v0.6.27: new triggers, mothership improvements, files archive, queueing improvements, posthog, secrets mutations #4006
Merged
waleedlatif1 merged 32 commits intomainfrom Apr 7, 2026
Merged
v0.6.27: new triggers, mothership improvements, files archive, queueing improvements, posthog, secrets mutations #4006waleedlatif1 merged 32 commits intomainfrom
waleedlatif1 merged 32 commits intomainfrom
Conversation
…stry (#3973) * refactor(webhooks): extract provider-specific logic into handler registry * fix(webhooks): address PR review feedback - Restore original fall-through behavior for generic requireAuth with no token - Replace `any` params with proper types in processor helper functions - Restore array-aware initializer in processTriggerFileOutputs * fix(webhooks): fix build error from union type indexing in processTriggerFileOutputs Cast array initializer to Record<string, unknown> to allow string indexing while preserving array runtime semantics for the return value. * fix(webhooks): return 401 when requireAuth is true but no token configured If a user explicitly sets requireAuth: true, they expect auth to be enforced. Returning 401 when no token is configured is the correct behavior — this is an intentional improvement over the original code which silently allowed unauthenticated access in this case. * refactor(webhooks): move signature validators into provider handler files Co-locate each validate*Signature function with its provider handler, eliminating the circular dependency where handlers imported back from utils.server.ts. validateJiraSignature is exported from jira.ts for shared use by confluence.ts. * refactor(webhooks): move challenge handlers into provider files Move handleWhatsAppVerification to providers/whatsapp.ts and handleSlackChallenge to providers/slack.ts. Update processor.ts imports to point to provider files. * refactor(webhooks): move fetchAndProcessAirtablePayloads into airtable handler Co-locate the ~400-line Airtable payload processing function with its provider handler. Remove AirtableChange interface from utils.server.ts. * refactor(webhooks): extract polling config functions into polling-config.ts Move configureGmailPolling, configureOutlookPolling, configureRssPolling, and configureImapPolling out of utils.server.ts into a dedicated module. Update imports in deploy.ts and webhooks/route.ts. * refactor(webhooks): decompose formatWebhookInput into per-provider formatInput methods Move all provider-specific input formatting from the monolithic formatWebhookInput switch statement into each provider's handler file. Delete formatWebhookInput and all its helper functions (fetchWithDNSPinning, formatTeamsGraphNotification, Slack file helpers, convertSquareBracketsToTwiML) from utils.server.ts. Create new handler files for gmail, outlook, rss, imap, and calendly providers. Update webhook-execution.ts to use handler.formatInput as the primary path with raw body passthrough as fallback. utils.server.ts reduced from ~1600 lines to ~370 lines containing only credential-sync functions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(webhooks): decompose provider-subscriptions into handler registry pattern Move all provider-specific subscription create/delete logic from the monolithic provider-subscriptions.ts into individual provider handler files via new createSubscription/deleteSubscription methods on WebhookProviderHandler. Replace the two massive if-else dispatch chains (11 branches each) with simple registry lookups via getProviderHandler(). provider-subscriptions.ts reduced from 2,337 lines to 128 lines (orchestration only). Also migrate polling configuration (gmail, outlook, rss, imap) into provider handlers via configurePolling() method, and challenge/verification handling (slack, whatsapp, teams) via handleChallenge() method. Delete polling-config.ts. Create new handler files for fathom and lemlist providers. Extract shared subscription utilities into subscription-utils.ts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): fix attio build error, restore imap field, remove demarcation comments - Cast `body` to `Record<string, unknown>` in attio formatInput to fix type error with extractor functions - Restore `rejectUnauthorized` field in imap configurePolling for parity - Remove `// ---` section demarcation comments from route.ts and airtable.ts - Update add-trigger skill to reflect handler-based architecture Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): remove unused imports from utils.server.ts after rebase Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): remove duplicate generic file processing from webhook-execution The generic provider's processInputFiles handler already handles file[] field processing via the handler.processInputFiles call. The hardcoded block from staging was incorrectly preserved during rebase, causing double processing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): validate auth token is set when requireAuth is enabled at deploy time Rejects deployment with a clear error message if a generic webhook trigger has requireAuth enabled but no authentication token configured, rather than letting requests fail with 401 at runtime. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): remove unintended rejectUnauthorized field from IMAP polling config The refactored IMAP handler added a rejectUnauthorized field that was not present in the original configureImapPolling function. This would default to true for all existing IMAP webhooks, potentially breaking connections to servers with self-signed certificates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(webhooks): replace crypto.randomUUID() with generateId() in ashby handler Per project coding standards, use generateId() from @/lib/core/utils/uuid instead of crypto.randomUUID() directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(webhooks): standardize logger names and remove any types from providers - Standardize logger names to WebhookProvider:X pattern across 6 providers (fathom, gmail, imap, lemlist, outlook, rss) - Replace all `any` types in airtable handler with proper types: - Add AirtableTableChanges interface for API response typing - Change function params from `any` to `Record<string, unknown>` - Change AirtableChange fields from Record<string, any> to Record<string, unknown> - Change all catch blocks from `error: any` to `error: unknown` - Change input object from `any` to `Record<string, unknown>` Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(webhooks): remove remaining any types from deploy.ts Replace 3 `catch (error: any)` with `catch (error: unknown)` and 1 `Record<string, any>` with `Record<string, unknown>`. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(triggers): add Salesforce webhook triggers * fix(triggers): address PR review — remove non-TSDoc comment, fix generic webhook instructions
…ers (#3983) * feat(triggers): add HubSpot merge, restore, and generic webhook triggers * fix(triggers): add mergedObjectIds to merge trigger output schemas * fix(triggers): derive correct OAuth scope per HubSpot object type in setup instructions * lint
* feat(integrations): add Sixtyfour AI integration Add Sixtyfour AI integration with 4 tools: find_phone, find_email, enrich_lead, enrich_company. Includes block with operation dropdown, API key auth, conditional fields per operation, brand icon, and generated docs. * fix(integrations): add error handling to sixtyfour tools Wrap JSON.parse calls in try/catch for enrich_lead and enrich_company. Add response.ok checks to all 4 tools' transformResponse. * fix(integrations): use typed Record for leadStruct to fix spread type error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs * airweave docslink * turbo update * more inp/outputs --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…3986) * feat(triggers): add Resend webhook triggers with auto-registration * fix(triggers): capture Resend signing secret and add Svix webhook verification * fix(triggers): add paramVisibility, event-type filtering for Resend triggers * fix(triggers): add Svix timestamp staleness check to prevent replay attacks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(triggers): use Number.parseInt and Number.isNaN for lint compliance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(triggers): add Gong webhook triggers for call events * fix(triggers): reorder Gong trigger spread and dropdown options * fix(triggers): resolve Biome lint errors in Gong trigger files * json
* feat(triggers): add Intercom webhook triggers * fix(triggers): address PR review feedback for Intercom triggers
* feat(triggers): add Greenhouse webhook triggers Add 8 webhook triggers for Greenhouse ATS events: - Candidate Hired, New Application, Stage Change, Rejected - Offer Created, Job Created, Job Updated - Generic Webhook (all events) Includes event filtering via provider handler registry and output schemas matching actual Greenhouse webhook payload structures. * fix(triggers): address PR review feedback for Greenhouse triggers - Fix rejection_reason.type key collision with mock payload generator by renaming to reason_type - Replace dynamic import with static import in matchEvent handler - Add HMAC-SHA256 signature verification via createHmacVerifier - Add secretKey extra field to all trigger subBlocks - Extract shared buildJobPayload helper to deduplicate job outputs * fix(triggers): align rejection_reason output with actual Greenhouse payload Reverted reason_type rename — instead flattened rejection_reason to JSON type since TriggerOutput's type?: string conflicts with nested type keys. Also hardened processOutputField to check typeof type === 'string' before treating an object as a leaf node, preventing this class of bug for future triggers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(triggers): add Notion webhook triggers for all event types Add 9 Notion webhook triggers covering the full event lifecycle: - Page events: created, properties updated, content updated, deleted - Database events: created, schema updated, deleted - Comment events: created - Generic webhook trigger (all events) Implements provider handler with HMAC SHA-256 signature verification, event filtering via matchEvent, and structured input formatting. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(triggers): resolve type field collision in Notion trigger outputs Rename nested `type` fields to `entity_type`/`parent_type` to avoid collision with processOutputField's leaf node detection which checks `'type' in field`. Remove spread of author outputs into `authors` array which was overwriting `type: 'array'`. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(triggers): clarify Notion webhook signing secret vs verification_token Update placeholder and description to distinguish the signing secret (used for HMAC-SHA256 signature verification) from the verification_token (one-time challenge echoed during initial setup). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(webhooks): use createHmacVerifier for Notion provider handler Replace inline verifyAuth boilerplate with createHmacVerifier utility, consistent with Linear, Ashby, Cal.com, Circleback, Confluence, and Fireflies providers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…ed environments (#3993)
…on (#3988) * feat(triggers): add Vercel webhook triggers with automatic registration * fix(triggers): add Vercel webhook signature verification and expand generic events * fix(triggers): validate Vercel webhook ID before storing to prevent orphaned webhooks * fix(triggers): add triggerId validation warning and JSON parse fallback for Vercel webhooks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(triggers): add paramVisibility user-only to Vercel apiKey subblock Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…d prompt submissions (#3994) * feat(landing): add PostHog tracking for CTA clicks, demo requests, and prompt submissions * lint * fix(landing): correct import ordering per project conventions * chore(landing): apply linter import sorting
* feat(triggers): add Zoom webhook triggers with challenge-response and signature verification Add 6 Zoom webhook triggers (meeting started/ended, participant joined/left, recording completed, generic webhook) with full Zoom protocol support including endpoint.url_validation challenge-response handling and x-zm-signature HMAC-SHA256 verification. * fix(triggers): use webhook.isActive instead of non-existent deletedAt column * fix(triggers): address PR review feedback for Zoom webhooks - Add 30s timestamp freshness check to prevent replay attacks - Return null from handleChallenge when no secret token found instead of responding with empty-key HMAC - Remove all `as any` casts from output builder functions * lint * fix(triggers): harden Zoom webhook security per PR review - verifyAuth now fails closed (401) when secretToken is missing - handleChallenge DB query filters by provider='zoom' to avoid cross-provider leaks - handleChallenge verifies x-zm-signature before responding to prevent HMAC oracle * fix(triggers): rename type to meeting_type to avoid TriggerOutput type collision * fix(triggers): make challenge signature verification mandatory, not optional * fix(triggers): fail closed on unknown trigger IDs and update Zoom landing page data - isZoomEventMatch now returns false for unrecognized trigger IDs - Update integrations.json with 6 Zoom triggers * fix(triggers): add missing id fields to Zoom trigger entries in integrations.json * fix(triggers): increase Zoom timestamp tolerance to 300s per Zoom docs
…ation (#3991) * feat(triggers): add Linear v2 triggers with automatic webhook registration * fix(triggers): preserve specific Linear API error messages in catch block * fix(triggers): check response.ok before JSON parsing, replace as any with as unknown * fix linear subscription params * fix build --------- Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
* fix(signup): show multiple signup errors at once * Fix reset password error formatting * Remove dead code * Fix unit tests --------- Co-authored-by: Theodore Li <theo@sim.ai>
…3995) * Fix hitl stream * fix hitl pause persistence * Fix /stream endpoint allowing api key usage * resume page cleanup * fix type * make resume sync * fix types * address bugbot comments --------- Co-authored-by: Siddharth Ganesan <siddharthganesan@gmail.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Theodore Li <teddy@zenobiapay.com>
… service account prompting (#3966) * Add credential prompting for google service accounts * Add service account credential block prompting for google service account * Revert requiredCredentials change * Fix lint --------- Co-authored-by: Theodore Li <theo@sim.ai>
* feat(posthog): Add posthog log for signup failed * Adjust event shape * Remove false signup failed events --------- Co-authored-by: Theodore Li <theo@sim.ai>
* fix(copilot): fix copilot running workflow stuck on 10mb error * Use correct try catch * Add const * Strip only logs on payload too large * Fix threshold --------- Co-authored-by: Theodore Li <theo@sim.ai>
…loy badge freshness (#4002)
* fix(secrets): secrets/integrations component code cleanup * address comments
* feat(home): add folders to resource menu * fix(home): add folder to API validation and dedup logic * fix(home): add folder context processing and generic title dedup * fix(home): add folder icon to mention chip overlay * fix(home): add folder to AgentContextType and context persistence * fix(home): add workspace scoping to folder resolver, fix folderId type and dedup * user message
* fix(subflows): make edges inside subflows directly clickable Edges inside subflows defaulted to z-index 0, causing the subflow body area (pointer-events: auto) to intercept clicks. Derive edge z-index from the container's depth so edges sit just above their parent container but below canvas blocks and child blocks. * Fix edge deletion in nested subflows * Fix bug with multi selecting nested subblock --------- Co-authored-by: Theodore Li <theo@sim.ai>
* fix(sockets): joining currently deleted workflow * address comments
* feat(folders): soft-delete folders and show in Recently Deleted Folders are now soft-deleted (archived) instead of permanently removed, matching the existing pattern for workflows, tables, and knowledge bases. Users can restore folders from Settings > Recently Deleted. - Add `archivedAt` column to `workflowFolder` schema with index - Change folder deletion to set `archivedAt` instead of hard-delete - Add folder restore endpoint (POST /api/folders/[id]/restore) - Batch-restore all workflows inside restored folders in one transaction - Add scope filter to GET /api/folders (active/archived) - Add Folders tab to Recently Deleted settings page - Update delete modal messaging for restorable items - Change "This action cannot be undone" styling to muted text Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(testing): add FOLDER_RESTORED to audit mock Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): atomic restore transaction and scope to folder-deleted workflows Address two review findings: - Wrap entire folder restore in a single DB transaction to prevent partial state if any step fails - Only restore workflows archived within 5s of the folder's archivedAt, so individually-deleted workflows are not silently un-deleted - Add folder_restored to PostHog event map Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(folders): simplify restore to remove hacky 5s time window The 5-second time window for scoping which workflows to restore was a fragile heuristic (magic number, race-prone, non-deterministic). Restoring a folder now restores all archived workflows in it, matching standard trash/recycle-bin behavior. Users can re-delete any workflow they don't want after restore. The single-transaction wrapping from the prior commit is kept — that was a legitimate atomicity fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(db): regenerate folder soft-delete migration with drizzle-kit Replace manually created migration with proper drizzle-kit generated one that includes the snapshot file, fixing CI schema sync check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(db): fix migration metadata formatting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): scope restore to folder-deleted workflows via shared timestamp Use a single timestamp across the entire folder deletion — folders, workflows, schedules, webhooks, etc. all get the exact same archivedAt. On restore, match workflows by exact archivedAt equality with the folder's timestamp, so individually-deleted workflows are not silently un-deleted. - Add optional archivedAt to ArchiveWorkflowOptions (backwards-compatible) - Pass shared timestamp through deleteFolderRecursively → archiveWorkflowsByIdsInWorkspace - Filter restore with eq(workflow.archivedAt, folderArchivedAt) instead of isNotNull Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(workflows): clear folderId on restore when folder is archived or missing When individually restoring a workflow from Recently Deleted, check if its folder still exists and is active. If the folder is archived or missing, clear folderId so the workflow appears at root instead of being orphaned (invisible in sidebar). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): format restoreFolderRecursively call to satisfy biome Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): close remaining restore edge cases Three issues caught by audit: 1. Child folder restore used isNotNull instead of timestamp matching, so individually-deleted child folders would be incorrectly restored. Now uses eq(archivedAt, folderArchivedAt) for both workflows AND child folders — consistent and deterministic. 2. No workspace archived check — could restore a folder into an archived workspace. Now checks getWorkspaceWithOwner, matching the existing restoreWorkflow pattern. 3. Re-restoring an already-restored folder returned an error. Now returns success with zero counts (idempotent). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): add archivedAt to optimistic folder creation objects Ensures optimistic folder objects include archivedAt: null for consistency with the database schema shape. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(folders): handle missing parent folder during restore reparenting If the parent folder row no longer exists (not just archived), the restored folder now correctly gets reparented to root instead of retaining a dangling parentId reference. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(triggers): apply webhook audit follow-ups Align the Greenhouse webhook matcher with provider conventions and clarify the Notion webhook secret setup text after the audit review. Made-with: Cursor * fix(webhooks): Salesforce provider handler, Zoom CRC and block wiring Add salesforce WebhookProviderHandler with required shared secret auth, matchEvent filtering, formatInput aligned to trigger outputs, and idempotency keys. Require webhook secret and document JSON-only Flow setup; enforce objectType when configured. Zoom: pass raw body into URL validation signature check, try all active webhooks on a path for secret match, add extractIdempotencyId, tighten event matching for specialized triggers. Wire Zoom triggers into the Zoom block. Extend handleChallenge with optional rawBody. Register Salesforce pending verification probes for pre-save URL checks. * fix(webhooks): harden Resend and Linear triggers (idempotency, auth, outputs) - Dedupe Resend deliveries via svix-id and Linear via Linear-Delivery in idempotency keys - Require Resend signing secret; validate createSubscription id and signing_secret - Single source for Resend event maps in triggers/utils; fail closed on unknown trigger IDs - Add raw event data to Resend trigger outputs and formatInput - Linear: remove body-based idempotency key; timestamp skew after HMAC verify; format url and actorType - Tighten isLinearEventMatch for unknown triggers; clarify generic webhook copy; fix header examples - Add focused tests for idempotency headers and Linear matchEvent * fix(webhooks): harden Vercel and Greenhouse trigger handlers Require Vercel signing secret and validate x-vercel-signature; add matchEvent with dynamic import, delivery idempotency, strict createSubscription trigger IDs, and formatInput aligned to string IDs. Greenhouse: dynamic import in matchEvent, strict unknown trigger IDs, Greenhouse-Event-ID idempotency header, body fallback keys, clearer optional secret copy. Update generic trigger wording and add tests. * fix(gong): JWT verification, trigger UX, alignment script - Optional RS256 verification when Gong JWT public key is configured (webhook_url + body_sha256 per Gong docs); URL secrecy when unset. - Document that Gong rules filter calls; payload has no event type; add eventType + callId outputs for discoverability. - Refactor Gong triggers to buildTriggerSubBlocks + shared JWT field; setup copy matches security model. - Add check-trigger-alignment.ts (Gong bundled; extend PROVIDER_CHECKS for others) and update add-trigger guidance paths. Made-with: Cursor * fix(notion): align webhook lifecycle and outputs Handle Notion verification requests safely, expose the documented webhook fields in the trigger contract, and update setup guidance so runtime data and user-facing configuration stay aligned. Made-with: Cursor * fix(webhooks): tighten remaining provider hardening Close the remaining pre-merge caveats by tightening Salesforce, Zoom, and Linear behavior, and follow through on the deferred provider and tooling cleanup for Vercel, Greenhouse, Gong, and Notion. Made-with: Cursor * refactor(webhooks): move subscription helpers out of providers Move provider subscription helpers alongside the subscription lifecycle module and add targeted TSDoc so the file placement matches the responsibility boundaries in the webhook architecture. Made-with: Cursor * fix(zoom): resolve env-backed secrets during validation Use the same env-aware secret resolution path for Zoom endpoint validation as regular delivery verification so URL validation works correctly when the secret token is stored via env references. Made-with: Cursor * fix build * consolidate tests * refactor(salesforce): share payload object type parsing Remove dead code in the Salesforce provider and move shared object-type extraction into a single helper so trigger matching and input shaping stay in sync. Made-with: Cursor * fix(webhooks): address remaining review follow-ups Loosen Linear's replay window to better tolerate delayed retries and make Notion event mismatches return false consistently with the rest of the hardened providers. Made-with: Cursor * test(webhooks): separate Zoom coverage and clean Notion output shape Move Zoom provider coverage into its own test file and strip undeclared Notion type fields from normalized output objects so the runtime shape better matches the trigger contract. Made-with: Cursor * feat(triggers): enrich Vercel and Greenhouse webhook output shapes Document and pass through Vercel links, regions, deployment.meta, and domain.delegated; add top-level Greenhouse applicationId, candidateId, and jobId aligned with webhook common attributes. Extend alignment checker for greenhouse, update provider docs, and add formatInput tests. Made-with: Cursor * feat(webhooks): enrich Resend trigger outputs; clarify Notion output docs - Resend: expose broadcast_id, template_id, tags, and data_created_at from payload data (per Resend webhook docs); keep alignment with formatInput. - Add resend entry to check-trigger-alignment and unit test for formatInput. - Notion: tighten output descriptions for authors, entity types, parent types, attempt_number, and accessible_by per Notion webhooks event reference. Made-with: Cursor * feat(webhooks): enrich Zoom and Gong trigger output schemas - Zoom: add formatInput passthrough, fix nested TriggerOutput shape (drop invalid `properties` wrappers), document host_email, join_url, agenda, status, meeting_type on recordings, participant duration, and alignment checker entry. - Gong: flatten topics/highlights from callData.content in formatInput, extend metaData and trigger outputs per API docs, tests and alignment keys updated. - Docs: add English webhook trigger sections for Zoom and Gong tools pages. * feat(triggers): enrich Salesforce and Linear webhook output schemas Salesforce: expose simEventType alongside eventType; pass OwnerId and SystemModstamp on record lifecycle inputs; add AccountId/OwnerId for Opportunity and AccountId/ContactId/OwnerId for Case. Align trigger output docs with Flow JSON payloads and formatInput. Linear: document actor email and profile url per official webhook payload; add Comment data.edited from Linear's sample payload. Tests: extend Salesforce formatInput coverage for new fields. * remove from mdx * chore(webhooks): expand trigger alignment coverage Extend the trigger alignment checker to cover additional webhook providers so output contracts are verified across more of the recently added trigger surface. Made-with: Cursor * updated skills * updated file naming semantics * rename file
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Refactors webhook setup to use provider handlers by routing polling/webhook configuration through Improves workflow pause/resume and streaming: centralizes pause persistence/queued-resume handling via Adds product/UX telemetry and validation fixes: adds PostHog tracking for landing CTAs/prompt submits/demo requests and signup failure reasons, updates reset-password to return all password validation errors (and UI to show multiple errors), and extends Copilot/Mothership resource schemas to support Reviewed by Cursor Bugbot for commit 64c6cd9. Configure here. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
* fix(home): simplify enter-to-send queued message to single press * fix(home): prevent empty submit fallthrough when sending with empty input
…on (#4009) * fix(secrets): restore unsaved-changes guard for settings tab navigation - Add useSettingsDirtyStore (stores/settings/dirty) to track dirty state across the settings sidebar and section components - Wire credentials-manager and integrations-manager to sync dirty state to the store and clean up on unmount; also reset store synchronously in handleDiscardAndNavigate - Update settings-sidebar to check dirty state before tab switches and Back navigation, showing an Unsaved Changes dialog if needed - Remove dead stores/settings/environment directory; move EnvironmentVariable type into lib/environment/api * fix(teams): harden Microsoft content URL validation - Add isMicrosoftContentUrl helper with typed allowlist covering SharePoint, OneDrive, and Teams CDN domains - Replace loose substring checks in Teams webhook handler with parsed-hostname matching to prevent bypass via partial domain names - Deduplicate OneDrive share-link detection into isOneDriveShareLink flag and use searchParams API instead of string splitting * fix(env): remove type re-exports from query file, drop keepPreviousData on static key * fix(teams): remove smba.trafficmanager.net from Microsoft content allowlist The subdomain check for smba.trafficmanager.net was unnecessary — Azure Traffic Manager does not support nested subdomains of existing profiles, but the pattern still raised a valid audit concern. Teams bot-framework attachment URLs from this host fall through to the generic fetchWithDNSPinning branch, which provides the same protection without the ambiguity. * fix(secrets): guard active-tab re-click, restore keepPreviousData on workspace env query * fix(teams): add 1drv.com apex to OneDrive share-link branch 1drv.com (apex) is a short-link domain functionally equivalent to 1drv.ms and requires share-token resolution, not direct fetch. CDN subdomains (files.1drv.com) are unaffected — the exact-match check leaves them on the direct-fetch path.
… v1 (#4010) * refactor(triggers): consolidate v2 Linear triggers into same files as v1 Move v2 trigger exports from separate _v2.ts files into their corresponding v1 files, matching the block v2 convention where LinearV2Block lives alongside LinearBlock in the same file. * updated * fix: restore staging registry entries accidentally removed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs * fix: restore integrations.json to staging version Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(generate-docs): extract all trigger configs from multi-export files The buildTriggerRegistry function used a single regex exec per file, which only captured the first TriggerConfig export. Files that export both v1 and v2 triggers (consolidated same-file convention) had their v2 triggers silently dropped from integrations.json. Split each file into segments per export and parse each independently. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: restore staging linear handler and utils with teamId support Restores the staging version of linear provider handler and trigger utils that were accidentally regressed. Key restorations: - teamId sub-block and allPublicTeams fallback in createSubscription - Timestamp skew validation in verifyAuth - actorType renaming in formatInput (avoids TriggerOutput collision) - url field in formatInput and all output builders - edited field in comment outputs - externalId validation after webhook creation - isLinearEventMatch returns false (not true) for unknown triggers Adds extractIdempotencyId to the linear provider handler for webhook deduplication support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: restore non-Linear files accidentally modified Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: remove redundant extractIdempotencyId from linear handler The idempotency service already uses the Linear-Delivery header (which Linear always sends) as the primary dedup key. The body-based fallback was unnecessary defensive code. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * idempotency * tets --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.