Skip to content

Commit d13b230

Browse files
Merge remote-tracking branch 'origin/staging' into feat/appconfig-backed-feature-flag
# Conflicts: # apps/sim/app/(auth)/components/oauth-provider-checker.tsx # apps/sim/app/(auth)/signup/page.tsx # apps/sim/app/api/webhooks/agentmail/route.ts # apps/sim/ee/access-control/utils/permission-check.ts # apps/sim/lib/copilot/tools/handlers/function-execute.ts # apps/sim/lib/copilot/tools/server/files/touch-plan.test.ts # apps/sim/lib/copilot/tools/server/files/touch-plan.ts # apps/sim/lib/copilot/tools/server/router.ts # apps/sim/lib/core/config/feature-flags.ts # apps/sim/lib/core/security/input-validation.server.ts # apps/sim/lib/table/service.ts # apps/sim/lib/webhooks/processor.ts
2 parents d0e0660 + a09e393 commit d13b230

959 files changed

Lines changed: 92363 additions & 15011 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.agents/skills/add-block/SKILL.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,7 @@ import type { BlockConfig, BlockMeta } from '@/blocks/types'
640640

641641
export const {Service}BlockMeta = {
642642
tags: ['messaging', 'automation'], // Same tags as the block's tags field
643+
url: 'https://{service}.com', // Canonical homepage of the external service
643644
templates: [ // Optional but strongly encouraged
644645
{
645646
icon: {Service}Icon,
@@ -666,6 +667,7 @@ export const {Service}BlockMeta = {
666667

667668
- **Import `BlockMeta`** from `@/blocks/types` alongside `BlockConfig`
668669
- **`tags`** must match the `tags` array on the block config exactly
670+
- **`url`** is the canonical homepage of the external service the block integrates with (e.g. `'https://exa.ai'`, `'https://salesforce.com'`) — the catalog "link back to the tool". It is distinct from `BlockConfig.docsLink`, which points at Sim's own integration docs on `docs.sim.ai`. Use the service's real root domain over `https` (verify it actually resolves), no tracking params, no trailing slash. Omit `url` only for first-party/built-in blocks that have no external service (e.g. `agent`, `function`, `condition`, `api`, `response`)
669671
- **Templates are optional** but should be added for any integration that has a recognizable use case — aim for 2–4 templates per block
670672
- **Template `prompt`** should start with "Build a workflow that..." or "Create a workflow that..." and be concrete enough to generate a real workflow in Mothership
671673
- **Template `modules`** lists the Sim modules the template relies on: `'knowledge-base' | 'tables' | 'files' | 'workflows' | 'scheduled' | 'agent'`
@@ -906,6 +908,7 @@ All tool IDs referenced in `tools.access` and returned by `tools.config.tool` MU
906908
- [ ] Outputs match tool outputs
907909
- [ ] Block registered in `registry.ts` blocks object (alphabetically)
908910
- [ ] `{Service}BlockMeta` exported at bottom of block file with `tags` and `templates`
911+
- [ ] `url` set on `{Service}BlockMeta` to the external service's verified homepage (omit only for first-party blocks with no external service)
909912
- [ ] `skills` added to `{Service}BlockMeta`, each grounded in the block's `tools.access` and derived from a real online-sourced use case (not invented)
910913
- [ ] `BlockMeta` imported from `@/blocks/types` alongside `BlockConfig`
911914
- [ ] Block meta registered in `registry.ts` blocksMeta object (alphabetically)

.agents/skills/add-model/SKILL.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -143,12 +143,12 @@ If anything matches, run the affected provider tests and update assertions as ne
143143

144144
### New API behavior is NOT data-driven
145145

146-
The Consumption Matrix (Step 2) tells you which capability *flags* are honored by existing provider code. But if the new model needs **net-new** request handling that the provider doesn't implement yet — a new beta header (e.g. Anthropic's `anthropic-beta` structured-outputs header in `anthropic/index.ts`), a new thinking/reasoning encoding, a Responses-API quirk — you must edit `apps/sim/providers/<provider>/core.ts` / `index.ts`. Setting a flag whose behavior isn't implemented is a silent no-op.
146+
The Consumption Matrix (Step 2) tells you which capability *flags* are honored by existing provider code. But if the new model needs **net-new** request handling that the provider doesn't implement yet — a new beta header (e.g. Anthropic's `anthropic-beta` structured-outputs header in `anthropic/index.ts`), a new thinking/reasoning encoding, a Responses-API quirk — you must edit `apps/sim/providers/<provider>/core.ts` / `index.ts`. Setting a flag whose behavior isn't implemented is a silent no-op. When you do edit provider code, reuse the shared helpers rather than hand-rolling: streaming responses are assembled via `createStreamingExecution` (`@/providers/streaming-execution`) and tool schemas via `adaptOpenAIChatToolSchema` / `adaptAnthropicToolSchema` (`@/providers/tool-schema-adapter`).
147147

148148
### Wrong family entirely?
149149

150150
- **Embedding or rerank model** → it does NOT go in the `models[]` array. Use `EMBEDDING_MODEL_PRICING` / `RERANK_MODEL_PRICING` in `models.ts` instead.
151-
- **Brand-new provider** (not just a new model under an existing one) → much larger surface: add the id to `ProviderId` in `providers/types.ts`, a registry entry in `providers/registry.ts`, a provider implementation under `providers/<id>/`, an icon in `components/icons.tsx`, and the `PROVIDER_DEFINITIONS` block. That is beyond this skill — tell the user.
151+
- **Brand-new provider** (not just a new model under an existing one) → much larger surface: add the id to `ProviderId` in `providers/types.ts`, a registry entry in `providers/registry.ts`, a provider implementation under `providers/<id>/` (assemble streaming responses with `createStreamingExecution` and wrap tool schemas with the `@/providers/tool-schema-adapter` helpers), an icon in `components/icons.tsx`, and the `PROVIDER_DEFINITIONS` block. That is beyond this skill — tell the user.
152152

153153
## Step 5: Write, lint
154154

.agents/skills/db-migrate/SKILL.md

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
---
2+
name: db-migrate
3+
description: Author or review a Drizzle DB migration for zero-downtime safety — expand/contract phasing, backward-compatibility with the deployed app version, and writing the `-- migration-safe` acknowledgment the check:migrations lint requires. Use when adding/editing files under `packages/db/migrations/` or changing `packages/db/schema.ts`.
4+
---
5+
6+
# DB Migrate Skill
7+
8+
You make schema changes that survive a deploy without downtime. The `check:migrations` lint (`scripts/check-migrations-safety.ts`) is the deterministic gate; you are the judgment that decides whether a flagged change is actually safe and writes the annotation that satisfies it.
9+
10+
## The window (why this matters)
11+
12+
A deploy runs the migration, then rolls out the new app image via blue/green. The two are **not atomic and cannot be** — during cutover the old task set keeps serving against the **already-migrated** schema. So:
13+
14+
> Every migration must be backward-compatible with the app version that is *already deployed*.
15+
16+
If a migration drops a column the old code still reads, renames one, or adds a `NOT NULL` the old inserts don't populate, the old code throws until traffic fully shifts — the downtime we're guarding against. You can't fix this by reordering the pipeline; the only fix is discipline.
17+
18+
## Expand / contract
19+
20+
Split every breaking change across **two deploys**:
21+
22+
1. **Expand** (this PR): additive, backward-compatible schema + code that tolerates *both* the old and new shape.
23+
2. **Contract** (a later PR, after expand is fully deployed): remove the old thing, now that nothing reads it.
24+
25+
Never put expand and contract in the same PR. If this PR both removes the code that used a column *and* drops the column, the old code is still live during cutover — split it.
26+
27+
### Per-operation playbook
28+
29+
| You want to | Do (deploy 1 = expand) | Do (deploy 2 = contract) |
30+
|---|---|---|
31+
| Add a required column | `ADD COLUMN` nullable or `DEFAULT`; code writes it | backfill, then `SET NOT NULL` |
32+
| Rename a column/table | add the new name; code dual-writes / reads new-then-old | drop the old name |
33+
| Drop a column/table | stop all reads/writes in code; ship it | `DROP` (annotate) |
34+
| Change a column type | add a new column of the new type; dual-write | backfill, swap reads, drop old |
35+
| Add FK / CHECK | `ADD CONSTRAINT ... NOT VALID` | `VALIDATE CONSTRAINT` separately |
36+
| Index an existing table | `COMMIT;` breakpoint → `SET lock_timeout = 0``CREATE INDEX CONCURRENTLY IF NOT EXISTS` (see `packages/db/scripts/migrate.ts`) ||
37+
| Drop an index | `COMMIT;` breakpoint → `DROP INDEX CONCURRENTLY` — plain `DROP INDEX` takes ACCESS EXCLUSIVE on the table ||
38+
| Backfill data | batched + idempotent `UPDATE` (keyset/`WHERE`, bounded) ||
39+
40+
A `CREATE INDEX`, `ADD COLUMN`, or `ADD CONSTRAINT` against a table **created in the same migration** is always safe (no rows, no live traffic) — the lint already suppresses those.
41+
42+
## Tracking the contract (don't let it rot)
43+
44+
The contract half is deferred to a later deploy — and that is exactly when it gets forgotten, leaving dead columns, orphaned tables, and `NOT NULL`s that never land. Every deferred contract must become a durable, greppable TODO.
45+
46+
When an expand defers a drop, leave a **`contract-pending`** marker on the legacy column/table in `packages/db/schema.ts` — that is the file you will be editing when you finally do the drop, so the reminder lives where the work happens:
47+
48+
```ts
49+
// contract-pending(after #5035 is fully deployed): drop once permission-check.ts stops reading it
50+
workspaceId: text('workspace_id'),
51+
```
52+
53+
Format: `contract-pending(<precondition>): <what to drop> — <why it's safe once the precondition holds>`. The precondition names the PR/release that removes the last reader and **must be fully deployed** before the contract ships.
54+
55+
- **The TODO list is a grep** — always accurate, never drifts: `grep -rn "contract-pending" packages/db apps/sim`. Run it when starting migration work to see what is owed.
56+
- For anything with a real owner or schedule, also open a tracking issue and put its number in the marker.
57+
- **Close the loop in the contract PR:** the contract migration's `-- migration-safe:` annotation references the expand, and you **delete the `contract-pending` marker** in the same PR:
58+
```sql
59+
-- migration-safe: contract of #5035 — workspace_id readers removed there, deployed 2026-06-10
60+
ALTER TABLE "permission_group" DROP COLUMN "workspace_id";
61+
```
62+
- An expand merged **without** a marker for the drop it defers, or a contract merged **without** removing its marker, is a bug — flag it in review.
63+
64+
## The judgment the lint can't do
65+
66+
The lint flags risky *shapes*; it cannot know whether a given drop is *safe right now*. For each flagged statement, do the work it can't:
67+
68+
1. **Is the dependency gone?** Grep the app for the table/column: search `apps/sim` and `packages` for the column name, the Drizzle field (camelCase), and the table object. If any live read/write remains, it is **not** safe — fix the code first.
69+
2. **Did the expand already ship?** The removal of that read/write must be in a deploy that is *already out*, not this same PR. If it's in this PR, split: land the code change now, do the destructive migration in a follow-up after it deploys.
70+
3. **Backfills:** confirm the `UPDATE`/`DELETE` is batched (bounded `WHERE`/keyset, not a single whole-table statement), idempotent (safe to replay — a failed migration re-runs unjournaled files from the top), and safe under concurrent writes from the still-live old app.
71+
72+
## Workflow
73+
74+
1. Edit `packages/db/schema.ts`, then `cd packages/db && bunx drizzle-kit generate` to produce the SQL. If this is an expand that defers a drop, leave a `contract-pending` marker on the legacy column (see "Tracking the contract"). If this is the contract, delete the marker it resolves.
75+
2. Hand-edit the generated SQL where the playbook requires it: `CONCURRENTLY` + `COMMIT;` breakpoint for indexes on existing tables, `NOT VALID` for constraints, batching for backfills.
76+
3. Run `bun run check:migrations` (base defaults to `origin/staging`).
77+
- **Hard errors** (`add-not-null-no-default`, `rename`, `index-not-concurrent`, `constraint-not-valid`, …): rewrite into expand/contract. Do **not** try to annotate them away — the lint won't accept it.
78+
- **Annotate tier** (`drop-table`, `drop-column`, `drop-default`, `set-not-null`, `alter-type`, `drop-index`): only after you've confirmed steps 1–3 above, add a comment on the line directly above the statement:
79+
```sql
80+
-- migration-safe: `secret` read removed in v0.6.1 (#1234), shipped two deploys ago
81+
ALTER TABLE "webhook" DROP COLUMN "secret";
82+
```
83+
The reason must be specific and name the PR/version that removed the dependency. An empty reason fails the lint.
84+
- **Warnings** (`data-backfill`): non-blocking, but confirm the batching/idempotency before merging.
85+
4. Verify locally: `cd packages/db && bun run db:migrate` against a dev DB.
86+
87+
## Hard rule
88+
89+
Never annotate a destructive statement just to make the lint pass. The annotation is a claim that you verified the old code no longer depends on it. If you can't make that claim truthfully, the change belongs in a later deploy — tell the user to split it.

.agents/skills/ship/SKILL.md

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
name: ship
3-
description: Commit, push, and open a PR to staging in one shot
3+
description: Commit, push, and open a PR to staging in one shot — runs the cleanup pass and, when migrations changed, the db-migrate safety review first
44
---
55

66
# Ship Command
@@ -16,12 +16,17 @@ When the user runs `/ship`:
1616
- Types: `fix`, `feat`, `improvement`, `chore`
1717
- Scope: short identifier (e.g., `undo-redo`, `api`, `ui`)
1818
- Keep it concise
19-
3. **Run pre-ship checks** from the repo root before staging:
19+
3. **Run the cleanup pass** — only if the diff modifies UI code (any `.tsx` file, or anything under `apps/sim/components/`, `apps/sim/hooks/`, or `apps/sim/stores/`): `/cleanup`
20+
- The six code-quality skills (effects, memo, callbacks, state, React Query, emcn) only apply to React code, so skip this step entirely when no UI was touched. When it runs, it applies fixes so they land in this commit.
21+
4. **Run migration safety** — only if the diff touches `packages/db/migrations/**` or `packages/db/schema.ts`:
22+
- Run `/db-migrate` to review the migration for zero-downtime safety (expand/contract phasing, backward-compatibility with the deployed app version).
23+
- `bun run check:migrations origin/staging` must pass (staging is the PR base). Do not silence a flagged statement with a `-- migration-safe:` annotation unless `/db-migrate` confirmed the old code no longer depends on it; otherwise split the destructive change into a later deploy.
24+
5. **Run pre-ship checks** from the repo root before staging:
2025
- `bun run lint` to fix formatting issues
2126
- `bun run check:api-validation:strict` to catch boundary contract failures before CI
22-
4. **Stage and commit** the changes with the generated message
23-
5. **Push to origin** using the current branch name
24-
6. **Create a PR** to staging with a description in the user's voice
27+
6. **Stage and commit** the changes with the generated message
28+
7. **Push to origin** using the current branch name
29+
8. **Create a PR** to staging with a description in the user's voice
2530

2631
## Commit Message Format
2732

@@ -77,7 +82,7 @@ gh pr create --base staging --title "COMMIT_MESSAGE" --body "PR_BODY"
7782

7883
- Short, direct bullet points
7984
- No unnecessary explanation
80-
- "Tested manually" is acceptable for testing section; include lint and boundary validation results when run
85+
- "Tested manually" is acceptable for testing section; include lint, boundary validation, and (when migrations changed) `check:migrations` results when run
8186
- Checkboxes filled in appropriately
8287
- No screenshots section unless UI changes
8388

.claude/commands/add-block.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -794,6 +794,7 @@ import type { BlockMeta } from '@/blocks/types'
794794

795795
export const {Service}BlockMeta = {
796796
tags: ['tag1', 'tag2'], // IntegrationTag[]
797+
url: 'https://{service}.com', // external service homepage (verify it resolves) — NOT docs.sim.ai
797798
templates: [
798799
{
799800
icon: {Service}Icon,
@@ -845,6 +846,7 @@ Derive templates from the service's real use cases. Each prompt should name a co
845846
- [ ] Optional/rarely-used fields set to `mode: 'advanced'`
846847
- [ ] Timestamps and complex inputs have `wandConfig` enabled
847848
- [ ] Exported `{Service}BlockMeta` with at least 7 templates
849+
- [ ] `url` set on `{Service}BlockMeta` to the external service's verified homepage (omit only for first-party blocks with no external service)
848850
- [ ] `skills` added to `{Service}BlockMeta`, each grounded in `tools.access` and sourced from a real online use case (not invented)
849851

850852
## Final Validation (Required)

.claude/rules/constitution.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@ Sim is the **AI workspace** where teams build and run AI agents. Not a workflow
2323
| The product | "AI workspace" | "workflow tool", "automation platform", "agent framework" |
2424
| Building | "build agents", "create agents" | "create workflows" (unless describing the workflow module specifically) |
2525
| Visual builder | "workflow builder" or "visual builder" | "canvas", "graph editor" |
26-
| Mothership | "Mothership" (capitalized) | "chat", "AI assistant", "copilot" |
26+
| The agent | "Sim" — you talk to Sim | "Mothership", "copilot", "AI assistant" |
27+
| The chat surface | "Chat" (capitalized, the module) | "Mothership", "copilot" |
2728
| Deployment | "deploy", "ship" | "publish", "activate" |
2829
| Audience | "teams", "builders" | "users", "customers" (in marketing copy) |
2930
| What agents do | "automate real work" | "automate tasks", "automate workflows" |
@@ -50,7 +51,7 @@ When describing Sim, always lead with the most differentiated claim:
5051

5152
| Module | One-liner |
5253
|--------|-----------|
53-
| **Mothership** | Your AI command center. Build and manage everything in natural language. |
54+
| **Chat** | Your AI command center. Talk to Sim — build and manage everything in natural language. |
5455
| **Workflows** | The visual builder. Connect blocks, models, and integrations into agent logic. |
5556
| **Knowledge Base** | Your agents' memory. Upload docs, sync sources, build vector databases. |
5657
| **Tables** | A database, built in. Store, query, and wire structured data into agent runs. |
@@ -65,7 +66,8 @@ When describing Sim, always lead with the most differentiated claim:
6566
- Never promise unshipped features
6667
- Never use jargon ("RAG", "vector database", "MCP") without plain-English explanation on public pages
6768
- Avoid "agentic workforce" as a primary term — use "AI agents"
69+
- Never say "Mothership" or "copilot" — the agent is "Sim", the surface is "Chat" (in run logs the trigger reads "Sim agent")
6870

6971
## Vision
7072

71-
Sim becomes the default environment where teams build AI agents — not a tool you visit for one task, but a workspace you live in. Workflows are one module; Mothership is another. The workspace is the constant; the interface adapts.
73+
Sim becomes the default environment where teams build AI agents — not a tool you visit for one task, but a workspace you live in. Workflows are one module; Chat is another. The workspace is the constant; the interface adapts.

0 commit comments

Comments
 (0)