…dioai#3670)

* fix(open-resource): open resource tool to open existing files

* fix loading state

* address comment

* remove title

…3676)

* fix(tool): Fix issue with custom tools spreading out string output

* Fix lint

* Avoid any transformation on custom tool outputs

---------

Co-authored-by: Theodore Li <theo@sim.ai>

)

…mstudioai#3678)

Providers like Box don't return a scope field in their token response,
leaving the account.scope column empty. The credentials API now falls
back to the provider's configured scopes when the stored scope is
empty, preventing false "Additional permissions required" banners.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

…r React primitives (simstudioai#3675)

* improvement(react): replace unnecessary useEffect patterns with better React primitives

* fix(react): revert unsafe render-time side effects to useEffect

* fix(react): restore useEffect for modals, scroll, and env sync

- Modals (create-workspace, rename-document, edit-knowledge-base): restore
  useEffect watching `open` prop for form reset on programmatic open, since
  Radix onOpenChange doesn't fire for parent-driven prop changes
- Popover: add useEffect watching `open` for programmatic close reset
- Chat scroll: restore useEffect watching `isStreamingResponse` so the 1s
  suppression timer starts when streaming begins, not before the fetch
- Credentials manager: revert render-time pattern to useEffect for initial
  sync from cached React Query data (useRef captures initial value, making
  the !== check always false on mount)

* fix(react): restore useEffect for help/invite modals, combobox index reset

- Help modal: restore useEffect watching `open` for form reset on
  programmatic open (same Radix onOpenChange pattern as other modals)
- Invite modal: restore useEffect watching `open` to clear error on
  programmatic open
- Combobox: restore useEffect to reset highlightedIndex when filtered
  options shrink (prevents stale index from reappearing when options grow)
- Remove no-op handleOpenChange wrappers in rename-document and
  edit-knowledge-base modals (now pure pass-throughs after useEffect fix)

* fix(context-menu): use requestAnimationFrame for ColorGrid focus, remove no-op wrapper in create-workspace-modal

- ColorGrid: replaced setTimeout with requestAnimationFrame for initial
  focus to wait for submenu paint completion
- create-workspace-modal: removed handleOpenChange pass-through wrapper,
  use onOpenChange directly

* fix(files): restore filesRef pattern to prevent preview mode reset on refetch

The useEffect that sets previewMode should only run when selectedFileId
changes, not when files array reference changes from React Query refetch.
Restores the filesRef pattern to read latest files without triggering
the effect — prevents overriding user's manual mode selection.

* fix(add-documents-modal, combobox): restore useEffect for modal reset, fix combobox dep array

- add-documents-modal: handleOpenChange(true) is dead code in Radix
  controlled mode — restored useEffect watching open for reset-on-open
- combobox: depend on filteredOptions array (not .length) so highlight
  resets when items change even with same count

…rations page, improved enterprise section, update docs generation script (simstudioai#3667)

* improvement(platform): added more email validation utils, added integrations page, improved enterprise section, update docs generation script

* remove unused route

* restore hardcoded ff

* updated

* chore: install soap package types for workday integration

* fix(integrations): strip version suffix for template matching, add MX DNS cache

* change ff

* remove extraneous comments

* fix(email): cache timeout results in MX check to prevent repeated 5s waits

…filename regex (simstudioai#3680)

* improvement(vfs): update custom glob impl to use micromatch, fix vfs filename regex

* add tests

* file caps

* address comments

* fix open resource

* consolidate files

… util extraction (simstudioai#3683)

* fix(enterprise): remove dead variables resourceLabel, CHECK_PATH, allFeatures, RESOURCE_TYPE_LABEL

* fix: cap MX cache size, deduplicate validateCallbackUrl, add slug duplicate guard

* revert: remove slug duplicate guard

* refactor: extract validateCallbackUrl to shared util, evict stale MX cache entries on lookup

* refactor: move validateCallbackUrl into input-validation.ts

* fix: guard validateCallbackUrl against server-side window, skip eviction on cache update

* fix(auth): remove redundant validateCallbackUrl re-check on already-safe callbackUrl

* chore(auth): add comment explaining why safeCallbackUrl skip re-validation

* chore: remove redundant inline comments

…dioai#3684)

* feat(infisical): add Infisical secrets management integration

* fix(infisical): rename tool files to underscores, add configurable baseUrl, fix error type casts

* fix(infisical): make get_secret fallback consistent with other tools

* fix(infisical): add type casts to fix TypeScript build error in tag/metadata mapping

* fix(infisical): guard empty secretValue, validate version number, move DELETE params to query string

* fix(infisical): use falsy check for secretComment to prevent clearing existing comments

…3686)

* feat(microsoft-ad): add Azure AD (Entra ID) integration

Add complete Azure AD integration with 13 tools for managing users
and groups via Microsoft Graph API v1.0. Includes OAuth config with
PKCE, block definition with conditional subBlocks, and generated docs.

Tools: list/get/create/update/delete users, list/get/create/update/delete
groups, list/add/remove group members.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(microsoft-ad): add $search/$filter guard, $count=true, and memberId validation

- Prevent using $search and $filter together (Graph API rejects this)
- Add $count=true when $search is used (required with ConsistencyLevel: eventual)
- Validate and trim memberId in add_group_member body before use

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(microsoft-ad): fix docsLink underscore and accountEnabled update safety

- Change docsLink from microsoft-ad to microsoft_ad to match docs routing
- Split accountEnabled dropdown into separate create/update subBlocks
- Update operation shows "No Change" default (empty string) to prevent
  silently re-enabling disabled accounts when updating other fields
- Create operation keeps "Yes" default as before

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(microsoft-ad): prevent visibility from always being sent on group update

Split visibility dropdown into separate create/update subBlocks with
"No Change" default for update_group, preventing silent overwrite of
group visibility when updating other fields like description.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(microsoft-ad): prevent empty values leaking into PATCH requests

- Use operation-aware checks for accountEnabled and visibility in block
  params to prevent create defaults bleeding into update operations
- Change tool body guards from `!== undefined` to truthy checks so
  empty-string inputs from unfilled subBlocks are omitted from PATCH

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

…dioai#3685)

* feat(okta): add complete Okta identity management integration

Add 18 Okta Management API tools covering user lifecycle (list, get,
create, update, activate, deactivate, suspend, unsuspend, reset password,
delete) and group management (list, get, create, update, delete, add/remove
members, list members). Includes block with conditional UI, icon, registry
entries, and generated docs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs(okta): add manual description section to generated docs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(okta): address PR review — SSRF prevention, safe response parsing, consistent sendEmail

- Add validateOktaDomain() to prevent SSRF via user-supplied domain param
- Fix 9 tools to check response.ok before calling response.json()
- Make sendEmail query param explicit in deactivate_user and delete_user

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(okta): only forward boolean switches when explicitly true

Switch subBlocks default to OFF (false), which was being forwarded to
tools and overriding their default-true behavior for sendEmail and
activate params. Now only forward these when explicitly toggled ON.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(okta): use nullish coalescing for boolean switch defaults

Block now forwards sendEmail/activate values as-is (including false).
Tools use ?? operator so: explicit true/false from switches are respected,
undefined (programmatic calls) still defaults to true.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(okta): prevent silent data loss in update operations

- update_group: always include description in PUT body (defaults to '')
  since PUT replaces the full profile object
- update_user: use !== undefined checks so empty strings can clear fields
  via Okta's POST partial update
- block: allow empty strings through passthrough loop and use !== undefined
  for groupDescription mapping

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(okta): move validateOktaDomain to centralized input-validation

- Moved validateOktaDomain from tools/okta/types.ts to
  lib/core/security/input-validation.ts alongside other validation utils
- Added .trim() to handle copy-paste whitespace in domain input
- Updated all 18 tool files to import from the new location

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

…ol fixes

* fix(landing): update broken links, change colors

* update integration pages

* update icons

* link to tag

* fix(landing): resolve build errors and address PR review comments

- Extract useEffect redirect into ExternalRedirect client component to fix
  fs/promises bundling error in privacy/terms server pages
- Fix InfisicalIcon fill='black' → fill='currentColor' for theme compatibility
- Add target="_blank" + rel="noopener noreferrer" to enterprise Typeform link
- Install @types/micromatch to fix missing type declarations build error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(icons): fix InfisicalIcon fill='black' → fill='currentColor' in docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* remove hardcoded ff

* fix(generate-docs): fix tool description extraction for two-step and name-mismatch patterns

Replace the fragile first-id/first-description heuristic with a per-id
window search: for each id: 'tool_id' match, scan the next 600 chars
(stopping before any params: block) for description: and name: fields.
This correctly handles the two-step pattern used by Intercom and others
where the ToolConfig export comes after a separate base object whose
params: would have cut off the old approach.

Add an exact-name fallback that checks tools.access for a tool whose
name matches the operation label — handles cases where block op IDs are
short aliases (e.g. Slack 'send') while the tool ID is more descriptive
('slack_message') but the tool name 'Slack Message' still differs.

Remove the word-overlap scoring fallback which was producing incorrect
descriptions (Intercom all saying 'Intercom API access token', Reddit
Save/Unsave inverted, etc.).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

…d consistent design (simstudioai#3688)

* improvement(toast): match notification styling with countdown ring and consistent design

* fix(toast): add success variant indicator dot

…tudioai#3689)

* fix(preview): show actual nested workflow name in log snapshots

* fix(preview): ensure metadata.name in non-deployed child workflow path

* style(preview): fix line formatting

…3690)

* chore(templates): disable templates page and related UI

* chore(templates): remove unused imports from disabled template code

* fix(config): restore noNestedComponentDefinitions rule in biome config

* chore(templates): comment out remaining dead template code

Comment out handleTemplateFormSubmit, handleTemplateDelete,
TemplateStatusBadge component, and TemplateProfile dynamic import
that were left over after disabling the templates feature.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore(templates): clean up dead code from review feedback

- Remove unused usePathname/pathnameRef in use-workspace-management.ts
- Comment out stale 'template' from TabView union type
- Remove unused params from TemplateLayoutProps interface

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

)

* feat(copilot): add rename operation to user_table tool

* fix(copilot): use newName instead of name for table rename operation

…enaming