v0.6.94: 4.8 opus, better auth upgrade, zoominfo integration, copilot messages table, user stats hot path improvements, RB2B#4780
Merged
Merged
Conversation
* feat(providers): add Claude Opus 4.8 model * chore(providers): update buildThinkingConfig docstring for Opus 4.8
* chore(auth): upgrade better-auth 1.3.12 → 1.6.11 * chore(auth): address Greptile review — broaden change-email type + migration newline * fix(auth): correct oneTimeToken expiresIn unit (minutes, not seconds) Better-auth's oneTimeToken expiresIn is in minutes (multiplied by 60_000ms internally). Sim's existing 24*60*60 evaluated to ~60 days of token lifetime instead of the intended 24 hours. Tokens are one-time-use and typically consumed within seconds of generation (Socket.IO handshake), so this tightens an unused security window without affecting UX.
…er (#4769) * fix(mothership): persist queued messages, edit-in-place preserves order * fix(mothership): pause drain while head is in edit, restore handoff cleanup on edit, merge on migrate * improvement(mothership): strip editing on persist; tighten comments to codebase style * improvement(mothership): omit editing from partialize entirely * fix(mothership): honor user removal during dispatch in failure-restore path
) Splits copilot chat messages out of the copilot_chats.messages JSONB column into a dedicated copilot_messages table. JSONB stays canonical during R+0 — every write path dual-writes to the new table best-effort (try/catch + log warn, never throws). Migration 0217 creates the table + indexes and inline-backfills history from JSONB so OSS self-hosters don't need to run a separate script. Write paths covered: - post.ts (user message append) - terminal-state.ts (assistant turn finalize) - update-messages/route.ts (snapshot replace) - inbox/executor.ts (background turn) - fork/route.ts (chat clone) - superuser/import-workflow/route.ts (chat import) Each call threads chatModel + streamId where relevant; ON CONFLICT DO UPDATE preserves existing stream_id / model via COALESCE. For pre-R+1 reconciliation, run: bun apps/sim/scripts/copilot-messages-reconcile.ts [--since='7 days'] Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…rim (#4772) * improvement(integrations): tighten resend, azure_devops icon, loops trim * fix(resend): drop unreachable send error branch, relabel unsubscribed default
…main rotation (#4773) * improvement(auth): suffix-match BLOCKED_SIGNUP_DOMAINS to catch subdomain rotation * improvement(auth): dedupe denylist entries, extract isEmailInDenylist with tests
…4768) * improvement(billing): migrate hot path writes away from user_stats * fix period start and end sot * address comments * Remove stale billing migration Co-authored-by: Cursor <cursoragent@cursor.com> * regen migrations --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…ocs (#4776) * feat(integrations): add ZoomInfo, align Wiza, audit Apollo, refresh docs - Add ZoomInfo integration: search/enrich contacts & companies, intent, news (6 tools), proxy route, block, and icon - Validate and align Wiza tools/block/outputs against live API docs - Audit Apollo tools: tighten params, outputs, and types - Update tool docs (.mdx), icons, icon mappings, and integrations.json * fix(zoominfo): use useId for ZoomInfoIcon clipPath to avoid duplicate DOM ids Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(apollo): address PR review on sequence add and bulk enrich - sequence_add_contacts: send large contact_ids/label_names arrays in the POST body (Rails merges query + body params) to avoid reverse-proxy URL length limits; keep scalar settings in the query string - organization_bulk_enrich: add back-compat shim mapping the legacy `organizations` ({name, domain}[]) subBlock value to the new `domains` string array so saved workflows keep running Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(integrations): unique ZoomInfo icon clip id, numeric employee range filters - ZoomInfoIcon: derive clipPath id from useId() so multiple instances don't collide - ZoomInfo company search: send employeeRangeMin/Max as numbers, matching revenueMin/Max * fix(zoominfo): send employeeRange filters as strings per API schema Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(zoominfo): send contactAccuracyScoreMin as string per Contacts Search schema Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(apollo): harden people_search pagination, correct bulk-update output docs - people_search: read pagination from both the nested `pagination` object (legacy /mixed_people/search) and top-level fields, avoiding silent fallback to defaults - account_bulk_update: correct output descriptions — accounts support up to 1000 per request and async is opt-in (not auto-triggered at 100 like contacts) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(wiza): correct company enrichment credits shape in output docs Company enrichment returns api_credits { total, company_credits }, not the email/phone/scrape breakdown used by individual reveals. Description-only fix verified against docs.wiza.co. * fix(apollo): send sequence add contact_ids/label_names as query params per docs Apollo documents every field for emailer_campaigns/:id/add_contact_ids as a query parameter with no request body. Append contact_ids[]/label_names[] to the query string instead of the JSON body to match the documented contract. * feat(apollo): expose account_stage_id uniform field for bulk update accounts Apollo documents account_stage_id as a Body Param for /accounts/bulk_update ('when using account_ids, apply this account stage to all accounts'). Adds it to the tool params, body builder, type, block subBlock, and params mapper alongside name/owner_id. * docs(apollo): correct contact_update typed_custom_fields description Apollo's update-a-contact endpoint documents typed_custom_fields, so drop the inaccurate "not officially documented" caveat. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(zoominfo): default required outputFields on enrich; parse nested API error object - ZoomInfo enrich endpoints require outputFields; send a curated default set when omitted so requests don't fail - extractZoomInfoError now reads the GTM REST nested error object ({error:{code,message}}) instead of dropping it to a generic HTTP message Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * improvement(wiza): add wandConfig to complex prospect-search filter fields Adds AI-assist wandConfig (json-object) with format examples to the structured filter inputs (job_title, job_company, past_company, company_industry, location, company_location) and the full filters object, completing the wandConfig checklist item for the Wiza block. * fix(findymail): surface API .error messages and alphabetize registry - transformResponse error branches now fall back to the response body's `error` field before the generic status string, so Findymail's actual messages ("Not enough credits" on 402, "Subscription is paused" on 423, "One identifier is required..." on 422) reach the user instead of a bare "Findymail API error: <status>". Applied to all 11 tools. - alphabetize the findymail entries in tools/registry.ts to match the already-alphabetical import block and the integration guideline. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* feat(slack): scope private channel visibility to installing user * improvement(slack): warn on usr_ marker parse miss, drop dead bot prefix * chore(slack): trim verbose comment
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Copilot & billing: Chat update, fork, and workflow-import paths now dual-write copilot messages via Auth: Password reset uses ZoomInfo: New ZoomInfo block, docs, icons, and an internal proxy with OAuth client-credentials, URL allowlisting, and token caching. Slack: Private channel pickers scope to the installing user when OAuth credentials carry a Docs / integrations (high signal): Google Slides docs expand to ~50 operations (styling, tables, charts, export, batch update). HubSpot trigger docs consolidate to a single CRM poller (created/updated/property/list membership). Apollo, Instantly, AgentMail/AgentPhone, DocuSign, ElevenLabs, Wiza, and others get contract-aligned field/output updates. Icons refresh (AgentPhone, Zoom vs ZoomInfo, Findymail Not in this diff slice but in the release title: Claude Opus 4.8, signup domain blocking, execution log size limits, workflow default color. Reviewed by Cursor Bugbot for commit 2ede04d. Bugbot is set up for automated code reviews on this repo. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
* fix(slack): only parse scoped user id for oauth credentials * chore(slack): trim guard comment
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2ede04d. Configure here.
…mpts (#4783) The hooks.before middleware threw plain Errors for the four auth-policy gates (registration disabled, email/password disabled, login allowlist, blocked signup domains). better-auth surfaces an uncaught hook Error as a generic 500 SERVER_ERROR, so users hitting these gates saw 'Failed to create account' with no actionable message. Throw APIError('FORBIDDEN', { message }) instead so the endpoints return a clean 403 with the policy message, which the client surfaces directly. Internal/server failures (email send, provider userinfo fetch, ID-token parse) intentionally remain plain Errors so they continue to surface as 500s.
* make zoominfo icon a bit bigger * feat(integrations): add RB2B integration Add the RB2B AI workspace integration for person-level visitor identification and B2B enrichment via the RB2B API (api.rb2b.com). - 15 tools: credit check, IP to HEM/MAID/company, email/HEM to business profile/best LinkedIn/LinkedIn slug/MAID, email to last active date, and LinkedIn to business profile/best personal email/personal email/hashed emails/mobile phone, plus LinkedIn slug search - Single API-key block with an operation dropdown, conditional inputs, and outputs covering every tool - RB2B icon and generated docs * fix(integrations): address RB2B PR review - email_to_activity now has its own plaintext Email field (canonicalParamId) instead of sharing the Email-or-MD5 input, since it does not accept MD5 hashes - RB2BIcon uses useId() for its clipPath id instead of a hardcoded id, matching the convention used by other icons * fix(integrations): map RB2B email_to_activity input via params, not canonicalParamId The canonical-pair validation test requires canonical members to share the same condition. Replace the cross-operation canonicalParamId reuse with two distinct subblock ids (email for HEM ops, emailAddress for email_to_activity) and a small tools.config.params remap to the email tool param.
waleedlatif1
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.