Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: simstudioai/sim
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.7.22
Choose a base ref
...
head repository: simstudioai/sim
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.7.23
Choose a head ref
  • 17 commits
  • 113 files changed
  • 2 contributors

Commits on Jul 4, 2026

  1. fix(compare): swap LangChain logo, fix comparison-table horizontal sc…

    …roll (#5409)
    
    * fix(compare): swap LangChain logo, fix comparison-table horizontal scroll
    
    Replace LangChainIcon's path with the official brand mark (light-blue
    link icon) instead of the prior monochrome recreation.
    
    The comparison table's grid cells were missing min-w-0, so a grid item
    without it sizes to its content's max-content width instead of
    respecting its column's fr track, pushing the whole table wider than
    its container and forcing a horizontal scrollbar. Add min-w-0 to every
    grid cell/header, and size the row-label column to minmax(140px,
    max-content) instead of a guessed fr ratio, so it's exactly as wide as
    its longest label ("Vetted first-party integrations") needs and no
    wider, leaving the Sim/competitor value columns their full share.
    
    * fix(compare): stacked mobile layout for the comparison table
    
    Below sm (640px) a 3-column table has no room to be legible even with
    the sticky label column, so switch to the standard responsive-table
    pattern instead: each fact stacks as label -> Sim's value -> the
    competitor's value, each value tagged with its product name since the
    column headers are no longer directly above. Pure CSS (max-sm:/sm:
    variants), no JS, keeping this a zero-hydration server component.
    
    * fix(compare): fix SourceLink inline-anchor overflow, align table breakpoint
    
    Root cause of the persistent table-overflow/mobile-scroll issues: SourceLink
    renders a plain <a> with no explicit display, so it defaults to
    'display: inline'. min-width and truncate are no-ops on inline elements, so
    any fact with a source (nearly all of them) ignored its flex/grid parent's
    width constraint and could force the whole row (and thus the whole table)
    wider than intended, regardless of any container-level min-w-0/max-content
    fix. Give the anchor 'block min-w-0' so width constraints and truncation
    actually cascade down to the wrapped value.
    
    Also aligns the table's mobile-stack breakpoint from an ad hoc sm (640px) to
    lg (1024px), matching this route group's own tablet-and-below convention
    (.claude/rules for the (landing) group), and fixes the stacked mobile cells
    to override the cell's base items-center with items-stretch so the name tag
    and value get a real full-width box to truncate within instead of shrinking
    to their own content size with no boundary.
    
    * fix(compare): add min-w-0 to ColumnHeader per Greptile review
    
    ColumnHeader (the Sim/competitor logo header cells in the two fr columns)
    still had default min-width: auto, so an unusually long competitor name
    could size the header to its min-content width and push the grid wider
    than its column allows, same root cause as the rows already fixed.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    0249516 View commit details
    Browse the repository at this point in the history
  2. fix(mothership): stop chat perf decay from permanently-animated strea…

    …med messages (#5411)
    
    * fix(mothership): stop chat perf decay from permanently-animated streamed messages
    
    * fix(mothership): reset animation latches when a reused ChatContent gets replaced content
    
    * fix(mothership): keep streaming parser on settled messages to kill the drain-swap flash
    
    * fix(mothership): unify plain/special render branches to stop whole-message re-fade when options arrive
    
    * improvement(mothership): hold render-phase animation latches in useState per updated hook rules
    
    * fix(styling): translucent text-selection in form controls so field text stays readable
    
    * improvement(styling): one lighter translucent text-selection color everywhere, no forced text color
    
    * chore(styling): selection-muted tokens as 8-digit hex to match color token convention
    TheodoreSpeaks authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    818fa00 View commit details
    Browse the repository at this point in the history
  3. feat(custom-block): deploy a workflow as a reusable org-scoped block (#…

    …5407)
    
    * feat(custom-block): deploy a workflow as a reusable org-scoped block
    
    * fix(custom-block): reseed deploy form, guard duplicate publish, run child deployed
    
    * test(custom-block): isolate custom-block rows fetch in execution-core test
    
    * fix(custom-block): allow cross-workspace exec, org-scope authority, keep field ids, hide disabled
    
    * feat(custom-block): run child under source owner's identity, workspace, and env
    
    * fix(custom-block): bind publish authz to the source workflow's workspace
    
    * fix(custom-block): gate edit/delete on source-workspace admin, not org admin
    
    * chore(custom-block): rebaseline route count to 887 after staging merge
    
    * fix(custom-block): sanitize failure output so it can't leak source workflow internals
    
    * fix(custom-block): derive inputs and curated outputs from deployed state, not draft
    
    * fix(custom-block): hide disabled blocks from the toolbar palette too
    
    * fix(custom-block): bill nested + failed-run hosted cost; expose real inputs to the agent
    
    * fix(custom-block): enforce enterprise + flag gate at every consumption path
    TheodoreSpeaks authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    82eff54 View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    acf4afb View commit details
    Browse the repository at this point in the history
  5. fix(copilot): validate credential-link URL scheme before rendering (#…

    …5416)
    
    * fix(copilot): validate credential-link URL scheme before rendering
    
    Only render the credential connect link as a clickable anchor when its
    value resolves to an http(s) URL, reusing the isSafeHttpUrl helper
    already used for chat file links.
    
    * refactor(copilot): move isSafeHttpUrl to shared lib/core/utils/urls
    
    Per Greptile's convention feedback: isSafeHttpUrl was consumed by both
    chat and workspace/home but defined inside a feature-specific 'use client'
    component. Move it alongside getBrowserOrigin (which it already depends
    on) in lib/core/utils/urls.ts, matching this repo's shared-utility rule.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    04432b6 View commit details
    Browse the repository at this point in the history
  6. fix(tools): bound download response size for drive/slack/onedrive (#5414

    )
    
    Google Drive, Slack, and OneDrive download routes fetched provider file
    content without a response size cap, unlike the SharePoint download route.
    Add maxResponseBytes to each content fetch, reject Google Drive files whose
    metadata size already exceeds the cap before starting the download, and map
    the resulting size-limit error to a clean 413 response.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    b98c7c4 View commit details
    Browse the repository at this point in the history
  7. fix(uploads): bound multipart body read in workspace-file and knowled…

    …ge-document upload routes (#5413)
    
    * fix(uploads): bound multipart body read in workspace-file and knowledge-document upload routes
    
    * fix(uploads): avoid FormData-body stream race in bounded-read tests
    
    * fix(uploads): share MAX_MULTIPART_OVERHEAD_BYTES constant across upload routes
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    1a371e5 View commit details
    Browse the repository at this point in the history
  8. fix(stt): bound audio download response size (#5412)

    * fix(stt): bound audio download response size
    
    Cap the audioUrl download in the STT proxy route at the platform's standard 100MB file-size ceiling, matching the pattern already used by sharepoint/download-file and other external download routes. Classify size-limit rejections as a clean 413 instead of an unhandled 500.
    
    * fix(stt): avoid double isPayloadSizeLimitError call in error handling
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    a1fbb57 View commit details
    Browse the repository at this point in the history
  9. fix(webhooks): validate and pin EmailBison apiBaseUrl before outbound…

    … requests (#5415)
    
    * fix(webhooks): validate and pin EmailBison apiBaseUrl before outbound requests
    
    Route Email Bison webhook create/delete requests through the shared
    DNS-validated, IP-pinned fetch used by the Teams and Slack webhook
    providers instead of a raw fetch to the user-configured instance URL.
    
    * fix(webhooks): restore NEXT_PUBLIC_APP_URL in emailbison tests, dedupe strict-delete warning log
    
    Test env var mutation was never restored, risking cross-file leakage in
    single-threaded vitest runs. Strict-mode deleteSubscription failures were
    logged twice (once at the throw site with context, once generically by the
    outer catch); the outer catch now skips its own log for errors already
    logged at the throw site.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    41fb863 View commit details
    Browse the repository at this point in the history
  10. refactor(uploads): hoist execution permission check out of upload loo…

    …p, dedupe permission-gate tests (#5420)
    
    /simplify pass on PR #5404: resolve the execution-context workspace permission
    check once per request instead of once per uploaded file, and collapse
    repeated request-construction boilerplate in the new permission-gate tests
    into a shared helper.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    0d6994d View commit details
    Browse the repository at this point in the history
  11. fix(mcp): make SSRF-guarded fetch structurally mandatory in OAuth aut…

    …h() calls (#5419)
    
    PR #5399 fixed the callback route forgetting to pass fetchFn into the SDK's
    auth(), but every call site (start + callback routes) still imported the raw
    SDK auth() directly and had to remember to pass fetchFn: createSsrfGuardedMcpFetch()
    by hand — the same omission was possible again at any future call site.
    
    Add mcpAuthGuarded() in lib/mcp/oauth/auth.ts, a thin wrapper around the SDK's
    auth() that always defaults fetchFn to the SSRF-guarded fetch (still overridable
    for tests). Both routes now import mcpAuthGuarded from @/lib/mcp/oauth instead
    of the raw SDK auth, so omitting the guard is no longer possible by omission.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    4b13398 View commit details
    Browse the repository at this point in the history
  12. improvement(chat): smooth streaming — eased stick-to-bottom glide and…

    … time-based reveal pacing (#5417)
    
    * improvement(chat): eased stick-to-bottom glide for streaming chat
    
    * improvement(chat): time-based word-at-a-time reveal pacing
    
    * improvement(chat): harden smooth-chase against reentrant kick/cancel during a step
    TheodoreSpeaks authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    f456ed9 View commit details
    Browse the repository at this point in the history
  13. fix(mcp): correct fetchFn fallback order in mcpAuthGuarded (#5423)

    Spread order previously let an explicit fetchFn (including fetchFn: undefined)
    in options silently disable the SSRF-guarded default. Fallback is now applied
    after the spread so the guard always wins unless a real override is passed.
    
    fix(tools): handle non-numeric Drive file size in early size check
    
    Guard the pre-download size check against a malformed metadata.size string
    so it's skipped explicitly instead of relying on an incidental NaN no-op;
    the streaming cap on the actual download still enforces the limit either way.
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    3edaae3 View commit details
    Browse the repository at this point in the history
  14. improvement(compare): accuracy and consistency pass on comparison pag…

    …es (#5422)
    
    * improvement(compare): accuracy and consistency pass on comparison pages
    
    Cross-checked facts across all comparison pages against live sources,
    corrected a few internal inconsistencies, and added one new fact category.
    No schema or rendering changes beyond a single new row.
    
    * fix(compare): align a parity check and a stale source citation
    
    * improvement(compare): cross-reference Sim's permission-groups system from rbac
    
    * improvement(compare): sharper bottom-line reasoning, minor emphasis fixes
    
    Reworded a few competitor headline claims to reflect genuine product
    positioning rather than a narrow feature, and gave a couple of Sim's
    own already-documented capabilities (model reach, integration count,
    live collaboration) more prominent placement.
    
    * improvement(compare): verify every cited source is live, fix a few dead links
    
    * fix(compare): correct mcpSupport boolean-icon misparse in power-automate.ts
    waleedlatif1 authored Jul 4, 2026
    Configuration menu
    Copy the full SHA
    ee1824c View commit details
    Browse the repository at this point in the history

Commits on Jul 5, 2026

  1. fix(404): use ChipLink for return-home CTA on root not-found page (#5424

    )
    
    Matches the emcn ChipLink pattern already used by sibling landing not-found pages instead of a hand-rolled Link with raw Tailwind classes.
    waleedlatif1 authored Jul 5, 2026
    Configuration menu
    Copy the full SHA
    82eb6dc View commit details
    Browse the repository at this point in the history
  2. fix(compare): render two already-populated fact rows that were missin…

    …g from the table (#5425)
    
    dataTables and richTextEditor are required fact fields, already researched and
    filled in for Sim and every competitor, but neither was ever added to the row
    list the table actually renders.
    waleedlatif1 authored Jul 5, 2026
    Configuration menu
    Copy the full SHA
    85f80fa View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    616a71d View commit details
    Browse the repository at this point in the history
Loading