improvement(refactor): move to soft deletion of resources + reliability improvements

[icecrasher321]

Summary

• Move to soft deletions
• Auth Improvements
• KB consistency improvements
• A2A improvements

Type of Change

• Other: Refactor

Testing

Tested manually and added lifecycle tests

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 13, 2026 9:22am

[cursor]

PR Summary

High Risk
Touches multiple security- and data-sensitive API paths (authZ checks, workspace scoping, and hard-deletes for knowledge connectors/documents), so regressions could impact access control or data retention. Also changes A2A task ownership semantics and streaming parsing, which could break clients or task lifecycle handling.

Overview
Broadly shifts API behavior to treat archived/soft-deleted records as invisible by default: most list/get/create flows for a2aAgent, workflow, chat, form, workflowSchedule, MCP servers/tools, and knowledge connectors/documents now add archivedAt/deletedAt guards (and exclude inactive chats for OTP).

Tightens authorization boundaries: workspace-scoped API keys are validated against the target workspace in A2A serve, MCP serve/discover, and job status; Copilot endpoints centralize chat access via getAccessibleCopilotChat and add explicit workspace/workflow authorization for chat listing and retrieval.

Improves reliability and lifecycle handling: A2A tasks now store a per-caller fingerprint to prevent cross-caller task access, mark tasks as failed on invalid input, treat success: false as failure, and make streaming SSE parsing more robust (capture execution id/artifacts/canceled state). Knowledge connector deletion is changed from soft-delete to transactional hard-delete (documents + embeddings) with storage cleanup, and file deletion now also removes server-side file metadata.

^{Written by Cursor Bugbot for commit d782f7c. Configure here.}

[icecrasher321]

bugbot run

[icecrasher321]

bugbot run

[icecrasher321]

bugbot run

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}