` | string | No | Legacy: base64 encoded file content |
 | `fileName` | string | No | Optional filename \(used if path is a folder\) |
 | `mode` | string | No | Write mode: add \(default\) or overwrite |
 | `autorename` | boolean | No | If true, rename the file if there is a conflict |
@@ -66,7 +67,7 @@ Upload a file to Dropbox
 
 ### `dropbox_download`
 
-Download a file from Dropbox and get a temporary link
+Download a file from Dropbox with metadata and content
 
 #### Input
 
@@ -78,11 +79,8 @@ Download a file from Dropbox and get a temporary link
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `file` | object | The file metadata |
-|   ↳ `id` | string | Unique identifier for the file |
-|   ↳ `name` | string | Name of the file |
-|   ↳ `path_display` | string | Display path of the file |
-|   ↳ `size` | number | Size of the file in bytes |
+| `file` | file | Downloaded file stored in execution files |
+| `metadata` | json | The file metadata |
 | `temporaryLink` | string | Temporary link to download the file \(valid for ~4 hours\) |
 | `content` | string | Base64 encoded file content \(if fetched\) |
 

apps/docs/content/docs/en/tools/file.mdx

@@ -6,7 +6,7 @@ description: Read and parse multiple files
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file_v2"
+  type="file_v3"
   color="#40916C"
 />
 
@@ -27,7 +27,7 @@ The File Parser tool is particularly useful for scenarios where your agents need
 
 ## Usage Instructions
 
-Integrate File into the workflow. Can upload a file manually or insert a file url.
+Upload files directly or import from external URLs to get UserFile objects for use in other blocks.
 
 
 
@@ -41,14 +41,15 @@ Parse one or more uploaded files or files from URLs (text, PDF, CSV, images, etc
 
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `filePath` | string | Yes | Path to the file\(s\). Can be a single path, URL, or an array of paths. |
+| `filePath` | string | No | Path to the file\(s\). Can be a single path, URL, or an array of paths. |
+| `file` | file | No | Uploaded file\(s\) to parse |
 | `fileType` | string | No | Type of file to parse \(auto-detected if not specified\) |
 
 #### Output
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `files` | array | Array of parsed files with content, metadata, and file properties |
-| `combinedContent` | string | All file contents merged into a single text string |
+| `files` | file[] | Parsed files as UserFile objects |
+| `combinedContent` | string | Combined content of all parsed files |
 
 

apps/docs/content/docs/en/tools/fireflies.mdx

@@ -6,7 +6,7 @@ description: Interact with Fireflies.ai meeting transcripts and recordings
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/en/tools/github.mdx

@@ -692,6 +692,7 @@ Get the content of a file from a GitHub repository. Supports files up to 1MB. Co
 | `download_url` | string | Direct download URL |
 | `git_url` | string | Git blob API URL |
 | `_links` | json | Related links |
+| `file` | file | Downloaded file stored in execution files |
 
 ### `github_create_file`
 

apps/docs/content/docs/en/tools/google_drive.mdx

@@ -291,11 +291,7 @@ Download a file from Google Drive with complete metadata (exports Google Workspa
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
-| `file` | object | Downloaded file data |
-|   ↳ `name` | string | File name |
-|   ↳ `mimeType` | string | MIME type of the file |
-|   ↳ `data` | string | File content as base64-encoded string |
-|   ↳ `size` | number | File size in bytes |
+| `file` | file | Downloaded file stored in execution files |
 | `metadata` | object | Complete file metadata from Google Drive |
 |   ↳ `id` | string | Google Drive file ID |
 |   ↳ `kind` | string | Resource type identifier |

apps/docs/content/docs/en/tools/google_slides.mdx

@@ -6,7 +6,7 @@ description: Read, write, and create presentations
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="google_slides"
+  type="google_slides_v2"
   color="#E0E0E0"
 />
 

apps/docs/content/docs/en/tools/jira.mdx

@@ -333,6 +333,28 @@ Get all attachments from a Jira issue
 | `issueKey` | string | Issue key |
 | `attachments` | array | Array of attachments with id, filename, size, mimeType, created, author |
 
+### `jira_add_attachment`
+
+Add attachments to a Jira issue
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `domain` | string | Yes | Your Jira domain \(e.g., yourcompany.atlassian.net\) |
+| `issueKey` | string | Yes | Jira issue key to add attachments to \(e.g., PROJ-123\) |
+| `files` | file[] | Yes | Files to attach to the Jira issue |
+| `cloudId` | string | No | Jira Cloud ID for the instance. If not provided, it will be fetched using the domain. |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `ts` | string | Timestamp of the operation |
+| `issueKey` | string | Issue key |
+| `attachmentIds` | json | IDs of uploaded attachments |
+| `files` | file[] | Uploaded attachment files |
+
 ### `jira_delete_attachment`
 
 Delete an attachment from a Jira issue

apps/docs/content/docs/en/tools/linear.mdx

@@ -1022,7 +1022,8 @@ Add an attachment to an issue in Linear
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `issueId` | string | Yes | Issue ID to attach to |
-| `url` | string | Yes | URL of the attachment |
+| `url` | string | No | URL of the attachment |
+| `file` | file | No | File to attach |
 | `title` | string | Yes | Attachment title |
 | `subtitle` | string | No | Attachment subtitle/description |
 

apps/docs/content/docs/en/tools/microsoft_teams.mdx

@@ -81,6 +81,7 @@ Write or update content in a Microsoft Teams chat
 | `createdTime` | string | Timestamp when message was created |
 | `url` | string | Web URL to the message |
 | `updatedContent` | boolean | Whether content was successfully updated |
+| `files` | file[] | Files attached to the message |
 
 ### `microsoft_teams_read_channel`
 
@@ -132,6 +133,7 @@ Write or send a message to a Microsoft Teams channel
 | `createdTime` | string | Timestamp when message was created |
 | `url` | string | Web URL to the message |
 | `updatedContent` | boolean | Whether content was successfully updated |
+| `files` | file[] | Files attached to the message |
 
 ### `microsoft_teams_update_chat_message`
 

apps/docs/content/docs/en/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: Extract text from PDF documents
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse_v2"
+  type="mistral_parse_v3"
   color="#000000"
 />
 
@@ -35,13 +35,12 @@ Integrate Mistral Parse into the workflow. Can extract text from uploaded PDF do
 
 ### `mistral_parser`
 
-Parse PDF documents using Mistral OCR API
-
 #### Input
 
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `filePath` | string | Yes | URL to a PDF document to be processed |
+| `filePath` | string | No | URL to a PDF document to be processed |
+| `file` | file | No | Document file to be processed |
 | `fileUpload` | object | No | File upload data from file-upload component |
 | `resultType` | string | No | Type of parsed result \(markdown, text, or json\). Defaults to markdown. |
 | `includeImageBase64` | boolean | No | Include base64-encoded images in the response |
@@ -55,27 +54,8 @@ Parse PDF documents using Mistral OCR API
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `pages` | array | Array of page objects from Mistral OCR |
-|   ↳ `index` | number | Page index \(zero-based\) |
-|   ↳ `markdown` | string | Extracted markdown content |
-|   ↳ `images` | array | Images extracted from this page with bounding boxes |
-|     ↳ `id` | string | Image identifier \(e.g., img-0.jpeg\) |
-|     ↳ `top_left_x` | number | Top-left X coordinate in pixels |
-|     ↳ `top_left_y` | number | Top-left Y coordinate in pixels |
-|     ↳ `bottom_right_x` | number | Bottom-right X coordinate in pixels |
-|     ↳ `bottom_right_y` | number | Bottom-right Y coordinate in pixels |
-|     ↳ `image_base64` | string | Base64-encoded image data \(when include_image_base64=true\) |
-|   ↳ `dimensions` | object | Page dimensions |
-|     ↳ `dpi` | number | Dots per inch |
-|     ↳ `height` | number | Page height in pixels |
-|     ↳ `width` | number | Page width in pixels |
-|   ↳ `tables` | array | Extracted tables as HTML/markdown \(when table_format is set\). Referenced via placeholders like \[tbl-0.html\] |
-|   ↳ `hyperlinks` | array | Array of URL strings detected in the page \(e.g., \["https://...", "mailto:..."\]\) |
-|   ↳ `header` | string | Page header content \(when extract_header=true\) |
-|   ↳ `footer` | string | Page footer content \(when extract_footer=true\) |
-| `model` | string | Mistral OCR model identifier \(e.g., mistral-ocr-latest\) |
-| `usage_info` | object | Usage and processing statistics |
-|   ↳ `pages_processed` | number | Total number of pages processed |
-|   ↳ `doc_size_bytes` | number | Document file size in bytes |
-| `document_annotation` | string | Structured annotation data as JSON string \(when applicable\) |
+| `model` | string | Mistral OCR model identifier |
+| `usage_info` | json | Usage statistics from the API |
+| `document_annotation` | string | Structured annotation data |
 
 

apps/docs/content/docs/en/tools/notion.mdx

@@ -113,6 +113,26 @@ Create a new page in Notion
 | `last_edited_time` | string | ISO 8601 last edit timestamp |
 | `title` | string | Page title |
 
+### `notion_update_page`
+
+Update properties of a Notion page
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `pageId` | string | Yes | The UUID of the Notion page to update |
+| `properties` | json | Yes | JSON object of properties to update |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `id` | string | Page UUID |
+| `url` | string | Notion page URL |
+| `last_edited_time` | string | ISO 8601 last edit timestamp |
+| `title` | string | Page title |
+
 ### `notion_query_database`
 
 Query and filter Notion database entries with advanced filtering

apps/docs/content/docs/en/tools/pipedrive.mdx

@@ -152,6 +152,7 @@ Retrieve files from Pipedrive with optional filters
 | `person_id` | string | No | Filter files by person ID \(e.g., "456"\) |
 | `org_id` | string | No | Filter files by organization ID \(e.g., "789"\) |
 | `limit` | string | No | Number of results to return \(e.g., "50", default: 100, max: 500\) |
+| `downloadFiles` | boolean | No | Download file contents into file outputs |
 
 #### Output
 
@@ -168,6 +169,7 @@ Retrieve files from Pipedrive with optional filters
 |   ↳ `person_id` | number | Associated person ID |
 |   ↳ `org_id` | number | Associated organization ID |
 |   ↳ `url` | string | File download URL |
+| `downloadedFiles` | file[] | Downloaded files from Pipedrive |
 | `total_items` | number | Total number of files returned |
 | `success` | boolean | Operation success status |
 

apps/docs/content/docs/en/tools/pulse.mdx

@@ -6,12 +6,12 @@ description: Extract text from documents using Pulse OCR
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="pulse"
+  type="pulse_v2"
   color="#E0E0E0"
 />
 
 {/* MANUAL-CONTENT-START:intro */}
-The [Pulse](https://www.pulseapi.com/) tool enables seamless extraction of text and structured content from a wide variety of documents—including PDFs, images, and Office files—using state-of-the-art OCR (Optical Character Recognition) powered by Pulse. Designed for automated agentic workflows, Pulse Parser makes it easy to unlock valuable information trapped in unstructured documents and integrate the extracted content directly into your workflow.
+The [Pulse](https://www.runpulse.com) tool enables seamless extraction of text and structured content from a wide variety of documents—including PDFs, images, and Office files—using state-of-the-art OCR (Optical Character Recognition) powered by Pulse. Designed for automated agentic workflows, Pulse Parser makes it easy to unlock valuable information trapped in unstructured documents and integrate the extracted content directly into your workflow.
 
 With Pulse, you can:
 
@@ -31,7 +31,7 @@ If you need accurate, scalable, and developer-friendly document parsing capabili
 
 ## Usage Instructions
 
-Integrate Pulse into the workflow. Extract text from PDF documents, images, and Office files via URL or upload.
+Integrate Pulse into the workflow. Extract text from PDF documents, images, and Office files via upload or file references.
 
 
 
@@ -39,13 +39,12 @@ Integrate Pulse into the workflow. Extract text from PDF documents, images, and
 
 ### `pulse_parser`
 
-Parse documents (PDF, images, Office docs) using Pulse OCR API
-
 #### Input
 
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `filePath` | string | Yes | URL to a document to be processed |
+| `filePath` | string | No | URL to a document to be processed |
+| `file` | file | No | Document file to be processed |
 | `fileUpload` | object | No | File upload data from file-upload component |
 | `pages` | string | No | Page range to process \(1-indexed, e.g., "1-2,5"\) |
 | `extractFigure` | boolean | No | Enable figure extraction from the document |
@@ -57,16 +56,6 @@ Parse documents (PDF, images, Office docs) using Pulse OCR API
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `markdown` | string | Extracted content in markdown format |
-| `page_count` | number | Number of pages in the document |
-| `job_id` | string | Unique job identifier |
-| `bounding_boxes` | json | Bounding box layout information |
-| `extraction_url` | string | URL for extraction results \(for large documents\) |
-| `html` | string | HTML content if requested |
-| `structured_output` | json | Structured output if schema was provided |
-| `chunks` | json | Chunked content if chunking was enabled |
-| `figures` | json | Extracted figures if figure extraction was enabled |
+This tool does not produce any outputs.
 
 

apps/docs/content/docs/en/tools/reducto.mdx

@@ -6,7 +6,7 @@ description: Extract text from PDF documents
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="reducto"
+  type="reducto_v2"
   color="#5c0c5c"
 />
 
@@ -29,7 +29,7 @@ Looking for reliable and scalable PDF parsing? Reducto is optimized for develope
 
 ## Usage Instructions
 
-Integrate Reducto Parse into the workflow. Can extract text from uploaded PDF documents, or from a URL.
+Integrate Reducto Parse into the workflow. Can extract text from uploaded PDF documents or file references.
 
 
 
@@ -37,13 +37,12 @@ Integrate Reducto Parse into the workflow. Can extract text from uploaded PDF do
 
 ### `reducto_parser`
 
-Parse PDF documents using Reducto OCR API
-
 #### Input
 
 | Parameter | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `filePath` | string | Yes | URL to a PDF document to be processed |
+| `filePath` | string | No | URL to a PDF document to be processed |
+| `file` | file | No | Document file to be processed |
 | `fileUpload` | object | No | File upload data from file-upload component |
 | `pages` | array | No | Specific pages to process \(1-indexed page numbers\) |
 | `tableOutputFormat` | string | No | Table output format \(html or markdown\). Defaults to markdown. |
@@ -51,13 +50,6 @@ Parse PDF documents using Reducto OCR API
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `job_id` | string | Unique identifier for the processing job |
-| `duration` | number | Processing time in seconds |
-| `usage` | json | Resource consumption data |
-| `result` | json | Parsed document content with chunks and blocks |
-| `pdf_url` | string | Storage URL of converted PDF |
-| `studio_link` | string | Link to Reducto studio interface |
+This tool does not produce any outputs.
 
 

apps/docs/content/docs/en/tools/s3.mdx

@@ -78,6 +78,7 @@ Retrieve an object from an AWS S3 bucket
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `url` | string | Pre-signed URL for downloading the S3 object |
+| `file` | file | Downloaded file stored in execution files |
 | `metadata` | object | File metadata including type, size, name, and last modified date |
 
 ### `s3_list_objects`

apps/docs/content/docs/en/tools/sendgrid.mdx

@@ -62,7 +62,7 @@ Send an email using SendGrid API
 | `bcc` | string | No | BCC email address |
 | `replyTo` | string | No | Reply-to email address |
 | `replyToName` | string | No | Reply-to name |
-| `attachments` | file[] | No | Files to attach to the email as an array of attachment objects |
+| `attachments` | file[] | No | Files to attach to the email \(UserFile objects\) |
 | `templateId` | string | No | SendGrid template ID to use |
 | `dynamicTemplateData` | json | No | JSON object of dynamic template data |
 

apps/docs/content/docs/en/tools/sftp.mdx

@@ -97,6 +97,7 @@ Download a file from a remote SFTP server
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `success` | boolean | Whether the download was successful |
+| `file` | file | Downloaded file stored in execution files |
 | `fileName` | string | Name of the downloaded file |
 | `content` | string | File content \(text or base64 encoded\) |
 | `size` | number | File size in bytes |

apps/docs/content/docs/en/tools/slack.mdx

@@ -144,6 +144,7 @@ Send messages to Slack channels or direct messages. Supports Slack mrkdwn format
 | `ts` | string | Message timestamp |
 | `channel` | string | Channel ID where message was sent |
 | `fileCount` | number | Number of files uploaded \(when files are attached\) |
+| `files` | file[] | Files attached to the message |
 
 ### `slack_canvas`
 

apps/docs/content/docs/en/tools/ssh.mdx

@@ -170,6 +170,7 @@ Download a file from a remote SSH server
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `downloaded` | boolean | Whether the file was downloaded successfully |
+| `file` | file | Downloaded file stored in execution files |
 | `fileContent` | string | File content \(base64 encoded for binary files\) |
 | `fileName` | string | Name of the downloaded file |
 | `remotePath` | string | Source path on the remote server |

apps/docs/content/docs/en/tools/stt.mdx

@@ -6,7 +6,7 @@ description: Convert speech to text using AI
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="stt"
+  type="stt_v2"
   color="#181C1E"
 />
 
@@ -50,8 +50,6 @@ Transcribe audio and video files to text using leading AI providers. Supports mu
 
 ### `stt_whisper`
 
-Transcribe audio to text using OpenAI Whisper
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -71,22 +69,10 @@ Transcribe audio to text using OpenAI Whisper
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `transcript` | string | Full transcribed text |
-| `segments` | array | Timestamped segments |
-|   ↳ `text` | string | Transcribed text for this segment |
-|   ↳ `start` | number | Start time in seconds |
-|   ↳ `end` | number | End time in seconds |
-|   ↳ `speaker` | string | Speaker identifier \(if diarization enabled\) |
-|   ↳ `confidence` | number | Confidence score \(0-1\) |
-| `language` | string | Detected or specified language |
-| `duration` | number | Audio duration in seconds |
+This tool does not produce any outputs.
 
 ### `stt_deepgram`
 
-Transcribe audio to text using Deepgram
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -103,23 +89,10 @@ Transcribe audio to text using Deepgram
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `transcript` | string | Full transcribed text |
-| `segments` | array | Timestamped segments with speaker labels |
-|   ↳ `text` | string | Transcribed text for this segment |
-|   ↳ `start` | number | Start time in seconds |
-|   ↳ `end` | number | End time in seconds |
-|   ↳ `speaker` | string | Speaker identifier \(if diarization enabled\) |
-|   ↳ `confidence` | number | Confidence score \(0-1\) |
-| `language` | string | Detected or specified language |
-| `duration` | number | Audio duration in seconds |
-| `confidence` | number | Overall confidence score |
+This tool does not produce any outputs.
 
 ### `stt_elevenlabs`
 
-Transcribe audio to text using ElevenLabs
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -135,18 +108,10 @@ Transcribe audio to text using ElevenLabs
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `transcript` | string | Full transcribed text |
-| `segments` | array | Timestamped segments |
-| `language` | string | Detected or specified language |
-| `duration` | number | Audio duration in seconds |
-| `confidence` | number | Overall confidence score |
+This tool does not produce any outputs.
 
 ### `stt_assemblyai`
 
-Transcribe audio to text using AssemblyAI with advanced NLP features
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -167,35 +132,10 @@ Transcribe audio to text using AssemblyAI with advanced NLP features
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `transcript` | string | Full transcribed text |
-| `segments` | array | Timestamped segments with speaker labels |
-|   ↳ `text` | string | Transcribed text for this segment |
-|   ↳ `start` | number | Start time in seconds |
-|   ↳ `end` | number | End time in seconds |
-|   ↳ `speaker` | string | Speaker identifier \(if diarization enabled\) |
-|   ↳ `confidence` | number | Confidence score \(0-1\) |
-| `language` | string | Detected or specified language |
-| `duration` | number | Audio duration in seconds |
-| `confidence` | number | Overall confidence score |
-| `sentiment` | array | Sentiment analysis results |
-|   ↳ `text` | string | Text that was analyzed |
-|   ↳ `sentiment` | string | Sentiment \(POSITIVE, NEGATIVE, NEUTRAL\) |
-|   ↳ `confidence` | number | Confidence score |
-|   ↳ `start` | number | Start time in milliseconds |
-|   ↳ `end` | number | End time in milliseconds |
-| `entities` | array | Detected entities |
-|   ↳ `entity_type` | string | Entity type \(e.g., person_name, location, organization\) |
-|   ↳ `text` | string | Entity text |
-|   ↳ `start` | number | Start time in milliseconds |
-|   ↳ `end` | number | End time in milliseconds |
-| `summary` | string | Auto-generated summary |
+This tool does not produce any outputs.
 
 ### `stt_gemini`
 
-Transcribe audio to text using Google Gemini with multimodal capabilities
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -211,12 +151,6 @@ Transcribe audio to text using Google Gemini with multimodal capabilities
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `transcript` | string | Full transcribed text |
-| `segments` | array | Timestamped segments |
-| `language` | string | Detected or specified language |
-| `duration` | number | Audio duration in seconds |
-| `confidence` | number | Overall confidence score |
+This tool does not produce any outputs.
 
 

apps/docs/content/docs/en/tools/telegram.mdx

@@ -354,6 +354,7 @@ Send documents (PDF, ZIP, DOC, etc.) to Telegram channels or users through the T
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `message` | string | Success or error message |
+| `files` | file[] | Files attached to the message |
 | `data` | object | Telegram message data including document |
 |   ↳ `message_id` | number | Unique Telegram message identifier |
 |   ↳ `from` | object | Information about the sender |

apps/docs/content/docs/en/tools/textract.mdx

@@ -6,7 +6,7 @@ description: Extract text, tables, and forms from documents
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="textract"
+  type="textract_v2"
   color="linear-gradient(135deg, #055F4E 0%, #56C0A7 100%)"
 />
 
@@ -35,8 +35,6 @@ Integrate AWS Textract into your workflow to extract text, tables, forms, and ke
 
 ### `textract_parser`
 
-Parse documents using AWS Textract OCR and document analysis
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -46,8 +44,8 @@ Parse documents using AWS Textract OCR and document analysis
 | `region` | string | Yes | AWS region for Textract service \(e.g., us-east-1\) |
 | `processingMode` | string | No | Document type: single-page or multi-page. Defaults to single-page. |
 | `filePath` | string | No | URL to a document to be processed \(JPEG, PNG, or single-page PDF\). |
+| `file` | file | No | Document file to be processed \(JPEG, PNG, or single-page PDF\). |
 | `s3Uri` | string | No | S3 URI for multi-page processing \(s3://bucket/key\). |
-| `fileUpload` | object | No | File upload data from file-upload component |
 | `featureTypes` | array | No | Feature types to detect: TABLES, FORMS, QUERIES, SIGNATURES, LAYOUT. If not specified, only text detection is performed. |
 | `items` | string | No | Feature type |
 | `queries` | array | No | Custom queries to extract specific information. Only used when featureTypes includes QUERIES. |
@@ -58,39 +56,6 @@ Parse documents using AWS Textract OCR and document analysis
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `blocks` | array | Array of Block objects containing detected text, tables, forms, and other elements |
-|   ↳ `BlockType` | string | Type of block \(PAGE, LINE, WORD, TABLE, CELL, KEY_VALUE_SET, etc.\) |
-|   ↳ `Id` | string | Unique identifier for the block |
-|   ↳ `Text` | string | The text content \(for LINE and WORD blocks\) |
-|   ↳ `TextType` | string | Type of text \(PRINTED or HANDWRITING\) |
-|   ↳ `Confidence` | number | Confidence score \(0-100\) |
-|   ↳ `Page` | number | Page number |
-|   ↳ `Geometry` | object | Location and bounding box information |
-|     ↳ `BoundingBox` | object | Height as ratio of document height |
-|       ↳ `Height` | number | Height as ratio of document height |
-|       ↳ `Left` | number | Left position as ratio of document width |
-|       ↳ `Top` | number | Top position as ratio of document height |
-|       ↳ `Width` | number | Width as ratio of document width |
-|     ↳ `Polygon` | array | Polygon coordinates |
-|       ↳ `X` | number | X coordinate |
-|       ↳ `Y` | number | Y coordinate |
-|   ↳ `Relationships` | array | Relationships to other blocks |
-|     ↳ `Type` | string | Relationship type \(CHILD, VALUE, ANSWER, etc.\) |
-|     ↳ `Ids` | array | IDs of related blocks |
-|   ↳ `EntityTypes` | array | Entity types for KEY_VALUE_SET \(KEY or VALUE\) |
-|   ↳ `SelectionStatus` | string | For checkboxes: SELECTED or NOT_SELECTED |
-|   ↳ `RowIndex` | number | Row index for table cells |
-|   ↳ `ColumnIndex` | number | Column index for table cells |
-|   ↳ `RowSpan` | number | Row span for merged cells |
-|   ↳ `ColumnSpan` | number | Column span for merged cells |
-|   ↳ `Query` | object | Query information for QUERY blocks |
-|     ↳ `Text` | string | Query text |
-|     ↳ `Alias` | string | Query alias |
-|     ↳ `Pages` | array | Pages to search |
-| `documentMetadata` | object | Metadata about the analyzed document |
-|   ↳ `pages` | number | Number of pages in the document |
-| `modelVersion` | string | Version of the Textract model used for processing |
+This tool does not produce any outputs.
 
 

apps/docs/content/docs/en/tools/twilio_voice.mdx

@@ -122,6 +122,7 @@ Retrieve call recording information and transcription (if enabled via TwiML).
 | `channels` | number | Number of channels \(1 for mono, 2 for dual\) |
 | `source` | string | How the recording was created |
 | `mediaUrl` | string | URL to download the recording media file |
+| `file` | file | Downloaded recording media file |
 | `price` | string | Cost of the recording |
 | `priceUnit` | string | Currency of the price |
 | `uri` | string | Relative URI of the recording resource |

apps/docs/content/docs/en/tools/typeform.mdx

@@ -75,6 +75,7 @@ Download files uploaded in Typeform responses
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `fileUrl` | string | Direct download URL for the uploaded file |
+| `file` | file | Downloaded file stored in execution files |
 | `contentType` | string | MIME type of the uploaded file |
 | `filename` | string | Original filename of the uploaded file |
 

apps/docs/content/docs/en/tools/video_generator.mdx

@@ -57,14 +57,14 @@ Generate videos using Runway Gen-4 with world consistency and visual references
 | `duration` | number | No | Video duration in seconds \(5 or 10, default: 5\) |
 | `aspectRatio` | string | No | Aspect ratio: 16:9 \(landscape\), 9:16 \(portrait\), or 1:1 \(square\) |
 | `resolution` | string | No | Video resolution \(720p output\). Note: Gen-4 Turbo outputs at 720p natively |
-| `visualReference` | json | Yes | Reference image REQUIRED for Gen-4 \(UserFile object\). Gen-4 only supports image-to-video, not text-only generation |
+| `visualReference` | file | Yes | Reference image REQUIRED for Gen-4 \(UserFile object\). Gen-4 only supports image-to-video, not text-only generation |
 
 #### Output
 
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `videoUrl` | string | Generated video URL |
-| `videoFile` | json | Video file object with metadata |
+| `videoFile` | file | Video file object with metadata |
 | `duration` | number | Video duration in seconds |
 | `width` | number | Video width in pixels |
 | `height` | number | Video height in pixels |
@@ -93,7 +93,7 @@ Generate videos using Google Veo 3/3.1 with native audio generation
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `videoUrl` | string | Generated video URL |
-| `videoFile` | json | Video file object with metadata |
+| `videoFile` | file | Video file object with metadata |
 | `duration` | number | Video duration in seconds |
 | `width` | number | Video width in pixels |
 | `height` | number | Video height in pixels |
@@ -123,7 +123,7 @@ Generate videos using Luma Dream Machine with advanced camera controls
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `videoUrl` | string | Generated video URL |
-| `videoFile` | json | Video file object with metadata |
+| `videoFile` | file | Video file object with metadata |
 | `duration` | number | Video duration in seconds |
 | `width` | number | Video width in pixels |
 | `height` | number | Video height in pixels |
@@ -151,7 +151,7 @@ Generate videos using MiniMax Hailuo through MiniMax Platform API with advanced
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `videoUrl` | string | Generated video URL |
-| `videoFile` | json | Video file object with metadata |
+| `videoFile` | file | Video file object with metadata |
 | `duration` | number | Video duration in seconds |
 | `width` | number | Video width in pixels |
 | `height` | number | Video height in pixels |
@@ -181,7 +181,7 @@ Generate videos using Fal.ai platform with access to multiple models including V
 | Parameter | Type | Description |
 | --------- | ---- | ----------- |
 | `videoUrl` | string | Generated video URL |
-| `videoFile` | json | Video file object with metadata |
+| `videoFile` | file | Video file object with metadata |
 | `duration` | number | Video duration in seconds |
 | `width` | number | Video width in pixels |
 | `height` | number | Video height in pixels |

apps/docs/content/docs/en/tools/vision.mdx

@@ -6,7 +6,7 @@ description: Analyze images with vision models
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="vision"
+  type="vision_v2"
   color="#4D5FFF"
 />
 
@@ -35,8 +35,6 @@ Integrate Vision into the workflow. Can analyze images with vision models.
 
 ### `vision_tool`
 
-Process and analyze images using advanced vision models. Capable of understanding image content, extracting text, identifying objects, and providing detailed visual descriptions.
-
 #### Input
 
 | Parameter | Type | Required | Description |
@@ -49,14 +47,6 @@ Process and analyze images using advanced vision models. Capable of understandin
 
 #### Output
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| `content` | string | The analyzed content and description of the image |
-| `model` | string | The vision model that was used for analysis |
-| `tokens` | number | Total tokens used for the analysis |
-| `usage` | object | Detailed token usage breakdown |
-|   ↳ `input_tokens` | number | Tokens used for input processing |
-|   ↳ `output_tokens` | number | Tokens used for response generation |
-|   ↳ `total_tokens` | number | Total tokens consumed |
+This tool does not produce any outputs.
 
 

apps/docs/content/docs/en/tools/zoom.mdx

@@ -335,6 +335,7 @@ Get all recordings for a specific Zoom meeting
 | `meetingId` | string | Yes | The meeting ID or meeting UUID \(e.g., "1234567890" or "4444AAABBBccccc12345=="\) |
 | `includeFolderItems` | boolean | No | Include items within a folder |
 | `ttl` | number | No | Time to live for download URLs in seconds \(max 604800\) |
+| `downloadFiles` | boolean | No | Download recording files into file outputs |
 
 #### Output
 
@@ -364,6 +365,7 @@ Get all recordings for a specific Zoom meeting
 |     ↳ `download_url` | string | URL to download the recording |
 |     ↳ `status` | string | Recording status |
 |     ↳ `recording_type` | string | Type of recording \(shared_screen, audio_only, etc.\) |
+| `files` | file[] | Downloaded recording files |
 
 ### `zoom_delete_recording`
 

apps/docs/content/docs/es/tools/file.mdx

@@ -6,7 +6,7 @@ description: Leer y analizar múltiples archivos
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file"
+  type="file_v3"
   color="#40916C"
 />
 

apps/docs/content/docs/es/tools/fireflies.mdx

@@ -6,7 +6,7 @@ description: Interactúa con transcripciones y grabaciones de reuniones de Firef
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/es/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: Extraer texto de documentos PDF
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse"
+  type="mistral_parse_v3"
   color="#000000"
 />
 

apps/docs/content/docs/fr/tools/file.mdx

@@ -6,7 +6,7 @@ description: Lire et analyser plusieurs fichiers
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file"
+  type="file_v3"
   color="#40916C"
 />
 

apps/docs/content/docs/fr/tools/fireflies.mdx

@@ -7,7 +7,7 @@ description: Interagissez avec les transcriptions et enregistrements de réunion
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/fr/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: Extraire du texte à partir de documents PDF
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse"
+  type="mistral_parse_v3"
   color="#000000"
 />
 

apps/docs/content/docs/ja/tools/file.mdx

@@ -6,7 +6,7 @@ description: 複数のファイルを読み込んで解析する
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file"
+  type="file_v3"
   color="#40916C"
 />
 

apps/docs/content/docs/ja/tools/fireflies.mdx

@@ -6,7 +6,7 @@ description: Fireflies.aiの会議文字起こしと録画を操作
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/ja/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: PDFドキュメントからテキストを抽出する
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse"
+  type="mistral_parse_v3"
   color="#000000"
 />
 

apps/docs/content/docs/zh/tools/file.mdx

@@ -6,7 +6,7 @@ description: 读取并解析多个文件
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="file"
+  type="file_v3"
   color="#40916C"
 />
 

apps/docs/content/docs/zh/tools/fireflies.mdx

@@ -6,7 +6,7 @@ description: 与 Fireflies.ai 会议转录和录音进行交互
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="fireflies"
+  type="fireflies_v2"
   color="#100730"
 />
 

apps/docs/content/docs/zh/tools/mistral_parse.mdx

@@ -6,7 +6,7 @@ description: 从 PDF 文档中提取文本
 import { BlockInfoCard } from "@/components/ui/block-info-card"
 
 <BlockInfoCard 
-  type="mistral_parse"
+  type="mistral_parse_v3"
   color="#000000"
 />
 

apps/sim/app/(auth)/components/support-footer.tsx

@@ -1,7 +1,7 @@
 'use client'
 
-import { useBrandConfig } from '@/lib/branding/branding'
 import { inter } from '@/app/_styles/fonts/inter/inter'
+import { useBrandConfig } from '@/ee/whitelabeling'
 
 export interface SupportFooterProps {
   /** Position style - 'fixed' for pages without AuthLayout, 'absolute' for pages with AuthLayout */

apps/sim/app/(auth)/sso/page.tsx

@@ -1,6 +1,6 @@
 import { redirect } from 'next/navigation'
 import { getEnv, isTruthy } from '@/lib/core/config/env'
-import SSOForm from '@/app/(auth)/sso/sso-form'
+import SSOForm from '@/ee/sso/components/sso-form'
 
 export const dynamic = 'force-dynamic'
 

apps/sim/app/(landing)/components/landing-pricing/landing-pricing.tsx

@@ -11,7 +11,7 @@ import {
   Database,
   DollarSign,
   HardDrive,
-  Workflow,
+  Timer,
 } from 'lucide-react'
 import { useRouter } from 'next/navigation'
 import { cn } from '@/lib/core/utils/cn'
@@ -44,7 +44,7 @@ interface PricingTier {
 const FREE_PLAN_FEATURES: PricingFeature[] = [
   { icon: DollarSign, text: '$20 usage limit' },
   { icon: HardDrive, text: '5GB file storage' },
-  { icon: Workflow, text: 'Public template access' },
+  { icon: Timer, text: '5 min execution limit' },
   { icon: Database, text: 'Limited log retention' },
   { icon: Code2, text: 'CLI/SDK Access' },
 ]

apps/sim/app/(landing)/components/nav/nav.tsx

@@ -7,10 +7,10 @@ import Image from 'next/image'
 import Link from 'next/link'
 import { useRouter } from 'next/navigation'
 import { GithubIcon } from '@/components/icons'
-import { useBrandConfig } from '@/lib/branding/branding'
 import { isHosted } from '@/lib/core/config/feature-flags'
 import { soehne } from '@/app/_styles/fonts/soehne/soehne'
 import { getFormattedGitHubStars } from '@/app/(landing)/actions/github'
+import { useBrandConfig } from '@/ee/whitelabeling'
 import { useBrandedButtonClass } from '@/hooks/use-branded-button-class'
 
 const logger = createLogger('nav')

apps/sim/app/api/a2a/serve/[agentId]/route.ts

@@ -14,9 +14,8 @@ import {
   parseWorkflowSSEChunk,
 } from '@/lib/a2a/utils'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
-import { getBrandConfig } from '@/lib/branding/branding'
 import { acquireLock, getRedisClient, releaseLock } from '@/lib/core/config/redis'
-import { validateExternalUrl } from '@/lib/core/security/input-validation'
+import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { SSE_HEADERS } from '@/lib/core/utils/sse'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { markExecutionCancelled } from '@/lib/execution/cancellation'
@@ -35,6 +34,7 @@ import {
   type PushNotificationSetParams,
   type TaskIdParams,
 } from '@/app/api/a2a/serve/[agentId]/utils'
+import { getBrandConfig } from '@/ee/whitelabeling'
 
 const logger = createLogger('A2AServeAPI')
 
@@ -1119,7 +1119,7 @@ async function handlePushNotificationSet(
     )
   }
 
-  const urlValidation = validateExternalUrl(
+  const urlValidation = await validateUrlWithDNS(
     params.pushNotificationConfig.url,
     'Push notification URL'
   )

apps/sim/app/api/copilot/api-keys/generate/route.ts

@@ -1,7 +1,7 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
-import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
 import { env } from '@/lib/core/config/env'
 
 const GenerateApiKeySchema = z.object({
@@ -17,9 +17,6 @@ export async function POST(req: NextRequest) {
 
     const userId = session.user.id
 
-    // Move environment variable access inside the function
-    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
     const body = await req.json().catch(() => ({}))
     const validationResult = GenerateApiKeySchema.safeParse(body)
 

apps/sim/app/api/copilot/api-keys/route.ts

@@ -1,6 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
-import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
 import { env } from '@/lib/core/config/env'
 
 export async function GET(request: NextRequest) {
@@ -12,8 +12,6 @@ export async function GET(request: NextRequest) {
 
     const userId = session.user.id
 
-    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
     const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key/get-api-keys`, {
       method: 'POST',
       headers: {
@@ -68,8 +66,6 @@ export async function DELETE(request: NextRequest) {
       return NextResponse.json({ error: 'id is required' }, { status: 400 })
     }
 
-    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
     const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key/delete`, {
       method: 'POST',
       headers: {

apps/sim/app/api/copilot/chat/stream/route.ts

@@ -0,0 +1,130 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import {
+  getStreamMeta,
+  readStreamEvents,
+  type StreamMeta,
+} from '@/lib/copilot/orchestrator/stream-buffer'
+import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
+import { SSE_HEADERS } from '@/lib/core/utils/sse'
+
+const logger = createLogger('CopilotChatStreamAPI')
+const POLL_INTERVAL_MS = 250
+const MAX_STREAM_MS = 10 * 60 * 1000
+
+function encodeEvent(event: Record<string, any>): Uint8Array {
+  return new TextEncoder().encode(`data: ${JSON.stringify(event)}\n\n`)
+}
+
+export async function GET(request: NextRequest) {
+  const { userId: authenticatedUserId, isAuthenticated } =
+    await authenticateCopilotRequestSessionOnly()
+
+  if (!isAuthenticated || !authenticatedUserId) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const url = new URL(request.url)
+  const streamId = url.searchParams.get('streamId') || ''
+  const fromParam = url.searchParams.get('from') || '0'
+  const fromEventId = Number(fromParam || 0)
+  // If batch=true, return buffered events as JSON instead of SSE
+  const batchMode = url.searchParams.get('batch') === 'true'
+  const toParam = url.searchParams.get('to')
+  const toEventId = toParam ? Number(toParam) : undefined
+
+  if (!streamId) {
+    return NextResponse.json({ error: 'streamId is required' }, { status: 400 })
+  }
+
+  const meta = (await getStreamMeta(streamId)) as StreamMeta | null
+  logger.info('[Resume] Stream lookup', {
+    streamId,
+    fromEventId,
+    toEventId,
+    batchMode,
+    hasMeta: !!meta,
+    metaStatus: meta?.status,
+  })
+  if (!meta) {
+    return NextResponse.json({ error: 'Stream not found' }, { status: 404 })
+  }
+  if (meta.userId && meta.userId !== authenticatedUserId) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
+  }
+
+  // Batch mode: return all buffered events as JSON
+  if (batchMode) {
+    const events = await readStreamEvents(streamId, fromEventId)
+    const filteredEvents = toEventId ? events.filter((e) => e.eventId <= toEventId) : events
+    logger.info('[Resume] Batch response', {
+      streamId,
+      fromEventId,
+      toEventId,
+      eventCount: filteredEvents.length,
+    })
+    return NextResponse.json({
+      success: true,
+      events: filteredEvents,
+      status: meta.status,
+    })
+  }
+
+  const startTime = Date.now()
+
+  const stream = new ReadableStream({
+    async start(controller) {
+      let lastEventId = Number.isFinite(fromEventId) ? fromEventId : 0
+
+      const flushEvents = async () => {
+        const events = await readStreamEvents(streamId, lastEventId)
+        if (events.length > 0) {
+          logger.info('[Resume] Flushing events', {
+            streamId,
+            fromEventId: lastEventId,
+            eventCount: events.length,
+          })
+        }
+        for (const entry of events) {
+          lastEventId = entry.eventId
+          const payload = {
+            ...entry.event,
+            eventId: entry.eventId,
+            streamId: entry.streamId,
+          }
+          controller.enqueue(encodeEvent(payload))
+        }
+      }
+
+      try {
+        await flushEvents()
+
+        while (Date.now() - startTime < MAX_STREAM_MS) {
+          const currentMeta = await getStreamMeta(streamId)
+          if (!currentMeta) break
+
+          await flushEvents()
+
+          if (currentMeta.status === 'complete' || currentMeta.status === 'error') {
+            break
+          }
+
+          if (request.signal.aborted) {
+            break
+          }
+
+          await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS))
+        }
+      } catch (error) {
+        logger.warn('Stream replay failed', {
+          streamId,
+          error: error instanceof Error ? error.message : String(error),
+        })
+      } finally {
+        controller.close()
+      }
+    },
+  })
+
+  return new Response(stream, { headers: SSE_HEADERS })
+}

apps/sim/app/api/copilot/confirm/route.ts

@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { REDIS_TOOL_CALL_PREFIX, REDIS_TOOL_CALL_TTL_SECONDS } from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -23,7 +24,8 @@ const ConfirmationSchema = z.object({
 })
 
 /**
- * Update tool call status in Redis
+ * Write the user's tool decision to Redis. The server-side orchestrator's
+ * waitForToolDecision() polls Redis for this value.
  */
 async function updateToolCallStatus(
   toolCallId: string,
@@ -32,57 +34,24 @@ async function updateToolCallStatus(
 ): Promise<boolean> {
   const redis = getRedisClient()
   if (!redis) {
-    logger.warn('updateToolCallStatus: Redis client not available')
+    logger.warn('Redis client not available for tool confirmation')
     return false
   }
 
   try {
-    const key = `tool_call:${toolCallId}`
-    const timeout = 600000 // 10 minutes timeout for user confirmation
-    const pollInterval = 100 // Poll every 100ms
-    const startTime = Date.now()
-
-    logger.info('Polling for tool call in Redis', { toolCallId, key, timeout })
-
-    // Poll until the key exists or timeout
-    while (Date.now() - startTime < timeout) {
-      const exists = await redis.exists(key)
-      if (exists) {
-        break
-      }
-
-      // Wait before next poll
-      await new Promise((resolve) => setTimeout(resolve, pollInterval))
-    }
-
-    // Final check if key exists after polling
-    const exists = await redis.exists(key)
-    if (!exists) {
-      logger.warn('Tool call not found in Redis after polling timeout', {
-        toolCallId,
-        key,
-        timeout,
-        pollDuration: Date.now() - startTime,
-      })
-      return false
-    }
-
-    // Store both status and message as JSON
-    const toolCallData = {
+    const key = `${REDIS_TOOL_CALL_PREFIX}${toolCallId}`
+    const payload = {
       status,
       message: message || null,
       timestamp: new Date().toISOString(),
     }
-
-    await redis.set(key, JSON.stringify(toolCallData), 'EX', 86400) // Keep 24 hour expiry
-
+    await redis.set(key, JSON.stringify(payload), 'EX', REDIS_TOOL_CALL_TTL_SECONDS)
     return true
   } catch (error) {
-    logger.error('Failed to update tool call status in Redis', {
+    logger.error('Failed to update tool call status', {
       toolCallId,
       status,
-      message,
-      error: error instanceof Error ? error.message : 'Unknown error',
+      error: error instanceof Error ? error.message : String(error),
     })
     return false
   }

apps/sim/app/api/copilot/credentials/route.ts

@@ -0,0 +1,28 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { authenticateCopilotRequestSessionOnly } from '@/lib/copilot/request-helpers'
+import { routeExecution } from '@/lib/copilot/tools/server/router'
+
+/**
+ * GET /api/copilot/credentials
+ * Returns connected OAuth credentials for the authenticated user.
+ * Used by the copilot store for credential masking.
+ */
+export async function GET(_req: NextRequest) {
+  const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
+  if (!isAuthenticated || !userId) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const result = await routeExecution('get_credentials', {}, { userId })
+    return NextResponse.json({ success: true, result })
+  } catch (error) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: error instanceof Error ? error.message : 'Failed to load credentials',
+      },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/copilot/execute-copilot-server-tool/route.ts

@@ -1,54 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import {
-  authenticateCopilotRequestSessionOnly,
-  createBadRequestResponse,
-  createInternalServerErrorResponse,
-  createRequestTracker,
-  createUnauthorizedResponse,
-} from '@/lib/copilot/request-helpers'
-import { routeExecution } from '@/lib/copilot/tools/server/router'
-
-const logger = createLogger('ExecuteCopilotServerToolAPI')
-
-const ExecuteSchema = z.object({
-  toolName: z.string(),
-  payload: z.unknown().optional(),
-})
-
-export async function POST(req: NextRequest) {
-  const tracker = createRequestTracker()
-  try {
-    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
-    if (!isAuthenticated || !userId) {
-      return createUnauthorizedResponse()
-    }
-
-    const body = await req.json()
-    try {
-      const preview = JSON.stringify(body).slice(0, 300)
-      logger.debug(`[${tracker.requestId}] Incoming request body preview`, { preview })
-    } catch {}
-
-    const { toolName, payload } = ExecuteSchema.parse(body)
-
-    logger.info(`[${tracker.requestId}] Executing server tool`, { toolName })
-    const result = await routeExecution(toolName, payload, { userId })
-
-    try {
-      const resultPreview = JSON.stringify(result).slice(0, 300)
-      logger.debug(`[${tracker.requestId}] Server tool result preview`, { toolName, resultPreview })
-    } catch {}
-
-    return NextResponse.json({ success: true, result })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      logger.debug(`[${tracker.requestId}] Zod validation error`, { issues: error.issues })
-      return createBadRequestResponse('Invalid request body for execute-copilot-server-tool')
-    }
-    logger.error(`[${tracker.requestId}] Failed to execute server tool:`, error)
-    const errorMessage = error instanceof Error ? error.message : 'Failed to execute server tool'
-    return createInternalServerErrorResponse(errorMessage)
-  }
-}

apps/sim/app/api/copilot/execute-tool/route.ts

@@ -1,247 +0,0 @@
-import { db } from '@sim/db'
-import { account, workflow } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getSession } from '@/lib/auth'
-import {
-  createBadRequestResponse,
-  createInternalServerErrorResponse,
-  createRequestTracker,
-  createUnauthorizedResponse,
-} from '@/lib/copilot/request-helpers'
-import { generateRequestId } from '@/lib/core/utils/request'
-import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
-import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-import { resolveEnvVarReferences } from '@/executor/utils/reference-validation'
-import { executeTool } from '@/tools'
-import { getTool, resolveToolId } from '@/tools/utils'
-
-const logger = createLogger('CopilotExecuteToolAPI')
-
-const ExecuteToolSchema = z.object({
-  toolCallId: z.string(),
-  toolName: z.string(),
-  arguments: z.record(z.any()).optional().default({}),
-  workflowId: z.string().optional(),
-})
-
-export async function POST(req: NextRequest) {
-  const tracker = createRequestTracker()
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      return createUnauthorizedResponse()
-    }
-
-    const userId = session.user.id
-    const body = await req.json()
-
-    try {
-      const preview = JSON.stringify(body).slice(0, 300)
-      logger.debug(`[${tracker.requestId}] Incoming execute-tool request`, { preview })
-    } catch {}
-
-    const { toolCallId, toolName, arguments: toolArgs, workflowId } = ExecuteToolSchema.parse(body)
-
-    const resolvedToolName = resolveToolId(toolName)
-
-    logger.info(`[${tracker.requestId}] Executing tool`, {
-      toolCallId,
-      toolName,
-      resolvedToolName,
-      workflowId,
-      hasArgs: Object.keys(toolArgs).length > 0,
-    })
-
-    const toolConfig = getTool(resolvedToolName)
-    if (!toolConfig) {
-      // Find similar tool names to help debug
-      const { tools: allTools } = await import('@/tools/registry')
-      const allToolNames = Object.keys(allTools)
-      const prefix = toolName.split('_').slice(0, 2).join('_')
-      const similarTools = allToolNames
-        .filter((name) => name.startsWith(`${prefix.split('_')[0]}_`))
-        .slice(0, 10)
-
-      logger.warn(`[${tracker.requestId}] Tool not found in registry`, {
-        toolName,
-        prefix,
-        similarTools,
-        totalToolsInRegistry: allToolNames.length,
-      })
-      return NextResponse.json(
-        {
-          success: false,
-          error: `Tool not found: ${toolName}. Similar tools: ${similarTools.join(', ')}`,
-          toolCallId,
-        },
-        { status: 404 }
-      )
-    }
-
-    // Get the workspaceId from the workflow (env vars are stored at workspace level)
-    let workspaceId: string | undefined
-    if (workflowId) {
-      const workflowResult = await db
-        .select({ workspaceId: workflow.workspaceId })
-        .from(workflow)
-        .where(eq(workflow.id, workflowId))
-        .limit(1)
-      workspaceId = workflowResult[0]?.workspaceId ?? undefined
-    }
-
-    // Get decrypted environment variables early so we can resolve all {{VAR}} references
-    const decryptedEnvVars = await getEffectiveDecryptedEnv(userId, workspaceId)
-
-    logger.info(`[${tracker.requestId}] Fetched environment variables`, {
-      workflowId,
-      workspaceId,
-      envVarCount: Object.keys(decryptedEnvVars).length,
-      envVarKeys: Object.keys(decryptedEnvVars),
-    })
-
-    // Build execution params starting with LLM-provided arguments
-    // Resolve all {{ENV_VAR}} references in the arguments (deep for nested objects)
-    const executionParams: Record<string, any> = resolveEnvVarReferences(
-      toolArgs,
-      decryptedEnvVars,
-      { deep: true }
-    ) as Record<string, any>
-
-    logger.info(`[${tracker.requestId}] Resolved env var references in arguments`, {
-      toolName,
-      originalArgKeys: Object.keys(toolArgs),
-      resolvedArgKeys: Object.keys(executionParams),
-    })
-
-    // Resolve OAuth access token if required
-    if (toolConfig.oauth?.required && toolConfig.oauth.provider) {
-      const provider = toolConfig.oauth.provider
-      logger.info(`[${tracker.requestId}] Resolving OAuth token`, { provider })
-
-      try {
-        // Find the account for this provider and user
-        const accounts = await db
-          .select()
-          .from(account)
-          .where(and(eq(account.providerId, provider), eq(account.userId, userId)))
-          .limit(1)
-
-        if (accounts.length > 0) {
-          const acc = accounts[0]
-          const requestId = generateRequestId()
-          const { accessToken } = await refreshTokenIfNeeded(requestId, acc as any, acc.id)
-
-          if (accessToken) {
-            executionParams.accessToken = accessToken
-            logger.info(`[${tracker.requestId}] OAuth token resolved`, { provider })
-          } else {
-            logger.warn(`[${tracker.requestId}] No access token available`, { provider })
-            return NextResponse.json(
-              {
-                success: false,
-                error: `OAuth token not available for ${provider}. Please reconnect your account.`,
-                toolCallId,
-              },
-              { status: 400 }
-            )
-          }
-        } else {
-          logger.warn(`[${tracker.requestId}] No account found for provider`, { provider })
-          return NextResponse.json(
-            {
-              success: false,
-              error: `No ${provider} account connected. Please connect your account first.`,
-              toolCallId,
-            },
-            { status: 400 }
-          )
-        }
-      } catch (error) {
-        logger.error(`[${tracker.requestId}] Failed to resolve OAuth token`, {
-          provider,
-          error: error instanceof Error ? error.message : String(error),
-        })
-        return NextResponse.json(
-          {
-            success: false,
-            error: `Failed to get OAuth token for ${provider}`,
-            toolCallId,
-          },
-          { status: 500 }
-        )
-      }
-    }
-
-    // Check if tool requires an API key that wasn't resolved via {{ENV_VAR}} reference
-    const needsApiKey = toolConfig.params?.apiKey?.required
-
-    if (needsApiKey && !executionParams.apiKey) {
-      logger.warn(`[${tracker.requestId}] No API key found for tool`, { toolName })
-      return NextResponse.json(
-        {
-          success: false,
-          error: `API key not provided for ${toolName}. Use {{YOUR_API_KEY_ENV_VAR}} to reference your environment variable.`,
-          toolCallId,
-        },
-        { status: 400 }
-      )
-    }
-
-    // Add execution context
-    executionParams._context = {
-      workflowId,
-      userId,
-    }
-
-    // Special handling for function_execute - inject environment variables
-    if (toolName === 'function_execute') {
-      executionParams.envVars = decryptedEnvVars
-      executionParams.workflowVariables = {} // No workflow variables in copilot context
-      executionParams.blockData = {} // No block data in copilot context
-      executionParams.blockNameMapping = {} // No block mapping in copilot context
-      executionParams.language = executionParams.language || 'javascript'
-      executionParams.timeout = executionParams.timeout || 30000
-
-      logger.info(`[${tracker.requestId}] Injected env vars for function_execute`, {
-        envVarCount: Object.keys(decryptedEnvVars).length,
-      })
-    }
-
-    // Execute the tool
-    logger.info(`[${tracker.requestId}] Executing tool with resolved credentials`, {
-      toolName,
-      hasAccessToken: !!executionParams.accessToken,
-      hasApiKey: !!executionParams.apiKey,
-    })
-
-    const result = await executeTool(resolvedToolName, executionParams)
-
-    logger.info(`[${tracker.requestId}] Tool execution complete`, {
-      toolName,
-      success: result.success,
-      hasOutput: !!result.output,
-    })
-
-    return NextResponse.json({
-      success: true,
-      toolCallId,
-      result: {
-        success: result.success,
-        output: result.output,
-        error: result.error,
-      },
-    })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      logger.debug(`[${tracker.requestId}] Zod validation error`, { issues: error.issues })
-      return createBadRequestResponse('Invalid request body for execute-tool')
-    }
-    logger.error(`[${tracker.requestId}] Failed to execute tool:`, error)
-    const errorMessage = error instanceof Error ? error.message : 'Failed to execute tool'
-    return createInternalServerErrorResponse(errorMessage)
-  }
-}

apps/sim/app/api/copilot/stats/route.ts

@@ -1,6 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
+import { SIM_AGENT_API_URL } from '@/lib/copilot/constants'
 import {
   authenticateCopilotRequestSessionOnly,
   createBadRequestResponse,
@@ -10,8 +10,6 @@ import {
 } from '@/lib/copilot/request-helpers'
 import { env } from '@/lib/core/config/env'
 
-const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
 const BodySchema = z.object({
   messageId: z.string(),
   diffCreated: z.boolean(),

apps/sim/app/api/copilot/tools/mark-complete/route.ts

@@ -1,123 +0,0 @@
-import { createLogger } from '@sim/logger'
-import { type NextRequest, NextResponse } from 'next/server'
-import { z } from 'zod'
-import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/copilot/constants'
-import {
-  authenticateCopilotRequestSessionOnly,
-  createBadRequestResponse,
-  createInternalServerErrorResponse,
-  createRequestTracker,
-  createUnauthorizedResponse,
-} from '@/lib/copilot/request-helpers'
-import { env } from '@/lib/core/config/env'
-
-const logger = createLogger('CopilotMarkToolCompleteAPI')
-
-const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
-const MarkCompleteSchema = z.object({
-  id: z.string(),
-  name: z.string(),
-  status: z.number().int(),
-  message: z.any().optional(),
-  data: z.any().optional(),
-})
-
-/**
- * POST /api/copilot/tools/mark-complete
- * Proxy to Sim Agent: POST /api/tools/mark-complete
- */
-export async function POST(req: NextRequest) {
-  const tracker = createRequestTracker()
-
-  try {
-    const { userId, isAuthenticated } = await authenticateCopilotRequestSessionOnly()
-    if (!isAuthenticated || !userId) {
-      return createUnauthorizedResponse()
-    }
-
-    const body = await req.json()
-
-    // Log raw body shape for diagnostics (avoid dumping huge payloads)
-    try {
-      const bodyPreview = JSON.stringify(body).slice(0, 300)
-      logger.debug(`[${tracker.requestId}] Incoming mark-complete raw body preview`, {
-        preview: `${bodyPreview}${bodyPreview.length === 300 ? '...' : ''}`,
-      })
-    } catch {}
-
-    const parsed = MarkCompleteSchema.parse(body)
-
-    const messagePreview = (() => {
-      try {
-        const s =
-          typeof parsed.message === 'string' ? parsed.message : JSON.stringify(parsed.message)
-        return s ? `${s.slice(0, 200)}${s.length > 200 ? '...' : ''}` : undefined
-      } catch {
-        return undefined
-      }
-    })()
-
-    logger.info(`[${tracker.requestId}] Forwarding tool mark-complete`, {
-      userId,
-      toolCallId: parsed.id,
-      toolName: parsed.name,
-      status: parsed.status,
-      hasMessage: parsed.message !== undefined,
-      hasData: parsed.data !== undefined,
-      messagePreview,
-      agentUrl: `${SIM_AGENT_API_URL}/api/tools/mark-complete`,
-    })
-
-    const agentRes = await fetch(`${SIM_AGENT_API_URL}/api/tools/mark-complete`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        ...(env.COPILOT_API_KEY ? { 'x-api-key': env.COPILOT_API_KEY } : {}),
-      },
-      body: JSON.stringify(parsed),
-    })
-
-    // Attempt to parse agent response JSON
-    let agentJson: any = null
-    let agentText: string | null = null
-    try {
-      agentJson = await agentRes.json()
-    } catch (_) {
-      try {
-        agentText = await agentRes.text()
-      } catch {}
-    }
-
-    logger.info(`[${tracker.requestId}] Agent responded to mark-complete`, {
-      status: agentRes.status,
-      ok: agentRes.ok,
-      responseJsonPreview: agentJson ? JSON.stringify(agentJson).slice(0, 300) : undefined,
-      responseTextPreview: agentText ? agentText.slice(0, 300) : undefined,
-    })
-
-    if (agentRes.ok) {
-      return NextResponse.json({ success: true })
-    }
-
-    const errorMessage =
-      agentJson?.error || agentText || `Agent responded with status ${agentRes.status}`
-    const status = agentRes.status >= 500 ? 500 : 400
-
-    logger.warn(`[${tracker.requestId}] Mark-complete failed`, {
-      status,
-      error: errorMessage,
-    })
-
-    return NextResponse.json({ success: false, error: errorMessage }, { status })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      logger.warn(`[${tracker.requestId}] Invalid mark-complete request body`, {
-        issues: error.issues,
-      })
-      return createBadRequestResponse('Invalid request body for mark-complete')
-    }
-    logger.error(`[${tracker.requestId}] Failed to proxy mark-complete:`, error)
-    return createInternalServerErrorResponse('Failed to mark tool as complete')
-  }
-}

apps/sim/app/api/creators/[id]/route.ts

@@ -21,6 +21,7 @@ const UpdateCreatorProfileSchema = z.object({
   name: z.string().min(1, 'Name is required').max(100, 'Max 100 characters').optional(),
   profileImageUrl: z.string().optional().or(z.literal('')),
   details: CreatorProfileDetailsSchema.optional(),
+  verified: z.boolean().optional(), // Verification status (super users only)
 })
 
 // Helper to check if user has permission to manage profile
@@ -97,11 +98,29 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Profile not found' }, { status: 404 })
     }
 
-    // Check permissions
-    const canEdit = await hasPermission(session.user.id, existing[0])
-    if (!canEdit) {
-      logger.warn(`[${requestId}] User denied permission to update profile: ${id}`)
-      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    // Verification changes require super user permission
+    if (data.verified !== undefined) {
+      const { verifyEffectiveSuperUser } = await import('@/lib/templates/permissions')
+      const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
+      if (!effectiveSuperUser) {
+        logger.warn(`[${requestId}] Non-super user attempted to change creator verification: ${id}`)
+        return NextResponse.json(
+          { error: 'Only super users can change verification status' },
+          { status: 403 }
+        )
+      }
+    }
+
+    // For non-verified updates, check regular permissions
+    const hasNonVerifiedUpdates =
+      data.name !== undefined || data.profileImageUrl !== undefined || data.details !== undefined
+
+    if (hasNonVerifiedUpdates) {
+      const canEdit = await hasPermission(session.user.id, existing[0])
+      if (!canEdit) {
+        logger.warn(`[${requestId}] User denied permission to update profile: ${id}`)
+        return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+      }
     }
 
     const updateData: any = {
@@ -111,6 +130,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     if (data.name !== undefined) updateData.name = data.name
     if (data.profileImageUrl !== undefined) updateData.profileImageUrl = data.profileImageUrl
     if (data.details !== undefined) updateData.details = data.details
+    if (data.verified !== undefined) updateData.verified = data.verified
 
     const updated = await db
       .update(templateCreators)

apps/sim/app/api/creators/[id]/verify/route.ts

@@ -1,113 +0,0 @@
-import { db } from '@sim/db'
-import { templateCreators } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { generateRequestId } from '@/lib/core/utils/request'
-import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
-
-const logger = createLogger('CreatorVerificationAPI')
-
-export const revalidate = 0
-
-// POST /api/creators/[id]/verify - Verify a creator (super users only)
-export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = generateRequestId()
-  const { id } = await params
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized verification attempt for creator: ${id}`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Check if user is a super user
-    const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
-    if (!effectiveSuperUser) {
-      logger.warn(`[${requestId}] Non-super user attempted to verify creator: ${id}`)
-      return NextResponse.json({ error: 'Only super users can verify creators' }, { status: 403 })
-    }
-
-    // Check if creator exists
-    const existingCreator = await db
-      .select()
-      .from(templateCreators)
-      .where(eq(templateCreators.id, id))
-      .limit(1)
-
-    if (existingCreator.length === 0) {
-      logger.warn(`[${requestId}] Creator not found for verification: ${id}`)
-      return NextResponse.json({ error: 'Creator not found' }, { status: 404 })
-    }
-
-    // Update creator verified status to true
-    await db
-      .update(templateCreators)
-      .set({ verified: true, updatedAt: new Date() })
-      .where(eq(templateCreators.id, id))
-
-    logger.info(`[${requestId}] Creator verified: ${id} by super user: ${session.user.id}`)
-
-    return NextResponse.json({
-      message: 'Creator verified successfully',
-      creatorId: id,
-    })
-  } catch (error) {
-    logger.error(`[${requestId}] Error verifying creator ${id}`, error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
-
-// DELETE /api/creators/[id]/verify - Unverify a creator (super users only)
-export async function DELETE(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> }
-) {
-  const requestId = generateRequestId()
-  const { id } = await params
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized unverification attempt for creator: ${id}`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    // Check if user is a super user
-    const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
-    if (!effectiveSuperUser) {
-      logger.warn(`[${requestId}] Non-super user attempted to unverify creator: ${id}`)
-      return NextResponse.json({ error: 'Only super users can unverify creators' }, { status: 403 })
-    }
-
-    // Check if creator exists
-    const existingCreator = await db
-      .select()
-      .from(templateCreators)
-      .where(eq(templateCreators.id, id))
-      .limit(1)
-
-    if (existingCreator.length === 0) {
-      logger.warn(`[${requestId}] Creator not found for unverification: ${id}`)
-      return NextResponse.json({ error: 'Creator not found' }, { status: 404 })
-    }
-
-    // Update creator verified status to false
-    await db
-      .update(templateCreators)
-      .set({ verified: false, updatedAt: new Date() })
-      .where(eq(templateCreators.id, id))
-
-    logger.info(`[${requestId}] Creator unverified: ${id} by super user: ${session.user.id}`)
-
-    return NextResponse.json({
-      message: 'Creator unverified successfully',
-      creatorId: id,
-    })
-  } catch (error) {
-    logger.error(`[${requestId}] Error unverifying creator ${id}`, error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}

apps/sim/app/api/cron/cleanup-stale-executions/route.ts

@@ -1,13 +1,17 @@
-import { db } from '@sim/db'
+import { asyncJobs, db } from '@sim/db'
 import { workflowExecutionLogs } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, lt, sql } from 'drizzle-orm'
+import { and, eq, inArray, lt, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { verifyCronAuth } from '@/lib/auth/internal'
+import { JOB_RETENTION_HOURS, JOB_STATUS } from '@/lib/core/async-jobs'
+import { getMaxExecutionTimeout } from '@/lib/core/execution-limits'
 
 const logger = createLogger('CleanupStaleExecutions')
 
-const STALE_THRESHOLD_MINUTES = 30
+const STALE_THRESHOLD_MS = getMaxExecutionTimeout() + 5 * 60 * 1000
+const STALE_THRESHOLD_MINUTES = Math.ceil(STALE_THRESHOLD_MS / 60000)
+const MAX_INT32 = 2_147_483_647
 
 export async function GET(request: NextRequest) {
   try {
@@ -45,13 +49,14 @@ export async function GET(request: NextRequest) {
       try {
         const staleDurationMs = Date.now() - new Date(execution.startedAt).getTime()
         const staleDurationMinutes = Math.round(staleDurationMs / 60000)
+        const totalDurationMs = Math.min(staleDurationMs, MAX_INT32)
 
         await db
           .update(workflowExecutionLogs)
           .set({
             status: 'failed',
             endedAt: new Date(),
-            totalDurationMs: staleDurationMs,
+            totalDurationMs,
             executionData: sql`jsonb_set(
               COALESCE(execution_data, '{}'::jsonb),
               ARRAY['error'],
@@ -76,12 +81,102 @@ export async function GET(request: NextRequest) {
 
     logger.info(`Stale execution cleanup completed. Cleaned: ${cleaned}, Failed: ${failed}`)
 
+    // Clean up stale async jobs (stuck in processing)
+    let asyncJobsMarkedFailed = 0
+
+    try {
+      const staleAsyncJobs = await db
+        .update(asyncJobs)
+        .set({
+          status: JOB_STATUS.FAILED,
+          completedAt: new Date(),
+          error: `Job terminated: stuck in processing for more than ${STALE_THRESHOLD_MINUTES} minutes`,
+          updatedAt: new Date(),
+        })
+        .where(
+          and(eq(asyncJobs.status, JOB_STATUS.PROCESSING), lt(asyncJobs.startedAt, staleThreshold))
+        )
+        .returning({ id: asyncJobs.id })
+
+      asyncJobsMarkedFailed = staleAsyncJobs.length
+      if (asyncJobsMarkedFailed > 0) {
+        logger.info(`Marked ${asyncJobsMarkedFailed} stale async jobs as failed`)
+      }
+    } catch (error) {
+      logger.error('Failed to clean up stale async jobs:', {
+        error: error instanceof Error ? error.message : String(error),
+      })
+    }
+
+    // Clean up stale pending jobs (never started, e.g., due to server crash before startJob())
+    let stalePendingJobsMarkedFailed = 0
+
+    try {
+      const stalePendingJobs = await db
+        .update(asyncJobs)
+        .set({
+          status: JOB_STATUS.FAILED,
+          completedAt: new Date(),
+          error: `Job terminated: stuck in pending state for more than ${STALE_THRESHOLD_MINUTES} minutes (never started)`,
+          updatedAt: new Date(),
+        })
+        .where(
+          and(eq(asyncJobs.status, JOB_STATUS.PENDING), lt(asyncJobs.createdAt, staleThreshold))
+        )
+        .returning({ id: asyncJobs.id })
+
+      stalePendingJobsMarkedFailed = stalePendingJobs.length
+      if (stalePendingJobsMarkedFailed > 0) {
+        logger.info(`Marked ${stalePendingJobsMarkedFailed} stale pending jobs as failed`)
+      }
+    } catch (error) {
+      logger.error('Failed to clean up stale pending jobs:', {
+        error: error instanceof Error ? error.message : String(error),
+      })
+    }
+
+    // Delete completed/failed jobs older than retention period
+    const retentionThreshold = new Date(Date.now() - JOB_RETENTION_HOURS * 60 * 60 * 1000)
+    let asyncJobsDeleted = 0
+
+    try {
+      const deletedJobs = await db
+        .delete(asyncJobs)
+        .where(
+          and(
+            inArray(asyncJobs.status, [JOB_STATUS.COMPLETED, JOB_STATUS.FAILED]),
+            lt(asyncJobs.completedAt, retentionThreshold)
+          )
+        )
+        .returning({ id: asyncJobs.id })
+
+      asyncJobsDeleted = deletedJobs.length
+      if (asyncJobsDeleted > 0) {
+        logger.info(
+          `Deleted ${asyncJobsDeleted} old async jobs (retention: ${JOB_RETENTION_HOURS}h)`
+        )
+      }
+    } catch (error) {
+      logger.error('Failed to delete old async jobs:', {
+        error: error instanceof Error ? error.message : String(error),
+      })
+    }
+
     return NextResponse.json({
       success: true,
-      found: staleExecutions.length,
-      cleaned,
-      failed,
-      thresholdMinutes: STALE_THRESHOLD_MINUTES,
+      executions: {
+        found: staleExecutions.length,
+        cleaned,
+        failed,
+        thresholdMinutes: STALE_THRESHOLD_MINUTES,
+      },
+      asyncJobs: {
+        staleProcessingMarkedFailed: asyncJobsMarkedFailed,
+        stalePendingMarkedFailed: stalePendingJobsMarkedFailed,
+        oldDeleted: asyncJobsDeleted,
+        staleThresholdMinutes: STALE_THRESHOLD_MINUTES,
+        retentionHours: JOB_RETENTION_HOURS,
+      },
     })
   } catch (error) {
     logger.error('Error in stale execution cleanup job:', error)

apps/sim/app/api/files/parse/route.ts

@@ -6,7 +6,11 @@ import { createLogger } from '@sim/logger'
 import binaryExtensionsList from 'binary-extensions'
 import { type NextRequest, NextResponse } from 'next/server'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
-import { secureFetchWithPinnedIP, validateUrlWithDNS } from '@/lib/core/security/input-validation'
+import {
+  secureFetchWithPinnedIP,
+  validateUrlWithDNS,
+} from '@/lib/core/security/input-validation.server'
+import { sanitizeUrlForLog } from '@/lib/core/utils/logging'
 import { isSupportedFileType, parseFile } from '@/lib/file-parsers'
 import { isUsingCloudStorage, type StorageContext, StorageService } from '@/lib/uploads'
 import { uploadExecutionFile } from '@/lib/uploads/contexts/execution'
@@ -19,6 +23,7 @@ import {
   getMimeTypeFromExtension,
   getViewerUrl,
   inferContextFromKey,
+  isInternalFileUrl,
 } from '@/lib/uploads/utils/file-utils'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 import { verifyFileAccess } from '@/app/api/files/authorization'
@@ -215,7 +220,7 @@ async function parseFileSingle(
     }
   }
 
-  if (filePath.includes('/api/files/serve/')) {
+  if (isInternalFileUrl(filePath)) {
     return handleCloudFile(filePath, fileType, undefined, userId, executionContext)
   }
 
@@ -246,7 +251,7 @@ function validateFilePath(filePath: string): { isValid: boolean; error?: string
     return { isValid: false, error: 'Invalid path: tilde character not allowed' }
   }
 
-  if (filePath.startsWith('/') && !filePath.startsWith('/api/files/serve/')) {
+  if (filePath.startsWith('/') && !isInternalFileUrl(filePath)) {
     return { isValid: false, error: 'Path outside allowed directory' }
   }
 
@@ -420,7 +425,7 @@ async function handleExternalUrl(
 
     return parseResult
   } catch (error) {
-    logger.error(`Error handling external URL ${url}:`, error)
+    logger.error(`Error handling external URL ${sanitizeUrlForLog(url)}:`, error)
     return {
       success: false,
       error: `Error fetching URL: ${(error as Error).message}`,

apps/sim/app/api/jobs/[jobId]/route.ts

@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
-import { runs } from '@trigger.dev/sdk'
 import { type NextRequest, NextResponse } from 'next/server'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { getJobQueue, JOB_STATUS } from '@/lib/core/async-jobs'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { createErrorResponse } from '@/app/api/workflows/utils'
 
@@ -15,8 +15,6 @@ export async function GET(
   const requestId = generateRequestId()
 
   try {
-    logger.debug(`[${requestId}] Getting status for task: ${taskId}`)
-
     const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
     if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized task status request`)
@@ -25,76 +23,60 @@ export async function GET(
 
     const authenticatedUserId = authResult.userId
 
-    const run = await runs.retrieve(taskId)
+    const jobQueue = await getJobQueue()
+    const job = await jobQueue.getJob(taskId)
 
-    logger.debug(`[${requestId}] Task ${taskId} status: ${run.status}`)
-
-    const payload = run.payload as any
-    if (payload?.workflowId) {
-      const { verifyWorkflowAccess } = await import('@/socket/middleware/permissions')
-      const accessCheck = await verifyWorkflowAccess(authenticatedUserId, payload.workflowId)
-      if (!accessCheck.hasAccess) {
-        logger.warn(`[${requestId}] User ${authenticatedUserId} denied access to task ${taskId}`, {
-          workflowId: payload.workflowId,
-        })
-        return createErrorResponse('Access denied', 403)
-      }
-      logger.debug(`[${requestId}] User ${authenticatedUserId} has access to task ${taskId}`)
-    } else {
-      if (payload?.userId && payload.userId !== authenticatedUserId) {
-        logger.warn(
-          `[${requestId}] User ${authenticatedUserId} attempted to access task ${taskId} owned by ${payload.userId}`
-        )
-        return createErrorResponse('Access denied', 403)
-      }
-      if (!payload?.userId) {
-        logger.warn(
-          `[${requestId}] Task ${taskId} has no ownership information in payload. Denying access for security.`
-        )
-        return createErrorResponse('Access denied', 403)
-      }
+    if (!job) {
+      return createErrorResponse('Task not found', 404)
     }
 
-    const statusMap = {
-      QUEUED: 'queued',
-      WAITING_FOR_DEPLOY: 'queued',
-      EXECUTING: 'processing',
-      RESCHEDULED: 'processing',
-      FROZEN: 'processing',
-      COMPLETED: 'completed',
-      CANCELED: 'cancelled',
-      FAILED: 'failed',
-      CRASHED: 'failed',
-      INTERRUPTED: 'failed',
-      SYSTEM_FAILURE: 'failed',
-      EXPIRED: 'failed',
-    } as const
+    if (job.metadata?.workflowId) {
+      const { verifyWorkflowAccess } = await import('@/socket/middleware/permissions')
+      const accessCheck = await verifyWorkflowAccess(
+        authenticatedUserId,
+        job.metadata.workflowId as string
+      )
+      if (!accessCheck.hasAccess) {
+        logger.warn(`[${requestId}] Access denied to workflow ${job.metadata.workflowId}`)
+        return createErrorResponse('Access denied', 403)
+      }
+    } else if (job.metadata?.userId && job.metadata.userId !== authenticatedUserId) {
+      logger.warn(`[${requestId}] Access denied to user ${job.metadata.userId}`)
+      return createErrorResponse('Access denied', 403)
+    } else if (!job.metadata?.userId && !job.metadata?.workflowId) {
+      logger.warn(`[${requestId}] Access denied to job ${taskId}`)
+      return createErrorResponse('Access denied', 403)
+    }
 
-    const mappedStatus = statusMap[run.status as keyof typeof statusMap] || 'unknown'
+    const mappedStatus = job.status === JOB_STATUS.PENDING ? 'queued' : job.status
 
     const response: any = {
       success: true,
       taskId,
       status: mappedStatus,
       metadata: {
-        startedAt: run.startedAt,
+        startedAt: job.startedAt,
       },
     }
 
-    if (mappedStatus === 'completed') {
-      response.output = run.output // This contains the workflow execution results
-      response.metadata.completedAt = run.finishedAt
-      response.metadata.duration = run.durationMs
+    if (job.status === JOB_STATUS.COMPLETED) {
+      response.output = job.output
+      response.metadata.completedAt = job.completedAt
+      if (job.startedAt && job.completedAt) {
+        response.metadata.duration = job.completedAt.getTime() - job.startedAt.getTime()
+      }
     }
 
-    if (mappedStatus === 'failed') {
-      response.error = run.error
-      response.metadata.completedAt = run.finishedAt
-      response.metadata.duration = run.durationMs
+    if (job.status === JOB_STATUS.FAILED) {
+      response.error = job.error
+      response.metadata.completedAt = job.completedAt
+      if (job.startedAt && job.completedAt) {
+        response.metadata.duration = job.completedAt.getTime() - job.startedAt.getTime()
+      }
     }
 
-    if (mappedStatus === 'processing' || mappedStatus === 'queued') {
-      response.estimatedDuration = 180000 // 3 minutes max from our config
+    if (job.status === JOB_STATUS.PROCESSING || job.status === JOB_STATUS.PENDING) {
+      response.estimatedDuration = 180000
     }
 
     return NextResponse.json(response)

apps/sim/app/api/mcp/copilot/route.ts

@@ -0,0 +1,394 @@
+import {
+  type CallToolResult,
+  ErrorCode,
+  type InitializeResult,
+  isJSONRPCNotification,
+  isJSONRPCRequest,
+  type JSONRPCError,
+  type JSONRPCMessage,
+  type JSONRPCResponse,
+  type ListToolsResult,
+  type RequestId,
+} from '@modelcontextprotocol/sdk/types.js'
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { getCopilotModel } from '@/lib/copilot/config'
+import { SIM_AGENT_VERSION } from '@/lib/copilot/constants'
+import { orchestrateCopilotStream } from '@/lib/copilot/orchestrator'
+import { orchestrateSubagentStream } from '@/lib/copilot/orchestrator/subagent'
+import {
+  executeToolServerSide,
+  prepareExecutionContext,
+} from '@/lib/copilot/orchestrator/tool-executor'
+import { DIRECT_TOOL_DEFS, SUBAGENT_TOOL_DEFS } from '@/lib/copilot/tools/mcp/definitions'
+import { resolveWorkflowIdForUser } from '@/lib/workflows/utils'
+
+const logger = createLogger('CopilotMcpAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * MCP Server instructions that guide LLMs on how to use the Sim copilot tools.
+ * This is included in the initialize response to help external LLMs understand
+ * the workflow lifecycle and best practices.
+ */
+const MCP_SERVER_INSTRUCTIONS = `
+## Sim Workflow Copilot
+
+Sim is a workflow automation platform. Workflows are visual pipelines of connected blocks (Agent, Function, Condition, API, integrations, etc.). The Agent block is the core — an LLM with tools, memory, structured output, and knowledge bases.
+
+### Workflow Lifecycle (Happy Path)
+
+1. \`list_workspaces\` → know where to work
+2. \`create_workflow(name, workspaceId)\` → get a workflowId
+3. \`copilot_build(request, workflowId)\` → plan and build in one pass
+4. \`copilot_test(request, workflowId)\` → verify it works
+5. \`copilot_deploy("deploy as api", workflowId)\` → make it accessible externally (optional)
+
+For fine-grained control, use \`copilot_plan\` → \`copilot_edit\` instead of \`copilot_build\`. Pass the plan object from copilot_plan EXACTLY as-is to copilot_edit's context.plan field.
+
+### Working with Existing Workflows
+
+When the user refers to a workflow by name or description ("the email one", "my Slack bot"):
+1. Use \`copilot_discovery\` to find it by functionality
+2. Or use \`list_workflows\` and match by name
+3. Then pass the workflowId to other tools
+
+### Organization
+
+- \`rename_workflow\` — rename a workflow
+- \`move_workflow\` — move a workflow into a folder (or root with null)
+- \`move_folder\` — nest a folder inside another (or root with null)
+- \`create_folder(name, parentId)\` — create nested folder hierarchies
+
+### Key Rules
+
+- You can test workflows immediately after building — deployment is only needed for external access (API, chat, MCP).
+- All copilot tools (build, plan, edit, deploy, test, debug) require workflowId.
+- If the user reports errors → use \`copilot_debug\` first, don't guess.
+- Variable syntax: \`<blockname.field>\` for block outputs, \`{{ENV_VAR}}\` for env vars.
+`
+
+function createResponse(id: RequestId, result: unknown): JSONRPCResponse {
+  return {
+    jsonrpc: '2.0',
+    id,
+    result: result as JSONRPCResponse['result'],
+  }
+}
+
+function createError(id: RequestId, code: ErrorCode | number, message: string): JSONRPCError {
+  return {
+    jsonrpc: '2.0',
+    id,
+    error: { code, message },
+  }
+}
+
+export async function GET() {
+  return NextResponse.json({
+    name: 'copilot-subagents',
+    version: '1.0.0',
+    protocolVersion: '2024-11-05',
+    capabilities: { tools: {} },
+  })
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = (await request.json()) as JSONRPCMessage
+
+    if (isJSONRPCNotification(body)) {
+      return new NextResponse(null, { status: 202 })
+    }
+
+    if (!isJSONRPCRequest(body)) {
+      return NextResponse.json(
+        createError(0, ErrorCode.InvalidRequest, 'Invalid JSON-RPC message'),
+        { status: 400 }
+      )
+    }
+
+    const { id, method, params } = body
+
+    switch (method) {
+      case 'initialize': {
+        const result: InitializeResult = {
+          protocolVersion: '2024-11-05',
+          capabilities: { tools: {} },
+          serverInfo: { name: 'sim-copilot', version: '1.0.0' },
+          instructions: MCP_SERVER_INSTRUCTIONS,
+        }
+        return NextResponse.json(createResponse(id, result))
+      }
+      case 'ping':
+        return NextResponse.json(createResponse(id, {}))
+      case 'tools/list':
+        return handleToolsList(id)
+      case 'tools/call':
+        return handleToolsCall(
+          id,
+          params as { name: string; arguments?: Record<string, unknown> },
+          auth.userId
+        )
+      default:
+        return NextResponse.json(
+          createError(id, ErrorCode.MethodNotFound, `Method not found: ${method}`),
+          { status: 404 }
+        )
+    }
+  } catch (error) {
+    logger.error('Error handling MCP request', { error })
+    return NextResponse.json(createError(0, ErrorCode.InternalError, 'Internal error'), {
+      status: 500,
+    })
+  }
+}
+
+async function handleToolsList(id: RequestId): Promise<NextResponse> {
+  const directTools = DIRECT_TOOL_DEFS.map((tool) => ({
+    name: tool.name,
+    description: tool.description,
+    inputSchema: tool.inputSchema,
+  }))
+
+  const subagentTools = SUBAGENT_TOOL_DEFS.map((tool) => ({
+    name: tool.name,
+    description: tool.description,
+    inputSchema: tool.inputSchema,
+  }))
+
+  const result: ListToolsResult = {
+    tools: [...directTools, ...subagentTools],
+  }
+
+  return NextResponse.json(createResponse(id, result))
+}
+
+async function handleToolsCall(
+  id: RequestId,
+  params: { name: string; arguments?: Record<string, unknown> },
+  userId: string
+): Promise<NextResponse> {
+  const args = params.arguments || {}
+
+  // Check if this is a direct tool (fast, no LLM)
+  const directTool = DIRECT_TOOL_DEFS.find((tool) => tool.name === params.name)
+  if (directTool) {
+    return handleDirectToolCall(id, directTool, args, userId)
+  }
+
+  // Check if this is a subagent tool (uses LLM orchestration)
+  const subagentTool = SUBAGENT_TOOL_DEFS.find((tool) => tool.name === params.name)
+  if (subagentTool) {
+    return handleSubagentToolCall(id, subagentTool, args, userId)
+  }
+
+  return NextResponse.json(
+    createError(id, ErrorCode.MethodNotFound, `Tool not found: ${params.name}`),
+    { status: 404 }
+  )
+}
+
+async function handleDirectToolCall(
+  id: RequestId,
+  toolDef: (typeof DIRECT_TOOL_DEFS)[number],
+  args: Record<string, unknown>,
+  userId: string
+): Promise<NextResponse> {
+  try {
+    const execContext = await prepareExecutionContext(userId, (args.workflowId as string) || '')
+
+    const toolCall = {
+      id: crypto.randomUUID(),
+      name: toolDef.toolId,
+      status: 'pending' as const,
+      params: args as Record<string, any>,
+      startTime: Date.now(),
+    }
+
+    const result = await executeToolServerSide(toolCall, execContext)
+
+    const response: CallToolResult = {
+      content: [
+        {
+          type: 'text',
+          text: JSON.stringify(result.output ?? result, null, 2),
+        },
+      ],
+      isError: !result.success,
+    }
+
+    return NextResponse.json(createResponse(id, response))
+  } catch (error) {
+    logger.error('Direct tool execution failed', { tool: toolDef.name, error })
+    return NextResponse.json(
+      createError(id, ErrorCode.InternalError, `Tool execution failed: ${error}`),
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * Build mode uses the main chat orchestrator with the 'fast' command instead of
+ * the subagent endpoint. In Go, 'build' is not a registered subagent — it's a mode
+ * (ModeFast) on the main chat processor that bypasses subagent orchestration and
+ * executes all tools directly.
+ */
+async function handleBuildToolCall(
+  id: RequestId,
+  args: Record<string, unknown>,
+  userId: string
+): Promise<NextResponse> {
+  try {
+    const requestText = (args.request as string) || JSON.stringify(args)
+    const { model } = getCopilotModel('chat')
+    const workflowId = args.workflowId as string | undefined
+
+    const resolved = workflowId ? { workflowId } : await resolveWorkflowIdForUser(userId)
+
+    if (!resolved?.workflowId) {
+      const response: CallToolResult = {
+        content: [
+          {
+            type: 'text',
+            text: JSON.stringify(
+              {
+                success: false,
+                error: 'workflowId is required for build. Call create_workflow first.',
+              },
+              null,
+              2
+            ),
+          },
+        ],
+        isError: true,
+      }
+      return NextResponse.json(createResponse(id, response))
+    }
+
+    const chatId = crypto.randomUUID()
+
+    const requestPayload = {
+      message: requestText,
+      workflowId: resolved.workflowId,
+      userId,
+      model,
+      mode: 'agent',
+      commands: ['fast'],
+      messageId: crypto.randomUUID(),
+      version: SIM_AGENT_VERSION,
+      headless: true,
+      chatId,
+    }
+
+    const result = await orchestrateCopilotStream(requestPayload, {
+      userId,
+      workflowId: resolved.workflowId,
+      chatId,
+      autoExecuteTools: true,
+      timeout: 300000,
+      interactive: false,
+    })
+
+    const responseData = {
+      success: result.success,
+      content: result.content,
+      toolCalls: result.toolCalls,
+      error: result.error,
+    }
+
+    const response: CallToolResult = {
+      content: [{ type: 'text', text: JSON.stringify(responseData, null, 2) }],
+      isError: !result.success,
+    }
+
+    return NextResponse.json(createResponse(id, response))
+  } catch (error) {
+    logger.error('Build tool call failed', { error })
+    return NextResponse.json(createError(id, ErrorCode.InternalError, `Build failed: ${error}`), {
+      status: 500,
+    })
+  }
+}
+
+async function handleSubagentToolCall(
+  id: RequestId,
+  toolDef: (typeof SUBAGENT_TOOL_DEFS)[number],
+  args: Record<string, unknown>,
+  userId: string
+): Promise<NextResponse> {
+  // Build mode uses the main chat endpoint, not the subagent endpoint
+  if (toolDef.agentId === 'build') {
+    return handleBuildToolCall(id, args, userId)
+  }
+
+  const requestText =
+    (args.request as string) ||
+    (args.message as string) ||
+    (args.error as string) ||
+    JSON.stringify(args)
+
+  const context = (args.context as Record<string, unknown>) || {}
+  if (args.plan && !context.plan) {
+    context.plan = args.plan
+  }
+
+  const { model } = getCopilotModel('chat')
+
+  const result = await orchestrateSubagentStream(
+    toolDef.agentId,
+    {
+      message: requestText,
+      workflowId: args.workflowId,
+      workspaceId: args.workspaceId,
+      context,
+      model,
+      headless: true,
+    },
+    {
+      userId,
+      workflowId: args.workflowId as string | undefined,
+      workspaceId: args.workspaceId as string | undefined,
+    }
+  )
+
+  let responseData: unknown
+  if (result.structuredResult) {
+    responseData = {
+      success: result.structuredResult.success ?? result.success,
+      type: result.structuredResult.type,
+      summary: result.structuredResult.summary,
+      data: result.structuredResult.data,
+    }
+  } else if (result.error) {
+    responseData = {
+      success: false,
+      error: result.error,
+      errors: result.errors,
+    }
+  } else {
+    responseData = {
+      success: result.success,
+      content: result.content,
+    }
+  }
+
+  const response: CallToolResult = {
+    content: [
+      {
+        type: 'text',
+        text: JSON.stringify(responseData, null, 2),
+      },
+    ],
+    isError: !result.success,
+  }
+
+  return NextResponse.json(createResponse(id, response))
+}

apps/sim/app/api/mcp/serve/[serverId]/route.ts

@@ -21,6 +21,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { generateInternalToken } from '@/lib/auth/internal'
+import { getMaxExecutionTimeout } from '@/lib/core/execution-limits'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 
 const logger = createLogger('WorkflowMcpServeAPI')
@@ -264,7 +265,7 @@ async function handleToolsCall(
       method: 'POST',
       headers,
       body: JSON.stringify({ input: params.arguments || {}, triggerType: 'mcp' }),
-      signal: AbortSignal.timeout(600000), // 10 minute timeout
+      signal: AbortSignal.timeout(getMaxExecutionTimeout()),
     })
 
     const executeResult = await response.json()
@@ -284,7 +285,7 @@ async function handleToolsCall(
       content: [
         { type: 'text', text: JSON.stringify(executeResult.output || executeResult, null, 2) },
       ],
-      isError: !executeResult.success,
+      isError: executeResult.success === false,
     }
 
     return NextResponse.json(createResponse(id, result))

apps/sim/app/api/mcp/tools/execute/route.ts

@@ -1,5 +1,8 @@
 import { createLogger } from '@sim/logger'
 import type { NextRequest } from 'next/server'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/plan'
+import { getExecutionTimeout } from '@/lib/core/execution-limits'
+import type { SubscriptionPlan } from '@/lib/core/rate-limiter/types'
 import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
 import { mcpService } from '@/lib/mcp/service'
 import type { McpTool, McpToolCall, McpToolResult } from '@/lib/mcp/types'
@@ -7,7 +10,6 @@ import {
   categorizeError,
   createMcpErrorResponse,
   createMcpSuccessResponse,
-  MCP_CONSTANTS,
   validateStringParam,
 } from '@/lib/mcp/utils'
 
@@ -171,13 +173,16 @@ export const POST = withMcpAuth('read')(
         arguments: args,
       }
 
+      const userSubscription = await getHighestPrioritySubscription(userId)
+      const executionTimeout = getExecutionTimeout(
+        userSubscription?.plan as SubscriptionPlan | undefined,
+        'sync'
+      )
+
       const result = await Promise.race([
         mcpService.executeTool(userId, serverId, toolCall, workspaceId),
         new Promise<never>((_, reject) =>
-          setTimeout(
-            () => reject(new Error('Tool execution timeout')),
-            MCP_CONSTANTS.EXECUTION_TIMEOUT
-          )
+          setTimeout(() => reject(new Error('Tool execution timeout')), executionTimeout)
         ),
       ])
 

apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts

@@ -20,6 +20,7 @@ import { z } from 'zod'
 import { getEmailSubject, renderInvitationEmail } from '@/components/emails'
 import { getSession } from '@/lib/auth'
 import { hasAccessControlAccess } from '@/lib/billing'
+import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { sendEmail } from '@/lib/messaging/email/mailer'
@@ -501,6 +502,18 @@ export async function PUT(
       }
     }
 
+    if (status === 'accepted') {
+      try {
+        await syncUsageLimitsFromSubscription(session.user.id)
+      } catch (syncError) {
+        logger.error('Failed to sync usage limits after joining org', {
+          userId: session.user.id,
+          organizationId,
+          error: syncError,
+        })
+      }
+    }
+
     logger.info(`Organization invitation ${status}`, {
       organizationId,
       invitationId,

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -29,7 +29,7 @@ import { hasWorkspaceAdminAccess } from '@/lib/workspaces/permissions/utils'
 import {
   InvitationsNotAllowedError,
   validateInvitationsAllowed,
-} from '@/executor/utils/permission-check'
+} from '@/ee/access-control/utils/permission-check'
 
 const logger = createLogger('OrganizationInvitations')
 

apps/sim/app/api/schedules/execute/route.ts

@@ -1,10 +1,9 @@
 import { db, workflowDeploymentVersion, workflowSchedule } from '@sim/db'
 import { createLogger } from '@sim/logger'
-import { tasks } from '@trigger.dev/sdk'
 import { and, eq, isNull, lt, lte, not, or, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { verifyCronAuth } from '@/lib/auth/internal'
-import { isTriggerDevEnabled } from '@/lib/core/config/feature-flags'
+import { getJobQueue, shouldExecuteInline } from '@/lib/core/async-jobs'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { executeScheduleJob } from '@/background/schedule-execution'
 
@@ -55,72 +54,67 @@ export async function GET(request: NextRequest) {
     logger.debug(`[${requestId}] Successfully queried schedules: ${dueSchedules.length} found`)
     logger.info(`[${requestId}] Processing ${dueSchedules.length} due scheduled workflows`)
 
-    if (isTriggerDevEnabled) {
-      const triggerPromises = dueSchedules.map(async (schedule) => {
-        const queueTime = schedule.lastQueuedAt ?? queuedAt
+    const jobQueue = await getJobQueue()
 
-        try {
-          const payload = {
-            scheduleId: schedule.id,
-            workflowId: schedule.workflowId,
-            blockId: schedule.blockId || undefined,
-            cronExpression: schedule.cronExpression || undefined,
-            lastRanAt: schedule.lastRanAt?.toISOString(),
-            failedCount: schedule.failedCount || 0,
-            now: queueTime.toISOString(),
-            scheduledFor: schedule.nextRunAt?.toISOString(),
-          }
+    const queuePromises = dueSchedules.map(async (schedule) => {
+      const queueTime = schedule.lastQueuedAt ?? queuedAt
 
-          const handle = await tasks.trigger('schedule-execution', payload)
-          logger.info(
-            `[${requestId}] Queued schedule execution task ${handle.id} for workflow ${schedule.workflowId}`
-          )
-          return handle
-        } catch (error) {
-          logger.error(
-            `[${requestId}] Failed to trigger schedule execution for workflow ${schedule.workflowId}`,
-            error
-          )
-          return null
-        }
-      })
+      const payload = {
+        scheduleId: schedule.id,
+        workflowId: schedule.workflowId,
+        blockId: schedule.blockId || undefined,
+        cronExpression: schedule.cronExpression || undefined,
+        lastRanAt: schedule.lastRanAt?.toISOString(),
+        failedCount: schedule.failedCount || 0,
+        now: queueTime.toISOString(),
+        scheduledFor: schedule.nextRunAt?.toISOString(),
+      }
 
-      await Promise.allSettled(triggerPromises)
-
-      logger.info(`[${requestId}] Queued ${dueSchedules.length} schedule executions to Trigger.dev`)
-    } else {
-      const directExecutionPromises = dueSchedules.map(async (schedule) => {
-        const queueTime = schedule.lastQueuedAt ?? queuedAt
-
-        const payload = {
-          scheduleId: schedule.id,
-          workflowId: schedule.workflowId,
-          blockId: schedule.blockId || undefined,
-          cronExpression: schedule.cronExpression || undefined,
-          lastRanAt: schedule.lastRanAt?.toISOString(),
-          failedCount: schedule.failedCount || 0,
-          now: queueTime.toISOString(),
-          scheduledFor: schedule.nextRunAt?.toISOString(),
-        }
-
-        void executeScheduleJob(payload).catch((error) => {
-          logger.error(
-            `[${requestId}] Direct schedule execution failed for workflow ${schedule.workflowId}`,
-            error
-          )
+      try {
+        const jobId = await jobQueue.enqueue('schedule-execution', payload, {
+          metadata: { workflowId: schedule.workflowId },
         })
-
         logger.info(
-          `[${requestId}] Queued direct schedule execution for workflow ${schedule.workflowId} (Trigger.dev disabled)`
+          `[${requestId}] Queued schedule execution task ${jobId} for workflow ${schedule.workflowId}`
         )
-      })
 
-      await Promise.allSettled(directExecutionPromises)
+        if (shouldExecuteInline()) {
+          void (async () => {
+            try {
+              await jobQueue.startJob(jobId)
+              const output = await executeScheduleJob(payload)
+              await jobQueue.completeJob(jobId, output)
+            } catch (error) {
+              const errorMessage = error instanceof Error ? error.message : String(error)
+              logger.error(
+                `[${requestId}] Schedule execution failed for workflow ${schedule.workflowId}`,
+                { jobId, error: errorMessage }
+              )
+              try {
+                await jobQueue.markJobFailed(jobId, errorMessage)
+              } catch (markFailedError) {
+                logger.error(`[${requestId}] Failed to mark job as failed`, {
+                  jobId,
+                  error:
+                    markFailedError instanceof Error
+                      ? markFailedError.message
+                      : String(markFailedError),
+                })
+              }
+            }
+          })()
+        }
+      } catch (error) {
+        logger.error(
+          `[${requestId}] Failed to queue schedule execution for workflow ${schedule.workflowId}`,
+          error
+        )
+      }
+    })
 
-      logger.info(
-        `[${requestId}] Queued ${dueSchedules.length} direct schedule executions (Trigger.dev disabled)`
-      )
-    }
+    await Promise.allSettled(queuePromises)
+
+    logger.info(`[${requestId}] Queued ${dueSchedules.length} schedule executions`)
 
     return NextResponse.json({
       message: 'Scheduled workflow executions processed',

apps/sim/app/api/templates/[id]/approve/route.ts

@@ -1,101 +0,0 @@
-import { db } from '@sim/db'
-import { templates } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { generateRequestId } from '@/lib/core/utils/request'
-import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
-
-const logger = createLogger('TemplateApprovalAPI')
-
-export const revalidate = 0
-
-/**
- * POST /api/templates/[id]/approve - Approve a template (super users only)
- */
-export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = generateRequestId()
-  const { id } = await params
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized template approval attempt for ID: ${id}`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
-    if (!effectiveSuperUser) {
-      logger.warn(`[${requestId}] Non-super user attempted to approve template: ${id}`)
-      return NextResponse.json({ error: 'Only super users can approve templates' }, { status: 403 })
-    }
-
-    const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
-    if (existingTemplate.length === 0) {
-      logger.warn(`[${requestId}] Template not found for approval: ${id}`)
-      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
-    }
-
-    await db
-      .update(templates)
-      .set({ status: 'approved', updatedAt: new Date() })
-      .where(eq(templates.id, id))
-
-    logger.info(`[${requestId}] Template approved: ${id} by super user: ${session.user.id}`)
-
-    return NextResponse.json({
-      message: 'Template approved successfully',
-      templateId: id,
-    })
-  } catch (error) {
-    logger.error(`[${requestId}] Error approving template ${id}`, error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
-
-/**
- * DELETE /api/templates/[id]/approve - Unapprove a template (super users only)
- */
-export async function DELETE(
-  _request: NextRequest,
-  { params }: { params: Promise<{ id: string }> }
-) {
-  const requestId = generateRequestId()
-  const { id } = await params
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized template rejection attempt for ID: ${id}`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
-    if (!effectiveSuperUser) {
-      logger.warn(`[${requestId}] Non-super user attempted to reject template: ${id}`)
-      return NextResponse.json({ error: 'Only super users can reject templates' }, { status: 403 })
-    }
-
-    const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
-    if (existingTemplate.length === 0) {
-      logger.warn(`[${requestId}] Template not found for rejection: ${id}`)
-      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
-    }
-
-    await db
-      .update(templates)
-      .set({ status: 'rejected', updatedAt: new Date() })
-      .where(eq(templates.id, id))
-
-    logger.info(`[${requestId}] Template rejected: ${id} by super user: ${session.user.id}`)
-
-    return NextResponse.json({
-      message: 'Template rejected successfully',
-      templateId: id,
-    })
-  } catch (error) {
-    logger.error(`[${requestId}] Error rejecting template ${id}`, error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}

apps/sim/app/api/templates/[id]/reject/route.ts

@@ -1,55 +0,0 @@
-import { db } from '@sim/db'
-import { templates } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { type NextRequest, NextResponse } from 'next/server'
-import { getSession } from '@/lib/auth'
-import { generateRequestId } from '@/lib/core/utils/request'
-import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
-
-const logger = createLogger('TemplateRejectionAPI')
-
-export const revalidate = 0
-
-/**
- * POST /api/templates/[id]/reject - Reject a template (super users only)
- */
-export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const requestId = generateRequestId()
-  const { id } = await params
-
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized template rejection attempt for ID: ${id}`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
-    if (!effectiveSuperUser) {
-      logger.warn(`[${requestId}] Non-super user attempted to reject template: ${id}`)
-      return NextResponse.json({ error: 'Only super users can reject templates' }, { status: 403 })
-    }
-
-    const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
-    if (existingTemplate.length === 0) {
-      logger.warn(`[${requestId}] Template not found for rejection: ${id}`)
-      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
-    }
-
-    await db
-      .update(templates)
-      .set({ status: 'rejected', updatedAt: new Date() })
-      .where(eq(templates.id, id))
-
-    logger.info(`[${requestId}] Template rejected: ${id} by super user: ${session.user.id}`)
-
-    return NextResponse.json({
-      message: 'Template rejected successfully',
-      templateId: id,
-    })
-  } catch (error) {
-    logger.error(`[${requestId}] Error rejecting template ${id}`, error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}

apps/sim/app/api/templates/[id]/route.ts

@@ -106,6 +106,7 @@ const updateTemplateSchema = z.object({
   creatorId: z.string().optional(), // Creator profile ID
   tags: z.array(z.string()).max(10, 'Maximum 10 tags allowed').optional(),
   updateState: z.boolean().optional(), // Explicitly request state update from current workflow
+  status: z.enum(['approved', 'rejected', 'pending']).optional(), // Status change (super users only)
 })
 
 // PUT /api/templates/[id] - Update a template
@@ -131,7 +132,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       )
     }
 
-    const { name, details, creatorId, tags, updateState } = validationResult.data
+    const { name, details, creatorId, tags, updateState, status } = validationResult.data
 
     const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
 
@@ -142,21 +143,44 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
 
     const template = existingTemplate[0]
 
-    if (!template.creatorId) {
-      logger.warn(`[${requestId}] Template ${id} has no creator, denying update`)
-      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    // Status changes require super user permission
+    if (status !== undefined) {
+      const { verifyEffectiveSuperUser } = await import('@/lib/templates/permissions')
+      const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
+      if (!effectiveSuperUser) {
+        logger.warn(`[${requestId}] Non-super user attempted to change template status: ${id}`)
+        return NextResponse.json(
+          { error: 'Only super users can change template status' },
+          { status: 403 }
+        )
+      }
     }
 
-    const { verifyCreatorPermission } = await import('@/lib/templates/permissions')
-    const { hasPermission, error: permissionError } = await verifyCreatorPermission(
-      session.user.id,
-      template.creatorId,
-      'admin'
-    )
+    // For non-status updates, verify creator permission
+    const hasNonStatusUpdates =
+      name !== undefined ||
+      details !== undefined ||
+      creatorId !== undefined ||
+      tags !== undefined ||
+      updateState
 
-    if (!hasPermission) {
-      logger.warn(`[${requestId}] User denied permission to update template ${id}`)
-      return NextResponse.json({ error: permissionError || 'Access denied' }, { status: 403 })
+    if (hasNonStatusUpdates) {
+      if (!template.creatorId) {
+        logger.warn(`[${requestId}] Template ${id} has no creator, denying update`)
+        return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+      }
+
+      const { verifyCreatorPermission } = await import('@/lib/templates/permissions')
+      const { hasPermission, error: permissionError } = await verifyCreatorPermission(
+        session.user.id,
+        template.creatorId,
+        'admin'
+      )
+
+      if (!hasPermission) {
+        logger.warn(`[${requestId}] User denied permission to update template ${id}`)
+        return NextResponse.json({ error: permissionError || 'Access denied' }, { status: 403 })
+      }
     }
 
     const updateData: any = {
@@ -167,6 +191,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     if (details !== undefined) updateData.details = details
     if (tags !== undefined) updateData.tags = tags
     if (creatorId !== undefined) updateData.creatorId = creatorId
+    if (status !== undefined) updateData.status = status
 
     if (updateState && template.workflowId) {
       const { verifyWorkflowAccess } = await import('@/socket/middleware/permissions')

apps/sim/app/api/tools/a2a/send-message/route.ts

@@ -4,6 +4,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -95,6 +96,14 @@ export async function POST(request: NextRequest) {
     if (validatedData.files && validatedData.files.length > 0) {
       for (const file of validatedData.files) {
         if (file.type === 'url') {
+          const urlValidation = await validateUrlWithDNS(file.data, 'fileUrl')
+          if (!urlValidation.isValid) {
+            return NextResponse.json(
+              { success: false, error: urlValidation.error },
+              { status: 400 }
+            )
+          }
+
           const filePart: FilePart = {
             kind: 'file',
             file: {

apps/sim/app/api/tools/a2a/set-push-notification/route.ts

@@ -3,7 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createA2AClient } from '@/lib/a2a/utils'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
-import { validateExternalUrl } from '@/lib/core/security/input-validation'
+import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 
 export const dynamic = 'force-dynamic'
@@ -40,7 +40,7 @@ export async function POST(request: NextRequest) {
     const body = await request.json()
     const validatedData = A2ASetPushNotificationSchema.parse(body)
 
-    const urlValidation = validateExternalUrl(validatedData.webhookUrl, 'Webhook URL')
+    const urlValidation = await validateUrlWithDNS(validatedData.webhookUrl, 'Webhook URL')
     if (!urlValidation.isValid) {
       logger.warn(`[${requestId}] Invalid webhook URL`, { error: urlValidation.error })
       return NextResponse.json(

apps/sim/app/api/tools/confluence/attachments/route.ts

@@ -21,7 +21,8 @@ export async function GET(request: NextRequest) {
     const accessToken = searchParams.get('accessToken')
     const pageId = searchParams.get('pageId')
     const providedCloudId = searchParams.get('cloudId')
-    const limit = searchParams.get('limit') || '25'
+    const limit = searchParams.get('limit') || '50'
+    const cursor = searchParams.get('cursor')
 
     if (!domain) {
       return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
@@ -47,7 +48,12 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/attachments?limit=${limit}`
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(Number(limit), 250)))
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/attachments?${queryParams.toString()}`
 
     const response = await fetch(url, {
       method: 'GET',
@@ -77,9 +83,20 @@ export async function GET(request: NextRequest) {
       fileSize: attachment.fileSize || 0,
       mediaType: attachment.mediaType || '',
       downloadUrl: attachment.downloadLink || attachment._links?.download || '',
+      status: attachment.status ?? null,
+      webuiUrl: attachment._links?.webui ?? null,
+      pageId: attachment.pageId ?? null,
+      blogPostId: attachment.blogPostId ?? null,
+      comment: attachment.comment ?? null,
+      version: attachment.version ?? null,
     }))
 
-    return NextResponse.json({ attachments })
+    return NextResponse.json({
+      attachments,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
   } catch (error) {
     logger.error('Error listing Confluence attachments:', error)
     return NextResponse.json(

apps/sim/app/api/tools/confluence/blogposts/route.ts

@@ -0,0 +1,285 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluenceBlogPostsAPI')
+
+export const dynamic = 'force-dynamic'
+
+const getBlogPostSchema = z
+  .object({
+    domain: z.string().min(1, 'Domain is required'),
+    accessToken: z.string().min(1, 'Access token is required'),
+    cloudId: z.string().optional(),
+    blogPostId: z.string().min(1, 'Blog post ID is required'),
+    bodyFormat: z.string().optional(),
+  })
+  .refine(
+    (data) => {
+      const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
+      return validation.isValid
+    },
+    (data) => {
+      const validation = validateAlphanumericId(data.blogPostId, 'blogPostId', 255)
+      return { message: validation.error || 'Invalid blog post ID', path: ['blogPostId'] }
+    }
+  )
+
+const createBlogPostSchema = z.object({
+  domain: z.string().min(1, 'Domain is required'),
+  accessToken: z.string().min(1, 'Access token is required'),
+  cloudId: z.string().optional(),
+  spaceId: z.string().min(1, 'Space ID is required'),
+  title: z.string().min(1, 'Title is required'),
+  content: z.string().min(1, 'Content is required'),
+  status: z.enum(['current', 'draft']).optional(),
+})
+
+/**
+ * List all blog posts or get a specific blog post
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const domain = searchParams.get('domain')
+    const accessToken = searchParams.get('accessToken')
+    const providedCloudId = searchParams.get('cloudId')
+    const limit = searchParams.get('limit') || '25'
+    const status = searchParams.get('status')
+    const sortOrder = searchParams.get('sort')
+    const cursor = searchParams.get('cursor')
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(Number(limit), 250)))
+
+    if (status) {
+      queryParams.append('status', status)
+    }
+
+    if (sortOrder) {
+      queryParams.append('sort', sortOrder)
+    }
+
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/blogposts?${queryParams.toString()}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to list blog posts (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const blogPosts = (data.results || []).map((post: any) => ({
+      id: post.id,
+      title: post.title,
+      status: post.status ?? null,
+      spaceId: post.spaceId ?? null,
+      authorId: post.authorId ?? null,
+      createdAt: post.createdAt ?? null,
+      version: post.version ?? null,
+      webUrl: post._links?.webui ?? null,
+    }))
+
+    return NextResponse.json({
+      blogPosts,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error listing blog posts:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * Get a specific blog post by ID
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+
+    // Check if this is a create or get request
+    if (body.title && body.content && body.spaceId) {
+      // Create blog post
+      const validation = createBlogPostSchema.safeParse(body)
+      if (!validation.success) {
+        const firstError = validation.error.errors[0]
+        return NextResponse.json({ error: firstError.message }, { status: 400 })
+      }
+
+      const {
+        domain,
+        accessToken,
+        cloudId: providedCloudId,
+        spaceId,
+        title,
+        content,
+        status,
+      } = validation.data
+
+      const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+      const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+      if (!cloudIdValidation.isValid) {
+        return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+      }
+
+      const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/blogposts`
+
+      const createBody = {
+        spaceId,
+        status: status || 'current',
+        title,
+        body: {
+          representation: 'storage',
+          value: content,
+        },
+      }
+
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json',
+          Authorization: `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify(createBody),
+      })
+
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => null)
+        logger.error('Confluence API error response:', {
+          status: response.status,
+          statusText: response.statusText,
+          error: JSON.stringify(errorData, null, 2),
+        })
+        const errorMessage = errorData?.message || `Failed to create blog post (${response.status})`
+        return NextResponse.json({ error: errorMessage }, { status: response.status })
+      }
+
+      const data = await response.json()
+      return NextResponse.json({
+        id: data.id,
+        title: data.title,
+        spaceId: data.spaceId,
+        webUrl: data._links?.webui ?? null,
+      })
+    }
+    // Get blog post by ID
+    const validation = getBlogPostSchema.safeParse(body)
+    if (!validation.success) {
+      const firstError = validation.error.errors[0]
+      return NextResponse.json({ error: firstError.message }, { status: 400 })
+    }
+
+    const {
+      domain,
+      accessToken,
+      cloudId: providedCloudId,
+      blogPostId,
+      bodyFormat,
+    } = validation.data
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    if (bodyFormat) {
+      queryParams.append('body-format', bodyFormat)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/blogposts/${blogPostId}${queryParams.toString() ? `?${queryParams.toString()}` : ''}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to get blog post (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+    return NextResponse.json({
+      id: data.id,
+      title: data.title,
+      status: data.status ?? null,
+      spaceId: data.spaceId ?? null,
+      authorId: data.authorId ?? null,
+      createdAt: data.createdAt ?? null,
+      version: data.version ?? null,
+      body: data.body ?? null,
+      webUrl: data._links?.webui ?? null,
+    })
+  } catch (error) {
+    logger.error('Error with blog post operation:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/comments/route.ts

@@ -105,6 +105,8 @@ export async function GET(request: NextRequest) {
     const pageId = searchParams.get('pageId')
     const providedCloudId = searchParams.get('cloudId')
     const limit = searchParams.get('limit') || '25'
+    const bodyFormat = searchParams.get('bodyFormat') || 'storage'
+    const cursor = searchParams.get('cursor')
 
     if (!domain) {
       return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
@@ -130,7 +132,13 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/footer-comments?limit=${limit}`
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(Number(limit), 250)))
+    queryParams.append('body-format', bodyFormat)
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/footer-comments?${queryParams.toString()}`
 
     const response = await fetch(url, {
       method: 'GET',
@@ -154,14 +162,31 @@ export async function GET(request: NextRequest) {
 
     const data = await response.json()
 
-    const comments = (data.results || []).map((comment: any) => ({
-      id: comment.id,
-      body: comment.body?.storage?.value || comment.body?.view?.value || '',
-      createdAt: comment.createdAt || '',
-      authorId: comment.authorId || '',
-    }))
+    const comments = (data.results || []).map((comment: any) => {
+      const bodyValue = comment.body?.storage?.value || comment.body?.view?.value || ''
+      return {
+        id: comment.id,
+        body: {
+          value: bodyValue,
+          representation: bodyFormat,
+        },
+        createdAt: comment.createdAt || '',
+        authorId: comment.authorId || '',
+        status: comment.status ?? null,
+        title: comment.title ?? null,
+        pageId: comment.pageId ?? null,
+        blogPostId: comment.blogPostId ?? null,
+        parentCommentId: comment.parentCommentId ?? null,
+        version: comment.version ?? null,
+      }
+    })
 
-    return NextResponse.json({ comments })
+    return NextResponse.json({
+      comments,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
   } catch (error) {
     logger.error('Error listing Confluence comments:', error)
     return NextResponse.json(

apps/sim/app/api/tools/confluence/labels/route.ts

@@ -22,6 +22,7 @@ export async function POST(request: NextRequest) {
       cloudId: providedCloudId,
       pageId,
       labelName,
+      prefix: labelPrefix,
     } = await request.json()
 
     if (!domain) {
@@ -52,12 +53,14 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/labels`
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/rest/api/content/${pageId}/label`
 
-    const body = {
-      prefix: 'global',
-      name: labelName,
-    }
+    const body = [
+      {
+        prefix: labelPrefix || 'global',
+        name: labelName,
+      },
+    ]
 
     const response = await fetch(url, {
       method: 'POST',
@@ -82,7 +85,14 @@ export async function POST(request: NextRequest) {
     }
 
     const data = await response.json()
-    return NextResponse.json({ ...data, pageId, labelName })
+    const addedLabel = data.results?.[0] || data[0] || data
+    return NextResponse.json({
+      id: addedLabel.id ?? '',
+      name: addedLabel.name ?? labelName,
+      prefix: addedLabel.prefix ?? labelPrefix ?? 'global',
+      pageId,
+      labelName,
+    })
   } catch (error) {
     logger.error('Error adding Confluence label:', error)
     return NextResponse.json(
@@ -105,6 +115,8 @@ export async function GET(request: NextRequest) {
     const accessToken = searchParams.get('accessToken')
     const pageId = searchParams.get('pageId')
     const providedCloudId = searchParams.get('cloudId')
+    const limit = searchParams.get('limit') || '25'
+    const cursor = searchParams.get('cursor')
 
     if (!domain) {
       return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
@@ -130,7 +142,12 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/labels`
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(Number(limit), 250)))
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/labels?${queryParams.toString()}`
 
     const response = await fetch(url, {
       method: 'GET',
@@ -160,7 +177,12 @@ export async function GET(request: NextRequest) {
       prefix: label.prefix || 'global',
     }))
 
-    return NextResponse.json({ labels })
+    return NextResponse.json({
+      labels,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
   } catch (error) {
     logger.error('Error listing Confluence labels:', error)
     return NextResponse.json(

apps/sim/app/api/tools/confluence/page-ancestors/route.ts

@@ -0,0 +1,96 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluencePageAncestorsAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Get ancestors (parent pages) of a specific Confluence page.
+ * Uses GET /wiki/api/v2/pages/{id}/ancestors
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const { domain, accessToken, pageId, cloudId: providedCloudId, limit = 25 } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!pageId) {
+      return NextResponse.json({ error: 'Page ID is required' }, { status: 400 })
+    }
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(limit, 250)))
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/ancestors?${queryParams.toString()}`
+
+    logger.info(`Fetching ancestors for page ${pageId}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to get page ancestors (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const ancestors = (data.results || []).map((page: any) => ({
+      id: page.id,
+      title: page.title,
+      status: page.status ?? null,
+      spaceId: page.spaceId ?? null,
+      webUrl: page._links?.webui ?? null,
+    }))
+
+    return NextResponse.json({
+      ancestors,
+      pageId,
+    })
+  } catch (error) {
+    logger.error('Error getting page ancestors:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/page-children/route.ts

@@ -0,0 +1,104 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluencePageChildrenAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Get child pages of a specific Confluence page.
+ * Uses GET /wiki/api/v2/pages/{id}/children
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const { domain, accessToken, pageId, cloudId: providedCloudId, limit = 50, cursor } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!pageId) {
+      return NextResponse.json({ error: 'Page ID is required' }, { status: 400 })
+    }
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(limit, 250)))
+
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/children?${queryParams.toString()}`
+
+    logger.info(`Fetching child pages for page ${pageId}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to get child pages (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const children = (data.results || []).map((page: any) => ({
+      id: page.id,
+      title: page.title,
+      status: page.status ?? null,
+      spaceId: page.spaceId ?? null,
+      childPosition: page.childPosition ?? null,
+      webUrl: page._links?.webui ?? null,
+    }))
+
+    return NextResponse.json({
+      children,
+      parentId: pageId,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error getting child pages:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/page-properties/route.ts

@@ -0,0 +1,365 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluencePagePropertiesAPI')
+
+export const dynamic = 'force-dynamic'
+
+const createPropertySchema = z.object({
+  domain: z.string().min(1, 'Domain is required'),
+  accessToken: z.string().min(1, 'Access token is required'),
+  cloudId: z.string().optional(),
+  pageId: z.string().min(1, 'Page ID is required'),
+  key: z.string().min(1, 'Property key is required'),
+  value: z.any(),
+})
+
+const updatePropertySchema = z.object({
+  domain: z.string().min(1, 'Domain is required'),
+  accessToken: z.string().min(1, 'Access token is required'),
+  cloudId: z.string().optional(),
+  pageId: z.string().min(1, 'Page ID is required'),
+  propertyId: z.string().min(1, 'Property ID is required'),
+  key: z.string().min(1, 'Property key is required'),
+  value: z.any(),
+  versionNumber: z.number().min(1, 'Version number is required'),
+})
+
+const deletePropertySchema = z.object({
+  domain: z.string().min(1, 'Domain is required'),
+  accessToken: z.string().min(1, 'Access token is required'),
+  cloudId: z.string().optional(),
+  pageId: z.string().min(1, 'Page ID is required'),
+  propertyId: z.string().min(1, 'Property ID is required'),
+})
+
+/**
+ * List all content properties on a page.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const domain = searchParams.get('domain')
+    const accessToken = searchParams.get('accessToken')
+    const pageId = searchParams.get('pageId')
+    const providedCloudId = searchParams.get('cloudId')
+    const limit = searchParams.get('limit') || '50'
+    const cursor = searchParams.get('cursor')
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!pageId) {
+      return NextResponse.json({ error: 'Page ID is required' }, { status: 400 })
+    }
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(Number(limit), 250)))
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/properties?${queryParams.toString()}`
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to list page properties (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const properties = (data.results || []).map((prop: any) => ({
+      id: prop.id,
+      key: prop.key,
+      value: prop.value ?? null,
+      version: prop.version ?? null,
+    }))
+
+    return NextResponse.json({
+      properties,
+      pageId,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error listing page properties:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * Create a new content property on a page.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+
+    const validation = createPropertySchema.safeParse(body)
+    if (!validation.success) {
+      const firstError = validation.error.errors[0]
+      return NextResponse.json({ error: firstError.message }, { status: 400 })
+    }
+
+    const { domain, accessToken, cloudId: providedCloudId, pageId, key, value } = validation.data
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/properties`
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+      body: JSON.stringify({ key, value }),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to create page property (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+    return NextResponse.json({
+      id: data.id,
+      key: data.key,
+      value: data.value,
+      version: data.version,
+      pageId,
+    })
+  } catch (error) {
+    logger.error('Error creating page property:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * Update a content property on a page.
+ */
+export async function PUT(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+
+    const validation = updatePropertySchema.safeParse(body)
+    if (!validation.success) {
+      const firstError = validation.error.errors[0]
+      return NextResponse.json({ error: firstError.message }, { status: 400 })
+    }
+
+    const {
+      domain,
+      accessToken,
+      cloudId: providedCloudId,
+      pageId,
+      propertyId,
+      key,
+      value,
+      versionNumber,
+    } = validation.data
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const propertyIdValidation = validateAlphanumericId(propertyId, 'propertyId', 255)
+    if (!propertyIdValidation.isValid) {
+      return NextResponse.json({ error: propertyIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/properties/${propertyId}`
+
+    const response = await fetch(url, {
+      method: 'PUT',
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+      body: JSON.stringify({
+        key,
+        value,
+        version: { number: versionNumber },
+      }),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to update page property (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+    return NextResponse.json({
+      id: data.id,
+      key: data.key,
+      value: data.value,
+      version: data.version,
+      pageId,
+    })
+  } catch (error) {
+    logger.error('Error updating page property:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * Delete a content property from a page.
+ */
+export async function DELETE(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+
+    const validation = deletePropertySchema.safeParse(body)
+    if (!validation.success) {
+      const firstError = validation.error.errors[0]
+      return NextResponse.json({ error: firstError.message }, { status: 400 })
+    }
+
+    const { domain, accessToken, cloudId: providedCloudId, pageId, propertyId } = validation.data
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const propertyIdValidation = validateAlphanumericId(propertyId, 'propertyId', 255)
+    if (!propertyIdValidation.isValid) {
+      return NextResponse.json({ error: propertyIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/properties/${propertyId}`
+
+    const response = await fetch(url, {
+      method: 'DELETE',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to delete page property (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    return NextResponse.json({ propertyId, pageId, deleted: true })
+  } catch (error) {
+    logger.error('Error deleting page property:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/page-versions/route.ts

@@ -0,0 +1,151 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluencePageVersionsAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * List all versions of a page or get a specific version.
+ * Uses GET /wiki/api/v2/pages/{id}/versions
+ * and GET /wiki/api/v2/pages/{page-id}/versions/{version-number}
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const {
+      domain,
+      accessToken,
+      pageId,
+      versionNumber,
+      cloudId: providedCloudId,
+      limit = 50,
+      cursor,
+    } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!pageId) {
+      return NextResponse.json({ error: 'Page ID is required' }, { status: 400 })
+    }
+
+    const pageIdValidation = validateAlphanumericId(pageId, 'pageId', 255)
+    if (!pageIdValidation.isValid) {
+      return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    // If versionNumber is provided, get specific version
+    if (versionNumber !== undefined && versionNumber !== null) {
+      const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/versions/${versionNumber}`
+
+      logger.info(`Fetching version ${versionNumber} for page ${pageId}`)
+
+      const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+          Accept: 'application/json',
+          Authorization: `Bearer ${accessToken}`,
+        },
+      })
+
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => null)
+        logger.error('Confluence API error response:', {
+          status: response.status,
+          statusText: response.statusText,
+          error: JSON.stringify(errorData, null, 2),
+        })
+        const errorMessage = errorData?.message || `Failed to get page version (${response.status})`
+        return NextResponse.json({ error: errorMessage }, { status: response.status })
+      }
+
+      const data = await response.json()
+
+      return NextResponse.json({
+        version: {
+          number: data.number,
+          message: data.message ?? null,
+          minorEdit: data.minorEdit ?? false,
+          authorId: data.authorId ?? null,
+          createdAt: data.createdAt ?? null,
+        },
+        pageId,
+      })
+    }
+    // List all versions
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(limit, 250)))
+
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}/versions?${queryParams.toString()}`
+
+    logger.info(`Fetching versions for page ${pageId}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to list page versions (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const versions = (data.results || []).map((version: any) => ({
+      number: version.number,
+      message: version.message ?? null,
+      minorEdit: version.minorEdit ?? false,
+      authorId: version.authorId ?? null,
+      createdAt: version.createdAt ?? null,
+    }))
+
+    return NextResponse.json({
+      versions,
+      pageId,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error with page versions:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/page/route.ts

@@ -62,6 +62,7 @@ const deletePageSchema = z
     accessToken: z.string().min(1, 'Access token is required'),
     cloudId: z.string().optional(),
     pageId: z.string().min(1, 'Page ID is required'),
+    purge: z.boolean().optional(),
   })
   .refine(
     (data) => {
@@ -98,7 +99,7 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}?expand=body.storage,body.view,body.atlas_doc_format`
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}?body-format=storage`
 
     const response = await fetch(url, {
       method: 'GET',
@@ -130,16 +131,18 @@ export async function POST(request: NextRequest) {
       id: data.id,
       title: data.title,
       body: {
-        view: {
-          value:
-            data.body?.storage?.value ||
-            data.body?.view?.value ||
-            data.body?.atlas_doc_format?.value ||
-            data.content || // try alternative fields
-            data.description ||
-            `Content for page ${data.title}`, // fallback content
+        storage: {
+          value: data.body?.storage?.value ?? null,
+          representation: 'storage',
         },
       },
+      status: data.status ?? null,
+      spaceId: data.spaceId ?? null,
+      parentId: data.parentId ?? null,
+      authorId: data.authorId ?? null,
+      createdAt: data.createdAt ?? null,
+      version: data.version ?? null,
+      _links: data._links ?? null,
     })
   } catch (error) {
     logger.error('Error fetching Confluence page:', error)
@@ -274,7 +277,7 @@ export async function DELETE(request: NextRequest) {
       return NextResponse.json({ error: firstError.message }, { status: 400 })
     }
 
-    const { domain, accessToken, cloudId: providedCloudId, pageId } = validation.data
+    const { domain, accessToken, cloudId: providedCloudId, pageId, purge } = validation.data
 
     const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
 
@@ -283,7 +286,12 @@ export async function DELETE(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}`
+    const queryParams = new URLSearchParams()
+    if (purge) {
+      queryParams.append('purge', 'true')
+    }
+    const queryString = queryParams.toString()
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages/${pageId}${queryString ? `?${queryString}` : ''}`
 
     const response = await fetch(url, {
       method: 'DELETE',

apps/sim/app/api/tools/confluence/pages/route.ts

@@ -32,7 +32,6 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
     }
 
-    // Use provided cloudId or fetch it if not provided
     const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
 
     const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
@@ -40,7 +39,6 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    // Build the URL with query parameters
     const baseUrl = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages`
     const queryParams = new URLSearchParams()
 
@@ -57,7 +55,6 @@ export async function POST(request: NextRequest) {
 
     logger.info(`Fetching Confluence pages from: ${url}`)
 
-    // Make the request to Confluence API with OAuth Bearer token
     const response = await fetch(url, {
       method: 'GET',
       headers: {
@@ -79,7 +76,6 @@ export async function POST(request: NextRequest) {
       } catch (e) {
         logger.error('Could not parse error response as JSON:', e)
 
-        // Try to get the response text for more context
         try {
           const text = await response.text()
           logger.error('Response text:', text)

apps/sim/app/api/tools/confluence/search-in-space/route.ts

@@ -0,0 +1,120 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluenceSearchInSpaceAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Search for content within a specific Confluence space using CQL.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const {
+      domain,
+      accessToken,
+      spaceKey,
+      query,
+      cloudId: providedCloudId,
+      limit = 25,
+      contentType,
+    } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!spaceKey) {
+      return NextResponse.json({ error: 'Space key is required' }, { status: 400 })
+    }
+
+    const spaceKeyValidation = validateAlphanumericId(spaceKey, 'spaceKey', 255)
+    if (!spaceKeyValidation.isValid) {
+      return NextResponse.json({ error: spaceKeyValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const escapeCqlValue = (value: string) => value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')
+
+    let cql = `space = "${escapeCqlValue(spaceKey)}"`
+
+    if (query) {
+      cql += ` AND text ~ "${escapeCqlValue(query)}"`
+    }
+
+    if (contentType) {
+      cql += ` AND type = "${escapeCqlValue(contentType)}"`
+    }
+
+    const searchParams = new URLSearchParams({
+      cql,
+      limit: String(Math.min(limit, 250)),
+    })
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/rest/api/search?${searchParams.toString()}`
+
+    logger.info(`Searching in space ${spaceKey} with CQL: ${cql}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage = errorData?.message || `Failed to search in space (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const results = (data.results || []).map((result: any) => ({
+      id: result.content?.id ?? result.id,
+      title: result.content?.title ?? result.title,
+      type: result.content?.type ?? result.type,
+      status: result.content?.status ?? null,
+      url: result.url ?? result._links?.webui ?? '',
+      excerpt: result.excerpt ?? '',
+      lastModified: result.lastModified ?? null,
+    }))
+
+    return NextResponse.json({
+      results,
+      spaceKey,
+      totalSize: data.totalSize ?? results.length,
+    })
+  } catch (error) {
+    logger.error('Error searching in space:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/search/route.ts

@@ -42,8 +42,10 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
+    const escapeCqlValue = (value: string) => value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')
+
     const searchParams = new URLSearchParams({
-      cql: `text ~ "${query}"`,
+      cql: `text ~ "${escapeCqlValue(query)}"`,
       limit: limit.toString(),
     })
 
@@ -70,13 +72,27 @@ export async function POST(request: NextRequest) {
 
     const data = await response.json()
 
-    const results = (data.results || []).map((result: any) => ({
-      id: result.content?.id || result.id,
-      title: result.content?.title || result.title,
-      type: result.content?.type || result.type,
-      url: result.url || result._links?.webui || '',
-      excerpt: result.excerpt || '',
-    }))
+    const results = (data.results || []).map((result: any) => {
+      const spaceData = result.resultGlobalContainer || result.content?.space
+      return {
+        id: result.content?.id || result.id,
+        title: result.content?.title || result.title,
+        type: result.content?.type || result.type,
+        url: result.url || result._links?.webui || '',
+        excerpt: result.excerpt || '',
+        status: result.content?.status ?? null,
+        spaceKey: result.resultGlobalContainer?.key ?? result.content?.space?.key ?? null,
+        space: spaceData
+          ? {
+              id: spaceData.id ?? null,
+              key: spaceData.key ?? null,
+              name: spaceData.name ?? spaceData.title ?? null,
+            }
+          : null,
+        lastModified: result.lastModified ?? result.content?.history?.lastUpdated?.when ?? null,
+        entityType: result.entityType ?? null,
+      }
+    })
 
     return NextResponse.json({ results })
   } catch (error) {

apps/sim/app/api/tools/confluence/space-blogposts/route.ts

@@ -0,0 +1,124 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluenceSpaceBlogPostsAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * List all blog posts in a specific Confluence space.
+ * Uses GET /wiki/api/v2/spaces/{id}/blogposts
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const {
+      domain,
+      accessToken,
+      spaceId,
+      cloudId: providedCloudId,
+      limit = 25,
+      status,
+      bodyFormat,
+      cursor,
+    } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!spaceId) {
+      return NextResponse.json({ error: 'Space ID is required' }, { status: 400 })
+    }
+
+    const spaceIdValidation = validateAlphanumericId(spaceId, 'spaceId', 255)
+    if (!spaceIdValidation.isValid) {
+      return NextResponse.json({ error: spaceIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(limit, 250)))
+
+    if (status) {
+      queryParams.append('status', status)
+    }
+
+    if (bodyFormat) {
+      queryParams.append('body-format', bodyFormat)
+    }
+
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/spaces/${spaceId}/blogposts?${queryParams.toString()}`
+
+    logger.info(`Fetching blog posts in space ${spaceId}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to list blog posts in space (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const blogPosts = (data.results || []).map((post: any) => ({
+      id: post.id,
+      title: post.title,
+      status: post.status ?? null,
+      spaceId: post.spaceId ?? null,
+      authorId: post.authorId ?? null,
+      createdAt: post.createdAt ?? null,
+      version: post.version ?? null,
+      body: post.body ?? null,
+      webUrl: post._links?.webui ?? null,
+    }))
+
+    return NextResponse.json({
+      blogPosts,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error listing blog posts in space:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

apps/sim/app/api/tools/confluence/space-pages/route.ts

@@ -0,0 +1,125 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { validateAlphanumericId, validateJiraCloudId } from '@/lib/core/security/input-validation'
+import { getConfluenceCloudId } from '@/tools/confluence/utils'
+
+const logger = createLogger('ConfluenceSpacePagesAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * List all pages in a specific Confluence space.
+ * Uses GET /wiki/api/v2/spaces/{id}/pages
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await checkSessionOrInternalAuth(request)
+    if (!auth.success || !auth.userId) {
+      return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const {
+      domain,
+      accessToken,
+      spaceId,
+      cloudId: providedCloudId,
+      limit = 50,
+      status,
+      bodyFormat,
+      cursor,
+    } = body
+
+    if (!domain) {
+      return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
+    }
+
+    if (!accessToken) {
+      return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
+    }
+
+    if (!spaceId) {
+      return NextResponse.json({ error: 'Space ID is required' }, { status: 400 })
+    }
+
+    const spaceIdValidation = validateAlphanumericId(spaceId, 'spaceId', 255)
+    if (!spaceIdValidation.isValid) {
+      return NextResponse.json({ error: spaceIdValidation.error }, { status: 400 })
+    }
+
+    const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
+
+    const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
+    if (!cloudIdValidation.isValid) {
+      return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
+    }
+
+    const queryParams = new URLSearchParams()
+    queryParams.append('limit', String(Math.min(limit, 250)))
+
+    if (status) {
+      queryParams.append('status', status)
+    }
+
+    if (bodyFormat) {
+      queryParams.append('body-format', bodyFormat)
+    }
+
+    if (cursor) {
+      queryParams.append('cursor', cursor)
+    }
+
+    const url = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/spaces/${spaceId}/pages?${queryParams.toString()}`
+
+    logger.info(`Fetching pages in space ${spaceId}`)
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => null)
+      logger.error('Confluence API error response:', {
+        status: response.status,
+        statusText: response.statusText,
+        error: JSON.stringify(errorData, null, 2),
+      })
+      const errorMessage =
+        errorData?.message || `Failed to list pages in space (${response.status})`
+      return NextResponse.json({ error: errorMessage }, { status: response.status })
+    }
+
+    const data = await response.json()
+
+    const pages = (data.results || []).map((page: any) => ({
+      id: page.id,
+      title: page.title,
+      status: page.status ?? null,
+      spaceId: page.spaceId ?? null,
+      parentId: page.parentId ?? null,
+      authorId: page.authorId ?? null,
+      createdAt: page.createdAt ?? null,
+      version: page.version ?? null,
+      body: page.body ?? null,
+      webUrl: page._links?.webui ?? null,
+    }))
+
+    return NextResponse.json({
+      pages,
+      nextCursor: data._links?.next
+        ? new URL(data._links.next, 'https://placeholder').searchParams.get('cursor')
+        : null,
+    })
+  } catch (error) {
+    logger.error('Error listing pages in space:', error)
+    return NextResponse.json(
+      { error: (error as Error).message || 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}