remove substitute_ee.ps1

* feat: add optional CSP headers when ENABLE_CSP_HEADERS is set

- Add middleware to conditionally set Content-Security-Policy headers
- Check for ENABLE_CSP_HEADERS environment variable  
- Apply secure default CSP policy suitable for web applications
- Follows existing middleware patterns in codebase

Resolves #6031

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Ruben Fiszel <rubenfiszel@users.noreply.github.com>

* perf: optimize CSP headers with lazy_static and add configurability

- Cache CSP_ENABLED and CSP_POLICY using lazy_static to avoid env var lookups on every request
- Add comprehensive documentation to add_csp_headers middleware function
- Make CSP policy configurable via CSP_POLICY environment variable
- Maintain backward compatibility with secure default policy
- Implement proper error handling for custom CSP policy values

Co-authored-by: Alexander Petric &lt;alpetric@users.noreply.github.com&gt;

* refactor: conditionally add CSP middleware layer instead of NO-OP

- Use .option_layer() to only add CSP middleware when ENABLE_CSP_HEADERS is set
- Remove runtime conditional check from add_csp_headers function
- Improve performance by avoiding unnecessary middleware execution when disabled

Co-authored-by: Ruben Fiszel <rubenfiszel@users.noreply.github.com>

* refactor: conditionally add CSP middleware layer instead of NO-OP

Remove CSP_ENABLED variable and instead check if CSP_POLICY is not empty.
This eliminates the need for a separate enable flag and simplifies the logic
to just check if a meaningful CSP policy is configured.

- Remove CSP_ENABLED lazy_static variable
- Simplify CSP_POLICY to use unwrap_or_default()
- Update conditional middleware logic to check !CSP_POLICY.is_empty()
- Update documentation to reflect new behavior

Co-authored-by: Ruben Fiszel <rubenfiszel@users.noreply.github.com>

* refactor: conditionally add CSP middleware layer instead of NO-OP

Move CSP headers from general middleware stack to static assets only.
CSP headers are only relevant for browsers consuming static content,
not for API endpoints.

Changes:
- Add CSP headers directly to static asset responses in serve_path()
- Remove CSP middleware from general middleware stack
- Remove unused add_csp_headers middleware function
- Maintain same CSP_POLICY environment variable configuration

Co-authored-by: Alexander Petric <alpetric@users.noreply.github.com>

* fix: conditionally compile CSP header imports with static_frontend feature

Fixes unused import errors by wrapping HeaderValue and CSP_POLICY imports 
with #[cfg(feature = "static_frontend")] to match their usage context.

Co-authored-by: Alexander Petric <alpetric@users.noreply.github.com>

* refactor: move CSP lazy static block to static_assets.rs

- Move CSP_POLICY lazy static from lib.rs to static_assets.rs for better encapsulation
- Remove crate-level import since CSP_POLICY is now local to static_assets module
- Maintain same functionality with proper feature gating for static_frontend

Co-authored-by: Ruben Fiszel <rubenfiszel@users.noreply.github.com>

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ruben Fiszel <rubenfiszel@users.noreply.github.com>
Co-authored-by: Alexander Petric <alpetric@users.noreply.github.com>

.github/workflows/aider-after-review.yaml

@@ -1,170 +0,0 @@
-name: Aider Auto-fix PR Review Change Requests
-
-on:
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  auto-fix-review:
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]')
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: write
-      pull-requests: write
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Configure Git User
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Checkout PR Branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "PR review trigger: Checking out PR branch..."
-          PR_NUMBER=${{ github.event.pull_request.number }}
-          PR_HEAD_REF=$(gh pr view $PR_NUMBER --json headRefName -q .headRefName --repo $GITHUB_REPOSITORY)
-          if [[ -z "$PR_HEAD_REF" || "$PR_HEAD_REF" == "null" ]]; then
-             echo "::error::Could not determine PR head branch for PR #$PR_NUMBER via gh CLI."
-             exit 1
-          fi
-          echo "Checking out PR head branch: $PR_HEAD_REF for PR #$PR_NUMBER"
-          git fetch origin "refs/heads/${PR_HEAD_REF}:refs/remotes/origin/${PR_HEAD_REF}" --no-tags
-          git checkout "$PR_HEAD_REF"
-          echo "Successfully checked out branch $(git rev-parse --abbrev-ref HEAD)"
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install Aider and Dependencies
-        run: |
-          python -m pip install aider-install; aider-install
-          pip install -U google-generativeai
-          sudo apt-get update && sudo apt-get install -y jq
-
-      - name: Generate Prompt from Review
-        id: generate_prompt
-        shell: bash
-        run: |
-          mkdir -p .github/aider
-          PROMPT_FILE_PATH=".github/aider/review-prompt.txt"
-
-          # Get PR review body
-          REVIEW_BODY="${{ github.event.review.body }}"
-          PR_NUMBER="${{ github.event.pull_request.number }}"
-
-          # Get PR description for context NOT USED FOR NOW
-          # PR_DETAILS=$(gh pr view $PR_NUMBER --json title,body --repo $GITHUB_REPOSITORY)
-          # PR_TITLE=$(echo "$PR_DETAILS" | jq -r .title)
-          # PR_BODY=$(echo "$PR_DETAILS" | jq -r .body)
-
-          # Get all PR review comments
-          REVIEW_COMMENTS=$(gh pr view $PR_NUMBER --json reviews -q '.reviews[] | select(.state == "CHANGES_REQUESTED") | .body' --repo $GITHUB_REPOSITORY)
-          REVIEW_BODY_Q=$(printf '%q' "$REVIEW_BODY")
-
-          # Update query to get review comments from all review types, not just "CHANGES_REQUESTED"
-          ALL_REVIEW_COMMENTS=$(gh api \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/comments \
-            | jq '[.[] | {diff_hunk: .diff_hunk, path: .path, body: .body}]')
-
-          BASE_PROMPT="Fix the following issues in the PR based on the review feedback. The review body is prepended with REVIEW. The review comments are prepended with REVIEW_COMMENTS. The review body and comments are separated by a blank line."
-          printf "%s\nREVIEW:\n%s\nREVIEW_COMMENTS:\n%s" \
-            "$BASE_PROMPT" "$REVIEW_BODY_Q" "$ALL_REVIEW_COMMENTS" > "$PROMPT_FILE_PATH"
-          echo "PROMPT_FILE_PATH=$PROMPT_FILE_PATH" >> $GITHUB_OUTPUT
-
-      - name: Run Aider with review prompt
-        run: |
-          aider \
-            --read .cursor/rules/rust-best-practices.mdc \
-            --read .cursor/rules/svelte5-best-practices.mdc \
-            --model gemini/gemini-2.5-pro-preview-05-06 \
-            --message-file .github/aider/review-prompt.txt \
-            --yes \
-            --no-check-update \
-            --auto-commits \
-            --no-analytics \
-            --no-gitignore \
-            | tee .github/aider/aider-output.txt || true
-          echo "Aider command completed. Output saved to .github/aider/aider-output.txt"
-          # Check if there are any changes to commit
-          if [[ -z "$(git status --porcelain)" ]]; then
-            echo "No changes detected after running Aider."
-            exit 0
-          fi
-
-      - name: Clean up prompt file
-        if: always()
-        run: rm -f .github/aider/review-prompt.txt
-
-      - name: Commit and Push Changes
-        id: commit_and_push
-        if: ${{ success() }}
-        run: |
-          CURRENT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
-          echo "Attempting to push changes to PR branch $CURRENT_BRANCH_NAME for PR #${{ github.event.pull_request.number }}"
-
-          # Pull latest changes to avoid rejection due to non-fast-forward
-          git pull origin $CURRENT_BRANCH_NAME
-
-          if git push origin $CURRENT_BRANCH_NAME; then
-            echo "Push to $CURRENT_BRANCH_NAME successful."
-            echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
-          else
-            echo "::warning::Push to PR branch $CURRENT_BRANCH_NAME failed."
-            echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Comment on PR
-        if: success()
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUM: ${{ github.event.pull_request.number }}
-        run: |
-          # Create comment body in a temporary file to avoid command line length limits
-          if [[ "${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}" == "true" ]]; then
-            cat > /tmp/pr-comment.md << EOL
-          🤖 I've automatically addressed the feedback based on the review.
-
-          ## Aider Output
-          \`\`\`
-          $(cat .github/aider/aider-output.txt || echo 'No output available')
-          \`\`\`
-
-          Please review the changes and let me know if further adjustments are needed.
-          EOL
-          else
-            cat > /tmp/pr-comment.md << EOL
-          🤖 I attempted to address the review feedback, but no modifications were made.
-
-          ## Aider Output
-          \`\`\`
-          $(cat .github/aider/aider-output.txt || echo 'No output available')
-          \`\`\`
-
-          Please review the output and provide additional guidance if needed.
-          EOL
-          fi
-
-          # Use the file for comment body
-          gh pr comment $PR_NUM --body-file /tmp/pr-comment.md

.github/workflows/aider-after-review.yaml.archived

@@ -0,0 +1,94 @@
+name: Aider Auto-fix PR Review Change Requests
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  check-membership:
+    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]')
+    runs-on: ubicloud-standard-2
+    outputs:
+      is_member: ${{ steps.check-membership.outputs.is_member }}
+    steps:
+      - name: Check organization membership
+        id: check-membership
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          REVIEWER: ${{ github.event.review.user.login }}
+          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
+        run: |
+          ORG="windmill-labs"
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: token $ORG_ACCESS_TOKEN" \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/orgs/$ORG/members/$REVIEWER")
+
+          if [ "$STATUS" -eq 204 ]; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+          fi
+
+  check-and-prepare:
+    needs: check-membership
+    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
+    runs-on: ubicloud-standard-2
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      prompt_content: ${{ steps.prepare_prompt.outputs.prompt_content }}
+    env:
+      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
+
+    steps:
+      - name: Acknowledge Request
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          echo "Commenting on PR #${{ github.event.pull_request.number }} to acknowledge the /aider command."
+          gh pr comment ${{ github.event.pull_request.number }} --body "🤖 Aider is starting to work on your request. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
+
+      - name: Prepare prompt for Aider
+        id: prepare_prompt
+        shell: bash
+        env:
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REVIEW_BODY: ${{ github.event.review.body }}
+        run: |
+          REVIEW_BODY_ESCAPED="${REVIEW_BODY//\\/\\\\}"
+          REVIEW_BODY_ESCAPED="${REVIEW_BODY_ESCAPED//\"/\\\"}"
+
+          ALL_REVIEW_COMMENTS=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/comments)
+
+          FORMATTED_COMMENTS=$(jq -r '[.[] | {diff_hunk: .diff_hunk, path: .path, body: .body}]' <<< "$ALL_REVIEW_COMMENTS")
+
+          BASE_PROMPT="Fix the following issues in the PR based on the review feedback. The review body is prepended with REVIEW. The review comments are prepended with REVIEW_COMMENTS. The review body and comments are separated by a blank line."
+
+          COMPLETE_PROMPT="${BASE_PROMPT}"$'\n'"REVIEW:"$'\n'"${REVIEW_BODY_ESCAPED}"$'\n'"REVIEW_COMMENTS:"$'\n'"${FORMATTED_COMMENTS}"
+
+          echo "prompt_content<<EOF" >> $GITHUB_OUTPUT
+          echo "$COMPLETE_PROMPT" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+  run-aider:
+    needs: [check-membership, check-and-prepare]
+    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
+    uses: ./.github/workflows/aider-common.yml
+    with:
+      needs_processing: false
+      base_prompt: ${{ needs.check-and-prepare.outputs.prompt_content }}
+      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
+    secrets: inherit

.github/workflows/aider-common.yml.archived

@@ -0,0 +1,522 @@
+name: Aider Common Steps
+
+on:
+  workflow_call:
+    inputs:
+      issue_title:
+        description: "Title of the issue or PR"
+        required: false
+        type: string
+      issue_body:
+        description: "Body of the issue or PR"
+        required: false
+        type: string
+      instruction:
+        description: "Instruction for Aider"
+        required: false
+        type: string
+      issue_id:
+        description: "ID of the issue or PR"
+        required: false
+        type: string
+      needs_processing:
+        description: "Whether the issue needs to be processed by the external API"
+        required: false
+        type: boolean
+        default: true
+      base_prompt:
+        description: "Base prompt for Aider"
+        required: false
+        type: string
+        default: "Try to fix the following issue based on the instruction given by the user. The issue is prepended with the word ISSUE. The instruction is prepended with the word INSTRUCTION. The issue and instruction are separated by a blank line."
+      probe_prompt:
+        description: "Prompt for probe-chat"
+        required: false
+        type: string
+        default: 'I''m giving you a request that needs to be implemented. Your role is ONLY to give me the files that are relevant to the request and nothing else. The request is prepended with the word REQUEST. Give me all the files relevant to this request. Your output MUST be a single json array that can be parsed with programatic json parsing, with the relevant files. Files can be rust or typescript or javascript files. DO NOT INCLUDE ANY OTHER TEXT IN YOUR OUTPUT. ONLY THE JSON ARRAY. Example of output: ["file1.py", "file2.py"]'
+      rules_files:
+        description: "Rules files for Aider"
+        required: false
+        type: string
+    outputs:
+      files_to_edit:
+        description: "Files identified by probe-chat for editing"
+        value: ${{ jobs.common-steps.outputs.files_to_edit }}
+      final_prompt:
+        description: "Final prompt for Aider"
+        value: ${{ jobs.common-steps.outputs.final_prompt }}
+      pr_branch_name:
+        description: "Name of the branch used for PR"
+        value: ${{ jobs.common-steps.outputs.pr_branch_name }}
+      changes_applied_message:
+        description: "Message indicating changes were applied"
+        value: ${{ jobs.common-steps.outputs.changes_applied_message }}
+      changes_applied:
+        description: "Boolean indicating if changes were successfully applied"
+        value: ${{ jobs.common-steps.outputs.changes_applied }}
+
+jobs:
+  common-steps:
+    runs-on: ubicloud-standard-8
+    outputs:
+      files_to_edit: ${{ steps.probe_files.outputs.files_to_edit }}
+      final_prompt: ${{ steps.create_prompt.outputs.final_prompt }}
+      pr_branch_name: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
+      changes_applied_message: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED_MESSAGE }}
+      changes_applied: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}
+    env:
+      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
+      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
+      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Checkout PR Branch
+        id: checkout_pr
+        if: (github.event_name == 'issue_comment' && github.event.issue.pull_request) || (github.event_name == 'pull_request_review')
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "Issue comment trigger: Checking out PR branch..."
+          PR_NUMBER=""
+          if [ -n "${{ github.event.issue.number }}" ]; then
+            PR_NUMBER="${{ github.event.issue.number }}"
+          elif [ -n "${{ github.event.pull_request.number }}" ]; then
+            PR_NUMBER="${{ github.event.pull_request.number }}"
+          else
+            echo "::error::Could not determine PR number."
+            exit 1
+          fi
+          PR_HEAD_REF=$(gh pr view $PR_NUMBER --json headRefName -q .headRefName --repo $GITHUB_REPOSITORY)
+          if [[ -z "$PR_HEAD_REF" || "$PR_HEAD_REF" == "null" ]]; then
+             echo "::error::Could not determine PR head branch for PR #$PR_NUMBER via gh CLI."
+             exit 1
+          fi
+          echo "Checking out PR head branch: $PR_HEAD_REF for PR #$PR_NUMBER"
+          git fetch origin "refs/heads/${PR_HEAD_REF}:refs/remotes/origin/${PR_HEAD_REF}" --no-tags
+          git checkout "$PR_HEAD_REF"
+          echo "Successfully checked out branch $(git rev-parse --abbrev-ref HEAD)"
+          echo "PR_BRANCH=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+
+      - name: Configure Git User
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Cache Python dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt', '**/setup.py') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install Aider and Dependencies
+        run: |
+          echo "Installing Aider..."
+          python -m pip install uv
+          python -m venv ~/uv-env
+          source ~/uv-env/bin/activate
+          uv pip install configargparse==1.7
+          uv pip install aider-chat==0.83.1
+          uv pip install -U google-generativeai
+          sudo apt-get update && sudo apt-get install -y jq
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+          echo "VIRTUAL_ENV_PATH=$HOME/uv-env" >> $GITHUB_ENV
+
+      - name: Create Prompt for Aider
+        id: create_prompt
+        shell: bash
+        env:
+          BASE_PROMPT_ENV: ${{ inputs.base_prompt }}
+          ISSUE_TITLE_ENV: ${{ inputs.issue_title }}
+          ISSUE_BODY_ENV: ${{ inputs.issue_body }}
+          INSTRUCTION_ENV: ${{ inputs.instruction }}
+          NEEDS_PROCESSING_ENV: ${{ inputs.needs_processing }}
+          WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
+        run: |
+          set -e
+          FINAL_PROMPT_CONTENT=""
+
+          if [[ "$ISSUE_TITLE_ENV" != "" && "$ISSUE_BODY_ENV" != "" ]]; then
+            echo "Processing issue with title: $ISSUE_TITLE_ENV"
+            if [[ "$NEEDS_PROCESSING_ENV" == "true" ]]; then
+              echo "Needs processing is true. Calling Windmill API..."
+              JSON_PAYLOAD=$(jq -n \
+                --arg title "$ISSUE_TITLE_ENV" \
+                --arg body "$ISSUE_BODY_ENV" \
+                '{"body":{"issue_title":$title,"issue_body":$body}}')
+
+              echo "Windmill JSON Payload: $JSON_PAYLOAD"
+
+              API_RESULT_FILE=$(mktemp)
+              HTTP_CODE=$(curl -s -o "$API_RESULT_FILE" -w "%{http_code}" \
+                -X POST "https://app.windmill.dev/api/w/windmill-labs/jobs/run_wait_result/p/f/ai/quiet_script" \
+                -H "Content-Type: application/json" \
+                -H "Authorization: Bearer $WINDMILL_TOKEN" \
+                --data-binary "$JSON_PAYLOAD" \
+                --max-time 90)
+
+              BODY_CONTENT=$(cat "$API_RESULT_FILE")
+              rm -f "$API_RESULT_FILE" # Clean up temp file
+
+              echo "Windmill API HTTP Code: $HTTP_CODE"
+              if [[ "$HTTP_CODE" -eq 200 ]]; then
+                PROCESSED_ISSUE_PROMPT=$(echo "$BODY_CONTENT" | jq -r '.effective_body // empty')
+                if [[ -z "$PROCESSED_ISSUE_PROMPT" || "$PROCESSED_ISSUE_PROMPT" == "null" ]]; then
+                  echo "::warning::Windmill API returned 200 but effective_body was empty or null."
+                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$ISSUE_BODY_ENV"
+                else
+                  echo "Successfully processed issue via Windmill API."
+                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$PROCESSED_ISSUE_PROMPT"
+                fi
+                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
+                  "$BASE_PROMPT_ENV" "$EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT" "$INSTRUCTION_ENV")
+              else
+                echo "::error::Windmill API call failed (HTTP $HTTP_CODE). Using raw issue content for prompt."
+                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
+                  "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
+              fi
+            else
+              echo "Needs processing is false. Using raw issue content for prompt."
+              FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
+                "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
+            fi
+          else
+            echo "No issue title or body given. Using base prompt."
+            FINAL_PROMPT_CONTENT=$(printf "%s\nINSTRUCTION:\n%s" "$BASE_PROMPT_ENV" "$INSTRUCTION_ENV")
+          fi
+
+          echo "Final prompt: $FINAL_PROMPT_CONTENT"
+          echo "final_prompt<<EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
+          echo "$FINAL_PROMPT_CONTENT" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
+
+      - name: Probe Chat for Relevant Files
+        id: probe_files
+        shell: bash
+        env:
+          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
+          PROBE_PROMPT: ${{ inputs.probe_prompt }}
+        run: |
+          echo "Running probe-chat to find relevant files..."
+
+          MESSAGE_FOR_PROBE=$(printf "%s\nREQUEST:\n%s" "$PROBE_PROMPT" "$FINAL_PROMPT")
+
+          set -o pipefail
+          PROBE_OUTPUT=$(npx --yes @buger/probe-chat@latest --max-iterations 50 --model-name gemini-2.5-pro-preview-05-06 --message "$MESSAGE_FOR_PROBE") || {
+            echo "::error::probe-chat command failed. Output:"
+            echo "$PROBE_OUTPUT"
+            exit 1
+          }
+          set +o pipefail
+          echo "Probe-chat raw output:"
+          echo "$PROBE_OUTPUT"
+
+          JSON_FILES=$(echo "$PROBE_OUTPUT" | sed -n '/^\s*\[/,$p' | sed '/^\s*\]/q')
+          echo "Extracted JSON block:"
+          echo "$JSON_FILES"
+
+          FILES_LIST=$(echo "$JSON_FILES" | jq -e -r '[.[] | select(type == "string" and . != "" and . != null and (endswith("/") | not))] | join(" ")' || echo "")
+
+          if [[ -z "$FILES_LIST" ]]; then
+             echo "::warning::probe-chat did not identify any relevant files."
+          fi
+
+          echo "Formatted files list for aider: $FILES_LIST"
+          echo "files_to_edit=$FILES_LIST" >> $GITHUB_OUTPUT
+
+      - name: Cache Aider tags
+        uses: actions/cache@v3
+        with:
+          path: .aider.tags.cache.v4
+          key: ${{ runner.os }}-aider-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-aider-
+
+      - name: Prepare branch for Aider
+        id: prepare_branch
+        env:
+          ISSUE_ID: ${{ inputs.issue_id }}
+        run: |
+          if [[ "$ISSUE_ID" != "" ]]; then
+            BRANCH_NAME="aider-fix-issue-${ISSUE_ID}"
+
+            # Check if branch exists remotely
+            if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
+              echo "Branch $BRANCH_NAME already exists remotely, fetching it"
+              git fetch origin $BRANCH_NAME
+              git checkout $BRANCH_NAME
+              git pull origin $BRANCH_NAME
+            else
+              echo "Creating new branch $BRANCH_NAME"
+              git checkout -b $BRANCH_NAME
+            fi
+            echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          else
+            # We're in a pull_request_review event
+            PR_NUMBER="${{ github.event.pull_request.number }}"
+            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
+            
+            echo "Handling pull_request_review for PR #$PR_NUMBER on branch $PR_HEAD_REF"
+            
+            # Ensure we're on the correct branch
+            git config pull.rebase true
+            git fetch origin $PR_HEAD_REF
+            git checkout $PR_HEAD_REF
+            git pull origin $PR_HEAD_REF
+            
+            echo "Using PR branch $PR_HEAD_REF for PR #$PR_NUMBER"
+            echo "BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Aider
+        id: run_aider
+        shell: bash
+        env:
+          FILES_TO_EDIT: ${{ steps.probe_files.outputs.files_to_edit }}
+          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
+          RULES_FILES: ${{ inputs.rules_files }}
+        run: |
+          source $VIRTUAL_ENV_PATH/bin/activate
+          echo "$FINAL_PROMPT" > .aider_final_prompt.txt
+          echo "FILES_TO_EDIT: $FILES_TO_EDIT"
+
+          RULES=""
+          if [ -n "$RULES_FILES" ]; then
+            for rule in $RULES_FILES; do
+              RULES="$RULES --read $rule"
+            done
+          fi
+
+          aider \
+            $RULES \
+            $FILES_TO_EDIT \
+            --model gemini/gemini-2.5-pro-preview-05-06 \
+            --message-file .aider_final_prompt.txt \
+            --yes \
+            --no-check-update \
+            --auto-commits \
+            --no-analytics \
+            --no-gitignore \
+            | tee .aider_output.txt || true
+
+          echo "Aider command completed. Output saved to .aider_output.txt"
+
+      - name: Cache Node.js dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Commit and Push Changes
+        id: commit_and_push
+        env:
+          ISSUE_ID: ${{ inputs.issue_id }}
+          BRANCH_NAME: ${{ steps.prepare_branch.outputs.BRANCH_NAME }}
+        run: |
+          if [[ "$ISSUE_ID" != "" ]]; then
+            # Check if there are any uncommitted changes
+            if [[ -n $(git status --porcelain) ]]; then
+              echo "Found uncommitted changes, committing them"
+              git add .
+              git commit -m "Aider changes"
+            fi
+
+            # Push changes to the branch
+            if git push origin $BRANCH_NAME; then
+              echo "Pushed to branch $BRANCH_NAME"
+              echo "PR_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
+              echo "CHANGES_APPLIED_MESSAGE=Aider changes pushed to branch $BRANCH_NAME." >> $GITHUB_OUTPUT
+              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
+            else
+              echo "::warning::Push to PR branch $BRANCH_NAME failed."
+              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $BRANCH_NAME." >> $GITHUB_OUTPUT
+              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
+            fi
+          else
+            # We're in a pull_request_review event
+            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
+            echo "Attempting to push changes to PR branch $PR_HEAD_REF"
+            if git push origin $PR_HEAD_REF; then
+              echo "Push to $PR_HEAD_REF successful (or no new changes to push)."
+              echo "CHANGES_APPLIED_MESSAGE=Aider changes (if any) pushed to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
+              echo "PR_BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
+            else
+              echo "::warning::Push to PR branch $PR_HEAD_REF failed."
+              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
+              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
+            fi
+          fi
+
+      - name: Create Pull Request
+        if: always() && (github.event_name == 'issue_comment' || github.event_name == 'repository_dispatch') && !github.event.issue.pull_request && steps.commit_and_push.outputs.PR_BRANCH_NAME != ''
+        id: create_pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_BRANCH: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
+          ISSUE_NUM: ${{ inputs.issue_id }}
+          ISSUE_TITLE: ${{ inputs.issue_title }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}
+        run: |
+          # Create PR description in a temporary file to avoid command line length limits and ensure it stays under 40k chars
+          HEADER="This PR was created automatically by Aider to fix issue #${ISSUE_NUM}."
+          # if event is repository_dispatch, add the issue title to the header
+          if [ "$GITHUB_EVENT_NAME" == "repository_dispatch" ]; then
+            if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
+              HEADER="This PR was created automatically by Aider to fix issue #linear:${ISSUE_NUM}."
+            elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
+              HEADER="This PR was created automatically by Aider to fix issue #discord:${ISSUE_NUM}."
+            fi
+          fi
+          cat > /tmp/pr-description.md << EOL | head -c 40000
+          $HEADER
+
+          ## Aider Output
+          \`\`\`
+          $(cat .aider_output.txt || echo "No output available")
+          \`\`\`
+          EOL
+
+          # Create PR using the file for the body content, handle errors gracefully
+          set +e  # Don't exit on error
+          PR_TITLE="[Aider PR] Fix: ${ISSUE_TITLE}"
+          if [ -z "$ISSUE_TITLE" ]; then
+            PR_TITLE="[Aider PR] AI changes after request"
+          fi
+          gh pr create \
+            --title "$PR_TITLE" \
+            --body-file /tmp/pr-description.md \
+            --head "$PR_BRANCH" \
+            --base main \
+            --draft
+          PR_CREATE_EXIT_CODE=$?
+          set -e  # Re-enable exit on error
+
+          if [ $PR_CREATE_EXIT_CODE -eq 0 ]; then
+            echo "PR created successfully"
+            PR_URL=$(gh pr view $PR_BRANCH --json url --jq .url)
+            echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
+            echo "PR_CREATED=true" >> $GITHUB_OUTPUT
+          else
+            echo "Warning: Failed to create PR. Exit code: $PR_CREATE_EXIT_CODE"
+            echo "PR_CREATED=false" >> $GITHUB_OUTPUT
+            # Continue workflow despite PR creation failure
+          fi
+
+      - name: Comment on PR with Aider Output
+        if: always() && github.event_name == 'pull_request_review' && steps.commit_and_push.outputs.CHANGES_APPLIED != ''
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUM: ${{ github.event.pull_request.number }}
+          JOB_STATUS: ${{ job.status }}
+        run: |
+          # Create comment body in a temporary file to avoid command line length limits
+          if [[ "${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}" == "true" ]]; then
+            if [[ "$JOB_STATUS" == "success" ]]; then
+              STATUS_PREFIX="🤖 I've automatically addressed the feedback based on the review."
+            else
+              STATUS_PREFIX="⚠️ I attempted to address the feedback, but encountered some issues."
+            fi
+          else
+            if [[ "$JOB_STATUS" == "success" ]]; then
+              STATUS_PREFIX="🤖 I attempted to address the review feedback, but no modifications were made."
+            else
+              STATUS_PREFIX="⚠️ I encountered issues while attempting to address the feedback, and no modifications were made."
+            fi
+          fi
+
+          cat > /tmp/pr-comment.md << EOL
+          ${STATUS_PREFIX}
+
+          ## Aider Output
+          \`\`\`
+          $(cat .aider_output.txt || echo 'No output available')
+          \`\`\`
+
+          Please review the output and provide additional guidance if needed.
+          EOL
+
+          # Use the file for comment body
+          gh pr comment $PR_NUM --body-file /tmp/pr-comment.md
+
+      - name: Comment on issue/PR to let the user know Aider has finished working on the request
+        if: always() && github.event_name == 'issue_comment'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          JOB_STATUS: ${{ job.status }}
+          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
+          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
+        run: |
+          echo "Commenting on issue/PR #${{ github.event.issue.number }} to let the user know Aider has finished working on the request."
+
+          if [[ "$JOB_STATUS" == "success" ]]; then
+            if [[ "$PR_CREATED" == "true" ]]; then
+              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
+            else
+              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
+            fi
+          else
+            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
+          fi
+
+          gh issue comment ${{ github.event.issue.number }} --body "$COMMENT_BODY" --repo $GITHUB_REPOSITORY
+
+      - name: Comment on linear issue to let the user know Aider has finished working on the request
+        if: always() && github.event_name == 'repository_dispatch'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          JOB_STATUS: ${{ job.status }}
+          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
+          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
+          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
+          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
+          SOURCE: ${{ github.event.client_payload.source }}
+        run: |
+          echo "Notifying user about Aider completion status for $SOURCE request #${{ github.event.client_payload.issue_id }}"
+          if [[ "$JOB_STATUS" == "success" ]]; then
+            if [[ "$PR_CREATED" == "true" ]]; then
+              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
+            else
+              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
+            fi
+          else
+            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
+          fi
+
+          if [[ "$SOURCE" == "discord" ]]; then
+            curl -X POST \
+              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
+              -H "Content-Type: application/json" \
+              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
+              -d "{\"content\":\"${COMMENT_BODY}\"}"
+          else
+            curl -X POST \
+              -H "Authorization: $LINEAR_API_KEY" \
+              -H "Content-Type: application/json" \
+              "https://api.linear.app/graphql" \
+              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"${COMMENT_BODY}\\\" }) { success } }\"}"
+          fi

.github/workflows/aider-external.yaml.archived

@@ -0,0 +1,80 @@
+name: External Aider Issue Fix
+
+on:
+  repository_dispatch:
+    types: [external_issue_fix]
+
+jobs:
+  check-and-prepare:
+    runs-on: ubicloud-standard-2
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
+      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
+      instruction: ${{ steps.determine_inputs.outputs.INSTRUCTION }}
+    env:
+      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
+      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
+      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
+
+    steps:
+      - name: Acknowledge Request
+        env:
+          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
+          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
+        run: |
+          if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
+            echo "Commenting on Linear issue #${{ github.event.client_payload.issue_id }} to acknowledge the request."
+            curl -X POST \
+              -H "Authorization: $LINEAR_API_KEY" \
+              -H "Content-Type: application/json" \
+              "https://api.linear.app/graphql" \
+              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\\\" }) { success } }\"}"
+          elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
+            echo "Commenting on Discord thread #${{ github.event.client_payload.channel_id }} to acknowledge the request."
+            curl -X POST \
+              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
+              -H "Content-Type: application/json" \
+              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
+              -d "{\"content\":\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\"}"
+          fi
+
+      - name: Determine inputs for Aider
+        id: determine_inputs
+        shell: bash
+        env:
+          ISSUE_TITLE: ${{ github.event.client_payload.issue_title }}
+          ISSUE_BODY: ${{ github.event.client_payload.issue_body }}
+          INSTRUCTION: ${{ github.event.client_payload.instruction }}
+        run: |
+          echo "Determining inputs for Aider..."
+
+          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
+          echo "$ISSUE_TITLE" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
+
+          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
+          echo "$ISSUE_BODY" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
+
+          echo "INSTRUCTION<<EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
+          echo "$INSTRUCTION" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
+          echo "Finished determining inputs."
+
+  run-aider:
+    needs: check-and-prepare
+    uses: ./.github/workflows/aider-common.yml
+    with:
+      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
+      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
+      instruction: ${{ needs.check-and-prepare.outputs.instruction }}
+      issue_id: ${{ github.event.client_payload.issue_id }}
+      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
+    secrets: inherit

.github/workflows/aider.yaml

@@ -1,342 +0,0 @@
-name: Aider Auto-fix issues and PR comments via external prompt
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  auto-fix:
-    runs-on: ubicloud-standard-8
-    if: |
-      github.event_name == 'issue_comment' &&
-      contains(github.event.comment.body, '/aider') &&
-      !contains(github.event.comment.user.login, '[bot]')
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Configure Git User
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Checkout PR Branch
-        if: github.event_name == 'issue_comment' && github.event.issue.pull_request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "Issue comment trigger: Checking out PR branch..."
-          PR_NUMBER=${{ github.event.issue.number }}
-          PR_HEAD_REF=$(gh pr view $PR_NUMBER --json headRefName -q .headRefName --repo $GITHUB_REPOSITORY)
-          if [[ -z "$PR_HEAD_REF" || "$PR_HEAD_REF" == "null" ]]; then
-             echo "::error::Could not determine PR head branch for PR #$PR_NUMBER via gh CLI."
-             exit 1
-          fi
-          echo "Checking out PR head branch: $PR_HEAD_REF for PR #$PR_NUMBER"
-          git fetch origin "refs/heads/${PR_HEAD_REF}:refs/remotes/origin/${PR_HEAD_REF}" --no-tags
-          git checkout "$PR_HEAD_REF"
-          echo "Successfully checked out branch $(git rev-parse --abbrev-ref HEAD)"
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install Aider and Dependencies
-        run: |
-          python -m pip install aider-install; aider-install
-          pip install -U google-generativeai
-          sudo apt-get update && sudo apt-get install -y jq
-
-      - name: Determine Prompt for Aider
-        id: determine_prompt
-        shell: bash
-        run: |
-          PROMPT_FILE_PATH=".github/aider/issue-prompt.txt"
-          mkdir -p .github/aider
-
-          # Determine if this is a PR comment or regular issue comment
-          if [[ ! -z "${{ github.event.issue.pull_request }}" ]]; then
-            echo "This is a comment on a Pull Request"
-            PR_NUMBER="${{ github.event.issue.number }}"
-            
-            # Get PR description to check for issue references
-            PR_BODY=$(gh pr view $PR_NUMBER --json body -q .body --repo $GITHUB_REPOSITORY)
-            
-            # Extract issue number from PR description (looking for #123 or "fixes #123" patterns)
-            REFERENCED_ISSUE=$(echo "$PR_BODY" | grep -oE "#[0-9]+" | grep -oE "[0-9]+" | head -1)
-            
-            if [[ ! -z "$REFERENCED_ISSUE" ]]; then
-              echo "Found referenced issue #$REFERENCED_ISSUE in PR description"
-              
-              # Fetch the referenced issue details
-              ISSUE_DETAILS=$(gh issue view $REFERENCED_ISSUE --json title,body --repo $GITHUB_REPOSITORY)
-              ISSUE_TITLE=$(echo "$ISSUE_DETAILS" | jq -r .title)
-              ISSUE_BODY=$(echo "$ISSUE_DETAILS" | jq -r .body)
-              
-              # Store raw comment body in a file first to avoid shell interpretation issues
-              echo '${{ github.event.comment.body }}' > /tmp/raw_comment.txt
-              RAW_COMMENT_BODY=$(cat /tmp/raw_comment.txt)
-              # Remove the /aider prefix and trim whitespace
-              COMMENT_CONTENT=$(echo "$RAW_COMMENT_BODY" | sed 's|^/aider||' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-              
-              echo "Sending issue content and PR comment to external API…"
-              
-              ISSUE_TITLE_Q=$(printf '%q' "$ISSUE_TITLE")
-              ISSUE_BODY_Q=$(printf '%q' "$ISSUE_BODY")
-              
-              JSON_PAYLOAD=$(jq -n \
-                --arg title "$ISSUE_TITLE_Q" \
-                --arg body "$ISSUE_BODY_Q" \
-                '{"body":{"issue_title":$title,"issue_body":$body}}')
-              
-              API_RESULT=$(curl -s -w "\n%{http_code}" \
-                -X POST "https://app.windmill.dev/api/w/windmill-labs/jobs/run_wait_result/p/f/ai/quiet_script" \
-                -H "Content-Type: application/json" \
-                -H "Authorization: Bearer $WINDMILL_TOKEN" \
-                --data-binary "$JSON_PAYLOAD" \
-                --max-time 90)
-              
-              HTTP_CODE=$(echo "$API_RESULT" | tail -n1)
-              BODY=$(echo "$API_RESULT" | sed '$d')
-              
-              echo "$BODY" > /tmp/api_response.txt
-
-              BASE_PROMPT="Try to fix the following issue based on the instruction given by the user. The issue is prepended with the word ISSUE. The instruction is prepended with the word INSTRUCTION. The issue and instruction are separated by a blank line."
-              if [[ "$HTTP_CODE" -eq 200 ]]; then
-                PROCESSED_ISSUE_PROMPT=$(jq -r '.effective_body // empty' /tmp/api_response.txt)
-                if [[ -z "$PROCESSED_ISSUE_PROMPT" || "$PROCESSED_ISSUE_PROMPT" == "null" ]]; then
-                  PROCESSED_ISSUE_PROMPT=""
-                fi
-                printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT" "$PROCESSED_ISSUE_PROMPT" "$COMMENT_CONTENT" > "$PROMPT_FILE_PATH"
-              else
-                echo "::warning::API call failed (HTTP $HTTP_CODE). Using PR comment with issue context."
-                printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT" "$ISSUE_BODY_Q" "$COMMENT_CONTENT" > "$PROMPT_FILE_PATH"
-              fi
-              rm -f /tmp/api_response.txt
-            else
-              echo "No referenced issue found in PR description, using comment content only"
-              # Use comment content directly as with regular issue comments
-              echo '${{ github.event.comment.body }}' > /tmp/raw_comment.txt
-              RAW_COMMENT_BODY=$(cat /tmp/raw_comment.txt)
-              COMMENT_CONTENT=$(echo "$RAW_COMMENT_BODY" | sed 's|^/aider||' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-              
-              if [[ -z "$COMMENT_CONTENT" ]]; then
-                echo "::error::Comment with /aider provided, but no instruction found after it. Cannot proceed."
-                printf "Error: /aider command found but no instruction followed." > "$PROMPT_FILE_PATH"
-                exit 1
-              else
-                echo "Using comment content as prompt."
-                printf '%s' "$COMMENT_CONTENT" > "$PROMPT_FILE_PATH"
-              fi
-            fi
-          else
-            echo "This is a comment on a regular issue"
-            
-            # Fetch the issue details
-            ISSUE_NUMBER="${{ github.event.issue.number }}"
-            ISSUE_DETAILS=$(gh issue view $ISSUE_NUMBER --json title,body --repo $GITHUB_REPOSITORY)
-            ISSUE_TITLE=$(echo "$ISSUE_DETAILS" | jq -r .title)
-            ISSUE_BODY=$(echo "$ISSUE_DETAILS" | jq -r .body)
-            
-            # Store raw comment body in a file first to avoid shell interpretation issues
-            echo '${{ github.event.comment.body }}' > /tmp/raw_comment.txt
-            # Extract the command part safely
-            RAW_COMMENT_BODY=$(cat /tmp/raw_comment.txt)
-            # Remove the /aider prefix and trim whitespace
-            COMMENT_CONTENT=$(echo "$RAW_COMMENT_BODY" | sed 's|^/aider||' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-
-            if [[ -z "$COMMENT_CONTENT" ]]; then
-              echo "::error::Comment with /aider provided, but no instruction found after it. Cannot proceed."
-              printf "Error: /aider command found but no instruction followed." > "$PROMPT_FILE_PATH"
-              exit 1
-            else
-              echo "Sending issue content and issue comment to external API…"
-              
-              ISSUE_TITLE_Q=$(printf '%q' "$ISSUE_TITLE")
-              ISSUE_BODY_Q=$(printf '%q' "$ISSUE_BODY")
-              COMMENT_CONTENT_Q=$(printf '%q' "$COMMENT_CONTENT")
-              
-              JSON_PAYLOAD=$(jq -n \
-                --arg title "$ISSUE_TITLE_Q" \
-                --arg body "$ISSUE_BODY_Q" \
-                --arg comment "$COMMENT_CONTENT_Q" \
-                '{"body":{"issue_title":$title,"issue_body":$body,"issue_comment":$comment}}')
-              
-              API_RESULT=$(curl -s -w "\n%{http_code}" \
-                -X POST "https://app.windmill.dev/api/w/windmill-labs/jobs/run_wait_result/p/f/ai/quiet_script" \
-                -H "Content-Type: application/json" \
-                -H "Authorization: Bearer $WINDMILL_TOKEN" \
-                --data-binary "$JSON_PAYLOAD" \
-                --max-time 90)
-              
-              HTTP_CODE=$(echo "$API_RESULT" | tail -n1)
-              BODY=$(echo "$API_RESULT" | sed '$d')
-              
-              echo "$BODY" > /tmp/api_response.txt
-              
-              BASE_PROMPT="Try to fix the following issue based on the instruction given by the user. The issue is prepended with the word ISSUE. The instruction is prepended with the word INSTRUCTION. The issue and instruction are separated by a blank line."
-              if [[ "$HTTP_CODE" -eq 200 ]]; then
-                PROCESSED_ISSUE_PROMPT=$(jq -r '.effective_body // empty' /tmp/api_response.txt)
-                if [[ -z "$PROCESSED_ISSUE_PROMPT" || "$PROCESSED_ISSUE_PROMPT" == "null" ]]; then
-                  PROCESSED_ISSUE_PROMPT=""
-                fi
-                printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT" "$PROCESSED_ISSUE_PROMPT" "$COMMENT_CONTENT" > "$PROMPT_FILE_PATH"
-              else
-                echo "::warning::API call failed (HTTP $HTTP_CODE). Using PR comment with issue context."
-                printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT" "$ISSUE_BODY_Q" "$COMMENT_CONTENT" > "$PROMPT_FILE_PATH"
-              fi
-
-              rm -f /tmp/api_response.txt
-            fi
-          fi
-          echo "Prompt determined and written to $PROMPT_FILE_PATH"
-          echo "PROMPT_FILE_PATH=$PROMPT_FILE_PATH" >> $GITHUB_OUTPUT
-
-      - name: Probe Chat for Relevant Files
-        id: probe_files
-        env:
-          PROMPT_CONTENT_FILE: ${{ steps.determine_prompt.outputs.PROMPT_FILE_PATH }}
-        run: |
-          echo "Running probe-chat to find relevant files..."
-          if [[ ! -f "$PROMPT_CONTENT_FILE" ]]; then
-            echo "::error::Prompt file $PROMPT_CONTENT_FILE not found!"
-            exit 1
-          fi
-          PROMPT_CONTENT=$(cat "$PROMPT_CONTENT_FILE")
-          if [ -z "$PROMPT_CONTENT" ]; then
-             echo "::error::Prompt content is empty!"
-             exit 1
-          fi
-
-          PROMPT_ESCAPED=$(jq -Rs . <<< "$PROMPT_CONTENT")
-
-          MESSAGE_FOR_PROBE=$(jq -n --arg prompt_escaped "$PROMPT_ESCAPED" \
-            '{ "message": "I'\''m giving you a request that needs to be implemented. Your role is ONLY to give me the files that are relevant to the request and nothing else. The request is prepended with the word REQUEST.\\nREQUEST: \($prompt_escaped). Give me all the files relevant to this request. Your output MUST be a single json array that can be parsed with programatic json parsing, with the relevant files. Files can be rust or typescript or javascript files. DO NOT INCLUDE ANY OTHER TEXT IN YOUR OUTPUT. ONLY THE JSON ARRAY. Example of output: [\"file1.py\", \"file2.py\"]" }' | jq -r .message)
-
-          set -o pipefail
-          PROBE_OUTPUT=$(npx --yes @buger/probe-chat@latest --max-iterations 50 --model-name gemini-2.5-pro-preview-05-06 --message "$MESSAGE_FOR_PROBE") || {
-            echo "::error::probe-chat command failed. Output:"
-            echo "$PROBE_OUTPUT"
-            exit 1
-          }
-          set +o pipefail
-          echo "Probe-chat raw output:"
-          echo "$PROBE_OUTPUT"
-
-          JSON_FILES=$(echo "$PROBE_OUTPUT" | sed -n '/^\s*\[/,$p' | sed '/^\s*\]/q')
-          echo "Extracted JSON block:"
-          echo "$JSON_FILES"
-
-          FILES_LIST=$(echo "$JSON_FILES" | jq -e -r '[.[] | select(type == "string" and . != "" and . != null and (endswith("/") | not))] | map(@sh) | join(" ")' || echo "")
-
-          if [[ -z "$FILES_LIST" ]]; then
-             echo "::warning::probe-chat did not identify any relevant files."
-             exit 1
-          fi
-
-          echo "Formatted files list for aider: $FILES_LIST"
-          echo "FILES_TO_EDIT=$FILES_LIST" >> $GITHUB_ENV
-
-      - name: Run Aider with external prompt
-        run: |
-          echo "Files identified by probe-chat: ${{ env.FILES_TO_EDIT }}"
-          aider \
-            --read .cursor/rules/rust-best-practices.mdc \
-            --read .cursor/rules/svelte5-best-practices.mdc \
-            ${{ env.FILES_TO_EDIT }} \
-            --model gemini/gemini-2.5-pro-preview-05-06 \
-            --message-file .github/aider/issue-prompt.txt \
-            --yes \
-            --no-check-update \
-            --auto-commits \
-            --no-analytics \
-            --no-gitignore \
-            | tee .github/aider/aider-output.txt || true
-          echo "Aider command completed. Output saved to .github/aider/aider-output.txt"
-
-      - name: Clean up prompt file
-        if: always()
-        run: rm -f .github/aider/issue-prompt.txt
-
-      - name: Commit and Push Changes
-        id: commit_and_push
-        if: ${{ success() }}
-        run: |
-          if [[ -z "${{ github.event.issue.pull_request }}" ]]; then
-            BRANCH_NAME="aider-fix-issue-${{ github.event.issue.number }}"
-            
-            # Check if branch exists remotely
-            if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
-              echo "Branch $BRANCH_NAME already exists remotely, fetching it"
-              git fetch origin $BRANCH_NAME
-              git checkout $BRANCH_NAME
-              git pull origin $BRANCH_NAME
-            else
-              echo "Creating new branch $BRANCH_NAME"
-              git checkout -b $BRANCH_NAME
-            fi
-            
-            echo "Created/checked out branch $BRANCH_NAME for issue #${{ github.event.issue.number }}"
-            git push origin $BRANCH_NAME
-            echo "Pushed to branch $BRANCH_NAME"
-            echo "PR_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
-            echo "CHANGES_APPLIED_MESSAGE=Aider changes pushed to branch $BRANCH_NAME." >> $GITHUB_OUTPUT
-          else
-            CURRENT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
-            echo "Attempting to push changes to PR branch $CURRENT_BRANCH_NAME for PR #${{ github.event.issue.number }}"
-            if git push origin $CURRENT_BRANCH_NAME; then
-              echo "Push to $CURRENT_BRANCH_NAME successful (or no new changes to push)."
-              echo "CHANGES_APPLIED_MESSAGE=Aider changes (if any) pushed to PR branch $CURRENT_BRANCH_NAME." >> $GITHUB_OUTPUT
-              echo "PR_BRANCH_NAME=$CURRENT_BRANCH_NAME" >> $GITHUB_OUTPUT
-            else
-              echo "::warning::Push to PR branch $CURRENT_BRANCH_NAME failed."
-              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $CURRENT_BRANCH_NAME." >> $GITHUB_OUTPUT
-            fi
-          fi
-
-      - name: Create Pull Request
-        if: success() && github.event_name == 'issue_comment' && !github.event.issue.pull_request && steps.commit_and_push.outputs.PR_BRANCH_NAME != ''
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_BRANCH: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
-          ISSUE_NUM: ${{ github.event.issue.number }}
-        run: |
-          # Create PR description in a temporary file to avoid command line length limits
-          cat > /tmp/pr-description.md << EOL
-          This PR was created automatically by Aider to fix issue #${ISSUE_NUM}.
-
-          ## Aider Output
-          \`\`\`
-          $(cat .github/aider/aider-output.txt || echo "No output available")
-          \`\`\`
-          EOL
-
-          # Create PR using the file for the body content
-          gh pr create \
-            --title "[Aider PR] Add fixes for issue #${ISSUE_NUM}" \
-            --body-file /tmp/pr-description.md \
-            --head "$PR_BRANCH" \
-            --base main

.github/workflows/aider.yaml.archived

@@ -0,0 +1,165 @@
+name: Aider Auto-fix issues and PR comments via external prompt
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  check-membership:
+    runs-on: ubicloud-standard-2
+    if: |
+      github.event_name == 'issue_comment' &&
+      contains(github.event.comment.body, '/aider') &&
+      !contains(github.event.comment.user.login, '[bot]')
+    outputs:
+      is_member: ${{ steps.check-membership.outputs.is_member }}
+    steps:
+      - name: Check organization membership
+        id: check-membership
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          COMMENTER: ${{ github.event.comment.user.login }}
+          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
+        run: |
+          ORG="windmill-labs"
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: token $ORG_ACCESS_TOKEN" \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
+
+          if [ "$STATUS" -eq 204 ]; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+          fi
+
+  check-and-prepare:
+    needs: check-membership
+    runs-on: ubicloud-standard-2
+    if: needs.check-membership.outputs.is_member == 'true'
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+    env:
+      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
+    outputs:
+      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
+      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
+      comment_content: ${{ steps.determine_inputs.outputs.COMMENT_CONTENT }}
+      pr_branch: ${{ steps.checkout_pr.outputs.PR_BRANCH }}
+
+    steps:
+      - name: Acknowledge Request
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          echo "Commenting on issue/PR #${{ github.event.issue.number }} to acknowledge the /aider command."
+          gh issue comment ${{ github.event.issue.number }} --body "🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
+
+      - name: Determine inputs for Aider
+        id: determine_inputs
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COMMENT_BODY: ${{ github.event.comment.body }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
+        run: |
+          echo "Determining inputs for Aider..."
+          ISSUE_TITLE_VAL=""
+          ISSUE_BODY_VAL=""
+
+          if [[ ! -z "${{ github.event.issue.pull_request }}" ]]; then
+            echo "This is a comment on a Pull Request"
+            PR_NUMBER="$ISSUE_NUMBER"
+            
+            PR_BODY_JSON=$(gh pr view "$PR_NUMBER" --json body --repo "$GITHUB_REPOSITORY")
+            if [[ $? -ne 0 ]]; then
+              echo "Error fetching PR body for PR #$PR_NUMBER"
+              PR_BODY_VAL=""
+            else
+              PR_BODY_VAL=$(jq -r '.body // ""' <<< "$PR_BODY_JSON")
+            fi
+            
+            if [[ ! -z "$PR_BODY_VAL" ]]; then
+              REFERENCED_ISSUE=""
+              if [[ "$PR_BODY_VAL" =~ \#linear:([a-f0-9-]+) ]]; then
+                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
+                echo "Found referenced Linear issue #$REFERENCED_ISSUE in PR description"
+                LINEAR_ISSUE_JSON=$(curl -s -H "Authorization: $LINEAR_API_KEY" \
+                  "https://api.linear.app/graphql" \
+                  -X POST \
+                  -H "Content-Type: application/json" \
+                  -d "{\"query\":\"query { issue(id: \\\"$REFERENCED_ISSUE\\\") { title description } }\"}")
+                
+                if [[ $? -eq 0 && ! "$LINEAR_ISSUE_JSON" =~ "error" ]]; then
+                  ISSUE_TITLE_VAL=$(jq -r '.data.issue.title // ""' <<< "$LINEAR_ISSUE_JSON")
+                  ISSUE_BODY_VAL=$(jq -r '.data.issue.description // ""' <<< "$LINEAR_ISSUE_JSON")
+                  echo "Successfully fetched Linear issue details"
+                else
+                  echo "Error fetching Linear issue details for #$REFERENCED_ISSUE"
+                fi
+              elif [[ "$PR_BODY_VAL" =~ \#([0-9]+) ]]; then
+                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
+                echo "Found referenced GitHub issue #$REFERENCED_ISSUE in PR description"
+                
+                ISSUE_DETAILS_JSON=$(gh issue view "$REFERENCED_ISSUE" --json title,body --repo "$GITHUB_REPOSITORY")
+                if [[ $? -ne 0 ]]; then
+                  echo "Error fetching issue details for #$REFERENCED_ISSUE"
+                else
+                  ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
+                  ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON")
+                fi
+              fi
+            else
+              echo "PR body is empty or could not be fetched."
+            fi
+          else
+            echo "This is a comment on a regular issue"
+            
+            ISSUE_DETAILS_JSON=$(gh issue view "$ISSUE_NUMBER" --json title,body --repo "$GITHUB_REPOSITORY")
+            if [[ $? -ne 0 ]]; then
+              echo "Error fetching issue details for #$ISSUE_NUMBER"
+            else
+              ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
+              ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON") 
+            fi
+          fi
+
+          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
+          echo "$ISSUE_TITLE_VAL" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
+
+          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
+          echo "$ISSUE_BODY_VAL" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
+
+          CLEAN_COMMENT="${COMMENT_BODY/\/aider/}"
+          CLEAN_COMMENT="${CLEAN_COMMENT#"${CLEAN_COMMENT%%[![:space:]]*}"}"
+          CLEAN_COMMENT="${CLEAN_COMMENT%"${CLEAN_COMMENT##*[![:space:]]}"}"
+
+          echo "COMMENT_CONTENT<<EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
+          echo "$CLEAN_COMMENT" >> "$GITHUB_OUTPUT"
+          echo "EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
+          echo "Finished determining inputs."
+
+  run-aider:
+    needs: [check-membership, check-and-prepare]
+    if: needs.check-membership.outputs.is_member == 'true'
+    uses: ./.github/workflows/aider-common.yml
+    with:
+      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
+      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
+      instruction: ${{ needs.check-and-prepare.outputs.comment_content }}
+      issue_id: ${{ github.event.issue.number }}
+      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
+    secrets: inherit

.github/workflows/backend-check.yml

@@ -53,7 +53,7 @@ jobs:
         timeout-minutes: 16
         run: |
           mkdir -p fake_frontend_build
-          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --all-features
+          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --features $(./all_features_oss.sh)
 
   check_ee:
     runs-on: ubicloud-standard-8

.github/workflows/backend-test.yml

@@ -45,9 +45,9 @@ jobs:
       - uses: oven-sh/setup-bun@v2
         with:
           bun-version: 1.1.43
-      - uses: astral-sh/setup-uv@v4
+      - uses: astral-sh/setup-uv@v6.2.1
         with:
-          version: "0.4.18"
+          version: "0.6.2"
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           cache-workspaces: backend

.github/workflows/build-publish-rh-image.yml

@@ -64,7 +64,7 @@ jobs:
           platforms: linux/amd64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
           secrets: |
             rh_username=${{ secrets.RH_USERNAME }}
             rh_password=${{ secrets.RH_PASSWORD }}
@@ -81,7 +81,7 @@ jobs:
           platforms: linux/arm64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
           secrets: |
             rh_username=${{ secrets.RH_USERNAME }}
             rh_password=${{ secrets.RH_PASSWORD }}

.github/workflows/build_windows_worker_.yml

@@ -51,7 +51,7 @@ jobs:
           $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
           mkdir frontend/build && cd backend
           New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,nats,sqs_trigger,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,mcp
+          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,nats,sqs_trigger,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
       - name: Rename binary with corresponding architecture
         run: |
           Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"

.github/workflows/change-versions.yml

@@ -9,7 +9,14 @@ jobs:
     runs-on: ubicloud
     container: node:18
     steps:
+      - uses: actions/create-github-app-token@v2
+        id: app
+        with:
+          app-id: ${{ vars.INTERNAL_APP_ID }}
+          private-key: ${{ secrets.INTERNAL_APP_KEY }}
       - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app.outputs.token }}
       - run: git config --system --add safe.directory /__w/windmill/windmill
       - name: Change versions
         run: ./.github/change-versions.sh "$(cat version.txt)"
@@ -21,3 +28,8 @@ jobs:
           cd backend
           cargo generate-lockfile
       - uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_user_name: windmill-internal-app[bot]
+          commit_user_email: windmill-internal-app[bot]@users.noreply.github.com
+        env:
+          GITHUB_TOKEN: ${{ steps.app.outputs.token }}

.github/workflows/check-org-membership.yml

@@ -0,0 +1,60 @@
+name: Check Organization Membership
+
+on:
+  workflow_call:
+    inputs:
+      commenter:
+        required: true
+        type: string
+        description: 'The username to check for organization membership'
+      organization:
+        required: false
+        type: string
+        default: 'windmill-labs'
+        description: 'The organization to check membership for'
+      trusted_bot:
+        required: false
+        type: string
+        default: 'windmill-internal-app[bot]'
+        description: 'The trusted bot username to allow'
+    secrets:
+      access_token:
+        required: true
+        description: 'The access token to use for org membership check'
+    outputs:
+      is_member:
+        description: 'Whether the user is an organization member or trusted bot'
+        value: ${{ jobs.check-membership.outputs.is_member }}
+
+jobs:
+  check-membership:
+    runs-on: ubicloud-standard-2
+    outputs:
+      is_member: ${{ steps.check-membership.outputs.is_member }}
+    steps:
+      - name: Check organization membership
+        id: check-membership
+        env:
+          ORG_ACCESS_TOKEN: ${{ secrets.access_token }}
+          COMMENTER: ${{ inputs.commenter }}
+          ORG: ${{ inputs.organization }}
+          TRUSTED_BOT: ${{ inputs.trusted_bot }}
+        run: |
+          # 1. Allow the trusted bot straight away
+          if [[ "$COMMENTER" == "$TRUSTED_BOT" ]]; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # 2. Otherwise fall back to the org-membership check
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: token $ORG_ACCESS_TOKEN" \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
+
+          if [ "$STATUS" -eq 204 ]; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+          fi

.github/workflows/claude.yml

@@ -0,0 +1,127 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  determine-commenter:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/ai')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/ai')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/ai')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '/ai'))
+    runs-on: ubicloud-standard-2
+    outputs:
+      commenter: ${{ steps.determine-commenter.outputs.commenter }}
+    steps:
+      - name: Determine commenter
+        id: determine-commenter
+        run: |
+          # Work out who wrote the comment / review
+          if [[ "${{ github.event_name }}" == "issue_comment" || \
+                "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
+            COMMENTER="${{ github.event.comment.user.login }}"
+          elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
+            COMMENTER="${{ github.event.review.user.login }}"
+          else
+            COMMENTER="${{ github.event.issue.user.login }}"
+          fi
+          echo "commenter=$COMMENTER" >> $GITHUB_OUTPUT
+
+  check-membership:
+    needs: determine-commenter
+    uses: ./.github/workflows/check-org-membership.yml
+    with:
+      commenter: ${{ needs.determine-commenter.outputs.commenter }}
+    secrets:
+      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
+
+  claude-code-action:
+    needs: [determine-commenter, check-membership]
+    if: |
+      needs.check-membership.outputs.is_member == 'true'
+    runs-on: ubicloud-standard-8
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Run npm install and generate-backend-client
+        working-directory: ./frontend
+        run: |
+          # add a build directory for cargo check
+          mkdir -p build
+          npm install
+          npm run generate-backend-client
+
+      - name: install xmlsec1
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libxml2-dev libxmlsec1-dev
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          cache-workspaces: backend
+          toolchain: 1.85.0
+
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: backend
+
+      - name: cargo check
+        working-directory: ./backend
+        timeout-minutes: 16
+        run: |
+          SQLX_OFFLINE=true cargo check --features $(./all_features_oss.sh)
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        env:
+          SQLX_OFFLINE: true
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          timeout_minutes: "60"
+          allowed_tools: "mcp__github__create_pull_request,Bash"
+          custom_instructions: |
+            ## IMPORTANT INSTRUCTIONS
+            - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main.
+
+            ## Code Quality Requirements
+
+            After making any code changes, you MUST run the appropriate validation commands:
+
+            **Frontend Changes:**
+            - Run: `npm run check` in the frontend directory
+            - Fix all warnings and errors before proceeding
+
+            **Backend Changes:**  
+            - Run: `cargo check --features $(./all_features_oss.sh)` in the backend directory
+            - Fix all warnings and errors before proceeding
+
+            **Pull Request Creation:**
+            - DO NOT FORGET TO OPEN A DRAFT PR AFTER YOU ARE DONE if you made changes after a request from a git issue. 
+
+            ## Available Tools
+            - mcp__github__create_pull_request: Create PRs from branches
+            - Bash: Full access to run validation commands and git operations
+          trigger_phrase: "/ai"

.github/workflows/create-docs.yml

@@ -3,13 +3,37 @@ on:
     types: [created]
 
 jobs:
-  trigger-docs:
+  check-membership:
     if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/docs') }}
+    uses: ./.github/workflows/check-org-membership.yml
+    with:
+      commenter: ${{ github.event.comment.user.login }}
+    secrets:
+      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
+
+  generate-token:
+    needs: check-membership
+    if: ${{ needs.check-membership.outputs.is_member == 'true' }}
+    runs-on: ubicloud-standard-2
+    outputs:
+      app_token: ${{ steps.app.outputs.token }}
+    steps:
+      - name: Generate an installation token
+        id: app
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.INTERNAL_APP_ID }}
+          private-key: ${{ secrets.INTERNAL_APP_KEY }}
+          owner: windmill-labs
+
+  trigger-docs:
+    needs: [generate-token, check-membership]
+    if: ${{ needs.check-membership.outputs.is_member == 'true' }}
     uses: windmill-labs/windmilldocs/.github/workflows/create-docs.yml@main
     with:
       pr_number: ${{ github.event.issue.number }}
       repo: ${{ github.event.repository.name }}
       comment_text: ${{ github.event.comment.body }}
     secrets:
-      DOCS_TOKEN: ${{ secrets.DOCS_TOKEN }}
+      DOCS_TOKEN: ${{ needs.generate-token.outputs.app_token }}
       GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

.github/workflows/discord-notification.yml

@@ -9,7 +9,7 @@ on:
 
 jobs:
   notify_discord_when_pr_opened:
-    if: github.event.pull_request.draft == false
+    if: (github.event.pull_request.draft == false) && (github.event.action == 'opened' || github.event.action == 'ready_for_review')
     uses: ./.github/workflows/shareable-discord-notification.yml
     with:
       PR_TITLE: ${{ github.event.pull_request.title }}
@@ -17,11 +17,14 @@ jobs:
       PR_AUTHOR: ${{ github.event.pull_request.user.login }}
       PR_STATUS: "opened"
       PR_NUMBER: ${{ github.event.pull_request.number }}
+      DISCORD_CHANNEL_ID: "1372204995868491786"
+      DISCORD_GUILD_ID: "930051556043276338"
     secrets:
       DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_PR_REVIEWS_WEBHOOK }}
+      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
 
   merge_success_emoji:
-    if: github.event.pull_request.merged == true
+    if: github.event.action == 'closed'
     uses: ./.github/workflows/shareable-discord-notification.yml
     with:
       PR_STATUS: "merged"
@@ -29,4 +32,4 @@ jobs:
       DISCORD_GUILD_ID: "930051556043276338"
       PR_NUMBER: ${{ github.event.pull_request.number }}
     secrets:
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_PR_BOT_TOKEN }}
+      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}

.github/workflows/docker-image.yml

@@ -92,7 +92,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |
-            features=embedding,parquet,openidconnect,jemalloc,license,http_trigger,zip,oauth2,dind,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,agent_worker_server,all_languages,deno_core,mcp
+            features=embedding,parquet,openidconnect,jemalloc,license,http_trigger,zip,oauth2,dind,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,agent_worker_server,all_languages,deno_core,mcp,private
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
             ${{ steps.meta-public.outputs.tags }}
@@ -154,7 +154,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,agent_worker_server,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,otel,dind,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,agent_worker_server,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,otel,dind,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages,private,deno_core,mcp
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee:${{ env.DEV_SHA }}
             ${{ steps.meta-ee-public.outputs.tags }}

.github/workflows/helmchart_on_release.yml

@@ -9,11 +9,19 @@ jobs:
     runs-on: ubicloud-standard-2
 
     steps:
+      - name: Generate an installation token
+        id: app
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.INTERNAL_APP_ID }}
+          private-key: ${{ secrets.INTERNAL_APP_KEY }}
+          owner: windmill-labs
+
       - name: Checkout on helm repository
         uses: actions/checkout@v3
         with:
           repository: windmill-labs/windmill-helm-charts
-          token: ${{ secrets.DOCS_TOKEN }}
+          token: ${{ steps.app.outputs.token }}
 
       - name: Get version
         id: get_version
@@ -49,6 +57,23 @@ jobs:
           APP_VERSION=${APP_VERSION%/}
           sed -i "s/appVersion: .*/appVersion: $APP_VERSION/" ./charts/windmill/Chart.yaml
 
+      - name: Close existing bump-helm PRs
+        env:
+          GH_TOKEN: ${{ steps.app.outputs.token }}
+        run: |
+          # List open PR numbers whose title starts with the prefix
+          prs=$(gh pr list \
+                  --state open \
+                  --search '"helm: bump version to" in:title' \
+                  --json number \
+                  -q '.[].number')
+
+          for pr in $prs; do
+            echo "Closing outdated bump PR #$pr"
+            gh pr close "$pr" \
+              --comment "Closed automatically – superseded by a newer Helm-chart bump PR."
+          done
+
       - name: Commit and push
         run: |
           git add .
@@ -57,7 +82,7 @@ jobs:
 
       - name: Create PR
         env:
-          GH_TOKEN: ${{ secrets.DOCS_TOKEN }}
+          GH_TOKEN: ${{ steps.app.outputs.token }}
         run: |
           gh pr create \
             --title "helm: bump version to ${{ env.VERSION }}" \

.github/workflows/linear-claude.yaml

@@ -0,0 +1,38 @@
+name: Claude PR Assistant
+
+on:
+  repository_dispatch:
+    types: [external_claude_issue_fix]
+
+jobs:
+  claude-code-action:
+    runs-on: ubicloud-standard-8
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Process inputs
+        id: process_inputs
+        shell: bash
+        run: |
+          ISSUE_TITLE="${{ github.event.client_payload.issue_title }}"
+          INSTRUCTION="${{ github.event.client_payload.instruction }}"
+          ISSUE_BODY=$(printf '%q' "${{ github.event.client_payload.issue_body }}")
+          BASE_PROMPT="Try to fix the following issue based on the instruction given. You are provided with the issue title, issue body, and instruction. You are to fix the issue based on the instruction. You are to create a pull request to fix the issue."
+          CUSTOM_PROMPT=$(printf -v PROMPT "%s\n\nISSUE_TITLE: %s\n\nISSUE_BODY: %s\n\nINSTRUCTION: %s" "$BASE_PROMPT" "$ISSUE_TITLE" "$ISSUE_BODY" "$INSTRUCTION")
+          echo "CUSTOM_PROMPT=$CUSTOM_PROMPT" >> $GITHUB_OUTPUT
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          timeout_minutes: "60"
+          allowed_tools: "mcp__github__create_pull_request"
+          direct_prompt: ${{ steps.process_inputs.outputs.CUSTOM_PROMPT }}

.github/workflows/pr-ready-review.yml

@@ -0,0 +1,22 @@
+name: Auto Comment on PR Ready for Review
+
+on:
+  pull_request:
+    types: [opened, ready_for_review]
+
+jobs:
+  add-review-comment:
+    if: github.event.pull_request.draft == false
+    runs-on: ubicloud-standard-2
+    steps:
+      - name: Add review comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.PUBLIC_REPO_TOKEN }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              body: '/ai review this PR'
+            });

.github/workflows/publish_windows_worker.yml

@@ -53,7 +53,7 @@ jobs:
           $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
           mkdir frontend/build && cd backend
           New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages,mcp
+          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
       - name: Rename binary with corresponding architecture
         run: |
           Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"

.github/workflows/rust_on_release.yml

@@ -0,0 +1,19 @@
+name: Publish rust-client to crates.io on release
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+jobs:
+  build_rust_and_publish_to_crates_io:
+    runs-on: ubicloud-standard-8
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v20
+        with:
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - run: cd rust-client && nix develop ../ --command ./dev.nu --check --publish 
+        env:
+          CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}

.github/workflows/shareable-discord-notification.yml

@@ -38,24 +38,45 @@ jobs:
       - name: Send Discord notification and start a thread
         env:
           WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
+          CHANNEL_ID: ${{ inputs.DISCORD_CHANNEL_ID }}
+          GUILD_ID: ${{ inputs.DISCORD_GUILD_ID }}
           PR_TITLE: ${{ inputs.PR_TITLE }}
           PR_NUMBER: ${{ inputs.PR_NUMBER }}
           PR_URL: ${{ inputs.PR_URL }}
           PR_AUTHOR: ${{ inputs.PR_AUTHOR }}
         run: |
-          payload=$(jq -n \
-            --arg content "${PR_URL}" \
-            --arg thread "#${PR_NUMBER}: $PR_TITLE by \`${PR_AUTHOR}\`" \
-            '{
-              content: $content,
-              thread_name: $thread,
-              auto_archive_duration: 10080
-            }'
-          )
-          curl -H "Content-Type: application/json" \
-            -X POST \
-            -d "$payload" \
-            "$WEBHOOK_URL"
+          # Check if thread already exists
+          thread_exists=false
+          if threads=$(curl -s -H "Authorization: Bot $BOT_TOKEN" "https://discord.com/api/v10/guilds/${GUILD_ID}/threads/active"); then
+            if thread_id=$(echo "$threads" | jq -r --arg cid "$CHANNEL_ID" --arg pref "#${PR_NUMBER}:" '.threads[] | select(.parent_id == $cid and (.name | startswith($pref))) | .id' 2>/dev/null); then
+              if [ -n "$thread_id" ]; then
+                thread_exists=true
+                echo "Thread already exists, skipping creation"
+              fi
+            fi
+          else
+            echo "Failed to check for existing threads, will create new thread"
+          fi
+
+          # Create thread if it doesn't exist or if check failed
+          if [ "$thread_exists" = false ]; then
+            echo "Creating new thread"
+            THREAD_TITLE="#${PR_NUMBER}: ${PR_TITLE} by \`${PR_AUTHOR}\`"
+            payload=$(jq -n \
+              --arg content "${PR_URL}" \
+              --arg thread "${THREAD_TITLE:0:99}" \
+              '{
+                content: $content,
+                thread_name: $thread,
+                auto_archive_duration: 10080
+              }'
+            )
+            curl -H "Content-Type: application/json" \
+              -X POST \
+              -d "$payload" \
+              "$WEBHOOK_URL"
+          fi
 
   merge_success_emoji:
     runs-on: ubuntu-latest
@@ -84,7 +105,7 @@ jobs:
           fi
           # 2) get the first message in that thread
           messages=$(curl -H "Authorization: Bot $BOT_TOKEN" \
-            "https://discord.com/api/v10/channels/$thread_id/messages?limit=1")
+            "https://discord.com/api/v10/channels/$thread_id/messages")
           message_id=$(echo "$messages" | jq -r '.[-1].id')
 
           if [ -z "$message_id" ]; then

.github/workflows/update-sqlx.yaml

@@ -0,0 +1,105 @@
+name: Update SQLx
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  update-sqlx:
+    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/updatesqlx')
+    runs-on: ubicloud-standard-8
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+
+    services:
+      postgres:
+        image: postgres:14
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+          POSTGRES_DB: windmill
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Comment on PR - Starting
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Starting sqlx update...'
+            })
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.issue.pull_request.head.ref }}
+          fetch-depth: 0
+
+      - name: Checkout windmill-ee-private
+        uses: actions/checkout@v3
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: windmill-ee-private
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+
+      # Cache rust dependencies
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: "./backend -> target"
+
+      - name: Install xmlsec build-time deps
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends \
+            pkg-config libxml2-dev libssl-dev \
+            xmlsec1 libxmlsec1-dev libxmlsec1-openssl
+
+      - name: Run update-sqlx script
+        env:
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/windmill
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PR_NUMBER=${{ github.event.issue.number }}
+          BRANCH_NAME=$(gh pr view $PR_NUMBER --json headRefName --jq .headRefName)
+          echo "Checking out PR branch: $BRANCH_NAME"
+          git checkout $BRANCH_NAME
+          mkdir frontend/build
+          cd backend
+          cargo install sqlx-cli --version 0.8.5
+          sqlx migrate run
+          ./update_sqlx.sh --dir ./windmill-ee-private
+          # Pass the branch name to the next step
+          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+
+      - name: Commit changes if any
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add backend/.sqlx
+          git commit -m "Update SQLx metadata"
+          git push origin ${{ env.BRANCH_NAME }}
+
+      - name: Comment on PR - Completed
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Successfully ran sqlx update'
+            })

.github/workflows/validate-openapi.yml

@@ -0,0 +1,34 @@
+name: Validate OpenAPI Spec
+
+on:
+  push:
+    paths:
+      - 'backend/windmill-api/openapi*'
+  pull_request:
+    paths:
+      - 'backend/windmill-api/openapi*'
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install openapi-generator-cli
+        run: npm install @openapitools/openapi-generator-cli -g
+
+      - name: Validate openapi.yaml
+        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi.yaml
+
+      - name: Validate openapi-deref.json
+        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.json
+
+      # Does not work well with dereferenced yaml
+      # - name: Validate openapi-deref.yaml
+      #   run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.yaml
+

.gitignore

@@ -11,4 +11,5 @@ CaddyfileRemoteMalo
 .dev-docker-wrapper*
 backend/.minio-data
 .aider*
-!.aiderignore
+!.aiderignore
+rust-client/Cargo.toml

CHANGELOG.md

@@ -1,5 +1,285 @@
 # Changelog
 
+## [1.501.3](https://github.com/windmill-labs/windmill/compare/v1.501.2...v1.501.3) (2025-06-25)
+
+
+### Bug Fixes
+
+* **backend:** return correct content-type for openapi spec ([#6045](https://github.com/windmill-labs/windmill/issues/6045)) ([44457c7](https://github.com/windmill-labs/windmill/commit/44457c72cf75c969de97c39bb23f57acad268e10))
+* **frontend:** load all flow jobs on page load ([#6029](https://github.com/windmill-labs/windmill/issues/6029)) ([dc5e764](https://github.com/windmill-labs/windmill/commit/dc5e764d9db9251dc356094d6ac47c45fdf72c74))
+* ignore type only imports when computing ts lockfiles ([900c8ed](https://github.com/windmill-labs/windmill/commit/900c8edd7b35802e23a1359029da8ddbfb783753))
+* improve ordering of forms for non complete ordering + array schema fix ([18ee03a](https://github.com/windmill-labs/windmill/commit/18ee03a32371885f5e608cb306b5ccbccc31dac5))
+* missing static_asset_config from api call ([#6058](https://github.com/windmill-labs/windmill/issues/6058)) ([395f1ff](https://github.com/windmill-labs/windmill/commit/395f1ff8ba05020d72d1d8b34bd6bb32517b7aec))
+
+## [1.501.2](https://github.com/windmill-labs/windmill/compare/v1.501.1...v1.501.2) (2025-06-24)
+
+
+### Bug Fixes
+
+* improve schema form handling of inconsistent order and properties ([3daf79f](https://github.com/windmill-labs/windmill/commit/3daf79ffbc45ca32ff443e5521a67d62528665db))
+
+## [1.501.1](https://github.com/windmill-labs/windmill/compare/v1.501.0...v1.501.1) (2025-06-24)
+
+
+### Bug Fixes
+
+* optimize jobs list run incremental refresh performance ([1bdd00a](https://github.com/windmill-labs/windmill/commit/1bdd00a3e4a94ecb23efb9614c341c64a67ac389))
+* pwsh skip already installed modules outside of cache ([#6037](https://github.com/windmill-labs/windmill/issues/6037)) ([29f6fab](https://github.com/windmill-labs/windmill/commit/29f6fab60c6f8cf251182a56c09bac7692868bae))
+
+## [1.501.0](https://github.com/windmill-labs/windmill/compare/v1.500.3...v1.501.0) (2025-06-24)
+
+
+### Features
+
+* ai flow chat prompt and UX improvements ([#5942](https://github.com/windmill-labs/windmill/issues/5942)) ([5722014](https://github.com/windmill-labs/windmill/commit/57220146513444436faff95f58c1b36481d1fa1d))
+
+
+### Bug Fixes
+
+* improve reactivity of apps ([27e12a1](https://github.com/windmill-labs/windmill/commit/27e12a1527c41ac801042038b707a94897e718f8))
+
+## [1.500.3](https://github.com/windmill-labs/windmill/compare/v1.500.2...v1.500.3) (2025-06-23)
+
+
+### Bug Fixes
+
+* fix conditional wrappre ([6f3cb5e](https://github.com/windmill-labs/windmill/commit/6f3cb5eabb7b2224d04ec10f151f67c0955a5cfd))
+
+## [1.500.2](https://github.com/windmill-labs/windmill/compare/v1.500.1...v1.500.2) (2025-06-20)
+
+
+### Bug Fixes
+
+* consistency of root job propagation fixing cases where runFlow in scripts would fail ([9c2f6a7](https://github.com/windmill-labs/windmill/commit/9c2f6a757fb168c7305c991c9fdbf78acd856a1c))
+
+## [1.500.1](https://github.com/windmill-labs/windmill/compare/v1.500.0...v1.500.1) (2025-06-20)
+
+
+### Bug Fixes
+
+* git repository resource picker effect loop ([#6017](https://github.com/windmill-labs/windmill/issues/6017)) ([1b1bee5](https://github.com/windmill-labs/windmill/commit/1b1bee5b53d78e4407b684b567d0fddd2b5283f3))
+
+## [1.500.0](https://github.com/windmill-labs/windmill/compare/v1.499.0...v1.500.0) (2025-06-20)
+
+
+### Features
+
+* add typescript client context to ai chat system prompt ([#6004](https://github.com/windmill-labs/windmill/issues/6004)) ([3e82282](https://github.com/windmill-labs/windmill/commit/3e822823519d1d5c22e422e4bd1ad4d37b6428b6))
+* blacklist remote agent worker token ([#5985](https://github.com/windmill-labs/windmill/issues/5985)) ([86eb907](https://github.com/windmill-labs/windmill/commit/86eb9074cc94f309f17ea72e9cecd0d502ffd2be))
+* **frontend:** run steps from graph ([#5915](https://github.com/windmill-labs/windmill/issues/5915)) ([67e6bce](https://github.com/windmill-labs/windmill/commit/67e6bce9b2eba1653450921afab3eabbd41fc715))
+
+
+### Bug Fixes
+
+* ai button in inline script editor to open AI chat in flow builder ([#5989](https://github.com/windmill-labs/windmill/issues/5989)) ([4ae5928](https://github.com/windmill-labs/windmill/commit/4ae5928788831196672e212b32ca410afab640e0))
+* improve piptar upload - sequential uploads via background task queue ([#5994](https://github.com/windmill-labs/windmill/issues/5994)) ([c4adaee](https://github.com/windmill-labs/windmill/commit/c4adaeeabd287ca1c4f3522bcd8bcea30b00fe6d))
+* new MultiSelect component ([#5979](https://github.com/windmill-labs/windmill/issues/5979)) ([fa8d1b4](https://github.com/windmill-labs/windmill/commit/fa8d1b47db19e15fe854e01f9987c8f97cb45b44))
+* replace worker tags to listen multiselect ([#5997](https://github.com/windmill-labs/windmill/issues/5997)) ([e4255e6](https://github.com/windmill-labs/windmill/commit/e4255e6276565c4a45b1f45a5d627bcfb5369270))
+
+## [1.499.0](https://github.com/windmill-labs/windmill/compare/v1.498.0...v1.499.0) (2025-06-18)
+
+
+### Features
+
+* devOps role can edit worker groups ([#5984](https://github.com/windmill-labs/windmill/issues/5984)) ([b1c4f8b](https://github.com/windmill-labs/windmill/commit/b1c4f8b29d0fb4cad76853110b84a87892b54661))
+
+
+### Bug Fixes
+
+* prevent keypress events from bubbling in decision tree drawer ([#5993](https://github.com/windmill-labs/windmill/issues/5993)) ([2a33442](https://github.com/windmill-labs/windmill/commit/2a334421e85abf046784aab57522582439ef2901))
+
+## [1.498.0](https://github.com/windmill-labs/windmill/compare/v1.497.2...v1.498.0) (2025-06-17)
+
+
+### Features
+
+* use provider api to list available AI models in workspace settings ([#5947](https://github.com/windmill-labs/windmill/issues/5947)) ([7490e88](https://github.com/windmill-labs/windmill/commit/7490e883d747a7f65b2fefd3ec14b1cfc3d9bbd4))
+* windmill http triggers and webhooks to openapi spec ([#5918](https://github.com/windmill-labs/windmill/issues/5918)) ([aba8c01](https://github.com/windmill-labs/windmill/commit/aba8c01d7f44ba4be369a3c711be9e156d6bf215))
+
+## [1.497.2](https://github.com/windmill-labs/windmill/compare/v1.497.1...v1.497.2) (2025-06-17)
+
+
+### Bug Fixes
+
+* always rm containers in docker mode ([38eb71b](https://github.com/windmill-labs/windmill/commit/38eb71bdf55ee2f606d1d2ad2e987d5af16d88c0))
+* flow steps use their tags if any specific when used as subflow ([26bec05](https://github.com/windmill-labs/windmill/commit/26bec054a3447a91c5d5f56d8b98717c06496087))
+
+## [1.497.1](https://github.com/windmill-labs/windmill/compare/v1.497.0...v1.497.1) (2025-06-16)
+
+
+### Bug Fixes
+
+* fix mcp server initialization ([1c6a7c8](https://github.com/windmill-labs/windmill/commit/1c6a7c8cd0bd8396f158e3cb0583b927ce957f12))
+
+## [1.497.0](https://github.com/windmill-labs/windmill/compare/v1.496.3...v1.497.0) (2025-06-16)
+
+
+### Features
+
+* add api tools to ai chat ([#5921](https://github.com/windmill-labs/windmill/issues/5921)) ([f7a83c0](https://github.com/windmill-labs/windmill/commit/f7a83c03c12b8ae70179fb228e0e2391b6ea2858))
+* **backend:** use streamable http in favor of sse for MCP ([#5910](https://github.com/windmill-labs/windmill/issues/5910)) ([d47c078](https://github.com/windmill-labs/windmill/commit/d47c078bb5ab86d82d9cbbce3c55c89c0c20d809))
+* better graph layout algorithm + migrate to svelte 5 almost everywhere + xyflow 1.0 ([23920ae](https://github.com/windmill-labs/windmill/commit/23920aee84fdca4a557a34ff2d66a0bb7bdca605))
+* fill runnable inputs with AI chat ([#5887](https://github.com/windmill-labs/windmill/issues/5887)) ([b4a6a7e](https://github.com/windmill-labs/windmill/commit/b4a6a7e72429617d420af85a9de35bb13adfc6fb))
+* **go:** local go.mod ([#5929](https://github.com/windmill-labs/windmill/issues/5929)) ([0b89260](https://github.com/windmill-labs/windmill/commit/0b89260540b307c6d614ca4275dd038fbfdac33c))
+* multiple azure models support ([#5920](https://github.com/windmill-labs/windmill/issues/5920)) ([f412ede](https://github.com/windmill-labs/windmill/commit/f412ede6ed48e9a492f39582ac70a5584477529e))
+* **rust:** add rust sdk ([#5909](https://github.com/windmill-labs/windmill/issues/5909)) ([332f66e](https://github.com/windmill-labs/windmill/commit/332f66e3483abbeacd4e7c1b74c94c5265314882))
+
+
+### Bug Fixes
+
+* ai chat tooltip + user settings autocomplete issue ([#5917](https://github.com/windmill-labs/windmill/issues/5917)) ([6f907c7](https://github.com/windmill-labs/windmill/commit/6f907c79b4cf6279bd52e35a3ee96e0d021422f5))
+* audit logs for token refresh + consider refresh for active users ([#5930](https://github.com/windmill-labs/windmill/issues/5930)) ([cf2d09e](https://github.com/windmill-labs/windmill/commit/cf2d09e7a8c5d2472af0d483689c3fcfa2976117))
+* fix input with wrong height on first render ([#5935](https://github.com/windmill-labs/windmill/issues/5935)) ([1a6283b](https://github.com/windmill-labs/windmill/commit/1a6283b42a6a514ab2e05160855cdc0f70b61d0e))
+* flow step missing input warnings ([#5916](https://github.com/windmill-labs/windmill/issues/5916)) ([f077849](https://github.com/windmill-labs/windmill/commit/f077849b8f7c1916fd420e85b4844a5c5e93a139))
+* **frontend:** use correct kind for flow insert module btn ([#5938](https://github.com/windmill-labs/windmill/issues/5938)) ([17c8c8a](https://github.com/windmill-labs/windmill/commit/17c8c8a5616ab8656799cea3fc5bc7cfaedc4995))
+
+## [1.496.3](https://github.com/windmill-labs/windmill/compare/v1.496.2...v1.496.3) (2025-06-09)
+
+
+### Bug Fixes
+
+* improve concurrent job parallelism performance ([e8836a3](https://github.com/windmill-labs/windmill/commit/e8836a393a872bb91e68ba0037681caf24149470))
+* Prioritize diff contexts in script mode for ai chat ([#5888](https://github.com/windmill-labs/windmill/issues/5888)) ([a47939d](https://github.com/windmill-labs/windmill/commit/a47939d13c30e2d4b41efd539f845959174d4fb1))
+
+## [1.496.2](https://github.com/windmill-labs/windmill/compare/v1.496.1...v1.496.2) (2025-06-07)
+
+
+### Bug Fixes
+
+* add clearable by default for select ([#5900](https://github.com/windmill-labs/windmill/issues/5900)) ([b44b9c1](https://github.com/windmill-labs/windmill/commit/b44b9c1b82116ad5487af95d1f78226d56c75179))
+
+## [1.496.1](https://github.com/windmill-labs/windmill/compare/v1.496.0...v1.496.1) (2025-06-07)
+
+
+### Bug Fixes
+
+* never consider minor version for global site packages ([#5893](https://github.com/windmill-labs/windmill/issues/5893)) ([22b2f49](https://github.com/windmill-labs/windmill/commit/22b2f4988db9314f2403508933d0aa932187c668))
+
+## [1.496.0](https://github.com/windmill-labs/windmill/compare/v1.495.1...v1.496.0) (2025-06-06)
+
+
+### Features
+
+* generate http route triggers from openapi spec ([#5857](https://github.com/windmill-labs/windmill/issues/5857)) ([5713483](https://github.com/windmill-labs/windmill/commit/571348377b73d54b4d2a1c5775ab00b247b01910))
+
+
+### Bug Fixes
+
+* allow fileupload drag and drop in edit mode on full component without triggering file picker ([#5889](https://github.com/windmill-labs/windmill/issues/5889)) ([9ae3212](https://github.com/windmill-labs/windmill/commit/9ae3212a1e0f88a8297bf41ab53e3c1be4bcc56c))
+* **python:** account instance version when cli deploy and local lockfile ([#5894](https://github.com/windmill-labs/windmill/issues/5894)) ([ec552d5](https://github.com/windmill-labs/windmill/commit/ec552d5ef6fdb5e824e453f196f9cf16629ee2ea))
+* use full client side js library for route gen from openapi ([#5891](https://github.com/windmill-labs/windmill/issues/5891)) ([3c3fdbd](https://github.com/windmill-labs/windmill/commit/3c3fdbdf26a9581b815210839b91ebdedb924093))
+
+## [1.495.0](https://github.com/windmill-labs/windmill/compare/v1.494.0...v1.495.0) (2025-06-05)
+
+
+### Features
+
+* Add ask mode to AI chat ([#5878](https://github.com/windmill-labs/windmill/issues/5878)) ([67ab469](https://github.com/windmill-labs/windmill/commit/67ab46990ad0c9fad810a64c54297419c6151c79))
+* add navigator mode to AIChat and unify UI ([#5859](https://github.com/windmill-labs/windmill/issues/5859)) ([cbba829](https://github.com/windmill-labs/windmill/commit/cbba8297cd4c1caa21b96a8422bbbd5c306b8398))
+* ai flow chat ([#5842](https://github.com/windmill-labs/windmill/issues/5842)) ([68ebf66](https://github.com/windmill-labs/windmill/commit/68ebf667d5c0bc306329d0b55a3cc59e5b4862cb))
+* ai prompts improvements + o3/o4 support ([#5862](https://github.com/windmill-labs/windmill/issues/5862)) ([825422c](https://github.com/windmill-labs/windmill/commit/825422c48456b2c9b230e1a35914b3fbf7d1e836))
+* connect fix btn in flow editor to ai chat ([#5863](https://github.com/windmill-labs/windmill/issues/5863)) ([6247d15](https://github.com/windmill-labs/windmill/commit/6247d159ce25ae13f6fbc5c105df88305ce29451))
+* fix backward compatibility pg 14 for postgres trigger ([#5851](https://github.com/windmill-labs/windmill/issues/5851)) ([4cbcbdb](https://github.com/windmill-labs/windmill/commit/4cbcbdb960b469acf773d3943128b6c7d0dcb0b8))
+* ssh repl like direct to workers hosts machine ([#5809](https://github.com/windmill-labs/windmill/issues/5809)) ([f252657](https://github.com/windmill-labs/windmill/commit/f2526571a3614156b2b1e5cc91b15d0c57565d99))
+* use rust-postgres client instead of sqlx for postgres trigger ([#5853](https://github.com/windmill-labs/windmill/issues/5853)) ([39dbd64](https://github.com/windmill-labs/windmill/commit/39dbd646b9683e0ad8de047cca786ae468759e77))
+
+
+### Bug Fixes
+
+* broken event dispatch for simpleditor ([#5879](https://github.com/windmill-labs/windmill/issues/5879)) ([df4992a](https://github.com/windmill-labs/windmill/commit/df4992a9295ed188c2a2cb0a5dfd3e33ae2e2dcb))
+* cannot parse INSTANCE_PYTHON_VERSION ([#5874](https://github.com/windmill-labs/windmill/issues/5874)) ([a0b302d](https://github.com/windmill-labs/windmill/commit/a0b302d2c58d4245260376cf280bc866be91717c))
+* fix regex that extract workspaces from custom tags ([#5876](https://github.com/windmill-labs/windmill/issues/5876)) ([1551dc8](https://github.com/windmill-labs/windmill/commit/1551dc8af22f6ea41f68290ace4c58f936c47745))
+* nit ai flow prompt ([#5867](https://github.com/windmill-labs/windmill/issues/5867)) ([3e769f0](https://github.com/windmill-labs/windmill/commit/3e769f0c591b80138b3a356d147228675756452f))
+* **python:** assign PATCH version to python runtime only when needed ([#5866](https://github.com/windmill-labs/windmill/issues/5866)) ([50a5c1f](https://github.com/windmill-labs/windmill/commit/50a5c1f56a7e45882fa0095203de709571e149bb))
+* remove duplicate tools from script ai chat ([#5880](https://github.com/windmill-labs/windmill/issues/5880)) ([fe4a767](https://github.com/windmill-labs/windmill/commit/fe4a767df0e6f46fd0c0fd21b4116c7375978bf9))
+* replace crypto.randomUUID with generateRandomString for HTTP compatibility ([#5849](https://github.com/windmill-labs/windmill/issues/5849)) ([64f35d0](https://github.com/windmill-labs/windmill/commit/64f35d050fb0d1008ce7142fd62d500845e62c4a)), closes [#5847](https://github.com/windmill-labs/windmill/issues/5847)
+
+## [1.494.0](https://github.com/windmill-labs/windmill/compare/v1.493.4...v1.494.0) (2025-05-31)
+
+
+### Features
+
+* array of s3 objects in input maker ([806d669](https://github.com/windmill-labs/windmill/commit/806d66972568d21a1621acd1b30db5ae9b217341))
+* **rust:** shared build directory ([#5610](https://github.com/windmill-labs/windmill/issues/5610)) ([ed61d97](https://github.com/windmill-labs/windmill/commit/ed61d9770031c1a04908880dbd3e5fb692df9946))
+
+
+### Bug Fixes
+
+* allow disable tabs for sidebar/accordion tabs ([#5838](https://github.com/windmill-labs/windmill/issues/5838)) ([80277d1](https://github.com/windmill-labs/windmill/commit/80277d14d02e8e596c7002326946142226d382a6))
+
+## [1.493.4](https://github.com/windmill-labs/windmill/compare/v1.493.3...v1.493.4) (2025-05-29)
+
+
+### Bug Fixes
+
+* templatev2 delete issue ([#5834](https://github.com/windmill-labs/windmill/issues/5834)) ([ed3ad32](https://github.com/windmill-labs/windmill/commit/ed3ad327a235c16b9f3aa7f8edeefe61b0c01da3))
+
+## [1.493.3](https://github.com/windmill-labs/windmill/compare/v1.493.2...v1.493.3) (2025-05-29)
+
+
+### Bug Fixes
+
+* evalv2 prohibit component delete ([e302aa3](https://github.com/windmill-labs/windmill/commit/e302aa38b5977dd406ae05e1d8dbb74cb7dc3d17))
+* faster layout for larger graphs ([8d12bcc](https://github.com/windmill-labs/windmill/commit/8d12bcc8ee2991909ea0d9bb57f04f0d4106c69f))
+
+## [1.493.2](https://github.com/windmill-labs/windmill/compare/v1.493.1...v1.493.2) (2025-05-28)
+
+
+### Bug Fixes
+
+* improve monaco editor memory leak ([e0f4f83](https://github.com/windmill-labs/windmill/commit/e0f4f83ebf4416c3bcc24433a7bf606349e1f75a))
+* improve monaco javascript extra lib refresh ([7b70348](https://github.com/windmill-labs/windmill/commit/7b70348b4bba3726e3fb26c964219a5a2aa6af55))
+
+## [1.493.1](https://github.com/windmill-labs/windmill/compare/v1.493.0...v1.493.1) (2025-05-28)
+
+
+### Bug Fixes
+
+* improve monaco javascript extra lib refresh ([a2c8ea6](https://github.com/windmill-labs/windmill/commit/a2c8ea69a3962a350273717cd237d8a96523fd00))
+
+## [1.493.0](https://github.com/windmill-labs/windmill/compare/v1.492.1...v1.493.0) (2025-05-27)
+
+
+### Features
+
+* add aws oidc support for instance s3 storage ([#5810](https://github.com/windmill-labs/windmill/issues/5810)) ([5b96bcc](https://github.com/windmill-labs/windmill/commit/5b96bccedd6e68fea631580dd49338301ad0305f))
+* duckdb sql lang support ([#5761](https://github.com/windmill-labs/windmill/issues/5761)) ([fdefd4b](https://github.com/windmill-labs/windmill/commit/fdefd4be9398b9610a539360353fd61b521732d4))
+* **python:** inline script metadata (PEP 723)  ([#5712](https://github.com/windmill-labs/windmill/issues/5712)) ([2622253](https://github.com/windmill-labs/windmill/commit/26222539e66bce7e88f86a7e5917e6ca99350865))
+
+
+### Bug Fixes
+
+* add missing http_trigger_version_seq grants ([#5816](https://github.com/windmill-labs/windmill/issues/5816)) ([306f3ea](https://github.com/windmill-labs/windmill/commit/306f3eabd1c03fa904b0e59438de124a0e680597))
+* avoid monaco memory leak ([0d459d5](https://github.com/windmill-labs/windmill/commit/0d459d5d223728270854e37715ecc1663ede9870))
+* error handler node rendering at top level ([feae9b0](https://github.com/windmill-labs/windmill/commit/feae9b09240ba306c007013a36d2aefb0b273766))
+* **frontend:** auto completion and render of tailwind classes in app editor ([#5817](https://github.com/windmill-labs/windmill/issues/5817)) ([5897e7e](https://github.com/windmill-labs/windmill/commit/5897e7e01b8839425c30c2a97481ef7bb9090661))
+
+## [1.492.1](https://github.com/windmill-labs/windmill/compare/v1.492.0...v1.492.1) (2025-05-22)
+
+
+### Bug Fixes
+
+* fix strum compile ([59f6024](https://github.com/windmill-labs/windmill/commit/59f6024cbdaface9c9f0ed61c4a415a13b558515))
+
+## [1.492.0](https://github.com/windmill-labs/windmill/compare/v1.491.5...v1.492.0) (2025-05-22)
+
+
+### Features
+
+* job search pagination + result count ([#5789](https://github.com/windmill-labs/windmill/issues/5789)) ([55ae766](https://github.com/windmill-labs/windmill/commit/55ae76648475ce9ff14b2fa33b2a71b90fbd50a1))
+* **python:** add annotation to skip result post-processing ([#5769](https://github.com/windmill-labs/windmill/issues/5769)) ([07c2ff5](https://github.com/windmill-labs/windmill/commit/07c2ff5668f4725a3b9a8a2655248b0945ac251c))
+* shift/ctrl+click/enter to open ctrl+k menu results in new tab ([#5800](https://github.com/windmill-labs/windmill/issues/5800)) ([66a997a](https://github.com/windmill-labs/windmill/commit/66a997afc399de2d592c469faf9a5b2cd6433aac))
+* triggers git sync ([#5766](https://github.com/windmill-labs/windmill/issues/5766)) ([065a814](https://github.com/windmill-labs/windmill/commit/065a814d35a5749725c2ada1155481abba782684))
+
+
+### Bug Fixes
+
+* improve app css consistency ([88482c3](https://github.com/windmill-labs/windmill/commit/88482c3bd76ddad16738354f7531d16fa806ad2f))
+* improve docker mode unexpected exit handling ([7c24fbc](https://github.com/windmill-labs/windmill/commit/7c24fbcef2ecfe5fc034870c4c65dd80513301a4))
+* postgres trigger ssl issue ([#5790](https://github.com/windmill-labs/windmill/issues/5790)) ([b9a776c](https://github.com/windmill-labs/windmill/commit/b9a776c97b3411af18e58cde7a070c4955aaaab4))
+* specify using inline type in system prompt for AI ([#5787](https://github.com/windmill-labs/windmill/issues/5787)) ([791296f](https://github.com/windmill-labs/windmill/commit/791296fa41c5bc45c32944db8bc1b66e1515ea82))
+* workspace preprocessor improvements ([#5784](https://github.com/windmill-labs/windmill/issues/5784)) ([30edcdf](https://github.com/windmill-labs/windmill/commit/30edcdfe0e950b0ab850942bcbc9b4b5ff4fc00c))
+
 ## [1.491.5](https://github.com/windmill-labs/windmill/compare/v1.491.4...v1.491.5) (2025-05-17)
 
 

CLAUDE.md

@@ -0,0 +1,10 @@
+# Windmill Development Guide
+
+## Overview
+
+Windmill is an open-source developer platform for building internal tools, workflows, API integrations, background jobs, workflows, and user interfaces. See @windmill-overview.mdc for full platform details.
+
+## Language-Specific Guides
+
+- Backend (Rust): @backend/rust-best-practices.mdc + @backend/summarized_schema.txt
+- Frontend (Svelte 5): @frontend/svelte5-best-practices.mdc

README.md

@@ -367,10 +367,11 @@ you to have it being synced automatically everyday.
 
 ## Run a local dev setup
 
+Using [Nix](./frontend/README_DEV.md#nix) (Recommended).
+
 See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
 running options.
 
-Using [Nix](./frontend/README_DEV.md#nix).
 
 ### only Frontend
 

backend/.gitignore

@@ -5,4 +5,6 @@ oauth2.json
 tracing.folded
 heaptrack*
 index/
-windmill-api/openapi-*.*
+windmill-api/openapi-*.*
+.duckdb/*
+*ee.rs

backend/.ignore

@@ -0,0 +1 @@
+!*ee.rs

backend/.sqlx/query-019100d178129340a7c35d60ab61f983c8a9cb810db4369554bf26c6b0d6003d.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT\n                    id As \"id!\",\n                    flow_status->'restarted_from'->'flow_job_id' AS \"restarted_from: Json<Uuid>\"\n                FROM v2_as_queue\n                WHERE COALESCE((SELECT flow_innermost_root_job FROM v2_job WHERE id = $1), $1) = id AND workspace_id = $2",
+  "query": "SELECT\n                    id As \"id!\",\n                    flow_status->'restarted_from'->'flow_job_id' AS \"restarted_from: Json<Uuid>\"\n                FROM v2_job_status\n                WHERE COALESCE((SELECT flow_innermost_root_job FROM v2_job WHERE id = $1), $1) = id",
   "describe": {
     "columns": [
       {
@@ -16,14 +16,13 @@
     ],
     "parameters": {
       "Left": [
-        "Uuid",
-        "Text"
+        "Uuid"
       ]
     },
     "nullable": [
-      true,
+      false,
       null
     ]
   },
-  "hash": "3c0b2a840102b12864c5d721b8e0142602ab37f3e1a95d39b3c7cbd7ff34d0b2"
+  "hash": "019100d178129340a7c35d60ab61f983c8a9cb810db4369554bf26c6b0d6003d"
 }

backend/.sqlx/query-08c827d9b2de0b77ce0ea2653760751615112c501b35e931ed817dbefd7c6bdb.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM app WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "08c827d9b2de0b77ce0ea2653760751615112c501b35e931ed817dbefd7c6bdb"
+}

backend/.sqlx/query-0937e25e89959447e7cb1816c112bbc4718cbb8ad6e2f13eae6b14f129d12936.json

@@ -61,7 +61,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-13444bbd5547e101c41206c5f97ac4dded0536faf52c370d704ed9a451041caf.json

@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM sqs_trigger WHERE script_path = $1 AND is_flow = $2 AND workspace_id = $3",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Bool",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "13444bbd5547e101c41206c5f97ac4dded0536faf52c370d704ed9a451041caf"
+}

backend/.sqlx/query-19f0ccadd3ee44719a781ea0d73ea4e45f5b2c3d5c0aa5dbecf9ea9838881b74.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "CREATE INDEX CONCURRENTLY IF NOT EXISTS v2_job_queue_suspend ON v2_job_queue (workspace_id, suspend) WHERE suspend > 0;",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": []
+  },
+  "hash": "19f0ccadd3ee44719a781ea0d73ea4e45f5b2c3d5c0aa5dbecf9ea9838881b74"
+}

backend/.sqlx/query-1c5d3556fc8436ddd294f39c5431e1f501a821d6143c5d8aece20814237a6b86.json

@@ -0,0 +1,38 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT token, expires_at, blacklisted_at, blacklisted_by \n             FROM agent_token_blacklist \n             ORDER BY blacklisted_at DESC",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "token",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "expires_at",
+        "type_info": "Timestamp"
+      },
+      {
+        "ordinal": 2,
+        "name": "blacklisted_at",
+        "type_info": "Timestamp"
+      },
+      {
+        "ordinal": 3,
+        "name": "blacklisted_by",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "1c5d3556fc8436ddd294f39c5431e1f501a821d6143c5d8aece20814237a6b86"
+}

backend/.sqlx/query-1d87f41fd1abb9361d795a899120e6b77e24bf5a9044fdc5284d0d7f1e14eafa.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usage (id, is_workspace, month_, usage) \n            VALUES ($1, TRUE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), $2) \n            ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Int4"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "1d87f41fd1abb9361d795a899120e6b77e24bf5a9044fdc5284d0d7f1e14eafa"
-}

backend/.sqlx/query-222e29b89d10f3840d4e9b9ab63207df3cbab63c83d4a6374e72a11893841653.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "CREATE INDEX CONCURRENTLY idx_audit_recent_login_activities \nON audit (timestamp, username) \nWHERE operation IN ('users.login', 'oauth.login', 'users.token.refresh');",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": []
+  },
+  "hash": "222e29b89d10f3840d4e9b9ab63207df3cbab63c83d4a6374e72a11893841653"
+}

backend/.sqlx/query-2bf5f7f2cf9d85a5d23e5db2f7616fb41fece9b3d46fde2d546d70b46f9008e3.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO usage (id, is_workspace, month_, usage) \n                    VALUES ($1, FALSE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), $2) \n                    ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Int4"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2bf5f7f2cf9d85a5d23e5db2f7616fb41fece9b3d46fde2d546d70b46f9008e3"
+}

backend/.sqlx/query-2bf99d540365c228e1776ee5d2ba01ebe289183526afab19c1390bbf5082f019.json

@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT EXISTS(SELECT 1 FROM agent_token_blacklist WHERE token = $1 AND expires_at > $2)",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Timestamp"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "2bf99d540365c228e1776ee5d2ba01ebe289183526afab19c1390bbf5082f019"
+}

backend/.sqlx/query-2e9b3e718440f3c5269e9217a13076c565f3add98b6768b5476bd3afed11ea31.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usage (id, is_workspace, month_, usage)\n                    VALUES ($1, FALSE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), 1)\n                    ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + 1 \n                    RETURNING usage.usage",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "usage",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Varchar"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "2e9b3e718440f3c5269e9217a13076c565f3add98b6768b5476bd3afed11ea31"
-}

backend/.sqlx/query-2ef25599ea0c9ef946d6cc70ae048af970aed2638a3f767e152b654aebf68e48.json

@@ -1,20 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SHOW WAL_LEVEL;",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "wal_level",
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "2ef25599ea0c9ef946d6cc70ae048af970aed2638a3f767e152b654aebf68e48"
-}

backend/.sqlx/query-2f30274b0fe89aa1579b252b990876e5035ca5b31a68fcf08701102a6457e5c4.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM token WHERE email = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "2f30274b0fe89aa1579b252b990876e5035ca5b31a68fcf08701102a6457e5c4"
+}

backend/.sqlx/query-33367c42e87e78ae987c0966dc4d445c5eff75b2e2843ffd7a46b03cbaea9ae8.json

@@ -0,0 +1,35 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT \n                    path,\n                    summary,\n                    description\n                FROM\n                    flow\n                WHERE\n                    path ~ ANY($1) AND\n                    workspace_id = $2 AND\n                    archived is FALSE\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "summary",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "description",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "TextArray",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "33367c42e87e78ae987c0966dc4d445c5eff75b2e2843ffd7a46b03cbaea9ae8"
+}

backend/.sqlx/query-39401cb0db8d367b5beb2be0c13aa7595adae0eac4e4e3a888cb12b972d1a7ce.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n        SELECT \n            workspace_id, \n            path, \n            route_path, \n            route_path_key,\n            workspaced_route,\n            script_path, \n            is_flow, \n            http_method as \"http_method: _\", \n            edited_by, \n            email, \n            edited_at, \n            extra_perms, \n            is_async, \n            authentication_method as \"authentication_method: _\", \n            static_asset_config as \"static_asset_config: _\", \n            is_static_website,\n            authentication_resource_path,\n            wrap_body,\n            raw_string\n        FROM \n            http_trigger\n        WHERE \n            workspace_id = $1 AND \n            path = $2\n        ",
+  "query": "\n        SELECT \n            workspace_id, \n            path, \n            route_path, \n            route_path_key,\n            workspaced_route,\n            script_path, \n            summary,\n            description,\n            is_flow, \n            http_method as \"http_method: _\", \n            edited_by, \n            email, \n            edited_at, \n            extra_perms, \n            is_async, \n            authentication_method as \"authentication_method: _\", \n            static_asset_config as \"static_asset_config: _\", \n            is_static_website,\n            authentication_resource_path,\n            wrap_body,\n            raw_string\n        FROM \n            http_trigger\n        WHERE \n            workspace_id = $1 AND \n            path = $2\n        ",
   "describe": {
     "columns": [
       {
@@ -35,11 +35,21 @@
       },
       {
         "ordinal": 6,
+        "name": "summary",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 7,
+        "name": "description",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 8,
         "name": "is_flow",
         "type_info": "Bool"
       },
       {
-        "ordinal": 7,
+        "ordinal": 9,
         "name": "http_method: _",
         "type_info": {
           "Custom": {
@@ -57,32 +67,32 @@
         }
       },
       {
-        "ordinal": 8,
+        "ordinal": 10,
         "name": "edited_by",
         "type_info": "Varchar"
       },
       {
-        "ordinal": 9,
+        "ordinal": 11,
         "name": "email",
         "type_info": "Varchar"
       },
       {
-        "ordinal": 10,
+        "ordinal": 12,
         "name": "edited_at",
         "type_info": "Timestamptz"
       },
       {
-        "ordinal": 11,
+        "ordinal": 13,
         "name": "extra_perms",
         "type_info": "Jsonb"
       },
       {
-        "ordinal": 12,
+        "ordinal": 14,
         "name": "is_async",
         "type_info": "Bool"
       },
       {
-        "ordinal": 13,
+        "ordinal": 15,
         "name": "authentication_method: _",
         "type_info": {
           "Custom": {
@@ -101,27 +111,27 @@
         }
       },
       {
-        "ordinal": 14,
+        "ordinal": 16,
         "name": "static_asset_config: _",
         "type_info": "Jsonb"
       },
       {
-        "ordinal": 15,
+        "ordinal": 17,
         "name": "is_static_website",
         "type_info": "Bool"
       },
       {
-        "ordinal": 16,
+        "ordinal": 18,
         "name": "authentication_resource_path",
         "type_info": "Varchar"
       },
       {
-        "ordinal": 17,
+        "ordinal": 19,
         "name": "wrap_body",
         "type_info": "Bool"
       },
       {
-        "ordinal": 18,
+        "ordinal": 20,
         "name": "raw_string",
         "type_info": "Bool"
       }
@@ -139,6 +149,8 @@
       false,
       false,
       false,
+      true,
+      true,
       false,
       false,
       false,
@@ -154,5 +166,5 @@
       false
     ]
   },
-  "hash": "144e4eccfd1c1e729e3c864bd5dc3316248719dfa8a6c9e1d15a7931638e86db"
+  "hash": "39401cb0db8d367b5beb2be0c13aa7595adae0eac4e4e3a888cb12b972d1a7ce"
 }

backend/.sqlx/query-3b5295a7c4b99aefa52c9a8ae1e0dd12bf4a0be1bf755caf7a1fa863e7950562.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM raw_app WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "3b5295a7c4b99aefa52c9a8ae1e0dd12bf4a0be1bf755caf7a1fa863e7950562"
+}

backend/.sqlx/query-3e244a5057d4f1b4a18c0edac52cdf695c7e7aa0468d2686255de3d83719e6d0.json

@@ -1,22 +1,22 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT tag FROM v2_job WHERE id = $1",
+  "query": "SELECT path FROM script WHERE workspace_id = $1 AND archived = false",
   "describe": {
     "columns": [
       {
         "ordinal": 0,
-        "name": "tag",
+        "name": "path",
         "type_info": "Varchar"
       }
     ],
     "parameters": {
       "Left": [
-        "Uuid"
+        "Text"
       ]
     },
     "nullable": [
       false
     ]
   },
-  "hash": "faf2c77242e0ab39b33886edf3b742531bf1351d0be1c3631bde0adfe375497a"
+  "hash": "3e244a5057d4f1b4a18c0edac52cdf695c7e7aa0468d2686255de3d83719e6d0"
 }

backend/.sqlx/query-3f05e6186050a7ce6d8efb41067d3c5282319fe7e041f114e02fb22b91716637.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n            UPDATE \n                http_trigger \n            SET \n                route_path = $1, \n                route_path_key = $2, \n                workspaced_route = $3,\n                wrap_body = $4,\n                raw_string = $5,\n                authentication_resource_path = $6,\n                script_path = $7, \n                path = $8, \n                is_flow = $9, \n                http_method = $10, \n                static_asset_config = $11, \n                edited_by = $12, \n                email = $13, \n                is_async = $14, \n                authentication_method = $15, \n                edited_at = now(), \n                is_static_website = $16\n            WHERE \n                workspace_id = $17 AND \n                path = $18\n            ",
+  "query": "\n            UPDATE \n                http_trigger \n            SET \n                route_path = $1, \n                route_path_key = $2, \n                workspaced_route = $3,\n                wrap_body = $4,\n                raw_string = $5,\n                authentication_resource_path = $6,\n                script_path = $7, \n                path = $8, \n                is_flow = $9, \n                http_method = $10, \n                static_asset_config = $11, \n                edited_by = $12, \n                email = $13, \n                is_async = $14, \n                authentication_method = $15, \n                summary = $16,\n                description = $17,\n                edited_at = now(), \n                is_static_website = $18\n            WHERE \n                workspace_id = $19 AND \n                path = $20\n            ",
   "describe": {
     "columns": [],
     "parameters": {
@@ -47,6 +47,8 @@
             }
           }
         },
+        "Varchar",
+        "Text",
         "Bool",
         "Text",
         "Text"
@@ -54,5 +56,5 @@
     },
     "nullable": []
   },
-  "hash": "187e8f85a71dea958e89fdfdf96c913a19eef8678dc7890c2f0e1ef8758ec43b"
+  "hash": "3f05e6186050a7ce6d8efb41067d3c5282319fe7e041f114e02fb22b91716637"
 }

backend/.sqlx/query-4228b098883408323bd8413ee094454b95962047458a6927d19ac0d3e7b3f0fa.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n                SELECT \n                    workspace_id, \n                    workspaced_route,\n                    path, \n                    route_path, \n                    route_path_key, \n                    authentication_resource_path,\n                    script_path, \n                    is_flow, \n                    edited_by, \n                    edited_at, \n                    email, \n                    extra_perms, \n                    is_async, \n                    authentication_method  AS \"authentication_method: _\", \n                    http_method AS \"http_method: _\", \n                    static_asset_config AS \"static_asset_config: _\", \n                    is_static_website,\n                    wrap_body,\n                    raw_string\n                FROM http_trigger\n                WHERE workspace_id = $1\n                ",
+  "query": "\n                SELECT \n                    workspace_id, \n                    workspaced_route,\n                    path, \n                    route_path, \n                    route_path_key, \n                    authentication_resource_path,\n                    script_path, \n                    is_flow, \n                    summary,\n                    description,\n                    edited_by, \n                    edited_at, \n                    email, \n                    extra_perms, \n                    is_async, \n                    authentication_method  AS \"authentication_method: _\", \n                    http_method AS \"http_method: _\", \n                    static_asset_config AS \"static_asset_config: _\", \n                    is_static_website,\n                    wrap_body,\n                    raw_string\n                FROM http_trigger\n                WHERE workspace_id = $1\n                ",
   "describe": {
     "columns": [
       {
@@ -45,31 +45,41 @@
       },
       {
         "ordinal": 8,
-        "name": "edited_by",
+        "name": "summary",
         "type_info": "Varchar"
       },
       {
         "ordinal": 9,
-        "name": "edited_at",
-        "type_info": "Timestamptz"
+        "name": "description",
+        "type_info": "Text"
       },
       {
         "ordinal": 10,
-        "name": "email",
+        "name": "edited_by",
         "type_info": "Varchar"
       },
       {
         "ordinal": 11,
+        "name": "edited_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 12,
+        "name": "email",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 13,
         "name": "extra_perms",
         "type_info": "Jsonb"
       },
       {
-        "ordinal": 12,
+        "ordinal": 14,
         "name": "is_async",
         "type_info": "Bool"
       },
       {
-        "ordinal": 13,
+        "ordinal": 15,
         "name": "authentication_method: _",
         "type_info": {
           "Custom": {
@@ -88,7 +98,7 @@
         }
       },
       {
-        "ordinal": 14,
+        "ordinal": 16,
         "name": "http_method: _",
         "type_info": {
           "Custom": {
@@ -106,22 +116,22 @@
         }
       },
       {
-        "ordinal": 15,
+        "ordinal": 17,
         "name": "static_asset_config: _",
         "type_info": "Jsonb"
       },
       {
-        "ordinal": 16,
+        "ordinal": 18,
         "name": "is_static_website",
         "type_info": "Bool"
       },
       {
-        "ordinal": 17,
+        "ordinal": 19,
         "name": "wrap_body",
         "type_info": "Bool"
       },
       {
-        "ordinal": 18,
+        "ordinal": 20,
         "name": "raw_string",
         "type_info": "Bool"
       }
@@ -140,6 +150,8 @@
       true,
       false,
       false,
+      true,
+      true,
       false,
       false,
       false,
@@ -153,5 +165,5 @@
       false
     ]
   },
-  "hash": "56c2522a12f91515e38290e4680a55a4727195125cd49a2f92f89bcdf74dc364"
+  "hash": "4228b098883408323bd8413ee094454b95962047458a6927d19ac0d3e7b3f0fa"
 }

backend/.sqlx/query-4469ee6c206c46951980ea1bc73f126f339d2e3cf97f363be8921084b16dac45.json

@@ -1,20 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT pubname AS publication_name FROM pg_publication;",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "publication_name",
-        "type_info": "Name"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "4469ee6c206c46951980ea1bc73f126f339d2e3cf97f363be8921084b16dac45"
-}

backend/.sqlx/query-488dd591096b2b47787afdc3a1d73917ed13269f2ee20b86df79fca2c8efe672.json

@@ -70,7 +70,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-4aaab98ebdaa90f1edf49ac96fba6c391c4d0054a618b861464ee37239f1f1e0.json

@@ -137,7 +137,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-4e5273b9ce05f6ee2dfd5f14c8574a0cf43682480452f7dbe23012320fe7fe25.json

@@ -0,0 +1,58 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n    SELECT \n        tag, \n        script_lang AS \"script_lang!: _\"\n    FROM \n        v2_job\n    WHERE \n        id = $1\n    ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "tag",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "script_lang!: _",
+        "type_info": {
+          "Custom": {
+            "name": "script_lang",
+            "kind": {
+              "Enum": [
+                "python3",
+                "deno",
+                "go",
+                "bash",
+                "postgresql",
+                "nativets",
+                "bun",
+                "mysql",
+                "bigquery",
+                "snowflake",
+                "graphql",
+                "powershell",
+                "mssql",
+                "php",
+                "bunnative",
+                "rust",
+                "ansible",
+                "csharp",
+                "oracledb",
+                "nu",
+                "java",
+                "duckdb"
+              ]
+            }
+          }
+        }
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": [
+      false,
+      true
+    ]
+  },
+  "hash": "4e5273b9ce05f6ee2dfd5f14c8574a0cf43682480452f7dbe23012320fe7fe25"
+}

backend/.sqlx/query-4ee0017771f46f0272817d18edb821940cb5064e3f155b9630b131c09c9dba13.json

@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        SELECT \n            slot_name,\n            active\n        FROM\n            pg_replication_slots \n        WHERE \n            plugin = 'pgoutput' AND\n            slot_type = 'logical';\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "slot_name",
-        "type_info": "Name"
-      },
-      {
-        "ordinal": 1,
-        "name": "active",
-        "type_info": "Bool"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      true,
-      true
-    ]
-  },
-  "hash": "4ee0017771f46f0272817d18edb821940cb5064e3f155b9630b131c09c9dba13"
-}

backend/.sqlx/query-52032730f2eeaaeab55305f72bea5481d1c50c2eaa92a97a078239430f0d6c13.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM flow WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "52032730f2eeaaeab55305f72bea5481d1c50c2eaa92a97a078239430f0d6c13"
+}

backend/.sqlx/query-5430f7728c1e9b539cc8aad29ca9e6733943278998d3df62a9486607827e59ec.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "WITH active_users AS (SELECT distinct username as email FROM audit WHERE timestamp > NOW() - INTERVAL '1 month' AND (operation = 'users.login' OR operation = 'oauth.login')),\n            authors as (SELECT distinct email FROM usr WHERE usr.operator IS false)\n            SELECT email, email NOT IN (SELECT email FROM authors) as operator_only, login_type::text, verified, super_admin, devops, name, company, username\n            FROM password\n            WHERE email IN (SELECT email FROM active_users)\n            ORDER BY super_admin DESC, devops DESC\n            LIMIT $1 OFFSET $2",
+  "query": "WITH active_users AS (SELECT distinct username as email FROM audit WHERE timestamp > NOW() - INTERVAL '1 month' AND (operation = 'users.login' OR operation = 'oauth.login' OR operation = 'users.token.refresh')),\n            authors as (SELECT distinct email FROM usr WHERE usr.operator IS false)\n            SELECT email, email NOT IN (SELECT email FROM authors) as operator_only, login_type::text, verified, super_admin, devops, name, company, username\n            FROM password\n            WHERE email IN (SELECT email FROM active_users)\n            ORDER BY super_admin DESC, devops DESC\n            LIMIT $1 OFFSET $2",
   "describe": {
     "columns": [
       {
@@ -67,5 +67,5 @@
       true
     ]
   },
-  "hash": "3895cee539a24b4c6ea89fa7a835fc62bc93b0530efba09fc3c32a8f93eaabb1"
+  "hash": "5430f7728c1e9b539cc8aad29ca9e6733943278998d3df62a9486607827e59ec"
 }

backend/.sqlx/query-54fee31b61d62598c89cf7d0729079ac1721fe7bd1844f339236379211defc78.json

@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM agent_token_blacklist WHERE token = $1",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "54fee31b61d62598c89cf7d0729079ac1721fe7bd1844f339236379211defc78"
+}

backend/.sqlx/query-551fee7919fdeb911e3f9cc5852e158ea47e3db4895c2b2b1d3cb6b16fceeda9.json

@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT fv.id\n                                                                                FROM flow f\n                                                                                INNER JOIN flow_version fv ON fv.id = f.versions[array_upper(f.versions, 1)]\n                                                                                WHERE fv.value->'preprocessor_module'->'value'->>'path' = $1 AND f.workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "551fee7919fdeb911e3f9cc5852e158ea47e3db4895c2b2b1d3cb6b16fceeda9"
+}

backend/.sqlx/query-553108ba3c0b8d579800bc8b5a4f887d79fb4c13b60b19c4913a8db18521958c.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue q SET suspend = 0\n                             FROM v2_job j, v2_job_status f\n                             WHERE parent_job = $1\n                                 AND f.id = j.id AND q.id = j.id\n                                 AND suspend = $2 AND (f.flow_status->'step')::int = 0",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Int4"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "553108ba3c0b8d579800bc8b5a4f887d79fb4c13b60b19c4913a8db18521958c"
-}

backend/.sqlx/query-56b2326015fde12b1a4efa226518566101dd27a0f3363884781071d417f8b7e7.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO usage (id, is_workspace, month_, usage)\n                        VALUES ($1, FALSE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), 1)\n                        ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + 1 \n                        RETURNING usage.usage",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "usage",
+        "type_info": "Int4"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Varchar"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "56b2326015fde12b1a4efa226518566101dd27a0f3363884781071d417f8b7e7"
+}

backend/.sqlx/query-5a31b32659a0ac6a6ad0e122a4d475787240d6714ddadf16296d2b7bd5fdcb52.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM variable WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "5a31b32659a0ac6a6ad0e122a4d475787240d6714ddadf16296d2b7bd5fdcb52"
+}

backend/.sqlx/query-61c29d684e8e683e839a6d7210b3b9b96854e5bfd752e45922c358c42ebea0c4.json

@@ -61,7 +61,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-621e9a2a53187dac3ebed62f0d645b692815f1594bf302dbebd5f80d5d22b98e.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usage (id, is_workspace, month_, usage)\n                    VALUES ($1, TRUE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), 1)\n                    ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + 1 \n                    RETURNING usage.usage",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "usage",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Varchar"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "621e9a2a53187dac3ebed62f0d645b692815f1594bf302dbebd5f80d5d22b98e"
-}

backend/.sqlx/query-6a19c440a7a8064f3969cf6f48adea0bfdb683de9555e374ce5731e0b3c379f9.json

@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM gcp_trigger WHERE script_path = $1 AND is_flow = $2 AND workspace_id = $3",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Bool",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "6a19c440a7a8064f3969cf6f48adea0bfdb683de9555e374ce5731e0b3c379f9"
+}

backend/.sqlx/query-6e2564dc37ee967c634deade67ceabc4c516418e595dee9cd7d651acc1f4af6e.json

@@ -147,7 +147,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-6f56acb985aa7141ea1891d7ad58a32c35d1b02fe7070c92a2e62c1a5339c396.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT slot_name FROM pg_replication_slots where slot_name = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "slot_name",
-        "type_info": "Name"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Name"
-      ]
-    },
-    "nullable": [
-      true
-    ]
-  },
-  "hash": "6f56acb985aa7141ea1891d7ad58a32c35d1b02fe7070c92a2e62c1a5339c396"
-}

backend/.sqlx/query-714fb0f66ceb536aee8cb9ae0144757b999d25870fda37fe904e09dd5c742015.json

@@ -0,0 +1,93 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT\n            route_path,\n            http_method AS \"http_method: _\",\n            is_async,\n            workspaced_route,\n            summary,\n            description,\n            authentication_method AS \"authentication_method: _\",\n            authentication_resource_path\n        FROM\n            http_trigger\n        WHERE\n           path ~ ANY($1) AND\n           route_path ~ ANY($2) AND\n           workspace_id = $3\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "route_path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "http_method: _",
+        "type_info": {
+          "Custom": {
+            "name": "http_method",
+            "kind": {
+              "Enum": [
+                "get",
+                "post",
+                "put",
+                "delete",
+                "patch"
+              ]
+            }
+          }
+        }
+      },
+      {
+        "ordinal": 2,
+        "name": "is_async",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 3,
+        "name": "workspaced_route",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 4,
+        "name": "summary",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 5,
+        "name": "description",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 6,
+        "name": "authentication_method: _",
+        "type_info": {
+          "Custom": {
+            "name": "authentication_method",
+            "kind": {
+              "Enum": [
+                "none",
+                "windmill",
+                "api_key",
+                "basic_http",
+                "custom_script",
+                "signature"
+              ]
+            }
+          }
+        }
+      },
+      {
+        "ordinal": 7,
+        "name": "authentication_resource_path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "TextArray",
+        "TextArray",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      true,
+      true,
+      false,
+      true
+    ]
+  },
+  "hash": "714fb0f66ceb536aee8cb9ae0144757b999d25870fda37fe904e09dd5c742015"
+}

backend/.sqlx/query-7aa589db3199d7f727cc69e63e1281b7ed329ff0c9d1617747f4ccd6014720cf.json

@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT EXISTS(SELECT 1 FROM variable WHERE account = $1 AND workspace_id = $2)",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int4",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "7aa589db3199d7f727cc69e63e1281b7ed329ff0c9d1617747f4ccd6014720cf"
+}

backend/.sqlx/query-7c765f50c67b0ef751bafc1bf9279c4cb8a851dfab406ba7611f77773663e9f3.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM resource WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "7c765f50c67b0ef751bafc1bf9279c4cb8a851dfab406ba7611f77773663e9f3"
+}

backend/.sqlx/query-7e64ba7e2362cc19d2aed9f34c9879983922e96a9baab7c1a2b09ed2b1c261e2.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT \n            active_pid \n        FROM \n            pg_replication_slots \n        WHERE \n            slot_name = $1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "active_pid",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Name"
-      ]
-    },
-    "nullable": [
-      true
-    ]
-  },
-  "hash": "7e64ba7e2362cc19d2aed9f34c9879983922e96a9baab7c1a2b09ed2b1c261e2"
-}

backend/.sqlx/query-804fc11e35f4afc0db194b6fe2594f91df7e588d4d2431bc85f4d8734920c8bf.json

@@ -34,7 +34,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-8373b2649ab46310860adbdd7b717261771ac61d46d82d42d085ffebeb18be06.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT distinct(path) FROM script WHERE workspace_id = $1 AND archived = true",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "8373b2649ab46310860adbdd7b717261771ac61d46d82d42d085ffebeb18be06"
+}

backend/.sqlx/query-83f64dd93b1ddc03b84681d65d9be69959987cbac1d83b64225fd1bf9ab047c9.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO usage (id, is_workspace, month_, usage)\n                        VALUES ($1, TRUE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), 1)\n                        ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + 1 \n                        RETURNING usage.usage",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "usage",
+        "type_info": "Int4"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Varchar"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "83f64dd93b1ddc03b84681d65d9be69959987cbac1d83b64225fd1bf9ab047c9"
+}

backend/.sqlx/query-86ae16175ace0179e784aacfd381771f0137ecab6671d632febadede729e7783.json

@@ -1,40 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        SELECT\n            puballtables AS all_table,\n            pubinsert AS insert,\n            pubupdate AS update,\n            pubdelete AS delete\n        FROM\n            pg_publication\n        WHERE\n            pubname = $1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "all_table",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 1,
-        "name": "insert",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 2,
-        "name": "update",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 3,
-        "name": "delete",
-        "type_info": "Bool"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Name"
-      ]
-    },
-    "nullable": [
-      false,
-      false,
-      false,
-      false
-    ]
-  },
-  "hash": "86ae16175ace0179e784aacfd381771f0137ecab6671d632febadede729e7783"
-}

backend/.sqlx/query-995b194da28092d5aa053df936e7a9ee4b80cf3ade038a032c57ecff8fa3c6cf.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM agent_token_blacklist WHERE expires_at <= now() RETURNING token",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "token",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "995b194da28092d5aa053df936e7a9ee4b80cf3ade038a032c57ecff8fa3c6cf"
+}

backend/.sqlx/query-997586ac14384db2c0eeee1bb3382cc6ae013695d0cda6da9ab848ca1b9a9606.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE worker_ping SET\nping_at = now(),\njobs_executed = 1,\ncurrent_job_id = $1,\ncurrent_job_workspace_id = 'admins'\nWHERE worker = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "997586ac14384db2c0eeee1bb3382cc6ae013695d0cda6da9ab848ca1b9a9606"
+}

backend/.sqlx/query-9a9e4a8779b0bf8a275d029221dfa1465e5d44cd8a7be5879219ffc8cd7ae6b1.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "INSERT INTO pip_resolution_cache (hash, lockfile, expiration) VALUES ($1, $2, now() + ('3 days')::interval) ON CONFLICT (hash) DO UPDATE SET lockfile = $2",
+  "query": "INSERT INTO pip_resolution_cache (hash, lockfile, expiration) VALUES ($1, $2, now() + ('5 mins')::interval) ON CONFLICT (hash) DO UPDATE SET lockfile = $2",
   "describe": {
     "columns": [],
     "parameters": {
@@ -11,5 +11,5 @@
     },
     "nullable": []
   },
-  "hash": "4fb3881cdbb4b9e93e28f460a9b3715bdc6a52b76c89f3a3913023b13c4e085c"
+  "hash": "9a9e4a8779b0bf8a275d029221dfa1465e5d44cd8a7be5879219ffc8cd7ae6b1"
 }

backend/.sqlx/query-9d488c5ba4b9f5203692721d76ec831f5954861a5576e0d8c1c42a9eca90927f.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM workspace WHERE owner = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "9d488c5ba4b9f5203692721d76ec831f5954861a5576e0d8c1c42a9eca90927f"
+}

backend/.sqlx/query-a8b470b463ca4b7c00c7ef6e9f36c23f8bbcefc288a56d61122bfd6fe5ca7e8d.json

@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM mqtt_trigger WHERE script_path = $1 AND is_flow = $2 AND workspace_id = $3",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Bool",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "a8b470b463ca4b7c00c7ef6e9f36c23f8bbcefc288a56d61122bfd6fe5ca7e8d"
+}

backend/.sqlx/query-a8bcae108af1eda6efe3a4b8c6f8807bc464a81c0883e68f5a69b89b94b0b34b.json

@@ -36,7 +36,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-a9db7b2f435bb82acb8c5eeb7f800b28f3256491fdaa168591adc7b4b9f3327a.json

@@ -41,7 +41,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-ab04cda71f8e2be9acbecabe1ee5ef756b8e5c1955fbe111df9ee171dc262338.json

@@ -65,7 +65,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-b46a0fbebdc8e5e9852a06444b0aeaa4eaf67959e68b69eb2f0896ebe9244691.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT leaf_jobs->$1::text AS \"leaf_jobs: Json<Box<RawValue>>\", parent_job\n        FROM v2_as_queue\n        WHERE COALESCE((SELECT flow_innermost_root_job FROM v2_job WHERE id = $2), $2) = id AND workspace_id = $3",
+  "query": "SELECT flow_leaf_jobs->$1::text AS \"leaf_jobs: Json<Box<RawValue>>\", v2_job.parent_job\n        FROM v2_job_status\n        LEFT JOIN v2_job ON v2_job.id = v2_job_status.id AND v2_job.workspace_id = $3\n        WHERE COALESCE((SELECT flow_innermost_root_job FROM v2_job WHERE id = $2), $2) = v2_job_status.id",
   "describe": {
     "columns": [
       {
@@ -26,5 +26,5 @@
       true
     ]
   },
-  "hash": "cf12a70e7b75ae471a0944de34502384be156cf25129f9c52bda34b240cf469a"
+  "hash": "b46a0fbebdc8e5e9852a06444b0aeaa4eaf67959e68b69eb2f0896ebe9244691"
 }

backend/.sqlx/query-b7c3a66c3831eb5d145ff00807badae57bef81be051f150df754fd1444d7356d.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "WITH inserted_job AS (\n            INSERT INTO v2_job (id, workspace_id, raw_code, raw_lock, raw_flow, tag, parent_job,\n                created_by, permissioned_as, runnable_id, runnable_path, args, kind, trigger,\n            script_lang, same_worker, pre_run_error, permissioned_as_email, visible_to_owner,\n            flow_innermost_root_job, concurrent_limit, concurrency_time_window_s, timeout, flow_step_id,\n            cache_ttl, priority, trigger_kind, script_entrypoint_override, preprocessed)\n        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18,\n            $19, $20, $21, $22, $23, $24, $25, $26,\n            CASE WHEN $14::VARCHAR IS NOT NULL THEN 'schedule'::job_trigger_kind END,\n            ($12::JSONB)->>'_ENTRYPOINT_OVERRIDE', $27)\n        ),\n        inserted_runtime AS (\n            INSERT INTO v2_job_runtime (id, ping) VALUES ($1, null)\n        ),\n        inserted_job_perms AS (\n            INSERT INTO job_perms (job_id, email, username, is_admin, is_operator, folders, groups, workspace_id) \n            values ($1, $32, $33, $34, $35, $36, $37, $2) \n            ON CONFLICT (job_id) DO UPDATE SET email = $32, username = $33, is_admin = $34, is_operator = $35, folders = $36, groups = $37, workspace_id = $2\n        )\n        INSERT INTO v2_job_queue\n            (workspace_id, id, running, scheduled_for, started_at, tag, priority)\n            VALUES ($2, $1, $28, COALESCE($29, now()), CASE WHEN $27 THEN now() END, $30, $31)",
+  "query": "WITH inserted_job AS (\n            INSERT INTO v2_job (id, workspace_id, raw_code, raw_lock, raw_flow, tag, parent_job,\n                created_by, permissioned_as, runnable_id, runnable_path, args, kind, trigger,\n            script_lang, same_worker, pre_run_error, permissioned_as_email, visible_to_owner,\n            flow_innermost_root_job, root_job, concurrent_limit, concurrency_time_window_s, timeout, flow_step_id,\n            cache_ttl, priority, trigger_kind, script_entrypoint_override, preprocessed)\n        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18,\n            $19, $20, $38, $21, $22, $23, $24, $25, $26,\n            CASE WHEN $14::VARCHAR IS NOT NULL THEN 'schedule'::job_trigger_kind END,\n            ($12::JSONB)->>'_ENTRYPOINT_OVERRIDE', $27)\n        ),\n        inserted_runtime AS (\n            INSERT INTO v2_job_runtime (id, ping) VALUES ($1, null)\n        ),\n        inserted_job_perms AS (\n            INSERT INTO job_perms (job_id, email, username, is_admin, is_operator, folders, groups, workspace_id) \n            values ($1, $32, $33, $34, $35, $36, $37, $2) \n            ON CONFLICT (job_id) DO UPDATE SET email = $32, username = $33, is_admin = $34, is_operator = $35, folders = $36, groups = $37, workspace_id = $2\n        )\n        INSERT INTO v2_job_queue\n            (workspace_id, id, running, scheduled_for, started_at, tag, priority)\n            VALUES ($2, $1, $28, COALESCE($29, now()), CASE WHEN $27 THEN now() END, $30, $31)",
   "describe": {
     "columns": [],
     "parameters": {
@@ -70,7 +70,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }
@@ -96,10 +97,11 @@
         "Bool",
         "Bool",
         "JsonbArray",
-        "TextArray"
+        "TextArray",
+        "Uuid"
       ]
     },
     "nullable": []
   },
-  "hash": "cccdcb7fe7968eadfc04d8957a8e98b2f2d92a6d7f687a9dd5a70edb3d5a63e6"
+  "hash": "b7c3a66c3831eb5d145ff00807badae57bef81be051f150df754fd1444d7356d"
 }

backend/.sqlx/query-baa1dddc616419bf4b923715f0a863bc0ff69c98db0f0c8f55e4ac89fdde7a60.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT pubname FROM pg_publication WHERE pubname = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "pubname",
-        "type_info": "Name"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Name"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "baa1dddc616419bf4b923715f0a863bc0ff69c98db0f0c8f55e4ac89fdde7a60"
-}

backend/.sqlx/query-c3025cdb6e421e1225d420e8b1efd18d1dd3bb2fac53c1f2df648b61fb7488aa.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE worker_ping SET \nping_at = now(), \njobs_executed = 1, \ncurrent_job_id = $1, \ncurrent_job_workspace_id = 'admins' \nWHERE worker = $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "c3025cdb6e421e1225d420e8b1efd18d1dd3bb2fac53c1f2df648b61fb7488aa"
-}

backend/.sqlx/query-c51f9ad5133c46fd7c499b8339dbbf3f3059bbb85de07ee3b4b4cea971984a52.json

@@ -0,0 +1,132 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                SELECT\n                    mqtt_resource_path,\n                    subscribe_topics as \"subscribe_topics: _\",\n                    v3_config as \"v3_config: _\",\n                    v5_config as \"v5_config: _\",\n                    client_version AS \"client_version: _\",\n                    client_id,\n                    workspace_id,\n                    path,\n                    script_path,\n                    is_flow,\n                    edited_by,\n                    email,\n                    edited_at,\n                    server_id,\n                    last_server_ping,\n                    extra_perms,\n                    error,\n                    enabled\n                FROM \n                    mqtt_trigger\n                ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "mqtt_resource_path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "subscribe_topics: _",
+        "type_info": "JsonbArray"
+      },
+      {
+        "ordinal": 2,
+        "name": "v3_config: _",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 3,
+        "name": "v5_config: _",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 4,
+        "name": "client_version: _",
+        "type_info": {
+          "Custom": {
+            "name": "mqtt_client_version",
+            "kind": {
+              "Enum": [
+                "v3",
+                "v5"
+              ]
+            }
+          }
+        }
+      },
+      {
+        "ordinal": 5,
+        "name": "client_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 6,
+        "name": "workspace_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 7,
+        "name": "path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 8,
+        "name": "script_path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 9,
+        "name": "is_flow",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 10,
+        "name": "edited_by",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 11,
+        "name": "email",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 12,
+        "name": "edited_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 13,
+        "name": "server_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 14,
+        "name": "last_server_ping",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 15,
+        "name": "extra_perms",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 16,
+        "name": "error",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 17,
+        "name": "enabled",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      false,
+      false,
+      true,
+      true,
+      false,
+      true,
+      false,
+      false,
+      false,
+      false,
+      false,
+      false,
+      false,
+      true,
+      true,
+      false,
+      true,
+      false
+    ]
+  },
+  "hash": "c51f9ad5133c46fd7c499b8339dbbf3f3059bbb85de07ee3b4b4cea971984a52"
+}

backend/.sqlx/query-c925264b7b0fd44ea7ab01c9af1514b9a9f2200e5a5db0a741697b28cd8b505f.json

@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT account FROM variable WHERE path = $1 AND workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "account",
+        "type_info": "Int4"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "c925264b7b0fd44ea7ab01c9af1514b9a9f2200e5a5db0a741697b28cd8b505f"
+}

backend/.sqlx/query-c9c040ec228a8fe4fda08439420141bee63339d4e3d5e2d68aabb12009f691c6.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO agent_token_blacklist (token, expires_at, blacklisted_by) \n         VALUES ($1, $2, $3) \n         ON CONFLICT (token) DO UPDATE SET \n            expires_at = EXCLUDED.expires_at,\n            blacklisted_at = NOW(),\n            blacklisted_by = EXCLUDED.blacklisted_by",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Timestamp",
+        "Varchar"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "c9c040ec228a8fe4fda08439420141bee63339d4e3d5e2d68aabb12009f691c6"
+}

backend/.sqlx/query-ca3ba808e020c8c7a35eaef842b20cfeee64fd47ded72fce55cc75e0bbb291a8.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO usage (id, is_workspace, month_, usage) \n                VALUES ($1, TRUE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), $2) \n                ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Int4"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "ca3ba808e020c8c7a35eaef842b20cfeee64fd47ded72fce55cc75e0bbb291a8"
+}

backend/.sqlx/query-cb3862634f18160207ee2621ddfca43f00456a27fda32583846497116f92f96c.json

@@ -0,0 +1,38 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "WITH active_users as (SELECT distinct username as email FROM audit WHERE timestamp > NOW() - INTERVAL '1 month' AND (operation = 'users.login' OR operation = 'oauth.login' OR operation = 'users.token.refresh')),\n        active_authors as (SELECT distinct email FROM usr WHERE usr.operator IS false AND email IN (SELECT email FROM active_users)),\n        active_authors_agg as (SELECT array_agg(email) as authors FROM active_authors),\n        active_ops_agg as (SELECT array_agg(email) as operators from active_users WHERE email NOT IN (SELECT email FROM active_authors))\n        SELECT active_authors_agg.authors, active_ops_agg.operators, array_length(active_authors_agg.authors, 1) as author_count, array_length(active_ops_agg.operators, 1) as operator_count FROM active_authors_agg, active_ops_agg",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "authors",
+        "type_info": "VarcharArray"
+      },
+      {
+        "ordinal": 1,
+        "name": "operators",
+        "type_info": "VarcharArray"
+      },
+      {
+        "ordinal": 2,
+        "name": "author_count",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 3,
+        "name": "operator_count",
+        "type_info": "Int4"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      null,
+      null,
+      null,
+      null
+    ]
+  },
+  "hash": "cb3862634f18160207ee2621ddfca43f00456a27fda32583846497116f92f96c"
+}

backend/.sqlx/query-cb8bde4d92a020278cbae79c5c01a766c198392aceb38fb27e57b73de8f7f279.json

@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM script WHERE workspace_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "cb8bde4d92a020278cbae79c5c01a766c198392aceb38fb27e57b73de8f7f279"
+}

backend/.sqlx/query-cce991f582bc9d2ba28a5b2b41c679366bb07bc6a100727721a787160ac6910c.json

@@ -1,38 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "WITH active_users as (SELECT distinct username as email FROM audit WHERE timestamp > NOW() - INTERVAL '1 month' AND (operation = 'users.login' OR operation = 'oauth.login')),\n        active_authors as (SELECT distinct email FROM usr WHERE usr.operator IS false AND email IN (SELECT email FROM active_users)),\n        active_authors_agg as (SELECT array_agg(email) as authors FROM active_authors),\n        active_ops_agg as (SELECT array_agg(email) as operators from active_users WHERE email NOT IN (SELECT email FROM active_authors))\n        SELECT active_authors_agg.authors, active_ops_agg.operators, array_length(active_authors_agg.authors, 1) as author_count, array_length(active_ops_agg.operators, 1) as operator_count FROM active_authors_agg, active_ops_agg",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "authors",
-        "type_info": "VarcharArray"
-      },
-      {
-        "ordinal": 1,
-        "name": "operators",
-        "type_info": "VarcharArray"
-      },
-      {
-        "ordinal": 2,
-        "name": "author_count",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 3,
-        "name": "operator_count",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      null,
-      null,
-      null,
-      null
-    ]
-  },
-  "hash": "cce991f582bc9d2ba28a5b2b41c679366bb07bc6a100727721a787160ac6910c"
-}

backend/.sqlx/query-d15f02f090b8d1a7e816fe11b2e0867540ab6bb02ac6bf82decc220dce0ab048.json

@@ -42,7 +42,8 @@
                 "csharp",
                 "oracledb",
                 "nu",
-                "java"
+                "java",
+                "duckdb"
               ]
             }
           }

backend/.sqlx/query-d56722c25877222af9affd5da5bb83b28fa8cbb528a2cfc90684cb10a69e4375.json

@@ -0,0 +1,40 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT token, expires_at, blacklisted_at, blacklisted_by \n             FROM agent_token_blacklist \n             WHERE expires_at > $1 \n             ORDER BY blacklisted_at DESC",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "token",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "expires_at",
+        "type_info": "Timestamp"
+      },
+      {
+        "ordinal": 2,
+        "name": "blacklisted_at",
+        "type_info": "Timestamp"
+      },
+      {
+        "ordinal": 3,
+        "name": "blacklisted_by",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Timestamp"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "d56722c25877222af9affd5da5bb83b28fa8cbb528a2cfc90684cb10a69e4375"
+}

backend/.sqlx/query-dc36b46b9eb80cb7c92fa72519d117eda99a6f482a073ccd36a6431ef689a3fd.json

@@ -0,0 +1,35 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT \n                    path,\n                    summary,\n                    description\n                FROM\n                    script\n                WHERE\n                    path ~ ANY($1) AND\n                    workspace_id = $2 AND\n                    archived is FALSE\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "summary",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "description",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "TextArray",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "dc36b46b9eb80cb7c92fa72519d117eda99a6f482a073ccd36a6431ef689a3fd"
+}

backend/.sqlx/query-e38240e6d50bfe60e1c2b649588eb41dcef121ed161db04b2568ac2d990aed7c.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usage (id, is_workspace, month_, usage) \n                VALUES ($1, FALSE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), $2) \n                ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Int4"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "e38240e6d50bfe60e1c2b649588eb41dcef121ed161db04b2568ac2d990aed7c"
-}

backend/.sqlx/query-e7348225a27bbdc9607d7c799e7192cd6ce4088467d91a5cbdc019430320d26d.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT\n                    value->'preprocessor_module'->'value' as \"preprocessor_module: _\",\n                    schema as \"schema: _\"\n                FROM flow \n                WHERE workspace_id = $1\n                    AND path = $2",
+  "query": "SELECT\n                    value->'preprocessor_module'->'value' as \"preprocessor_module: _\",\n                    schema as \"schema: _\"\n                FROM flow_version\n                WHERE \n                    path = $1\n                    AND workspace_id = $2\n                ORDER BY created_at DESC\n                LIMIT 1",
   "describe": {
     "columns": [
       {
@@ -25,5 +25,5 @@
       true
     ]
   },
-  "hash": "72916f8e490f8252e0a51b7f562ccc3be832b12102eb86a07d8405a4fa9287d5"
+  "hash": "e7348225a27bbdc9607d7c799e7192cd6ce4088467d91a5cbdc019430320d26d"
 }

backend/.sqlx/query-ed99d4d088d0fd0c01f29803b12e99ae0a53d0b1feaa67737da409c51c1b6751.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n        INSERT INTO http_trigger (\n            workspace_id, \n            path, \n            route_path, \n            route_path_key,\n            workspaced_route,\n            authentication_resource_path,\n            wrap_body,\n            raw_string,\n            script_path, \n            is_flow, \n            is_async, \n            authentication_method, \n            http_method, \n            static_asset_config, \n            edited_by, \n            email, \n            edited_at, \n            is_static_website\n        ) \n        VALUES (\n            $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, now(), $17\n        )\n        ",
+  "query": "\n        INSERT INTO http_trigger (\n            workspace_id, \n            path, \n            route_path, \n            route_path_key,\n            workspaced_route,\n            authentication_resource_path,\n            wrap_body,\n            raw_string,\n            script_path, \n            summary,\n            description,\n            is_flow, \n            is_async, \n            authentication_method, \n            http_method, \n            static_asset_config, \n            edited_by, \n            email, \n            edited_at, \n            is_static_website\n        ) \n        VALUES (\n            $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, now(), $19\n        )\n        ",
   "describe": {
     "columns": [],
     "parameters": {
@@ -14,6 +14,8 @@
         "Bool",
         "Bool",
         "Varchar",
+        "Varchar",
+        "Text",
         "Bool",
         "Bool",
         {
@@ -53,5 +55,5 @@
     },
     "nullable": []
   },
-  "hash": "8c30e91c2486f7511563621e7e805d0588a9ec8bbea9db10e95783e27e35bc12"
+  "hash": "ed99d4d088d0fd0c01f29803b12e99ae0a53d0b1feaa67737da409c51c1b6751"
 }

backend/.sqlx/query-f1dbcb6e6d82d17c19eb88c0e67dc1cb8baf5bd40b75a2a9cd3ebac440fda632.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE v2_job_queue q SET suspend = 0\n                             FROM v2_job j, v2_job_status f\n                             WHERE q.workspace_id = $1 AND q.suspend = $3 AND j.parent_job = $2\n                                 AND f.id = j.id AND q.id = j.id\n                                 AND (f.flow_status->'step')::int = 0",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Uuid",
+        "Int4"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "f1dbcb6e6d82d17c19eb88c0e67dc1cb8baf5bd40b75a2a9cd3ebac440fda632"
+}