v0.5.100: multiple credentials, 40% speedup, gong, attio, audit log improvements#3326
Merged
waleedlatif1 merged 21 commits intomainfrom Feb 25, 2026
Merged
v0.5.100: multiple credentials, 40% speedup, gong, attio, audit log improvements#3326waleedlatif1 merged 21 commits intomainfrom
waleedlatif1 merged 21 commits intomainfrom
Conversation
* feat(mult-credentials): progress * checkpoint * make it autoselect personal secret when create secret is clicked * improve collaborative UX * remove add member ui for workspace secrets * bulk entry of .env * promote to workspace secret * more ux improvmeent * share with workspace for oauth * remove new badge * share button * copilot + oauth name comflict * reconnect option to connect diff account * remove credential no access marker * canonical credential id entry * remove migration to prep stagin migration * migration readded * backfill improvements * run lint * fix tests * remove unused code * autoselect provider when connecting from block * address bugbot comments * remove some dead code * more permissions stuff * remove more unused code * address bugbot * add filter * remove migration to prep migration * fix migration * fix migration issues * remove migration prep merge * readd migration * include user tables triggers * extract shared code * fix * fix tx issue * remove migration to prep merge * readd migration * fix agent tool input * agent with tool input deletion case * fix credential subblock saving * remove dead code * fix tests * address bugbot comments
* fix(dependent): credential dependent endpoints * fix tests * fix route to not block ws creds" * remove faulty auth checks: * prevent unintended cascade by depends on during migration * address bugbot comments
…to server side (#3310) * improvement(credentials): move client side automigration to server side * fix migration func * fix tests * address bugbot
… deadline (#3311) * fix(redis): tighten stale TCP connection detection and add fast lease deadline * revert(redis): restore original retryStrategy logging * fix(redis): clear deadline timer after Promise.race to prevent memory leak * fix(redis): downgrade lease fallback log to warn — unavailable is expected fallback
…blings (#3312) * fix(tag-dropdown): exclude downstream blocks in loops and parallel siblings from reference picker * chore(serializer): remove unused computeAccessibleBlockIds method * chore(block-path-calculator): remove unused calculateAccessibleBlocksForWorkflow method * chore(tag-dropdown): remove no-op loop node filter * fix(tag-dropdown): remove parallel container from accessible references in parallel branches * chore(tag-dropdown): remove no-op starter block filter * fix(tag-dropdown): restore parallel container in accessible references for blocks inside parallel * fix(copilot): exclude downstream loop nodes and parallel siblings from accessible references
… depth limit (#3313) * feat(execution): workflow cycle detection via X-Sim-Via header * fix(execution): scope X-Sim-Via header to internal routes and add child workflow depth validation - Move call chain header injection from HTTP tool layer (request.ts/utils.ts) to tool execution layer (tools/index.ts) gated on isInternalRoute, preventing internal workflow IDs from leaking to external third-party APIs - Remove cycle detection from validateCallChain — depth limit alone prevents infinite loops while allowing legitimate self-recursion (pagination, tree processing, batch splitting) - Add validateCallChain check in workflow-handler.ts before spawning child executor, closing the gap where in-process child workflows skipped validation - Remove unsafe `(params as any)._context` type bypass in request.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(execution): validate child call chain instead of parent chain Validate childCallChain (after appending current workflow ID) rather than ctx.callChain (parent). Prevents an off-by-one where a chain at depth 10 could still spawn an 11th workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(gong): add Gong integration with 18 API tools * fix(gong): make toDateTime optional for list_calls, add list_trackers to workspaceId condition * chore(gong): regenerate docs * fix(hex): update icon color and block bgColor
…e public API access (#3317) Add DISABLE_PUBLIC_API / NEXT_PUBLIC_DISABLE_PUBLIC_API environment variables and disablePublicApi permission group config option to allow self-hosted deployments and enterprise admins to globally disable the public API toggle. When disabled: the Access toggle is hidden in the Edit API Info modal, the execute route blocks unauthenticated public access (401), and the public-api PATCH route rejects enabling public API (403). Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…3319) * improvement(audit): enrich metadata across 23 audit log call sites * improvement(audit): enrich metadata across 23 audit log call sites
* feat(confluence): add webhook triggers for Confluence events Adds 16 Confluence triggers: page CRUD, comments, blogs, attachments, spaces, and labels — plus a generic webhook trigger. * feat(confluence): wire triggers into block and webhook processor Add trigger subBlocks and triggers config to ConfluenceV2Block so triggers appear in the UI. Add Confluence signature verification and event filtering to the webhook processor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): align trigger outputs with actual webhook payloads - Rewrite output builders to match real Confluence webhook payload structure (flat spaceKey, numeric version, actual API fields) - Remove fabricated fields (nested space/version objects, comment.body) - Add missing fields (creatorAccountId, lastModifierAccountId, self, creationDate, modificationDate, accountType) - Add extractor functions (extractPageData, extractCommentData, etc.) following the same pattern as Jira - Add formatWebhookInput handler for Confluence in utils.server.ts so payloads are properly destructured before reaching workflows - Make event field matching resilient (check both event and webhookEvent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): handle generic webhook in formatWebhookInput The generic webhook (confluence_webhook) was falling through to extractPageData, which only returns the page field. For a catch-all trigger that accepts all event types, preserve all entity fields (page, comment, blog, attachment, space, label, content). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(confluence): use payload-based filtering instead of nonexistent event field Confluence Cloud webhooks don't include an event/webhookEvent field in the body (unlike Jira). Replaced broken event string matching with structural payload filtering that checks which entity key is present. * lint * fix(confluence): read webhookSecret instead of secret in signature verification * fix(webhooks): read webhookSecret for jira, linear, and github signature verification These providers define their secret subBlock with id: 'webhookSecret' but the processor was reading providerConfig.secret which is always undefined, silently skipping signature verification even when a secret is configured. * fix(confluence): use event field for exact matching with entity-category fallback Admin REST API webhooks (Settings > Webhooks) include an event field for action-level filtering (page_created vs page_updated). Connect app webhooks omit it, so we fall back to entity-category matching. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Return an anonymous session using the same response envelope as Better Auth's get-session endpoint, and make the session provider tolerant to both wrapped and raw session payloads. Fixes #2524
…processing (#3320) * improvement(processing): reduce redundant DB queries in execution preprocessing * improvement(processing): add defensive ID check for prefetched workflow record * improvement(processing): fix type safety in execution error logging Replace `as any` cast in non-SSE error path with proper `buildTraceSpans()` transformation, matching the SSE error path. Remove redundant `as any` cast in preprocessing.ts where the types already align. * improvement(processing): replace `as any` casts with proper types in logging - logger.ts: cast JSONB cost column to `WorkflowExecutionLog['cost']` instead of `any` in both `completeWorkflowExecution` and `getWorkflowExecution` - logger.ts: replace `(orgUsageBefore as any)?.toString?.()` with `String()` since COALESCE guarantees a non-null SQL aggregate value - logging-session.ts: cast JSONB cost to `AccumulatedCost` (the local interface) instead of `any` in `loadExistingCost` * improvement(processing): use exported HighestPrioritySubscription type in usage.ts Replace inline `Awaited<ReturnType<typeof getHighestPrioritySubscription>>` with the already-exported `HighestPrioritySubscription` type alias. * improvement(processing): replace remaining `as any` casts with proper types - preprocessing.ts: use exported `HighestPrioritySubscription` type instead of redeclaring via `Awaited<ReturnType<...>>` - deploy/route.ts, status/route.ts: cast `hasWorkflowChanged` args to `WorkflowState` instead of `any` (JSONB + object literal narrowing) - state/route.ts: type block sanitization and save with `BlockState` and `WorkflowState` instead of `any` - search-suggestions.ts: remove 8 unnecessary `as any` casts on `'date'` literal that already satisfies the `Suggestion['category']` union * fix(processing): prevent double-billing race in LoggingSession completion When executeWorkflowCore throws, its catch block fire-and-forgets safeCompleteWithError, then re-throws. The caller's catch block also fire-and-forgets safeCompleteWithError on the same LoggingSession. Both check this.completed (still false) before either's async DB write resolves, so both proceed to completeWorkflowExecution which uses additive SQL for billing — doubling the charged cost on every failed execution. Fix: add a synchronous `completing` flag set immediately before the async work begins. This blocks concurrent callers at the guard check. On failure, the flag is reset so the safe* fallback path (completeWithCostOnlyLog) can still attempt recovery. * fix(processing): unblock error responses and isolate run-count failures Remove unnecessary `await waitForCompletion()` from non-SSE and SSE error paths where no `markAsFailed()` follows — these were blocking error responses on log persistence for no reason. Wrap `updateWorkflowRunCounts` in its own try/catch so a run-count DB failure cannot prevent session completion, billing, and trace span persistence. * improvement(processing): remove dead setupExecutor method The method body was just a debug log with an `any` parameter — logging now works entirely through trace spans with no executor integration. * remove logger.debug * fix(processing): guard completionPromise as write-once (singleton promise) Prevent concurrent safeComplete* calls from overwriting completionPromise with a no-op. The guard now lives at the assignment site — if a completion is already in-flight, return its promise instead of starting a new one. This ensures waitForCompletion() always awaits the real work. * improvement(processing): remove empty else/catch blocks left by debug log cleanup * fix(processing): enforce waitForCompletion inside markAsFailed to prevent completion races Move waitForCompletion() into markAsFailed() so every call site is automatically safe against in-flight fire-and-forget completions. Remove the now-redundant external waitForCompletion() calls in route.ts. * fix(processing): reset completing flag on fallback failure, clean up empty catch - completeWithCostOnlyLog now resets this.completing = false when the fallback itself fails, preventing a permanently stuck session - Use _disconnectError in MCP test-connection to signal intentional ignore * fix(processing): restore disconnect error logging in MCP test-connection Revert unrelated debug log removal — this file isn't part of the processing improvements and the log aids connection leak detection. * fix(processing): address audit findings across branch - preprocessing.ts: use undefined (not null) for failed subscription fetch so getUserUsageLimit does a fresh lookup instead of silently falling back to free-tier limits - deployed/route.ts: log warning on loadDeployedWorkflowState failure instead of silently swallowing the error - schedule-execution.ts: remove dead successLog parameter and all call-site arguments left over from logger.debug cleanup - mcp/middleware.ts: drop unused error binding in empty catch - audit/log.ts, wand.ts: promote logger.debug to logger.warn in catch blocks where these are the only failure signal * revert: undo unnecessary subscription null→undefined change getHighestPrioritySubscription never throws (it catches internally and returns null), so the catch block in preprocessExecution is dead code. The null vs undefined distinction doesn't matter and the coercions added unnecessary complexity. * improvement(processing): remove dead try/catch around getHighestPrioritySubscription getHighestPrioritySubscription catches internally and returns null on error, so the wrapping try/catch was unreachable dead code. * improvement(processing): remove dead getSnapshotByHash method No longer called after createSnapshotWithDeduplication was refactored to use a single upsert instead of select-then-insert. ---------
…riggers (#3324) * feat(attio): add Attio CRM integration with 40 tools and 18 webhook triggers * update docs * fix(attio): use timestamp generationType for date wandConfig fields
* improvement(credentials): ui * fix: credentials logic * improvement(credentials): ui * improvement(credentials): members UI * improvement(secrets): ui * fix(credentials): show error when OAuth deletion fails due to missing fields - Add deleteError state to track and display deletion errors - Keep confirmation dialog open when deletion fails - Show user-friendly error message when accountId or providerId is missing - Add loading state to delete button during deletion - Display error message in confirmation dialog with proper styling Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com> * ran lint * removed worktree file --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Emir Karabeg <emir-karabeg@users.noreply.github.com> Co-authored-by: Waleed Latif <walif6@gmail.com>
* fix(providers): propagate abort signal to all LLM SDK calls * fix(providers): propagate abort signal to deep research interactions API * fix(providers): clean up abort listener when sleep timer resolves
Contributor
|
Too many files changed for review. ( |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
.../components/sidebar/components/settings-modal/components/credentials/credentials-manager.tsx
Dismissed
Show dismissed
Hide dismissed
) * fix(attio): use code subblock type for JSON input fields * fix(attio): correct people name attribute format in wand prompt example * fix(attio): improve wand prompt with correct attribute formats for all field types * fix(attio): use array format with full_name for personal-name attribute in wand prompt * fix(attio): use loose null checks to prevent sending null params to API * fix(attio): add offset param and make pagination fields advanced mode * fix(attio): remove redundant (optional) from placeholders * fix(attio): always send required workspace_access and workspace_member_access in create list * fix(attio): always send api_slug in create list, auto-generate from name if not provided * fix(attio): update api slug placeholder text * fix(tools): manage lifecycle for attio tools * updated docs * fix(attio): remove incorrect save button reference from setup instructions * fix(attio): log debug message when signature verification is skipped
…r notif (#3328) * improvement(creds): bulk paste functionality, save notification, error notif * use effect anti patterns * fix add to cursor button * fix(attio): wrap webhook body in data object and include required filter field * fixed and tested attio webhook lifecycle
* fix(serializer): default canonical modes construction * defaults for copilot * address bugbot comments
* fix(api): add configurable request retries The API block docs described automatic retries, but the block didn't expose any retry controls and requests were executed only once. This adds tool-level retry support with exponential backoff (including Retry-After support) for timeouts, 429s, and 5xx responses, exposes retry settings in the API block and http_request tool, and updates the docs to match. Fixes #3225 * remove unnecessary helpers, cleanup * update desc * ack comments * ack comment * ack * handle timeouts --------- Co-authored-by: Jay Prajapati <79649559+jayy-77@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.