Skip to content

v0.7.36: mothership secrets resolution, SEO, service accounts for various providers, library updates, platform and solutions pages#5686

Merged
waleedlatif1 merged 9 commits into
mainfrom
staging
Jul 15, 2026
Merged

v0.7.36: mothership secrets resolution, SEO, service accounts for various providers, library updates, platform and solutions pages#5686
waleedlatif1 merged 9 commits into
mainfrom
staging

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

waleedlatif1 and others added 9 commits July 14, 2026 15:51
…rce links (#5669)

* improvement(chat): show resource-type icons on inline workspace resource links

* fix(chat): derive wsres click title from markdown label, not DOM textContent

* fix(chat): keep dashed-underline affordance for unmapped wsres link types

* fix(chat): parse wsres links once, derive file icons from the VFS path
…#5678)

* feat(billing): allow programmatic workflow execution on the free plan

Remove the free-plan paywall on programmatic execution (API-key/public
execute, MCP serve, generic webhooks, cross-origin chat embeds) added in
#5036. The gate shipped dark behind FREE_API_DEPLOYMENT_GATE_ENABLED to
curb bot abuse; with that abuse handled upstream, free workspaces can use
the API again (still subject to the free-tier rate limits).

- Delete isWorkspaceApiExecutionEntitled / api-access.ts and the
  FREE_API_DEPLOYMENT_GATE_ENABLED env flag
- Ungate the execute, mcp/serve, and webhooks/trigger routes and the chat
  embed check (assertChatEmbedAllowed removed)
- Remove the deploy-modal upgrade wall (DeployUpgradeGate) and the now
  unused useWorkspaceOwnerBilling client hook; the owner-billing endpoint
  stays as reusable billing infrastructure
- Restore pre-gate upgrade-page copy (Pro feature line, free API endpoint
  rate-limit column)

* chore(billing): drop orphaned owner-billing endpoint and dead chat logger

Self-review follow-ups: the /api/workspaces/[id]/owner-billing route +
contract existed solely for the deploy-modal gate's client hook (deleted
here); host-context serves the same ownerBilling data server-side, so the
standalone endpoint is dead HTTP surface. workspaceOwnerBillingSchema and
the WorkspaceOwnerBilling type stay (embedded in workspaceHostContextSchema).
Also removes the now-unused ChatAuthUtils logger.

* style: biome formatting after gate removal
…pilot tool executions (#5679)

* fix(tools): resolve {{ENV_VAR}} references in user-only params for copilot tool executions

Chat-invoked integration tools with API-key auth have been broken since the
mothership tool-dispatch rewrite (#4090) removed the orchestrator's env
reference resolution. Agents pass {{VAR}} references (the VFS exposes env var
names only), and the literal placeholder was sent to the provider, producing
auth failures like Sentry's 401 Invalid token.

Resolution is deliberately narrower than the removed deep resolver: only
whole-value references on params declared visibility user-only, gated to
copilot executions, resolving against the same personal+workspace env merge
workflow runs use. LLM-writable params (urls, headers, bodies) never resolve,
so references cannot be used to extract secrets. Missing variables fail fast
with an actionable error instead of a provider-side 401.

* refactor(tools): delegate copilot env reference resolution to the shared executor resolver

Replaces the hand-rolled exact-match regex with resolveEnvVarReferences
(allowEmbedded: false), the same resolver used by workflow runs, MCP config,
and webhooks — one set of reference semantics instead of two that can drift.
Behavior is identical; all existing tests pass unchanged.

* fix(tools): fail fast on env references without user context, clarify personal-only scope errors

Addresses review: a copilot execution missing userId now errors explicitly
instead of forwarding the literal placeholder upstream, and a missing-variable
error without a workspace context explains that only personal variables are
in scope there (matching workflow-run resolution semantics).
…and workflows pages (#5672)

* feat(landing): extend enterprise product-preview design to solutions and workflows pages

Parametrize enterprise feature graphics with content props and retell each
solutions page's feature blocs for its domain (engineering, it, compliance,
finance, hr) plus the workflows platform page. Add five new graphics in the
same visual vocabulary, animated platform-UI heroes with domain-specific
loops on all six pages, hero category tags, container-query proportional
tile scaling with wide/2x2 layout options, and a shared pre-footer CTA band.
Enterprise page renders identically.

Co-authored-by: Cursor <cursoragent@cursor.com>

* feat(landing): surface Platform and Solutions menus in top nav

Renders PLATFORM_MENU and SOLUTIONS_MENU alongside Resources (Platform,
Solutions, Resources trigger order), drops the internal-only Mothership
item, centers the five-item Platform panel's two-tile last row, and lets
the mobile sheet scroll now that all three sections outgrow a phone
viewport.

Co-authored-by: Cursor <cursoragent@cursor.com>

* feat(landing): add scheduled tasks page and nav item

Adds the /scheduled-tasks landing page (SolutionsPage consumer with a
chat-free schedule-trigger editor hero and enterprise feature tiles
retold for recurring runs) and a sixth Scheduled Tasks item in the
Platform menu, restoring the clean 3x2 grid.

Co-authored-by: Cursor <cursoragent@cursor.com>

* feat(landing): add knowledge, tables, files, and logs platform pages

Completes the Platform nav dropdown — its knowledge, tables, files, and
logs items previously 404'd. Each page is a SolutionsPage consumer with a
product-UI hero loop, enterprise-style feature tiles, CTA band, and SEO
metadata. Removes the dead platform-page component family (workflows was
its last consumer) and adds the new routes to the sitemap.

Co-authored-by: Cursor <cursoragent@cursor.com>

* refactor(landing): consolidate hero-loop engine and code-window graphics, drop dead variant surface

- Extract shared useDesignScale + useMotionSafeCycle hooks and a HeroLoopShell
  so all seven hero loops share one scale/reduced-motion clock engine
- Merge workflows-editor-loop and scheduled-tasks-hero-loop into one
  parameterized shared EditorLoop (content-injection, same pattern as
  EnterpriseLoopContent)
- Consolidate the four identical code-window feature graphics into one shared
  CodeWindowGraphic + single CSS module; pages keep thin data wrappers
- Remove the unreachable 'split'/'standard'/align variant surface from
  SolutionsPage/SolutionsCardRow/SolutionsCard and trim unused barrel re-exports
- Enterprise hero now consumes the shared PlatformHeroVisual instead of an
  inline byte-identical copy
- Add /scheduled-tasks to the sitemap
- a11y: closed mobile-nav sheet is now invisible (out of tab order) with
  aria-controls wiring; decorative tables-hero checkboxes are no longer
  keyboard-focusable
- memo() the static EnterpriseSidebar; hoist per-render header arrays; remove
  comments that restated component TSDoc

* fix(landing): highlight Scheduled tasks in the scheduled-tasks hero sidebar

Thread activeNav through the shared EditorLoop content so the
scheduled-tasks hero highlights its own module row, matching the other
platform heroes.

* chore(landing): drop spacing constants orphaned by the variant removal

Remove the now-unconsumed cardRowHeaderStack/cardRowHeaderCtaGap/
cardTextToVisual/rowSubtitle constants, fix a stale cardVariant TSDoc
reference, and restore import order in the workflows editor-loop wrapper.

* chore(landing): single-source RESET_FADE_MS and drop the unused card frame size

RESET_FADE_MS now lives only in the shared loop-engine hook module; the
enterprise stage-data copy is removed. SolutionsVisualFrame loses its
size prop and cardHeight constant - only the 16:9 hero preset remained
in use after the split-variant removal.

* fix(landing): make the knowledge-answer question bubble visible on light tiles

The frameless vignette sits directly on the tile's --surface-3 fill, so
the build tile's --surface-3 bubble treatment vanished. The question
chip now uses the graphic family's white card chrome (--white fill,
--border-1 hairline), matching its own source card. Also restores
biome's import order in the workflows editor-loop wrapper (fixes the
failing lint:check CI step).

* chore(landing): share one ZipIcon across the files preview and files hero

Extract the duplicated zip-archive SVG into components/shared/zip-icon
and consume it from both the homepage files preview and the files hero
loop.

---------

Co-authored-by: andresdjasso <andresdjasso@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Waleed Latif <walif6@gmail.com>
* fix(docs): remove Ask AI widget

* improvement(landing): add visible FAQ schema, fix SEO redirects and Organization schema

- Move existing plain-markdown FAQ sections in 8 library posts + emcn blog
  into the faq frontmatter array so they emit FAQPage JSON-LD (previously
  visible text with zero structured data)
- Add new, fact-checked FAQ content to the 8 posts with none: openai-vs-n8n-vs-sim,
  v0-5, enterprise, copilot, executor, multiplayer, mothership, series-a
- Add sales ContactPoint to the site-wide Organization schema
- Add 301 redirects for legitimate crawler/dead-link 404s (/$, /&, /Sim,
  /homepage, /logo, /en-US) surfaced by an external SEO audit; left out
  bot-noise paths, already-fixed OG image 404s (#5636), and *.sim.ai
  customer chat subdomains that need manual DB verification, not a
  blanket redirect

* revert(docs): restore Ask AI widget

Ask AI removal is a separate change, out of scope for this PR — restoring
the component, chat panel, api/chat route, and its deps to their
pre-existing state.

* fix(content): correct stale/mislabeled competitor facts surfaced in FAQ audit

- n8n's license is "fair-code" (n8n's own coined term), not "fair-use" —
  a different legal concept entirely; fixed 4 occurrences
- Activepieces' integration count is 750+ per their live catalog, not the
  280+ figure carried over from an older snapshot; fixed 4 occurrences
  across best-zapier-alternatives and n8n-alternatives
* feat(credentials): token-paste service accounts for 12 providers (HubSpot, Airtable, Notion, Asana, Attio, Linear, monday, Shopify, Webflow, Trello, Cal.com, Wealthbox)

* refactor(credentials): registry-dispatch service accounts + doc-verified validator hardening

- Migrate Google/Atlassian/Slack service-account branches to the same
  registry pattern as token-paste providers (builder + resolver maps,
  unified required-fields contract validation)
- Fix Shopify service-account store domain never reaching tool URL builders
- Linear: rate-limit 400s no longer mislabeled as invalid credentials;
  validation header matches runtime header rule
- Trello: server API key rejection no longer blamed on customer token
- Fleet-wide: network errors and non-JSON provider bodies map to
  provider_unavailable via shared fetchProvider/parseProviderJson
- HubSpot: drop regional-host displayName upgrade; Wealthbox: explicit 402;
  monday: provider-side GraphQL errors mapped correctly; Attio: null-body guard

* polish(credentials): ship-gate fixes, setup-guide docs, and lint pass for token service accounts

- 12 setup-guide docs pages (docs.sim.ai/integrations/<provider>-service-account)
  incl. the Trello authorize-link flow the integration depends on
- Attio: HTTP 400 on /v2/self maps to invalid_credentials (live-verified)
- monday: scan all GraphQL errors for provider-side codes; no empty audit ids
- Compile-time descriptor/validator lockstep (typed registry) and
  prototype-safe provider-id guard (Object.hasOwn)
- Shared errors.test.ts pinning fetchProvider/parseProviderJson/
  throwForProviderResponse guarantees for all validators
- Stale TSDoc updated after the registry migration; biome organizeImports pass

* docs(credentials): vendor-doc accuracy pass on service-account setup guides

34 corrections from a 12-agent audit against live official vendor docs:
current HubSpot Development-area nav, Notion connections rename, monday
Developer Center paths, Shopify legacy-vs-Dev-Dashboard token flows, and
hedged wording for claims vendors do not document (expiry, limits)

* improvement(credentials): vendor-accurate credential nouns on connect surfaces

'Add service account' only where the vendor actually has service accounts
(Google, Atlassian); token-paste providers now use their own vocabulary via a
connectNoun descriptor field — 'Add private app token' (HubSpot), 'Add API key'
(Attio/Linear/Cal.com), 'Add personal access token' (Airtable), etc. Docs page
titles updated to match; slugs and internal provider ids unchanged

* fix(credentials): classify auth-shaped Shopify GraphQL errors as invalid credentials

Shopify can reject invalid or revoked shpat_ tokens with HTTP 200 and a
GraphQL error body instead of a 401; those now map to invalid_credentials
instead of a provider-outage message

* fix(credentials): empirically-grounded HubSpot token verification

Live probing showed the documented access-token-info route returns a bare
404 for unrecognized tokens (ambiguous with a missing route), so 404/400
now falls back to the Account Information API, which answers with a JSON
401 for rejected tokens and 200/403 for live ones — verified against the
real endpoints

* fix(credentials): review-round-2 fixes for service-account edge cases

- Shopify tools prefer the credential-validated store domain over the
  block's auto-detected shopDomain (a store-bound token must hit its own store)
- Unknown non-empty service-account providerIds are rejected instead of
  silently persisting as google-service-account (empty stays the legacy
  Google fallback)
- Shopify/modal domain normalization strips URL paths ('https://x.myshopify.com/admin')
- monday: warning-class GraphQL errors no longer reject a token whose me
  data proves it authenticated

* chore(credentials): format shopify validator test

* fix(credentials): cold-review hardening pass

- Object.hasOwn guards on all provider-id registry lookups (crafted
  '__proto__'/'constructor' providerIds now 400 instead of 500) + regression test
- fetchProvider gets a 10s AbortSignal.timeout so a hung provider can't pin
  the create/reconnect request
- HubSpot: unexpected 403 on the token-info route defers to the account-info
  fallback instead of blaming the token
- Linear selector routes use the SDK apiKey option for lin_api_ keys (bare
  header parity with the tools sweep)
- Docs: UI steps aligned to the vendor-noun connect labels; HubSpot
  scope-propagation claims softened; Trello in-product-link promise corrected
@waleedlatif1 waleedlatif1 requested a review from a team as a code owner July 15, 2026 06:37
@greptile-apps

greptile-apps Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Too many files changed for review. (342 files found, 100 file limit)

Bypass the limit by tagging @greptile-apps to review.

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 15, 2026 6:37am

Request Review

@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Changes are documentation and marketing UI with no auth or runtime workflow logic in this diff; credential behavior is documented separately from app code shown here.

Overview
Adds twelve English integration docs for pasting API keys / service-account tokens (Airtable PAT, Asana, Attio, Cal.com, HubSpot private app, Linear, monday.com, Notion internal integration, Shopify Admin API, Trello, Wealthbox, Webflow) and registers them in the integrations docs nav.

Landing marketing consolidates platform routes onto SolutionsPage by removing the separate platform-page stack. Feature tiles get container-query proportional scaling, optional 2-column rows, and a tablet-wide third card layout; pages now end with the shared CTA band. New shared hero pieces include PlatformHeroVisual, HeroLoopShell, EditorLoop (workflow canvas build + selection ring), CodeWindowGraphic, and a shared ZipIcon.

Enterprise / hero loops accept injectable sidebar and chat content, share scaling/cycle hooks (useMotionSafeCycle), and EnterpriseHomeStage can override greeting, prompt, and reply. Navbar turns Platform and Solutions mega-menus back on (Scheduled Tasks, Sales-first Solutions), moves Enterprise under Resources, and improves mobile menu scrolling. Footer swaps the Blocks column for Compare links and adds Library.

SEO: site JSON-LD gains a sales contactPoint.

Reviewed by Cursor Bugbot for commit 64280c9. Configure here.

@waleedlatif1 waleedlatif1 merged commit 874c998 into main Jul 15, 2026
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants