Merge branch 'main' into migration/queue-params

Merge branch 'migration/queue-params' of https://github.com/yacineb/windmill into migration/queue-params
"squash" migrations in a single one
2024-11-02 19:35:19 +01:00 · 2024-10-04 13:35:33 +02:00 · 2024-10-04 13:35:07 +02:00 · 2024-10-04 13:11:32 +02:00 · 2024-10-04 13:05:44 +02:00 · 2024-10-03 11:59:16 +02:00
2490 changed files with 131479 additions and 250483 deletions
--- a/.aiderignore
+++ b/.aiderignore
@@ -1,3 +0,0 @@
-/*
-!/backend/
-!/frontend/
--- a/.cursor/rules/rust-best-practices.mdc
+++ b/.cursor/rules/rust-best-practices.mdc
@@ -1,110 +0,0 @@
---
-description: 
-globs: backend/**/*.rs
-alwaysApply: false
---
-# Windmill Backend - Rust Best Practices
-
-## Project Structure
-
-Windmill uses a workspace-based architecture with multiple crates:
-
- **windmill-api**: API server functionality
- **windmill-worker**: Job execution
- **windmill-common**: Shared code used by all crates
- **windmill-queue**: Job & flow queuing
- **windmill-audit**: Audit logging
- Other specialized crates (git-sync, autoscaling, etc.)
-
-## Adding New Code
-
-### Module Organization
-
- Place new code in the appropriate crate based on functionality
- For API endpoints, create or modify files in `windmill-api/src/` organized by domain
- For shared functionality, use `windmill-common/src/`
- Use the `_ee.rs` suffix for enterprise-only modules
- Follow existing patterns for file structure and organization
-
-### Error Handling
-
- Use the custom `Error` enum from `windmill-common::error`
- Return `Result<T, Error>` or `JsonResult<T>` for functions that can fail
- Use the `?` operator for error propagation
- Add location tracking to errors using `#[track_caller]`
-
-### Database Operations
-
- Use `sqlx` for database operations with prepared statements
- Leverage existing database helper functions in `db.rs` modules
- Use transactions for multi-step operations
- Handle database errors properly
-
-### API Endpoints
-
- Follow existing patterns in the `windmill-api` crate
- Use axum's routing system and extractors
- Group related routes together
- Use consistent response formats (JSON)
- Follow proper authentication and authorization patterns
- Do not forget to update backend/windmill-api/openapi.yaml after modifying an api endpoint
-
-## Performance Optimizations
-
-When generating code, especially involving `serde`, `sqlx`, and `tokio`, prioritize performance by applying the following principles:
-
-### Serde Optimizations (Serialization & Deserialization)
-
-   **Specify Structure Explicitly:** When defining structs for Serde (`#[derive(Serialize, Deserialize)]`), use `#[serde(...` attributes extensively. This includes:
-    *   `#[serde(rename = "...")]` or `#[serde(alias = "...")]` to map external names precisely, avoiding dynamic lookups.
-    *   `#[serde(default)]` for optional fields with default values, reducing parsing complexity.
-    *   `#[serde(skip_serializing_if = "...")]` to avoid writing fields that meet a certain condition (e.g., `Option::is_none()`, `Vec::is_empty()`, or a custom function), reducing output size and serialization work.
-    *   `#[serde(skip_serializing)]` or `#[serde(skip_deserializing)]` for fields that should *not* be included.
-   **Prefer Borrowing:** Where possible and safe (data lifetime allows), use `Cow<'a, str>` or `&'a str` (with `#[serde(borrow)]`) instead of `String` for string fields during deserialization. This avoids allocating new strings, enabling zero-copy reading from the input buffer. Apply this principle to byte slices (`&'a [u8]` / `Cow<'a, [u8]>`) and potentially borrowed vectors as well.
-   **Avoid Intermediate `Value`:** Unless the data structure is truly dynamic or unknown at compile time, deserialize directly into a well-defined struct or enum rather than into `serde_json::Value` (or equivalent for other formats). This avoids unnecessary heap allocations and type switching.
-
-### SQLx Optimizations (Database Interaction)
-
-   **Select Only Necessary Columns:** In `SELECT` queries, list specific column names rather than using `SELECT *`. This reduces data transferred from the database and the work needed for hydration/deserialization.
-   **Batch Operations:** For multiple `INSERT`, `UPDATE`, or `DELETE` statements, prefer executing them in a single query if the database and driver support it efficiently (e.g., `INSERT INTO ... VALUES (...), (...), ...`). This minimizes round trips to the database.
-   **Avoid N+1 Queries:** Do not loop through results of one query and execute a separate query for each item (e.g., fetching users, then querying for each user's profile in a loop). Instead, use JOINs or a single query with an `IN` clause to fetch related data efficiently.
-   **Deserialize Directly:** Use `#[derive(FromRow)]` on structs and ensure the struct fields match the selected columns in the query. This allows SQLx to hydrate objects directly, avoiding intermediate data structures.
-   **Parameterize Queries:** Always use SQLx's query methods (`.bind(...)`) to pass values as parameters rather than string formatting. This prevents SQL injection and allows the database to cache query plans, improving performance on repeated executions.
-
-### Tokio Optimizations (Asynchronous Runtime)
-
-   **Avoid Blocking Operations:** **Crucially**, never perform blocking operations (synchronous file I/O, `std::thread::sleep`, CPU-bound loops, `std::sync::Mutex::lock`, blocking network calls without `tokio::net`) directly within an `async fn` or a standard `tokio::spawn` task. Blocking pauses the entire worker thread, potentially starving other tasks. Use `tokio::task::spawn_blocking` for CPU-intensive work or blocking I/O.
-   **Use Tokio's Async Primitives:** Prefer `tokio::sync` (channels, mutexes, semaphores), `tokio::io`, `tokio::net`, and `tokio::time` over their `std` counterparts in asynchronous contexts. These are designed to yield control back to the scheduler.
-   **Manage Concurrency:** Be mindful of how many tasks are spawned. Creating a new task for every tiny piece of work can introduce overhead. Group related asynchronous operations where appropriate.
-   **Handle Shared State Efficiently:** Use `Arc` for shared ownership in concurrent tasks. When shared state needs mutation, prefer `tokio::sync::Mutex` over `std::sync::Mutex` in `async` code. Consider `tokio::sync::RwLock` if reads significantly outnumber writes. Minimize the duration for which locks are held.
-   **Understand `.await`:** Place `.await` strategically to allow the runtime to switch to other ready tasks. Ensure that `.await` points to genuinely asynchronous operations.
-   **Backpressure:** If dealing with data streams or queues between tasks, implement backpressure mechanisms (e.g., bounded channels like `tokio::sync::mpsc::channel`) to prevent one component from overwhelming another or critical resources like the database.
-
-## Enterprise Features
-
-   Use feature flags for enterprise functionality
-   Conditionally compile with `#[cfg(feature = "enterprise")]`
-   Isolate enterprise code in separate modules
-
-## Code Style
-
-   Group imports by external and internal crates
-   Place struct/enum definitions before implementations
-   Group similar functionality together
-   Use descriptive naming consistent with the codebase
-   Follow existing patterns for async code using tokio
-
-## Testing
-
-   Write unit tests for core functionality
-   Use the `#[cfg(test)]` module for test code
-   For database tests, use the existing test utilities
-
-## Common Crates Used
-
-   **tokio**: For async runtime
-   **axum**: For web server and routing
-   **sqlx**: For database operations
-   **serde**: For serialization/deserialization
-   **tracing**: For logging and diagnostics
-   **reqwest**: For HTTP client functionality
--- a/.cursor/rules/svelte5-best-practices.mdc
+++ b/.cursor/rules/svelte5-best-practices.mdc
@@ -1,229 +0,0 @@
---
-description: 
-globs: frontend/src/**/*.svelte
-alwaysApply: false
---
-# Svelte 5 Best Practices
-
-This guide outlines best practices for developing with Svelte 5, incorporating the new Runes API and other modern Svelte features. These rules MUST NOT be applied on svelte 4 files unless explicitly asked to do so.
-
-## Reactivity with Runes
-
-Svelte 5 introduces Runes for more explicit and flexible reactivity.
-
-1.  **Embrace Runes for State Management**:
-    *   Use `$state` for reactive local component state.
-        ```svelte
-        <script>
-          let count = $state(0);
-
-          function increment() {
-            count += 1;
-          }
-        </script>
-
-        <button onclick={increment}>
-          Clicked {count} {count === 1 ? 'time' : 'times'}
-        </button>
-        ```
-    *   Use `$derived` for computed values based on other reactive state.
-        ```svelte
-        <script>
-          let count = $state(0);
-          const doubled = $derived(count * 2);
-        </script>
-
-        <p>{count} * 2 = {doubled}</p>
-        ```
-    *   Use `$effect` for side effects that need to run when reactive values change (e.g., logging, manual DOM manipulation, data fetching). Remember `$effect` does not run on the server.
-        ```svelte
-        <script>
-          let count = $state(0);
-
-          $effect(() => {
-            console.log('The count is now', count);
-            if (count > 5) {
-              alert('Count is too high!');
-            }
-          });
-        </script>
-        ```
-
-2.  **Props with `$props`**:
-    *   Declare component props using `$props()`. This offers better clarity and flexibility compared to `export let`.
-        ```svelte
-        <script>
-          // ChildComponent.svelte
-          let { name, age = $state(30) } = $props();
-        </script>
-
-        <p>Name: {name}</p>
-        <p>Age: {age}</p>
-        ```
-    *   For bindable props, use `$bindable`.
-        ```svelte
-        <script>
-          // MyInput.svelte
-          let { value = $bindable() } = $props();
-        </script>
-
-        <input bind:value />
-        ```
-
-## Event Handling
-
-*   **Use direct event attributes**: Svelte 5 moves away from `on:` directives for DOM events.
-    *   **Do**: `<button onclick={handleClick}>...</button>`
-    *   **Don't**: `<button on:click={handleClick}>...</button>`
-*   **For component events, prefer callback props**: Instead of `createEventDispatcher`, pass functions as props.
-    ```svelte
-    <!-- Parent.svelte -->
-    <script>
-      import Child from './Child.svelte';
-      let message = $state('');
-      function handleChildEvent(detail) {
-        message = detail;
-      }
-    </script>
-    <Child onCustomEvent={handleChildEvent} />
-    <p>Message from child: {message}</p>
-
-    <!-- Child.svelte -->
-    <script>
-      let { onCustomEvent } = $props();
-      function emitEvent() {
-        onCustomEvent('Hello from child!');
-      }
-    </script>
-    <button onclick={emitEvent}>Send Event</button>
-    ```
-
-## Snippets for Content Projection
-
-*   **Use `{#snippet ...}` and `{@render ...}` instead of slots**: Snippets are more powerful and flexible.
-    ```svelte
-    <!-- Parent.svelte -->
-    <script>
-      import Card from './Card.svelte';
-    </script>
-
-    <Card>
-      {#snippet title()}
-        My Awesome Title
-      {/snippet}
-      {#snippet content()}
-        <p>Some interesting content here.</p>
-      {/snippet}
-    </Card>
-
-    <!-- Card.svelte -->
-    <script>
-      let { title, content } = $props();
-    </script>
-
-    <article>
-      <header>{@render title()}</header>
-      <div>{@render content()}</div>
-    </article>
-    ```
-*   Default content is passed via the `children` prop (which is a snippet).
-    ```svelte
-    <!-- Wrapper.svelte -->
-    <script>
-      let { children } = $props();
-    </script>
-    <div>
-      {@render children?.()}
-    </div>
-    ```
-
-## Component Design
-
-1.  **Create Small, Reusable Components**: Break down complex UIs into smaller, focused components. Each component should have a single responsibility. This also aids performance by limiting the scope of reactivity updates.
-2.  **Descriptive Naming**: Use clear and descriptive names for variables, functions, and components.
-3.  **Minimize Logic in Components**: Move complex business logic to utility functions or services. Keep components focused on presentation and interaction.
-
-## State Management (Stores)
-
-1.  **Segment Stores**: Avoid a single global store. Create multiple stores, each responsible for a specific piece of global state (e.g., `userStore.js`, `themeStore.js`). This can help limit reactivity updates to only the parts of the UI that depend on specific state segments.
-2.  **Use Custom Stores for Complex Logic**: For stores with related methods, create custom stores.
-    ```javascript
-    // counterStore.js
-    import { writable } from 'svelte/store';
-
-    function createCounter() {
-      const { subscribe, set, update } = writable(0);
-
-      return {
-        subscribe,
-        increment: () => update(n => n + 1),
-        decrement: () => update(n => n - 1),
-        reset: () => set(0)
-      };
-    }
-    export const counter = createCounter();
-    ```
-3.  **Use Context API for Localized State**: For state shared within a component subtree, consider Svelte's context API (`setContext`, `getContext`) instead of global stores when the state doesn't need to be truly global.
-
-## Performance Optimizations (Svelte 5)
-
-When generating Svelte 5 code, prioritize frontend performance by applying the following principles:
-
-### General Svelte 5 Principles
-
-   **Leverage the Compiler:** Trust Svelte's compiler to generate optimized JavaScript. Avoid manual DOM manipulation (`document.querySelector`, etc.) unless absolutely necessary for integrating third-party libraries that lack Svelte adapters.
-   **Keep Components Small and Focused:** Reinforcing from Component Design, smaller components lead to less complex reactivity graphs and more targeted, efficient updates.
-
-### Reactivity & State Management
-
-   **Optimize Computations with `$derived`:** Always use `$derived` for computed values that depend on other state. This ensures the computation only runs when its specific dependencies change, avoiding unnecessary work compared to recomputing derived values in `$effect` or less efficient methods.
-   **Minimize `$effect` Usage:** Use `$effect` sparingly and only for true side effects that interact with the outside world or non-Svelte state. Avoid putting complex logic or state updates *within* an `$effect` unless those updates are explicitly intended as a reaction to external changes or non-Svelte state. Excessive or complex effects can impact rendering performance.
-   **Structure State for Fine-Grained Updates:** Design your `$state` objects or variables such that updates affect only the necessary parts of the UI. Avoid putting too much unrelated state into a single large object that gets frequently updated, as this can potentially trigger broader updates than necessary. Consider normalizing complex, nested state.
-
-### List Rendering (`{#each}`)
-
-   **Mandate `key` Attribute:** Always use a `key` attribute (`{#each items as item (item.id)}`) that refers to a unique, stable identifier for each item in a list. This is critical for allowing Svelte to efficiently update, reorder, add, or remove list items without destroying and re-creating unnecessary DOM elements and component instances.
-
-### Component Loading & Bundling
-
-   **Implement Lazy Loading/Code Splitting:** For routes, components, or modules that are not immediately needed on page load, use dynamic imports (`import(...)`) to split the code bundle. SvelteKit handles this automatically for routes, but it can be applied manually to components using helper patterns if needed.
-   **Be Mindful of Third-Party Libraries:** When incorporating external libraries, import only the necessary functions or components to minimize the final bundle size. Prefer libraries designed to be tree-shakeable.
-
-### Rendering & DOM
-
-   **Use CSS for Animations/Transitions:** Prefer CSS animations or transitions where possible for performance. Svelte's built-in `transition:` directive is also highly optimized and should be used for complex state-driven transitions, but simple cases can often use plain CSS.
-   **Optimize Image Loading:** Implement best practices for images: use optimized formats (WebP, AVIF), lazy loading (`loading="lazy"`), and responsive images (`<picture>`, `srcset`) to avoid loading unnecessarily large images.
-
-### Server-Side Rendering (SSR) & Hydration
-
-   **Ensure SSR Compatibility:** Write components that can be rendered on the server for faster initial page loads. Avoid relying on browser-specific APIs (like `window` or `document`) in the main `<script>` context. If necessary, use `$effect` or check `if (browser)` inside effects to run browser-specific code only on the client.
-   **Minimize Work During Hydration:** Structure components and data fetching such that minimal complex setup or computation is required when the client-side Svelte code takes over from the server-rendered HTML. Heavy synchronous work during hydration can block the main thread.
-
-## General Clean Code Practices
-
-1.  **Organized File Structure**: Group related files together. A common structure:
-    ```
-    /src
-    |-- /routes      // Page components (if using a router like SvelteKit)
-    |-- /lib         // Utility functions, services, constants (SvelteKit often uses this)
-    |   |-- /stores
-    |   |-- /utils
-    |   |-- /services
-    |   |-- /components  // Reusable UI components
-    |-- App.svelte
-    |-- main.js (or main.ts)
-    ```
-2.  **Scoped Styles**: Keep CSS scoped to components to avoid unintended side effects and improve maintainability. Avoid `:global` where possible.
-3.  **Immutability**: With Svelte 5 and `$state`, direct assignments to properties of `$state` objects (`obj.prop = value;`) are generally fine as Svelte's reactivity system handles updates. However, for non-rune state or when interacting with other systems, understanding and sometimes preferring immutable updates (creating new objects/arrays) can still be relevant.
-4.  **Use `class:` and `style:` directives**: For dynamic classes and styles, use Svelte's built-in directives for cleaner templates and potentially optimized updates.
-    ```svelte
-    <script>
-      let isActive = $state(true);
-      let color = $state('blue');
-    </script>
-
-    <div class:active={isActive} style:color={color}>
-      Hello
-    </div>
-    ```
-5.  **Stay Updated**: Keep Svelte and its related packages up to date to benefit from the latest features, performance improvements, and security fixes.
--- a/.cursor/rules/windmill-overview.mdc
+++ b/.cursor/rules/windmill-overview.mdc
@@ -1,76 +0,0 @@
---
-description: 
-globs: 
-alwaysApply: false
---
-# Windmill Overview
-
-Windmill is an open-source developer platform for building internal tools, API integrations, background jobs, workflows, and user interfaces. It offers a unified system where scripts are automatically turned into sharable UIs and can be composed into flows or embedded in custom applications.
-
-## Core Capabilities
-
- **Script Development and Execution**: Write and run scripts in Python, TypeScript/JavaScript (Deno/Bun), Go, Bash, SQL, and other languages
- **Workflow Orchestration**: Compose scripts into multi-step flows with conditional logic, loops, and error handling
- **UI Generation**: Automatically generate UIs from scripts or build custom applications with a low-code editor
- **Job Scheduling**: Trigger scripts and flows on schedules, webhooks, or external events
- **Resource Management**: Securely store and use credentials, databases, and other connections
-
-## Platform Architecture
-
-The Windmill platform consists of several key components:
-
- **Frontend UI**: Web-based interface for script and flow development, app building, and result visualization
- **API Server**: Central API that handles authentication, resource management, and job coordination
- **Workers**: Execute scripts in their respective environments with proper sandboxing
- **Database**: PostgreSQL database for storage of scripts, flows, resources, job results, and more
- **Job Queue**: Queue system for managing job execution, implemented in PostgreSQL
- **Client Libraries**: Libraries for interacting with Windmill from Python, TypeScript, or command line
-
-# Windmill Backend Architecture
-
-The Windmill backend is written in Rust and consists of several services working together. These services are designed for horizontal scaling with stateless API servers and workers that can be deployed across multiple machines.
-
-## Key Components
-
- **API Server (`windmill-api`)**: Handles HTTP requests, authentication, and resource management
- **Queue Manager (`windmill-queue`)**: Manages the job queue in PostgreSQL
- **Worker System (`windmill-worker`)**: Executes jobs in sandboxed environments
- **Common Utilities (`windmill-common`)**: Shared code used by multiple services
- **Git Sync (`windmill-git-sync`)**: Synchronizes scripts with Git repositories
-
-## Job Execution System
-
-The job execution process follows these steps:
-
-1. The API server receives a request to run a script or flow and creates a job record in the database
-2. The job is added to the queue system in PostgreSQL
-3. Workers continuously poll the queue for jobs matching their capabilities
-4. When a job is picked up, it's routed to the appropriate language executor
-5. The script is executed in a sandboxed environment using NSJAIL for security
-6. Results are processed and stored in the database
-7. For flows, each step creates a new job that goes through the same process
-
-Windmill supports worker tags and groups to route jobs to workers with specific capabilities or resource access.
-
-# Windmill Frontend Architecture
-
-The Windmill frontend is built with Svelte and provides several key interfaces for interacting with the platform.
-
-## Key Components
-
- **Script Builder**: Code editor with language support, schema inference, and dependency management
- **Flow Builder**: Visual editor for creating multi-step workflows with branching and looping
- **App Editor**: Grid-based editor for building custom UIs that integrate scripts and flows
- **Schema Form System**: Generates form interfaces from script parameters automatically
- **Result Viewer**: Visualizes job results, logs, and execution status
-
-The frontend uses the Monaco editor (same as VS Code) for code editing, with specialized language support for all supported script languages.
-
-## UI Framework
-
-The frontend is built with Svelte, providing a reactive and component-based architecture. Key frontend technologies include:
-
- **Svelte/SvelteKit**: Core framework for UI components and routing
- **Monaco Editor**: Code editing experience similar to VS Code
- **Schema Form**: Automatic UI generation from TypeScript/JSON schemas
- **Tailwind CSS**: Utility-first CSS framework for styling
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -7,6 +7,7 @@ services:
    # image: mcr.microsoft.com/vscode/devcontainers/rust:bullseye
    environment:
      - DENO_PATH=/usr/local/cargo/bin/deno
+      - PYTHON_PATH=/usr/bin/python3
      - NSJAIL_PATH=/bin/nsjail
    volumes:
      - .:/workspace:cached
--- a/.env
+++ b/.env
@@ -7,7 +7,3 @@ WM_IMAGE=ghcr.io/windmill-labs/windmill:main

 # To use another port than :80, setup the Caddyfile and the caddy section of the docker-compose to your needs: https://caddyserver.com/docs/getting-started
 # To have caddy take care of automatic TLS
-
-# To rotate logs, set the following variables:
-#LOG_MAX_SIZE=10m
-#LOG_MAX_FILE=3
--- a/.envrc
+++ b/.envrc
@@ -1 +1 @@
-use flake
+use nix
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,4 +1,4 @@
-*       @rubenfiszel @HugoCasa @alpetric
+*       @rubenfiszel

-/community/ @rubenfiszel @HugoCasa @alpetric
-/frontend/  @rubenfiszel @HugoCasa @alpetric
+/community/ @fatonramadani @rubenfiszel
+/frontend/ @fatonramadani @rubenfiszel
--- a/.github/DockerfileBackendTests
+++ b/.github/DockerfileBackendTests
@@ -27,38 +27,29 @@ RUN wget https://golang.org/dl/go1.21.5.linux-amd64.tar.gz && tar -C /usr/local
 ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go

-# UV
+# Install UV
 RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.18/uv-installer.sh | sh && mv /usr/local/cargo/bin/uv /usr/local/bin/uv

 ENV TZ=Etc/UTC

 ENV PYTHON_VERSION 3.11.4

-# Python
 RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz \
    && tar -xf Python-${PYTHON_VERSION}.tgz && cd Python-${PYTHON_VERSION}/ && ./configure --enable-optimizations \
    && make -j 4 && make install

 RUN /usr/local/bin/python3 -m pip install pip-tools

-# Bun
-COPY --from=oven/bun:1.2.4 /usr/local/bin/bun /usr/bin/bun
+COPY --from=oven/bun:1.1.31 /usr/local/bin/bun /usr/bin/bun

 ARG TARGETPLATFORM

-# Deno
 RUN curl -Lsf https://github.com/denoland/deno/releases/download/v2.0.2/deno-x86_64-unknown-linux-gnu.zip -o deno.zip 
 # RUN [ "$TARGETPLATFORM" == "linux/arm64" ] && curl -Lsf https://github.com/denoland/deno/releases/download/v2.0.0/deno-aarch64-unknown-linux-gnu.zip -o deno.zip || true
+
 RUN unzip deno.zip && rm deno.zip && mv deno /usr/bin/deno

 RUN apt-get update \
    && apt-get install -y postgresql-client --allow-unauthenticated

-RUN rustup component add rustfmt
-
-# C#
-COPY --from=bitnami/dotnet-sdk:9.0.101-debian-12-r0 /opt/bitnami/dotnet-sdk /opt/dotnet-sdk
-RUN ln -s /opt/dotnet-sdk/bin/dotnet /usr/bin/dotnet
-
-# Nushell
-COPY --from=ghcr.io/nushell/nushell:0.101.0-bookworm /usr/bin/nu /usr/bin/nu
+RUN rustup component add rustfmt
--- a/.github/change-versions-mac.sh
+++ b/.github/change-versions-mac.sh
@@ -16,7 +16,7 @@ sed -i '' -e "/\"version\": /s/: .*,/: \"$VERSION\",/" ${root_dirpath}/frontend/
 sed -i '' -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i '' -e "/^windmill-api =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i '' -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
-sed -i '' -e "/^[[:space:]]*ModuleVersion[[:space:]]*=/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
+sed -i '' -e "/^ModuleVersion =/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
 # sed -i '' -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" python-client/wmill_pg/pyproject.toml
 sed -i '' -e "/^wmill =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
 sed -i '' -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
--- a/.github/change-versions.sh
+++ b/.github/change-versions.sh
@@ -17,11 +17,11 @@ sed -i -e "/\"version\": /s/: .*,/: \"$VERSION\",/" ${root_dirpath}/frontend/pac
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i -e "/^windmill-api =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
-sed -i -e "/^[[:space:]]*ModuleVersion[[:space:]]*=/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
+sed -i -e "/^ModuleVersion =/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
 # sed -i -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
 sed -i -e "/^wmill =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
 sed -i -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile

 sed -i -zE "s/name = \"windmill\"\nversion = \"[^\"]*\"\\n(.*)/name = \"windmill\"\nversion = \"$VERSION\"\\n\\1/" ${root_dirpath}/backend/Cargo.lock

-cd ${root_dirpath}/frontend && npm i --package-lock-only --ignore-scripts
+cd ${root_dirpath}/frontend && npm i --package-lock-only
--- a/.github/workflows/aider-after-review.yaml
+++ b/.github/workflows/aider-after-review.yaml
@@ -1,94 +0,0 @@
-name: Aider Auto-fix PR Review Change Requests
-
-on:
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  check-membership:
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]')
-    runs-on: ubicloud-standard-2
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          REVIEWER: ${{ github.event.review.user.login }}
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-        run: |
-          ORG="windmill-labs"
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$REVIEWER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  check-and-prepare:
-    needs: check-membership
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      prompt_content: ${{ steps.prepare_prompt.outputs.prompt_content }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-        run: |
-          echo "Commenting on PR #${{ github.event.pull_request.number }} to acknowledge the /aider command."
-          gh pr comment ${{ github.event.pull_request.number }} --body "🤖 Aider is starting to work on your request. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
-
-      - name: Prepare prompt for Aider
-        id: prepare_prompt
-        shell: bash
-        env:
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          REVIEW_BODY: ${{ github.event.review.body }}
-        run: |
-          REVIEW_BODY_ESCAPED="${REVIEW_BODY//\\/\\\\}"
-          REVIEW_BODY_ESCAPED="${REVIEW_BODY_ESCAPED//\"/\\\"}"
-
-          ALL_REVIEW_COMMENTS=$(gh api \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/comments)
-
-          FORMATTED_COMMENTS=$(jq -r '[.[] | {diff_hunk: .diff_hunk, path: .path, body: .body}]' <<< "$ALL_REVIEW_COMMENTS")
-
-          BASE_PROMPT="Fix the following issues in the PR based on the review feedback. The review body is prepended with REVIEW. The review comments are prepended with REVIEW_COMMENTS. The review body and comments are separated by a blank line."
-
-          COMPLETE_PROMPT="${BASE_PROMPT}"$'\n'"REVIEW:"$'\n'"${REVIEW_BODY_ESCAPED}"$'\n'"REVIEW_COMMENTS:"$'\n'"${FORMATTED_COMMENTS}"
-
-          echo "prompt_content<<EOF" >> $GITHUB_OUTPUT
-          echo "$COMPLETE_PROMPT" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-  run-aider:
-    needs: [check-membership, check-and-prepare]
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      needs_processing: false
-      base_prompt: ${{ needs.check-and-prepare.outputs.prompt_content }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit
--- a/.github/workflows/aider-common.yml
+++ b/.github/workflows/aider-common.yml
@@ -1,522 +0,0 @@
-name: Aider Common Steps
-
-on:
-  workflow_call:
-    inputs:
-      issue_title:
-        description: "Title of the issue or PR"
-        required: false
-        type: string
-      issue_body:
-        description: "Body of the issue or PR"
-        required: false
-        type: string
-      instruction:
-        description: "Instruction for Aider"
-        required: false
-        type: string
-      issue_id:
-        description: "ID of the issue or PR"
-        required: false
-        type: string
-      needs_processing:
-        description: "Whether the issue needs to be processed by the external API"
-        required: false
-        type: boolean
-        default: true
-      base_prompt:
-        description: "Base prompt for Aider"
-        required: false
-        type: string
-        default: "Try to fix the following issue based on the instruction given by the user. The issue is prepended with the word ISSUE. The instruction is prepended with the word INSTRUCTION. The issue and instruction are separated by a blank line."
-      probe_prompt:
-        description: "Prompt for probe-chat"
-        required: false
-        type: string
-        default: 'I''m giving you a request that needs to be implemented. Your role is ONLY to give me the files that are relevant to the request and nothing else. The request is prepended with the word REQUEST. Give me all the files relevant to this request. Your output MUST be a single json array that can be parsed with programatic json parsing, with the relevant files. Files can be rust or typescript or javascript files. DO NOT INCLUDE ANY OTHER TEXT IN YOUR OUTPUT. ONLY THE JSON ARRAY. Example of output: ["file1.py", "file2.py"]'
-      rules_files:
-        description: "Rules files for Aider"
-        required: false
-        type: string
-    outputs:
-      files_to_edit:
-        description: "Files identified by probe-chat for editing"
-        value: ${{ jobs.common-steps.outputs.files_to_edit }}
-      final_prompt:
-        description: "Final prompt for Aider"
-        value: ${{ jobs.common-steps.outputs.final_prompt }}
-      pr_branch_name:
-        description: "Name of the branch used for PR"
-        value: ${{ jobs.common-steps.outputs.pr_branch_name }}
-      changes_applied_message:
-        description: "Message indicating changes were applied"
-        value: ${{ jobs.common-steps.outputs.changes_applied_message }}
-      changes_applied:
-        description: "Boolean indicating if changes were successfully applied"
-        value: ${{ jobs.common-steps.outputs.changes_applied }}
-
-jobs:
-  common-steps:
-    runs-on: ubicloud-standard-8
-    outputs:
-      files_to_edit: ${{ steps.probe_files.outputs.files_to_edit }}
-      final_prompt: ${{ steps.create_prompt.outputs.final_prompt }}
-      pr_branch_name: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
-      changes_applied_message: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED_MESSAGE }}
-      changes_applied: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Checkout PR Branch
-        id: checkout_pr
-        if: (github.event_name == 'issue_comment' && github.event.issue.pull_request) || (github.event_name == 'pull_request_review')
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "Issue comment trigger: Checking out PR branch..."
-          PR_NUMBER=""
-          if [ -n "${{ github.event.issue.number }}" ]; then
-            PR_NUMBER="${{ github.event.issue.number }}"
-          elif [ -n "${{ github.event.pull_request.number }}" ]; then
-            PR_NUMBER="${{ github.event.pull_request.number }}"
-          else
-            echo "::error::Could not determine PR number."
-            exit 1
-          fi
-          PR_HEAD_REF=$(gh pr view $PR_NUMBER --json headRefName -q .headRefName --repo $GITHUB_REPOSITORY)
-          if [[ -z "$PR_HEAD_REF" || "$PR_HEAD_REF" == "null" ]]; then
-             echo "::error::Could not determine PR head branch for PR #$PR_NUMBER via gh CLI."
-             exit 1
-          fi
-          echo "Checking out PR head branch: $PR_HEAD_REF for PR #$PR_NUMBER"
-          git fetch origin "refs/heads/${PR_HEAD_REF}:refs/remotes/origin/${PR_HEAD_REF}" --no-tags
-          git checkout "$PR_HEAD_REF"
-          echo "Successfully checked out branch $(git rev-parse --abbrev-ref HEAD)"
-          echo "PR_BRANCH=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-
-      - name: Configure Git User
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-
-      - name: Cache Python dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt', '**/setup.py') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-
-      - name: Install Aider and Dependencies
-        run: |
-          echo "Installing Aider..."
-          python -m pip install uv
-          python -m venv ~/uv-env
-          source ~/uv-env/bin/activate
-          uv pip install configargparse==1.7
-          uv pip install aider-chat==0.83.1
-          uv pip install -U google-generativeai
-          sudo apt-get update && sudo apt-get install -y jq
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-          echo "VIRTUAL_ENV_PATH=$HOME/uv-env" >> $GITHUB_ENV
-
-      - name: Create Prompt for Aider
-        id: create_prompt
-        shell: bash
-        env:
-          BASE_PROMPT_ENV: ${{ inputs.base_prompt }}
-          ISSUE_TITLE_ENV: ${{ inputs.issue_title }}
-          ISSUE_BODY_ENV: ${{ inputs.issue_body }}
-          INSTRUCTION_ENV: ${{ inputs.instruction }}
-          NEEDS_PROCESSING_ENV: ${{ inputs.needs_processing }}
-          WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-        run: |
-          set -e
-          FINAL_PROMPT_CONTENT=""
-
-          if [[ "$ISSUE_TITLE_ENV" != "" && "$ISSUE_BODY_ENV" != "" ]]; then
-            echo "Processing issue with title: $ISSUE_TITLE_ENV"
-            if [[ "$NEEDS_PROCESSING_ENV" == "true" ]]; then
-              echo "Needs processing is true. Calling Windmill API..."
-              JSON_PAYLOAD=$(jq -n \
-                --arg title "$ISSUE_TITLE_ENV" \
-                --arg body "$ISSUE_BODY_ENV" \
-                '{"body":{"issue_title":$title,"issue_body":$body}}')
-
-              echo "Windmill JSON Payload: $JSON_PAYLOAD"
-
-              API_RESULT_FILE=$(mktemp)
-              HTTP_CODE=$(curl -s -o "$API_RESULT_FILE" -w "%{http_code}" \
-                -X POST "https://app.windmill.dev/api/w/windmill-labs/jobs/run_wait_result/p/f/ai/quiet_script" \
-                -H "Content-Type: application/json" \
-                -H "Authorization: Bearer $WINDMILL_TOKEN" \
-                --data-binary "$JSON_PAYLOAD" \
-                --max-time 90)
-
-              BODY_CONTENT=$(cat "$API_RESULT_FILE")
-              rm -f "$API_RESULT_FILE" # Clean up temp file
-
-              echo "Windmill API HTTP Code: $HTTP_CODE"
-              if [[ "$HTTP_CODE" -eq 200 ]]; then
-                PROCESSED_ISSUE_PROMPT=$(echo "$BODY_CONTENT" | jq -r '.effective_body // empty')
-                if [[ -z "$PROCESSED_ISSUE_PROMPT" || "$PROCESSED_ISSUE_PROMPT" == "null" ]]; then
-                  echo "::warning::Windmill API returned 200 but effective_body was empty or null."
-                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$ISSUE_BODY_ENV"
-                else
-                  echo "Successfully processed issue via Windmill API."
-                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$PROCESSED_ISSUE_PROMPT"
-                fi
-                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT_ENV" "$EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT" "$INSTRUCTION_ENV")
-              else
-                echo "::error::Windmill API call failed (HTTP $HTTP_CODE). Using raw issue content for prompt."
-                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
-              fi
-            else
-              echo "Needs processing is false. Using raw issue content for prompt."
-              FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
-            fi
-          else
-            echo "No issue title or body given. Using base prompt."
-            FINAL_PROMPT_CONTENT=$(printf "%s\nINSTRUCTION:\n%s" "$BASE_PROMPT_ENV" "$INSTRUCTION_ENV")
-          fi
-
-          echo "Final prompt: $FINAL_PROMPT_CONTENT"
-          echo "final_prompt<<EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
-          echo "$FINAL_PROMPT_CONTENT" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
-
-      - name: Probe Chat for Relevant Files
-        id: probe_files
-        shell: bash
-        env:
-          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
-          PROBE_PROMPT: ${{ inputs.probe_prompt }}
-        run: |
-          echo "Running probe-chat to find relevant files..."
-
-          MESSAGE_FOR_PROBE=$(printf "%s\nREQUEST:\n%s" "$PROBE_PROMPT" "$FINAL_PROMPT")
-
-          set -o pipefail
-          PROBE_OUTPUT=$(npx --yes @buger/probe-chat@latest --max-iterations 50 --model-name gemini-2.5-pro-preview-05-06 --message "$MESSAGE_FOR_PROBE") || {
-            echo "::error::probe-chat command failed. Output:"
-            echo "$PROBE_OUTPUT"
-            exit 1
-          }
-          set +o pipefail
-          echo "Probe-chat raw output:"
-          echo "$PROBE_OUTPUT"
-
-          JSON_FILES=$(echo "$PROBE_OUTPUT" | sed -n '/^\s*\[/,$p' | sed '/^\s*\]/q')
-          echo "Extracted JSON block:"
-          echo "$JSON_FILES"
-
-          FILES_LIST=$(echo "$JSON_FILES" | jq -e -r '[.[] | select(type == "string" and . != "" and . != null and (endswith("/") | not))] | join(" ")' || echo "")
-
-          if [[ -z "$FILES_LIST" ]]; then
-             echo "::warning::probe-chat did not identify any relevant files."
-          fi
-
-          echo "Formatted files list for aider: $FILES_LIST"
-          echo "files_to_edit=$FILES_LIST" >> $GITHUB_OUTPUT
-
-      - name: Cache Aider tags
-        uses: actions/cache@v3
-        with:
-          path: .aider.tags.cache.v4
-          key: ${{ runner.os }}-aider-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-aider-
-
-      - name: Prepare branch for Aider
-        id: prepare_branch
-        env:
-          ISSUE_ID: ${{ inputs.issue_id }}
-        run: |
-          if [[ "$ISSUE_ID" != "" ]]; then
-            BRANCH_NAME="aider-fix-issue-${ISSUE_ID}"
-
-            # Check if branch exists remotely
-            if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
-              echo "Branch $BRANCH_NAME already exists remotely, fetching it"
-              git fetch origin $BRANCH_NAME
-              git checkout $BRANCH_NAME
-              git pull origin $BRANCH_NAME
-            else
-              echo "Creating new branch $BRANCH_NAME"
-              git checkout -b $BRANCH_NAME
-            fi
-            echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
-          else
-            # We're in a pull_request_review event
-            PR_NUMBER="${{ github.event.pull_request.number }}"
-            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
-            
-            echo "Handling pull_request_review for PR #$PR_NUMBER on branch $PR_HEAD_REF"
-            
-            # Ensure we're on the correct branch
-            git config pull.rebase true
-            git fetch origin $PR_HEAD_REF
-            git checkout $PR_HEAD_REF
-            git pull origin $PR_HEAD_REF
-            
-            echo "Using PR branch $PR_HEAD_REF for PR #$PR_NUMBER"
-            echo "BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Run Aider
-        id: run_aider
-        shell: bash
-        env:
-          FILES_TO_EDIT: ${{ steps.probe_files.outputs.files_to_edit }}
-          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
-          RULES_FILES: ${{ inputs.rules_files }}
-        run: |
-          source $VIRTUAL_ENV_PATH/bin/activate
-          echo "$FINAL_PROMPT" > .aider_final_prompt.txt
-          echo "FILES_TO_EDIT: $FILES_TO_EDIT"
-
-          RULES=""
-          if [ -n "$RULES_FILES" ]; then
-            for rule in $RULES_FILES; do
-              RULES="$RULES --read $rule"
-            done
-          fi
-
-          aider \
-            $RULES \
-            $FILES_TO_EDIT \
-            --model gemini/gemini-2.5-pro-preview-05-06 \
-            --message-file .aider_final_prompt.txt \
-            --yes \
-            --no-check-update \
-            --auto-commits \
-            --no-analytics \
-            --no-gitignore \
-            | tee .aider_output.txt || true
-
-          echo "Aider command completed. Output saved to .aider_output.txt"
-
-      - name: Cache Node.js dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-
-      - name: Commit and Push Changes
-        id: commit_and_push
-        env:
-          ISSUE_ID: ${{ inputs.issue_id }}
-          BRANCH_NAME: ${{ steps.prepare_branch.outputs.BRANCH_NAME }}
-        run: |
-          if [[ "$ISSUE_ID" != "" ]]; then
-            # Check if there are any uncommitted changes
-            if [[ -n $(git status --porcelain) ]]; then
-              echo "Found uncommitted changes, committing them"
-              git add .
-              git commit -m "Aider changes"
-            fi
-
-            # Push changes to the branch
-            if git push origin $BRANCH_NAME; then
-              echo "Pushed to branch $BRANCH_NAME"
-              echo "PR_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED_MESSAGE=Aider changes pushed to branch $BRANCH_NAME." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
-            else
-              echo "::warning::Push to PR branch $BRANCH_NAME failed."
-              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $BRANCH_NAME." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
-            fi
-          else
-            # We're in a pull_request_review event
-            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
-            echo "Attempting to push changes to PR branch $PR_HEAD_REF"
-            if git push origin $PR_HEAD_REF; then
-              echo "Push to $PR_HEAD_REF successful (or no new changes to push)."
-              echo "CHANGES_APPLIED_MESSAGE=Aider changes (if any) pushed to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
-              echo "PR_BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
-            else
-              echo "::warning::Push to PR branch $PR_HEAD_REF failed."
-              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
-            fi
-          fi
-
-      - name: Create Pull Request
-        if: always() && (github.event_name == 'issue_comment' || github.event_name == 'repository_dispatch') && !github.event.issue.pull_request && steps.commit_and_push.outputs.PR_BRANCH_NAME != ''
-        id: create_pr
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_BRANCH: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
-          ISSUE_NUM: ${{ inputs.issue_id }}
-          ISSUE_TITLE: ${{ inputs.issue_title }}
-          GITHUB_EVENT_NAME: ${{ github.event_name }}
-        run: |
-          # Create PR description in a temporary file to avoid command line length limits and ensure it stays under 40k chars
-          HEADER="This PR was created automatically by Aider to fix issue #${ISSUE_NUM}."
-          # if event is repository_dispatch, add the issue title to the header
-          if [ "$GITHUB_EVENT_NAME" == "repository_dispatch" ]; then
-            if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
-              HEADER="This PR was created automatically by Aider to fix issue #linear:${ISSUE_NUM}."
-            elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
-              HEADER="This PR was created automatically by Aider to fix issue #discord:${ISSUE_NUM}."
-            fi
-          fi
-          cat > /tmp/pr-description.md << EOL | head -c 40000
-          $HEADER
-
-          ## Aider Output
-          \`\`\`
-          $(cat .aider_output.txt || echo "No output available")
-          \`\`\`
-          EOL
-
-          # Create PR using the file for the body content, handle errors gracefully
-          set +e  # Don't exit on error
-          PR_TITLE="[Aider PR] Fix: ${ISSUE_TITLE}"
-          if [ -z "$ISSUE_TITLE" ]; then
-            PR_TITLE="[Aider PR] AI changes after request"
-          fi
-          gh pr create \
-            --title "$PR_TITLE" \
-            --body-file /tmp/pr-description.md \
-            --head "$PR_BRANCH" \
-            --base main \
-            --draft
-          PR_CREATE_EXIT_CODE=$?
-          set -e  # Re-enable exit on error
-
-          if [ $PR_CREATE_EXIT_CODE -eq 0 ]; then
-            echo "PR created successfully"
-            PR_URL=$(gh pr view $PR_BRANCH --json url --jq .url)
-            echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
-            echo "PR_CREATED=true" >> $GITHUB_OUTPUT
-          else
-            echo "Warning: Failed to create PR. Exit code: $PR_CREATE_EXIT_CODE"
-            echo "PR_CREATED=false" >> $GITHUB_OUTPUT
-            # Continue workflow despite PR creation failure
-          fi
-
-      - name: Comment on PR with Aider Output
-        if: always() && github.event_name == 'pull_request_review' && steps.commit_and_push.outputs.CHANGES_APPLIED != ''
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUM: ${{ github.event.pull_request.number }}
-          JOB_STATUS: ${{ job.status }}
-        run: |
-          # Create comment body in a temporary file to avoid command line length limits
-          if [[ "${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}" == "true" ]]; then
-            if [[ "$JOB_STATUS" == "success" ]]; then
-              STATUS_PREFIX="🤖 I've automatically addressed the feedback based on the review."
-            else
-              STATUS_PREFIX="⚠️ I attempted to address the feedback, but encountered some issues."
-            fi
-          else
-            if [[ "$JOB_STATUS" == "success" ]]; then
-              STATUS_PREFIX="🤖 I attempted to address the review feedback, but no modifications were made."
-            else
-              STATUS_PREFIX="⚠️ I encountered issues while attempting to address the feedback, and no modifications were made."
-            fi
-          fi
-
-          cat > /tmp/pr-comment.md << EOL
-          ${STATUS_PREFIX}
-
-          ## Aider Output
-          \`\`\`
-          $(cat .aider_output.txt || echo 'No output available')
-          \`\`\`
-
-          Please review the output and provide additional guidance if needed.
-          EOL
-
-          # Use the file for comment body
-          gh pr comment $PR_NUM --body-file /tmp/pr-comment.md
-
-      - name: Comment on issue/PR to let the user know Aider has finished working on the request
-        if: always() && github.event_name == 'issue_comment'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          JOB_STATUS: ${{ job.status }}
-          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
-          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
-        run: |
-          echo "Commenting on issue/PR #${{ github.event.issue.number }} to let the user know Aider has finished working on the request."
-
-          if [[ "$JOB_STATUS" == "success" ]]; then
-            if [[ "$PR_CREATED" == "true" ]]; then
-              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
-            else
-              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
-            fi
-          else
-            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
-          fi
-
-          gh issue comment ${{ github.event.issue.number }} --body "$COMMENT_BODY" --repo $GITHUB_REPOSITORY
-
-      - name: Comment on linear issue to let the user know Aider has finished working on the request
-        if: always() && github.event_name == 'repository_dispatch'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          JOB_STATUS: ${{ job.status }}
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
-          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-          SOURCE: ${{ github.event.client_payload.source }}
-        run: |
-          echo "Notifying user about Aider completion status for $SOURCE request #${{ github.event.client_payload.issue_id }}"
-          if [[ "$JOB_STATUS" == "success" ]]; then
-            if [[ "$PR_CREATED" == "true" ]]; then
-              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
-            else
-              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
-            fi
-          else
-            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
-          fi
-
-          if [[ "$SOURCE" == "discord" ]]; then
-            curl -X POST \
-              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
-              -H "Content-Type: application/json" \
-              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
-              -d "{\"content\":\"${COMMENT_BODY}\"}"
-          else
-            curl -X POST \
-              -H "Authorization: $LINEAR_API_KEY" \
-              -H "Content-Type: application/json" \
-              "https://api.linear.app/graphql" \
-              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"${COMMENT_BODY}\\\" }) { success } }\"}"
-          fi
--- a/.github/workflows/aider-external.yaml
+++ b/.github/workflows/aider-external.yaml
@@ -1,80 +0,0 @@
-name: External Aider Issue Fix
-
-on:
-  repository_dispatch:
-    types: [external_issue_fix]
-
-jobs:
-  check-and-prepare:
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
-      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
-      instruction: ${{ steps.determine_inputs.outputs.INSTRUCTION }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-        run: |
-          if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
-            echo "Commenting on Linear issue #${{ github.event.client_payload.issue_id }} to acknowledge the request."
-            curl -X POST \
-              -H "Authorization: $LINEAR_API_KEY" \
-              -H "Content-Type: application/json" \
-              "https://api.linear.app/graphql" \
-              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\\\" }) { success } }\"}"
-          elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
-            echo "Commenting on Discord thread #${{ github.event.client_payload.channel_id }} to acknowledge the request."
-            curl -X POST \
-              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
-              -H "Content-Type: application/json" \
-              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
-              -d "{\"content\":\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\"}"
-          fi
-
-      - name: Determine inputs for Aider
-        id: determine_inputs
-        shell: bash
-        env:
-          ISSUE_TITLE: ${{ github.event.client_payload.issue_title }}
-          ISSUE_BODY: ${{ github.event.client_payload.issue_body }}
-          INSTRUCTION: ${{ github.event.client_payload.instruction }}
-        run: |
-          echo "Determining inputs for Aider..."
-
-          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_TITLE" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-
-          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_BODY" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-
-          echo "INSTRUCTION<<EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "$INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "Finished determining inputs."
-
-  run-aider:
-    needs: check-and-prepare
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
-      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
-      instruction: ${{ needs.check-and-prepare.outputs.instruction }}
-      issue_id: ${{ github.event.client_payload.issue_id }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit
--- a/.github/workflows/aider.yaml
+++ b/.github/workflows/aider.yaml
@@ -1,165 +0,0 @@
-name: Aider Auto-fix issues and PR comments via external prompt
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  check-membership:
-    runs-on: ubicloud-standard-2
-    if: |
-      github.event_name == 'issue_comment' &&
-      contains(github.event.comment.body, '/aider') &&
-      !contains(github.event.comment.user.login, '[bot]')
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          COMMENTER: ${{ github.event.comment.user.login }}
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-        run: |
-          ORG="windmill-labs"
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  check-and-prepare:
-    needs: check-membership
-    runs-on: ubicloud-standard-2
-    if: needs.check-membership.outputs.is_member == 'true'
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-    outputs:
-      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
-      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
-      comment_content: ${{ steps.determine_inputs.outputs.COMMENT_CONTENT }}
-      pr_branch: ${{ steps.checkout_pr.outputs.PR_BRANCH }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-        run: |
-          echo "Commenting on issue/PR #${{ github.event.issue.number }} to acknowledge the /aider command."
-          gh issue comment ${{ github.event.issue.number }} --body "🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
-
-      - name: Determine inputs for Aider
-        id: determine_inputs
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          COMMENT_BODY: ${{ github.event.comment.body }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-        run: |
-          echo "Determining inputs for Aider..."
-          ISSUE_TITLE_VAL=""
-          ISSUE_BODY_VAL=""
-
-          if [[ ! -z "${{ github.event.issue.pull_request }}" ]]; then
-            echo "This is a comment on a Pull Request"
-            PR_NUMBER="$ISSUE_NUMBER"
-            
-            PR_BODY_JSON=$(gh pr view "$PR_NUMBER" --json body --repo "$GITHUB_REPOSITORY")
-            if [[ $? -ne 0 ]]; then
-              echo "Error fetching PR body for PR #$PR_NUMBER"
-              PR_BODY_VAL=""
-            else
-              PR_BODY_VAL=$(jq -r '.body // ""' <<< "$PR_BODY_JSON")
-            fi
-            
-            if [[ ! -z "$PR_BODY_VAL" ]]; then
-              REFERENCED_ISSUE=""
-              if [[ "$PR_BODY_VAL" =~ \#linear:([a-f0-9-]+) ]]; then
-                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
-                echo "Found referenced Linear issue #$REFERENCED_ISSUE in PR description"
-                LINEAR_ISSUE_JSON=$(curl -s -H "Authorization: $LINEAR_API_KEY" \
-                  "https://api.linear.app/graphql" \
-                  -X POST \
-                  -H "Content-Type: application/json" \
-                  -d "{\"query\":\"query { issue(id: \\\"$REFERENCED_ISSUE\\\") { title description } }\"}")
-                
-                if [[ $? -eq 0 && ! "$LINEAR_ISSUE_JSON" =~ "error" ]]; then
-                  ISSUE_TITLE_VAL=$(jq -r '.data.issue.title // ""' <<< "$LINEAR_ISSUE_JSON")
-                  ISSUE_BODY_VAL=$(jq -r '.data.issue.description // ""' <<< "$LINEAR_ISSUE_JSON")
-                  echo "Successfully fetched Linear issue details"
-                else
-                  echo "Error fetching Linear issue details for #$REFERENCED_ISSUE"
-                fi
-              elif [[ "$PR_BODY_VAL" =~ \#([0-9]+) ]]; then
-                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
-                echo "Found referenced GitHub issue #$REFERENCED_ISSUE in PR description"
-                
-                ISSUE_DETAILS_JSON=$(gh issue view "$REFERENCED_ISSUE" --json title,body --repo "$GITHUB_REPOSITORY")
-                if [[ $? -ne 0 ]]; then
-                  echo "Error fetching issue details for #$REFERENCED_ISSUE"
-                else
-                  ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
-                  ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON")
-                fi
-              fi
-            else
-              echo "PR body is empty or could not be fetched."
-            fi
-          else
-            echo "This is a comment on a regular issue"
-            
-            ISSUE_DETAILS_JSON=$(gh issue view "$ISSUE_NUMBER" --json title,body --repo "$GITHUB_REPOSITORY")
-            if [[ $? -ne 0 ]]; then
-              echo "Error fetching issue details for #$ISSUE_NUMBER"
-            else
-              ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
-              ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON") 
-            fi
-          fi
-
-          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_TITLE_VAL" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-
-          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_BODY_VAL" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-
-          CLEAN_COMMENT="${COMMENT_BODY/\/aider/}"
-          CLEAN_COMMENT="${CLEAN_COMMENT#"${CLEAN_COMMENT%%[![:space:]]*}"}"
-          CLEAN_COMMENT="${CLEAN_COMMENT%"${CLEAN_COMMENT##*[![:space:]]}"}"
-
-          echo "COMMENT_CONTENT<<EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "$CLEAN_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "Finished determining inputs."
-
-  run-aider:
-    needs: [check-membership, check-and-prepare]
-    if: needs.check-membership.outputs.is_member == 'true'
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
-      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
-      instruction: ${{ needs.check-and-prepare.outputs.comment_content }}
-      issue_id: ${{ github.event.issue.number }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit
--- a/.github/workflows/backend-check.yml
+++ b/.github/workflows/backend-check.yml
@@ -1,133 +0,0 @@
-name: Backend check
-on:
-  workflow_run:
-    workflows: ["Change versions"]
-    types:
-      - completed
-  push:
-    paths:
-      - "backend/**"
-      - ".github/workflows/backend-check.yml"
-
-jobs:
-  check_oss:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.85.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: backend
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: SQLX_OFFLINE=true cargo check
-
-  check_oss_full:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: install xmlsec1
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.85.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: backend
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: |
-          mkdir -p fake_frontend_build
-          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --features $(./all_features_oss.sh)
-
-  check_ee:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Read EE repo commit hash
-        run: |
-          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: Substitute EE code (EE logic is behind feature flag)
-        run: |
-          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.85.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: backend
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: SQLX_OFFLINE=true cargo check
-
-  check_ee_full:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Read EE repo commit hash
-        run: |
-          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: install xmlsec1
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev
-
-      - name: Substitute EE code (EE logic is behind feature flag)
-        run: |
-          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.85.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: backend
-      - name: cargo check
-        timeout-minutes: 16
-        working-directory: ./backend
-        run: |
-          mkdir -p fake_frontend_build
-          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --all-features
--- a/.github/workflows/backend-test.yml
+++ b/.github/workflows/backend-test.yml
@@ -13,56 +13,40 @@ on:
      - "backend/**"
      - ".github/workflows/backend-test.yml"

-defaults:
-  run:
-    working-directory: ./backend
-
 jobs:
  cargo_test:
    runs-on: ubicloud-standard-8
+    container:
+      image: ghcr.io/windmill-labs/backend-tests
    services:
      postgres:
        image: postgres
-        ports:
-          - 5432:5432
        env:
          POSTGRES_DB: windmill
          POSTGRES_PASSWORD: changeme
+
        options: >-
          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: "9.0.x"
-      - uses: denoland/setup-deno@v2
-        with:
-          deno-version: v2.x
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.21.5
-      - uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: 1.1.43
-      - uses: astral-sh/setup-uv@v6
-        with:
-          version: "0.6.2"
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          cache-workspaces: backend
-          toolchain: 1.85.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: backend
+          toolchain: 1.80.0
+      # - uses: Swatinem/rust-cache@v2
+      #   with:
+      #     workspaces: |
+      #       backend
+      #       backend -> target
      - name: cargo test
-        timeout-minutes: 16
+        timeout-minutes: 15
        run:
-          deno --version && bun -v && go version && python3 --version &&
-          SQLX_OFFLINE=true
-          DATABASE_URL=postgres://postgres:changeme@localhost:5432/windmill
-          DISABLE_EMBEDDING=true RUST_LOG=info
-          DENO_PATH=$(which deno) BUN_PATH=$(which bun) GO_PATH=$(which go)
-          UV_PATH=$(which uv) cargo test --features
-          enterprise,deno_core,license,python,rust,scoped_cache --all --
-          --nocapture
+          /usr/bin/deno --version &&
+          /usr/bin/bun -v &&
+          go version &&
+          /usr/local/bin/python3 --version &&
+          mkdir frontend/build && cd backend && touch
+          windmill-api/openapi-deref.yaml &&
+          DATABASE_URL=postgres://postgres:changeme@postgres:5432/windmill
+          DISABLE_EMBEDDING=true RUST_LOG=info cargo test --features
+          enterprise,deno_core --all -- --nocapture
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -14,13 +14,9 @@ jobs:
        env:
          POSTGRES_DB: windmill
          POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
        options: >-
          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
          --health-retries 5
-          --shm-size=2g
-
-
      windmill:
        image: ghcr.io/windmill-labs/windmill-ee:main
        env:
@@ -35,12 +31,12 @@ jobs:
        ports:
          - 8000:8000
    steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - name: benchmark
-        timeout-minutes: 30
-        run: deno run  -A -r
+        timeout-minutes: 20
+        run: deno run --unstable -A -r
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
          -c
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
@@ -59,7 +55,6 @@ jobs:
        env:
          POSTGRES_DB: windmill
          POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
        options: >-
          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
          --health-retries 5
@@ -77,12 +72,12 @@ jobs:
        ports:
          - 8000:8000
    steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - name: benchmark
        timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
          --no-warm-up -c
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_dedicated.json
@@ -101,7 +96,6 @@ jobs:
        env:
          POSTGRES_DB: windmill
          POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
        options: >-
          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
          --health-retries 5
@@ -152,17 +146,16 @@ jobs:
          --pull always

    steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - name: benchmark
        timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
          -c
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
          --workers 4
-          --factor 3
      - name: Save benchmark results
        uses: actions/upload-artifact@v4
        with:
@@ -178,7 +171,6 @@ jobs:
        env:
          POSTGRES_DB: windmill
          POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
        options: >-
          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
          --health-retries 5
@@ -272,17 +264,16 @@ jobs:
        options: >-
          --pull always
    steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - name: benchmark
        timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
          -c
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
          --workers 8
-          --factor 3
      - name: Save benchmark results
        uses: actions/upload-artifact@v4
        with:
@@ -298,9 +289,9 @@ jobs:
      - benchmark_4workers
      - benchmark_8workers
    steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - uses: actions/checkout@v4
        with:
          ref: benchmarks
@@ -309,7 +300,7 @@ jobs:
        with:
          merge-multiple: true
      - name: graphs
-        run: deno run -A -r
+        run: deno run --unstable -A -r
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_graphs.ts
          -c
          https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/graphs_config.json
--- a/.github/workflows/build-publish-rh-image.yml
+++ b/.github/workflows/build-publish-rh-image.yml
@@ -3,7 +3,8 @@ env:
  IMAGE_NAME: ${{ github.repository }}

 name: Build and publish windmill for RHEL9
-on: workflow_dispatch
+on:
+  workflow_dispatch

 permissions: write-all

@@ -64,7 +65,7 @@ jobs:
          platforms: linux/amd64
          push: true
          build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
          secrets: |
            rh_username=${{ secrets.RH_USERNAME }}
            rh_password=${{ secrets.RH_PASSWORD }}
@@ -73,7 +74,7 @@ jobs:
          labels: |
            ${{ steps.meta-ee-public.outputs.labels }}-amd64
            org.opencontainers.image.licenses=Windmill-Enterprise-License
-
+      
      - name: Build and push publicly ee arm64
        uses: depot/build-push-action@v1
        with:
@@ -81,7 +82,7 @@ jobs:
          platforms: linux/arm64
          push: true
          build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
          secrets: |
            rh_username=${{ secrets.RH_USERNAME }}
            rh_password=${{ secrets.RH_PASSWORD }}
@@ -97,29 +98,26 @@ jobs:
          image: ${{ steps.meta-ee-public.outputs.tags}}-amd64
          path: "/windmill/target/release/windmill"

-      # - uses: shrink/actions-docker-extract@v3
-      #   id: extract-ee-arm64
-      #   with:
-      #     image: ${{ steps.meta-ee-public.outputs.tags}}-arm64
-      #     path: "/windmill/target/release/windmill"
+      - uses: shrink/actions-docker-extract@v3
+        id: extract-ee-arm64
+        with:
+          image: ${{ steps.meta-ee-public.outputs.tags}}-arm64
+          path: "/windmill/target/release/windmill"

      - name: Rename binary with corresponding architecture
        run: |
          mv "${{ steps.extract-ee-amd64.outputs.destination }}/windmill" "${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel9"
-          # mv "${{ steps.extract-ee-arm64.outputs.destination }}/windmill" "${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9"
-
+          mv "${{ steps.extract-ee-arm64.outputs.destination }}/windmill" "${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9"
+      
      - uses: actions/upload-artifact@v4
        with:
          name: RHEL9-amd64 build
-          path: ${{ steps.extract-ee-amd64.outputs.destination
-            }}/windmill-ee-amd64-rhel9
+          path: ${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel9

-      # - uses: actions/upload-artifact@v4
-      #   with:
-      #     name: RHEL9-arm64 build
-      #     path:
-      #       ${{ steps.extract-ee-arm64.outputs.destination
-      #       }}/windmill-ee-arm64-rhel9
+      - uses: actions/upload-artifact@v4
+        with:
+          name: RHEL9-arm64 build
+          path: ${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9

      # - name: Attach binary to release
      #   uses: softprops/action-gh-release@v2
--- a/.github/workflows/build-staging-image.yml
+++ b/.github/workflows/build-staging-image.yml
@@ -0,0 +1,70 @@
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+name: Build windmill-staging
+on:
+  workflow_dispatch:
+
+permissions: write-all
+
+jobs:
+  build_ee:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read EE repo commit hash
+        run: |
+          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
+
+      - uses: actions/checkout@v4
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: ./windmill-ee-private
+          ref: ${{ env.ee_repo_ref }}
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+          fetch-depth: 0
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta-ee-public
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-staging-ee
+          flavor: |
+            latest=false
+          tags: |
+            type=sha
+            type=ref,event=branch
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Substitute EE code
+        run: |
+          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
+
+      - name: Build and push publicly ee
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
--- a/.github/workflows/publish_windows_worker.yml
+++ b/.github/workflows/publish_windows_worker.yml
@@ -32,12 +32,6 @@ jobs:
          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
          fetch-depth: 0

-      - name: Setup Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.85.0
-          override: true
-
      - name: Substitute EE code
        shell: bash
        run: |
@@ -53,7 +47,8 @@ jobs:
          $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
          mkdir frontend/build && cd backend
          New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
+          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
+
      - name: Rename binary with corresponding architecture
        run: |
          Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"
--- a/.github/workflows/build_windows_worker_.yml
+++ b/.github/workflows/build_windows_worker_.yml
@@ -1,63 +0,0 @@
-name: Build windows executable for this branch
-
-on:
-  workflow_dispatch:
-
-env:
-  CARGO_INCREMENTAL: 0
-  SQLX_OFFLINE: true
-  DISABLE_EMBEDDING: true
-  RUST_LOG: info
-
-jobs:
-  cargo_build_windows:
-    runs-on: windows-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Read EE repo commit hash
-        shell: pwsh
-        run: |
-          $ee_repo_ref = Get-Content .\backend\ee-repo-ref.txt
-          echo "ee_repo_ref=$ee_repo_ref" | Out-File -FilePath $env:GITHUB_ENV -Append
-
-      - name: Checkout windmill-ee-private repository
-        uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: Setup Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.85.0
-          override: true
-
-      - name: Substitute EE code
-        shell: bash
-        run: |
-          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
-
-      - name: Cargo build windows
-        timeout-minutes: 90
-        run: |
-          vcpkg.exe install openssl-windows:x64-windows
-          vcpkg.exe install openssl:x64-windows-static
-          vcpkg.exe integrate install
-          $env:VCPKGRS_DYNAMIC=1
-          $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
-          mkdir frontend/build && cd backend
-          New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,nats,sqs_trigger,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
-      - name: Rename binary with corresponding architecture
-        run: |
-          Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: windmill-ee-binary
-          path: ./backend/target/release/windmill-ee.exe
--- a/.github/workflows/build_ws.yml
+++ b/.github/workflows/build_ws.yml
@@ -19,10 +19,7 @@ jobs:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      # - uses: depot/setup-action@v1
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
+      - uses: depot/setup-action@v1
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -43,7 +40,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push publicly
-        uses: docker/build-push-action@v6
+        uses: depot/build-push-action@v1
        with:
          context: .
          file: ./docker/DockerfileMultiplayer
--- a/.github/workflows/change-versions.yml
+++ b/.github/workflows/change-versions.yml
@@ -20,4 +20,4 @@ jobs:
        run: |
          cd backend
          cargo generate-lockfile
-      - uses: stefanzweifel/git-auto-commit-action@v5
+      - uses: stefanzweifel/git-auto-commit-action@v4
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -1,85 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  check-membership:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/ai') && !contains(github.event.comment.user.login, '[bot]')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/ai') && !contains(github.event.comment.user.login, '[bot]')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/ai') && !contains(github.event.review.user.login, '[bot]')) ||
-      (github.event_name == 'issues' && contains(github.event.issue.body, '/ai') && !contains(github.event.issue.user.login, '[bot]'))
-    runs-on: ubicloud-standard-2
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-        run: |
-          ORG="windmill-labs"
-
-          if [[ "${{ github.event_name }}" == "issue_comment" || "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
-            COMMENTER="${{ github.event.comment.user.login }}"
-          elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
-            COMMENTER="${{ github.event.review.user.login }}"
-          else
-            COMMENTER="${{ github.event.issue.user.login }}"
-          fi
-
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  claude-code-action:
-    needs: check-membership
-    if: |
-      needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@beta
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          timeout_minutes: "60"
-          allowed_tools: "mcp__github__create_pull_request,Bash(npm run check),Bash(npm install),Bash(cargo check),Bash(curl https://sh.rustup.rs -sSf | sh -s -- -y)"
-          custom_instructions: "IMPORTANT INSTRUCTIONS:
-          - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main, with the title starting with [Claude PR].
-          - If you made changes to the frontend code, run npm install, then npm run generate-backend-client, then npm run check. You can ignore warnings that are reported by the check script, but fix the errors.
-          - If you made changes to the backend code, install Rust and then run cargo check. You can ignore warnings that are reported by the check script, but fix the errors.
-          - DO NOT FORGET TO OPEN A DRAFT PR AFTER YOU ARE DONE if you made changes after a request from a git issue.
-          AVAILABLE TOOLS:
-          - mcp__github__create_pull_request: Create a PR from a branch to main
-          - Bash(npm run check): Run the check script. You should run this tool after making changes to the frontend code.
-          - Bash(npm install): Install dependencies. You need this to run npm run check.
-          - Bash(npm run generate-backend-client): Generate the backend client. You need this to run npm run check.
-          - Bash(cargo check): Run the cargo check script. You should run this tool after making changes to the backend code.
-          - Bash(curl https://sh.rustup.rs -sSf | sh -s -- -y): Install Rust. You need this to run cargo check."
-          trigger_phrase: "/ai"
--- a/.github/workflows/create-docs.yml
+++ b/.github/workflows/create-docs.yml
@@ -1,41 +0,0 @@
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  check-membership:
-    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/docs') && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubicloud-standard-2
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-          COMMENTER: ${{ github.event.comment.user.login }}
-        run: |
-          ORG="windmill-labs"
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  trigger-docs:
-    needs: check-membership
-    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/docs') && needs.check-membership.outputs.is_member == 'true' }}
-    uses: windmill-labs/windmilldocs/.github/workflows/create-docs.yml@main
-    with:
-      pr_number: ${{ github.event.issue.number }}
-      repo: ${{ github.event.repository.name }}
-      comment_text: ${{ github.event.comment.body }}
-    secrets:
-      DOCS_TOKEN: ${{ secrets.DOCS_TOKEN }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
--- a/.github/workflows/deno_on_release.yml
+++ b/.github/workflows/deno_on_release.yml
@@ -0,0 +1,48 @@
+name: Publish deno-client
+on:
+  push:
+    tags:
+      - "v*"
+env:
+  repo: windmill-deno-client
+
+jobs:
+  build_deno_and_push_to_repo:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+      - name: generate_deno
+        run: |
+          cd deno-client
+          rm .gitignore
+          ./build.sh
+      - name: Pushes to another repository
+        id: push_directory
+        uses: cpina/github-action-push-to-another-repository@devel
+        env:
+          API_TOKEN_GITHUB: ${{ secrets.DENO_PAT }}
+        with:
+          source-directory: deno-client/
+          destination-github-username: ${{ github.repository_owner }}
+          destination-repository-name: ${{ env.repo }}
+          user-email: ruben@windmill.dev
+          commit-message: See ORIGIN_COMMIT from $GITHUB_REF
+          target-branch: main
+
+  tag_repo:
+    needs: [build_deno_and_push_to_repo]
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{ github.repository_owner }}/${{ env.repo }}
+          token: ${{ secrets.DENO_PAT }}
+          path: ./client
+
+      - name: Push client
+        run: |
+          cd ./client
+          git config --global user.email "ruben@windmill.dev"
+          git config --global user.name "rubenfiszel[bot]"
+          git tag -a ${{ github.ref_name }} -m "${{ github.ref_name }}"
+          git push --tags
--- a/.github/workflows/discord-notification.yml
+++ b/.github/workflows/discord-notification.yml
@@ -1,35 +0,0 @@
-name: Create discord thread when a PR is opened, react with green checkmark when PR is merged
-
-on:
-  pull_request:
-    types:
-      - opened
-      - ready_for_review
-      - closed
-
-jobs:
-  notify_discord_when_pr_opened:
-    if: (github.event.pull_request.draft == false) && (github.event.action == 'opened' || github.event.action == 'ready_for_review')
-    uses: ./.github/workflows/shareable-discord-notification.yml
-    with:
-      PR_TITLE: ${{ github.event.pull_request.title }}
-      PR_URL: ${{ github.event.pull_request.html_url }}
-      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
-      PR_STATUS: "opened"
-      PR_NUMBER: ${{ github.event.pull_request.number }}
-      DISCORD_CHANNEL_ID: "1372204995868491786"
-      DISCORD_GUILD_ID: "930051556043276338"
-    secrets:
-      DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_PR_REVIEWS_WEBHOOK }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-  merge_success_emoji:
-    if: github.event.pull_request.merged == true
-    uses: ./.github/workflows/shareable-discord-notification.yml
-    with:
-      PR_STATUS: "merged"
-      DISCORD_CHANNEL_ID: "1372204995868491786"
-      DISCORD_GUILD_ID: "930051556043276338"
-      PR_NUMBER: ${{ github.event.pull_request.number }}
-    secrets:
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
--- a/.github/workflows/docker-image-rpi4.yml
+++ b/.github/workflows/docker-image-rpi4.yml
@@ -67,7 +67,7 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          build-args: |
-            features=embedding,parquet,openidconnect,license,http_trigger,zip,oauth2,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp
+            features=embedding,parquet,openidconnect,deno_core
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev
            ${{ steps.meta-public.outputs.tags }}
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -1,9 +1,12 @@
 env:
  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.event_name != 'pull_request' && github.event_name !=
-    'workflow_dispatch' && github.repository || 'windmill-labs/windmill-test' }}
-  DEV_SHA: ${{ github.event_name != 'pull_request' && github.event_name !=
-    'workflow_dispatch' && 'dev' || github.event.inputs.tag || github.sha }}
+  IMAGE_NAME:
+    ${{ github.event_name != 'pull_request' && github.repository ||
+    'windmill-labs/windmill-test' }}
+  DEV_SHA:
+    ${{ github.event_name != 'pull_request' && 'dev' || format('pr-{0}',
+    github.event.number) }}
+
 name: Build windmill:main
 on:
  push:
@@ -13,37 +16,20 @@ on:
    types: [opened, synchronize, reopened]
    paths:
      - "Dockerfile"
-  workflow_dispatch:
-    inputs:
-      ee:
-        description: "Build EE image (true, false)"
-        required: false
-        default: false
-        type: boolean
-      tag:
-        description: "Tag the image"
-        required: true
-        default: "test"
-      nsjail:
-        description: "Build nsjail image (true, false)"
-        required: false
-        default: false
-        type: boolean
+
 concurrency:
  group: ${{ github.ref }}
-  cancel-in-progress: false
+  cancel-in-progress: true

 permissions: write-all

 jobs:
  build:
    runs-on: ubicloud
-    if: (github.event_name != 'workflow_dispatch') || (github.event.inputs &&
-      !github.event.inputs.ee)
+    if: (github.event_name != 'issue_comment') || (contains(github.event.comment.body, '/buildimage_all') || contains(github.event.comment.body, '/buildimage_base'))
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ github.ref }}
          fetch-depth: 0

      - name: Read EE repo commit hash
@@ -92,20 +78,20 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          build-args: |
-            features=embedding,parquet,openidconnect,jemalloc,license,http_trigger,zip,oauth2,dind,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,agent_worker_server,all_languages,deno_core,mcp,private
+            features=embedding,parquet,openidconnect,jemalloc,deno_core
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
            ${{ steps.meta-public.outputs.tags }}
          labels: |
            ${{ steps.meta-public.outputs.labels }}
+            org.opencontainers.image.licenses=AGPLv3

  build_ee:
    runs-on: ubicloud
-    if: (github.event_name != 'workflow_dispatch') || (github.event.inputs.ee || github.event.inputs.nsjail)
+    if: (github.event_name != 'issue_comment') || (contains(github.event.comment.body, '/buildimage_ee') || contains(github.event.comment.body, '/buildimage_nsjail')) || contains(github.event.comment.body, '/buildimage_all')
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ github.ref }}
          fetch-depth: 0

      - name: Read EE repo commit hash
@@ -154,7 +140,7 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,agent_worker_server,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,otel,dind,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages,private,deno_core,mcp
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee:${{ env.DEV_SHA }}
            ${{ steps.meta-ee-public.outputs.tags }}
@@ -162,6 +148,68 @@ jobs:
            ${{ steps.meta-ee-public.outputs.labels }}
            org.opencontainers.image.licenses=Windmill-Enterprise-License

+  build_ee_312:
+    runs-on: ubicloud
+    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read EE repo commit hash
+        run: |
+          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
+
+      - uses: actions/checkout@v4
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: ./windmill-ee-private
+          ref: ${{ env.ee_repo_ref }}
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+          fetch-depth: 0
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta-ee-public-py312
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-py312
+          flavor: |
+            latest=false
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Substitute EE code
+        run: |
+          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
+
+      - name: Build and push publicly ee
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
+            PYTHON_IMAGE=python:3.12.2-slim-bookworm
+          tags: |
+            ${{ steps.meta-ee-public-py312.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public-py312.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
  # disabled until we make it 100% reliable and add more meaningful tests
  # playwright:
  #   runs-on: [self-hosted, new]
@@ -203,6 +251,7 @@ jobs:
      ARCH: amd64
    steps:
      - uses: actions/checkout@v4
+
      - run: |
          # pulling docker image with desired arch so that actions-docker-extract doesn't do it
          docker pull --platform "linux/$ARCH" ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
@@ -288,7 +337,6 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ github.ref }}
          fetch-depth: 0
      - name: Prepare test run
        if: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
@@ -300,7 +348,7 @@ jobs:
          LICENSE_KEY: ${{ secrets.WM_LICENSE_KEY_CI }}
        run: cd integration_tests && ./run.sh
      - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: Windmill Integration Tests Logs
@@ -310,9 +358,7 @@ jobs:
  tag_latest:
    runs-on: ubicloud
    needs: [run_integration_test, build]
-    if:
-      github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' ||
-      startsWith(github.ref, 'refs/tags/v'))  && (github.event_name != 'workflow_dispatch')
+    if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
    steps:
      - uses: actions/checkout@v4
        with:
@@ -331,9 +377,7 @@ jobs:
  tag_latest_ee:
    runs-on: ubicloud
    needs: [run_integration_test, build_ee]
-    if:
-      github.event_name != 'pull_request' && (github.event_name != 'workflow_dispatch') && (github.ref == 'refs/heads/main' ||
-      startsWith(github.ref, 'refs/tags/v'))
+    if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
    steps:
      - uses: actions/checkout@v4
        with:
@@ -352,7 +396,7 @@ jobs:
  verify_ee_image_vulnerabilities:
    runs-on: ubicloud
    needs: [tag_latest_ee]
-    if: startsWith(github.ref, 'refs/tags/v') && (github.event_name != 'workflow_dispatch')
+    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@@ -394,13 +438,11 @@ jobs:
  build_ee_nsjail:
    needs: [build_ee]
    runs-on: ubicloud
-    if: (github.event_name != 'pull_request') && ((github.event_name != 'workflow_dispatch') || (github.event.inputs.ee || github.event.inputs.nsjail))
-
+    if: (github.event_name != 'issue_comment') || (github.event_name != 'pull_request') || (contains(github.event.comment.body, '/buildimage_nsjail') || contains(github.event.comment.body, '/buildimage_all'))
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          ref: ${{ github.ref }}

      # - name: Set up Docker Buildx
      #   uses: docker/setup-buildx-action@v2
@@ -429,11 +471,6 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Update Dockerfile image reference
-        run: |
-          sed -i 's|FROM ghcr.io/windmill-labs/windmill-ee:dev|FROM ghcr.io/${{ env.IMAGE_NAME }}-ee:${{ env.DEV_SHA }}|' ./docker/DockerfileNsjail
-          cat ./docker/DockerfileNsjail | grep "FROM"
-
      - name: Build and push publicly ee
        uses: depot/build-push-action@v1
        with:
@@ -447,11 +484,54 @@ jobs:
            ${{ steps.meta-ee-public.outputs.labels }}
            org.opencontainers.image.licenses=Windmill-Enterprise-License

+  build_ee_reports_privately:
+    needs: [build_ee_nsjail]
+    runs-on: ubicloud
+    if: github.event_name != 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta-ee-public
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-reports
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,enable=true,priority=100,prefix=,suffix=,format=short
+
+      - name: Build and push publicly ee reports
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: "./docker/DockerfileReports"
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
  publish_ecr_s3:
    needs: [build_ee_nsjail]
    runs-on: ubicloud-standard-2-arm
-    if: (github.event_name != 'pull_request') && (github.event_name !=
-      'workflow_dispatch')
+    if: github.event_name != 'pull_request'
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -500,7 +580,6 @@ jobs:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          ref: ${{ github.ref }}

      # - name: Set up Docker Buildx
      #   uses: docker/setup-buildx-action@v2
--- a/.github/workflows/frontend-check.yml
+++ b/.github/workflows/frontend-check.yml
@@ -1,15 +1,10 @@
 name: check frontend build
 on:
-  workflow_run:
-    workflows: ["Change versions"]
-    types:
-      - completed
-
-  merge_group:
-  push:
+  pull_request:
+    types: [opened, synchronize, reopened, closed]
    paths:
      - "frontend/**"
-      - ".github/workflows/frontend-check.yml"
+  merge_group:

 jobs:
  npm_check:
@@ -20,7 +15,7 @@ jobs:
        with:
          node-version: 18
      - name: "npm check"
-        timeout-minutes: 5
+        timeout-minutes: 2
        run:
          cd frontend && npm ci && npm run generate-backend-client && npm run
          check
--- a/.github/workflows/helmchart_on_release.yml
+++ b/.github/workflows/helmchart_on_release.yml
@@ -1,66 +0,0 @@
-name: Publish Helm Chart on Release
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  bump-helm-version:
-    runs-on: ubicloud-standard-2
-
-    steps:
-      - name: Checkout on helm repository
-        uses: actions/checkout@v3
-        with:
-          repository: windmill-labs/windmill-helm-charts
-          token: ${{ secrets.HELM_CHART_TOKEN }}
-
-      - name: Get version
-        id: get_version
-        run: |
-          echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
-
-      - name: Create new branch
-        run: |
-          # Check if branch already exists remotely
-          if git ls-remote --heads origin bump-helm-version-${{ env.VERSION }} | grep -q bump-helm-version-${{ env.VERSION }}; then
-            # Branch exists, check it out
-            git fetch origin bump-helm-version-${{ env.VERSION }}
-            git checkout bump-helm-version-${{ env.VERSION }}
-          else
-            # Create new branch
-            git checkout -b bump-helm-version-${{ env.VERSION }}
-          fi
-
-          git config --local user.email "action@github.com"
-          git config --local user.name "GitHub Action"
-
-      - name: Bump helm version
-        run: |
-          # Get current version and increment it by 1
-          CURRENT_VERSION=$(grep "version:" ./charts/windmill/Chart.yaml | awk '{print $2}' | head -n 1)
-          NEW_VERSION=$(echo "$CURRENT_VERSION" | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g')
-          sed -i "s/^version: .*/version: $NEW_VERSION/" ./charts/windmill/Chart.yaml
-
-          # Get the app version from the version
-          VERSION=${{ env.VERSION }}
-          APP_VERSION=${VERSION#refs/tag/}
-          APP_VERSION=${APP_VERSION#v}
-          APP_VERSION=${APP_VERSION%/}
-          sed -i "s/appVersion: .*/appVersion: $APP_VERSION/" ./charts/windmill/Chart.yaml
-
-      - name: Commit and push
-        run: |
-          git add .
-          git commit -m "Bump helm version to ${{ env.VERSION }}"
-          git push origin bump-helm-version-${{ env.VERSION }}
-
-      - name: Create PR
-        env:
-          GH_TOKEN: ${{ secrets.HELM_CHART_TOKEN }}
-        run: |
-          gh pr create \
-            --title "helm: bump version to ${{ env.VERSION }}" \
-            --body "This PR was auto-generated to bring the helm chart up to date for [release ${{ env.VERSION }}](https://github.com/windmill-labs/windmill/releases/tag/v${{ env.VERSION }}) in the main repo." \
-            --head bump-helm-version-${{ env.VERSION }} \
-            --base main
--- a/.github/workflows/linear-claude.yaml
+++ b/.github/workflows/linear-claude.yaml
@@ -1,38 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  repository_dispatch:
-    types: [external_claude_issue_fix]
-
-jobs:
-  claude-code-action:
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Process inputs
-        id: process_inputs
-        shell: bash
-        run: |
-          ISSUE_TITLE="${{ github.event.client_payload.issue_title }}"
-          INSTRUCTION="${{ github.event.client_payload.instruction }}"
-          ISSUE_BODY=$(printf '%q' "${{ github.event.client_payload.issue_body }}")
-          BASE_PROMPT="Try to fix the following issue based on the instruction given. You are provided with the issue title, issue body, and instruction. You are to fix the issue based on the instruction. You are to create a pull request to fix the issue."
-          CUSTOM_PROMPT=$(printf -v PROMPT "%s\n\nISSUE_TITLE: %s\n\nISSUE_BODY: %s\n\nINSTRUCTION: %s" "$BASE_PROMPT" "$ISSUE_TITLE" "$ISSUE_BODY" "$INSTRUCTION")
-          echo "CUSTOM_PROMPT=$CUSTOM_PROMPT" >> $GITHUB_OUTPUT
-
-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@beta
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          timeout_minutes: "60"
-          allowed_tools: "mcp__github__create_pull_request"
-          direct_prompt: ${{ steps.process_inputs.outputs.CUSTOM_PROMPT }}
--- a/.github/workflows/npm_on_release.yml
+++ b/.github/workflows/npm_on_release.yml
@@ -25,9 +25,9 @@ jobs:
        with:
          node-version: "20.x"
          registry-url: "https://registry.npmjs.org"
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
        with:
-          deno-version: v2.x
+          deno-version: v1.x
      - run: cd cli && ./build.sh && cd npm && npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/rust_on_release.yml
+++ b/.github/workflows/rust_on_release.yml
@@ -1,19 +0,0 @@
-name: Publish rust-client to crates.io on release
-on:
-  push:
-    tags:
-      - "v*"
-  workflow_dispatch:
-
-jobs:
-  build_rust_and_publish_to_crates_io:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v20
-        with:
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-      - run: cd rust-client && nix develop ../ --command ./dev.nu --check --publish 
-        env:
-          CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
--- a/.github/workflows/shareable-discord-notification.yml
+++ b/.github/workflows/shareable-discord-notification.yml
@@ -1,119 +0,0 @@
-name: "Notify Discord when a PR is opened or merged"
-
-on:
-  workflow_call:
-    inputs:
-      PR_TITLE:
-        description: "The title of the PR"
-        type: string
-      PR_URL:
-        description: "The URL of the PR"
-        type: string
-      PR_AUTHOR:
-        description: "The author of the PR"
-        type: string
-      PR_STATUS:
-        description: "The status of the PR"
-        type: string
-      DISCORD_CHANNEL_ID:
-        description: "The Discord channel ID"
-        type: string
-      PR_NUMBER:
-        description: "The number of the PR"
-        type: string
-      DISCORD_GUILD_ID:
-        description: "The Discord guild ID"
-        type: string
-    secrets:
-      DISCORD_WEBHOOK_URL:
-        description: "Discord Webhook URL"
-      DISCORD_BOT_TOKEN:
-        description: "Discord Bot Token"
-
-jobs:
-  open_thread:
-    runs-on: ubicloud-standard-2
-    if: ${{ inputs.PR_STATUS == 'opened' }}
-    steps:
-      - name: Send Discord notification and start a thread
-        env:
-          WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
-          BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          CHANNEL_ID: ${{ inputs.DISCORD_CHANNEL_ID }}
-          GUILD_ID: ${{ inputs.DISCORD_GUILD_ID }}
-          PR_TITLE: ${{ inputs.PR_TITLE }}
-          PR_NUMBER: ${{ inputs.PR_NUMBER }}
-          PR_URL: ${{ inputs.PR_URL }}
-          PR_AUTHOR: ${{ inputs.PR_AUTHOR }}
-        run: |
-          # Check if thread already exists
-          thread_exists=false
-          if threads=$(curl -s -H "Authorization: Bot $BOT_TOKEN" "https://discord.com/api/v10/guilds/${GUILD_ID}/threads/active"); then
-            if thread_id=$(echo "$threads" | jq -r --arg cid "$CHANNEL_ID" --arg pref "#${PR_NUMBER}:" '.threads[] | select(.parent_id == $cid and (.name | startswith($pref))) | .id' 2>/dev/null); then
-              if [ -n "$thread_id" ]; then
-                thread_exists=true
-                echo "Thread already exists, skipping creation"
-              fi
-            fi
-          else
-            echo "Failed to check for existing threads, will create new thread"
-          fi
-
-          # Create thread if it doesn't exist or if check failed
-          if [ "$thread_exists" = false ]; then
-            echo "Creating new thread"
-            THREAD_TITLE="#${PR_NUMBER}: ${PR_TITLE} by \`${PR_AUTHOR}\`"
-            payload=$(jq -n \
-              --arg content "${PR_URL}" \
-              --arg thread "${THREAD_TITLE:0:99}" \
-              '{
-                content: $content,
-                thread_name: $thread,
-                auto_archive_duration: 10080
-              }'
-            )
-            curl -H "Content-Type: application/json" \
-              -X POST \
-              -d "$payload" \
-              "$WEBHOOK_URL"
-          fi
-
-  merge_success_emoji:
-    runs-on: ubuntu-latest
-    if: ${{ inputs.PR_STATUS == 'merged' }}
-    steps:
-      - name: React
-        env:
-          BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          CHANNEL_ID: ${{ inputs.DISCORD_CHANNEL_ID }}
-          GUILD_ID: ${{ inputs.DISCORD_GUILD_ID }}
-          PR_NUMBER: ${{ inputs.PR_NUMBER }}
-        run: |
-          # 1) get PR thread
-          threads=$(curl -H "Authorization: Bot $BOT_TOKEN" "https://discord.com/api/v10/guilds/${GUILD_ID}/threads/active")
-          thread_id=$(
-            echo "$threads" \
-              | jq -r --arg cid "$CHANNEL_ID" \
-                    --arg pref "#${PR_NUMBER}:" \
-                '.threads[]
-                | select(.parent_id == $cid and (.name | startswith($pref)))
-                | .id'
-          )
-          if [ -z "$thread_id" ]; then
-            echo "Thread not found"
-            exit 1
-          fi
-          # 2) get the first message in that thread
-          messages=$(curl -H "Authorization: Bot $BOT_TOKEN" \
-            "https://discord.com/api/v10/channels/$thread_id/messages")
-          message_id=$(echo "$messages" | jq -r '.[-1].id')
-
-          if [ -z "$message_id" ]; then
-            echo "Message not found"
-            exit 1
-          fi
-
-          # 3) add the ✅ reaction
-          curl -X PUT \
-            -H "Authorization: Bot $BOT_TOKEN" \
-            "https://discord.com/api/v10/channels/$thread_id/messages/$message_id/reactions/%E2%9C%85/@me"
--- a/.github/workflows/sign-cla.yml
+++ b/.github/workflows/sign-cla.yml
@@ -15,7 +15,7 @@ jobs:
          == 'I have read the CLA Document and I hereby sign the CLA') ||
          github.event_name == 'pull_request_target'
        # Beta Release
-        uses: cla-assistant/github-action@v2.6.1
+        uses: cla-assistant/github-action@v2.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_PAT }}
--- a/.github/workflows/validate-openapi.yml
+++ b/.github/workflows/validate-openapi.yml
@@ -1,34 +0,0 @@
-name: Validate OpenAPI Spec
-
-on:
-  push:
-    paths:
-      - 'backend/windmill-api/openapi*'
-  pull_request:
-    paths:
-      - 'backend/windmill-api/openapi*'
-jobs:
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Install openapi-generator-cli
-        run: npm install @openapitools/openapi-generator-cli -g
-
-      - name: Validate openapi.yaml
-        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi.yaml
-
-      - name: Validate openapi-deref.json
-        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.json
-
-      # Does not work well with dereferenced yaml
-      # - name: Validate openapi-deref.yaml
-      #   run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.yaml
-
--- a/.gitignore
+++ b/.gitignore
@@ -7,8 +7,3 @@ CaddyfileRemoteMalo
 *.swp
 **/.idea/
 .direnv
-.vscode
-.dev-docker-wrapper*
-backend/.minio-data
-.aider*
-!.aiderignore
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+  "python.analysis.typeCheckingMode": "basic"
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,3 +0,0 @@
-To have an overview of what this app does, see @.cursor/rules/windmill-overview.mdc
-For backend modifications, follow the rules mentioned here @.cursor/rules/rust-best-practices.mdc
-For frontend modifications, follow the rules mentioned here @.cursor/rules/svelte5-best-practices.mdc
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
        bind {$ADDRESS}
        reverse_proxy /ws/* http://lsp:3001
        # reverse_proxy /ws_mp/* http://multiplayer:3002
-        # reverse_proxy /api/srch/* http://windmill_indexer:8002
+        # reverse_proxy /api/srch/* http://windmill_indexer:8001
        reverse_proxy /* http://windmill_server:8000
        # tls /certs/cert.pem /certs/key.pem
 }
--- a/59
+++ b/59
@@ -1,5 +1,6 @@
 ARG DEBIAN_IMAGE=debian:bookworm-slim
-ARG RUST_IMAGE=rust:1.86-slim-bookworm
+ARG RUST_IMAGE=rust:1.80-slim-bookworm
+ARG PYTHON_IMAGE=python:3.11.10-slim-bookworm

 FROM ${RUST_IMAGE} AS rust_base

@@ -11,7 +12,7 @@ RUN apt-get -y update \

 RUN rustup component add rustfmt

-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version 0.1.68
+RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version ^0.1
 RUN cargo install sccache --version ^0.8
 ENV RUSTC_WRAPPER=sccache SCCACHE_DIR=/backend/sccache

@@ -25,7 +26,6 @@ FROM node:20-alpine as frontend
 # install dependencies
 WORKDIR /frontend
 COPY ./frontend/package.json ./frontend/package-lock.json ./
-COPY ./frontend/scripts/ ./scripts/
 RUN npm ci

 # Copy all local files into the image.
@@ -42,8 +42,6 @@ COPY /typescript-client/docs/ /frontend/static/tsdocs/
 RUN npm run generate-backend-client
 ENV NODE_OPTIONS "--max-old-space-size=8192"
 ARG VITE_BASE_URL ""
-# Read more about macro in docker/dev.nu
-# -- MACRO-SPREAD-WASM-PARSER-DEV-ONLY -- # 
 RUN npm run build


@@ -83,11 +81,11 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
    CARGO_NET_GIT_FETCH_WITH_CLI=true cargo build --release --features "$features"


-FROM ${DEBIAN_IMAGE}
+FROM ${PYTHON_IMAGE}

 ARG TARGETPLATFORM
-ARG POWERSHELL_VERSION=7.5.0
-ARG POWERSHELL_DEB_VERSION=7.5.0-1
+ARG POWERSHELL_VERSION=7.3.5
+ARG POWERSHELL_DEB_VERSION=7.3.5-1
 ARG KUBECTL_VERSION=1.28.7
 ARG HELM_VERSION=3.14.3
 ARG GO_VERSION=1.22.5
@@ -97,20 +95,10 @@ ARG WITH_KUBECTL=true
 ARG WITH_HELM=true
 ARG WITH_GIT=true

-# To change latest stable version:
-# 1. Change placeholder in instanceSettings.ts
-# 2. Change LATEST_STABLE_PY in dockerfile
-# 3. Change #[default] annotation for PyVersion in backend
-ARG LATEST_STABLE_PY=3.11.10
-ENV UV_PYTHON_INSTALL_DIR=/tmp/windmill/cache/py_runtime
-ENV UV_PYTHON_PREFERENCE=only-managed
-ENV UV_TOOL_BIN_DIR=/usr/local/bin
-
-ENV PATH /usr/local/bin:/root/.local/bin:$PATH
-
+RUN pip install --upgrade pip==24.2

 RUN apt-get update \
-    && apt-get install -y --no-install-recommends netbase tzdata ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1  software-properties-common \
+    && apt-get install -y ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1  software-properties-common \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

@@ -171,14 +159,7 @@ ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go

 # Install UV
-RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.6.2/uv-installer.sh | sh && mv /root/.local/bin/uv /usr/local/bin/uv
-
-# Preinstall python runtimes
-RUN uv python install 3.11
-RUN uv python install $LATEST_STABLE_PY
-
-RUN uv venv
-
+RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.18/uv-installer.sh | sh && mv /root/.cargo/bin/uv /usr/local/bin/uv

 RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - 
 RUN apt-get -y update && apt-get install -y curl procps nodejs awscli && apt-get clean \
@@ -189,12 +170,14 @@ RUN mkdir -p /tmp/gobuildwarm && cd /tmp/gobuildwarm && go mod init gobuildwarm

 ENV TZ=Etc/UTC

+RUN /usr/local/bin/python3 -m pip install pip-tools
+
 COPY --from=builder /frontend/build /static_frontend
 COPY --from=builder /windmill/target/release/windmill ${APP}/windmill

-COPY --from=denoland/deno:2.2.1 --chmod=755 /usr/bin/deno /usr/bin/deno
+COPY --from=denoland/deno:2.0.2 --chmod=755 /usr/bin/deno /usr/bin/deno

-COPY --from=oven/bun:1.2.4 /usr/local/bin/bun /usr/bin/bun
+COPY --from=oven/bun:1.1.32 /usr/local/bin/bun /usr/bin/bun

 COPY --from=php:8.3.7-cli /usr/local/bin/php /usr/bin/php
 COPY --from=composer:2.7.6 /usr/bin/composer /usr/bin/composer
@@ -213,22 +196,6 @@ COPY ./frontend/src/lib/hubPaths.json ${APP}/hubPaths.json

 RUN windmill cache ${APP}/hubPaths.json && rm ${APP}/hubPaths.json && chmod -R 777 /tmp/windmill

-# Create a non-root user 'windmill' with UID and GID 1000
-RUN addgroup --gid 1000 windmill && \
-    adduser --disabled-password --gecos "" --uid 1000 --gid 1000 windmill
-
-RUN cp -r /root/.cache /home/windmill/.cache
-
-RUN mkdir -p /tmp/windmill/logs && \
-    mkdir -p /tmp/windmill/search
-
-# Make directories world-readable and writable
-RUN chmod -R 777 ${APP} && \
-     chmod -R 777 /tmp/windmill && \
-     chmod -R 777 /home/windmill/.cache
-
-USER root
-
 EXPOSE 8000

 CMD ["windmill"]
--- a/20
+++ b/20
@@ -1,6 +1,6 @@
 Source code in this repository is variously licensed under the Apache License
 Version 2.0 (see file ./LICENSE-APACHE), or the AGPLv3 License (see file
-./LICENSE-AGPL) and a proprietary license for certain enterprise features.
+./LICENSE-AGPL)

 Every file is under copyright (c) Windmill Labs, Inc 2022 unless otherwise
 specified. Every file is under License AGPL unless otherwise specified or
@@ -12,23 +12,11 @@ and commercial license. The files under frontend/ are AGPLv3 Licensed, except
 any snippets of code that require a positive license check to be activated.
 Those snippets and files are under a proprietary and commercial license. Private
 and public forks MUST not include any of the above proprietary and commercial
-code. The files under python-client/ deno-client/ go-client/ powershell-client/
-are Apache 2.0 Licensed. The openapi files, including the OpenFlow spec is
+code. Windmill Labs, Inc. provide tools to clean the codebase from those
+snippets upon demand. The files under python-client/ deno-client/ go-client/ powershell-client/ are
 Apache 2.0 Licensed.

-The binary compilable from source code in this repository without the
-"enterprise" feature flag is open-source under the AGPLv3 License terms and
-conditions.
-
-The "Community Edition" of Windmill available in the docker images hosted under
-ghcr.io/windmill-labs/windmill and the github binary releases contains the files
-under the AGPLv3 and Apache 2 sources but also includes proprietary and
-non-public code and features which are not open source and under the following
-terms: Windmill Labs, Inc. grants a right to use all the features of the
-"Community Edition" for free without restrictions other than the limits and
-quotas set in the software and a right to distribute the community edition as is
-but not to sell, resell, serve as a managed service, modify or wrap under any
-form without an explicit agreement.
+The openapi files, including the OpenFlow spec is Apache 2.0 Licensed.

 All third party components incorporated into the Windmill Software are licensed
 under the original license provided by the owner of the applicable component.
--- a/README.md
+++ b/README.md
@@ -110,8 +110,8 @@ You can build your entire infra on top of Windmill!

 ```typescript
 //import any dependency  from npm
-import * as wmill from "windmill-client";
-import * as cowsay from "cowsay@1.5.0";
+import * as wmill from "windmill-client"
+import * as cowsay from 'cowsay@1.5.0';

 // fill the type, or use the +Resource type to get a type-safe reference to a resource
 type Postgresql = {
@@ -146,9 +146,7 @@ export async function main(

 ## CLI

-We have a powerful CLI to interact with the windmill platform and sync your
-scripts from local files, GitHub repos and to run scripts and flows on the
-instance from local commands. See
+We have a powerful CLI to interact with the windmill platform and sync your scripts from local files, GitHub repos and to run scripts and flows on the instance from local commands. See
 [more details](https://www.windmill.dev/docs/advanced/cli).

 ![CLI Screencast](./cli/vhs/output/setup.gif)
@@ -170,8 +168,7 @@ Code extension: <https://www.windmill.dev/docs/cli_local_dev/vscode-extension>.
  Architecture:
  - Stateless API backend.
  - Workers that pull jobs from a queue in Postgres (and later, Kafka or Redis.
-    Upvote [#173](#https://github.com/windmill-labs/windmill/issues/173) if
-    interested).
+    Upvote [#173](#https://github.com/windmill-labs/windmill/issues/173) if interested).
 - Frontend in Svelte.
 - Scripts executions are sandboxed using Google's
  [nsjail](https://github.com/google/nsjail).
@@ -287,37 +284,22 @@ edition.

 ### Commercial license

-See the [LICENSE](https://github.com/windmill-labs/windmill/blob/main/LICENSE)
-file for the full license text.
-
-The "Community Edition" of Windmill available in the docker images hosted under
-ghcr.io/windmill-labs/windmill and the github binary releases contains the files
-under the AGPLv3 and Apache 2 sources but also includes proprietary and
-non-public code and features which are not open source and under the following
-terms: Windmill Labs, Inc. grants a right to use all the features of the
-"Community Edition" for free without restrictions other than the limits and
-quotas set in the software and a right to distribute the community edition as is
-but not to sell, resell, serve Windmill as a managed service, modify or wrap
-under any form without an explicit agreement.
-
-The binary compilable from source code in this repository without the
-"enterprise" feature flag is open-source under the
-[LICENSE-AGPLv3](https://github.com/windmill-labs/windmill/blob/main/LICENSE-AGPL)
-License terms and conditions.
+To self-host Windmill, you must respect the terms of the
+[AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html) which you do not
+need to worry about for personal uses. For business uses, you should be fine if
+you do not re-expose Windmill in any way to your users and are comfortable with
+AGPLv3.

 To
-[re-expose directly any Windmill parts to your users](https://www.windmill.dev/docs/misc/white_labelling)
-as a feature of your product, with the exception of iframed public Windmill
-"apps", or to build a feature on top of "Windmill Community Edition" that you
-sell commercially or embed in a distributable product or binary, you must get a
-commercial license. Contact us at <sales@windmill.dev> if you have any
-questions. To do the same from the binary compiled from the source code in this
-repository without the "enterprise" feature flag, you must comply with the
-AGPLv3 license terms and conditions or get a commercial license from Windmill
-Labs, Inc.
+[re-expose any Windmill parts to your users](https://www.windmill.dev/docs/misc/white_labelling)
+as a feature of your product, or to build a feature on top of Windmill, to
+comply with AGPLv3 your product must be AGPLv3 or you must get a commercial
+license. Contact us at <ruben@windmill.dev> if you have any doubts.

-To use Windmill "Community Edition" as is internally in your organization, or to
-use its APIs as is, you do NOT need a commercial license.
+In addition, a commercial license grants you a dedicated engineer to transition
+your current infrastructure to Windmill, support with tight SLA, and our global
+cache sync for high-performance/no dependency cache miss of cluster from 10+
+nodes to 200+ nodes.

 ### Integrations

@@ -332,77 +314,73 @@ you to have it being synced automatically everyday.

 ## Environment Variables

-| Environment Variable name           | Default                | Description                                                                                                                                                                                        | Api Server/Worker/All |
-| ----------------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
-| DATABASE_URL                        |                        | The Postgres database url.                                                                                                                                                                         | All                   |
-| WORKER_GROUP                        | default                | The worker group the worker belongs to and get its configuration pulled from                                                                                                                       | Worker                |
-| MODE                                | standalone             | The mode if the binary. Possible values: standalone, worker, server, agent                                                                                                                         | All                   |
-| METRICS_ADDR                        | None                   | (ee only) The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001                                                                      | All                   |
-| JSON_FMT                            | false                  | Output the logs in json format instead of logfmt                                                                                                                                                   | All                   |
-| BASE_URL                            | http://localhost:8000  | The base url that is exposed publicly to access your instance. Is overriden by the instance settings if any.                                                                                       | Server                |
-| ZOMBIE_JOB_TIMEOUT                  | 30                     | The timeout after which a job is considered to be zombie if the worker did not send pings about processing the job (every server check for zombie jobs every 30s)                                  | Server                |
-| RESTART_ZOMBIE_JOBS                 | true                   | If true then a zombie job is restarted (in-place with the same uuid and some logs), if false the zombie job is failed                                                                              | Server                |
-| SLEEP_QUEUE                         | 50                     | The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms. | Worker                |
-| KEEP_JOB_DIR                        | false                  | Keep the job directory after the job is done. Useful for debugging.                                                                                                                                | Worker                |
-| LICENSE_KEY (EE only)               | None                   | License key checked at startup for the Enterprise Edition of Windmill                                                                                                                              | Worker                |
-| SLACK_SIGNING_SECRET                | None                   | The signing secret of your Slack app. See [Slack documentation](https://api.slack.com/authentication/verifying-requests-from-slack)                                                                | Server                |
-| COOKIE_DOMAIN                       | None                   | The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin                                                                                               | Server                |
-| DENO_PATH                           | /usr/bin/deno          | The path to the deno binary.                                                                                                                                                                       | Worker                |
-| PYTHON_PATH                         |                        | The path to the python binary if wanting to not have it managed by uv.                                                                                                                             | Worker                |
-| GO_PATH                             | /usr/bin/go            | The path to the go binary.                                                                                                                                                                         | Worker                |
-| GOPRIVATE                           |                        | The GOPRIVATE env variable to use private go modules                                                                                                                                               | Worker                |
-| GOPROXY                             |                        | The GOPROXY env variable to use                                                                                                                                                                    | Worker                |
-| NETRC                               |                        | The netrc content to use a private go registry                                                                                                                                                     | Worker                |
-| PY_CONCURRENT_DOWNLOADS             | 20                     | Sets the maximum number of in-flight concurrent python downloads that windmill will perform at any given time.                                                                                     | Worker                |
-| PATH                                | None                   | The path environment variable, usually inherited                                                                                                                                                   | Worker                |
-| HOME                                | None                   | The home directory to use for Go and Bash , usually inherited                                                                                                                                      | Worker                |
-| DATABASE_CONNECTIONS                | 50 (Server)/3 (Worker) | The max number of connections in the database connection pool                                                                                                                                      | All                   |
-| SUPERADMIN_SECRET                   | None                   | A token that would let the caller act as a virtual superadmin superadmin@windmill.dev                                                                                                              | Server                |
-| TIMEOUT_WAIT_RESULT                 | 20                     | The number of seconds to wait before timeout on the 'run_wait_result' endpoint                                                                                                                     | Worker                |
-| QUEUE_LIMIT_WAIT_RESULT             | None                   | The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.           | Worker                |
-| DENO_AUTH_TOKENS                    | None                   | Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules                                                                                                                      | Worker                |
-| DISABLE_RESPONSE_LOGS               | false                  | Disable response logs                                                                                                                                                                              | Server                |
-| CREATE_WORKSPACE_REQUIRE_SUPERADMIN | true                   | If true, only superadmins can create new workspaces                                                                                                                                                | Server                |
-| MIN_FREE_DISK_SPACE_MB              | 15000                  | Minimum amount of free space on worker. Sends critical alert if worker has less free space.                                                                                                        | Worker                |
+| Environment Variable name | Default                | Description                                                                                                                                                                                        | Api Server/Worker/All |
+| ------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
+| DATABASE_URL              |                        | The Postgres database url.                                                                                                                                                                         | All                   |
+| WORKER_GROUP              | default                | The worker group the worker belongs to and get its configuration pulled from                                                                                                                       | Worker                |
+| MODE                      | standalone             | The mode if the binary. Possible values: standalone, worker, server                                                                                                                                | All                   |
+| METRICS_ADDR              | None                   | (ee only) The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001                                                                      | All                   |
+| JSON_FMT                  | false                  | Output the logs in json format instead of logfmt                                                                                                                                                   | All                   |
+| BASE_URL                  | http://localhost:8000  | The base url that is exposed publicly to access your instance. Is overriden by the instance settings if any.                                                                                       | Server                |
+| SCRIPT_TOKEN_EXPIRY       | 900                    | The default duration period of the ephemeral-token generated at the beginning of a script                                                                                                          | Worker                |
+| ZOMBIE_JOB_TIMEOUT        | 30                     | The timeout after which a job is considered to be zombie if the worker did not send pings about processing the job (every server check for zombie jobs every 30s)                                  | Server                |
+| RESTART_ZOMBIE_JOBS       | true                   | If true then a zombie job is restarted (in-place with the same uuid and some logs), if false the zombie job is failed                                                                              | Server                |
+| SLEEP_QUEUE               | 50                     | The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms. | Worker                |
+| MAX_LOG_SIZE              | 500000                 | The maximum number of characters a job can emit (log + result)                                                                                                                                     | Worker                |
+| DISABLE_NUSER             | false                  | If Nsjail is enabled, disable the nsjail's `clone_newuser` setting                                                                                                                                 | Worker                |
+| KEEP_JOB_DIR              | false                  | Keep the job directory after the job is done. Useful for debugging.                                                                                                                                | Worker                |
+| LICENSE_KEY (EE only)     | None                   | License key checked at startup for the Enterprise Edition of Windmill                                                                                                                              | Worker                |
+| S3_CACHE_BUCKET (EE only) | None                   | The S3 bucket to sync the cache of the workers to                                                                                                                                                  | Worker                |
+| SLACK_SIGNING_SECRET      | None                   | The signing secret of your Slack app. See [Slack documentation](https://api.slack.com/authentication/verifying-requests-from-slack)                                                                | Server                |
+| COOKIE_DOMAIN             | None                   | The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin                                                                                               | Server                |
+| DENO_PATH                 | /usr/bin/deno          | The path to the deno binary.                                                                                                                                                                       | Worker                |
+| PYTHON_PATH               | /usr/local/bin/python3 | The path to the python binary.                                                                                                                                                                     | Worker                |
+| GO_PATH                   | /usr/bin/go            | The path to the go binary.                                                                                                                                                                         | Worker                |
+| GOPRIVATE                 |                        | The GOPRIVATE env variable to use private go modules                                                                                                                                               | Worker                |
+| GOPROXY                   |                        | The GOPROXY env variable to use                                                                                                                                                                    | Worker                |
+| NETRC                     |                        | The netrc content to use a private go registry                                                                                                                                                     | Worker                |
+| PIP_INDEX_URL             | None                   | The index url to pass for pip.                                                                                                                                                                     | Worker                |
+| PIP_EXTRA_INDEX_URL       | None                   | The extra index url to pass to pip.                                                                                                                                                                | Worker                |
+| PIP_TRUSTED_HOST          | None                   | The trusted host to pass to pip.                                                                                                                                                                   | Worker                |
+| PATH                      | None                   | The path environment variable, usually inherited                                                                                                                                                   | Worker                |
+| HOME                      | None                   | The home directory to use for Go and Bash , usually inherited                                                                                                                                      | Worker                |
+| DATABASE_CONNECTIONS      | 50 (Server)/3 (Worker) | The max number of connections in the database connection pool                                                                                                                                      | All                   |
+| SUPERADMIN_SECRET         | None                   | A token that would let the caller act as a virtual superadmin superadmin@windmill.dev                                                                                                              | Server                |
+| TIMEOUT_WAIT_RESULT       | 20                     | The number of seconds to wait before timeout on the 'run_wait_result' endpoint                                                                                                                     | Worker                |
+| QUEUE_LIMIT_WAIT_RESULT   | None                   | The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.           | Worker                |
+| DENO_AUTH_TOKENS          | None                   | Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules                                                                                                                      | Worker                |
+| DISABLE_RESPONSE_LOGS          | false                   | Disable response logs                                                   | Server                |

 ## Run a local dev setup
-
 See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
 running options.

-Using [Nix](./frontend/README_DEV.md#nix).
-
 ### only Frontend
-
 This will use the backend of <https://app.windmill.dev> but your own frontend
-with hot-code reloading. Note that you will need to use a username / password
-login due to CSRF checks using a different auth provider.
+with hot-code reloading. Note that you will need to use a username / password login due to CSRF checks using a different auth provider.

 In the `frontend/` directory:

 1. install the dependencies with `npm install` (or `pnpm install` or `yarn`)
 2. generate the windmill client:
-
-```
-npm run generate-backend-client
-## on mac use
-npm run generate-backend-client-mac
-```
-
+  ```
+  npm run generate-backend-client
+  ## on mac use
+  npm run generate-backend-client-mac
+  ```
 3. Run your dev server with `npm run dev`
 4. Et voilà, windmill should be available at `http://localhost/`

 ### Backend + Frontend
-
 See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
 running options.
-
 1. Create a Postgres Database for Windmill and create an admin role inside your
-   Postgres setup. The easiest way to get a working db is to run
-   ```
+   Postgres setup.
+   The easiest way to get a working db is to run
+	```
   cargo install sqlx-cli
   env DATABASE_URL=<YOUR_DATABASE_URL> sqlx migrate run
-   ```
+	```
   This will also avoid compile time issue with sqlx's `query!` macro
 2. Install [nsjail](https://github.com/google/nsjail) and have it accessible in
   your PATH
@@ -412,15 +390,15 @@ running options.
 5. Install the [lld linker](https://lld.llvm.org/)
 6. Go to `frontend/`:
   1. `npm install`, `npm run generate-backend-client` then `npm run dev`
-   2. You might need to set some extra heap space for the node runtime
-      `export NODE_OPTIONS="--max-old-space-size=4096"`
-   3. In another shell `npm run build` otherwise the backend will not find the
-      `frontend/build` folder and will not compile.
+   2. You might need to set some extra heap space for the node runtime `export NODE_OPTIONS="--max-old-space-size=4096"`
+   3. In another shell `npm run build` otherwise the backend will not find the `frontend/build` folder and will not compile.
   4. In another shell `sudo caddy run --config Caddyfile`
 7. Go to `backend/`:
   `env DATABASE_URL=<DATABASE_URL_TO_YOUR_WINDMILL_DB> RUST_LOG=info cargo run`
 8. Et voilà, windmill should be available at `http://localhost/`

+
+
 ## Contributors

 <a href="https://github.com/windmill-labs/windmill/graphs/contributors">
@@ -429,4 +407,4 @@ running options.

 ## Copyright

-Windmill Labs, Inc 2023
+Windmill Labs, Inc 2023
--- a/backend/.gitignore
+++ b/backend/.gitignore
@@ -2,9 +2,7 @@ target/
 .env
 oauth.json
 oauth2.json
+windmill-api/openapi-deref.yaml
 tracing.folded
 heaptrack*
 index/
-windmill-api/openapi-*.*
-.duckdb/*
-*ee.rs
--- a/backend/.ignore
+++ b/backend/.ignore
@@ -1 +0,0 @@
-!*ee.rs
--- a/backend/.sqlx/query-00588a40dde5189ac1c61505f17acb0f4c244c60477427505bf5bd1b104d3bf9.json
+++ b/backend/.sqlx/query-00588a40dde5189ac1c61505f17acb0f4c244c60477427505bf5bd1b104d3bf9.json
@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE alerts SET acknowledged_workspace = true, acknowledged = true WHERE workspace_id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "00588a40dde5189ac1c61505f17acb0f4c244c60477427505bf5bd1b104d3bf9"
-}
--- a/backend/.sqlx/query-00c4a602aa6a50f2f922851ce63b5216e915c7649698687a00d47da55c70349f.json
+++ b/backend/.sqlx/query-00c4a602aa6a50f2f922851ce63b5216e915c7649698687a00d47da55c70349f.json
@@ -1,40 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        DELETE\n        FROM parallel_monitor_lock\n        WHERE last_ping IS NOT NULL AND last_ping < NOW() - ($1 || ' seconds')::interval\n        RETURNING parent_flow_id, job_id, last_ping, (SELECT workspace_id FROM v2_job_queue q\n            WHERE q.id = parent_flow_id AND q.running = true AND q.canceled_by IS NULL\n        ) AS workspace_id\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "parent_flow_id",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 1,
-        "name": "job_id",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 2,
-        "name": "last_ping",
-        "type_info": "Timestamptz"
-      },
-      {
-        "ordinal": 3,
-        "name": "workspace_id",
-        "type_info": "Varchar"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      false,
-      false,
-      true,
-      null
-    ]
-  },
-  "hash": "00c4a602aa6a50f2f922851ce63b5216e915c7649698687a00d47da55c70349f"
-}
--- a/backend/.sqlx/query-00ce4ed3ca0eac7cb6283b047353a64b9e78c4beb423f04baef9a53fbf87e9f9.json
+++ b/backend/.sqlx/query-00ce4ed3ca0eac7cb6283b047353a64b9e78c4beb423f04baef9a53fbf87e9f9.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO alerts (alert_type, message) VALUES ('recovered_critical_error', $1)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "00ce4ed3ca0eac7cb6283b047353a64b9e78c4beb423f04baef9a53fbf87e9f9"
+}
--- a/backend/.sqlx/query-00e63eab76d26e148b77e932848de74e8b0943d30481465da453942e299a128f.json
+++ b/backend/.sqlx/query-00e63eab76d26e148b77e932848de74e8b0943d30481465da453942e299a128f.json
@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO metrics (id, value)\n                        VALUES ($1, to_jsonb((\n                            SELECT EXTRACT(EPOCH FROM now() - scheduled_for)\n                            FROM v2_job_queue\n                            WHERE tag = $2 AND running = false AND scheduled_for <= now() - ('3 seconds')::interval\n                            ORDER BY priority DESC NULLS LAST, scheduled_for LIMIT 1\n                        )))",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "00e63eab76d26e148b77e932848de74e8b0943d30481465da453942e299a128f"
-}
--- a/backend/.sqlx/query-011c7638eeeda710deb86a216a9e10df9c3e9458e85bcdde466b01011a1f2ac2.json
+++ b/backend/.sqlx/query-011c7638eeeda710deb86a216a9e10df9c3e9458e85bcdde466b01011a1f2ac2.json
@@ -1,50 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            SELECT\n                path,\n                is_flow,\n                workspace_id,\n                owner,\n                email,\n                trigger_config as \"trigger_config!: _\"\n            FROM\n                capture_config\n            WHERE\n                trigger_kind = 'postgres' AND\n                last_client_ping > NOW() - INTERVAL '10 seconds' AND\n                trigger_config IS NOT NULL AND\n                (last_server_ping IS NULL OR last_server_ping < now() - interval '15 seconds')\n            ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "path",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "is_flow",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 2,
-        "name": "workspace_id",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 3,
-        "name": "owner",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 4,
-        "name": "email",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 5,
-        "name": "trigger_config!: _",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      false,
-      false,
-      false,
-      false,
-      false,
-      true
-    ]
-  },
-  "hash": "011c7638eeeda710deb86a216a9e10df9c3e9458e85bcdde466b01011a1f2ac2"
-}
--- a/backend/.sqlx/query-01755585cd3f6e100a66da331720286cbc09d4abf2926146b24a8c95cf21e5c8.json
+++ b/backend/.sqlx/query-01755585cd3f6e100a66da331720286cbc09d4abf2926146b24a8c95cf21e5c8.json
@@ -1,17 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO workspace_runnable_dependencies (app_path, runnable_path, runnable_is_flow, workspace_id) VALUES ($1, $2, $3, $4) ON CONFLICT DO NOTHING",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "01755585cd3f6e100a66da331720286cbc09d4abf2926146b24a8c95cf21e5c8"
-}
--- a/backend/.sqlx/query-02424907504848e983bfa89eec343061932dc5b4b17cf13d5cf8d833aedbe6d5.json
+++ b/backend/.sqlx/query-02424907504848e983bfa89eec343061932dc5b4b17cf13d5cf8d833aedbe6d5.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "UPDATE kafka_trigger SET server_id = $1, last_server_ping = now(), error = 'Connecting...' WHERE enabled IS TRUE AND workspace_id = $2 AND path = $3 AND (last_server_ping IS NULL OR last_server_ping < now() - interval '15 seconds') RETURNING true",
+  "query": "UPDATE websocket_trigger SET server_id = $1, last_server_ping = now() WHERE enabled IS TRUE AND workspace_id = $2 AND path = $3 AND (server_id IS NULL OR last_server_ping IS NULL OR last_server_ping < now() - interval '15 seconds') RETURNING true",
  "describe": {
    "columns": [
      {
@@ -20,5 +20,5 @@
      null
    ]
  },
-  "hash": "d78ecf85c1e1e95650c380c9488aa90d8d8c5c76f3971484e4c515ff60293d3b"
+  "hash": "02424907504848e983bfa89eec343061932dc5b4b17cf13d5cf8d833aedbe6d5"
 }
--- a/backend/.sqlx/query-029ed3dcba207c58aa6936e44bd825b2166f1846b1bb684522607d5ca31a0df3.json
+++ b/backend/.sqlx/query-029ed3dcba207c58aa6936e44bd825b2166f1846b1bb684522607d5ca31a0df3.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET flow_status = jsonb_set(COALESCE(flow_status, '{}'::jsonb), array[$1], jsonb_set(jsonb_set('{}'::jsonb, '{scheduled_for}', to_jsonb(now()::text)), '{name}', to_jsonb($4::text))) WHERE id = $2 AND workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Uuid",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "029ed3dcba207c58aa6936e44bd825b2166f1846b1bb684522607d5ca31a0df3"
+}
--- a/backend/.sqlx/query-02bb4ea17e83c79f870e2655d6d9c035af6d763b7ee9577280785ccf0220a123.json
+++ b/backend/.sqlx/query-02bb4ea17e83c79f870e2655d6d9c035af6d763b7ee9577280785ccf0220a123.json
@@ -1,11 +1,11 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT running AS \"running!\" FROM v2_job_queue WHERE id = $1 AND workspace_id = $2",
+  "query": "SELECT running FROM queue WHERE id = $1 AND workspace_id = $2",
  "describe": {
    "columns": [
      {
        "ordinal": 0,
-        "name": "running!",
+        "name": "running",
        "type_info": "Bool"
      }
    ],
@@ -19,5 +19,5 @@
      false
    ]
  },
-  "hash": "6daf2aca3e272a1efd7b26b4c80d6b490628f502ed9f9de75cc78d0fe196f260"
+  "hash": "02bb4ea17e83c79f870e2655d6d9c035af6d763b7ee9577280785ccf0220a123"
 }
--- a/backend/.sqlx/query-02f1a6eeb27067dc438459238e7b016f5ccf9e3fe0ffbe88471f15aad8f74441.json
+++ b/backend/.sqlx/query-02f1a6eeb27067dc438459238e7b016f5ccf9e3fe0ffbe88471f15aad8f74441.json
@@ -1,11 +1,11 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n        SELECT \n            gcp_resource_path, \n            script_path,\n            is_flow, \n            workspace_id,\n            path,\n            edited_by,\n            email,\n            delivery_config AS \"delivery_config: _\"\n        FROM\n            gcp_trigger\n        WHERE\n            workspace_id = $1 AND\n            path = $2 AND\n            delivery_type = 'push'::DELIVERY_MODE \n        ",
+  "query": "SELECT path, script_path, is_flow, route_path, workspace_id, is_async, requires_auth, edited_by, email, http_method as \"http_method: _\" FROM http_trigger WHERE workspace_id = $1",
  "describe": {
    "columns": [
      {
        "ordinal": 0,
-        "name": "gcp_resource_path",
+        "name": "path",
        "type_info": "Varchar"
      },
      {
@@ -20,33 +20,55 @@
      },
      {
        "ordinal": 3,
-        "name": "workspace_id",
+        "name": "route_path",
        "type_info": "Varchar"
      },
      {
        "ordinal": 4,
-        "name": "path",
+        "name": "workspace_id",
        "type_info": "Varchar"
      },
      {
        "ordinal": 5,
+        "name": "is_async",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 6,
+        "name": "requires_auth",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 7,
        "name": "edited_by",
        "type_info": "Varchar"
      },
      {
-        "ordinal": 6,
+        "ordinal": 8,
        "name": "email",
        "type_info": "Varchar"
      },
      {
-        "ordinal": 7,
-        "name": "delivery_config: _",
-        "type_info": "Jsonb"
+        "ordinal": 9,
+        "name": "http_method: _",
+        "type_info": {
+          "Custom": {
+            "name": "http_method",
+            "kind": {
+              "Enum": [
+                "get",
+                "post",
+                "put",
+                "delete",
+                "patch"
+              ]
+            }
+          }
+        }
      }
    ],
    "parameters": {
      "Left": [
-        "Text",
        "Text"
      ]
    },
@@ -58,8 +80,10 @@
      false,
      false,
      false,
-      true
+      false,
+      false,
+      false
    ]
  },
-  "hash": "5303206bbed76ee3ddc56d8057d8b82359c182ee2a5da6df35a4375d5d2d1ef7"
+  "hash": "02f1a6eeb27067dc438459238e7b016f5ccf9e3fe0ffbe88471f15aad8f74441"
 }
--- a/backend/.sqlx/query-031d0d70b0aff52feaad487bddb74e5ef0aaa2505facbea8c764003dfc8fffb1.json
+++ b/backend/.sqlx/query-031d0d70b0aff52feaad487bddb74e5ef0aaa2505facbea8c764003dfc8fffb1.json
@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE capture_config SET last_server_ping = now(), error = $1 WHERE workspace_id = $2 AND path = $3 AND is_flow = $4 AND trigger_kind = 'websocket' AND server_id = $5 AND last_client_ping > NOW() - INTERVAL '10 seconds' RETURNING 1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Text",
-        "Text",
-        "Bool",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "031d0d70b0aff52feaad487bddb74e5ef0aaa2505facbea8c764003dfc8fffb1"
-}
--- a/backend/.sqlx/query-034583442e6f8ae38d6c4e4aac26f17c8d9d0e657f28276228fc90d3e22e1304.json
+++ b/backend/.sqlx/query-034583442e6f8ae38d6c4e4aac26f17c8d9d0e657f28276228fc90d3e22e1304.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE workspace_settings SET openai_resource_path = $1, code_completion_enabled = $2 WHERE workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Bool",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "034583442e6f8ae38d6c4e4aac26f17c8d9d0e657f28276228fc90d3e22e1304"
+}
--- a/backend/.sqlx/query-0355b53b1d45955ca56b2829372ce9c656d7f0ad7b8d0709161047f0d8cdc4f4.json
+++ b/backend/.sqlx/query-0355b53b1d45955ca56b2829372ce9c656d7f0ad7b8d0709161047f0d8cdc4f4.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT 1 FROM app WHERE path = $1 AND workspace_id = $2 LIMIT 1",
+  "query": "DELETE FROM queue WHERE workspace_id = $1 AND id = $2 RETURNING 1",
  "describe": {
    "columns": [
      {
@@ -12,12 +12,12 @@
    "parameters": {
      "Left": [
        "Text",
-        "Text"
+        "Uuid"
      ]
    },
    "nullable": [
      null
    ]
  },
-  "hash": "c73dd6226a154a54debe99f8ae64fd75f8d7ce551c5955aa6bdd8dab2dcbd7ff"
+  "hash": "0355b53b1d45955ca56b2829372ce9c656d7f0ad7b8d0709161047f0d8cdc4f4"
 }
--- a/backend/.sqlx/query-036af7b1cf6d731647fd718458944b9a9759bdb034e73f3065cde6a2f88c8dce.json
+++ b/backend/.sqlx/query-036af7b1cf6d731647fd718458944b9a9759bdb034e73f3065cde6a2f88c8dce.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET permissioned_as = ('u/' || $1) WHERE permissioned_as = ('u/' || $2) AND workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "036af7b1cf6d731647fd718458944b9a9759bdb034e73f3065cde6a2f88c8dce"
+}
--- a/backend/.sqlx/query-036c84bb9ce72748956bc9c18fbe276444fab025a281dc4784596b0e31c1cb9d.json
+++ b/backend/.sqlx/query-036c84bb9ce72748956bc9c18fbe276444fab025a281dc4784596b0e31c1cb9d.json
@@ -1,12 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "create index concurrently if not exists ix_job_workspace_id_created_at_new_9 ON v2_job  (workspace_id, created_at DESC) where kind in ('dependencies', 'flowdependencies', 'appdependencies') AND parent_job IS NULL",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": []
-  },
-  "hash": "036c84bb9ce72748956bc9c18fbe276444fab025a281dc4784596b0e31c1cb9d"
-}
--- a/backend/.sqlx/query-044e2b428ee6e2dd4543c87ad8835e239cf7567d18b8b3fa6608ea3a9d206ca7.json
+++ b/backend/.sqlx/query-044e2b428ee6e2dd4543c87ad8835e239cf7567d18b8b3fa6608ea3a9d206ca7.json
@@ -1,18 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO alerts (alert_type, message, acknowledged, acknowledged_workspace, workspace_id, resource)\n        VALUES ('critical_error', $1, $2, $3, $4, $5)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Bool",
-        "Bool",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "044e2b428ee6e2dd4543c87ad8835e239cf7567d18b8b3fa6608ea3a9d206ca7"
-}
--- a/backend/.sqlx/query-04effcc6050250a02661323c880d493982dd1bfb63ca7373e035a98c268428e2.json
+++ b/backend/.sqlx/query-04effcc6050250a02661323c880d493982dd1bfb63ca7373e035a98c268428e2.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT script_path FROM v2_as_queue WHERE id = $1",
+  "query": "SELECT script_path FROM queue WHERE id = $1",
  "describe": {
    "columns": [
      {
@@ -18,5 +18,5 @@
      true
    ]
  },
-  "hash": "2ae44acae7ac80e191b37071baa26e57488489177fe596940d3698d843a93666"
+  "hash": "04effcc6050250a02661323c880d493982dd1bfb63ca7373e035a98c268428e2"
 }
--- a/backend/.sqlx/query-05c65ba8a56b3b5f8bd37c30c0c6707522e01c4a05104969889b7bb41d6aa509.json
+++ b/backend/.sqlx/query-05c65ba8a56b3b5f8bd37c30c0c6707522e01c4a05104969889b7bb41d6aa509.json
@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT status = 'success' OR status = 'skipped' AS \"success!\" FROM v2_job_completed WHERE id = ANY($1)",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "success!",
-        "type_info": "Bool"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "UuidArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "05c65ba8a56b3b5f8bd37c30c0c6707522e01c4a05104969889b7bb41d6aa509"
-}
--- a/backend/.sqlx/query-05cb171b610bfb45f6228128a385cde8a5b86d7ca377a028004cc382e12faf41.json
+++ b/backend/.sqlx/query-05cb171b610bfb45f6228128a385cde8a5b86d7ca377a028004cc382e12faf41.json
@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO concurrency_counter(concurrency_id, job_uuids) \n             VALUES ($1, '{}'::jsonb)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "05cb171b610bfb45f6228128a385cde8a5b86d7ca377a028004cc382e12faf41"
-}
--- a/backend/.sqlx/query-062859f1d0e5cfba3115f4241115753b86a4ad239708851c998ff5620ebca5b8.json
+++ b/backend/.sqlx/query-062859f1d0e5cfba3115f4241115753b86a4ad239708851c998ff5620ebca5b8.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET suspend = 0 WHERE id = $1",
+  "query": "UPDATE queue SET last_ping = now() WHERE id = $1",
  "describe": {
    "columns": [],
    "parameters": {
@@ -10,5 +10,5 @@
    },
    "nullable": []
  },
-  "hash": "798a6bdc8f2fb9421808e084fbddf7de61fa9953998e3dc66af0e5f7491a65f4"
+  "hash": "062859f1d0e5cfba3115f4241115753b86a4ad239708851c998ff5620ebca5b8"
 }
--- a/backend/.sqlx/query-0689cdc6c7676f5e1984792a0e0b172ea9a70835bfba6cef56142556197e9767.json
+++ b/backend/.sqlx/query-0689cdc6c7676f5e1984792a0e0b172ea9a70835bfba6cef56142556197e9767.json
@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT ai_config FROM workspace_settings WHERE workspace_id = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "ai_config",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      true
-    ]
-  },
-  "hash": "0689cdc6c7676f5e1984792a0e0b172ea9a70835bfba6cef56142556197e9767"
-}
--- a/backend/.sqlx/query-06db0e720dd59a7c52c0a98ea7b316237eb1a547678858c1a1e45985035b3468.json
+++ b/backend/.sqlx/query-06db0e720dd59a7c52c0a98ea7b316237eb1a547678858c1a1e45985035b3468.json
@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status\n                 SET flow_status = flow_status - 'retry'\n                 WHERE id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "06db0e720dd59a7c52c0a98ea7b316237eb1a547678858c1a1e45985035b3468"
-}
--- a/backend/.sqlx/query-070b8ad0b59f485fa5bf68082b060f5c3561c37e9c6f2834d234a862a475a6eb.json
+++ b/backend/.sqlx/query-070b8ad0b59f485fa5bf68082b060f5c3561c37e9c6f2834d234a862a475a6eb.json
@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        UPDATE \n            gcp_trigger \n        SET \n            enabled = $1, \n            email = $2, \n            edited_by = $3, \n            edited_at = now(), \n            server_id = NULL, \n            error = NULL\n        WHERE \n            path = $4 AND \n            workspace_id = $5 \n        RETURNING 1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Bool",
-        "Varchar",
-        "Varchar",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "070b8ad0b59f485fa5bf68082b060f5c3561c37e9c6f2834d234a862a475a6eb"
-}
--- a/backend/.sqlx/query-0721acae4f627df4687bb43b830a47faeee5c0a152cda8d62794c14dd200fac1.json
+++ b/backend/.sqlx/query-0721acae4f627df4687bb43b830a47faeee5c0a152cda8d62794c14dd200fac1.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET canceled_by = $1 WHERE canceled_by = $2 AND workspace_id = $3",
+  "query": "UPDATE completed_job SET created_by = $1 WHERE created_by = $2 AND workspace_id = $3",
  "describe": {
    "columns": [],
    "parameters": {
@@ -12,5 +12,5 @@
    },
    "nullable": []
  },
-  "hash": "902a16d9e7ac34e7f1a0ad633bae754a0d64bc934a2b6434b9cb67f28d3ef950"
+  "hash": "0721acae4f627df4687bb43b830a47faeee5c0a152cda8d62794c14dd200fac1"
 }
--- a/backend/.sqlx/query-08dd2ea6b17a52bce352d6443d7d009cfc9da0d3b2bd1f40d422b550779e5324.json
+++ b/backend/.sqlx/query-08dd2ea6b17a52bce352d6443d7d009cfc9da0d3b2bd1f40d422b550779e5324.json
@@ -1,20 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO variable\n             (workspace_id, path, value, is_secret, account, is_oauth, expires_at)\n             VALUES ($1, $2, $3, $4, $5, $6, $7)\n             ON CONFLICT (workspace_id, path) DO UPDATE SET value = $3, expires_at = $7",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Int4",
-        "Bool",
-        "Timestamptz"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "08dd2ea6b17a52bce352d6443d7d009cfc9da0d3b2bd1f40d422b550779e5324"
-}
--- a/backend/.sqlx/query-099e7c7a66968575f896e0c11ecd9cfe9a2ec315d6589e940be157a0563f81af.json
+++ b/backend/.sqlx/query-099e7c7a66968575f896e0c11ecd9cfe9a2ec315d6589e940be157a0563f81af.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET last_ping = now() WHERE id = $1 AND workspace_id = $2 AND canceled = false",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "099e7c7a66968575f896e0c11ecd9cfe9a2ec315d6589e940be157a0563f81af"
+}
--- a/backend/.sqlx/query-09efbd7177c6172569dc29b7d9ede70315eeb4e0ef9ed3165365f257e27f5e68.json
+++ b/backend/.sqlx/query-09efbd7177c6172569dc29b7d9ede70315eeb4e0ef9ed3165365f257e27f5e68.json
@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO workspace_runnable_dependencies (flow_path, runnable_path, runnable_is_flow, workspace_id) VALUES ($1, $2, TRUE, $3) ON CONFLICT DO NOTHING",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "09efbd7177c6172569dc29b7d9ede70315eeb4e0ef9ed3165365f257e27f5e68"
-}
--- a/backend/.sqlx/query-0a1c95c4376b944661bab13271091cf3ea0afe68fb8e08e7aea239dc735c625c.json
+++ b/backend/.sqlx/query-0a1c95c4376b944661bab13271091cf3ea0afe68fb8e08e7aea239dc735c625c.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET tag = $1, running = false WHERE id = $2",
+  "query": "INSERT INTO concurrency_key(key, job_id) VALUES ($1, $2)",
  "describe": {
    "columns": [],
    "parameters": {
@@ -11,5 +11,5 @@
    },
    "nullable": []
  },
-  "hash": "77701b16ee1f6dd827372835db59bbffc7254af47a8d48b7ba3cf969c2f8398c"
+  "hash": "0a1c95c4376b944661bab13271091cf3ea0afe68fb8e08e7aea239dc735c625c"
 }
--- a/backend/.sqlx/query-0a46f1f3047d15227f82ae24ad2113eb91d65b98927eaaba427cbde27dd79bfe.json
+++ b/backend/.sqlx/query-0a46f1f3047d15227f82ae24ad2113eb91d65b98927eaaba427cbde27dd79bfe.json
@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT COUNT(*)\n                 FROM alerts\n                 WHERE COALESCE(acknowledged, false) = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "count",
-        "type_info": "Int8"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Bool"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0a46f1f3047d15227f82ae24ad2113eb91d65b98927eaaba427cbde27dd79bfe"
-}
--- a/backend/.sqlx/query-0a56301b5aaf57339cb2904c8f617366b74e891034d32f2867ccb019da869fc8.json
+++ b/backend/.sqlx/query-0a56301b5aaf57339cb2904c8f617366b74e891034d32f2867ccb019da869fc8.json
@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO flow\n            (workspace_id, path, summary, description, archived, extra_perms, dependency_job, draft_only, tag, ws_error_handler_muted, dedicated_worker, timeout, visible_to_runner_only, on_behalf_of_email, concurrency_key, versions, value, schema, edited_by, edited_at) \n        SELECT workspace_id, REGEXP_REPLACE(path,'u/' || $2 || '/(.*)','u/' || $1 || '/\\1'), summary, description, archived, extra_perms, dependency_job, draft_only, tag, ws_error_handler_muted, dedicated_worker, timeout, visible_to_runner_only, on_behalf_of_email, concurrency_key, versions, value, schema, edited_by, edited_at\n            FROM flow \n            WHERE path LIKE ('u/' || $2 || '/%') AND workspace_id = $3",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0a56301b5aaf57339cb2904c8f617366b74e891034d32f2867ccb019da869fc8"
-}
--- a/backend/.sqlx/query-0a686ca61444d7ad7484071727aa039a6ea6697e5a49a633b767c052aa3e0a18.json
+++ b/backend/.sqlx/query-0a686ca61444d7ad7484071727aa039a6ea6697e5a49a633b767c052aa3e0a18.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "INSERT INTO v2_job (id, runnable_id, runnable_path, kind, script_lang, tag, created_by, permissioned_as, permissioned_as_email, workspace_id) (SELECT gen_random_uuid(), $1, $2, $3, $4, $5, $6, $7, $8, $9 FROM generate_series(1, $10)) RETURNING id",
+  "query": "WITH uuid_table as (\n            select gen_random_uuid() as uuid from generate_series(1, $11)\n        )\n        INSERT INTO queue \n            (id, script_hash, script_path, job_kind, language, args, tag, created_by, permissioned_as, email, scheduled_for, workspace_id, concurrent_limit, concurrency_time_window_s, timeout)\n            (SELECT uuid, $1, $2, $3, $4, ('{ \"uuid\": \"' || uuid || '\" }')::jsonb, $5, $6, $7, $8, $9, $10, $12, $13, $14 FROM uuid_table) \n        RETURNING id",
  "describe": {
    "columns": [
      {
@@ -32,10 +32,7 @@
                "noop",
                "appdependencies",
                "deploymentcallback",
-                "singlescriptflow",
-                "flowscript",
-                "flownode",
-                "appscript"
+                "singlescriptflow"
              ]
            }
          }
@@ -61,12 +58,7 @@
                "php",
                "bunnative",
                "rust",
-                "ansible",
-                "csharp",
-                "oracledb",
-                "nu",
-                "java",
-                "duckdb"
+                "ansible"
              ]
            }
          }
@@ -75,7 +67,11 @@
        "Varchar",
        "Varchar",
        "Varchar",
+        "Timestamptz",
        "Varchar",
+        "Int4",
+        "Int4",
+        "Int4",
        "Int4"
      ]
    },
@@ -83,5 +79,5 @@
      false
    ]
  },
-  "hash": "ff0403790674cdb07022af71c2377afbd8b3a660b3be27514b517c077c63c238"
+  "hash": "0a686ca61444d7ad7484071727aa039a6ea6697e5a49a633b767c052aa3e0a18"
 }
--- a/backend/.sqlx/query-0a7fb25aa9404c2e6eabfd5d912ed0c1018f249c7ec2a5564787175aa667a456.json
+++ b/backend/.sqlx/query-0a7fb25aa9404c2e6eabfd5d912ed0c1018f249c7ec2a5564787175aa667a456.json
@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job SET labels = (\n                    SELECT array_agg(DISTINCT all_labels)\n                    FROM unnest(coalesce(labels, ARRAY[]::TEXT[]) || $2) all_labels\n                ) WHERE id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "TextArray"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0a7fb25aa9404c2e6eabfd5d912ed0c1018f249c7ec2a5564787175aa667a456"
-}
--- a/backend/.sqlx/query-0a9a191273c735c41d56ea46a39ffca075a0550eada87df7162c5037164ad6bf.json
+++ b/backend/.sqlx/query-0a9a191273c735c41d56ea46a39ffca075a0550eada87df7162c5037164ad6bf.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n       INSERT INTO capture\n                   (workspace_id, path, created_by)\n            VALUES ($1, $2, $3)\n       ON CONFLICT (workspace_id, path)\n     DO UPDATE SET created_at = now()\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0a9a191273c735c41d56ea46a39ffca075a0550eada87df7162c5037164ad6bf"
+}
--- a/backend/.sqlx/query-0aaec91ab06753e46c595d82469924a98f28b0dead245df7248a9ccb8a5f20c3.json
+++ b/backend/.sqlx/query-0aaec91ab06753e46c595d82469924a98f28b0dead245df7248a9ccb8a5f20c3.json
@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status\n                     SET flow_status = JSONB_SET(flow_status, ARRAY['modules', $1::TEXT], $2)\n                     WHERE id = $3",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Jsonb",
-        "Uuid"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0aaec91ab06753e46c595d82469924a98f28b0dead245df7248a9ccb8a5f20c3"
-}
--- a/backend/.sqlx/query-0ad36c1598ff4ece0c325eaeb9a9177a87e1accd192402e21db5ae09c3498ab0.json
+++ b/backend/.sqlx/query-0ad36c1598ff4ece0c325eaeb9a9177a87e1accd192402e21db5ae09c3498ab0.json
@@ -1,23 +1,28 @@
 {
  "db_name": "PostgreSQL",
-  "query": "WITH uuid_table as (\n            select gen_random_uuid() as uuid from generate_series(1, $16)\n        )\n        INSERT INTO v2_job\n            (id, workspace_id, raw_code, raw_lock, raw_flow, tag, runnable_id, runnable_path, kind,\n             script_lang, created_by, permissioned_as, permissioned_as_email, concurrent_limit,\n             concurrency_time_window_s, timeout, args)\n            (SELECT uuid, $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15,\n             ('{ \"uuid\": \"' || uuid || '\" }')::jsonb FROM uuid_table)\n        RETURNING id AS \"id!\"",
+  "query": "INSERT INTO queue\n            (workspace_id, id, running, parent_job, created_by, permissioned_as, scheduled_for, \n                script_hash, script_path, raw_code, raw_lock, args, job_kind, schedule_path, raw_flow, flow_status, is_flow_step, language, started_at, same_worker, pre_run_error, email, visible_to_owner, root_job, tag, concurrent_limit, concurrency_time_window_s, timeout, flow_step_id, cache_ttl, priority, last_ping)\n            VALUES ($1, $2, $3, $4, $5, $6, COALESCE($7, now()), $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, CASE WHEN $3 THEN now() END, $19, $20, $21, $22, $23, $24, $25, $26, $27, $28, $29, $30, NULL) RETURNING id",
  "describe": {
    "columns": [
      {
        "ordinal": 0,
-        "name": "id!",
+        "name": "id",
        "type_info": "Uuid"
      }
    ],
    "parameters": {
      "Left": [
+        "Varchar",
+        "Uuid",
+        "Bool",
+        "Uuid",
+        "Varchar",
+        "Varchar",
+        "Timestamptz",
+        "Int8",
        "Varchar",
        "Text",
        "Text",
        "Jsonb",
-        "Varchar",
-        "Int8",
-        "Varchar",
        {
          "Custom": {
            "name": "job_kind",
@@ -37,14 +42,15 @@
                "noop",
                "appdependencies",
                "deploymentcallback",
-                "singlescriptflow",
-                "flowscript",
-                "flownode",
-                "appscript"
+                "singlescriptflow"
              ]
            }
          }
        },
+        "Varchar",
+        "Jsonb",
+        "Jsonb",
+        "Bool",
        {
          "Custom": {
            "name": "script_lang",
@@ -66,28 +72,28 @@
                "php",
                "bunnative",
                "rust",
-                "ansible",
-                "csharp",
-                "oracledb",
-                "nu",
-                "java",
-                "duckdb"
+                "ansible"
              ]
            }
          }
        },
+        "Bool",
+        "Text",
        "Varchar",
-        "Varchar",
+        "Bool",
+        "Uuid",
        "Varchar",
        "Int4",
        "Int4",
        "Int4",
-        "Int4"
+        "Varchar",
+        "Int4",
+        "Int2"
      ]
    },
    "nullable": [
      false
    ]
  },
-  "hash": "488dd591096b2b47787afdc3a1d73917ed13269f2ee20b86df79fca2c8efe672"
+  "hash": "0ad36c1598ff4ece0c325eaeb9a9177a87e1accd192402e21db5ae09c3498ab0"
 }
--- a/backend/.sqlx/query-0bc1c617786bb2fdc71b85442b1d52dbd4c922436edacced18b9620c70e0cc8b.json
+++ b/backend/.sqlx/query-0bc1c617786bb2fdc71b85442b1d52dbd4c922436edacced18b9620c70e0cc8b.json
@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT result #> $3 AS \"result: Json<Box<RawValue>>\"\n            FROM v2_job_completed WHERE id = $1 AND workspace_id = $2",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "result: Json<Box<RawValue>>",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text",
-        "TextArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0bc1c617786bb2fdc71b85442b1d52dbd4c922436edacced18b9620c70e0cc8b"
-}
--- a/backend/.sqlx/query-0c0b5d5d1e6ab2fed7532f94b50be3210e3845b61551691bbef81c2b6fb01121.json
+++ b/backend/.sqlx/query-0c0b5d5d1e6ab2fed7532f94b50be3210e3845b61551691bbef81c2b6fb01121.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue\n                    SET flow_status = JSONB_SET(flow_status, ARRAY['failure_module'], $1)\n                    WHERE id = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Jsonb",
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0c0b5d5d1e6ab2fed7532f94b50be3210e3845b61551691bbef81c2b6fb01121"
+}
--- a/backend/.sqlx/query-0c6c80746733be8f561ab0b631854799f5e8122adaf35465cb16c3dc795bdc3b.json
+++ b/backend/.sqlx/query-0c6c80746733be8f561ab0b631854799f5e8122adaf35465cb16c3dc795bdc3b.json
@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        INSERT INTO app_script (app, hash, lock, code, code_sha256)\n        VALUES ($1, $2, $3, $4, $5)\n        ON CONFLICT (hash) DO UPDATE SET app = EXCLUDED.app -- trivial update to return the id\n        RETURNING id\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "id",
-        "type_info": "Int8"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Int8",
-        "Bpchar",
-        "Text",
-        "Text",
-        "Bpchar"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "0c6c80746733be8f561ab0b631854799f5e8122adaf35465cb16c3dc795bdc3b"
-}
--- a/backend/.sqlx/query-0cc3618495d5d024b2a173c58a3a8bb2a9d69b7b6e7ed6b0d0064fa2ce9c2e31.json
+++ b/backend/.sqlx/query-0cc3618495d5d024b2a173c58a3a8bb2a9d69b7b6e7ed6b0d0064fa2ce9c2e31.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT value FROM global_settings WHERE name = 'teams'",
+  "query": "SELECT value\n            FROM global_settings\n            WHERE name = 'openai_azure_base_path'",
  "describe": {
    "columns": [
      {
@@ -16,5 +16,5 @@
      false
    ]
  },
-  "hash": "84d048ea323758842dc564c700b524d1a5b196a7b77afcb02f46b84b22088bbf"
+  "hash": "0cc3618495d5d024b2a173c58a3a8bb2a9d69b7b6e7ed6b0d0064fa2ce9c2e31"
 }
--- a/backend/.sqlx/query-0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e.json
+++ b/backend/.sqlx/query-0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e.json
@@ -1,25 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        UPDATE v2_job_status f SET flow_status = JSONB_SET(flow_status,  ARRAY['user_states'], JSONB_SET(COALESCE(flow_status->'user_states', '{}'::jsonb), ARRAY[$1], $2))\n        FROM v2_job j\n        WHERE f.id = $3 AND f.id = j.id AND j.workspace_id = $4 AND kind IN ('flow', 'flowpreview', 'flownode') RETURNING 1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Jsonb",
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e"
-}
--- a/backend/.sqlx/query-0dbd664c906ee3c65856520c22f0828357b36bbcdcc151bd97605d7d7a0489e8.json
+++ b/backend/.sqlx/query-0dbd664c906ee3c65856520c22f0828357b36bbcdcc151bd97605d7d7a0489e8.json
@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "DELETE FROM capture_config WHERE path = $1 AND workspace_id = $2 AND is_flow IS TRUE",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0dbd664c906ee3c65856520c22f0828357b36bbcdcc151bd97605d7d7a0489e8"
-}
--- a/backend/.sqlx/query-0e52a588f3edeb8fb58d6d62247b8590e51171e2811c62737bdb81fb0ac8f182.json
+++ b/backend/.sqlx/query-0e52a588f3edeb8fb58d6d62247b8590e51171e2811c62737bdb81fb0ac8f182.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE worker_ping SET \n        ping_at = now(), \n        jobs_executed = 1, \n        current_job_id = $1, \n        current_job_workspace_id = 'admins' \n        WHERE worker = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0e52a588f3edeb8fb58d6d62247b8590e51171e2811c62737bdb81fb0ac8f182"
+}
--- a/backend/.sqlx/query-0ea5ba568ec0f62b808fe938a41174646b6bdd658b8461db1bb90a871d076718.json
+++ b/backend/.sqlx/query-0ea5ba568ec0f62b808fe938a41174646b6bdd658b8461db1bb90a871d076718.json
@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET workspace_id = $1 WHERE workspace_id = $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0ea5ba568ec0f62b808fe938a41174646b6bdd658b8461db1bb90a871d076718"
-}
--- a/backend/.sqlx/query-0ee14619dd81df460b2b8cc6df2b89646279f77469c35deffca8e17a11d7f6c8.json
+++ b/backend/.sqlx/query-0ee14619dd81df460b2b8cc6df2b89646279f77469c35deffca8e17a11d7f6c8.json
@@ -1,28 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        SELECT\n            (elem->>'installation_id')::bigint as installation_id,\n            elem->>'account_id' as account_id\n        FROM workspace_settings,\n        LATERAL jsonb_array_elements(git_app_installations) AS elem\n        WHERE workspace_id = $1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "installation_id",
-        "type_info": "Int8"
-      },
-      {
-        "ordinal": 1,
-        "name": "account_id",
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      null,
-      null
-    ]
-  },
-  "hash": "0ee14619dd81df460b2b8cc6df2b89646279f77469c35deffca8e17a11d7f6c8"
-}
--- a/backend/.sqlx/query-0ee63ef2dd5c88edba2a1f56d31f29876724922f148dad7af35b36efbf70207a.json
+++ b/backend/.sqlx/query-0ee63ef2dd5c88edba2a1f56d31f29876724922f148dad7af35b36efbf70207a.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "DELETE FROM v2_job_queue WHERE workspace_id = $1",
+  "query": "DELETE FROM healthchecks WHERE check_type = $1",
  "describe": {
    "columns": [],
    "parameters": {
@@ -10,5 +10,5 @@
    },
    "nullable": []
  },
-  "hash": "1a85ca0a6d0ba5ab3462907e35037136fd123f80389abe6ebbcf12084da45868"
+  "hash": "0ee63ef2dd5c88edba2a1f56d31f29876724922f148dad7af35b36efbf70207a"
 }
--- a/backend/.sqlx/query-0efb16cbf130ec6e9922ecc82a95b252449bd569df374e40ce8820fc3d75a0f0.json
+++ b/backend/.sqlx/query-0efb16cbf130ec6e9922ecc82a95b252449bd569df374e40ce8820fc3d75a0f0.json
@@ -1,12 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "DROP INDEX CONCURRENTLY IF EXISTS queue_sort",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": []
-  },
-  "hash": "0efb16cbf130ec6e9922ecc82a95b252449bd569df374e40ce8820fc3d75a0f0"
-}
--- a/backend/.sqlx/query-1060c503cf8d4bb5cef9720c162b8192924b4a938d249fae92624cd55e44f488.json
+++ b/backend/.sqlx/query-1060c503cf8d4bb5cef9720c162b8192924b4a938d249fae92624cd55e44f488.json
@@ -1,17 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status SET\n                     flow_status = JSONB_SET(\n                         flow_status,\n                         ARRAY['modules', $1::TEXT, 'flow_jobs_success', $3::TEXT],\n                         $4\n                     )\n                 WHERE id = $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Uuid",
-        "Text",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "1060c503cf8d4bb5cef9720c162b8192924b4a938d249fae92624cd55e44f488"
-}
--- a/backend/.sqlx/query-115544a96173f9cb1d27757e7b931fb27912cfd05ba768a42cf9b3dfd7205e9a.json
+++ b/backend/.sqlx/query-115544a96173f9cb1d27757e7b931fb27912cfd05ba768a42cf9b3dfd7205e9a.json
@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            UPDATE \n                mqtt_trigger \n            SET \n                server_id = $1, \n                last_server_ping = now(),\n                error = 'Connecting...'\n            WHERE \n                enabled IS TRUE \n                AND workspace_id = $2 \n                AND path = $3 \n                AND (last_server_ping IS NULL \n                    OR last_server_ping < now() - INTERVAL '15 seconds'\n                ) \n            RETURNING true\n            ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Bool"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "115544a96173f9cb1d27757e7b931fb27912cfd05ba768a42cf9b3dfd7205e9a"
-}
--- a/backend/.sqlx/query-1182fe055306d7ea435d76b74d781e066915c8397e6bbc9e408ff3dda9fec27f.json
+++ b/backend/.sqlx/query-1182fe055306d7ea435d76b74d781e066915c8397e6bbc9e408ff3dda9fec27f.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE script SET ws_error_handler_muted = $3 WHERE workspace_id = $2 AND path = $1 AND created_at = (SELECT max(created_at) FROM script WHERE path = $1 AND workspace_id = $2)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        "Bool"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "1182fe055306d7ea435d76b74d781e066915c8397e6bbc9e408ff3dda9fec27f"
+}
--- a/backend/.sqlx/query-122090a0f89e5248a0a0f199ebd24582fdb302883aebd2da187ac0084e767ea3.json
+++ b/backend/.sqlx/query-122090a0f89e5248a0a0f199ebd24582fdb302883aebd2da187ac0084e767ea3.json
@@ -1,11 +1,11 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT teams_team_id FROM workspace_settings WHERE workspace_id = $1",
+  "query": "SELECT set_config('session.pgroups', $1, true)",
  "describe": {
    "columns": [
      {
        "ordinal": 0,
-        "name": "teams_team_id",
+        "name": "set_config",
        "type_info": "Text"
      }
    ],
@@ -15,8 +15,8 @@
      ]
    },
    "nullable": [
-      true
+      null
    ]
  },
-  "hash": "1ace9bdcde90fd2261fd64344a2d9474b17887711128dbb2ef15d247d50686b0"
+  "hash": "122090a0f89e5248a0a0f199ebd24582fdb302883aebd2da187ac0084e767ea3"
 }
--- a/backend/.sqlx/query-124b27de35b49fbdb13a1f772044665a84325e34ae04bf2795fafb7bb6f2f0c6.json
+++ b/backend/.sqlx/query-124b27de35b49fbdb13a1f772044665a84325e34ae04bf2795fafb7bb6f2f0c6.json
@@ -1,23 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        INSERT INTO postgres_trigger (\n            publication_name,\n            replication_slot_name,\n            workspace_id, \n            path, \n            script_path, \n            is_flow, \n            email, \n            enabled, \n            postgres_resource_path, \n            edited_by\n        ) \n        VALUES (\n            $1, \n            $2, \n            $3, \n            $4, \n            $5, \n            $6, \n            $7, \n            $8, \n            $9, \n            $10\n        )",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Varchar",
-        "Bool",
-        "Varchar",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "124b27de35b49fbdb13a1f772044665a84325e34ae04bf2795fafb7bb6f2f0c6"
-}
--- a/backend/.sqlx/query-126be8832776644e0d2c5d004acb26f6d4820a6a1fc8e028c3550c438248a82b.json
+++ b/backend/.sqlx/query-126be8832776644e0d2c5d004acb26f6d4820a6a1fc8e028c3550c438248a82b.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue\n                SET running = false\n                , started_at = null\n                , scheduled_for = $1\n                , last_ping = null\n                WHERE id = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Timestamptz",
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "126be8832776644e0d2c5d004acb26f6d4820a6a1fc8e028c3550c438248a82b"
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ruben Fiszel	fd25c4bf72	Merge branch 'main' into migration/queue-params	2024-11-02 19:35:19 +01:00
yacine Bouraroui	b031e2f48c	Merge branch 'migration/queue-params' of https://github.com/yacineb/windmill into migration/queue-params	2024-10-04 13:35:33 +02:00
yacine Bouraroui	c95b59d5da	"squash" migrations in a single one	2024-10-04 13:35:07 +02:00
Yacine	c1b779ebb5	Merge branch 'main' into migration/queue-params	2024-10-04 13:11:32 +02:00
yacine Bouraroui	7b31a900f6	Merge branch 'main' of https://github.com/yacineb/windmill into migration/queue-params	2024-10-04 13:05:44 +02:00
yacine Bouraroui	2f9cc1498d	fix fetch_optional behaviour	2024-10-03 11:59:16 +02:00
yacine Bouraroui	6baa549cdb	delete_job_metadata_after_use for job_args	2024-10-02 18:49:22 +02:00
yacine Bouraroui	4aa269f71f	reduce boilerplate	2024-10-02 18:44:04 +02:00
yacine Bouraroui	7e5956e5a0	updated cargo.lock	2024-10-02 18:20:20 +02:00
yacine Bouraroui	7a6d404a11	trimmed some boilerplate	2024-10-02 18:19:52 +02:00
yacine Bouraroui	fd5d89b56a	reduced columns queried from completed_job	2024-10-02 15:40:09 +02:00
yacine Bouraroui	2ad08d9194	missing dep	2024-10-02 15:18:11 +02:00
yacine Bouraroui	32428ed5f3	eliminate unncessary clones, memory alloc optimization	2024-10-02 15:11:56 +02:00
yacine Bouraroui	b20d83e58e	fetch results from completed_job_result table	2024-10-02 14:50:31 +02:00
yacine Bouraroui	6300bb6e71	read results wip	2024-10-02 11:44:48 +02:00
yacine Bouraroui	f6d9cd062d	write to completed_jobs_result on job completion	2024-10-02 10:28:01 +02:00
yacine Bouraroui	3e34bc7956	added completed_jobs_result table	2024-10-02 10:07:30 +02:00
yacine Bouraroui	045a52cded	query args from job_args table first	2024-10-01 19:47:07 +02:00
yacine Bouraroui	f4df3affa3	separate job_args and job_params tables	2024-10-01 15:17:08 +02:00
yacine Bouraroui	698375cb17	added tag field, needed for postgres RLS	2024-10-01 12:41:19 +02:00
yacine Bouraroui	c7a327e1d8	resuable raw flow parsing logic. 2- enforced some queries to be compile-checked. some types "masking" and a better alternative to some 'select * from queue'	2024-10-01 12:30:11 +02:00
yacine Bouraroui	7d605e88b0	read ( args, raw_code, raw_flow) from separate table - wip	2024-09-30 18:25:29 +02:00
yacine Bouraroui	1ce19166ed	create a separate params table for immutable jobs fields	2024-09-30 12:10:51 +02:00
yacine Bouraroui	a0542dc853	missing build folder in frontend breaks the build of windmill worker on first git clone	2024-09-30 10:59:09 +02:00