Create dirs

Will be enabled later.
Needs proper testing and its better to split onto 2 PRs with first modifying python and second ansible

.aiderignore

@@ -1,3 +0,0 @@
-/*
-!/backend/
-!/frontend/

.devcontainer/docker-compose.yml

@@ -7,6 +7,7 @@ services:
     # image: mcr.microsoft.com/vscode/devcontainers/rust:bullseye
     environment:
       - DENO_PATH=/usr/local/cargo/bin/deno
+      - PYTHON_PATH=/usr/bin/python3
       - NSJAIL_PATH=/bin/nsjail
     volumes:
       - .:/workspace:cached

.dockerignore

@@ -3,4 +3,3 @@ frontend/build/
 frontend/.svelte-kit/
 
 backend/target/
-backend/windmill-duckdb-ffi-internal/target/

.env

@@ -7,7 +7,3 @@ WM_IMAGE=ghcr.io/windmill-labs/windmill:main
 
 # To use another port than :80, setup the Caddyfile and the caddy section of the docker-compose to your needs: https://caddyserver.com/docs/getting-started
 # To have caddy take care of automatic TLS
-
-# To rotate logs, set the following variables:
-#LOG_MAX_SIZE=10m
-#LOG_MAX_FILE=3

.envrc

@@ -1 +1 @@
-use flake
+use nix

.github/CODEOWNERS

@@ -1,4 +1,4 @@
-*       @rubenfiszel @hugocasa @alpetric
+*       @rubenfiszel
 
-/community/ @rubenfiszel @hugocasa @alpetric
-/frontend/  @rubenfiszel @hugocasa @alpetric
+/community/ @fatonramadani @rubenfiszel
+/frontend/ @fatonramadani @rubenfiszel

.github/DockerfileBackendTests

@@ -27,42 +27,29 @@ RUN wget https://golang.org/dl/go1.21.5.linux-amd64.tar.gz && tar -C /usr/local
 ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go
 
-# UV
+# Install UV
 RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.18/uv-installer.sh | sh && mv /usr/local/cargo/bin/uv /usr/local/bin/uv
 
 ENV TZ=Etc/UTC
 
 ENV PYTHON_VERSION 3.11.4
 
-# Python
 RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz \
     && tar -xf Python-${PYTHON_VERSION}.tgz && cd Python-${PYTHON_VERSION}/ && ./configure --enable-optimizations \
     && make -j 4 && make install
 
 RUN /usr/local/bin/python3 -m pip install pip-tools
 
-# Bun
-COPY --from=oven/bun:1.2.23 /usr/local/bin/bun /usr/bin/bun
+COPY --from=oven/bun:1.1.31 /usr/local/bin/bun /usr/bin/bun
 
 ARG TARGETPLATFORM
 
-# Deno
 RUN curl -Lsf https://github.com/denoland/deno/releases/download/v2.0.2/deno-x86_64-unknown-linux-gnu.zip -o deno.zip 
 # RUN [ "$TARGETPLATFORM" == "linux/arm64" ] && curl -Lsf https://github.com/denoland/deno/releases/download/v2.0.0/deno-aarch64-unknown-linux-gnu.zip -o deno.zip || true
+
 RUN unzip deno.zip && rm deno.zip && mv deno /usr/bin/deno
 
 RUN apt-get update \
     && apt-get install -y postgresql-client --allow-unauthenticated
 
-RUN rustup component add rustfmt
-
-# C#
-RUN wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh \
-    && chmod +x dotnet-install.sh \
-    && ./dotnet-install.sh --channel 9.0 --install-dir /usr/share/dotnet \
-    && ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet \
-    && rm dotnet-install.sh
-
-
-# Nushell
-COPY --from=ghcr.io/nushell/nushell:0.101.0-bookworm /usr/bin/nu /usr/bin/nu
+RUN rustup component add rustfmt

.github/change-versions-mac.sh

@@ -7,7 +7,7 @@ VERSION=$1
 echo "Updating versions to: $VERSION"
 
 sed -i '' -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/backend/Cargo.toml
-sed -i '' -e "/^export const VERSION =/s/= .*/= \"v$VERSION\";/"  ${root_dirpath}/cli/src/main.ts
+sed -i '' -e "/^export const VERSION =/s/= .*/= \"v$VERSION\";/"  ${root_dirpath}/cli/main.ts
 sed -i '' -e "/^export const VERSION =/s/= .*/= \"v$VERSION\";/" ${root_dirpath}/benchmarks/lib.ts
 sed -i '' -e "/version: /s/: .*/: $VERSION/" ${root_dirpath}/backend/windmill-api/openapi.yaml
 sed -i '' -e "/version: /s/: .*/: $VERSION/" ${root_dirpath}/openflow.openapi.yaml
@@ -16,7 +16,7 @@ sed -i '' -e "/\"version\": /s/: .*,/: \"$VERSION\",/" ${root_dirpath}/frontend/
 sed -i '' -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i '' -e "/^windmill-api =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i '' -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
-sed -i '' -e "/^[[:space:]]*ModuleVersion[[:space:]]*=/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
+sed -i '' -e "/^ModuleVersion =/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
 # sed -i '' -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" python-client/wmill_pg/pyproject.toml
 sed -i '' -e "/^wmill =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
 sed -i '' -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile

.github/change-versions.sh

@@ -7,7 +7,7 @@ VERSION=$1
 echo "Updating versions to: $VERSION"
 
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/backend/Cargo.toml
-sed -i -e "/^export const VERSION =/s/= .*/= \"$VERSION\";/" ${root_dirpath}/cli/src/main.ts
+sed -i -e "/^export const VERSION =/s/= .*/= \"$VERSION\";/" ${root_dirpath}/cli/main.ts
 sed -i -e "/^export const VERSION =/s/= .*/= \"v$VERSION\";/" ${root_dirpath}/benchmarks/lib.ts
 sed -i -e "/version: /s/: .*/: $VERSION/" ${root_dirpath}/backend/windmill-api/openapi.yaml
 sed -i -e "/version: /s/: .*/: $VERSION/" ${root_dirpath}/openflow.openapi.yaml
@@ -17,11 +17,11 @@ sed -i -e "/\"version\": /s/: .*,/: \"$VERSION\",/" ${root_dirpath}/frontend/pac
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i -e "/^windmill-api =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill/pyproject.toml
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
-sed -i -e "/^[[:space:]]*ModuleVersion[[:space:]]*=/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
+sed -i -e "/^ModuleVersion =/s/= .*/= '$VERSION'/" ${root_dirpath}/powershell-client/WindmillClient/WindmillClient.psd1
 # sed -i -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" ${root_dirpath}/python-client/wmill_pg/pyproject.toml
 sed -i -e "/^wmill =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
 sed -i -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" ${root_dirpath}/lsp/Pipfile
 
 sed -i -zE "s/name = \"windmill\"\nversion = \"[^\"]*\"\\n(.*)/name = \"windmill\"\nversion = \"$VERSION\"\\n\\1/" ${root_dirpath}/backend/Cargo.lock
 
-cd ${root_dirpath}/frontend && npm i --package-lock-only --ignore-scripts
+cd ${root_dirpath}/frontend && npm i --package-lock-only

.github/workflows/aider-after-review.yaml.archived

@@ -1,94 +0,0 @@
-name: Aider Auto-fix PR Review Change Requests
-
-on:
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  check-membership:
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]')
-    runs-on: ubicloud-standard-2
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          REVIEWER: ${{ github.event.review.user.login }}
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-        run: |
-          ORG="windmill-labs"
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$REVIEWER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  check-and-prepare:
-    needs: check-membership
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      prompt_content: ${{ steps.prepare_prompt.outputs.prompt_content }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-        run: |
-          echo "Commenting on PR #${{ github.event.pull_request.number }} to acknowledge the /aider command."
-          gh pr comment ${{ github.event.pull_request.number }} --body "🤖 Aider is starting to work on your request. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
-
-      - name: Prepare prompt for Aider
-        id: prepare_prompt
-        shell: bash
-        env:
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          REVIEW_BODY: ${{ github.event.review.body }}
-        run: |
-          REVIEW_BODY_ESCAPED="${REVIEW_BODY//\\/\\\\}"
-          REVIEW_BODY_ESCAPED="${REVIEW_BODY_ESCAPED//\"/\\\"}"
-
-          ALL_REVIEW_COMMENTS=$(gh api \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/comments)
-
-          FORMATTED_COMMENTS=$(jq -r '[.[] | {diff_hunk: .diff_hunk, path: .path, body: .body}]' <<< "$ALL_REVIEW_COMMENTS")
-
-          BASE_PROMPT="Fix the following issues in the PR based on the review feedback. The review body is prepended with REVIEW. The review comments are prepended with REVIEW_COMMENTS. The review body and comments are separated by a blank line."
-
-          COMPLETE_PROMPT="${BASE_PROMPT}"$'\n'"REVIEW:"$'\n'"${REVIEW_BODY_ESCAPED}"$'\n'"REVIEW_COMMENTS:"$'\n'"${FORMATTED_COMMENTS}"
-
-          echo "prompt_content<<EOF" >> $GITHUB_OUTPUT
-          echo "$COMPLETE_PROMPT" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-  run-aider:
-    needs: [check-membership, check-and-prepare]
-    if: github.event.review.state == 'changes_requested' && contains(github.event.pull_request.title, '[Aider PR]') && needs.check-membership.outputs.is_member == 'true'
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      needs_processing: false
-      base_prompt: ${{ needs.check-and-prepare.outputs.prompt_content }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit

.github/workflows/aider-common.yml.archived

@@ -1,522 +0,0 @@
-name: Aider Common Steps
-
-on:
-  workflow_call:
-    inputs:
-      issue_title:
-        description: "Title of the issue or PR"
-        required: false
-        type: string
-      issue_body:
-        description: "Body of the issue or PR"
-        required: false
-        type: string
-      instruction:
-        description: "Instruction for Aider"
-        required: false
-        type: string
-      issue_id:
-        description: "ID of the issue or PR"
-        required: false
-        type: string
-      needs_processing:
-        description: "Whether the issue needs to be processed by the external API"
-        required: false
-        type: boolean
-        default: true
-      base_prompt:
-        description: "Base prompt for Aider"
-        required: false
-        type: string
-        default: "Try to fix the following issue based on the instruction given by the user. The issue is prepended with the word ISSUE. The instruction is prepended with the word INSTRUCTION. The issue and instruction are separated by a blank line."
-      probe_prompt:
-        description: "Prompt for probe-chat"
-        required: false
-        type: string
-        default: 'I''m giving you a request that needs to be implemented. Your role is ONLY to give me the files that are relevant to the request and nothing else. The request is prepended with the word REQUEST. Give me all the files relevant to this request. Your output MUST be a single json array that can be parsed with programatic json parsing, with the relevant files. Files can be rust or typescript or javascript files. DO NOT INCLUDE ANY OTHER TEXT IN YOUR OUTPUT. ONLY THE JSON ARRAY. Example of output: ["file1.py", "file2.py"]'
-      rules_files:
-        description: "Rules files for Aider"
-        required: false
-        type: string
-    outputs:
-      files_to_edit:
-        description: "Files identified by probe-chat for editing"
-        value: ${{ jobs.common-steps.outputs.files_to_edit }}
-      final_prompt:
-        description: "Final prompt for Aider"
-        value: ${{ jobs.common-steps.outputs.final_prompt }}
-      pr_branch_name:
-        description: "Name of the branch used for PR"
-        value: ${{ jobs.common-steps.outputs.pr_branch_name }}
-      changes_applied_message:
-        description: "Message indicating changes were applied"
-        value: ${{ jobs.common-steps.outputs.changes_applied_message }}
-      changes_applied:
-        description: "Boolean indicating if changes were successfully applied"
-        value: ${{ jobs.common-steps.outputs.changes_applied }}
-
-jobs:
-  common-steps:
-    runs-on: ubicloud-standard-8
-    outputs:
-      files_to_edit: ${{ steps.probe_files.outputs.files_to_edit }}
-      final_prompt: ${{ steps.create_prompt.outputs.final_prompt }}
-      pr_branch_name: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
-      changes_applied_message: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED_MESSAGE }}
-      changes_applied: ${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Checkout PR Branch
-        id: checkout_pr
-        if: (github.event_name == 'issue_comment' && github.event.issue.pull_request) || (github.event_name == 'pull_request_review')
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "Issue comment trigger: Checking out PR branch..."
-          PR_NUMBER=""
-          if [ -n "${{ github.event.issue.number }}" ]; then
-            PR_NUMBER="${{ github.event.issue.number }}"
-          elif [ -n "${{ github.event.pull_request.number }}" ]; then
-            PR_NUMBER="${{ github.event.pull_request.number }}"
-          else
-            echo "::error::Could not determine PR number."
-            exit 1
-          fi
-          PR_HEAD_REF=$(gh pr view $PR_NUMBER --json headRefName -q .headRefName --repo $GITHUB_REPOSITORY)
-          if [[ -z "$PR_HEAD_REF" || "$PR_HEAD_REF" == "null" ]]; then
-             echo "::error::Could not determine PR head branch for PR #$PR_NUMBER via gh CLI."
-             exit 1
-          fi
-          echo "Checking out PR head branch: $PR_HEAD_REF for PR #$PR_NUMBER"
-          git fetch origin "refs/heads/${PR_HEAD_REF}:refs/remotes/origin/${PR_HEAD_REF}" --no-tags
-          git checkout "$PR_HEAD_REF"
-          echo "Successfully checked out branch $(git rev-parse --abbrev-ref HEAD)"
-          echo "PR_BRANCH=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-
-      - name: Configure Git User
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-
-      - name: Cache Python dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt', '**/setup.py') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-
-      - name: Install Aider and Dependencies
-        run: |
-          echo "Installing Aider..."
-          python -m pip install uv
-          python -m venv ~/uv-env
-          source ~/uv-env/bin/activate
-          uv pip install configargparse==1.7
-          uv pip install aider-chat==0.83.1
-          uv pip install -U google-generativeai
-          sudo apt-get update && sudo apt-get install -y jq
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-          echo "VIRTUAL_ENV_PATH=$HOME/uv-env" >> $GITHUB_ENV
-
-      - name: Create Prompt for Aider
-        id: create_prompt
-        shell: bash
-        env:
-          BASE_PROMPT_ENV: ${{ inputs.base_prompt }}
-          ISSUE_TITLE_ENV: ${{ inputs.issue_title }}
-          ISSUE_BODY_ENV: ${{ inputs.issue_body }}
-          INSTRUCTION_ENV: ${{ inputs.instruction }}
-          NEEDS_PROCESSING_ENV: ${{ inputs.needs_processing }}
-          WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-        run: |
-          set -e
-          FINAL_PROMPT_CONTENT=""
-
-          if [[ "$ISSUE_TITLE_ENV" != "" && "$ISSUE_BODY_ENV" != "" ]]; then
-            echo "Processing issue with title: $ISSUE_TITLE_ENV"
-            if [[ "$NEEDS_PROCESSING_ENV" == "true" ]]; then
-              echo "Needs processing is true. Calling Windmill API..."
-              JSON_PAYLOAD=$(jq -n \
-                --arg title "$ISSUE_TITLE_ENV" \
-                --arg body "$ISSUE_BODY_ENV" \
-                '{"body":{"issue_title":$title,"issue_body":$body}}')
-
-              echo "Windmill JSON Payload: $JSON_PAYLOAD"
-
-              API_RESULT_FILE=$(mktemp)
-              HTTP_CODE=$(curl -s -o "$API_RESULT_FILE" -w "%{http_code}" \
-                -X POST "https://app.windmill.dev/api/w/windmill-labs/jobs/run_wait_result/p/f/ai/quiet_script" \
-                -H "Content-Type: application/json" \
-                -H "Authorization: Bearer $WINDMILL_TOKEN" \
-                --data-binary "$JSON_PAYLOAD" \
-                --max-time 90)
-
-              BODY_CONTENT=$(cat "$API_RESULT_FILE")
-              rm -f "$API_RESULT_FILE" # Clean up temp file
-
-              echo "Windmill API HTTP Code: $HTTP_CODE"
-              if [[ "$HTTP_CODE" -eq 200 ]]; then
-                PROCESSED_ISSUE_PROMPT=$(echo "$BODY_CONTENT" | jq -r '.effective_body // empty')
-                if [[ -z "$PROCESSED_ISSUE_PROMPT" || "$PROCESSED_ISSUE_PROMPT" == "null" ]]; then
-                  echo "::warning::Windmill API returned 200 but effective_body was empty or null."
-                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$ISSUE_BODY_ENV"
-                else
-                  echo "Successfully processed issue via Windmill API."
-                  EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT="$PROCESSED_ISSUE_PROMPT"
-                fi
-                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT_ENV" "$EFFECTIVE_ISSUE_CONTENT_FOR_PROMPT" "$INSTRUCTION_ENV")
-              else
-                echo "::error::Windmill API call failed (HTTP $HTTP_CODE). Using raw issue content for prompt."
-                FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                  "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
-              fi
-            else
-              echo "Needs processing is false. Using raw issue content for prompt."
-              FINAL_PROMPT_CONTENT=$(printf "%s\nISSUE:\n%s\nINSTRUCTION:\n%s" \
-                "$BASE_PROMPT_ENV" "$ISSUE_BODY_ENV" "$INSTRUCTION_ENV")
-            fi
-          else
-            echo "No issue title or body given. Using base prompt."
-            FINAL_PROMPT_CONTENT=$(printf "%s\nINSTRUCTION:\n%s" "$BASE_PROMPT_ENV" "$INSTRUCTION_ENV")
-          fi
-
-          echo "Final prompt: $FINAL_PROMPT_CONTENT"
-          echo "final_prompt<<EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
-          echo "$FINAL_PROMPT_CONTENT" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_PROMPT" >> "$GITHUB_OUTPUT"
-
-      - name: Probe Chat for Relevant Files
-        id: probe_files
-        shell: bash
-        env:
-          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
-          PROBE_PROMPT: ${{ inputs.probe_prompt }}
-        run: |
-          echo "Running probe-chat to find relevant files..."
-
-          MESSAGE_FOR_PROBE=$(printf "%s\nREQUEST:\n%s" "$PROBE_PROMPT" "$FINAL_PROMPT")
-
-          set -o pipefail
-          PROBE_OUTPUT=$(npx --yes @buger/probe-chat@latest --max-iterations 50 --model-name gemini-2.5-pro-preview-05-06 --message "$MESSAGE_FOR_PROBE") || {
-            echo "::error::probe-chat command failed. Output:"
-            echo "$PROBE_OUTPUT"
-            exit 1
-          }
-          set +o pipefail
-          echo "Probe-chat raw output:"
-          echo "$PROBE_OUTPUT"
-
-          JSON_FILES=$(echo "$PROBE_OUTPUT" | sed -n '/^\s*\[/,$p' | sed '/^\s*\]/q')
-          echo "Extracted JSON block:"
-          echo "$JSON_FILES"
-
-          FILES_LIST=$(echo "$JSON_FILES" | jq -e -r '[.[] | select(type == "string" and . != "" and . != null and (endswith("/") | not))] | join(" ")' || echo "")
-
-          if [[ -z "$FILES_LIST" ]]; then
-             echo "::warning::probe-chat did not identify any relevant files."
-          fi
-
-          echo "Formatted files list for aider: $FILES_LIST"
-          echo "files_to_edit=$FILES_LIST" >> $GITHUB_OUTPUT
-
-      - name: Cache Aider tags
-        uses: actions/cache@v3
-        with:
-          path: .aider.tags.cache.v4
-          key: ${{ runner.os }}-aider-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-aider-
-
-      - name: Prepare branch for Aider
-        id: prepare_branch
-        env:
-          ISSUE_ID: ${{ inputs.issue_id }}
-        run: |
-          if [[ "$ISSUE_ID" != "" ]]; then
-            BRANCH_NAME="aider-fix-issue-${ISSUE_ID}"
-
-            # Check if branch exists remotely
-            if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
-              echo "Branch $BRANCH_NAME already exists remotely, fetching it"
-              git fetch origin $BRANCH_NAME
-              git checkout $BRANCH_NAME
-              git pull origin $BRANCH_NAME
-            else
-              echo "Creating new branch $BRANCH_NAME"
-              git checkout -b $BRANCH_NAME
-            fi
-            echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
-          else
-            # We're in a pull_request_review event
-            PR_NUMBER="${{ github.event.pull_request.number }}"
-            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
-            
-            echo "Handling pull_request_review for PR #$PR_NUMBER on branch $PR_HEAD_REF"
-            
-            # Ensure we're on the correct branch
-            git config pull.rebase true
-            git fetch origin $PR_HEAD_REF
-            git checkout $PR_HEAD_REF
-            git pull origin $PR_HEAD_REF
-            
-            echo "Using PR branch $PR_HEAD_REF for PR #$PR_NUMBER"
-            echo "BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Run Aider
-        id: run_aider
-        shell: bash
-        env:
-          FILES_TO_EDIT: ${{ steps.probe_files.outputs.files_to_edit }}
-          FINAL_PROMPT: ${{ steps.create_prompt.outputs.final_prompt }}
-          RULES_FILES: ${{ inputs.rules_files }}
-        run: |
-          source $VIRTUAL_ENV_PATH/bin/activate
-          echo "$FINAL_PROMPT" > .aider_final_prompt.txt
-          echo "FILES_TO_EDIT: $FILES_TO_EDIT"
-
-          RULES=""
-          if [ -n "$RULES_FILES" ]; then
-            for rule in $RULES_FILES; do
-              RULES="$RULES --read $rule"
-            done
-          fi
-
-          aider \
-            $RULES \
-            $FILES_TO_EDIT \
-            --model gemini/gemini-2.5-pro-preview-05-06 \
-            --message-file .aider_final_prompt.txt \
-            --yes \
-            --no-check-update \
-            --auto-commits \
-            --no-analytics \
-            --no-gitignore \
-            | tee .aider_output.txt || true
-
-          echo "Aider command completed. Output saved to .aider_output.txt"
-
-      - name: Cache Node.js dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-
-      - name: Commit and Push Changes
-        id: commit_and_push
-        env:
-          ISSUE_ID: ${{ inputs.issue_id }}
-          BRANCH_NAME: ${{ steps.prepare_branch.outputs.BRANCH_NAME }}
-        run: |
-          if [[ "$ISSUE_ID" != "" ]]; then
-            # Check if there are any uncommitted changes
-            if [[ -n $(git status --porcelain) ]]; then
-              echo "Found uncommitted changes, committing them"
-              git add .
-              git commit -m "Aider changes"
-            fi
-
-            # Push changes to the branch
-            if git push origin $BRANCH_NAME; then
-              echo "Pushed to branch $BRANCH_NAME"
-              echo "PR_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED_MESSAGE=Aider changes pushed to branch $BRANCH_NAME." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
-            else
-              echo "::warning::Push to PR branch $BRANCH_NAME failed."
-              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $BRANCH_NAME." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
-            fi
-          else
-            # We're in a pull_request_review event
-            PR_HEAD_REF="${{ github.event.pull_request.head.ref }}"
-            echo "Attempting to push changes to PR branch $PR_HEAD_REF"
-            if git push origin $PR_HEAD_REF; then
-              echo "Push to $PR_HEAD_REF successful (or no new changes to push)."
-              echo "CHANGES_APPLIED_MESSAGE=Aider changes (if any) pushed to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
-              echo "PR_BRANCH_NAME=$PR_HEAD_REF" >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=true" >> $GITHUB_OUTPUT
-            else
-              echo "::warning::Push to PR branch $PR_HEAD_REF failed."
-              echo "CHANGES_APPLIED_MESSAGE=Aider ran, but failed to push changes to PR branch $PR_HEAD_REF." >> $GITHUB_OUTPUT
-              echo "CHANGES_APPLIED=false" >> $GITHUB_OUTPUT
-            fi
-          fi
-
-      - name: Create Pull Request
-        if: always() && (github.event_name == 'issue_comment' || github.event_name == 'repository_dispatch') && !github.event.issue.pull_request && steps.commit_and_push.outputs.PR_BRANCH_NAME != ''
-        id: create_pr
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_BRANCH: ${{ steps.commit_and_push.outputs.PR_BRANCH_NAME }}
-          ISSUE_NUM: ${{ inputs.issue_id }}
-          ISSUE_TITLE: ${{ inputs.issue_title }}
-          GITHUB_EVENT_NAME: ${{ github.event_name }}
-        run: |
-          # Create PR description in a temporary file to avoid command line length limits and ensure it stays under 40k chars
-          HEADER="This PR was created automatically by Aider to fix issue #${ISSUE_NUM}."
-          # if event is repository_dispatch, add the issue title to the header
-          if [ "$GITHUB_EVENT_NAME" == "repository_dispatch" ]; then
-            if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
-              HEADER="This PR was created automatically by Aider to fix issue #linear:${ISSUE_NUM}."
-            elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
-              HEADER="This PR was created automatically by Aider to fix issue #discord:${ISSUE_NUM}."
-            fi
-          fi
-          cat > /tmp/pr-description.md << EOL | head -c 40000
-          $HEADER
-
-          ## Aider Output
-          \`\`\`
-          $(cat .aider_output.txt || echo "No output available")
-          \`\`\`
-          EOL
-
-          # Create PR using the file for the body content, handle errors gracefully
-          set +e  # Don't exit on error
-          PR_TITLE="[Aider PR] Fix: ${ISSUE_TITLE}"
-          if [ -z "$ISSUE_TITLE" ]; then
-            PR_TITLE="[Aider PR] AI changes after request"
-          fi
-          gh pr create \
-            --title "$PR_TITLE" \
-            --body-file /tmp/pr-description.md \
-            --head "$PR_BRANCH" \
-            --base main \
-            --draft
-          PR_CREATE_EXIT_CODE=$?
-          set -e  # Re-enable exit on error
-
-          if [ $PR_CREATE_EXIT_CODE -eq 0 ]; then
-            echo "PR created successfully"
-            PR_URL=$(gh pr view $PR_BRANCH --json url --jq .url)
-            echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
-            echo "PR_CREATED=true" >> $GITHUB_OUTPUT
-          else
-            echo "Warning: Failed to create PR. Exit code: $PR_CREATE_EXIT_CODE"
-            echo "PR_CREATED=false" >> $GITHUB_OUTPUT
-            # Continue workflow despite PR creation failure
-          fi
-
-      - name: Comment on PR with Aider Output
-        if: always() && github.event_name == 'pull_request_review' && steps.commit_and_push.outputs.CHANGES_APPLIED != ''
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUM: ${{ github.event.pull_request.number }}
-          JOB_STATUS: ${{ job.status }}
-        run: |
-          # Create comment body in a temporary file to avoid command line length limits
-          if [[ "${{ steps.commit_and_push.outputs.CHANGES_APPLIED }}" == "true" ]]; then
-            if [[ "$JOB_STATUS" == "success" ]]; then
-              STATUS_PREFIX="🤖 I've automatically addressed the feedback based on the review."
-            else
-              STATUS_PREFIX="⚠️ I attempted to address the feedback, but encountered some issues."
-            fi
-          else
-            if [[ "$JOB_STATUS" == "success" ]]; then
-              STATUS_PREFIX="🤖 I attempted to address the review feedback, but no modifications were made."
-            else
-              STATUS_PREFIX="⚠️ I encountered issues while attempting to address the feedback, and no modifications were made."
-            fi
-          fi
-
-          cat > /tmp/pr-comment.md << EOL
-          ${STATUS_PREFIX}
-
-          ## Aider Output
-          \`\`\`
-          $(cat .aider_output.txt || echo 'No output available')
-          \`\`\`
-
-          Please review the output and provide additional guidance if needed.
-          EOL
-
-          # Use the file for comment body
-          gh pr comment $PR_NUM --body-file /tmp/pr-comment.md
-
-      - name: Comment on issue/PR to let the user know Aider has finished working on the request
-        if: always() && github.event_name == 'issue_comment'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          JOB_STATUS: ${{ job.status }}
-          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
-          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
-        run: |
-          echo "Commenting on issue/PR #${{ github.event.issue.number }} to let the user know Aider has finished working on the request."
-
-          if [[ "$JOB_STATUS" == "success" ]]; then
-            if [[ "$PR_CREATED" == "true" ]]; then
-              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
-            else
-              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
-            fi
-          else
-            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
-          fi
-
-          gh issue comment ${{ github.event.issue.number }} --body "$COMMENT_BODY" --repo $GITHUB_REPOSITORY
-
-      - name: Comment on linear issue to let the user know Aider has finished working on the request
-        if: always() && github.event_name == 'repository_dispatch'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          JOB_STATUS: ${{ job.status }}
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-          PR_CREATED: ${{ steps.create_pr.outputs.PR_CREATED }}
-          PR_URL: ${{ steps.create_pr.outputs.PR_URL }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-          SOURCE: ${{ github.event.client_payload.source }}
-        run: |
-          echo "Notifying user about Aider completion status for $SOURCE request #${{ github.event.client_payload.issue_id }}"
-          if [[ "$JOB_STATUS" == "success" ]]; then
-            if [[ "$PR_CREATED" == "true" ]]; then
-              COMMENT_BODY="🤖 Aider has finished working on your request. A PR has been created. $PR_URL"
-            else
-              COMMENT_BODY="🤖 Aider has finished working on your request, but was unable to create a PR."
-            fi
-          else
-            COMMENT_BODY="⚠️ Aider encountered issues while working on your request. Please check the workflow logs for details."
-          fi
-
-          if [[ "$SOURCE" == "discord" ]]; then
-            curl -X POST \
-              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
-              -H "Content-Type: application/json" \
-              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
-              -d "{\"content\":\"${COMMENT_BODY}\"}"
-          else
-            curl -X POST \
-              -H "Authorization: $LINEAR_API_KEY" \
-              -H "Content-Type: application/json" \
-              "https://api.linear.app/graphql" \
-              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"${COMMENT_BODY}\\\" }) { success } }\"}"
-          fi

.github/workflows/aider-external.yaml.archived

@@ -1,80 +0,0 @@
-name: External Aider Issue Fix
-
-on:
-  repository_dispatch:
-    types: [external_issue_fix]
-
-jobs:
-  check-and-prepare:
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
-      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
-      instruction: ${{ steps.determine_inputs.outputs.INSTRUCTION }}
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-      LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-        run: |
-          if [[ "${{ github.event.client_payload.source }}" == "linear" ]]; then
-            echo "Commenting on Linear issue #${{ github.event.client_payload.issue_id }} to acknowledge the request."
-            curl -X POST \
-              -H "Authorization: $LINEAR_API_KEY" \
-              -H "Content-Type: application/json" \
-              "https://api.linear.app/graphql" \
-              -d "{\"query\":\"mutation { commentCreate(input: { issueId: \\\"${{ github.event.client_payload.issue_id }}\\\", body: \\\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\\\" }) { success } }\"}"
-          elif [[ "${{ github.event.client_payload.source }}" == "discord" ]]; then
-            echo "Commenting on Discord thread #${{ github.event.client_payload.channel_id }} to acknowledge the request."
-            curl -X POST \
-              -H "Authorization: Bot $DISCORD_BOT_TOKEN" \
-              -H "Content-Type: application/json" \
-              "https://discord.com/api/v10/channels/${{ github.event.client_payload.channel_id }}/messages" \
-              -d "{\"content\":\"🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes.\"}"
-          fi
-
-      - name: Determine inputs for Aider
-        id: determine_inputs
-        shell: bash
-        env:
-          ISSUE_TITLE: ${{ github.event.client_payload.issue_title }}
-          ISSUE_BODY: ${{ github.event.client_payload.issue_body }}
-          INSTRUCTION: ${{ github.event.client_payload.instruction }}
-        run: |
-          echo "Determining inputs for Aider..."
-
-          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_TITLE" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-
-          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_BODY" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-
-          echo "INSTRUCTION<<EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "$INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_INSTRUCTION" >> "$GITHUB_OUTPUT"
-          echo "Finished determining inputs."
-
-  run-aider:
-    needs: check-and-prepare
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
-      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
-      instruction: ${{ needs.check-and-prepare.outputs.instruction }}
-      issue_id: ${{ github.event.client_payload.issue_id }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit

.github/workflows/aider.yaml.archived

@@ -1,165 +0,0 @@
-name: Aider Auto-fix issues and PR comments via external prompt
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  check-membership:
-    runs-on: ubicloud-standard-2
-    if: |
-      github.event_name == 'issue_comment' &&
-      contains(github.event.comment.body, '/aider') &&
-      !contains(github.event.comment.user.login, '[bot]')
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          COMMENTER: ${{ github.event.comment.user.login }}
-          ORG_ACCESS_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }}
-        run: |
-          ORG="windmill-labs"
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi
-
-  check-and-prepare:
-    needs: check-membership
-    runs-on: ubicloud-standard-2
-    if: needs.check-membership.outputs.is_member == 'true'
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-    env:
-      GEMINI_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      WINDMILL_TOKEN: ${{ secrets.WINDMILL_TOKEN }}
-    outputs:
-      issue_title: ${{ steps.determine_inputs.outputs.ISSUE_TITLE }}
-      issue_body: ${{ steps.determine_inputs.outputs.ISSUE_BODY }}
-      comment_content: ${{ steps.determine_inputs.outputs.COMMENT_CONTENT }}
-      pr_branch: ${{ steps.checkout_pr.outputs.PR_BRANCH }}
-
-    steps:
-      - name: Acknowledge Request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-        run: |
-          echo "Commenting on issue/PR #${{ github.event.issue.number }} to acknowledge the /aider command."
-          gh issue comment ${{ github.event.issue.number }} --body "🤖 Aider is starting to work on your request. I'll update you here once I have a PR ready. Please be patient, this might take a few minutes." --repo $GITHUB_REPOSITORY
-
-      - name: Determine inputs for Aider
-        id: determine_inputs
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          COMMENT_BODY: ${{ github.event.comment.body }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          LINEAR_API_KEY: ${{ secrets.LINEAR_API_KEY }}
-        run: |
-          echo "Determining inputs for Aider..."
-          ISSUE_TITLE_VAL=""
-          ISSUE_BODY_VAL=""
-
-          if [[ ! -z "${{ github.event.issue.pull_request }}" ]]; then
-            echo "This is a comment on a Pull Request"
-            PR_NUMBER="$ISSUE_NUMBER"
-            
-            PR_BODY_JSON=$(gh pr view "$PR_NUMBER" --json body --repo "$GITHUB_REPOSITORY")
-            if [[ $? -ne 0 ]]; then
-              echo "Error fetching PR body for PR #$PR_NUMBER"
-              PR_BODY_VAL=""
-            else
-              PR_BODY_VAL=$(jq -r '.body // ""' <<< "$PR_BODY_JSON")
-            fi
-            
-            if [[ ! -z "$PR_BODY_VAL" ]]; then
-              REFERENCED_ISSUE=""
-              if [[ "$PR_BODY_VAL" =~ \#linear:([a-f0-9-]+) ]]; then
-                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
-                echo "Found referenced Linear issue #$REFERENCED_ISSUE in PR description"
-                LINEAR_ISSUE_JSON=$(curl -s -H "Authorization: $LINEAR_API_KEY" \
-                  "https://api.linear.app/graphql" \
-                  -X POST \
-                  -H "Content-Type: application/json" \
-                  -d "{\"query\":\"query { issue(id: \\\"$REFERENCED_ISSUE\\\") { title description } }\"}")
-                
-                if [[ $? -eq 0 && ! "$LINEAR_ISSUE_JSON" =~ "error" ]]; then
-                  ISSUE_TITLE_VAL=$(jq -r '.data.issue.title // ""' <<< "$LINEAR_ISSUE_JSON")
-                  ISSUE_BODY_VAL=$(jq -r '.data.issue.description // ""' <<< "$LINEAR_ISSUE_JSON")
-                  echo "Successfully fetched Linear issue details"
-                else
-                  echo "Error fetching Linear issue details for #$REFERENCED_ISSUE"
-                fi
-              elif [[ "$PR_BODY_VAL" =~ \#([0-9]+) ]]; then
-                REFERENCED_ISSUE="${BASH_REMATCH[1]}"
-                echo "Found referenced GitHub issue #$REFERENCED_ISSUE in PR description"
-                
-                ISSUE_DETAILS_JSON=$(gh issue view "$REFERENCED_ISSUE" --json title,body --repo "$GITHUB_REPOSITORY")
-                if [[ $? -ne 0 ]]; then
-                  echo "Error fetching issue details for #$REFERENCED_ISSUE"
-                else
-                  ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
-                  ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON")
-                fi
-              fi
-            else
-              echo "PR body is empty or could not be fetched."
-            fi
-          else
-            echo "This is a comment on a regular issue"
-            
-            ISSUE_DETAILS_JSON=$(gh issue view "$ISSUE_NUMBER" --json title,body --repo "$GITHUB_REPOSITORY")
-            if [[ $? -ne 0 ]]; then
-              echo "Error fetching issue details for #$ISSUE_NUMBER"
-            else
-              ISSUE_TITLE_VAL=$(jq -r '.title // ""' <<< "$ISSUE_DETAILS_JSON")
-              ISSUE_BODY_VAL=$(jq -r '.body // ""' <<< "$ISSUE_DETAILS_JSON") 
-            fi
-          fi
-
-          echo "ISSUE_TITLE<<EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_TITLE_VAL" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_TITLE" >> "$GITHUB_OUTPUT"
-
-          echo "ISSUE_BODY<<EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-          echo "$ISSUE_BODY_VAL" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_BODY" >> "$GITHUB_OUTPUT"
-
-          CLEAN_COMMENT="${COMMENT_BODY/\/aider/}"
-          CLEAN_COMMENT="${CLEAN_COMMENT#"${CLEAN_COMMENT%%[![:space:]]*}"}"
-          CLEAN_COMMENT="${CLEAN_COMMENT%"${CLEAN_COMMENT##*[![:space:]]}"}"
-
-          echo "COMMENT_CONTENT<<EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "$CLEAN_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "EOF_AIDER_COMMENT" >> "$GITHUB_OUTPUT"
-          echo "Finished determining inputs."
-
-  run-aider:
-    needs: [check-membership, check-and-prepare]
-    if: needs.check-membership.outputs.is_member == 'true'
-    uses: ./.github/workflows/aider-common.yml
-    with:
-      issue_title: ${{ needs.check-and-prepare.outputs.issue_title }}
-      issue_body: ${{ needs.check-and-prepare.outputs.issue_body }}
-      instruction: ${{ needs.check-and-prepare.outputs.comment_content }}
-      issue_id: ${{ github.event.issue.number }}
-      rules_files: ".cursor/rules/rust-best-practices.mdc .cursor/rules/svelte5-best-practices.mdc .cursor/rules/windmill-overview.mdc"
-    secrets: inherit

.github/workflows/backend-check.yml

@@ -1,121 +0,0 @@
-name: Backend check
-on:
-  workflow_run:
-    workflows: ["Change versions"]
-    types:
-      - completed
-  push:
-    paths:
-      - "backend/**"
-      - ".github/workflows/backend-check.yml"
-
-jobs:
-  check_oss:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: SQLX_OFFLINE=true cargo check
-
-  check_oss_full:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: install xmlsec1
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: |
-          mkdir -p fake_frontend_build
-          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --features all_sqlx_features
-
-  check_ee:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Read EE repo commit hash
-        run: |
-          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: Substitute EE code (EE logic is behind feature flag)
-        run: |
-          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: SQLX_OFFLINE=true cargo check
-
-  check_ee_full:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Read EE repo commit hash
-        run: |
-          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: install xmlsec1
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev
-
-      - name: Substitute EE code (EE logic is behind feature flag)
-        run: |
-          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-      - name: cargo check
-        timeout-minutes: 16
-        working-directory: ./backend
-        run: |
-          mkdir -p fake_frontend_build
-          FRONTEND_BUILD_DIR=$(pwd)/fake_frontend_build SQLX_OFFLINE=true cargo check --features all_sqlx_features,private

.github/workflows/backend-test.yml

@@ -13,67 +13,40 @@ on:
       - "backend/**"
       - ".github/workflows/backend-test.yml"
 
-defaults:
-  run:
-    working-directory: ./backend
-
 jobs:
   cargo_test:
     runs-on: ubicloud-standard-8
+    container:
+      image: ghcr.io/windmill-labs/backend-tests
     services:
       postgres:
         image: postgres
-        ports:
-          - 5432:5432
         env:
           POSTGRES_DB: windmill
           POSTGRES_PASSWORD: changeme
+
         options: >-
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s
           --health-retries 5
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: "9.0.x"
-      - uses: denoland/setup-deno@v2
-        with:
-          deno-version: v2.x
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.21.5
-      - uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: 1.1.43
-      - uses: astral-sh/setup-uv@v6.2.1
-        with:
-          version: "0.6.2"
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-      - name: Read EE repo commit hash
-        run: |
-          echo "ee_repo_ref=$(cat ./ee-repo-ref.txt)" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v4
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: ./windmill-ee-private
-          ref: ${{ env.ee_repo_ref }}
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-          fetch-depth: 0
-
-      - name: Substitute EE code (EE logic is behind feature flag)
-        run: |
-          ./substitute_ee_code.sh --copy --dir ./windmill-ee-private
+          toolchain: 1.80.0
+      # - uses: Swatinem/rust-cache@v2
+      #   with:
+      #     workspaces: |
+      #       backend
+      #       backend -> target
       - name: cargo test
-        timeout-minutes: 16
-        run: deno --version && bun -v && go version && python3 --version &&
-          SQLX_OFFLINE=true
-          DATABASE_URL=postgres://postgres:changeme@localhost:5432/windmill
-          DISABLE_EMBEDDING=true RUST_LOG=info RUST_LOG_STYLE=never
-          DENO_PATH=$(which deno) BUN_PATH=$(which bun) GO_PATH=$(which go)
-          UV_PATH=$(which uv) cargo test --features
-          enterprise,deno_core,license,python,rust,scoped_cache,private --all --
-          --nocapture
+        timeout-minutes: 15
+        run:
+          /usr/bin/deno --version &&
+          /usr/bin/bun -v &&
+          go version &&
+          /usr/local/bin/python3 --version &&
+          mkdir frontend/build && cd backend && touch
+          windmill-api/openapi-deref.yaml &&
+          DATABASE_URL=postgres://postgres:changeme@postgres:5432/windmill
+          DISABLE_EMBEDDING=true RUST_LOG=info cargo test --features
+          enterprise,deno_core --all -- --nocapture

.github/workflows/benchmark.yml

@@ -14,13 +14,9 @@ jobs:
         env:
           POSTGRES_DB: windmill
           POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
         options: >-
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s
           --health-retries 5
-          --shm-size=2g
-
-
       windmill:
         image: ghcr.io/windmill-labs/windmill-ee:main
         env:
@@ -35,12 +31,12 @@ jobs:
         ports:
           - 8000:8000
     steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - name: benchmark
-        timeout-minutes: 30
-        run: deno run  -A -r
+        timeout-minutes: 20
+        run: deno run --unstable -A -r
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
           -c
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
@@ -59,7 +55,6 @@ jobs:
         env:
           POSTGRES_DB: windmill
           POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
         options: >-
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s
           --health-retries 5
@@ -77,12 +72,12 @@ jobs:
         ports:
           - 8000:8000
     steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - name: benchmark
         timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
           --no-warm-up -c
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_dedicated.json
@@ -101,7 +96,6 @@ jobs:
         env:
           POSTGRES_DB: windmill
           POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
         options: >-
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s
           --health-retries 5
@@ -152,17 +146,16 @@ jobs:
           --pull always
 
     steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - name: benchmark
         timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
           -c
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
           --workers 4
-          --factor 3
       - name: Save benchmark results
         uses: actions/upload-artifact@v4
         with:
@@ -178,7 +171,6 @@ jobs:
         env:
           POSTGRES_DB: windmill
           POSTGRES_PASSWORD: changeme
-          POSTGRES_INITDB_ARGS: "-c shared_buffers=2GB -c work_mem=32MB -c effective_cache_size=4GB"
         options: >-
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s
           --health-retries 5
@@ -272,17 +264,16 @@ jobs:
         options: >-
           --pull always
     steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - name: benchmark
         timeout-minutes: 20
-        run: deno run  -A -r
+        run: deno run --unstable -A -r
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_suite.ts
           -c
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/suite_config.json
           --workers 8
-          --factor 3
       - name: Save benchmark results
         uses: actions/upload-artifact@v4
         with:
@@ -298,9 +289,9 @@ jobs:
       - benchmark_4workers
       - benchmark_8workers
     steps:
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - uses: actions/checkout@v4
         with:
           ref: benchmarks
@@ -309,7 +300,7 @@ jobs:
         with:
           merge-multiple: true
       - name: graphs
-        run: deno run -A -r
+        run: deno run --unstable -A -r
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/benchmark_graphs.ts
           -c
           https://raw.githubusercontent.com/windmill-labs/windmill/${GITHUB_REF##ref/head/}/benchmarks/graphs_config.json

.github/workflows/build-publish-rh-image.yml

@@ -3,7 +3,8 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 name: Build and publish windmill for RHEL9
-on: workflow_dispatch
+on:
+  workflow_dispatch
 
 permissions: write-all
 
@@ -64,7 +65,7 @@ jobs:
           platforms: linux/amd64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
           secrets: |
             rh_username=${{ secrets.RH_USERNAME }}
             rh_password=${{ secrets.RH_PASSWORD }}
@@ -73,7 +74,7 @@ jobs:
           labels: |
             ${{ steps.meta-ee-public.outputs.labels }}-amd64
             org.opencontainers.image.licenses=Windmill-Enterprise-License
-
+      
       - name: Build and push publicly ee arm64
         uses: depot/build-push-action@v1
         with:
@@ -81,7 +82,7 @@ jobs:
           platforms: linux/arm64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
           secrets: |
             rh_username=${{ secrets.RH_USERNAME }}
             rh_password=${{ secrets.RH_PASSWORD }}
@@ -98,22 +99,16 @@ jobs:
           path: "/windmill/target/release/windmill"
 
       - uses: shrink/actions-docker-extract@v3
-        id: extract-duckdb-ffi-internal
+        id: extract-ee-arm64
         with:
-          image: ${{ steps.meta-ee-public.outputs.tags}}-amd64
-          path: "/usr/src/app/libwindmill_duckdb_ffi_internal.so"
-
-      # - uses: shrink/actions-docker-extract@v3
-      #   id: extract-ee-arm64
-      #   with:
-      #     image: ${{ steps.meta-ee-public.outputs.tags}}-arm64
-      #     path: "/windmill/target/release/windmill"
+          image: ${{ steps.meta-ee-public.outputs.tags}}-arm64
+          path: "/windmill/target/release/windmill"
 
       - name: Rename binary with corresponding architecture
         run: |
           mv "${{ steps.extract-ee-amd64.outputs.destination }}/windmill" "${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel9"
-          # mv "${{ steps.extract-ee-arm64.outputs.destination }}/windmill" "${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9"
-
+          mv "${{ steps.extract-ee-arm64.outputs.destination }}/windmill" "${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9"
+      
       - uses: actions/upload-artifact@v4
         with:
           name: RHEL9-amd64 build
@@ -121,15 +116,8 @@ jobs:
 
       - uses: actions/upload-artifact@v4
         with:
-          name: RHEL9-amd64 dynamic libraries build
-          path: ${{ steps.extract-duckdb-ffi-internal.outputs.destination }}/libwindmill_duckdb_ffi_internal.so
-
-      # - uses: actions/upload-artifact@v4
-      #   with:
-      #     name: RHEL9-arm64 build
-      #     path:
-      #       ${{ steps.extract-ee-arm64.outputs.destination
-      #       }}/windmill-ee-arm64-rhel9
+          name: RHEL9-arm64 build
+          path: ${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel9
 
       # - name: Attach binary to release
       #   uses: softprops/action-gh-release@v2

.github/workflows/build-staging-image.yml

@@ -0,0 +1,70 @@
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+name: Build windmill-staging
+on:
+  workflow_dispatch:
+
+permissions: write-all
+
+jobs:
+  build_ee:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read EE repo commit hash
+        run: |
+          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
+
+      - uses: actions/checkout@v4
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: ./windmill-ee-private
+          ref: ${{ env.ee_repo_ref }}
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+          fetch-depth: 0
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta-ee-public
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-staging-ee
+          flavor: |
+            latest=false
+          tags: |
+            type=sha
+            type=ref,event=branch
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Substitute EE code
+        run: |
+          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
+
+      - name: Build and push publicly ee
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,deno_core
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License

.github/workflows/build_windows_worker_.yml

@@ -30,24 +30,12 @@ jobs:
           token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
           fetch-depth: 0
 
-      - name: Setup Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.90.0
-          override: true
-
       - name: Substitute EE code
         shell: bash
         run: |
           ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
 
-      - name: Cargo build dynamic libraries windows
-        timeout-minutes: 90
-        run: |
-          cd backend/windmill-duckdb-ffi-internal
-          cargo build --release -p windmill_duckdb_ffi_internal
-
-      - name: Cargo build binary windows
+      - name: Cargo build windows
         timeout-minutes: 90
         run: |
           vcpkg.exe install openssl-windows:x64-windows
@@ -57,19 +45,14 @@ jobs:
           $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
           mkdir frontend/build && cd backend
           New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,nats,sqs_trigger,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
+          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
+
       - name: Rename binary with corresponding architecture
         run: |
           Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"
 
-      - name: Upload binary artifact
-        uses: actions/upload-artifact@v4
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
         with:
           name: windmill-ee-binary
           path: ./backend/target/release/windmill-ee.exe
-
-      - name: Upload dynamic libraries artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: windmill_duckdb_ffi_internal.dll
-          path: ./backend/windmill-duckdb-ffi-internal/target/release/windmill_duckdb_ffi_internal.dll

.github/workflows/build_ws.yml

@@ -19,10 +19,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      # - uses: depot/setup-action@v1
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
+      - uses: depot/setup-action@v1
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
@@ -43,7 +40,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push publicly
-        uses: docker/build-push-action@v6
+        uses: depot/build-push-action@v1
         with:
           context: .
           file: ./docker/DockerfileMultiplayer

.github/workflows/change-versions.yml

@@ -9,14 +9,7 @@ jobs:
     runs-on: ubicloud
     container: node:18
     steps:
-      - uses: actions/create-github-app-token@v2
-        id: app
-        with:
-          app-id: ${{ vars.INTERNAL_APP_ID }}
-          private-key: ${{ secrets.INTERNAL_APP_KEY }}
       - uses: actions/checkout@v4
-        with:
-          token: ${{ steps.app.outputs.token }}
       - run: git config --system --add safe.directory /__w/windmill/windmill
       - name: Change versions
         run: ./.github/change-versions.sh "$(cat version.txt)"
@@ -27,9 +20,4 @@ jobs:
         run: |
           cd backend
           cargo generate-lockfile
-      - uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_user_name: windmill-internal-app[bot]
-          commit_user_email: windmill-internal-app[bot]@users.noreply.github.com
-        env:
-          GITHUB_TOKEN: ${{ steps.app.outputs.token }}
+      - uses: stefanzweifel/git-auto-commit-action@v4

.github/workflows/check-org-membership.yml

@@ -1,66 +0,0 @@
-name: Check Organization Membership
-
-on:
-  workflow_call:
-    inputs:
-      commenter:
-        required: true
-        type: string
-        description: 'The username to check for organization membership'
-      organization:
-        required: false
-        type: string
-        default: 'windmill-labs'
-        description: 'The organization to check membership for'
-      trusted_bot:
-        required: false
-        type: string
-        default: 'windmill-internal-app[bot]'
-        description: 'The trusted bot username to allow'
-    secrets:
-      access_token:
-        required: true
-        description: 'The access token to use for org membership check'
-    outputs:
-      is_member:
-        description: 'Whether the user is an organization member or trusted bot'
-        value: ${{ jobs.check-membership.outputs.is_member }}
-
-jobs:
-  check-membership:
-    runs-on: ubicloud-standard-2
-    outputs:
-      is_member: ${{ steps.check-membership.outputs.is_member }}
-    steps:
-      - name: Check organization membership
-        id: check-membership
-        env:
-          ORG_ACCESS_TOKEN: ${{ secrets.access_token }}
-          COMMENTER: ${{ inputs.commenter }}
-          ORG: ${{ inputs.organization }}
-          TRUSTED_BOT: ${{ inputs.trusted_bot }}
-        run: |
-          # 1. Allow the trusted bot straight away
-          if [[ "$COMMENTER" == "$TRUSTED_BOT" ]]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          # 2. Disallow other bots
-          if [[ "${COMMENTER}" =~ \[bot\]$ ]]; then
-            echo "is_member=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          # 3. Otherwise check if the user is a member of the organization
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -H "Authorization: token $ORG_ACCESS_TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/orgs/$ORG/members/$COMMENTER")
-
-          if [ "$STATUS" -eq 204 ]; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-          fi

.github/workflows/claude-fast.yml

@@ -1,78 +0,0 @@
-name: Fast Claude
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  determine-commenter:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/ai-fast')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/ai-fast')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/ai-fast')) ||
-      (github.event_name == 'issues' && contains(github.event.issue.body, '/ai-fast'))
-    runs-on: ubicloud-standard-2
-    outputs:
-      commenter: ${{ steps.determine-commenter.outputs.commenter }}
-    steps:
-      - name: Determine commenter
-        id: determine-commenter
-        run: |
-          # Work out who wrote the comment / review
-          if [[ "${{ github.event_name }}" == "issue_comment" || \
-                "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
-            COMMENTER="${{ github.event.comment.user.login }}"
-          elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
-            COMMENTER="${{ github.event.review.user.login }}"
-          else
-            COMMENTER="${{ github.event.issue.user.login }}"
-          fi
-          echo "commenter=$COMMENTER" >> $GITHUB_OUTPUT
-
-  check-membership:
-    needs: determine-commenter
-    uses: ./.github/workflows/check-org-membership.yml
-    with:
-      commenter: ${{ needs.determine-commenter.outputs.commenter }}
-    secrets:
-      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
-
-  claude-code-action:
-    needs: [determine-commenter, check-membership]
-    if: |
-      needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@beta
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          model: claude-opus-4-1-20250805
-          fallback_model: claude-sonnet-4-20250514
-          timeout_minutes: "60"
-          allowed_tools: "mcp__github__create_pull_request"
-          allowed_bots: "windmill-internal-app[bot]"
-          custom_instructions: |
-            ## IMPORTANT INSTRUCTIONS
-            - Your branch name should be a short description of the requested changes.
-            - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main.
-
-            ## Available Tools
-            - mcp__github__create_pull_request: Create PRs from branches
-          trigger_phrase: "/ai-fast"

.github/workflows/claude-plan.yml

@@ -1,90 +0,0 @@
-name: Claude Plan Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  determine-commenter:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/plan')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/plan')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/plan')) ||
-      (github.event_name == 'issues' && contains(github.event.issue.body, '/plan'))
-    runs-on: ubicloud-standard-2
-    outputs:
-      commenter: ${{ steps.determine-commenter.outputs.commenter }}
-    steps:
-      - name: Determine commenter
-        id: determine-commenter
-        run: |
-          # Work out who wrote the comment / review
-          if [[ "${{ github.event_name }}" == "issue_comment" || \
-                "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
-            COMMENTER="${{ github.event.comment.user.login }}"
-          elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
-            COMMENTER="${{ github.event.review.user.login }}"
-          else
-            COMMENTER="${{ github.event.issue.user.login }}"
-          fi
-          echo "commenter=$COMMENTER" >> $GITHUB_OUTPUT
-
-  check-membership:
-    needs: determine-commenter
-    uses: ./.github/workflows/check-org-membership.yml
-    with:
-      commenter: ${{ needs.determine-commenter.outputs.commenter }}
-    secrets:
-      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
-
-  claude-plan-action:
-    needs: [determine-commenter, check-membership]
-    if: |
-      needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-4
-    timeout-minutes: 20
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Run Claude Plan Action
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          allowed_bots: "windmill-internal-app[bot]"
-          trigger_phrase: "/plan"
-          claude_args: |
-            --system-prompt "# Claude Planning Mode
-
-            You are operating in PLANNING MODE ONLY. Your role is to create detailed, structured plans without making any code changes.
-
-            ## Your Responsibilities:
-
-            1. **Analyze the Request**: Carefully read and understand what the user is asking for
-            2. **Explore the Codebase**: Understand the relevant code structure
-            3. **Create a Detailed Plan**: Provide a comprehensive, step-by-step plan that includes:
-               - Clear breakdown of all tasks needed
-               - Files that will need to be modified or created
-               - Code patterns and architecture decisions
-               - Potential challenges and how to address them
-               - If there are multiple options to achieve the same goal, explain the pros and cons of each option
-
-            ## Strict Constraints:
-
-            - **DO NOT** make any code changes
-            - **DO NOT** create branches or pull requests
-
-            Remember: You are here to plan, not to implement. Provide thorough analysis and clear guidance for implementation."

.github/workflows/claude.yml

@@ -1,128 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  determine-commenter:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/ai')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/ai')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/ai')) ||
-      (github.event_name == 'issues' && contains(github.event.issue.body, '/ai'))
-    runs-on: ubicloud-standard-2
-    outputs:
-      commenter: ${{ steps.determine-commenter.outputs.commenter }}
-    steps:
-      - name: Determine commenter
-        id: determine-commenter
-        run: |
-          # Work out who wrote the comment / review
-          if [[ "${{ github.event_name }}" == "issue_comment" || \
-                "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
-            COMMENTER="${{ github.event.comment.user.login }}"
-          elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
-            COMMENTER="${{ github.event.review.user.login }}"
-          else
-            COMMENTER="${{ github.event.issue.user.login }}"
-          fi
-          echo "commenter=$COMMENTER" >> $GITHUB_OUTPUT
-
-  check-membership:
-    needs: determine-commenter
-    uses: ./.github/workflows/check-org-membership.yml
-    with:
-      commenter: ${{ needs.determine-commenter.outputs.commenter }}
-    secrets:
-      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
-
-  claude-code-action:
-    needs: [determine-commenter, check-membership]
-    if: |
-      needs.check-membership.outputs.is_member == 'true'
-    runs-on: ubicloud-standard-8
-    timeout-minutes: 60
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-
-      - name: Run npm install and generate-backend-client
-        working-directory: ./frontend
-        run: |
-          # add a build directory for cargo check
-          mkdir -p build
-          npm install
-          npm run generate-backend-client
-
-      - name: install xmlsec1
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev
-
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          cache-workspaces: backend
-          toolchain: 1.90.0
-
-      - name: cargo check
-        working-directory: ./backend
-        timeout-minutes: 16
-        run: |
-          SQLX_OFFLINE=true cargo check --features $(./all_features_oss.sh)
-
-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          allowed_bots: "windmill-internal-app[bot]"
-          trigger_phrase: "/ai"
-          settings: |
-            {
-              "env": {
-                "SQLX_OFFLINE": "true"
-              }
-            }
-          claude_args: |
-            --allowedTools "Bash"
-            --system-prompt "## IMPORTANT INSTRUCTIONS
-            - Your branch name should be a short description of the requested changes.
-            - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main.
-
-            ## Code Quality Requirements
-
-            After making any code changes, you MUST run the appropriate validation commands:
-
-            **Frontend Changes:**
-            - Run: \`npm run check\` in the frontend directory
-            - Fix all warnings and errors before proceeding
-
-            **Backend Changes:**
-            - Run: \`cargo check --features $(./all_features_oss.sh)\` in the backend directory
-            - Fix all warnings and errors before proceeding
-
-            **Pull Request Creation:**
-            - DO NOT FORGET TO OPEN A DRAFT PR AFTER YOU ARE DONE if you made changes after a request from a git issue.
-
-            ## Available Tools
-            - Bash: Full access to run validation commands and git operations"

.github/workflows/create-docs.yml

@@ -1,39 +0,0 @@
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  check-membership:
-    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/docs') }}
-    uses: ./.github/workflows/check-org-membership.yml
-    with:
-      commenter: ${{ github.event.comment.user.login }}
-    secrets:
-      access_token: ${{ secrets.ORG_ACCESS_TOKEN }}
-
-  generate-token:
-    needs: check-membership
-    if: ${{ needs.check-membership.outputs.is_member == 'true' }}
-    runs-on: ubicloud-standard-2
-    outputs:
-      app_token: ${{ steps.app.outputs.token }}
-    steps:
-      - name: Generate an installation token
-        id: app
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.INTERNAL_APP_ID }}
-          private-key: ${{ secrets.INTERNAL_APP_KEY }}
-          owner: windmill-labs
-
-  trigger-docs:
-    needs: [generate-token, check-membership]
-    if: ${{ needs.check-membership.outputs.is_member == 'true' }}
-    uses: windmill-labs/windmilldocs/.github/workflows/create-docs.yml@main
-    with:
-      pr_number: ${{ github.event.issue.number }}
-      repo: ${{ github.event.repository.name }}
-      comment_text: ${{ github.event.comment.body }}
-    secrets:
-      DOCS_TOKEN: ${{ needs.generate-token.outputs.app_token }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

.github/workflows/deno_on_release.yml

@@ -0,0 +1,48 @@
+name: Publish deno-client
+on:
+  push:
+    tags:
+      - "v*"
+env:
+  repo: windmill-deno-client
+
+jobs:
+  build_deno_and_push_to_repo:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+      - name: generate_deno
+        run: |
+          cd deno-client
+          rm .gitignore
+          ./build.sh
+      - name: Pushes to another repository
+        id: push_directory
+        uses: cpina/github-action-push-to-another-repository@devel
+        env:
+          API_TOKEN_GITHUB: ${{ secrets.DENO_PAT }}
+        with:
+          source-directory: deno-client/
+          destination-github-username: ${{ github.repository_owner }}
+          destination-repository-name: ${{ env.repo }}
+          user-email: ruben@windmill.dev
+          commit-message: See ORIGIN_COMMIT from $GITHUB_REF
+          target-branch: main
+
+  tag_repo:
+    needs: [build_deno_and_push_to_repo]
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{ github.repository_owner }}/${{ env.repo }}
+          token: ${{ secrets.DENO_PAT }}
+          path: ./client
+
+      - name: Push client
+        run: |
+          cd ./client
+          git config --global user.email "ruben@windmill.dev"
+          git config --global user.name "rubenfiszel[bot]"
+          git tag -a ${{ github.ref_name }} -m "${{ github.ref_name }}"
+          git push --tags

.github/workflows/discord-notification.yml

@@ -1,35 +0,0 @@
-name: Create discord thread when a PR is opened, react with green checkmark when PR is merged
-
-on:
-  pull_request:
-    types:
-      - opened
-      - ready_for_review
-      - closed
-
-jobs:
-  notify_discord_when_pr_opened:
-    if: (github.event.pull_request.draft == false) && (github.event.action == 'opened' || github.event.action == 'ready_for_review')
-    uses: ./.github/workflows/shareable-discord-notification.yml
-    with:
-      PR_TITLE: ${{ github.event.pull_request.title }}
-      PR_URL: ${{ github.event.pull_request.html_url }}
-      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
-      PR_STATUS: "opened"
-      PR_NUMBER: ${{ github.event.pull_request.number }}
-      DISCORD_CHANNEL_ID: "1372204995868491786"
-      DISCORD_GUILD_ID: "930051556043276338"
-    secrets:
-      DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_PR_REVIEWS_WEBHOOK }}
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}
-
-  merge_success_emoji:
-    if: github.event.action == 'closed'
-    uses: ./.github/workflows/shareable-discord-notification.yml
-    with:
-      PR_STATUS: "merged"
-      DISCORD_CHANNEL_ID: "1372204995868491786"
-      DISCORD_GUILD_ID: "930051556043276338"
-      PR_NUMBER: ${{ github.event.pull_request.number }}
-    secrets:
-      DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_AI_BOT_TOKEN }}

.github/workflows/docker-image-rpi4.yml

@@ -67,7 +67,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |
-            features=embedding,parquet,openidconnect,license,http_trigger,zip,oauth2,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp
+            features=embedding,parquet,openidconnect,deno_core
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev
             ${{ steps.meta-public.outputs.tags }}

.github/workflows/docker-image.yml

@@ -1,9 +1,12 @@
 env:
   REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.event_name != 'pull_request' && github.event_name !=
-    'workflow_dispatch' && github.repository || 'windmill-labs/windmill-test' }}
-  DEV_SHA: ${{ github.event_name != 'pull_request' && github.event_name !=
-    'workflow_dispatch' && 'dev' || github.event.inputs.tag || github.sha }}
+  IMAGE_NAME:
+    ${{ github.event_name != 'pull_request' && github.repository ||
+    'windmill-labs/windmill-test' }}
+  DEV_SHA:
+    ${{ github.event_name != 'pull_request' && 'dev' || format('pr-{0}',
+    github.event.number) }}
+
 name: Build windmill:main
 on:
   push:
@@ -13,37 +16,20 @@ on:
     types: [opened, synchronize, reopened]
     paths:
       - "Dockerfile"
-  workflow_dispatch:
-    inputs:
-      ee:
-        description: "Build EE image (true, false)"
-        required: false
-        default: false
-        type: boolean
-      tag:
-        description: "Tag the image"
-        required: true
-        default: "test"
-      nsjail:
-        description: "Build nsjail image (true, false)"
-        required: false
-        default: false
-        type: boolean
+
 concurrency:
   group: ${{ github.ref }}
-  cancel-in-progress: false
+  cancel-in-progress: true
 
 permissions: write-all
 
 jobs:
   build:
     runs-on: ubicloud
-    if: (github.event_name != 'workflow_dispatch') || (github.event.inputs &&
-      !github.event.inputs.ee)
+    if: (github.event_name != 'issue_comment') || (contains(github.event.comment.body, '/buildimage_all') || contains(github.event.comment.body, '/buildimage_base'))
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ github.ref }}
           fetch-depth: 0
 
       - name: Read EE repo commit hash
@@ -92,20 +78,20 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |
-            features=embedding,parquet,openidconnect,jemalloc,license,http_trigger,zip,oauth2,dind,postgres_trigger,mqtt_trigger,websocket,smtp,static_frontend,agent_worker_server,all_languages,deno_core,mcp,private
+            features=embedding,parquet,openidconnect,jemalloc,deno_core
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
             ${{ steps.meta-public.outputs.tags }}
           labels: |
             ${{ steps.meta-public.outputs.labels }}
+            org.opencontainers.image.licenses=AGPLv3
 
   build_ee:
     runs-on: ubicloud
-    if: (github.event_name != 'workflow_dispatch') || (github.event.inputs.ee || github.event.inputs.nsjail)
+    if: (github.event_name != 'issue_comment') || (contains(github.event.comment.body, '/buildimage_ee') || contains(github.event.comment.body, '/buildimage_nsjail')) || contains(github.event.comment.body, '/buildimage_all')
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ github.ref }}
           fetch-depth: 0
 
       - name: Read EE repo commit hash
@@ -154,7 +140,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |
-            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,agent_worker_server,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,otel,dind,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages,private,deno_core,mcp
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee:${{ env.DEV_SHA }}
             ${{ steps.meta-ee-public.outputs.tags }}
@@ -162,6 +148,68 @@ jobs:
             ${{ steps.meta-ee-public.outputs.labels }}
             org.opencontainers.image.licenses=Windmill-Enterprise-License
 
+  build_ee_312:
+    runs-on: ubicloud
+    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read EE repo commit hash
+        run: |
+          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
+
+      - uses: actions/checkout@v4
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: ./windmill-ee-private
+          ref: ${{ env.ee_repo_ref }}
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+          fetch-depth: 0
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta-ee-public-py312
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-py312
+          flavor: |
+            latest=false
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Substitute EE code
+        run: |
+          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
+
+      - name: Build and push publicly ee
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
+            PYTHON_IMAGE=python:3.12.2-slim-bookworm
+          tags: |
+            ${{ steps.meta-ee-public-py312.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public-py312.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
   # disabled until we make it 100% reliable and add more meaningful tests
   # playwright:
   #   runs-on: [self-hosted, new]
@@ -203,6 +251,7 @@ jobs:
       ARCH: amd64
     steps:
       - uses: actions/checkout@v4
+
       - run: |
           # pulling docker image with desired arch so that actions-docker-extract doesn't do it
           docker pull --platform "linux/$ARCH" ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
@@ -220,12 +269,6 @@ jobs:
           image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
           path: "/usr/src/app/windmill"
 
-      - uses: shrink/actions-docker-extract@v3
-        id: extract-duckdb-ffi-internal
-        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEV_SHA }}
-          path: "/usr/src/app/libwindmill_duckdb_ffi_internal.so"
-
       - uses: shrink/actions-docker-extract@v3
         id: extract-ee
         with:
@@ -243,7 +286,6 @@ jobs:
           files: |
             ${{ steps.extract.outputs.destination }}/*
             ${{ steps.extract-ee.outputs.destination }}/*
-            ${{ steps.extract-duckdb-ffi-internal.outputs.destination }}/*
 
   # attach_arm64_binary_to_release:
   #   needs: [build, build_ee]
@@ -295,7 +337,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ github.ref }}
           fetch-depth: 0
       - name: Prepare test run
         if: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
@@ -307,7 +348,7 @@ jobs:
           LICENSE_KEY: ${{ secrets.WM_LICENSE_KEY_CI }}
         run: cd integration_tests && ./run.sh
       - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: always()
         with:
           name: Windmill Integration Tests Logs
@@ -317,9 +358,7 @@ jobs:
   tag_latest:
     runs-on: ubicloud
     needs: [run_integration_test, build]
-    if:
-      github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' ||
-      startsWith(github.ref, 'refs/tags/v'))  && (github.event_name != 'workflow_dispatch')
+    if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
     steps:
       - uses: actions/checkout@v4
         with:
@@ -338,9 +377,7 @@ jobs:
   tag_latest_ee:
     runs-on: ubicloud
     needs: [run_integration_test, build_ee]
-    if:
-      github.event_name != 'pull_request' && (github.event_name != 'workflow_dispatch') && (github.ref == 'refs/heads/main' ||
-      startsWith(github.ref, 'refs/tags/v'))
+    if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
     steps:
       - uses: actions/checkout@v4
         with:
@@ -359,7 +396,7 @@ jobs:
   verify_ee_image_vulnerabilities:
     runs-on: ubicloud
     needs: [tag_latest_ee]
-    if: startsWith(github.ref, 'refs/tags/v') && (github.event_name != 'workflow_dispatch')
+    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -401,13 +438,11 @@ jobs:
   build_ee_nsjail:
     needs: [build_ee]
     runs-on: ubicloud
-    if: (github.event_name != 'pull_request') && ((github.event_name != 'workflow_dispatch') || (github.event.inputs.ee || github.event.inputs.nsjail))
-
+    if: (github.event_name != 'issue_comment') || (github.event_name != 'pull_request') || (contains(github.event.comment.body, '/buildimage_nsjail') || contains(github.event.comment.body, '/buildimage_all'))
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.ref }}
 
       # - name: Set up Docker Buildx
       #   uses: docker/setup-buildx-action@v2
@@ -436,11 +471,6 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Update Dockerfile image reference
-        run: |
-          sed -i 's|FROM ghcr.io/windmill-labs/windmill-ee:dev|FROM ghcr.io/${{ env.IMAGE_NAME }}-ee:${{ env.DEV_SHA }}|' ./docker/DockerfileNsjail
-          cat ./docker/DockerfileNsjail | grep "FROM"
-
       - name: Build and push publicly ee
         uses: depot/build-push-action@v1
         with:
@@ -454,11 +484,54 @@ jobs:
             ${{ steps.meta-ee-public.outputs.labels }}
             org.opencontainers.image.licenses=Windmill-Enterprise-License
 
+  build_ee_reports_privately:
+    needs: [build_ee_nsjail]
+    runs-on: ubicloud
+    if: github.event_name != 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta-ee-public
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-reports
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,enable=true,priority=100,prefix=,suffix=,format=short
+
+      - name: Build and push publicly ee reports
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: "./docker/DockerfileReports"
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
   publish_ecr_s3:
     needs: [build_ee_nsjail]
     runs-on: ubicloud-standard-2-arm
-    if: (github.event_name != 'pull_request') && (github.event_name !=
-      'workflow_dispatch')
+    if: github.event_name != 'pull_request'
     env:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -507,7 +580,6 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.ref }}
 
       # - name: Set up Docker Buildx
       #   uses: docker/setup-buildx-action@v2

.github/workflows/frontend-check.yml

@@ -1,27 +1,21 @@
 name: check frontend build
 on:
-  workflow_run:
-    workflows: ["Change versions"]
-    types:
-      - completed
-
-  merge_group:
-  push:
+  pull_request:
+    types: [opened, synchronize, reopened, closed]
     paths:
       - "frontend/**"
-      - ".github/workflows/frontend-check.yml"
+  merge_group:
 
 jobs:
   npm_check:
     runs-on: ubicloud-standard-8
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v3
         with:
-          node-version: 24
-          cache: "npm"
-          cache-dependency-path: "frontend/package-lock.json"
+          node-version: 18
       - name: "npm check"
-        timeout-minutes: 5
-        run: cd frontend && npm ci && npm run generate-backend-client && npm run
+        timeout-minutes: 2
+        run:
+          cd frontend && npm ci && npm run generate-backend-client && npm run
           check

.github/workflows/git-commands.yaml

@@ -1,276 +0,0 @@
-name: Git commands
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  update-sqlx:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/updatesqlx')
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-
-    services:
-      postgres:
-        image: postgres:16
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-          POSTGRES_DB: windmill
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - uses: actions/create-github-app-token@v2
-        id: app
-        with:
-          app-id: ${{ vars.INTERNAL_APP_ID }}
-          private-key: ${{ secrets.INTERNAL_APP_KEY }}
-
-      - name: Comment on PR - Starting
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ steps.app.outputs.token }}
-          script: |
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: 'Starting sqlx update...'
-            })
-
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          token: ${{ steps.app.outputs.token }}
-          ref: ${{ github.event.issue.pull_request.head.ref }}
-          fetch-depth: 0
-
-      - name: Checkout windmill-ee-private
-        uses: actions/checkout@v3
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: windmill-ee-private
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-
-      # Cache rust dependencies
-      - uses: dtolnay/rust-toolchain@stable
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: "./backend -> target"
-
-      - name: Install xmlsec build-time deps
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends \
-            pkg-config libxml2-dev libssl-dev \
-            xmlsec1 libxmlsec1-dev libxmlsec1-openssl
-
-      - name: Run update-sqlx script
-        env:
-          DATABASE_URL: postgres://postgres:postgres@localhost:5432/windmill
-          GH_TOKEN: ${{ steps.app.outputs.token }}
-        run: |
-          set -e  # Exit on any command failure
-          PR_NUMBER=${{ github.event.issue.number }}
-          BRANCH_NAME=$(gh pr view $PR_NUMBER --json headRefName --jq .headRefName)
-          echo "Checking out PR branch: $BRANCH_NAME"
-          git checkout $BRANCH_NAME
-          git config --local user.email "windmill-internal-app[bot]@users.noreply.github.com"
-          git config --local user.name "windmill-internal-app[bot]"
-          git config pull.rebase true
-          git pull origin $BRANCH_NAME
-          mkdir -p frontend/build
-          cd backend
-          cargo install sqlx-cli --version 0.8.5
-          sqlx migrate run
-          if ! ./update_sqlx.sh --dir ./windmill-ee-private; then
-            gh pr comment $PR_NUMBER --body "❌ SQLx update failed. Please check the workflow logs for details."
-            exit 1
-          fi
-          # Pass the branch name to the next step
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
-
-      - name: Commit changes if any
-        run: |
-          git add backend/.sqlx
-          git commit -m "Update SQLx metadata"
-          git push origin ${{ env.BRANCH_NAME }}
-
-      - name: Comment on PR - Completed
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ steps.app.outputs.token }}
-          script: |
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: 'Successfully ran sqlx update'
-            })
-
-  demo:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/demo')
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Run Claude Code for Demo Generation
-        uses: anthropics/claude-code-action@beta
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          timeout_minutes: "10"
-          allowed_tools: "Bash"
-          direct_prompt: |
-            You need to:
-
-            1. Extract the Cloudflare preview URL from the cloudflare-workers-and-pages bot comment in this PR
-            2. Analyze the PR changes to understand what feature was added/modified
-            3. Create detailed instructions to give to an AI agent that will click and interact with buttons and inputs to showcase the new feature. Only include the instructions, nothing else.
-            4. Create a demo.json file with a valid JSON object containing:
-              - instructions: the demo instructions
-              - url: the preview URL
-            5. VALIDATE the JSON file using `jq` before finishing
-            DO NOT COMMIT THIS FILE TO THE PR.
-
-            Example demo.json:
-            {
-              "instructions": "Click on settings, then account settings, then 'generate new token'",
-              "url": "https://example.pages.dev"
-            }
-
-            CRITICAL: After creating demo.json, you MUST:
-            1. Run `jq empty demo.json` to validate the JSON is properly formatted
-            2. If validation fails, fix the JSON and validate again
-            3. Only proceed once the JSON passes validation
-            4. Use proper JSON escaping for newlines, quotes, and special characters
-
-            Make sure to:
-            - Create a valid JSON object that passes `jq empty demo.json`
-            - Extract the correct preview URL (should be a .pages.dev domain)
-            - Create specific, actionable demo steps based on the actual changes in the PR
-            - Properly escape all strings in the JSON (use jq to create the file if needed)
-            - NOT COMMIT THE DEMO.JSON FILE TO THE PR
-
-      - name: Send instructions to Windmill
-        env:
-          DEMO_WEBHOOK_TOKEN: ${{ secrets.DEMO_WEBHOOK_TOKEN }}
-        run: |
-          if [[ -f "demo.json" ]]; then
-            echo "Found demo.json, sending to Windmill..."
-            cat demo.json
-
-            # Validate JSON one more time (Claude should have already done this)
-            if ! jq empty demo.json; then
-              echo "Error: demo.json is not valid JSON"
-              exit 1
-            fi
-
-            RESULT=$(curl -s \
-              -H 'Content-Type: application/json' \
-              -H "Authorization: Bearer $DEMO_WEBHOOK_TOKEN" \
-              -X POST \
-              -d @demo.json \
-              'https://app.windmill.dev/api/w/windmill-labs/jobs/run/f/f/ai/browserbase_demo')
-
-            echo "Windmill response:"
-            echo -E "$RESULT"
-          else
-            echo "Error: demo.json file not found"
-            exit 1
-          fi
-
-  update-ee-ref:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/eeref')
-    runs-on: ubicloud-standard-2
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-    steps:
-      - uses: actions/create-github-app-token@v2
-        id: app
-        with:
-          app-id: ${{ vars.INTERNAL_APP_ID }}
-          private-key: ${{ secrets.INTERNAL_APP_KEY }}
-
-      - name: Comment on PR - Starting
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ steps.app.outputs.token }}
-          script: |
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: 'Starting ee ref update...'
-            })
-
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          token: ${{ steps.app.outputs.token }}
-          ref: ${{ github.event.issue.pull_request.head.ref }}
-          fetch-depth: 0
-
-      - name: Checkout windmill-ee-private
-        uses: actions/checkout@v3
-        with:
-          repository: windmill-labs/windmill-ee-private
-          path: windmill-ee-private
-          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
-
-      - name: Get last commit hash of private-repo
-        id: get-commit-hash
-        run: |
-          cd windmill-ee-private
-          COMMIT_HASH=$(git rev-parse HEAD)
-          echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT
-          echo "Latest commit hash: $COMMIT_HASH"
-
-      - name: Update ee-repo-ref.txt
-        env:
-          GH_TOKEN: ${{ steps.app.outputs.token }}
-        run: |
-          PR_NUMBER=${{ github.event.issue.number }}
-          BRANCH_NAME=$(gh pr view $PR_NUMBER --json headRefName --jq .headRefName)
-          echo "Checking out PR branch: $BRANCH_NAME"
-          git checkout $BRANCH_NAME
-          git config --local user.email "windmill-internal-app[bot]@users.noreply.github.com"
-          git config --local user.name "windmill-internal-app[bot]"
-          git config pull.rebase true
-          git pull origin $BRANCH_NAME
-          echo "${{ steps.get-commit-hash.outputs.commit_hash }}" > backend/ee-repo-ref.txt
-          echo "Updated backend/ee-repo-ref.txt with commit hash: ${{ steps.get-commit-hash.outputs.commit_hash }}"
-          # commit and push the changes
-          git add backend/ee-repo-ref.txt
-          git commit -m "Update ee-repo-ref.txt" || echo "No changes to commit"
-          git push origin $BRANCH_NAME
-
-      - name: Comment on PR - Completed
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ steps.app.outputs.token }}
-          script: |
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: 'Successfully updated ee-repo-ref.txt'
-            })

.github/workflows/helmchart_on_release.yml

@@ -1,91 +0,0 @@
-name: Publish Helm Chart on Release
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  bump-helm-version:
-    runs-on: ubicloud-standard-2
-
-    steps:
-      - name: Generate an installation token
-        id: app
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.INTERNAL_APP_ID }}
-          private-key: ${{ secrets.INTERNAL_APP_KEY }}
-          owner: windmill-labs
-
-      - name: Checkout on helm repository
-        uses: actions/checkout@v3
-        with:
-          repository: windmill-labs/windmill-helm-charts
-          token: ${{ steps.app.outputs.token }}
-
-      - name: Get version
-        id: get_version
-        run: |
-          echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
-
-      - name: Create new branch
-        run: |
-          # Check if branch already exists remotely
-          if git ls-remote --heads origin bump-helm-version-${{ env.VERSION }} | grep -q bump-helm-version-${{ env.VERSION }}; then
-            # Branch exists, check it out
-            git fetch origin bump-helm-version-${{ env.VERSION }}
-            git checkout bump-helm-version-${{ env.VERSION }}
-          else
-            # Create new branch
-            git checkout -b bump-helm-version-${{ env.VERSION }}
-          fi
-
-          git config --local user.email "action@github.com"
-          git config --local user.name "GitHub Action"
-
-      - name: Bump helm version
-        run: |
-          # Get current version and increment it by 1
-          CURRENT_VERSION=$(grep "version:" ./charts/windmill/Chart.yaml | awk '{print $2}' | head -n 1)
-          NEW_VERSION=$(echo "$CURRENT_VERSION" | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g')
-          sed -i "s/^version: .*/version: $NEW_VERSION/" ./charts/windmill/Chart.yaml
-
-          # Get the app version from the version
-          VERSION=${{ env.VERSION }}
-          APP_VERSION=${VERSION#refs/tag/}
-          APP_VERSION=${APP_VERSION#v}
-          APP_VERSION=${APP_VERSION%/}
-          sed -i "s/appVersion: .*/appVersion: $APP_VERSION/" ./charts/windmill/Chart.yaml
-
-      - name: Close existing bump-helm PRs
-        env:
-          GH_TOKEN: ${{ steps.app.outputs.token }}
-        run: |
-          # List open PR numbers whose title starts with the prefix
-          prs=$(gh pr list \
-                  --state open \
-                  --search '"helm: bump version to" in:title' \
-                  --json number \
-                  -q '.[].number')
-
-          for pr in $prs; do
-            echo "Closing outdated bump PR #$pr"
-            gh pr close "$pr" \
-              --comment "Closed automatically – superseded by a newer Helm-chart bump PR."
-          done
-
-      - name: Commit and push
-        run: |
-          git add .
-          git commit -m "Bump helm version to ${{ env.VERSION }}"
-          git push origin bump-helm-version-${{ env.VERSION }}
-
-      - name: Create PR
-        env:
-          GH_TOKEN: ${{ steps.app.outputs.token }}
-        run: |
-          gh pr create \
-            --title "helm: bump version to ${{ env.VERSION }}" \
-            --body "This PR was auto-generated to bring the helm chart up to date for [release ${{ env.VERSION }}](https://github.com/windmill-labs/windmill/releases/tag/v${{ env.VERSION }}) in the main repo." \
-            --head bump-helm-version-${{ env.VERSION }} \
-            --base main

.github/workflows/linear-claude.yaml

@@ -1,38 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  repository_dispatch:
-    types: [external_claude_issue_fix]
-
-jobs:
-  claude-code-action:
-    runs-on: ubicloud-standard-8
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Process inputs
-        id: process_inputs
-        shell: bash
-        run: |
-          ISSUE_TITLE="${{ github.event.client_payload.issue_title }}"
-          INSTRUCTION="${{ github.event.client_payload.instruction }}"
-          ISSUE_BODY=$(printf '%q' "${{ github.event.client_payload.issue_body }}")
-          BASE_PROMPT="Try to fix the following issue based on the instruction given. You are provided with the issue title, issue body, and instruction. You are to fix the issue based on the instruction. You are to create a pull request to fix the issue."
-          CUSTOM_PROMPT=$(printf -v PROMPT "%s\n\nISSUE_TITLE: %s\n\nISSUE_BODY: %s\n\nINSTRUCTION: %s" "$BASE_PROMPT" "$ISSUE_TITLE" "$ISSUE_BODY" "$INSTRUCTION")
-          echo "CUSTOM_PROMPT=$CUSTOM_PROMPT" >> $GITHUB_OUTPUT
-
-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@beta
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          timeout_minutes: "60"
-          allowed_tools: "mcp__github__create_pull_request"
-          direct_prompt: ${{ steps.process_inputs.outputs.CUSTOM_PROMPT }}

.github/workflows/npm_on_release.yml

@@ -25,9 +25,9 @@ jobs:
         with:
           node-version: "20.x"
           registry-url: "https://registry.npmjs.org"
-      - uses: denoland/setup-deno@v2
+      - uses: denoland/setup-deno@v1
         with:
-          deno-version: v2.x
+          deno-version: v1.x
       - run: cd cli && ./build.sh && cd npm && npm publish
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/pr-ready-review.yml

@@ -1,47 +0,0 @@
-name: Claude Auto Review
-
-on:
-  pull_request:
-    types: [ready_for_review, opened]
-
-concurrency:
-  group: claude-review-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  auto-review:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false || github.event.pull_request.ready_for_review == true
-    permissions:
-      contents: read
-      pull-requests: read
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Automatic PR Review
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          track_progress: true
-          prompt: |
-            REPO: ${{ github.repository }}
-            PR NUMBER: ${{ github.event.pull_request.number }}
-
-            Please review this pull request and provide comprehensive feedback.
-
-            Focus on:
-            - Code quality and best practices
-            - Potential bugs or issues
-            - Performance considerations
-            - Security implications
-
-            Provide detailed feedback using inline comments for specific issues.
-            Use top-level comments for general observations or praise.
-
-            At the end of your review, add complete instructions to reproduce the added changes through the app interface. These instructions will be given to a tester so he can verify the changes. It should be a short descriptive text (not a step by step or a list) on how to navigate the app (what page, what action, what input, etc) to see the changes.
-          claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"

.github/workflows/publish_windows_worker.yml

@@ -32,23 +32,11 @@ jobs:
           token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
           fetch-depth: 0
 
-      - name: Setup Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.90.0
-          override: true
-
       - name: Substitute EE code
         shell: bash
         run: |
           ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
 
-      - name: Cargo build dynamic libraries windows
-        timeout-minutes: 90
-        run: |
-          cd backend/windmill-duckdb-ffi-internal
-          cargo build --release -p windmill_duckdb_ffi_internal
-
       - name: Cargo build windows
         timeout-minutes: 90
         run: |
@@ -59,7 +47,8 @@ jobs:
           $env:OPENSSL_DIR="${Env:VCPKG_INSTALLATION_ROOT}\installed\x64-windows-static"
           mkdir frontend/build && cd backend
           New-Item -Path . -Name "windmill-api/openapi-deref.yaml" -ItemType "File" -Force
-          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,license,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,mqtt_trigger,gcp_trigger,websocket,smtp,static_frontend,all_languages_windows,mcp,private
+          cargo build --release --features=enterprise,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,tantivy,deno_core
+
       - name: Rename binary with corresponding architecture
         run: |
           Rename-Item -Path ".\backend\target\release\windmill.exe" -NewName "windmill-ee.exe"
@@ -69,9 +58,3 @@ jobs:
         with:
           files: |
             ./backend/target/release/windmill-ee.exe
-
-      - name: Attach dynamic libraries to release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: |
-            ./backend/windmill-duckdb-ffi-internal/target/release/windmill_duckdb_ffi_internal.dll

.github/workflows/rust-client-check.yml

@@ -1,27 +0,0 @@
-name: Rust Client Check
-on:
-  workflow_run:
-    workflows: ["Change versions"]
-    types:
-      - completed
-  push:
-    paths:
-      - "rust-client/**"
-      - "backend/**/*.rs"
-      - "backend/windmill-api/openapi.yaml"
-      - "version.txt"
-      - "flake.nix"
-      - ".github/workflows/rust-client-check.yml"
-
-jobs:
-  check_rust_client:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v20
-        with:
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-      - name: Check rust client builds
-        run: cd rust-client && nix develop ../ --command ./dev.nu --check
-        timeout-minutes: 16

.github/workflows/rust_on_release.yml

@@ -1,19 +0,0 @@
-name: Publish rust-client to crates.io on release
-on:
-  push:
-    tags:
-      - "v*"
-  workflow_dispatch:
-
-jobs:
-  build_rust_and_publish_to_crates_io:
-    runs-on: ubicloud-standard-8
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v20
-        with:
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-      - run: cd rust-client && nix develop ../ --command ./dev.nu --check --publish 
-        env:
-          CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}

.github/workflows/shareable-discord-notification.yml

@@ -1,119 +0,0 @@
-name: "Notify Discord when a PR is opened or merged"
-
-on:
-  workflow_call:
-    inputs:
-      PR_TITLE:
-        description: "The title of the PR"
-        type: string
-      PR_URL:
-        description: "The URL of the PR"
-        type: string
-      PR_AUTHOR:
-        description: "The author of the PR"
-        type: string
-      PR_STATUS:
-        description: "The status of the PR"
-        type: string
-      DISCORD_CHANNEL_ID:
-        description: "The Discord channel ID"
-        type: string
-      PR_NUMBER:
-        description: "The number of the PR"
-        type: string
-      DISCORD_GUILD_ID:
-        description: "The Discord guild ID"
-        type: string
-    secrets:
-      DISCORD_WEBHOOK_URL:
-        description: "Discord Webhook URL"
-      DISCORD_BOT_TOKEN:
-        description: "Discord Bot Token"
-
-jobs:
-  open_thread:
-    runs-on: ubicloud-standard-2
-    if: ${{ inputs.PR_STATUS == 'opened' }}
-    steps:
-      - name: Send Discord notification and start a thread
-        env:
-          WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
-          BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          CHANNEL_ID: ${{ inputs.DISCORD_CHANNEL_ID }}
-          GUILD_ID: ${{ inputs.DISCORD_GUILD_ID }}
-          PR_TITLE: ${{ inputs.PR_TITLE }}
-          PR_NUMBER: ${{ inputs.PR_NUMBER }}
-          PR_URL: ${{ inputs.PR_URL }}
-          PR_AUTHOR: ${{ inputs.PR_AUTHOR }}
-        run: |
-          # Check if thread already exists
-          thread_exists=false
-          if threads=$(curl -s -H "Authorization: Bot $BOT_TOKEN" "https://discord.com/api/v10/guilds/${GUILD_ID}/threads/active"); then
-            if thread_id=$(echo "$threads" | jq -r --arg cid "$CHANNEL_ID" --arg pref "#${PR_NUMBER}:" '.threads[] | select(.parent_id == $cid and (.name | startswith($pref))) | .id' 2>/dev/null); then
-              if [ -n "$thread_id" ]; then
-                thread_exists=true
-                echo "Thread already exists, skipping creation"
-              fi
-            fi
-          else
-            echo "Failed to check for existing threads, will create new thread"
-          fi
-
-          # Create thread if it doesn't exist or if check failed
-          if [ "$thread_exists" = false ]; then
-            echo "Creating new thread"
-            THREAD_TITLE="#${PR_NUMBER}: ${PR_TITLE} by \`${PR_AUTHOR}\`"
-            payload=$(jq -n \
-              --arg content "${PR_URL}" \
-              --arg thread "${THREAD_TITLE:0:99}" \
-              '{
-                content: $content,
-                thread_name: $thread,
-                auto_archive_duration: 10080
-              }'
-            )
-            curl -H "Content-Type: application/json" \
-              -X POST \
-              -d "$payload" \
-              "$WEBHOOK_URL"
-          fi
-
-  merge_success_emoji:
-    runs-on: ubuntu-latest
-    if: ${{ inputs.PR_STATUS == 'merged' }}
-    steps:
-      - name: React
-        env:
-          BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          CHANNEL_ID: ${{ inputs.DISCORD_CHANNEL_ID }}
-          GUILD_ID: ${{ inputs.DISCORD_GUILD_ID }}
-          PR_NUMBER: ${{ inputs.PR_NUMBER }}
-        run: |
-          # 1) get PR thread
-          threads=$(curl -H "Authorization: Bot $BOT_TOKEN" "https://discord.com/api/v10/guilds/${GUILD_ID}/threads/active")
-          thread_id=$(
-            echo "$threads" \
-              | jq -r --arg cid "$CHANNEL_ID" \
-                    --arg pref "#${PR_NUMBER}:" \
-                '.threads[]
-                | select(.parent_id == $cid and (.name | startswith($pref)))
-                | .id'
-          )
-          if [ -z "$thread_id" ]; then
-            echo "Thread not found"
-            exit 1
-          fi
-          # 2) get the first message in that thread
-          messages=$(curl -H "Authorization: Bot $BOT_TOKEN" \
-            "https://discord.com/api/v10/channels/$thread_id/messages")
-          message_id=$(echo "$messages" | jq -r '.[-1].id')
-
-          if [ -z "$message_id" ]; then
-            echo "Message not found"
-            exit 1
-          fi
-
-          # 3) add the ✅ reaction
-          curl -X PUT \
-            -H "Authorization: Bot $BOT_TOKEN" \
-            "https://discord.com/api/v10/channels/$thread_id/messages/$message_id/reactions/%E2%9C%85/@me"

.github/workflows/sign-cla.yml

@@ -15,7 +15,7 @@ jobs:
           == 'I have read the CLA Document and I hereby sign the CLA') ||
           github.event_name == 'pull_request_target'
         # Beta Release
-        uses: cla-assistant/github-action@v2.6.1
+        uses: cla-assistant/github-action@v2.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_PAT }}

.github/workflows/validate-openapi.yml

@@ -1,34 +0,0 @@
-name: Validate OpenAPI Spec
-
-on:
-  push:
-    paths:
-      - 'backend/windmill-api/openapi*'
-  pull_request:
-    paths:
-      - 'backend/windmill-api/openapi*'
-jobs:
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Install openapi-generator-cli
-        run: npm install @openapitools/openapi-generator-cli -g
-
-      - name: Validate openapi.yaml
-        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi.yaml
-
-      - name: Validate openapi-deref.json
-        run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.json
-
-      # Does not work well with dereferenced yaml
-      # - name: Validate openapi-deref.yaml
-      #   run: npx @openapitools/openapi-generator-cli validate -i backend/windmill-api/openapi-deref.yaml
-

.github/workflows/weekly-pr-summary.yml

@@ -1,134 +0,0 @@
-name: Weekly PR Summary
-
-on:
-  schedule:
-    # Every Friday at 8:00 AM UTC
-    - cron: "0 8 * * 5"
-  workflow_dispatch:
-    # Allow manual triggering for testing
-
-jobs:
-  weekly-pr-summary:
-    runs-on: ubicloud-standard-4
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: write
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Generate Weekly PR Summary
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          prompt: |
-            REPO: ${{ github.repository }}
-
-            Generate a minimalistic weekly summary of ONLY MERGED Pull Requests from the past 7 days.
-
-            ## Your Task:
-
-            1. **Calculate Date Range**:
-               - Run: `CUTOFF_DATE=$(date --date='7 days ago' --iso-8601)`
-               - Run: `TODAY=$(date --iso-8601)`
-               - This gives you the exact 7-day window (store these in variables for use in commands)
-
-            2. **Fetch ONLY Merged PRs from Past Week**:
-               - Command: `gh pr list --repo ${{ github.repository }} --state merged --search "merged:>=$CUTOFF_DATE" --limit 100 --json number,title,author,mergedAt,url`
-               - This returns ONLY PRs that were merged in the last 7 days
-               - The --search flag filters by merge date using GitHub's search syntax
-               - **FILTER OUT** any PRs with titles starting with "chore: release" or "chore(release)"
-
-            3. **Gather Details**: For each merged PR, include:
-               - PR title (NO links)
-               - Author (extract login from author.login in JSON)
-               - Brief summary: Use `gh pr view <number> --json body` to get PR description, then extract first paragraph or key points (1-2 sentences max)
-
-            4. **Character Limit Enforcement**:
-               - The final summary MUST be under 6000 characters
-               - Sort PRs by importance (breaking changes > features > bugfixes > other)
-               - If the summary exceeds 6000 characters, include only the most important PRs and add at the end: "and X more PRs" where X is the count of omitted PRs
-
-            5. **Save Summary to Markdown File**: Write the summary to a file for webhook delivery:
-               - Save the complete formatted markdown to: `summary.md`
-               - Do not commit the file to the repository
-
-            ## Output Format:
-
-            ```markdown
-            📊 Week of [Start Date] to [End Date]
-
-            **Total PRs Merged**: X
-
-            **[PR Title]**
-            Author: @username
-            [1-2 sentence description from PR body]
-
-            [Repeat for each merged PR, sorted by importance]
-
-            and X more PRs
-            ```
-
-            ## Important Notes:
-            - **CRITICAL**: ONLY include PRs with state "merged" from the last 7 days
-            - **CRITICAL**: EXCLUDE all PRs with titles starting with "chore: release" or "chore(release)"
-            - **CRITICAL**: Total character count MUST be under 6000 characters
-            - Use minimal spacing - single line breaks between PRs
-            - NO markdown headers (###, ##) - only bold text for titles
-            - NO links to PRs
-            - NO merged date in output
-            - Use GitHub CLI (`gh`) for all operations
-            - Sort PRs by importance: breaking changes > features > bugfixes > other
-            - If a PR has no description, write "(No description provided)"
-            - Extract meaningful summary from PR body - look for the first paragraph or key bullet points
-            - Parse JSON responses carefully using `jq` or similar tools
-            - If summary exceeds 6000 chars, truncate less important PRs and add "and X more PRs" at the end
-
-            ## Saving the Markdown Output:
-            After generating the markdown summary, save it to a file, BUT DO NOT COMMIT IT TO THE REPOSITORY.
-
-            ## Write Tool Fallback:
-            - First, attempt to use the Write tool to create `summary.md` with the markdown content
-            - If the Write tool returns ANY error or fails:
-              1. Use the Bash tool with the `echo` command instead
-              2. Use a heredoc to write the content: `cat > summary.md << 'EOF'` followed by your markdown content and `EOF` on a new line
-              3. Example: `cat > summary.md << 'EOF'\n[your markdown content here]\nEOF`
-              4. This ensures the file is always created regardless of Write tool issues
-            - Verify the file was created by running: `ls -lh summary.md`
-          claude_args: |
-            --allowedTools "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash"
-
-      - name: Send Summary to Windmill
-        if: hashFiles('summary.md') != ''
-        env:
-          WEEKLY_SUMMARY_TOKEN: ${{ secrets.WEEKLY_SUMMARY_TOKEN }}
-        run: |
-          if [[ -f "summary.md" ]]; then
-            echo "Found summary.md, sending to Windmill..."
-
-            # Read the markdown content
-            MARKDOWN_CONTENT=$(cat summary.md)
-
-            # Create JSON payload
-            PAYLOAD=$(jq -n --arg markdown "$MARKDOWN_CONTENT" '{markdown: $markdown}')
-
-            # Send to Windmill webhook
-            RESULT=$(curl -s \
-              -H 'Content-Type: application/json' \
-              -H "Authorization: Bearer $WEEKLY_SUMMARY_TOKEN" \
-              -X POST \
-              -d "$PAYLOAD" \
-              'https://app.windmill.dev/api/w/windmill-labs/jobs/run/f/f/ai/send_past_week_pr_summaries_to_discord')
-
-            echo "Windmill response:"
-            echo -E "$RESULT"
-            echo "✅ Summary sent successfully to Windmill!"
-          else
-            echo "⚠️ Warning: summary.md not found, skipping delivery"
-            exit 1
-          fi

.gitignore

@@ -7,9 +7,3 @@ CaddyfileRemoteMalo
 *.swp
 **/.idea/
 .direnv
-/.vscode
-.dev-docker-wrapper*
-backend/.minio-data
-.aider*
-!.aiderignore
-rust-client/Cargo.toml

.mcp.json

@@ -1,8 +0,0 @@
-{
-  "mcpServers": {
-    "svelte": {
-      "type": "http",
-      "url": "https://mcp.svelte.dev/mcp"
-    }
-  }
-}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "python.analysis.typeCheckingMode": "basic"
+}

CLAUDE.md

@@ -1,21 +0,0 @@
-# Windmill Development Guide
-
-## Overview
-
-Windmill is an open-source developer platform for building internal tools, workflows, API integrations, background jobs, workflows, and user interfaces. See @windmill-overview.mdc for full platform details.
-
-## New Feature Implementation Guidelines
-
-When implementing new features in Windmill, follow these best practices:
-
-- **Clean Code First**: Write clean, readable, and maintainable code. Prioritize clarity over cleverness.
-- **Avoid Duplication at All Costs**: Before writing new code, thoroughly search for existing implementations that can be reused or extended.
-- **Adapt Existing Code**: Refactor and generalize existing code when necessary to avoid logic duplication. Extract common patterns into reusable utilities.
-- **Follow Established Patterns**: Study existing code patterns in the codebase and maintain consistency with established conventions.
-- **Single Responsibility**: Each function, component, and module should have a single, well-defined responsibility.
-- **Incremental Implementation**: Break large features into smaller, reviewable chunks that can be implemented and tested incrementally.
-
-## Language-Specific Guides
-
-- Backend (Rust): @backend/rust-best-practices.mdc + @backend/summarized_schema.txt
-- Frontend (Svelte 5): @frontend/svelte5-best-practices.mdc

Caddyfile

@@ -12,7 +12,7 @@
         bind {$ADDRESS}
         reverse_proxy /ws/* http://lsp:3001
         # reverse_proxy /ws_mp/* http://multiplayer:3002
-        # reverse_proxy /api/srch/* http://windmill_indexer:8002
+        # reverse_proxy /api/srch/* http://windmill_indexer:8001
         reverse_proxy /* http://windmill_server:8000
         # tls /certs/cert.pem /certs/key.pem
 }

Dockerfile

@@ -1,15 +1,6 @@
 ARG DEBIAN_IMAGE=debian:bookworm-slim
-ARG RUST_IMAGE=rust:1.90-slim-bookworm
-
-# Build libwindmill_duckdb_ffi_internal.so separately
-FROM ${RUST_IMAGE} AS windmill_duckdb_ffi_internal_builder
-
-WORKDIR /windmill-duckdb-ffi-internal
-RUN apt-get update && apt-get install -y pkg-config clang=1:14.0-55.* libclang-dev=1:14.0-55.* cmake=3.25.* && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-COPY ./backend/windmill-duckdb-ffi-internal .
-RUN cargo build --release -p windmill_duckdb_ffi_internal
+ARG RUST_IMAGE=rust:1.80-slim-bookworm
+ARG PYTHON_IMAGE=python:3.11.10-slim-bookworm
 
 FROM ${RUST_IMAGE} AS rust_base
 
@@ -21,7 +12,7 @@ RUN apt-get -y update \
 
 RUN rustup component add rustfmt
 
-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version 0.1.68
+RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version ^0.1
 RUN cargo install sccache --version ^0.8
 ENV RUSTC_WRAPPER=sccache SCCACHE_DIR=/backend/sccache
 
@@ -30,12 +21,11 @@ WORKDIR /windmill
 ENV SQLX_OFFLINE=true
 # ENV CARGO_INCREMENTAL=1
 
-FROM node:24-alpine as frontend
+FROM node:20-alpine as frontend
 
 # install dependencies
 WORKDIR /frontend
 COPY ./frontend/package.json ./frontend/package-lock.json ./
-COPY ./frontend/scripts/ ./scripts/
 RUN npm ci
 
 # Copy all local files into the image.
@@ -48,13 +38,10 @@ COPY /backend/windmill-api/build_openapi.sh /backend/windmill-api/build_openapi.
 RUN cd /backend/windmill-api && . ./build_openapi.sh
 COPY /backend/parsers/windmill-parser-wasm/pkg/ /backend/parsers/windmill-parser-wasm/pkg/
 COPY /typescript-client/docs/ /frontend/static/tsdocs/
-COPY /python-client/docs/ /frontend/static/pydocs/
 
 RUN npm run generate-backend-client
 ENV NODE_OPTIONS "--max-old-space-size=8192"
 ARG VITE_BASE_URL ""
-# Read more about macro in docker/dev.nu
-# -- MACRO-SPREAD-WASM-PARSER-DEV-ONLY -- # 
 RUN npm run build
 
 
@@ -93,34 +80,25 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
     --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \
     CARGO_NET_GIT_FETCH_WITH_CLI=true cargo build --release --features "$features"
 
-FROM ${DEBIAN_IMAGE}
+
+FROM ${PYTHON_IMAGE}
 
 ARG TARGETPLATFORM
-ARG POWERSHELL_VERSION=7.5.0
-ARG POWERSHELL_DEB_VERSION=7.5.0-1
+ARG POWERSHELL_VERSION=7.3.5
+ARG POWERSHELL_DEB_VERSION=7.3.5-1
 ARG KUBECTL_VERSION=1.28.7
 ARG HELM_VERSION=3.14.3
-ARG GO_VERSION=1.25.0
+ARG GO_VERSION=1.22.5
 ARG APP=/usr/src/app
 ARG WITH_POWERSHELL=true
 ARG WITH_KUBECTL=true
 ARG WITH_HELM=true
 ARG WITH_GIT=true
 
-# To change latest stable version:
-# 1. Change placeholder in instanceSettings.ts
-# 2. Change LATEST_STABLE_PY in dockerfile
-# 3. Change #[default] annotation for PyVersion in backend
-ARG LATEST_STABLE_PY=3.11.10
-ENV UV_PYTHON_INSTALL_DIR=/tmp/windmill/cache/py_runtime
-ENV UV_PYTHON_PREFERENCE=only-managed
-ENV UV_TOOL_BIN_DIR=/usr/local/bin
-
-ENV PATH /usr/local/bin:/root/.local/bin:$PATH
-
+RUN pip install --upgrade pip==24.2
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends netbase tzdata ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1  software-properties-common \
+    && apt-get install -y ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1  software-properties-common \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
@@ -181,14 +159,7 @@ ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go
 
 # Install UV
-RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.6.2/uv-installer.sh | sh && mv /root/.local/bin/uv /usr/local/bin/uv
-
-# Preinstall python runtimes
-RUN uv python install 3.11
-RUN uv python install $LATEST_STABLE_PY
-
-RUN uv venv
-
+RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.18/uv-installer.sh | sh && mv /root/.cargo/bin/uv /usr/local/bin/uv
 
 RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - 
 RUN apt-get -y update && apt-get install -y curl procps nodejs awscli && apt-get clean \
@@ -199,13 +170,14 @@ RUN mkdir -p /tmp/gobuildwarm && cd /tmp/gobuildwarm && go mod init gobuildwarm
 
 ENV TZ=Etc/UTC
 
+RUN /usr/local/bin/python3 -m pip install pip-tools
+
 COPY --from=builder /frontend/build /static_frontend
 COPY --from=builder /windmill/target/release/windmill ${APP}/windmill
-COPY --from=windmill_duckdb_ffi_internal_builder /windmill-duckdb-ffi-internal/target/release/libwindmill_duckdb_ffi_internal.so ${APP}/libwindmill_duckdb_ffi_internal.so
 
-COPY --from=denoland/deno:2.2.1 --chmod=755 /usr/bin/deno /usr/bin/deno
+COPY --from=denoland/deno:2.0.4 --chmod=755 /usr/bin/deno /usr/bin/deno
 
-COPY --from=oven/bun:1.2.23 /usr/local/bin/bun /usr/bin/bun
+COPY --from=oven/bun:1.1.34 /usr/local/bin/bun /usr/bin/bun
 
 COPY --from=php:8.3.7-cli /usr/local/bin/php /usr/bin/php
 COPY --from=composer:2.7.6 /usr/bin/composer /usr/bin/composer
@@ -215,7 +187,6 @@ COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
 
 ENV RUSTUP_HOME="/usr/local/rustup"
 ENV CARGO_HOME="/usr/local/cargo"
-ENV LD_LIBRARY_PATH="."
 
 WORKDIR ${APP}
 
@@ -225,22 +196,6 @@ COPY ./frontend/src/lib/hubPaths.json ${APP}/hubPaths.json
 
 RUN windmill cache ${APP}/hubPaths.json && rm ${APP}/hubPaths.json && chmod -R 777 /tmp/windmill
 
-# Create a non-root user 'windmill' with UID and GID 1000
-RUN addgroup --gid 1000 windmill && \
-    adduser --disabled-password --gecos "" --uid 1000 --gid 1000 windmill
-
-RUN cp -r /root/.cache /home/windmill/.cache
-
-RUN mkdir -p /tmp/windmill/logs && \
-    mkdir -p /tmp/windmill/search
-
-# Make directories world-readable and writable
-RUN chmod -R 777 ${APP} && \
-     chmod -R 777 /tmp/windmill && \
-     chmod -R 777 /home/windmill/.cache
-
-USER root
-
 EXPOSE 8000
 
 CMD ["windmill"]

LICENSE

@@ -1,6 +1,6 @@
 Source code in this repository is variously licensed under the Apache License
 Version 2.0 (see file ./LICENSE-APACHE), or the AGPLv3 License (see file
-./LICENSE-AGPL) and a proprietary license for certain enterprise features.
+./LICENSE-AGPL)
 
 Every file is under copyright (c) Windmill Labs, Inc 2022 unless otherwise
 specified. Every file is under License AGPL unless otherwise specified or
@@ -12,23 +12,11 @@ and commercial license. The files under frontend/ are AGPLv3 Licensed, except
 any snippets of code that require a positive license check to be activated.
 Those snippets and files are under a proprietary and commercial license. Private
 and public forks MUST not include any of the above proprietary and commercial
-code. The files under python-client/ deno-client/ go-client/ powershell-client/
-are Apache 2.0 Licensed. The openapi files, including the OpenFlow spec is
+code. Windmill Labs, Inc. provide tools to clean the codebase from those
+snippets upon demand. The files under python-client/ deno-client/ go-client/ powershell-client/ are
 Apache 2.0 Licensed.
 
-The binary compilable from source code in this repository without the
-"enterprise" feature flag is open-source under the AGPLv3 License terms and
-conditions.
-
-The "Community Edition" of Windmill available in the docker images hosted under
-ghcr.io/windmill-labs/windmill and the github binary releases contains the files
-under the AGPLv3 and Apache 2 sources but also includes proprietary and
-non-public code and features which are not open source and under the following
-terms: Windmill Labs, Inc. grants a right to use all the features of the
-"Community Edition" for free without restrictions other than the limits and
-quotas set in the software and a right to distribute the community edition as is
-but not to sell, resell, serve as a managed service, modify or wrap under any
-form without an explicit agreement.
+The openapi files, including the OpenFlow spec is Apache 2.0 Licensed.
 
 All third party components incorporated into the Windmill Software are licensed
 under the original license provided by the owner of the applicable component.

README.md

@@ -110,8 +110,8 @@ You can build your entire infra on top of Windmill!
 
 ```typescript
 //import any dependency  from npm
-import * as wmill from "windmill-client";
-import * as cowsay from "cowsay@1.5.0";
+import * as wmill from "windmill-client"
+import * as cowsay from 'cowsay@1.5.0';
 
 // fill the type, or use the +Resource type to get a type-safe reference to a resource
 type Postgresql = {
@@ -146,9 +146,7 @@ export async function main(
 
 ## CLI
 
-We have a powerful CLI to interact with the windmill platform and sync your
-scripts from local files, GitHub repos and to run scripts and flows on the
-instance from local commands. See
+We have a powerful CLI to interact with the windmill platform and sync your scripts from local files, GitHub repos and to run scripts and flows on the instance from local commands. See
 [more details](https://www.windmill.dev/docs/advanced/cli).
 
 ![CLI Screencast](./cli/vhs/output/setup.gif)
@@ -170,8 +168,7 @@ Code extension: <https://www.windmill.dev/docs/cli_local_dev/vscode-extension>.
   Architecture:
   - Stateless API backend.
   - Workers that pull jobs from a queue in Postgres (and later, Kafka or Redis.
-    Upvote [#173](#https://github.com/windmill-labs/windmill/issues/173) if
-    interested).
+    Upvote [#173](#https://github.com/windmill-labs/windmill/issues/173) if interested).
 - Frontend in Svelte.
 - Scripts executions are sandboxed using Google's
   [nsjail](https://github.com/google/nsjail).
@@ -287,37 +284,22 @@ edition.
 
 ### Commercial license
 
-See the [LICENSE](https://github.com/windmill-labs/windmill/blob/main/LICENSE)
-file for the full license text.
-
-The "Community Edition" of Windmill available in the docker images hosted under
-ghcr.io/windmill-labs/windmill and the github binary releases contains the files
-under the AGPLv3 and Apache 2 sources but also includes proprietary and
-non-public code and features which are not open source and under the following
-terms: Windmill Labs, Inc. grants a right to use all the features of the
-"Community Edition" for free without restrictions other than the limits and
-quotas set in the software and a right to distribute the community edition as is
-but not to sell, resell, serve Windmill as a managed service, modify or wrap
-under any form without an explicit agreement.
-
-The binary compilable from source code in this repository without the
-"enterprise" feature flag is open-source under the
-[LICENSE-AGPLv3](https://github.com/windmill-labs/windmill/blob/main/LICENSE-AGPL)
-License terms and conditions.
+To self-host Windmill, you must respect the terms of the
+[AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html) which you do not
+need to worry about for personal uses. For business uses, you should be fine if
+you do not re-expose Windmill in any way to your users and are comfortable with
+AGPLv3.
 
 To
-[re-expose directly any Windmill parts to your users](https://www.windmill.dev/docs/misc/white_labelling)
-as a feature of your product, with the exception of iframed public Windmill
-"apps", or to build a feature on top of "Windmill Community Edition" that you
-sell commercially or embed in a distributable product or binary, you must get a
-commercial license. Contact us at <sales@windmill.dev> if you have any
-questions. To do the same from the binary compiled from the source code in this
-repository without the "enterprise" feature flag, you must comply with the
-AGPLv3 license terms and conditions or get a commercial license from Windmill
-Labs, Inc.
+[re-expose any Windmill parts to your users](https://www.windmill.dev/docs/misc/white_labelling)
+as a feature of your product, or to build a feature on top of Windmill, to
+comply with AGPLv3 your product must be AGPLv3 or you must get a commercial
+license. Contact us at <ruben@windmill.dev> if you have any doubts.
 
-To use Windmill "Community Edition" as is internally in your organization, or to
-use its APIs as is, you do NOT need a commercial license.
+In addition, a commercial license grants you a dedicated engineer to transition
+your current infrastructure to Windmill, support with tight SLA, and our global
+cache sync for high-performance/no dependency cache miss of cluster from 10+
+nodes to 200+ nodes.
 
 ### Integrations
 
@@ -332,94 +314,92 @@ you to have it being synced automatically everyday.
 
 ## Environment Variables
 
-| Environment Variable name           | Default                          | Description                                                                                                                                                                                        | Api Server/Worker/All |
-| ----------------------------------- | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
-| DATABASE_URL                        |                                  | The Postgres database url.                                                                                                                                                                         | All                   |
-| WORKER_GROUP                        | default                          | The worker group the worker belongs to and get its configuration pulled from                                                                                                                       | Worker                |
-| MODE                                | standalone                       | The mode if the binary. Possible values: standalone, worker, server, agent                                                                                                                         | All                   |
-| METRICS_ADDR                        | None                             | (ee only) The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001                                                                      | All                   |
-| JSON_FMT                            | false                            | Output the logs in json format instead of logfmt                                                                                                                                                   | All                   |
-| BASE_URL                            | http://localhost:8000            | The base url that is exposed publicly to access your instance. Is overriden by the instance settings if any.                                                                                       | Server                |
-| ZOMBIE_JOB_TIMEOUT                  | 30                               | The timeout after which a job is considered to be zombie if the worker did not send pings about processing the job (every server check for zombie jobs every 30s)                                  | Server                |
-| RESTART_ZOMBIE_JOBS                 | true                             | If true then a zombie job is restarted (in-place with the same uuid and some logs), if false the zombie job is failed                                                                              | Server                |
-| SLEEP_QUEUE                         | 50                               | The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms. | Worker                |
-| KEEP_JOB_DIR                        | false                            | Keep the job directory after the job is done. Useful for debugging.                                                                                                                                | Worker                |
-| LICENSE_KEY (EE only)               | None                             | License key checked at startup for the Enterprise Edition of Windmill                                                                                                                              | Worker                |
-| SLACK_SIGNING_SECRET                | None                             | The signing secret of your Slack app. See [Slack documentation](https://api.slack.com/authentication/verifying-requests-from-slack)                                                                | Server                |
-| COOKIE_DOMAIN                       | None                             | The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin                                                                                               | Server                |
-| DENO_PATH                           | /usr/bin/deno                    | The path to the deno binary.                                                                                                                                                                       | Worker                |
-| PYTHON_PATH                         |                                  | The path to the python binary if wanting to not have it managed by uv.                                                                                                                             | Worker                |
-| GO_PATH                             | /usr/bin/go                      | The path to the go binary.                                                                                                                                                                         | Worker                |
-| GOPRIVATE                           |                                  | The GOPRIVATE env variable to use private go modules                                                                                                                                               | Worker                |
-| GOPROXY                             |                                  | The GOPROXY env variable to use                                                                                                                                                                    | Worker                |
-| NETRC                               |                                  | The netrc content to use a private go registry                                                                                                                                                     | Worker                |
-| PY_CONCURRENT_DOWNLOADS             | 20                               | Sets the maximum number of in-flight concurrent python downloads that windmill will perform at any given time.                                                                                     | Worker                |
-| PATH                                | None                             | The path environment variable, usually inherited                                                                                                                                                   | Worker                |
-| HOME                                | None                             | The home directory to use for Go and Bash , usually inherited                                                                                                                                      | Worker                |
-| DATABASE_CONNECTIONS                | 50 (Server)/3 (Worker)           | The max number of connections in the database connection pool                                                                                                                                      | All                   |
-| SUPERADMIN_SECRET                   | None                             | A token that would let the caller act as a virtual superadmin superadmin@windmill.dev                                                                                                              | Server                |
-| TIMEOUT_WAIT_RESULT                 | 20                               | The number of seconds to wait before timeout on the 'run_wait_result' endpoint                                                                                                                     | Worker                |
-| QUEUE_LIMIT_WAIT_RESULT             | None                             | The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.           | Worker                |
-| DENO_AUTH_TOKENS                    | None                             | Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules                                                                                                                      | Worker                |
-| DISABLE_RESPONSE_LOGS               | false                            | Disable response logs                                                                                                                                                                              | Server                |
-| CREATE_WORKSPACE_REQUIRE_SUPERADMIN | true                             | If true, only superadmins can create new workspaces                                                                                                                                                | Server                |
-| MIN_FREE_DISK_SPACE_MB              | 15000                            | Minimum amount of free space on worker. Sends critical alert if worker has less free space.                                                                                                        | Worker                |
-| RUN_UPDATE_CA_CERTIFICATE_AT_START  | false                            | If true, runs CA certificate update command at startup before other initialization                                                                                                                 | All                   |
-| RUN_UPDATE_CA_CERTIFICATE_PATH      | /usr/sbin/update-ca-certificates | Path to the CA certificate update command/script to run when RUN_UPDATE_CA_CERTIFICATE_AT_START is true                                                                                            | All                   |
+| Environment Variable name | Default                | Description                                                                                                                                                                                        | Api Server/Worker/All |
+| ------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
+| DATABASE_URL              |                        | The Postgres database url.                                                                                                                                                                         | All                   |
+| WORKER_GROUP              | default                | The worker group the worker belongs to and get its configuration pulled from                                                                                                                       | Worker                |
+| MODE                      | standalone             | The mode if the binary. Possible values: standalone, worker, server                                                                                                                                | All                   |
+| METRICS_ADDR              | None                   | (ee only) The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001                                                                      | All                   |
+| JSON_FMT                  | false                  | Output the logs in json format instead of logfmt                                                                                                                                                   | All                   |
+| BASE_URL                  | http://localhost:8000  | The base url that is exposed publicly to access your instance. Is overriden by the instance settings if any.                                                                                       | Server                |
+| SCRIPT_TOKEN_EXPIRY       | 900                    | The default duration period of the ephemeral-token generated at the beginning of a script                                                                                                          | Worker                |
+| ZOMBIE_JOB_TIMEOUT        | 30                     | The timeout after which a job is considered to be zombie if the worker did not send pings about processing the job (every server check for zombie jobs every 30s)                                  | Server                |
+| RESTART_ZOMBIE_JOBS       | true                   | If true then a zombie job is restarted (in-place with the same uuid and some logs), if false the zombie job is failed                                                                              | Server                |
+| SLEEP_QUEUE               | 50                     | The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms. | Worker                |
+| MAX_LOG_SIZE              | 500000                 | The maximum number of characters a job can emit (log + result)                                                                                                                                     | Worker                |
+| DISABLE_NUSER             | false                  | If Nsjail is enabled, disable the nsjail's `clone_newuser` setting                                                                                                                                 | Worker                |
+| KEEP_JOB_DIR              | false                  | Keep the job directory after the job is done. Useful for debugging.                                                                                                                                | Worker                |
+| LICENSE_KEY (EE only)     | None                   | License key checked at startup for the Enterprise Edition of Windmill                                                                                                                              | Worker                |
+| S3_CACHE_BUCKET (EE only) | None                   | The S3 bucket to sync the cache of the workers to                                                                                                                                                  | Worker                |
+| SLACK_SIGNING_SECRET      | None                   | The signing secret of your Slack app. See [Slack documentation](https://api.slack.com/authentication/verifying-requests-from-slack)                                                                | Server                |
+| COOKIE_DOMAIN             | None                   | The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin                                                                                               | Server                |
+| DENO_PATH                 | /usr/bin/deno          | The path to the deno binary.                                                                                                                                                                       | Worker                |
+| PYTHON_PATH               | /usr/local/bin/python3 | The path to the python binary.                                                                                                                                                                     | Worker                |
+| GO_PATH                   | /usr/bin/go            | The path to the go binary.                                                                                                                                                                         | Worker                |
+| GOPRIVATE                 |                        | The GOPRIVATE env variable to use private go modules                                                                                                                                               | Worker                |
+| GOPROXY                   |                        | The GOPROXY env variable to use                                                                                                                                                                    | Worker                |
+| NETRC                     |                        | The netrc content to use a private go registry                                                                                                                                                     | Worker                |
+| PIP_INDEX_URL             | None                   | The index url to pass for pip.                                                                                                                                                                     | Worker                |
+| PIP_EXTRA_INDEX_URL       | None                   | The extra index url to pass to pip.                                                                                                                                                                | Worker                |
+| PIP_TRUSTED_HOST          | None                   | The trusted host to pass to pip.                                                                                                                                                                   | Worker                |
+| PATH                      | None                   | The path environment variable, usually inherited                                                                                                                                                   | Worker                |
+| HOME                      | None                   | The home directory to use for Go and Bash , usually inherited                                                                                                                                      | Worker                |
+| DATABASE_CONNECTIONS      | 50 (Server)/3 (Worker) | The max number of connections in the database connection pool                                                                                                                                      | All                   |
+| SUPERADMIN_SECRET         | None                   | A token that would let the caller act as a virtual superadmin superadmin@windmill.dev                                                                                                              | Server                |
+| TIMEOUT_WAIT_RESULT       | 20                     | The number of seconds to wait before timeout on the 'run_wait_result' endpoint                                                                                                                     | Worker                |
+| QUEUE_LIMIT_WAIT_RESULT   | None                   | The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.           | Worker                |
+| DENO_AUTH_TOKENS          | None                   | Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules                                                                                                                      | Worker                |
+| DISABLE_RESPONSE_LOGS          | false                   | Disable response logs                                                   | Server                |
 
 ## Run a local dev setup
-
-Using [Nix](./frontend/README_DEV.md#nix) (Recommended).
-
 See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
 running options.
 
-### only Frontend
+Using [Nix](./frontend/README_DEV.md#nix).
 
+### only Frontend
 This will use the backend of <https://app.windmill.dev> but your own frontend
-with hot-code reloading. Note that you will need to use a username / password
-login due to CSRF checks using a different auth provider.
+with hot-code reloading. Note that you will need to use a username / password login due to CSRF checks using a different auth provider.
 
 In the `frontend/` directory:
 
 1. install the dependencies with `npm install` (or `pnpm install` or `yarn`)
 2. generate the windmill client:
-
-```
-npm run generate-backend-client
-## on mac use
-npm run generate-backend-client-mac
-```
-
+  ```
+  npm run generate-backend-client
+  ## on mac use
+  npm run generate-backend-client-mac
+  ```
 3. Run your dev server with `npm run dev`
 4. Et voilà, windmill should be available at `http://localhost/`
 
 ### Backend + Frontend
-
 See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
 running options.
-
-1. Start a local Postgres database using for instance the `start-dev-db.sh` script which will make a database available at `postgres://postgres:changeme@localhost:5432/windmill`
-   Then run the migrations using the following command:
-   ```
+1. Create a Postgres Database for Windmill and create an admin role inside your
+   Postgres setup.
+   The easiest way to get a working db is to run
+	```
    cargo install sqlx-cli
    env DATABASE_URL=<YOUR_DATABASE_URL> sqlx migrate run
-   ```
-   This will also avoid compile time issue with sqlx's `query!` macro.
-2. (optional, linux only) Install [nsjail](https://github.com/google/nsjail) and have it accessible in
+	```
+   This will also avoid compile time issue with sqlx's `query!` macro
+2. Install [nsjail](https://github.com/google/nsjail) and have it accessible in
    your PATH
-3. Install bun, deno and python3 (+ any languages you want to use), have the bins at `/usr/bin/bun`,`/usr/bin/deno`, and
-   `/usr/local/bin/python3` or set the corresponding environment variables.
-4. (optional) Install the [lld linker](https://lld.llvm.org/)
-5. Go to `frontend/`:
-   1. `npm install`, `npm run generate-backend-client` then `REMOTE=http://localhost:8000 npm run dev`
-   2. You might need to set some extra heap space for the node runtime
-      `export NODE_OPTIONS="--max-old-space-size=4096"`
-   3. Create an empty `frontend/build` folder using `mkdir frontend/build`
-6. Go to `backend/`:
-   1. `env DATABASE_URL=<YOUR_DATABASE_URL> RUST_LOG=info cargo run`
-   2. You can specify any feature flag you want to enable, for example `cargo run --features python` to enable the python executor.
-7. Et voilà, windmill should be available at `http://localhost:3000`
+3. Install deno and python3, have the bins at `/usr/bin/deno` and
+   `/usr/local/bin/python3`
+4. Install [caddy](https://caddyserver.com)
+5. Install the [lld linker](https://lld.llvm.org/)
+6. Go to `frontend/`:
+   1. `npm install`, `npm run generate-backend-client` then `npm run dev`
+   2. You might need to set some extra heap space for the node runtime `export NODE_OPTIONS="--max-old-space-size=4096"`
+   3. In another shell `npm run build` otherwise the backend will not find the `frontend/build` folder and will not compile.
+   4. In another shell `sudo caddy run --config Caddyfile`
+7. Go to `backend/`:
+   `env DATABASE_URL=<DATABASE_URL_TO_YOUR_WINDMILL_DB> RUST_LOG=info cargo run`
+8. Et voilà, windmill should be available at `http://localhost/`
+
+
 
 ## Contributors
 
@@ -429,4 +409,4 @@ running options.
 
 ## Copyright
 
-Windmill Labs, Inc 2023
+Windmill Labs, Inc 2023

backend/.cargo/config.toml

@@ -5,12 +5,10 @@ incremental = true
 rustflags = [
     "-C", "link-arg=-undefined",
     "-C", "link-arg=dynamic_lookup",
-    "-C", "link-args=-Wl,-rpath,$ORIGIN/"
 ]
 
 [target.aarch64-apple-darwin]
 rustflags = [
     "-C", "link-arg=-undefined",
     "-C", "link-arg=dynamic_lookup",
-    "-C", "link-args=-Wl,-rpath,$ORIGIN/"
 ]

backend/.gitignore

@@ -2,12 +2,7 @@ target/
 .env
 oauth.json
 oauth2.json
+windmill-api/openapi-deref.yaml
 tracing.folded
 heaptrack*
 index/
-windmill-api/openapi-*.*
-.duckdb/*
-*ee.rs
-generate_mcp_endpoints_tools/venv
-bacon.toml
-libwindmill_duckdb_ffi_internal.so

backend/.ignore

@@ -1 +0,0 @@
-!*ee.rs

backend/.sqlx/query-00588a40dde5189ac1c61505f17acb0f4c244c60477427505bf5bd1b104d3bf9.json

@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE alerts SET acknowledged_workspace = true, acknowledged = true WHERE workspace_id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "00588a40dde5189ac1c61505f17acb0f4c244c60477427505bf5bd1b104d3bf9"
-}

backend/.sqlx/query-00b9f392a5cc07bd4ed14e3b69f96408e219d70015dd2f419fc87a440f070c64.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO dependency_map (workspace_id, importer_path, importer_kind, imported_path, importer_node_id)\n         SELECT $1, importer_path, importer_kind, imported_path, importer_node_id\n         FROM dependency_map\n         WHERE workspace_id = $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "00b9f392a5cc07bd4ed14e3b69f96408e219d70015dd2f419fc87a440f070c64"
-}

backend/.sqlx/query-00c0ae12b19ba495f307f0ce6b4833947c5b3fe45826fc5468e326d171d95236.json

@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT f.path\n                FROM workspace_runnable_dependencies wru \n                JOIN flow f\n                    ON wru.flow_path = f.path AND wru.workspace_id = f.workspace_id\n                WHERE wru.runnable_path = $1 AND wru.runnable_is_flow = $2 AND wru.workspace_id = $3",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "path",
-        "type_info": "Varchar"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Bool",
-        "Text"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "00c0ae12b19ba495f307f0ce6b4833947c5b3fe45826fc5468e326d171d95236"
-}

backend/.sqlx/query-00c4a602aa6a50f2f922851ce63b5216e915c7649698687a00d47da55c70349f.json

@@ -1,40 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        DELETE\n        FROM parallel_monitor_lock\n        WHERE last_ping IS NOT NULL AND last_ping < NOW() - ($1 || ' seconds')::interval\n        RETURNING parent_flow_id, job_id, last_ping, (SELECT workspace_id FROM v2_job_queue q\n            WHERE q.id = parent_flow_id AND q.running = true AND q.canceled_by IS NULL\n        ) AS workspace_id\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "parent_flow_id",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 1,
-        "name": "job_id",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 2,
-        "name": "last_ping",
-        "type_info": "Timestamptz"
-      },
-      {
-        "ordinal": 3,
-        "name": "workspace_id",
-        "type_info": "Varchar"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      false,
-      false,
-      true,
-      null
-    ]
-  },
-  "hash": "00c4a602aa6a50f2f922851ce63b5216e915c7649698687a00d47da55c70349f"
-}

backend/.sqlx/query-00e63eab76d26e148b77e932848de74e8b0943d30481465da453942e299a128f.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO metrics (id, value)\n                        VALUES ($1, to_jsonb((\n                            SELECT EXTRACT(EPOCH FROM now() - scheduled_for)\n                            FROM v2_job_queue\n                            WHERE tag = $2 AND running = false AND scheduled_for <= now() - ('3 seconds')::interval\n                            ORDER BY priority DESC NULLS LAST, scheduled_for LIMIT 1\n                        )))",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "00e63eab76d26e148b77e932848de74e8b0943d30481465da453942e299a128f"
-}

backend/.sqlx/query-01050e7057f3d1971ad9e47ac83bf6a3c3c9f41689c3607f0b264437ae6b3324.json

@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT data FROM app_bundles WHERE app_version_id = $1 AND file_type = $2 AND w_id = $3",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "data",
-        "type_info": "Bytea"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Int8",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "01050e7057f3d1971ad9e47ac83bf6a3c3c9f41689c3607f0b264437ae6b3324"
-}

backend/.sqlx/query-01755585cd3f6e100a66da331720286cbc09d4abf2926146b24a8c95cf21e5c8.json

@@ -1,17 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO workspace_runnable_dependencies (app_path, runnable_path, runnable_is_flow, workspace_id) VALUES ($1, $2, $3, $4) ON CONFLICT DO NOTHING",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "01755585cd3f6e100a66da331720286cbc09d4abf2926146b24a8c95cf21e5c8"
-}

backend/.sqlx/query-019100d178129340a7c35d60ab61f983c8a9cb810db4369554bf26c6b0d6003d.json

@@ -1,28 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT\n                    id As \"id!\",\n                    flow_status->'restarted_from'->'flow_job_id' AS \"restarted_from: Json<Uuid>\"\n                FROM v2_job_status\n                WHERE COALESCE((SELECT flow_innermost_root_job FROM v2_job WHERE id = $1), $1) = id",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "id!",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 1,
-        "name": "restarted_from: Json<Uuid>",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Uuid"
-      ]
-    },
-    "nullable": [
-      false,
-      null
-    ]
-  },
-  "hash": "019100d178129340a7c35d60ab61f983c8a9cb810db4369554bf26c6b0d6003d"
-}

backend/.sqlx/query-02424907504848e983bfa89eec343061932dc5b4b17cf13d5cf8d833aedbe6d5.json

@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE websocket_trigger SET server_id = $1, last_server_ping = now() WHERE enabled IS TRUE AND workspace_id = $2 AND path = $3 AND (server_id IS NULL OR last_server_ping IS NULL OR last_server_ping < now() - interval '15 seconds') RETURNING true",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "?column?",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "02424907504848e983bfa89eec343061932dc5b4b17cf13d5cf8d833aedbe6d5"
+}

backend/.sqlx/query-029ed3dcba207c58aa6936e44bd825b2166f1846b1bb684522607d5ca31a0df3.json

@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET flow_status = jsonb_set(COALESCE(flow_status, '{}'::jsonb), array[$1], jsonb_set(jsonb_set('{}'::jsonb, '{scheduled_for}', to_jsonb(now()::text)), '{name}', to_jsonb($4::text))) WHERE id = $2 AND workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Uuid",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "029ed3dcba207c58aa6936e44bd825b2166f1846b1bb684522607d5ca31a0df3"
+}

backend/.sqlx/query-02bb4ea17e83c79f870e2655d6d9c035af6d763b7ee9577280785ccf0220a123.json

@@ -1,11 +1,11 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT running AS \"running!\" FROM v2_job_queue WHERE id = $1 AND workspace_id = $2",
+  "query": "SELECT running FROM queue WHERE id = $1 AND workspace_id = $2",
   "describe": {
     "columns": [
       {
         "ordinal": 0,
-        "name": "running!",
+        "name": "running",
         "type_info": "Bool"
       }
     ],
@@ -19,5 +19,5 @@
       false
     ]
   },
-  "hash": "6daf2aca3e272a1efd7b26b4c80d6b490628f502ed9f9de75cc78d0fe196f260"
+  "hash": "02bb4ea17e83c79f870e2655d6d9c035af6d763b7ee9577280785ccf0220a123"
 }

backend/.sqlx/query-02c945b5f18a56a826721f6884846d79167747742de236ce57f395561685adc0.json

@@ -1,77 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT\n                    v2_job.permissioned_as_email,\n                    v2_job.created_by,\n                    v2_job.parent_job,\n                    v2_job.permissioned_as,\n                    v2_job.runnable_path,\n                    CASE WHEN v2_job.trigger_kind = 'schedule'::job_trigger_kind THEN v2_job.trigger END AS schedule_path,\n                    v2_job.flow_step_id,\n                    v2_job.flow_innermost_root_job,\n                    v2_job.root_job,\n                    v2_job_queue.scheduled_for AS \"scheduled_for: chrono::DateTime<chrono::Utc>\"\n                FROM v2_job INNER JOIN v2_job_queue ON v2_job.id = v2_job_queue.id\n                WHERE v2_job.id = $1 AND v2_job.workspace_id = $2",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "permissioned_as_email",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "created_by",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 2,
-        "name": "parent_job",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 3,
-        "name": "permissioned_as",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 4,
-        "name": "runnable_path",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 5,
-        "name": "schedule_path",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 6,
-        "name": "flow_step_id",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 7,
-        "name": "flow_innermost_root_job",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 8,
-        "name": "root_job",
-        "type_info": "Uuid"
-      },
-      {
-        "ordinal": 9,
-        "name": "scheduled_for: chrono::DateTime<chrono::Utc>",
-        "type_info": "Timestamptz"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": [
-      false,
-      false,
-      true,
-      false,
-      true,
-      null,
-      true,
-      true,
-      true,
-      false
-    ]
-  },
-  "hash": "02c945b5f18a56a826721f6884846d79167747742de236ce57f395561685adc0"
-}

backend/.sqlx/query-02ecdcc882931d5cbb2243e32805c8a1291a5106fff46ceba85fa27d50a0354c.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            SELECT jsonb_object_keys(ws.ducklake->'ducklakes') AS ducklake_name\n            FROM workspace_settings ws\n            WHERE ws.workspace_id = $1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "ducklake_name",
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "02ecdcc882931d5cbb2243e32805c8a1291a5106fff46ceba85fa27d50a0354c"
-}

backend/.sqlx/query-034583442e6f8ae38d6c4e4aac26f17c8d9d0e657f28276228fc90d3e22e1304.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE workspace_settings SET openai_resource_path = $1, code_completion_enabled = $2 WHERE workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Bool",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "034583442e6f8ae38d6c4e4aac26f17c8d9d0e657f28276228fc90d3e22e1304"
+}

backend/.sqlx/query-0355b53b1d45955ca56b2829372ce9c656d7f0ad7b8d0709161047f0d8cdc4f4.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT 1 FROM resource WHERE workspace_id = $1 AND path = $2",
+  "query": "DELETE FROM queue WHERE workspace_id = $1 AND id = $2 RETURNING 1",
   "describe": {
     "columns": [
       {
@@ -12,12 +12,12 @@
     "parameters": {
       "Left": [
         "Text",
-        "Text"
+        "Uuid"
       ]
     },
     "nullable": [
       null
     ]
   },
-  "hash": "d1f505524793c03a63967d058ed1fd381094070dd7707edac81e1b5e7d1d958b"
+  "hash": "0355b53b1d45955ca56b2829372ce9c656d7f0ad7b8d0709161047f0d8cdc4f4"
 }

backend/.sqlx/query-036af7b1cf6d731647fd718458944b9a9759bdb034e73f3065cde6a2f88c8dce.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET permissioned_as = ('u/' || $1) WHERE permissioned_as = ('u/' || $2) AND workspace_id = $3",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "036af7b1cf6d731647fd718458944b9a9759bdb034e73f3065cde6a2f88c8dce"
+}

backend/.sqlx/query-036c84bb9ce72748956bc9c18fbe276444fab025a281dc4784596b0e31c1cb9d.json

@@ -1,12 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "create index concurrently if not exists ix_job_workspace_id_created_at_new_9 ON v2_job  (workspace_id, created_at DESC) where kind in ('dependencies', 'flowdependencies', 'appdependencies') AND parent_job IS NULL",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": []
-  },
-  "hash": "036c84bb9ce72748956bc9c18fbe276444fab025a281dc4784596b0e31c1cb9d"
-}

backend/.sqlx/query-0382065b3dfd78b384e26f81317af91de289f52462e74343770a8b0d47d0577d.json

@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO kafka_trigger (\n                workspace_id,\n                path,\n                kafka_resource_path,\n                group_id,\n                topics,\n                script_path,\n                is_flow,\n                enabled,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, now(), $11, $12, $13\n            )\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "VarcharArray",
-        "Varchar",
-        "Bool",
-        "Bool",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Jsonb",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0382065b3dfd78b384e26f81317af91de289f52462e74343770a8b0d47d0577d"
-}

backend/.sqlx/query-044e2b428ee6e2dd4543c87ad8835e239cf7567d18b8b3fa6608ea3a9d206ca7.json

@@ -1,18 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO alerts (alert_type, message, acknowledged, acknowledged_workspace, workspace_id, resource)\n        VALUES ('critical_error', $1, $2, $3, $4, $5)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Bool",
-        "Bool",
-        "Text",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "044e2b428ee6e2dd4543c87ad8835e239cf7567d18b8b3fa6608ea3a9d206ca7"
-}

backend/.sqlx/query-04effcc6050250a02661323c880d493982dd1bfb63ca7373e035a98c268428e2.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT script_path FROM v2_as_queue WHERE id = $1",
+  "query": "SELECT script_path FROM queue WHERE id = $1",
   "describe": {
     "columns": [
       {
@@ -18,5 +18,5 @@
       true
     ]
   },
-  "hash": "2ae44acae7ac80e191b37071baa26e57488489177fe596940d3698d843a93666"
+  "hash": "04effcc6050250a02661323c880d493982dd1bfb63ca7373e035a98c268428e2"
 }

backend/.sqlx/query-05c65ba8a56b3b5f8bd37c30c0c6707522e01c4a05104969889b7bb41d6aa509.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT status = 'success' OR status = 'skipped' AS \"success!\" FROM v2_job_completed WHERE id = ANY($1)",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "success!",
-        "type_info": "Bool"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "UuidArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "05c65ba8a56b3b5f8bd37c30c0c6707522e01c4a05104969889b7bb41d6aa509"
-}

backend/.sqlx/query-062859f1d0e5cfba3115f4241115753b86a4ad239708851c998ff5620ebca5b8.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET suspend = 0 WHERE id = $1",
+  "query": "UPDATE queue SET last_ping = now() WHERE id = $1",
   "describe": {
     "columns": [],
     "parameters": {
@@ -10,5 +10,5 @@
     },
     "nullable": []
   },
-  "hash": "798a6bdc8f2fb9421808e084fbddf7de61fa9953998e3dc66af0e5f7491a65f4"
+  "hash": "062859f1d0e5cfba3115f4241115753b86a4ad239708851c998ff5620ebca5b8"
 }

backend/.sqlx/query-0689cdc6c7676f5e1984792a0e0b172ea9a70835bfba6cef56142556197e9767.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT ai_config FROM workspace_settings WHERE workspace_id = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "ai_config",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      true
-    ]
-  },
-  "hash": "0689cdc6c7676f5e1984792a0e0b172ea9a70835bfba6cef56142556197e9767"
-}

backend/.sqlx/query-06af027f6ed10200de2006a2fc48771a8f42c28c87b78220eec1bddeae1f648f.json

@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO postgres_trigger (\n                workspace_id,\n                path,\n                postgres_resource_path,\n                replication_slot_name,\n                publication_name,\n                script_path,\n                is_flow,\n                enabled,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, now(), $11, $12, $13\n            )\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Bool",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Jsonb",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "06af027f6ed10200de2006a2fc48771a8f42c28c87b78220eec1bddeae1f648f"
-}

backend/.sqlx/query-06db0e720dd59a7c52c0a98ea7b316237eb1a547678858c1a1e45985035b3468.json

@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status\n                 SET flow_status = flow_status - 'retry'\n                 WHERE id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "06db0e720dd59a7c52c0a98ea7b316237eb1a547678858c1a1e45985035b3468"
-}

backend/.sqlx/query-07168aaf14cb6beff0ad4274b441f7f387f5055c47f493271d26731336257384.json

@@ -1,59 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT\n            workspace.id AS \"id!\",\n            workspace.name AS \"name!\",\n            workspace.owner AS \"owner!\",\n            workspace.deleted AS \"deleted!\",\n            workspace.premium AS \"premium!\",\n            workspace_settings.color AS \"color\",\n            workspace.parent_workspace_id AS \"parent_workspace_id\"\n        FROM workspace\n        LEFT JOIN workspace_settings ON workspace.id = workspace_settings.workspace_id\n         LIMIT $1 OFFSET $2",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "id!",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "name!",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 2,
-        "name": "owner!",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 3,
-        "name": "deleted!",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 4,
-        "name": "premium!",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 5,
-        "name": "color",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 6,
-        "name": "parent_workspace_id",
-        "type_info": "Varchar"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Int8",
-        "Int8"
-      ]
-    },
-    "nullable": [
-      false,
-      false,
-      false,
-      false,
-      false,
-      true,
-      true
-    ]
-  },
-  "hash": "07168aaf14cb6beff0ad4274b441f7f387f5055c47f493271d26731336257384"
-}

backend/.sqlx/query-0721acae4f627df4687bb43b830a47faeee5c0a152cda8d62794c14dd200fac1.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_queue SET canceled_by = $1 WHERE canceled_by = $2 AND workspace_id = $3",
+  "query": "UPDATE completed_job SET created_by = $1 WHERE created_by = $2 AND workspace_id = $3",
   "describe": {
     "columns": [],
     "parameters": {
@@ -12,5 +12,5 @@
     },
     "nullable": []
   },
-  "hash": "902a16d9e7ac34e7f1a0ad633bae754a0d64bc934a2b6434b9cb67f28d3ef950"
+  "hash": "0721acae4f627df4687bb43b830a47faeee5c0a152cda8d62794c14dd200fac1"
 }

backend/.sqlx/query-081dc94a7d0fdaade77cfb593a025d8c48d7eab3dbb30ca0b43fb1ef45d8d8bd.json

@@ -1,25 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO flow (\n        workspace_id, path, summary, description,\n        dependency_job, lock_error_logs, draft_only, tag,\n        dedicated_worker, visible_to_runner_only, on_behalf_of_email,\n        value, schema, edited_by, edited_at\n    ) VALUES (\n        $1, $2, $3, $4,\n        NULL, '', $5, $6,\n        $7, $8, $9,\n        $10, $11::text::json, $12, now()\n    )",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Text",
-        "Text",
-        "Bool",
-        "Varchar",
-        "Bool",
-        "Bool",
-        "Text",
-        "Jsonb",
-        "Text",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "081dc94a7d0fdaade77cfb593a025d8c48d7eab3dbb30ca0b43fb1ef45d8d8bd"
-}

backend/.sqlx/query-081f838b3dbe81631d17e7ca0751db725a7f92d4e43a86bcfa06a4ac7c70ac8f.json

@@ -1,19 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status SET flow_status = \n            CASE WHEN flow_status->'modules'->$1::int->'flow_jobs_duration' IS NOT NULL THEN\n                     JSONB_SET(JSONB_SET(JSONB_SET(\n                         flow_status,\n                         ARRAY['modules', $1::TEXT, 'flow_jobs_success', $3::TEXT],\n                         $4\n                     ),\n                     ARRAY['modules', $1::TEXT, 'flow_jobs_duration', 'duration_ms', $3::TEXT], $5),\n                     ARRAY['modules', $1::TEXT, 'flow_jobs_duration', 'started_at', $3::TEXT], $6)\n                 ELSE\n                    JSONB_SET(flow_status, ARRAY['modules', $1::TEXT, 'flow_jobs_success', $3::TEXT], $4)\n            END\n            WHERE id = $2",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Int4",
-        "Uuid",
-        "Text",
-        "Jsonb",
-        "Jsonb",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "081f838b3dbe81631d17e7ca0751db725a7f92d4e43a86bcfa06a4ac7c70ac8f"
-}

backend/.sqlx/query-0924c79aca648e5ec3fcc5e91ca71d524fe9d4b46c2e8ed36ae99b5810a896ab.json

@@ -1,18 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO app_version (app_id, value, created_by, created_at, raw_app)\n                 VALUES ($1, $2, $3, $4, $5)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Int8",
-        "Json",
-        "Varchar",
-        "Timestamptz",
-        "Bool"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0924c79aca648e5ec3fcc5e91ca71d524fe9d4b46c2e8ed36ae99b5810a896ab"
-}

backend/.sqlx/query-094587579285fc5656f6104716dca1805e3a1530fc64bf95eaee5b645e885251.json

@@ -1,28 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT path, versions[array_upper(versions, 1)] as version FROM flow WHERE workspace_id = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "path",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "version",
-        "type_info": "Int8"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text"
-      ]
-    },
-    "nullable": [
-      false,
-      null
-    ]
-  },
-  "hash": "094587579285fc5656f6104716dca1805e3a1530fc64bf95eaee5b645e885251"
-}

backend/.sqlx/query-099e7c7a66968575f896e0c11ecd9cfe9a2ec315d6589e940be157a0563f81af.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue SET last_ping = now() WHERE id = $1 AND workspace_id = $2 AND canceled = false",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "099e7c7a66968575f896e0c11ecd9cfe9a2ec315d6589e940be157a0563f81af"
+}

backend/.sqlx/query-09efbd7177c6172569dc29b7d9ede70315eeb4e0ef9ed3165365f257e27f5e68.json

@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO workspace_runnable_dependencies (flow_path, runnable_path, runnable_is_flow, workspace_id) VALUES ($1, $2, TRUE, $3) ON CONFLICT DO NOTHING",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "09efbd7177c6172569dc29b7d9ede70315eeb4e0ef9ed3165365f257e27f5e68"
-}

backend/.sqlx/query-0a1c10bd2232b0770a7816e1bd8d758dc393f797890d597e5996146247f512ac.json

@@ -1,38 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\nWITH lockable_counters AS (\n    SELECT concurrency_id, job_uuids\n    FROM concurrency_counter\n    WHERE job_uuids != '{}'::jsonb\n    FOR UPDATE SKIP LOCKED\n),\nall_job_uuids AS (\n    SELECT DISTINCT jsonb_object_keys(job_uuids) AS job_uuid\n    FROM lockable_counters\n),\norphaned_job_uuids AS (\n    SELECT job_uuid\n    FROM all_job_uuids\n    WHERE job_uuid NOT IN (\n        SELECT id::text \n        FROM v2_job_queue \n        FOR SHARE SKIP LOCKED\n    )\n),\norphaned_array AS (\n    SELECT ARRAY(SELECT job_uuid FROM orphaned_job_uuids) AS orphaned_keys\n),\nbefore_update AS (\n    SELECT lc.concurrency_id, lc.job_uuids, oa.orphaned_keys\n    FROM lockable_counters lc, orphaned_array oa\n    WHERE lc.job_uuids ?| oa.orphaned_keys\n),\naffected_rows AS (\n    UPDATE concurrency_counter \n    SET job_uuids = job_uuids - orphaned_array.orphaned_keys\n    FROM orphaned_array\n    WHERE concurrency_counter.concurrency_id IN (\n        SELECT concurrency_id FROM before_update\n    )\n    RETURNING concurrency_id, job_uuids AS updated_job_uuids\n),\nexpanded_orphaned AS (\n    SELECT bu.concurrency_id, \n           bu.job_uuids AS original_job_uuids,\n           unnest(bu.orphaned_keys) AS orphaned_key\n    FROM before_update bu\n)\nSELECT \n    eo.concurrency_id,\n    eo.orphaned_key,\n    eo.original_job_uuids,\n    ar.updated_job_uuids\nFROM expanded_orphaned eo\nJOIN affected_rows ar ON eo.concurrency_id = ar.concurrency_id\nWHERE eo.original_job_uuids ? eo.orphaned_key\nORDER BY eo.concurrency_id, eo.orphaned_key\n",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "concurrency_id",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "orphaned_key",
-        "type_info": "Text"
-      },
-      {
-        "ordinal": 2,
-        "name": "original_job_uuids",
-        "type_info": "Jsonb"
-      },
-      {
-        "ordinal": 3,
-        "name": "updated_job_uuids",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      false,
-      null,
-      false,
-      false
-    ]
-  },
-  "hash": "0a1c10bd2232b0770a7816e1bd8d758dc393f797890d597e5996146247f512ac"
-}

backend/.sqlx/query-0a1c95c4376b944661bab13271091cf3ea0afe68fb8e08e7aea239dc735c625c.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "INSERT INTO debounce_key (key, job_id) VALUES ($1, $2)",
+  "query": "INSERT INTO concurrency_key(key, job_id) VALUES ($1, $2)",
   "describe": {
     "columns": [],
     "parameters": {
@@ -11,5 +11,5 @@
     },
     "nullable": []
   },
-  "hash": "7ed404f3a8b23f98fb7c15a26b14f9e3e416e1baf20bdb25c9a8ac9efc288931"
+  "hash": "0a1c95c4376b944661bab13271091cf3ea0afe68fb8e08e7aea239dc735c625c"
 }

backend/.sqlx/query-0a46f1f3047d15227f82ae24ad2113eb91d65b98927eaaba427cbde27dd79bfe.json

@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT COUNT(*)\n                 FROM alerts\n                 WHERE COALESCE(acknowledged, false) = $1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "count",
-        "type_info": "Int8"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Bool"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0a46f1f3047d15227f82ae24ad2113eb91d65b98927eaaba427cbde27dd79bfe"
-}

backend/.sqlx/query-0a7fb25aa9404c2e6eabfd5d912ed0c1018f249c7ec2a5564787175aa667a456.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job SET labels = (\n                    SELECT array_agg(DISTINCT all_labels)\n                    FROM unnest(coalesce(labels, ARRAY[]::TEXT[]) || $2) all_labels\n                ) WHERE id = $1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "TextArray"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0a7fb25aa9404c2e6eabfd5d912ed0c1018f249c7ec2a5564787175aa667a456"
-}

backend/.sqlx/query-0a9a191273c735c41d56ea46a39ffca075a0550eada87df7162c5037164ad6bf.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n       INSERT INTO capture\n                   (workspace_id, path, created_by)\n            VALUES ($1, $2, $3)\n       ON CONFLICT (workspace_id, path)\n     DO UPDATE SET created_at = now()\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0a9a191273c735c41d56ea46a39ffca075a0550eada87df7162c5037164ad6bf"
+}

backend/.sqlx/query-0aaec91ab06753e46c595d82469924a98f28b0dead245df7248a9ccb8a5f20c3.json

@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job_status\n                     SET flow_status = JSONB_SET(flow_status, ARRAY['modules', $1::TEXT], $2)\n                     WHERE id = $3",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Jsonb",
-        "Uuid"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0aaec91ab06753e46c595d82469924a98f28b0dead245df7248a9ccb8a5f20c3"
-}

backend/.sqlx/query-0ad36c1598ff4ece0c325eaeb9a9177a87e1accd192402e21db5ae09c3498ab0.json

@@ -0,0 +1,99 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO queue\n            (workspace_id, id, running, parent_job, created_by, permissioned_as, scheduled_for, \n                script_hash, script_path, raw_code, raw_lock, args, job_kind, schedule_path, raw_flow, flow_status, is_flow_step, language, started_at, same_worker, pre_run_error, email, visible_to_owner, root_job, tag, concurrent_limit, concurrency_time_window_s, timeout, flow_step_id, cache_ttl, priority, last_ping)\n            VALUES ($1, $2, $3, $4, $5, $6, COALESCE($7, now()), $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, CASE WHEN $3 THEN now() END, $19, $20, $21, $22, $23, $24, $25, $26, $27, $28, $29, $30, NULL) RETURNING id",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Uuid"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Uuid",
+        "Bool",
+        "Uuid",
+        "Varchar",
+        "Varchar",
+        "Timestamptz",
+        "Int8",
+        "Varchar",
+        "Text",
+        "Text",
+        "Jsonb",
+        {
+          "Custom": {
+            "name": "job_kind",
+            "kind": {
+              "Enum": [
+                "script",
+                "preview",
+                "flow",
+                "dependencies",
+                "flowpreview",
+                "script_hub",
+                "identity",
+                "flowdependencies",
+                "http",
+                "graphql",
+                "postgresql",
+                "noop",
+                "appdependencies",
+                "deploymentcallback",
+                "singlescriptflow"
+              ]
+            }
+          }
+        },
+        "Varchar",
+        "Jsonb",
+        "Jsonb",
+        "Bool",
+        {
+          "Custom": {
+            "name": "script_lang",
+            "kind": {
+              "Enum": [
+                "python3",
+                "deno",
+                "go",
+                "bash",
+                "postgresql",
+                "nativets",
+                "bun",
+                "mysql",
+                "bigquery",
+                "snowflake",
+                "graphql",
+                "powershell",
+                "mssql",
+                "php",
+                "bunnative",
+                "rust",
+                "ansible"
+              ]
+            }
+          }
+        },
+        "Bool",
+        "Text",
+        "Varchar",
+        "Bool",
+        "Uuid",
+        "Varchar",
+        "Int4",
+        "Int4",
+        "Int4",
+        "Varchar",
+        "Int4",
+        "Int2"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "0ad36c1598ff4ece0c325eaeb9a9177a87e1accd192402e21db5ae09c3498ab0"
+}

backend/.sqlx/query-0ae9160591ae00117d20a616cfe07e38f0c32953c7e881e916c389255190b72d.json

@@ -1,17 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usr\n            (workspace_id, email, username, is_admin)\n            VALUES ($1, $2, $3, $4)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Bool"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0ae9160591ae00117d20a616cfe07e38f0c32953c7e881e916c389255190b72d"
-}

backend/.sqlx/query-0b94bd4c98a11ca1b7e5e34dd1ee6fcb0b7a54ed4218fa3cf23cc929d009d50f.json

@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE websocket_trigger SET url = $1, script_path = $2, path = $3, is_flow = $4, filters = $5, initial_messages = $6, url_runnable_args = $7, edited_by = $8, email = $9, edited_at = now(), server_id = NULL, last_server_ping = NULL, error = NULL\n            WHERE workspace_id = $10 AND path = $11",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Bool",
+        "JsonbArray",
+        "JsonbArray",
+        "Jsonb",
+        "Varchar",
+        "Varchar",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0b94bd4c98a11ca1b7e5e34dd1ee6fcb0b7a54ed4218fa3cf23cc929d009d50f"
+}

backend/.sqlx/query-0b955f2cff82a2d4ba3840588143e08952f029480d4a42503ecc3c5e70437995.json

@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "SELECT id, alert_type, message, created_at, COALESCE(acknowledged, false) AS acknowledged, workspace_id\n                 FROM alerts\n                 ORDER BY created_at DESC\n                 LIMIT $1 OFFSET $2",
+  "query": "SELECT id, alert_type, message, created_at, acknowledged \n             FROM alerts \n             WHERE acknowledged = $1\n             ORDER BY created_at DESC \n             LIMIT $2 OFFSET $3",
   "describe": {
     "columns": [
       {
@@ -27,15 +27,11 @@
         "ordinal": 4,
         "name": "acknowledged",
         "type_info": "Bool"
-      },
-      {
-        "ordinal": 5,
-        "name": "workspace_id",
-        "type_info": "Text"
       }
     ],
     "parameters": {
       "Left": [
+        "Bool",
         "Int8",
         "Int8"
       ]
@@ -45,9 +41,8 @@
       false,
       false,
       false,
-      null,
       true
     ]
   },
-  "hash": "4d30c5a2894d655741d167f5589f5816583f0bae78a0dd3270dedb377dfa944a"
+  "hash": "0b955f2cff82a2d4ba3840588143e08952f029480d4a42503ecc3c5e70437995"
 }

backend/.sqlx/query-0bc1c617786bb2fdc71b85442b1d52dbd4c922436edacced18b9620c70e0cc8b.json

@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT result #> $3 AS \"result: Json<Box<RawValue>>\"\n            FROM v2_job_completed WHERE id = $1 AND workspace_id = $2",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "result: Json<Box<RawValue>>",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text",
-        "TextArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0bc1c617786bb2fdc71b85442b1d52dbd4c922436edacced18b9620c70e0cc8b"
-}

backend/.sqlx/query-0c0b5d5d1e6ab2fed7532f94b50be3210e3845b61551691bbef81c2b6fb01121.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE queue\n                    SET flow_status = JSONB_SET(flow_status, ARRAY['failure_module'], $1)\n                    WHERE id = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Jsonb",
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0c0b5d5d1e6ab2fed7532f94b50be3210e3845b61551691bbef81c2b6fb01121"
+}