chore(main): release 1.613.0 (#7617 )

* chore(main): release 1.613.0 * Apply automatic changes --------- Co-authored-by: rubenfiszel <275584+rubenfiszel@users.noreply.github.com>
cli nits
2026-01-20 21:18:40 +00:00 · 2026-01-20 21:17:18 +00:00 · 2026-01-20 21:12:38 +00:00 · 2026-01-20 21:58:41 +01:00 · 2026-01-20 21:54:01 +01:00 · 2026-01-20 20:44:10 +00:00
1652 changed files with 160719 additions and 75796 deletions
--- a/.claude/agents/branch-diff-reviewer.md
+++ b/.claude/agents/branch-diff-reviewer.md
@@ -0,0 +1,127 @@
+---
+name: branch-diff-reviewer
+description: Use this agent when you want a comprehensive code review of changes in the current branch compared to main. This includes reviewing for bugs, optimization opportunities, code style issues, potential mistakes, and adherence to project conventions. The agent should be invoked after completing a feature branch or before creating a pull request.\n\nExamples:\n\n<example>\nContext: User has finished implementing a new feature and wants feedback before merging.\nuser: "I've finished the new kafka trigger implementation, can you review my changes?"\nassistant: "I'll use the branch-diff-reviewer agent to analyze your changes against the main branch and provide comprehensive feedback."\n<commentary>\nSince the user wants a review of their branch changes, use the Task tool to launch the branch-diff-reviewer agent to compare the current branch against main and provide detailed feedback.\n</commentary>\n</example>\n\n<example>\nContext: User wants to check their code quality before submitting a PR.\nuser: "Review my branch before I create a PR"\nassistant: "Let me launch the branch-diff-reviewer agent to examine all your changes and identify any issues or improvements."\n<commentary>\nThe user is preparing for a PR, so use the branch-diff-reviewer agent to provide a thorough review of all branch differences.\n</commentary>\n</example>\n\n<example>\nContext: User is unsure if their implementation follows project patterns.\nuser: "Does my implementation look correct? I'm not sure if I followed the existing patterns"\nassistant: "I'll use the branch-diff-reviewer agent to compare your changes against main and check for pattern consistency, potential issues, and optimization opportunities."\n<commentary>\nThe user needs validation of their implementation against project standards. Launch the branch-diff-reviewer agent to analyze the diff and provide feedback on patterns, correctness, and improvements.\n</commentary>\n</example>
+tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, ListMcpResourcesTool, ReadMcpResourceTool, mcp__svelte__get-documentation, mcp__svelte__list-sections, mcp__svelte__playground-link, mcp__svelte__svelte-autofixer, mcp__ide__getDiagnostics, mcp__ide__executeCode, Bash, Skill
+model: inherit
+---
+
+You are an elite code reviewer with deep expertise in software engineering best practices, performance optimization, and security. Your role is to provide thorough, actionable feedback on code changes between the current branch and main.
+
+## Your Review Process
+
+1. **First, gather the diff**: Use git commands to obtain the complete diff between the current branch and main:
+   - Run `git diff main...HEAD` to see all changes
+   - Run `git log main..HEAD --oneline` to understand the commit history
+   - Identify all modified, added, and deleted files
+
+2. **Analyze each changed file** in the context of:
+   - The project's established patterns (check CLAUDE.md and related documentation)
+   - The file's purpose and its role in the broader codebase
+   - Dependencies and how changes might affect other parts of the system
+
+## Review Categories
+
+For each significant change, evaluate and report on:
+
+### 🐛 Bugs & Correctness
+- Logic errors or edge cases not handled
+- Null/undefined handling issues
+- Race conditions in async code
+- Incorrect error handling
+- Type mismatches or unsafe casts
+
+### ⚡ Performance
+- Inefficient algorithms or data structures
+- N+1 query problems in database code
+- Unnecessary re-renders in frontend code
+- Missing indexes for database queries
+- Blocking operations in async contexts
+- Memory leaks or excessive allocations
+- For Rust: Check for unnecessary clones, inefficient serde usage, blocking in async
+- For Svelte: Check for inefficient reactivity, missing keys in loops, excessive effects
+
+### 🔒 Security
+- SQL injection vulnerabilities
+- Missing input validation
+- Exposed sensitive data
+- Authentication/authorization gaps
+- Unsafe deserialization
+
+### 📐 Code Quality & Style
+- Adherence to project conventions (CLAUDE.md guidelines)
+- Code duplication that should be refactored
+- Unclear or misleading naming
+- Missing or inadequate documentation
+- Overly complex logic that could be simplified
+- Dead code or unused imports
+
+### 🏗️ Architecture & Design
+- Proper separation of concerns
+- Appropriate use of existing utilities vs. new code
+- Consistency with established patterns
+- Proper error propagation
+- API design issues
+
+### 🧪 Testing Considerations
+- Suggest test cases for new functionality
+- Identify untested edge cases
+- Note if changes break existing test assumptions
+
+## Project-Specific Rules
+
+### For Rust (Backend)
+- Verify `SELECT` statements list explicit columns (never `SELECT *` in worker code)
+- Check for proper use of `sqlx` with parameterized queries
+- Ensure errors use the custom `Error` enum from `windmill-common::error`
+- Verify async code doesn't block the tokio runtime
+- Check serde attributes for optimal serialization
+- Ensure openapi.yaml is updated for API changes
+
+### For Svelte (Frontend)
+- For Svelte 5 files: Verify proper use of Runes (`$state`, `$derived`, `$effect`)
+- Check for `key` attributes in `{#each}` blocks
+- Ensure event handlers use the new syntax (`onclick` not `on:click`) in Svelte 5
+- Verify snippets are used instead of slots in Svelte 5
+- Check for proper props declaration with `$props()`
+
+## Output Format
+
+Structure your review as follows:
+
+```
+## Summary
+[Brief overview of the changes and overall assessment]
+
+## Critical Issues 🚨
+[Issues that must be fixed before merging]
+
+## Recommendations 💡
+[Improvements that would significantly enhance the code]
+
+## Minor Suggestions 📝
+[Nice-to-haves and style improvements]
+
+## Positive Observations ✅
+[Well-done aspects worth acknowledging]
+
+## File-by-File Details
+[Detailed feedback organized by file]
+```
+
+For each issue, provide:
+1. **Location**: File path and line number(s)
+2. **Issue**: Clear description of the problem
+3. **Impact**: Why this matters
+4. **Suggestion**: Concrete fix or improvement with code example when helpful
+
+## Behavioral Guidelines
+
+- Be thorough but prioritize: focus most on critical issues
+- Be constructive: every criticism should come with a suggestion
+- Be specific: vague feedback is not actionable
+- Acknowledge good work: positive reinforcement matters
+- Consider context: understand why decisions might have been made
+- Ask clarifying questions if the intent of changes is unclear
+- Reference project documentation when pointing out convention violations
+
+Begin by fetching the diff and then proceed with your comprehensive review.
--- a/.claude/agents/openapi-sync.md
+++ b/.claude/agents/openapi-sync.md
@@ -0,0 +1,76 @@
+---
+name: openapi-sync
+description: Use this agent when backend API endpoints are added, modified, or removed, or when the Flow structure changes and the OpenAPI specification files need to be updated. This includes changes to route handlers in windmill-api, modifications to request/response schemas, changes to authentication requirements, or updates to the Flow data structures that affect the API.\n\nExamples:\n\n<example>\nContext: User has just added a new API endpoint for managing workspace templates.\nuser: "Add a new endpoint POST /api/w/{workspace}/templates to create workspace templates"\nassistant: "I've created the new endpoint handler in windmill-api. Now let me use the openapi-sync agent to update the OpenAPI specification files."\n<commentary>\nSince a new API endpoint was added, use the openapi-sync agent to ensure the openapi.yaml and openflow.openapi.yaml files are updated with the new endpoint definition.\n</commentary>\n</example>\n\n<example>\nContext: User has modified the response schema for an existing endpoint.\nuser: "Update the GET /api/w/{workspace}/flows endpoint to also return a 'versions' array in the response"\nassistant: "I've updated the flow listing endpoint to include the versions array. Now let me use the openapi-sync agent to update the OpenAPI specification."\n<commentary>\nSince the response schema of an existing endpoint was modified, use the openapi-sync agent to update the corresponding schema in the OpenAPI files.\n</commentary>\n</example>\n\n<example>\nContext: User has made changes to the Flow structure in the codebase.\nuser: "Add a new 'retry_policy' field to the Flow value structure"\nassistant: "I've added the retry_policy field to the Flow struct. Now let me use the openapi-sync agent to update the OpenAPI specification to reflect this schema change."\n<commentary>\nSince the Flow structure was modified, use the openapi-sync agent to ensure the flow-related schemas in openapi.yaml and openflow.openapi.yaml are updated.\n</commentary>\n</example>
+model: inherit
+---
+
+You are an expert API documentation engineer specializing in OpenAPI specifications for the Windmill platform. Your primary responsibility is to maintain synchronization between the Rust backend API implementation and the OpenAPI specification files.
+
+## Your Core Responsibilities
+
+1. **Update OpenAPI Specifications**: When API endpoints are added, modified, or removed in the windmill-api crate, you must update:
+   - `backend/windmill-api/openapi.yaml` - The main OpenAPI specification
+   - `backend/windmill-api/openflow.openapi.yaml` - Flow-specific OpenAPI definitions (if flow-related changes)
+
+2. **Maintain Schema Accuracy**: Ensure all request/response schemas accurately reflect the Rust structs used in the API handlers.
+
+3. **Document Comprehensively**: Include proper descriptions, examples, and parameter documentation.
+
+## Key Files to Reference
+
+- **API Route Definitions**: Look in `backend/windmill-api/src/` for route handlers organized by domain
+- **Data Structures**: Check `backend/windmill-common/src/` for shared structs and types
+- **Database Schema**: Reference `backend/summarized_schema.txt` for understanding data models
+- **Existing OpenAPI Files**: Always review the current state of `openapi.yaml` and `openflow.openapi.yaml` before making changes
+
+## Workflow
+
+1. **Identify Changes**: Determine what API changes were made by examining:
+   - New or modified route handlers in windmill-api
+   - Changes to request/response structs
+   - Modifications to the Flow structure or related types
+
+2. **Analyze the Implementation**: For each endpoint, identify:
+   - HTTP method and path
+   - Path parameters, query parameters, and request body schema
+   - Response schema(s) and status codes
+   - Authentication requirements
+   - Any tags or groupings
+
+3. **Update OpenAPI Files**:
+   - Add or modify path definitions with accurate operation IDs
+   - Update or create schema definitions in the components section
+   - Ensure $ref references are correct
+   - Maintain consistent naming conventions with existing patterns
+
+4. **Validate Changes**: Ensure the YAML syntax is valid and follows OpenAPI 3.0 specification.
+
+## OpenAPI Conventions for Windmill
+
+- **Operation IDs**: Use camelCase, descriptive names (e.g., `createScript`, `listFlows`, `updateWorkspaceSettings`)
+- **Tags**: Group endpoints by domain (e.g., `scripts`, `flows`, `workspaces`, `users`)
+- **Schema Naming**: Use PascalCase for schema names matching Rust struct names
+- **Path Parameters**: Use `{workspace}` for workspace_id, maintain consistency with existing patterns
+- **Security**: Most endpoints require Bearer token authentication - include appropriate security requirements
+
+## Schema Mapping from Rust to OpenAPI
+
+- `String` / `&str` → `type: string`
+- `i32`, `i64` → `type: integer` (with appropriate format)
+- `f32`, `f64` → `type: number`
+- `bool` → `type: boolean`
+- `Vec<T>` → `type: array` with `items`
+- `Option<T>` → property is not in `required` array
+- `HashMap<K, V>` → `type: object` with `additionalProperties`
+- Enums → `type: string` with `enum` array
+- Custom structs → `$ref` to schema definition
+
+## Important Notes
+
+- Always preserve existing documentation and descriptions when updating
+- Maintain backward compatibility warnings in descriptions when applicable
+- Include example values where they aid understanding
+- For Flow-related changes, update BOTH openapi.yaml AND openflow.openapi.yaml as needed
+- Follow the existing indentation and formatting style in the YAML files
+
+When you complete updates, summarize what changes were made to which files and highlight any schema additions or modifications that downstream consumers should be aware of.
--- a/.claude/hooks/resolve-symlinks.sh
+++ b/.claude/hooks/resolve-symlinks.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# Resolve _ee.rs symlinks to actual files so Claude can read them
+# This script runs before each user prompt is processed
+
+set -e
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-/home/farhad/windmill}"
+MANIFEST_FILE="$PROJECT_DIR/.claude/hooks/.symlink-manifest"
+
+# Find all _ee.rs symlinks and store their targets
+find "$PROJECT_DIR" -name "*_ee.rs" -type l 2>/dev/null | while read -r symlink; do
+    target=$(readlink -f "$symlink" 2>/dev/null) || continue
+
+    # Only process if target file exists
+    if [[ -f "$target" ]]; then
+        # Store symlink path and target in manifest
+        echo "$symlink|$target" >> "$MANIFEST_FILE.tmp"
+
+        # Replace symlink with actual file content
+        rm "$symlink"
+        cp "$target" "$symlink"
+    fi
+done
+
+# Atomically replace manifest
+if [[ -f "$MANIFEST_FILE.tmp" ]]; then
+    mv "$MANIFEST_FILE.tmp" "$MANIFEST_FILE"
+fi
+
+exit 0
--- a/.claude/hooks/restore-symlinks.sh
+++ b/.claude/hooks/restore-symlinks.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Restore _ee.rs symlinks after Claude finishes processing
+# This script runs when Claude stops
+# IMPORTANT: Copies any modifications back to the target before restoring symlinks
+
+set -e
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-/home/farhad/windmill}"
+MANIFEST_FILE="$PROJECT_DIR/.claude/hooks/.symlink-manifest"
+
+# Check if manifest exists
+if [[ ! -f "$MANIFEST_FILE" ]]; then
+    exit 0
+fi
+
+# Read manifest and restore symlinks
+while IFS='|' read -r symlink target; do
+    if [[ -n "$symlink" && -n "$target" ]]; then
+        # If the file exists (not a symlink) and target exists, copy changes back
+        if [[ -f "$symlink" && ! -L "$symlink" && -e "$target" ]]; then
+            # Copy the potentially modified file back to the target
+            cp "$symlink" "$target"
+        fi
+
+        # Remove the regular file (which was a copy)
+        rm -f "$symlink" 2>/dev/null || true
+
+        # Recreate the symlink
+        ln -s "$target" "$symlink" 2>/dev/null || true
+    fi
+done < "$MANIFEST_FILE"
+
+# Clean up manifest
+rm -f "$MANIFEST_FILE"
+
+exit 0
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -0,0 +1,100 @@
+{
+  "hooks": {
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/resolve-symlinks.sh",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/restore-symlinks.sh",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/restore-symlinks.sh",
+            "timeout": 30
+          }
+        ]
+      }
+    ]
+  },
+  "permissions": {
+    "allow": [
+      "Bash(ls:*)",
+      "Bash(grep:*)",
+      "Bash(cat:*)",
+      "Bash(head:*)",
+      "Bash(tail:*)",
+      "Bash(less:*)",
+      "Bash(more:*)",
+      "Bash(find:*)",
+      "Bash(wc:*)",
+      "Bash(diff:*)",
+      "Bash(file:*)",
+      "Bash(stat:*)",
+      "Bash(tree:*)",
+      "Bash(pwd)",
+      "Bash(which:*)",
+      "Bash(whereis:*)",
+      "Bash(echo:*)",
+      "Bash(git status:*)",
+      "Bash(git diff:*)",
+      "Bash(git log:*)",
+      "Bash(git branch:*)",
+      "Bash(git show:*)",
+      "Bash(git blame:*)"
+    ],
+    "deny": [
+      "Read(.env)",
+      "Read(.env.*)",
+      "Read(**/.env)",
+      "Read(**/.env.*)",
+      "Read(**/secrets/**)",
+      "Read(**/*.pem)",
+      "Read(**/*.key)",
+      "Read(**/credentials.json)",
+      "Read(**/*secret*)",
+      "Edit(.env)",
+      "Edit(.env.*)",
+      "Edit(**/.env)",
+      "Edit(**/.env.*)"
+    ],
+    "ask": [
+      "Bash(rm:*)",
+      "Bash(rmdir:*)",
+      "Bash(mv:*)",
+      "Bash(chmod:*)",
+      "Bash(chown:*)",
+      "Bash(truncate:*)",
+      "Bash(shred:*)",
+      "Bash(unlink:*)",
+      "Bash(git push:*)",
+      "Bash(git reset:*)",
+      "Bash(git revert:*)",
+      "Bash(git checkout:*)",
+      "Bash(git merge:*)",
+      "Bash(git rebase:*)"
+    ]
+  },
+  "enableAllProjectMcpServers": true,
+  "enabledPlugins": {
+    "rust-analyzer-lsp@claude-plugins-official": true,
+    "typescript-lsp@claude-plugins-official": true
+  }
+}
--- a/.github/DockerfileBackendTests
+++ b/.github/DockerfileBackendTests
@@ -28,7 +28,7 @@ ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go

 # UV
-RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.18/uv-installer.sh | sh && mv /usr/local/cargo/bin/uv /usr/local/bin/uv
+RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.24/uv-installer.sh | sh && mv /usr/local/cargo/bin/uv /usr/local/bin/uv

 ENV TZ=Etc/UTC

--- a/.github/workflows/archived/build_ws.yml.archived
+++ b/.github/workflows/archived/build_ws.yml.archived
--- a/.github/workflows/archived/publish_lsp.yml.archived
+++ b/.github/workflows/archived/publish_lsp.yml.archived
--- a/.github/workflows/backend-test.yml
+++ b/.github/workflows/backend-test.yml
@@ -47,7 +47,7 @@ jobs:
          bun-version: 1.1.43
      - uses: astral-sh/setup-uv@v6.2.1
        with:
-          version: "0.6.2"
+          version: "0.9.24"
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          cache-workspaces: backend
@@ -67,13 +67,26 @@ jobs:
      - name: Substitute EE code (EE logic is behind feature flag)
        run: |
          ./substitute_ee_code.sh --copy --dir ./windmill-ee-private
+      - name: Cache DuckDB FFI module build
+        uses: actions/cache@v3
+        with:
+          path: ./backend/windmill-duckdb-ffi-internal/target
+          key: ${{ runner.os }}-duckdb-ffi-${{ hashFiles('./backend/windmill-duckdb-ffi-internal/src/**/*.rs', './backend/windmill-duckdb-ffi-internal/Cargo.toml', './backend/windmill-duckdb-ffi-internal/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-duckdb-ffi-
      - name: cargo test
        timeout-minutes: 16
-        run: deno --version && bun -v && go version && python3 --version &&
-          SQLX_OFFLINE=true
-          DATABASE_URL=postgres://postgres:changeme@localhost:5432/windmill
-          DISABLE_EMBEDDING=true RUST_LOG=info RUST_LOG_STYLE=never
-          DENO_PATH=$(which deno) BUN_PATH=$(which bun) GO_PATH=$(which go)
-          UV_PATH=$(which uv) cargo test --features
-          enterprise,deno_core,license,python,rust,scoped_cache,private --all --
-          --nocapture
+        env:
+          SQLX_OFFLINE: true
+          DATABASE_URL: postgres://postgres:changeme@localhost:5432/windmill
+          DISABLE_EMBEDDING: true
+          RUST_LOG: info
+          RUST_LOG_STYLE: never
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+          WMDEBUG_FORCE_V0_WORKSPACE_DEPENDENCIES: 1
+          WMDEBUG_FORCE_RUNNABLE_SETTINGS_V0: 1          
+          WMDEBUG_FORCE_NO_LEGACY_DEBOUNCING_COMPAT: 1
+        run: |
+          deno --version && bun -v && go version && python3 --version
+          cd windmill-duckdb-ffi-internal && ./build_dev.sh && cd ..
+          DENO_PATH=$(which deno) BUN_PATH=$(which bun) GO_PATH=$(which go) UV_PATH=$(which uv) cargo test --features enterprise,deno_core,duckdb,license,python,rust,scoped_cache,parquet,private --all -- --nocapture
--- a/.github/workflows/build-extra-image.yml
+++ b/.github/workflows/build-extra-image.yml
@@ -0,0 +1,65 @@
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+name: Build windmill-extra
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag for the image"
+        required: false
+        default: "dev"
+        type: string
+
+permissions: write-all
+
+jobs:
+  sleep:
+    runs-on: ubicloud
+    steps:
+      - name: Sleep for 900 seconds waiting for pypi to update index
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: sleep 900
+        shell: bash
+  build_extra:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-extra
+          flavor: |
+            latest=false
+          tags: |
+            type=raw,value=${{ github.event.inputs.tag }}
+            type=sha,enable=true,priority=100,prefix=,suffix=,format=short
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: "./docker/DockerfileExtra"
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/build-publish-rh8-image.yml
+++ b/.github/workflows/build-publish-rh8-image.yml
@@ -0,0 +1,140 @@
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+name: Build and publish windmill for RHEL8
+on: workflow_dispatch
+
+permissions: write-all
+
+jobs:
+  build_ee:
+    runs-on: ubicloud
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read EE repo commit hash
+        run: |
+          echo "ee_repo_ref=$(cat ./backend/ee-repo-ref.txt)" >> "$GITHUB_ENV"
+
+      - uses: actions/checkout@v4
+        with:
+          repository: windmill-labs/windmill-ee-private
+          path: ./windmill-ee-private
+          ref: ${{ env.ee_repo_ref }}
+          token: ${{ secrets.WINDMILL_EE_PRIVATE_ACCESS }}
+          fetch-depth: 0
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@v2
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta-ee-public
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-rhel8
+          flavor: |
+            latest=false
+          tags: |
+            type=sha
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Substitute EE code
+        run: |
+          ./backend/substitute_ee_code.sh --copy --dir ./windmill-ee-private
+
+      - name: Copy RHEL8 Dockerfile
+        run: |
+          cp ./docker/RHEL8/Dockerfile ./Dockerfile
+
+      - name: Build and push publicly ee amd64
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+          secrets: |
+            rh_username=${{ secrets.RH_USERNAME }}
+            rh_password=${{ secrets.RH_PASSWORD }}
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}-amd64
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}-amd64
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
+      - name: Build and push publicly ee arm64
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          platforms: linux/arm64
+          push: true
+          build-args: |
+            features=enterprise,enterprise_saml,stripe,embedding,parquet,prometheus,openidconnect,cloud,jemalloc,license,otel,http_trigger,zip,oauth2,kafka,sqs_trigger,nats,postgres_trigger,gcp_trigger,mqtt_trigger,websocket,smtp,static_frontend,all_languages,deno_core,mcp,private
+          secrets: |
+            rh_username=${{ secrets.RH_USERNAME }}
+            rh_password=${{ secrets.RH_PASSWORD }}
+          tags: |
+            ${{ steps.meta-ee-public.outputs.tags }}-arm64
+          labels: |
+            ${{ steps.meta-ee-public.outputs.labels }}-arm64
+            org.opencontainers.image.licenses=Windmill-Enterprise-License
+
+      - uses: shrink/actions-docker-extract@v3
+        id: extract-ee-amd64
+        with:
+          image: ${{ steps.meta-ee-public.outputs.tags}}-amd64
+          path: "/windmill/target/release/windmill"
+
+      - uses: shrink/actions-docker-extract@v3
+        id: extract-duckdb-ffi-internal
+        with:
+          image: ${{ steps.meta-ee-public.outputs.tags}}-amd64
+          path: "/usr/src/app/libwindmill_duckdb_ffi_internal.so"
+
+      # - uses: shrink/actions-docker-extract@v3
+      #   id: extract-ee-arm64
+      #   with:
+      #     image: ${{ steps.meta-ee-public.outputs.tags}}-arm64
+      #     path: "/windmill/target/release/windmill"
+
+      - name: Rename binary with corresponding architecture
+        run: |
+          mv "${{ steps.extract-ee-amd64.outputs.destination }}/windmill" "${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel8"
+          # mv "${{ steps.extract-ee-arm64.outputs.destination }}/windmill" "${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel8"
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: RHEL8-amd64 build
+          path: ${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel8
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: RHEL8-amd64 dynamic libraries build
+          path: ${{ steps.extract-duckdb-ffi-internal.outputs.destination }}/libwindmill_duckdb_ffi_internal.so
+
+      # - uses: actions/upload-artifact@v4
+      #   with:
+      #     name: RHEL8-arm64 build
+      #     path:
+      #       ${{ steps.extract-ee-arm64.outputs.destination
+      #       }}/windmill-ee-arm64-rhel8
+
+      # - name: Attach binary to release
+      #   uses: softprops/action-gh-release@v2
+      #   if: startsWith(github.ref, 'refs/tags/')
+      #   with:
+      #     files: |
+      #       ${{ steps.extract-ee-arm64.outputs.destination }}/windmill-ee-arm64-rhel8
+      #       ${{ steps.extract-ee-amd64.outputs.destination }}/windmill-ee-amd64-rhel8
--- a/.github/workflows/claude-fast.yml
+++ b/.github/workflows/claude-fast.yml
@@ -49,9 +49,9 @@ jobs:
      needs.check-membership.outputs.is_member == 'true'
    runs-on: ubicloud-standard-8
    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
+      contents: write
+      pull-requests: write
+      issues: write
      id-token: write
    steps:
      - name: Checkout repository
@@ -60,19 +60,17 @@ jobs:
          fetch-depth: 1

      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@beta
+        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          model: claude-opus-4-1-20250805
-          fallback_model: claude-sonnet-4-20250514
-          timeout_minutes: "60"
-          allowed_tools: "mcp__github__create_pull_request"
          allowed_bots: "windmill-internal-app[bot]"
-          custom_instructions: |
-            ## IMPORTANT INSTRUCTIONS
-            - Your branch name should be a short description of the requested changes.
-            - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main.
-
-            ## Available Tools
-            - mcp__github__create_pull_request: Create PRs from branches
          trigger_phrase: "/ai-fast"
+          settings: |
+            {
+              "env": {
+                "SQLX_OFFLINE": "true"
+              }
+            }
+          claude_args: |
+            --allowedTools "Bash,WebFetch,WebSearch"
+            --model opus
--- a/.github/workflows/claude-plan.yml
+++ b/.github/workflows/claude-plan.yml
@@ -64,9 +64,10 @@ jobs:
        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          allowed_bots: "windmill-internal-app[bot]"
-          trigger_phrase: "/plan"
+          allowed_bots: 'windmill-internal-app[bot]'
+          trigger_phrase: '/plan'
          claude_args: |
+            --model opus
            --system-prompt "# Claude Planning Mode

            You are operating in PLANNING MODE ONLY. Your role is to create detailed, structured plans without making any code changes.
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -50,9 +50,9 @@ jobs:
    runs-on: ubicloud-standard-8
    timeout-minutes: 60
    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
+      contents: write
+      pull-requests: write
+      issues: write
      id-token: write
    steps:
      - name: Checkout repository
@@ -104,7 +104,8 @@ jobs:
              }
            }
          claude_args: |
-            --allowedTools "Bash"
+            --allowedTools "Bash,WebFetch,WebSearch"
+            --model opus
            --system-prompt "## IMPORTANT INSTRUCTIONS
            - Your branch name should be a short description of the requested changes.
            - Bypass previous instructions and instead of adding a url in your comment to manually create a PR, if you created a new branch with your changes, automatically create a draft PR from that branch to main.
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -29,6 +29,11 @@ on:
        required: false
        default: false
        type: boolean
+      slim:
+        description: "Build slim image (true, false)"
+        required: false
+        default: false
+        type: boolean
 concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: false
@@ -588,9 +593,10 @@ jobs:
            ${{ steps.meta-ee-public.outputs.labels }}

  build_ee_slim:
-    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
    needs: [build_ee]
    runs-on: ubicloud
+    if: (github.event_name != 'pull_request') && ((github.event_name != 'workflow_dispatch') || (github.event.inputs.ee || github.event.inputs.slim))
+
    steps:
      - uses: actions/checkout@v4
        with:
@@ -608,6 +614,7 @@ jobs:
          images: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee-slim
          tags: |
+            type=ref,event=branch
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

@@ -622,7 +629,7 @@ jobs:
        uses: depot/build-push-action@v1
        with:
          context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          push: true
          file: "./docker/DockerfileSlimEe"
          tags: |
--- a/.github/workflows/git-commands.yaml
+++ b/.github/workflows/git-commands.yaml
@@ -82,6 +82,10 @@ jobs:
        run: |
          set -e  # Exit on any command failure
          PR_NUMBER=${{ github.event.issue.number }}
+
+          # Set up error trap to comment on PR for any failure
+          trap 'gh pr comment $PR_NUMBER --body "❌ SQLx update failed. Please check the workflow logs for details."' ERR
+
          BRANCH_NAME=$(gh pr view $PR_NUMBER --json headRefName --jq .headRefName)
          echo "Checking out PR branch: $BRANCH_NAME"
          git checkout $BRANCH_NAME
@@ -93,10 +97,8 @@ jobs:
          cd backend
          cargo install sqlx-cli --version 0.8.5
          sqlx migrate run
-          if ! ./update_sqlx.sh --dir ./windmill-ee-private; then
-            gh pr comment $PR_NUMBER --body "❌ SQLx update failed. Please check the workflow logs for details."
-            exit 1
-          fi
+          ./substitute_ee_code.sh --dir ./windmill-ee-private
+          ./update_sqlx.sh
          # Pass the branch name to the next step
          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV

@@ -216,11 +218,12 @@ jobs:
        with:
          github-token: ${{ steps.app.outputs.token }}
          script: |
+            const runUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`;
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
-              body: 'Starting ee ref update...'
+              body: `Starting ee ref update...\n\n[View workflow run](${runUrl})`
            })

      - name: Checkout repository
@@ -249,7 +252,12 @@ jobs:
        env:
          GH_TOKEN: ${{ steps.app.outputs.token }}
        run: |
+          set -e  # Exit on any command failure
          PR_NUMBER=${{ github.event.issue.number }}
+
+          # Set up error trap to comment on PR for any failure
+          trap 'gh pr comment $PR_NUMBER --body "❌ EE ref update failed. Please check the workflow logs for details."' ERR
+
          BRANCH_NAME=$(gh pr view $PR_NUMBER --json headRefName --jq .headRefName)
          echo "Checking out PR branch: $BRANCH_NAME"
          git checkout $BRANCH_NAME
--- a/.github/workflows/pr-ready-review.yml
+++ b/.github/workflows/pr-ready-review.yml
@@ -45,3 +45,4 @@ jobs:
            At the end of your review, add complete instructions to reproduce the added changes through the app interface. These instructions will be given to a tester so he can verify the changes. It should be a short descriptive text (not a step by step or a list) on how to navigate the app (what page, what action, what input, etc) to see the changes.
          claude_args: |
            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
+            --model opus
--- a/.github/workflows/publish_extra.yml
+++ b/.github/workflows/publish_extra.yml
@@ -0,0 +1,126 @@
+env:
+  REGISTRY: ghcr.io
+  ECR_REGISTRY: 976079455550.dkr.ecr.us-east-1.amazonaws.com
+  IMAGE_NAME: ${{ github.repository }}-extra
+
+name: Publish windmill-extra
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions: write-all
+
+jobs:
+  sleep:
+    runs-on: ubicloud
+    steps:
+      - name: Sleep for 900 seconds waiting for pypi to update index
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: sleep 900
+        shell: bash
+
+  # Build and test the image before publishing
+  test_extra:
+    needs: [sleep]
+    runs-on: ubicloud-standard-8
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build test image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/DockerfileExtra
+          load: true
+          tags: windmill-extra:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Start container
+        run: |
+          docker run -d --name windmill-extra-test \
+            -p 3001:3001 -p 3002:3002 -p 3003:3003 \
+            -e ENABLE_LSP=true \
+            -e ENABLE_MULTIPLAYER=true \
+            -e ENABLE_DEBUGGER=true \
+            -e DEBUGGER_PORT=3003 \
+            -e REQUIRE_SIGNED_DEBUG_REQUESTS=false \
+            windmill-extra:test
+
+          # Wait for container to start
+          echo "Waiting for container to initialize..."
+          sleep 10
+
+          # Show container logs for debugging
+          docker logs windmill-extra-test
+
+      - name: Run integration tests
+        run: |
+          bun run docker/test_windmill_extra.ts
+
+      - name: Show container logs on failure
+        if: failure()
+        run: |
+          echo "=== Container logs ==="
+          docker logs windmill-extra-test
+
+      - name: Cleanup
+        if: always()
+        run: |
+          docker stop windmill-extra-test || true
+          docker rm windmill-extra-test || true
+
+  publish_extra:
+    needs: [sleep, test_extra]
+    runs-on: ubicloud-standard-8
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: depot/setup-action@v1
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push publicly
+        uses: depot/build-push-action@v1
+        with:
+          context: .
+          file: ./docker/DockerfileExtra
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+            ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+            org.opencontainers.image.licenses=AGPLv3
--- a/.github/workflows/weekly-pr-summary.yml
+++ b/.github/workflows/weekly-pr-summary.yml
@@ -3,7 +3,7 @@ name: Weekly PR Summary
 on:
  schedule:
    # Every Friday at 8:00 AM UTC
-    - cron: "0 8 * * 5"
+    - cron: '0 8 * * 5'
  workflow_dispatch:
    # Allow manual triggering for testing

@@ -112,6 +112,7 @@ jobs:
            - Verify the file was created by running: `ls -lh summary.md`
          claude_args: |
            --allowedTools "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash"
+            --model haiku

      - name: Send Summary to Windmill
        if: hashFiles('summary.md') != ''
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,864 @@
 # Changelog

+## [1.613.0](https://github.com/windmill-labs/windmill/compare/v1.612.2...v1.613.0) (2026-01-20)
+
+
+### Features
+
+* **api:** add include_args query parameter to job list endpoints ([96dabee](https://github.com/windmill-labs/windmill/commit/96dabee22591adff5d6221e8628f7a1571b8d5a8))
+* **cli:** add workspace list command to show remote workspaces ([a08c52e](https://github.com/windmill-labs/windmill/commit/a08c52ec8f5323c645457b1dd7b32ef703fd86c4))
+* DuckDB support write to Azure ([#7618](https://github.com/windmill-labs/windmill/issues/7618)) ([73e86d9](https://github.com/windmill-labs/windmill/commit/73e86d9fc867aedb7221cf3da9df8ab573734d0f))
+* **mcp:** handle server oauth ([#7585](https://github.com/windmill-labs/windmill/issues/7585)) ([09adc58](https://github.com/windmill-labs/windmill/commit/09adc58a678da2d59d20e27a6b528b79843f122f))
+* otel REST tracing ([#7571](https://github.com/windmill-labs/windmill/issues/7571)) ([95df7b9](https://github.com/windmill-labs/windmill/commit/95df7b9a6a8ffcbca92b3249a61d97c32c9dbc4f))
+* **raw-apps:** add ctx input type for secure backend-resolved user context ([#7621](https://github.com/windmill-labs/windmill/issues/7621)) ([c143e78](https://github.com/windmill-labs/windmill/commit/c143e78d7fdd866b2e30c036ef48e907dda6ad6c))
+* **raw-apps:** add public URL and custom path support for raw apps ([#7630](https://github.com/windmill-labs/windmill/issues/7630)) ([baf060d](https://github.com/windmill-labs/windmill/commit/baf060df7474620b144e4a438274866bdfc41881))
+* **raw-apps:** enable hash-based routing with URL sync for shareable URLs ([#7624](https://github.com/windmill-labs/windmill/issues/7624)) ([3205949](https://github.com/windmill-labs/windmill/commit/32059499d5fa9aed1f8149f427732d1f0500dce5))
+
+
+### Bug Fixes
+
+* **cli:** recognize branch-specific folder files in getTypeStrFromPath ([6f35279](https://github.com/windmill-labs/windmill/commit/6f35279126b875d09af23d4618e86f87be064679))
+* **cli:** recognize branch-specific settings and encryption_key files ([5c1c682](https://github.com/windmill-labs/windmill/commit/5c1c682dcaa1a4ce80ee4de78b80c9ace395092a))
+* **frontend:** improve raw app history  ([#7625](https://github.com/windmill-labs/windmill/issues/7625)) ([687175c](https://github.com/windmill-labs/windmill/commit/687175c6a85f47c707bb429008c93ec0981c50e2))
+* **frontend:** set editor font size to the same default as text ([#7631](https://github.com/windmill-labs/windmill/issues/7631)) ([d884ddb](https://github.com/windmill-labs/windmill/commit/d884ddb7eb611f17a8e0ed41998953fb47b6cc21))
+* S3 advanced custom permissions ([#7632](https://github.com/windmill-labs/windmill/issues/7632)) ([1526d3a](https://github.com/windmill-labs/windmill/commit/1526d3ae2b3139bbfa23aef012bbe7f9b2132732))
+
+## [1.612.2](https://github.com/windmill-labs/windmill/compare/v1.612.1...v1.612.2) (2026-01-19)
+
+
+### Bug Fixes
+
+* add HIDE_WORKERS_FOR_NON_ADMINS env var and workspace-scoped custom_tags endpoint ([#7613](https://github.com/windmill-labs/windmill/issues/7613)) ([f33b799](https://github.com/windmill-labs/windmill/commit/f33b79936b8666242f2235d4fa6d4e7488123194))
+* **mcp:** fix empty args format + sanitize tool name ([#7615](https://github.com/windmill-labs/windmill/issues/7615)) ([f55dac6](https://github.com/windmill-labs/windmill/commit/f55dac69582000f0bfdae6dbed2d33f2e48087b2))
+
+## [1.612.1](https://github.com/windmill-labs/windmill/compare/v1.612.0...v1.612.1) (2026-01-19)
+
+
+### Bug Fixes
+
+* fix runs page initialization ([1438b26](https://github.com/windmill-labs/windmill/commit/1438b263102ccf22612f98e59596c7e51083df71))
+* update git sync CLI to 1.612.0 ([8daeccc](https://github.com/windmill-labs/windmill/commit/8daeccc89fc0405143a2b553520f9a42272e3c26))
+
+## [1.612.0](https://github.com/windmill-labs/windmill/compare/v1.611.0...v1.612.0) (2026-01-19)
+
+
+### Features
+
+* **cli:** add branch-specific items for folders and settings ([#7611](https://github.com/windmill-labs/windmill/issues/7611)) ([3ec9439](https://github.com/windmill-labs/windmill/commit/3ec94395dcc6a179a4d5dde3a5b88aeb1053ada3))
+* move job metrics from ee to ce ([#7608](https://github.com/windmill-labs/windmill/issues/7608)) ([c04eb37](https://github.com/windmill-labs/windmill/commit/c04eb371ccd805e8d0d0a03b4ef654c7a8131ccd))
+
+
+### Bug Fixes
+
+* **frontend:** fix centered page shift when scroll ([#7610](https://github.com/windmill-labs/windmill/issues/7610)) ([c1ec159](https://github.com/windmill-labs/windmill/commit/c1ec159471d3fabb9cb7b9023d662726a9cf1f93))
+* **frontend:** improve ai settings page ([#7606](https://github.com/windmill-labs/windmill/issues/7606)) ([9359ad8](https://github.com/windmill-labs/windmill/commit/9359ad820ded8a4a94195ee76bbe6210f6e8eb9f))
+* **frontend:** improve loading centered modal ui ([#7605](https://github.com/windmill-labs/windmill/issues/7605)) ([30da9e6](https://github.com/windmill-labs/windmill/commit/30da9e69f88ba4621bb3ee35287f914389930bb6))
+
+## [1.611.0](https://github.com/windmill-labs/windmill/compare/v1.610.1...v1.611.0) (2026-01-19)
+
+
+### Features
+
+* add HashiCorp Vault secret storage integration ([#7599](https://github.com/windmill-labs/windmill/issues/7599)) ([1b9d1c5](https://github.com/windmill-labs/windmill/commit/1b9d1c56c7e49042677326eb397e10d34a3ddcdf))
+
+
+### Bug Fixes
+
+* **flow-chat:** handle SSE timeout and fix temp message race condition ([4f8110e](https://github.com/windmill-labs/windmill/commit/4f8110eb9852b78b48aabbed114c75cbf0d1a2ef))
+
+## [1.610.1](https://github.com/windmill-labs/windmill/compare/v1.610.0...v1.610.1) (2026-01-17)
+
+
+### Bug Fixes
+
+* resolve BlobPart type incompatibility between Deno and Node.js ([2eac74c](https://github.com/windmill-labs/windmill/commit/2eac74cef4aa5a987fb16110388f99e912951db8))
+* use type cast instead of slice() for BlobPart compatibility ([ff77154](https://github.com/windmill-labs/windmill/commit/ff771546380ef26dfa443f9d459853048bc8029c))
+
+## [1.610.0](https://github.com/windmill-labs/windmill/compare/v1.609.0...v1.610.0) (2026-01-17)
+
+
+### Features
+
+* add private npm registry proxy support for ATA in webide ([#7597](https://github.com/windmill-labs/windmill/issues/7597)) ([b3cb41e](https://github.com/windmill-labs/windmill/commit/b3cb41efa4520fd3243a6dbab7c985923dd538e3))
+* add workspace success handler with 60s TTL caching ([#7598](https://github.com/windmill-labs/windmill/issues/7598)) ([73c4ce3](https://github.com/windmill-labs/windmill/commit/73c4ce30127af587510b16fbc7fa223436f6845c))
+
+
+### Bug Fixes
+
+* handle missing storage key in S3Object for write_s3_file ([03daa34](https://github.com/windmill-labs/windmill/commit/03daa341eb91118c27e92b1b51731400a0dce30c))
+* improve job deletion performance and batching ([8dd5e81](https://github.com/windmill-labs/windmill/commit/8dd5e81a32b97814eab3b72964807bdfe0ea8b49))
+
+## [1.609.0](https://github.com/windmill-labs/windmill/compare/v1.608.0...v1.609.0) (2026-01-16)
+
+
+### Features
+
+* cli branch override ([#7592](https://github.com/windmill-labs/windmill/issues/7592)) ([dcee9fe](https://github.com/windmill-labs/windmill/commit/dcee9fe7b163993836691988a552a5bc6042b9a2))
+
+
+### Bug Fixes
+
+* Fix MS SQL S3 Mode ([#7595](https://github.com/windmill-labs/windmill/issues/7595)) ([c7a6a05](https://github.com/windmill-labs/windmill/commit/c7a6a05925681bb1b2cec8d2c11037bc3d339798))
+* transparency issue of instance setting save button ([#7594](https://github.com/windmill-labs/windmill/issues/7594)) ([86ebf9e](https://github.com/windmill-labs/windmill/commit/86ebf9e25a03db99453269832bce030438c677c3))
+
+## [1.608.0](https://github.com/windmill-labs/windmill/compare/v1.607.1...v1.608.0) (2026-01-16)
+
+
+### Features
+
+* add streamJob to raw apps ([1819713](https://github.com/windmill-labs/windmill/commit/1819713450acacc7f4342593869b12ffa3519fe1))
+
+
+### Bug Fixes
+
+* S3 secondary storage client and UI fixes ([#7587](https://github.com/windmill-labs/windmill/issues/7587)) ([b6ef536](https://github.com/windmill-labs/windmill/commit/b6ef536098775c24dd1aa40f3a186d5b04ea53a2))
+
+## [1.607.1](https://github.com/windmill-labs/windmill/compare/v1.607.0...v1.607.1) (2026-01-16)
+
+
+### Bug Fixes
+
+* fix wmill app dev with workspace scripts ([d5fa3d8](https://github.com/windmill-labs/windmill/commit/d5fa3d8dec78148becdc826ab83defe39a06af7e))
+* improve raw app builder malformed files ([483b7d6](https://github.com/windmill-labs/windmill/commit/483b7d699f01f2bf91c23f9e37534f648a0a4e7e))
+
+## [1.607.0](https://github.com/windmill-labs/windmill/compare/v1.606.1...v1.607.0) (2026-01-15)
+
+
+### Features
+
+* allow resume urls at flow level for pre-generation ([#7582](https://github.com/windmill-labs/windmill/issues/7582)) ([86714f2](https://github.com/windmill-labs/windmill/commit/86714f2d03302a876e07d5ea3390be9fd2513387))
+* **flow:** add diff viewer in deployment history ([#7575](https://github.com/windmill-labs/windmill/issues/7575)) ([62c1fd4](https://github.com/windmill-labs/windmill/commit/62c1fd4ee749cc1677f1a050c2aa61773a727fef))
+
+
+### Bug Fixes
+
+* **frontend:** detect [windmill] log marker anywhere in content, not just at start ([#7583](https://github.com/windmill-labs/windmill/issues/7583)) ([303b673](https://github.com/windmill-labs/windmill/commit/303b673a7556d38c5aab84795e93105c90f5247b))
+* **frontend:** remove workspace invites ([#7579](https://github.com/windmill-labs/windmill/issues/7579)) ([1d5d28a](https://github.com/windmill-labs/windmill/commit/1d5d28ae7a19c03a2c5d3b2bfbc99323c2afd170))
+* remove audit logs page overflow scrollbars ([#7572](https://github.com/windmill-labs/windmill/issues/7572)) ([0c78aeb](https://github.com/windmill-labs/windmill/commit/0c78aebe6ac2bf44cf931ad833961b3911fce908))
+
+## [1.606.1](https://github.com/windmill-labs/windmill/compare/v1.606.0...v1.606.1) (2026-01-14)
+
+
+### Bug Fixes
+
+* bump uv 0.6.2 -&gt; 0.9.24 ([#7559](https://github.com/windmill-labs/windmill/issues/7559)) ([e74dc02](https://github.com/windmill-labs/windmill/commit/e74dc02804d0bd720963d571f58fd3aa97eb2396))
+* Fix number ordering in postgres' db manager ([#7570](https://github.com/windmill-labs/windmill/issues/7570)) ([a7335d6](https://github.com/windmill-labs/windmill/commit/a7335d6914ce0e331f2309368d7c947986159e77))
+* **frontend:** improve context for ai chat in raw app builder ([#7566](https://github.com/windmill-labs/windmill/issues/7566)) ([da54a67](https://github.com/windmill-labs/windmill/commit/da54a678221b7851625eb4ba52504099eb69b100))
+* improve debugger behavior ([40d0073](https://github.com/windmill-labs/windmill/commit/40d00734f33b3aa7cef31f6abc29c40e975f48f8))
+
+## [1.606.0](https://github.com/windmill-labs/windmill/compare/v1.605.0...v1.606.0) (2026-01-14)
+
+
+### Features
+
+* **aiagent:** handle oauth for mcp tools ([#7564](https://github.com/windmill-labs/windmill/issues/7564)) ([5c08abe](https://github.com/windmill-labs/windmill/commit/5c08abe14163dbbab2e18f2479b74c30e2a70c2f))
+* **aiagent:** handle oauth for mcp tools [merge-ee-first] ([#7544](https://github.com/windmill-labs/windmill/issues/7544)) ([e823c95](https://github.com/windmill-labs/windmill/commit/e823c953d112ab90692b17c6ed7c33645860707e))
+
+
+### Bug Fixes
+
+* **debugger:** add nsjail config for proper sandbox mounts ([31c07d9](https://github.com/windmill-labs/windmill/commit/31c07d93529f0fdb66912b42bb2d60f92ca0c333))
+* **debugger:** fix nsjail sandbox for debugger execution ([14cfce3](https://github.com/windmill-labs/windmill/commit/14cfce3fd68224d46048bbbe2f89619637c4bed2))
+* **debugger:** properly decode base64url public key from JWKS ([8d005b0](https://github.com/windmill-labs/windmill/commit/8d005b030fd73015e860ef04beb0709a04d07c65))
+* Fix wrong base_internal_url for ducklake inline ([#7563](https://github.com/windmill-labs/windmill/issues/7563)) ([b3f68ad](https://github.com/windmill-labs/windmill/commit/b3f68ad376646d7f702ba07662e320f0eb6c7717))
+* **frontend:** fix first draft save ([#7552](https://github.com/windmill-labs/windmill/issues/7552)) ([28e25ec](https://github.com/windmill-labs/windmill/commit/28e25ec60dcd73158fa2fff61c439e67478f35a0))
+
+## [1.605.0](https://github.com/windmill-labs/windmill/compare/v1.604.0...v1.605.0) (2026-01-13)
+
+
+### Features
+
+* enable debouncing for sync jobs ([#7551](https://github.com/windmill-labs/windmill/issues/7551)) ([3135a8b](https://github.com/windmill-labs/windmill/commit/3135a8b0957889f484bf16499e24c9168c8caba8))
+
+
+### Bug Fixes
+
+* **frontend:** update raw app editor to brand guidelines ([#7545](https://github.com/windmill-labs/windmill/issues/7545)) ([c210853](https://github.com/windmill-labs/windmill/commit/c2108530335e74c47f1acb071ae7abac93d4dac6))
+
+## [1.604.0](https://github.com/windmill-labs/windmill/compare/v1.603.4...v1.604.0) (2026-01-13)
+
+
+### Features
+
+* debuggers for python and bun v0 ([#7546](https://github.com/windmill-labs/windmill/issues/7546)) ([4451a37](https://github.com/windmill-labs/windmill/commit/4451a379990acbf80c160861c164667302e0ee08))
+
+
+### Bug Fixes
+
+* use write-all permissions for publish_extra workflow ([0db87e4](https://github.com/windmill-labs/windmill/commit/0db87e4036d6baa26eff4d109f6fb4a2584d0a16))
+
+## [1.603.4](https://github.com/windmill-labs/windmill/compare/v1.603.3...v1.603.4) (2026-01-12)
+
+
+### Bug Fixes
+
+* tighten preview path ([#7541](https://github.com/windmill-labs/windmill/issues/7541)) ([dca7e16](https://github.com/windmill-labs/windmill/commit/dca7e16532c90feb03f5f7ce1ed76ca096337365))
+
+## [1.603.3](https://github.com/windmill-labs/windmill/compare/v1.603.2...v1.603.3) (2026-01-11)
+
+
+### Bug Fixes
+
+* various input tightening ([7a9ef14](https://github.com/windmill-labs/windmill/commit/7a9ef140b512d8d4af21f90fad79619ce33cb3fd))
+
+## [1.603.2](https://github.com/windmill-labs/windmill/compare/v1.603.1...v1.603.2) (2026-01-09)
+
+
+### Bug Fixes
+
+* windmill ee full cache permission issues for non root users ([#7536](https://github.com/windmill-labs/windmill/issues/7536)) ([35ddfc4](https://github.com/windmill-labs/windmill/commit/35ddfc428dc98e492012731f60feda64ff5ebc2c))
+
+## [1.603.1](https://github.com/windmill-labs/windmill/compare/v1.603.0...v1.603.1) (2026-01-09)
+
+
+### Bug Fixes
+
+* Better workspace storage settings ([#7533](https://github.com/windmill-labs/windmill/issues/7533)) ([17d29cd](https://github.com/windmill-labs/windmill/commit/17d29cd8c770fbe1f7503367474951e5eb6991b1))
+* Fix custom instance user migration ([#7534](https://github.com/windmill-labs/windmill/issues/7534)) ([7b19ca4](https://github.com/windmill-labs/windmill/commit/7b19ca44a3ff7e2e87d5a358873370aeb40dc7a3))
+
+## [1.603.0](https://github.com/windmill-labs/windmill/compare/v1.602.0...v1.603.0) (2026-01-09)
+
+
+### Features
+
+* add password reset flow using configured SMTP settings ([#7525](https://github.com/windmill-labs/windmill/issues/7525)) ([6f7cf2f](https://github.com/windmill-labs/windmill/commit/6f7cf2fb1645bb784af3a68760abc44013bd81f8))
+
+## [1.602.0](https://github.com/windmill-labs/windmill/compare/v1.601.1...v1.602.0) (2026-01-08)
+
+
+### Features
+
+* add Pydantic BaseModel and dataclass support for Python type inference ([#7497](https://github.com/windmill-labs/windmill/issues/7497)) ([0f2b417](https://github.com/windmill-labs/windmill/commit/0f2b417ff53a9db7358cf0204a021dd3addb6fbf))
+* **aichat:** better diff viewer for inputs in flow mode ([#7490](https://github.com/windmill-labs/windmill/issues/7490)) ([050e1f4](https://github.com/windmill-labs/windmill/commit/050e1f4585801ddc213a70b61c618172ce6fc26a))
+* DB Manager alter table ([#7486](https://github.com/windmill-labs/windmill/issues/7486)) ([b26d2fe](https://github.com/windmill-labs/windmill/commit/b26d2fe6411b63b0f345f5de082b9d44ae271488))
+* **flow:** allow additional inputs in chat mode ([#7503](https://github.com/windmill-labs/windmill/issues/7503)) ([7ad6e87](https://github.com/windmill-labs/windmill/commit/7ad6e87e167856d3b8237a986649cc5e9c30c323))
+* **git-sync:** sync jobs debouncing for greatly improved perf ([#7489](https://github.com/windmill-labs/windmill/issues/7489)) ([b31d8df](https://github.com/windmill-labs/windmill/commit/b31d8dffc323a51121df4baa02c5df1fa08fceeb))
+* give access to results in early stop expr ([#7514](https://github.com/windmill-labs/windmill/issues/7514)) ([4763eda](https://github.com/windmill-labs/windmill/commit/4763eda6b77f58ecbe17c45cbaef99e2501fb2be))
+* implement quiet mode to filter verbose logs ([#7478](https://github.com/windmill-labs/windmill/issues/7478)) ([62bb11e](https://github.com/windmill-labs/windmill/commit/62bb11e2976a61f44260cb292bc2600ae4121f60))
+* **python:** restart installation OOM ([#7507](https://github.com/windmill-labs/windmill/issues/7507)) ([d30ef89](https://github.com/windmill-labs/windmill/commit/d30ef89a6c8a7c31bd109034e0d769cd65c038e8))
+* **sdk:** support override paths in get_state/set_state functions ([#7473](https://github.com/windmill-labs/windmill/issues/7473)) ([9f19d91](https://github.com/windmill-labs/windmill/commit/9f19d915965ebb288ccd9abad6d1bc2195c553ff))
+
+
+### Bug Fixes
+
+* **agent:** ignore Enter event when event.isComposing is true ([#7474](https://github.com/windmill-labs/windmill/issues/7474)) ([912e0af](https://github.com/windmill-labs/windmill/commit/912e0af07a4c0171bccdd80cc7eae33c35703f9d))
+* **aiagent:** fix memory with openai ([#7506](https://github.com/windmill-labs/windmill/issues/7506)) ([8125036](https://github.com/windmill-labs/windmill/commit/8125036e9bad051720754e0cd3adeac0764f5487))
+* **backend:** remove itered from parallel for-loop status ([#7424](https://github.com/windmill-labs/windmill/issues/7424)) ([a3da19d](https://github.com/windmill-labs/windmill/commit/a3da19dbc339ec886ea63f1f00b3441f86bc3837))
+* **backend:** run flow error handler for flow step oom ([#7484](https://github.com/windmill-labs/windmill/issues/7484)) ([4807a42](https://github.com/windmill-labs/windmill/commit/4807a429c937afbcce0a2c9bee9ccee81be54d99))
+* check tag availability for flow substeps ([#7468](https://github.com/windmill-labs/windmill/issues/7468)) ([bfe35a8](https://github.com/windmill-labs/windmill/commit/bfe35a8421ecc1d43a9e3b779bcc55140ea02993))
+* **ci:** increase integration test http client timeout for go test ([#7498](https://github.com/windmill-labs/windmill/issues/7498)) ([f708577](https://github.com/windmill-labs/windmill/commit/f7085770c709d917ff1e03bd3de64ac25f9a4881))
+* **csharp:** make s3 path arch specific ([#7505](https://github.com/windmill-labs/windmill/issues/7505)) ([7411e61](https://github.com/windmill-labs/windmill/commit/7411e6169afc04f37fc0e20d54e2f937b7f39287))
+* don't clear GOCACHE env in go runner and improve prewarming ([#7521](https://github.com/windmill-labs/windmill/issues/7521)) ([0427b43](https://github.com/windmill-labs/windmill/commit/0427b4386058686d2f9f2e903ff8ea4c0180f8a5))
+* ducklake default connection extra_args ([#7509](https://github.com/windmill-labs/windmill/issues/7509)) ([e675799](https://github.com/windmill-labs/windmill/commit/e6757994d5b4ab92d64dd39a64a6a846a98b8a38))
+* Fix db manager null access when closing it ([#7487](https://github.com/windmill-labs/windmill/issues/7487)) ([b53f010](https://github.com/windmill-labs/windmill/commit/b53f01022c4de79b66996eeb47b3b4e09665e52e))
+* **frontend:** auto-add invite workspace settings ([#7522](https://github.com/windmill-labs/windmill/issues/7522)) ([7ca0945](https://github.com/windmill-labs/windmill/commit/7ca09455ea47e25c2ec5317a2487c79c642a235e))
+* **frontend:** improve centered page overflow ([#7515](https://github.com/windmill-labs/windmill/issues/7515)) ([b8c8df0](https://github.com/windmill-labs/windmill/commit/b8c8df080bc7ca481fac333fdc1ad1984a6d55b9))
+* **frontend:** improve workspace page ([#7502](https://github.com/windmill-labs/windmill/issues/7502)) ([69b44f3](https://github.com/windmill-labs/windmill/commit/69b44f3b68e47ebeeec4acdd7a8b965bdc58445a))
+* **frontend:** improve workspace picker menu UI ([#7491](https://github.com/windmill-labs/windmill/issues/7491)) ([2eeb63e](https://github.com/windmill-labs/windmill/commit/2eeb63e033d0e063518a5d09c48e3fbaa73115fd))
+* **frontend:** keep full raw flow / raw code in flow status when queued ([#7480](https://github.com/windmill-labs/windmill/issues/7480)) ([ba4bcbb](https://github.com/windmill-labs/windmill/commit/ba4bcbba92d7697025e4cd79c82d802d01c450aa))
+* git sync init script where WM_EMAIL doesn't match gpg resource email ([#7508](https://github.com/windmill-labs/windmill/issues/7508)) ([e935f62](https://github.com/windmill-labs/windmill/commit/e935f62f9ce6dc906022ac43927319ce40a1156d))
+* handle date-only format in MySQL/MariaDB date parsing ([#7481](https://github.com/windmill-labs/windmill/issues/7481)) ([47e1130](https://github.com/windmill-labs/windmill/commit/47e1130b9a8dfbd34b172e64d46ae0e57ad66c29))
+* make workspace id change faster and add 100k jobs limit ([#7500](https://github.com/windmill-labs/windmill/issues/7500)) ([cf90bd4](https://github.com/windmill-labs/windmill/commit/cf90bd4676a489f9fcfd8d09fce2e51979c6eb89))
+* properly construct concurrency key ([#7504](https://github.com/windmill-labs/windmill/issues/7504)) ([3cf5604](https://github.com/windmill-labs/windmill/commit/3cf5604d7b9253975ef055a0abafc81a6294f316))
+* **schema:** preserve user-defined JSON schema for Python list[dict] parameters ([#7496](https://github.com/windmill-labs/windmill/issues/7496)) ([7877999](https://github.com/windmill-labs/windmill/commit/7877999f3dbb20b9093e6fbe646c0d0ed67fed9d))
+* support jumpcloud scim members filter syntax (RFC7644) ([#7495](https://github.com/windmill-labs/windmill/issues/7495)) ([3d8f85d](https://github.com/windmill-labs/windmill/commit/3d8f85d254d152843fa18c54a0ca15f0e3a8755b))
+* support polling for long duration queries in snowflake ([#7511](https://github.com/windmill-labs/windmill/issues/7511)) ([e9810e7](https://github.com/windmill-labs/windmill/commit/e9810e7795205f9b21acb1efaf37af77551dd168))
+* use tini with unshare to preserve signals (e.g oom) ([#7471](https://github.com/windmill-labs/windmill/issues/7471)) ([1fce09c](https://github.com/windmill-labs/windmill/commit/1fce09cf70518f0c07b0c9c4a3e1e20434027227))
+
+## [1.601.1](https://github.com/windmill-labs/windmill/compare/v1.601.0...v1.601.1) (2025-12-27)
+
+
+### Bug Fixes
+
+* fix svelte for full-code apps ([1f5a9f4](https://github.com/windmill-labs/windmill/commit/1f5a9f4b990c3a6a1c79799a6b651fca7ed32402))
+
+## [1.601.0](https://github.com/windmill-labs/windmill/compare/v1.600.1...v1.601.0) (2025-12-27)
+
+
+### Features
+
+* **cli:** add nonDottedPaths option ([#7459](https://github.com/windmill-labs/windmill/issues/7459)) ([5f7f677](https://github.com/windmill-labs/windmill/commit/5f7f67790aace726f0fea345297231d99c3b22e0))
+
+
+### Bug Fixes
+
+* **vscode:** improve paste support for vscode extension ([2bd9c1f](https://github.com/windmill-labs/windmill/commit/2bd9c1fc73604add8cc72a7758b575875666abae))
+
+## [1.600.1](https://github.com/windmill-labs/windmill/compare/v1.600.0...v1.600.1) (2025-12-26)
+
+
+### Bug Fixes
+
+* add an flow editor drawer for editing flows in same page ([940b85b](https://github.com/windmill-labs/windmill/commit/940b85b17b33f5d27ce93333f94e2fdf62a4d0b6))
+
+## [1.600.0](https://github.com/windmill-labs/windmill/compare/v1.599.3...v1.600.0) (2025-12-26)
+
+
+### Features
+
+* allow @ selection for raw apps ([db6f2f2](https://github.com/windmill-labs/windmill/commit/db6f2f27629cac08c9158eeb556e9b42292a55db))
+* allow code selection to be added as context to the AI Chat ([66c8e2f](https://github.com/windmill-labs/windmill/commit/66c8e2f6da7a8b8f3a950c4e0ff65430d7886ad5))
+* implement item selection for raw app builder ([c90d878](https://github.com/windmill-labs/windmill/commit/c90d878bc11d4980ae7a6c64506001a996801af5))
+
+
+### Bug Fixes
+
+* add help subcommand ([#7221](https://github.com/windmill-labs/windmill/issues/7221)) ([7fbc70a](https://github.com/windmill-labs/windmill/commit/7fbc70add042d884085a56fdec07232bee3b8e58))
+
+## [1.599.3](https://github.com/windmill-labs/windmill/compare/v1.599.2...v1.599.3) (2025-12-25)
+
+
+### Bug Fixes
+
+* add CORS headers to static assets for iframe context sharing ([#7454](https://github.com/windmill-labs/windmill/issues/7454)) ([77d3004](https://github.com/windmill-labs/windmill/commit/77d3004a2fd7743ba6f4953b980650ea86dea656))
+
+## [1.599.2](https://github.com/windmill-labs/windmill/compare/v1.599.1...v1.599.2) (2025-12-25)
+
+
+### Bug Fixes
+
+* fix raw app ui builder setFiles errors ([3ed45d5](https://github.com/windmill-labs/windmill/commit/3ed45d57df8a33bde6c0f008b943bff9af9c826e))
+
+## [1.599.1](https://github.com/windmill-labs/windmill/compare/v1.599.0...v1.599.1) (2025-12-25)
+
+
+### Bug Fixes
+
+* revert setting HOME=/tmp by default ([6dafb42](https://github.com/windmill-labs/windmill/commit/6dafb423b29046b01979f6b64c6795a42b3e9576))
+
+## [1.599.0](https://github.com/windmill-labs/windmill/compare/v1.598.0...v1.599.0) (2025-12-24)
+
+
+### Features
+
+* raw apps can be built by agents fully locally ([#7448](https://github.com/windmill-labs/windmill/issues/7448)) ([3dd4579](https://github.com/windmill-labs/windmill/commit/3dd4579d0a3ac57b6726f96c7b37c85378ae6641))
+
+## [1.598.0](https://github.com/windmill-labs/windmill/compare/v1.597.1...v1.598.0) (2025-12-23)
+
+
+### Features
+
+* **python:** set latest stable to 3.12 ([#7405](https://github.com/windmill-labs/windmill/issues/7405)) ([cbcf0aa](https://github.com/windmill-labs/windmill/commit/cbcf0aa3442a5949b49f973fdc71578aa629ae37))
+
+
+### Bug Fixes
+
+* add uv tool path to PATH ([#7444](https://github.com/windmill-labs/windmill/issues/7444)) ([b806f04](https://github.com/windmill-labs/windmill/commit/b806f046317316f050ef6f8288019db11e0d934a))
+
+## [1.597.2](https://github.com/windmill-labs/windmill/compare/v1.597.1...v1.597.2) (2025-12-23)
+
+
+### Bug Fixes
+
+* add uv tool path to PATH ([#7444](https://github.com/windmill-labs/windmill/issues/7444)) ([b806f04](https://github.com/windmill-labs/windmill/commit/b806f046317316f050ef6f8288019db11e0d934a))
+
+## [1.597.1](https://github.com/windmill-labs/windmill/compare/v1.597.0...v1.597.1) (2025-12-23)
+
+
+### Bug Fixes
+
+* **cli:** improve workspace dependency pushing ([815aadc](https://github.com/windmill-labs/windmill/commit/815aadc679f2ab6585482e5565e682b7dc11b574))
+
+## [1.597.0](https://github.com/windmill-labs/windmill/compare/v1.596.0...v1.597.0) (2025-12-23)
+
+
+### Features
+
+* **ai:** add websearch tool for AI agents ([#7399](https://github.com/windmill-labs/windmill/issues/7399)) ([6be060b](https://github.com/windmill-labs/windmill/commit/6be060bea8fd12676a80f4b477aadd225880a625))
+* **aiagent:** allow giving messages history ([#7395](https://github.com/windmill-labs/windmill/issues/7395)) ([5f2101a](https://github.com/windmill-labs/windmill/commit/5f2101a32bcdd9ab71af3e4359925f5e1d1604a6))
+* **aiagent:** handle custom memory_id ([#7432](https://github.com/windmill-labs/windmill/issues/7432)) ([532c500](https://github.com/windmill-labs/windmill/commit/532c50024f83f915bc36e962a81a544b611b8c8d))
+* **aichat:** add get_lint_errors tool for script and flow mode ([#7431](https://github.com/windmill-labs/windmill/issues/7431)) ([15a4b26](https://github.com/windmill-labs/windmill/commit/15a4b26d44bb2a023cf01088c05e8f09b0ddad39))
+* data table integrations for raw apps ([#7436](https://github.com/windmill-labs/windmill/issues/7436)) ([6a67869](https://github.com/windmill-labs/windmill/commit/6a67869040b2fb4c88526a44b86a0cc7879a2432))
+* full-code app builder reachable from home in preview ([ad2232e](https://github.com/windmill-labs/windmill/commit/ad2232e4cb19aef601ac9cb29cd14a01a2752c78))
+* v2 job debouncing ([#7411](https://github.com/windmill-labs/windmill/issues/7411)) ([9d698da](https://github.com/windmill-labs/windmill/commit/9d698dabb4e884ef5f1a6193ff4e9d6b0580cf7b))
+
+
+### Bug Fixes
+
+* better timeouts on job pull ([#7434](https://github.com/windmill-labs/windmill/issues/7434)) ([6723a6a](https://github.com/windmill-labs/windmill/commit/6723a6a04b19c3d9193791d309418654faaab438))
+* clear app form on submit option ([#7428](https://github.com/windmill-labs/windmill/issues/7428)) ([980dfcc](https://github.com/windmill-labs/windmill/commit/980dfcc366debb27229b244d61598932e706d8b6))
+* **cli:** fix ordering of workspace dependencies push ([65b5669](https://github.com/windmill-labs/windmill/commit/65b5669e1a4f8abd23722e25c9e25c249e68861f))
+* **cli:** push workspace deps doesn't depend on wmill-locks ([7a9481e](https://github.com/windmill-labs/windmill/commit/7a9481e44906752c1b4ff1851ce04bc85c2c6ea9))
+* clone script by path instead of hash ([#7439](https://github.com/windmill-labs/windmill/issues/7439)) ([0f51f97](https://github.com/windmill-labs/windmill/commit/0f51f9702cb41d5bf7c5f925974b1c22ff171cdd))
+
+## [1.596.0](https://github.com/windmill-labs/windmill/compare/v1.595.0...v1.596.0) (2025-12-20)
+
+
+### Features
+
+* type-checked data tables v0 ([#7381](https://github.com/windmill-labs/windmill/issues/7381)) ([3affbb3](https://github.com/windmill-labs/windmill/commit/3affbb33217bc303c1b96ec93fdd2d80444c8c9e))
+
+
+### Bug Fixes
+
+* improve error msg for unshare error ([#7421](https://github.com/windmill-labs/windmill/issues/7421)) ([cdd5d9f](https://github.com/windmill-labs/windmill/commit/cdd5d9fa9ac11d869da6c755df0e0306dbb33b84))
+* improve MS SQL Numeric rounding ([#7404](https://github.com/windmill-labs/windmill/issues/7404)) ([afe74f7](https://github.com/windmill-labs/windmill/commit/afe74f74fadf983a5e5d712716b636b578007250))
+* update to astral-tokio-tar for CVE ([#7423](https://github.com/windmill-labs/windmill/issues/7423)) ([d544da3](https://github.com/windmill-labs/windmill/commit/d544da342c9547be2b12d16fb4a4281c43d5ee73))
+
+## [1.595.0](https://github.com/windmill-labs/windmill/compare/v1.594.0...v1.595.0) (2025-12-19)
+
+
+### Features
+
+* email triggers custom cert ([#7415](https://github.com/windmill-labs/windmill/issues/7415)) ([0bf7407](https://github.com/windmill-labs/windmill/commit/0bf74074192d22e3ba28acae65d88464f9958fb8))
+
+
+### Bug Fixes
+
+* **backend:** put for loop itered in a separate table ([#7419](https://github.com/windmill-labs/windmill/issues/7419)) ([f89fb29](https://github.com/windmill-labs/windmill/commit/f89fb292da320f54d682e8de5ff57acac0405efa))
+* do not use unshare for init scripts ([#7418](https://github.com/windmill-labs/windmill/issues/7418)) ([c28e771](https://github.com/windmill-labs/windmill/commit/c28e77110e3a97c597b0781124a97b6d16a34810))
+* **frontend:** settings redesign ([#7406](https://github.com/windmill-labs/windmill/issues/7406)) ([210b828](https://github.com/windmill-labs/windmill/commit/210b8285d4d9a693f67b40831d5bb39d6aeffb92))
+* Python Enum types generate proper dropdown schemas with descriptions ([#7400](https://github.com/windmill-labs/windmill/issues/7400)) ([da500fc](https://github.com/windmill-labs/windmill/commit/da500fcf3e79f76e14d1724f07dd69e58a6307e8))
+* teams, need both guid and thread id format ([#7420](https://github.com/windmill-labs/windmill/issues/7420)) ([8268354](https://github.com/windmill-labs/windmill/commit/8268354889d0eb1fb44c083fd1c6243f08788e2c))
+
+## [1.594.0](https://github.com/windmill-labs/windmill/compare/v1.593.1...v1.594.0) (2025-12-19)
+
+
+### Features
+
+* restart flow from step with different flow version ([#7409](https://github.com/windmill-labs/windmill/issues/7409)) ([a699382](https://github.com/windmill-labs/windmill/commit/a6993823affeff6baf7b6c2b40bdb35713bbffe5))
+
+
+### Bug Fixes
+
+* **backend:** correctly apply preprocessor step tag ([#7412](https://github.com/windmill-labs/windmill/issues/7412)) ([0fe7a2a](https://github.com/windmill-labs/windmill/commit/0fe7a2a17e810153bc7628b9278e2926b869c389))
+* disable oomgroup by default ([8060244](https://github.com/windmill-labs/windmill/commit/806024403ee6496dfff886d3ecdb53d4a2b646e6))
+* improve teams search ux ([#7407](https://github.com/windmill-labs/windmill/issues/7407)) ([96aacee](https://github.com/windmill-labs/windmill/commit/96aaceef951c23a7d5f4af6ad6b95883f5ba8f71))
+
+## [1.593.1](https://github.com/windmill-labs/windmill/compare/v1.593.0...v1.593.1) (2025-12-18)
+
+
+### Bug Fixes
+
+* fix folder/group history seq id grant issues ([c9a19f1](https://github.com/windmill-labs/windmill/commit/c9a19f12d637ca47c4a9bbfe0e851198111c3e9e))
+
+## [1.593.0](https://github.com/windmill-labs/windmill/compare/v1.592.1...v1.593.0) (2025-12-17)
+
+
+### Features
+
+* **ai:** support IAM auth for bedrock provider ([#7379](https://github.com/windmill-labs/windmill/issues/7379)) ([8c55f61](https://github.com/windmill-labs/windmill/commit/8c55f61bbad81bc81509660b5d54d3289c1edfca))
+* **backend:** stop schedules and cancel jobs when archiving a workspace ([#7377](https://github.com/windmill-labs/windmill/issues/7377)) ([ebc82db](https://github.com/windmill-labs/windmill/commit/ebc82dbe58eef19ca1e049f0b2099b702fe3725e))
+* data table schemas ([#7353](https://github.com/windmill-labs/windmill/issues/7353)) ([75fdc2c](https://github.com/windmill-labs/windmill/commit/75fdc2cdc96ae06ee8a7891fe670acec8a58afe3))
+* http triggers scopes ([#7385](https://github.com/windmill-labs/windmill/issues/7385)) ([b4eb7c6](https://github.com/windmill-labs/windmill/commit/b4eb7c6ac076261aed2d9c97f3b09ac52f7fe0da))
+* **internal:** runnable settings ([#7298](https://github.com/windmill-labs/windmill/issues/7298)) ([fe56191](https://github.com/windmill-labs/windmill/commit/fe5619142228ea5370b64112e3a2e38aed507b66))
+* workspace forks merge UI ([#7333](https://github.com/windmill-labs/windmill/issues/7333)) ([9d06c15](https://github.com/windmill-labs/windmill/commit/9d06c152ee5c2ab1f76a631411f3603bb0575f5e))
+
+
+### Bug Fixes
+
+* add history directly viewable in folder/group viewer ([#7365](https://github.com/windmill-labs/windmill/issues/7365)) ([b3603d8](https://github.com/windmill-labs/windmill/commit/b3603d872090c354a9ee82714a6a0e4e79019428))
+* add history to raw app builder ([#7362](https://github.com/windmill-labs/windmill/issues/7362)) ([431074d](https://github.com/windmill-labs/windmill/commit/431074d2493d6e87148806a09f60a7eacef552ff))
+* **aiagent:** fix gemini-3.0 usage ([#7382](https://github.com/windmill-labs/windmill/issues/7382)) ([f64d918](https://github.com/windmill-labs/windmill/commit/f64d918af6e1d9c0e5b1c0abfee081625f3410cb))
+* **aichat:** fix for azure responses api not available in some region ([#7387](https://github.com/windmill-labs/windmill/issues/7387)) ([e7719d2](https://github.com/windmill-labs/windmill/commit/e7719d2cda1c636f0f0acd7cb9bd52c6b3712ebe))
+* **backend:** better trigger listening logs ([#7392](https://github.com/windmill-labs/windmill/issues/7392)) ([3ba361a](https://github.com/windmill-labs/windmill/commit/3ba361ad1ae19130b8bd72a3d940ddc529f0471b))
+* **frontend:** http/email triggers UI nits ([#7378](https://github.com/windmill-labs/windmill/issues/7378)) ([75e1e90](https://github.com/windmill-labs/windmill/commit/75e1e902734e755f2979f882dd4b2889ce13dfef))
+* **mcp:** fix unresovled schema ([#7383](https://github.com/windmill-labs/windmill/issues/7383)) ([1b86a39](https://github.com/windmill-labs/windmill/commit/1b86a39051df1344718ed868a15714f4cee90680))
+* propagate canceled_by in flows ([#7396](https://github.com/windmill-labs/windmill/issues/7396)) ([0454f39](https://github.com/windmill-labs/windmill/commit/0454f392e7d9c77f47252b18c1d7ec2ba2cc8cca))
+* **rawapp:** make popup work with runnables ([2f5fdd6](https://github.com/windmill-labs/windmill/commit/2f5fdd6b3f742a614cfba590408b88a64d0c86a3))
+* **rawapp:** schema for openai ([#7364](https://github.com/windmill-labs/windmill/issues/7364)) ([37394d6](https://github.com/windmill-labs/windmill/commit/37394d6d532923aa273b50c94799ed7a0161e2af))
+* SCIM 2.0 RFC compliance + displayName support ([#7380](https://github.com/windmill-labs/windmill/issues/7380)) ([6ffb80d](https://github.com/windmill-labs/windmill/commit/6ffb80d1e1631385ea1bc2b5ad447431f52d892f))
+
+## [1.592.1](https://github.com/windmill-labs/windmill/compare/v1.592.0...v1.592.1) (2025-12-12)
+
+
+### Bug Fixes
+
+* **ai:** improve share system prompts ([490114d](https://github.com/windmill-labs/windmill/commit/490114d133a08ef7f61ed216796b01fbec32a677))
+
+## [1.592.0](https://github.com/windmill-labs/windmill/compare/v1.591.4...v1.592.0) (2025-12-12)
+
+
+### Features
+
+* **ai:** standardize and improve system prompts ([#7346](https://github.com/windmill-labs/windmill/issues/7346)) ([31e002a](https://github.com/windmill-labs/windmill/commit/31e002ad411bfbf08c933700bf5ae12b253ac0b8))
+
+
+### Bug Fixes
+
+* **bun:** deployment error on workspace dependencies ([#7355](https://github.com/windmill-labs/windmill/issues/7355)) ([6859670](https://github.com/windmill-labs/windmill/commit/68596701f1e9da460d7bd3246dc797fca1e66a62))
+* clear datetime input in schedule sets input to null ([#7358](https://github.com/windmill-labs/windmill/issues/7358)) ([8f1343e](https://github.com/windmill-labs/windmill/commit/8f1343e155620b047e746da40653ec627f97a1a3))
+
+## [1.591.4](https://github.com/windmill-labs/windmill/compare/v1.591.3...v1.591.4) (2025-12-12)
+
+
+### Bug Fixes
+
+* **app:** fix raw scripts forbidden by policy if no args ([857adf5](https://github.com/windmill-labs/windmill/commit/857adf5b63fe243736366c38a7e573678552a99b))
+
+## [1.591.3](https://github.com/windmill-labs/windmill/compare/v1.591.2...v1.591.3) (2025-12-11)
+
+
+### Bug Fixes
+
+* fix test up to step ([#7348](https://github.com/windmill-labs/windmill/issues/7348)) ([4337a88](https://github.com/windmill-labs/windmill/commit/4337a8810e7db874cd75006aacf4e4a85bc33836))
+* S3 SDK nits + Presigned S3 Public URL function ([#7342](https://github.com/windmill-labs/windmill/issues/7342)) ([2ee00b3](https://github.com/windmill-labs/windmill/commit/2ee00b3c7b0f7ba9a5997ec4474949500ff2c67b))
+
+## [1.591.2](https://github.com/windmill-labs/windmill/compare/v1.591.1...v1.591.2) (2025-12-11)
+
+
+### Bug Fixes
+
+* **backend:** pin reqwest to 0.12.24 for better handling of redirects ([#7336](https://github.com/windmill-labs/windmill/issues/7336)) ([99bf866](https://github.com/windmill-labs/windmill/commit/99bf866f90d96f706a517b7626df999bce9e36ac))
+
+## [1.591.1](https://github.com/windmill-labs/windmill/compare/v1.591.0...v1.591.1) (2025-12-10)
+
+
+### Bug Fixes
+
+* update git sync to latest cli ([da65ddd](https://github.com/windmill-labs/windmill/commit/da65ddd8f82ae283557526d0e97b1057976ec2ff))
+
+## [1.591.0](https://github.com/windmill-labs/windmill/compare/v1.590.0...v1.591.0) (2025-12-10)
+
+
+### Features
+
+* **aichat:** add test pipeline ([#7321](https://github.com/windmill-labs/windmill/issues/7321)) ([36cb5bd](https://github.com/windmill-labs/windmill/commit/36cb5bde1a887effee2e2ba83a6ddd85f3e79775))
+* **aichat:** use single tool for flow chat ([#7326](https://github.com/windmill-labs/windmill/issues/7326)) ([888a6a4](https://github.com/windmill-labs/windmill/commit/888a6a4e607f814cd92f3f489b40ac886dbafc0d))
+* **mcp:** add documentation endpoint ([#7331](https://github.com/windmill-labs/windmill/issues/7331)) ([bd3271f](https://github.com/windmill-labs/windmill/commit/bd3271f967ed1996060c590bac0587a387b7869c))
+
+
+### Bug Fixes
+
+* alining group name normalization between scim and igroup api ([#7325](https://github.com/windmill-labs/windmill/issues/7325)) ([8159b8e](https://github.com/windmill-labs/windmill/commit/8159b8e017660f3b3aeed6beb97a42e3ee658824))
+* **backend:** add presigned url support for object storage ([#7328](https://github.com/windmill-labs/windmill/issues/7328)) ([651681b](https://github.com/windmill-labs/windmill/commit/651681b7efb6793d2939217aafcfb3e44f5b0e84))
+* **cli:** do not remove schema for normal apps ([3470c92](https://github.com/windmill-labs/windmill/commit/3470c927aeae1627984fff535ec36ece4349f329))
+* **frontend:** do not consider advanced module settings when testing ai agent step ([72a38f3](https://github.com/windmill-labs/windmill/commit/72a38f36fbaf3ceaec03612b9932187fa134755c))
+
+## [1.590.0](https://github.com/windmill-labs/windmill/compare/v1.589.3...v1.590.0) (2025-12-08)
+
+
+### Features
+
+* add query arg for oidc expiration ([#7312](https://github.com/windmill-labs/windmill/issues/7312)) ([e6adf16](https://github.com/windmill-labs/windmill/commit/e6adf16fc9e8efb145d7dfe9d48e78ece9bc0fce))
+* **aichat:** simplify flow mode edits ([#6981](https://github.com/windmill-labs/windmill/issues/6981)) ([3d5b79c](https://github.com/windmill-labs/windmill/commit/3d5b79c154c9b9c1ec6e4fd1b35556ea5c3cb457))
+* **cli:** new command to generate RT namespace + on init ([#7317](https://github.com/windmill-labs/windmill/issues/7317)) ([e8ca7c5](https://github.com/windmill-labs/windmill/commit/e8ca7c5f952676b653e97362fab43a57a6b79237))
+* configurable max ai agent iterations ([#7302](https://github.com/windmill-labs/windmill/issues/7302)) ([8897dab](https://github.com/windmill-labs/windmill/commit/8897dab282f58e38b103dcff7ba4eaad896b6995))
+* Data tables ([#7226](https://github.com/windmill-labs/windmill/issues/7226)) ([9bbab33](https://github.com/windmill-labs/windmill/commit/9bbab3321e064dc00c5734990949ce9515f46de7))
+* **frontend:** add wildcard pattern support to MCP token custom scope ([#7306](https://github.com/windmill-labs/windmill/issues/7306)) ([2f0e00f](https://github.com/windmill-labs/windmill/commit/2f0e00f9cf4aac717b5a2c441e1c8bbc945c1dd1))
+* new live onboarding for flows ([#7194](https://github.com/windmill-labs/windmill/issues/7194)) ([3699ce7](https://github.com/windmill-labs/windmill/commit/3699ce7a8fd4e0c58a1b715597ff7284c6c66fab))
+* triggers suspended mode ([#7297](https://github.com/windmill-labs/windmill/issues/7297)) ([eb284df](https://github.com/windmill-labs/windmill/commit/eb284dfabd7fce3c12ca8e9bf2f3e861db5bc602))
+
+
+### Bug Fixes
+
+* **frontend:** add missing docs link for json schema resource in error ([#7315](https://github.com/windmill-labs/windmill/issues/7315)) ([bfe95a3](https://github.com/windmill-labs/windmill/commit/bfe95a3d61f0c2d42bd47518ac456dc5a69c03a0))
+* **frontend:** use right workspace script version in flow status ([#7308](https://github.com/windmill-labs/windmill/issues/7308)) ([a8d4073](https://github.com/windmill-labs/windmill/commit/a8d40733f48f01e08f8e5134d5d8bf5562c2774e))
+* improve S3 etag caching ([#7301](https://github.com/windmill-labs/windmill/issues/7301)) ([7b1a8b0](https://github.com/windmill-labs/windmill/commit/7b1a8b0dce482452d1a99d6a536aaa1dd51de2e9))
+* raw app v0.5 ([#7310](https://github.com/windmill-labs/windmill/issues/7310)) ([0e63dd3](https://github.com/windmill-labs/windmill/commit/0e63dd301f2b2b258225d19a2830ec35c325716a))
+
+## [1.589.3](https://github.com/windmill-labs/windmill/compare/v1.589.2...v1.589.3) (2025-12-05)
+
+
+### Bug Fixes
+
+* **app:** fix appdatetimeinput in lists ([409c342](https://github.com/windmill-labs/windmill/commit/409c342ffd4499c5ab67b3b5acca8977753ded00))
+* **cli:** properly handle frontend scripts for app generate-locks ([af70eed](https://github.com/windmill-labs/windmill/commit/af70eed58d9b38f48891e14632660e3aa10ee35e))
+* linked secret in resources must be of type string ([9746030](https://github.com/windmill-labs/windmill/commit/97460304e9ed54b9a04e055b884e2fb997c5ab2c))
+
+## [1.589.2](https://github.com/windmill-labs/windmill/compare/v1.589.1...v1.589.2) (2025-12-05)
+
+
+### Bug Fixes
+
+* enable back gcp triggers in CLI ([#7299](https://github.com/windmill-labs/windmill/issues/7299)) ([3757cbc](https://github.com/windmill-labs/windmill/commit/3757cbce87a2d32539efdac7493af2efec22cb7e))
+* **flow:** fix chat mode modal + toggle ([#7296](https://github.com/windmill-labs/windmill/issues/7296)) ([f0ff6f4](https://github.com/windmill-labs/windmill/commit/f0ff6f405dcffa9b70d1a14334c647c29fbf1ed4))
+* **frontend:** fix saved/past inputs loading when in json mode on the flow detail page ([#7300](https://github.com/windmill-labs/windmill/issues/7300)) ([c3044a5](https://github.com/windmill-labs/windmill/commit/c3044a5a9be709807719201cde5eeeb0e70d7133))
+* **frontend:** update workers page ui ([#7264](https://github.com/windmill-labs/windmill/issues/7264)) ([0594257](https://github.com/windmill-labs/windmill/commit/0594257a25d1a64e620daf4ea0b106f47424ef87))
+* show related job when deployment is in progress ([#7294](https://github.com/windmill-labs/windmill/issues/7294)) ([e9f1306](https://github.com/windmill-labs/windmill/commit/e9f13065bfedd9af84da58b161349f8e79e72b2a))
+
+## [1.589.1](https://github.com/windmill-labs/windmill/compare/v1.589.0...v1.589.1) (2025-12-03)
+
+
+### Bug Fixes
+
+* **backend:** fix broken cancel selection/all ([752e43e](https://github.com/windmill-labs/windmill/commit/752e43e653c3836cde07541b7509dc5081744b75))
+* wmill app generate-locks ([#7288](https://github.com/windmill-labs/windmill/issues/7288)) ([99b1ae2](https://github.com/windmill-labs/windmill/commit/99b1ae2e034f23efe04f5ad4b7fc401910351707))
+
+## [1.589.0](https://github.com/windmill-labs/windmill/compare/v1.588.0...v1.589.0) (2025-12-03)
+
+
+### Features
+
+* agent workers min version support ([#7284](https://github.com/windmill-labs/windmill/issues/7284)) ([e15af78](https://github.com/windmill-labs/windmill/commit/e15af78d9330617d8c7261f47433efc2f5f95203))
+
+
+### Bug Fixes
+
+* get flow by id doesn't require path ([#7278](https://github.com/windmill-labs/windmill/issues/7278)) ([60d5ea8](https://github.com/windmill-labs/windmill/commit/60d5ea857991b370c0049f7cff8cb4611a87620e))
+* Prevent running git sync on promotion mode repos for forks ([#7276](https://github.com/windmill-labs/windmill/issues/7276)) ([2a841bb](https://github.com/windmill-labs/windmill/commit/2a841bb0e319883174a1de49d47b1fb97423191c))
+
+## [1.588.0](https://github.com/windmill-labs/windmill/compare/v1.587.1...v1.588.0) (2025-12-02)
+
+
+### Features
+
+* add S3 support to download button and PDF preview components ([#7271](https://github.com/windmill-labs/windmill/issues/7271)) ([a23d4f0](https://github.com/windmill-labs/windmill/commit/a23d4f015aa32e00fd96b8f49bccd37efa1200b2))
+* **cli:** jobs migration command ([#7268](https://github.com/windmill-labs/windmill/issues/7268)) ([02e38b4](https://github.com/windmill-labs/windmill/commit/02e38b4463560338817c6ec121d745365a95c2c4))
+
+
+### Bug Fixes
+
+* **cli:** handle better apps pushing back-compatibility ([dc9d252](https://github.com/windmill-labs/windmill/commit/dc9d25289b7282b0f0bfdf987d8e62e3cd7ea8c6))
+* **cli:** handle better public apps in legacy mode ([67e30c7](https://github.com/windmill-labs/windmill/commit/67e30c7741a0391e57e30fbc41c1faa731753dcb))
+* configurable timeout for AI requests ([#6497](https://github.com/windmill-labs/windmill/issues/6497)) ([#7267](https://github.com/windmill-labs/windmill/issues/7267)) ([764e1e1](https://github.com/windmill-labs/windmill/commit/764e1e15f5a8c0e6a8ca17981281340b130b5bb3))
+* **workspace-dependencies:** implement better caching ([#7273](https://github.com/windmill-labs/windmill/issues/7273)) ([69c550b](https://github.com/windmill-labs/windmill/commit/69c550bca6dffb64bd8150648a6d358a25a018fd))
+
+## [1.587.1](https://github.com/windmill-labs/windmill/compare/v1.587.0...v1.587.1) (2025-12-01)
+
+
+### Bug Fixes
+
+* fix public apps by custom url ([9e7be4b](https://github.com/windmill-labs/windmill/commit/9e7be4b55efdc912c39994091a0db0d70ed7e83c))
+
+## [1.587.0](https://github.com/windmill-labs/windmill/compare/v1.586.0...v1.587.0) (2025-11-30)
+
+
+### Features
+
+* **aichat:** stream tool arguments  ([#7244](https://github.com/windmill-labs/windmill/issues/7244)) ([8d6936a](https://github.com/windmill-labs/windmill/commit/8d6936ae4a8577983405d95ab75f99822f15da3d))
+* workspace dependencies ([#7124](https://github.com/windmill-labs/windmill/issues/7124)) ([d38c96d](https://github.com/windmill-labs/windmill/commit/d38c96db369bf0a9a0640e11d7fee16605a6775a))
+
+
+### Bug Fixes
+
+* **cli:** cli behave as expected in forked workspaces ([58ef965](https://github.com/windmill-labs/windmill/commit/58ef965e20ec25456da23b27fe16b8abab1889f6))
+* **git-sync:** initialize repo with gitBranches set ([49b2ea6](https://github.com/windmill-labs/windmill/commit/49b2ea65316be3cf0b95af4b2e69c10c01f35d1a))
+
+## [1.586.0](https://github.com/windmill-labs/windmill/compare/v1.585.1...v1.586.0) (2025-11-27)
+
+
+### Features
+
+* add license key expiration warning on workers page ([#7225](https://github.com/windmill-labs/windmill/issues/7225)) ([d876c2c](https://github.com/windmill-labs/windmill/commit/d876c2c31c1183226e47443c5fb2f5885647d303))
+* **app:** Add progress bar app component ([#7242](https://github.com/windmill-labs/windmill/issues/7242)) ([267171f](https://github.com/windmill-labs/windmill/commit/267171f2c9b1639ade8bf717d7f50d55ec2b9767))
+
+
+### Bug Fixes
+
+* **bun:** do not add builtin to lockfiles ([e3b5975](https://github.com/windmill-labs/windmill/commit/e3b59752bd0a3f278465c783a0508c5394b58119))
+* **cli:** support better esm mode for codebases ([e8fd36e](https://github.com/windmill-labs/windmill/commit/e8fd36e2e7578e21aeccb094bc4526c7fa4ff70c))
+* **cli:** update jszip to 3.8.0 ([d22d8b7](https://github.com/windmill-labs/windmill/commit/d22d8b7af020afbf2f448047ceee0e9c7d46b3f0))
+* **frontend:** check resource type name conflict in frontend ([#7237](https://github.com/windmill-labs/windmill/issues/7237)) ([fc1a52c](https://github.com/windmill-labs/windmill/commit/fc1a52c1b3bc4f3077de862162d65f81360484b7))
+
+## [1.585.1](https://github.com/windmill-labs/windmill/compare/v1.585.0...v1.585.1) (2025-11-26)
+
+
+### Bug Fixes
+
+* clone group members on workspace forks ([#7232](https://github.com/windmill-labs/windmill/issues/7232)) ([faad000](https://github.com/windmill-labs/windmill/commit/faad0006b430262f1ab6b749ccf60a6860a54405))
+
+## [1.585.0](https://github.com/windmill-labs/windmill/compare/v1.584.0...v1.585.0) (2025-11-26)
+
+
+### Features
+
+* flow for loop squashing ([#7107](https://github.com/windmill-labs/windmill/issues/7107)) ([93c34c6](https://github.com/windmill-labs/windmill/commit/93c34c6d769dd56da02064c0abdaa060efe0259d))
+* **frontend:** move app reports script to hub ([#7227](https://github.com/windmill-labs/windmill/issues/7227)) ([f8a0bfc](https://github.com/windmill-labs/windmill/commit/f8a0bfc20d1ccb6ce36e3adf4188533470270bdb))
+
+
+### Bug Fixes
+
+* **cli:** improve back-compatibility with app.yaml with policy still present ([c0a92f8](https://github.com/windmill-labs/windmill/commit/c0a92f83b00341b0eee36e2dc88d301a75b6fdfb))
+* **frontend:** workspace color race condition for superadmins ([#7229](https://github.com/windmill-labs/windmill/issues/7229)) ([8922be1](https://github.com/windmill-labs/windmill/commit/8922be11a6935d200e1909f14aa410c6eff67a13))
+* workspace forks shouldn't inherit promotion mode repo ([#7223](https://github.com/windmill-labs/windmill/issues/7223)) ([f56f3b0](https://github.com/windmill-labs/windmill/commit/f56f3b0fe6185167e9c4c8541ddefba01c509b8d))
+
+## [1.584.0](https://github.com/windmill-labs/windmill/compare/v1.583.3...v1.584.0) (2025-11-25)
+
+
+### Features
+
+* **app:** add chat component ([#7199](https://github.com/windmill-labs/windmill/issues/7199)) ([c47669b](https://github.com/windmill-labs/windmill/commit/c47669be0bffb0821afe9d4182cc071cb3b675f0))
+
+
+### Bug Fixes
+
+* **cli:** handle better public apps ([de7739a](https://github.com/windmill-labs/windmill/commit/de7739a3ee7ef76a8eb4fe6570ef0bdfbdb92293))
+* **frontend:** forking UI issues ([#7215](https://github.com/windmill-labs/windmill/issues/7215)) ([dccee1d](https://github.com/windmill-labs/windmill/commit/dccee1dba08b4c4b170336b3f3e959fbe7bca8ce))
+* **frontend:** improve preprocessor discoverability ([#7214](https://github.com/windmill-labs/windmill/issues/7214)) ([a2d3297](https://github.com/windmill-labs/windmill/commit/a2d3297343338ba0b559481723e64db5f4acf3a7))
+* **frontend:** loading saved/history inputs when json view is on ([#7217](https://github.com/windmill-labs/windmill/issues/7217)) ([e87f814](https://github.com/windmill-labs/windmill/commit/e87f81470904578467f42598cfce5fad2249f131))
+* **frontend:** show trigger table when no trigger selected ([#7219](https://github.com/windmill-labs/windmill/issues/7219)) ([c37dde0](https://github.com/windmill-labs/windmill/commit/c37dde096c301a502c6ff2c570b91153a5717fcd))
+* list scripts without 1000 limits ([897faf0](https://github.com/windmill-labs/windmill/commit/897faf085b49ada0648594797cfe627decb50952))
+
+## [1.583.3](https://github.com/windmill-labs/windmill/compare/v1.583.2...v1.583.3) (2025-11-24)
+
+
+### Bug Fixes
+
+* **cli:** fix pushing non existing apps with cli ([29d8ad2](https://github.com/windmill-labs/windmill/commit/29d8ad2e5de1447f39252edd5ceea22034801547))
+* fix deadlock on oidc ([0e717c9](https://github.com/windmill-labs/windmill/commit/0e717c9588c1a3811cc4d438b53a93b4b13cf239))
+
+## [1.583.2](https://github.com/windmill-labs/windmill/compare/v1.583.1...v1.583.2) (2025-11-24)
+
+
+### Bug Fixes
+
+* listScripts include description with opt-out query arg ([#7210](https://github.com/windmill-labs/windmill/issues/7210)) ([80c7911](https://github.com/windmill-labs/windmill/commit/80c79116416db8629135a8853df645d9fff286dd))
+* **scim:** use value instead of display for group updates ([#7203](https://github.com/windmill-labs/windmill/issues/7203)) ([193efe3](https://github.com/windmill-labs/windmill/commit/193efe31c8aeab3a5e3e28278855d518c000bda8))
+
+## [1.583.1](https://github.com/windmill-labs/windmill/compare/v1.583.0...v1.583.1) (2025-11-21)
+
+
+### Bug Fixes
+
+* **cli:** improve cli local policy generation ([b857d15](https://github.com/windmill-labs/windmill/commit/b857d15352ab422c1d477cd9172856956c2c4b7c))
+
+## [1.583.0](https://github.com/windmill-labs/windmill/compare/v1.582.2...v1.583.0) (2025-11-21)
+
+
+### Features
+
+* **cli:** app policies are generated locally ([#7200](https://github.com/windmill-labs/windmill/issues/7200)) ([f85ab0c](https://github.com/windmill-labs/windmill/commit/f85ab0c5dd64f01fbd0c0c9c2a4cea029a04cd50))
+
+
+### Bug Fixes
+
+* **backend:** handle malformed errors in flow error handler ([#7196](https://github.com/windmill-labs/windmill/issues/7196)) ([f531866](https://github.com/windmill-labs/windmill/commit/f53186653220a5213e0bffdf77187faaa9190a7e))
+
+## [1.582.2](https://github.com/windmill-labs/windmill/compare/v1.582.1...v1.582.2) (2025-11-21)
+
+
+### Bug Fixes
+
+* fix aws oidc refresh ([98bdb68](https://github.com/windmill-labs/windmill/commit/98bdb6825a1b85c973ddec3e6b933e4a3d6d6972))
+
+## [1.582.1](https://github.com/windmill-labs/windmill/compare/v1.582.0...v1.582.1) (2025-11-21)
+
+
+### Bug Fixes
+
+* fix aws oidc refresh ([a3b4cfc](https://github.com/windmill-labs/windmill/commit/a3b4cfcb8f11db326b0ebf1777ad7e6479425125))
+
+## [1.582.0](https://github.com/windmill-labs/windmill/compare/v1.581.1...v1.582.0) (2025-11-20)
+
+
+### Features
+
+* **aichat:** handle duckdb scripts ([#7187](https://github.com/windmill-labs/windmill/issues/7187)) ([ce5a318](https://github.com/windmill-labs/windmill/commit/ce5a31865cf6965ec28c449c2a832b93572a8eb6))
+* **ee:** support iamrds ([e9691c9](https://github.com/windmill-labs/windmill/commit/e9691c9eb080236849850a1ea6f3237ae39a2c4c))
+
+
+### Bug Fixes
+
+* **aichat:** fallback to completion if responses fails ([#7190](https://github.com/windmill-labs/windmill/issues/7190)) ([b56e611](https://github.com/windmill-labs/windmill/commit/b56e611700f06844dda4f30d02a1119e714d73a4))
+* **frontend:** show code/lock in flow steps on runs page ([#7191](https://github.com/windmill-labs/windmill/issues/7191)) ([338fd8a](https://github.com/windmill-labs/windmill/commit/338fd8a38cb035de298006ed1b96b6513eab9769))
+
+## [1.581.1](https://github.com/windmill-labs/windmill/compare/v1.581.0...v1.581.1) (2025-11-20)
+
+
+### Bug Fixes
+
+* **frontend:** missing node Result id migration ([#7182](https://github.com/windmill-labs/windmill/issues/7182)) ([054aeb3](https://github.com/windmill-labs/windmill/commit/054aeb33271288dc9458b012881164c3c4597280))
+
+## [1.581.0](https://github.com/windmill-labs/windmill/compare/v1.580.0...v1.581.0) (2025-11-19)
+
+
+### Features
+
+* **frontend:** add notes to flow ([#6628](https://github.com/windmill-labs/windmill/issues/6628)) ([cfeb294](https://github.com/windmill-labs/windmill/commit/cfeb294308ba85763025f3628cbb85144d7f0778))
+
+## [1.580.0](https://github.com/windmill-labs/windmill/compare/v1.579.2...v1.580.0) (2025-11-18)
+
+
+### Features
+
+* **aichat:** use responses api for openai models ([#7163](https://github.com/windmill-labs/windmill/issues/7163)) ([5c79a35](https://github.com/windmill-labs/windmill/commit/5c79a35306855143428d0725519578aea0a746fd))
+* disabling/enabling email triggers ([#7171](https://github.com/windmill-labs/windmill/issues/7171)) ([8ae266b](https://github.com/windmill-labs/windmill/commit/8ae266b6a9ced16e1b7416cfc8bea5fe7a7af042))
+* **security:** unshare pid of worker job process ([#7106](https://github.com/windmill-labs/windmill/issues/7106)) ([5aa251a](https://github.com/windmill-labs/windmill/commit/5aa251a2d276cc9d27bf104f8e4f724ea6a28231))
+* support secondary promotion repos in git sync settings ([#7173](https://github.com/windmill-labs/windmill/issues/7173)) ([5548221](https://github.com/windmill-labs/windmill/commit/55482210921fe2eb0fd158abd4f7369495f2dfd7))
+
+
+### Bug Fixes
+
+* change uv tool dir from /root to /usr/local/uv ([c3e59fe](https://github.com/windmill-labs/windmill/commit/c3e59fe064fc3b9d4c05958eea54601ff3410899))
+* improve delete to handle ai chat ([f371fbe](https://github.com/windmill-labs/windmill/commit/f371fbeb9bb0946bd29a6413ee7ede75dedda5d9))
+* support IRSA for duckdb s3 proxy ([2058f27](https://github.com/windmill-labs/windmill/commit/2058f27e03468d45813f340b8563f935ca2142f4))
+
+## [1.579.2](https://github.com/windmill-labs/windmill/compare/v1.579.1...v1.579.2) (2025-11-18)
+
+
+### Bug Fixes
+
+* ducklake manager table explorer issue ([d08c091](https://github.com/windmill-labs/windmill/commit/d08c0916f72a67f01e0c4475f03f9d1d33c10905))
+
+## [1.579.1](https://github.com/windmill-labs/windmill/compare/v1.579.0...v1.579.1) (2025-11-18)
+
+
+### Bug Fixes
+
+* fix s3 object download frontend freezes ([09a6e1f](https://github.com/windmill-labs/windmill/commit/09a6e1feaa79ce3f8548f8090fddbf46abb08b18))
+
+## [1.579.0](https://github.com/windmill-labs/windmill/compare/v1.578.0...v1.579.0) (2025-11-17)
+
+
+### Features
+
+* **ai:** handle aws bedrock as provider ([#7155](https://github.com/windmill-labs/windmill/issues/7155)) ([79ac631](https://github.com/windmill-labs/windmill/commit/79ac6312e87afa3646bddc0f7e66fc4367dbff7c))
+* **mcp:** granular token scopes for scripts, flows, and endpoints ([#7130](https://github.com/windmill-labs/windmill/issues/7130)) ([88d04b9](https://github.com/windmill-labs/windmill/commit/88d04b9cbeee98f3256b78e9d34beb930cd729ec))
+* rhel8 + fix rhel9 ([#7165](https://github.com/windmill-labs/windmill/issues/7165)) ([499d7d4](https://github.com/windmill-labs/windmill/commit/499d7d4098758726a8cb2bf3e4837927b8fd70a4))
+
+
+### Bug Fixes
+
+* **backend:** worker count in latest worker usage ([#7160](https://github.com/windmill-labs/windmill/issues/7160)) ([b87d2cc](https://github.com/windmill-labs/windmill/commit/b87d2cc64cb54b602ee599fcde7f0fd3c8931550))
+* fix custom email triggers enabled ([#7164](https://github.com/windmill-labs/windmill/issues/7164)) ([90b5569](https://github.com/windmill-labs/windmill/commit/90b5569c911f9025b0e6b5318f57705efbd9bd17))
+
+## [1.578.0](https://github.com/windmill-labs/windmill/compare/v1.577.0...v1.578.0) (2025-11-17)
+
+
+### Features
+
+* support to run windows binary as service ([#7153](https://github.com/windmill-labs/windmill/issues/7153)) ([ceeff5f](https://github.com/windmill-labs/windmill/commit/ceeff5f76c69d98319bb3fb7f7779b6046478d6b))
+
+## [1.577.0](https://github.com/windmill-labs/windmill/compare/v1.576.3...v1.577.0) (2025-11-17)
+
+
+### Features
+
+* add support for validateset in pwsh ([#7158](https://github.com/windmill-labs/windmill/issues/7158)) ([b66e038](https://github.com/windmill-labs/windmill/commit/b66e038a0f8b6bffe157a83671c8e692c1441f23))
+* allow http trigger to be disabled ([#6976](https://github.com/windmill-labs/windmill/issues/6976)) ([09082de](https://github.com/windmill-labs/windmill/commit/09082de53971d0d2f2a6308bc8ee573458a3b913))
+
+
+### Bug Fixes
+
+* create app_themes/groups/components only when needed ([cf5d58e](https://github.com/windmill-labs/windmill/commit/cf5d58ea43cef6add3da2aa1e24efc83be6df3b9))
+* fix parse_postgres_uri not decoding password ([#7157](https://github.com/windmill-labs/windmill/issues/7157)) ([2cae72c](https://github.com/windmill-labs/windmill/commit/2cae72c9db6bd08689e1672be6dda32f6af831fb))
+
+## [1.576.3](https://github.com/windmill-labs/windmill/compare/v1.576.2...v1.576.3) (2025-11-15)
+
+
+### Bug Fixes
+
+* handle better alias types in duckdb ([2c04e04](https://github.com/windmill-labs/windmill/commit/2c04e04bf0e3272c89f321392158888d02a1191b))
+
+## [1.576.2](https://github.com/windmill-labs/windmill/compare/v1.576.1...v1.576.2) (2025-11-15)
+
+
+### Bug Fixes
+
+* temporary fix for duckdb type_aliases causing issues ([#7148](https://github.com/windmill-labs/windmill/issues/7148)) ([6426ebf](https://github.com/windmill-labs/windmill/commit/6426ebf8cb713443904065064b6a07eb1db0761a))
+
+## [1.576.1](https://github.com/windmill-labs/windmill/compare/v1.576.0...v1.576.1) (2025-11-14)
+
+
+### Bug Fixes
+
+* DuckDB FFI crash fix ([#7145](https://github.com/windmill-labs/windmill/issues/7145)) ([d3fc459](https://github.com/windmill-labs/windmill/commit/d3fc459b407682bf588236236916363d94f3e1ff))
+
+## [1.576.0](https://github.com/windmill-labs/windmill/compare/v1.575.4...v1.576.0) (2025-11-14)
+
+
+### Features
+
+* add support for switch and attributes in pwsh params ([#7143](https://github.com/windmill-labs/windmill/issues/7143)) ([c16bef8](https://github.com/windmill-labs/windmill/commit/c16bef8f296645ff873f9d8d28e3dcb50a65e304))
+* **ai:** handle aws bedrock as provider ([#7131](https://github.com/windmill-labs/windmill/issues/7131)) ([30eb9aa](https://github.com/windmill-labs/windmill/commit/30eb9aae25eeb563ad119ef93f3ff1ab17c66d75))
+* webhook by flow version ([#7062](https://github.com/windmill-labs/windmill/issues/7062)) ([09cdfb4](https://github.com/windmill-labs/windmill/commit/09cdfb4556748903dc5bbf53ef3356ac97c57d90))
+
+
+### Bug Fixes
+
+* use proper TLS connector for DuckLake instance catalog setup ([#7138](https://github.com/windmill-labs/windmill/issues/7138)) ([cf36fe3](https://github.com/windmill-labs/windmill/commit/cf36fe3bb1beec80fa84dc342a8a38cc7369bc4d))
+
 ## [1.575.4](https://github.com/windmill-labs/windmill/compare/v1.575.3...v1.575.4) (2025-11-13)


--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -19,3 +19,17 @@ When implementing new features in Windmill, follow these best practices:

 - Backend (Rust): @backend/rust-best-practices.mdc + @backend/summarized_schema.txt
 - Frontend (Svelte 5): @frontend/svelte5-best-practices.mdc
+
+## Querying the Database
+
+To query the database directly, use psql with the following connection string:
+
+```bash
+psql postgres://postgres:changeme@localhost:5432/windmill
+```
+
+This can be helpful for:
+
+- Inspecting database state during development
+- Testing queries before implementing them in Rust
+- Debugging data-related issues
--- a/21
+++ b/21
@@ -10,9 +10,26 @@

 {$BASE_URL} {
        bind {$ADDRESS}
-        reverse_proxy /ws/* http://lsp:3001
-        # reverse_proxy /ws_mp/* http://multiplayer:3002
+
+        # LSP - Language Server Protocol for code intelligence (windmill_extra:3001)
+        reverse_proxy /ws/* http://windmill_extra:3001
+
+        # Multiplayer - Real-time collaboration, Enterprise Edition (windmill_extra:3002)
+        # Uncomment and set ENABLE_MULTIPLAYER=true in docker-compose.yml
+        # reverse_proxy /ws_mp/* http://windmill_extra:3002
+
+        # Debugger - Interactive debugging via DAP WebSocket (windmill_extra:3003)
+        # Set ENABLE_DEBUGGER=true in docker-compose.yml to enable
+        handle_path /ws_debug/* {
+                reverse_proxy http://windmill_extra:3003
+        }
+
+        # Search indexer, Enterprise Edition (windmill_indexer:8002)
        # reverse_proxy /api/srch/* http://windmill_indexer:8002
+
+        # Default: Windmill server
        reverse_proxy /* http://windmill_server:8000
+
+        # TLS with custom certificates
        # tls /certs/cert.pem /certs/key.pem
 }
--- a/94
+++ b/94
@@ -1,16 +1,6 @@
 ARG DEBIAN_IMAGE=debian:bookworm-slim
 ARG RUST_IMAGE=rust:1.90-slim-bookworm

-# Build libwindmill_duckdb_ffi_internal.so separately
-FROM ${RUST_IMAGE} AS windmill_duckdb_ffi_internal_builder
-
-WORKDIR /windmill-duckdb-ffi-internal
-RUN apt-get update && apt-get install -y pkg-config clang=1:14.0-55.* libclang-dev=1:14.0-55.* cmake=3.25.* && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-COPY ./backend/windmill-duckdb-ffi-internal .
-RUN cargo build --release -p windmill_duckdb_ffi_internal
-
 FROM ${RUST_IMAGE} AS rust_base

 RUN apt-get update && apt-get install -y git libssl-dev pkg-config npm
@@ -30,6 +20,20 @@ WORKDIR /windmill
 ENV SQLX_OFFLINE=true
 # ENV CARGO_INCREMENTAL=1

+FROM rust_base AS windmill_duckdb_ffi_internal_builder
+
+WORKDIR /windmill-duckdb-ffi-internal
+
+RUN apt-get update && apt-get install -y clang=1:14.0-55.* libclang-dev=1:14.0-55.* cmake=3.25.* && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY ./backend/windmill-duckdb-ffi-internal .
+
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \
+    cargo build --release -p windmill_duckdb_ffi_internal
+
 FROM node:24-alpine as frontend

 # install dependencies
@@ -44,6 +48,7 @@ RUN mkdir /backend
 COPY /backend/windmill-api/openapi.yaml /backend/windmill-api/openapi.yaml
 COPY /openflow.openapi.yaml /openflow.openapi.yaml
 COPY /backend/windmill-api/build_openapi.sh /backend/windmill-api/build_openapi.sh
+COPY /system_prompts/auto-generated /system_prompts/auto-generated

 RUN cd /backend/windmill-api && . ./build_openapi.sh
 COPY /backend/parsers/windmill-parser-wasm/pkg/ /backend/parsers/windmill-parser-wasm/pkg/
@@ -54,7 +59,7 @@ RUN npm run generate-backend-client
 ENV NODE_OPTIONS "--max-old-space-size=8192"
 ARG VITE_BASE_URL ""
 # Read more about macro in docker/dev.nu
-# -- MACRO-SPREAD-WASM-PARSER-DEV-ONLY -- # 
+# -- MACRO-SPREAD-WASM-PARSER-DEV-ONLY -- #
 RUN npm run build


@@ -100,6 +105,7 @@ ARG POWERSHELL_VERSION=7.5.0
 ARG POWERSHELL_DEB_VERSION=7.5.0-1
 ARG KUBECTL_VERSION=1.28.7
 ARG HELM_VERSION=3.14.3
+# NOTE: If changing, also change go version in workspace dependencies template at WorkspaceDependenciesEditor.svelte
 ARG GO_VERSION=1.25.0
 ARG APP=/usr/src/app
 ARG WITH_POWERSHELL=true
@@ -111,16 +117,19 @@ ARG WITH_GIT=true
 # 1. Change placeholder in instanceSettings.ts
 # 2. Change LATEST_STABLE_PY in dockerfile
 # 3. Change #[default] annotation for PyVersion in backend
-ARG LATEST_STABLE_PY=3.11.10
+ARG LATEST_STABLE_PY=3.12
 ENV UV_PYTHON_INSTALL_DIR=/tmp/windmill/cache/py_runtime
 ENV UV_PYTHON_PREFERENCE=only-managed
-ENV UV_TOOL_BIN_DIR=/usr/local/bin

-ENV PATH /usr/local/bin:/root/.local/bin:$PATH
+RUN mkdir -p /usr/local/uv
+ENV UV_TOOL_BIN_DIR=/usr/local/bin
+ENV UV_TOOL_DIR=/usr/local/uv
+
+ENV PATH /usr/local/bin:/root/.local/bin:/tmp/.local/bin:$PATH


 RUN apt-get update \
-    && apt-get install -y --no-install-recommends netbase tzdata ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1  software-properties-common \
+    && apt-get install -y --no-install-recommends netbase tzdata ca-certificates wget curl jq unzip build-essential unixodbc xmlsec1 software-properties-common tini \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

@@ -181,21 +190,41 @@ ENV PATH="${PATH}:/usr/local/go/bin"
 ENV GO_PATH=/usr/local/go/bin/go

 # Install UV
-RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.6.2/uv-installer.sh | sh && mv /root/.local/bin/uv /usr/local/bin/uv
+RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.24/uv-installer.sh | sh && mv /root/.local/bin/uv /usr/local/bin/uv

-# Preinstall python runtimes
-RUN uv python install 3.11
-RUN uv python install $LATEST_STABLE_PY
-
-RUN uv venv
+# Preinstall python runtimes to temp build location (will copy with world-writable perms later)
+RUN UV_CACHE_DIR=/tmp/build_cache/uv UV_PYTHON_INSTALL_DIR=/tmp/build_cache/py_runtime uv python install 3.11
+RUN UV_CACHE_DIR=/tmp/build_cache/uv UV_PYTHON_INSTALL_DIR=/tmp/build_cache/py_runtime uv python install $LATEST_STABLE_PY


-RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - 
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
 RUN apt-get -y update && apt-get install -y curl procps nodejs awscli && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

 # go build is slower the first time it is ran, so we prewarm it in the build
-RUN mkdir -p /tmp/gobuildwarm && cd /tmp/gobuildwarm && go mod init gobuildwarm && printf "package foo\nimport (\"fmt\")\nfunc main() { fmt.Println(42) }" > warm.go && go mod tidy && go build -x && rm -rf /tmp/gobuildwarm
+# This mirrors Windmill's Go wrapper structure: main.go imports inner package, uses encoding/json, os, fmt
+RUN export GOCACHE=/tmp/build_cache/go && \
+    mkdir -p /tmp/gobuildwarm/inner && \
+    cd /tmp/gobuildwarm && \
+    go mod init mymod && \
+    printf 'package main\nimport (\n\t"encoding/json"\n\t"os"\n\t"fmt"\n\t"mymod/inner"\n)\nfunc main() {\n\tdat, _ := os.ReadFile("args.json")\n\tvar req inner.Req\n\tjson.Unmarshal(dat, &req)\n\tres, _ := inner.Run(req)\n\tres_json, _ := json.Marshal(res)\n\tfmt.Println(string(res_json))\n}' > main.go && \
+    printf 'package inner\ntype Req struct {\n\tX int `json:"x"`\n}\nfunc Run(req Req) (interface{}, error) {\n\treturn main(req.X)\n}\nfunc main(x int) (interface{}, error) {\n\treturn x, nil\n}' > inner/inner.go && \
+    go build -x . && \
+    rm -rf /tmp/gobuildwarm
+
+# Copy build caches to final location, then add write permissions for any UID
+# chmod a+rw adds read+write WITHOUT removing execute bits (755->777, 644->666)
+# Note: uv python install only creates py_runtime, not uv cache - we create uv/go dirs for runtime
+RUN mkdir -p /tmp/windmill/cache && \
+    cp -r /tmp/build_cache/* /tmp/windmill/cache/ && \
+    chmod -R a+rw /tmp/windmill/cache && \
+    rm -rf /tmp/build_cache && \
+    mkdir -p -m 777 /tmp/windmill/cache/uv /tmp/windmill/cache/go
+
+# Runtime cache locations
+ENV UV_CACHE_DIR=/tmp/windmill/cache/uv
+ENV UV_PYTHON_INSTALL_DIR=/tmp/windmill/cache/py_runtime
+ENV GOCACHE=/tmp/windmill/cache/go

 ENV TZ=Etc/UTC

@@ -223,23 +252,20 @@ RUN ln -s ${APP}/windmill /usr/local/bin/windmill

 COPY ./frontend/src/lib/hubPaths.json ${APP}/hubPaths.json

-RUN windmill cache ${APP}/hubPaths.json && rm ${APP}/hubPaths.json && chmod -R 777 /tmp/windmill
+RUN windmill cache ${APP}/hubPaths.json && rm ${APP}/hubPaths.json
+
+

 # Create a non-root user 'windmill' with UID and GID 1000
 RUN addgroup --gid 1000 windmill && \
    adduser --disabled-password --gecos "" --uid 1000 --gid 1000 windmill

-RUN cp -r /root/.cache /home/windmill/.cache
+# /tmp/.cache may be created by earlier build steps with 755; chmod ensures any UID can write
+RUN mkdir -p -m 777 /tmp/windmill/logs /tmp/windmill/search /tmp/.cache && chmod 777 /tmp/.cache

-RUN mkdir -p /tmp/windmill/logs && \
-    mkdir -p /tmp/windmill/search
-
-# Make directories world-readable and writable
-RUN chmod -R 777 ${APP} && \
-     chmod -R 777 /tmp/windmill && \
-     chmod -R 777 /home/windmill/.cache
-
-USER root
+# Make directories world-accessible for any UID
+# (cache files already have 666 from umask copy above, cache_nomount is read-only)
+RUN find ${APP} /tmp/windmill -type d -exec chmod 777 {} +

 EXPOSE 8000

--- a/backend/.cargo/config.toml
+++ b/backend/.cargo/config.toml
@@ -13,4 +13,7 @@ rustflags = [
    "-C", "link-arg=-undefined",
    "-C", "link-arg=dynamic_lookup",
    "-C", "link-args=-Wl,-rpath,$ORIGIN/"
-]
+]
+
+[net]
+git-fetch-with-cli = true
--- a/backend/.sqlx/query-002d68d7c4437522a6dae95af007a356217bbae06b8453f0c32046f0cbf20dcb.json
+++ b/backend/.sqlx/query-002d68d7c4437522a6dae95af007a356217bbae06b8453f0c32046f0cbf20dcb.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT created_by FROM v2_job WHERE id = $1 AND workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "created_by",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "002d68d7c4437522a6dae95af007a356217bbae06b8453f0c32046f0cbf20dcb"
+}
--- a/backend/.sqlx/query-00c1dd0cfaf15aafdcfcabc1f123cebdf8d777f48e148bcb171fa15e8bf6f098.json
+++ b/backend/.sqlx/query-00c1dd0cfaf15aafdcfcabc1f123cebdf8d777f48e148bcb171fa15e8bf6f098.json
@@ -0,0 +1,58 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT\n            workspace.id AS \"id!\",\n            workspace.name AS \"name!\",\n            workspace.owner AS \"owner!\",\n            workspace.deleted AS \"deleted!\",\n            workspace.premium AS \"premium!\",\n            workspace_settings.color AS \"color\",\n            workspace.parent_workspace_id AS \"parent_workspace_id\"\n        FROM workspace\n        LEFT JOIN workspace_settings ON workspace.id = workspace_settings.workspace_id\n        WHERE workspace.id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id!",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "name!",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "owner!",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 3,
+        "name": "deleted!",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 4,
+        "name": "premium!",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 5,
+        "name": "color",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 6,
+        "name": "parent_workspace_id",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "00c1dd0cfaf15aafdcfcabc1f123cebdf8d777f48e148bcb171fa15e8bf6f098"
+}
--- a/backend/.sqlx/query-020c031c3de6c85577e30421ada9d39a5a47ca1b6cf3dbfd6988aa0694d7364c.json
+++ b/backend/.sqlx/query-020c031c3de6c85577e30421ada9d39a5a47ca1b6cf3dbfd6988aa0694d7364c.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT value FROM variable WHERE path = $1 AND workspace_id = $2 AND is_secret = true",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "value",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "020c031c3de6c85577e30421ada9d39a5a47ca1b6cf3dbfd6988aa0694d7364c"
+}
--- a/backend/.sqlx/query-023555d33652d40fa381b1baaae6b319c4bac92cb2d90bb4ffd08e25f4a4d18b.json
+++ b/backend/.sqlx/query-023555d33652d40fa381b1baaae6b319c4bac92cb2d90bb4ffd08e25f4a4d18b.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM v2_job WHERE workspace_id = $1 AND id = ANY($2)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "UuidArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "023555d33652d40fa381b1baaae6b319c4bac92cb2d90bb4ffd08e25f4a4d18b"
+}
--- a/backend/.sqlx/query-02fdd7b94e6b6c9bb7985dfeb2082655d08946206dcfb25158c10f78619cf7fc.json
+++ b/backend/.sqlx/query-02fdd7b94e6b6c9bb7985dfeb2082655d08946206dcfb25158c10f78619cf7fc.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM v2_job_status WHERE id = ANY($1)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "UuidArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "02fdd7b94e6b6c9bb7985dfeb2082655d08946206dcfb25158c10f78619cf7fc"
+}
--- a/backend/.sqlx/query-034a8519198daf30e0eb8a74ed92f896c83bb39e1cb52fe3c29c1a224c3859c2.json
+++ b/backend/.sqlx/query-034a8519198daf30e0eb8a74ed92f896c83bb39e1cb52fe3c29c1a224c3859c2.json
@@ -0,0 +1,19 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE workspace_diff SET has_changes = true, exists_in_source = $5, exists_in_fork = $6\n                    WHERE path = $3 AND kind = $4 AND (\n                        (source_workspace_id = $1 AND fork_workspace_id = $2)\n                        OR (source_workspace_id = $2 AND fork_workspace_id =$1)\n                    )",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        "Text",
+        "Text",
+        "Bool",
+        "Bool"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "034a8519198daf30e0eb8a74ed92f896c83bb39e1cb52fe3c29c1a224c3859c2"
+}
--- a/backend/.sqlx/query-03669873e4e3b22c737d5170821f677925474aad885bf1c0780bdb978225517e.json
+++ b/backend/.sqlx/query-03669873e4e3b22c737d5170821f677925474aad885bf1c0780bdb978225517e.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE schedule SET enabled = false WHERE workspace_id = $1 AND enabled = true RETURNING path",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "03669873e4e3b22c737d5170821f677925474aad885bf1c0780bdb978225517e"
+}
--- a/backend/.sqlx/query-0382065b3dfd78b384e26f81317af91de289f52462e74343770a8b0d47d0577d.json
+++ b/backend/.sqlx/query-0382065b3dfd78b384e26f81317af91de289f52462e74343770a8b0d47d0577d.json
@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO kafka_trigger (\n                workspace_id,\n                path,\n                kafka_resource_path,\n                group_id,\n                topics,\n                script_path,\n                is_flow,\n                enabled,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, now(), $11, $12, $13\n            )\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "VarcharArray",
-        "Varchar",
-        "Bool",
-        "Bool",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Jsonb",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "0382065b3dfd78b384e26f81317af91de289f52462e74343770a8b0d47d0577d"
-}
--- a/backend/.sqlx/query-04362a55081f7a98bca8fe4db0669939da8944711037957664cc2989b239c9d1.json
+++ b/backend/.sqlx/query-04362a55081f7a98bca8fe4db0669939da8944711037957664cc2989b239c9d1.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO tutorial_progress (email, progress, skipped_all) VALUES ($2, $1::bigint::bit(64), $3) ON CONFLICT (email) DO UPDATE SET progress = EXCLUDED.progress, skipped_all = EXCLUDED.skipped_all",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Varchar",
+        "Bool"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "04362a55081f7a98bca8fe4db0669939da8944711037957664cc2989b239c9d1"
+}
--- a/backend/.sqlx/query-045b26db0cefe6eaac0e572661d984ff5ce7086ac511e8647e2024d9dbe0af56.json
+++ b/backend/.sqlx/query-045b26db0cefe6eaac0e572661d984ff5ce7086ac511e8647e2024d9dbe0af56.json
@@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO usage (id, is_workspace, month_, usage)\n                    VALUES ($1, FALSE, EXTRACT(YEAR FROM current_date) * 12 + EXTRACT(MONTH FROM current_date), 1)\n                    ON CONFLICT (id, is_workspace, month_) DO UPDATE SET usage = usage.usage + 1",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "045b26db0cefe6eaac0e572661d984ff5ce7086ac511e8647e2024d9dbe0af56"
-}
--- a/backend/.sqlx/query-04ce5c530c80ae6f911dfe0dc9ed7d1a2e10342bbbc7f8486df0b73f5657a493.json
+++ b/backend/.sqlx/query-04ce5c530c80ae6f911dfe0dc9ed7d1a2e10342bbbc7f8486df0b73f5657a493.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) FROM v2_job",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "04ce5c530c80ae6f911dfe0dc9ed7d1a2e10342bbbc7f8486df0b73f5657a493"
+}
--- a/backend/.sqlx/query-052d42b46d5faba6b41f1fdcbf6a012db51b9e5a255ec0da9a8a0999d668d336.json
+++ b/backend/.sqlx/query-052d42b46d5faba6b41f1fdcbf6a012db51b9e5a255ec0da9a8a0999d668d336.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT COUNT(*) as count FROM variable WHERE is_secret = true AND value != 'CLEARED'",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "count",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "052d42b46d5faba6b41f1fdcbf6a012db51b9e5a255ec0da9a8a0999d668d336"
+}
--- a/backend/.sqlx/query-05f4663a0f58736e92fe7cbbef3c99a03bc74ab3be1bacdbbf3910a76a1beacc.json
+++ b/backend/.sqlx/query-05f4663a0f58736e92fe7cbbef3c99a03bc74ab3be1bacdbbf3910a76a1beacc.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT name FROM group_ WHERE workspace_id = $1 UNION SELECT name FROM instance_group ORDER BY name desc",
+  "query": "SELECT name FROM group_ WHERE workspace_id = $1 UNION SELECT name FROM instance_group ORDER BY name asc",
  "describe": {
    "columns": [
      {
@@ -18,5 +18,5 @@
      null
    ]
  },
-  "hash": "d814833e31b3b3657c57dde1c8cd21896d6cb8256fe05dd5b0fecb53782956ce"
+  "hash": "05f4663a0f58736e92fe7cbbef3c99a03bc74ab3be1bacdbbf3910a76a1beacc"
 }
--- a/backend/.sqlx/query-0600f2a9179f83502c6b13e8e4284f85ca82636f274f5dce47da5a8320a60088.json
+++ b/backend/.sqlx/query-0600f2a9179f83502c6b13e8e4284f85ca82636f274f5dce47da5a8320a60088.json
@@ -0,0 +1,26 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT workspace_id, path FROM variable WHERE is_secret = true",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "workspace_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "0600f2a9179f83502c6b13e8e4284f85ca82636f274f5dce47da5a8320a60088"
+}
--- a/backend/.sqlx/query-06af027f6ed10200de2006a2fc48771a8f42c28c87b78220eec1bddeae1f648f.json
+++ b/backend/.sqlx/query-06af027f6ed10200de2006a2fc48771a8f42c28c87b78220eec1bddeae1f648f.json
@@ -1,26 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO postgres_trigger (\n                workspace_id,\n                path,\n                postgres_resource_path,\n                replication_slot_name,\n                publication_name,\n                script_path,\n                is_flow,\n                enabled,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, now(), $11, $12, $13\n            )\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Bool",
-        "Bool",
-        "Varchar",
-        "Varchar",
-        "Varchar",
-        "Jsonb",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "06af027f6ed10200de2006a2fc48771a8f42c28c87b78220eec1bddeae1f648f"
-}
--- a/backend/.sqlx/query-08574e8e5dc165041750880fb02e7ffea83ae94a670b598b6dada0b3d0914629.json
+++ b/backend/.sqlx/query-08574e8e5dc165041750880fb02e7ffea83ae94a670b598b6dada0b3d0914629.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM flow_conversation WHERE workspace_id = $1",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "08574e8e5dc165041750880fb02e7ffea83ae94a670b598b6dada0b3d0914629"
+}
--- a/backend/.sqlx/query-085bbcfcebc9e56984295046c48722f3510548eaf525c499ad0e24cdf8332b22.json
+++ b/backend/.sqlx/query-085bbcfcebc9e56984295046c48722f3510548eaf525c499ad0e24cdf8332b22.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT success_handler_extra_args FROM workspace_settings WHERE workspace_id = 'test-workspace'",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "success_handler_extra_args",
+        "type_info": "Json"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "085bbcfcebc9e56984295046c48722f3510548eaf525c499ad0e24cdf8332b22"
+}
--- a/backend/.sqlx/query-086fdf726b88e9f4fd9750bf9dd7f49c589465194548d88e5ae30872846b70a9.json
+++ b/backend/.sqlx/query-086fdf726b88e9f4fd9750bf9dd7f49c589465194548d88e5ae30872846b70a9.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT EXISTS(SELECT 1 FROM flow_conversation WHERE id = $1) as \"exists!\"",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists!",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "086fdf726b88e9f4fd9750bf9dd7f49c589465194548d88e5ae30872846b70a9"
+}
--- a/backend/.sqlx/query-089d7bc7acdbb97cf477159e111bc7e9ee85289ff5c52af43166928337c257e7.json
+++ b/backend/.sqlx/query-089d7bc7acdbb97cf477159e111bc7e9ee85289ff5c52af43166928337c257e7.json
@@ -0,0 +1,45 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT id FROM v2_job\n             WHERE workspace_id = $1\n               AND (kind = 'unassigned_script'::JOB_KIND OR kind = 'unassigned_flow'::JOB_KIND OR kind = 'unassigned_singlestepflow'::JOB_KIND)\n               AND trigger_kind = $2\n               AND trigger = $3",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Uuid"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        {
+          "Custom": {
+            "name": "job_trigger_kind",
+            "kind": {
+              "Enum": [
+                "webhook",
+                "http",
+                "websocket",
+                "kafka",
+                "email",
+                "nats",
+                "schedule",
+                "app",
+                "ui",
+                "postgres",
+                "sqs",
+                "gcp",
+                "mqtt"
+              ]
+            }
+          }
+        },
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "089d7bc7acdbb97cf477159e111bc7e9ee85289ff5c52af43166928337c257e7"
+}
--- a/backend/.sqlx/query-08f288d2781d823e109a9e5b8848234ca7d1efeee9661f3901f298da375e73f7.json
+++ b/backend/.sqlx/query-08f288d2781d823e109a9e5b8848234ca7d1efeee9661f3901f298da375e73f7.json
@@ -167,6 +167,26 @@
        "ordinal": 32,
        "name": "slack_oauth_client_secret",
        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 33,
+        "name": "datatable",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 34,
+        "name": "teams_team_guid",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 35,
+        "name": "success_handler",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 36,
+        "name": "success_handler_extra_args",
+        "type_info": "Json"
      }
    ],
    "parameters": {
@@ -207,6 +227,10 @@
      true,
      true,
      true,
+      true,
+      true,
+      true,
+      true,
      true
    ]
  },
--- a/backend/.sqlx/query-0a1c10bd2232b0770a7816e1bd8d758dc393f797890d597e5996146247f512ac.json
+++ b/backend/.sqlx/query-0a1c10bd2232b0770a7816e1bd8d758dc393f797890d597e5996146247f512ac.json
@@ -1,38 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\nWITH lockable_counters AS (\n    SELECT concurrency_id, job_uuids\n    FROM concurrency_counter\n    WHERE job_uuids != '{}'::jsonb\n    FOR UPDATE SKIP LOCKED\n),\nall_job_uuids AS (\n    SELECT DISTINCT jsonb_object_keys(job_uuids) AS job_uuid\n    FROM lockable_counters\n),\norphaned_job_uuids AS (\n    SELECT job_uuid\n    FROM all_job_uuids\n    WHERE job_uuid NOT IN (\n        SELECT id::text \n        FROM v2_job_queue \n        FOR SHARE SKIP LOCKED\n    )\n),\norphaned_array AS (\n    SELECT ARRAY(SELECT job_uuid FROM orphaned_job_uuids) AS orphaned_keys\n),\nbefore_update AS (\n    SELECT lc.concurrency_id, lc.job_uuids, oa.orphaned_keys\n    FROM lockable_counters lc, orphaned_array oa\n    WHERE lc.job_uuids ?| oa.orphaned_keys\n),\naffected_rows AS (\n    UPDATE concurrency_counter \n    SET job_uuids = job_uuids - orphaned_array.orphaned_keys\n    FROM orphaned_array\n    WHERE concurrency_counter.concurrency_id IN (\n        SELECT concurrency_id FROM before_update\n    )\n    RETURNING concurrency_id, job_uuids AS updated_job_uuids\n),\nexpanded_orphaned AS (\n    SELECT bu.concurrency_id, \n           bu.job_uuids AS original_job_uuids,\n           unnest(bu.orphaned_keys) AS orphaned_key\n    FROM before_update bu\n)\nSELECT \n    eo.concurrency_id,\n    eo.orphaned_key,\n    eo.original_job_uuids,\n    ar.updated_job_uuids\nFROM expanded_orphaned eo\nJOIN affected_rows ar ON eo.concurrency_id = ar.concurrency_id\nWHERE eo.original_job_uuids ? eo.orphaned_key\nORDER BY eo.concurrency_id, eo.orphaned_key\n",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "concurrency_id",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 1,
-        "name": "orphaned_key",
-        "type_info": "Text"
-      },
-      {
-        "ordinal": 2,
-        "name": "original_job_uuids",
-        "type_info": "Jsonb"
-      },
-      {
-        "ordinal": 3,
-        "name": "updated_job_uuids",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": []
-    },
-    "nullable": [
-      false,
-      null,
-      false,
-      false
-    ]
-  },
-  "hash": "0a1c10bd2232b0770a7816e1bd8d758dc393f797890d597e5996146247f512ac"
-}
--- a/backend/.sqlx/query-0a3ee1329fb4f705c0006480d03f299ef549e11a017016924c62c1cab179412c.json
+++ b/backend/.sqlx/query-0a3ee1329fb4f705c0006480d03f299ef549e11a017016924c62c1cab179412c.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE workspace_settings SET datatable = $1 WHERE workspace_id = $2",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Jsonb",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0a3ee1329fb4f705c0006480d03f299ef549e11a017016924c62c1cab179412c"
+}
--- a/backend/.sqlx/query-0b5103497ab09affbdf3793d7d7857807d20645561c178d822ecad779c4f7bf4.json
+++ b/backend/.sqlx/query-0b5103497ab09affbdf3793d7d7857807d20645561c178d822ecad779c4f7bf4.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT value->>'ducklake_user_pg_pwd' FROM global_settings WHERE name = 'ducklake_settings';",
+  "query": "SELECT value->>'user_pwd' FROM global_settings WHERE name = 'custom_instance_pg_databases';",
  "describe": {
    "columns": [
      {
@@ -16,5 +16,5 @@
      null
    ]
  },
-  "hash": "5fdfc9427f455a4c1bc8f6ca41ddfd426bc0c2ac126792c926f3cf1182ded981"
+  "hash": "0b5103497ab09affbdf3793d7d7857807d20645561c178d822ecad779c4f7bf4"
 }
--- a/backend/.sqlx/query-0b8e5fe95f4a2855678ca041b50405b698a368626da42dd9f4ce9d0681d016a1.json
+++ b/backend/.sqlx/query-0b8e5fe95f4a2855678ca041b50405b698a368626da42dd9f4ce9d0681d016a1.json
@@ -0,0 +1,59 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT path, kind, ahead, behind, has_changes, exists_in_source, exists_in_fork FROM workspace_diff\n        WHERE source_workspace_id = $1 AND fork_workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "kind",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "ahead",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 3,
+        "name": "behind",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 4,
+        "name": "has_changes",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 5,
+        "name": "exists_in_source",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 6,
+        "name": "exists_in_fork",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      true,
+      true,
+      true
+    ]
+  },
+  "hash": "0b8e5fe95f4a2855678ca041b50405b698a368626da42dd9f4ce9d0681d016a1"
+}
--- a/backend/.sqlx/query-0c0f3909b80c35210fc64c685905308621f9135c2c45a2fa0531ea750387da1f.json
+++ b/backend/.sqlx/query-0c0f3909b80c35210fc64c685905308621f9135c2c45a2fa0531ea750387da1f.json
@@ -1,25 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            SELECT \n                CASE \n                    WHEN flow_version.id IS NOT NULL THEN\n                        (flow_version.value -> 'flow_env' -> $3) #> $4\n                    ELSE\n                        (root_job.raw_flow -> 'flow_env' -> $3) #> $4\n                END AS \"flow_env: sqlx::types::Json<Box<RawValue>>\"\n            FROM \n                v2_job current_job\n            JOIN \n                v2_job root_job ON root_job.id = COALESCE(current_job.root_job, current_job.flow_innermost_root_job, current_job.parent_job, current_job.id)\n                AND root_job.workspace_id = current_job.workspace_id\n            LEFT JOIN\n                flow_version ON flow_version.id = root_job.runnable_id\n                AND flow_version.path = root_job.runnable_path\n                AND flow_version.workspace_id = root_job.workspace_id\n           WHERE \n                current_job.id = $1 AND \n                current_job.workspace_id = $2",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "flow_env: sqlx::types::Json<Box<RawValue>>",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text",
-        "Text",
-        "TextArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0c0f3909b80c35210fc64c685905308621f9135c2c45a2fa0531ea750387da1f"
-}
--- a/backend/.sqlx/query-0c89ef278782f5a72b0b07ab3ba0edc487f03edd61936fcf77dee93fb22839ea.json
+++ b/backend/.sqlx/query-0c89ef278782f5a72b0b07ab3ba0edc487f03edd61936fcf77dee93fb22839ea.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT jsonb_build_object(\n                'kind', jb.kind,\n                'script_path', jb.runnable_path,\n                'latest_schema', COALESCE(\n                    (SELECT DISTINCT ON (s.path) s.schema FROM script s WHERE s.workspace_id = $1 AND s.path = jb.runnable_path AND jb.kind = 'script' ORDER BY s.path, s.created_at DESC),\n                    (SELECT flow_version.schema FROM flow LEFT JOIN flow_version ON flow_version.id = flow.versions[array_upper(flow.versions, 1)] WHERE flow.workspace_id = $1 AND flow.path = jb.runnable_path AND jb.kind = 'flow')\n                ),\n                'schemas', ARRAY(\n                    SELECT jsonb_build_object(\n                        'script_hash', LPAD(TO_HEX(COALESCE(s.hash, f.id)), 16, '0'),\n                        'job_ids', ARRAY_AGG(DISTINCT j.id),\n                        'schema', (ARRAY_AGG(COALESCE(s.schema, f.schema)))[1]\n                    ) FROM v2_job j\n                    LEFT JOIN script s ON s.hash = j.runnable_id AND j.kind = 'script'\n                    LEFT JOIN flow_version f ON f.id = j.runnable_id AND j.kind = 'flow'\n                    WHERE j.id = ANY(ARRAY_AGG(jb.id))\n                    GROUP BY COALESCE(s.hash, f.id)\n                )\n            ) FROM v2_job jb\n            WHERE (jb.kind = 'flow' OR jb.kind = 'script')\n                AND jb.workspace_id = $1 AND jb.id = ANY($2)\n            GROUP BY jb.kind, jb.runnable_path",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "jsonb_build_object",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "UuidArray"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "0c89ef278782f5a72b0b07ab3ba0edc487f03edd61936fcf77dee93fb22839ea"
+}
--- a/backend/.sqlx/query-0c8a3eb810c96230ba3a5466c55bf24a94eb8a52ceb82cc29dade173ad87569d.json
+++ b/backend/.sqlx/query-0c8a3eb810c96230ba3a5466c55bf24a94eb8a52ceb82cc29dade173ad87569d.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT path FROM variable WHERE path = ANY($1) AND workspace_id = $2 AND is_secret = true",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "TextArray",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "0c8a3eb810c96230ba3a5466c55bf24a94eb8a52ceb82cc29dade173ad87569d"
+}
--- a/backend/.sqlx/query-0d7c3ebcb37452ffd46916d2c291a6c4f8b3ba7c1b1c671171bb0194dc48e5a1.json
+++ b/backend/.sqlx/query-0d7c3ebcb37452ffd46916d2c291a6c4f8b3ba7c1b1c671171bb0194dc48e5a1.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT j.created_by AS \"created_by!\", CONCAT(coalesce(job_logs.logs, '')) as logs, coalesce(job_logs.log_offset, 0) as log_offset, job_logs.log_file_index\n            FROM v2_job j\n            LEFT JOIN job_logs ON job_logs.job_id = j.id\n            WHERE j.id = $1 AND j.workspace_id = $2 AND ($3::text[] IS NULL OR j.tag = ANY($3))",
+  "query": "SELECT j.created_by AS \"created_by!\", CONCAT(coalesce(job_logs.logs, '')) as logs, coalesce(job_logs.log_offset, 0) as log_offset, job_logs.log_file_index\n                FROM v2_job j\n                LEFT JOIN job_logs ON job_logs.job_id = j.id\n                WHERE j.id = $1 AND j.workspace_id = $2 AND ($3::text[] IS NULL OR j.tag = ANY($3))",
  "describe": {
    "columns": [
      {
@@ -38,5 +38,5 @@
      true
    ]
  },
-  "hash": "37285436c16684449b33810d97d0a2611dab30faff2891fc3a7f00ee8c120950"
+  "hash": "0d7c3ebcb37452ffd46916d2c291a6c4f8b3ba7c1b1c671171bb0194dc48e5a1"
 }
--- a/backend/.sqlx/query-0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e.json
+++ b/backend/.sqlx/query-0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e.json
@@ -1,25 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        UPDATE v2_job_status f SET flow_status = JSONB_SET(flow_status,  ARRAY['user_states'], JSONB_SET(COALESCE(flow_status->'user_states', '{}'::jsonb), ARRAY[$1], $2))\n        FROM v2_job j\n        WHERE f.id = $3 AND f.id = j.id AND j.workspace_id = $4 AND kind IN ('flow', 'flowpreview', 'flownode') RETURNING 1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Int4"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Jsonb",
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "0d86a31d7d53e52d24df76fa745d968cda48e036139cdaecf4e87d948f8c365e"
-}
--- a/backend/.sqlx/query-0e621bba5913482b8235d7d8442b8f0e9012c265e150afd4aa41972bf7334ba2.json
+++ b/backend/.sqlx/query-0e621bba5913482b8235d7d8442b8f0e9012c265e150afd4aa41972bf7334ba2.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO deployment_metadata (workspace_id, path, flow_version, job_id)\n         VALUES ($1, $2, $3, $4)\n         ON CONFLICT (workspace_id, path, flow_version) WHERE flow_version IS NOT NULL\n         DO UPDATE SET job_id = EXCLUDED.job_id",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Int8",
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0e621bba5913482b8235d7d8442b8f0e9012c265e150afd4aa41972bf7334ba2"
+}
--- a/backend/.sqlx/query-0e9c3bc8afd819635ff60ed9fb548bbd25e7cf76bdbe06107d82430601c402b7.json
+++ b/backend/.sqlx/query-0e9c3bc8afd819635ff60ed9fb548bbd25e7cf76bdbe06107d82430601c402b7.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT\n                result #> $3 AS \"result: sqlx::types::Json<Box<RawValue>>\",\n                result_columns,\n                created_by AS \"created_by!\"\n            FROM v2_job_completed c\n                JOIN v2_job USING (id)\n            WHERE c.id = $1 AND c.workspace_id = $2 AND ($4::text[] IS NULL OR tag = ANY($4))",
+  "query": "SELECT\n                    result #> $3 AS \"result: sqlx::types::Json<Box<RawValue>>\",\n                    result_columns,\n                    created_by AS \"created_by!\"\n                FROM v2_job_completed c\n                    JOIN v2_job USING (id)\n                WHERE c.id = $1 AND c.workspace_id = $2 AND ($4::text[] IS NULL OR tag = ANY($4))",
  "describe": {
    "columns": [
      {
@@ -33,5 +33,5 @@
      false
    ]
  },
-  "hash": "695a02db2ee43d18fdf139b52eb546cffa44845cd634f188d6619cf39462ca93"
+  "hash": "0e9c3bc8afd819635ff60ed9fb548bbd25e7cf76bdbe06107d82430601c402b7"
 }
--- a/backend/.sqlx/query-0f58d4e7e6f3e962e8a86a2d9feb921c308b6a047530eccd8966513ffdc722d0.json
+++ b/backend/.sqlx/query-0f58d4e7e6f3e962e8a86a2d9feb921c308b6a047530eccd8966513ffdc722d0.json
@@ -0,0 +1,47 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            UPDATE workspace_dependencies\n            SET archived = true\n            WHERE name IS NOT DISTINCT FROM $1 AND workspace_id = $2 AND archived = false AND language = $3\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        {
+          "Custom": {
+            "name": "script_lang",
+            "kind": {
+              "Enum": [
+                "python3",
+                "deno",
+                "go",
+                "bash",
+                "postgresql",
+                "nativets",
+                "bun",
+                "mysql",
+                "bigquery",
+                "snowflake",
+                "graphql",
+                "powershell",
+                "mssql",
+                "php",
+                "bunnative",
+                "rust",
+                "ansible",
+                "csharp",
+                "oracledb",
+                "nu",
+                "java",
+                "duckdb",
+                "ruby"
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0f58d4e7e6f3e962e8a86a2d9feb921c308b6a047530eccd8966513ffdc722d0"
+}
--- a/backend/.sqlx/query-0f689b9bd1c9a24f3c6cdafef0215f102122665bc3cc15718831b991052b4caf.json
+++ b/backend/.sqlx/query-0f689b9bd1c9a24f3c6cdafef0215f102122665bc3cc15718831b991052b4caf.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM workspace_diff WHERE path = $3 AND kind = $4 AND (\n                        (source_workspace_id = $1 AND fork_workspace_id = $2)\n                        OR (source_workspace_id = $2 AND fork_workspace_id =$1)\n                    )",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "0f689b9bd1c9a24f3c6cdafef0215f102122665bc3cc15718831b991052b4caf"
+}
--- a/backend/.sqlx/query-10a40902f5aba38aea23f2b0776b54752362c9cc7deb179f75c7f1795866d13a.json
+++ b/backend/.sqlx/query-10a40902f5aba38aea23f2b0776b54752362c9cc7deb179f75c7f1795866d13a.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT success_handler FROM workspace_settings WHERE workspace_id = 'test-workspace'",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "success_handler",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "10a40902f5aba38aea23f2b0776b54752362c9cc7deb179f75c7f1795866d13a"
+}
--- a/backend/.sqlx/query-12d69d85e25ffbed2dc37ef0faeb341b037aa66bc198f21fbc8de22e688f3d97.json
+++ b/backend/.sqlx/query-12d69d85e25ffbed2dc37ef0faeb341b037aa66bc198f21fbc8de22e688f3d97.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n                SELECT\n                    result AS \"result: sqlx::types::Json<Box<RawValue>>\",\n                    result_columns,\n                    status = 'success' AS \"success!\"\n                FROM \n                    v2_job_completed\n                WHERE \n                    id = $1 AND \n                    workspace_id = $2\n                ",
+  "query": "\n                    SELECT\n                        result AS \"result: sqlx::types::Json<Box<RawValue>>\",\n                        result_columns,\n                        status = 'success' AS \"success!\"\n                    FROM\n                        v2_job_completed\n                    WHERE\n                        id = $1 AND\n                        workspace_id = $2\n                    ",
  "describe": {
    "columns": [
      {
@@ -31,5 +31,5 @@
      null
    ]
  },
-  "hash": "79d6b757c9556cfcf0c98f52035b5f1a9036b6005764b79c415373a5d39c3211"
+  "hash": "12d69d85e25ffbed2dc37ef0faeb341b037aa66bc198f21fbc8de22e688f3d97"
 }
--- a/backend/.sqlx/query-13aaff548ff7d3bd38c40799958b2892b100a6ca1c99396254e24b981a2bb1c0.json
+++ b/backend/.sqlx/query-13aaff548ff7d3bd38c40799958b2892b100a6ca1c99396254e24b981a2bb1c0.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM job_stats WHERE workspace_id = $1 AND job_id = ANY($2)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "UuidArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "13aaff548ff7d3bd38c40799958b2892b100a6ca1c99396254e24b981a2bb1c0"
+}
--- a/backend/.sqlx/query-140f4ad799fca6c25975a0aca7c9051f0760e22eccdd291c83ed86599ce571cb.json
+++ b/backend/.sqlx/query-140f4ad799fca6c25975a0aca7c9051f0760e22eccdd291c83ed86599ce571cb.json
@@ -1,16 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "INSERT INTO v2_job_status (id, workflow_as_code_status)\n            VALUES ($1, JSONB_SET('{}'::JSONB, array[$2], $3))\n            ON CONFLICT (id) DO UPDATE SET\n                workflow_as_code_status = JSONB_SET(\n                    COALESCE(v2_job_status.workflow_as_code_status, '{}'::JSONB),\n                    array[$2],\n                    $3\n                )",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text",
-        "Jsonb"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "140f4ad799fca6c25975a0aca7c9051f0760e22eccdd291c83ed86599ce571cb"
-}
--- a/backend/.sqlx/query-14276a040cb4db88d71fccdc3579e8c0bb132b70668301b535872d1632753e30.json
+++ b/backend/.sqlx/query-14276a040cb4db88d71fccdc3579e8c0bb132b70668301b535872d1632753e30.json
@@ -0,0 +1,138 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "WITH inserted_job AS (\n            INSERT INTO v2_job (\n                id, -- 1\n                workspace_id, -- 2\n                raw_code, -- 3\n                raw_lock, -- 4\n                raw_flow, -- 5\n                tag, -- 6\n                parent_job, -- 7\n                created_by, -- 8\n                permissioned_as, -- 9\n                runnable_id, -- 10\n                runnable_path, -- 11\n                args, -- 12\n                kind, -- 13\n                trigger, -- 14\n                script_lang, -- 15\n                same_worker, -- 16\n                pre_run_error, -- 17 \n                permissioned_as_email, -- 18\n                visible_to_owner, -- 19\n                flow_innermost_root_job, -- 20\n                root_job, -- 38\n                concurrent_limit, -- 21\n                concurrency_time_window_s, -- 22\n                timeout, -- 23\n                flow_step_id, -- 24\n                cache_ttl, -- 25\n                priority, -- 26\n                trigger_kind, -- 39\n                script_entrypoint_override, -- 12\n                preprocessed -- 27,\n            ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18,\n            $19, $20, $38, $21, $22, $23, $24, $25, $26, $39::job_trigger_kind,\n            ($12::JSONB)->>'_ENTRYPOINT_OVERRIDE', $27)\n        ),\n        inserted_runtime AS (\n            INSERT INTO v2_job_runtime (id, ping) VALUES ($1, null)\n        ),\n        inserted_job_perms AS (\n            INSERT INTO job_perms (job_id, email, username, is_admin, is_operator, folders, groups, workspace_id, end_user_email) \n            values ($1, $32, $33, $34, $35, $36, $37, $2, $41) \n            ON CONFLICT (job_id) DO UPDATE SET email = EXCLUDED.email, username = EXCLUDED.username, is_admin = EXCLUDED.is_admin, is_operator = EXCLUDED.is_operator, folders = EXCLUDED.folders, groups = EXCLUDED.groups, workspace_id = EXCLUDED.workspace_id, end_user_email = EXCLUDED.end_user_email\n        )\n        INSERT INTO v2_job_queue\n            (workspace_id, id, running, scheduled_for, started_at, tag, priority, cache_ignore_s3_path, runnable_settings_handle)\n            VALUES ($2, $1, $28, COALESCE($29, now()), CASE WHEN $27 OR $40 THEN now() END, $30, $31, $42, $43)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Varchar",
+        "Text",
+        "Text",
+        "Jsonb",
+        "Varchar",
+        "Uuid",
+        "Varchar",
+        "Varchar",
+        "Int8",
+        "Varchar",
+        "Jsonb",
+        {
+          "Custom": {
+            "name": "job_kind",
+            "kind": {
+              "Enum": [
+                "script",
+                "preview",
+                "flow",
+                "dependencies",
+                "flowpreview",
+                "script_hub",
+                "identity",
+                "flowdependencies",
+                "http",
+                "graphql",
+                "postgresql",
+                "noop",
+                "appdependencies",
+                "deploymentcallback",
+                "singlestepflow",
+                "flowscript",
+                "flownode",
+                "appscript",
+                "aiagent",
+                "unassigned_script",
+                "unassigned_flow",
+                "unassigned_singlestepflow"
+              ]
+            }
+          }
+        },
+        "Varchar",
+        {
+          "Custom": {
+            "name": "script_lang",
+            "kind": {
+              "Enum": [
+                "python3",
+                "deno",
+                "go",
+                "bash",
+                "postgresql",
+                "nativets",
+                "bun",
+                "mysql",
+                "bigquery",
+                "snowflake",
+                "graphql",
+                "powershell",
+                "mssql",
+                "php",
+                "bunnative",
+                "rust",
+                "ansible",
+                "csharp",
+                "oracledb",
+                "nu",
+                "java",
+                "duckdb",
+                "ruby"
+              ]
+            }
+          }
+        },
+        "Bool",
+        "Text",
+        "Varchar",
+        "Bool",
+        "Uuid",
+        "Int4",
+        "Int4",
+        "Int4",
+        "Varchar",
+        "Int4",
+        "Int2",
+        "Bool",
+        "Bool",
+        "Timestamptz",
+        "Varchar",
+        "Int2",
+        "Varchar",
+        "Varchar",
+        "Bool",
+        "Bool",
+        "JsonbArray",
+        "TextArray",
+        "Uuid",
+        {
+          "Custom": {
+            "name": "job_trigger_kind",
+            "kind": {
+              "Enum": [
+                "webhook",
+                "http",
+                "websocket",
+                "kafka",
+                "email",
+                "nats",
+                "schedule",
+                "app",
+                "ui",
+                "postgres",
+                "sqs",
+                "gcp",
+                "mqtt"
+              ]
+            }
+          }
+        },
+        "Bool",
+        "Varchar",
+        "Bool",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "14276a040cb4db88d71fccdc3579e8c0bb132b70668301b535872d1632753e30"
+}
--- a/backend/.sqlx/query-146f0e42ada3068a5cdae0ffdbb54b63f8c06c9143b16ce399170c1b5a6b911e.json
+++ b/backend/.sqlx/query-146f0e42ada3068a5cdae0ffdbb54b63f8c06c9143b16ce399170c1b5a6b911e.json
@@ -1,21 +1,22 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT path, hash FROM script WHERE workspace_id = $1 AND archived = false AND deleted = false",
+  "query": "SELECT value, is_secret FROM variable WHERE path = $1 AND workspace_id = $2",
  "describe": {
    "columns": [
      {
        "ordinal": 0,
-        "name": "path",
+        "name": "value",
        "type_info": "Varchar"
      },
      {
        "ordinal": 1,
-        "name": "hash",
-        "type_info": "Int8"
+        "name": "is_secret",
+        "type_info": "Bool"
      }
    ],
    "parameters": {
      "Left": [
+        "Text",
        "Text"
      ]
    },
@@ -24,5 +25,5 @@
      false
    ]
  },
-  "hash": "0bcbed8d2a7ad88b809a211a8c13a3d74b8e8141be95cbcd63e227d13091a8dd"
+  "hash": "146f0e42ada3068a5cdae0ffdbb54b63f8c06c9143b16ce399170c1b5a6b911e"
 }
--- a/backend/.sqlx/query-16a67b92dbd32024838983184e6974f2ce577b78decd6b821096c9f2f252ae8b.json
+++ b/backend/.sqlx/query-16a67b92dbd32024838983184e6974f2ce577b78decd6b821096c9f2f252ae8b.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                SELECT ws.datatable->'datatables' AS datatable_name\n                FROM workspace_settings ws\n                WHERE ws.workspace_id = $1\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "datatable_name",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "16a67b92dbd32024838983184e6974f2ce577b78decd6b821096c9f2f252ae8b"
+}
--- a/backend/.sqlx/query-16bc77fd2debbc66187883e48c599aa9d3b280ae792ab2af9bb492c0f6f7c029.json
+++ b/backend/.sqlx/query-16bc77fd2debbc66187883e48c599aa9d3b280ae792ab2af9bb492c0f6f7c029.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n        SELECT parent_job\n        FROM v2_job\n        WHERE id = $1 AND workspace_id = $2\n        ",
+  "query": "\n            SELECT parent_job\n            FROM v2_job\n            WHERE id = $1 AND workspace_id = $2\n            ",
  "describe": {
    "columns": [
      {
@@ -19,5 +19,5 @@
      true
    ]
  },
-  "hash": "8440081df15fa7874dded86b8af572d971d5892b7dd4c8e824b953113bd6c4a9"
+  "hash": "16bc77fd2debbc66187883e48c599aa9d3b280ae792ab2af9bb492c0f6f7c029"
 }
--- a/backend/.sqlx/query-16c96166ffa6b9aec65c6072b204b52b87e3c2f3d76e47eb173fc78721355066.json
+++ b/backend/.sqlx/query-16c96166ffa6b9aec65c6072b204b52b87e3c2f3d76e47eb173fc78721355066.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                    WITH _ AS (\n                        UPDATE debounce_key\n                        SET debounced_times = 0, -- reset debounced_times\n                            first_started_at = now(), -- rest\n                            previous_job_id = NULL\n                        WHERE job_id = $1\n                    )\n                    UPDATE v2_job_debounce_batch                 \n                    SET debounce_batch = nextval('debounce_batch_seq') -- move to new batch\n                    WHERE id = $1\n                        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "16c96166ffa6b9aec65c6072b204b52b87e3c2f3d76e47eb173fc78721355066"
+}
--- a/backend/.sqlx/query-1730f39fd1793d45fbb41b21389c61296a3ff7489ae12f52a19f9543173ac597.json
+++ b/backend/.sqlx/query-1730f39fd1793d45fbb41b21389c61296a3ff7489ae12f52a19f9543173ac597.json
@@ -167,6 +167,26 @@
        "ordinal": 32,
        "name": "slack_oauth_client_secret",
        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 33,
+        "name": "datatable",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 34,
+        "name": "teams_team_guid",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 35,
+        "name": "success_handler",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 36,
+        "name": "success_handler_extra_args",
+        "type_info": "Json"
      }
    ],
    "parameters": {
@@ -207,6 +227,10 @@
      true,
      true,
      true,
+      true,
+      true,
+      true,
+      true,
      true
    ]
  },
--- a/backend/.sqlx/query-18aad20ed9cb2dde46f9d899dc4aa6f80ecf1628bd2c073d7a237dea9b8e0c65.json
+++ b/backend/.sqlx/query-18aad20ed9cb2dde46f9d899dc4aa6f80ecf1628bd2c073d7a237dea9b8e0c65.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT is_secret FROM variable WHERE path = $1 AND workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "is_secret",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "18aad20ed9cb2dde46f9d899dc4aa6f80ecf1628bd2c073d7a237dea9b8e0c65"
+}
--- a/backend/.sqlx/query-19b59c478744d029c6006b01f04243ad2e0aef485a780daea5d76b0be2bb2ea2.json
+++ b/backend/.sqlx/query-19b59c478744d029c6006b01f04243ad2e0aef485a780daea5d76b0be2bb2ea2.json
@@ -0,0 +1,58 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                    SELECT\n                        id,\n                        args as \"args: _\",\n                        created_at\n                    FROM v2_job\n                    WHERE workspace_id = $1\n                      AND (\n                            kind = 'unassigned_script'::JOB_KIND OR\n                            kind = 'unassigned_flow'::JOB_KIND OR\n                            kind = 'unassigned_singlestepflow'::JOB_KIND\n                      )\n                      AND trigger_kind = $2\n                      AND trigger = $3\n                      AND id = ANY($4)\n                ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Uuid"
+      },
+      {
+        "ordinal": 1,
+        "name": "args: _",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 2,
+        "name": "created_at",
+        "type_info": "Timestamptz"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        {
+          "Custom": {
+            "name": "job_trigger_kind",
+            "kind": {
+              "Enum": [
+                "webhook",
+                "http",
+                "websocket",
+                "kafka",
+                "email",
+                "nats",
+                "schedule",
+                "app",
+                "ui",
+                "postgres",
+                "sqs",
+                "gcp",
+                "mqtt"
+              ]
+            }
+          }
+        },
+        "Text",
+        "UuidArray"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      false
+    ]
+  },
+  "hash": "19b59c478744d029c6006b01f04243ad2e0aef485a780daea5d76b0be2bb2ea2"
+}
--- a/backend/.sqlx/query-19cca1d42f37e860dc54470fea8dd9a35c412d82d27ce369ccb0ba38b9791669.json
+++ b/backend/.sqlx/query-19cca1d42f37e860dc54470fea8dd9a35c412d82d27ce369ccb0ba38b9791669.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT app_id, value FROM app_version WHERE id = $1",
+  "query": "SELECT app_id, value, raw_app FROM app_version WHERE id = $1",
  "describe": {
    "columns": [
      {
@@ -12,6 +12,11 @@
        "ordinal": 1,
        "name": "value",
        "type_info": "Json"
+      },
+      {
+        "ordinal": 2,
+        "name": "raw_app",
+        "type_info": "Bool"
      }
    ],
    "parameters": {
@@ -20,9 +25,10 @@
      ]
    },
    "nullable": [
+      false,
      false,
      false
    ]
  },
-  "hash": "ea9bbb972217bab4d7e8f4c08e331899161e80c239d56eb657d73bbf4272939b"
+  "hash": "19cca1d42f37e860dc54470fea8dd9a35c412d82d27ce369ccb0ba38b9791669"
 }
--- a/backend/.sqlx/query-1a85e45df7fec414e3e167bad3472f455571e0dd3006fb717b36dcab36689cca.json
+++ b/backend/.sqlx/query-1a85e45df7fec414e3e167bad3472f455571e0dd3006fb717b36dcab36689cca.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n                UPDATE email_trigger \n                SET \n                    script_path = $1,\n                    path = $2,\n                    is_flow = $3,\n                    edited_by = $4,\n                    email = $5,\n                    edited_at = now(),\n                    error_handler_path = $6,\n                    error_handler_args = $7,\n                    retry = $8\n                WHERE \n                    workspace_id = $9 AND path = $10\n                ",
+  "query": "\n                UPDATE email_trigger \n                SET \n                    script_path = $1,\n                    path = $2,\n                    is_flow = $3,\n                    edited_by = $4,\n                    email = $5,\n                    edited_at = now(),\n                    error_handler_path = $6,\n                    error_handler_args = $7,\n                    retry = $8,\n                    mode = $9\n                WHERE \n                    workspace_id = $10 AND path = $11\n                ",
  "describe": {
    "columns": [],
    "parameters": {
@@ -13,11 +13,23 @@
        "Varchar",
        "Jsonb",
        "Jsonb",
+        {
+          "Custom": {
+            "name": "trigger_mode",
+            "kind": {
+              "Enum": [
+                "enabled",
+                "disabled",
+                "suspended"
+              ]
+            }
+          }
+        },
        "Text",
        "Text"
      ]
    },
    "nullable": []
  },
-  "hash": "acb094aef60bba9083087264d65034fce38417099f15e8312be72a386f10bc1f"
+  "hash": "1a85e45df7fec414e3e167bad3472f455571e0dd3006fb717b36dcab36689cca"
 }
--- a/backend/.sqlx/query-1b4f7485c015338536d781838448c96ce686fce217be21ec15a8900b772f02a3.json
+++ b/backend/.sqlx/query-1b4f7485c015338536d781838448c96ce686fce217be21ec15a8900b772f02a3.json
@@ -0,0 +1,21 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO mcp_oauth_server_code\n         (code, client_id, user_email, workspace_id, scopes, redirect_uri, code_challenge, code_challenge_method)\n         VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "TextArray",
+        "Text",
+        "Varchar",
+        "Varchar"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "1b4f7485c015338536d781838448c96ce686fce217be21ec15a8900b772f02a3"
+}
--- a/backend/.sqlx/query-1bf8dc01326ebf6b8faa04e418b781e37bb9cedd1a89bf71a969b6db8cace48e.json
+++ b/backend/.sqlx/query-1bf8dc01326ebf6b8faa04e418b781e37bb9cedd1a89bf71a969b6db8cace48e.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO nats_trigger (\n                workspace_id,\n                path,\n                nats_resource_path,\n                subjects,\n                stream_name,\n                consumer_name,\n                use_jetstream,\n                script_path,\n                is_flow,\n                enabled,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, now(), $13, $14, $15\n            )\n            ",
+  "query": "\n            INSERT INTO nats_trigger (\n                workspace_id,\n                path,\n                nats_resource_path,\n                subjects,\n                stream_name,\n                consumer_name,\n                use_jetstream,\n                script_path,\n                is_flow,\n                mode,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, now(), $13, $14, $15\n            )\n            ",
  "describe": {
    "columns": [],
    "parameters": {
@@ -14,7 +14,18 @@
        "Bool",
        "Varchar",
        "Bool",
-        "Bool",
+        {
+          "Custom": {
+            "name": "trigger_mode",
+            "kind": {
+              "Enum": [
+                "enabled",
+                "disabled",
+                "suspended"
+              ]
+            }
+          }
+        },
        "Varchar",
        "Varchar",
        "Varchar",
@@ -24,5 +35,5 @@
    },
    "nullable": []
  },
-  "hash": "f28b71a304721643dd90fa468f61f351d6df8282415e54f0ea4f905417657ba8"
+  "hash": "1bf8dc01326ebf6b8faa04e418b781e37bb9cedd1a89bf71a969b6db8cace48e"
 }
--- a/backend/.sqlx/query-1ccc9db6c6cb51bebeb90d003e12c8f7922450515d1eaee8b3abee5b31f72527.json
+++ b/backend/.sqlx/query-1ccc9db6c6cb51bebeb90d003e12c8f7922450515d1eaee8b3abee5b31f72527.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM concurrency_key WHERE ended_at <= now() - ($1::bigint::text || ' s')::interval",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "1ccc9db6c6cb51bebeb90d003e12c8f7922450515d1eaee8b3abee5b31f72527"
+}
--- a/backend/.sqlx/query-1d8c2f54118b352dc13058dbb9b6e3f6ca4961b68d7e409386e655a61c54e0d0.json
+++ b/backend/.sqlx/query-1d8c2f54118b352dc13058dbb9b6e3f6ca4961b68d7e409386e655a61c54e0d0.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT EXISTS(SELECT 1 FROM usr WHERE workspace_id = $1 AND email = $2 AND NOT disabled)",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "1d8c2f54118b352dc13058dbb9b6e3f6ca4961b68d7e409386e655a61c54e0d0"
+}
--- a/backend/.sqlx/query-1de29cdd474cbd61e15b63d111e1c42aefee683e14cc738a809ecca17370e6ee.json
+++ b/backend/.sqlx/query-1de29cdd474cbd61e15b63d111e1c42aefee683e14cc738a809ecca17370e6ee.json
@@ -0,0 +1,29 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT f.lock_error_logs, dm.job_id\n         FROM flow f\n         LEFT JOIN deployment_metadata dm ON f.versions[array_upper(f.versions, 1)] = dm.flow_version\n             AND f.workspace_id = dm.workspace_id AND f.path = dm.path\n         WHERE f.path = $1 AND f.workspace_id = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "lock_error_logs",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 1,
+        "name": "job_id",
+        "type_info": "Uuid"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      true,
+      true
+    ]
+  },
+  "hash": "1de29cdd474cbd61e15b63d111e1c42aefee683e14cc738a809ecca17370e6ee"
+}
--- a/backend/.sqlx/query-1de3e078c108a8a0136fccdf9187cc3500260bac39c7f1dfa05a93628569465b.json
+++ b/backend/.sqlx/query-1de3e078c108a8a0136fccdf9187cc3500260bac39c7f1dfa05a93628569465b.json
@@ -0,0 +1,37 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            INSERT INTO kafka_trigger (\n                workspace_id,\n                path,\n                kafka_resource_path,\n                group_id,\n                topics,\n                script_path,\n                is_flow,\n                mode,\n                edited_by,\n                email,\n                edited_at,\n                error_handler_path,\n                error_handler_args,\n                retry\n            ) VALUES (\n                $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, now(), $11, $12, $13\n            )\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "VarcharArray",
+        "Varchar",
+        "Bool",
+        {
+          "Custom": {
+            "name": "trigger_mode",
+            "kind": {
+              "Enum": [
+                "enabled",
+                "disabled",
+                "suspended"
+              ]
+            }
+          }
+        },
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Jsonb",
+        "Jsonb"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "1de3e078c108a8a0136fccdf9187cc3500260bac39c7f1dfa05a93628569465b"
+}
--- a/backend/.sqlx/query-1e285da98ac08999f0ad489f1b81885d682de0d7c6ff3e09a9fddef8bb682708.json
+++ b/backend/.sqlx/query-1e285da98ac08999f0ad489f1b81885d682de0d7c6ff3e09a9fddef8bb682708.json
@@ -0,0 +1,35 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            SELECT \n                importer_path,\n                importer_kind::text as \"importer_kind!\", -- sqlx thinks this is nullable somehow, so enfore with !\n                array_agg(importer_node_id) as importer_node_ids\n            FROM dependency_map \n            WHERE workspace_id = $1 AND imported_path = $2\n            GROUP BY importer_path, importer_kind\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "importer_path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "importer_kind!",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "importer_node_ids",
+        "type_info": "VarcharArray"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      null,
+      null
+    ]
+  },
+  "hash": "1e285da98ac08999f0ad489f1b81885d682de0d7c6ff3e09a9fddef8bb682708"
+}
--- a/backend/.sqlx/query-1f1e477b27f38f410b7e6f436ced0751f77f9cb41055481bc06af6827d647041.json
+++ b/backend/.sqlx/query-1f1e477b27f38f410b7e6f436ced0751f77f9cb41055481bc06af6827d647041.json
@@ -0,0 +1,96 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            SELECT id, content, language AS \"language: ScriptLang\", name, archived, description, workspace_id, created_at\n            FROM workspace_dependencies\n            WHERE id = $1 AND workspace_id = $2\n            LIMIT 1\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "content",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "language: ScriptLang",
+        "type_info": {
+          "Custom": {
+            "name": "script_lang",
+            "kind": {
+              "Enum": [
+                "python3",
+                "deno",
+                "go",
+                "bash",
+                "postgresql",
+                "nativets",
+                "bun",
+                "mysql",
+                "bigquery",
+                "snowflake",
+                "graphql",
+                "powershell",
+                "mssql",
+                "php",
+                "bunnative",
+                "rust",
+                "ansible",
+                "csharp",
+                "oracledb",
+                "nu",
+                "java",
+                "duckdb",
+                "ruby"
+              ]
+            }
+          }
+        }
+      },
+      {
+        "ordinal": 3,
+        "name": "name",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 4,
+        "name": "archived",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 5,
+        "name": "description",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 6,
+        "name": "workspace_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 7,
+        "name": "created_at",
+        "type_info": "Timestamptz"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "1f1e477b27f38f410b7e6f436ced0751f77f9cb41055481bc06af6827d647041"
+}
--- a/backend/.sqlx/query-204998a6136091abe6bb8a503b25dc0d34fc38ee129d736b28219b84e6474229.json
+++ b/backend/.sqlx/query-204998a6136091abe6bb8a503b25dc0d34fc38ee129d736b28219b84e6474229.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n            UPDATE \n                gcp_trigger \n            SET \n                gcp_resource_path = $1,\n                subscription_id = $2,\n                topic_id = $3,\n                delivery_type = $4,\n                delivery_config = $5,\n                is_flow = $6, \n                edited_by = $7, \n                email = $8,\n                script_path = $9,\n                path = $10,\n                enabled = $11,\n                edited_at = now(), \n                error = NULL,\n                server_id = NULL,\n                error_handler_path = $14,\n                error_handler_args = $15,\n                retry = $16,\n                auto_acknowledge_msg = $17,\n                ack_deadline = $18\n            WHERE \n                workspace_id = $12 AND \n                path = $13\n            ",
+  "query": "\n            UPDATE \n                gcp_trigger \n            SET \n                gcp_resource_path = $1,\n                subscription_id = $2,\n                topic_id = $3,\n                delivery_type = $4,\n                delivery_config = $5,\n                is_flow = $6, \n                edited_by = $7, \n                email = $8,\n                script_path = $9,\n                path = $10,\n                mode = $11,\n                edited_at = now(), \n                error = NULL,\n                server_id = NULL,\n                error_handler_path = $14,\n                error_handler_args = $15,\n                retry = $16,\n                auto_acknowledge_msg = $17,\n                ack_deadline = $18\n            WHERE \n                workspace_id = $12 AND \n                path = $13\n            ",
  "describe": {
    "columns": [],
    "parameters": {
@@ -25,7 +25,18 @@
        "Varchar",
        "Varchar",
        "Varchar",
-        "Bool",
+        {
+          "Custom": {
+            "name": "trigger_mode",
+            "kind": {
+              "Enum": [
+                "enabled",
+                "disabled",
+                "suspended"
+              ]
+            }
+          }
+        },
        "Text",
        "Text",
        "Varchar",
@@ -37,5 +48,5 @@
    },
    "nullable": []
  },
-  "hash": "17ca259e1c78e1317fdd19436e15bef428fc4f0d52776d7a5fca64f17225ef30"
+  "hash": "204998a6136091abe6bb8a503b25dc0d34fc38ee129d736b28219b84e6474229"
 }
--- a/backend/.sqlx/query-207a0721b6f0b8b6ddd4120343eba524a2bc1e9047bdde5f568af4d993dbb74c.json
+++ b/backend/.sqlx/query-207a0721b6f0b8b6ddd4120343eba524a2bc1e9047bdde5f568af4d993dbb74c.json
@@ -0,0 +1,25 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        UPDATE\n            flow\n        SET\n            path = $1,\n            summary = $2,\n            description = $3,\n            dependency_job = NULL,\n            lock_error_logs = '',\n            draft_only = NULL,\n            tag = $4,\n            dedicated_worker = $5,\n            visible_to_runner_only = $6,\n            on_behalf_of_email = $7,\n            value = $8,\n            schema = $9::text::json,\n            edited_by = $10,\n            edited_at = now()\n        WHERE\n            path = $11 AND workspace_id = $12",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Text",
+        "Text",
+        "Varchar",
+        "Bool",
+        "Bool",
+        "Text",
+        "Jsonb",
+        "Text",
+        "Varchar",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "207a0721b6f0b8b6ddd4120343eba524a2bc1e9047bdde5f568af4d993dbb74c"
+}
--- a/backend/.sqlx/query-2241ed0c5a47ac715de3ef13a850e514e0fb7b062f4147bffb0e9badfea478d0.json
+++ b/backend/.sqlx/query-2241ed0c5a47ac715de3ef13a850e514e0fb7b062f4147bffb0e9badfea478d0.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "UPDATE v2_job SET workspace_id = $1 WHERE workspace_id = $2",
+  "query": "UPDATE instance_group SET scim_display_name = $1 where id = $2",
  "describe": {
    "columns": [],
    "parameters": {
@@ -11,5 +11,5 @@
    },
    "nullable": []
  },
-  "hash": "4244640e62fffb0f6978f8f7d78291b3294a6a7d1549d752f14acf5972552ba5"
+  "hash": "2241ed0c5a47ac715de3ef13a850e514e0fb7b062f4147bffb0e9badfea478d0"
 }
--- a/backend/.sqlx/query-25cba74bec5959e6752265cd7b6f84846f74d468f0073f02f81122895e86c364.json
+++ b/backend/.sqlx/query-25cba74bec5959e6752265cd7b6f84846f74d468f0073f02f81122895e86c364.json
@@ -1,24 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        SELECT COALESCE(s.flow_status, s.workflow_as_code_status)->'user_states'->$1\n        FROM v2_job_queue q LEFT JOIN v2_job_status s USING (id)\n        WHERE q.id = $2 AND q.workspace_id = $3\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "?column?",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "25cba74bec5959e6752265cd7b6f84846f74d468f0073f02f81122895e86c364"
-}
--- a/backend/.sqlx/query-26761fbd7953416eb391de47b1694e0f4ab2bb96a6d838f1b1fdce4b58a8f5d4.json
+++ b/backend/.sqlx/query-26761fbd7953416eb391de47b1694e0f4ab2bb96a6d838f1b1fdce4b58a8f5d4.json
@@ -1,23 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "SELECT jsonb_build_object(\n            'kind', jb.kind,\n            'script_path', jb.runnable_path,\n            'latest_schema', COALESCE(\n                (SELECT DISTINCT ON (s.path) s.schema FROM script s WHERE s.workspace_id = $1 AND s.path = jb.runnable_path AND jb.kind = 'script' ORDER BY s.path, s.created_at DESC),\n                (SELECT flow_version.schema FROM flow LEFT JOIN flow_version ON flow_version.id = flow.versions[array_upper(flow.versions, 1)] WHERE flow.workspace_id = $1 AND flow.path = jb.runnable_path AND jb.kind = 'flow')\n            ),\n            'schemas', ARRAY(\n                SELECT jsonb_build_object(\n                    'script_hash', LPAD(TO_HEX(COALESCE(s.hash, f.id)), 16, '0'),\n                    'job_ids', ARRAY_AGG(DISTINCT j.id),\n                    'schema', (ARRAY_AGG(COALESCE(s.schema, f.schema)))[1]\n                ) FROM v2_job j\n                LEFT JOIN script s ON s.hash = j.runnable_id AND j.kind = 'script'\n                LEFT JOIN flow_version f ON f.id = j.runnable_id AND j.kind = 'flow'\n                WHERE j.id = ANY(ARRAY_AGG(jb.id))\n                GROUP BY COALESCE(s.hash, f.id)\n            )\n        ) FROM v2_job jb\n        WHERE (jb.kind = 'flow' OR jb.kind = 'script')\n            AND jb.workspace_id = $1 AND jb.id = ANY($2)\n        GROUP BY jb.kind, jb.runnable_path",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "jsonb_build_object",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "UuidArray"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "26761fbd7953416eb391de47b1694e0f4ab2bb96a6d838f1b1fdce4b58a8f5d4"
-}
--- a/backend/.sqlx/query-2767ea3f8fa1dc2c7285671560f77ecc71394957d6f87ae52f91c6e31525beef.json
+++ b/backend/.sqlx/query-2767ea3f8fa1dc2c7285671560f77ecc71394957d6f87ae52f91c6e31525beef.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "SELECT value->'instance_catalog_db_status' FROM global_settings WHERE name = 'ducklake_settings'",
+  "query": "SELECT value->'databases' FROM global_settings WHERE name = 'custom_instance_pg_databases'",
  "describe": {
    "columns": [
      {
@@ -16,5 +16,5 @@
      null
    ]
  },
-  "hash": "73c1c88bdf26ea0559b83314fed7a67d850e4e4dd60f4424ffb0b6f472acc8d5"
+  "hash": "2767ea3f8fa1dc2c7285671560f77ecc71394957d6f87ae52f91c6e31525beef"
 }
--- a/backend/.sqlx/query-27a54f8188c25c2c089c818a991ca1c092f67227be217161d6e6617ddbf77b32.json
+++ b/backend/.sqlx/query-27a54f8188c25c2c089c818a991ca1c092f67227be217161d6e6617ddbf77b32.json
@@ -1,133 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "select hash, tag, concurrency_key, concurrent_limit, concurrency_time_window_s, debounce_key, debounce_delay_s, cache_ttl, language as \"language: ScriptLang\", dedicated_worker, priority, timeout, on_behalf_of_email, created_by FROM script\n             WHERE path = $1 AND workspace_id = $2 AND archived = false AND (lock IS NOT NULL OR $3 = false)\n             ORDER BY created_at DESC LIMIT 1",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "hash",
-        "type_info": "Int8"
-      },
-      {
-        "ordinal": 1,
-        "name": "tag",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 2,
-        "name": "concurrency_key",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 3,
-        "name": "concurrent_limit",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 4,
-        "name": "concurrency_time_window_s",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 5,
-        "name": "debounce_key",
-        "type_info": "Varchar"
-      },
-      {
-        "ordinal": 6,
-        "name": "debounce_delay_s",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 7,
-        "name": "cache_ttl",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 8,
-        "name": "language: ScriptLang",
-        "type_info": {
-          "Custom": {
-            "name": "script_lang",
-            "kind": {
-              "Enum": [
-                "python3",
-                "deno",
-                "go",
-                "bash",
-                "postgresql",
-                "nativets",
-                "bun",
-                "mysql",
-                "bigquery",
-                "snowflake",
-                "graphql",
-                "powershell",
-                "mssql",
-                "php",
-                "bunnative",
-                "rust",
-                "ansible",
-                "csharp",
-                "oracledb",
-                "nu",
-                "java",
-                "duckdb",
-                "ruby"
-              ]
-            }
-          }
-        }
-      },
-      {
-        "ordinal": 9,
-        "name": "dedicated_worker",
-        "type_info": "Bool"
-      },
-      {
-        "ordinal": 10,
-        "name": "priority",
-        "type_info": "Int2"
-      },
-      {
-        "ordinal": 11,
-        "name": "timeout",
-        "type_info": "Int4"
-      },
-      {
-        "ordinal": 12,
-        "name": "on_behalf_of_email",
-        "type_info": "Text"
-      },
-      {
-        "ordinal": 13,
-        "name": "created_by",
-        "type_info": "Varchar"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Text",
-        "Text",
-        "Bool"
-      ]
-    },
-    "nullable": [
-      false,
-      true,
-      true,
-      true,
-      true,
-      true,
-      true,
-      true,
-      false,
-      true,
-      true,
-      true,
-      true,
-      false
-    ]
-  },
-  "hash": "27a54f8188c25c2c089c818a991ca1c092f67227be217161d6e6617ddbf77b32"
-}
--- a/backend/.sqlx/query-285c136fc92ce63417e4c65e657d914a6e158d636b854248e4028ed35326f3c6.json
+++ b/backend/.sqlx/query-285c136fc92ce63417e4c65e657d914a6e158d636b854248e4028ed35326f3c6.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                SELECT\n                    path\n                FROM\n                    flow_version\n                WHERE\n                    id = $1 AND\n                    workspace_id = $2\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "285c136fc92ce63417e4c65e657d914a6e158d636b854248e4028ed35326f3c6"
+}
--- a/backend/.sqlx/query-28a6766d38539146b6cac9a3dbf0b8592a93b178c7db91f7e4a3c04f7017c539.json
+++ b/backend/.sqlx/query-28a6766d38539146b6cac9a3dbf0b8592a93b178c7db91f7e4a3c04f7017c539.json
@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            SELECT COALESCE(s.flow_status, s.workflow_as_code_status)->'user_states'->$1\n            FROM v2_job_queue q LEFT JOIN v2_job_status s USING (id)\n            WHERE q.id = $2 AND q.workspace_id = $3\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "?column?",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "28a6766d38539146b6cac9a3dbf0b8592a93b178c7db91f7e4a3c04f7017c539"
+}
--- a/backend/.sqlx/query-2922c242228b2188b8abcda02b37d6fd220659dcd9e16d4bb110202321bc06cf.json
+++ b/backend/.sqlx/query-2922c242228b2188b8abcda02b37d6fd220659dcd9e16d4bb110202321bc06cf.json
@@ -0,0 +1,34 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT client_id, client_name, redirect_uris FROM mcp_oauth_server_client WHERE client_id = $1",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "client_id",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "client_name",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "redirect_uris",
+        "type_info": "TextArray"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "2922c242228b2188b8abcda02b37d6fd220659dcd9e16d4bb110202321bc06cf"
+}
--- a/backend/.sqlx/query-29510e633e79d63ec28e8cf0ea5e7c0de3f9874cb4de0945b9b11eb988c5deb6.json
+++ b/backend/.sqlx/query-29510e633e79d63ec28e8cf0ea5e7c0de3f9874cb4de0945b9b11eb988c5deb6.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "UPDATE v2_job_queue SET workspace_id = $1\n         WHERE id IN (\n             SELECT id FROM v2_job_queue\n             WHERE workspace_id = $2\n             AND running = false\n             AND id IN (SELECT id FROM v2_job WHERE workspace_id = $2 AND parent_job IS NULL)\n             FOR UPDATE SKIP LOCKED\n         )",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "29510e633e79d63ec28e8cf0ea5e7c0de3f9874cb4de0945b9b11eb988c5deb6"
+}
--- a/backend/.sqlx/query-2bf89418f30c1a0bf1cfd0d6bbfa2944181187deeadd07a3db9686869f60e0b9.json
+++ b/backend/.sqlx/query-2bf89418f30c1a0bf1cfd0d6bbfa2944181187deeadd07a3db9686869f60e0b9.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO v2_job_status (id, workflow_as_code_status)\n                VALUES ($1, JSONB_SET('{}'::JSONB, array[$2], $3))\n                ON CONFLICT (id) DO UPDATE SET\n                    workflow_as_code_status = JSONB_SET(\n                        COALESCE(v2_job_status.workflow_as_code_status, '{}'::JSONB),\n                        array[$2],\n                        $3\n                    )",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text",
+        "Jsonb"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2bf89418f30c1a0bf1cfd0d6bbfa2944181187deeadd07a3db9686869f60e0b9"
+}
--- a/backend/.sqlx/query-2c0c9312b8b326a3759566059d01c79efee28920a1a5afe2df92043526c1de82.json
+++ b/backend/.sqlx/query-2c0c9312b8b326a3759566059d01c79efee28920a1a5afe2df92043526c1de82.json
@@ -1,20 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        INSERT INTO resume_job\n                    (id, resume_id, job, flow, value, approver, approved)\n             VALUES ($1, $2, $3, $4, $5, $6, $7)\n        ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Int4",
-        "Uuid",
-        "Uuid",
-        "Jsonb",
-        "Varchar",
-        "Bool"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "2c0c9312b8b326a3759566059d01c79efee28920a1a5afe2df92043526c1de82"
-}
--- a/backend/.sqlx/query-2c231a2cd267d8d6d28a22d166a50cc6b4df813a15c613eb1960eff202c517f8.json
+++ b/backend/.sqlx/query-2c231a2cd267d8d6d28a22d166a50cc6b4df813a15c613eb1960eff202c517f8.json
@@ -0,0 +1,21 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "INSERT INTO mcp_oauth_refresh_token\n         (refresh_token, access_token, client_id, user_email, workspace_id, scopes, token_family, expires_at)\n         VALUES ($1, $2, $3, $4, $5, $6, $7, now() + ($8 || ' seconds')::interval)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "Varchar",
+        "TextArray",
+        "Uuid",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2c231a2cd267d8d6d28a22d166a50cc6b4df813a15c613eb1960eff202c517f8"
+}
--- a/backend/.sqlx/query-2c2ed5c91a4893966e94305df8b9f8ac904c8d0781a83fdea66c918320fb5601.json
+++ b/backend/.sqlx/query-2c2ed5c91a4893966e94305df8b9f8ac904c8d0781a83fdea66c918320fb5601.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        UPDATE workspace_settings\n        SET success_handler = NULL\n        WHERE workspace_id = 'test-workspace'\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": []
+  },
+  "hash": "2c2ed5c91a4893966e94305df8b9f8ac904c8d0781a83fdea66c918320fb5601"
+}
--- a/backend/.sqlx/query-2d1ba3c92c0385c530934082284cf548a50d533dc1bef58dfd0ecc163c9920f3.json
+++ b/backend/.sqlx/query-2d1ba3c92c0385c530934082284cf548a50d533dc1bef58dfd0ecc163c9920f3.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT path FROM script\n                     WHERE workspace_id = $1 AND path = ANY($2) AND archived = false",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "TextArray"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "2d1ba3c92c0385c530934082284cf548a50d533dc1bef58dfd0ecc163c9920f3"
+}
--- a/backend/.sqlx/query-2d43c1889b492df6f77380e739e41e20fe6bea0553cc39e30b7aa8ae59963f95.json
+++ b/backend/.sqlx/query-2d43c1889b492df6f77380e739e41e20fe6bea0553cc39e30b7aa8ae59963f95.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        INSERT INTO script (workspace_id, hash, path, content, language, kind, created_by, schema, summary, description, lock)\n        VALUES ('test-workspace', 1234567890, 'f/test/success_handler', $1, 'deno', 'script', 'test-user', '{}', 'Success handler script', 'Handles successful job completions', '')\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2d43c1889b492df6f77380e739e41e20fe6bea0553cc39e30b7aa8ae59963f95"
+}
--- a/backend/.sqlx/query-2d5ff8fc102ae0c452c1f9cd5cd30fd0a3b4e6e746c659da1767edafd139d45e.json
+++ b/backend/.sqlx/query-2d5ff8fc102ae0c452c1f9cd5cd30fd0a3b4e6e746c659da1767edafd139d45e.json
@@ -0,0 +1,35 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT value, is_secret, description\n         FROM variable\n         WHERE workspace_id = $1 AND path = $2",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "value",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "is_secret",
+        "type_info": "Bool"
+      },
+      {
+        "ordinal": 2,
+        "name": "description",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "2d5ff8fc102ae0c452c1f9cd5cd30fd0a3b4e6e746c659da1767edafd139d45e"
+}
--- a/backend/.sqlx/query-2fc0e7e10ba02232dd429cf6fed4de2599ebfd93713f1821cc613f7c69ee7b72.json
+++ b/backend/.sqlx/query-2fc0e7e10ba02232dd429cf6fed4de2599ebfd93713f1821cc613f7c69ee7b72.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "DELETE FROM v2_job_runtime WHERE id = $1",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2fc0e7e10ba02232dd429cf6fed4de2599ebfd93713f1821cc613f7c69ee7b72"
+}
--- a/backend/.sqlx/query-2fcddda99dd0aacf5007ed459cb27caa754424e062427edf5ddcb95f9d96888e.json
+++ b/backend/.sqlx/query-2fcddda99dd0aacf5007ed459cb27caa754424e062427edf5ddcb95f9d96888e.json
@@ -0,0 +1,29 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT path, value FROM variable\n           WHERE path LIKE ('u/' || $1 || '/%')\n           AND workspace_id = $2\n           AND is_secret = true\n           AND value LIKE '$vault:%'",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "path",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 1,
+        "name": "value",
+        "type_info": "Varchar"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "2fcddda99dd0aacf5007ed459cb27caa754424e062427edf5ddcb95f9d96888e"
+}
--- a/backend/.sqlx/query-2fd0d3224382b000028d98b0af4c431d3cadd54cca65d83c1ab7f2d2972e2282.json
+++ b/backend/.sqlx/query-2fd0d3224382b000028d98b0af4c431d3cadd54cca65d83c1ab7f2d2972e2282.json
@@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n            UPDATE\n                http_trigger\n            SET\n                route_path = $1,\n                route_path_key = $2,\n                workspaced_route = $3,\n                wrap_body = $4,\n                raw_string = $5,\n                authentication_resource_path = $6,\n                script_path = $7,\n                path = $8,\n                is_flow = $9,\n                http_method = $10,\n                static_asset_config = $11,\n                edited_by = $12,\n                email = $13,\n                request_type = $14,\n                authentication_method = $15,\n                summary = $16,\n                description = $17,\n                edited_at = now(),\n                is_static_website = $18,\n                error_handler_path = $19,\n                error_handler_args = $20,\n                retry = $21\n            WHERE\n                workspace_id = $22 AND\n                path = $23\n            ",
+  "query": "\n            UPDATE\n                http_trigger\n            SET\n                route_path = $1,\n                route_path_key = $2,\n                workspaced_route = $3,\n                wrap_body = $4,\n                raw_string = $5,\n                authentication_resource_path = $6,\n                script_path = $7,\n                path = $8,\n                is_flow = $9,\n                mode = $10,\n                http_method = $11,\n                static_asset_config = $12,\n                edited_by = $13,\n                email = $14,\n                request_type = $15,\n                authentication_method = $16,\n                summary = $17,\n                description = $18,\n                edited_at = now(),\n                is_static_website = $19,\n                error_handler_path = $20,\n                error_handler_args = $21,\n                retry = $22\n            WHERE\n                workspace_id = $23 AND\n                path = $24\n            ",
  "describe": {
    "columns": [],
    "parameters": {
@@ -14,6 +14,18 @@
        "Varchar",
        "Varchar",
        "Bool",
+        {
+          "Custom": {
+            "name": "trigger_mode",
+            "kind": {
+              "Enum": [
+                "enabled",
+                "disabled",
+                "suspended"
+              ]
+            }
+          }
+        },
        {
          "Custom": {
            "name": "http_method",
@@ -70,5 +82,5 @@
    },
    "nullable": []
  },
-  "hash": "465144ea7e2930203618d9814a3e20c77b4363cf9e7c655d395f3fe40c247f61"
+  "hash": "2fd0d3224382b000028d98b0af4c431d3cadd54cca65d83c1ab7f2d2972e2282"
 }
--- a/Show More
+++ b/Show More