diff --git a/apps/docs/components/icons.tsx b/apps/docs/components/icons.tsx index 2e1e487780..d62410d7f6 100644 --- a/apps/docs/components/icons.tsx +++ b/apps/docs/components/icons.tsx @@ -1131,6 +1131,32 @@ export function AirtableIcon(props: SVGProps) { ) } +export function AirweaveIcon(props: SVGProps) { + return ( + + + + + + ) +} + export function GoogleDocsIcon(props: SVGProps) { return ( ) { ) } + +export function AgentSkillsIcon(props: SVGProps) { + return ( + + + + + ) +} diff --git a/apps/docs/components/ui/icon-mapping.ts b/apps/docs/components/ui/icon-mapping.ts index c7a766f6c2..490292c099 100644 --- a/apps/docs/components/ui/icon-mapping.ts +++ b/apps/docs/components/ui/icon-mapping.ts @@ -7,6 +7,7 @@ import { A2AIcon, AhrefsIcon, AirtableIcon, + AirweaveIcon, ApifyIcon, ApolloIcon, ArxivIcon, @@ -141,6 +142,7 @@ export const blockTypeToIconMap: Record = { a2a: A2AIcon, ahrefs: AhrefsIcon, airtable: AirtableIcon, + airweave: AirweaveIcon, apify: ApifyIcon, apollo: ApolloIcon, arxiv: ArxivIcon, diff --git a/apps/docs/content/docs/en/meta.json b/apps/docs/content/docs/en/meta.json index b934947a32..2f38998574 100644 --- a/apps/docs/content/docs/en/meta.json +++ b/apps/docs/content/docs/en/meta.json @@ -10,6 +10,7 @@ "connections", "mcp", "copilot", + "skills", "knowledgebase", "variables", "execution", diff --git a/apps/docs/content/docs/en/skills/index.mdx b/apps/docs/content/docs/en/skills/index.mdx new file mode 100644 index 0000000000..6f5a95d3fb --- /dev/null +++ b/apps/docs/content/docs/en/skills/index.mdx @@ -0,0 +1,134 @@ +--- +title: Agent Skills +--- + +import { Callout } from 'fumadocs-ui/components/callout' + +Agent Skills are reusable packages of instructions that give your AI agents specialized capabilities. Based on the open [Agent Skills](https://agentskills.io) format, skills let you capture domain expertise, workflows, and best practices that agents can load on demand. + +## How Skills Work + +Skills use **progressive disclosure** to keep agent context lean: + +1. **Discovery** — Only skill names and descriptions are included in the agent's system prompt (~50-100 tokens each) +2. **Activation** — When the agent decides a skill is relevant, it calls the `load_skill` tool to load the full instructions into context +3. **Execution** — The agent follows the loaded instructions to complete the task + +This means you can attach many skills to an agent without bloating its context window. The agent only loads what it needs. + +## Creating Skills + +Go to **Settings** and select **Skills** under the Tools section. + +![Manage Skills](/static/skills/manage-skills.png) + +Click **Add** to create a new skill with three fields: + +| Field | Description | +|-------|-------------| +| **Name** | A kebab-case identifier (e.g. `sql-expert`, `code-reviewer`). Max 64 characters. | +| **Description** | A short explanation of what the skill does and when to use it. This is what the agent reads to decide whether to activate the skill. Max 1024 characters. | +| **Content** | The full skill instructions in markdown. This is loaded when the agent activates the skill. | + + + The description is critical — it's the only thing the agent sees before deciding to load a skill. Be specific about when and why the skill should be used. + + +### Writing Good Skill Content + +Skill content follows the same conventions as [SKILL.md files](https://agentskills.io/specification): + +```markdown +# SQL Expert + +## When to use this skill +Use when the user asks you to write, optimize, or debug SQL queries. + +## Instructions +1. Always ask which database engine (PostgreSQL, MySQL, SQLite) +2. Use CTEs over subqueries for readability +3. Add index recommendations when relevant +4. Explain query plans for optimization requests + +## Common Patterns +... +``` + +**Recommended structure:** +- **When to use** — Specific triggers and scenarios +- **Instructions** — Step-by-step guidance with numbered lists +- **Examples** — Input/output samples showing expected behavior +- **Common Patterns** — Reusable approaches for frequent tasks +- **Edge Cases** — Gotchas and special considerations + +Keep skills focused and under 500 lines. If a skill grows too large, split it into multiple specialized skills. + +## Adding Skills to an Agent + +Open any **Agent** block and find the **Skills** dropdown below the tools section. Select the skills you want the agent to have access to. + +![Add Skill](/static/skills/add-skill.png) + +Selected skills appear as cards that you can click to edit or remove. + +### What Happens at Runtime + +When the workflow runs: + +1. The agent's system prompt includes an `` section listing each skill's name and description +2. A `load_skill` tool is automatically added to the agent's available tools +3. When the agent determines a skill is relevant to the current task, it calls `load_skill` with the skill name +4. The full skill content is returned as a tool response, giving the agent detailed instructions + +This works across all supported LLM providers — the `load_skill` tool uses standard tool-calling, so no provider-specific configuration is needed. + +## Common Use Cases + +Skills are most valuable when agents need specialized knowledge or multi-step workflows: + +**Domain Expertise** +- `api-integration-expert` — Best practices for calling specific APIs (authentication, rate limiting, error handling) +- `data-transformation` — ETL patterns, data cleaning, and validation rules +- `code-reviewer` — Code review guidelines specific to your team's standards + +**Workflow Templates** +- `bug-investigation` — Step-by-step debugging methodology (reproduce → isolate → test → fix) +- `feature-implementation` — Development workflow from requirements to deployment +- `document-generator` — Templates and formatting rules for technical documentation + +**Company-Specific Knowledge** +- `our-architecture` — System architecture diagrams, service dependencies, and deployment processes +- `style-guide` — Brand guidelines, writing tone, UI/UX patterns +- `customer-onboarding` — Standard procedures and common customer questions + +**When to use skills vs. agent instructions:** +- Use **skills** for knowledge that applies across multiple workflows or changes frequently +- Use **agent instructions** for task-specific context that's unique to a single agent + +## Best Practices + +**Writing Effective Descriptions** +- **Be specific and keyword-rich** — Instead of "Helps with SQL", write "Write optimized SQL queries for PostgreSQL, MySQL, and SQLite, including index recommendations and query plan analysis" +- **Include activation triggers** — Mention specific words or phrases that should prompt the skill (e.g., "Use when the user mentions PDFs, forms, or document extraction") +- **Keep it under 200 words** — Agents scan descriptions quickly; make every word count + +**Skill Scope and Organization** +- **One skill per domain** — A focused `sql-expert` skill works better than a broad `database-everything` skill +- **Limit to 5-10 skills per agent** — More skills = more decision overhead; start small and add as needed +- **Split large skills** — If a skill exceeds 500 lines, break it into focused sub-skills + +**Content Structure** +- **Use markdown formatting** — Headers, lists, and code blocks help agents parse and follow instructions +- **Provide examples** — Show input/output pairs so agents understand expected behavior +- **Be explicit about edge cases** — Don't assume agents will infer special handling + +**Testing and Iteration** +- **Test activation** — Run your workflow and verify the agent loads the skill when expected +- **Check for false positives** — Make sure skills aren't activating when they shouldn't +- **Refine descriptions** — If a skill isn't loading when needed, add more keywords to the description + +## Learn More + +- [Agent Skills specification](https://agentskills.io) — The open format for portable agent skills +- [Example skills](https://github.com/anthropics/skills) — Browse community skill examples +- [Best practices](https://agentskills.io/what-are-skills) — Writing effective skills diff --git a/apps/docs/content/docs/en/tools/airweave.mdx b/apps/docs/content/docs/en/tools/airweave.mdx new file mode 100644 index 0000000000..59764a4c0b --- /dev/null +++ b/apps/docs/content/docs/en/tools/airweave.mdx @@ -0,0 +1,67 @@ +--- +title: Airweave +description: Search your synced data collections +--- + +import { BlockInfoCard } from "@/components/ui/block-info-card" + + + +{/* MANUAL-CONTENT-START:intro */} +[Airweave](https://airweave.ai/) is an AI-powered semantic search platform that helps you discover and retrieve knowledge across all your synced data sources. Built for modern teams, Airweave enables fast, relevant search results using neural, hybrid, or keyword-based strategies tailored to your needs. + +With Airweave, you can: + +- **Search smarter**: Use natural language queries to uncover information stored across your connected tools and databases +- **Unify your data**: Seamlessly access content from sources like code, docs, chat, emails, cloud files, and more +- **Customize retrieval**: Select between hybrid (semantic + keyword), neural, or keyword search strategies for optimal results +- **Boost recall**: Expand search queries with AI to find more comprehensive answers +- **Rerank results using AI**: Prioritize the most relevant answers with powerful language models +- **Get instant answers**: Generate clear, AI-powered responses synthesized from your data + +In Sim, the Airweave integration empowers your agents to search, summarize, and extract insights from all your organization’s data via a single tool. Use Airweave to drive rich, contextual knowledge retrieval within your workflows—whether answering questions, generating summaries, or supporting dynamic decision-making. +{/* MANUAL-CONTENT-END */} + +## Usage Instructions + +Search across your synced data sources using Airweave. Supports semantic search with hybrid, neural, or keyword retrieval strategies. Optionally generate AI-powered answers from search results. + + + +## Tools + +### `airweave_search` + +Search your synced data collections using Airweave. Supports semantic search with hybrid, neural, or keyword retrieval strategies. Optionally generate AI-powered answers from search results. + +#### Input + +| Parameter | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `apiKey` | string | Yes | Airweave API Key for authentication | +| `collectionId` | string | Yes | The readable ID of the collection to search | +| `query` | string | Yes | The search query text | +| `limit` | number | No | Maximum number of results to return \(default: 100\) | +| `retrievalStrategy` | string | No | Retrieval strategy: hybrid \(default\), neural, or keyword | +| `expandQuery` | boolean | No | Generate query variations to improve recall | +| `rerank` | boolean | No | Reorder results for improved relevance using LLM | +| `generateAnswer` | boolean | No | Generate a natural-language answer to the query | + +#### Output + +| Parameter | Type | Description | +| --------- | ---- | ----------- | +| `results` | array | Search results with content, scores, and metadata from your synced data | +| ↳ `entity_id` | string | Unique identifier for the search result entity | +| ↳ `source_name` | string | Name of the data source \(e.g., "GitHub", "Slack"\) | +| ↳ `md_content` | string | Markdown-formatted content of the result | +| ↳ `score` | number | Relevance score from the search | +| ↳ `metadata` | object | Additional metadata associated with the result | +| ↳ `breadcrumbs` | array | Navigation path to the result within its source | +| ↳ `url` | string | URL to the original content | +| `completion` | string | AI-generated answer to the query \(when generateAnswer is enabled\) | + + diff --git a/apps/docs/content/docs/en/tools/meta.json b/apps/docs/content/docs/en/tools/meta.json index 61b20cfa98..419957f7e7 100644 --- a/apps/docs/content/docs/en/tools/meta.json +++ b/apps/docs/content/docs/en/tools/meta.json @@ -4,6 +4,7 @@ "a2a", "ahrefs", "airtable", + "airweave", "apify", "apollo", "arxiv", diff --git a/apps/docs/public/static/skills/add-skill.png b/apps/docs/public/static/skills/add-skill.png new file mode 100644 index 0000000000..80428e88ae Binary files /dev/null and b/apps/docs/public/static/skills/add-skill.png differ diff --git a/apps/docs/public/static/skills/manage-skills.png b/apps/docs/public/static/skills/manage-skills.png new file mode 100644 index 0000000000..67f7ccd204 Binary files /dev/null and b/apps/docs/public/static/skills/manage-skills.png differ diff --git a/apps/sim/app/api/a2a/agents/[agentId]/route.ts b/apps/sim/app/api/a2a/agents/[agentId]/route.ts index 65f22e5b60..1c8eea273b 100644 --- a/apps/sim/app/api/a2a/agents/[agentId]/route.ts +++ b/apps/sim/app/api/a2a/agents/[agentId]/route.ts @@ -5,7 +5,7 @@ import { eq } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' import { generateAgentCard, generateSkillsFromWorkflow } from '@/lib/a2a/agent-card' import type { AgentCapabilities, AgentSkill } from '@/lib/a2a/types' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { getRedisClient } from '@/lib/core/config/redis' import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -40,7 +40,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise { const mockRefreshTokenIfNeeded = vi.fn() const mockGetOAuthToken = vi.fn() const mockAuthorizeCredentialUse = vi.fn() - const mockCheckHybridAuth = vi.fn() + const mockCheckSessionOrInternalAuth = vi.fn() const mockLogger = createMockLogger() @@ -42,7 +42,7 @@ describe('OAuth Token API Routes', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: mockCheckHybridAuth, + checkSessionOrInternalAuth: mockCheckSessionOrInternalAuth, })) }) @@ -235,7 +235,7 @@ describe('OAuth Token API Routes', () => { describe('credentialAccountUserId + providerId path', () => { it('should reject unauthenticated requests', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: false, error: 'Authentication required', }) @@ -255,30 +255,8 @@ describe('OAuth Token API Routes', () => { expect(mockGetOAuthToken).not.toHaveBeenCalled() }) - it('should reject API key authentication', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ - success: true, - authType: 'api_key', - userId: 'test-user-id', - }) - - const req = createMockRequest('POST', { - credentialAccountUserId: 'test-user-id', - providerId: 'google', - }) - - const { POST } = await import('@/app/api/auth/oauth/token/route') - - const response = await POST(req) - const data = await response.json() - - expect(response.status).toBe(401) - expect(data).toHaveProperty('error', 'User not authenticated') - expect(mockGetOAuthToken).not.toHaveBeenCalled() - }) - it('should reject internal JWT authentication', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'internal_jwt', userId: 'test-user-id', @@ -300,7 +278,7 @@ describe('OAuth Token API Routes', () => { }) it('should reject requests for other users credentials', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'attacker-user-id', @@ -322,7 +300,7 @@ describe('OAuth Token API Routes', () => { }) it('should allow session-authenticated users to access their own credentials', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -345,7 +323,7 @@ describe('OAuth Token API Routes', () => { }) it('should return 404 when credential not found for user', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -373,7 +351,7 @@ describe('OAuth Token API Routes', () => { */ describe('GET handler', () => { it('should return access token successfully', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -402,7 +380,7 @@ describe('OAuth Token API Routes', () => { expect(response.status).toBe(200) expect(data).toHaveProperty('accessToken', 'fresh-token') - expect(mockCheckHybridAuth).toHaveBeenCalled() + expect(mockCheckSessionOrInternalAuth).toHaveBeenCalled() expect(mockGetCredential).toHaveBeenCalledWith(mockRequestId, 'credential-id', 'test-user-id') expect(mockRefreshTokenIfNeeded).toHaveBeenCalled() }) @@ -421,7 +399,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle authentication failure', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: false, error: 'Authentication required', }) @@ -440,7 +418,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle credential not found', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -461,7 +439,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle missing access token', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', @@ -487,7 +465,7 @@ describe('OAuth Token API Routes', () => { }) it('should handle token refresh failure', async () => { - mockCheckHybridAuth.mockResolvedValueOnce({ + mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: true, authType: 'session', userId: 'test-user-id', diff --git a/apps/sim/app/api/auth/oauth/token/route.ts b/apps/sim/app/api/auth/oauth/token/route.ts index 7c7d1f4630..f6728fe696 100644 --- a/apps/sim/app/api/auth/oauth/token/route.ts +++ b/apps/sim/app/api/auth/oauth/token/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { authorizeCredentialUse } from '@/lib/auth/credential-access' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { getCredential, getOAuthToken, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils' @@ -71,7 +71,7 @@ export async function POST(request: NextRequest) { providerId, }) - const auth = await checkHybridAuth(request, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!auth.success || auth.authType !== 'session' || !auth.userId) { logger.warn(`[${requestId}] Unauthorized request for credentialAccountUserId path`, { success: auth.success, @@ -187,7 +187,7 @@ export async function GET(request: NextRequest) { const { credentialId } = parseResult.data // For GET requests, we only support session-based authentication - const auth = await checkHybridAuth(request, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!auth.success || auth.authType !== 'session' || !auth.userId) { return NextResponse.json({ error: 'User not authenticated' }, { status: 401 }) } diff --git a/apps/sim/app/api/copilot/chat/route.ts b/apps/sim/app/api/copilot/chat/route.ts index 9d31bf5c36..72c959d9a4 100644 --- a/apps/sim/app/api/copilot/chat/route.ts +++ b/apps/sim/app/api/copilot/chat/route.ts @@ -285,6 +285,14 @@ export async function POST(req: NextRequest) { apiVersion: 'preview', endpoint: env.AZURE_OPENAI_ENDPOINT, } + } else if (providerEnv === 'azure-anthropic') { + providerConfig = { + provider: 'azure-anthropic', + model: envModel, + apiKey: env.AZURE_ANTHROPIC_API_KEY, + apiVersion: env.AZURE_ANTHROPIC_API_VERSION, + endpoint: env.AZURE_ANTHROPIC_ENDPOINT, + } } else if (providerEnv === 'vertex') { providerConfig = { provider: 'vertex', diff --git a/apps/sim/app/api/files/delete/route.test.ts b/apps/sim/app/api/files/delete/route.test.ts index 669ea86ad4..0cc9824f71 100644 --- a/apps/sim/app/api/files/delete/route.test.ts +++ b/apps/sim/app/api/files/delete/route.test.ts @@ -29,7 +29,7 @@ function setupFileApiMocks( } vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: authenticated, userId: authenticated ? 'test-user-id' : undefined, error: authenticated ? undefined : 'Unauthorized', diff --git a/apps/sim/app/api/files/delete/route.ts b/apps/sim/app/api/files/delete/route.ts index 1a5f491388..2735004612 100644 --- a/apps/sim/app/api/files/delete/route.ts +++ b/apps/sim/app/api/files/delete/route.ts @@ -1,7 +1,7 @@ import { createLogger } from '@sim/logger' import type { NextRequest } from 'next/server' import { NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import type { StorageContext } from '@/lib/uploads/config' import { deleteFile, hasCloudStorage } from '@/lib/uploads/core/storage-service' import { extractStorageKey, inferContextFromKey } from '@/lib/uploads/utils/file-utils' @@ -24,7 +24,7 @@ const logger = createLogger('FilesDeleteAPI') */ export async function POST(request: NextRequest) { try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized file delete request', { diff --git a/apps/sim/app/api/files/download/route.ts b/apps/sim/app/api/files/download/route.ts index bd718ed8f4..45f9ebb243 100644 --- a/apps/sim/app/api/files/download/route.ts +++ b/apps/sim/app/api/files/download/route.ts @@ -1,6 +1,6 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import type { StorageContext } from '@/lib/uploads/config' import { hasCloudStorage } from '@/lib/uploads/core/storage-service' import { verifyFileAccess } from '@/app/api/files/authorization' @@ -12,7 +12,7 @@ export const dynamic = 'force-dynamic' export async function POST(request: NextRequest) { try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized download URL request', { diff --git a/apps/sim/app/api/files/parse/route.test.ts b/apps/sim/app/api/files/parse/route.test.ts index 801795570a..bfdc3bbe71 100644 --- a/apps/sim/app/api/files/parse/route.test.ts +++ b/apps/sim/app/api/files/parse/route.test.ts @@ -35,7 +35,7 @@ function setupFileApiMocks( } vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkInternalAuth: vi.fn().mockResolvedValue({ success: authenticated, userId: authenticated ? 'test-user-id' : undefined, error: authenticated ? undefined : 'Unauthorized', diff --git a/apps/sim/app/api/files/parse/route.ts b/apps/sim/app/api/files/parse/route.ts index 25112133fc..4b1882f863 100644 --- a/apps/sim/app/api/files/parse/route.ts +++ b/apps/sim/app/api/files/parse/route.ts @@ -5,7 +5,7 @@ import path from 'path' import { createLogger } from '@sim/logger' import binaryExtensionsList from 'binary-extensions' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { secureFetchWithPinnedIP, validateUrlWithDNS, @@ -66,7 +66,7 @@ export async function POST(request: NextRequest) { const startTime = Date.now() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: true }) + const authResult = await checkInternalAuth(request, { requireWorkflowId: true }) if (!authResult.success) { logger.warn('Unauthorized file parse request', { diff --git a/apps/sim/app/api/files/serve/[...path]/route.test.ts b/apps/sim/app/api/files/serve/[...path]/route.test.ts index fe833f3aa3..d09adf048a 100644 --- a/apps/sim/app/api/files/serve/[...path]/route.test.ts +++ b/apps/sim/app/api/files/serve/[...path]/route.test.ts @@ -55,7 +55,7 @@ describe('File Serve API Route', () => { }) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -165,7 +165,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -226,7 +226,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -291,7 +291,7 @@ describe('File Serve API Route', () => { })) vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), @@ -350,7 +350,7 @@ describe('File Serve API Route', () => { for (const test of contentTypeTests) { it(`should serve ${test.ext} file with correct content type`, async () => { vi.doMock('@/lib/auth/hybrid', () => ({ - checkHybridAuth: vi.fn().mockResolvedValue({ + checkSessionOrInternalAuth: vi.fn().mockResolvedValue({ success: true, userId: 'test-user-id', }), diff --git a/apps/sim/app/api/files/serve/[...path]/route.ts b/apps/sim/app/api/files/serve/[...path]/route.ts index e339615f87..9c562fb262 100644 --- a/apps/sim/app/api/files/serve/[...path]/route.ts +++ b/apps/sim/app/api/files/serve/[...path]/route.ts @@ -2,7 +2,7 @@ import { readFile } from 'fs/promises' import { createLogger } from '@sim/logger' import type { NextRequest } from 'next/server' import { NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { CopilotFiles, isUsingCloudStorage } from '@/lib/uploads' import type { StorageContext } from '@/lib/uploads/config' import { downloadFile } from '@/lib/uploads/core/storage-service' @@ -49,7 +49,7 @@ export async function GET( return await handleLocalFilePublic(fullPath) } - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn('Unauthorized file access attempt', { diff --git a/apps/sim/app/api/function/execute/route.ts b/apps/sim/app/api/function/execute/route.ts index 4ccbd8d7c0..441bf788d9 100644 --- a/apps/sim/app/api/function/execute/route.ts +++ b/apps/sim/app/api/function/execute/route.ts @@ -845,6 +845,8 @@ export async function POST(req: NextRequest) { contextVariables, timeoutMs: timeout, requestId, + ownerKey: `user:${auth.userId}`, + ownerWeight: 1, }) const executionTime = Date.now() - startTime diff --git a/apps/sim/app/api/guardrails/validate/route.ts b/apps/sim/app/api/guardrails/validate/route.ts index 5f47383390..6e1b65750c 100644 --- a/apps/sim/app/api/guardrails/validate/route.ts +++ b/apps/sim/app/api/guardrails/validate/route.ts @@ -23,7 +23,16 @@ export async function POST(request: NextRequest) { topK, model, apiKey, + azureEndpoint, + azureApiVersion, + vertexProject, + vertexLocation, + vertexCredential, + bedrockAccessKeyId, + bedrockSecretKey, + bedrockRegion, workflowId, + workspaceId, piiEntityTypes, piiMode, piiLanguage, @@ -110,7 +119,18 @@ export async function POST(request: NextRequest) { topK, model, apiKey, + { + azureEndpoint, + azureApiVersion, + vertexProject, + vertexLocation, + vertexCredential, + bedrockAccessKeyId, + bedrockSecretKey, + bedrockRegion, + }, workflowId, + workspaceId, piiEntityTypes, piiMode, piiLanguage, @@ -178,7 +198,18 @@ async function executeValidation( topK: string | undefined, model: string, apiKey: string | undefined, + providerCredentials: { + azureEndpoint?: string + azureApiVersion?: string + vertexProject?: string + vertexLocation?: string + vertexCredential?: string + bedrockAccessKeyId?: string + bedrockSecretKey?: string + bedrockRegion?: string + }, workflowId: string | undefined, + workspaceId: string | undefined, piiEntityTypes: string[] | undefined, piiMode: string | undefined, piiLanguage: string | undefined, @@ -219,7 +250,9 @@ async function executeValidation( topK: topK ? Number.parseInt(topK) : 10, // Default topK is 10 model: model, apiKey, + providerCredentials, workflowId, + workspaceId, requestId, }) } diff --git a/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts b/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts index ba52994c88..cbc5ac90e6 100644 --- a/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts +++ b/apps/sim/app/api/knowledge/[id]/tag-definitions/route.ts @@ -2,7 +2,7 @@ import { randomUUID } from 'crypto' import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { SUPPORTED_FIELD_TYPES } from '@/lib/knowledge/constants' import { createTagDefinition, getTagDefinitions } from '@/lib/knowledge/tags/service' import { checkKnowledgeBaseAccess } from '@/app/api/knowledge/utils' @@ -19,19 +19,11 @@ export async function GET(req: NextRequest, { params }: { params: Promise<{ id: try { logger.info(`[${requestId}] Getting tag definitions for knowledge base ${knowledgeBaseId}`) - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success) { return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 }) } - // Only allow session and internal JWT auth (not API key) - if (auth.authType === 'api_key') { - return NextResponse.json( - { error: 'API key auth not supported for this endpoint' }, - { status: 401 } - ) - } - // For session auth, verify KB access. Internal JWT is trusted. if (auth.authType === 'session' && auth.userId) { const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId) @@ -64,19 +56,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: try { logger.info(`[${requestId}] Creating tag definition for knowledge base ${knowledgeBaseId}`) - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success) { return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 }) } - // Only allow session and internal JWT auth (not API key) - if (auth.authType === 'api_key') { - return NextResponse.json( - { error: 'API key auth not supported for this endpoint' }, - { status: 401 } - ) - } - // For session auth, verify KB access. Internal JWT is trusted. if (auth.authType === 'session' && auth.userId) { const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, auth.userId) diff --git a/apps/sim/app/api/logs/execution/[executionId]/route.ts b/apps/sim/app/api/logs/execution/[executionId]/route.ts index 8d7004ef5c..27a75298d2 100644 --- a/apps/sim/app/api/logs/execution/[executionId]/route.ts +++ b/apps/sim/app/api/logs/execution/[executionId]/route.ts @@ -8,7 +8,7 @@ import { import { createLogger } from '@sim/logger' import { and, eq, inArray } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import type { TraceSpan, WorkflowExecutionLog } from '@/lib/logs/types' @@ -23,7 +23,7 @@ export async function GET( try { const { executionId } = await params - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized execution data access attempt for: ${executionId}`) return NextResponse.json( diff --git a/apps/sim/app/api/memory/[id]/route.ts b/apps/sim/app/api/memory/[id]/route.ts index 2f5b5ae1cc..4a4c96b117 100644 --- a/apps/sim/app/api/memory/[id]/route.ts +++ b/apps/sim/app/api/memory/[id]/route.ts @@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger' import { and, eq } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -36,7 +36,7 @@ async function validateMemoryAccess( requestId: string, action: 'read' | 'write' ): Promise<{ userId: string } | { error: NextResponse }> { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory ${action} attempt`) return { diff --git a/apps/sim/app/api/memory/route.ts b/apps/sim/app/api/memory/route.ts index 072756c7a6..c5a4638d7c 100644 --- a/apps/sim/app/api/memory/route.ts +++ b/apps/sim/app/api/memory/route.ts @@ -3,7 +3,7 @@ import { memory } from '@sim/db/schema' import { createLogger } from '@sim/logger' import { and, eq, isNull, like } from 'drizzle-orm' import { type NextRequest, NextResponse } from 'next/server' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils' @@ -16,7 +16,7 @@ export async function GET(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory access attempt`) return NextResponse.json( @@ -89,7 +89,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory creation attempt`) return NextResponse.json( @@ -228,7 +228,7 @@ export async function DELETE(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request) + const authResult = await checkInternalAuth(request) if (!authResult.success || !authResult.userId) { logger.warn(`[${requestId}] Unauthorized memory deletion attempt`) return NextResponse.json( diff --git a/apps/sim/app/api/permission-groups/[id]/route.ts b/apps/sim/app/api/permission-groups/[id]/route.ts index 977cb1bbfe..bdad32bdb9 100644 --- a/apps/sim/app/api/permission-groups/[id]/route.ts +++ b/apps/sim/app/api/permission-groups/[id]/route.ts @@ -24,6 +24,7 @@ const configSchema = z.object({ hideFilesTab: z.boolean().optional(), disableMcpTools: z.boolean().optional(), disableCustomTools: z.boolean().optional(), + disableSkills: z.boolean().optional(), hideTemplates: z.boolean().optional(), disableInvitations: z.boolean().optional(), hideDeployApi: z.boolean().optional(), diff --git a/apps/sim/app/api/permission-groups/route.ts b/apps/sim/app/api/permission-groups/route.ts index a72726c5a9..003c3131bf 100644 --- a/apps/sim/app/api/permission-groups/route.ts +++ b/apps/sim/app/api/permission-groups/route.ts @@ -25,6 +25,7 @@ const configSchema = z.object({ hideFilesTab: z.boolean().optional(), disableMcpTools: z.boolean().optional(), disableCustomTools: z.boolean().optional(), + disableSkills: z.boolean().optional(), hideTemplates: z.boolean().optional(), disableInvitations: z.boolean().optional(), hideDeployApi: z.boolean().optional(), diff --git a/apps/sim/app/api/skills/route.ts b/apps/sim/app/api/skills/route.ts new file mode 100644 index 0000000000..cf0b76c84d --- /dev/null +++ b/apps/sim/app/api/skills/route.ts @@ -0,0 +1,182 @@ +import { db } from '@sim/db' +import { skill } from '@sim/db/schema' +import { createLogger } from '@sim/logger' +import { and, desc, eq } from 'drizzle-orm' +import { type NextRequest, NextResponse } from 'next/server' +import { z } from 'zod' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' +import { generateRequestId } from '@/lib/core/utils/request' +import { upsertSkills } from '@/lib/workflows/skills/operations' +import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils' + +const logger = createLogger('SkillsAPI') + +const SkillSchema = z.object({ + skills: z.array( + z.object({ + id: z.string().optional(), + name: z + .string() + .min(1, 'Skill name is required') + .max(64) + .regex(/^[a-z0-9]+(-[a-z0-9]+)*$/, 'Name must be kebab-case (e.g. my-skill)'), + description: z.string().min(1, 'Description is required').max(1024), + content: z.string().min(1, 'Content is required').max(50000, 'Content is too large'), + }) + ), + workspaceId: z.string().optional(), +}) + +/** GET - Fetch all skills for a workspace */ +export async function GET(request: NextRequest) { + const requestId = generateRequestId() + const searchParams = request.nextUrl.searchParams + const workspaceId = searchParams.get('workspaceId') + + try { + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skills access attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission) { + logger.warn(`[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`) + return NextResponse.json({ error: 'Access denied' }, { status: 403 }) + } + + const result = await db + .select() + .from(skill) + .where(eq(skill.workspaceId, workspaceId)) + .orderBy(desc(skill.createdAt)) + + return NextResponse.json({ data: result }, { status: 200 }) + } catch (error) { + logger.error(`[${requestId}] Error fetching skills:`, error) + return NextResponse.json({ error: 'Failed to fetch skills' }, { status: 500 }) + } +} + +/** POST - Create or update skills */ +export async function POST(req: NextRequest) { + const requestId = generateRequestId() + + try { + const authResult = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skills update attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + const body = await req.json() + + try { + const { skills, workspaceId } = SkillSchema.parse(body) + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId in request body`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) { + logger.warn( + `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}` + ) + return NextResponse.json({ error: 'Write permission required' }, { status: 403 }) + } + + const resultSkills = await upsertSkills({ + skills, + workspaceId, + userId, + requestId, + }) + + return NextResponse.json({ success: true, data: resultSkills }) + } catch (validationError) { + if (validationError instanceof z.ZodError) { + logger.warn(`[${requestId}] Invalid skills data`, { + errors: validationError.errors, + }) + return NextResponse.json( + { error: 'Invalid request data', details: validationError.errors }, + { status: 400 } + ) + } + if (validationError instanceof Error && validationError.message.includes('already exists')) { + return NextResponse.json({ error: validationError.message }, { status: 409 }) + } + throw validationError + } + } catch (error) { + logger.error(`[${requestId}] Error updating skills`, error) + return NextResponse.json({ error: 'Failed to update skills' }, { status: 500 }) + } +} + +/** DELETE - Delete a skill by ID */ +export async function DELETE(request: NextRequest) { + const requestId = generateRequestId() + const searchParams = request.nextUrl.searchParams + const skillId = searchParams.get('id') + const workspaceId = searchParams.get('workspaceId') + + try { + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) + if (!authResult.success || !authResult.userId) { + logger.warn(`[${requestId}] Unauthorized skill deletion attempt`) + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) + } + + const userId = authResult.userId + + if (!skillId) { + logger.warn(`[${requestId}] Missing skill ID for deletion`) + return NextResponse.json({ error: 'Skill ID is required' }, { status: 400 }) + } + + if (!workspaceId) { + logger.warn(`[${requestId}] Missing workspaceId for deletion`) + return NextResponse.json({ error: 'workspaceId is required' }, { status: 400 }) + } + + const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId) + if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) { + logger.warn( + `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}` + ) + return NextResponse.json({ error: 'Write permission required' }, { status: 403 }) + } + + const existingSkill = await db.select().from(skill).where(eq(skill.id, skillId)).limit(1) + + if (existingSkill.length === 0) { + logger.warn(`[${requestId}] Skill not found: ${skillId}`) + return NextResponse.json({ error: 'Skill not found' }, { status: 404 }) + } + + if (existingSkill[0].workspaceId !== workspaceId) { + logger.warn(`[${requestId}] Skill ${skillId} does not belong to workspace ${workspaceId}`) + return NextResponse.json({ error: 'Skill not found' }, { status: 404 }) + } + + await db.delete(skill).where(and(eq(skill.id, skillId), eq(skill.workspaceId, workspaceId))) + + logger.info(`[${requestId}] Deleted skill: ${skillId}`) + return NextResponse.json({ success: true }) + } catch (error) { + logger.error(`[${requestId}] Error deleting skill:`, error) + return NextResponse.json({ error: 'Failed to delete skill' }, { status: 500 }) + } +} diff --git a/apps/sim/app/api/tools/a2a/cancel-task/route.ts b/apps/sim/app/api/tools/a2a/cancel-task/route.ts index 9298273cee..d36b63e6bb 100644 --- a/apps/sim/app/api/tools/a2a/cancel-task/route.ts +++ b/apps/sim/app/api/tools/a2a/cancel-task/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' const logger = createLogger('A2ACancelTaskAPI') @@ -20,7 +20,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A cancel task attempt`) diff --git a/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts b/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts index f222ef8830..e2ed939c59 100644 --- a/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/delete-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -20,7 +20,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn( diff --git a/apps/sim/app/api/tools/a2a/get-agent-card/route.ts b/apps/sim/app/api/tools/a2a/get-agent-card/route.ts index c26ed764b6..8562b651bd 100644 --- a/apps/sim/app/api/tools/a2a/get-agent-card/route.ts +++ b/apps/sim/app/api/tools/a2a/get-agent-card/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -18,7 +18,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A get agent card attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/get-push-notification/route.ts b/apps/sim/app/api/tools/a2a/get-push-notification/route.ts index 5feedf4de1..337e79a9d2 100644 --- a/apps/sim/app/api/tools/a2a/get-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/get-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -19,7 +19,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn( diff --git a/apps/sim/app/api/tools/a2a/get-task/route.ts b/apps/sim/app/api/tools/a2a/get-task/route.ts index 35aa5e278d..eda09dfd0c 100644 --- a/apps/sim/app/api/tools/a2a/get-task/route.ts +++ b/apps/sim/app/api/tools/a2a/get-task/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' export const dynamic = 'force-dynamic' @@ -21,7 +21,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A get task attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/resubscribe/route.ts b/apps/sim/app/api/tools/a2a/resubscribe/route.ts index 75c0d24aec..38ac95a3cb 100644 --- a/apps/sim/app/api/tools/a2a/resubscribe/route.ts +++ b/apps/sim/app/api/tools/a2a/resubscribe/route.ts @@ -10,7 +10,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { generateRequestId } from '@/lib/core/utils/request' const logger = createLogger('A2AResubscribeAPI') @@ -27,7 +27,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A resubscribe attempt`) diff --git a/apps/sim/app/api/tools/a2a/send-message/route.ts b/apps/sim/app/api/tools/a2a/send-message/route.ts index 4c98dc67a4..1cf7f966e0 100644 --- a/apps/sim/app/api/tools/a2a/send-message/route.ts +++ b/apps/sim/app/api/tools/a2a/send-message/route.ts @@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient, extractTextContent, isTerminalState } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server' import { generateRequestId } from '@/lib/core/utils/request' @@ -32,7 +32,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A send message attempt: ${authResult.error}`) diff --git a/apps/sim/app/api/tools/a2a/set-push-notification/route.ts b/apps/sim/app/api/tools/a2a/set-push-notification/route.ts index 132bb6be22..e12fbd6d96 100644 --- a/apps/sim/app/api/tools/a2a/set-push-notification/route.ts +++ b/apps/sim/app/api/tools/a2a/set-push-notification/route.ts @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { createA2AClient } from '@/lib/a2a/utils' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server' import { generateRequestId } from '@/lib/core/utils/request' @@ -22,7 +22,7 @@ export async function POST(request: NextRequest) { const requestId = generateRequestId() try { - const authResult = await checkHybridAuth(request, { requireWorkflowId: false }) + const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) if (!authResult.success) { logger.warn(`[${requestId}] Unauthorized A2A set push notification attempt`, { diff --git a/apps/sim/app/api/users/me/usage-logs/route.ts b/apps/sim/app/api/users/me/usage-logs/route.ts index 3c4f1229fe..038cf2ece3 100644 --- a/apps/sim/app/api/users/me/usage-logs/route.ts +++ b/apps/sim/app/api/users/me/usage-logs/route.ts @@ -1,7 +1,7 @@ import { createLogger } from '@sim/logger' import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' -import { checkHybridAuth } from '@/lib/auth/hybrid' +import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid' import { getUserUsageLogs, type UsageLogSource } from '@/lib/billing/core/usage-log' const logger = createLogger('UsageLogsAPI') @@ -20,7 +20,7 @@ const QuerySchema = z.object({ */ export async function GET(req: NextRequest) { try { - const auth = await checkHybridAuth(req, { requireWorkflowId: false }) + const auth = await checkSessionOrInternalAuth(req, { requireWorkflowId: false }) if (!auth.success || !auth.userId) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) diff --git a/apps/sim/app/api/workflows/[id]/execute/route.ts b/apps/sim/app/api/workflows/[id]/execute/route.ts index 7c4cdc9dbc..06984a3e22 100644 --- a/apps/sim/app/api/workflows/[id]/execute/route.ts +++ b/apps/sim/app/api/workflows/[id]/execute/route.ts @@ -325,6 +325,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: requestId ) + // Client-side sessions and personal API keys bill/permission-check the + // authenticated user, not the workspace billed account. + const useAuthenticatedUserAsActor = + isClientSession || (auth.authType === 'api_key' && auth.apiKeyType === 'personal') + const preprocessResult = await preprocessExecution({ workflowId, userId, @@ -334,6 +339,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: checkDeployment: !shouldUseDraftState, loggingSession, useDraftState: shouldUseDraftState, + useAuthenticatedUserAsActor, }) if (!preprocessResult.success) { diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx index 3dd05f8d83..5985a00c03 100644 --- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx +++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/file-download/file-download.tsx @@ -74,8 +74,7 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps) } if (isExecutionFile) { - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` window.open(serveUrl, '_blank') logger.info(`Opened execution file serve URL: ${serveUrl}`) } else { @@ -88,16 +87,12 @@ function FileCard({ file, isExecutionFile = false, workspaceId }: FileCardProps) logger.warn( `Could not construct viewer URL for file: ${file.name}, falling back to serve URL` ) - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` window.open(serveUrl, '_blank') } } } catch (error) { logger.error(`Failed to download file ${file.name}:`, error) - if (file.url) { - window.open(file.url, '_blank') - } } finally { setIsDownloading(false) } @@ -198,8 +193,7 @@ export function FileDownload({ } if (isExecutionFile) { - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=execution` window.open(serveUrl, '_blank') logger.info(`Opened execution file serve URL: ${serveUrl}`) } else { @@ -212,16 +206,12 @@ export function FileDownload({ logger.warn( `Could not construct viewer URL for file: ${file.name}, falling back to serve URL` ) - const serveUrl = - file.url || `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` + const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace` window.open(serveUrl, '_blank') } } } catch (error) { logger.error(`Failed to download file ${file.name}:`, error) - if (file.url) { - window.open(file.url, '_blank') - } } finally { setIsDownloading(false) } diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx index fe8b66356b..35f40657e0 100644 --- a/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/logs/components/logs-toolbar/components/notifications/components/workflow-selector/workflow-selector.tsx @@ -89,7 +89,7 @@ export function WorkflowSelector({ onMouseDown={(e) => handleRemove(e, w.id)} > {w.name} - + ))} {selectedWorkflows.length > 2 && ( diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx index 79087c7c48..378a9baed3 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx @@ -35,6 +35,7 @@ interface CredentialSelectorProps { disabled?: boolean isPreview?: boolean previewValue?: any | null + previewContextValues?: Record } export function CredentialSelector({ @@ -43,6 +44,7 @@ export function CredentialSelector({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: CredentialSelectorProps) { const [showOAuthModal, setShowOAuthModal] = useState(false) const [editingValue, setEditingValue] = useState('') @@ -67,7 +69,11 @@ export function CredentialSelector({ canUseCredentialSets ) - const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { disabled, isPreview }) + const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { + disabled, + isPreview, + previewContextValues, + }) const hasDependencies = dependsOn.length > 0 const effectiveDisabled = disabled || (hasDependencies && !depsSatisfied) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx index 012c78338f..f1e47ab710 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-selector/document-selector.tsx @@ -5,6 +5,7 @@ import { Tooltip } from '@/components/emcn' import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox' import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import type { SelectorContext } from '@/hooks/selectors/types' @@ -33,7 +34,9 @@ export function DocumentSelector({ previewContextValues, }) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const normalizedKnowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx index ffb5122db9..b21c6f9d42 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/document-tag-entry/document-tag-entry.tsx @@ -17,6 +17,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/ import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import type { SubBlockConfig } from '@/blocks/types' import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions' @@ -77,7 +78,9 @@ export function DocumentTagEntry({ }) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const knowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx index 6805e2ec4a..730f01b248 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-selector/file-selector-input.tsx @@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { isDependency } from '@/blocks/utils' @@ -62,42 +63,56 @@ export function FileSelectorInput({ const [domainValueFromStore] = useSubBlockValue(blockId, 'domain') - const connectedCredential = previewContextValues?.credential ?? blockValues.credential - const domainValue = previewContextValues?.domain ?? domainValueFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : blockValues.credential + const domainValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.domain) + : domainValueFromStore const teamIdValue = useMemo( () => - previewContextValues?.teamId ?? - resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.teamId) + : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const siteIdValue = useMemo( () => - previewContextValues?.siteId ?? - resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.siteId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.siteId) + : resolveDependencyValue('siteId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const collectionIdValue = useMemo( () => - previewContextValues?.collectionId ?? - resolveDependencyValue('collectionId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.collectionId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.collectionId) + : resolveDependencyValue( + 'collectionId', + blockValues, + canonicalIndex, + canonicalModeOverrides + ), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const projectIdValue = useMemo( () => - previewContextValues?.projectId ?? - resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.projectId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.projectId) + : resolveDependencyValue('projectId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const planIdValue = useMemo( () => - previewContextValues?.planId ?? - resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.planId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.planId) + : resolveDependencyValue('planId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const normalizedCredentialId = diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx index fa9a48bb4b..4be4a8da3f 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/folder-selector/components/folder-selector-input.tsx @@ -6,6 +6,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution' import { useCollaborativeWorkflow } from '@/hooks/use-collaborative-workflow' @@ -17,6 +18,7 @@ interface FolderSelectorInputProps { disabled?: boolean isPreview?: boolean previewValue?: any | null + previewContextValues?: Record } export function FolderSelectorInput({ @@ -25,9 +27,13 @@ export function FolderSelectorInput({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: FolderSelectorInputProps) { const [storeValue] = useSubBlockValue(blockId, subBlock.id) - const [connectedCredential] = useSubBlockValue(blockId, 'credential') + const [credentialFromStore] = useSubBlockValue(blockId, 'credential') + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : credentialFromStore const { collaborativeSetSubblockValue } = useCollaborativeWorkflow() const { activeWorkflowId } = useWorkflowRegistry() const [selectedFolderId, setSelectedFolderId] = useState('') @@ -47,7 +53,11 @@ export function FolderSelectorInput({ ) // Central dependsOn gating - const { finalDisabled } = useDependsOnGate(blockId, subBlock, { disabled, isPreview }) + const { finalDisabled } = useDependsOnGate(blockId, subBlock, { + disabled, + isPreview, + previewContextValues, + }) // Get the current value from the store or prop value if in preview mode useEffect(() => { diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts index 0cfc45369b..a66b4ac04d 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/index.ts @@ -24,6 +24,7 @@ export { ResponseFormat } from './response/response-format' export { ScheduleInfo } from './schedule-info/schedule-info' export { SheetSelectorInput } from './sheet-selector/sheet-selector-input' export { ShortInput } from './short-input/short-input' +export { SkillInput } from './skill-input/skill-input' export { SlackSelectorInput } from './slack-selector/slack-selector-input' export { SliderInput } from './slider-input/slider-input' export { InputFormat } from './starter/input-format' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx index 55c37277bd..69189c7629 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/input-mapping/input-mapping.tsx @@ -7,6 +7,7 @@ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/ import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import { useWorkflowState } from '@/hooks/queries/workflows' @@ -37,6 +38,8 @@ interface InputMappingProps { isPreview?: boolean previewValue?: Record disabled?: boolean + /** Sub-block values from the preview context for resolving sibling sub-block values */ + previewContextValues?: Record } /** @@ -50,9 +53,13 @@ export function InputMapping({ isPreview = false, previewValue, disabled = false, + previewContextValues, }: InputMappingProps) { const [mapping, setMapping] = useSubBlockValue(blockId, subBlockId) - const [selectedWorkflowId] = useSubBlockValue(blockId, 'workflowId') + const [storeWorkflowId] = useSubBlockValue(blockId, 'workflowId') + const selectedWorkflowId = previewContextValues + ? resolvePreviewContextValue(previewContextValues.workflowId) + : storeWorkflowId const inputController = useSubBlockInput({ blockId, diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx index 2198555fc9..d297252abc 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/knowledge-tag-filters/knowledge-tag-filters.tsx @@ -17,6 +17,7 @@ import { type FilterFieldType, getOperatorsForFieldType } from '@/lib/knowledge/ import { formatDisplayText } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/formatted-text' import { TagDropdown } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown' import { useSubBlockInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-input' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes' import type { SubBlockConfig } from '@/blocks/types' import { useKnowledgeBaseTagDefinitions } from '@/hooks/kb/use-knowledge-base-tag-definitions' @@ -69,7 +70,9 @@ export function KnowledgeTagFilters({ const overlayRefs = useRef>({}) const [knowledgeBaseIdFromStore] = useSubBlockValue(blockId, 'knowledgeBaseId') - const knowledgeBaseIdValue = previewContextValues?.knowledgeBaseId ?? knowledgeBaseIdFromStore + const knowledgeBaseIdValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.knowledgeBaseId) + : knowledgeBaseIdFromStore const knowledgeBaseId = typeof knowledgeBaseIdValue === 'string' && knowledgeBaseIdValue.trim().length > 0 ? knowledgeBaseIdValue diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx index 41527a5165..5271ecb33f 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-dynamic-args/mcp-dynamic-args.tsx @@ -6,6 +6,7 @@ import { cn } from '@/lib/core/utils/cn' import { LongInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input' import { ShortInput } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { useMcpTools } from '@/hooks/mcp/use-mcp-tools' import { formatParameterLabel } from '@/tools/params' @@ -18,6 +19,7 @@ interface McpDynamicArgsProps { disabled?: boolean isPreview?: boolean previewValue?: any + previewContextValues?: Record } /** @@ -47,12 +49,19 @@ export function McpDynamicArgs({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: McpDynamicArgsProps) { const params = useParams() const workspaceId = params.workspaceId as string const { mcpTools, isLoading } = useMcpTools(workspaceId) - const [selectedTool] = useSubBlockValue(blockId, 'tool') - const [cachedSchema] = useSubBlockValue(blockId, '_toolSchema') + const [toolFromStore] = useSubBlockValue(blockId, 'tool') + const selectedTool = previewContextValues + ? resolvePreviewContextValue(previewContextValues.tool) + : toolFromStore + const [schemaFromStore] = useSubBlockValue(blockId, '_toolSchema') + const cachedSchema = previewContextValues + ? resolvePreviewContextValue(previewContextValues._toolSchema) + : schemaFromStore const [toolArgs, setToolArgs] = useSubBlockValue(blockId, subBlockId) const selectedToolConfig = mcpTools.find((tool) => tool.id === selectedTool) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx index fa5fcd496c..ca4ff45b18 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/mcp-server-modal/mcp-tool-selector.tsx @@ -4,6 +4,7 @@ import { useEffect, useMemo, useState } from 'react' import { useParams } from 'next/navigation' import { Combobox } from '@/components/emcn/components' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import { useMcpTools } from '@/hooks/mcp/use-mcp-tools' @@ -13,6 +14,7 @@ interface McpToolSelectorProps { disabled?: boolean isPreview?: boolean previewValue?: string | null + previewContextValues?: Record } export function McpToolSelector({ @@ -21,6 +23,7 @@ export function McpToolSelector({ disabled = false, isPreview = false, previewValue, + previewContextValues, }: McpToolSelectorProps) { const params = useParams() const workspaceId = params.workspaceId as string @@ -31,7 +34,10 @@ export function McpToolSelector({ const [storeValue, setStoreValue] = useSubBlockValue(blockId, subBlock.id) const [, setSchemaCache] = useSubBlockValue(blockId, '_toolSchema') - const [serverValue] = useSubBlockValue(blockId, 'server') + const [serverFromStore] = useSubBlockValue(blockId, 'server') + const serverValue = previewContextValues + ? resolvePreviewContextValue(previewContextValues.server) + : serverFromStore const label = subBlock.placeholder || 'Select tool' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx index 9d5e353202..e5b7c5d930 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/project-selector/project-selector-input.tsx @@ -9,6 +9,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock } from '@/hooks/selectors/resolution' @@ -55,14 +56,19 @@ export function ProjectSelectorInput({ return (workflowValues as Record>)[blockId] || {} }) - const connectedCredential = previewContextValues?.credential ?? blockValues.credential - const jiraDomain = previewContextValues?.domain ?? jiraDomainFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : blockValues.credential + const jiraDomain = previewContextValues + ? resolvePreviewContextValue(previewContextValues.domain) + : jiraDomainFromStore const linearTeamId = useMemo( () => - previewContextValues?.teamId ?? - resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), - [previewContextValues?.teamId, blockValues, canonicalIndex, canonicalModeOverrides] + previewContextValues + ? resolvePreviewContextValue(previewContextValues.teamId) + : resolveDependencyValue('teamId', blockValues, canonicalIndex, canonicalModeOverrides), + [previewContextValues, blockValues, canonicalIndex, canonicalModeOverrides] ) const serviceId = subBlock.serviceId || '' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx index cd2a5adf5b..bfb9dbe4f6 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/sheet-selector/sheet-selector-input.tsx @@ -8,6 +8,7 @@ import { buildCanonicalIndex, resolveDependencyValue } from '@/lib/workflows/sub import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/selector-combobox/selector-combobox' import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import { getBlock } from '@/blocks/registry' import type { SubBlockConfig } from '@/blocks/types' import { resolveSelectorForSubBlock, type SelectorResolution } from '@/hooks/selectors/resolution' @@ -66,9 +67,12 @@ export function SheetSelectorInput({ [blockValues, canonicalIndex, canonicalModeOverrides] ) - const connectedCredential = previewContextValues?.credential ?? connectedCredentialFromStore + const connectedCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : connectedCredentialFromStore const spreadsheetId = previewContextValues - ? (previewContextValues.spreadsheetId ?? previewContextValues.manualSpreadsheetId) + ? (resolvePreviewContextValue(previewContextValues.spreadsheetId) ?? + resolvePreviewContextValue(previewContextValues.manualSpreadsheetId)) : spreadsheetIdFromStore const normalizedCredentialId = diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx new file mode 100644 index 0000000000..713cbf183c --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx @@ -0,0 +1,194 @@ +'use client' + +import { useCallback, useMemo, useState } from 'react' +import { Plus, XIcon } from 'lucide-react' +import { useParams } from 'next/navigation' +import { Combobox, type ComboboxOptionGroup } from '@/components/emcn' +import { AgentSkillsIcon } from '@/components/icons' +import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { SkillModal } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal' +import type { SkillDefinition } from '@/hooks/queries/skills' +import { useSkills } from '@/hooks/queries/skills' +import { usePermissionConfig } from '@/hooks/use-permission-config' + +interface StoredSkill { + skillId: string + name?: string +} + +interface SkillInputProps { + blockId: string + subBlockId: string + isPreview?: boolean + previewValue?: unknown + disabled?: boolean +} + +export function SkillInput({ + blockId, + subBlockId, + isPreview, + previewValue, + disabled, +}: SkillInputProps) { + const params = useParams() + const workspaceId = params.workspaceId as string + + const { config: permissionConfig } = usePermissionConfig() + const { data: workspaceSkills = [] } = useSkills(workspaceId) + const [value, setValue] = useSubBlockValue(blockId, subBlockId) + const [showCreateModal, setShowCreateModal] = useState(false) + const [editingSkill, setEditingSkill] = useState(null) + const [open, setOpen] = useState(false) + + const selectedSkills: StoredSkill[] = useMemo(() => { + if (isPreview && previewValue) { + return Array.isArray(previewValue) ? previewValue : [] + } + return Array.isArray(value) ? value : [] + }, [isPreview, previewValue, value]) + + const selectedIds = useMemo(() => new Set(selectedSkills.map((s) => s.skillId)), [selectedSkills]) + + const skillsDisabled = permissionConfig.disableSkills + + const skillGroups = useMemo((): ComboboxOptionGroup[] => { + const groups: ComboboxOptionGroup[] = [] + + if (!skillsDisabled) { + groups.push({ + items: [ + { + label: 'Create Skill', + value: 'action-create-skill', + icon: Plus, + onSelect: () => { + setShowCreateModal(true) + setOpen(false) + }, + disabled: isPreview, + }, + ], + }) + } + + const availableSkills = workspaceSkills.filter((s) => !selectedIds.has(s.id)) + if (!skillsDisabled && availableSkills.length > 0) { + groups.push({ + section: 'Skills', + items: availableSkills.map((s) => { + return { + label: s.name, + value: `skill-${s.id}`, + icon: AgentSkillsIcon, + onSelect: () => { + const newSkills: StoredSkill[] = [...selectedSkills, { skillId: s.id, name: s.name }] + setValue(newSkills) + setOpen(false) + }, + } + }), + }) + } + + return groups + }, [workspaceSkills, selectedIds, selectedSkills, setValue, isPreview, skillsDisabled]) + + const handleRemove = useCallback( + (skillId: string) => { + const newSkills = selectedSkills.filter((s) => s.skillId !== skillId) + setValue(newSkills) + }, + [selectedSkills, setValue] + ) + + const handleSkillSaved = useCallback(() => { + setShowCreateModal(false) + setEditingSkill(null) + }, []) + + const resolveSkillName = useCallback( + (stored: StoredSkill): string => { + const found = workspaceSkills.find((s) => s.id === stored.skillId) + return found?.name ?? stored.name ?? stored.skillId + }, + [workspaceSkills] + ) + + return ( + <> +
+ + + {selectedSkills.length > 0 && + selectedSkills.map((stored) => { + const fullSkill = workspaceSkills.find((s) => s.id === stored.skillId) + return ( +
+
{ + if (fullSkill && !disabled && !isPreview) { + setEditingSkill(fullSkill) + } + }} + > +
+
+ +
+ + {resolveSkillName(stored)} + +
+
+ {!disabled && !isPreview && ( + + )} +
+
+
+ ) + })} +
+ + { + if (!isOpen) { + setShowCreateModal(false) + setEditingSkill(null) + } + }} + onSave={handleSkillSaved} + initialValues={editingSkill ?? undefined} + /> + + ) +} diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx index 9a7e4ebfa2..b99c26bff2 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slack-selector/slack-selector-input.tsx @@ -8,6 +8,7 @@ import { SelectorCombobox } from '@/app/workspace/[workspaceId]/w/[workflowId]/c import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate' import { useForeignCredential } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-foreign-credential' import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value' +import { resolvePreviewContextValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils' import type { SubBlockConfig } from '@/blocks/types' import type { SelectorContext, SelectorKey } from '@/hooks/selectors/types' @@ -58,9 +59,15 @@ export function SlackSelectorInput({ const [botToken] = useSubBlockValue(blockId, 'botToken') const [connectedCredential] = useSubBlockValue(blockId, 'credential') - const effectiveAuthMethod = previewContextValues?.authMethod ?? authMethod - const effectiveBotToken = previewContextValues?.botToken ?? botToken - const effectiveCredential = previewContextValues?.credential ?? connectedCredential + const effectiveAuthMethod = previewContextValues + ? resolvePreviewContextValue(previewContextValues.authMethod) + : authMethod + const effectiveBotToken = previewContextValues + ? resolvePreviewContextValue(previewContextValues.botToken) + : botToken + const effectiveCredential = previewContextValues + ? resolvePreviewContextValue(previewContextValues.credential) + : connectedCredential const [_selectedValue, setSelectedValue] = useState(null) const serviceId = subBlock.serviceId || '' diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx index cd2f342a33..8f03f4b2e5 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx @@ -332,6 +332,7 @@ function FolderSelectorSyncWrapper({ dependsOn: uiComponent.dependsOn, }} disabled={disabled} + previewContextValues={previewContextValues} /> ) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx index cd1e9168e8..c8422f0e7c 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/sub-block.tsx @@ -32,6 +32,7 @@ import { ScheduleInfo, SheetSelectorInput, ShortInput, + SkillInput, SlackSelectorInput, SliderInput, Switch, @@ -687,6 +688,17 @@ function SubBlockComponent({ /> ) + case 'skill-input': + return ( + + ) + case 'checkbox-list': return ( ) @@ -820,6 +833,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -831,6 +845,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -853,6 +868,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -864,6 +880,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -875,6 +892,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -899,6 +917,7 @@ function SubBlockComponent({ isPreview={isPreview} previewValue={previewValue as any} disabled={isDisabled} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -934,6 +953,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -967,6 +987,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue as any} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) @@ -978,6 +999,7 @@ function SubBlockComponent({ disabled={isDisabled} isPreview={isPreview} previewValue={previewValue} + previewContextValues={isPreview ? subBlockValues : undefined} /> ) diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts new file mode 100644 index 0000000000..1812992214 --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/utils.ts @@ -0,0 +1,18 @@ +/** + * Extracts the raw value from a preview context entry. + * + * @remarks + * In the sub-block preview context, values are wrapped as `{ value: T }` objects + * (the full sub-block state). In the tool-input preview context, values are already + * raw. This function normalizes both cases to return the underlying value. + * + * @param raw - The preview context entry, which may be a raw value or a `{ value: T }` wrapper + * @returns The unwrapped value, or `null` if the input is nullish + */ +export function resolvePreviewContextValue(raw: unknown): unknown { + if (raw === null || raw === undefined) return null + if (typeof raw === 'object' && !Array.isArray(raw) && 'value' in raw) { + return (raw as Record).value ?? null + } + return raw +} diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts index 23137d26e8..50d3f416e4 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-editor-subblock-layout.ts @@ -6,6 +6,7 @@ import { isSubBlockVisibleForMode, } from '@/lib/workflows/subblocks/visibility' import type { BlockConfig, SubBlockConfig, SubBlockType } from '@/blocks/types' +import { usePermissionConfig } from '@/hooks/use-permission-config' import { useWorkflowDiffStore } from '@/stores/workflow-diff' import { mergeSubblockState } from '@/stores/workflows/utils' import { useWorkflowStore } from '@/stores/workflows/workflow/store' @@ -35,6 +36,7 @@ export function useEditorSubblockLayout( const blockDataFromStore = useWorkflowStore( useCallback((state) => state.blocks?.[blockId]?.data, [blockId]) ) + const { config: permissionConfig } = usePermissionConfig() return useMemo(() => { // Guard against missing config or block selection @@ -100,6 +102,9 @@ export function useEditorSubblockLayout( const visibleSubBlocks = (config.subBlocks || []).filter((block) => { if (block.hidden) return false + // Hide skill-input subblock when skills are disabled via permissions + if (block.type === 'skill-input' && permissionConfig.disableSkills) return false + // Check required feature if specified - declarative feature gating if (!isSubBlockFeatureEnabled(block)) return false @@ -149,5 +154,6 @@ export function useEditorSubblockLayout( activeWorkflowId, isSnapshotView, blockDataFromStore, + permissionConfig.disableSkills, ]) } diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx index 636fd559d1..c0f89e2b3e 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx @@ -40,6 +40,7 @@ import { useCustomTools } from '@/hooks/queries/custom-tools' import { useMcpServers, useMcpToolsQuery } from '@/hooks/queries/mcp' import { useCredentialName } from '@/hooks/queries/oauth-credentials' import { useReactivateSchedule, useScheduleInfo } from '@/hooks/queries/schedules' +import { useSkills } from '@/hooks/queries/skills' import { useDeployChildWorkflow } from '@/hooks/queries/workflows' import { useSelectorDisplayName } from '@/hooks/use-selector-display-name' import { useVariablesStore } from '@/stores/panel' @@ -618,6 +619,48 @@ const SubBlockRow = memo(function SubBlockRow({ return `${toolNames[0]}, ${toolNames[1]} +${toolNames.length - 2}` }, [subBlock?.type, rawValue, customTools, workspaceId]) + /** + * Hydrates skill references to display names. + * Resolves skill IDs to their current names from the skills query. + */ + const { data: workspaceSkills = [] } = useSkills(workspaceId || '') + + const skillsDisplayValue = useMemo(() => { + if (subBlock?.type !== 'skill-input' || !Array.isArray(rawValue) || rawValue.length === 0) { + return null + } + + interface StoredSkill { + skillId: string + name?: string + } + + const skillNames = rawValue + .map((skill: StoredSkill) => { + if (!skill || typeof skill !== 'object') return null + + // Priority 1: Resolve skill name from the skills query (fresh data) + if (skill.skillId) { + const foundSkill = workspaceSkills.find((s) => s.id === skill.skillId) + if (foundSkill?.name) return foundSkill.name + } + + // Priority 2: Fall back to stored name (for deleted skills) + if (skill.name && typeof skill.name === 'string') return skill.name + + // Priority 3: Use skillId as last resort + if (skill.skillId) return skill.skillId + + return null + }) + .filter((name): name is string => !!name) + + if (skillNames.length === 0) return null + if (skillNames.length === 1) return skillNames[0] + if (skillNames.length === 2) return `${skillNames[0]}, ${skillNames[1]}` + return `${skillNames[0]}, ${skillNames[1]} +${skillNames.length - 2}` + }, [subBlock?.type, rawValue, workspaceSkills]) + const isPasswordField = subBlock?.password === true const maskedValue = isPasswordField && value && value !== '-' ? '•••' : null @@ -627,6 +670,7 @@ const SubBlockRow = memo(function SubBlockRow({ dropdownLabel || variablesDisplayValue || toolsDisplayValue || + skillsDisplayValue || knowledgeBaseDisplayName || workflowSelectionName || mcpServerDisplayName || diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx index 90831de455..bfc86ec20d 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/preview-editor/preview-editor.tsx @@ -784,8 +784,12 @@ function PreviewEditorContent({ ? childWorkflowSnapshotState : childWorkflowState const resolvedIsLoadingChildWorkflow = isExecutionMode ? false : isLoadingChildWorkflow + const isBlockNotExecuted = isExecutionMode && !executionData const isMissingChildWorkflow = - Boolean(childWorkflowId) && !resolvedIsLoadingChildWorkflow && !resolvedChildWorkflowState + Boolean(childWorkflowId) && + !isBlockNotExecuted && + !resolvedIsLoadingChildWorkflow && + !resolvedChildWorkflowState /** Drills down into the child workflow or opens it in a new tab */ const handleExpandChildWorkflow = useCallback(() => { @@ -1192,7 +1196,7 @@ function PreviewEditorContent({
{/* Not Executed Banner - shown when in execution mode but block wasn't executed */} - {isExecutionMode && !executionData && ( + {isBlockNotExecuted && (
@@ -1419,9 +1423,11 @@ function PreviewEditorContent({ ) : (
- {isMissingChildWorkflow - ? DELETED_WORKFLOW_LABEL - : 'Unable to load preview'} + {isBlockNotExecuted + ? 'Not Executed' + : isMissingChildWorkflow + ? DELETED_WORKFLOW_LABEL + : 'Unable to load preview'}
)} diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts index db87eaf39d..744e1be4e1 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts +++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts @@ -9,6 +9,7 @@ export { Files as FileUploads } from './files/files' export { General } from './general/general' export { Integrations } from './integrations/integrations' export { MCP } from './mcp/mcp' +export { Skills } from './skills/skills' export { Subscription } from './subscription/subscription' export { TeamManagement } from './team-management/team-management' export { WorkflowMcpServers } from './workflow-mcp-servers/workflow-mcp-servers' diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx new file mode 100644 index 0000000000..99a473fd2b --- /dev/null +++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/skills/components/skill-modal.tsx @@ -0,0 +1,225 @@ +'use client' + +import type { ChangeEvent } from 'react' +import { useEffect, useMemo, useState } from 'react' +import { useParams } from 'next/navigation' +import { + Button, + Input, + Label, + Modal, + ModalBody, + ModalContent, + ModalFooter, + ModalHeader, + Textarea, +} from '@/components/emcn' +import type { SkillDefinition } from '@/hooks/queries/skills' +import { useCreateSkill, useUpdateSkill } from '@/hooks/queries/skills' + +interface SkillModalProps { + open: boolean + onOpenChange: (open: boolean) => void + onSave: () => void + onDelete?: (skillId: string) => void + initialValues?: SkillDefinition +} + +const KEBAB_CASE_REGEX = /^[a-z0-9]+(-[a-z0-9]+)*$/ + +interface FieldErrors { + name?: string + description?: string + content?: string + general?: string +} + +export function SkillModal({ + open, + onOpenChange, + onSave, + onDelete, + initialValues, +}: SkillModalProps) { + const params = useParams() + const workspaceId = params.workspaceId as string + + const createSkill = useCreateSkill() + const updateSkill = useUpdateSkill() + + const [name, setName] = useState('') + const [description, setDescription] = useState('') + const [content, setContent] = useState('') + const [errors, setErrors] = useState({}) + const [saving, setSaving] = useState(false) + + useEffect(() => { + if (open) { + if (initialValues) { + setName(initialValues.name) + setDescription(initialValues.description) + setContent(initialValues.content) + } else { + setName('') + setDescription('') + setContent('') + } + setErrors({}) + } + }, [open, initialValues]) + + const hasChanges = useMemo(() => { + if (!initialValues) return true + return ( + name !== initialValues.name || + description !== initialValues.description || + content !== initialValues.content + ) + }, [name, description, content, initialValues]) + + const handleSave = async () => { + const newErrors: FieldErrors = {} + + if (!name.trim()) { + newErrors.name = 'Name is required' + } else if (name.length > 64) { + newErrors.name = 'Name must be 64 characters or less' + } else if (!KEBAB_CASE_REGEX.test(name)) { + newErrors.name = 'Name must be kebab-case (e.g. my-skill)' + } + + if (!description.trim()) { + newErrors.description = 'Description is required' + } + + if (!content.trim()) { + newErrors.content = 'Content is required' + } + + if (Object.keys(newErrors).length > 0) { + setErrors(newErrors) + return + } + + setSaving(true) + + try { + if (initialValues) { + await updateSkill.mutateAsync({ + workspaceId, + skillId: initialValues.id, + updates: { name, description, content }, + }) + } else { + await createSkill.mutateAsync({ + workspaceId, + skill: { name, description, content }, + }) + } + onSave() + } catch (error) { + const message = + error instanceof Error && error.message.includes('already exists') + ? error.message + : 'Failed to save skill. Please try again.' + setErrors({ general: message }) + } finally { + setSaving(false) + } + } + + return ( + + + {initialValues ? 'Edit Skill' : 'Create Skill'} + +
+
+ + { + setName(e.target.value) + if (errors.name || errors.general) + setErrors((prev) => ({ ...prev, name: undefined, general: undefined })) + }} + /> + {errors.name ? ( +

{errors.name}

+ ) : ( + + Lowercase letters, numbers, and hyphens (e.g. my-skill) + + )} +
+ +
+ + { + setDescription(e.target.value) + if (errors.description || errors.general) + setErrors((prev) => ({ ...prev, description: undefined, general: undefined })) + }} + maxLength={1024} + /> + {errors.description && ( +

{errors.description}

+ )} +
+ +
+ +