sim main pull#448
Merged
Merged
Conversation
Co-authored-by: Theodore Li <theo@sim.ai>
* fix(signup): fix turnstile key loading * fix(login): fix captcha header passing * Catch user already exists, remove login form captcha --------- Co-authored-by: Theodore Li <theo@sim.ai>
…igger (#4030) * feat(slack): add subtype field and signature verification to Slack trigger * fix(slack): guard against NaN timestamp and align null/empty-string convention
…lity for workspace secrets (#4032) * improvement(secrets): parallelize save mutations and add admin visibility for workspace secrets * fix(secrets): sequence workspace upsert/delete to avoid read-modify-write race * fix(secrets): use Promise.allSettled to ensure credential invalidation after all mutations settle
…4028) * feat(chat): drag workflows and folders from sidebar into chat input * fix(chat): fix effectAllowed, stale atInsertPosRef, and drag-enter overlay for resource drags * feat(chat): add task dragging and visible drag ghost for sidebar items * feat(sidebar): add drag ghost with icons and task icon to context chips * refactor(types): narrow ChatMessageContext.kind to ChatContextKind union and add workflowBorderColor utility * feat(user-input): support Tab to select resource in mention dropdown * fix(user-input): narrow ChatContext discriminated union before accessing workflowId * fix(colors): overload workflowBorderColor to accept string | undefined * fix(colors): simplify workflowBorderColor to single string | undefined signature * fix(chat): remove resource panel tab when context mention is deleted from input * fix(chat): use resource ID for context removal identity check * fix(chat): add folder/task cases to resource resolver, task key to existingResourceKeys, and use workflowBorderColor in drag ghost * revert(chat): remove folder/task from resolveResourceFromContext — no panel UI for these types * fix(chat): add chatId to stored context types and workflow.color to drag callback deps * fix(chat): guard chatId before adding task key to existingResourceKeys
* feat(athena): add AWS Athena integration * fix(athena): address PR review comments - Fix variable shadowing: rename inner `data` to `rowData` in row mapper - Fix first-page maxResults off-by-one: request maxResults+1 to compensate for header row - Add missing runtime guard for queryString in create_named_query - Move athena registry entries to correct alphabetical position * fix(athena): alphabetize registry keys and add type re-exports - Reorder athena_* registry keys to strict alphabetical order - Add type re-exports from index.ts barrel * fix(athena): cap maxResults at 999 to prevent overflow with header row adjustment The +1 adjustment for the header row on first-page requests could produce MaxResults=1001 when user requests 1000, exceeding the AWS API hard cap of 1000.
* fix(admin): delete workspaces on ban * Fix lint * Wait until workspace deletion to return ban success --------- Co-authored-by: Theodore Li <theo@sim.ai>
* Add copy button for code blocks in mothership * Move to shared copy code button * Handle react node case for copy * fix(copy-button): address PR review feedback - Await clipboard write and clear timeout on unmount in CopyCodeButton - Fix hover bg color matching container bg (surface-4 -> surface-5) - Extract extractTextContent to shared util at lib/core/utils/react-node-text.ts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint --------- Co-authored-by: Theodore Li <theo@sim.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… pattern (#4035) * refactor(polling): consolidate polling services into provider handler pattern Eliminate self-POST anti-pattern and extract shared boilerplate from 4 polling services into a clean handler registry mirroring lib/webhooks/providers/. - Add processPolledWebhookEvent() to processor.ts for direct in-process webhook execution, removing HTTP round-trips that caused Lambda 403/timeout errors - Extract shared utilities (markWebhookFailed/Success, fetchActiveWebhooks, runWithConcurrency, resolveOAuthCredential, updateWebhookProviderConfig) - Create PollingProviderHandler interface with per-provider implementations - Consolidate 4 identical route files into single dynamic [provider] route - Standardize concurrency to 10 across all providers - No infra changes needed — Helm cron paths resolve via dynamic route Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * polish(polling): extract lock TTL constant and remove unnecessary type casts - Widen processPolledWebhookEvent body param to accept object, eliminating `as unknown as Record<string, unknown>` double casts in all 4 handlers - Extract LOCK_TTL_SECONDS constant in route, tying maxDuration and lock TTL to a single value Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(polling): address PR review feedback - Add archivedAt filters to fetchActiveWebhooks query, matching findWebhookAndWorkflow in processor.ts to prevent polling archived webhooks/workflows - Move provider validation after auth check to prevent provider enumeration by unauthenticated callers - Fix inconsistent pollingIdempotency import path in outlook.ts to match other handlers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(polling): use literal for maxDuration segment config Next.js requires segment config exports to be statically analyzable literals. Using a variable reference caused build failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…4040) * feat(secrets): allow admins to view and edit workspace secret values * fix(secrets): cross-browser masking and grid layout for non-admin users
* fix: address PR review comments on staging release
- Add try/catch around clipboard.writeText() in CopyCodeButton
- Add missing folder and past_chat cases in resolveResourceFromContext
- Return 400 for ZodError instead of 500 in all 8 Athena API routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(api): return 400 for Zod validation errors across 27 API routes
Routes using z.parse() were returning 500 for ZodError (client input
validation failures). Added instanceof z.ZodError check to return 400
before the generic 500 handler, matching the established pattern used
by 115+ other routes.
Affected services: CloudWatch (7), CloudFormation (7), DynamoDB (6),
Slack (3), Outlook (2), OneDrive (1), Google Drive (1).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(api): add success:false to ZodError responses for consistency
7 routes used { success: false, error: ... } in their generic error
handler but our ZodError handler only returned { error: ... }. Aligned
the ZodError response shape to match.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…for connectors (#4044) * improvement(kb): deferred content fetching and metadata-based hashes for connectors * fix(kb): remove message count from outlook contentHash to prevent list/get divergence * fix(kb): increase outlook getDocument message limit from 50 to 250 * fix(kb): skip outlook messages without conversationId to prevent broken stubs * fix(kb): scope outlook getDocument to same folder as listDocuments to prevent hash divergence * fix(kb): add missing connector sync cron job to Helm values The connector sync endpoint existed but had no cron job configured to trigger it, meaning scheduled syncs would never fire. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…nts, secrets performance, polling refactors, drag resources in mothership
* feat(speech): unified voice interface * add metering for voice input usage * ip key * use shared getclientip helper, fix deployed chat * cleanup code * prep merge * merge staging in * add billing check * add voice input section * remove skip billing * address comments
* fix(kb): improve error logging when connector token resolution fails The generic "Failed to obtain access token" error hid the actual root cause. Now logs credentialId, userId, authMode, and provider to help diagnose token refresh failures in trigger.dev. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(kb): disable connectors after 10 consecutive sync failures Connectors that fail 10 times in a row are set to 'disabled' status, stopping the cron from scheduling further syncs. The UI shows an alert triangle with a reconnect banner. Users can re-enable via the play button or by reconnecting their account, which resets failures. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(kb): disable sync button for disabled connectors, use amber badge variant Sync button should be disabled when connector is in disabled state to guide users toward reconnecting first. Badge variant changed from red to amber to match the warning banner styling. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(kb): address PR review comments for disabled connector feature - Use `=== undefined` instead of falsy check for nextSyncAt to preserve explicit null (manual sync only) when syncIntervalMinutes is 0 - Gate Reconnect button on serviceId/providerId so it only renders for OAuth connectors; show appropriate copy for API key connectors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(kb): move resolveAccessToken inside try/catch for circuit-breaker coverage Token resolution failures (e.g. revoked OAuth tokens) were thrown before the try/catch block, bypassing consecutiveFailures tracking entirely. Also removes dead `if (refreshed)` guards at mid-sync refresh sites since resolveAccessToken now always returns a string or throws. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(kb): remove dead interval branch when re-enabling connector When `updates.nextSyncAt === undefined`, syncIntervalMinutes was not in the request, so `parsed.data.syncIntervalMinutes` is always undefined. Simplify to just schedule an immediate sync — the sync engine sets the proper nextSyncAt based on the connector's DB interval after completion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…m cross-block (#4045) * fix(parallel): remove broken node-counting completion in parallel blocks * fix resolver claim --------- Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
Co-authored-by: Theodore Li <theo@sim.ai>
* fix(webhook): throw webhook errors as 4xxs * Fix shadowing body var --------- Co-authored-by: Theodore Li <theo@sim.ai>
* feat(enterprise): cloud whitelabeling for enterprise orgs * fix(enterprise): scope enterprise plan check to target org in whitelabel PUT * fix(enterprise): use isOrganizationOnEnterprisePlan for org-scoped enterprise check * fix(enterprise): allow clearing whitelabel fields and guard against empty update result * fix(enterprise): remove webp from logo accept attribute to match upload hook validation * improvement(billing): use isBillingEnabled instead of isProd for plan gate bypasses * fix(enterprise): show whitelabeling nav item when billing is enabled on non-hosted environments * fix(enterprise): accept relative paths for logoUrl since upload API returns /api/files/serve/ paths * fix(whitelabeling): prevent logo flash on refresh by hiding logo while branding loads * fix(whitelabeling): wire hover color through CSS token on tertiary buttons * fix(whitelabeling): show sim logo by default, only replace when org logo loads * fix(whitelabeling): cache org logo url in localstorage to eliminate flash on repeat visits * feat(whitelabeling): add wordmark support with drag/drop upload * updated turbo * fix(whitelabeling): defer localstorage read to effect to prevent hydration mismatch * fix(whitelabeling): use layout effect for cache read to eliminate logo flash before paint * fix(whitelabeling): cache theme css to eliminate color flash before org settings resolve * fix(whitelabeling): deduplicate HEX_COLOR_REGEX into lib/branding and remove mutation from useCallback deps * fix(whitelabeling): use cookie-based SSR cache to eliminate brand flash on all page loads * fix(whitelabeling): use !orgSettings condition to fix SSR brand cache injection React Query returns isLoading: false with data: undefined during SSR, so the previous brandingLoading condition was always false on the server — initialCache was never injected into brandConfig. Changing to !orgSettings correctly applies the cookie cache both during SSR and while the client-side query loads, eliminating the logo flash on hard refresh.
…connected to starter (#4054)
…ntext (#4055) Auto-layout was reading from getWorkflowState() without merging subblock store values, then persisting stale subblock data to the database. This caused runtime-edited values (e.g. router_v2 context) to be overwritten with their initial/empty values whenever auto-layout was triggered.
…ver-side (#4057) * fix(whitelabeling): eliminate logo flash by fetching org settings server-side * improvement(whitelabeling): add SVG support for logo and wordmark uploads * skelly in workspace header * remove dead code * fix(whitelabeling): hydration error, SVG support, skeleton shimmer, dead code removal * fix(whitelabeling): blob preview dep cycle and missing color fallback * fix(whitelabeling): use brand-accent as color fallback when workspace color is undefined * chore(whitelabeling): inline hasOrgBrand
* fix(error): catch socket auth error as 4xx * Switch to type guard --------- Co-authored-by: Theodore Li <theo@sim.ai>
* fix(agent): include model in structured response output * fix(agent): update test expectation for model in structured response
#4081) * feat(trigger): add Google Sheets, Drive, and Calendar polling triggers Add polling triggers for Google Sheets (new rows), Google Drive (file changes via changes.list API), and Google Calendar (event updates via updatedMin). Each includes OAuth credential support, configurable filters (event type, MIME type, folder, search term, render options), idempotency, and first-poll seeding. Wire triggers into block configs and regenerate integrations.json. Update add-trigger skill with polling instructions and versioned block wiring guidance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(polling): address PR review feedback for Google polling triggers - Fix Drive cursor stall: use nextPageToken as resume point when breaking early from pagination instead of re-using the original token - Eliminate redundant Drive API call in Sheets poller by returning modifiedTime from the pre-check function - Add 403/429 rate-limit handling to Sheets API calls matching the Calendar handler pattern - Remove unused changeType field from DriveChangeEntry interface - Rename triggers/google_drive to triggers/google-drive for consistency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(polling): fix Drive pre-check never activating in Sheets poller isDriveFileUnchanged short-circuited when lastModifiedTime was undefined, never calling the Drive API — so currentModifiedTime was never populated, creating a permanent chicken-and-egg loop. Now always calls the Drive API and returns the modifiedTime regardless of whether there's a previous value to compare against. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(lint): fix import ordering in triggers registry Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(polling): address PR review feedback for Google polling handlers - Fix fetchHeaderRow to throw on 403/429 rate limits instead of silently returning empty headers (prevents rows from being processed without headers and lastKnownRowCount from advancing past them permanently) - Fix Drive pagination to avoid advancing resume cursor past sliced changes (prevents permanent change loss when allChanges > maxFiles) - Remove unused logger import from Google Drive trigger config * fix(polling): prevent data loss on partial row failures and harden idempotency key - Sheets: only advance lastKnownRowCount by processedCount when there are failures, so failed rows are retried on the next poll cycle (idempotency deduplicates already-processed rows on re-fetch) - Drive: add fallback for change.time in idempotency key to prevent key collisions if the field is ever absent from the API response * fix(polling): remove unused variable and preserve lastModifiedTime on Drive API failure - Remove unused `now` variable from Google Drive polling handler - Preserve stored lastModifiedTime when Drive API pre-check fails (previously wrote undefined, disabling the optimization until the next successful Drive API call) * fix(polling): don't advance state when all events fail across sheets, calendar, drive handlers * fix(polling): retry failed idempotency keys, fix drive cursor overshoot, fix calendar inclusive updatedMin * fix(polling): revert calendar timestamp on any failure, not just all-fail * fix(polling): revert drive cursor on any failure, not just all-fail * feat(triggers): add canonical selector toggle to google polling triggers - Add 'trigger-advanced' mode to SubBlockConfig so canonical pairs work in trigger mode - Fix buildCanonicalIndex: trigger-mode subblocks don't overwrite non-trigger basicId, deduplicate advancedIds from block spreads - Update editor, subblock layout, and trigger config aggregation to include trigger-advanced subblocks - Replace dropdown+fetchOptions in Calendar/Sheets/Drive pollers with file-selector (basic) + short-input (advanced) canonical pairs - Add canonicalParamId: 'oauthCredential' to triggerCredentials for selector context resolution - Update polling handlers to read canonical fallbacks (calendarId||manualCalendarId, etc.) * test(blocks): handle trigger-advanced mode in canonical validation tests * fix(triggers): handle trigger-advanced mode in deploy, preview, params, and copilot * fix(polling): use position-only idempotency key for sheets rows * fix(polling): don't advance calendar timestamp to client clock on empty poll * fix(polling): remove extraneous comment from calendar poller * fix(polling): drive cursor stall on full page, calendar latestUpdated past filtered events * fix(polling): advance calendar cursor past fully-filtered event batches --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(ui): allow multiselect in resource tabs * Fix bugs with deselection * Try catch resource tab deletion independently * Fix chat switch selection * Default to null active id --------- Co-authored-by: Theodore Li <theo@sim.ai>
…nonical groups with block subblocks (#4095)
…sheet selectors (#4097) * fix(trigger): show selector display names on canvas for trigger file/sheet selectors * fix(trigger): use isNonEmptyValue in canonical member scan to match visibility contract
The Forms API has a different base URL for OAuth vs Basic Auth.
Per Atlassian support, OAuth requires the /ex/jira/{cloudId}/forms
pattern, not /jira/forms/cloud/{cloudId} which only works with
Basic Auth. This was causing 401 Unauthorized errors.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…e dropdowns (#4096) * fix(ui): support Tab key to select items in tag, env-var, and resource dropdowns * fix(ui): support Tab key to select items in tag, env-var, and resource dropdowns * fix(ui): guard Tab selection against Shift+Tab and undefined index
* fix(doc): Update byok docs section * Update cost page with new byok providers * Add translated sections --------- Co-authored-by: Theodore Li <theo@sim.ai>
…kew, and stale config clearing (#4101) * fix(trigger): fix polling trigger config defaults, row count, clock-skew, and stale config clearing * fix(deploy): track first-pass fills to prevent stale baseConfig bypassing required-field validation Use a dedicated `filledSubBlockIds` Set populated during the first pass so the second-pass skip guard is based solely on live `getConfigValue` results, not on stale entries spread from `baseConfig` (`triggerConfig`). * fix(trigger): prevent calendar cursor regression when all events are filtered client-side
* improvement(sockets): workflow switching state machine * address comments
* improvement(integrations, models): ui/ux * fix(models, integrations): dedup ChevronArrow/provider colors, fix UTC date rendering - Extract PROVIDER_COLORS and getProviderColor to model-colors.ts to eliminate identical definitions in model-comparison-charts and model-timeline-chart - Remove duplicate private ChevronArrow from integration-card; import the exported one from model-primitives instead - Add timeZone: 'UTC' to formatShortDate so ISO date-only strings (parsed as UTC midnight) render the correct calendar day in all timezones * refactor(models): rename model-colors.ts to consts.ts * improvement(models): derive provider colors/resellers from definitions, reorient FAQs to agent builder Dynamic data: - Add `color` and `isReseller` fields to ProviderDefinition interface - Move brand colors for all 10 providers into their definitions - Mark 6 reseller providers (Azure, Bedrock, Vertex, OpenRouter, Fireworks) - consts.ts now derives color map from MODEL_CATALOG_PROVIDERS - model-comparison-charts derives RESELLER_PROVIDERS from catalog - Fix deepseek name: Deepseek → DeepSeek; remove now-redundant PROVIDER_NAME_OVERRIDES and getProviderDisplayName from utils - Add color/isReseller fields to CatalogProvider; clean up duplicate providerDisplayName in searchText array FAQs: - Replace all 4 main-page FAQs with 5 agent-builder-oriented ones covering model selection, context windows, pricing, tool use, and how to use models in a Sim agent workflow - buildProviderFaqs: add conditional tool use FAQ per provider - buildModelFaqs: add bestFor FAQ (conditional on field presence); improve context window answer to explain agent implications; tighten capabilities answer wording * chore(models): remove model-colors.ts (superseded by consts.ts) * update footer --------- Co-authored-by: waleed <walif6@gmail.com>
…4102) * feat(knowledge): add token, sentence, recursive, and regex chunkers * fix(chunkers): standardize token estimation and use emcn dropdown - Refactor all existing chunkers (Text, JsonYaml, StructuredData, Docs) to use shared utils - Fix inconsistent token estimation (JsonYaml used tiktoken, StructuredData used /3 ratio) - Fix DocsChunker operator precedence bug and hard-coded 300-token limit - Fix JsonYamlChunker isStructuredData false positive on plain strings - Add MAX_DEPTH recursion guard to JsonYamlChunker - Replace @/components/ui/select with emcn DropdownMenu in strategy selector * fix(chunkers): address research audit findings - Expand RecursiveChunker recipes: markdown adds horizontal rules, code fences, blockquotes; code adds const/let/var/if/for/while/switch/return - RecursiveChunker fallback uses splitAtWordBoundaries instead of char slicing - RegexChunker ReDoS test uses adversarial strings (repeated chars, spaces) - SentenceChunker abbreviation list adds St/Rev/Gen/No/Fig/Vol/months and single-capital-letter lookbehind - Add overlap < maxSize validation in Zod schema and UI form - Add pattern max length (500) validation in Zod schema - Fix StructuredDataChunker footer grammar * fix(chunkers): fix remaining audit issues across all chunkers - DocsChunker: extract headers from cleaned content (not raw markdown) to fix position mismatch between header positions and chunk positions - DocsChunker: strip export statements and JSX expressions in cleanContent - DocsChunker: fix table merge dedup using equality instead of includes - JsonYamlChunker: preserve path breadcrumbs when nested value fits in one chunk, matching LangChain RecursiveJsonSplitter behavior - StructuredDataChunker: detect 2-column CSV (lowered threshold from >2 to >=1) and use 20% relative tolerance instead of absolute +/-2 - TokenChunker: use sliding window overlap (matching LangChain/Chonkie) where chunks stay within chunkSize instead of exceeding it - utils: splitAtWordBoundaries accepts optional stepChars for sliding window overlap; addOverlap uses newline join instead of space * chore(chunkers): lint formatting * updated styling * fix(chunkers): audit fixes and comprehensive tests - Fix SentenceChunker regex: lookbehinds now include the period to correctly handle abbreviations (Mr., Dr., etc.), initials (J.K.), and decimals - Fix RegexChunker ReDoS: reset lastIndex between adversarial test iterations, add poisoned-suffix test strings - Fix DocsChunker: skip code blocks during table boundary detection to prevent false positives from pipe characters - Fix JsonYamlChunker: oversized primitive leaf values now fall back to text chunking instead of emitting a single chunk - Fix TokenChunker: pass 0 to buildChunks for overlap metadata since sliding window handles overlap inherently - Add defensive guard in splitAtWordBoundaries to prevent infinite loops if step is 0 - Add tests for utils, TokenChunker, SentenceChunker, RecursiveChunker, RegexChunker (236 total tests, 0 failures) - Fix existing test expectations for updated footer format and isStructuredData behavior * chore(chunkers): remove unnecessary comments and dead code Strip 445 lines of redundant TSDoc, math calculation comments, implementation rationale notes, and assertion-restating comments across all chunker source and test files. * fix(chunkers): address PR review comments - Fix regex fallback path: use sliding window for overlap instead of passing chunkOverlap to buildChunks without prepended overlap text - Fix misleading strategy label: "Text (hierarchical splitting)" → "Text (word boundary splitting)" * fix(chunkers): use consistent overlap pattern in regex fallback Use addOverlap + buildChunks(chunks, overlap) in the regex fallback path to match the main path and all other chunkers (TextChunker, RecursiveChunker). The sliding window approach was inconsistent. * fix(chunkers): prevent content loss in word boundary splitting When splitAtWordBoundaries snaps end back to a word boundary, advance pos from end (not pos + step) in non-overlapping mode. The step-based advancement is preserved for the sliding window case (TokenChunker). * fix(chunkers): restore structured data token ratio and overlap joiner - Restore /3 token estimation for StructuredDataChunker (structured data is denser than prose, ~3 chars/token vs ~4) - Change addOverlap joiner from \n to space to match original TextChunker behavior * lint * fix(chunkers): fall back to character-level overlap in sentence chunker When no complete sentence fits within the overlap budget, fall back to character-level word-boundary overlap from the previous group's text. This ensures buildChunks metadata is always correct. * fix(chunkers): fix log message and add missing month abbreviations - Fix regex fallback log: "character splitting" → "word-boundary splitting" - Add Jun and Jul to sentence chunker abbreviation list * lint * fix(chunkers): restore structured data detection threshold to > 2 avgCount >= 1 was too permissive — prose with consistent comma usage would be misclassified as CSV. Restore original > 2 threshold while keeping the improved proportional tolerance. * fix(chunkers): pass chunkOverlap to buildChunks in TokenChunker * fix(chunkers): restore separator-as-joiner pattern in splitRecursively Separator was unconditionally prepended to parts after the first, leaving leading punctuation on chunks after a boundary reset. * feat(knowledge): add JSONL file support for knowledge base uploads Parses JSON Lines files by splitting on newlines and converting to a JSON array, which then flows through the existing JsonYamlChunker. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…endar triggers, docs updates, integrations/models pages improvements
…4108) * fix(execution): fix isolated-vm memory leak and add worker recycling * fix(execution): mirror retirement check in send-failure path and fix pool sizing * chore(execution): remove verbose comments from isolated-vm changes * fix(execution): apply retiring-worker exclusion to drainQueue pool size check * fix(execution): increment lifetimeExecutions on parent-side timeout
* chore(triggers): deprecate trigger-save subblock Remove the defunct triggerSave subblock from all 102 trigger definitions, the SubBlockType union, SYSTEM_SUBBLOCK_IDS, tool params, and command templates. Retain the backwards-compat filter in getTrigger() for any legacy stored data. * fix(triggers): remove leftover no-op blocks.push() in linear utils * chore(triggers): remove orphaned triggerId property and stale comments
…x tracking (#4109) * fix(trigger): auto-detect header row and rename lastKnownRowCount to lastIndexChecked - Replace hardcoded !1:1 header fetch with detectHeaderRow(), which scans the first 10 rows and returns the first non-empty row as headers. This fixes row: null / headers: [] when a sheet has blank rows or a title row above the actual column headers (e.g. headers in row 3). - Rename lastKnownRowCount → lastIndexChecked in GoogleSheetsWebhookConfig and all usage sites to clarify that the value is a row index pointer, not a total count. - Remove config parameter from processRows() since it was unused after the includeHeaders flag was removed. * fix(trigger): combine sheet state fetch, skip header/blank rows from data emission - Replace separate getDataRowCount() + detectHeaderRow() with a single fetchSheetState() call that returns rowCount, headers, and headerRowIndex from one A:Z fetch. Saves one Sheets API round-trip per poll cycle when new rows are detected. - Use headerRowIndex to compute adjustedStartRow, preventing the header row (and any blank rows above it) from being emitted as data events when lastIndexChecked was seeded from an empty sheet. - Handle the edge case where the entire batch falls within the header/blank window by advancing the pointer and returning early without fetching rows. - Skip empty rows (row.length === 0) in processRows rather than firing a workflow run with no meaningful data. * fix(trigger): preserve lastModifiedTime when remaining rows exist after header skip When all rows in a batch fall within the header/blank window (adjustedStartRow > endRow), the early return was unconditionally updating lastModifiedTime to the current value. If there were additional rows beyond the batch cap, the next Drive pre-check would see an unchanged modifiedTime and skip polling entirely, leaving those rows unprocessed. Mirror the hasRemainingOrFailed pattern from the normal processing path. * chore(trigger): remove verbose inline comments from google-sheets poller * fix(trigger): revert to full-width A:Z fetch for correct row count and consistent column scope * fix(trigger): don't count skipped empty rows as processed
…ean up comments (#4112) * fix(trigger): handle Drive rate limits, 410 page token expiry, and clean up comments * fix(trigger): treat Drive rate limits as success to preserve failure budget * fix(trigger): distinguish Drive 403 rate limits from permission errors, preserve knownFileIds on 410 re-seed
* feat(ee): add enterprise audit logs settings page with server-side search Add a new audit logs page under enterprise settings that displays all actions captured via recordAudit. Includes server-side search, resource type filtering, date range selection, and cursor-based pagination. - Add internal API route (app/api/audit-logs) with session auth - Extract shared query logic (buildFilterConditions, buildOrgScopeCondition, queryAuditLogs) into app/api/v1/audit-logs/query.ts - Refactor v1 and admin audit log routes to use shared query module - Add React Query hook with useInfiniteQuery and cursor pagination - Add audit logs UI with debounced search, combobox filters, expandable rows - Gate behind requiresHosted + requiresEnterprise navigation flags - Place all enterprise audit log code in ee/audit-logs/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(ee): fix build error and address PR review comments - Fix import path: @/lib/utils → @/lib/core/utils/cn - Guard against empty orgMemberIds array in buildOrgScopeCondition - Skip debounce effect on mount when search is already synced Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(ee): fix type error with unknown metadata in JSX expression Use ternary instead of && chain to prevent unknown type from being returned as ReactNode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ee): align skeleton filter width with actual component layout Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * feat(audit): add audit logging for passwords, credentials, and schedules - Add PASSWORD_RESET_REQUESTED audit on forget-password with user lookup - Add CREDENTIAL_CREATED/UPDATED/DELETED audit on credential CRUD routes with metadata (credentialType, providerId, updatedFields, envKey) - Add SCHEDULE_CREATED audit on schedule creation with cron/timezone metadata - Fix SCHEDULE_DELETED (was incorrectly using SCHEDULE_UPDATED for deletes) - Enhance existing schedule update/disable/reactivate audit with structured metadata (operation, updatedFields, sourceType, previousStatus) - Add CREDENTIAL resource type and Credential filter option to audit logs UI - Enhance password reset completed description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): align metadata with established recordAudit patterns - Add actorName/actorEmail to all new credential and schedule audit calls to match the established pattern (e.g., api-keys, byok-keys, knowledge) - Add resourceId and resourceName to forget-password audit call - Enhance forget-password description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(testing): sync audit mock with new AuditAction and AuditResourceType entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(audit-logs): derive resource type filter from AuditResourceType Instead of maintaining a separate hardcoded list, the filter dropdown now derives its options directly from the AuditResourceType const object. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(audit): enrich all recordAudit calls with structured metadata - Move resource type filter options to ee/audit-logs/constants.ts (derived from AuditResourceType, no separate list to maintain) - Remove export from internal cursor helpers in query.ts - Add 5 new AuditAction entries: BYOK_KEY_UPDATED, ENVIRONMENT_DELETED, INVITATION_RESENT, WORKSPACE_UPDATED, ORG_INVITATION_RESENT - Enrich ~80 recordAudit calls across the codebase with structured metadata (knowledge bases, connectors, documents, workspaces, members, invitations, workflows, deployments, templates, MCP servers, credential sets, organizations, permission groups, files, tables, notifications, copilot operations) - Sync audit mock with all new entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): remove redundant metadata fields duplicating top-level audit fields Remove metadata entries that duplicate resourceName, workspaceId, or other top-level recordAudit fields. Also remove noisy fileNames arrays from bulk document upload audits (kept fileCount). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): split audit types from server-only log module Extract AuditAction, AuditResourceType, and their types into lib/audit/types.ts (client-safe, no @sim/db dependency). The server-only recordAudit stays in log.ts and re-exports the types for backwards compatibility. constants.ts now imports from types.ts directly, breaking the postgres -> tls client bundle chain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): escape LIKE wildcards in audit log search query Escape %, _, and \ characters in the search parameter before embedding in the LIKE pattern to prevent unintended broad matches. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): use actual deletedCount in bulk API key revoke description The description was using keys.length (requested count) instead of deletedCount (actual count), which could differ if some keys didn't exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit-logs): fix OAuth label displaying as "Oauth" in filter dropdown ACRONYMS set stored 'OAuth' but lookup used toUpperCase() producing 'OAUTH' which never matched. Now store all acronyms uppercase and use a display override map for special casing like OAuth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
… PostHog tracking (#4116) * improvement: seo, geo, signup, posthog * fix(landing): address PR review issues and convention violations - Fix auth modal race condition: show loading state instead of redirecting when provider status hasn't loaded yet - Fix auth modal HTTP error caching: reject non-200 responses so they aren't permanently cached - Replace <img> with next/image <Image> in auth modal - Use cn() instead of template literal class concatenation in hero, footer-cta - Remove commented-out dead code in footer, landing, sitemap - Remove unused arrow property from FooterItem interface - Convert relative imports to absolute in integrations/[slug]/page - Remove no-op sanitizedName variable in signup form - Remove unnecessary async from llms-full.txt route - Remove extraneous non-TSDoc comment in auth modal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(landing): apply linter formatting fixes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): second pass — fix remaining code quality issues - auth-modal: add @sim/logger, log social sign-in errors instead of swallowing silently - auth-modal: extract duplicated social button classes into SOCIAL_BTN constant - auth-modal: remove unused isProduction from ProviderStatus interface - auth-modal: memoize getBrandConfig() call - footer: remove stale arrow destructuring left after interface cleanup, use cn() throughout - footer-cta: replace inline styles on submit button with Tailwind classes via cn() - footer-cta: replace caretColor inline style with caret-white utility - templates: fix incorrect section value 'landing_preview' → 'templates' for PostHog tracking - events: add 'templates' to landing_cta_clicked section union - integrations: replace "canvas" with "workflow builder" per constitution rules - llms-full: replace "canvas" terminology with "visual builder"/"workflow builder" Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): point Mothership and Workflows footer links to docs root These docs pages don't exist yet — link to docs.sim.ai until they are published. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): complete rebrand in blog fallback description Remove "workflows" from the non-tagged blog meta description to align with the AI workspace rebrand across the rest of the PR. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): strip isProduction from provider response and handle late-resolve redirect - Destructure only githubAvailable/googleAvailable from getOAuthProviderStatus so isProduction is not leaked to unauthenticated callers. - Add useEffect to redirect away from the modal if provider status resolves after the modal is already open and no social providers are configured. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): align auth modal with login/signup page logic - Add SSO button when NEXT_PUBLIC_SSO_ENABLED is set - Gate "Continue with email" behind EMAIL_PASSWORD_SIGNUP_ENABLED - Expose registrationDisabled from /api/auth/providers and hide the "Sign up" toggle when registration is disabled - Simplify skip-modal logic: redirect to full page when no social providers or SSO are available (hasModalContent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): force login view when registration is disabled When a CTA passes defaultView='signup' but registration is disabled, the modal now opens in login mode instead of showing "Create free account" with social buttons that would fail on the backend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(landing): correct signup view when registrationDisabled loads late When the user opens the modal before providerStatus resolves and registrationDisabled comes back true, the view was stuck on 'signup'. Now the late-resolve useEffect also forces the view to 'login'. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): add click tracking to integration page CTAs Create IntegrationCtaButton client component that wraps AuthModal and fires trackLandingCta on click, matching the pattern used by every other landing section CTA. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): prevent mobile auth modal from unmounting on open Remove setMobileMenuOpen(false) from mobile AuthModal button onClick handlers. Closing the mobile menu unmounts the AuthModal before it can open. The modal overlay or page redirect makes the menu irrelevant without needing to explicitly close it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Waleed Latif <walif6@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…s, audit logs ui, delete account (#4115) * feat(ee): enterprise feature flags, permission group platform controls, audit logs ui, delete account * fix(settings): improve sidebar skeleton fidelity and fix credit purchase org cache invalidation - Bump skeleton icon and text from 16/14px to 24px to better match real nav item visual weight - Add orgId support to usePurchaseCredits so org billing/subscription caches are invalidated on credit purchase, matching the pattern used by useUpgradeSubscription - Polish ColorInput in whitelabeling settings with auto-prefix and select-on-focus UX * revert(settings): remove delete account feature * fix(settings): address pr review — atomic autoAddNewMembers, extract query hook, fix types and signal forwarding * chore(helm): add CREDENTIAL_SETS_ENABLED to values.yaml * fix(access-control): dynamic platform category columns, atomic permission group delete * fix(access-control): restore triggers section in blocks tab * fix(access-control): merge triggers into tools section in blocks tab * upgrade tubro * fix(access-control): fix Select All state when config has stale blacklisted provider IDs * fix(access-control): derive platform Select All from features list; revert turbo schema version * fix(access-control): fix blocks Select All check, filter empty platform columns * revert(settings): restore original skeleton icon and text sizes
* fix(models): exclude reseller providers from model catalog pages Reseller providers like OpenRouter, Fireworks, Azure, Vertex, and Bedrock are aggregators that proxy other providers' models. Their model detail pages were generating broken links. Filter them out of MODEL_PROVIDERS_WITH_CATALOGS so they don't generate static pages or appear as clickable entries in the model directory. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(models): use filtered catalog for JSON-LD structured data Switch flatModels in page.tsx from MODEL_CATALOG_PROVIDERS to MODEL_PROVIDERS_WITH_CATALOGS so the Schema.org ItemList excludes reseller models, matching TOTAL_MODELS and avoiding broken URLs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Brief description of what this PR does and why.
Fixes #(issue)
Type of Change
Testing
How has this been tested? What should reviewers focus on?
Checklist
Screenshots/Videos