v0.7.4: round-robin byok support, table block fix, db read replica routing, trigger.dev, temporal, latex integrations#4978
Open
waleedlatif1 wants to merge 20 commits into
Open
v0.7.4: round-robin byok support, table block fix, db read replica routing, trigger.dev, temporal, latex integrations#4978waleedlatif1 wants to merge 20 commits into
waleedlatif1 wants to merge 20 commits into
Conversation
…ion (#4963) * feat(byok): support multiple keys per provider with round-robin rotation * fix(byok): address review feedback — serialize cap check, defer encryption, explicit delete guard * fix(byok): drop ON CONFLICT on removed unique index in legacy key migration script * improvement(byok): guard double-submit, Enter-to-save on key field, cap hint in manage modal
…review outside trigger mode (#4969)
… into subflows (#4971) A block copy-pasted into a loop/parallel has parentId set but no incoming edges yet, so the context menu's positional-trigger heuristic (no incoming edges = trigger) classified it as a trigger and hid Remove from Subflow. Blocks nested inside a subflow can never be entry points, so they are now excluded from positional-trigger classification.
…d replica (#4966) * improvement(db): route additional staleness-tolerant reads to the read replica * fix(db): keep event-rule and tag-slot reads on the primary * fix(db): keep chunk listing and tag-usage counts on the primary * fix(db): execution-log mention lookup stays on the primary * fix(db): no-activity decision read stays on the primary
* feat(persona): add Persona identity verification integration * feat(persona): complete API coverage — inquiry lifecycle, account update/redact, report listing, template discovery * improvement(persona): explicit HTTP error handling in all transforms, fix tags wand generation type * chore(persona): align docs path and docsLink with staging structure * improvement(persona): fail-closed file access gate on import route, explicit error when one-time link missing * improvement(persona): validate report template ID before request * improvement(persona): reject unexpected import response bodies instead of returning an empty importer * improvement(persona): require session token on resume per API contract
…xecutions (#4948) * feat(auth): enforce domain and account bans on sign-in and workflow executions * fix(mothership): fail inbox ban checks closed without emailing, gate blocked senders * fix(mothership): also block inbox senders whose own account is banned * fix(execution): always ban-check the workflow owner so schedules are covered * feat(auth): support banning specific emails via appconfig blockedEmails list * fix(mothership): ban-check the workspace billed account on inbox tasks
* feat(integrations): add Trigger.dev integration * feat(integrations): cover the full Trigger.dev management API surface Adds batch retrieve/results, run result/events/trace/tags, queue list and concurrency override/reset, deployments, TRQL query + schema, waitpoint tokens, env var import, and timezones (44 tools total). Marks deduplicationKey required on create schedule and switches list-run filters to the documented comma-separated form, both per the OpenAPI spec. * fix(executor): strip dots from normalized block names so dotted names resolve References split on '.', so a block named "Hunter.io 1" could never be resolved (the first path segment cut the name at the dot). normalizeName now strips dots on both the tag-generation and lookup sides, which cannot break any previously working reference. Aligns the inline normalizers in connection drag-drop, deploy modal, output select, and tag dropdown, and renames Cal Com to Cal.com now that dotted display names work. * improvement(integrations): address Trigger.dev review feedback Reads the delete schedule response instead of hardcoding success, and adds explicit plaintext-secret warnings to the env var read operations and docs. * fix(integrations): scope Trigger.dev block params to the selected operation Advanced sub-block values with non-empty content are serialized regardless of their operation condition, so values left over from a previously selected operation could leak into another operation's API call (e.g., a trigger-task idempotency key filtering the waitpoint list). The params function now routes every shared or remapped param by the selected operation and clears it otherwise. Also derives delete env var success from the response like delete schedule, via a shared helper. * improvement(executor): dot-free names keep reference ownership on legacy collisions Name uniqueness is enforced at the normalized level on create and rename, so new collisions cannot be created. For legacy workflows that already contain names differing only by dots, the resolver now lets the dot-free name own the reference key regardless of block order, so previously working references never change targets.
… task queue tools (#4976) * feat(temporal): add Temporal integration with workflow, schedule, and task queue tools * improvement(temporal): send requestId on all dedupe-capable write operations
…and docs (#4972) * feat(latex): add LaTeX integration with PDF compilation tool, block, and docs * fix(latex): surface extracted TeX errors on all failed compile responses * improvement(latex): add compile timeout, cap upstream error code, reject empty resource payloads * feat(latex): add package search/lookup and font listing tools * improvement(latex): address review findings — path traversal guard, http(s)-only resource urls, timeout abort handling, typed pdf output, NaN-safe maxResults, empty-query rejection, third-party disclosure * fix(latex): fail compile/package lookups that return no payload * improvement(latex): guard lookup tool responses against upstream errors * improvement(latex): reject whitespace-only package names at the block boundary * improvement(latex): make relatedPackages fallback explicit
…pdowns open (#4977) * fix(deps): dedupe radix focus-scope/dismissable-layer so in-modal dropdowns open @radix-ui/react-dropdown-menu was the only Radix package pinned exactly (2.1.16), so the v0.7.0 lockfile refresh left its react-menu on focus-scope@1.1.7 + dismissable-layer@1.1.11 while react-dialog@1.1.16 moved to focus-scope@1.1.9 + dismissable-layer@1.1.12. These packages coordinate modal/popper interplay through module-scoped singletons (focusScopesStack, layersWithOutsidePointerEventsDisabled); with two copies in the bundle, a dialog's focus trap never pauses for a menu portaled outside it and yanks focus back as the menu opens, so the menu's dismiss layer unmounts it in the same tick. Symptom: ChipDropdown menus inside ChipModal (e.g. the credential Add People role dropdown) never appear in fresh-install/production builds while stale local installs with a single shared copy keep working. Bump dropdown-menu to 2.1.17, whose react-menu pins the same internals batch as dialog 1.1.16 — every coordination package (dismissable-layer, focus-scope, focus-guards, portal, popper, presence) now resolves to a single version tree-wide. * fix(deps): use caret range for dropdown-menu so radix internals track the same batch Address review: the exact pin was the original divergence mechanism, and the rest of the radix popper/dialog family floats on caret ranges that jump to the same internals batch together on lockfile refreshes.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryHigh Risk Overview BYOK now supports multiple encrypted keys per provider (named keys, rotate in place, per-provider cap) with round-robin selection at request time; workspace admins manage keys via the BYOK API (covered by new route tests). New workflow blocks ship with docs and UI icons: Persona (KYC/inquiries, screening, accounts—including CSV import via an internal API route), Temporal (start/signal/query/update workflows, visibility, schedules, cancel/terminate/reset), Trigger.dev (tasks, runs, schedules, queues, deployments, TRQL, waitpoints—with docs noting plaintext env var exposure), and LaTeX (PDF compile via a proxied Elsewhere in the release: read-replica routing for more read paths, domain/account bans on sign-in and workflow execution, canvas/table/subflow UX fixes, a copy raw trace control in logs, service-account field autofill fix, and a Radix dedupe so in-modal dropdowns work. Reviewed by Cursor Bugbot for commit b465a3c. Configure here. |
…t races tripping it (#4980) * improvement(sockets): make offline mode recoverable and stop transient races tripping it * data persistence issues should trigger offline mode and force refresh * code cleanup
…he content area (#4984)
…side transactions (#4975) * fix(db-part-1): eliminate pool self-deadlock from nested checkouts inside transactions * update docs
* feat(integrations): add Brex integration with expenses, receipts, transactions, team, budgets, and payments tools * fix(brex): reject whitespace-only expense IDs in receipt upload instead of silently falling back to receipt match * fix(brex): trim receipt name in contract so whitespace-only overrides are rejected * fix(brex): align spend limit balance shape, enum descriptions, and pagination metadata with Brex API specs * improvement(brex): validate pre-signed upload URL with DNS pinning and harden API key input * fix(brex): correct shared limit placeholder to reflect the 100-item cap on list expenses * fix(brex): normalize timezone-suffixed timestamps for transactions date filters (Brex rejects offsets)
…d data export tools (#4981) * feat(integrations): add Convex integration with function execution and data export tools * fix(convex): separate List Documents page cursor from deltas cursor and surface HTTP errors in transforms * fix(convex): rename List Documents pagination cursor to pageCursor end-to-end for unambiguous chaining * fix(convex): validate deployment URL with shared SSRF guard * improvement(convex): polish from final validation pass — reject query strings in deployment URL, validate object args, fix sync skill wording * docs(convex): note streaming export plan requirement on data-export tools (verified via live E2E)
…dynamic OG images (#4985) * improvement(integrations): overhaul landing FAQs for SEO/GEO and fix dynamic OG images * improvement(integrations): trim comments and fold catalog updatedAt into integrations.json * fix(integrations): correct FAQ copy for zero-capability and single-tool integrations
…ent, audio, and live event tools (#4986) * feat(integrations): add Quartr integration with company, event, document, audio, and live event tools * fix(quartr): address review findings — null-safe query building, string boolean toggles, accurate descriptions, NestJS validation error extractor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.