v0.6.37: audit logs page, isolated-vm worker rotation, permission groups ui#4114
Merged
waleedlatif1 merged 7 commits intomainfrom Apr 12, 2026
Merged
v0.6.37: audit logs page, isolated-vm worker rotation, permission groups ui#4114waleedlatif1 merged 7 commits intomainfrom
waleedlatif1 merged 7 commits intomainfrom
Conversation
…4108) * fix(execution): fix isolated-vm memory leak and add worker recycling * fix(execution): mirror retirement check in send-failure path and fix pool sizing * chore(execution): remove verbose comments from isolated-vm changes * fix(execution): apply retiring-worker exclusion to drainQueue pool size check * fix(execution): increment lifetimeExecutions on parent-side timeout
* chore(triggers): deprecate trigger-save subblock Remove the defunct triggerSave subblock from all 102 trigger definitions, the SubBlockType union, SYSTEM_SUBBLOCK_IDS, tool params, and command templates. Retain the backwards-compat filter in getTrigger() for any legacy stored data. * fix(triggers): remove leftover no-op blocks.push() in linear utils * chore(triggers): remove orphaned triggerId property and stale comments
…x tracking (#4109) * fix(trigger): auto-detect header row and rename lastKnownRowCount to lastIndexChecked - Replace hardcoded !1:1 header fetch with detectHeaderRow(), which scans the first 10 rows and returns the first non-empty row as headers. This fixes row: null / headers: [] when a sheet has blank rows or a title row above the actual column headers (e.g. headers in row 3). - Rename lastKnownRowCount → lastIndexChecked in GoogleSheetsWebhookConfig and all usage sites to clarify that the value is a row index pointer, not a total count. - Remove config parameter from processRows() since it was unused after the includeHeaders flag was removed. * fix(trigger): combine sheet state fetch, skip header/blank rows from data emission - Replace separate getDataRowCount() + detectHeaderRow() with a single fetchSheetState() call that returns rowCount, headers, and headerRowIndex from one A:Z fetch. Saves one Sheets API round-trip per poll cycle when new rows are detected. - Use headerRowIndex to compute adjustedStartRow, preventing the header row (and any blank rows above it) from being emitted as data events when lastIndexChecked was seeded from an empty sheet. - Handle the edge case where the entire batch falls within the header/blank window by advancing the pointer and returning early without fetching rows. - Skip empty rows (row.length === 0) in processRows rather than firing a workflow run with no meaningful data. * fix(trigger): preserve lastModifiedTime when remaining rows exist after header skip When all rows in a batch fall within the header/blank window (adjustedStartRow > endRow), the early return was unconditionally updating lastModifiedTime to the current value. If there were additional rows beyond the batch cap, the next Drive pre-check would see an unchanged modifiedTime and skip polling entirely, leaving those rows unprocessed. Mirror the hasRemainingOrFailed pattern from the normal processing path. * chore(trigger): remove verbose inline comments from google-sheets poller * fix(trigger): revert to full-width A:Z fetch for correct row count and consistent column scope * fix(trigger): don't count skipped empty rows as processed
…ean up comments (#4112) * fix(trigger): handle Drive rate limits, 410 page token expiry, and clean up comments * fix(trigger): treat Drive rate limits as success to preserve failure budget * fix(trigger): distinguish Drive 403 rate limits from permission errors, preserve knownFileIds on 410 re-seed
* feat(ee): add enterprise audit logs settings page with server-side search Add a new audit logs page under enterprise settings that displays all actions captured via recordAudit. Includes server-side search, resource type filtering, date range selection, and cursor-based pagination. - Add internal API route (app/api/audit-logs) with session auth - Extract shared query logic (buildFilterConditions, buildOrgScopeCondition, queryAuditLogs) into app/api/v1/audit-logs/query.ts - Refactor v1 and admin audit log routes to use shared query module - Add React Query hook with useInfiniteQuery and cursor pagination - Add audit logs UI with debounced search, combobox filters, expandable rows - Gate behind requiresHosted + requiresEnterprise navigation flags - Place all enterprise audit log code in ee/audit-logs/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(ee): fix build error and address PR review comments - Fix import path: @/lib/utils → @/lib/core/utils/cn - Guard against empty orgMemberIds array in buildOrgScopeCondition - Skip debounce effect on mount when search is already synced Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(ee): fix type error with unknown metadata in JSX expression Use ternary instead of && chain to prevent unknown type from being returned as ReactNode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ee): align skeleton filter width with actual component layout Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * feat(audit): add audit logging for passwords, credentials, and schedules - Add PASSWORD_RESET_REQUESTED audit on forget-password with user lookup - Add CREDENTIAL_CREATED/UPDATED/DELETED audit on credential CRUD routes with metadata (credentialType, providerId, updatedFields, envKey) - Add SCHEDULE_CREATED audit on schedule creation with cron/timezone metadata - Fix SCHEDULE_DELETED (was incorrectly using SCHEDULE_UPDATED for deletes) - Enhance existing schedule update/disable/reactivate audit with structured metadata (operation, updatedFields, sourceType, previousStatus) - Add CREDENTIAL resource type and Credential filter option to audit logs UI - Enhance password reset completed description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): align metadata with established recordAudit patterns - Add actorName/actorEmail to all new credential and schedule audit calls to match the established pattern (e.g., api-keys, byok-keys, knowledge) - Add resourceId and resourceName to forget-password audit call - Enhance forget-password description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(testing): sync audit mock with new AuditAction and AuditResourceType entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(audit-logs): derive resource type filter from AuditResourceType Instead of maintaining a separate hardcoded list, the filter dropdown now derives its options directly from the AuditResourceType const object. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(audit): enrich all recordAudit calls with structured metadata - Move resource type filter options to ee/audit-logs/constants.ts (derived from AuditResourceType, no separate list to maintain) - Remove export from internal cursor helpers in query.ts - Add 5 new AuditAction entries: BYOK_KEY_UPDATED, ENVIRONMENT_DELETED, INVITATION_RESENT, WORKSPACE_UPDATED, ORG_INVITATION_RESENT - Enrich ~80 recordAudit calls across the codebase with structured metadata (knowledge bases, connectors, documents, workspaces, members, invitations, workflows, deployments, templates, MCP servers, credential sets, organizations, permission groups, files, tables, notifications, copilot operations) - Sync audit mock with all new entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): remove redundant metadata fields duplicating top-level audit fields Remove metadata entries that duplicate resourceName, workspaceId, or other top-level recordAudit fields. Also remove noisy fileNames arrays from bulk document upload audits (kept fileCount). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): split audit types from server-only log module Extract AuditAction, AuditResourceType, and their types into lib/audit/types.ts (client-safe, no @sim/db dependency). The server-only recordAudit stays in log.ts and re-exports the types for backwards compatibility. constants.ts now imports from types.ts directly, breaking the postgres -> tls client bundle chain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): escape LIKE wildcards in audit log search query Escape %, _, and \ characters in the search parameter before embedding in the LIKE pattern to prevent unintended broad matches. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit): use actual deletedCount in bulk API key revoke description The description was using keys.length (requested count) instead of deletedCount (actual count), which could differ if some keys didn't exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(audit-logs): fix OAuth label displaying as "Oauth" in filter dropdown ACRONYMS set stored 'OAuth' but lookup used toUpperCase() producing 'OAUTH' which never matched. Now store all acronyms uppercase and use a display override map for special casing like OAuth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Refactors audit-log querying into shared helpers ( Broadly enriches Deprecates the legacy Improves isolated-vm execution stability by explicitly releasing Reviewed by Cursor Bugbot for commit 30c5e82. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 30c5e82. Configure here.
waleedlatif1
changed the title
… PostHog tracking (#4116) * improvement: seo, geo, signup, posthog * fix(landing): address PR review issues and convention violations - Fix auth modal race condition: show loading state instead of redirecting when provider status hasn't loaded yet - Fix auth modal HTTP error caching: reject non-200 responses so they aren't permanently cached - Replace <img> with next/image <Image> in auth modal - Use cn() instead of template literal class concatenation in hero, footer-cta - Remove commented-out dead code in footer, landing, sitemap - Remove unused arrow property from FooterItem interface - Convert relative imports to absolute in integrations/[slug]/page - Remove no-op sanitizedName variable in signup form - Remove unnecessary async from llms-full.txt route - Remove extraneous non-TSDoc comment in auth modal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(landing): apply linter formatting fixes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): second pass — fix remaining code quality issues - auth-modal: add @sim/logger, log social sign-in errors instead of swallowing silently - auth-modal: extract duplicated social button classes into SOCIAL_BTN constant - auth-modal: remove unused isProduction from ProviderStatus interface - auth-modal: memoize getBrandConfig() call - footer: remove stale arrow destructuring left after interface cleanup, use cn() throughout - footer-cta: replace inline styles on submit button with Tailwind classes via cn() - footer-cta: replace caretColor inline style with caret-white utility - templates: fix incorrect section value 'landing_preview' → 'templates' for PostHog tracking - events: add 'templates' to landing_cta_clicked section union - integrations: replace "canvas" with "workflow builder" per constitution rules - llms-full: replace "canvas" terminology with "visual builder"/"workflow builder" Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): point Mothership and Workflows footer links to docs root These docs pages don't exist yet — link to docs.sim.ai until they are published. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): complete rebrand in blog fallback description Remove "workflows" from the non-tagged blog meta description to align with the AI workspace rebrand across the rest of the PR. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): strip isProduction from provider response and handle late-resolve redirect - Destructure only githubAvailable/googleAvailable from getOAuthProviderStatus so isProduction is not leaked to unauthenticated callers. - Add useEffect to redirect away from the modal if provider status resolves after the modal is already open and no social providers are configured. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): align auth modal with login/signup page logic - Add SSO button when NEXT_PUBLIC_SSO_ENABLED is set - Gate "Continue with email" behind EMAIL_PASSWORD_SIGNUP_ENABLED - Expose registrationDisabled from /api/auth/providers and hide the "Sign up" toggle when registration is disabled - Simplify skip-modal logic: redirect to full page when no social providers or SSO are available (hasModalContent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): force login view when registration is disabled When a CTA passes defaultView='signup' but registration is disabled, the modal now opens in login mode instead of showing "Create free account" with social buttons that would fail on the backend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * lint * fix(landing): correct signup view when registrationDisabled loads late When the user opens the modal before providerStatus resolves and registrationDisabled comes back true, the view was stuck on 'signup'. Now the late-resolve useEffect also forces the view to 'login'. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): add click tracking to integration page CTAs Create IntegrationCtaButton client component that wraps AuthModal and fires trackLandingCta on click, matching the pattern used by every other landing section CTA. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(landing): prevent mobile auth modal from unmounting on open Remove setMobileMenuOpen(false) from mobile AuthModal button onClick handlers. Closing the mobile menu unmounts the AuthModal before it can open. The modal overlay or page redirect makes the menu irrelevant without needing to explicitly close it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Waleed Latif <walif6@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…s, audit logs ui, delete account (#4115) * feat(ee): enterprise feature flags, permission group platform controls, audit logs ui, delete account * fix(settings): improve sidebar skeleton fidelity and fix credit purchase org cache invalidation - Bump skeleton icon and text from 16/14px to 24px to better match real nav item visual weight - Add orgId support to usePurchaseCredits so org billing/subscription caches are invalidated on credit purchase, matching the pattern used by useUpgradeSubscription - Polish ColorInput in whitelabeling settings with auto-prefix and select-on-focus UX * revert(settings): remove delete account feature * fix(settings): address pr review — atomic autoAddNewMembers, extract query hook, fix types and signal forwarding * chore(helm): add CREDENTIAL_SETS_ENABLED to values.yaml * fix(access-control): dynamic platform category columns, atomic permission group delete * fix(access-control): restore triggers section in blocks tab * fix(access-control): merge triggers into tools section in blocks tab * upgrade tubro * fix(access-control): fix Select All state when config has stale blacklisted provider IDs * fix(access-control): derive platform Select All from features list; revert turbo schema version * fix(access-control): fix blocks Select All check, filter empty platform columns * revert(settings): restore original skeleton icon and text sizes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.